feat: well-production resource + tests; scrub committed API key (#32)#34
feat: well-production resource + tests; scrub committed API key (#32)#34karlwaldman wants to merge 2 commits into
Conversation
Adds a typed client.wellProduction resource covering all seven
/v1/well-production* endpoints: summary, states, states/:code,
wells/:api_number, top-producers, cycle-time, cycle-time/cohorts.
Response types match live-captured envelopes.
Also fixes ei.wellPermits.latest() to return the live collection
envelope { well_permits, meta } instead of a single record (per #32
acceptance criteria), with new LatestWellPermit types.
Tests: 18 new unit tests (endpoint paths, params, envelope unwrapping
from live fixtures, negative paths for 400/402/403/404 and empty
successful responses). README documents the beta well-level coverage
caveat.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Replaces hardcoded API key literals in example.ts, example-walk.ts, example-commodities.ts, and qa_test.js with OILPRICEAPI_KEY env-var usage. Examples now exit with a clear message when the env var is unset, and qa_test.js skips cleanly. The previously committed key must be rotated server-side. Adds .github/dependabot.yml (weekly npm + github-actions updates, grouped dev-dependency minor/patch bumps). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Warning Review limit reached
Next review available in: 53 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (13)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Closes #32.
What
1. New
client.wellProductionresource (src/resources/well-production.ts)Typed coverage for all seven
/v1/well-production*endpoints:summary()GET /v1/well-productionstates({ period? })GET /v1/well-production/statesstateDetail(code, { start_date?, end_date? })GET /v1/well-production/states/:state_codewellDetail(apiNumber)GET /v1/well-production/wells/:api_numbertopProducers({ state_code?, limit?, months? })GET /v1/well-production/top-producerscycleTime(filters?)GET /v1/well-production/cycle-timecycleTimeCohorts(filters?)GET /v1/well-production/cycle-time/cohortsResponse types were written against live-captured envelopes (2026-07-13), not guessed.
wellDetail()normalizes separator formats (42-477-31122-00-00) and validates 14 digits client-side, matching the server rule.2.
ei.wellPermits.latest()envelope fix (per #32 acceptance criteria)The live API returns
{ well_permits: [...], meta: {...} }, not a single record.latest()now returns a typedWellPermitLatestResponse(with newLatestWellPermitnested-record type). The oldWellPermitRecordreturn type never matched runtime behavior.3. README
New "Well Production" section with the beta coverage caveat: well-level data covers only regulator-collected states (AK/ND/NM/PA/TX today) — no complete-US well-level claim; EIA state aggregates are the comprehensive layer.
4. Security: committed credentials removed
example.ts,example-walk.ts(4x),example-commodities.ts, andqa_test.jscontained a hardcoded API key. All literals are replaced withOILPRICEAPI_KEYenv-var usage; examples exit with a clear message when unset andqa_test.jsskips cleanly. The exposed key must be rotated server-side — it remains in git history.5. Hygiene
.github/dependabot.yml(weekly npm + github-actions, grouped dev-dep minor/patch).Test evidence
New suite
tests/resources/well-production.test.ts(18 tests): endpoint paths/params for all 7 routes, envelope unwrapping from live fixtures, and negative paths — 403ENTERPRISE_REQUIRED(the actual live entitlement gate), 402, 404DATA_NOT_AVAILABLE(unsupported state + unknown well), 400INVALID_PARAMETER, client-sideValidationErrors, and empty successful responses. All tests are mock-based and pass without an API key.Live smoke (built
dist/, production API):Known backend issue (not SDK-fixable)
GET /v1/well-production/top-producersreturns HTTP 500 on production (probed 2026-07-13). The SDK maps the controller's documented shape; needs a backend fix in oilpriceapi-api.🤖 Generated with Claude Code