Workday Business Processes API Rules

rules:
  # ─── Info ───────────────────────────────────────────────────────────────────
  wdbp-info-contact:
    message: "Info object must include a contact with name and url."
    severity: warn
    given: "$.info"
    then:
      - field: contact.name
        function: truthy
      - field: contact.url
        function: truthy

  wdbp-info-version:
    message: "API version must follow Workday vN format."
    severity: warn
    given: "$.info.version"
    then:
      function: pattern
      functionOptions:
        match: "^v[0-9]+(\\.[0-9]+)?$"

  # ─── Operations ─────────────────────────────────────────────────────────────
  wdbp-operation-id-required:
    message: "Every operation must have an operationId."
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  wdbp-operation-summary-required:
    message: "Every operation must have a summary."
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  wdbp-operation-summary-workday-prefix:
    message: "Operation summary must start with 'Workday '."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^Workday "

  wdbp-operation-description-required:
    message: "Every operation must have a description."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  wdbp-operation-tags-required:
    message: "Every operation must have at least one tag."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  # ─── Parameters ─────────────────────────────────────────────────────────────
  wdbp-parameter-description-required:
    message: "Every parameter must have a description."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: truthy

  wdbp-parameter-schema-required:
    message: "Every parameter must have a schema."
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: schema
      function: truthy

  # ─── Responses ───────────────────────────────────────────────────────────────
  wdbp-response-200-required:
    message: "GET operations must define a 200 response."
    severity: error
    given: "$.paths[*].get.responses"
    then:
      field: "200"
      function: truthy

  wdbp-response-401-required:
    message: "Operations must define a 401 unauthorized response."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "401"
      function: truthy

  wdbp-response-403-required:
    message: "Operations must define a 403 forbidden response."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "403"
      function: truthy

  # ─── Schemas ─────────────────────────────────────────────────────────────────
  wdbp-schema-title-required:
    message: "Every schema in components must have a title."
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: title
      function: truthy

  wdbp-schema-description-required:
    message: "Every schema in components must have a description."
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  wdbp-schema-properties-description:
    message: "Schema properties should have descriptions."
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  # ─── Security ────────────────────────────────────────────────────────────────
  wdbp-security-schemes-defined:
    message: "API must define security schemes in components."
    severity: error
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  wdbp-operation-security-required:
    message: "All operations must have security defined."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: security
      function: truthy

  wdbp-oauth2-flows-defined:
    message: "OAuth2 security scheme must define flows."
    severity: error
    given: "$.components.securitySchemes.oauth2"
    then:
      field: flows
      function: truthy

  # ─── Microcks Extensions ────────────────────────────────────────────────────
  wdbp-microcks-operation-extension:
    message: "Operations should include x-microcks-operation extension for mock configuration."
    severity: info
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: x-microcks-operation
      function: truthy

  wdbp-microcks-example-default:
    message: "Response examples should include x-microcks-default: true for the primary example."
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses[*].content[*].examples[*]"
    then:
      field: x-microcks-default
      function: truthy

  # ─── Naming Conventions ─────────────────────────────────────────────────────
  wdbp-path-camel-case:
    message: "Path segments should use camelCase per Workday conventions."
    severity: info
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^/[a-zA-Z0-9/{}_.]*$"

  wdbp-schema-pascal-case:
    message: "Schema names in components must use PascalCase."
    severity: warn
    given: "$.components.schemas"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*$"

  wdbp-operation-id-camel-case:
    message: "Operation IDs should use camelCase."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  # ─── Workday-Specific Patterns ───────────────────────────────────────────────
  wdbp-pagination-limit-param:
    message: "List operations should support a limit parameter."
    severity: info
    given: "$.paths[*][?(@property === 'get')].parameters[?(@.name === 'limit')]"
    then:
      field: schema.type
      function: enumeration
      functionOptions:
        values: [integer]

  wdbp-pagination-offset-param:
    message: "List operations should support an offset parameter."
    severity: info
    given: "$.paths[*][?(@property === 'get')].parameters[?(@.name === 'offset')]"
    then:
      field: schema.type
      function: enumeration
      functionOptions:
        values: [integer]

  wdbp-response-schema-ref:
    message: "Success responses should reference a defined schema component."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses[200,201].content.application/json.schema"
    then:
      field: "$ref"
      function: truthy

  wdbp-server-tenant-variable:
    message: "Server URL should include a {tenant} variable for multi-tenant support."
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "\\{tenant\\}"

  wdbp-error-response-schema:
    message: "Error responses should reference the ErrorResponse schema."
    severity: info
    given: "$.components.responses[*].content.application/json.schema"
    then:
      field: "$ref"
      function: truthy

  # ─── Documentation ───────────────────────────────────────────────────────────
  wdbp-tags-global-defined:
    message: "Tags used in operations should be defined at the global level."
    severity: warn
    given: "$.tags"
    then:
      field: description
      function: truthy

  wdbp-examples-provided:
    message: "Responses should include examples for documentation."
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses[200,201].content.application/json"
    then:
      field: examples
      function: truthy

  wdbp-request-body-description:
    message: "Request bodies should include a description."
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody"
    then:
      field: description
      function: truthy

  wdbp-request-body-required-flag:
    message: "Request bodies should explicitly declare if they are required."
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody"
    then:
      field: required
      function: defined

  # ─── Business Process-Specific Rules ─────────────────────────────────────────
  wdbp-process-instance-status-enum:
    message: "ProcessInstance status field should use defined enum values."
    severity: warn
    given: "$.components.schemas.ProcessInstance.properties.status"
    then:
      field: enum
      function: truthy

  wdbp-inbox-item-status-enum:
    message: "InboxItem status field should use defined enum values."
    severity: warn
    given: "$.components.schemas.InboxItem.properties.status"
    then:
      field: enum
      function: truthy

  wdbp-approval-request-approver-required:
    message: "ApprovalRequest schema must include approverId as required."
    severity: error
    given: "$.components.schemas.ApprovalRequest"
    then:
      field: required
      function: truthy

  wdbp-process-step-type-enum:
    message: "Process step type should use defined enum values."
    severity: warn
    given: "$.components.schemas[*].properties.stepType"
    then:
      field: enum
      function: truthy