chore: Sync account schemas#418
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✱ Stainless preview buildsThis PR will update the kotlin openapi python typescript ✅ grid-kotlin studio · code
✅ grid-typescript studio · code
✅ grid-python studio · code
This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push. |
Greptile SummaryThis PR syncs auto-generated account info schemas for BDT, GHS, and PKR currencies, replacing rail-specific
Confidence Score: 3/5PR weakens schema validation by making rail-critical fields unconditionally optional with no machine-readable conditional enforcement. A single P1 finding (required fields dropped with no conditional schema replacement) reduces the ceiling to 4, and the impact is broad — three currency schemas and both composed openapi.yaml files are affected — warranting a score below the P1 ceiling. openapi/components/schemas/common/BdtAccountInfoBase.yaml, GhsAccountInfoBase.yaml, PkrAccountInfoBase.yaml — all three drop required fields without conditional validation.
|
| Filename | Overview |
|---|---|
| openapi/components/schemas/common/BdtAccountInfoBase.yaml | Removes accountNumber and phoneNumber from required; replaces with prose description. No machine-readable conditional validation is added. |
| openapi/components/schemas/common/GhsAccountInfoBase.yaml | Removes accountNumber and phoneNumber from required; replaces with prose description. Same concern as BdtAccountInfoBase. |
| openapi/components/schemas/common/PkrAccountInfoBase.yaml | Removes accountNumber, phoneNumber, and bankName from required; replaces with prose description. Same concern as BdtAccountInfoBase. |
| openapi.yaml | Mirrors the same required-field removals as the individual schema files for BDT, GHS, and PKR schemas. |
| mintlify/openapi.yaml | Mirrors the same required-field removals as openapi.yaml — kept in sync as expected. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[API Consumer submits account info] --> B{paymentRails?}
B -->|BANK_TRANSFER| C[Needs: accountNumber]
B -->|MOBILE_MONEY| D[Needs: phoneNumber\nPKR also needs: bankName]
C --> E{Schema validation\nold: required array}
D --> E
E -->|accountNumber + phoneNumber required| F[✅ Catches missing fields]
C --> G{Schema validation\nnew: prose description only}
D --> G
G -->|only accountType required| H[⚠️ Missing fields pass silently]
Prompt To Fix All With AI
This is a comment left during a code review.
Path: openapi/components/schemas/common/BdtAccountInfoBase.yaml
Line: 1-8
Comment:
**Conditional requirements not machine-readable**
`accountNumber` and `phoneNumber` were removed from the `required` array and replaced with a prose `description`. OpenAPI schema validators and code generators treat these fields as entirely optional now — the description comment carries no enforcement weight. A client that omits `accountNumber` on a `BANK_TRANSFER` rail will pass schema validation silently.
The idiomatic way to express rail-conditional required fields in OpenAPI 3.x is `oneOf` (or `if/then/else`):
```yaml
oneOf:
- description: BANK_TRANSFER
required:
- accountType
- accountNumber
properties:
...
- description: MOBILE_MONEY
required:
- accountType
- phoneNumber
properties:
...
```
The same pattern applies to `GhsAccountInfoBase.yaml` and `PkrAccountInfoBase.yaml`.
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore: Sync account schemas" | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| type: object | ||
| required: | ||
| - accountType | ||
| - accountNumber | ||
| - phoneNumber | ||
| description: 'Required fields depend on the selected paymentRails: | ||
| - BANK_TRANSFER: accountNumber | ||
| - MOBILE_MONEY: phoneNumber' |
There was a problem hiding this comment.
accountNumber and phoneNumber were removed from the required array and replaced with a prose description. OpenAPI schema validators and code generators treat these fields as entirely optional now — the description comment carries no enforcement weight. A client that omits accountNumber on a BANK_TRANSFER rail will pass schema validation silently.
The idiomatic way to express rail-conditional required fields in OpenAPI 3.x is oneOf (or if/then/else):
oneOf:
- description: BANK_TRANSFER
required:
- accountType
- accountNumber
properties:
...
- description: MOBILE_MONEY
required:
- accountType
- phoneNumber
properties:
...The same pattern applies to GhsAccountInfoBase.yaml and PkrAccountInfoBase.yaml.
Prompt To Fix With AI
This is a comment left during a code review.
Path: openapi/components/schemas/common/BdtAccountInfoBase.yaml
Line: 1-8
Comment:
**Conditional requirements not machine-readable**
`accountNumber` and `phoneNumber` were removed from the `required` array and replaced with a prose `description`. OpenAPI schema validators and code generators treat these fields as entirely optional now — the description comment carries no enforcement weight. A client that omits `accountNumber` on a `BANK_TRANSFER` rail will pass schema validation silently.
The idiomatic way to express rail-conditional required fields in OpenAPI 3.x is `oneOf` (or `if/then/else`):
```yaml
oneOf:
- description: BANK_TRANSFER
required:
- accountType
- accountNumber
properties:
...
- description: MOBILE_MONEY
required:
- accountType
- phoneNumber
properties:
...
```
The same pattern applies to `GhsAccountInfoBase.yaml` and `PkrAccountInfoBase.yaml`.
How can I resolve this? If you propose a fix, please make it concise.
1 participant
Auto-synced account schemas.
These schemas are generated from VASP adapter field definitions in sparkcore.
Synced schemas:
common/— per-currency account info, beneficiary, and payment account schemascommon/PaymentInstructions.yaml— payment instructions oneOf (new currencies added)external_accounts/— per-currency external account schemas (reference common/)Please review the changes before merging.