rules: spanning-operation-summary-title-case: description: All operation summaries must use Title Case message: Operation summary "{{value}}" must use Title Case severity: warn given: "$.paths[*][*].summary" then: function: pattern functionOptions: match: "^([A-Z][a-z0-9-]*)(\\s[A-Z][a-z0-9-]*)*$" spanning-operation-id-camel-case: description: All operationIds must use camelCase message: OperationId "{{value}}" must use camelCase severity: warn given: "$.paths[*][*].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" spanning-tags-title-case: description: All tags must use Title Case message: Tag "{{value}}" must use Title Case severity: warn given: "$.tags[*].name" then: function: pattern functionOptions: match: "^([A-Z][a-z0-9-]*)(\\s[A-Z][a-z0-9-]*)*$" spanning-operations-require-security: description: All operations must specify security requirements message: Operation must define security requirements severity: warn given: "$.paths[*][*]" then: field: security function: truthy spanning-response-must-have-description: description: All responses must have a description message: Response must have a description severity: warn given: "$.paths[*][*].responses[*]" then: field: description function: truthy spanning-schema-properties-have-descriptions: description: Schema properties should have descriptions message: Schema property "{{path}}" should have a description severity: info given: "$.components.schemas[*].properties[*]" then: field: description function: truthy spanning-servers-must-be-https: description: All server URLs must use HTTPS message: Server URL "{{value}}" must use HTTPS severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" spanning-security-scheme-is-api-key: description: Spanning APIs use API key authentication message: Security scheme should be apiKey type severity: info given: "$.components.securitySchemes[*]" then: field: type function: enumeration functionOptions: values: - apiKey