mitm2openapi 0.6.0

Convert mitmproxy flow dumps and HAR files to OpenAPI 3.0 specs — fast Rust rewrite of mitmproxy2swagger
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [0.6.0](https://github.com/Arkptz/mitm2openapi/compare/v0.5.2...v0.6.0) - 2026-05-27

### Added

- *(generate)* integrate redaction with collected examples
- *(generate)* collect request body examples
- *(cli)* add --max-examples flag with default cap of 5
- *(cli)* re-introduce --param-regex with functional implementation
- *(discover)* add cross-request variability detection for path params
- *(generate)* merge request body schemas across multiple captures
- add redaction module for example sanitization
- *(cli)* add --skip-options flag to filter OPTIONS requests
- *(discover)* extend param detection with UPPER_CASE, hex, base58 heuristics

### Fixed

- *(changelog)* remove duplicate Unreleased section
- *(mitmproxy)* wire --max-payload-size to tnetstring parser, fix clippy
- *(tests)* replace single-arm match with if let
- resolve clippy warnings and example name leaking sensitive values
- *(mitmproxy)* decompress response bodies based on content-encoding header

### Other

- *(integration)* add full pipeline test with all new features
- update cli-reference, pipeline, introduction, README for new features
- *(builder)* add examples accumulator infrastructure

### Added

- *(cli)* add `--skip-options` flag to filter OPTIONS requests (discover + generate)
- *(cli)* add `--param-regex` flag for custom path parameter detection (discover)
- *(cli)* add `--max-examples` flag to cap examples per endpoint (generate, default 5)
- *(cli)* add `--redact-patterns` flag for regex-based value redaction (generate)
- *(cli)* add `--redact-fields` flag for field-name-based redaction (generate)
- *(discover)* enhanced path parameterization: UPPER_CASE slugs, hex strings, base58, cross-request variability
- *(generate)* response/request examples stored as named OpenAPI examples
- *(generate)* request body schema merging via oneOf for multiple captures

## [0.5.2](https://github.com/Arkptz/mitm2openapi/compare/v0.5.1...v0.5.2) - 2026-04-24

### Fixed

- *(har)* apply header size caps consistent with mitmproxy reader
- *(reader)* reject symlinked directory inputs and entries

### Other

- *(security)* cover symlink directory and entry rejection
- *(readme)* trim content migrated to book, add docs badge
- *(book)* add mdBook scaffold with book.toml and all chapter content
- adjust CHANGELOG/CONTRIBUTING headings for mdBook inclusion
- regenerate demo.gif [skip ci]

## [0.5.1](https://github.com/Arkptz/mitm2openapi/compare/v0.5.0...v0.5.1) - 2026-04-22

### Other

- *(bench)* refresh benchmark results
- *(bench)* drop small fixture tier
- *(readme)* add benchmarks section linking to automated results
- *(bench)* seed benchmarks.md with methodology and placeholders
- regenerate demo.gif [skip ci]

## [0.5.0](https://github.com/Arkptz/mitm2openapi/compare/v0.4.1...v0.5.0) - 2026-04-22

### Added

- *(cli)* add --strict flag to escalate warnings to errors

### Other

- *(readme)* document --strict flag and benchmark CI
- *(strict)* verify strict mode exit codes

## [0.4.1](https://github.com/Arkptz/mitm2openapi/compare/v0.4.0...v0.4.1) - 2026-04-22

### Fixed

- *(builder)* use .get() in dedup_schema_variants to satisfy indexing_slicing lint
- *(reader)* warn on skipped directory entries and malformed overrides
- *(schema)* union array element schemas and tighten dict heuristic

### Other

- *(lint)* deny clippy::indexing_slicing at crate level
- extract is_numeric_string and is_uuid to shared module
- *(output)* lazy-init regex via LazyLock
- *(error)* replace guarded unwrap sites with pattern matching

## [0.4.0](https://github.com/Arkptz/mitm2openapi/compare/v0.3.0...v0.4.0) - 2026-04-22

### Added

- feat!(builder): merge response schemas per status code
- feat!(cli): remove unused --param-regex flag

### Other

- *(readme)* remove --param-regex mention from CLI reference
- *(cli)* verify --param-regex is rejected as unknown argument
- *(builder)* cover multi-status response aggregation
- refactor!(error): mark Error enum as non_exhaustive
- regenerate demo.gif [skip ci]

## [0.3.0](https://github.com/Arkptz/mitm2openapi/compare/v0.2.6...v0.3.0) - 2026-04-22

### Added

- *(report)* track cap firings and parse errors in processing report
- *(cli)* add --report flag for structured processing summary
- *(tnetstring)* emit byte offset and error kind on parse halt

### Other

- *(readme)* document --report flag and parse halt diagnostics
- *(report)* verify report file schema and contents
- *(tnetstring)* verify parse halt diagnostics and no-resync on binary payload

## [0.2.6](https://github.com/Arkptz/mitm2openapi/compare/v0.2.5...v0.2.6) - 2026-04-22

### Fixed

- *(test)* gate Unix-specific path-failure test behind cfg(unix)
- *(output)* write YAML via tempfile and atomic rename

### Other

- *(output)* verify atomic write preserves target on failure
- *(deps)* move tempfile to runtime dependencies

## [0.2.5](https://github.com/Arkptz/mitm2openapi/compare/v0.2.4...v0.2.5) - 2026-04-22

### Fixed

- *(builder)* skip requests with unknown HTTP methods instead of aliasing to GET

### Other

- *(builder)* verify unknown method is skipped and standard methods preserved

## [0.2.4](https://github.com/Arkptz/mitm2openapi/compare/v0.2.3...v0.2.4) - 2026-04-22

### Fixed

- *(params)* preserve multi-byte UTF-8 in urlencoding_decode

### Other

- *(params)* add UTF-8 roundtrip and overlong rejection cases
- regenerate demo.gif [skip ci]

## [0.2.3](https://github.com/Arkptz/mitm2openapi/compare/v0.2.2...v0.2.3) - 2026-04-22

### Fixed

- *(builder)* cap form-field count per request at 1000
- *(har)* validate schemes and status codes, log base64 failures, cap bodies
- *(reader)* validate port/status ranges, enforce strict UTF-8, and cap field sizes

### Other

- *(readme)* document per-field size and validation limits

## [0.2.2](https://github.com/Arkptz/mitm2openapi/compare/v0.2.1...v0.2.2) - 2026-04-22

### Added

- *(har)* add streaming HAR entry iterator

### Other

- *(readme)* mention HAR streaming in resource limits and supported formats
- *(har)* verify streaming does not materialize all entries
- *(reader)* switch HAR dispatch to streaming iterator
- regenerate demo.gif [skip ci]

## [0.2.1](https://github.com/Arkptz/mitm2openapi/compare/v0.2.0...v0.2.1) - 2026-04-22

### Added

- *(reader)* add stream_mitmproxy_file and stream_mitmproxy_dir
- *(tnetstring)* add streaming iterator TNetStringIter

### Other

- *(readme)* document resource-limit flags and streaming behavior
- *(main)* switch discover and generate to streaming pipeline
- *(path_matching)* cache compiled regexes in CompiledTemplates
- *(builder)* add discover_paths_streaming variant
- regenerate demo.gif [skip ci]

## [0.2.0](https://github.com/Arkptz/mitm2openapi/compare/v0.1.2...v0.2.0) - 2026-04-22

### Added

- *(path_matching)* validate path parameter identifiers
- *(cli)* expose --max-input-size, --max-payload-size, --max-depth, --max-body-size, --allow-symlinks
- *(reader)* reject symlinks, non-regular files, and oversized inputs
- *(schema)* enforce 64-level JSON recursion depth limit
- *(tnetstring)* enforce 256-level recursion depth limit
- *(tnetstring)* cap payload size at 256 MiB
- *(error)* add typed variants for parse and input limits

### Fixed

- *(test)* gate symlink and FIFO tests behind cfg(unix)

### Other

- update Cargo.lock for globset dependency
- *(security)* cover symlink, FIFO, and oversize input rejection
- *(har)* bound format-detection read to 4 KiB
- *(builder)* replace custom glob matcher with globset

## [0.1.2](https://github.com/Arkptz/mitm2openapi/compare/v0.1.1...v0.1.2) - 2026-04-22

### Other

- add tests/fixtures/poc placeholder directory (P0.2)
- regenerate demo.gif [skip ci]

## [0.1.1](https://github.com/Arkptz/mitm2openapi/compare/v0.1.0...v0.1.1) - 2026-04-20

### Other

- *(readme)* add Why? section explaining the Python-vs-Rust trade-off
- *(deps)* bump assert_cmd from 2.2.0 to 2.2.1 in the all-cargo group ([#7](https://github.com/Arkptz/mitm2openapi/pull/7))
- regenerate demo.gif [skip ci]

## [0.1.0] - TBD

Initial release.