rules: # INFO / METADATA info-title-prefix: description: API title should start with "BetterCloud" message: "Info title should start with 'BetterCloud' — got '{{value}}'" severity: warn given: $.info.title then: function: pattern functionOptions: match: "^BetterCloud" info-description-required: description: API info must have a description severity: error given: $.info then: field: description function: truthy info-version-required: description: API must specify a version severity: error given: $.info then: field: version function: truthy # OPENAPI VERSION openapi-version: description: Should use OpenAPI 3.0.x severity: warn given: $.openapi then: function: pattern functionOptions: match: "^3\\.0\\." # SERVERS servers-defined: description: At least one server must be defined severity: error given: $ then: field: servers function: truthy servers-https-only: description: Server URLs must use HTTPS severity: error given: $.servers[*].url then: function: pattern functionOptions: match: "^https://" # PATHS paths-kebab-case: description: Path segments should use kebab-case severity: warn given: $.paths then: function: pattern functionOptions: match: "^(/[a-z0-9-{}]+)+$" paths-no-trailing-slash: description: Paths must not have trailing slashes severity: error given: $.paths then: function: pattern functionOptions: notMatch: "/$" # OPERATIONS operation-summary-required: description: All operations must have a summary severity: error given: $.paths[*][get,post,put,patch,delete] then: field: summary function: truthy operation-summary-prefix: description: Operation summaries should start with "BetterCloud" severity: warn given: $.paths[*][get,post,put,patch,delete].summary then: function: pattern functionOptions: match: "^BetterCloud" operation-description-required: description: Operations should have descriptions severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: description function: truthy operation-id-required: description: All operations must have operationId severity: error given: $.paths[*][get,post,put,patch,delete] then: field: operationId function: truthy operation-id-camel-case: description: operationId should use camelCase severity: warn given: $.paths[*][get,post,put,patch,delete].operationId then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]+$" operation-tags-required: description: Operations must have tags severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: tags function: truthy # PARAMETERS parameter-description-required: description: Parameters must have descriptions severity: warn given: $.paths[*][get,post,put,patch,delete].parameters[*] then: field: description function: truthy parameter-schema-required: description: Parameters must have schemas severity: error given: $.paths[*][get,post,put,patch,delete].parameters[*] then: field: schema function: truthy # RESPONSES response-success-required: description: Operations must define a success response severity: error given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object minProperties: 1 response-description-required: description: Response descriptions are required severity: error given: $.paths[*][get,post,put,patch,delete].responses[*] then: field: description function: truthy # SCHEMAS schema-error-required-fields: description: Error schema must have code, id, href, and reason fields severity: error given: $.components.schemas.ErrorResponse.required then: function: schema functionOptions: schema: type: array contains: type: string enum: - code - id - href - reason schema-description-required: description: Component schemas should have descriptions severity: warn given: $.components.schemas[*] then: field: description function: truthy # SECURITY security-schemes-defined: description: Security schemes must be defined severity: error given: $.components then: field: securitySchemes function: truthy security-global-defined: description: Global security should be defined severity: warn given: $ then: field: security function: truthy security-api-key-header: description: BetterCloud uses API key in header (X-API-Key) severity: info given: $.components.securitySchemes[*][?(@.type=='apiKey')] then: field: in function: enumeration functionOptions: values: - header # HTTP METHODS http-get-no-body: description: GET operations should not have request bodies severity: error given: $.paths[*].get then: field: requestBody function: falsy http-delete-no-body: description: DELETE operations should not have request bodies severity: warn given: $.paths[*].delete then: field: requestBody function: falsy http-post-has-body: description: POST operations creating resources should have request bodies severity: warn given: $.paths[*].post then: field: requestBody function: truthy # PAGINATION pagination-page-parameter: description: List endpoints should support page parameter severity: info given: $.paths[*].get.parameters[?(@.name=='page')].schema.type then: function: enumeration functionOptions: values: - integer # GENERAL QUALITY no-empty-descriptions: description: Descriptions should not be empty severity: warn given: $..description then: function: pattern functionOptions: match: ".+"