ci: add automated SDK definition sync workflow by devin-ai-integration[bot] · Pull Request #315 · blaxel-ai/sdk-typescript

devin-ai-integration · 2026-05-28T01:34:33Z

Summary

Adds a GitHub Action workflow that automates the manual make sdk step — downloading the latest OpenAPI specs from public endpoints and regenerating the SDK clients.

Triggers: daily at 08:00 UTC, manual workflow_dispatch, repository_dispatch
Sandbox spec: raw.githubusercontent.com/blaxel-ai/sandbox/.../openapi.yml (public)
Controlplane spec: api.blaxel.ai/v0/openapi/controlplane.yml (public)
No auth tokens needed for downloads; GITHUB_TOKEN only used by peter-evans/create-pull-request for PR creation
All actions pinned to immutable commit SHAs
Change detection uses git status --porcelain (catches both tracked and untracked files)

Tracks ENG-2667

Review & Testing Checklist for Human

After merging, trigger the workflow manually via Actions → "Update SDK definitions" → "Run workflow" to verify the full flow works end-to-end
Verify the generated PR matches what make sdk produces locally

Notes

Sister PR for Python SDK: ci: add automated SDK definition sync workflow sdk-python#151
The only CI failure (Integration Tests) is a preexisting sandbox infrastructure flake (WORKLOAD_UNAVAILABLE) — unrelated to this workflow-only change

Link to Devin session: https://app.devin.ai/sessions/36c5aabea5864aa4a5d5393aedf3d479
Requested by: @Joffref

Adds a GitHub Action that: - Runs daily at 08:00 UTC (also manual/repository_dispatch) - Downloads latest OpenAPI specs from sandbox and controlplane repos - Regenerates TypeScript SDK clients via @hey-api/openapi-ts - Creates a PR if definitions changed, no-op otherwise Tracks: ENG-2667 Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

devin-ai-integration · 2026-05-28T01:34:37Z

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

Address comments on this PR that start with 'DevinAI' or '@devin'.
Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

Disable automatic comment and CI monitoring

mendral-app

Supply Chain Security Review

⚠️ Review recommended — 4 findings in 1 file

_{Tag @mendral-app with feedback or questions. View session}

Limits GH_CONTROLPLANE_TOKEN exposure to only the curl steps that need cross-repo read access. GITHUB_TOKEN already has the contents:write and pull-requests:write permissions needed for PR creation on this repo. Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

mendral-app

Needs attention

The P1 security issue is fixed — GITHUB_TOKEN is now used for PR creation. The four action-pinning comments (P2) from the previous review remain unaddressed: actions/checkout@v4, oven-sh/setup-bun@v2, actions/setup-node@v4, and peter-evans/create-pull-request@v7 all still use mutable tags.

_{Tag @mendral-app with feedback or questions. View session}

Co-authored-by: mendral-app[bot] <233154221+mendral-app[bot]@users.noreply.github.com>

mendral-app

Supply Chain Security Review

✅ Approve — 3 findings in 1 file

All GitHub Actions are pinned to full commit SHAs. No dependency manifest changes. The npx @hey-api/openapi-ts@0.66.0 call is version-pinned and has no known advisories. Permissions are scoped appropriately for a PR-creation workflow.

_{Tag @mendral-app with feedback or questions. View session}

Joffref · 2026-05-28T01:40:35Z

DevinAI, clean things up

- Remove duplicate step name and property lines introduced by manual edits - Switch from git diff --quiet to git status --porcelain to also detect untracked files from cp -r Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

No separate PAT needed since repos are in the same GitHub org. GITHUB_TOKEN has sufficient read access to blaxel-ai/sandbox and blaxel-ai/controlplane. Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

mendral-app

Supply Chain Security Review

✅ Approve — 1 finding in 1 file

New GitHub Actions workflow with all actions pinned to immutable commit SHAs (verified). Permissions are appropriately scoped to contents: write and pull-requests: write. No dependency manifest changes.

_{Tag @mendral-app with feedback or questions. View session}

- Sandbox: raw.githubusercontent.com (public repo) - Controlplane: api.blaxel.ai/v0/openapi/controlplane.yml (public API) No auth tokens needed for either download. Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

mendral-app

Supply Chain Security Review

⚠️ Review recommended — 2 findings in 1 file

⚠️

Runtime npx execution — unpinned integrity for @hey-api/openapi-ts@0.66.0

The workflow runs npx @hey-api/openapi-ts@0.66.0 which downloads and executes the package at runtime without lockfile or integrity verification. While the version string is pinned, npm does not guarantee immutability of published tarballs in all edge cases. Consider installing via the project's lockfile or adding a checksum verification step.

Additionally, the curl commands fetch OpenAPI specs from external URLs (raw.githubusercontent.com and api.blaxel.ai) without integrity checks. A compromise of these endpoints could inject malicious type definitions into generated code. Since these are the org's own resources, risk is low but worth noting.

