fix: align scopes.yaml with v4 schema paths#352
Merged
Conversation
The SDK sync action (dx-team-toolkit/update-sdk-schema) filters the
downloaded schema by allowed scopes using scopes.yaml. Paths still
listed v3 names (/events/{request_id}, /events/search) while the
released fingerprint-server-api-v4.yaml uses /events/{event_id} and
/events, so the filter deleted every events path and left only
/visitors/{visitor_id}. All 5 open SDK sync PRs for v3.2.0 (node #239,
go #46, python #188, java #20, php #211) are truncated identically;
node-sdk's generated types collapsed from 1421 lines to 3.
Updates events/events-search/visitors to the v4 paths and methods
(get+patch on /events/{event_id}, get on /events, delete on
/visitors/{visitor_id}). webhook and related-visitors scopes keep
their names and now-inert paths - they don't exist in the v4 schema
but the filter ignores unmatched scopes, and removing them would
just produce noise in the filter logs and break scope names referenced
by scripts/changeset.js.
|
Contributor
Schema Diff vs Published Schemas
No schema changes detected between local build output and published GitHub Pages schemas. |
ilfa
previously approved these changes
Apr 23, 2026
Added functionality to the lintChangesets script to check for valid scopes defined in config/scopes.yaml. The script now flags changesets with invalid scopes and accepts changesets without a scope line. Updated tests to cover these new validations.
Contributor
🚀 Following releases will be created using changesets from this PR:fingerprint-pro-server-api-openapi@3.3.0Minor Changes
|
ilfa
approved these changes
Apr 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the path-scope allowlist to match the v4 OpenAPI schema. The SDK sync action was filtering out every
eventspath becausescopes.yamlstill listed v3-era names (/events/{request_id},/events/search) while the releasedfingerprint-server-api-v4.yamluses/events/{event_id}and/events.Evidence
All 5 open SDK sync PRs for tag
v3.2.0are identically truncated — only/visitors/{visitor_id}survives because that path name is unchanged across v3→v4:src/generatedApiTypes.tscollapsed from 1421 → 3 linesJob logs (example) confirm every SDK downloads
fingerprint-server-api-v4.yaml(theschema-pathinput in the sync workflow is only the local save path, not the download source).Changes
events:/events/{request_id}(get+put) →/events/{event_id}(get+patch)events-search:/events/search(get) →/events(get)visitors: removed obsolete v3geton/visitors/{visitor_id}, keepsdeletewebhook:trace→post— cosmetic only;/webhookdoesn't exist as a path in v4 (webhook moved to OpenAPI 3.1 top-levelwebhooks:, whichfilter-schemadoesn't touch)related-visitors: unchanged — no v4 equivalent, kept as an inert scope name soallowed-scopesin the sync workflow andscripts/changeset.jskeep workingv4 path/method mappings verified against
schemas/paths/event.yaml,events.yaml,visitors.yaml.Caveats — important for re-running sync
scopes.yamlis bundled as a per-release asset (.github/workflows/upload-schemas.yml). Theupdate-sdk-schemaaction downloadsscopes.yamlfrom each intermediate release it iterates through (update-schema-for-tag.ts). That means:To fully unblock SDK syncs, one of the following is needed in addition to this PR:
scopes.yaml, and have each SDK's.schema-versionbump directly to that new tag — skipping the broken intermediate ones.scopes.yamlto the existing broken releases.dx-team-toolkit/update-sdk-schemato sourcescopes.yamlfrom a single canonical location instead of per-release (longer term).No changeset
This is a tooling config fix, not a schema change — the public schema contract is unaffected. The pending
events-rfc3339-timestamps.mdchangeset will drive the next release regardless and ship this fix alongside it.Test plan
pnpm test(77/77 pass)pnpm lint(clean)prettier --check config/scopes.yaml(clean)filter-schema.tswith the new scopes against the releasedfingerprint-server-api-v4.yaml—/events/{event_id}(get, patch),/events(get),/visitors/{visitor_id}(delete) all survive/visitors/{visitor_id})