@checkstack/healthcheck-common 1.0.1 → 1.1.0

package/CHANGELOG.md

@@ -1,5 +1,76 @@
 # @checkstack/healthcheck-common
 
+## 1.1.0
+
+### Minor Changes
+
+- 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
+  through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
+  `GET` with query parameters, mutations are `POST` with the input as the raw
+  JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
+  native wire protocol unchanged, so existing clients are not affected.
+
+  The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
+  `paths` entry is prefixed with `/rest` instead of `/api`.
+
+  Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
+  returned 404 on production deployments because the static-file middleware
+  skipped any path starting with `/api`, capturing `/api-docs` along with real
+  API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
+
+  Required access rules are now visible in the API Docs UI. The OpenAPI spec
+  generator was reading a non-existent `accessRules` field on procedure
+  metadata; the real field is `access: AccessRule[]`. Each procedure's access
+  rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
+  and emitted under `x-orpc-meta.accessRules`, which the existing
+  `Required Access Rules` section in the docs UI already knew how to render.
+
+  The API Docs schema renderer now handles record types (zod `z.record`),
+  `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
+  types (`type: ["string", "null"]`), and `format` qualifiers. Previously
+  record outputs like `{ statuses: object }` masked the actual value type;
+  they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
+  schema expanded, capped at 12 levels with cycle detection.
+
+  **REST method conventions.** `proc()` now defaults to `GET` for queries and
+  `POST` for mutations on the `/rest` mount, using bracket-notation query
+  params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
+  procedures were updated to follow REST semantics:
+
+  - `update*` mutations → `PATCH`
+  - `delete*` / `remove*` mutations → `DELETE`
+  - `getBulk*` queries and any query taking a large array input → `POST`
+    (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
+
+  GET endpoints require an `object` input — bare scalars like
+  `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
+  refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
+  to fit the GET shape; the only call-site update was the in-process router
+  unpacking `input.systemId` instead of passing `input` directly.
+
+  The API Docs UI now renders query parameters (path/query/header/cookie) in a
+  dedicated table for GET endpoints, and the fetch example shows them in the
+  URL with `<required>` / `<optional>` placeholders.
+
+### Patch Changes
+
+- Updated dependencies [9016526]
+  - @checkstack/common@0.10.0
+  - @checkstack/catalog-common@2.2.0
+  - @checkstack/notification-common@1.1.0
+  - @checkstack/signal-common@0.2.3
+
+## 1.0.2
+
+### Patch Changes
+
+- Updated dependencies [42abfff]
+- Updated dependencies [1ef2e79]
+  - @checkstack/common@0.9.0
+  - @checkstack/catalog-common@2.1.0
+  - @checkstack/notification-common@1.0.2
+  - @checkstack/signal-common@0.2.2
+
 ## 1.0.1
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkstack/healthcheck-common",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "license": "Elastic-2.0",
   "type": "module",
   "exports": {
@@ -9,16 +9,16 @@
     }
   },
   "dependencies": {
-    "@checkstack/common": "0.7.0",
-    "@checkstack/catalog-common": "2.0.0",
-    "@checkstack/notification-common": "1.0.0",
-    "@checkstack/signal-common": "0.2.0",
+    "@checkstack/common": "0.9.0",
+    "@checkstack/catalog-common": "2.1.0",
+    "@checkstack/notification-common": "1.0.2",
+    "@checkstack/signal-common": "0.2.2",
     "zod": "^4.2.1"
   },
   "devDependencies": {
     "typescript": "^5.7.2",
-    "@checkstack/tsconfig": "0.0.6",
-    "@checkstack/scripts": "0.1.2"
+    "@checkstack/tsconfig": "0.0.7",
+    "@checkstack/scripts": "0.3.1"
   },
   "scripts": {
     "typecheck": "tsgo -b",

package/src/rpc-contract.ts

@@ -92,6 +92,7 @@ export const healthCheckContract = {
     userType: "authenticated",
     access: [healthCheckAccess.configuration.manage],
   })
+    .route({ method: "PATCH" })
     .input(
       z.object({
         id: z.string(),
@@ -105,6 +106,7 @@ export const healthCheckContract = {
     userType: "authenticated",
     access: [healthCheckAccess.configuration.manage],
   })
+    .route({ method: "DELETE" })
     .input(z.string())
     .output(z.void()),
 
@@ -133,7 +135,7 @@ export const healthCheckContract = {
     userType: "authenticated",
     access: [healthCheckAccess.configuration.read],
   })
-    .input(z.string())
+    .input(z.object({ systemId: z.string() }))
     .output(z.array(HealthCheckConfigurationSchema)),
 
   getSystemAssociations: proc({
@@ -209,6 +211,7 @@ export const healthCheckContract = {
     userType: "authenticated",
     access: [healthCheckAccess.configuration.manage],
   })
+    .route({ method: "PATCH" })
     .input(
       z.object({
         systemId: z.string(),
@@ -346,6 +349,7 @@ export const healthCheckContract = {
     access: [healthCheckAccess.status],
     instanceAccess: { recordKey: "statuses" },
   })
+    .route({ method: "POST" })
     .input(z.object({ systemIds: z.array(z.string()) }))
     .output(
       z.object({