Rainbow · API Governance Rules

Rainbow API Rules

Spectral linting rules defining API design standards and conventions for Rainbow.

7 Rules error 2 warn 5
View Rules File View on GitHub

Rule Categories

rainbow

Rules

error
rainbow-bearer-auth
Rainbow APIs must use Bearer token authentication
$.components.securitySchemes[*]
warn
rainbow-versioned-paths
All Rainbow API paths must include a version segment (v1.0, v2.0, etc.)
$.paths
warn
rainbow-pagination-params
Collection endpoints should support limit and offset pagination
$.paths[*].get.parameters[*].name
error
rainbow-operation-ids
All operations must have an operationId in camelCase
$.paths[*][*]
warn
rainbow-response-data-wrapper
Rainbow API responses should wrap primary data in a data field
$.components.schemas[?(@.properties.data)]
warn
rainbow-error-code-msg
Error responses must include code and msg fields
$.components.schemas[?(@.title == 'ErrorResponse' || contains(@, 'Error'))].properties
warn
rainbow-tags-required
All operations must include at least one tag
$.paths[*][*].tags

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  rainbow-bearer-auth:
    description: Rainbow APIs must use Bearer token authentication
    message: Security scheme must use HTTP Bearer authentication
    severity: error
    given: "$.components.securitySchemes[*]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            type:
              enum: [http, oauth2]
          required: [type]

  rainbow-versioned-paths:
    description: All Rainbow API paths must include a version segment (v1.0, v2.0, etc.)
    message: "API path must include version segment like /v1.0/"
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^/[a-z]+/v[0-9]+\\.[0-9]+"

  rainbow-pagination-params:
    description: Collection endpoints should support limit and offset pagination
    message: GET collection endpoints should include limit and offset query parameters
    severity: warn
    given: "$.paths[*].get.parameters[*].name"
    then:
      function: truthy

  rainbow-operation-ids:
    description: All operations must have an operationId in camelCase
    message: Operation must have an operationId
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: truthy

  rainbow-response-data-wrapper:
    description: Rainbow API responses should wrap primary data in a data field
    message: API response should use data envelope pattern
    severity: warn
    given: "$.components.schemas[?(@.properties.data)]"
    then:
      function: truthy

  rainbow-error-code-msg:
    description: Error responses must include code and msg fields
    message: Error schema must have code (integer) and msg (string) fields
    severity: warn
    given: "$.components.schemas[?(@.title == 'ErrorResponse' || contains(@, 'Error'))].properties"
    then:
      function: truthy

  rainbow-tags-required:
    description: All operations must include at least one tag
    message: Operation must have at least one tag
    severity: warn
    given: "$.paths[*][*].tags"
    then:
      function: truthy