extends: spectral:oas
rules:
  spotify-operation-ids-required:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  spotify-operation-summary-required:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  spotify-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  spotify-response-200-get:
    description: GET operations must have a 200 response
    severity: error
    given: "$.paths[*].get"
    then:
      field: responses.200
      function: truthy

  spotify-response-401-required:
    description: All operations must document 401 Unauthorized (OAuth required)
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.401
      function: truthy

  spotify-response-403-required:
    description: All operations should document 403 Forbidden (scope missing)
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.403
      function: truthy

  spotify-response-429-required:
    description: All operations must document 429 Too Many Requests
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.429
      function: truthy

  spotify-oauth2-security:
    description: API must use OAuth 2.0 security scheme
    severity: error
    given: "$.components.securitySchemes.oauth_2_0"
    then:
      function: truthy

  spotify-path-ids-use-kebab:
    description: Path parameters for IDs should use underscore_case naming
    severity: info
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z_{}]+)+$"

  spotify-pagination-limit-param:
    description: List endpoints should support a 'limit' query parameter
    severity: warn
    given: "$.paths[?(@property.match(/\\/tracks$|\\/albums$|\\/artists$|\\/playlists$|\\/items$|\\/episodes$/))]..parameters[?(@.name == 'limit')]"
    then:
      function: truthy

  spotify-spotify-uri-format:
    description: Spotify URI fields should follow spotify:{type}:{id} pattern
    severity: info
    given: "$.components.schemas[*].properties.uri"
    then:
      function: truthy

  spotify-market-param-naming:
    description: Market parameters should be named 'market' and use ISO 3166-1 codes
    severity: info
    given: "$.paths[*][get,post].parameters[?(@.name == 'market')]"
    then:
      field: schema.type
      function: pattern
      functionOptions:
        match: "^string$"

  spotify-response-schema-required:
    description: Success responses must include a schema
    severity: warn
    given: "$.paths[*].get.responses['200'].content.application/json"
    then:
      field: schema
      function: truthy

  spotify-description-required:
    description: Operations should have descriptions
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy