extends: spectral:oas
rules:
  secureworks-operation-ids-camel-case:
    description: Operation IDs must use camelCase
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  secureworks-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  secureworks-summaries-title-case:
    description: Operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*(\\s[A-Z][a-zA-Z0-9]*)*$"

  secureworks-bearer-auth-required:
    description: All operations except token endpoint require bearer authentication
    severity: error
    given: "$.paths['/graphql'][*]"
    then:
      field: security
      function: truthy

  secureworks-graphql-request-body:
    description: GraphQL endpoint must define requestBody with query field
    severity: error
    given: "$.paths['/graphql'][post]"
    then:
      field: requestBody
      function: truthy

  secureworks-multi-region-servers:
    description: API should document all regional server URLs
    severity: info
    given: "$.servers"
    then:
      function: truthy

  secureworks-response-errors-documented:
    description: Operations should document 401 and 429 error responses
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      field: "401"
      function: truthy

  secureworks-graphql-variables-typed:
    description: GraphQL request schema should type variables as object
    severity: info
    given: "$.components.schemas.GraphQLRequest.properties.variables"
    then:
      field: type
      function: truthy