Nest x-medkit vendor fields on SOVD endpoint payloads#390
Merged
Conversation
Per #385, vendor extensions on SOVD-standard endpoint payloads should be nested under a single `x-medkit` object instead of flat top-level keys. This was already the convention for most endpoints (faults, data, ops, bulk-data, ...) but two sites still emitted flat keys: - GET /updates/{id}/status emitted `x-medkit-phase` at the top level - GET /apps|components/{id}/configurations emitted `x-medkit-source` on each item and `x-medkit-source`/`x-medkit-node` on each parameter Both now emit a nested `x-medkit` object. The OpenAPI schemas for UpdateStatus and ConfigurationMetaData declare the nested object explicitly so generated clients (ros2_medkit_clients) get accurate typing. Adds an integration test (test_openapi_response_drift) that validates runtime GET responses against the OpenAPI response schema served at /api/v1/docs. The original drift slipped past every typed client because the schema never declared `x-medkit-phase` even though the handler emitted it; this test catches that class of regression at runtime. The compile-time contract (template-based emitter-to-schema link) lands later under #338.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR standardizes remaining SOVD-standard payloads to use nested x-medkit: { ... } vendor extensions (instead of flat x-medkit-* keys) and strengthens spec/implementation consistency by adding an integration drift test that validates live GET responses against the runtime OpenAPI 3.1 schema served at /docs.
Changes:
- Migrate update status payload vendor extension from
x-medkit-phasetox-medkit.phaseand update schema/docs/tests accordingly. - Migrate configurations payload vendor extension fields to nested
x-medkitobjects (per-item and per-parameter metadata). - Add
test_openapi_response_driftintegration test and thepython3-jsonschematest dependency.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/ros2_medkit_integration_tests/test/features/test_openapi_response_drift.test.py | New integration test validating live GET JSON responses against /docs OpenAPI response schemas. |
| src/ros2_medkit_integration_tests/package.xml | Adds python3-jsonschema as a test dependency for the drift validator. |
| src/ros2_medkit_gateway/test/test_update_manager.cpp | Updates unit tests to assert nested x-medkit.phase. |
| src/ros2_medkit_gateway/src/updates/update_manager.cpp | Comment updates to reflect nested vendor extension naming. |
| src/ros2_medkit_gateway/src/openapi/schema_builder.cpp | Updates OpenAPI schemas to declare nested x-medkit for UpdateStatus + ConfigurationMetaData. |
| src/ros2_medkit_gateway/src/http/handlers/config_handlers.cpp | Emits nested x-medkit metadata instead of flat x-medkit-source/x-medkit-node. |
| src/ros2_medkit_gateway/include/ros2_medkit_gateway/updates/update_types.hpp | Switches UpdateStatus JSON serialization to nested x-medkit.phase. |
| docs/api/rest.rst | Updates REST docs examples/prose for nested x-medkit.phase. |
GET /apps/{id}/is-located-on returns a single-element collection
({items, x-medkit, _links}) per the handler in discovery_handlers.cpp,
but the spec was advertising it as EntityDetail (single object with
required id/name). Aligns the spec to the actual response shape so the
new drift test passes and generated clients get the right type.
ProcInfoHandler iteration yields ProcessExited events, not name keys - indexing back into proc_info[proc] raised KeyError on every shutdown. Mirrors the pattern used in test_openapi_callability.
Ubuntu 22.04 ships python3-jsonschema 3.2 which lacks Draft202012Validator (added in 4.0). The validation surface we use (required, type, properties) behaves identically across drafts, so falling back to Draft7 keeps the drift test working on Humble while preferring Draft202012 on Jazzy/Rolling for OpenAPI 3.1 alignment.
Cold-cache ASan builds take ~33 min on the GitHub-hosted runner, which left ~12 min for the integration test pass. PR branches that miss the ccache restore-keys lookup were getting cancelled at the last scenario test before the actions/cache post step could persist the build, so each subsequent run hit the same cold cache. 60 min provides clear headroom to complete + save cache once, after which warm-cache runs will return to the typical ~22 min.
SOVD does not require vendor extensions, and the existing codebase convention (fault_detail_schema, entity_detail_schema) leaves x-medkit out of the required list even when the gateway always emits it. Marking it required in update_status_schema would imply a SOVD-incompatible contract while only the gateway implementation actually depends on it. The explicit handler guard (test_update_status_payload_uses_nested_x_medkit) keeps regression risk covered.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR standardizes remaining flat x-medkit-* vendor keys on SOVD-standard payloads into the existing nested "x-medkit": {...} convention, updates the runtime OpenAPI schemas accordingly, and adds an integration test intended to detect handler-vs-schema response drift.
