Vistra · API Governance Rules

Vistra API Rules

Spectral linting rules defining API design standards and conventions for Vistra.

11 Rules error 3 warn 7
View Rules File View on GitHub

Rule Categories

vistra

Rules

error
vistra-operation-summary-required
$.paths[*][*]
warn
vistra-summary-title-case
$.paths[*][*].summary
warn
vistra-operationid-camelcase
$.paths[*][*].operationId
warn
vistra-operation-tags
$.paths[*][*]
warn
vistra-post-201
$.paths[*].post.responses
error
vistra-get-200
$.paths[*].get.responses
warn
vistra-401-documented
$.paths[*][*].responses
warn
vistra-path-params-described
$.paths[*][*].parameters[?(@.in=='path')]
hint
vistra-schema-descriptions
$.components.schemas[*]
error
vistra-post-has-body
$.paths[*].post
warn
vistra-oauth2-security
$.paths[*][*]

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

rules:
  # Operations must have summaries
  vistra-operation-summary-required:
    message: "All Vistra API operations must have a summary"
    severity: error
    given: "$.paths[*][*]"
    then:
      field: summary
      function: truthy

  # Summaries must use Title Case
  vistra-summary-title-case:
    message: "Operation summaries must use Title Case"
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 ]+$"

  # Operation IDs must be camelCase
  vistra-operationid-camelcase:
    message: "Operation IDs must use camelCase"
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  # All operations must be tagged
  vistra-operation-tags:
    message: "All operations must have at least one tag"
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  # POST create operations return 201
  vistra-post-201:
    message: "POST operations creating resources should return 201"
    severity: warn
    given: "$.paths[*].post.responses"
    then:
      field: "201"
      function: truthy

  # GET returns 200
  vistra-get-200:
    message: "GET operations must return 200 for success"
    severity: error
    given: "$.paths[*].get.responses"
    then:
      field: "200"
      function: truthy

  # All endpoints must document 401 response
  vistra-401-documented:
    message: "All endpoints should document 401 Unauthorized response"
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      field: "401"
      function: truthy

  # Path parameters must be described
  vistra-path-params-described:
    message: "Path parameters must have descriptions"
    severity: warn
    given: "$.paths[*][*].parameters[?(@.in=='path')]"
    then:
      field: description
      function: truthy

  # All schemas should have descriptions
  vistra-schema-descriptions:
    message: "Component schemas should have descriptions"
    severity: hint
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  # POST operations must have request bodies
  vistra-post-has-body:
    message: "POST operations must include a requestBody"
    severity: error
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  # API must use OAuth2
  vistra-oauth2-security:
    message: "All Vistra API paths should use OAuth2Bearer security"
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: security
      function: schema
      functionOptions:
        schema:
          type: array