Adds `Dexcord.Api.Coverage`, a testable core that diffs the compiled endpoint route table against a pinned snapshot of Discord's official OpenAPI spec (`priv/discord_openapi.json`). The spec is a coverage CHECKLIST, not codegen input: it is refreshed only by the deliberate `mix dexcord.coverage.refresh`, so upstream churn never breaks CI spontaneously. - `mix dexcord.coverage` compiles then exits non-zero on any in-scope endpoint missing from the declared surface (AC1.8/AC1.9). - `mix dexcord.coverage.refresh` pins the spec via :httpc + castore, adding inets/ssl to the code path since Mix prunes them. - `priv/coverage_allowlist.exs` records out-of-scope spec routes with a comment per family; reconciled against the real pin (Social SDK lobbies/partner-sdk, OIDC, application-by-id, scheduled-event exceptions, join requests, thread search, monetization). - `.gitea/workflows/ci.yml` runs the suite + gate (Actions must be enabled on the Gitea remote). - ratelimit_test.exs gains AC1.10 spot-checks proving the new Phase 5 route shapes collapse to bounded, id-collapsed keys.
95 lines
3.9 KiB
Elixir
95 lines
3.9 KiB
Elixir
# Routes present in the pinned OpenAPI spec but deliberately NOT declared.
|
|
# Everything here remains reachable via Dexcord.Api.request/4.
|
|
[
|
|
# -- monetization (out of scope) --
|
|
"GET /applications/*/skus",
|
|
"GET /applications/*/entitlements*",
|
|
"POST /applications/*/entitlements*",
|
|
"DELETE /applications/*/entitlements*",
|
|
"GET /applications/*/subscriptions*",
|
|
"GET /skus/*/subscriptions*",
|
|
# -- soundboard (out of scope) --
|
|
"GET /soundboard-default-sounds",
|
|
"GET /guilds/*/soundboard-sounds*",
|
|
"POST /guilds/*/soundboard-sounds",
|
|
"PATCH /guilds/*/soundboard-sounds/*",
|
|
"DELETE /guilds/*/soundboard-sounds/*",
|
|
"POST /channels/*/send-soundboard-sound",
|
|
# -- stage instances (out of scope) --
|
|
"GET /stage-instances/*",
|
|
"POST /stage-instances",
|
|
"PATCH /stage-instances/*",
|
|
"DELETE /stage-instances/*",
|
|
# -- guild templates (out of scope) --
|
|
"GET /guilds/templates/*",
|
|
"POST /guilds/templates/*",
|
|
"GET /guilds/*/templates",
|
|
"POST /guilds/*/templates",
|
|
"PUT /guilds/*/templates/*",
|
|
"PATCH /guilds/*/templates/*",
|
|
"DELETE /guilds/*/templates/*",
|
|
# -- Bearer-only / not bot-usable --
|
|
"GET /oauth2/@me",
|
|
"GET /users/@me/applications/*/role-connection",
|
|
"PUT /users/@me/applications/*/role-connection",
|
|
"DELETE /users/@me/applications/*/role-connection",
|
|
"GET /applications/*/role-connections/metadata",
|
|
"PUT /applications/*/role-connections/metadata",
|
|
"PUT /applications/*/guilds/*/commands/*/permissions",
|
|
"PUT /applications/*/guilds/*/commands/permissions",
|
|
# -- deprecated routes kept out of the typed surface --
|
|
"GET /channels/*/pins",
|
|
"PUT /channels/*/pins/*",
|
|
"DELETE /channels/*/pins/*",
|
|
"PATCH /guilds/*/members/@me/nick",
|
|
# -- removed from official docs (2026-07); spec may still carry them --
|
|
"POST /guilds",
|
|
"DELETE /guilds/*",
|
|
"POST /guilds/*/mfa",
|
|
# -- special CSV multipart (guest invites); escape hatch --
|
|
"GET /invites/*/target-users*",
|
|
"PUT /invites/*/target-users",
|
|
# -- activities --
|
|
"GET /applications/*/activity-instances/*",
|
|
# -- OAuth2 token machinery (not a bot-library concern) --
|
|
"POST /oauth2/token*",
|
|
"POST /oauth2/token/revoke",
|
|
# -- OpenID Connect / key-discovery (bearer/OIDC, not bot-token) --
|
|
"GET /oauth2/keys",
|
|
"GET /oauth2/userinfo",
|
|
# ---------------------------------------------------------------------------
|
|
# Reconciliation against the pinned spec (2026-07-05). Everything below is
|
|
# present upstream but NOT in the plan's authoritative declared surface: all
|
|
# are Social-SDK-era or post-inventory additions, none documented as part of
|
|
# the bot-token REST surface the design scoped. Reachable via request/4.
|
|
# ---------------------------------------------------------------------------
|
|
#
|
|
# -- Social SDK: Lobbies (whole resource family, out of scope) --
|
|
"PUT /lobbies*",
|
|
"POST /lobbies*",
|
|
"GET /lobbies*",
|
|
"PATCH /lobbies*",
|
|
"DELETE /lobbies*",
|
|
# -- Social SDK: Partner SDK token + provisional accounts + DM moderation --
|
|
"POST /partner-sdk*",
|
|
"PUT /partner-sdk*",
|
|
# -- Application-by-id (Social SDK / OAuth variants of the @me routes we
|
|
# declare) + application attachment upload --
|
|
"GET /applications/*",
|
|
"PATCH /applications/*",
|
|
"POST /applications/*/attachment",
|
|
# -- Guild scheduled-event exceptions & user counts (recurring-event feature;
|
|
# the base scheduled-events family IS declared — only these extras aren't) --
|
|
"POST /guilds/*/scheduled-events/*/exceptions",
|
|
"PATCH /guilds/*/scheduled-events/*/exceptions/*",
|
|
"GET /guilds/*/scheduled-events/*/users/counts",
|
|
"GET /guilds/*/scheduled-events/*/*/users",
|
|
# -- Guild join requests / membership application flow (newer feature) --
|
|
"GET /guilds/*/new-member-welcome",
|
|
"GET /guilds/*/requests",
|
|
"PATCH /guilds/*/requests/*",
|
|
# -- Thread search (not in the documented channel bot surface) --
|
|
"GET /channels/*/threads/search",
|
|
# -- monetization: per-user application entitlements (monetization excluded) --
|
|
"GET /users/@me/applications/*/entitlements"
|
|
]
|