42Crunch · API Governance Rules

42Crunch API Rules

Spectral linting rules defining API design standards and conventions for 42Crunch.

43 Rules error 12 warn 21 info 10
View Rules File View on GitHub

Rule Categories

delete examples get info no openapi operation parameter paths post request response schema security servers tags

Rules

error
info-title-required
The info object must have a non-empty title.
$.info
warn
info-title-prefix
API title must start with "42Crunch" to identify the provider.
$.info.title
warn
info-description-required
The info object must have a description with at least 30 characters.
$.info
error
info-version-required
The info object must specify a version.
$.info
info
info-contact-required
The info object should include contact information.
$.info
error
openapi-version-3
All specs must use OpenAPI 3.0.x.
$
warn
servers-defined
At least one server must be defined.
$
info
servers-description
Every server must have a description.
$.servers[*]
warn
paths-kebab-case
Path segments must use kebab-case (lowercase letters, numbers, hyphens).
$.paths[*]~
warn
paths-no-trailing-slash
Paths must not end with a trailing slash.
$.paths[*]~
error
paths-no-query-string
Paths must not contain query strings; use parameters instead.
$.paths[*]~
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-summary-prefix
Operation summaries must start with "42Crunch" for consistency.
$.paths[*][get,post,put,patch,delete,options,head].summary
warn
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,patch,delete,options,head]
error
operation-id-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-id-camel-case
operationId must use camelCase format.
$.paths[*][get,post,put,patch,delete,options,head].operationId
info
operation-id-verb-prefix
operationId should start with a standard verb (list, get, create, update, delete, check, run, search).
$.paths[*][get,post,put,patch,delete,options,head].operationId
error
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete,options,head]
info
operation-microcks-extension
Operations should include x-microcks-operation for mock server compatibility.
$.paths[*][get,post,put,patch,delete]
warn
tags-global-defined
Global tags array should be defined with descriptions.
$
warn
tags-title-case
Tag names must use Title Case (e.g., "Jobs", "Health", "Logs").
$.tags[*].name
info
tags-description-required
Each global tag should have a description.
$.tags[*]
warn
parameter-description-required
Every parameter must have a description.
$.paths[*][*].parameters[*]
error
parameter-schema-required
Every parameter must have a schema.
$.paths[*][*].parameters[*]
info
parameter-name-kebab-case
Query parameter names should use snake_case or kebab-case.
$.paths[*][*].parameters[?(@.in == 'query')].name
warn
request-body-json-content
Request bodies should specify application/json as content type.
$.paths[*][post,put,patch].requestBody.content
info
request-body-examples
Request body schemas should include examples for documentation and mocking.
$.paths[*][post,put,patch].requestBody.content.application/json
error
response-success-required
Every operation must have at least one 2xx success response.
$.paths[*][get,post,put,patch,delete]
warn
response-400-required
Every operation should have a 400 Bad Request response.
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
Every response must have a description.
$.paths[*][*].responses[*]
warn
response-json-content
Success responses should return application/json content.
$.paths[*][get,post,put,patch].responses[?(@property.match(/^2/))]
warn
response-error-schema
Error responses (4xx) should use the Error schema with an 'error' field.
$.paths[*][*].responses[?(@property.match(/^4/))]
warn
schema-type-defined
All schemas in components must have a type defined.
$.components.schemas[*]
warn
schema-description-required
All component schemas should have a description.
$.components.schemas[*]
info
schema-properties-description
Schema properties should have descriptions.
$.components.schemas[*].properties[*]
info
schema-additional-properties-false
Schemas should set additionalProperties to false for strict validation.
$.components.schemas[*]
warn
schema-no-empty-properties
Schema properties must not be empty objects without type or $ref.
$.components.schemas[*].properties[*]
warn
security-schemes-described
All security schemes must have descriptions.
$.components.securitySchemes[*]
error
get-no-request-body
GET operations must not have a request body.
$.paths[*].get
warn
delete-no-request-body
DELETE operations should not have a request body.
$.paths[*].delete
warn
post-has-request-body
POST operations should have a request body.
$.paths[*].post
error
no-empty-descriptions
Descriptions must not be empty strings.
$..description
info
examples-encouraged
Schema properties should include example values.
$.components.schemas[*].properties[*]

Spectral Ruleset

Raw ↑ 
rules:

  # ─── INFO / METADATA ────────────────────────────────────────────────────────

  info-title-required:
    description: The info object must have a non-empty title.
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  info-title-prefix:
    description: API title must start with "42Crunch" to identify the provider.
    severity: warn
    given: "$.info.title"
    then:
      function: pattern
      functionOptions:
        match: "^42Crunch"

  info-description-required:
    description: The info object must have a description with at least 30 characters.
    severity: warn
    given: "$.info"
    then:
      field: description
      function: minLength
      functionOptions:
        value: 30

  info-version-required:
    description: The info object must specify a version.
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  info-contact-required:
    description: The info object should include contact information.
    severity: info
    given: "$.info"
    then:
      field: contact
      function: truthy

  # ─── OPENAPI VERSION ────────────────────────────────────────────────────────

  openapi-version-3:
    description: All specs must use OpenAPI 3.0.x.
    severity: error
    given: "$"
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\.0\\."

  # ─── SERVERS ────────────────────────────────────────────────────────────────

  servers-defined:
    description: At least one server must be defined.
    severity: warn
    given: "$"
    then:
      field: servers
      function: truthy

  servers-description:
    description: Every server must have a description.
    severity: info
    given: "$.servers[*]"
    then:
      field: description
      function: truthy

  # ─── PATHS — NAMING CONVENTIONS ─────────────────────────────────────────────

  paths-kebab-case:
    description: Path segments must use kebab-case (lowercase letters, numbers, hyphens).
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}-]+)+$"

  paths-no-trailing-slash:
    description: Paths must not end with a trailing slash.
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  paths-no-query-string:
    description: Paths must not contain query strings; use parameters instead.
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "\\?"

