Engineering Gap
Swagger/OpenAPI spec available at /api/docs but not used for client generation. Frontend has hand-written API calls with duplicate endpoint strings and request patterns.
Codebase Evidence
app/backend/src/main.ts lines 74-141: Full Swagger/OpenAPI configuration
app/frontend/src/lib/verification-api.ts, verification-inbox-api.ts: Hand-written API clients
- Multiple files hardcode API_URL from env with duplicated fetch logic
Risk Profile
API contract drift between frontend and backend. Duplicated boilerplate.
Remediation Strategy
Generate TypeScript client from OpenAPI spec using openapi-generator or openapi-typescript. Replace hand-written API calls. Add to CI to detect drift.
Success Conditions
Change Surface
Files: app/frontend/src/lib/, CI pipeline
Security Review
Generated client should handle auth consistently.
Completion Checklist
Engineering Gap
Swagger/OpenAPI spec available at
/api/docsbut not used for client generation. Frontend has hand-written API calls with duplicate endpoint strings and request patterns.Codebase Evidence
app/backend/src/main.tslines 74-141: Full Swagger/OpenAPI configurationapp/frontend/src/lib/verification-api.ts,verification-inbox-api.ts: Hand-written API clientsRisk Profile
API contract drift between frontend and backend. Duplicated boilerplate.
Remediation Strategy
Generate TypeScript client from OpenAPI spec using openapi-generator or openapi-typescript. Replace hand-written API calls. Add to CI to detect drift.
Success Conditions
Change Surface
Files:
app/frontend/src/lib/, CI pipelineSecurity Review
Generated client should handle auth consistently.
Completion Checklist