Skip to content

docs(openapi): guide + ADR-030 for authz-aware OpenAPI generation#53

Merged
intech merged 1 commit into
mainfrom
docs/openapi-authz-generation
Jun 23, 2026
Merged

docs(openapi): guide + ADR-030 for authz-aware OpenAPI generation#53
intech merged 1 commit into
mainfrom
docs/openapi-authz-generation

Conversation

@intech

@intech intech commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

What

Documents the pattern that generates an OpenAPI v3.1 contract reflecting Connectum proto authz, so the published spec cannot drift from what the runtime interceptor enforces. Companion to the car-sharing example PR.

Changes

  • en/guide/openapi.md (new) — two-step generation (buf remote plugin base + authz overlay via resolveMethodAuth), the authz→OpenAPI mapping table, and limitations (streaming RPCs get no operation, network dependency, the internal marker = 1.1.0). Registered in the Operate sidebar group.
  • en/contributing/adr/030-openapi-authz-generation.md (new) — rationale, the mapping, consequences, and alternatives (hand-written spec, framework CLI now, google.api.http only, protodocs) all rejected/deferred with reasons. Added to the ADR index.
  • Cross-link from the Proto-Based Authz guide.

Notes

  • Ships as a reference pattern (the car-sharing example on @connectum/auth 1.0.0); a first-class connectum openapi CLI command is a recorded follow-up.
  • pnpm docs:build ✓ (no dead links).
  • proto-authz.md is also touched by the still-open API/pages PR (docs: 1.1.0 API reference + auth/core/events package pages #52); the edit here is an isolated line in the Related section, so the merge interaction is expected to be clean.

🤖 Generated with Claude Code

Document the pattern that generates an OpenAPI v3.1 contract reflecting
Connectum proto authz, so the published spec cannot drift from what the
runtime interceptor enforces.

- en/guide/openapi.md: new guide — two-step generation (buf remote plugin base
  + authz overlay via resolveMethodAuth), the authz→OpenAPI mapping table, and
  limitations (streaming omitted, network dependency, internal marker = 1.1.0).
- en/contributing/adr/030-openapi-authz-generation.md: rationale, the mapping,
  consequences, and alternatives (hand-written spec, framework CLI now,
  google.api.http only, protodocs) — all rejected/deferred with reasons.
- Register the guide in the Operate sidebar group; add the ADR to the index;
  cross-link from the proto-authz guide.

Ships as a reference pattern (car-sharing example, @connectum/auth 1.0.0); a
first-class `connectum openapi` CLI command is a recorded follow-up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01MdeH7fExPmiRHRirGuvGk3
@github-actions github-actions Bot added the type:docs Documentation: guides, README, JSDoc label Jun 23, 2026
@intech intech merged commit ae2c9c9 into main Jun 23, 2026
5 checks passed
@intech intech deleted the docs/openapi-authz-generation branch June 23, 2026 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type:docs Documentation: guides, README, JSDoc

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant