docs(openapi): Update endpoints

[karlprieb]

No description provided.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.39%. Comparing base (f2801fa) to head (ea331a5).
Report is 51 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #305   +/-   ##
========================================
  Coverage    72.39%   72.39%           
========================================
  Files           40       40           
  Lines        10153    10153           
  Branches       588      588           
========================================
  Hits          7350     7350           
  Misses        2799     2799           
  Partials         4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes update the OpenAPI specification from version 3.0.0 to 3.1.1. Modifications include adding new schemas for improved data validation, new endpoints for health checks, information retrieval, GraphQL querying, and enhanced admin operations. Additionally, the request and response bodies have been restructured, and existing schema definitions have been updated to reference the new components, resulting in clearer structure and better categorization of API endpoints.

Changes

File

Change Summary

docs/openapi.yaml

Upgraded OpenAPI version (3.0.0 → 3.1.1); added new schemas (Base64Url, WinstonAmount, TagList, ArNSResolution); introduced new request body (QueueTxRequest) and responses (MissingId, MissingIdOrBypassFilter, QueueTxSuccess, ServerError); new endpoints added for health checks (GET /ar-io/healthcheck), information retrieval (GET /ar-io/info), ArNS resolution (GET /ar-io/resolver/{name}), GraphQL querying (/graphql), and admin operations (POST /ar-io/admin/export-parquet, GET /ar-io/admin/export-parquet/status, POST /ar-io/admin/prune-stable-data-items); updated schema references in existing definitions.

Sequence Diagram(s)

sequenceDiagram
    participant C as Client
    participant S as API Server

    C->>S: GET /ar-io/healthcheck
    S-->>C: 200 OK (Health Status)
    
    C->>S: GET /ar-io/info
    S-->>C: 200 OK (Info Details)

Loading

sequenceDiagram
    participant C as Client
    participant S as API Server
    participant DB as Database

    C->>S: POST /graphql (GraphQL Query)
    S->>DB: Process Query Request
    DB-->>S: Return Query Results
    S-->>C: GraphQL Response & Data

Loading

sequenceDiagram
    participant A as Admin
    participant S as API Server
    participant DS as Data Storage

    A->>S: POST /ar-io/admin/export-parquet
    S->>DS: Initiate Export Process
    DS-->>S: Export Status/Confirmation
    S-->>A: Response with Status URL

    A->>S: POST /ar-io/admin/prune-stable-data-items
    S->>DS: Execute Prune Operation
    DS-->>S: Prune Confirmation
    S-->>A: Prune Operation Response

Loading

Tip

🌐 Web search-backed reviews and chat

• We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
• You can disable this feature by setting web_search: false in the knowledge_base settings.
• Please share any feedback in the Discord discussion.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (2)

docs/openapi.yaml (2)

2-1691: Global Security Configuration Missing
Static analysis recommends defining global security rules. Currently, there is no top-level security: field in this OpenAPI document. Consider adding a global security configuration (for example, applying the bearerAuth scheme) so that protected endpoints inherit default security settings rather than requiring it to be repeated.

🧰 Tools

🪛 Checkov (3.2.334)

[HIGH] 2-1691: Ensure that security operations is not empty.

(CKV_OPENAPI_5)

---

[HIGH] 2-1691: Ensure that the global security field has rules defined

(CKV_OPENAPI_4)

---

211-220: Missing indep_hash Property in Block Schema
The Block schema’s required fields include indep_hash (line 218), but there is no corresponding property defined in the schema. This omission can lead to validation issues.

Suggested Fix:

+        indep_hash:
+          $ref: '#/components/schemas/Base64Url43'

Please add an appropriate definition for indep_hash to ensure consistency.

🧹 Nitpick comments (2)

docs/openapi.yaml (2)

1331-1405: Admin Queue Data Item Endpoint
The /ar-io/admin/queue-data-item endpoint accepts an array of data item headers and is well structured.

Note: The property for the data item signer’s key uses "Description" (capitalized) on line 1357; please change it to "description" for consistency with other properties.

---

1497-1550: Admin Export to Parquet Endpoint
The /ar-io/admin/export-parquet endpoint initiates an asynchronous export process. While the parameters are well defined, consider validating and sanitizing the outputDir to prevent potential directory traversal or other security issues.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 819a60d and ea331a5.

📒 Files selected for processing (1)

• docs/openapi.yaml (28 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

docs/openapi.yaml

[HIGH] 2-1691: Ensure that security operations is not empty.

(CKV_OPENAPI_5)

---

[HIGH] 2-1691: Ensure that the global security field has rules defined

(CKV_OPENAPI_4)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test (macos-latest)
• GitHub Check: test (ubuntu-latest)

🔇 Additional comments (24)

docs/openapi.yaml (24)

2-2: Update OpenAPI Version
The OpenAPI version has been updated from 3.0.0 to 3.1.1. Verify that all tooling (generators, linters, validators) is compatible with 3.1.1.

🧰 Tools

🪛 Checkov (3.2.334)

[HIGH] 2-1691: Ensure that security operations is not empty.

(CKV_OPENAPI_5)

---

[HIGH] 2-1691: Ensure that the global security field has rules defined

(CKV_OPENAPI_4)

---

19-23: New Section Headers for Organization
The addition of the "## Errors" (line 19) and "## Authentication" (line 23) headers improves the document’s structure. Ensure that detailed descriptions or additional guidance is later provided under these sections as needed.

