Skip to content

fix(generate): fetch spec from /openapi not /openapi.yml (BE-2982)#517

Open
mattmillerai wants to merge 2 commits into
mainfrom
matt/be-2982-refresh-openapi-path
Open

fix(generate): fetch spec from /openapi not /openapi.yml (BE-2982)#517
mattmillerai wants to merge 2 commits into
mainfrom
matt/be-2982-refresh-openapi-path

Conversation

@mattmillerai

Copy link
Copy Markdown
Collaborator

ELI-5

comfy generate refresh downloads the latest list of API models. It was
knocking on the wrong door — /openapi.yml — which the server answers with
"404 Not Found", so the command always failed and exited 1. The spec actually
lives at /openapi (served as JSON). This changes the one URL so the door
opens.

What changed

  • comfy_cli/command/generate/app.py_refresh() now fetches
    <base_url>/openapi instead of <base_url>/openapi.yml.
  • Added a regression test asserting _refresh() requests <base_url>/openapi.

Nothing else needed changing: the server returns JSON, and JSON is a subset of
YAML, so write_cache() (verbatim write) + load_raw_spec() (yaml.load)
parse it fine. base_url(), the vendored spec, and the /proxy/ allowlist are
untouched.

Why it's safe

  • base_url() rstrips the trailing slash, so the URL resolves to
    https://api.comfy.org/openapi.
  • _refresh() is the only spec-fetch call site (grepped — all other
    openapi.yml references are file paths: the bundled spec and the
    ~/.comfy/openapi-cache.yml cache filename).

Verification (live, 2026-07-14)

  • GET https://api.comfy.org/openapi200; body parses as YAML,
    openapi: 3.0.2, servers: [{url: https://api.comfy.org}] (matches the
    vendored spec so base_url() resolves identically), 314 paths.
  • GET https://api.comfy.org/openapi.yml404.
  • Full test suite: 2574 passed, 37 skipped. ruff format --check +
    ruff check clean.

Notes

  • While writing the regression test I found (and fixed) a test-isolation trap:
    reading base_url() after refresh repopulates the lru_cached spec from
    the freshly-written minimal tmp cache, which leaked into later tests. The
    test now resolves the expected URL before invoking refresh.

comfy-api serves the OpenAPI spec at /openapi (JSON, valid YAML); the old
/openapi.yml path 404s, so `comfy generate refresh` always failed and
exited 1. Point _refresh() at /openapi. The JSON body is written verbatim
to the cache and parsed by load_raw_spec() with yaml.load (JSON is a YAML
subset), so no further change is needed.

Adds a regression test asserting _refresh() requests <base_url>/openapi.
@mattmillerai mattmillerai added agent-coded PR authored by the agent-work loop cursor-review Request Cursor bot review labels Jul 14, 2026
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 26 seconds

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 012fd646-2efb-4416-8a52-6347234be05d

📥 Commits

Reviewing files that changed from the base of the PR and between a732f5c and 633220f.

📒 Files selected for processing (3)
  • comfy_cli/command/generate/app.py
  • comfy_cli/command/generate/spec.py
  • tests/comfy_cli/command/generate/test_app.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch matt/be-2982-refresh-openapi-path
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch matt/be-2982-refresh-openapi-path

Comment @coderabbitai help to get the list of available commands.

@mattmillerai mattmillerai marked this pull request as ready for review July 14, 2026 20:07
@dosubot dosubot Bot added size:XS This PR changes 0-9 lines, ignoring generated files. bug Something isn't working labels Jul 14, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Cursor Review — Consolidated panel

Triggered by @mattmillerai.

Found 3 finding(s).

Severity Count
🟠 High 1
🟢 Low 2

Panel: 6/8 reviewers contributed findings.

Reviewers that did not contribute: kimi-k2.5:adversarial (empty), kimi-k2.5:edge-case (empty)

Comment thread comfy_cli/command/generate/app.py
Comment thread comfy_cli/command/generate/app.py
Comment thread comfy_cli/command/generate/app.py
Harden the newly-activated `/openapi` refresh path per cursor-review:

- Refuse to cache a non-spec 200. `_refresh()` follows redirects and caches
  the body verbatim for 7 days; an HTML interstitial / redirect landing page /
  JSON array or scalar would poison the cache and crash every `generate`
  subcommand (`.get()` on a non-mapping) until the TTL expired. Add
  `spec.validate_spec_text()` requiring a dict shaped like an OpenAPI doc, and
  gate `write_cache()` on it.
- Parse JSON exponent floats. The remote serves JSON, where `json.dumps` emits
  point-less signed exponents (`1e+16`, `1e-07`) that PyYAML's YAML 1.1 float
  resolver treats as strings. Add a resolver for that form.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dosubot dosubot Bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:XS This PR changes 0-9 lines, ignoring generated files. labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-coded PR authored by the agent-work loop bug Something isn't working cursor-review Request Cursor bot review size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant