rules: # ============================================================ # INFO / METADATA # ============================================================ info-title-umami-prefix: description: API title must start with "Umami" severity: error given: $.info.title then: function: pattern functionOptions: match: "^Umami" info-description-required: description: API info must have a description with at least 50 characters severity: error given: $.info.description then: function: length functionOptions: min: 50 info-version-required: description: API info must include a version severity: error given: $.info.version then: function: truthy info-contact-url: description: API contact should include URL pointing to umami.is severity: warn given: $.info.contact.url then: function: truthy # ============================================================ # OPENAPI VERSION # ============================================================ openapi-version-3: description: OpenAPI version must be 3.0.x severity: error given: $.openapi then: function: pattern functionOptions: match: "^3\\.0\\." # ============================================================ # SERVERS # ============================================================ servers-required: description: At least one server must be defined severity: error given: $.servers then: function: length functionOptions: min: 1 servers-umami-domain: description: Server URL should use umami.is domain or localhost for self-hosted severity: info given: $.servers[*].url then: function: pattern functionOptions: match: "(umami\\.is|localhost)" # ============================================================ # PATHS — NAMING CONVENTIONS # ============================================================ paths-api-prefix: description: All paths should start with /api/ severity: info given: $.paths[*]~ then: function: pattern functionOptions: match: "^/api/" paths-no-trailing-slash: description: Paths must not have a trailing slash severity: warn given: $.paths[*]~ then: function: pattern functionOptions: notMatch: "\\/$" paths-kebab-case: description: Path segments should use kebab-case severity: info given: $.paths[*]~ then: function: pattern functionOptions: notMatch: "_[a-z]" # ============================================================ # OPERATIONS # ============================================================ operation-operationId-required: description: Every operation must have an operationId severity: error given: $.paths[*][get,post,put,patch,delete] then: field: operationId function: truthy operation-summary-required: description: Every operation must have a summary severity: error given: $.paths[*][get,post,put,patch,delete] then: field: summary function: truthy operation-summary-umami-prefix: description: Operation summary must start with "Umami" severity: warn given: $.paths[*][get,post,put,patch,delete].summary then: function: pattern functionOptions: match: "^Umami" operation-description-required: description: Every operation must have a description severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: description function: truthy operation-tags-required: description: Every operation must have at least one tag severity: error given: $.paths[*][get,post,put,patch,delete] then: field: tags function: truthy operation-operationId-camelCase: description: OperationId must use camelCase severity: warn given: $.paths[*][get,post,put,patch,delete].operationId then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" # ============================================================ # PARAMETERS # ============================================================ parameter-description-required: description: Every parameter must have a description severity: warn given: $.paths[*][get,post,put,patch,delete].parameters[*] then: field: description function: truthy parameter-camelCase: description: Query parameter names should use camelCase severity: info given: $.paths[*][get,post,put,patch,delete].parameters[?(@.in == 'query')].name then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" parameter-timestamps-ms: description: Timestamp parameters should indicate millisecond precision in their names or descriptions severity: info given: $.paths[*][get].parameters[?(@.name == 'startAt' || @.name == 'endAt')] then: field: description function: truthy # ============================================================ # REQUEST BODIES # ============================================================ request-body-json: description: Request body should include application/json content type severity: warn given: $.paths[*][post,put,patch].requestBody.content then: field: application/json function: truthy # ============================================================ # RESPONSES # ============================================================ response-success-required: description: Every operation must define at least one 2xx response severity: error given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object anyOf: - required: ['200'] - required: ['201'] - required: ['202'] - required: ['204'] response-401-required: description: Operations should define a 401 Unauthorized response severity: warn given: $.paths[*][get,post,put,patch,delete].responses then: field: '401' function: truthy response-description-required: description: Every response must have a description severity: error given: $.paths[*][get,post,put,patch,delete].responses[*] then: field: description function: truthy # ============================================================ # SCHEMAS # ============================================================ schema-description-required: description: Top-level schemas should have descriptions severity: warn given: $.components.schemas[*] then: field: description function: truthy schema-property-type: description: Schema properties should have types defined severity: warn given: $.components.schemas[*].properties[*] then: field: type function: truthy schema-uuid-format: description: ID fields should use format uuid severity: info given: $.components.schemas[*].properties[?(@.description =~ /identifier/i)].format then: function: pattern functionOptions: match: "uuid" # ============================================================ # SECURITY # ============================================================ security-schemes-defined: description: Security schemes must be defined in components severity: error given: $.components.securitySchemes then: function: truthy security-global-required: description: Global security should be defined severity: warn given: $.security then: function: truthy # ============================================================ # HTTP METHOD CONVENTIONS # ============================================================ get-no-request-body: description: GET operations must not have a request body severity: error given: $.paths[*].get then: field: requestBody function: falsy # ============================================================ # ANALYTICS-SPECIFIC # ============================================================ analytics-timestamps-required: description: Analytics operations should accept startAt and endAt timestamp parameters severity: info given: $.paths[*][get].parameters[*].name then: function: pattern functionOptions: notMatch: "^(start_at|end_at|start_time|end_time)$" # ============================================================ # QUALITY # ============================================================ no-empty-descriptions: description: Descriptions must not be empty strings severity: error given: $..description then: function: pattern functionOptions: match: ".+"