Add API Reference to docs navigation (#127)

* Add API Reference section to docs navigation

Add OpenAPI-based API Reference anchor to docs.json alongside the existing SDK Reference, pointing to openapi-public.yml spec.

* Add OpenAPI generation and validation scripts

- scripts/envd.py: Merges proto-generated and hand-written specs into a single openapi-public.yml
- scripts/validate_api_reference.py: Validates the spec against the live API across 12 phases

* Rename envd.py to generate_openapi_reference.py

* Refactor generate script to fetch specs from e2b-dev/infra

The script now clones e2b-dev/infra at specified commits inside Docker
instead of reading from local paths. Supports separate --envd-commit and
--api-commit flags (defaults to main). Regenerated openapi-public.yml
from latest main.

* Require sandbox access token auth on all envd endpoints

Sandbox endpoints always require Authorization: Bearer <token> using the
envdAccessToken from sandbox creation. Update generate script to set
required auth, update validate script to always pass token and create
sandboxes with secure: true.

* Fix auth schemes: restore AccessTokenAuth (Bearer), add E2B_ACCESS_TOKEN support

- Keep AccessTokenAuth (type: http, scheme: bearer) for platform endpoints
- Remove /files from AUTH_EXEMPT_ENDPOINTS (only /health is exempt)
- Add E2B_ACCESS_TOKEN env var to validate script for Bearer auth testing
- Pass sandbox access token to /files endpoints in validate script
- Fix sandboxID server variable default to $SANDBOX_ID

* Add E2B_ACCESS_TOKEN support and improve team ID discovery

- Add bearer_hdr() helper for AccessTokenAuth endpoints
- Read E2B_ACCESS_TOKEN env var for GET /teams and legacy template endpoints
- Discover team ID via GET /teams when Bearer token is available

* Fix spec validation findings: 20 critical → 0

Generate script (fix_spec_issues):
- Add 'uploaded' to TemplateBuildStatus enum
- Make 'volumeMounts' optional in SandboxDetail/ListedSandbox
- Remove strict LogLevel enum (server sends non-enum values)
- Add mem_used_mib/mem_total_mib to Metrics schema

Validate script:
- Fix /health expected status to 204
- Fix /init expected status to 401 (re-init rejected)
- Remove /v2/sandboxes/{id}/logs test (endpoint doesn't exist)

* Strip content blocks from 204 responses

204 means No Content — don't add application/json schema to these responses.

* Prefix auth description links with /docs

* Add success-path tests for all template write endpoints

- POST /v3/templates (202): create template, validate schema, clean up
- POST /v2/templates (202): create template, validate schema, clean up
- PATCH /v2/templates/{templateID} (200): update public field, validate schema
- PATCH /templates/{templateID} (200): deprecated endpoint success test
- POST /v2/.../builds/{buildID} (202): start build on created template
- POST /templates/tags (201): assign tag using existing name:tag target
- DELETE /templates/tags (204): remove test tag
- DELETE /templates/{templateID}: real cleanup of test templates
- GET /templates/{templateID}/tags: discover existing tags in phase 2
- Drop minor findings from report and exit code (CI-oriented)

* Fix 8 spec issues found during SDK testing

1. Streaming RPCs: content-type → application/connect+json, add
   Connect-Protocol-Version and Connect-Timeout-Ms headers
2. EndEvent.exitCode: marked deprecated, document status string parsing
3. envdAccessToken: clarify only returned with secure: true, mark nullable
4. LogLevel: fix description ("State of the sandbox" → log severity)
5. Sandbox.domain: mark deprecated (always null)
6. GET /templates/{id}/files/{hash}: change 201 → 200 response

Issues 4 (pagination response) and 5 (DELETE with body) are upstream
API design decisions that cannot be fixed in the spec alone.

* Fix 12 spec inconsistencies from SDK testing report

Generation script fixes (fix_spec_issues):
- Generate operationId for all 52 platform endpoints
- Remove phantom /v2/sandboxes/{sandboxID}/logs deprecation reference
- Complete truncated 'start'/'end' parameter descriptions on metrics
- Fix sandboxId → sandboxID casing in 502 error schema
- Add security: [] and 'health' tag to GET /health
- Remove YAML anchor overlay on /files responses (DownloadSuccess/UploadSuccess)
- Add type: object to 53 schemas missing it
- Move 'end' param description out of schema to sibling level

Also fix fill_empty_responses to skip $ref responses.

Upstream issues not fixable in spec:
- allow_internet_access snake_case (server field name)
- Duplicate EntryInfo schemas (different APIs)
- Inconsistent error response coverage (API behavior)
- Auth inconsistency across template versions (intentional v1→v2/v3)

* Fix schema and consistency issues from second SDK testing round

Schema fixes:
- EntryInfo.type: add 'directory' to enum (was file-only)
- SandboxMetadata, EnvVars: add type: object (had only additionalProperties)
- TemplateLegacy: add missing 'names' and 'buildStatus' fields
- connect-protocol-version: remove redundant enum (const suffices)
- filesystem.EntryInfo.size: document int/string union type (int64)

Response fixes:
- PATCH /templates/{templateID}: return TemplateUpdateResponse (was empty)
- POST /sandboxes/{sandboxID}/refreshes: add missing 500 response
- GET /health 502: content-type → application/json (was connect+json)

Also fix fill_empty_responses to skip $ref responses.

* Fix duplicate and misspelled operationIds

- Rewrite operationId generator with proper singularization
  (sandboxes→sandbox, not sandboxe)
- Use 'list' prefix for collection GETs (listSandboxes, listTemplates)
- Include version suffix for v2/v3 variants (postTemplatesV3)
- Singularize parent resource when followed by path param
  (GET /sandboxes/{id}/logs → getSandboxLogs)
- Dedup check ensures all 52 platform operationIds are unique

* Exclude snapshots/volumes endpoints, merge auth tests into Teams phase

* Rename and reorder API reference tags for documentation sidebar

* Reorder paths by tag to match desired Mintlify sidebar order

* Tag untagged endpoints (/metrics, /envs) as Others so they appear in the correct section

* Add meaningful examples to error responses (400/401/403/404/409/500)

* Inline /files response definitions so Mintlify renders them correctly

* Move error example to Error schema so it applies to all references

* Add per-status error examples so each error response shows correct code and message

* Lowercase 'reference' in SDK reference and API reference anchors

* Add short summaries to all platform endpoints for readable Mintlify sidebar names

* Set format: int64 on Metrics memory/disk fields to prevent overflow

* Replace nullable: true with OpenAPI 3.1.0 type arrays on 14 properties

* Fix validation script: correct expected statuses, remove internal endpoints, add status mismatch catch-all

- Change DELETE /templates/{templateID} cleanup expected status from 200 to 204
- Remove POST /init test (internal endpoint, not in public spec)
- Remove unauthenticated 401 tests to avoid load balancer rate limiting
- Use account-owned template alias instead of hardcoded 'base' for alias test
- Send no-op Update to process instead of PTY resize (avoids 500 on non-PTY process)
- Add post-processing catch-all that flags any tested endpoint with unexpected status code

* Hide deprecated badges in sidebar to prevent endpoint name truncation

* Add API reference validation workflow (manual trigger only for now)

* Fix validation script: remove Bearer-only tests, move alias test to phase 3, update workflow

- Remove 3 endpoints that tested API key against Bearer-only endpoints (just confirmed 401)
- Move GET /templates/aliases/{alias} test to phase 3, use the test template we create there
- Update workflow to generate spec, diff, run validation, and create PR with status indicator

* Remove openapi-validation-report.md from repo

* Hide scrollbar on sidebar API endpoint rows with deprecated badges

* edit workflow

* test true

* works, back to false

* Make workflow run on schedule (disabled for now)

* Add snapshots endpoints and update auto-resume config in API reference

- Add POST /sandboxes/{sandboxID}/snapshots and GET /snapshots endpoints
- Add SnapshotInfo schema and FILE_TYPE_SYMLINK enum value
- Replace SandboxAutoResumePolicy enum with SandboxAutoResumeEnabled boolean
- Stop filtering out snapshot paths in generate script

* Map snapshots tag to Sandboxes section in generate script

* Remove validation script and simplify workflow to generate-and-PR only

* Remove example fields from generate script and regenerate spec

* Update docs.json

* Reorder API reference sidebar: move Tags under Templates, rename Others to Envd, move /files to Filesystem, move Teams to end

---------

Co-authored-by: Jakub Novák <kubus.novak@gmail.com>

Author: beran-t

.github/workflows/api-reference-validation.yml

@@ -0,0 +1,86 @@
+name: API Reference Validation
+
+on:
+  # schedule:
+  #   # Every Thursday at 8 PM UTC
+  #   - cron: '0 20 * * 4'
+  workflow_dispatch:
+
+concurrency:
+  group: api-reference-validation
+  cancel-in-progress: false
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: pip install pyyaml
+
+      # Step 1: Generate spec from source
+      - name: Generate OpenAPI spec
+        run: python3 scripts/generate_openapi_reference.py --output openapi-generated.yml
+
+      # Step 2: Compare with committed spec
+      - name: Compare specs
+        id: diff
+        run: |
+          if diff -q openapi-public.yml openapi-generated.yml > /dev/null 2>&1; then
+            echo "Spec is up to date — nothing to do"
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "Spec has drifted from source"
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      # Step 3: Create PR if spec has drifted
+      - name: Create PR
+        if: steps.diff.outputs.changed == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cp openapi-generated.yml openapi-public.yml
+
+          BRANCH="api-spec-update-$(date +%Y-%m-%d)"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git checkout -b "$BRANCH"
+          git add openapi-public.yml
+          git commit -m "docs: update openapi-public.yml from source specs $(date +%Y-%m-%d)"
+          git push -u origin "$BRANCH"
+
+          gh pr create \
+            --title "Update API spec $(date +%Y-%m-%d)" \
+            --body "$(cat <<EOF
+          ## OpenAPI Spec Update
+
+          The generated \`openapi-public.yml\` has drifted from the source specs.
+          This PR updates it to match the latest upstream definitions.
+          EOF
+          )" \
+            --base main
+
+      - name: Summary
+        if: always()
+        env:
+          CHANGED: ${{ steps.diff.outputs.changed }}
+        run: |
+          echo "## API Reference Spec Check" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Result | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Spec changed | ${CHANGED:-false} |" >> $GITHUB_STEP_SUMMARY

docs.json

@@ -3620,6 +3620,14 @@
             ]
           }
         ]
+      },
+      {
+        "anchor": "API reference",
+        "icon": "code",
+        "openapi": {
+          "source": "openapi-public.yml",
+          "directory": "docs/api-reference"
+        }
       }
     ],
     "global": {}