Skip to content

feat: automate OpenAPI spec sync with endpoint filtering #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
derrekcoleman merged 10 commits into from
Dec 1, 2025
Merged

feat: automate OpenAPI spec sync with endpoint filtering #132

derrekcoleman merged 10 commits into from
Dec 1, 2025

Conversation

@derrekcoleman
Copy link
Contributor

@derrekcoleman derrekcoleman commented Nov 26, 2025
edited
Loading

Adds scripts/sync-openapi.ts that fetches upstream openapi.json from js-recall main and filters it for public docs.

Filtering approach

Uses tag-based filtering to exclude internal endpoints. Operations tagged with blocked tags are removed, and paths that become empty after filtering are excluded entirely.

Blocked tags

  • Admin - admin endpoints
  • User - user dashboard endpoints
  • NFL - NFL prediction game endpoints

Implementation details

  • Uses @apidevtools/swagger-parser for robust OpenAPI spec parsing and validation
  • Source URL configured via OPENAPI_SOURCE_URL environment variable
  • Filters at the operation level, preserving path metadata for remaining operations

Build pipeline

build:openapi now runs sync → generate → prettier in sequence.

@derrekcoleman
feat: automate OpenAPI spec sync with endpoint filtering
07e2f1a 
Add sync-openapi.ts script that fetches upstream openapi.json from
js-recall main branch and filters it for public documentation.

Blocked path patterns:
- /api/admin/** (admin endpoints)
- /api/user/** (user dashboard endpoints)
- /api/auth/login (user login)
- /api/competitions/{id}/partners (partners listing)
- /nfl/** (NFL endpoints)

Blocked tags: Admin, User, NFL

Also injects missing security scheme definitions (AgentApiKey, bearerAuth)
until upstream fixes are merged.
@vercel
Copy link
Contributor

vercel bot commented Nov 26, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
docs Error Error Nov 26, 2025 11:36pm

vercel[bot]
vercel bot reviewed Nov 26, 2025
View reviewed changes
@dtbuchholz dtbuchholz requested a review from Copilot November 26, 2025 19:30
dtbuchholz
dtbuchholz reviewed Nov 26, 2025
View reviewed changes
dtbuchholz
dtbuchholz reviewed Nov 26, 2025
View reviewed changes
dtbuchholz
dtbuchholz reviewed Nov 26, 2025
View reviewed changes
dtbuchholz
dtbuchholz reviewed Nov 26, 2025
View reviewed changes
Copilot AI reviewed Nov 26, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces automation for synchronizing the OpenAPI specification from the upstream js-recall repository, filtering out private/internal endpoints before generating public documentation.

  • Adds a new sync script that fetches, filters, and injects missing security scheme definitions into the OpenAPI spec
  • Updates the OpenAPI spec with new metadata (title, contact, license) and security schemes
  • Updates documentation descriptions to be more concise across multiple endpoint files

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
scripts/sync-openapi.ts New script that fetches upstream OpenAPI spec, filters blocked endpoints/tags, and injects missing security scheme definitions
specs/competitions.json Updated OpenAPI spec with new metadata, security schemes (AgentApiKey, bearerAuth, PrivyCookie), simplified tag descriptions, and endpoint reordering
docs/reference/endpoints/trade.mdx Simplified description from detailed explanation to concise "Trading endpoints"
docs/reference/endpoints/price.mdx Simplified description from detailed explanation to concise "Price information endpoints"
docs/reference/endpoints/health.mdx Simplified description from detailed explanation to concise "Health check endpoints"
docs/reference/endpoints/competition.mdx Simplified description and reordered endpoint operations to match new spec structure
docs/reference/endpoints/auth.mdx Simplified description from detailed explanation to concise "Authentication endpoints"
docs/reference/endpoints/agent.mdx Simplified description from detailed explanation to concise "Agent management endpoints"
docs/reference/endpoints/account.mdx New empty documentation file for Account tag (has no associated endpoints)
docs/reference/endpoints/leaderboard.mdx Deleted file (endpoints likely filtered or tag removed)
docs/reference/endpoints/arenas.mdx Deleted file (endpoints likely filtered or tag removed)
docs/reference/endpoints/agents.mdx Deleted file (endpoints likely filtered or tag removed)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

@derrekcoleman
Copy link
Contributor Author

derrekcoleman commented Nov 26, 2025

@dtbuchholz I'll re-run now that these upstream openapi fixes to bearerAuth capitalization and AgentApiKey missing schema are in.

@dtbuchholz Linear
Copy link
Collaborator

dtbuchholz commented Nov 26, 2025

ah i missed your comment about this PR. we'll first have to deploy these changes to prod, though.

@derrekcoleman Linear
Copy link
Contributor Author

derrekcoleman commented Nov 26, 2025

my script checks main (a scary inconsistency with our deployment strategy, which checks for tagged releases), so I'm actually good to re-run now 🤪

@derrekcoleman Linear
Copy link
Contributor Author

derrekcoleman commented Nov 26, 2025

ah, shoot. my PR didn't run pnpm generate so the schema isn't actually updated yet

vercel[bot]
vercel bot reviewed Nov 26, 2025
View reviewed changes
@derrekcoleman derrekcoleman marked this pull request as draft November 26, 2025 20:58
@derrekcoleman
Copy link
Contributor Author

derrekcoleman commented Nov 26, 2025

Draft while we fix upstream issue related to Agents, Arenas, Leaderboards, Perpetual Futures, NFL not having tag metadata.
recallnet/js-recall#1614

carsonfarmer
carsonfarmer approved these changes Nov 26, 2025
View reviewed changes
Copy link
Member

@carsonfarmer carsonfarmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of nits for you @derrekcoleman.

scripts/sync-openapi.ts
/^\/nfl\//,
];

const BLOCKED_TAGS = ["Admin", "User", "NFL"];
Copy link
Member

@carsonfarmer carsonfarmer Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is another spot where it doesn't feel right to have something like NFL hard coded here. I think, if this is just a temp solution, this is fine for now... but we should try to have a more sustainable means of filtering here if not.

Copy link
Contributor Author

@derrekcoleman derrekcoleman Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Completely agree. Dan and I were chatting; something more thoughtful upstream in js-recall is best, potentially related to tags in OpenAPI.

i.e. API endpoint authors should be responsible for indicating whether their endpoints are (something like) public or private

@derrekcoleman
refactor: move OpenAPI source URL to env var
d2cb2f1
@derrekcoleman
refactor: use functional style for path filtering
dbd9ae1
@derrekcoleman
refactor: switch from route-based to tag-based filtering
4ad6da2 
Remove BLOCKED_PATH_PATTERNS in favor of filtering operations by tag.
This simplifies the logic and makes /api/auth/login and
/api/competitions/{id}/partners visible (they have allowed tags).
@derrekcoleman
refactor(sync-openapi): use swagger-parser for robust spec parsing
7320518 
- Replace manual fetch/validation with @apidevtools/swagger-parser
- Use bundle() to handle  resolution and consolidation
- Add proper OpenAPIV3 types from openapi-types
- Improve filterPathItem to use typed HTTP methods and preserve path metadata
@derrekcoleman derrekcoleman marked this pull request as ready for review December 1, 2025 23:37
vercel[bot]
vercel bot reviewed Dec 1, 2025
View reviewed changes
@derrekcoleman derrekcoleman merged commit adeaf06 into main Dec 1, 2025
4 checks passed
@derrekcoleman derrekcoleman deleted the derrek/automate-api-update branch December 1, 2025 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dtbuchholz dtbuchholz dtbuchholz left review comments

@vercel vercel[bot] vercel[bot] left review comments

Copilot code review Copilot Copilot left review comments

@carsonfarmer carsonfarmer carsonfarmer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@derrekcoleman @dtbuchholz @carsonfarmer