feat(server): generate OpenAPI spec with utoipa (#241)

[haseebrabbani]

Summary

Resolves #241. Integrates utoipa to auto-generate an OpenAPI 3.1 specification directly from the HTTP handlers and wire models, so API docs stay in sync with the code (no manual drift).

Scope covers both HTTP surfaces — the client API (tag: client) consumed by SDKs/packages and the operator dashboard API (tag: dashboard) — plus the feature-gated EVM API (tag: evm).

Per the task framing, the deliverable is the generated spec file; a bundled Swagger UI was treated as optional and is not included (consumers can point Swagger UI / ReDoc / SDK generators at the spec).

What changed

• Annotations: #[utoipa::path(...)] on all 36 operations across api/http.rs, api/dashboard.rs, api/dashboard_feeds.rs, api/evm.rs (method, path, params, request body, per-status responses); #[derive(ToSchema)] / IntoParams on every request/response/query/model type in the graph (→ 82 component schemas), including the shared signature types.
• Aggregator: new openapi module with an ApiDoc OpenApi derive and a shared ApiErrorResponse schema mirroring GuardianError's envelope. openapi::openapi() merges the EVM surface only when the evm feature is compiled in, so the spec matches the routes actually mounted.
• Delivery: served at GET /api-docs/openapi.json (unauthenticated, read-only); a gen-openapi binary writes the spec to a file; the generated docs/openapi.json (built with evm) is committed and documented in docs/OPENAPI.md.

Regenerating

cargo run --features evm --bin gen-openapi -- docs/openapi.json

Testing

• cargo check (default) and --features evm: clean.
• cargo clippy --all-targets --all-features -- -D warnings on the touched crates: clean.
• Server lib suite: 523 passed; plus new unit tests asserting the spec builds/serializes, exposes each surface's paths, registers core schemas, and gates EVM behind the feature.

Notes

Purely additive documentation — no wire-shape changes — so the Rust/TS clients need no updates under the contract-change workflow.

Summary by CodeRabbit

Release Notes

• New Features

  • Added comprehensive OpenAPI 3.1 specifications for the client, dashboard, and EVM APIs, now served at GET /api-docs/openapi.json and committed under docs/.
  • All API endpoints, request/response schemas, security requirements, and error codes are now fully documented and machine-readable.

• Documentation

  • Added docs/OPENAPI.md guide and spec files for automatic API documentation generation.
  • Updated API documentation to reference authoritative OpenAPI specifications.

• Chores

  • Added CI job to detect and prevent API specification drift.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: af3704a0-85ed-4417-a714-13bc16cc75ee

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

Walkthrough

This PR integrates utoipa to auto-generate an OpenAPI 3.1 specification directly from Rust type annotations and HTTP handler metadata. The changes add workspace and crate dependencies, annotate 50+ domain types with schema derivations, decorate 25+ handlers with endpoint metadata, implement OpenAPI document generation with feature-gated EVM support, and expose both a runtime JSON endpoint and a CLI tool for spec generation.

