Skip to content

docs(admin): fix API key OpenAPI metadata#677

Merged
kayx23 merged 4 commits into
mainfrom
docs/fix-mcp-openapi-review
Jun 30, 2026
Merged

docs(admin): fix API key OpenAPI metadata#677
kayx23 merged 4 commits into
mainfrom
docs/fix-mcp-openapi-review

Conversation

@kayx23

@kayx23 kayx23 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • document self-hosted API key MCP tool access in the Admin API request and response schemas
  • rename the try_anyway ReDoc variant title from Original order to Try anyway
  • remove internal rollout/review wording from the generated ApiKey.user_name description

Runtime impact

No runtime behavior change. The self-hosted API key handler already accepts and returns allowed_tools; this PR fixes the generated Admin API reference metadata.

Validation

  • cargo run -p aisix-core --bin dump-schema
  • cargo test -p aisix-admin openapi_
  • cargo run -p aisix-admin --bin dump-openapi > /tmp/admin-api.openapi.reviewfix.json
  • cargo fmt --check

Summary by CodeRabbit

  • New Features

    • API key settings now document an allowed_tools option, including support for allowing all tools with * or leaving the field unset.
  • Documentation

    • Clarified API key field descriptions for both request and response formats.
    • Improved guidance on how display names are used in telemetry when omitted.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@kayx23, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 35 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c47c024b-0a2a-4899-8590-ef677ac78010

📥 Commits

Reviewing files that changed from the base of the PR and between 0dd2b3a and 598992a.

📒 Files selected for processing (4)
  • crates/aisix-admin/src/lib.rs
  • crates/aisix-admin/src/openapi.rs
  • crates/aisix-core/src/models/apikey.rs
  • schemas/resources/api_key.schema.json
📝 Walkthrough

Walkthrough

Adds allowed_tools (array of strings or null) to the OpenAPI schemas for PublicApiKey and ApiKeyRequest, with wildcard "*" semantics documented. A ReDoc tab label for WhenAllUnavailablePolicy is corrected. The user_name field description is refreshed in the Rust model and JSON Schema to clarify telemetry-only usage.

Changes

OpenAPI and documentation updates

Layer / File(s) Summary
allowed_tools in OpenAPI schemas and tests
crates/aisix-admin/src/openapi.rs
Adds allowed_tools field (array<string> or null) to PublicApiKey and ApiKeyRequest schemas with namespaced tool name and wildcard "*" semantics. Fixes ReDoc tab label for WhenAllUnavailablePolicy second variant from "Original order" to "Try anyway". Extends the existing test to assert allowed_tools presence in both schemas.
user_name doc refresh
crates/aisix-core/src/models/apikey.rs, schemas/resources/api_key.schema.json
Replaces outdated CP/API synchronization notes with a concise telemetry-focused description stating "unknown" is used when user_name is omitted.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
E2e Test Quality Review ⚠️ Warning The new coverage only inspects merged_openapi() JSON; it never exercises /admin/v1/apikeys through HTTP/store, so it’s spec-level, not E2E. Add/extend a real CRUD integration test (ideally the etcd round-trip) for allowed_tools on create/update/list/rotate, then keep the OpenAPI assertions.
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects the main change: updating Admin API OpenAPI metadata for API keys.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Security Check ✅ Passed Only docs/schema/comment updates; no logging, auth, storage, TLS, or response-handling code changed.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/fix-mcp-openapi-review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/aisix-admin/src/openapi.rs`:
- Around line 3167-3175: The allowed_tools schema currently permits null but
only documents the omitted case, so clients cannot tell what null means. Update
the OpenAPI/resource model entries for allowed_tools to either narrow the type
to array only or explicitly document the null behavior consistently in both
places, using the surrounding schema definitions in openapi.rs as the reference
points. Make the description public-API accurate and clear about whether null
clears access, matches empty, or is just a server return value.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: efda0f25-651e-4c85-8521-42615c03673f

📥 Commits

Reviewing files that changed from the base of the PR and between 6b1d8cc and 0dd2b3a.

📒 Files selected for processing (3)
  • crates/aisix-admin/src/openapi.rs
  • crates/aisix-core/src/models/apikey.rs
  • schemas/resources/api_key.schema.json

Comment thread crates/aisix-admin/src/openapi.rs Outdated
@kayx23 kayx23 merged commit fd80c72 into main Jun 30, 2026
12 checks passed
@kayx23 kayx23 deleted the docs/fix-mcp-openapi-review branch June 30, 2026 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant