# Akamai API Security Spectral Ruleset
# Enforces conventions found in the Akamai Application Security API specification

rules:

  # INFO / METADATA
  info-title-format:
    message: "API title should start with 'Akamai'"
    severity: warn
    given: "$.info.title"
    then:
      function: pattern
      functionOptions:
        match: "^Akamai"

  info-description-required:
    message: "API info must have a description"
    severity: error
    given: "$.info"
    then:
      field: description
      function: truthy

  info-version-required:
    message: "API info must have a version"
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  # OPENAPI VERSION
  openapi-version-3:
    message: "Must use OpenAPI 3.x"
    severity: error
    given: "$"
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\."

  # SERVERS
  servers-defined:
    message: "Servers must be defined"
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  servers-https:
    message: "Server URLs should use HTTPS"
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  # PATHS
  paths-kebab-case:
    message: "Path segments should use kebab-case"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(\\/([a-z0-9][a-z0-9\\-]*|\\{[a-zA-Z][a-zA-Z0-9_]*\\}))*$"

  paths-no-trailing-slash:
    message: "Paths must not have trailing slashes"
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "\\/$"

  # OPERATIONS
  operation-summary-required:
    message: "Every operation must have a summary"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: summary
      function: truthy

  operation-summary-akamai-prefix:
    message: "Operation summaries should start with 'Akamai'"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options].summary"
    then:
      function: pattern
      functionOptions:
        match: "^Akamai"

  operation-description-required:
    message: "Every operation must have a description"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: description
      function: truthy

  operation-id-required:
    message: "Every operation must have an operationId"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: operationId
      function: truthy

  operation-id-camel-case:
    message: "operationId should use camelCase"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  operation-tags-required:
    message: "Every operation must have at least one tag"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: tags
      function: truthy

  # PARAMETERS
  parameter-description-required:
    message: "All parameters must have a description"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete][*].parameters[*]"
    then:
      field: description
      function: truthy

  # RESPONSES
  operation-success-response:
    message: "Operations must have at least one 2xx response"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses
      function: truthy

  response-description-required:
    message: "All responses must have a description"
    severity: error
    given: "$.paths[*][*].responses[*]"
    then:
      field: description
      function: truthy

  # SCHEMAS
  schema-type-defined:
    message: "Schema properties should have a type defined"
    severity: warn
    given: "$.components.schemas[*].properties[*]"
    then:
      field: type
      function: truthy

  schema-description-required:
    message: "Top-level schemas should have a description"
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  # SECURITY
  security-schemes-defined:
    message: "Security schemes should be defined"
    severity: warn
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  # HTTP METHODS
  get-no-request-body:
    message: "GET operations must not have a request body"
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  delete-no-request-body:
    message: "DELETE operations should not have a request body"
    severity: warn
    given: "$.paths[*].delete"
    then:
      field: requestBody
      function: falsy

  # GENERAL QUALITY
  no-empty-descriptions:
    message: "Descriptions must not be empty"
    severity: error
    given: "$..description"
    then:
      function: truthy