extends: - spectral:oas # Spectral linting rules for Cloud Native Buildpacks specs. # CNB does not expose a runtime HTTP API directly; these rules # apply to ancillary services such as the Buildpack Registry API # and any platform integrations that wrap the lifecycle. rules: cnb-info-contact: description: API contact information must be present. severity: error given: "$.info" then: field: contact function: truthy cnb-info-license: description: API license must be declared (CNB is Apache-2.0). severity: warn given: "$.info" then: field: license function: truthy cnb-server-https: description: All server URLs must use HTTPS. severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" cnb-operation-tags: description: Every operation must declare at least one tag. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: tags function: schema functionOptions: schema: type: array minItems: 1 cnb-operation-summary: description: Every operation must include a short summary. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: summary function: truthy cnb-operation-id: description: Every operation must declare a unique operationId. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: operationId function: truthy cnb-error-responses: description: Mutating operations should declare 4xx error responses. severity: warn given: "$.paths[*][post,put,patch,delete].responses" then: function: schema functionOptions: schema: type: object anyOf: - required: ["400"] - required: ["401"] - required: ["403"] - required: ["404"] - required: ["422"] cnb-buildpack-id-pattern: description: Buildpack IDs should follow the reverse-DNS convention. severity: info given: "$.paths[?(@property.match(/buildpack/))]" then: function: truthy