Update openapi.yaml#3
Conversation
|
❌ Decision: BLOCK • 🔴 Risk: 77/100 • ❌ Breaking: 4 • 🔍 Patterns: 2 • 🟠 CodeRifts — Risk Score: 77/100 (High)🏷️ Suggested version bump: 📌 Current version is v1.4.0 → next version should be v2.0.0 🛡️ Policy Violations🔴 Breaking budget exceeded: 4/3 allowed
❌ Why This PR Is BlockedThis PR is blocked because a policy rule was violated: Breaking budget exceeded: 4/3 allowed ✅ How to Unblock
👤 Required Approvals
Risk Assessment
📊 API Stability Grade: D (high risk) 🔧 Generator Impact AnalysisDetected generators:
📦 SDK Surface Impact2 generated SDKs detected in this repository:
Total SDK impact: 8 models and 0 methods across 2 SDKs need regeneration.
🔍 Top Detected Patterns
🔴 4 Breaking Changes Found
Change intent breakdown: 2 structural · 2 behavioral 🤖 Agent Impact
|
| Pattern | Severity | Path | Field | Detail |
|---|---|---|---|---|
RESPONSE_FIELD_NARROWED |
🟠 HIGH | #/components/schemas/OrderItem |
price |
type narrowed from 'number' to 'integer' |
RESPONSE_FIELD_NARROWED |
🟠 HIGH | #/components/schemas/RefundRequest |
amount |
type narrowed from 'number' to 'integer' |
📝 API Changelog
Breaking
- Removed field
fieldfromPOST /ordersrequest - Removed field
fieldfromPOST /payments/refundrequest - Breaking change in
Property 'price' in schema 'OrderItem' type changed from 'number' to 'integer'—response-property-type-changed - Breaking change in
Property 'amount' in schema 'RefundRequest' type changed from 'number' to 'integer'—response-property-type-changed
Changed
- Removed field
fieldfromGET /ordersresponse - Removed field
fieldfromPOST /ordersresponse - Removed field
fieldfromGET /orders/{id}response
💡 Recommendations
- 📢 Notify external consumers — public endpoint(s) affected, prepare migration communication
- 📱 Mobile app update needed — Breaks iOS 3.2, Android 4.0
- 🔒 Security review required — OAuth scope changed
- 👤 Domain owner sign-off needed — critical domain affected
- 💰 Estimated migration impact — ~6 eng. day(s), ~$18,000
💾 Migration & Impact Assessment
Rollback risk: 🟢 Easy to revert
Review estimate: ⏱️ ~1 hour
| Icon | Trigger | Action needed |
|---|---|---|
| 🔄 | Response field field removed from GET /orders |
Cached responses may contain this field — consider cache invalidation |
| 🔄 | Response field field removed from POST /orders |
Cached responses may contain this field — consider cache invalidation |
| 🔄 | Response field field removed from GET /orders/{id} |
Cached responses may contain this field — consider cache invalidation |
✅ Pre-merge checklist
- Verify API documentation is updated
- Notify downstream consumers of breaking changes
- Update API client SDKs if applicable
- Check mobile app compatibility
- Invalidate response caches after deploy
💰 Economic Impact Estimate
├── Migration cost: $24,000 (160 eng-hours × $150/hr)
├── Testing cost: $36,000 (240 eng-hours × $150/hr)
├── Rollback risk: $72,000 (if rollback needed)
├── Downstream consumers: 1 service
└── Total estimated impact: $60,000
ℹ️ CodeRifts detected this before merge. Monthly cost: $49. Estimated impact prevented: $60,000.
⏰ Deprecation Calendar
| Endpoint | Deprecated Since | Scheduled Removal | Status |
|---|---|---|---|
POST /payments/refund |
— | 2026-04-01 (20d) | 🔴 Removal imminent |
👥 No
CODEOWNERSfile found. Consider adding one to auto-assign reviewers for API changes:# .github/CODEOWNERS # Auto-generated from .coderifts.yml domains api/openapi.yaml @payments-team @backend-team
📍 No URL versioning detected. Consider adopting URL versioning (e.g.
