Waxell · API Governance Rules

Waxell API Rules

Spectral linting rules defining API design standards and conventions for Waxell.

14 Rules error 5 warn 9
View Rules File View on GitHub

Rule Categories

waxell

Rules

warn
waxell-info-title-prefix
All Waxell OpenAPI titles SHOULD start with "Waxell ".
$.info.title
error
waxell-server-https
All Waxell API servers MUST use HTTPS.
$.servers[*].url
warn
waxell-server-tenant-host
Waxell servers SHOULD be a tenant-specific *.waxell.dev host.
$.servers[*].url
error
waxell-base-path
Waxell Observe paths MUST be served under /api/v1/observe/.
$.paths[*]~
error
waxell-operation-id-required
Operations MUST have an operationId.
$.paths[*][get,post,put,delete,patch]
warn
waxell-operation-id-camel-case
operationId SHOULD be camelCase.
$.paths[*][get,post,put,delete,patch].operationId
error
waxell-summary-required
Operations MUST have a summary.
$.paths[*][get,post,put,delete,patch]
warn
waxell-summary-title-case
Operation summaries SHOULD use Title Case.
$.paths[*][get,post,put,delete,patch].summary
warn
waxell-tags-required
Operations MUST be tagged with at least one tag.
$.paths[*][get,post,put,delete,patch].tags
warn
waxell-snake-case-properties
Schema properties SHOULD use snake_case (matches the API payloads).
$.components.schemas[*].properties[*]~
warn
waxell-trailing-slash
Waxell paths use a trailing slash; enforce consistency.
$.paths[*]~
error
waxell-security-required
API MUST declare a security scheme (X-Wax-Key or Bearer).
$.components.securitySchemes
warn
waxell-error-schema-shape
Error responses SHOULD reference an Error schema with `error` and `message` fields.
$.components.schemas.Error.properties
warn
waxell-rate-limit-response
All write operations SHOULD document a 429 response for governance throttling.
$.paths[*][post,put,delete,patch].responses

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas
rules:
  waxell-info-title-prefix:
    description: All Waxell OpenAPI titles SHOULD start with "Waxell ".
    severity: warn
    given: $.info.title
    then:
      function: pattern
      functionOptions:
        match: '^Waxell '
  waxell-server-https:
    description: All Waxell API servers MUST use HTTPS.
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://'
  waxell-server-tenant-host:
    description: Waxell servers SHOULD be a tenant-specific *.waxell.dev host.
    severity: warn
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://(\{tenant\}|[a-z0-9-]+)\.waxell\.dev'
  waxell-base-path:
    description: Waxell Observe paths MUST be served under /api/v1/observe/.
    severity: error
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: '^/api/v1/observe/'
  waxell-operation-id-required:
    description: Operations MUST have an operationId.
    severity: error
    given: $.paths[*][get,post,put,delete,patch]
    then:
      field: operationId
      function: truthy
  waxell-operation-id-camel-case:
    description: operationId SHOULD be camelCase.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].operationId
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]+$'
  waxell-summary-required:
    description: Operations MUST have a summary.
    severity: error
    given: $.paths[*][get,post,put,delete,patch]
    then:
      field: summary
      function: truthy
  waxell-summary-title-case:
    description: Operation summaries SHOULD use Title Case.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].summary
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z]'
  waxell-tags-required:
    description: Operations MUST be tagged with at least one tag.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].tags
    then:
      function: truthy
  waxell-snake-case-properties:
    description: Schema properties SHOULD use snake_case (matches the API payloads).
    severity: warn
    given: $.components.schemas[*].properties[*]~
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-z0-9_]*$'
  waxell-trailing-slash:
    description: Waxell paths use a trailing slash; enforce consistency.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: '/$'
  waxell-security-required:
    description: API MUST declare a security scheme (X-Wax-Key or Bearer).
    severity: error
    given: $.components.securitySchemes
    then:
      function: truthy
  waxell-error-schema-shape:
    description: Error responses SHOULD reference an Error schema with `error` and `message` fields.
    severity: warn
    given: $.components.schemas.Error.properties
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: [error, message]
  waxell-rate-limit-response:
    description: All write operations SHOULD document a 429 response for governance throttling.
    severity: warn
    given: $.paths[*][post,put,delete,patch].responses
    then:
      field: '429'
      function: truthy