Skip to content

fix(open-api): serialize zod request schemas accurately#9315

Merged
ping-maxwell merged 3 commits into
better-auth:mainfrom
GautamBytes:fix/openapi-zod-intersection
Jun 12, 2026
Merged

fix(open-api): serialize zod request schemas accurately#9315
ping-maxwell merged 3 commits into
better-auth:mainfrom
GautamBytes:fix/openapi-zod-intersection

Conversation

@GautamBytes

@GautamBytes GautamBytes commented Apr 22, 2026
edited by gustavovalverde
Loading

Copy link
Copy Markdown
Contributor

Summary

OpenAPI generation drifted from the Zod schemas used by auth endpoints once request bodies or query params were wrapped, intersected, or record-shaped.

This fixes the serializer boundary instead of patching individual endpoints:

  • request body requiredness now follows whether the schema accepts undefined
  • optional and nullable schemas are emitted as distinct OpenAPI concepts
  • object and record intersections preserve key and value constraints when safely flattened
  • wrapped string constraints carry through to query params and record keys

Closes #9298.

Copilot AI review requested due to automatic review settings April 22, 2026 15:52
@GautamBytes GautamBytes requested a review from a team as a code owner April 22, 2026 15:52
@GautamBytes GautamBytes requested review from gustavovalverde and removed request for a team April 22, 2026 15:52
@vercel

vercel Bot commented Apr 22, 2026

Copy link
Copy Markdown

@GautamBytes is attempting to deploy a commit to the better-auth Team on Vercel.

A member of the Team first needs to authorize it.

@better-release better-release Bot added the devtools CLI, OpenAPI, telemetry, i18n, test-utils label Apr 22, 2026
@pkg-pr-new

pkg-pr-new Bot commented Apr 22, 2026
edited
Loading

Copy link
Copy Markdown

Open in StackBlitz

@better-auth/api-key

npm i https://pkg.pr.new/@better-auth/api-key@9315

better-auth

npm i https://pkg.pr.new/better-auth@9315

auth

npm i https://pkg.pr.new/auth@9315

@better-auth/core

npm i https://pkg.pr.new/@better-auth/core@9315

@better-auth/drizzle-adapter

npm i https://pkg.pr.new/@better-auth/drizzle-adapter@9315

@better-auth/electron

npm i https://pkg.pr.new/@better-auth/electron@9315

@better-auth/expo

npm i https://pkg.pr.new/@better-auth/expo@9315

@better-auth/i18n

npm i https://pkg.pr.new/@better-auth/i18n@9315

@better-auth/kysely-adapter

npm i https://pkg.pr.new/@better-auth/kysely-adapter@9315

@better-auth/memory-adapter

npm i https://pkg.pr.new/@better-auth/memory-adapter@9315

@better-auth/mongo-adapter

npm i https://pkg.pr.new/@better-auth/mongo-adapter@9315

@better-auth/oauth-provider

npm i https://pkg.pr.new/@better-auth/oauth-provider@9315

@better-auth/passkey

npm i https://pkg.pr.new/@better-auth/passkey@9315

@better-auth/prisma-adapter

npm i https://pkg.pr.new/@better-auth/prisma-adapter@9315

@better-auth/redis-storage

npm i https://pkg.pr.new/@better-auth/redis-storage@9315

@better-auth/scim

npm i https://pkg.pr.new/@better-auth/scim@9315

@better-auth/sso

npm i https://pkg.pr.new/@better-auth/sso@9315

@better-auth/stripe

npm i https://pkg.pr.new/@better-auth/stripe@9315

@better-auth/telemetry

npm i https://pkg.pr.new/@better-auth/telemetry@9315

@better-auth/test-utils

npm i https://pkg.pr.new/@better-auth/test-utils@9315

commit: 987ccdc

@GautamBytes GautamBytes marked this pull request as draft April 22, 2026 15:54
Copilot AI reviewed Apr 22, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves OpenAPI requestBody generation so endpoints whose Zod body schemas use intersections (notably the emailOTP plugin) are correctly represented in the generated OpenAPI 3.1 spec.

Changes:

  • Refactors request body generation to serialize via processZodType rather than only handling plain ZodObject bodies.
  • Adds OpenAPI serialization support for ZodIntersection, ZodRecord, ZodAny, and ZodNullable, including safe intersection flattening with allOf fallback.
  • Extends OpenAPI test coverage for emailOTP request bodies and nullable-intersection merging, and updates snapshots accordingly.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
packages/better-auth/src/plugins/open-api/generator.ts Updates requestBody/schema serialization to support more Zod types and merge intersections when possible.
packages/better-auth/src/plugins/open-api/open-api.test.ts Adds regression tests for email-otp endpoints and nullable intersection request bodies.
packages/better-auth/src/plugins/open-api/snapshots/open-api.test.ts.snap Snapshot updates reflecting the new schema serialization output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
Comment thread packages/better-auth/src/plugins/open-api/open-api.test.ts
Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 22, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 3 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/better-auth/src/plugins/open-api/generator.ts">

<violation number="1" location="packages/better-auth/src/plugins/open-api/generator.ts:238">
P2: Root `ZodDefault` request bodies are incorrectly marked required and lose top-level default metadata in generated OpenAPI.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.

Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
@GautamBytes GautamBytes force-pushed the fix/openapi-zod-intersection branch from b1568d0 to a73f69d Compare April 22, 2026 16:11
@GautamBytes GautamBytes marked this pull request as ready for review April 22, 2026 16:22
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 22, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

ping-maxwell
ping-maxwell previously approved these changes Apr 22, 2026
View reviewed changes
@gustavovalverde gustavovalverde requested a review from Copilot April 23, 2026 10:28
Copilot AI reviewed Apr 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
@ping-maxwell ping-maxwell enabled auto-merge May 13, 2026 08:59
@coderabbitai coderabbitai Bot mentioned this pull request Jun 11, 2026
Merged
@gustavovalverde gustavovalverde force-pushed the fix/openapi-zod-intersection branch from 2decdec to 505dab4 Compare June 12, 2026 05:36
@gustavovalverde gustavovalverde requested a review from Copilot June 12, 2026 05:38
Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
Comment thread packages/better-auth/src/plugins/open-api/generator.ts Outdated
@gustavovalverde gustavovalverde changed the title fix(open-api): generate requestBody for intersected email OTP schemas fix(open-api): serialize zod request schemas accurately Jun 12, 2026
@ping-maxwell ping-maxwell added this pull request to the merge queue Jun 12, 2026
Merged via the queue into better-auth:main with commit 9ef7240 Jun 12, 2026
33 of 35 checks passed
@better-release better-release Bot mentioned this pull request Jun 12, 2026
Merged
@GautamBytes GautamBytes deleted the fix/openapi-zod-intersection branch June 12, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@gustavovalverde gustavovalverde gustavovalverde approved these changes

@ping-maxwell ping-maxwell ping-maxwell left review comments

Assignees

No one assigned

Labels

devtools CLI, OpenAPI, telemetry, i18n, test-utils

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

emailOTP plugin: missing requestBody in OpenAPI spec for all endpoints

4 participants

@GautamBytes @gustavovalverde @ping-maxwell