// Use this skill when the user wants to migrate an existing Backstage backend plugin's hand-written Express router to the typed OpenAPI tooling. Optionally, can also add typed client generation and migrate router tests to the OpenAPI test wrapper.
| name | onboard-to-openapi-server |
| description | Use this skill when the user wants to migrate an existing Backstage backend plugin's hand-written Express router to the typed OpenAPI tooling. Optionally, can also add typed client generation and migrate router tests to the OpenAPI test wrapper. |
Onboard an existing Backstage backend plugin to the repo's OpenAPI tooling. The core flow reverse-engineers an openapi.yaml from the plugin's existing Express router, generates a server stub via backstage-repo-tools, switches the router over to createOpenApiRouter, and verifies with yarn tsc + the package's tests.
The OpenAPI spec is the source of truth. The router is the starting point: we read it once to derive the spec, then the spec drives generation forward.
Before writing anything, ask which of the optional steps the user wants. Default to off unless the user says yes.
| Step | Always or optional |
|---|---|
Inventory router → write openapi.yaml | Always |
Generate server stub (--server) | Always |
Switch router to createOpenApiRouter | Always |
Run yarn tsc and the plugin's existing tests | Always |
Generate a typed client (--client-package <pkg>) | Optional — ask |
Migrate router tests to wrapServer | Optional — ask |
| Write changesets | Optional — ask |
When the user picks the minimal flow, skip the corresponding sections below and don't mention them in the final summary.
yarn install has been run.src/service/router.ts or src/service/createRouter.ts) and a passing test for it.If any prerequisite is missing, stop and tell the user.
Ask the user for, or infer:
plugins/auth-backend. Required.info.title (e.g. auth, events). Default to the plugin's package.json backstage.pluginId.*-node or *-common package and confirm.git status.CI=1 yarn test <plugin-dir>/src/service
yarn tsc from the repo root.If either fails, stop. Do not start an onboarding on top of a red baseline — fixes will get tangled with the migration.
Read the router file(s) and produce a complete list of every route. For each route capture:
httpAuth.credentials, permissions.authorize, etc.) — these are not in the spec but must be preserved verbatim in the post-migration router.Read every helper the router pulls in (request validators, type guards, response builders) so the spec accurately reflects runtime behavior. Do not skip routes mounted via router.use(subRouter) — recurse into them.
Present this inventory to the user before writing any spec. Misreading the router here causes the spec to drift from reality, which then poisons every downstream step.
src/schema/openapi.yamlCreate <plugin-dir>/src/schema/openapi.yaml modeled on existing onboarded plugins:
plugins/events-backend/src/schema/openapi.yaml — small, modern reference.plugins/scaffolder-backend/src/schema/openapi.yaml — larger, with more parameter and schema reuse.plugins/catalog-backend/src/schema/openapi.yaml — largest, good for query-param-heavy endpoints.Conventions to follow:
openapi: 3.1.0.info.title is the plugin id; info.version: '1'.servers: [{ url: / }].Error/ErrorResponse under components.schemas and components.responses and reference it from every error status.components.parameters.operationId (PascalCase verb-noun, e.g. ListNotifications, PostEvent) — these become the generated client's method names. Match the convention used by the other onboarded Backstage plugins linked above.requestBody content type usually application/json; responses likewise.required: true.Validate the spec is well-formed:
yarn backstage-repo-tools repo schema openapi lint <plugin-dir>/src/schema/openapi.yaml
Iterate on lint output until clean.
generate scriptIn <plugin-dir>/package.json:
@backstage/backend-openapi-utils is in dependencies (required at runtime by the generated router.ts).generate script. The exact form depends on whether the user opted into client generation:
"generate": "backstage-repo-tools package schema openapi generate --server"
Run from the plugin directory:
yarn --cwd <plugin-dir> generate
This will:
<plugin-dir>/src/schema/openapi/generated/ and rewrite it.apis/Api.server.ts, models/*.model.ts, an index.ts, and router.ts (which exports spec and createOpenApiRouter).The generator also writes <plugin-dir>/src/schema/openapi/index.ts re-exporting ./generated. Leave this alone.
If generation fails, the most common causes are: invalid YAML (fix and rerun), unsupported OpenAPI version (@backstage/backend-openapi-utils only supports OpenAPI 3.1.x — keep openapi: 3.1.0 at the top of the spec).
createOpenApiRouterIn the existing router file:
const router = Router() (or express.Router()) with:
import { createOpenApiRouter } from '../schema/openapi';
// ...
const router = await createOpenApiRouter();
await up to where the router is constructed.wrapServer in tests); if a handler reads req.body.foo where the spec says it is req.body.event.foo, the spec is wrong, not the handler — go fix the spec and regenerate.format, minimum/maximum, minLength/pattern, etc. — should be deleted from the handler. Typical things to strip out: manual if (!req.body.x) throw new InputError(...) guards, typeof req.query.foo !== 'string' checks, hand-rolled enum membership tests, Number.parseInt/.toString() coercion on values the spec already types correctly. Keep validation the spec can't express — cross-field invariants, auth/permission checks, business-rule guards, lookups against the database.createRouter/router exactly so callers (the plugin's *Plugin.ts) need no change.plugins/events-backend/src/service/hub/createEventBusRouter.ts is the canonical example.
