feat(api): add OpenAPI 3.1.1 spec for cloud sandbox REST API#254
feat(api): add OpenAPI 3.1.1 spec for cloud sandbox REST API#254DorianZheng merged 3 commits intomainfrom
Conversation
|
@yingjunwu PTAL |
Define the RESTful API specification for exposing BoxLite as a cloud
sandbox service.
Key design decisions:
- Versioned prefix (/v1/) with multi-tenant {prefix} path segment
- Async execution model (POST /exec returns execution_id, SSE streaming)
- WebSocket endpoint for interactive TTY sessions
- OAuth2 client credentials authentication
- Idempotency keys for safe mutation retries
- Standard error model mapping to BoxliteError variants
Endpoints: 24 across 7 resource groups (boxes, execution, files,
metrics, images, config, auth). All schemas map 1:1 to existing
Rust types (BoxOptions, BoxInfo, BoxCommand, BoxMetrics, etc.).
DorianZheng
force-pushed
the
feat/rest-api-spec
branch
from
26f374f to
cfd25cb
Compare
- Replace incorrect ASF copyright header with BoxLite Contributors header - Fix contact URL: bxlite → boxlite-ai - Rename hyphenated `next-page-token` to `next_page_token` (snake_case) to avoid code generation issues in most languages Co-Authored-By: Claude Opus 4.6 <[email protected]>
yingjunwu
left a comment
yingjunwu
left a comment
There was a problem hiding this comment.
Review: OpenAPI REST API Spec
Overall this is a well-structured, professional spec. Good use of idempotency keys, pagination, SSE streaming, OAuth2 scopes, and WebSocket TTY. The schema mappings to Rust types (BoxInfo, BoxOptions, BoxCommand, RuntimeMetrics, BoxMetrics, ImageInfo) are accurate.
I pushed a commit fixing 3 bugs:
- ASF license header → replaced with BoxLite Contributors header (this isn't an ASF project)
- Contact URL →
bxlite→boxlite-ai next-page-token→next_page_token(hyphenated JSON keys break code generation in Go/Python/Java/Rust)
Remaining suggestions
Should fix:
-
Box.updated_atvs RustBoxInfo.last_updated— the Rust struct useslast_updated. Consider aligning the naming (either rename the Rust field or the spec field) to avoid confusion when implementing the adapter. -
ErrorModel.typeenum gaps — the spec says it "maps directly to BoxliteError variants" but:- Missing
RpcTransportvariant (exists in Rust) UnsupportedErroris ambiguous: Rust has bothUnsupportedEngine(no payload) andUnsupported(String)UnauthorizedErroris cloud-only (doesn't exist in Rust) — worth documenting as such
- Missing
-
labelsfield —CreateBoxRequestacceptslabelsandBoxresponse returns them, butBoxOptionsin Rust has nolabelsfield.BoxInfo::new()hardcodeslabels: HashMap::new(). Either add label storage to the core library or remove from spec until implemented.
Nice to have:
-
Missing
GET /{prefix}/boxes/{box_id}/executions— there'sGET /executions/{exec_id}to get one execution, but no way to list all executions for a box. Useful for debugging and monitoring. -
Missing
PATCH /{prefix}/boxes/{box_id}— no way to update mutable fields (labels, name) after creation. -
networksingle-value enum —CreateBoxRequest.networkisenum: [isolated]. Consider using plaintype: stringwith adefault: isolatedinstead, so adding new modes later doesn't break the enum contract. -
BootTimingnesting — the spec groups boot timing into a nestedBootTimingobject, while Rust keepsstage_*_msfields flat inBoxMetrics. This is a reasonable REST design choice, just noting the structural difference for implementers.
|
LGTM |
…work enum - Add RpcTransportError to ErrorModel.type enum (matches RpcTransport variant) - Document UnauthorizedError as server-layer only (not a BoxliteError variant) - Remove labels from CreateBoxRequest (BoxOptions has no labels field) - Change network from enum to plain string for forward compatibility
|
Thanks for the thorough review and the fixes you pushed. Addressed the remaining items in 0149a90: Fixed:
Kept as-is (with rationale):
|
2 participants
Summary
boxlite/openapi/rest-sandbox-open-api.yamlAPI Design
GET /v1/configPOST /v1/oauth/tokensKey Design Decisions
{prefix}path segment = organization/workspace IDPOST /execreturnsexecution_id, stream via SSE/exec/ttyfor interactive terminal sessionsFilesInterface){message, type, code}model mapping allBoxliteErrorvariantsTest plan
$refreferences resolve correctly (24 schemas, 7 parameters)BoxliteErrorvariants mapped to error typesBoxOptionsfields represented inCreateBoxRequestBoxInfofields represented inBoxresponse schemanpx @redocly/cli lint(optional, CI)npx @redocly/cli preview-docs(optional)