rules: # INFO / METADATA info-title-required: description: API title must be present and start with USPS. severity: error given: "$.info.title" then: function: truthy info-description-required: description: API info description must be present and at least 50 characters. severity: warn given: "$.info.description" then: function: minLength functionOptions: min: 50 info-version-required: description: API version must be specified. severity: error given: "$.info.version" then: function: truthy info-contact-required: description: API info should include contact information. severity: warn given: "$.info.contact" then: function: truthy # OPENAPI VERSION openapi-version: description: All USPS API specs should use OpenAPI 3.1.0. severity: warn given: "$.openapi" then: function: pattern functionOptions: match: "^3\\.1\\." # SERVERS servers-required: description: Servers array must be defined. severity: error given: "$.servers" then: function: truthy servers-https-only: description: All server URLs must use HTTPS. severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" servers-description-required: description: Each server should have a description. severity: warn given: "$.servers[*].description" then: function: truthy servers-usps-domain: description: USPS API servers must use apis.usps.com or apis-tem.usps.com domains. severity: warn given: "$.servers[*].url" then: function: pattern functionOptions: match: "apis\\.usps\\.com" # PATHS — NAMING CONVENTIONS paths-kebab-case: description: Path segments should use kebab-case. severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: match: "^(/[a-z0-9-{}./]+)+$" paths-no-trailing-slash: description: Paths must not end with a trailing slash. severity: error given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "/$" paths-versioned: description: USPS API paths should include a version segment (e.g., /v3/). severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: match: "/v[0-9]/" # OPERATIONS operation-summary-required: description: Every operation must have a summary. severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: summary function: truthy operation-summary-title-case: description: Operation summaries should start with USPS. severity: warn given: "$.paths[*][get,post,put,delete,patch].summary" then: function: pattern functionOptions: match: "^USPS " operation-description-required: description: Every operation must have a description. severity: warn given: "$.paths[*][get,post,put,delete,patch]" then: field: description function: truthy operation-id-required: description: Every operation must have an operationId. severity: error given: "$.paths[*][get,post,put,delete,patch]" then: field: operationId function: truthy operation-id-camel-case: description: OperationIds should use camelCase. severity: warn given: "$.paths[*][get,post,put,delete,patch].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-tags-required: description: Every operation must have at least one tag. severity: error given: "$.paths[*][get,post,put,delete,patch].tags" then: function: truthy # TAGS tags-global-defined: description: Global tags array should be defined. severity: warn given: "$.tags" then: function: truthy # PARAMETERS parameter-description-required: description: Every parameter must have a description. severity: warn given: "$.paths[*][get,post,put,delete,patch].parameters[*]" then: field: description function: truthy parameter-schema-required: description: Every parameter must have a schema. severity: error given: "$.paths[*][get,post,put,delete,patch].parameters[*]" then: field: schema function: truthy # REQUEST BODIES request-body-content-json: description: Request bodies should include application/json content type. severity: warn given: "$.paths[*][post,put,patch].requestBody.content" then: function: truthy # RESPONSES response-success-required: description: Every operation must define at least a 2xx response. severity: error given: "$.paths[*][get,post,put,delete,patch].responses" then: function: truthy response-401-required: description: All authenticated operations should define a 401 response. severity: warn given: "$.paths[*][get,post,put,delete,patch].responses" then: field: "401" function: truthy response-description-required: description: Every response must have a description. severity: error given: "$.paths[*][get,post,put,delete,patch].responses[*]" then: field: description function: truthy # SCHEMAS — PROPERTY NAMING schema-description-required: description: Top-level schemas should have a description. severity: warn given: "$.components.schemas[*]" then: field: description function: truthy schema-property-type-required: description: Schema properties should define a type. severity: warn given: "$.components.schemas[*].properties[*]" then: field: type function: truthy # SECURITY security-schemes-defined: description: Security schemes must be defined in components. severity: error given: "$.components.securitySchemes" then: function: truthy security-bearer-auth: description: USPS APIs use OAuth 2.0 Bearer Token authentication. severity: warn given: "$.components.securitySchemes.bearerAuth" then: function: truthy # HTTP METHOD CONVENTIONS get-no-request-body: description: GET operations must not have a request body. severity: error given: "$.paths[*].get.requestBody" then: function: falsy delete-no-request-body: description: DELETE operations should not have a request body. severity: warn given: "$.paths[*].delete.requestBody" then: function: falsy post-has-request-body: description: POST operations creating resources should have a request body. severity: warn given: "$.paths[*].post" then: field: requestBody function: truthy # GENERAL QUALITY microcks-operation-present: description: Operations should include x-microcks-operation for mock server compatibility. severity: info given: "$.paths[*][get,post,put,delete,patch]" then: field: x-microcks-operation function: truthy