fix(core): fix Ajv error discriminator

[harshit078]

What/Why/How?

• This PR addresses issue Respect doesn't resolve complex constraint pattern #2639
• added a utility function remove-discriminators-from-schema which just strips discriminator keywords from schemas
• added this logic before AJV validation

Reference

Testing

Screenshots (optional)

Check yourself

• This PR follows the contributing guide
• All new/updated code is covered by tests
• Core code changed? - Tested with other Redocly products (internal contributions only)
• New package installed? - Tested in different environments (browser/node)
• Documentation update has been considered

Security

• The security impact of the change has been considered
• Code follows company security practices and guidelines

---

Note

Medium Risk
Touches response schema validation by preprocessing schemas before Ajv, which could change validation outcomes for discriminator-based schemas if the discriminator keyword was previously relied on during validation. Risk is mitigated by added tests covering the reported allOf+not discriminator pattern and existing validation paths.

Overview
Fixes a crash in checkSchema when Ajv is configured with discriminator: true but the OpenAPI discriminator property uses valid constraint compositions like allOf + not.

This preprocesses the dereferenced response schema by removing discriminator keywords (via new removeDiscriminatorsFromSchema) before running Ajv, and adds regression tests for the discriminator/constraint pattern plus the new utility.

^{Reviewed by Cursor Bugbot for commit d7ca08e. Bugbot is set up for automated code reviews on this repo. Configure here.}

[changeset-bot]

🦋 Changeset detected

Latest commit: d7ca08e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@redocly/respect-core	Patch
@redocly/cli	Patch
@redocly/openapi-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[DmitryAnansky]

@harshit078
Could you please elaborate on why you believe removing discriminators is a good fix for this issue?
Have you considered any alternative approaches?

[DmitryAnansky]

Please use patch for fixes.

[harshit078]

sure

[harshit078]

@DmitryAnansky sure,
my intent/logic behind creating a function which removes discriminators is because when I researched about OpenAPI discriminator schema I found out that it serves mainly one purpose which is its optimises routing and act as routing shortcut.
The alternatives I considered before submitting PR were -

• Selective stripping: this was more complex than intented and had to have many edge cases
• making discriminator as false : it would have affected globally rather than per schema
• brute force with simple Catch error and retry: same as first point

This is my POV of issue. If you think approach can be better, I am ready to implement it. Thanks :)

[cursor]

Strips any key named "discriminator" not just OpenAPI keyword

Medium Severity

stripDiscriminators removes every key named discriminator from every nested object, not just the OpenAPI discriminator keyword from Schema Objects. When a schema has a data property literally named discriminator inside properties (or $defs, definitions, patternProperties, etc.), the function deletes that property definition, silently corrupting the schema used for validation. The check needs to distinguish the OpenAPI discriminator keyword (which is a sibling of oneOf/anyOf and contains propertyName) from regular map entries.

 

^{Reviewed by Cursor Bugbot for commit c690a69. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit d7ca08e. Configure here.}

[cursor]

Function mutates input, failing its own non-mutation test

High Severity

removeDiscriminatorsFromSchema mutates its input in-place via delete node.discriminator in stripDiscriminators, but the test "should not mutate the original schema" asserts that the original object retains its discriminator property after the call. This test will fail. The function needs to deep-clone the schema before stripping, or the test expectation is wrong. In the current call site the mutation is masked because removeWriteOnlyProperties already deep-clones, but the function's contract is broken.

Additional Locations (1)

• packages/respect-core/src/utils/__tests__/remove-discriminators-from-schema.test.ts#L63-L71

 

^{Reviewed by Cursor Bugbot for commit d7ca08e. Configure here.}

[AlbinaBlazhko17]

Thanks @harshit078 for the contribution. You don't need to remove discriminator manually, you can just drop this setting from the Ajv and it will not cause the error. The issue looks more deeply. Could you please investigate the root cause?

[harshit078]

sure, I'll look into it