feat: add sandbox audit API endpoint #1122
Conversation
- Add GET /sandbox/audit endpoint for partners to trigger audits on sandbox sites - Support single audit type or trigger all enabled audits - Validate that only sandbox sites can use this endpoint - Add comprehensive test coverage (17 test cases) - Include complete OpenAPI documentation with examples - Update route handlers and main application integration Resolves need for partners to trigger audits without Slack access
- Fixed sandbox validation in sandbox-audit controller - Changed from site.isSandbox (undefined) to site.getIsSandbox() (boolean) - Updated test mocks to use getIsSandbox() method instead of isSandbox property - Removed debug logging after issue was resolved - All sandbox audit tests now passing (1190 passing)
|
This PR will trigger a minor release when merged. |
src/controllers/sandbox-audit.js
Outdated
| import { badRequest, notFound, ok } from '@adobe/spacecat-shared-http-utils'; | ||
| import { sendAuditMessage } from '../support/utils.js'; | ||
|
|
||
| const ALL_AUDITS = [ |
There was a problem hiding this comment.
Can we take this from site config?
There was a problem hiding this comment.
As discussed, will create a follow up task will add configuration object for sandbox audits.
have to add the audit-types array to spacecat-shared-data-access configuration.
src/controllers/sandbox-audit.js
Outdated
| const triggerAuditForSiteAPI = async (site, auditType, context) => sendAuditMessage( | ||
| context.sqs, | ||
| context.env.AUDIT_JOBS_QUEUE_URL, | ||
| auditType, |
- Remove scoped_api_key authentication option - Keep only ims_key for better security and user identification - Aligns with other administrative endpoint patterns
…cat-api-service into SITES-sandbox-audit-api
…essed, update docs & tests
…ing logic * Added normalizeAuditTypes and enforceRateLimit helpers * Consolidated triggerAllEnabledAudits & triggerSpecificAudits into triggerAudits * Updated controller to use helpers and env-configurable SANDBOX_AUDIT_RATE_LIMIT_HOURS * Extended tests and docs; maintains 100% coverage
…udit-service.js – removed redundant eslint suppression • src/controllers/sandbox-audit.js – add c8 ignore for minutes/hours branch • tests – added over/under-hour cases + helper test → 100 % branch & line coverage • docs/openapi/sandbox-audit-api.yaml + docs/index.html – document auditsSkipped, nextAllowedIn, skippedDetail • .vscode/launch.json – optional VS Code debug profile
docs/openapi/sandbox-audit-api.yaml
Outdated
| **Restrictions:** | ||
| - Only works with sandbox sites (sites with `isSandbox: true`) | ||
| - Audits are rate-limited (default **4 hours** between runs for the same site/audit type). If the | ||
| limit is hit the endpoint responds with HTTP 400 and an explanatory message. |
docs/openapi/sandbox-audit-api.yaml
Outdated
| @@ -0,0 +1,176 @@ | |||
| sandbox-audit: | |||
| get: | |||
There was a problem hiding this comment.
Why using GET for something that modifies state?
There was a problem hiding this comment.
Backend already prevents re-runs in x h, so it felt idempotent, but you’re right it does create state. I’ll update it to POST.
Updated
README.md
Outdated
| entirely. | ||
|
|
||
| ```plaintext | ||
| SANDBOX_AUDIT_RATE_LIMIT_HOURS=24 |
There was a problem hiding this comment.
ack, I’ll recheck and will make it consistent.
done
| @@ -102,6 +102,16 @@ SLACK_TOKEN_WORKSPACE_EXTERNAL_ELEVATED=Slack token for the external workspace, | |||
| SLACK_OPS_CHANNEL_WORKSPACE_EXTERNAL=channel ID to use for operations messages in the external workspace | |||
| ``` | |||
|
|
|||
| Sandbox audit rate-limit (optional): | |||
|
|
|||
| Minimum hours that must elapse before the same audit can run again for the same site. | |||
There was a problem hiding this comment.
Should the rate limit be like x audit triggers per y hours?
There was a problem hiding this comment.
Yes, we can enhance it this way. I will add in configuration site level for sandbox for audit types and in that audit i will set rate limit time as well.
Will modify.
| The audit type(s) to trigger. Accepts: | ||
| • a single value (e.g. `meta-tags`) | ||
| • a comma-separated list (e.g. `meta-tags,alt-text`) | ||
| If omitted, all enabled audits are triggered. |
There was a problem hiding this comment.
enabled and supported for sandboxes, you mean, right?
There was a problem hiding this comment.
Yes, enabled and supported.
docs/openapi/sandbox-audit-api.yaml
Outdated
| - `meta-tags`: Validate meta tags and SEO elements | ||
| - `alt-text`: Check for missing alt text in images | ||
| parameters: | ||
| - name: baseURL |
There was a problem hiding this comment.
Whh baseurl and not siteId?
As part of API route instead of query param?
There was a problem hiding this comment.
siteId is an internal primary key, exposing it is unnecessary for partners. but many apis do add site id as path variable i will also update.
Done.
| ```plaintext | ||
| SANDBOX_AUDIT_RATE_LIMIT_HOURS=24 | ||
| ``` | ||
|
|
There was a problem hiding this comment.
How will UI know if triggered audit failed or succeeded?
There was a problem hiding this comment.
since triggering audit is async, we can't provide audit details in this api.
rather ui can call get latest audits and see the status.
https://opensource.adobe.com/spacecat-api-service/#tag/import/operation/getImportJobStatus
Or i can provide job id with specific audit.
| partners who need to trigger audits programmatically on sandbox environments only. | ||
|
|
||
| **Behavior:** | ||
| - If `auditType` is specified: triggers that specific audit type |
There was a problem hiding this comment.
What happens if the audit is disabled?
There was a problem hiding this comment.
Will give proper 400, detailed error with all the audits which are enabled.
…ve rate-limit handling • Route now uses siteId path parameter (avoids baseURL query) • Response when rate limit hit is 429 (Too Many Requests) • Default limit clarified as 4 h via SANDBOX_AUDIT_RATE_LIMIT_HOURS env var • Updated OpenAPI docs and README • Removed unused import warning
- Updated all test cases to use siteId path parameter instead of baseURL query parameter - Fixed mock Site objects to include getBaseURL() method - Updated rate limit test expectations to use 429 status code - Fixed linter errors (trailing spaces) - Updated route tests to include new dynamic route - All sandbox audit tests now pass
- Resolved conflicts in routes configuration - Added LLMO customer-intent routes alongside sandbox audit route - Updated test expectations to include both features - Used main branch version of generated docs/index.html
Kanishkavijay39
force-pushed
the
SITES-sandbox-audit-api
branch
from
c3ddf88 to
7fe70e4
Compare
Kanishkavijay39
force-pushed
the
SITES-sandbox-audit-api
branch
from
9b43ae4 to
e7687aa
Compare
Kanishkavijay39
force-pushed
the
SITES-sandbox-audit-api
branch
from
e7687aa to
5886a7d
Compare
Overview
This PR introduces a new REST API endpoint that allows partners to trigger audits on sandbox sites without requiring Slack SpaceCat access. The endpoint provides a simple, programmatic way to initiate audits for sandbox environments.
Wiki: https://wiki.corp.adobe.com/display/AEMSites/AEM+Sites+Optimizer+-+Sandbox+Backend+APIs
Changes
New API Endpoint
Route: GET /sandbox/audit
Purpose: Trigger audits on sandbox sites programmatically
Key Features
✅ Single audit trigger: GET /sandbox/audit?baseURL=https://sandbox.example.com&auditType=meta-tags,alt-text
✅ Multiple audit trigger: GET /sandbox/audit?baseURL=https://sandbox.example.com (triggers all enabled audits)
✅ Sandbox validation: Only works with sites marked as isSandbox: true
✅ Comprehensive error handling: Validates URLs, audit types, site existence, and sandbox status
✅ Added rate limiting : fetch last audit run and did time diff by default kept it 4 hrs have created env. variable as well so we can update it if needed.
Supported Audit Types
meta-tags - Validate meta tags and SEO elements
alt-text - Check for missing alt text in images
Testing done on local
