HYPERFLEET-1143 - chore: Remove kind from list schemas

[tirthct]

Summary

• Update core spec dependency to latest main and regenerate schemas
• kind property removed from all list response schemas (ChannelList, ClusterList, NodePoolList, VersionList, WifConfigList) — inherited from core spec HYPERFLEET-1143
• Error responses updated to RFC 9457 ProblemDetails format — inherited from core spec HYPERFLEET-993
• Version bump to 1.0.23

Context

The template's npm dependency on the core spec (hyperfleet-api-spec#main) was stale — pinned to commit 78199f6 (HYPERFLEET-1103 repo split). This refresh picks up 4 core releases:

Core version	Ticket	Shared model changes
v1.0.18	HYPERFLEET-1103	Restructured into core/ and shared/ directories
v1.0.19	—	No shared model changes
v1.0.20	HYPERFLEET-993	Error models renamed to RFC 9457 ProblemDetails, pagination constraints
v1.0.21	HYPERFLEET-1143	kind removed from list response schemas

Changes

• main.tsp — version bump to 1.0.23
• CHANGELOG.md — added 1.0.23 entry (Removed + Changed)
• .spectral.yaml — added ForbiddenResponse unused component override
• package-lock.json — refreshed core spec dependency
• schemas/template/openapi.yaml — regenerated
• schemas/template/swagger.yaml — regenerated

Test plan

• TypeSpec compiles without errors
• spectral lint passes
• kind absent from all list schemas
• kind still present on individual resource schemas

BREAKING CHANGE: kind removed from required fields in ChannelList, ClusterList,
NodePoolList, VersionList, WifConfigList. Error schema renamed from Error to
ProblemDetails with status-specific schemas (BadRequestDetails, ConflictDetails,
NotFoundDetails, UnauthorizedDetails). Consumers must regenerate clients from
the updated spec.

[coderabbitai]

📝 Walkthrough

Walkthrough

The API spec version advances from 1.0.22 to 1.0.23. The generic Error schema is removed and replaced by an RFC 9457-style ProblemDetails base schema plus status-specific allOf compositions (BadRequestDetails, NotFoundDetails, ConflictDetails, UnauthorizedDetails, ForbiddenDetails, ForbiddenResponse). Every channel, version, cluster, nodepool, and WIF config endpoint in both openapi.yaml and swagger.yaml is updated to map HTTP error status codes to these schemas under application/problem+json. List response schemas (ChannelList, ClusterList, NodePoolList, VersionList, WifConfigList) drop kind from their required arrays. Query parameters page and pageSize gain minimum: 1. .spectral.yaml adds a lint override for ForbiddenResponse.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~28 minutes

The schema hierarchy is compact; the bulk is repetitive error mapping across two parallel specs. CWE-20 (Improper Input Validation): verify all ProblemDetails compositions include mandatory fields and that status-specific schemas align with their HTTP codes. CWE-284 (Improper Access Control): inspect completeness of 401 (UnauthorizedDetails) and 403 (ForbiddenResponse) wiring on cluster and nodepool endpoints (protected resources). Breaking change: kind removal from list response required arrays—confirm no downstream API consumers depend on this field's presence in pagination contracts.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title refers to 'kind' removal from list schemas, which is documented in the PR objectives and changelog as the primary user-facing change from the core spec refresh.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	Repository contains zero Go files; SEC-02 requires Go logging statements (slog, log, logr, zap, fmt.Print*). PR modifies TypeSpec, YAML schemas, and documentation only.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets, API keys, tokens, passwords, private keys, or embedded credentials detected. All examples use legitimate placeholders (example.com, user-123, etc.). BearerAuth defined as prop...
No Weak Cryptography	✅ Passed	PR contains only TypeSpec schema definitions and generated OpenAPI specifications. No cryptographic primitives, implementations, or weak crypto patterns present in codebase.
No Injection Vectors	✅ Passed	No injection vectors found. PR contains schema regeneration (YAML/JSON), version bumps, and CI/CD workflows. No SQL concatenation, exec.Command with user input, unsafe HTML/template, or unsafe YAML...
No Privileged Containers	✅ Passed	PR contains only TypeSpec/OpenAPI specification and configuration files with no Kubernetes manifests, Helm templates, or Dockerfiles. Check is not applicable to this repository.
No Pii Or Sensitive Data In Logs	✅ Passed	No logging statements exist in any application code. Repository contains only TypeSpec API specs, config files, and documentation. Example emails in generated schemas are fake values (user-123@exam...
Description check	✅ Passed	The PR description clearly relates to the changeset: version bump to 1.0.23, kind removal from list schemas, error response updates to RFC 9457 ProblemDetails, and core spec dependency refresh.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@schemas/template/openapi.yaml`:
- Around line 1969-1989: The Spectral lint flags ForbiddenDetails and
ForbiddenResponse as unused; update the upstream TypeSpec definitions so these
schemas are actually referenced by 403 responses or remove them from the core
models and regenerate the OpenAPI: either wire
ForbiddenDetails/ForbiddenResponse into the appropriate service operation
responses in the .tsp files (attach ForbiddenResponse as the 403 response for
relevant operations) or delete the corresponding model declarations in the
TypeSpec sources and run the generator to produce a spec without these unused
components, then re-run CI.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 263b9b9e-cbea-4bd4-bb59-4c6a8a782968

