Skip to content

Commit 547e5fe

Browse files
authored
docs: Reprioritize OpenAPI gap inventory (#46)
Wave 1 and the high-impact slices of Wave 2 (string formats, numeric widths) have landed. Reorder the remaining work so that parameter/request-body fidelity (old Wave 3) and refs/spec topology (old Wave 5) come first, with extensions (old #29) pulled forward into the new Wave 2. Niche JSON Schema keywords (object: orig #6, array: orig #7) are demoted to a later wave. Original item numbers are preserved in parentheses for back-reference.
1 parent 05210c2 commit 547e5fe

1 file changed

Lines changed: 38 additions & 31 deletions

File tree

docs/superpowers/specs/2026-05-07-openapi-refactor-design.md

Lines changed: 38 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -454,56 +454,63 @@ The following docs reference Java 21 today and must be updated as part of the re
454454

455455
Each item below becomes its own small spec/PR after the refactor lands. Listed in the recommended order.
456456

457-
**Wave 1 — high impact, low cost, unblocked by typed model**
457+
> **Reprioritized 2026-05-08.** Wave 1 and the high-impact slices of the original Wave 2 (string formats, numeric widths) have landed. The remaining items have been re-ordered to prioritize parameter/body fidelity, refs/topology, and extensions — the keywords most real-world specs depend on — over niche JSON Schema validation keywords. Item numbering follows the original inventory in parentheses so historical references still resolve.
458+
459+
**Wave 1 — high impact, low cost, unblocked by typed model — ✅ DONE**
458460

459461
1. `requestBody.required: true` enforcement when body is empty.
460462
2. `additionalProperties: false` and `additionalProperties: { schema }` enforcement.
461463
3. Combinators: `oneOf` / `anyOf` / `allOf` (one spec — they share machinery).
462464
4. `not` + `const` + top-level `enum` + schema booleans (`true` / `false`).
463465

464-
**Wave 2 — coverage breadth**
466+
**Wave 2 (original, partially done — string formats and numeric widths)**
467+
468+
5. ✅ Format expansion: `email`, `uri`, `uri-reference`, `hostname`, `ipv4`, `ipv6`, `regex`, `byte` (base64), `binary`, `password`.
469+
8. ✅ Format-driven width validation: `int32` / `int64` overflow, `float` / `double` precision.
470+
471+
Items 6 and 7 from the original Wave 2 are demoted to the new Wave 4 below.
472+
473+
**Wave 2 — parameter & request-body fidelity + extensions (new)**
465474

466-
5. Format expansion: `email`, `uri`, `uri-reference`, `hostname`, `ipv4`, `ipv6`, `regex`, `byte` (base64), `binary`, `password`.
467-
6. Object: `patternProperties`, `dependentRequired`, `dependentSchemas`, `propertyNames`.
468-
7. Array: `contains` / `minContains` / `maxContains`, `prefixItems` (tuple validation).
469-
8. Format-driven width validation: `int32` / `int64` overflow, `float` / `double` precision.
475+
- (orig #9) Parameter `style` + `explode` for `query`, `path`, `header`, `cookie`.
476+
- (orig #10) Array query parameters (`?ids=1&ids=2` and `?ids=1,2`).
477+
- (orig #11) `deepObject` query style.
478+
- (orig #12) `content` instead of `schema` on parameters.
479+
- (orig #13) `cookie` parameter location.
480+
- (orig #14) Media-type ranges (`application/*`, charset suffix tolerance).
481+
- (orig #15) Non-JSON request bodies: `application/x-www-form-urlencoded`, `multipart/form-data`, `text/plain`. `encoding` object on multipart fields.
482+
- (orig #29) Extensions (`x-*` keys) — at minimum: silently preserved, accessible via raw map fallback. Pulled forward from old Wave 6 because consumers rely on vendor extensions across the spec.
470483

471-
**Wave 3 — parameter & request-body fidelity**
484+
**Wave 3 — refs & spec topology (new)**
472485

473-
9. Parameter `style` + `explode` for `query`, `path`, `header`, `cookie`.
474-
10. Array query parameters (`?ids=1&ids=2` and `?ids=1,2`).
475-
11. `deepObject` query style.
476-
12. `content` instead of `schema` on parameters.
477-
13. `cookie` parameter location.
478-
14. Media-type ranges (`application/*`, charset suffix tolerance).
479-
15. Non-JSON request bodies: `application/x-www-form-urlencoded`, `multipart/form-data`, `text/plain`. `encoding` object on multipart fields.
486+
- (orig #19) Cross-document `$ref`.
487+
- (orig #20) JSON Schema `$defs` (3.1 alternative to `components.schemas`).
488+
- (orig #21) `$dynamicRef` / `$dynamicAnchor` (rarely used).
489+
- (orig #22) Multiple `servers[]` entries; server variables (`{tenant}.example.com`).
490+
- (orig #23) Path-level parameters (defined on `PathItem`, shared across operations).
491+
- (orig #24) Path-level / operation-level `servers`.
480492

481-
**Wave 4 — responses**
493+
**Wave 4 — niche JSON Schema keywords (demoted)**
482494

483-
16. Validate response body against `responses[status].content[mediaType].schema`.
484-
17. Validate response headers.
485-
18. `default` response handling.
495+
- (orig #6) Object: `patternProperties`, `dependentRequired`, `dependentSchemas`, `propertyNames`.
496+
- (orig #7) Array: `contains` / `minContains` / `maxContains`, `prefixItems` (tuple validation).
486497

487-
**Wave 5 — refs & spec topology**
498+
**Wave 5 — responses**
488499

489-
19. Cross-document `$ref`.
490-
20. JSON Schema `$defs` (3.1 alternative to `components.schemas`).
491-
21. `$dynamicRef` / `$dynamicAnchor` (rarely used).
492-
22. Multiple `servers[]` entries; server variables (`{tenant}.example.com`).
493-
23. Path-level parameters (defined on `PathItem`, shared across operations).
494-
24. Path-level / operation-level `servers`.
500+
- (orig #16) Validate response body against `responses[status].content[mediaType].schema`.
501+
- (orig #17) Validate response headers.
502+
- (orig #18) `default` response handling.
495503

496504
**Wave 6 — UX & metadata**
497505

498-
25. Multi-error collection (gather all failures per request, not first-only).
499-
26. `discriminator` (used with combinators).
500-
27. `readOnly` / `writeOnly` (skip validation in the wrong direction).
501-
28. `deprecated` (warning logging on use).
502-
29. Extensions (`x-*` keys) — at minimum: silently preserved, accessible via raw map fallback.
506+
- (orig #25) Multi-error collection (gather all failures per request, not first-only).
507+
- (orig #26) `discriminator` (used with combinators).
508+
- (orig #27) `readOnly` / `writeOnly` (skip validation in the wrong direction).
509+
- (orig #28) `deprecated` (warning logging on use).
503510

504511
**Wave 7 — last**
505512

506-
30. Security: `securitySchemes` parsing; `security` enforcement at operation level.
513+
- (orig #30) Security: `securitySchemes` parsing; `security` enforcement at operation level.
507514

508515
## Out of scope for this design
509516

0 commit comments

Comments
 (0)