Skip to content

feat(converter): enrich OpenAPI output from Spring annotation slices#70

Merged
abdul-levo merged 2 commits into
AppThreat:mainfrom
abdul-levo:feat/spring-annotation-openapi-enrichment
May 11, 2026
Merged

feat(converter): enrich OpenAPI output from Spring annotation slices#70
abdul-levo merged 2 commits into
AppThreat:mainfrom
abdul-levo:feat/spring-annotation-openapi-enrichment

Conversation

@abdul-levo
Copy link
Copy Markdown
Collaborator

@abdul-levo abdul-levo commented Mar 11, 2026

Summary

Re-implementation of Spring annotation-driven OpenAPI enrichment,
replacing the previously reverted PRs #67/#68 with a cleaner approach.

What changed

  • _enrich_from_param_annotation() — first-pass scan of objectSlices
    for PARAM+ANNOTATION usage pairs. Extracts @RequestBody,
    @PathVariable, @RequestParam, @RequestHeader into proper OpenAPI
    requestBody and parameters objects.

  • _backfill_from_annotation_slices() — second-pass for Spring methods
    where atom omits the HTTP-method annotation from the slice. Correlates
    via x-atom-usages call line number.

  • _build_schema_from_type() — builds an OpenAPI schema from a
    userDefinedTypes entry, with one-level nested object expansion.

  • _java_type_to_schema() — maps 25+ fully-qualified Java types
    (primitives, collections, java.time.*, UUID, BigDecimal, etc.)
    to OpenAPI schema dicts.

  • merge_params() enrichment — existing entries are now enriched with
    missing fields from incoming entries (not just skipped).

  • Path parameter schema — auto-detected {param} path variables now
    include schema: {type: string}.

@prabhu
Copy link
Copy Markdown
Collaborator

prabhu commented Mar 11, 2026

Should we merge AppThreat/atom#243 before this PR? Also will atom-tools continue to work with slices without the annotations?

@abdul-levo
Copy link
Copy Markdown
Collaborator Author

abdul-levo commented Mar 11, 2026
edited
Loading

Should we merge AppThreat/atom#243 before this PR? Also will atom-tools continue to work with slices without the annotations?

Yes @prabhu it's dependent PR , donot merge it now I am making some refinements I'll let you know once I am done
and yes Yes, it will continue to work without the annotations for Python, JS/TS, Ruby, Scala but for Java/Spring HTTP method (GET/POST/etc.), path params, request body, and class-level URL prefixes all come from annotations. Without them, the core regex path on method signatures produces little for typical Spring methods

@prabhu prabhu marked this pull request as draft March 11, 2026 20:56
@aleembhd
feat(java): infer @RequestBody schema from getters; use DTO name as r…
fc490f8 
…esponse key

- Add _properties_from_getters() to build request body schema from
  argToCalls getter methods when the DTO is absent from userDefinedTypes
- Add _extract_response_dto_key() to derive the response object key from
  the actual response DTO class name instead of hard-coding 'description'
- Add _is_custom_dto() to distinguish application DTOs from stdlib types
- Add ±1 line tolerance in _infer_java_response_codes() to handle atom
  recording slices at the annotation line vs the method signature line
- Fix OpenAPI title format: '{name} OpenAPI Specification'
@abdul-levo
Copy link
Copy Markdown
Collaborator Author

abdul-levo commented Mar 11, 2026

Should we merge AppThreat/atom#243 before this PR? Also will atom-tools continue to work with slices without the annotations?

Yes @prabhu it's dependent PR , donot merge it now I am making some refinements I'll let you know once I am done and yes Yes, it will continue to work without the annotations for Python, JS/TS, Ruby, Scala but for Java/Spring HTTP method (GET/POST/etc.), path params, request body, and class-level URL prefixes all come from annotations. Without them, the core regex path on method signatures produces little for typical Spring methods

@prabhu refinements are done . Please review i think we are good to go .

@abdul-levo abdul-levo force-pushed the feat/spring-annotation-openapi-enrichment branch from a24d4d6 to fc490f8 Compare March 13, 2026 06:26
@abdul-levo
Copy link
Copy Markdown
Collaborator Author

abdul-levo commented Mar 13, 2026
edited
Loading

Hi @prabhu #72 is the latest PR containing all refinements and changes and its a dependent PR of AppThreat/atom#243 and AppThreat/atom#244 please review #72 . I’m closing PR #71 and #70 since they are no longer up to date.

@prabhu prabhu marked this pull request as ready for review March 17, 2026 21:19
@abdul-levo abdul-levo merged commit a3b926d into AppThreat:main May 11, 2026
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sohitgore sohitgore sohitgore approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@abdul-levo @prabhu @sohitgore @aleembhd