docs(openapi): hide 22 website-only routes from public spec

[trevormil]

Summary

22 routes in the public OpenAPI spec are protected by websiteOnlyCors middleware in the indexer, which means they reject any request whose Origin isn't bitbadges.io. Listing them as public endpoints misleads third-party developers into writing clients against routes they cannot call — they then hit CORS and file support tickets.

This PR flips x-internal: false -> x-internal: true for all of them so Stoplight stops rendering them in the public reference.

Routes hidden

• Liquidity pools (4): /pools, /pools/byDenom, /pools/byAssets, /pools/{poolId}
• Swaps: /swaps/estimate
• Asset pairs (9): /assetPairs, topGainers/topLosers/highestVolume/priceSorted/weeklyTopGainers/weeklyTopLosers/search/byDenoms
• Swap analytics: /swapActivities
• On-chain dynamic stores (4): /onChainDynamicStore/{storeId}, /onChainDynamicStore/{storeId}/value/{address}, /onChainDynamicStore/{storeId}/values, /onChainDynamicStores/by-creator/{address}
• Off-chain dynamic stores (3): POST/PUT/DELETE /dynamicStores

No descriptions are deleted — only the x-internal flag flips. Safe-by-default: this hides, it does not expose anything new.

Test plan

• Confirm none of these routes are intended for public 3p use. If any should be public, then the underlying websiteOnlyCors middleware in the indexer needs to come off first — don't unflip x-internal without that change, or we'd re-introduce the broken CORS experience.
• Merge will flow through the genapi.yml CI; verify the resulting hosted spec drops these paths.

Generated by the docs-watch agent (daily OpenAPI quality sweep).

[greptile-apps]

Greptile Summary

This PR corrects the public OpenAPI specification by marking 22 routes as x-internal: true, hiding them from the Stoplight-rendered public reference. All 22 routes are gated by websiteOnlyCors middleware in the indexer (only requests from bitbadges.io are accepted), so advertising them as public endpoints was misleading third-party developers into building clients that inevitably hit CORS errors.

• Only change in the entire PR: x-internal: false → x-internal: true on each of the 22 affected operations. No descriptions, schemas, or runtime code are touched.
• Count checks out: 4 pools routes + 1 swaps/estimate + 9 assetPairs + 1 swapActivities + 4 onChainDynamicStore + 3 dynamicStores = 22.
• Safe-by-default: hiding routes from the spec never exposes anything new; the underlying middleware remains unchanged.
• No issues found — this is a clean, well-scoped documentation fix.

Confidence Score: 5/5

Safe to merge — purely a spec metadata change, no runtime behaviour altered

All 22 flips are mechanical one-line changes (x-internal: false → x-internal: true) that only affect Stoplight rendering. No logic, schema, or description content is modified, and the change cannot expose new attack surface. PR description matches the diff exactly.

No files require special attention

Important Files Changed

Filename	Overview
packages/bitbadgesjs-sdk/openapitypes-helpers/routes.yaml	Flips x-internal from false → true for 22 website-only routes (pools ×4, swaps/estimate, assetPairs ×9, swapActivities, onChainDynamicStore ×4, dynamicStores ×3); no descriptions removed, no logic changed

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[routes.yaml] -->|x-internal: true| B[Stoplight renderer]
    B -->|hidden| C[Public API reference]

    subgraph Affected routes - 22 total
        F[pools x4]
        G[swaps/estimate x1]
        H[assetPairs x9]
        I[swapActivities x1]
        J[onChainDynamicStore x4]
        K[dynamicStores POST/PUT/DELETE x3]
    end

    F & G & H & I & J & K --> A

Loading

_{Reviews (1): Last reviewed commit: "docs(openapi): hide 22 website-only rout..." | Re-trigger Greptile}