_{Tag @mendral-app with feedback or questions. View session}

mendral-app · 2026-05-28T01:49:40Z

+            "https://raw.githubusercontent.com/blaxel-ai/sandbox/refs/heads/main/sandbox-api/docs/openapi.yml"
+
+          rm -rf @blaxel/core/src/sandbox/client/types.gen.ts @blaxel/core/src/sandbox/client/sdk.gen.ts
+          npx @hey-api/openapi-ts@0.66.0 -i ./definition.yml -o ./tmp/ -c @hey-api/client-fetch


maintainability (P2): Running npx @hey-api/openapi-ts@0.66.0 downloads and executes the package at runtime without integrity verification. Consider adding this as a devDependency in the project lockfile and invoking it from there, or verifying the package checksum after download.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/update-sdk-definitions.yaml, line 42: <issue> Running `npx @hey-api/openapi-ts@0.66.0` downloads and executes the package at runtime without integrity verification. Consider adding this as a devDependency in the project lockfile and invoking it from there, or verifying the package checksum after download. </issue>

mendral-app · 2026-05-28T01:49:41Z

+        run: |
+          echo "Downloading sandbox definition from blaxel-ai/sandbox"
+          curl -sf -o ./definition.yml \
+            "https://raw.githubusercontent.com/blaxel-ai/sandbox/refs/heads/main/sandbox-api/docs/openapi.yml"


security (P3): OpenAPI spec is fetched over HTTPS without checksum verification. A compromised upstream could inject malicious type definitions into generated SDK code. Consider pinning to a specific commit SHA in the raw URL.

Suggested change

Suggested change

"https://raw.githubusercontent.com/blaxel-ai/sandbox/refs/heads/main/sandbox-api/docs/openapi.yml"

curl -sf -o ./definition.yml \

"https://raw.githubusercontent.com/blaxel-ai/sandbox/<COMMIT_SHA>/sandbox-api/docs/openapi.yml"

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/update-sdk-definitions.yaml, line 39: <issue> OpenAPI spec is fetched over HTTPS without checksum verification. A compromised upstream could inject malicious type definitions into generated SDK code. Consider pinning to a specific commit SHA in the raw URL. </issue>

mendral-app

LGTM

All previous issues are resolved. The P1 auth concern is cleanly fixed by using the public api.blaxel.ai/v0/openapi/controlplane.yml endpoint — no token needed. The workflow is structurally sound: actions are pinned to SHAs, GITHUB_TOKEN is properly scoped, and change detection uses git status --porcelain.

_{Tag @mendral-app with feedback or questions. View session}

cursor · 2026-05-28T01:53:20Z

+            "https://raw.githubusercontent.com/blaxel-ai/sandbox/refs/heads/main/sandbox-api/docs/openapi.yml"
+
+          rm -rf @blaxel/core/src/sandbox/client/types.gen.ts @blaxel/core/src/sandbox/client/sdk.gen.ts
+          npx @hey-api/openapi-ts@0.66.0 -i ./definition.yml -o ./tmp/ -c @hey-api/client-fetch


🔒 Agentic Security Review
Severity: MEDIUM
This workflow executes npx @hey-api/openapi-ts@0.66.0 directly in CI for scheduled runs while the job has contents: write and pull-requests: write. Even with a pinned top-level version, runtime package resolution is not lockfile-bound and introduces an external code-execution path in a privileged automation context.
Impact: A compromise in the package supply chain (or one of its resolved dependencies) could execute attacker-controlled code in this job and use repository-write privileges to push malicious generated changes or manipulate automated update PRs.

^{Reviewed by Cursor Security Reviewer for commit 0b9dd4f. Configure here.}

Joffref · 2026-05-28T01:54:43Z

DevinAI can you check cursor?

devin-ai-integration · 2026-05-28T01:55:40Z

@Joffref Checked the Cursor Security Agent review. It found one MEDIUM severity finding:

npx @hey-api/openapi-ts@0.66.0 runs without lockfile binding — the version is pinned but npm resolution isn't lockfile-bound, so a supply-chain compromise could execute malicious code in a job with contents: write permissions.

This mirrors Mendral's P2 finding. The risk is low since:

The version is pinned (@0.66.0)
This matches exactly what the existing make sdk Makefile target does
The workflow creates a PR (not direct push), so changes are reviewable

To fully mitigate, you could add @hey-api/openapi-ts@0.66.0 as a devDependency in package.json and use npx from the lockfile instead. But that would be a broader repo change beyond the scope of this automation PR.

devin-ai-integration Bot assigned Joffref May 28, 2026

devin-ai-integration Bot requested a review from Joffref May 28, 2026 01:34