@checkstack/incident-common 1.0.1 → 1.2.0

package/CHANGELOG.md

@@ -1,5 +1,110 @@
 # @checkstack/incident-common
 
+## 1.2.0
+
+### Minor Changes
+
+- 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
+  through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
+  `GET` with query parameters, mutations are `POST` with the input as the raw
+  JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
+  native wire protocol unchanged, so existing clients are not affected.
+
+  The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
+  `paths` entry is prefixed with `/rest` instead of `/api`.
+
+  Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
+  returned 404 on production deployments because the static-file middleware
+  skipped any path starting with `/api`, capturing `/api-docs` along with real
+  API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
+
+  Required access rules are now visible in the API Docs UI. The OpenAPI spec
+  generator was reading a non-existent `accessRules` field on procedure
+  metadata; the real field is `access: AccessRule[]`. Each procedure's access
+  rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
+  and emitted under `x-orpc-meta.accessRules`, which the existing
+  `Required Access Rules` section in the docs UI already knew how to render.
+
+  The API Docs schema renderer now handles record types (zod `z.record`),
+  `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
+  types (`type: ["string", "null"]`), and `format` qualifiers. Previously
+  record outputs like `{ statuses: object }` masked the actual value type;
+  they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
+  schema expanded, capped at 12 levels with cycle detection.
+
+  **REST method conventions.** `proc()` now defaults to `GET` for queries and
+  `POST` for mutations on the `/rest` mount, using bracket-notation query
+  params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
+  procedures were updated to follow REST semantics:
+
+  - `update*` mutations → `PATCH`
+  - `delete*` / `remove*` mutations → `DELETE`
+  - `getBulk*` queries and any query taking a large array input → `POST`
+    (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
+
+  GET endpoints require an `object` input — bare scalars like
+  `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
+  refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
+  to fit the GET shape; the only call-site update was the in-process router
+  unpacking `input.systemId` instead of passing `input` directly.
+
+  The API Docs UI now renders query parameters (path/query/header/cookie) in a
+  dedicated table for GET endpoints, and the fetch example shows them in the
+  URL with `<required>` / `<optional>` placeholders.
+
+### Patch Changes
+
+- Updated dependencies [9016526]
+  - @checkstack/common@0.10.0
+  - @checkstack/catalog-common@2.2.0
+  - @checkstack/notification-common@1.1.0
+  - @checkstack/frontend-api@0.5.1
+  - @checkstack/signal-common@0.2.3
+
+## 1.1.0
+
+### Minor Changes
+
+- 1ef2e79: feat: hotlinks on incidents/maintenances and additional links on systems
+
+  Users with `manage` access on an incident, maintenance, or system can now
+  attach free-form URL "hotlinks" — Jira tickets, runbooks, dashboards, ticket
+  tools, etc. — alongside the existing fields.
+
+  - **Incidents** & **maintenances**: links live on the entity itself and are
+    surfaced both in the editor dialog and on the public detail page. Two new
+    RPC procedures per plugin (`addLink`, `removeLink`) gated behind the
+    existing `manage` access rule. Links are returned as part of
+    `getIncident` / `getMaintenance` and cache-invalidated on every link
+    mutation.
+  - **Systems**: a parallel `system_links` table with `getSystemLinks`,
+    `addSystemLink`, `removeSystemLink` procedures. Surfaced inside the
+    system editor (next to contacts) and on the read-only system detail
+    sidebar. Cache-scoped per-system so list endpoints remain hot.
+  - **Shared UI**: a `LinksEditor` component in `@checkstack/ui` does the
+    presentation; the three plugins each own their own RPC wiring.
+
+  Database changes ship as additive migrations (new `incident_links`,
+  `maintenance_links`, `system_links` tables, all FK-cascaded on parent
+  delete). No existing columns or rows are touched.
+
+  The system incident and maintenance history pages now sort by relevance:
+  active entries (non-`resolved` incidents, `scheduled` or `in_progress`
+  maintenances) appear at the top, with creation date descending as the
+  tiebreaker.
+
+### Patch Changes
+
+- Updated dependencies [42abfff]
+- Updated dependencies [1ef2e79]
+- Updated dependencies [aa89bc5]
+- Updated dependencies [950d6ec]
+  - @checkstack/common@0.9.0
+  - @checkstack/catalog-common@2.1.0
+  - @checkstack/frontend-api@0.5.0
+  - @checkstack/notification-common@1.0.2
+  - @checkstack/signal-common@0.2.2
+
 ## 1.0.1
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkstack/incident-common",
-  "version": "1.0.1",
+  "version": "1.2.0",
   "license": "Elastic-2.0",
   "type": "module",
   "exports": {
@@ -9,18 +9,18 @@
     }
   },
   "dependencies": {
-    "@checkstack/common": "0.7.0",
-    "@checkstack/catalog-common": "2.0.0",
-    "@checkstack/frontend-api": "0.4.1",
-    "@checkstack/notification-common": "1.0.0",
-    "@checkstack/signal-common": "0.2.0",
+    "@checkstack/common": "0.9.0",
+    "@checkstack/catalog-common": "2.1.0",
+    "@checkstack/frontend-api": "0.5.0",
+    "@checkstack/notification-common": "1.0.2",
+    "@checkstack/signal-common": "0.2.2",
     "@orpc/contract": "^1.13.14",
     "zod": "^4.2.1"
   },
   "devDependencies": {
     "typescript": "^5.7.2",
-    "@checkstack/tsconfig": "0.0.6",
-    "@checkstack/scripts": "0.1.2"
+    "@checkstack/tsconfig": "0.0.7",
+    "@checkstack/scripts": "0.3.1"
   },
   "scripts": {
     "typecheck": "tsgo -b",

