feat(plugins+bootstrap): plug-in endpoints visible in OpenAPI spec

Closes the deferred TODO from the OpenAPI commit (11bef932): every endpoint a plug-in registers via `PluginContext.endpoints.register` now shows up in the OpenAPI spec alongside the host's @RestController operations. Downstream OpenAPI clients (R1 web SPA codegen, A1 MCP server tool catalog, operator-side Swagger UI browsing) can finally see the customer-specific HTTP surface. **Problem.** springdoc's default scan walks `@RestController` beans on the host classpath. Plug-in endpoints are NOT registered that way — they live as lambdas on a single `PluginEndpointDispatcher` catch-all controller, so the default scan saw ONE dispatcher path and zero per-plug-in detail. The printing-shop plug-in's 8 endpoints were entirely invisible to the spec. **Solution: an OpenApiCustomizer bean that queries the registry at spec-build time.** 1. `PluginEndpointRegistry.snapshot()` — new public read-only view. Returns a list of `(pluginId, method, path)` tuples without exposing the handler lambdas. Taken under the registry's intrinsic lock and copied out so callers can iterate without racing plug-in (un)registration. Ordered by registration order for determinism. 2. `PluginEndpointSummary` — new public data class in platform-plugins. `pluginId` + `method` + `path` plus a `fullPath()` helper that prepends `/api/v1/plugins/<pluginId>`. 3. `PluginEndpointsOpenApiCustomizer @Component` — new class in `platform-plugins/openapi/`. Implements `org.springdoc.core.customizers.OpenApiCustomizer`. On every `/v3/api-docs` request, iterates `registry.snapshot()`, groups by full path, and attaches a `PathItem` with one `Operation` per registered HTTP verb. Each operation gets: - A tag `"Plug-in: <pluginId>"` so Swagger UI groups every plug-in's surface under a header - A `summary` + `description` naming the plug-in - Path parameters auto-extracted from `{name}` segments - A generic JSON request body for POST/PUT/PATCH - A generic 200 response + 401/403/404 error responses - The global bearerAuth security scheme (inherited from OpenApiConfiguration, no per-op annotation) 4. `compileOnly(libs.springdoc.openapi.starter.webmvc.ui)` in platform-plugins so `OpenApiCustomizer` is visible at compile time without dragging the full webmvc-ui bundle into platform-plugins' runtime classpath (distribution already pulls it in via platform-bootstrap's `implementation`). 5. `implementation(project(":platform:platform-plugins"))` added to platform-bootstrap so `OpenApiConfiguration` can inject the customizer by type and explicitly wire it to the `pluginEndpointsGroup()` `GroupedOpenApi` builder via `.addOpenApiCustomizer(...)`. **This is load-bearing** — springdoc's grouped specs run their own customizer pipeline and do NOT inherit top-level @Component OpenApiCustomizer beans. Caught at smoke-test time: initially the customizer populated the default /v3/api-docs but the /v3/api-docs/plugins group still showed only the dispatcher. Fix was making the customizer a constructor-injected dep of OpenApiConfiguration and calling `addOpenApiCustomizer` on the group builder. **What a future chunk might add** (not in this one): - Richer per-endpoint JSON Schema — v1 ships unconstrained `ObjectSchema` request/response bodies because the framework has no per-endpoint shape info at the registrar layer. A future `PluginEndpointRegistrar` overload accepting an explicit schema would let plug-ins document their payloads. - Per-endpoint `@RequirePermission` surface — the dispatcher enforces permissions at runtime but doesn't record them on the registration, so the OpenAPI spec doesn't list them. **KDoc `/**` trap caught.** A literal plug-in URL pattern in the customizer's KDoc (`/api/v1/plugins/{pluginId}/**`) tripped the Kotlin nested-comment parser again. Rephrased as "under the `/api/v1/plugins/{pluginId}` prefix" to sidestep. Third time this trap has bitten me — the workaround is in feedback memory. **HttpMethod enum caught.** Initial `when` branch on the customizer covered HEAD/OPTIONS which don't exist in the api.v1 `HttpMethod` enum (only GET/POST/PUT/PATCH/DELETE). Dropped those branches. **Smoke-tested end-to-end against real Postgres:** - GET /v3/api-docs/plugins returns 7 paths: - /api/v1/plugins/printing-shop/echo/{name} GET - /api/v1/plugins/printing-shop/inks GET, POST - /api/v1/plugins/printing-shop/ping GET - /api/v1/plugins/printing-shop/plates GET, POST - /api/v1/plugins/printing-shop/plates/{id} GET - /api/v1/plugins/printing-shop/plates/{id}/generate-quote-pdf POST - /api/v1/plugins/{pluginId}/** (dispatcher fallback) Before this chunk: only the dispatcher fallback (1 path). - Top-level /v3/api-docs now also includes the 6 printing-shop paths it previously didn't. - All 7 printing-shop endpoints remain functional at the real dispatcher (no behavior change — this is a documentation-only enhancement). 24 modules, 355 unit tests, all green.

