SourceForge API Rules

extends: spectral:oas
rules:
  # SourceForge uses /rest/ prefix for all endpoints
  sourceforge-rest-prefix:
    description: All SourceForge API paths must begin with /rest/
    severity: error
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^\\/rest\\/"

  # All operations must have summaries in Title Case
  sourceforge-operation-summary-title-case:
    description: Operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*([ ][A-Z][a-zA-Z0-9]*)*$"

  # All operations must have operationId
  sourceforge-operation-id-required:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  # operationId must use camelCase
  sourceforge-operation-id-camel-case:
    description: OperationId must use camelCase convention
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  # All operations must have tags
  sourceforge-operation-has-tags:
    description: All operations must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  # POST operations should have requestBody
  sourceforge-post-has-request-body:
    description: POST operations must define a requestBody
    severity: error
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  # 401 response required
  sourceforge-401-response:
    description: Operations must document 401 Unauthorized response
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "401"
      function: defined

  # DELETE returns 204
  sourceforge-delete-returns-204:
    description: DELETE operations should return 204 No Content
    severity: warn
    given: "$.paths[*].delete.responses"
    then:
      field: "204"
      function: defined

  # All tags must be Title Case
  sourceforge-tags-title-case:
    description: All tags in the spec must use Title Case
    severity: warn
    given: "$.tags[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*([ ][A-Z][a-zA-Z0-9]*)*$"

  # Security must be defined
  sourceforge-security-defined:
    description: OAuth2 security must be defined globally or per operation
    severity: error
    given: "$"
    then:
      field: security
      function: defined

  # Project path parameter must exist for project-scoped operations
  sourceforge-project-parameter:
    description: Project-scoped paths must use {project} path parameter
    severity: info
    given: "$.paths['/rest/p/{project}']"
    then:
      function: defined

  # Response schemas must be defined
  sourceforge-response-schema-defined:
    description: Successful responses must have a schema
    severity: warn
    given: "$.paths[*][get,post].responses['200','201'].content['application/json']"
    then:
      field: schema
      function: defined