rules: basetrip-api-key-required: description: All operations must require X-API-Key header authentication. message: Operation must include ApiKeyAuth security requirement. severity: error given: $.paths.*.*.security then: function: schema functionOptions: schema: type: array contains: type: object required: [ApiKeyAuth] basetrip-operation-id-required: description: All operations must have an operationId. message: Operation is missing operationId. severity: error given: $.paths.*.* then: field: operationId function: truthy basetrip-operation-id-camel-case: description: Operation IDs must use camelCase. message: "{{value}} must use camelCase." severity: warn given: $.paths.*.*.operationId then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]+$" basetrip-summary-required: description: All operations must have a summary. message: Operation is missing summary. severity: error given: $.paths.*.* then: field: summary function: truthy basetrip-summary-title-case: description: Operation summaries must use Title Case. message: Summary must use Title Case. severity: warn given: $.paths.*.*.summary then: function: pattern functionOptions: match: "^[A-Z][a-zA-Z0-9 ]+$" basetrip-tags-required: description: All operations must be tagged. message: Operation must include at least one tag. severity: error given: $.paths.*.* then: field: tags function: truthy basetrip-description-required: description: All operations must have a description. message: Operation is missing description. severity: warn given: $.paths.*.* then: field: description function: truthy basetrip-200-response-required: description: All GET operations must have a 200 response. message: GET operation is missing 200 success response. severity: error given: $.paths.*.get.responses then: field: "200" function: truthy basetrip-401-response-defined: description: Operations should document 401 Unauthorized responses. message: Operation is missing 401 response definition. severity: warn given: $.paths.*.get.responses then: field: "401" function: truthy basetrip-404-response-defined: description: Operations on parameterized paths should document 404 responses. message: Parameterized path operation is missing 404 response. severity: warn given: "$.paths[*~/*{id}*].*.responses" then: field: "404" function: truthy basetrip-path-kebab-case: description: Path segments must use kebab-case. message: Path segment must use kebab-case. severity: warn given: $.paths[*]~ then: function: pattern functionOptions: match: "^(/[a-z][a-z0-9-]*(/\\{[a-zA-Z]+\\})?)+$" basetrip-schema-description-required: description: All schema properties should have descriptions. message: Schema property is missing description. severity: warn given: $.components.schemas.*.properties.* then: field: description function: truthy basetrip-response-schema-ref: description: Responses should reference schemas using $ref rather than inline definitions. message: Response content should use $ref to reference schemas. severity: warn given: $.paths.*.*.responses.*.content.application/json.schema then: field: "$ref" function: truthy basetrip-info-contact-required: description: API info must include contact details. message: API info is missing contact information. severity: warn given: $.info then: field: contact function: truthy basetrip-server-url-https: description: Server URLs must use HTTPS. message: Server URL must use HTTPS. severity: error given: $.servers.*.url then: function: pattern functionOptions: match: "^https://"