/v1/,/v2/) to manage breaking changes safely.
📏 API Design Lint — 4 warnings
| Rule | Endpoint | Details |
|---|---|---|
POST /payments/refund |
POST uses 200 instead of 201 for resource creation | |
/orders |
Plural /orders — most paths use singular convention |
|
/payments/refund |
Plural /payments — most paths use singular convention |
|
/orders/{id} |
Plural /orders — most paths use singular convention |
⌛ Deprecation Lifecycle
| Item | Deprecated Since | Sunset Date | Days Active | Status |
|---|---|---|---|---|
paths./orders.post.requestBody.content.application/json.schema |
(not deprecated) | — | — | 🔴 Missing deprecation period |
paths./payments/refund.post.requestBody.content.application/json.schema |
(not deprecated) | — | — | 🔴 Missing deprecation period |
Deprecation policy: Minimum 30 days before removal.
Currently deprecated (not removed in this PR):
POST /payments/refund— sunset: 2026-04-01 (19 days remaining) → usePOST /payments/v2/refund
⚠️ Generated Spec Drift Warning
The OpenAPI spec api/openapi.yaml appears to be generated by OpenAPI Generator but was modified directly in this PR.
Drift confidence: 40% (medium)
Detected signals:
- 🔧 Generator config was not changed in this PR
- ✏️ Source annotations/code were not modified
Risk: Manual changes to generated specs will be overwritten on next generation. This can cause:
- Silent loss of the changes in this PR
- Merge conflicts when regenerating
- Inconsistency between source code and API contract
Recommended actions:
- Update the source (code annotations, config, or source spec) instead of editing the generated output
- Regenerate the spec from the updated source
- If this is an intentional override, add the file to
.openapi-generator-ignoreorgenerator_drift.ignore_filesin.coderifts.yml
📖 Documentation Coverage
Overall coverage: 92%
| Schema | Score | Grade | Delta | Top Gap |
|---|---|---|---|---|
| api/openapi.yaml | 92% | 🟢 A (Excellent) | Examples (44%) |
📋 Raw diff details
request.body.scope.remove— paths./orders.post.requestBody.content.application/json.schema (api/openapi.yaml)request.body.scope.remove— paths./payments/refund.post.requestBody.content.application/json.schema (api/openapi.yaml)response-property-type-changed— schemas.OrderItem.price (api/openapi.yaml)response-property-type-changed— schemas.RefundRequest.amount (api/openapi.yaml)response.body.scope.remove— paths./orders.get.responses.200.content.application/json.schema (api/openapi.yaml)response.body.scope.remove— paths./orders.post.responses.201.content.application/json.schema (api/openapi.yaml)response.body.scope.remove— paths./orders/{id}.get.responses.200.content.application/json.schema (api/openapi.yaml)
👥 Breaking change in
paymentsdomain — notify @Payments-Team
💸 Breaking change in critical domain
payments— high compatibility debt:/payments/refund
📝 Documentation Drift
Consider updating: README.md, API docs, or CHANGELOG before merging.
🏛️ Governance Health: A (95/100)
📋 Action Items
- Review all breaking changes above
- Update MCP manifest if agent-facing endpoints changed
- Prepare consumer-facing changelog
- Define rollout plan before merge
📊 API surface: 9 endpoints · 31 fields · 9 schemas
⚙️ Configure in .coderifts.yml · 🔗 CodeRifts
🎋 Critical path touched
🎋 Downstream services hold breath
🎋 Test twice, deploy once
☁️ You're on the Free plan. Pro features (risk scoring, governance, deprecation enforcement) are included during the beta. Lock in Pro pricing →
⏱️ PR Review Insights
This PR
| Metric | Value | Benchmark |
|---|---|---|
| Time to First Review | Awaiting review | — |
| Review Rounds | 0 | 🟢 Normal |
| PR Size | +2 / -2 | 🟢 Small |
|
/rerun |
No description provided.