Skip to content

OpenAPI v3.1 support, experimental re-implementation using libopenapi#2197

Merged
mromaszewicz merged 30 commits intooapi-codegen:mainfrom
mromaszewicz:experimental-v3
Feb 7, 2026
Merged

OpenAPI v3.1 support, experimental re-implementation using libopenapi#2197
mromaszewicz merged 30 commits intooapi-codegen:mainfrom
mromaszewicz:experimental-v3

Conversation

@mromaszewicz
Copy link
Copy Markdown
Member

@mromaszewicz mromaszewicz commented Feb 7, 2026
edited
Loading

This is a prototype for a V3 versions of oapi-codegen, which addresses several issues, but mainly #373.

Please see the README.me in experimental/ for usage and changes.

deepmap-marcinr and others added 30 commits February 3, 2026 22:24
@deepmap-marcinr
Feat: Codegen v3 experiment
e778d93
@deepmap-marcinr
Add support for external references
63de366
@deepmap-marcinr
Parameterize content types for models
a06eab4 
Allow users to control which content types are included in
model generation for requests, responses.
@deepmap-marcinr
Parameterize struct tags
38684e9 
Users can now fully control the struct tags that are generated, with
default values of json and form encoding
@deepmap-marcinr
Skip automated tests for now.
6789565
@mromaszewicz
Update generated code, fix CI
3b8795b 
Generated code must have a header saying it's generated.
@mromaszewicz
Clean up allOf schema naming
9fc5e8a
@mromaszewicz
Clean up naming in path schemas
efd49d1 
Simplify names of schemas discovered by traversing the paths element
of the spec.
@mromaszewicz
Verify currently open schema gen issues
276baf8 
Ensure that we're fixing existing open issues.
@mromaszewicz
Ensure old bugs don't regress
5ec10d4 
Recreate old issue tests to make sure everything still works
as expected.
@mromaszewicz
Handle Nullable as before
c841955 
Add a Nullable type and use it where explicitly requested.
@mromaszewicz
Extension property support
622cd2e 
Add extension properties which match the old oapi-codegen behavior, and
fix a bunch of related issues.
@mromaszewicz
Fix linter errors
22503f7
@mromaszewicz
Add parameter styling and binding
99951b6 
Parameter binding and styling will now be embedded into the generated
code, and not rely on an external runtime package.
@mromaszewicz
Implement http.ServeMux server
8807e5c 
Add first server support, using built in http, and refine templates
to make it work. Example perstore implementation.
@mromaszewicz
Update to more recent libopenapi
8ba1f56
@mromaszewicz
Add client generation support
3e31447
@mromaszewicz
Hook up client generation to command line
6700435
@mromaszewicz
Support models being external
ecffa41 
Models can be imported into clients now, so they can live in
a separate package.

Clean up example client to use the models import, and clean up
tests.
@mromaszewicz
Add all supported routers
efe250e
@mromaszewicz
Add Echo V5 support
3881254
@mromaszewicz
Embed the OpenAPI spec in generated code for
d144036 
middleware and validation
@mromaszewicz
Fix lint issues
19a245a
@mromaszewicz
Update libopenapi, external ref changes
dac2d8e 
Libopenapi now supports parsing the model without resolving
external references, which is exactly what we wanted.
@mromaszewicz
Support webhooks and callbacks
676a7f1 
Add webhook and callback support, and show examples of how to
use them.
@mromaszewicz
Remove the concept of stable names
8222c4b 
This was an unnecessary complication and we'll cross this bridge if
we ever get to it.

Also, fix lint issues.
@mromaszewicz
Fix lint errors due to Go versioning
679e956 
echo V5 needs go 1.25, so we can only validate it if
running the 1.25 toolchain
@mromaszewicz
Update READMEs and fix lint issue
3b0aded
@mromaszewicz
Fix nondeterministic map order issue
2066ed8
@mromaszewicz
Fix Markdown formatting issue
44eed56
@mromaszewicz mromaszewicz requested a review from a team as a code owner February 7, 2026 00:55
@socket-security
Copy link
Copy Markdown