package/src/index.ts

@@ -11,6 +11,8 @@ export {
   IncidentWithSystemsSchema,
   IncidentUpdateSchema,
   IncidentDetailSchema,
+  IncidentLinkSchema,
+  AddIncidentLinkInputSchema,
   CreateIncidentInputSchema,
   UpdateIncidentInputSchema,
   AddIncidentUpdateInputSchema,
@@ -20,6 +22,8 @@ export {
   type IncidentWithSystems,
   type IncidentUpdate,
   type IncidentDetail,
+  type IncidentLink,
+  type AddIncidentLinkInput,
   type CreateIncidentInput,
   type UpdateIncidentInput,
   type AddIncidentUpdateInput,

package/src/rpc-contract.ts

@@ -6,6 +6,8 @@ import {
   IncidentWithSystemsSchema,
   IncidentDetailSchema,
   IncidentUpdateSchema,
+  IncidentLinkSchema,
+  AddIncidentLinkInputSchema,
   CreateIncidentInputSchema,
   UpdateIncidentInputSchema,
   AddIncidentUpdateInputSchema,
@@ -57,6 +59,7 @@ export const incidentContract = {
     access: [incidentAccess.incident.read],
     instanceAccess: { recordKey: "incidents" },
   })
+    .route({ method: "POST" })
     .input(z.object({ systemIds: z.array(z.string()) }))
     .output(
       z.object({
@@ -79,6 +82,7 @@ export const incidentContract = {
     userType: "authenticated",
     access: [incidentAccess.incident.manage],
   })
+    .route({ method: "PATCH" })
     .input(UpdateIncidentInputSchema)
     .output(IncidentWithSystemsSchema),
 
@@ -100,12 +104,32 @@ export const incidentContract = {
     .input(z.object({ id: z.string(), message: z.string().optional() }))
     .output(IncidentWithSystemsSchema),
 
+  /** Add a hotlink (e.g. Jira ticket, runbook) to an incident */
+  addLink: proc({
+    operationType: "mutation",
+    userType: "authenticated",
+    access: [incidentAccess.incident.manage],
+  })
+    .input(AddIncidentLinkInputSchema)
+    .output(IncidentLinkSchema),
+
+  /** Remove a hotlink from an incident */
+  removeLink: proc({
+    operationType: "mutation",
+    userType: "authenticated",
+    access: [incidentAccess.incident.manage],
+  })
+    .route({ method: "DELETE" })
+    .input(z.object({ id: z.string() }))
+    .output(z.object({ success: z.boolean() })),
+
   /** Delete an incident */
   deleteIncident: proc({
     operationType: "mutation",
     userType: "authenticated",
     access: [incidentAccess.incident.manage],
   })
+    .route({ method: "DELETE" })
     .input(z.object({ id: z.string() }))
     .output(z.object({ success: z.boolean() })),
 

package/src/schemas.ts

@@ -58,10 +58,30 @@ export const IncidentUpdateSchema = z.object({
 export type IncidentUpdate = z.infer<typeof IncidentUpdateSchema>;
 
 /**
- * Full incident detail with systems and updates
+ * Free-form hotlink attached to an incident (e.g. Jira ticket, runbook).
+ */
+export const IncidentLinkSchema = z.object({
+  id: z.string(),
+  incidentId: z.string(),
+  label: z.string().nullable(),
+  url: z.string(),
+  createdAt: z.date(),
+});
+export type IncidentLink = z.infer<typeof IncidentLinkSchema>;
+
+export const AddIncidentLinkInputSchema = z.object({
+  incidentId: z.string(),
+  label: z.string().max(120).optional(),
+  url: z.string().url("Must be a valid URL"),
+});
+export type AddIncidentLinkInput = z.infer<typeof AddIncidentLinkInputSchema>;
+
+/**
+ * Full incident detail with systems, updates, and hotlinks
  */
 export const IncidentDetailSchema = IncidentWithSystemsSchema.extend({
   updates: z.array(IncidentUpdateSchema),
+  links: z.array(IncidentLinkSchema),
 });
 export type IncidentDetail = z.infer<typeof IncidentDetailSchema>;