feat: validate OpenAPI spec using Skooma (#13623)

Adds Skooma-based OpenAPI validation so SDK-facing request specs can assert that documented request and response contracts match real Rails behavior. This also upgrades the spec to OpenAPI 3.1 and fixes contract drift uncovered while validating core application and platform resources. Closes None Why We want CI to catch OpenAPI drift before it reaches SDK consumers. While wiring validation in, this PR surfaced several mismatches between the documented contract and what the Rails endpoints actually accept or return. What this change does - Adds Skooma-backed OpenAPI validation to the request spec flow and a dedicated OpenAPI validation spec. - Migrates nullable schema definitions to OpenAPI 3.1-compatible unions. - Updates core SDK-facing schemas and payloads across accounts, contacts, conversations, inboxes, messages, teams, reporting events, and platform account resources. - Documents concrete runtime cases that were previously missing or inaccurate, including nested `profile` update payloads, multipart avatar uploads, required profile update bodies, nullable inbox feature flags, and message sender types that include both `Captain::Assistant` and senderless activity-style messages. - Regenerates the committed Swagger JSON and tag-group artifacts used by CI sync checks. Validation - `bundle exec rake swagger:build` - `bundle exec rspec spec/swagger/openapi_spec.rb` --------- Co-authored-by: Sojan Jose <sojan@pepalo.com>
2026-03-11 07:03:55 +05:30
parent dc0e5eb465
commit 9a9398b386
54 changed files with 3216 additions and 1192 deletions
--- a/swagger/paths/application/conversation/messages/index.yml
+++ b/swagger/paths/application/conversation/messages/index.yml
@@ -38,10 +38,14 @@ responses:
                assignee:
                  $ref: '#/components/schemas/agent'
                agent_last_seen_at:
-                  type: string
+                  type:
+                    - string
+                    - 'null'
                  format: date-time
                assignee_last_seen_at:
-                  type: string
+                  type:
+                    - string
+                    - 'null'
                  format: date-time
            payload:
              type: array
--- a/swagger/paths/application/conversation/update.yml
+++ b/swagger/paths/application/conversation/update.yml
@@ -25,6 +25,10 @@ requestBody:
 responses:
  '200':
    description: Success
+    content:
+      application/json:
+        schema:
+          $ref: '#/components/schemas/conversation'
  '401':
    description: Unauthorized
    content:
--- a/swagger/paths/application/inboxes/index.yml
+++ b/swagger/paths/application/inboxes/index.yml
@@ -33,3 +33,38 @@ get:
        application/json:
          schema:
            $ref: '#/components/schemas/bad_request_error'
+post:
+  tags:
+    - Inboxes
+  operationId: inboxCreation
+  summary: Create an inbox
+  description: You can create more than one website inbox in each account
+  security:
+    - userApiKey: []
+  parameters:
+    - $ref: '#/components/parameters/account_id'
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          $ref: '#/components/schemas/inbox_create_payload'
+  responses:
+    '200':
+      description: Success
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/inbox'
+    '404':
+      description: Inbox not found
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/bad_request_error'
+    '403':
+      description: Access denied
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/bad_request_error'
--- a/swagger/paths/application/inboxes/update.yml
+++ b/swagger/paths/application/inboxes/update.yml
@@ -1,3 +1,38 @@
+get:
+  tags:
+    - Inboxes
+  operationId: GetInbox
+  summary: Get an inbox
+  security:
+    - userApiKey: []
+  description: Get an inbox available in the current account
+  parameters:
+    - $ref: '#/components/parameters/account_id'
+    - name: id
+      in: path
+      schema:
+        type: number
+      description: ID of the inbox
+      required: true
+  responses:
+    '200':
+      description: Success
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/inbox'
+    '404':
+      description: Inbox not found
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/bad_request_error'
+    '403':
+      description: Access denied
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/bad_request_error'
 patch:
  tags:
    - Inboxes
@@ -26,8 +61,6 @@ patch:
      content:
        application/json:
          schema:
-            type: object
-            description: 'Updated inbox object'
            $ref: '#/components/schemas/inbox'
    '404':
      description: Inbox not found