rules: # INFO / METADATA info-title-pattern: description: Info title should follow "1Password ..." pattern. severity: warn given: $.info.title then: function: pattern functionOptions: match: "^1Password " info-description-required: description: Info description must be present and at least 50 characters. severity: warn given: $.info then: field: description function: minLength functionOptions: value: 50 info-version-required: description: API version must be defined. severity: error given: $.info then: field: version function: truthy info-contact-required: description: Contact information should be provided. severity: info given: $.info then: field: contact function: truthy # OPENAPI VERSION openapi-version-3: description: Must use OpenAPI 3.0.x or 3.1.x. severity: error given: $ then: field: openapi function: pattern functionOptions: match: "^3\\." # SERVERS servers-must-be-defined: description: Servers array must be defined and non-empty. severity: error given: $ then: field: servers function: truthy servers-https-required: description: Production server URLs must use HTTPS. severity: error given: $.servers[*] then: field: url function: pattern functionOptions: match: "^https://" # PATHS — NAMING CONVENTIONS paths-no-trailing-slash: description: Paths must not end with a trailing slash. severity: warn given: $.paths then: function: pattern functionOptions: notMatch: "/$" paths-kebab-case: description: Path segments should use kebab-case. severity: info given: $.paths then: function: pattern functionOptions: notMatch: "_" # OPERATIONS operation-summary-required: description: Every operation must have a summary. severity: error given: $.paths[*][get,post,put,patch,delete,options,head] then: field: summary function: truthy operation-description-required: description: Every operation should have a description. severity: warn given: $.paths[*][get,post,put,patch,delete,options,head] then: field: description function: truthy operation-summary-prefix: description: Every operation summary should start with "1Password". severity: warn given: $.paths[*][get,post,put,patch,delete,options,head].summary then: function: pattern functionOptions: match: "^1Password " operation-operationid-required: description: Every operation must have an operationId. severity: error given: $.paths[*][get,post,put,patch,delete,options,head] then: field: operationId function: truthy operation-operationid-camelcase: description: OperationId should use camelCase. severity: warn given: $.paths[*][get,post,put,patch,delete,options,head].operationId then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-tags-required: description: Every operation must have at least one tag. severity: error given: $.paths[*][get,post,put,patch,delete,options,head] then: field: tags function: truthy # PARAMETERS parameter-description-required: description: Every parameter must have a description. severity: warn given: $.paths[*][get,post,put,patch,delete,options,head].parameters[*] then: field: description function: truthy parameter-schema-required: description: Every parameter must have a schema. severity: error given: $.paths[*][get,post,put,patch,delete,options,head].parameters[*] then: field: schema function: truthy # REQUEST BODIES request-body-content-required: description: Request bodies must define content type. severity: error given: $.paths[*][post,put,patch].requestBody then: field: content function: truthy # RESPONSES response-success-required: description: Every operation must define at least one success response. severity: error given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object minProperties: 1 response-description-required: description: Every response must have a description. severity: error given: $.paths[*][get,post,put,patch,delete,options,head].responses[*] then: field: description function: truthy response-401-for-authenticated-apis: description: Authenticated APIs should define a 401 Unauthorized response. severity: warn given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object properties: '401': type: object # SCHEMAS schema-description-recommended: description: Component schemas should have descriptions. severity: info given: $.components.schemas[*] then: field: description function: truthy schema-properties-typed: description: Schema properties should have explicit types. severity: warn given: $.components.schemas[*].properties[*] then: field: type function: truthy # SECURITY security-schemes-defined: description: Security schemes must be defined in components. severity: error given: $.components then: field: securitySchemes function: truthy security-bearer-format: description: Bearer token security should use HTTP Bearer scheme. severity: info given: $.components.securitySchemes[?(@.type == 'http' && @.scheme == 'bearer')] then: field: bearerFormat function: truthy # HTTP METHOD CONVENTIONS get-no-request-body: description: GET operations must not have a request body. severity: error given: $.paths[*].get then: field: requestBody function: falsy delete-returns-204: description: DELETE operations should return 204 No Content. severity: info given: $.paths[*].delete.responses then: function: schema functionOptions: schema: type: object properties: '204': type: object # GENERAL QUALITY no-empty-descriptions: description: Descriptions must not be empty. severity: warn given: $..description then: function: truthy examples-on-schemas: description: Schema properties should include example values. severity: info given: $.components.schemas[*].properties[*] then: field: example function: truthy tags-title-case: description: Global tags should use Title Case naming. severity: warn given: $.tags[*].name then: function: pattern functionOptions: match: "^[A-Z]"