fix(docs): exclude /internal/* routes from generated API reference

Co-Authored-By: aman <aman@stack-auth.com>
2026-06-04 21:04:37 +08:00 · 2026-06-03 17:04:00 +00:00 · 2026-06-03 17:04:00 +00:00 · c7b356a9b1
commit c7b356a9b1
parent 10c48773b3
4 changed files with 9 additions and 5596 deletions
--- a/apps/backend/src/lib/openapi.tsx
+++ b/apps/backend/src/lib/openapi.tsx
@ -8,6 +8,10 @@ import { typedEntries, typedFromEntries } from '@hexclave/shared/dist/utils/obje
 import { deindent, stringCompare } from '@hexclave/shared/dist/utils/strings';
 import * as yup from 'yup';

+function isInternalApiPath(path: string) {
+  return path === '/internal' || path.startsWith('/internal/');
+}
+
 export function parseOpenAPI(options: {
  endpoints: Map<string, Map<HttpMethod, SmartRouteHandler>>,
  audience: 'client' | 'server' | 'admin',
@ -25,6 +29,11 @@ export function parseOpenAPI(options: {
    }],
    paths: Object.fromEntries(
      [...options.endpoints]
+        // `/internal/*` routes are scoped to the internal Hexclave project (project.id === "internal")
+        // and are not part of the public API. Many of them use a permissive auth.type (e.g. adaptSchema),
+        // so the per-audience heuristic below does not exclude them; filter them out explicitly here so
+        // they never leak into the public API reference, regardless of their individual route metadata.
+        .filter(([path]) => !isInternalApiPath(path))
        .map(([path, handlersByMethod]) => (
          [path, Object.fromEntries(
            [...handlersByMethod]
--- a/docs-mintlify/openapi/admin.json
+++ b/docs-mintlify/openapi/admin.json
--- a/docs-mintlify/openapi/client.json
+++ b/docs-mintlify/openapi/client.json
--- a/docs-mintlify/openapi/server.json
+++ b/docs-mintlify/openapi/server.json