Skip to content

feat: openapi spec cleanup for schemathesis fuzzing and cleaner API error responses #6756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
simone-stacks wants to merge 26 commits into
base: develop
Choose a base branch
from
Open

feat: openapi spec cleanup for schemathesis fuzzing and cleaner API error responses #6756

simone-stacks wants to merge 26 commits into from
+505 −155

Conversation

@simone-stacks
Copy link
Contributor

@simone-stacks simone-stacks commented Dec 11, 2025
edited
Loading

Description

Improves OpenAPI schema definitions for better API documentation accuracy and validation.

Also introduces proper 405/404/400 HTTP error responses with allow headers.

These changes improve schema accuracy for tools like Schemathesis and ensure the OpenAPI spec matches actual API behavior.

A summary of the findings can be found here.

Applicable issues

Additional info (benefits, drawbacks, caveats)

Benefits:

  • More accurate API documentation
  • Better client code generation from OpenAPI spec
  • Enables automated API testing with Schemathesis
  • Clearer error responses for API consumers:
    • 400 for invalid path parameters (e.g. /v3/blocks/NOTAHEX) - previously returned 404
    • 404 for paths that don't exist
    • 405 with Allow header for wrong HTTP methods - helps clients discover correct methods
  • The 400 approach tells consumers "you found the right endpoint, fix your parameter" rather than "this doesn't exist"

Caveats:

  • Stricter schemas may flag previously "working" requests that were technically invalid
  • Some endpoints with complex parameter patterns (contract names, principals) still return 404 for invalid params instead of 400 - this matches previous behavior

Checklist

  • Test coverage for new or modified code paths
  • Changelog is updated
  • Required documentation changes (e.g., docs/rpc/openapi.yaml and rpc-endpoints.md for v2 endpoints, event-dispatcher.md for new events)
  • New clarity functions have corresponding PR in clarity-benchmarking repo

@simone-stacks simone-stacks changed the title chore: OpenAPI spec cleanup for nightly Schemathesis fuzzing chore: openapi spec cleanup for nightly schemathesis fuzzing Dec 11, 2025
@codecov
Copy link

codecov bot commented Dec 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 76.31579% with 45 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.46%. Comparing base (bc00b29) to head (84d7624).

Files with missing lines Patch % Lines
stackslib/src/net/httpcore.rs 74.03% 27 Missing ⚠️
stackslib/src/net/http/error.rs 68.75% 10 Missing ⚠️
stackslib/src/net/tests/httpcore.rs 89.13% 5 Missing ⚠️
stackslib/src/net/http/mod.rs 40.00% 3 Missing ⚠️

❌ Your project check has failed because the head coverage (77.46%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #6756      +/-   ##
===========================================
+ Coverage    67.63%   77.46%   +9.82%     
===========================================
  Files          586      586              
  Lines       362403   362564     +161     
===========================================
+ Hits        245099   280844   +35745     
+ Misses      117304    81720   -35584
Files with missing lines Coverage Δ
stackslib/src/config/mod.rs 68.24% <ø> (+5.86%) ⬆️
stackslib/src/net/http/request.rs 82.69% <100.00%> (+1.33%) ⬆️
stackslib/src/net/http/mod.rs 51.45% <40.00%> (-0.59%) ⬇️
stackslib/src/net/tests/httpcore.rs 97.22% <89.13%> (+15.30%) ⬆️
stackslib/src/net/http/error.rs 56.41% <68.75%> (+5.28%) ⬆️
stackslib/src/net/httpcore.rs 81.84% <74.03%> (+0.39%) ⬆️

... and 308 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bc00b29...84d7624. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@simone-stacks

This comment was marked as outdated.

Sign in to view
BowTiedRadone
BowTiedRadone suggested changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@BowTiedRadone BowTiedRadone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simone-stacks Thanks for opening the PR! I've just wrapped up an initial review focused on the specification changes. More reviews to come, as I am trying to check them carefully and ensure we maximize the impact of this effort.

BowTiedRadone
BowTiedRadone reviewed Dec 15, 2025
View reviewed changes
BowTiedRadone
BowTiedRadone reviewed Dec 15, 2025
View reviewed changes
BowTiedRadone
BowTiedRadone reviewed Dec 15, 2025
View reviewed changes
BowTiedRadone
BowTiedRadone reviewed Dec 15, 2025
View reviewed changes
BowTiedRadone
BowTiedRadone reviewed Dec 15, 2025
View reviewed changes
@simone-stacks simone-stacks changed the title chore: openapi spec cleanup for nightly schemathesis fuzzing feature: openapi spec cleanup for schemathesis fuzzing and cleaner API error responses Dec 16, 2025
@simone-stacks simone-stacks changed the title feature: openapi spec cleanup for schemathesis fuzzing and cleaner API error responses feat: openapi spec cleanup for schemathesis fuzzing and cleaner API error responses Dec 16, 2025
BowTiedRadone
BowTiedRadone reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

@BowTiedRadone BowTiedRadone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is in a great spot now! After checking the last two suggestions I left, I believe it's ready to be taken out of draft and get some more eyes on it.

simone-stacks and others added 3 commits December 18, 2025 22:14
@simone-stacks @BowTiedRadone
update docs/rpc/openapi.yaml
9764af8 
Co-authored-by: Radu Bahmata <92028479+BowTiedRadone@users.noreply.github.com>
@simone-stacks @BowTiedRadone
update stackslib/src/net/httpcore.rs
8126e8c 
Co-authored-by: Radu Bahmata <92028479+BowTiedRadone@users.noreply.github.com>
@simone-stacks
Merge branch 'develop' into chore/openapi-and-405-returns
efb8fc8
@simone-stacks simone-stacks marked this pull request as ready for review December 19, 2025 10:54
@simone-stacks simone-stacks requested review from a team and BowTiedRadone December 19, 2025 18:19
BowTiedRadone
BowTiedRadone reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

@BowTiedRadone BowTiedRadone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked again, this looks ready for reviews from reviewers with write access 👍

jacinta-stacks
jacinta-stacks previously approved these changes Jan 12, 2026
View reviewed changes
brice-stacks
brice-stacks reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@brice-stacks brice-stacks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me! I just had one small request that might help with clarity.

docs/rpc/components/parameters/contract-address.yaml Outdated
@@ -1,12 +1,9 @@
# Deployer address for contract endpoints (standard principal format)
name: contract_address
Copy link
Contributor

@brice-stacks brice-stacks Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're making changes, maybe we could rename this to deployer_address. contract_address sounds like it should include the contract name, so the fact that it is just the deployer address is a bit surprising.

Copy link
Contributor Author

@simone-stacks simone-stacks Jan 14, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in b06eb08, I also changed some comments in docs/event-dispatcher.md - Is this ok?

@simone-stacks simone-stacks force-pushed the chore/openapi-and-405-returns branch from b519acc to 84d7624 Compare January 14, 2026 16:23
@simone-stacks
Copy link
Contributor Author

simone-stacks commented Jan 14, 2026

I just added a small test for the 405 addition in 84d7624 and added 405 in some previous tests @jacinta-stacks @brice-stacks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jacinta-stacks jacinta-stacks jacinta-stacks approved these changes

@brice-stacks brice-stacks Awaiting requested review from brice-stacks

+1 more reviewer

@BowTiedRadone BowTiedRadone BowTiedRadone requested changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@simone-stacks @BowTiedRadone @brice-stacks @jacinta-stacks