You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No .changeset/*.md file was included. This PR adds two new user-facing CLI commands (sanity api list, sanity api spec) and deprecation forwarders for the old openapi commands — that's a runtime behavior change requiring a minor bump changeset. Fix this →
parser.ts:388 — asObject(schema.properties).constructor === Object is always true
asObject() always returns a plain object (either the cast value or {}), so {}.constructor === Object is always true. This silently swallows the else if (type === 'array') branch — it is dead code.
// parser.ts lines 388–395if(asString(schema.type)==='object'||asObject(schema.properties).constructor===Object){field.fields=walkProperties(schema)}elseif(asString(schema.type)==='array'){// ← never reachedconstitems=asObject(schema.items)if(asString(items.type)==='object'||asObject(items.properties).constructor===Object){field.fields=walkProperties(items)// ← never executes}}
Effect: request body fields whose schema is type: array with object items never have their child fields walked. field.fields is set by calling walkProperties(schema) (the array schema itself, which has no properties), returning []. The same pattern appears in the nested check on line 392.
Fix: replace the constructor check with an explicit properties presence check:
No existing test covers array-of-object body fields, which is why this slipped through. Fix this →
views.ts:330–333 — formatValue has a dead conditional branch
Both branches of the if do the same thing:
// views.ts lines 330–333functionformatValue(value: unknown): string{if(typeofvalue==='string')returnJSON.stringify(value)returnJSON.stringify(value)// same call}
The string-specific branch does nothing different. Collapse to a single return JSON.stringify(value). Fix this →
spec.test.ts — --schema flag has no tests
The --schema path in spec.ts:88–161 (schema lookup and error case) has no coverage:
sanity api spec jobs --schema SomeName → prints YAML
sanity api spec jobs --schema SomeName --format=json → prints JSON
sanity api spec jobs --schema Unknown → errors and lists known schemas
This is one of the feature's key workflows (resolving $ref pointers for agent use). Fix this →
cache.ts:50,59 — user-supplied slug used unvalidated in file paths
readSpec(slug) and writeSpec(slug, yaml) construct file paths by embedding the slug directly:
// cache.ts line 51constfile=path.join(getCacheDir(),'specs',`${slug}.yaml`)
path.join does not block traversal sequences. A slug like ../foo resolves to a path outside the specs/ directory. The write path is mitigated because writeSpec is only called with the server-returned slug (from revalidateSpecs), but readSpec is called with the user-provided slug in spec.ts:119. Consider normalizing with path.basename(slug) or rejecting slugs containing / or ... Fix this →
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Note
Related to https://docs.google.com/document/d/1gcakkHcmTFI36RBTN6MoNNfgUz3PJIHIujQXYF5NSu4/edit?tab=t.0
What to review
Testing