rules: # ─── INFO / METADATA ──────────────────────────────────────────────────────── info-title-required: description: The info object must have a non-empty title. severity: error given: "$.info" then: field: title function: truthy info-title-prefix: description: API title must start with "42Crunch" to identify the provider. severity: warn given: "$.info.title" then: function: pattern functionOptions: match: "^42Crunch" info-description-required: description: The info object must have a description with at least 30 characters. severity: warn given: "$.info" then: field: description function: minLength functionOptions: value: 30 info-version-required: description: The info object must specify a version. severity: error given: "$.info" then: field: version function: truthy info-contact-required: description: The info object should include contact information. severity: info given: "$.info" then: field: contact function: truthy # ─── OPENAPI VERSION ──────────────────────────────────────────────────────── openapi-version-3: description: All specs must use OpenAPI 3.0.x. severity: error given: "$" then: field: openapi function: pattern functionOptions: match: "^3\\.0\\." # ─── SERVERS ──────────────────────────────────────────────────────────────── servers-defined: description: At least one server must be defined. severity: warn given: "$" then: field: servers function: truthy servers-description: description: Every server must have a description. severity: info given: "$.servers[*]" then: field: description function: truthy # ─── PATHS — NAMING CONVENTIONS ───────────────────────────────────────────── paths-kebab-case: description: Path segments must use kebab-case (lowercase letters, numbers, hyphens). severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: match: "^(/[a-z0-9{}-]+)+$" paths-no-trailing-slash: description: Paths must not end with a trailing slash. severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "/$" paths-no-query-string: description: Paths must not contain query strings; use parameters instead. severity: error given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "\\?" # ─── OPERATIONS ───────────────────────────────────────────────────────────── operation-summary-required: description: Every operation must have a summary. severity: error given: "$.paths[*][get,post,put,patch,delete,options,head]" then: field: summary function: truthy operation-summary-prefix: description: Operation summaries must start with "42Crunch" for consistency. severity: warn given: "$.paths[*][get,post,put,patch,delete,options,head].summary" then: function: pattern functionOptions: match: "^42Crunch" operation-description-required: description: Every operation must have a description. severity: warn given: "$.paths[*][get,post,put,patch,delete,options,head]" then: field: description function: truthy operation-id-required: description: Every operation must have an operationId. severity: error given: "$.paths[*][get,post,put,patch,delete,options,head]" then: field: operationId function: truthy operation-id-camel-case: description: operationId must use camelCase format. severity: warn given: "$.paths[*][get,post,put,patch,delete,options,head].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]+$" operation-id-verb-prefix: description: operationId should start with a standard verb (list, get, create, update, delete, check, run, search). severity: info given: "$.paths[*][get,post,put,patch,delete,options,head].operationId" then: function: pattern functionOptions: match: "^(list|get|create|update|delete|check|run|search|health)[A-Z]" operation-tags-required: description: Every operation must have at least one tag. severity: error given: "$.paths[*][get,post,put,patch,delete,options,head]" then: field: tags function: truthy operation-microcks-extension: description: Operations should include x-microcks-operation for mock server compatibility. severity: info given: "$.paths[*][get,post,put,patch,delete]" then: field: x-microcks-operation function: truthy # ─── TAGS ─────────────────────────────────────────────────────────────────── tags-global-defined: description: Global tags array should be defined with descriptions. severity: warn given: "$" then: field: tags function: truthy tags-title-case: description: Tag names must use Title Case (e.g., "Jobs", "Health", "Logs"). severity: warn given: "$.tags[*].name" then: function: pattern functionOptions: match: "^[A-Z][a-zA-Z ]*$" tags-description-required: description: Each global tag should have a description. severity: info given: "$.tags[*]" then: field: description function: truthy # ─── PARAMETERS ───────────────────────────────────────────────────────────── parameter-description-required: description: Every parameter must have a description. severity: warn given: "$.paths[*][*].parameters[*]" then: field: description function: truthy parameter-schema-required: description: Every parameter must have a schema. severity: error given: "$.paths[*][*].parameters[*]" then: field: schema function: truthy parameter-name-kebab-case: description: Query parameter names should use snake_case or kebab-case. severity: info given: "$.paths[*][*].parameters[?(@.in == 'query')].name" then: function: pattern functionOptions: match: "^[a-z][a-z0-9_-]*$" # ─── REQUEST BODIES ───────────────────────────────────────────────────────── request-body-json-content: description: Request bodies should specify application/json as content type. severity: warn given: "$.paths[*][post,put,patch].requestBody.content" then: function: truthy request-body-examples: description: Request body schemas should include examples for documentation and mocking. severity: info given: "$.paths[*][post,put,patch].requestBody.content.application/json" then: field: examples function: truthy # ─── RESPONSES ────────────────────────────────────────────────────────────── response-success-required: description: Every operation must have at least one 2xx success response. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: responses function: schema functionOptions: schema: type: object minProperties: 1 response-400-required: description: Every operation should have a 400 Bad Request response. severity: warn given: "$.paths[*][get,post,put,patch,delete].responses" then: field: "400" function: truthy response-description-required: description: Every response must have a description. severity: error given: "$.paths[*][*].responses[*]" then: field: description function: truthy response-json-content: description: Success responses should return application/json content. severity: warn given: "$.paths[*][get,post,put,patch].responses[?(@property.match(/^2/))]" then: field: content function: truthy response-error-schema: description: Error responses (4xx) should use the Error schema with an 'error' field. severity: warn given: "$.paths[*][*].responses[?(@property.match(/^4/))]" then: field: content function: truthy # ─── SCHEMAS — PROPERTY NAMING ────────────────────────────────────────────── schema-type-defined: description: All schemas in components must have a type defined. severity: warn given: "$.components.schemas[*]" then: field: type function: truthy schema-description-required: description: All component schemas should have a description. severity: warn given: "$.components.schemas[*]" then: field: description function: truthy schema-properties-description: description: Schema properties should have descriptions. severity: info given: "$.components.schemas[*].properties[*]" then: field: description function: truthy schema-additional-properties-false: description: Schemas should set additionalProperties to false for strict validation. severity: info given: "$.components.schemas[*]" then: field: additionalProperties function: defined schema-no-empty-properties: description: Schema properties must not be empty objects without type or $ref. severity: warn given: "$.components.schemas[*].properties[*]" then: function: truthy # ─── SECURITY ──────────────────────────────────────────────────────────────── security-schemes-described: description: All security schemes must have descriptions. severity: warn given: "$.components.securitySchemes[*]" then: field: description function: truthy # ─── HTTP METHOD CONVENTIONS ───────────────────────────────────────────────── get-no-request-body: description: GET operations must not have a request body. severity: error given: "$.paths[*].get" then: field: requestBody function: falsy delete-no-request-body: description: DELETE operations should not have a request body. severity: warn given: "$.paths[*].delete" then: field: requestBody function: falsy post-has-request-body: description: POST operations should have a request body. severity: warn given: "$.paths[*].post" then: field: requestBody function: truthy # ─── GENERAL QUALITY ───────────────────────────────────────────────────────── no-empty-descriptions: description: Descriptions must not be empty strings. severity: error given: "$..description" then: function: truthy examples-encouraged: description: Schema properties should include example values. severity: info given: "$.components.schemas[*].properties[*]" then: field: example function: truthy