fix: sync developer portal openapi spec

[jarvis9443]

This mirrors the Developer Portal OpenAPI corrections from api7/api7ee-3-control-plane#2683 into the SDK package.

The mirrored spec now removes the invalid required Developer.status field without adding Developer.state, requires request bodies for mutating operations, documents bearer auth globally, and requires X-Portal-Developer-ID only for operations that need the active developer context. The 500 response branches are kept for compatibility with existing generated SDK error handling.

The version plan is major because generated mutating operation inputs now require request bodies/options, which is a breaking TypeScript surface change for v1 consumers.

Validation run locally:

pnpm nx run portal-sdk:openapi-ts
pnpm nx run portal-sdk:typecheck
pnpm nx run portal-sdk:build
pnpm exec nx run-many -t lint build typecheck
pnpm nx release plan:check

Summary by CodeRabbit

• New Features

  • Added an API-key header authentication option alongside bearer token auth for developer-scoped requests.

• Bug Fixes

  • Fixed Developer Portal OpenAPI metadata and tightened request body requirements for create/update/regenerate endpoints.
  • Adjusted developer object required fields (replaced status with state) and clarified ordering behavior uses created_at/updated_at.
  • Clarified that some endpoints remain bearer-token only.

• Chores

  • Bumped portal-sdk to a major version.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f97f2633-dea1-4223-a899-a77817cc4f4d

📥 Commits

Reviewing files that changed from the base of the PR and between febebeb and 5b6ac4e.

📒 Files selected for processing (1)

• packages/portal-sdk/openapi.yaml

---

📝 Walkthrough

Walkthrough

Adds DeveloperIDHeader apiKey header and operation-level security entries, marks several mutating endpoints' JSON requestBody as required, updates Developer schema required fields and OrderBy description, and bumps the SDK version plan.

Changes

Developer Portal OpenAPI Specification Updates

Layer / File(s)	Summary
API Security Scheme and Operation-level Security packages/portal-sdk/openapi.yaml	Defines DeveloperIDHeader (apiKey header X-Portal-Developer-ID), expands API auth description, and applies operation-level security entries (some endpoints explicitly BearerAuth only; many require both BearerAuth and DeveloperIDHeader).
Request Body Validation Enforcement packages/portal-sdk/openapi.yaml	Marks JSON requestBody as required: true for multiple mutating endpoints (developers POST, api_product subscriptions POST, subscriptions POST, applications POST/PUT, credentials POST/PUT/regenerate).
Developer schema required fields packages/portal-sdk/openapi.yaml	Changes components.schemas.Developer.required to remove status and use state instead.
OrderBy Parameter Update packages/portal-sdk/openapi.yaml	Updates components.parameters.OrderBy.description to specify ordering by created_at or updated_at.
Version Plan .nx/version-plans/version-plan-1779246751432.md	Bumps portal-sdk to major and adds a release note about fixing Developer Portal OpenAPI metadata and request body types.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant PortalAPI
  participant AuthMiddleware
  Client->>PortalAPI: HTTP request (Authorization: Bearer <token>, X-Portal-Developer-ID: <dev-id>)
  PortalAPI->>AuthMiddleware: validate Bearer token and/or DeveloperIDHeader per operation
  AuthMiddleware->>PortalAPI: authentication result (allow / deny)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• api7/api7ee-3-control-plane#2683 — Implements the same OpenAPI fixes: add X-Portal-Developer-ID, adjust global/operation security, mark mutating requestBody entries required, and update OrderBy description.

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
E2e Test Quality Review	❓ Inconclusive	PR updates OpenAPI spec with auto-generated SDK code, validated via build/typecheck/lint. Check assumes E2E tests required, but infrastructure changes don't typically need E2E tests.	Clarify if E2E tests apply to OpenAPI spec updates. If not, adjust check criteria or exclude for spec/auto-gen PR types.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: syncing the Developer Portal OpenAPI specification with corrections from the control-plane repository.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Security Check	✅ Passed	Bearer authentication and Developer ID scoping properly implemented. Request bodies required for mutations. Secrets only returned on creation. Generic error responses prevent data leakage.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-devportal-openapi-2683

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR synchronizes the @api7/portal-sdk OpenAPI spec (and generated SDK/types) with upstream Developer Portal corrections, aligning the TypeScript SDK surface with the API’s updated schema and request-body requirements.

Changes:

• Updates the OpenAPI spec metadata (expanded description, adds X-Portal-Developer-ID header auth) and marks mutating requestBody sections as required.
• Regenerates TypeScript types to include Developer.state and make request bodies required for mutating operations; corrects order_by descriptions to reference updated_at.
• Updates generated SDK function signatures to require options where request bodies are required, matching the regenerated types.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

File	Description
packages/portal-sdk/openapi.yaml	Syncs OpenAPI metadata/auth and enforces required request bodies; corrects order_by descriptions.
packages/portal-sdk/src/generated/types.gen.ts	Regenerates types to add Developer.state and require bodies for mutating operations; updates related docs.
packages/portal-sdk/src/generated/sdk.gen.ts	Aligns SDK method signatures with required-body operations (requires options).
.nx/version-plans/version-plan-1779246751432.md	Adds an Nx release plan entry for the portal-sdk package bump.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.nx/version-plans/version-plan-1779246751432.md:
- Line 2: The package version-plan currently lists "portal-sdk: patch" but the
generated public API changed (Developer.status → Developer.state), which is a
breaking/semver-minor change; update the version plan entry to at least
"portal-sdk: minor" (or "major" if your policy requires) so the release reflects
the public type change, and ensure the file version-plan-1779246751432.md is
updated accordingly to reference the new bump for portal-sdk and any related
notes about the Developer.status → Developer.state rename.

In `@packages/portal-sdk/openapi.yaml`:
- Line 1396: The OpenAPI parameter description for "order_by" is incorrect (it
describes sort direction instead of the sort field); update the description of
the order_by parameter in packages/portal-sdk/openapi.yaml to clearly state that
it selects which field to sort by (e.g., "Field to sort results by, such as
`created_at` or `updated_at`") and remove any mention of ascending/descending
ordering so docs generated from the "order_by" parameter are semantically
accurate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ce257b57-4728-4f5b-94c3-61c6deb7a091

📥 Commits

Reviewing files that changed from the base of the PR and between 9046100 and b48a75b.

⛔ Files ignored due to path filters (2)

• packages/portal-sdk/src/generated/sdk.gen.ts is excluded by !**/generated/**
• packages/portal-sdk/src/generated/types.gen.ts is excluded by !**/generated/**

📒 Files selected for processing (2)

• .nx/version-plans/version-plan-1779246751432.md
• packages/portal-sdk/openapi.yaml

[jarvis9443]

The inline issues are addressed: order_by now describes the sort field, and the version plan is now a major bump because generated mutating operation inputs require options.body, which is breaking for v1 consumers.

I did not add E2E tests here because this repo is the TypeScript SDK package and the change is generated from packages/portal-sdk/openapi.yaml. I validated it with portal-sdk:openapi-ts, portal-sdk:typecheck, portal-sdk:build, lint build typecheck, and nx release plan:check.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 4 changed files in this pull request and generated no new comments.

[jarvis9443]

Adjusted to match the control-plane review: Developer.state is no longer added to the SDK types because the API does not expose it. The SDK mirror now only removes the invalid required status field, keeps the request body/header/description fixes, and uses a major version plan because required request body/options are still a breaking TypeScript surface change for v1 consumers.

Revalidated locally with:

pnpm nx run portal-sdk:openapi-ts
pnpm nx run portal-sdk:typecheck
pnpm exec nx run-many -t lint build typecheck
pnpm nx release plan:check

[Copilot]

Pull request overview

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.nx/version-plans/version-plan-1779246751432.md:
- Line 2: The version plan currently lists the entry "portal-sdk: major" but
this PR's changes are minor; update that entry to "portal-sdk: minor" so the
planned release level matches the documented contract impact—edit the line
containing the exact token "portal-sdk: major" and replace "major" with "minor".

In `@packages/portal-sdk/openapi.yaml`:
- Around line 547-548: Add the same security override used by
getPublicAccessSettings to the getSMTPServerStatus operation so it requires only
BearerAuth (not the global DeveloperIDHeader). Locate the getSMTPServerStatus
operation in the OpenAPI document and replace its inherited security
requirements with a local security block containing only "BearerAuth: []"
(mirroring getPublicAccessSettings) so both system-read endpoints have
consistent Bearer-only auth.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d677d88a-8445-43e0-8cc9-18fa73e7b14a

📥 Commits

Reviewing files that changed from the base of the PR and between 5169306 and 4654e96.

📒 Files selected for processing (2)

• .nx/version-plans/version-plan-1779246751432.md
• packages/portal-sdk/openapi.yaml

[Copilot]

Pull request overview

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

[jarvis9443]

One note on the latest CodeRabbit walkthrough: the Developer schema does not add or require state in the final diff. The API does not expose that field, so this PR only removes the invalid status entry from Developer.required.