feat(plugins+bootstrap): plug-in endpoints visible in OpenAPI spec
Closes the deferred TODO from the OpenAPI commit (11bef932): every endpoint a plug-in registers via `PluginContext.endpoints.register` now shows up in the OpenAPI spec alongside the host's @RestController operations. Downstream OpenAPI clients (R1 web SPA codegen, A1 MCP server tool catalog, operator-side Swagger UI browsing) can finally see the customer-specific HTTP surface. **Problem.** springdoc's default scan walks `@RestController` beans on the host classpath. Plug-in endpoints are NOT registered that way — they live as lambdas on a single `PluginEndpointDispatcher` catch-all controller, so the default scan saw ONE dispatcher path and zero per-plug-in detail. The printing-shop plug-in's 8 endpoints were entirely invisible to the spec. **Solution: an OpenApiCustomizer bean that queries the registry at spec-build time.** 1. `PluginEndpointRegistry.snapshot()` — new public read-only view. Returns a list of `(pluginId, method, path)` tuples without exposing the handler lambdas. Taken under the registry's intrinsic lock and copied out so callers can iterate without racing plug-in (un)registration. Ordered by registration order for determinism. 2. `PluginEndpointSummary` — new public data class in platform-plugins. `pluginId` + `method` + `path` plus a `fullPath()` helper that prepends `/api/v1/plugins/<pluginId>`. 3. `PluginEndpointsOpenApiCustomizer @Component` — new class in `platform-plugins/openapi/`. Implements `org.springdoc.core.customizers.OpenApiCustomizer`. On every `/v3/api-docs` request, iterates `registry.snapshot()`, groups by full path, and attaches a `PathItem` with one `Operation` per registered HTTP verb. Each operation gets: - A tag `"Plug-in: <pluginId>"` so Swagger UI groups every plug-in's surface under a header - A `summary` + `description` naming the plug-in - Path parameters auto-extracted from `{name}` segments - A generic JSON request body for POST/PUT/PATCH - A generic 200 response + 401/403/404 error responses - The global bearerAuth security scheme (inherited from OpenApiConfiguration, no per-op annotation) 4. `compileOnly(libs.springdoc.openapi.starter.webmvc.ui)` in platform-plugins so `OpenApiCustomizer` is visible at compile time without dragging the full webmvc-ui bundle into platform-plugins' runtime classpath (distribution already pulls it in via platform-bootstrap's `implementation`). 5. `implementation(project(":platform:platform-plugins"))` added to platform-bootstrap so `OpenApiConfiguration` can inject the customizer by type and explicitly wire it to the `pluginEndpointsGroup()` `GroupedOpenApi` builder via `.addOpenApiCustomizer(...)`. **This is load-bearing** — springdoc's grouped specs run their own customizer pipeline and do NOT inherit top-level @Component OpenApiCustomizer beans. Caught at smoke-test time: initially the customizer populated the default /v3/api-docs but the /v3/api-docs/plugins group still showed only the dispatcher. Fix was making the customizer a constructor-injected dep of OpenApiConfiguration and calling `addOpenApiCustomizer` on the group builder. **What a future chunk might add** (not in this one): - Richer per-endpoint JSON Schema — v1 ships unconstrained `ObjectSchema` request/response bodies because the framework has no per-endpoint shape info at the registrar layer. A future `PluginEndpointRegistrar` overload accepting an explicit schema would let plug-ins document their payloads. - Per-endpoint `@RequirePermission` surface — the dispatcher enforces permissions at runtime but doesn't record them on the registration, so the OpenAPI spec doesn't list them. **KDoc `/**` trap caught.** A literal plug-in URL pattern in the customizer's KDoc (`/api/v1/plugins/{pluginId}/**`) tripped the Kotlin nested-comment parser again. Rephrased as "under the `/api/v1/plugins/{pluginId}` prefix" to sidestep. Third time this trap has bitten me — the workaround is in feedback memory. **HttpMethod enum caught.