rules: # =========================== # INFO / METADATA # =========================== info-title-pattern: description: API title must start with "AT&T" severity: warn given: $.info.title then: function: pattern functionOptions: match: '^AT&T ' info-description-required: description: API info must have a non-empty description severity: error given: $.info then: field: description function: truthy info-version-required: description: API info must have a version severity: error given: $.info then: field: version function: truthy info-contact-required: description: API info should have contact information severity: warn given: $.info then: field: contact function: truthy info-terms-of-service: description: API info should include a termsOfService URL severity: warn given: $.info then: field: termsOfService function: truthy # =========================== # OPENAPI VERSION # =========================== openapi-version: description: Must use OpenAPI 3.0.x severity: error given: $.openapi then: function: pattern functionOptions: match: '^3\.0\.' # =========================== # SERVERS # =========================== servers-required: description: At least one server must be defined severity: error given: $ then: field: servers function: truthy servers-https-only: description: All server URLs must use HTTPS severity: error given: $.servers[*].url then: function: pattern functionOptions: match: '^https://' servers-description-required: description: Each server should have a description severity: warn given: $.servers[*] then: field: description function: truthy # =========================== # PATHS — NAMING CONVENTIONS # =========================== paths-kebab-case: description: Path segments must use kebab-case (lowercase with hyphens) severity: warn given: $.paths then: function: pattern functionOptions: match: '^(\/[a-z0-9{}\-]+)+$' paths-no-trailing-slash: description: Paths must not end with a trailing slash severity: warn given: $.paths then: function: pattern functionOptions: notMatch: '\/$' # =========================== # OPERATIONS # =========================== operation-summary-required: description: Every operation must have a summary severity: error given: $.paths[*][get,post,put,patch,delete,head,options] then: field: summary function: truthy operation-summary-att-prefix: description: Operation summaries must start with "AT&T" severity: warn given: $.paths[*][get,post,put,patch,delete].summary then: function: pattern functionOptions: match: '^AT&T ' operation-description-required: description: Every operation must have a description severity: error given: $.paths[*][get,post,put,patch,delete,head,options] then: field: description function: truthy operation-operationid-required: description: Every operation must have an operationId severity: error given: $.paths[*][get,post,put,patch,delete,head,options] then: field: operationId function: truthy operation-operationid-camel-case: description: operationId must use camelCase severity: warn given: $.paths[*][get,post,put,patch,delete].operationId then: function: pattern functionOptions: match: '^[a-z][a-zA-Z0-9]+$' operation-tags-required: description: Every operation must have at least one tag severity: error given: $.paths[*][get,post,put,patch,delete,head,options] then: field: tags function: truthy # =========================== # TAGS # =========================== tags-global-defined: description: Global tags array should be defined severity: warn given: $ then: field: tags function: truthy # =========================== # PARAMETERS # =========================== parameter-description-required: description: Every parameter must have a description severity: error given: $.paths[*][*].parameters[*] then: field: description function: truthy parameter-schema-required: description: Every parameter must have a schema severity: error given: $.paths[*][*].parameters[*] then: field: schema function: truthy parameter-snake-case: description: Query and header parameter names should use snake_case or camelCase severity: info given: $.paths[*][*].parameters[?(@.in == 'query')].name then: function: pattern functionOptions: match: '^[a-z][a-zA-Z0-9_.]+$' # =========================== # REQUEST BODIES # =========================== request-body-description: description: Request bodies should have a description severity: warn given: $.paths[*][post,put,patch].requestBody then: field: description function: truthy request-body-json-content: description: Request bodies should support application/json severity: warn given: $.paths[*][post,put,patch].requestBody.content then: function: truthy # =========================== # RESPONSES # =========================== response-success-required: description: Every operation must have at least one 2xx response severity: error given: $.paths[*][get,post,put,patch,delete] then: field: responses function: truthy response-description-required: description: Every response must have a description severity: error given: $.paths[*][*].responses[*] then: field: description function: truthy response-401-required: description: Operations using security should have a 401 response severity: warn given: $.paths[*][get,post,put,patch,delete][?(@.security)] then: field: responses.401 function: truthy response-400-for-post: description: POST operations should document a 400 Bad Request response severity: warn given: $.paths[*].post then: field: responses.400 function: truthy # =========================== # SCHEMAS — PROPERTY NAMING # =========================== schema-description-required: description: Top-level component schemas should have descriptions severity: warn given: $.components.schemas[*] then: field: description function: truthy schema-properties-types: description: Schema properties should have a type defined severity: warn given: $.components.schemas[*].properties[*] then: field: type function: truthy # =========================== # SECURITY # =========================== security-schemes-defined: description: Security schemes must be defined in components severity: error given: $.components then: field: securitySchemes function: truthy security-oauth2-scopes: description: OAuth2 security schemes must define scopes severity: warn given: $.components.securitySchemes[?(@.type == 'oauth2')].flows[*] then: field: scopes function: truthy # =========================== # HTTP METHOD CONVENTIONS # =========================== get-no-request-body: description: GET operations must not have a request body severity: error given: $.paths[*].get then: field: requestBody function: falsy delete-no-request-body: description: DELETE operations should not have a request body severity: warn given: $.paths[*].delete then: field: requestBody function: falsy post-has-request-body: description: POST operations should have a request body severity: warn given: $.paths[*].post then: field: requestBody function: truthy # =========================== # GENERAL QUALITY # =========================== no-empty-descriptions: description: Descriptions must not be empty strings severity: error given: $..description then: function: pattern functionOptions: match: '.+' operation-examples-encouraged: description: Operations should include request/response examples for Microcks compatibility severity: info given: $.paths[*][get,post,put,patch,delete].responses[*].content[*] then: field: examples function: truthy microcks-operation-extension: description: Operations should include x-microcks-operation extension for mock server support severity: info given: $.paths[*][get,post,put,patch,delete] then: field: x-microcks-operation function: truthy