extends: spectral:oas rules: info-title-prefix: description: API title must start with "Apache APISIX" severity: warn given: "$.info.title" then: function: pattern functionOptions: match: "^Apache APISIX" info-description-required: description: API must have a description. severity: error given: "$.info" then: field: description function: truthy info-version-required: description: API must declare a version. severity: error given: "$.info" then: field: version function: truthy servers-defined: description: At least one server must be defined. severity: error given: "$" then: field: servers function: truthy operation-summary-required: description: Every operation must have a summary. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: summary function: truthy operation-summary-starts-with-apache-apisix: description: Operation summaries must start with "Apache APISIX". severity: warn given: "$.paths[*][get,post,put,patch,delete].summary" then: function: pattern functionOptions: match: "^Apache APISIX" operation-operationId-required: description: Every operation must have an operationId. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: operationId function: truthy operation-operationId-camelCase: description: operationId must be camelCase. severity: warn given: "$.paths[*][get,post,put,patch,delete].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-tags-required: description: Every operation must have at least one tag. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: tags function: truthy operation-description-required: description: Every operation should have a description. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: description function: truthy paths-kebab-case: description: Path segments must use kebab-case or standard patterns. severity: info given: "$.paths" then: function: pattern functionOptions: match: "^(/[a-z0-9{}_\\-*]+)+" parameter-description-required: description: Every parameter must have a description. severity: warn given: "$.paths[*][get,post,put,patch,delete].parameters[*]" then: field: description function: truthy response-success-required: description: Every operation must define at least one 2xx response. severity: error given: "$.paths[*][get,post,put,patch,delete].responses" then: function: schema functionOptions: schema: anyOf: - required: ['200'] - required: ['201'] - required: ['204'] response-description-required: description: Every response must have a description. severity: error given: "$.paths[*][get,post,put,patch,delete].responses[*]" then: field: description function: truthy security-schemes-defined: description: Security schemes must be defined in components. severity: warn given: "$.components" then: field: securitySchemes function: truthy apikey-in-header: description: API key authentication should use a header, not a query parameter. severity: warn given: "$.components.securitySchemes[?(@.type=='apiKey')]" then: field: in function: enumeration functionOptions: values: - header get-no-request-body: description: GET operations must not have a request body. severity: error given: "$.paths[*].get" then: field: requestBody function: falsy delete-returns-200-or-204: description: DELETE operations should return 200 or 204. severity: info given: "$.paths[*].delete.responses" then: function: schema functionOptions: schema: anyOf: - required: ['200'] - required: ['204'] schema-type-defined: description: Schema components must have a type defined. severity: warn given: "$.components.schemas[*]" then: field: type function: truthy