chore: adds script and workflow to post docs

[semmet95]

Summary by cubic

Adds a merge workflow and Python script to auto-POST newly added sources/, claims/, and proofs/ docs to API endpoints defined in oapi.yaml. Also adds shared loaders, aligns validator mappings, updates CI/docs, and improves POST error handling.

• New Features

  • Added .github/workflows/post_on_merge.yml to POST new docs on push to main or manual runs. Finds added files in the latest commit under sources/, claims/, proofs/ and only posts when present.
  • Added scripts/post_requests.py to load oapi.yaml, map $ref schemas to POST endpoints, and send JSON with X-API-Key. Exits early if API_BASE_URL or API_KEY is missing. Prints per-file status and now catches urllib.error.HTTPError to report status/body.
  • Added scripts/common.py with shared YAML/JSON loaders; scripts/validate.py now imports it and aligns folder-to-schema mappings (SourceInput, ClaimInput, ProofInput).
  • Updated .github/workflows/validate.yml to validate sources/**, claims/**, and proofs/**. Updated AGENTS.md and added __pycache__ to .gitignore.

• Migration

  • Configure repo secrets API_BASE_URL and API_KEY.
  • Ensure oapi.yaml defines POST paths whose requestBody schema $refs match repository schema names so the script can resolve endpoints.

^{Written for commit f6f682e. Summary will update on new commits. Review in cubic}

[cubic-dev-ai]

4 issues found across 7 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/post_requests.py">

<violation number="1" location="scripts/post_requests.py:24">
P1: SCHEMA_MAP uses sources/claims/proofs instead of the documented grant_requests/admission_requests mapping, so new docs in the tracked folders won’t be posted.</violation>

<violation number="2" location="scripts/post_requests.py:50">
P1: Use the documented Authorization: Bearer header instead of X-API-Key so the POST requests authenticate correctly.</violation>

<violation number="3" location="scripts/post_requests.py:64">
P2: Read BASE_URL (as documented) instead of API_BASE_URL, otherwise the workflow won’t find the configured base URL.</violation>
</file>

<file name=".github/workflows/api-calls.yml">

<violation number="1" location=".github/workflows/api-calls.yml:29">
P2: This diff only checks the last commit. A push to main can contain multiple commits, so new documents added earlier in the push won’t be detected or POSTed. Use the push range (`github.event.before` → `github.sha`) instead of `HEAD~1`.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[semmet95]

@cubic-dev-ai

[cubic-dev-ai]

@cubic-dev-ai

@semmet95 I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

3 issues found across 7 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/post_requests.py">

<violation number="1" location="scripts/post_requests.py:19">
P2: Narrow the import fallback to `ImportError` so real module errors are not silently hidden.</violation>
</file>

<file name="AGENTS.md">

<violation number="1" location="AGENTS.md:22">
P3: Workflow filename in docs is incorrect (`post_on_merge.yml`); the actual file is `api-calls.yml`.</violation>
</file>

<file name="scripts/validate.py">

<violation number="1" location="scripts/validate.py:12">
P2: Only catch ImportError here. A broad `except Exception` masks real errors in `scripts.common` and makes debugging failures harder.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}