📌 Description
src/config/deprecations.ts defines a machine-readable routeDeprecations array but there is no admin endpoint that exposes it at runtime. Operators performing a deployment must read source code to find which routes are deprecated and when they sunset. A GET /api/admin/deprecations route (protected by adminAuth) should return the routeDeprecations array wrapped in the standard success envelope, enabling automated tooling to alert when a sunset date is approaching.
💡 Why it matters: An operator-accessible deprecation registry enables SRE dashboards to fire alerts N days before sunset, preventing surprise production breakage.
🧩 Requirements and context
- Add route
GET /api/admin/deprecations to src/routes/admin.ts behind adminAuthMiddleware
- Return
successResponse(res, routeDeprecations) with computed daysUntilSunset per entry
- Document in
src/openapi/spec.ts with a typed response schema including route, sunsetDate, link, daysUntilSunset
- Add tests in
tests/routes/admin.deprecations.test.ts
- Assert unauthenticated requests receive
401
Non-functional requirements
- Must be secure, tested, and documented.
- Should be efficient and easy to review.
🛠️ Suggested execution
1. Fork the repo and create a branch
git checkout -b feat/admin-deprecations-endpoint
2. Implement changes
- Write/modify the relevant source:
src/routes/admin.ts, src/config/deprecations.ts
- Write comprehensive tests:
tests/routes/admin.deprecations.test.ts
- Add documentation: OpenAPI schema for the deprecations list response
- Include TSDoc on the new route handler
- Validate security assumptions: response must not expose internal file paths or source locations
3. Test and commit
npm test -- --testPathPattern=admin.deprecations
- Cover edge cases: empty deprecations list returns empty array, past-sunset entry has
daysUntilSunset < 0
- Include test output and security notes in the PR description.
Example commit message
feat(admin): add GET /api/admin/deprecations listing registered deprecated routes with sunset dates
✅ Acceptance criteria
🔒 Security notes
The response must not include internal file paths, source map references, or middleware stack details. Only the route path and sunset date should be exposed.
📋 Guidelines
- Minimum 95% test coverage
- Clear documentation
- Timeframe: 96 hours
📌 Description
src/config/deprecations.tsdefines a machine-readablerouteDeprecationsarray but there is no admin endpoint that exposes it at runtime. Operators performing a deployment must read source code to find which routes are deprecated and when they sunset. AGET /api/admin/deprecationsroute (protected byadminAuth) should return therouteDeprecationsarray wrapped in the standard success envelope, enabling automated tooling to alert when a sunset date is approaching.🧩 Requirements and context
GET /api/admin/deprecationstosrc/routes/admin.tsbehindadminAuthMiddlewaresuccessResponse(res, routeDeprecations)with computeddaysUntilSunsetper entrysrc/openapi/spec.tswith a typed response schema includingroute,sunsetDate,link,daysUntilSunsettests/routes/admin.deprecations.test.ts401Non-functional requirements
🛠️ Suggested execution
1. Fork the repo and create a branch
2. Implement changes
src/routes/admin.ts,src/config/deprecations.tstests/routes/admin.deprecations.test.ts3. Test and commit
npm test -- --testPathPattern=admin.deprecationsdaysUntilSunset < 0Example commit message
✅ Acceptance criteria
GET /api/admin/deprecationsreturns200with deprecations list includingdaysUntilSunset401daysUntilSunsetsrc/openapi/spec.ts🔒 Security notes
The response must not include internal file paths, source map references, or middleware stack details. Only the route path and sunset date should be exposed.
📋 Guidelines