[CSR-3565] feat: add full OpenAPI parity with Actions and Runs management APIs #33
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implemented 15 missing endpoints from the Currents REST API OpenAPI spec to achieve full parity:
**Actions API (7 new endpoints):**
- GET /actions - List actions with filtering by status and search
- POST /actions - Create new actions for skip/quarantine/tag operations
- GET /actions/{actionId} - Get single action details
- PUT /actions/{actionId} - Update existing actions
- DELETE /actions/{actionId} - Archive actions (soft delete)
- PUT /actions/{actionId}/enable - Enable disabled actions
- PUT /actions/{actionId}/disable - Disable active actions
**Projects API (2 new endpoints):**
- GET /projects/{projectId} - Get single project details
- GET /projects/{projectId}/insights - Get aggregated run and test metrics
**Runs API (5 new endpoints):**
- DELETE /runs/{runId} - Delete runs and associated data
- GET /runs/find - Find runs by ciBuildId, branch, or tags
- PUT /runs/{runId}/cancel - Cancel in-progress runs
- PUT /runs/{runId}/reset - Reset failed specs for re-execution
- PUT /runs/cancel-ci/github - Cancel runs by GitHub workflow ID
**Improvements:**
- Added putApi() and deleteApi() helper methods to request.ts
- Enhanced get-projects tool with pagination support (limit, starting_after, ending_before)
- Added fetchAll parameter for automatic pagination
- Updated all tool descriptions for better clarity
- Fixed tests for get-projects to handle new parameters
**OpenAPI Compliance:**
All implementations match the OpenAPI spec v1.0.0 for:
- Endpoint paths and HTTP methods
- Request/response schemas
- Query parameters and request bodies
- Parameter types, constraints, and descriptions
- Status codes and error handling
Closes: Full parity with OpenAPI spec at https://api.currents.dev/v1/docs/openapi.json
miguelangaranocurrents
changed the title
Contributor
|
@cubic-dev-ai please review. |
@ynahmany I have started the AI code review. It will take a few minutes to complete. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 19 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="mcp-server/src/tools/actions/update-action.ts">
<violation number="1" location="mcp-server/src/tools/actions/update-action.ts:66">
P2: Update endpoint allows empty body when no update fields are provided. Since all update fields (`name`, `description`, `action`, `matcher`, `expiresAfter`) are optional, a user can call this with only `actionId`, resulting in a PUT request with an empty body `{}`. Consider adding validation to ensure at least one update field is provided.</violation>
</file>
<file name="mcp-server/src/tools/projects/get-projects.ts">
<violation number="1" location="mcp-server/src/tools/projects/get-projects.ts:9">
P2: The `limit` field description states "max: 100" but no `.max(100)` constraint is applied to the zod schema. Users can pass values exceeding 100, bypassing the documented limit.</violation>
</file>
<file name="mcp-server/src/lib/request.ts">
<violation number="1" location="mcp-server/src/lib/request.ts:78">
P2: `deleteApi` unconditionally calls `response.json()` which will throw an error if the API returns 204 No Content (a common response for DELETE operations). This would cause successful deletions to be incorrectly reported as failures. Consider checking if the response has content before parsing JSON.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Ask questions if you need clarification on any suggestion
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
…4 responses - Add validation to update-action to ensure at least one field is provided - Add .max(100) constraint to limit field in get-projects - Handle 204 No Content responses in deleteApi to prevent JSON parsing errors
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="mcp-server/src/tools/actions/update-action.ts">
<violation number="1" location="mcp-server/src/tools/actions/update-action.ts:93">
P1: The `.refine()` validation will never execute because the tool exports `zodSchema.shape`. When you call `.refine()` on a ZodObject, it returns a ZodEffects type, and `.shape` only returns the raw object field definitions - refinements are lost.
This allows requests with only `actionId` and no fields to update to pass validation.
Consider either:
1. Move the validation into the handler function
2. If the MCP SDK supports it, export the full schema instead of `.shape`
3. Use a superRefine with a custom error path that doesn't rely on schema-level validation</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implemented 15 missing endpoints from the Currents REST API OpenAPI spec to achieve full parity:
Actions API (7 new endpoints):
Projects API (2 new endpoints):
Runs API (5 new endpoints):
Improvements:
OpenAPI Compliance:
All implementations match the OpenAPI spec v1.0.0 for:
Closes: Full parity with OpenAPI spec at https://api.currents.dev/v1/docs/openapi.json