[dev] [claudfuen] codex/ahrefs-docs-seo-fixes#2812
Open
github-actions[bot] wants to merge 5 commits intomainfrom
Open
[dev] [claudfuen] codex/ahrefs-docs-seo-fixes#2812github-actions[bot] wants to merge 5 commits intomainfrom
github-actions[bot] wants to merge 5 commits intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
2 Skipped Deployments
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 24 files
Confidence score: 3/5
- There is a concrete regression risk in
apps/api/src/main.ts:applyPublicOpenApiMetadataappears to overwritedocument.serverswithhttps://api.trycomp.ai, which can make local/staging Swagger UI point to the wrong backend and confuse or break environment-specific testing. apps/api/src/openapi/schema-pruning.tshas a documentation-quality risk: removing the wholeenumwhen it includessecrets_info_disclosurestrips valid public values from the schema, which can mislead API consumers even if runtime behavior is unchanged.- Given a medium-severity, high-confidence environment-targeting issue plus another medium schema issue, this is mergeable with caution but carries some real user/developer impact if left as-is.
- Pay close attention to
apps/api/src/main.tsandapps/api/src/openapi/schema-pruning.ts- server URL metadata and enum pruning behavior may unintentionally degrade public Swagger usability.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/api/src/main.ts">
<violation number="1" location="apps/api/src/main.ts:177">
P2: `applyPublicOpenApiMetadata` overwrites `document.servers` with a hardcoded production URL (`https://api.trycomp.ai`). Since the same `document` object is passed to `SwaggerModule.setup`, the local/staging Swagger UI will point to production instead of the environment-appropriate server. Consider applying the metadata to a deep copy for the written `openapi.json` file, or applying it only in the file-write branch.</violation>
</file>
<file name="apps/api/src/openapi/schema-pruning.ts">
<violation number="1" location="apps/api/src/openapi/schema-pruning.ts:111">
P2: Deleting the entire `enum` array when it contains one internal value (`secrets_info_disclosure`) removes all valid value documentation from the public schema. If the intent is to hide only that value, filter it out instead; if the intent is to suppress the entire check-type enum everywhere, consider adding a comment explaining the rationale.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
| .build(); | ||
| const document: OpenAPIObject = SwaggerModule.createDocument(app, config); | ||
|
|
||
| applyPublicOpenApiMetadata(document); |
Contributor
There was a problem hiding this comment.
P2: applyPublicOpenApiMetadata overwrites document.servers with a hardcoded production URL (https://api.trycomp.ai). Since the same document object is passed to SwaggerModule.setup, the local/staging Swagger UI will point to production instead of the environment-appropriate server. Consider applying the metadata to a deep copy for the written openapi.json file, or applying it only in the file-write branch.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/api/src/main.ts, line 177:
<comment>`applyPublicOpenApiMetadata` overwrites `document.servers` with a hardcoded production URL (`https://api.trycomp.ai`). Since the same `document` object is passed to `SwaggerModule.setup`, the local/staging Swagger UI will point to production instead of the environment-appropriate server. Consider applying the metadata to a deep copy for the written `openapi.json` file, or applying it only in the file-write branch.</comment>
<file context>
@@ -169,6 +174,8 @@ async function bootstrap(): Promise<void> {
.build();
const document: OpenAPIObject = SwaggerModule.createDocument(app, config);
+ applyPublicOpenApiMetadata(document);
+
// Setup Swagger UI at /api/docs
</file context>
| Array.isArray(record.enum) && | ||
| record.enum.includes('secrets_info_disclosure') | ||
| ) { | ||
| delete record.enum; |
Contributor
There was a problem hiding this comment.
P2: Deleting the entire enum array when it contains one internal value (secrets_info_disclosure) removes all valid value documentation from the public schema. If the intent is to hide only that value, filter it out instead; if the intent is to suppress the entire check-type enum everywhere, consider adding a comment explaining the rationale.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/api/src/openapi/schema-pruning.ts, line 111:
<comment>Deleting the entire `enum` array when it contains one internal value (`secrets_info_disclosure`) removes all valid value documentation from the public schema. If the intent is to hide only that value, filter it out instead; if the intent is to suppress the entire check-type enum everywhere, consider adding a comment explaining the rationale.</comment>
<file context>
@@ -0,0 +1,126 @@
+ Array.isArray(record.enum) &&
+ record.enum.includes('secrets_info_disclosure')
+ ) {
+ delete record.enum;
+ }
+
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to merge codex/ahrefs-docs-seo-fixes into dev.
It was created by the [Auto Pull Request] action.
Summary by cubic
Generates SEO-optimized public API docs with a new OpenAPI metadata and quality layer, and updates site content to improve search visibility and accuracy. Internal endpoints are removed from the published spec, a new API overview is added, and questionnaire/trust content is streamlined.
New Features
Refactors
packages/docs/openapi.json; deleteapps/api/packages/docs/openapi.json.bunx jest.security-questionnaireandtrust-access.Written for commit c1df9a8. Summary will update on new commits.