Changes:
- Migrate update status vendor field from flat
x-medkit-phaseto nestedx-medkit.phase(code, schema, docs, and tests). - Migrate configurations vendor fields to nested
x-medkitobjects (items and per-parameter entries) and updateConfigurationMetaDataschema. - Add
test_openapi_response_driftand addpython3-jsonschemaas an integration-test dependency.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
src/ros2_medkit_integration_tests/test/features/test_openapi_response_drift.test.py |
New integration test that fetches /docs, calls GET endpoints, and validates 200 JSON bodies against response schemas. |
src/ros2_medkit_integration_tests/package.xml |
Adds python3-jsonschema test dependency for the drift validator. |
src/ros2_medkit_gateway/test/test_update_manager.cpp |
Updates assertions for nested x-medkit.phase in update-status JSON. |
src/ros2_medkit_gateway/src/updates/update_manager.cpp |
Updates comments to reflect nested x-medkit.phase convention. |
src/ros2_medkit_gateway/src/openapi/schema_builder.cpp |
Updates UpdateStatus and ConfigurationMetaData schemas to declare nested x-medkit objects. |
src/ros2_medkit_gateway/src/http/rest_server.cpp |
Fixes spec response typing for GET /apps/{id}/is-located-on to match actual list payload shape. |
src/ros2_medkit_gateway/src/http/handlers/config_handlers.cpp |
Emits nested x-medkit objects for aggregated configuration metadata and per-parameter provenance. |
src/ros2_medkit_gateway/include/ros2_medkit_gateway/updates/update_types.hpp |
Changes update status JSON serialization to emit nested x-medkit.phase. |
docs/api/rest.rst |
Updates REST docs examples and prose to use nested x-medkit.phase. |
.github/workflows/quality.yml |
Increases CI job timeout to accommodate cold-cache ASan builds. |
Four review points addressed:
- test_update_manager.cpp: switch j["x-medkit"]["phase"] reads to
contains() + at(). nlohmann's operator[] on a non-const json inserts
missing keys, which can mask a regression where update_status_to_json
stops emitting the vendor extension.
- test_openapi_response_drift: REQUIRED_APPS = {temp_sensor, calibration}
forces deterministic discovery before setUpClass proceeds, instead of
relying on MIN_EXPECTED_APPS=1 catching an arbitrary first node.
- _inline_refs: raise _RefResolutionError on unresolved or cyclic $refs
rather than returning {} (which validates anything and hides drift).
Caught in the validation loop so multiple spec issues surface in one
run.
- Module docstring: spell out what the validator catches (required,
type, enum, nested shape) and what it does not (extra undeclared
fields, since most schemas don't set additionalProperties: false).
Closing the additionalProperties gap belongs in the issue #338 rework.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR standardizes remaining SOVD endpoint vendor extensions to the nested "x-medkit": {...} convention (instead of flat x-medkit-* keys), updates the OpenAPI schemas accordingly, and adds an integration test to detect schema/handler response drift.
Changes:
- Migrate update status vendor field from
x-medkit-phaseto nestedx-medkit.phase(payload + schema + tests + docs). - Migrate configurations vendor fields to nested
x-medkit(sourceon list items;source/nodeon per-parameter entries in the vendor extension payload). - Add an integration drift test that validates live GET responses against the runtime
/docsJSON Schemas; extend CI timeout to accommodate slower cold-cache ASan runs.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
src/ros2_medkit_integration_tests/test/features/test_openapi_response_drift.test.py |
New integration test that walks GET endpoints from /docs and validates 200 JSON responses against declared schemas; includes a targeted guard for nested x-medkit.phase on update status. |
src/ros2_medkit_integration_tests/package.xml |
Adds python3-jsonschema as a test dependency to support the drift validator. |
src/ros2_medkit_gateway/test/test_update_manager.cpp |
Updates unit tests to assert nested x-medkit.phase using contains()/at() (non-mutating access). |
src/ros2_medkit_gateway/src/updates/update_manager.cpp |
Updates comments to reflect the new nested vendor extension naming. |
src/ros2_medkit_gateway/src/openapi/schema_builder.cpp |
Updates schemas for UpdateStatus and ConfigurationMetaData to declare nested x-medkit vendor extensions. |
src/ros2_medkit_gateway/src/http/rest_server.cpp |
Fixes the documented OpenAPI response type for GET /apps/{id}/is-located-on to EntityList (matches actual handler behavior). |
src/ros2_medkit_gateway/src/http/handlers/config_handlers.cpp |
Migrates configuration vendor keys from flat x-medkit-* to nested x-medkit objects. |
src/ros2_medkit_gateway/include/ros2_medkit_gateway/updates/update_types.hpp |
Changes update_status_to_json() to emit nested x-medkit.phase instead of flat x-medkit-phase. |
docs/api/rest.rst |
Updates update status example payload and vendor extension prose to the nested x-medkit.phase format. |
.github/workflows/quality.yml |
Increases CI timeout from 45 to 60 minutes to avoid cancellations on cold-cache ASan runs. |
Comments suppressed due to low confidence (1)
docs/api/rest.rst:1190
- The docs claim
GET /updates/{id}/statusincludes anerrorobject whenstatusisfailed, but the gateway currently serializeserroras a string (seeupdate_status_to_json()and the OpenAPIUpdateStatusschema). Please update the example/wording here to match the actual wire format so clients don’t implement the wrong type.
