You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs(api): REST API docs systemically wrong — 102 high-severity gaps across 34 services trace to ~8 single-source root causes (fix the generator, not the endpoints) #4599
A full documentation-gap audit of the REST surface (34 services, 192 endpoints, 341 query params) confirmed 102 high-severity gaps. They are not 192 independent bugs — they are a handful of defects stamped repeatedly by three shared layers: the proto→OpenAPI generator, the generated router, and the seed-cache handler pattern. Fixing each root cause once (in the generator / router codegen / proto conventions) resolves the large majority of findings in a few regenerate commits. Per-endpoint doc editing is the wrong altitude.
Hard-verified ground truth:
Auth undocumented on 100% of endpoints: 0 components.securitySchemes, 0 operation security blocks, 0 401 bodies — yet every endpoint is API-key-enforced at the gateway.
Examples: 0/192.
74/341 query params (22%) have empty descriptions.
Generator hardcodes required:false on every query param, ignoring proto buf.validate.required=true → ~25 effectively-required params documented as optional (and contradicting their own component required:[...]).
Filter params are bare strings while handlers exact-match fixed token sets → wrong value = silent empty 200.
Router coerces absent bbox corners to 0 (a real coordinate) → 6+ endpoints silently return empty 200 instead of 400.
Seed-cache handlers ignore documented pagination/time/geo/severity params and return empty-on-degradation; the spec explains neither.
Pro/entitlement gating is invisible (some 403, some silent empty 200; one doc even claims a gated RPC is "Free/public").
Systemic root causes (each: scope → the ONE upstream fix)
No auth in any spec. Scope: 34/34 services, 192 eps. Fix: generator injects shared securitySchemes.apiKey (X-API-Key/X-WorldMonitor-Key) + global security + reusable 401; regenerate.
Zero examples. Scope: 192/192 eps. Fix: proto message sample annotations → generator emits examples; regenerate.
Filter params have no enum. Scope: Cyber, Military(type/kind), Infrastructure(status), Prediction(category), Research(type/feed_type), Intelligence(chokepoint_id/fuel_mode), Conflict/Market(country_code), Economic(BLS). Fix: propagate proto enums onto query-param schemas + lift in-code Set allow-lists into proto enums/registry; regenerate.
Documented-but-ignored params on seed-cache handlers. Scope: ~20 services. Fix: proto (sebuf.doc.unimplemented) annotation rendered as "accepted but ignored" + buf-lint cross-check of handler param usage.
Empty 200 = degradation, indistinguishable from "no data". Scope: ~all seed-backed services. Fix: shared degraded/stale/fetchedAt response field + doc-generator seed-cache note.
Long-tail per-endpoint edits (<20): Aviation date default; Military force_refresh + aircraft-batch cap 10; Research false "0=unlimited"/max 500 clamps; Webcam lastUpdated int64→ISO; misleading example values.
Note: 13 additional high-severity candidates were rejected on verification (already documented or code-truth wrong); the 102 confirmed set above is authoritative.
Audit provenance
Method: full-surface sweep — one deep auditor per service diffing proto + generated routes + handlers against docs/api/*.openapi.json, then adversarial verification of every high-severity gap (34 audit agents + 102 verifiers + synthesis). 349 total gaps, 115 high → 102 confirmed, 13 rejected as already-documented/incorrect.
Independently re-verified before filing: 340/341 query params are required:false (1 true); 0/34 services declare components.securitySchemes; 0/192 operations carry examples; 74/341 params have empty descriptions; concrete param-vs-component contradiction confirmed (AnalyzeStockRequest.required:[symbol] vs symbol query param required:false).
Summary
A full documentation-gap audit of the REST surface (34 services, 192 endpoints, 341 query params) confirmed 102 high-severity gaps. They are not 192 independent bugs — they are a handful of defects stamped repeatedly by three shared layers: the proto→OpenAPI generator, the generated router, and the seed-cache handler pattern. Fixing each root cause once (in the generator / router codegen / proto conventions) resolves the large majority of findings in a few regenerate commits. Per-endpoint doc editing is the wrong altitude.
Hard-verified ground truth:
components.securitySchemes, 0 operationsecurityblocks, 0401bodies — yet every endpoint is API-key-enforced at the gateway.required:falseon every query param, ignoring protobuf.validate.required=true→ ~25 effectively-required params documented as optional (and contradicting their own componentrequired:[...]).0(a real coordinate) → 6+ endpoints silently return empty 200 instead of 400.Systemic root causes (each: scope → the ONE upstream fix)
securitySchemes.apiKey(X-API-Key/X-WorldMonitor-Key) + globalsecurity+ reusable401; regenerate.examples; regenerate.required:falsehardcoded. Scope: ~25 params, ≥12 services. Fix: generator readsbuf.validate.required→ sets parameterrequired:true; regenerate.undefined+ sharedrequireBbox()→ 400 with debug header. (= feat(api/dx): military bbox endpoints return silent empty 200 on missing/all-zero bbox — surface 400 or debug header #4595)(sebuf.doc.unimplemented)annotation rendered as "accepted but ignored" + buf-lint cross-check of handler param usage.degraded/stale/fetchedAtresponse field + doc-generator seed-cache note.403+ "PRO-gated" note; standardize gated behavior.Per-service matrix
Legend: D=empty param-desc · R=required · E=enum · Rs=response-contract · B=behavioral. A (auth) + X (examples) gaps are universal (34/34) and omitted below.
Prioritized fix plan (fix-once beats per-endpoint)
requiredpropagation — ~25 params corrected on regenerate.requireBbox()400) — delivers feat(api/dx): military bbox endpoints return silent empty 200 on missing/all-zero bbox — surface 400 or debug header #4595.degraded/stale/fetchedAt+ seed-cache doc note.(sebuf.doc.unimplemented)annotation + handler-param-usage lint.lastUpdatedint64→ISO; misleading example values.Fold-in checklist
components.securitySchemes+ per-opsecurity+401(all 34 specs)buf.validate.required→ parameterrequired:trueundefined; sharedrequireBbox()→ folds feat(api/dx): military bbox endpoints return silent empty 200 on missing/all-zero bbox — surface 400 or debug header #4595 (bbox 400 / debug header)degraded/stale/fetchedAtfield + seed-cache operation note (empty-200 semantics)(sebuf.doc.unimplemented)annotation + handler-param-usage lint (no-op params)Note: 13 additional high-severity candidates were rejected on verification (already documented or code-truth wrong); the 102 confirmed set above is authoritative.
Audit provenance
Method: full-surface sweep — one deep auditor per service diffing proto + generated routes + handlers against
docs/api/*.openapi.json, then adversarial verification of every high-severity gap (34 audit agents + 102 verifiers + synthesis). 349 total gaps, 115 high → 102 confirmed, 13 rejected as already-documented/incorrect.Independently re-verified before filing:
340/341query params arerequired:false(1 true);0/34services declarecomponents.securitySchemes;0/192operations carry examples;74/341params have empty descriptions; concrete param-vs-component contradiction confirmed (AnalyzeStockRequest.required:[symbol]vssymbolquery paramrequired:false).