sync: endpoint_fingerprint now includes security_schemes, security_required,
tags, and operation_id — catches changes that previously went undetected.
Method comparison uppercased for consistency. New details field in
SyncOutput carries full ChangeDetails alongside the summary. Removed
unused _skipped_from_resume binding. normalize_to_json callers updated
for new (bytes, Value) return type. allow_private_host forwarded to
sync --all HTTP client builder.
fetch: content hash now computed from post-resolution json_bytes instead
of raw_bytes — when --resolve-external-refs is used, the stored content
differs from the original fetch, so the hash must match what is actually
written to the cache.
diff: --fail-on=breaking check moved before any output to avoid the
contradictory pattern of emitting success JSON then returning an error
exit code. Robot mode now emits a proper robot_error envelope on
breaking-change failure.
list: new --sort flag accepts path (default), method, or tag. All sort
modes maintain alias-first grouping for cross-alias queries. method sort
orders GET/POST/PUT/PATCH/DELETE/etc. tag sort uses first tag as primary
key with path and method as tiebreakers.
show: merge path-item-level parameters into operation parameters per
OpenAPI 3.x spec. Path-level params apply to all operations unless
overridden by an operation-level param with the same (name, in) pair.
Uses the operation_ptr to derive the parent path-item pointer and
resolve_json_pointer to access the raw spec.
Robot mode resolution is now a 4-tier cascade:
1. --no-robot (explicit off, conflicts_with robot)
2. --robot / --json (explicit on)
3. SWAGGER_CLI_ROBOT=1|true env var
4. TTY auto-detection (non-TTY stdout -> robot mode)
Pre-scan updated to match the same resolution logic so parse errors
get the correct output format before clap finishes parsing.
New robot-docs subcommand (alias: docs) provides machine-readable
self-documentation for AI agents: guide, commands, exit-codes, and
workflows topics. Designed for LLM consumption — structured JSON
with all flags, aliases, and usage patterns in one call.
robot_success_pretty added for --pretty support on robot-docs output.
Visible aliases added to commands: list->ls, show->info, search->find.
normalize_to_json now returns (Vec<u8>, serde_json::Value) — callers get
the parsed Value for free instead of re-parsing the bytes they just
produced. Eliminates a redundant serde_json::from_slice on every fetch,
sync, and external-ref resolution path.
Format detection switches from trial JSON parse to first-byte inspection
({/[ = JSON, else YAML) — roughly 300x faster for the common case.
SSRF protection expanded: block CGNAT range 100.64.0.0/10 (RFC 6598,
common cloud-internal SSRF target) and IPv6 unique-local fc00::/7.
Alias validation simplified: the regex ^[A-Za-z0-9][A-Za-z0-9._-]{0,63}$
already rejects path separators, traversal, and leading dots — remove
redundant explicit checks.
Search performance: pre-lowercase query terms once and pre-lowercase each
field once per endpoint (not once per term x field). Removes the
contains_term helper entirely. safe_snippet rewritten with char-based
search to avoid byte-position mismatches on multi-byte Unicode characters
(e.g. U+0130 which expands during lowercasing).
