extends: spectral:oas rules: # INFO / METADATA info-title-format: description: API title must start with "Amberflo" severity: warn given: "$.info.title" then: function: pattern functionOptions: match: "^Amberflo" info-description-required: description: API info must have a description severity: error given: "$.info" then: field: description function: truthy info-version-required: description: API info must have a version severity: error given: "$.info" then: field: version function: truthy # OPENAPI VERSION openapi-version: description: Specs must use OpenAPI 3.0.x severity: warn given: "$.openapi" then: function: pattern functionOptions: match: "^3\.0\." # SERVERS servers-defined: description: At least one server must be defined severity: error given: "$" then: field: servers function: truthy servers-https-only: description: Server URLs must use HTTPS severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" # PATHS — NAMING CONVENTIONS paths-kebab-case: description: Path segments must use kebab-case severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: match: "^(\/([a-z0-9-]+|\{[a-zA-Z]+\}))*$" paths-no-trailing-slash: description: Paths must not have trailing slashes severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "\/$" # OPERATIONS operation-summary-required: description: Operations must have a summary severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: summary function: truthy operation-summary-prefix: description: Operation summary must start with "Amberflo" severity: warn given: "$.paths[*][get,post,put,delete,patch].summary" then: function: pattern functionOptions: match: "^Amberflo" operation-description-required: description: Operations must have a description severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: description function: truthy operation-id-required: description: Operations must have an operationId severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: operationId function: truthy operation-id-camel-case: description: operationId must use camelCase severity: warn given: "$.paths[*][get,post,put,delete,patch].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-tags-required: description: Operations must have at least one tag severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: tags function: truthy # PARAMETERS parameter-description-required: description: Parameters must have a description severity: warn given: "$.paths[*][get,post,put,delete,patch].parameters[*]" then: field: description function: truthy parameter-api-key-header: description: API key should be in a header named X-API-KEY severity: info given: "$.components.securitySchemes[*][?(@.type=='apiKey')]" then: field: name function: pattern functionOptions: match: "^X-API-KEY$" # REQUEST BODIES request-body-json-content: description: Request bodies should use application/json severity: warn given: "$.paths[*][post,put,patch].requestBody.content" then: function: schema functionOptions: schema: type: object required: - "application/json" # RESPONSES response-success-required: description: Operations must have a success (2xx) response severity: error given: "$.paths[*][get,post,put,delete,patch].responses" then: function: schema functionOptions: schema: type: object anyOf: - required: ["200"] - required: ["201"] - required: ["204"] response-401-defined: description: Operations should define a 401 Unauthorized response severity: warn given: "$.paths[*][get,post,put,delete,patch].responses" then: function: schema functionOptions: schema: type: object required: - "401" response-description-required: description: Response objects must have a description severity: error given: "$.paths[*][get,post,put,delete,patch].responses[*]" then: field: description function: truthy # SCHEMAS — PROPERTY NAMING schema-properties-snake-case: description: Schema property names should use camelCase (Amberflo convention) severity: info given: "$.components.schemas[*].properties[*]~" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" schema-description-required: description: Component schemas should have a description severity: warn given: "$.components.schemas[*]" then: field: description function: truthy # SECURITY security-scheme-defined: description: Security schemes must be defined severity: error given: "$.components.securitySchemes" then: function: truthy security-applied: description: Global security or per-operation security should be defined severity: warn given: "$" then: field: security function: truthy # HTTP METHOD CONVENTIONS get-no-request-body: description: GET operations must not have a request body severity: error given: "$.paths[*].get" then: field: requestBody function: falsy delete-no-request-body: description: DELETE operations should not have a request body severity: warn given: "$.paths[*].delete" then: field: requestBody function: falsy # GENERAL QUALITY no-empty-descriptions: description: Descriptions must not be empty strings severity: error given: "$..description" then: function: pattern functionOptions: match: ".+" microcks-operation-required: description: Operations should have x-microcks-operation for mock compatibility severity: info given: "$.paths[*][get,post,put,delete,patch]" then: field: x-microcks-operation function: truthy