Skip to content

fix(cli): preserve per-endpoint security when auth-schemes defined without auth key #16037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
devin-ai-integration wants to merge 4 commits into
base: main
Choose a base branch
from

fix(cli): preserve per-endpoint security when auth-schemes defined wi…

5c5f13e
Select commit
Loading
Failed to load commit list.
Open

fix(cli): preserve per-endpoint security when auth-schemes defined without auth key #16037

fix(cli): preserve per-endpoint security when auth-schemes defined wi…
5c5f13e
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed May 21, 2026 in 15m 18s

Code review found 2 important issues

Found 5 candidates, confirmed 2. See review comments for details.

Details

Severity Count
🔴 Important 2
🟡 Nit 0
🟣 Pre-existing 0
Severity File:Line Issue
🔴 Important packages/cli/workspace/lazy-fern-workspace/src/OSSWorkspace.ts:574-582 Override-file auth silently dropped when auth-schemes is in generators.yml
🔴 Important packages/cli/workspace/lazy-fern-workspace/src/OSSWorkspace.ts:317-322 AsyncAPI auth silently wiped when auth-schemes set without auth

Annotations

Check failure on line 582 in packages/cli/workspace/lazy-fern-workspace/src/OSSWorkspace.ts

See this annotation in the file changed.

@claude claude / Claude Code Review

Override-file auth silently dropped when auth-schemes is in generators.yml 

When `generators.yml` declares `auth-schemes` (but no `auth`) and the spec's override file declares `auth:`, the new guard at `OSSWorkspace.ts:574-582` skips the override-file fallback, leaving `effectiveSettings.auth` undefined and causing `FernDefinitionConverter.buildAuthOverrides` to return `undefined` — the override file's `auth` is silently dropped. Fix by only skipping the fallback when override files would re-declare `auth-schemes`, e.g. read the override file first and honor its `auth`

Check failure on line 322 in packages/cli/workspace/lazy-fern-workspace/src/OSSWorkspace.ts

See this annotation in the file changed.

@claude claude / Claude Code Review

AsyncAPI auth silently wiped when auth-schemes set without auth 

AsyncAPIConverter has no parallel handling for the new `auth-schemes`-without-`auth` case enabled by this PR's OSSWorkspace change, so any workspace combining AsyncAPI specs with `auth-schemes`-only config in generators.yml (or override files via `getAuthFromOverrideFiles`) will have its AsyncAPI security schemes silently wiped from the IR. Mirror the synthesis logic added to `OpenAPIConverter.convertSecuritySchemes()` in `AsyncAPIConverter.convertSecuritySchemes()` (synthesize `auth: { any: sch
View more details on Claude