rules: # INFO / METADATA info-title-verizon-prefix: description: API title must start with 'Verizon' severity: warn given: "$.info.title" then: function: pattern functionOptions: match: "^Verizon " info-description-required: description: API info must have a description severity: error given: "$.info" then: field: description function: truthy info-version-required: description: API info must have a version severity: error given: "$.info" then: field: version function: truthy info-contact-required: description: API info should include contact information severity: warn given: "$.info" then: field: contact function: truthy # OPENAPI VERSION openapi-version-3: description: Must use OpenAPI 3.x severity: error given: "$" then: field: openapi function: pattern functionOptions: match: "^3\\." # SERVERS servers-required: description: At least one server must be defined severity: error given: "$" then: field: servers function: truthy servers-https-only: description: All server URLs must use HTTPS severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" # PATHS — NAMING CONVENTIONS paths-kebab-case: description: Path segments should use kebab-case severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: match: "^(/[a-z0-9-{}]+)+$" paths-no-trailing-slash: description: Paths must not have a trailing slash severity: error given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "/$" # OPERATIONS operation-summary-required: description: All operations must have a summary severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: summary function: truthy operation-summary-verizon-prefix: description: Operation summaries should begin with 'Verizon' severity: warn given: "$.paths[*][get,post,put,patch,delete].summary" then: function: pattern functionOptions: match: "^Verizon " operation-description-required: description: All operations must have a description severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: description function: truthy operation-operationid-required: description: All operations must have an operationId severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: operationId function: truthy operation-operationid-camel-case: description: operationId should use camelCase severity: warn given: "$.paths[*][get,post,put,patch,delete].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]+$" operation-tags-required: description: All operations must have at least one tag severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: tags function: truthy # PARAMETERS parameter-description-required: description: All parameters must have a description severity: error given: "$.paths[*][get,post,put,patch,delete].parameters[*]" then: field: description function: truthy parameter-schema-required: description: All parameters must have a schema severity: error given: "$.paths[*][get,post,put,patch,delete].parameters[*]" then: field: schema function: truthy # REQUEST BODIES request-body-content-json: description: Request bodies should use application/json content type severity: warn given: "$.paths[*][post,put,patch].requestBody.content" then: field: application/json function: truthy # RESPONSES response-success-required: description: Operations must have at least one 2xx response severity: error given: "$.paths[*][get,post,put,patch,delete].responses" then: function: schema functionOptions: schema: type: object anyOf: - required: ['200'] - required: ['201'] - required: ['204'] response-401-required: description: Operations should define a 401 Unauthorized response severity: warn given: "$.paths[*][get,post,put,patch,delete].responses" then: field: "401" function: truthy response-description-required: description: All responses must have a description severity: error given: "$.paths[*][get,post,put,patch,delete].responses[*]" then: field: description function: truthy # SCHEMAS schema-description-recommended: description: Top-level schemas should have descriptions severity: info given: "$.components.schemas[*]" then: field: description function: truthy schema-type-required: description: Schema objects should have a type defined severity: warn given: "$.components.schemas[*]" then: field: type function: truthy # SECURITY security-schemes-defined: description: Security schemes must be defined in components severity: error given: "$.components" then: field: securitySchemes function: truthy security-global-defined: description: Global security requirements should be defined severity: warn given: "$" then: field: security function: truthy # HTTP METHOD CONVENTIONS get-no-request-body: description: GET operations must not have a request body severity: error given: "$.paths[*].get" then: field: requestBody function: falsy post-should-have-request-body: description: POST operations that create or query resources should have a request body severity: info given: "$.paths[*].post" then: field: requestBody function: truthy # GENERAL QUALITY no-empty-descriptions: description: Descriptions must not be empty strings severity: error given: "$..description" then: function: pattern functionOptions: match: ".+"