When ``status`` is ``failed``, an ``error`` object is included:
.. code-block:: json
{
"status": "failed",
"error": {
"error_code": "internal-error",
"message": "Download failed: connection timeout"
}
}
Mirror of test_update_status_payload_uses_nested_x_medkit for the configurations endpoint. The drift test cannot catch reintroduction of the legacy flat x-medkit-source / x-medkit-node keys because the ConfigurationMetaData schema is not closed (no additionalProperties: false), so an explicit positive assertion locks in the new shape. The test exercises temp_sensor's four declared ROS 2 parameters, which covers the per-parameter emit path migrated by this PR.
fire_graph_callbacks() snapshotted GraphCallback copies and posted them to the worker queue; the captured `this` from Ros2TopicDataProvider could be invoked after the consumer's destructor freed members because remove_graph_change() only cleared the slot for future snapshots. Track per-slot in_flight counters: bump under graph_mtx_ when snapshotting, drop them after the wrapper invokes each callback (or roll back if post() rejects the wrapper during shutdown / queue full). remove_graph_change() now waits on a condvar until in_flight[token] reaches zero, so callers can safely tear down captured state. Adds a regression test that verifies the synchronous drain semantic. Surfaced by sanitizer-asan as a heap-use-after-free in DataAccessManagerWithPublisherTest::TearDown -> ~Ros2TopicDataProvider -> on_graph_change running on the executor worker.
mfaferek93
reviewed
Apr 28, 2026
…rift test
- configuration_metadata_schema(): declare ``x-medkit.node`` alongside
``source``. config_handlers.cpp emits both on every per-parameter entry
in aggregated configurations; clients generated from the spec dropped
``node`` because it was undeclared. Add a static schema test that fails
if either property goes missing - the integration drift test cannot
catch this because configuration_metadata_schema leaves
additionalProperties open by convention.
- update_status_schema(): rewrite the comment around the inner
``required: {phase}`` to spell out that ``phase`` is required only when
x-medkit is present, not unconditionally.
- test_openapi_response_drift: replace the silent ``test_entity``
fallback in _substitute_path_params with an explicit
_MissingEntityType exception. The loop now skips paths whose entity
type was not discovered and reports them in test output, instead of
hitting 404s the loop dropped without validating. Added unit tests
for the helper.
- test_openapi_response_drift: poll /docs until at least
MIN_EXPECTED_PATHS paths are present, so a slow plugin registration
cannot let the test read a partial spec and silently miss endpoints
registered after the snapshot.
- test_openapi_response_drift: clarify class docstring on GET-only
scope; POST/PUT/DELETE coverage stays out of scope.
- ros2_subscription_executor: strengthen on_graph_change() warning to
describe the exact deadlock surface and the symptom (hung worker, no
log line). Runtime detection would need thread_local TLS, which is
banned in code linked into the gateway plugin MODULE.
…aggregate)
Rolling's gcc 14 / libstdc++ enforces the C++20 wording of [dcl.init.aggr]
that disqualifies a class as an aggregate when it has any user-declared
constructors - including ``= delete`` ones (rule tightened from C++17's
"user-provided" to C++20's "user-declared"). Even with
CMAKE_CXX_STANDARD=17 set, the libstdc++ headers/checks behave as C++20
on rolling, breaking ``LockedSubscriptionGuard{&mtx, sub, cg}`` because
the only candidates are the deleted copy/move constructors.
Add an explicit 3-arg constructor so brace-init resolves to direct-init
regardless of aggregate semantics across distros (Jazzy/Humble C++17 and
Rolling effective-C++20). Reproduces locally with ``g++ -std=c++20``.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates the two remaining SOVD-standard endpoint payloads that emit flat
x-medkit-*top-level vendor keys to the nestedx-medkit: {...}convention that every other endpoint already follows.
GET /updates/{id}/status->x-medkit.phase(was flatx-medkit-phase)GET /apps|components/{id}/configurations-> nestedx-medkit.sourceon items,
x-medkit.{source,node}on per-parameter entries (was flatx-medkit-source/x-medkit-node)The OpenAPI schemas for
UpdateStatusandConfigurationMetaDatanowdeclare the nested object so generated clients pick up accurate typing.
Adds
test_openapi_response_drift- a runtime drift validator thatwalks every GET endpoint declared in
GET /docs, fetches a realresponse, and validates it against the declared response schema. The
original
x-medkit-phasedivergence slipped past every typed clientbecause the schema never declared the field; this test catches that
class of regression. The compile-time
emitter -> schemacontract isdeferred to #338.
Issue
Type
Breaking on the wire format of two endpoints. Cross-repo grep showed
zero current consumers reading the legacy flat keys (web UI, MCP,
foxglove, demos, generated clients, commercial).
Testing
colcon build --packages-up-to ros2_medkit_gateway ros2_medkit_integration_tests(Jazzy, Release)colcon test --packages-select ros2_medkit_gateway --ctest-args -L linter-> greenctest -R test_update_manager-> 24/24 passing (UpdateStatusToJson + UpdateManagerFailureTest assertions updated)GET /api/v1/docsreturnsUpdateStatus.properties.x-medkitschema withphaseenumtest_openapi_response_drift) runs in CI - requirespython3-jsonschema(added toros2_medkit_integration_tests/package.xml)Checklist
docs/api/rest.rstexample payload + vendor extension prose)