extends: ["spectral:oas"]
documentationUrl: https://docs.coresignal.com/multi-source-employee-api/
rules:
  coresignal-employee-server-https:
    description: Servers must use HTTPS.
    given: "$.servers[*].url"
    severity: error
    then:
      function: pattern
      functionOptions:
        match: "^https://"
  coresignal-employee-base-url:
    description: Base URL must reference api.coresignal.com/cdapi/v2/multi_source_employee.
    given: "$.servers[*].url"
    severity: error
    then:
      function: pattern
      functionOptions:
        match: "api.coresignal.com/cdapi/v2/multi_source_employee"
  coresignal-employee-apikey:
    description: API must use apikey header authentication.
    given: "$.components.securitySchemes.apiKey.name"
    severity: error
    then:
      function: pattern
      functionOptions:
        match: "^apikey$"
  coresignal-employee-search-paths:
    description: API should expose filter and Elasticsearch DSL search endpoints.
    given: "$.paths"
    severity: warn
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - /search/filter
            - /search/es_dsl
            - /collect/{id}
  coresignal-employee-pii-flag:
    description: Description should acknowledge that records contain personal data.
    given: "$.info.description"
    severity: info
    then:
      function: pattern
      functionOptions:
        match: "employee|profile|personal"
  coresignal-employee-operation-id:
    description: Operations must define an operationId.
    given: "$.paths.*[get,post]"
    severity: error
    then:
      field: operationId
      function: truthy
  coresignal-employee-operation-tags:
    description: Operations must define tags.
    given: "$.paths.*[get,post]"
    severity: error
    then:
      field: tags
      function: truthy