- What routes were added, changed, or removed?
- Are request and response bodies named and stable?
- Does the API expose internal model structure unnecessarily?
- Are authentication requirements correct?
- Are tenant and role expectations clear?
- Is the change backward compatible?
- If breaking, is there a migration path for consumers?
- Does generated OpenAPI reflect the intended contract?
- Should the API catalog be updated?
- Are error semantics and edge behavior clear enough for consumers?
Run when API shape matters:
carrier openapi > openapi.json