docs(spec): reality-audit — openapi + sitemap + account-keys sk_live examples#277
Merged
Conversation
…examples Machine/spec files piece of the 2026-06-26 docs reality audit (WIP tip 83fb982), applied on top of the merged family pieces and reconciled against today's main + live API. - public/openapi.json: provenance metadata refresh only (x-generated-at, x-commit-sha). Semantic body (paths + schemas) verified byte-identical to main via scripts/check-openapi-version.mjs — no unmerged-family (opportunities) endpoint changes to revert. - public/openapi-version.json: sync stale sidecar 2.1.0 -> 3.1.0 to match openapi.json info.version (stamp-openapi.mjs regenerates at build; this fixes the committed state). - public/sitemap.xml: regenerated with scripts/generate-sitemap.mjs against today's content tree (228 URLs). Supersedes the audit's 224-URL snapshot, which was already missing concepts/market-lifecycle (4 locales) added to main after the audit. - content/en/api-reference/account-keys.mdx: key-management envelope fixes from the audit ({success, data, meta}; create returns 200 not 201; rotate new_key/old_key shape + gracePeriodHours 0-72; delete envelope; real error messages), sk_live_ example keys (truncated — GitHub push protection rejects full-length fakes) replacing main's fictional "sharpapi_..." format, plus two today-reality corrections against the live handler: id_masked = "..." + last 8 chars, and max_keys = 1 for pro tier (was 5). Live-verified: GET /account/keys with an internal (no user_id) key returns exactly the documented 400 {"error":{"code":"validation_error", "message":"No user_id associated with this API key"}}; all four operation response shapes and error strings confirmed against sharp-api-go keys.go on main (1940dc1). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Collaborator
Author
|
Merge gate (auto-classified): gate=docs — auto-classified by the gate-log enforcer (9min after merge, no Posted by |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Final piece of the 2026-06-26 docs reality audit: the machine/spec files, built on top of the merged family pieces (#272 events, #273 historical, #274 catalog, #275 odds; opportunities piece NOT merged).
Audit commits carried
83fb982(WIP tip ofdocs/audit-2026-06-26-fixes) — hunks for this piece's 4 files only:public/openapi.json,public/openapi-version.json,public/sitemap.xml,content/en/api-reference/account-keys.mdx.Reconciliation against what actually merged
scripts/check-openapi-version.mjs: "no path/schema changes detected") — onlyx-generated-at/x-commit-shaprovenance metadata differ. So there were no unmerged-family (opportunities) endpoint changes to revert; the spec describes exactly what the live docs pages now say.2.1.0) vs the spec'sinfo.version(3.1.0) — synced. (stamp-openapi.mjsregenerates both at build; this fixes the committed state.)scripts/generate-sitemap.mjsagainst today's content tree (228 URLs). The audit snapshot was already missingconcepts/market-lifecycle(x4 locales) added to main after the audit. Superset of the audit's additions (entity-reference-ids,liquidity,polymarket-resolutionx4 locales, trailing-slash + hreflang format).Live verification (2026-07-02, OVH
:3003)GET /account/keys(internal key, nouser_id){"error":{"code":"validation_error","message":"No user_id associated with this API key"}}, exactly as the page now documents; error envelope has nodocsfield (audit's removal confirmed)GET /account/keys200 shapesharp-api-go/keys.goon main (1940dc1) —{success, data:[{id, id_masked, name, tier, is_active, created_at, updated_at}], meta:{count, max_keys}}(can't exercise 200 live without a customer key)POST /account/keysmeta.warningstring exact;nameoptional, max 100 charsDELETE /account/keys/{keyId}{success, data:{deleted, key_id, message}}; 404 "Key not found or not owned by you"; 400 "Cannot delete the API key you are currently using"POST /account/keys/{keyId}/rotategracePeriodHours0–72;data.new_key/{old_key}shape; bothmeta.warning/meta.messagestrings exactDrift fixed beyond the audit (handler is ground truth):
id_maskedexample:"..." + last 8 chars(audit showed 9)max_keysforpro= 1, not 5 (maxKeysPerTier: free/hobby/pro=1, sharp=2)Notes
sk_live_example keys are intentionally truncated fakes (sk_live_new345mno678...) — GitHub push protection rejects full-length fakesk_livekeys. Real keys aresk_-prefixed; main'ssharpapi_...format was fiction.authenticateClerkOrAPIKey) — page claim verified.account-keys.mdxchanged in en only).Type: docs