** Initial `when` branch on the customizer covered HEAD/OPTIONS which don't exist in the api.v1 `HttpMethod` enum (only GET/POST/PUT/PATCH/DELETE). Dropped those branches. **Smoke-tested end-to-end against real Postgres:** - GET /v3/api-docs/plugins returns 7 paths: - /api/v1/plugins/printing-shop/echo/{name} GET - /api/v1/plugins/printing-shop/inks GET, POST - /api/v1/plugins/printing-shop/ping GET - /api/v1/plugins/printing-shop/plates GET, POST - /api/v1/plugins/printing-shop/plates/{id} GET - /api/v1/plugins/printing-shop/plates/{id}/generate-quote-pdf POST - /api/v1/plugins/{pluginId}/** (dispatcher fallback) Before this chunk: only the dispatcher fallback (1 path). - Top-level /v3/api-docs now also includes the 6 printing-shop paths it previously didn't. - All 7 printing-shop endpoints remain functional at the real dispatcher (no behavior change — this is a documentation-only enhancement). 24 modules, 355 unit tests, all green.
zichun
1 parent a827f4e4
Showing 5 changed files with 285 additions and 1 deletions
platform/platform-bootstrap/build.gradle.kts
platform/platform-bootstrap/src/main/kotlin/org/vibeerp/platform/bootstrap/openapi/OpenApiConfiguration.kt
platform/platform-plugins/build.gradle.kts
platform/platform-plugins/src/main/kotlin/org/vibeerp/platform/plugins/endpoints/PluginEndpointRegistry.kt
platform/platform-plugins/src/main/kotlin/org/vibeerp/platform/plugins/openapi/PluginEndpointsOpenApiCustomizer.kt
@@ -40,6 +40,13 @@ dependencies {
     // depend on platform-bootstrap so no @RestController leaks into a
     // plug-in classloader; the scan only sees host controllers.
     implementation(libs.springdoc.openapi.starter.webmvc.ui)
+    // platform-plugins is needed so OpenApiConfiguration can wire the
+    // PluginEndpointsOpenApiCustomizer into the "plugins" GroupedOpenApi
+    // builder by type. Without this, the customizer @Component runs
+    // against the top-level /v3/api-docs but springdoc's grouped specs
+    // don't pick up global customizers — they need explicit
+    // `addOpenApiCustomiser(...)` calls on the builder.
+    implementation(project(":platform:platform-plugins"))
     testImplementation(libs.spring.boot.starter.test)
     testImplementation(libs.junit.jupiter)
@@ -13,6 +13,7 @@ import org.springframework.beans.factory.ObjectProvider
 import org.springframework.boot.info.BuildProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.vibeerp.platform.plugins.openapi.PluginEndpointsOpenApiCustomizer
 /**
  * Provides the top-level [OpenAPI] bean that `springdoc-openapi`
@@ -59,6 +60,7 @@ import org.springframework.context.annotation.Configuration
 @Configuration
 class OpenApiConfiguration(
     private val buildPropertiesProvider: ObjectProvider<BuildProperties>,
+    private val pluginEndpointsCustomizer: PluginEndpointsOpenApiCustomizer,
 ) {
     @Bean
@@ -264,8 +266,17 @@ class OpenApiConfiguration(
     fun pluginEndpointsGroup(): GroupedOpenApi =
         GroupedOpenApi.builder()
             .group("plugins")
-            .displayName("Plug-in HTTP dispatcher")
+            .displayName("Plug-in HTTP dispatcher + registered endpoints")
             .pathsToMatch("/api/v1/plugins/**")
+            // springdoc's grouped specs run their own customizer
+            // pipeline — top-level `@Component` customizers aren't
+            // inherited, so PluginEndpointsOpenApiCustomizer has to
+            // be wired onto THIS builder explicitly for the group
+            // to see plug-in-registered endpoints. The customizer
+            // runs on every /v3/api-docs/plugins request, so a
+            // plug-in that registers or unregisters endpoints at
+            // runtime is reflected immediately.
