rules: # Authentication Rules albato-auth-apikey-required: description: Albato APIs must define API key authentication message: Security scheme must include ApiKeyAuth severity: error given: "$.components.securitySchemes" then: field: ApiKeyAuth function: truthy albato-global-security-defined: description: Global security must be defined message: Top-level security must reference ApiKeyAuth severity: error given: "$.security[*]" then: field: ApiKeyAuth function: defined # Info Rules albato-info-title: description: API title must be present message: Info object must have a title severity: error given: "$.info" then: field: title function: truthy albato-info-description: description: API description must be present message: Info object must have a description severity: error given: "$.info" then: field: description function: truthy albato-info-version: description: API version must be present message: Info object must have a version severity: error given: "$.info" then: field: version function: truthy # Path Rules albato-path-no-trailing-slash: description: Paths must not end with a trailing slash message: "Path '{{property}}' should not end with a trailing slash" severity: warn given: "$.paths" then: function: pattern functionOptions: notMatch: ".+/$" albato-path-lowercase: description: Paths must be lowercase with hyphens message: "Path '{{property}}' must use lowercase with hyphens" severity: error given: "$.paths" then: function: pattern functionOptions: notMatch: "[A-Z_]" # Operation Rules albato-operation-id-required: description: All operations must have an operationId message: Operation must have an operationId severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: operationId function: truthy albato-operation-summary-required: description: All operations must have a summary message: Operation must have a summary severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: summary function: truthy albato-operation-description-required: description: All operations should have a description message: Operation should have a description severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: description function: truthy albato-operation-tags-required: description: All operations must have tags message: Operation must have at least one tag severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: tags function: truthy # Response Rules albato-response-200-get: description: GET operations must define a 200 response message: GET operation must define a 200 response severity: error given: "$.paths[*].get.responses" then: field: "200" function: defined albato-response-201-post: description: POST create operations should return 201 message: POST operation should define a 201 response severity: warn given: "$.paths[*].post.responses" then: field: "201" function: defined albato-response-401: description: Operations should document 401 Unauthorized message: Operations should define a 401 response severity: warn given: "$.paths[*].get.responses" then: field: "401" function: defined albato-response-json: description: Responses must use application/json message: Response must define application/json content type severity: error given: "$.paths[*][get,post,put].responses[200,201].content" then: field: application/json function: defined # Schema Rules albato-schema-description: description: Schemas must have descriptions message: Schema must have a description severity: warn given: "$.components.schemas[*]" then: field: description function: truthy albato-property-type: description: Schema properties must have types message: Property must define a type severity: error given: "$.components.schemas[*].properties[*]" then: field: type function: truthy # Parameter Rules albato-parameter-description: description: Parameters should have descriptions message: Parameter should have a description severity: warn given: "$.paths[*][*].parameters[*]" then: field: description function: truthy albato-path-param-schema: description: Path parameters must have schemas message: Path parameter must define a schema severity: error given: "$.paths[*][*].parameters[?(@.in=='path')]" then: field: schema function: truthy # Naming Conventions albato-operation-id-camel-case: description: operationId must use camelCase message: "operationId '{{value}}' must use camelCase" severity: warn given: "$.paths[*][*].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" albato-schema-pascal-case: description: Schema names must use PascalCase message: "Schema '{{property}}' must use PascalCase" severity: warn given: "$.components.schemas" then: function: pattern functionOptions: match: "^[A-Z][a-zA-Z0-9]*$" # Request Body Rules albato-request-body-json: description: Request bodies must use application/json message: Request body must define application/json severity: error given: "$.paths[*][post,put,patch].requestBody.content" then: field: application/json function: defined albato-request-body-required: description: POST operations should have required request bodies message: POST request body should be marked required severity: warn given: "$.paths[*].post.requestBody" then: field: required function: truthy # Server Rules albato-servers-defined: description: API must define servers message: API must include servers section severity: error given: "$" then: field: servers function: truthy albato-tags-documented: description: Tags must be documented at root level message: Tags used in operations should be defined at root level severity: warn given: "$" then: field: tags function: truthy