Go:
- codegen: pass trimmed specPath to buildArgs instead of raw g.SpecPath
- cmd/sdk: use local resolvedSpecFile to avoid mutating flag variable per-invocation
- export: write to temp file + atomic rename to prevent destination truncation on failure
- openapi: gate effectiveGraphQLPath/SwaggerPath/WSPath/SSEPath on enable flags; use effectiveSwaggerPath in effectiveAuthentikPublicPaths
- cache: reject oversized replacement before mutating LRU state for existing keys
- ratelimit: move setRateLimitHeaders before c.Next() so headers are sent; hash credential headers with SHA-256 to avoid storing raw secrets; prefer validated principal from context
- response_meta: track size separately from body buffer so Size() is accurate after body rewrites and in passthrough mode
- bridge: limit request body reads with http.MaxBytesReader (10 MiB); allow missing data key in ValidateResponse for nil/zero success responses; update recorder status in writeErrorResponse
- pkg/provider/proxy: validate target scheme and host after url.Parse to catch hostless inputs
- cmd_test: snapshot/restore global spec registry in TestAPISpecCmd_Good_RegisteredSpecGroups
PHP:
- HasApiResponses.php, config.php: add declare(strict_types=1)
- RateLimitExceededException: validate Origin against cors.allowed_origins before reflecting in CORS header
- ApiUsageService: import and use Core\Api\Models\ApiKey instead of fully-qualified Mod\ path
- SeoReportService: add SSRF protection (scheme check, private-IP rejection); add .throw() for HTTP error handling; disable automatic redirects
Co-Authored-By: Virgil <virgil@lethean.io>
Preserve the Swagger UI mount path in generated OpenAPI output and expose it through the spec and sdk CLI builders.\n\nCo-Authored-By: Virgil <virgil@lethean.io>
Wire "--sse-path" through the spec and SDK generators so standalone OpenAPI output can document the SSE endpoint alongside GraphQL.
Co-Authored-By: Virgil <virgil@lethean.io>
Change module path from forge.lthn.ai/core/api to dappco.re/go/core/api.
Update all Go imports accordingly:
- forge.lthn.ai/core/api -> dappco.re/go/core/api
- forge.lthn.ai/core/go-io -> dappco.re/go/core/io
- forge.lthn.ai/core/go-log -> dappco.re/go/core/log
forge.lthn.ai/core/cli left as-is (not yet migrated).
Local replace directives added for dappco.re paths until vanity
URL server is configured.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all fmt.Errorf/errors.New in production code with coreerr.E() from
go-log. Replace os.MkdirAll with coreio.Local.EnsureDir and os.Remove with
coreio.Local.Delete. Promote go-io and go-log to direct dependencies in go.mod.
Co-Authored-By: Virgil <virgil@lethean.io>
