From cf6585f057eb0baf2464c8fbbf61a80f431fad63 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 28 Jun 2026 11:36:52 +0000 Subject: [PATCH] fix(asm): add missing 429 responses and document rate-limit headers The spec description stated that X-RateLimit-Limit and X-RateLimit-Remaining are returned on every response, but neither header was modelled anywhere and only 2 of 13 endpoints declared a 429. This adds a reusable components/headers block for those two headers, wires them into the RateLimited response component, and adds the 429 ref to the 11 endpoints that were missing it so SDK generators and the Redoc UI surface rate-limit behaviour consistently across all operations. Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_016vt7EkXkUc1W7w79ox4oHE --- asm/openapi.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/asm/openapi.yaml b/asm/openapi.yaml index af46c80..c4e9ec9 100644 --- a/asm/openapi.yaml +++ b/asm/openapi.yaml @@ -121,6 +121,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' patch: operationId: updateAsset summary: Update asset @@ -145,6 +147,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' delete: operationId: deleteAsset summary: Archive asset @@ -159,6 +163,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /scans: get: @@ -189,6 +195,8 @@ paths: $ref: '#/components/schemas/Scan' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' post: operationId: triggerScan summary: Trigger scan @@ -241,6 +249,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /vulnerabilities: get: @@ -292,6 +302,8 @@ paths: $ref: '#/components/schemas/Vulnerability' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' /vulnerabilities/{vuln_id}: parameters: @@ -318,6 +330,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' patch: operationId: updateVulnerability summary: Update vulnerability @@ -342,6 +356,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /tags: get: @@ -363,6 +379,8 @@ paths: $ref: '#/components/schemas/Tag' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' post: operationId: createTag summary: Create tag @@ -394,6 +412,8 @@ paths: $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' components: securitySchemes: @@ -429,6 +449,18 @@ components: pattern: '^ast_[a-z0-9]{16}$' example: ast_1a2b3c4d5e6f0001 + headers: + X-RateLimit-Limit: + description: Maximum number of requests allowed per minute for this API key + schema: + type: integer + example: 600 + X-RateLimit-Remaining: + description: Number of requests remaining in the current one-minute window + schema: + type: integer + example: 542 + responses: Unauthorized: description: Missing or invalid API key @@ -463,6 +495,10 @@ components: schema: type: integer description: Seconds until the rate limit window resets + X-RateLimit-Limit: + $ref: '#/components/headers/X-RateLimit-Limit' + X-RateLimit-Remaining: + $ref: '#/components/headers/X-RateLimit-Remaining' content: application/json: schema: