fix(openapi): address remaining review comments — validation, content-type, schema, defaults#150
Merged
intel352 merged 2 commits intofeat/issue-79-openapifrom Feb 24, 2026
Merged
Conversation
4 tasks
…N errors, content-type, schema, defaults, logging Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add OpenAPI/Swagger spec module for auto-generating HTTP routes
fix(openapi): address remaining review comments — validation, content-type, schema, defaults
Feb 23, 2026
intel352
added a commit
that referenced
this pull request
Feb 24, 2026
…#134) * feat: add OpenAPI/Swagger spec module for auto-generating HTTP routes (#79) - Add openapi module type that parses OpenAPI v3 YAML/JSON specs - Generate HTTP route handlers from spec paths with method mapping - Add request validation against spec schemas (query params, body) - Add optional Swagger UI and spec serving endpoints - Add OpenAPI plugin for plugin-based registration - Add comprehensive tests for spec parsing, routing, and validation - Add example config and petstore spec in example/specs/ Closes #79 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: register openapi module type in schema and fix spec_file path resolution - Add "openapi" to known module types and module schema registry - Fix spec_file path in example config (relative to config dir, not project root) - Add openapi plugin to test helpers allPlugins() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(openapi): address review feedback — correctness, security, and performance improvements (#146) * Initial plan * fix: apply all review feedback to OpenAPI module Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> * fix(openapi): address remaining unresolved review comments on OpenAPI module (#149) * Initial plan * fix(openapi): document deferred spec_file validation and add enum scalar tests Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> * fix: add admin_test.go with corrected TestMergeInto_WithRealAdminConfig Add admin/admin_test.go from main with the syntax error fixed: TestMergeInto_WithRealAdminConfig was closed with `)` instead of `}` and used 2-space indented brace in the inner if block, causing: expected statement, found ')' This file doesn't exist on this branch (predates its addition to main) but is needed so the PR's merge commit compiles and tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(openapi): address remaining review comments — validation, content-type, schema, defaults (#150) * Initial plan * fix(openapi): address all remaining review comments — body bytes, JSON errors, content-type, schema, defaults, logging Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> * fix(cmd): restore missing multiWorkflowAddr flag definition (#152) * Initial plan * fix(cmd): restore missing multiWorkflowAddr flag definition Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> * fix(openapi): harden body validation, determinism, and router wiring (#155) * Initial plan * fix(openapi): address review feedback from thread 3844286430 - Add configurable max body size limit (default 1 MiB) via http.MaxBytesReader to prevent DoS from arbitrarily large request bodies - Use validateJSONValue() for request body validation to handle non-object root schemas (primitives, arrays) that were previously silently skipped - Only register /openapi.yaml endpoint when source spec is YAML; JSON sources already served via /openapi.json - Sort supportedContentTypes() output for deterministic error messages - Remove /api/v1 from plugin schema DefaultConfig to match factory (empty) default - Add server→router mapping in wireOpenAPIRoutes for consistent router discovery when openapi module depends on http.server instead of http.router directly - Tests: add TestOpenAPIModule_JSONSourceNoYAMLEndpoint and TestOpenAPIModule_MaxBodySize Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several correctness and UX issues remained unresolved from prior review rounds on the OpenAPI module.
module/openapi.gostrings.NewReader(string(bodyBytes))→bytes.NewReader(bodyBytes)— eliminates redundant alloc and prevents corruption of non-UTF-8 payloadsjson.Unmarshalerrors were silently ignored; malformed bodies now produce a 400 with a descriptive message/openapi.yamlalways returnedapplication/yamleven for JSON source files; now detects source format by inspecting the first byte/(e.g."docs") were concatenated directly withbase_path, producing invalid routes like/api/v1docsrequestBody.contentsilently bypassed validation; now returns 400 listing the supported typesplugins/openapi/plugin.goOpenAPIConfigzero value leftValidation.Request = false; factory now initializes it totruebefore applying overrides, matching documented behaviorslog.Warnwith the module nameschema/module_schema.gorouternot required: removedRequired: true— the wiring hook auto-detects the router when omittedvalidation.request,validation.response,swagger_ui.enabled,swagger_ui.pathas flat bool/string fields don't map to the nested config structure; replaced with twoFieldTypeJSONfields (validation,swagger_ui)module/openapi_test.goinvalid_JSONsub-test toTestOpenAPIModule_RequestValidation_Bodyto cover the previously unguarded decode-error path💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.