rules: rsc-operation-ids-camel-case: description: All operationIds must use camelCase naming convention. severity: warn given: "$.paths.*[get,post,put,patch,delete].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" rsc-tags-title-case: description: All tags must use Title Case. severity: warn given: "$.tags[*].name" then: function: pattern functionOptions: match: "^[A-Z][a-zA-Z0-9 ]*$" rsc-api-key-auth: description: All operations must use apiKeyAuth security unless explicitly public. severity: warn given: "$.paths.*[get,post,put,patch,delete]" then: function: schema functionOptions: schema: properties: security: type: array required: - security rsc-request-body-json: description: POST request bodies must use application/json content type. severity: warn given: "$.paths.*.post.requestBody.content" then: function: schema functionOptions: schema: type: object properties: application/json: type: object rsc-filter-endpoints-return-query-id: description: Filter endpoints should return a queryId for async polling. severity: info given: "$.paths['/filter/*'].post.responses.200.content.application/json.schema" then: function: schema functionOptions: schema: properties: queryId: type: string rsc-paths-kebab-case: description: All path segments must use kebab-case. severity: warn given: "$.paths" then: function: pattern functionOptions: match: "^(/[a-z0-9{}-]+)+$" rsc-response-200-defined: description: All operations must define a 200 response. severity: error given: "$.paths.*[get,post,put,patch,delete].responses" then: function: schema functionOptions: schema: required: - "200" rsc-401-defined-for-secured: description: Secured operations should define a 401 response. severity: warn given: "$.paths.*[get,post].responses" then: function: schema functionOptions: schema: properties: "401": type: object