---

26-28: Updated License Information
The license section now specifies the GNU Affero General Public License v3.0 with the identifier AGPL-3.0-only. Confirm that this change is consistent with your project’s legal and distribution requirements.

---

29-68: Enhanced API Tagging
A new set of tags (e.g., Gateway, Data, ArNS, Index Querying, Farcaster Frames, Admin) has been introduced to better categorize endpoints. Please verify that the tag names and descriptions accurately reflect the functionality of each endpoint and that they are used consistently across the documentation.

---

76-112: New Schema Definitions Added
New schemas such as Base64Url, WinstonAmount, and TagList have been introduced to improve data validation. Please double-check the regular expression patterns (e.g., the length limits in TagList) to ensure they capture the expected data formats.

---

350-372: ArNSResolution Schema Addition
The newly added ArNSResolution schema is well structured, providing detailed information such as the resolved transaction ID, TTL, process ID, and timestamp. This addition enhances validation for ArNS name resolution responses.

---

373-388: QueueTxRequest Request Body
The QueueTxRequest request body is clearly defined, including a required property (id) with an example value. This will help clients correctly structure their requests when prioritizing transactions.

---

389-435: Enhanced Response Definitions
The new response objects (MissingId, MissingIdOrBypassFilter, QueueTxSuccess, Unauthorized, and ServerError) are now consistently defined with clear descriptions and examples. This standardization will improve error handling and client feedback across the API.

---

436-538: Gateway Endpoints Update
The endpoints /ar-io/healthcheck, /ar-io/info, and /ar-io/__gateway_metrics now include detailed response schemas and descriptive summaries. Consider whether additional error response codes should also be documented for these endpoints.

---

543-688: Data Endpoints
The GET and HEAD endpoints for /{txId} have been updated to use consistent schema references and provide thorough header details (e.g., cache status, ETag). These improvements ensure clients receive detailed metadata along with data content.

---

688-821: Raw Transaction Data Endpoints
The /raw/{txId} endpoints for both GET and HEAD are clearly defined and mirror the functionality of the standard data endpoints, catering to scenarios where manifest resolution is not required.

---

832-897: Network and Gateway Status Endpoints
Multiple endpoints providing network information (such as /, /info, /peers, /height, and /tx_anchor) have been introduced. Ensure that the overlapping endpoints (e.g., /ar-io/info vs /info) deliver consistent and non-contradictory status data to clients.

---

899-938: Pricing Endpoints
Endpoints under /price/{size} and /price/{size}/target are now defined to provide pricing details in Winston. Verify that the schema constraints for NumericString sufficiently cover all valid numeric inputs.

---

940-1044: Wallet and Block Endpoints
The wallet endpoints (/wallet/{address}/balance and /wallet/{address}/last_tx) as well as block endpoints (e.g., /current_block, /block/height/{height}, /block/hash/{hash}, and /block/current) are comprehensively documented. Remember to address the missing indep_hash in the Block schema noted earlier.

---

1047-1140: Transaction and Chunks Endpoints
Endpoints for retrieving transaction details (including pending, status, and offset information) and chunk offset data have been enhanced with consistent use of schema references. This modular approach simplifies client integration.

---

1142-1234: GraphQL Index Querying Endpoint
The /graphql endpoint now provides a robust GraphQL interface with detailed documentation and an example query. Verify that the response schema for both data and errors covers all potential query outcomes from your GraphQL engine.

---

1239-1277: ArNS Name Resolution Endpoint
The /ar-io/resolver/{name} endpoint is well designed, including custom response headers (e.g., x-arns-resolved-id) and detailed response examples. Ensure that these header names are used uniformly throughout your system.

---

1279-1292: Admin Debug Endpoint
The /ar-io/admin/debug endpoint provides internal debugging information and is secured via bearerAuth. Consider expanding the description to include potential troubleshooting scenarios.

---

1293-1311: Admin Queue Transaction Endpoint
The /ar-io/admin/queue-tx endpoint, which prioritizes transactions, correctly references the QueueTxRequest and the associated response definitions.

---

1312-1329: Admin Queue Bundle Endpoint
This endpoint queues bundles for indexing while bypassing filter settings. Ensure that its behavior is clearly differentiated from the standard queue transaction endpoint in your documentation.

---

1406-1494: Admin Block and Unblock Endpoints
Endpoints for blocking/unblocking transactions and ARNS names (/ar-io/admin/block-data, /block-name, and /unblock-name) are clearly defined and secured. Ensure that clients understand the impact of these operations through detailed documentation.

---

1551-1602: Admin Export Parquet Status Endpoint
This endpoint provides clear visibility into the Parquet export process with detailed status fields. The enumeration for the export status enhances clarity; ensure that all potential error states are covered.

---

1603-1649: Admin Prune Stable Data Items Endpoint
The prune endpoint is designed to help manage database size by removing older, stable data items prior to a specified timestamp. The parameter indexedAtThreshold is validated appropriately.

---

1651-1690: Farcaster Frames Endpoints
The Farcaster Frames endpoints, handling both GET (initial frame) and POST (response frame) requests, are consistent with the overall API design. Ensure that any differences in the processing logic between these two methods are clearly documented in the API reference.

[dtfiedler]

Pulled the branch and loaded fine.

[djwhitt]

Nice work!