socket-security bot commented Feb 7, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedgithub.com/​go-chi/​chi/​v5@​v5.2.07099100100100
Addedgithub.com/​labstack/​echo/​v4@​v4.13.372100100100100
Addedgithub.com/​labstack/​echo/​v5@​v5.0.072100100100100
Addedgithub.com/​kataras/​iris/​v12@​v12.2.1174100100100100
Addedgithub.com/​gofiber/​fiber/​v3@​v3.0.0-beta.474100100100100
Addedgithub.com/​pb33f/​libopenapi@​v0.33.574100100100100
Addedgolang.org/​x/​tools@​v0.41.075100100100100
Addedgolang.org/​x/​text@​v0.33.078100100100100
Addedgo.yaml.in/​yaml/​v4@​v4.0.0-rc.497100100100100
Addedgithub.com/​google/​uuid@​v1.6.0100100100100100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Feb 7, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values in golang github.com/gofiber/utils/v2

CVE: GHSA-m98w-cqp3-qcqr Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values (CRITICAL)

Affected versions: < 2.0.0-rc.4

Patched version: 2.0.0-rc.4

From: ?golang/github.com/gofiber/fiber/v3@v3.0.0-beta.4golang/github.com/gofiber/utils/v2@v2.0.0-beta.7

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/gofiber/utils/v2@v2.0.0-beta.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@mromaszewicz mromaszewicz self-assigned this Feb 7, 2026
@mromaszewicz
Copy link
Copy Markdown
Member Author

mromaszewicz commented Feb 7, 2026

Since this doesn't affect existing users at all, I am merging it to gather feedback.

@mromaszewicz mromaszewicz merged commit 5206145 into oapi-codegen:main Feb 7, 2026
23 checks passed
@DanDagadita DanDagadita mentioned this pull request Feb 7, 2026
Closed
jamietanna
jamietanna reviewed Feb 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jamietanna jamietanna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per discussion on Slack, let's move this into a separate repo to keep the main repo clean, and allow folks to opt in

jamietanna added a commit that referenced this pull request Feb 7, 2026
@jamietanna
Revert "OpenAPI v3.1 support, experimental re-implementation using li…
dcafa83 
…bopenapi (#2197)"

This reverts commit 5206145.
@jamietanna
Copy link
Copy Markdown
Member

jamietanna commented Feb 7, 2026

@mromaszewicz where we're using AI-written code, please make sure it's called out in the PR and/or co-authored-by in the commit messages, please

jamietanna added a commit that referenced this pull request Feb 7, 2026
@jamietanna
Revert "OpenAPI v3.1 support, experimental re-implementation using li…
b0f22a0 
…bopenapi (#2197)"

This reverts commit 5206145.
@jamietanna
Copy link
Copy Markdown
Member

jamietanna commented Feb 7, 2026

We've moved this into a separate fork for the time being: https://github.com/oapi-codegen/oapi-codegen-exp

szarowski pushed a commit to szarowski/oapi-codegen that referenced this pull request Feb 10, 2026
@mromaszewicz @szarowski
OpenAPI v3.1 support, experimental re-implementation using libopenapi (
606fc7a 
…oapi-codegen#2197)

This is a prototype implementation of a future versions of oapi-codegen. It's almost a full rewrite, heavily
inspired by previous code, and lessons learned.

- much more flexibility in configuring generated code
- move from kin-openapi to libopenapi to support 3.1 and 3.2 specs
- webhook support
- callback support
- incompatible codegen changes to aggregate types (allOf, anyOf, oneOf)
- many existing codegen bugs around schemas fixed
szarowski pushed a commit to szarowski/oapi-codegen that referenced this pull request Feb 10, 2026
@jamietanna @szarowski
Revert "OpenAPI v3.1 support, experimental re-implementation using li…
2689a57 
…bopenapi (oapi-codegen#2197)"

This reverts commit 5206145.
This was referenced Feb 24, 2026
Closed
Closed
@renom

This comment was marked as off-topic.

Sign in to view
@jamietanna
Copy link
Copy Markdown
Member

jamietanna commented Mar 10, 2026

Please ask in https://github.com/oapi-codegen/oapi-codegen-exp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamietanna jamietanna jamietanna left review comments

Assignees

@mromaszewicz mromaszewicz

Labels

skip-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mromaszewicz @jamietanna @renom @deepmap-marcinr