+            .addOpenApiCustomizer(pluginEndpointsCustomizer)
             .build()
     companion object {
@@ -44,6 +44,14 @@ dependencies {
     implementation(libs.asm) // for plug-in linter bytecode scan
     implementation(libs.pf4j)
     implementation(libs.pf4j.spring)
+    // compileOnly: `PluginEndpointsOpenApiCustomizer` implements
+    // `org.springdoc.core.customizers.OpenApiCustomizer`, but we don't
+    // want platform-plugins to drag the full springdoc-openapi-starter-webmvc-ui
+    // bundle into its runtime classpath — that bundle is already present
+    // at runtime via platform-bootstrap's `implementation` declaration
+    // (which distribution inherits). compileOnly gives us the types at
+    // compile time without the duplicate runtime jar.
+    compileOnly(libs.springdoc.openapi.starter.webmvc.ui)
     testImplementation(libs.spring.boot.starter.test)
     testImplementation(libs.junit.jupiter)
@@ -95,6 +95,30 @@ class PluginEndpointRegistry {
     /** Total number of registrations across all plug-ins. Used by tests. */
     fun size(): Int = registrations.size
+    /**
+     * Read-only snapshot of every registered endpoint across every
+     * plug-in. Returns `(pluginId, method, path)` tuples without
+     * leaking the handler lambdas — callers get enough to render
+     * documentation, an admin view, or an OpenAPI path entry.
+     *
+     * **Why snapshot and not a live view.** The list is taken under
+     * the registry's intrinsic lock (via the existing @Synchronized
+     * discipline) and copied out, so a caller can iterate without
+     * holding the lock and without racing against concurrent
+     * plug-in (un)registration. Ordering matches the registration
+     * order, which is deterministic for a given plug-in's
+     * `start(context)` call.
+     */
+    @Synchronized
+    fun snapshot(): List<PluginEndpointSummary> =
+        registrations.map {
+            PluginEndpointSummary(
+                pluginId = it.pluginId,
+                method = it.method,
+                path = it.path,
+            )
+        }
+
     private data class Registration(
         val pluginId: String,
         val method: HttpMethod,
@@ -110,6 +134,24 @@ class PluginEndpointRegistry {
 }
 /**
+ * Read-only projection of one plug-in endpoint registration,
+ * returned by [PluginEndpointRegistry.snapshot]. Carries enough
+ * to render an admin view or populate an OpenAPI path entry —
+ * deliberately does NOT expose the handler lambda.
+ */
+data class PluginEndpointSummary(
+    val pluginId: String,
+    val method: org.vibeerp.api.v1.plugin.HttpMethod,
+    val path: String,
+) {
+    /**
+     * Full URL path this endpoint serves on, including the
+     * `/api/v1/plugins/<pluginId>` dispatcher prefix.
+     */
+    fun fullPath(): String = "/api/v1/plugins/$pluginId$path"
+}
+
+/**
  * The per-plug-in registrar exposed via
  * [org.vibeerp.api.v1.plugin.PluginContext.endpoints].
  *
+package org.vibeerp.platform.plugins.openapi
+
+import io.swagger.v3.oas.models.OpenAPI
+import io.swagger.v3.oas.models.Operation
+import io.swagger.v3.oas.models.PathItem
+import io.swagger.v3.oas.models.media.Content
+import io.swagger.v3.oas.models.media.MediaType
+import io.swagger.v3.oas.models.media.ObjectSchema
+import io.swagger.v3.oas.models.media.StringSchema
+import io.swagger.v3.oas.models.parameters.Parameter
+import io.swagger.v3.oas.models.parameters.PathParameter
+import io.swagger.v3.oas.models.parameters.RequestBody
+import io.swagger.v3.oas.models.responses.ApiResponse
+import io.swagger.v3.oas.models.responses.ApiResponses
+import org.slf4j.LoggerFactory
+import org.springdoc.core.customizers.OpenApiCustomizer
+import org.springframework.stereotype.Component
+import org.vibeerp.api.v1.plugin.HttpMethod
+import org.vibeerp.platform.plugins.endpoints.PluginEndpointRegistry
+import org.vibeerp.platform.plugins.endpoints.PluginEndpointSummary
+
+/**
+ * Extends the auto-generated OpenAPI 3 spec with one PathItem
+ * entry per plug-in-registered HTTP endpoint.
+ *
+ * **Why this is needed.** springdoc's default scan walks every
+ * `@RestController` bean on the host classpath and turns its
+ * `@RequestMapping` + method annotations into OpenAPI paths.
+ * Plug-in endpoints are NOT registered that way — they live as
+ * lambdas on a single `PluginEndpointDispatcher` controller with
+ * a catch-all mapping under the `/api/v1/plugins/{pluginId}` prefix,
+ * so the default scan sees ONE dispatcher operation and zero
+ * per-plug-in detail. The OpenAPI spec is therefore blind to
+ * every customer-specific HTTP surface — the exact place a
+ * downstream R1 web SPA + A1 MCP server need visibility.
+ *
+ * **How it works.** springdoc calls every `OpenApiCustomizer`
+ * bean once per `/v3/api-docs` (or group) request, AFTER the
+ * default scan has populated the paths. We iterate
+ * [PluginEndpointRegistry.snapshot] and add one `PathItem` per
+ * unique full path, attaching an [Operation] per HTTP method
+ * that was registered on it. The customizer runs on every
+ * request because plug-ins can register/unregister endpoints at
+ * runtime (hot reload, plug-in restart) and the spec must
+ * reflect the current state — no caching.
+ *
+ * **Scope of the generated OpenAPI entries.** The synthesized
+ * operations are deliberately minimal:
+ *  - `tags = ["Plug-in: <pluginId>"]` so Swagger UI groups
+ *    every plug-in's endpoints under a header.
+ *  - `summary` naming the plug-in and its sub-path so operators
+ *    can scan the list.
+ *  - A generic `application/json` request body for methods that
+ *    accept one (POST/PUT/PATCH), with an unconstrained schema —
+ *    the framework has no per-endpoint schema info at this layer.
+ *  - A generic 200 response with an unconstrained schema.
+ *  - Path parameters auto-detected from `{name}` segments.
+ *
+ * A richer future chunk could let plug-ins declare JSON Schema
+ * via a new PluginEndpointRegistrar overload, but v1 ships the
+ * minimal surface — it's already enough for a client code
+ * generator to emit typed call sites against any plug-in's
+ * endpoints, and for an MCP-style catalog to list "what can
+ * this plug-in do".
+ *
+ * **Security.** The global `bearerAuth` security scheme defined
+ * in `OpenApiConfiguration` already applies by default via
+ * `addSecurityItem(...)`, so every plug-in operation inherits
+ * the bearer-JWT requirement without per-op annotation.
+ *
+ * **Registry coupling.** Lives in platform-plugins because
+ * that's where `PluginEndpointRegistry` lives and we want the
+ * customization close to the data it reflects. The class is
+ * picked up by Spring's `@ComponentScan("org.vibeerp")` in
+ * platform-bootstrap's `@SpringBootApplication`. The springdoc
+ * types are pulled in via `compileOnly` in this module's
+ * build.gradle.kts — the runtime jar is provided once by
+ * platform-bootstrap's `implementation(libs.springdoc…)`.
+ */
+@Component
+class PluginEndpointsOpenApiCustomizer(
+    private val registry: PluginEndpointRegistry,
+) : OpenApiCustomizer {
+
+    private val log = LoggerFactory.getLogger(PluginEndpointsOpenApiCustomizer::class.java)
+
+    override fun customise(openApi: OpenAPI) {
+        val snapshot = registry.snapshot()
+        if (snapshot.isEmpty()) {
+            return
+        }
+
+        // Group by full URL path so multiple HTTP verbs on the
+        // same path share ONE PathItem — OpenAPI's schema puts
+        // get/post/put/delete as sibling operations on a PathItem.
+        val byFullPath: Map<String, List<PluginEndpointSummary>> =
+            snapshot.groupBy { it.fullPath() }
+
+        var addedPaths = 0
+        var addedOperations = 0
+
+        for ((fullPath, registrations) in byFullPath) {
+            // springdoc's PathItem uses the same template syntax
+            // as the registrations themselves (e.g. "/plates/{id}"),
+            // so we can use fullPath verbatim.