📥 Commits

Reviewing files that changed from the base of the PR and between ceadd4e and fc3cba3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• CHANGELOG.md
• main.tsp
• schemas/template/openapi.yaml
• schemas/template/swagger.yaml

[rafabene]

Warning

Blocking

Category: Bug

This entry lists AdapterStatusList and ResourceList, but neither schema exists in the template spec — they belong to the core hyperfleet-api. The actual list schemas that had kind removed in the generated YAML are ChannelList, ClusterList, NodePoolList, and WIFConfigList.

Suggested change

	- `kind` property from `ClusterList`, `NodePoolList`, `AdapterStatusList`, and `ResourceList` list response schemas — inherited from core spec update (HYPERFLEET-1143)
	- `kind` property from `ChannelList`, `ClusterList`, `NodePoolList`, and `WIFConfigList` list response schemas — inherited from core spec update (HYPERFLEET-1143)

[tirthct]

Ack, fixed.

[rafabene]

Tip

nit — non-blocking suggestion

Category: Pattern

This release also picks up the error model rewrite from core spec v1.0.20 (HYPERFLEET-993), which is a breaking change for consumers doing code generation: Error → ProblemDetails, new status-specific schemas (BadRequestDetails, ConflictDetails, etc.), and minimum: 1 on pagination params. Consider documenting these under a ### Changed subsection so upgraders know what to expect. For example:

### Changed

- Error responses now use RFC 9457 `ProblemDetails` format with status-specific schemas (`BadRequestDetails`, `ConflictDetails`, `NotFoundDetails`, `UnauthorizedDetails`) — inherited from core spec update (HYPERFLEET-993)
- Pagination query parameters (`page`, `pageSize`) now enforce `minimum: 1`

[tirthct]

Added to changelog

[rafabene]

Tip

nit — non-blocking suggestion

Category: Standards

This release removes kind from list schema required fields and rewrites the error model (Error → ProblemDetails), both breaking changes for consumers doing code generation. Per the commit standard, the squash merge commit should include a BREAKING CHANGE: footer. Consider adding this to the PR body so it lands in the squash commit:

BREAKING CHANGE: `kind` removed from required fields in ChannelList, ClusterList,
NodePoolList, VersionList, WifConfigList. Error schema renamed from `Error` to
`ProblemDetails` with status-specific schemas (BadRequestDetails, ConflictDetails,
NotFoundDetails, UnauthorizedDetails). Consumers must regenerate clients from
the updated spec.

[tirthct]

Added a footer in the PR body

[rafabene]

Tip

nit — non-blocking suggestion

Category: Standards

The HyperFleet error model standard marks detail as Required=Yes, but this generated schema only requires type, title, status. The fix is upstream in the core spec's TypeSpec definitions — either add detail to the required list in the TypeSpec model, or update the standard to match RFC 9457's treatment of detail as optional.

# Current
required:
  - type
  - title
  - status

# Expected per HyperFleet standard
required:
  - type
  - title
  - status
  - detail

[tirthct]

Created https://redhat.atlassian.net/browse/HYPERFLEET-1231 to track this change in the TypeSpec definition

[rafabene]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [rafabene]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment