USPTO · API Governance Rules

USPTO API Rules

Spectral linting rules defining API design standards and conventions for USPTO.

20 Rules error 8 warn 9 info 3
View Rules File View on GitHub

Rule Categories

uspto

Rules

error
uspto-path-versioned
$.paths[*]~
warn
uspto-path-kebab-case
$.paths[*]~
error
uspto-operation-id-required
$.paths[*][get,post,put,patch,delete]
warn
uspto-operation-id-camel-case
$.paths[*][get,post,put,patch,delete].operationId
error
uspto-summary-required
$.paths[*][get,post,put,patch,delete]
warn
uspto-summary-title-case
$.paths[*][get,post,put,patch,delete].summary
warn
uspto-description-required
$.paths[*][get,post,put,patch,delete]
warn
uspto-tags-required
$.paths[*][get,post,put,patch,delete]
error
uspto-response-200-required
$.paths[*].get
warn
uspto-response-401-recommended
$.paths[*][get,post,put,patch,delete]
info
uspto-response-404-recommended
$.paths[*][get,post,put,patch,delete].responses
warn
uspto-parameter-description
$.paths[*][get,post,put,patch,delete].parameters[*]
error
uspto-parameter-schema-required
$.paths[*][get,post,put,patch,delete].parameters[*]
info
uspto-schema-description
$.components.schemas[*]
info
uspto-enum-upper-case
$.components.schemas[*].properties.status
error
uspto-security-defined
$.components.securitySchemes
warn
uspto-global-security
$
warn
uspto-info-contact
$.info
error
uspto-info-license
$.info
error
uspto-server-defined
$

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  # ── Path conventions ──────────────────────────────────────────────────────────

  uspto-path-versioned:
    message: "All paths must begin with a version prefix such as /v1/"
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^/[a-z]"

  uspto-path-kebab-case:
    message: "Path segments must use kebab-case (lowercase, digits, hyphens, or {variables})"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9-{}]+)+$"

  # ── Operation conventions ─────────────────────────────────────────────────────

  uspto-operation-id-required:
    message: "Every operation must have an operationId"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  uspto-operation-id-camel-case:
    message: "operationId must use camelCase"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  uspto-summary-required:
    message: "Every operation must have a summary"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  uspto-summary-title-case:
    message: "Operation summary must use Title Case"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  uspto-description-required:
    message: "Every operation should have a description"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  uspto-tags-required:
    message: "Every operation must have at least one tag"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  # ── Response conventions ──────────────────────────────────────────────────────

  uspto-response-200-required:
    message: "GET operations must define a 200 response"
    severity: error
    given: "$.paths[*].get"
    then:
      field: responses.200
      function: truthy

  uspto-response-401-recommended:
    message: "Secured operations should document 401 Unauthorized"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.401
      function: truthy

  uspto-response-404-recommended:
    message: "Operations with path parameters should document 404 Not Found"
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object

  # ── Parameter conventions ─────────────────────────────────────────────────────

  uspto-parameter-description:
    message: "All parameters should have a description"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: truthy

  uspto-parameter-schema-required:
    message: "All parameters must define a schema"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: schema
      function: truthy

  # ── Schema conventions ────────────────────────────────────────────────────────

  uspto-schema-description:
    message: "Schema component descriptions are recommended"
    severity: info
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  uspto-enum-upper-case:
    message: "Enum values representing status codes should use UPPER_CASE"
    severity: info
    given: "$.components.schemas[*].properties.status"
    then:
      field: enum
      function: truthy

  # ── Security conventions ──────────────────────────────────────────────────────

  uspto-security-defined:
    message: "API must define security schemes"
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy

  uspto-global-security:
    message: "API should define global security requirements"
    severity: warn
    given: "$"
    then:
      field: security
      function: truthy

  # ── Info conventions ──────────────────────────────────────────────────────────

  uspto-info-contact:
    message: "API info must include contact information"
    severity: warn
    given: "$.info"
    then:
      field: contact
      function: truthy

  uspto-info-license:
    message: "Government APIs must include a license statement"
    severity: error
    given: "$.info"
    then:
      field: license
      function: truthy

  uspto-server-defined:
    message: "API must define at least one server"
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy