Skip to content

Migrate Users API to v2 — 16+ breaking changes across all categories#2

Open
infracore wants to merge 3 commits intomainfrom
feature/v2-api
Open

Migrate Users API to v2 — 16+ breaking changes across all categories#2
infracore wants to merge 3 commits intomainfrom
feature/v2-api

Conversation

@infracore
Copy link
Copy Markdown
Member

@infracore infracore commented Mar 22, 2026

Breaking Changes (testing all 27 detection types)

Category Change New Type?
endpoint_removed DELETE /users/{userId}
endpoint_removed PUT /users/{userId}/avatar
security_removed GET /users lost bearerAuth NEW
security_scope_removed read:users scope removed NEW
param_required_changed limit: optional → required NEW
param_type_changed limit: integer → string NEW
max_length_decreased limit maximum: 100 → 50 NEW
type_changed userId: string → integer
response_type_changed User.id: string → integer NEW
max_length_decreased User.name maxLength: 100 → 50 NEW
min_length_increased User.name minLength: 1 → 2 NEW
enum_value_removed status: 'pending' removed
enum_value_removed role: 'editor' removed
required_field_added tenant_id required
deprecated_added GET /users deprecated NEW
default_changed role default: viewer → admin NEW

Additive

  • New GET /v2/users endpoint

This PR exercises all 27 change types in the Delimit Action v1.6.0.

feat: migrate Users API to v2
4f368cc 
Breaking changes (testing all new detection types):
- DELETE /users/{userId} removed (endpoint_removed)
- PUT /users/{userId}/avatar removed (endpoint_removed)
- GET /users security removed (security_removed)
- GET /users read:users scope removed (security_scope_removed)
- limit param changed from optional to required (param_required_changed)
- limit param type changed from integer to string (param_type_changed)
- limit maximum decreased from 100 to 50 (max_length_decreased)
- userId type changed from string to integer (type_changed)
- User.id type changed from string to integer (response_type_changed)
- User.name maxLength decreased from 100 to 50 (max_length_decreased)
- User.name minLength increased from 1 to 2 (min_length_increased)
- status enum: 'pending' removed (enum_value_removed)
- role enum: 'editor' removed (enum_value_removed)
- role default changed from 'viewer' to 'admin' (default_changed)
- required field tenant_id added (required_field_added)
- GET /users marked deprecated (deprecated_added)

Additive:
- New GET /v2/users endpoint
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 22, 2026
edited
Loading

🛡️ Breaking API Changes Detected

🔴 23 breaking changes · Semver: MAJOR · Next: 2.0.0

Count
Total changes 27
Breaking 23
Additive 4
Warnings 3

Breaking Changes

Severity Change Location
🔴 Critical Endpoint removed: /users/{userId}/avatar /users/{userId}/avatar
🔴 Critical Method removed: DELETE /users/{userId} /users/{userId}:DELETE
🟡 Warning Parameter type changed: userId from string to integer in /users/{userId}:GET /users/{userId}:GET
🟡 Warning Parameter type changed: userId from string to integer /users/{userId}:GET
🔴 Breaking Enum value 'pending' removed at /users:GET:status /users:GET:status
🟡 Warning Parameter type changed: limit from integer to string in /users:GET /users:GET
🟡 Warning Parameter type changed: limit from integer to string /users:GET
🟡 Warning Parameter changed from optional to required: limit in /users:GET /users:GET
🟡 Warning Security scheme 'bearerAuth' removed from /users:GET /users:GET
🔴 Breaking New required field 'tenant_id' added at #/components/schemas/User #/components/schemas/User.tenant_id
🔴 Breaking Enum value 'editor' removed at #/components/schemas/User.role #/components/schemas/User.role
🔴 Breaking Enum value 'pending' removed at #/components/schemas/User.status #/components/schemas/User.status
🟡 Warning Type changed from string to integer at #/components/schemas/User.id #/components/schemas/User.id
🔴 Breaking maxLength decreased from 100 to 50 at #/components/schemas/User.name #/components/schemas/User.name
🔴 Breaking minLength increased from 1 to 2 at #/components/schemas/User.name #/components/schemas/User.name
🔴 Breaking maxLength decreased from 100 to 50 at #/components/schemas/User.name #/components/schemas/User.name
🔴 Breaking minLength increased from 1 to 2 at #/components/schemas/User.name #/components/schemas/User.name
🔴 Breaking New required field 'tenant_id' added at #/components/schemas/CreateUser #/components/schemas/CreateUser.tenant_id
🔴 Breaking Enum value 'editor' removed at #/components/schemas/CreateUser.role #/components/schemas/CreateUser.role
🔴 Breaking maxLength decreased from 100 to 50 at #/components/schemas/CreateUser.name #/components/schemas/CreateUser.name
🔴 Breaking minLength increased from 1 to 2 at #/components/schemas/CreateUser.name #/components/schemas/CreateUser.name
🔴 Breaking maxLength decreased from 100 to 50 at #/components/schemas/CreateUser.name #/components/schemas/CreateUser.name
🔴 Breaking minLength increased from 1 to 2 at #/components/schemas/CreateUser.name #/components/schemas/CreateUser.name
⚠️ Policy warnings (3)
  • 🟡 /users/{userId}:GET — Type changed from string to integer at /users/{userId}:GET
  • 🟡 /users:GET — Type changed from integer to string at /users:GET
  • 🟡 #/components/schemas/User.id — Type changed from string to integer at #/components/schemas/User.id
📋 Migration guide

Migration Guide: Users API (1.0.0 -> 2.0.0)

This release contains 11 breaking change(s).
Follow the steps below to update your integration.

Step 1: Endpoint Removed

Change: Endpoint removed: /users/{userId}/avatar
Location: /users/{userId}/avatar

Action: Update all clients to stop calling this endpoint. If you control the consumers, search for references and remove them. Consider using the new endpoint (if applicable) as a replacement.

Step 2: Method Removed

Change: Method removed: DELETE /users/{userId}
Location: /users/{userId}:DELETE

Action: Update clients using this HTTP method. Check if an alternative method is available on the same path.

Step 3: Type Changed

Change: Parameter type changed: userId from string to integer
Location: /users/{userId}:GET

Action: Update serialization/deserialization logic for the new type. Check all type assertions, validators, and database column types.

Step 4: Enum Value Removed

Change: Enum value 'pending' removed at /users:GET:status
Location: /users:GET:status

Action: Stop sending the removed enum value. Update any switch/case or if/else blocks that handle it.

Step 5: Type Changed

Change: Parameter type changed: limit from integer to string
Location: /users:GET

Action: Update serialization/deserialization logic for the new type. Check all type assertions, validators, and database column types.

Step 6: Required Field Added

Change: New required field 'tenant_id' added at #/components/schemas/User
Location: #/components/schemas/User.tenant_id

Action: If this is a request body field, include it in all requests. If this is a response field, update parsers to handle the new field.

Step 7: Enum Value Removed

Change: Enum value 'editor' removed at #/components/schemas/User.role
Location: #/components/schemas/User.role

Action: Stop sending the removed enum value. Update any switch/case or if/else blocks that handle it.

Step 8: Enum Value Removed

Change: Enum value 'pending' removed at #/components/schemas/User.status
Location: #/components/schemas/User.status

Action: Stop sending the removed enum value. Update any switch/case or if/else blocks that handle it.

Step 9: Type Changed

Change: Type changed from string to integer at #/components/schemas/User.id
Location: #/components/schemas/User.id

Action: Update serialization/deserialization logic for the new type. Check all type assertions, validators, and database column types.

Step 10: Required Field Added

Change: New required field 'tenant_id' added at #/components/schemas/CreateUser
Location: #/components/schemas/CreateUser.tenant_id

Action: If this is a request body field, include it in all requests. If this is a response field, update parsers to handle the new field.

Step 11: Enum Value Removed

Change: Enum value 'editor' removed at #/components/schemas/CreateUser.role
Location: #/components/schemas/CreateUser.role

Action: Stop sending the removed enum value. Update any switch/case or if/else blocks that handle it.

After completing all steps, run your integration tests to verify.

✅ New additions (4)
  • /v2/users — New endpoint added: /v2/users
  • /users:GET — Operation marked as deprecated: /users:GET
  • #/components/schemas/User.role — Default value changed for 'role' from viewer to admin at #/components/schemas/User
  • #/components/schemas/CreateUser.role — Default value changed for 'role' from viewer to admin at #/components/schemas/CreateUser

Fix locally: npx delimit-cli lint

Governance Gates

Gate Status Chain
API Lint ❌ Fail lint → semver → gov_evaluate
Policy Compliance ❌ 5 violation(s) policy → evidence_collect
Security Audit ✅ Pass security_audit → evidence_collect
Deploy Readiness ⛔ Blocked deploy_plan → security_audit

🛡️ Enforcement chain: lint → semver → security_audit → gov_evaluate → evidence_collect → ledger
Deploy blocked until all gates pass. (advisory mode — CI will not fail)

Learn more about this break and how to fix it

🔏 Signed attestation

This governance verdict is signed via Sigstore keyless and recorded in the public Rekor transparency log. Anyone can verify it without trusting the action runner.

Powered by Delimit · Docs · Install

@claude
docs: add API description to v2 spec
18372ea 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Mar 22, 2026
Merged
Open
@infracore infracore mentioned this pull request Apr 3, 2026
Closed
@infracore
ci: grant id-token: write so the showcase produces a Sigstore-signed …
9580d23 
…attestation

The public showcase PR's bot comment was rendered by a v1.10.0-era run
without the new attestation flow. Granting id-token: write lets the
@v1 action (now v1.11.3) post the full Signed-attestation footer with
permalink + Rekor entry + workflow binding. The next CI run on this
branch updates the bot comment in place — no ghost commit needed beyond
this one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@infracore