Changes

OpenAPI Spec Generation Integration

Layer / File(s)	Summary
Workspace and crate dependencies Cargo.toml, crates/server/Cargo.toml, crates/shared/Cargo.toml	Adds utoipa version 5 with axum_extras feature to workspace dependencies; configures crates/server and crates/shared to depend on it.
Schema and type annotations crates/server/src/api/dashboard.rs, crates/server/src/api/evm.rs, crates/server/src/api/http.rs, crates/server/src/delta_object.rs, crates/server/src/delta_summary/mod.rs, crates/server/src/evm/proposal.rs, crates/server/src/metadata/auth/mod.rs, crates/server/src/metadata/network.rs, crates/server/src/services/*, crates/shared/src/lib.rs, crates/server/src/state_object.rs	Updates 50+ public types across dashboard, EVM, client API, and service layers to derive utoipa::ToSchema and (for query types) utoipa::IntoParams. Adds explicit schema metadata to JSON payload fields (e.g., #[schema(value_type = Object)]). Includes new VerifyOperatorResponse for auth flow.
HTTP handler OpenAPI annotations crates/server/src/api/dashboard.rs, crates/server/src/api/dashboard_feeds.rs, crates/server/src/api/evm.rs, crates/server/src/api/http.rs	Decorates 25+ handler functions with #[utoipa::path(...)] macros documenting HTTP method, path, request/response types, parameters, and expected status codes across dashboard auth (challenge/verify/logout), account management (list/detail/snapshot), global feeds, and client API surfaces.
OpenAPI document generation crates/server/src/openapi.rs, crates/server/src/lib.rs	Implements ApiErrorResponse schema for error envelopes, defines base ApiDoc document aggregating all client and dashboard paths, adds feature-gated EvmApiDoc for conditional EVM routes, and exports public openapi() function that builds, versions from CARGO_PKG_VERSION, and merges specs. Includes unit tests validating JSON serialization and presence of representative paths/schemas.
Runtime and CLI crates/server/src/builder/handle.rs, crates/server/src/bin/gen-openapi.rs	Registers GET /api-docs/openapi.json endpoint to serve auto-generated spec at runtime (unauthenticated). Implements gen-openapi binary that serializes spec to pretty JSON and writes to file path or stdout with POSIX-compliant newline.
Documentation docs/OPENAPI.md, docs/README.md	Introduces docs/OPENAPI.md explaining spec generation from utoipa annotations, surfaces covered (client and dashboard APIs), feature-gating for EVM routes, checked-in and runtime spec locations, and regeneration instructions. Updates docs/README.md navigation to include OpenAPI spec links.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• OpenZeppelin/guardian#231: Implements SessionInfoResponse and GET /dashboard/session endpoint; this PR adds utoipa schema/path annotations for the same endpoint and types.
• OpenZeppelin/guardian#224: Introduces dashboard endpoint/type changes that this PR annotates with OpenAPI metadata.
• OpenZeppelin/guardian#233: Adds pause/unpause DTOs and handlers to dashboard API; this PR adds OpenAPI annotations for those same types and endpoints.

Suggested labels

cla: allowlist

Suggested reviewers

• tirumerla
• onurinanc

Poem

🐇 Hops through schemas with glee,
utoipa makes specs you can see,
No manual drift, just derive and annotate,
OpenAPI docs that stay up-to-date!
Swagger UI ready, DX is great! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(server): generate OpenAPI spec with utoipa (#241)' directly and accurately describes the main objective of the PR: integrating utoipa to generate OpenAPI specifications.
Linked Issues check	✅ Passed	All coding objectives from issue #241 are met: utoipa is integrated [#241], data models and HTTP handlers are decorated with ToSchema/IntoParams/path attributes across ~82 component schemas and 36 operations [#241], the generated OpenAPI 3.1 spec covers client, dashboard, and feature-gated EVM surfaces [#241], the spec is auto-generated to keep documentation in sync with source code [#241], and it is served at /api-docs/openapi.json for downstream tool consumption [#241].
Out of Scope Changes check	✅ Passed	All changes are in scope: utoipa dependency additions, handler/model schema annotations, new openapi module and gen-openapi binary, documentation additions, and serving the spec via HTTP—all directly support the #241 objective of auto-generating OpenAPI specs. No unrelated refactoring or feature changes detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/openapi-utoipa-241

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR integrates utoipa into the guardian-server crate to generate an OpenAPI 3.1 specification directly from HTTP handlers and wire models, then exposes and documents that spec for downstream tooling (docs, SDK generators).

Changes:

• Adds #[utoipa::path] annotations to HTTP handlers and ToSchema / IntoParams derives to request/response/query models across client, dashboard, and feature-gated EVM HTTP surfaces.
• Introduces a new crates/server/src/openapi.rs aggregator module plus a gen-openapi binary to emit a committed docs/openapi.json.
• Serves the OpenAPI spec at GET /api-docs/openapi.json and documents regeneration/usage under docs/OPENAPI.md.

