{{ message }}
Conversation
…es on json_schema
JsonSchema previously accepted `examples` only via `extra="allow"`, leaving it untyped, undocumented, and invisible to type checkers. Declare it as Optional[List[JsonType]] so the JSON Schema `examples` keyword is a first-class, validated field. Supports PR #88 (OpenAPI converter examples parsing), which currently relies on the extra-field fallback. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…misses-examples-on-params
…misses-examples-on-params
…schema-examples-field feat(core): add explicit examples field to JsonSchema
Issue 2 — replace the blind cast on http_method with an explicit guard. OpenAPI allows operations (options/head/trace) that HttpCallTemplate's Literal type rejects; these are now skipped with a warning instead of crashing conversion via a Pydantic ValidationError. A shared SUPPORTED_HTTP_METHODS constant backs both the operation-loop filter and the per-operation check, so the cast is now truthful rather than assumed. Issue 3 — make example handling consistent across params, request bodies, and responses. Examples that appear at the schema level (not just the media type / parameter object) are now collected via _merge_examples and surfaced in the normalized JSON Schema 'examples' keyword, and the raw OpenAPI 'example'/'examples' keys are stripped before the schema is spread onto the property so they no longer leak through as untyped extra fields. This lines up with the explicit examples field added to JsonSchema in core (#91). Adds tests for unsupported-method skipping and schema-level example normalization. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…xamples-on-params fix: OpenAPI Converter was not parsing examples for request parameters
Publishes the OpenAPI examples parsing work: the explicit JsonSchema `examples` field (core) and the converter changes that normalize examples and validate HTTP methods (http). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Hardened HTTP, WebSocket, and GraphQL transports to block SSRF and credential leaks, and added first-class JSON Schema examples to improve OpenAPI-driven tools.
Bug Fixes
utcp-http,utcp-websocket, andutcp-gql; allowhttp:///ws://only for literal loopback (now including0.0.0.0,::, IPv4-mapped IPv6).safe_request_with_redirects(no cross-origin hops; auth headers never forwarded across origins); protect OAuth2tokenUrl.New Features
examplestoJsonSchemaand surfaced parameter/body/response examples in the OpenAPI converter.Dependencies: bumped
utcpto 1.1.3,utcp-httpto 1.1.8,utcp-websocketto 1.1.4,utcp-gqlto 1.1.4; addedaiohttptoutcp-gql.Written for commit 51683c5. Summary will update on new commits.