  # ─── OPERATIONS ─────────────────────────────────────────────────────────────

  operation-summary-required:
    description: Every operation must have a summary.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,options,head]"
    then:
      field: summary
      function: truthy

  operation-summary-prefix:
    description: Operation summaries must start with "42Crunch" for consistency.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,options,head].summary"
    then:
      function: pattern
      functionOptions:
        match: "^42Crunch"

  operation-description-required:
    description: Every operation must have a description.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,options,head]"
    then:
      field: description
      function: truthy

  operation-id-required:
    description: Every operation must have an operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,options,head]"
    then:
      field: operationId
      function: truthy

  operation-id-camel-case:
    description: operationId must use camelCase format.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,options,head].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  operation-id-verb-prefix:
    description: operationId should start with a standard verb (list, get, create, update, delete, check, run, search).
    severity: info
    given: "$.paths[*][get,post,put,patch,delete,options,head].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^(list|get|create|update|delete|check|run|search|health)[A-Z]"

  operation-tags-required:
    description: Every operation must have at least one tag.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,options,head]"
    then:
      field: tags
      function: truthy

  operation-microcks-extension:
    description: Operations should include x-microcks-operation for mock server compatibility.
    severity: info
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: x-microcks-operation
      function: truthy

  # ─── TAGS ───────────────────────────────────────────────────────────────────

  tags-global-defined:
    description: Global tags array should be defined with descriptions.
    severity: warn
    given: "$"
    then:
      field: tags
      function: truthy

  tags-title-case:
    description: Tag names must use Title Case (e.g., "Jobs", "Health", "Logs").
    severity: warn
    given: "$.tags[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z ]*$"

  tags-description-required:
    description: Each global tag should have a description.
    severity: info
    given: "$.tags[*]"
    then:
      field: description
      function: truthy

  # ─── PARAMETERS ─────────────────────────────────────────────────────────────

  parameter-description-required:
    description: Every parameter must have a description.
    severity: warn
    given: "$.paths[*][*].parameters[*]"
    then:
      field: description
      function: truthy

  parameter-schema-required:
    description: Every parameter must have a schema.
    severity: error
    given: "$.paths[*][*].parameters[*]"
    then:
      field: schema
      function: truthy

  parameter-name-kebab-case:
    description: Query parameter names should use snake_case or kebab-case.
    severity: info
    given: "$.paths[*][*].parameters[?(@.in == 'query')].name"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_-]*$"

  # ─── REQUEST BODIES ─────────────────────────────────────────────────────────

  request-body-json-content:
    description: Request bodies should specify application/json as content type.
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody.content"
    then:
      function: truthy

  request-body-examples:
    description: Request body schemas should include examples for documentation and mocking.
    severity: info
    given: "$.paths[*][post,put,patch].requestBody.content.application/json"
    then:
      field: examples
      function: truthy

  # ─── RESPONSES ──────────────────────────────────────────────────────────────

  response-success-required:
    description: Every operation must have at least one 2xx success response.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses
      function: schema
      functionOptions:
        schema:
          type: object
          minProperties: 1

  response-400-required:
    description: Every operation should have a 400 Bad Request response.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "400"
      function: truthy

  response-description-required:
    description: Every response must have a description.
    severity: error
    given: "$.paths[*][*].responses[*]"
    then:
      field: description
      function: truthy

  response-json-content:
    description: Success responses should return application/json content.
    severity: warn
    given: "$.paths[*][get,post,put,patch].responses[?(@property.match(/^2/))]"
    then:
      field: content
      function: truthy

  response-error-schema:
    description: Error responses (4xx) should use the Error schema with an 'error' field.
    severity: warn
    given: "$.paths[*][*].responses[?(@property.match(/^4/))]"
    then:
      field: content
      function: truthy

  # ─── SCHEMAS — PROPERTY NAMING ──────────────────────────────────────────────

  schema-type-defined:
    description: All schemas in components must have a type defined.
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: type
      function: truthy

  schema-description-required:
    description: All component schemas should have a description.
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  schema-properties-description:
    description: Schema properties should have descriptions.
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  schema-additional-properties-false:
    description: Schemas should set additionalProperties to false for strict validation.
    severity: info
    given: "$.components.schemas[*]"
    then:
      field: additionalProperties
      function: defined

  schema-no-empty-properties:
    description: Schema properties must not be empty objects without type or $ref.
    severity: warn
    given: "$.components.schemas[*].properties[*]"
    then:
      function: truthy

  # ─── SECURITY ────────────────────────────────────────────────────────────────

  security-schemes-described:
    description: All security schemes must have descriptions.
    severity: warn
    given: "$.components.securitySchemes[*]"
    then:
      field: description
      function: truthy

  # ─── HTTP METHOD CONVENTIONS ─────────────────────────────────────────────────

  get-no-request-body:
    description: GET operations must not have a request body.
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  delete-no-request-body:
    description: DELETE operations should not have a request body.
    severity: warn
    given: "$.paths[*].delete"
    then:
      field: requestBody
      function: falsy

  post-has-request-body:
    description: POST operations should have a request body.
    severity: warn
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  # ─── GENERAL QUALITY ─────────────────────────────────────────────────────────

  no-empty-descriptions:
    description: Descriptions must not be empty strings.
    severity: error
    given: "$..description"
    then:
      function: truthy

  examples-encouraged:
    description: Schema properties should include example values.
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: example
      function: truthy