Reviewed changes

Copilot reviewed 32 out of 34 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
docs/README.md	Adds links to the OpenAPI documentation/spec artifact.
docs/OPENAPI.md	Documents where the spec lives, runtime endpoint, and regeneration command.
docs/openapi.json	Adds the generated OpenAPI 3.1 JSON spec (built with evm).
crates/shared/src/lib.rs	Derives utoipa::ToSchema for shared signature types used on the wire.
crates/shared/Cargo.toml	Adds utoipa dependency to guardian-shared.
crates/server/src/state_object.rs	Derives ToSchema and marks state_json as schema-free object.
crates/server/src/services/unpause_account.rs	Derives ToSchema for UnpauseResponse.
crates/server/src/services/pause_account.rs	Derives ToSchema for PauseResponse.
crates/server/src/services/dashboard_pagination.rs	Derives ToSchema for PagedResult<T>.
crates/server/src/services/dashboard_info.rs	Derives ToSchema for dashboard info/status response models.
crates/server/src/services/dashboard_global_proposals.rs	Derives ToSchema for global proposal feed entries.
crates/server/src/services/dashboard_global_deltas.rs	Derives ToSchema for global delta feed entries.
crates/server/src/services/dashboard_accounts.rs	Derives ToSchema for dashboard account summary/detail types.
crates/server/src/services/dashboard_account_snapshot.rs	Derives ToSchema for snapshot types.
crates/server/src/services/dashboard_account_proposals.rs	Derives ToSchema for per-account proposal feed entries.
crates/server/src/services/dashboard_account_deltas.rs	Derives ToSchema for per-account delta feed types.
crates/server/src/services/dashboard_account_delta_detail.rs	Derives ToSchema for delta detail response type.
crates/server/src/services/account_status.rs	Derives ToSchema for AccountStatus.
crates/server/src/openapi.rs	Adds OpenAPI document aggregation, error schema, EVM merge, and unit tests.
crates/server/src/metadata/network.rs	Derives ToSchema for NetworkConfig and MidenNetworkType.
crates/server/src/metadata/auth/mod.rs	Derives ToSchema for Auth enum used in client configure requests.
crates/server/src/lib.rs	Exposes the new openapi module.
crates/server/src/evm/proposal.rs	Derives ToSchema for EVM proposal models.
crates/server/src/delta_summary/mod.rs	Derives ToSchema for dashboard delta metadata and decode projection types.
crates/server/src/delta_object.rs	Derives ToSchema for delta objects/status/signatures and schema-free payload.
crates/server/src/builder/handle.rs	Serves the generated spec at /api-docs/openapi.json.
crates/server/src/bin/gen-openapi.rs	Adds a binary to generate/write the spec JSON.
crates/server/src/api/http.rs	Adds utoipa annotations for client HTTP handlers + schemas/params.
crates/server/src/api/evm.rs	Adds utoipa annotations for EVM HTTP handlers + schemas/params.
crates/server/src/api/dashboard.rs	Adds utoipa annotations for dashboard auth/account/session/pause endpoints.
crates/server/src/api/dashboard_feeds.rs	Adds utoipa annotations for dashboard feed endpoints + query params.
crates/server/Cargo.toml	Adds utoipa dependency to the server crate.
Cargo.toml	Adds workspace utoipa dependency with axum_extras feature.
Cargo.lock	Locks utoipa (and transitive updates like itertools).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[zeljkoX]

Thanks for working on this! Great first contribution.

I have reviewed it and would like to propose few improvements. Please let me know if they make sense to you.

• Document auth in OpenAPI

  • Add security schemes for:
    • Signed client headers: x-pubkey, x-signature, x-timestamp
    • Cookies: guardian_operator_session, guardian_evm_session
  • Apply security(...) per operation
  • Leave challenge/public endpoints unauthenticated

• Add missing error responses to utoipa annotations

  • Cross-cutting: 429 rate limit, 413 body limit if we want them per-endpoint
  • Dashboard endpoints: add 404 / 503 gaps for detail/snapshot/feed
  • Unpause: add 400
  • EVM: add 403 for signer authorization errors where applicable
  • Lookup: cover malformed input and storage errors

• Add CI spec drift detection

  • Regenerate OpenAPI to a temp file
  • Diff against docs/openapi.json or against more granular openapi spec files.
  • Fail CI when stale

• Generate more granual specs alongside the combined one

  • docs/openapi.json
  • docs/openapi-client.json
  • docs/openapi-dashboard.json
  • docs/openapi-evm.json
    This maps to existing TS clients and reduces unrelated schema exposure for potential SDK generation.

• Reduce manual endpoint docs

  • Review spec/api.md. Avoid duplicating spec in that document.

• Update agent/contributor guidance

  • Any change to HTTP handlers, DTOs, query/path params, auth behavior, or feature-gated routes must update utoipa annotations and regenerate the OpenAPI spec files

[haseebrabbani]

Thanks for the detailed review — all six points are addressed in ac7e1d4.

1. Document auth in OpenAPI ✅ Added security schemes: x-pubkey / x-signature / x-timestamp (apiKey headers, required together) for the client API, and operator_session / evm_session (apiKey cookies) for the dashboard/EVM APIs. security(...) is applied per operation; challenge/verify and /pubkey are left unauthenticated.

2. Missing error responses ✅

• Cross-cutting 429 (rate limit) and 413 (body limit) are injected into every operation via a Modify addon, so they aren't repeated in each annotation.
• Dashboard: added 404/503 to account detail & snapshot; unpause now has 400.
• EVM: added 403 (signer authorization) to register/create/approve.
• Lookup: added 400 (malformed commitment) and 500 (storage error).

