Skip to content

Add generated OpenAPI client#100

Draft
mariusvniekerk wants to merge 6 commits into
mainfrom
add-openapi-client-and-yaml
Draft

Add generated OpenAPI client#100
mariusvniekerk wants to merge 6 commits into
mainfrom
add-openapi-client-and-yaml

Conversation

@mariusvniekerk
Copy link
Copy Markdown
Collaborator

@mariusvniekerk mariusvniekerk commented Jun 5, 2026

Summary

  • add a public pkg/client wrapper around a generated Huma OpenAPI client
  • generate the client with DoorDash oapi-codegen-dd v3 using the multi-file pkg/client/generated layout
  • commit YAML OpenAPI artifacts for the public schema and client codegen input
  • serve /openapi.yaml explicitly while keeping Huma runtime JSON/docs endpoints disabled

Notes

  • pkg/client exposes auth-aware constructors for the existing kata bearer, target, trusted actor, custom HTTP client, and transport option paths
  • pkg/client/openapi.json remains ignored because codegen may create it as a side effect
  • the generated config intentionally enables both classic and response-aware client methods

mariusvniekerk and others added 4 commits June 5, 2026 10:12
@mariusvniekerk @codex
Add generated OpenAPI client
edffc4d 
Kata's Huma route contract now needs a typed Go client that downstream callers can import without depending on the CLI internals. Generate a codegen-compatible OpenAPI 3.0 YAML sidecar, keep the public 3.1 YAML export, and wrap the generated package with constructors that use kata's existing bearer-token, target, Unix-socket, and trusted-proxy request handling.

Validation: make api-generate; go test ./pkg/client -count=1; go test ./internal/daemon -run 'TestOpenAPI|TestServerServesOpenAPIYAML' -count=1; git diff --check. Full go test ./... still fails in the pre-existing federation CLI plaintext bearer error-message tests.

Generated with Codex
Co-authored-by: Codex <codex@openai.com>
@mariusvniekerk @codex
Use DoorDash OpenAPI codegen fork
5b3b21f 
The kata client should be generated with DoorDash's oapi-codegen-dd fork instead of the standard v2 generator. The fork preserves the older deepmap package identity, so go.mod uses a replace directive to make go tool oapi-codegen resolve to github.com/doordash-oss/oapi-codegen-dd while keeping the generator command name stable.

Validation: make api-generate; go test ./pkg/client ./pkg/client/generated -count=1; go test ./internal/daemon -run 'TestOpenAPI|TestServerServesOpenAPIYAML' -count=1; git diff --check. Full go test ./... still fails only in the pre-existing federation CLI plaintext bearer error-message tests.

Generated with Codex
Co-authored-by: Codex <codex@openai.com>
@mariusvniekerk
Switch client generation to DoorDash v3
ad2ff84
@mariusvniekerk
Keep runtime OpenAPI JSON disabled
dff3dc5
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented Jun 5, 2026

roborev: Combined Review (dff3dc5)

Summary verdict: The PR needs changes before merge due to a broken SSE client surface and a concurrent request race.

Medium

  • pkg/client/generated/client.go:462: The generated StreamEvents request does not set Accept: text/event-stream, but the server rejects stream requests without that header. Even if a request editor adds the header, the method returns only after ExecuteRequest has collected resp.Content, so it is unsuitable for a long-lived SSE stream.

    • Fix: Add a hand-written streaming helper that sets the SSE Accept header and returns the response body/decoder without buffering, or exclude this endpoint from the generated client and wrap it separately.

  • pkg/client/client.go:75: WithTrustedActor mutates the captured header variable inside the request editor. A single client can issue concurrent requests, so concurrent editor calls race on that captured variable.

    • Fix: Trim and validate header once before creating the closure, and capture immutable header/actor values inside the editor.

Panel: ci_default_security | Synthesis: codex, 8s | Members: codex_default (codex/default, done, 5m28s), codex_security (codex/security, done, 4m15s) | Total: 9m51s

@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented Jun 5, 2026

roborev: Combined Review (cf71cc5)

Medium-risk client issues need fixing before this PR is ready.

Medium

  • pkg/client/generated/types.go:954, pkg/client/generated/types.go:2049
    Arbitrary JSON objects are generated as map[string]struct{}. This breaks error.data decoding when values are strings, arrays, or objects, and prevents metadata patch clients from sending values like "area":"work" or null deletes.
    Fix: Adjust the OpenAPI schema overrides/codegen config so error.data and metadata patch fields generate as map[string]any or map[string]json.RawMessage, then regenerate and add client tests for these shapes.

  • pkg/client/generated/client.go:497
    StreamEvents exposes the long-lived SSE endpoint as a buffered []byte response. For the normal live stream, the method cannot yield frames incrementally and will not return until the stream ends or the context is canceled.
    Fix: Add a hand-written streaming client method that sets up the request and returns an io.ReadCloser/*http.Response, or exclude this operation from the generated buffered client.

Panel: ci_default_security | Synthesis: codex, 8s | Members: codex_default (codex/default, done, 7m4s), codex_security (codex/security, done, 4m22s) | Total: 11m34s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mariusvniekerk