Skip to content

feat: adjust validation openapi#59

Merged
akfaiz merged 12 commits into
mainfrom
feat/adjust-validation-openapi
May 11, 2026
Merged

feat: adjust validation openapi#59
akfaiz merged 12 commits into
mainfrom
feat/adjust-validation-openapi

Conversation

@akfaiz
Copy link
Copy Markdown
Member

@akfaiz akfaiz commented May 10, 2026

Description

  • align library with OpenAPI 3.2.0 and harden validation
  • implement validation error severity levels and best practice checks

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Refactor / code quality
  • Other (describe):

Checklist

  • make check passes locally (sync + tidy + lint + test)
  • Tests added or updated to cover the change
  • Golden files updated if spec output changed (make test-update)
  • Relevant documentation updated (README, adapter README, etc.)
  • Commit messages follow Conventional Commits

Notes for Reviewers

Breaking Change Notes

akfaiz added 2 commits May 10, 2026 05:56
@akfaiz
feat: align library with OpenAPI 3.2.0 and harden validation
d10a57e 
- Update core structs (Server, Discriminator, XML) with new OpenAPI 3.2.0 fields.
- Implement high-level options (ServerName, ContentSummary) for improved configuration.
- Enhance validation suite to strictly enforce version-specific rules:
  - Enforce numeric exclusive boundaries in 3.1+ (JSON Schema 2020-12).
  - Validate server name uniqueness and reserved header names.
  - Restrict Encoding Object fields based on media type context.
- Refactor URI validation for technical accuracy (IsNonRelativeURI) and harden discovery endpoints.
- Update reflector to automatically migrate deprecated XML fields to NodeType in 3.2.0.
- Update documentation and golden files to reflect specification alignment.
- Fix linting issues by extracting validation helpers and improving formatting.
- Comprehensive test coverage added in audit_test.go.
@akfaiz
feat: implement validation error severity levels and best practice ch…
634136f 
…ecks

- Introduce Severity types (SeverityError, SeverityWarning, SeverityInfo) and a custom ValidationError wrapper in internal/validate.

- Refactor all existing strict validation logic to use validate.Errorf.

- Implement Warningf and Infof helper functions for non-fatal feedback.

- Update spec.ValidationErrors to correctly aggregate and filter errors based on severity using the new HasSeverity method.

- Update builder package to explicitly generate SeverityError errors during path construction.

- Add new OpenAPI best practice checks for missing tags, contact, license, servers, operationId, summary, and description.

- Add deprecation warnings for operations, parameters, headers, schemas, and security schemes.

- Refactor internal test suite helpers to tolerate advisory warnings while asserting strict errors.

- Expose severity constants and ValidationError via aliases in the public spec package for external inspection.
@codecov
Copy link
Copy Markdown

codecov Bot commented May 10, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 86.79549% with 82 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/validate/operation.go 74.71% 41 Missing and 4 partials ⚠️
internal/validate/document.go 90.44% 11 Missing and 2 partials ⚠️
internal/builder/utils.go 18.18% 9 Missing ⚠️
internal/validate/schema.go 94.56% 2 Missing and 3 partials ⚠️
errors.go 88.88% 2 Missing and 2 partials ⚠️
internal/validate/reference.go 50.00% 3 Missing ⚠️
internal/builder/builder.go 66.66% 1 Missing ⚠️
internal/validate/components.go 80.00% 1 Missing ⚠️
internal/validate/path.go 88.88% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

llamapreview[bot]
llamapreview Bot reviewed May 10, 2026
View reviewed changes
Copy link
Copy Markdown

@llamapreview llamapreview Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Code Review by LlamaPReview

🎯 TL;DR & Recommendation

Recommendation: Approve with suggestions.

This PR modernizes the spec library to align with OpenAPI 3.2.0 and introduces a validation severity system. The changes are well-structured and covered by tests. However, a behavioral change in joinErrors may silently drop warnings/info from validation results, and a minor inconsistency in version-gated component checks could surprise users.

🌟 Strengths

  • Full test coverage for new severity levels and OpenAPI 3.2.0 fields.
  • Clean separation of severity types and clear refactoring of hardcoded fmt.Errorf to structured errors.

💡 Suggestions (P2)

  • errors.go: The joinErrors function now returns nil when no SeverityError is present, meaning best-practice recommendations (missing operationId, summary, etc.) will no longer propagate to callers of Validate(). This is a deliberate design choice, but consumers relying on Validate() to surface all issues may see fewer errors. Consider documenting this breaking change in notes or offering a strict mode.
  • internal/validate/components.go: The validation condition for components.PathItems and components.MediaTypes changed from len > 0 to != nil. While empty maps are rarely used, this stricter check may surprise upgraders who inadvertently pass an empty non-nil map.

💡 Have feedback? We'd love to hear it in our GitHub Discussions.
✨ This review was generated by LlamaPReview Advanced, which is free for all open-source projects. Learn more.

Comment thread errors.go Outdated
return false
}

func joinErrors(errs []error) error {
Copy link
Copy Markdown

@llamapreview llamapreview Bot May 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 | Confidence: High

The joinErrors function now returns nil when the collection contains no error with SeverityError. Previously any non-nil validation error (including those now reclassified as Warning or Info) caused a non-nil return. This change alters the contract of all Validate() calls: adapters (e.g., adapter/muxopenapi/router.go) and the generator's MarshalYAML (via router.go) will now silently accept spec generation even when best-practice issues like missing operationId, summary, or description are present. Consumers that relied on Validate() to catch any validation issue will no longer be notified of these recommendations, potentially producing suboptimal specifications. This is a deliberate design choice to align with severity levels, but it is a breaking behavioral change for existing callers.

Comment thread internal/validate/components.go
akfaiz added 10 commits May 10, 2026 18:23
@akfaiz
feat: add support for OpenAPI 3.2.0 validation and improve version-sp…
444a3cf 
…ecific schema and server checks.
@akfaiz
refactor: centralize OpenAPI operation method validation logic into t…
fcc46c5 
…he internal package and clean up document validation structure
@akfaiz
feat: introduce dirty state tracking for incremental builds and add V…
cb84fc7 
…alidateReport method
@akfaiz
feat: add ValidateReport method to all adapter interfaces and routers
1e5ca16
@akfaiz
refactor: improve makefile shell exit handling and standardize test p…
c94d326 
…ackage targets
@akfaiz
feat: support application/x-www-form-urlencoded content for querystri…
40c4dd6 
…ng parameters in reflector
@akfaiz
refactor: export SecuritySchemeOAuth2MetadataURL and adjust validatio…
f4f52b1 
…n messaging, add mediaType tag support to reflector, and move tests to package validate_test
@akfaiz
refactor: move mapper to internal, remove adapter constant, and chang…
5d6fcc2 
…e yaml marshal to use single quote
@akfaiz
test: increase code coverage for some function and adapter
793c4ed
@akfaiz
refactor: upgrade OpenAPI version to 3.1.2 and improve validation err…
726cc85 
…or handling consistency
@akfaiz akfaiz merged commit ea3bbb4 into main May 11, 2026
5 checks passed
@akfaiz akfaiz deleted the feat/adjust-validation-openapi branch May 13, 2026 04:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@llamapreview llamapreview[bot] llamapreview[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akfaiz