extends: spectral:oas
rules:
  # Sherwin-Williams API Governance Rules
  sherwin-williams-must-have-summary:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: defined

  sherwin-williams-must-have-tags:
    description: All operations must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: defined

  sherwin-williams-must-have-operation-id:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: defined

  sherwin-williams-no-trailing-slash:
    description: Paths must not have trailing slashes
    severity: error
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        notMatch: ".*/$"

  sherwin-williams-operation-id-camel-case:
    description: Operation IDs must use camelCase
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  sherwin-williams-parameters-have-schema:
    description: All parameters must have a schema defined
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: schema
      function: defined

  sherwin-williams-b2b-auth:
    description: B2B APIs must have authentication defined
    severity: error
    given: "$.security"
    then:
      function: defined