There's a way to separate public/private routes from the same OpenAPI docs via Kubb?

[HelenaVeltri]

A while ago I realized that some data related to typing and client-side calls that should be private (require authentication) were being exposed via the browser's DevTools.

I've been using Kubb and OpenAPI documentation to create the files in the frontend project for a few months and have always created unique, specialized files for each thing: one for typing, another for calls, another for schemas... However, now I've decided to isolate these routes using the public tag of my OpenAPI. And I separated the route implementation into two clients (one using parsing with Zod and the other with standard parsing) and two typing files, separating them.

However, even with the private client using Zod parsing, it still imports files from the authenticated global typing.

Is there a better way to do this?

Since I've been using these global files for months, separating everything into groups for each route is currently unfeasible.

THis is how i'm doing this:

   pluginTs({
        output: { path: "types/ApiV2Types.ts" },
        exclude: [{ type: "tag", pattern: "public" }],
      }),
      pluginClient({
        output: { path: "stores/ApiV2Client.ts" },
        client: "axios",
        importPath: "@app/services/apiServiceKubb",
        exclude: [{ type: "tag", pattern: "public" }],
      }),
      pluginZod({
        output: { path: "public/schemas/PublicApiV2Schemas.ts" },
        include: [{ type: "tag", pattern: "public" }],
      }),
      pluginClient({
        output: { path: "public/stores/PublicApiV2Client.ts" },
        client: "axios",
        importPath: "@app/services/apiServiceKubb",
        parser: "zod",
        include: [{ type: "tag", pattern: "public" }],
      }),
      pluginZod({
        output: { path: "schemas/ApiV2Schemas.ts" },
        exclude: [{ type: "tag", pattern: "public" }],
      }),
      pluginFaker({
        output: { path: "mockups/ApiV2MockupTypes.ts" },
      }),
      pluginVueQuery({
        output: { path: "./hooks/ApiV2Query.ts" },
        client: {
          importPath: "@app/services/apiServiceKubb",
        },
        exclude: [{ type: "tag", pattern: "public" }],
      }),

[dosubot[bot]]

Hey @HelenaVeltri! This is a known limitation of how include/exclude filters work in Kubb (v4.x). The filters apply primarily to operations, but components/schemas that are only referenced by excluded operations may still get generated — and that causes the cross-imports you're seeing between your private types and public client [1].

What's happening: Your private pluginTs output still generates schemas that happen to be shared or referenced by excluded "public" operations, and then your public pluginClient (with parser: "zod") ends up importing types from the private typing file.

Short-term workarounds:

1. Pre-filter your OpenAPI spec using a tool like openapi-format to produce two separate specs (one public, one private) before passing them to Kubb. This is the most reliable way to fully isolate the outputs [1].

2. Use separate Kubb config files — one for public routes and one for private routes — each pointing to a pre-filtered spec or using completely isolated output paths.

Good news for the future: This is being addressed in Kubb 5.0.0-beta.2+, which introduces proper schema scoping — when you use operation-level filters (like tag), only schemas transitively referenced by included operations will be generated [2]. This should resolve the cross-import problem without needing external tooling.

For now, pre-filtering the OpenAPI spec into two separate files (public vs private) before running Kubb is the cleanest path given that restructuring into per-route groups isn't feasible for you.

To reply, just mention @dosu.

---

Docs are dead. Just use Dosu.