Skip to content

docs(registry): /publisher unauthenticated note — parity with /operator (closes #3546)#3569

Merged
EmmaLouise2018 merged 2 commits into
mainfrom
EmmaLouise2018/registry-publisher-public-note
May 1, 2026
Merged

docs(registry): /publisher unauthenticated note — parity with /operator (closes #3546)#3569
EmmaLouise2018 merged 2 commits into
mainfrom
EmmaLouise2018/registry-publisher-public-note

Conversation

@EmmaLouise2018

Copy link
Copy Markdown
Contributor

Closes #3546. Refs #3538 / #3542.

#3542 documented /api/registry/operator's caller-tier response-shape rules (anonymous → public; AAO API → +members_only; profile owner → +private). Asymmetry surfaced during #3559 investigation: /api/registry/publisher (server/src/routes/registry-api.ts:5229) has no auth middleware and returns identical shape for every caller.

Documenting the asymmetry rather than introducing one. AAO membership does NOT unlock more on /publisher today — telling the caller explicitly so the docs don't oversell membership value.

What changed

  • server/src/routes/registry-api.ts:669/publisher endpoint registration gains a description block noting "unauthenticated, identical shape for every caller. Compare to /operator for the auth-aware contrast."
  • static/openapi/registry.yaml — mechanical regen via npm run build:openapi (separate commit).

Test plan

  • npx vitest run server/tests/unit/openapi-coverage.test.ts — 3/3 pass.
  • npx tsc --noEmit -p server/tsconfig.json — clean.

Out of scope

bokelley
bokelley previously approved these changes May 1, 2026

@bokelley bokelley left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed as part of registry-stack triage session (refs #3538). Scope is tight, tests cover behavior, changesets present, openapi regen is mechanical. Approving.

@bokelley

bokelley commented May 1, 2026

Copy link
Copy Markdown
Contributor

Approved and ready to land — but #3563 and #3565 both touched registry-api.ts and static/openapi/registry.yaml so this needs a quick rebase against main. Could you git pull --rebase origin main, rerun npm run build:openapi, and force-push? Will merge as soon as it's green. Sorry for the order — your stack is the most coherent contribution we've had on the registry IA in months.

…fixed for every caller

Contrasts with /operator (#3542) where AAO membership tier and profile
ownership unlock members_only / private visibility. Documenting the
asymmetry rather than introducing one — membership does not change the
/publisher response today.

Refs #3546.
Mechanical output of `npm run build:openapi` for the previous commit's
description change. No semantic delta beyond the /publisher entry.

Refs #3546.
@EmmaLouise2018 EmmaLouise2018 force-pushed the EmmaLouise2018/registry-publisher-public-note branch from 93befdc to a3d5487 Compare May 1, 2026 15:59
@EmmaLouise2018 EmmaLouise2018 merged commit 70f07ca into main May 1, 2026
13 checks passed
@EmmaLouise2018 EmmaLouise2018 deleted the EmmaLouise2018/registry-publisher-public-note branch May 1, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

docs(registry): /publisher auth-aware response note (parity with /operator)

2 participants