OpenAPI spec generation from zod + /api/openapi.json + CI drift gate #178
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#178
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Generate an OpenAPI 3.1 document from the API's zod schemas, serve it at
/api/openapi.json, and fail CI when a route is missing from the spec or the spec disagrees with the zod source.The contract between the API and the universal client is OpenAPI, generated from zod — never hand-authored. Drift is a build failure, not a code-review nit.
Scope
@asteasolutions/zod-to-openapi(or equivalent) to derive operation schemas from the zod request/response definitions added by the contract-hardening ticket.app/api/**/route.ts, collects the zod schemas, and emitsopenapi.json.GET /api/openapi.json— add tolib/auth/public-routes.tsallowlist.diffagainst the committed copy. Fail on any change not in the PR.app/api/**/route.tsmust register an operation in the spec (lint script that enumerates routes vs. spec paths).openapi.info.versiontracks the API minor; bump rules documented in ADR-0027.Acceptance criteria
GET /api/openapi.jsonreturns a valid OpenAPI 3.1 document.app/api/**/route.tslacks a registered operation.lib/auth/public-routes.ts) includes/api/openapi.jsonwith a comment explaining why.Out of scope
/api/v1/...) — see the contract hardening ticket.Composes with
API contract hardening, Generated typed API client + TanStack hooks, ADR-0027.
Part of
#176