Scotiabank API Rules

extends:
  - spectral:oas

rules:
  scotiabank-oauth2-security:
    description: All operations must use OAuth2 authentication
    message: "Scotiabank APIs require OAuth2 client credentials authentication"
    severity: error
    given: "$.components.securitySchemes"
    then:
      field: OAuth2
      function: truthy

  scotiabank-operation-ids:
    description: All operations must have operationId
    message: "Every operation must have a unique operationId"
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: truthy

  scotiabank-versioned-paths:
    description: API paths must include version prefix
    message: "API paths must start with /v1/ for versioning"
    severity: error
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^/v[0-9]+"

  scotiabank-tags-required:
    description: All operations must have at least one tag
    message: "Operations must be tagged for proper categorization"
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  scotiabank-camel-case-operation-ids:
    description: Operation IDs should use camelCase
    message: "OperationId '{{value}}' should use camelCase naming"
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  scotiabank-payment-amount-required:
    description: Payment request bodies must include amount field
    message: "Payment operations should require an 'amount' field in the request body"
    severity: error
    given: "$.paths[?(@property.match(/payments/))].post.requestBody.content.application/json.schema"
    then:
      field: required
      function: truthy

  scotiabank-error-responses:
    description: Operations should document standard error responses
    message: "Operations should document 400, 401, and 422 error responses"
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - '401'

  scotiabank-account-id-path-params:
    description: Account path parameters should be clearly named
    message: "Account path parameters should use descriptive names like 'account_id'"
    severity: warn
    given: "$.paths[*][*].parameters[?(@.in === 'path')]"
    then:
      field: name
      function: pattern
      functionOptions:
        match: "^[a-z][a-z_]*_?(id|number)$|^id$"

  scotiabank-currency-enum:
    description: Currency fields should be constrained to supported currencies
    message: "Currency fields should use enum to restrict to supported values (CAD, USD)"
    severity: info
    given: "$.components.schemas[*].properties.currency"
    then:
      field: enum
      function: truthy

  scotiabank-date-format:
    description: Date fields should use ISO 8601 format
    message: "Date fields should use 'date' or 'date-time' format"
    severity: warn
    given: "$.components.schemas[*].properties[?(@ =~ /date|time/i)]"
    then:
      field: format
      function: truthy