3. CI spec drift detection ✅ New OpenAPI Spec Drift job runs gen-openapi --check docs and fails CI when the committed specs are stale.

4. Granular specs ✅ gen-openapi now emits all four: docs/openapi.json (combined) + docs/openapi-client.json, docs/openapi-dashboard.json, docs/openapi-evm.json. Each per-surface spec carries only its own paths/security scheme, mapping to the matching TS client package and keeping SDK generation scoped.

5. Reduce manual endpoint docs ✅ Replaced the per-endpoint shape catalog in spec/api.md with an endpoint index table + a "behavioral notes" section, pointing at the OpenAPI specs as the source of truth for shapes/status/auth (804 → 479 lines). I deliberately kept the protocol semantics OpenAPI can't express (cursor stability, EVM exclusions, aggregate degradation, lookup PoP) and the Data Shapes section (also serves gRPC). Happy to trim further if you'd prefer.

6. Contributor guidance ✅ AGENTS.md §4 (contract-change workflow) and the server layer guidance now require updating the #[utoipa::path]/ToSchema annotations and regenerating the specs on any HTTP contract change; docs/OPENAPI.md documents the four files, the auth schemes, and the regen/--check commands.

Combined spec is now 36 operations / 82 schemas / 5 security schemes. Local checks green: clippy --all-targets --all-features -D warnings, server lib tests (540), and the drift --check.

One open question on #5: I took the conservative path of keeping behavioral/semantic notes rather than deleting the section outright — let me know if you'd like a more aggressive trim of Data Shapes too (it currently doubles as the gRPC shape reference).

[codecov-commenter]

Codecov Report

❌ Patch coverage is 92.25352% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.35%. Comparing base (61886ab) to head (fcd33d9).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #271      +/-   ##
==========================================
+ Coverage   76.26%   76.35%   +0.08%     
==========================================
  Files         139      140       +1     
  Lines       25479    25621     +142     
==========================================
+ Hits        19432    19563     +131     
- Misses       6047     6058      +11     

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 61886ab...fcd33d9. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Copilot reviewed 37 out of 40 changed files in this pull request and generated 4 comments.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

191-192: 💤 Low value

Consider hardening checkout with persist-credentials: false (pre-existing pattern).

The zizmor static analysis flags that the checkout action doesn't set persist-credentials: false, which prevents Git credentials from persisting in the runner environment. However, this is consistent with all other jobs in this workflow (test, clippy, fmt, build), so addressing it would be a separate hardening effort across the entire CI configuration rather than specific to this PR.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 191 - 192, The checkout step named
"Checkout code" uses actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
and should be hardened by adding the input persist-credentials: false to the
step; update the "Checkout code" step (and any other identical checkout steps
across jobs like test, clippy, fmt, build) to include persist-credentials: false
so Git credentials are not persisted in the runner environment.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 191-192: The checkout step named "Checkout code" uses
actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 and should be hardened
by adding the input persist-credentials: false to the step; update the "Checkout
code" step (and any other identical checkout steps across jobs like test,
clippy, fmt, build) to include persist-credentials: false so Git credentials are
not persisted in the runner environment.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3b8a47fa-fa5a-41e6-b9e0-24c6348f7179

📥 Commits

Reviewing files that changed from the base of the PR and between 2575e11 and fcd33d9.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• .github/workflows/ci.yml
• AGENTS.md
• Cargo.toml
• crates/server/Cargo.toml
• crates/server/src/api/dashboard.rs
• crates/server/src/api/dashboard_feeds.rs
• crates/server/src/api/evm.rs
• crates/server/src/api/http.rs
• crates/server/src/bin/gen-openapi.rs
• crates/server/src/lib.rs
• crates/server/src/openapi.rs
• docs/OPENAPI.md
• docs/openapi-client.json
• docs/openapi-dashboard.json
• docs/openapi-evm.json
• docs/openapi.json
• spec/api.md

✅ Files skipped from review due to trivial changes (5)

• crates/server/Cargo.toml
• AGENTS.md
• spec/api.md
• docs/OPENAPI.md
• crates/server/src/api/dashboard_feeds.rs

🚧 Files skipped from review as they are similar to previous changes (5)

• Cargo.toml
• crates/server/src/lib.rs
• crates/server/src/api/evm.rs
• crates/server/src/api/http.rs
• crates/server/src/api/dashboard.rs

[zeljkoX]

Looks great!

Thanks!