+            val pathItem = openApi.paths?.get(fullPath) ?: PathItem()
+            for (reg in registrations) {
+                val op = buildOperation(reg)
+                when (reg.method) {
+                    HttpMethod.GET -> pathItem.get(op)
+                    HttpMethod.POST -> pathItem.post(op)
+                    HttpMethod.PUT -> pathItem.put(op)
+                    HttpMethod.DELETE -> pathItem.delete(op)
+                    HttpMethod.PATCH -> pathItem.patch(op)
+                }
+                addedOperations++
+            }
+            // Paths() is null on a freshly-built OpenAPI so
+            // springdoc's default scan initializes it before we
+            // get here; still guard defensively for the case
+            // where the scan returned nothing.
+            if (openApi.paths == null) {
+                openApi.paths = io.swagger.v3.oas.models.Paths()
+            }
+            openApi.paths.addPathItem(fullPath, pathItem)
+            addedPaths++
+        }
+
+        log.debug(
+            "PluginEndpointsOpenApiCustomizer: added {} paths / {} operations from {} plug-in endpoint(s)",
+            addedPaths, addedOperations, snapshot.size,
+        )
+    }
+
+    private fun buildOperation(summary: PluginEndpointSummary): Operation {
+        val tag = "Plug-in: ${summary.pluginId}"
+        val operation = Operation()
+            .summary("${summary.method} ${summary.path}  (plug-in: ${summary.pluginId})")
+            .description(
+                "Dynamically registered by plug-in `${summary.pluginId}` via " +
+                    "`PluginContext.endpoints.register`.",
+            )
+            .addTagsItem(tag)
+
+        // Extract path variables from {name} segments. The
+        // dispatcher already handles these at runtime via
+        // AntPathMatcher; we just surface the names in the spec
+        // so a code generator knows to produce typed parameters.
+        val pathVariables = extractPathVariables(summary.path)
+        for (varName in pathVariables) {
+            operation.addParametersItem(
+                PathParameter()
+                    .name(varName)
+                    .required(true)
+                    .schema(StringSchema())
+                    .description("Path variable extracted from the plug-in's template."),
+            )
+        }
+
+        // Attach a generic JSON request body for methods that
+        // carry one. The schema is deliberately unconstrained —
+        // the framework has no per-endpoint schema knowledge at
+        // this layer. A future chunk can grow this via a
+        // registrar overload that accepts a JSON Schema.
+        if (summary.method == HttpMethod.POST ||
+            summary.method == HttpMethod.PUT ||
+            summary.method == HttpMethod.PATCH
+        ) {
+            operation.requestBody(
+                RequestBody()
+                    .required(false)
+                    .content(
+                        Content().addMediaType(
+                            "application/json",
+                            MediaType().schema(ObjectSchema().description("Plug-in-defined payload; shape not declared at the framework level.")),
+                        ),
+                    ),
+            )
+        }
+
+        operation.responses(
+            ApiResponses()
+                .addApiResponse(
+                    "200",
+                    ApiResponse().description("Plug-in-defined response payload.")
+                        .content(
+                            Content().addMediaType(
+                                "application/json",
+                                MediaType().schema(ObjectSchema().description("Plug-in-defined response; shape not declared at the framework level.")),
+                            ),
+                        ),
+                )
+                .addApiResponse("401", ApiResponse().description("Missing or invalid JWT."))
+                .addApiResponse("403", ApiResponse().description("Authenticated but lacking the plug-in-declared permission."))
+                .addApiResponse("404", ApiResponse().description("No matching plug-in endpoint for the given path + method.")),
+        )
+
+        return operation
+    }
+
+    /**
+     * Extract `{varName}` path variables from a plug-in template
+     * like `/plates/{id}/generate-quote-pdf`. Ordering is the
+     * order they appear in the template; duplicates are kept
+     * once.
+     */
+    private fun extractPathVariables(template: String): List<String> {
+        val result = mutableListOf<String>()
+        val regex = Regex("""\{([^/}]+)\}""")
+        for (m in regex.findAll(template)) {
+            val name = m.groupValues[1]
+            if (name !in result) result += name
+        }
+        return result
+    }
+}