Run, in order, and fix any failures before moving to the next:
yarn tsc from the repo root. Common failures: handler argument types now narrower than the spec allows, missing await on createOpenApiRouter(). Fix in code, never by widening spec types to any.CI=1 yarn test <plugin-dir>/src/service. The existing tests should still pass against the new typed router without any test-side changes (test migration is a separate, optional step).yarn lint --fix <plugin-dir>.If a test fails because the spec is wrong, edit openapi.yaml and rerun yarn --cwd <plugin-dir> generate, then re-run the test. Never edit files under src/schema/openapi/generated/ — they are clobbered on every generate.
Only do this if the user explicitly asked for it.
Decide which package will host the client. There are three common shapes — ask the user which one fits:
*-node package, e.g. plugins/foo-node) — when only other backend plugins call this API.*-react package, or a frontend plugin package like plugins/foo) — when only browser code calls this API.*-common package, e.g. plugins/foo-common) — when both backend and frontend need it. The *-common package is the safest default when in doubt because it's reachable from either side.If the chosen package does not yet exist as a workspace package, scaffold it with yarn new first (backend-plugin-node for *-node, plugin-common for *-common, etc.). Confirm naming and template with the user before scaffolding.
Update the generate script in the plugin's package.json:
"generate": "backstage-repo-tools package schema openapi generate --server --client-package <client-pkg-dir>"
Re-run yarn --cwd <plugin-dir> generate. The client package's src/generated/ will be emptied and rewritten with apis/<Name>Api.client.ts, models/, and pluginId.ts.
Run yarn build:api-reports from the repo root, since the client package's public surface changed.
yarn tsc again from the repo root.
Lint the client package: yarn lint --fix <client-pkg-dir>.
plugins/events-node/src/generated/ is a reference for what a client output looks like.
wrapServerOnly do this if the user explicitly asked for it. The server-side runtime validation in createOpenApiRouter already covers the request path; wrapServer adds response-side validation in tests, which is useful but not required.
For each router test file (router.test.ts, createRouter.test.ts):
import { wrapServer } from '@backstage/backend-openapi-utils/testUtils';
supertest app is constructed:
const app = await wrapServer(express().use(router));
wrapServer is async, so the surrounding beforeEach/beforeAll must await.mockErrorHandler(), mount it on the inner express app before wrapping:
const app = await wrapServer(express().use(router).use(mockErrorHandler()));
Response did not match schema mean the spec or the handler disagree; fix whichever is wrong.CI=1 yarn test <plugin-dir>/src/service.plugins/scaffolder-backend/src/service/router.test.ts and plugins/catalog-backend/src/service/createRouter.test.ts are reference migrations.
Only if the user wants to land this as a PR. Create changesets in .changeset/ per /CONTRIBUTING.md:
minor (or patch for < 1.0.0 packages) changeset for the backend plugin describing the new typed router.createOpenApiRouter, EndpointMap, etc.) — describe the user-facing impact.Do not run yarn changesets version. Write the changeset markdown files directly.
These all live in backstage/backstage; the user's workspace likely doesn't contain them. Browse via the links below.
| What you need | Where to read |
|---|---|
| Spec example (small) | plugins/events-backend/src/schema/openapi.yaml |
| Spec example (large) | plugins/catalog-backend/src/schema/openapi.yaml |
Router using createOpenApiRouter | plugins/events-backend/src/service/hub/createEventBusRouter.ts |
Test using wrapServer | plugins/scaffolder-backend/src/service/router.test.ts |
| Generate command source | packages/repo-tools/src/commands/package/schema/openapi/generate/ |
| Spec lint command source | packages/repo-tools/src/commands/repo/schema/openapi/lint.ts |
wrapServer implementation | packages/backend-openapi-utils/src/testUtils.ts |
| Client output reference | plugins/events-node/src/generated/ |
--no-verify on commits.
Migrate a Backstage app from the old frontend system to the new one. Use this skill when converting an app to use the new extension-based frontend system, including the hybrid migration phase and the full migration of routes, sidebar, plugins, APIs, themes, and other app-level concerns.
Migrate Backstage plugins from Material-UI (MUI) to Backstage UI (BUI). Use this skill when migrating components, updating imports, replacing styling patterns, or converting MUI components to their BUI equivalents.
Instrument a Backstage frontend plugin with analytics events using the Backstage Analytics API. Use this skill when adding, reviewing, or extending event capture (`captureEvent`, `AnalyticsContext`) in plugin components, deciding whether an interaction warrants an event, or writing tests for analytics behavior.
Fully migrate a Backstage plugin to the new frontend system, dropping all old system support. Use this skill for internal plugins that only need to run in a single app, or when you are ready to remove backward compatibility entirely.
Add new frontend system support to an existing Backstage plugin while keeping the old system working. Use this skill for published or shared plugins that need to work in both old and new frontend system apps.