1  # Spectral lint rules for ACDC API OpenAPI spec.
 2  # Run: spectral lint api/openapi.yaml
 3  
 4  extends:
 5    - spectral:oas
 6    - "@stoplight/spectral-owasp-rules"
 7  
 8  rules:
 9    # All operations must have operationId
10    operation-operationId:
11      description: "All operations must define an operationId"
12      given: "$.paths.*.*.operationId"
13      severity: error
14      then:
15        function: truthy
16  
17    # All responses must include X-Request-Id header
18    response-has-request-id-header:
19      description: "200 responses should document X-Request-Id header"
20      given: "$.paths.*.*.responses.200.headers"
21      severity: warn
22      then:
23        function: truthy
24  
25    # Error responses must use application/problem+json
26    error-response-problem-json:
27      description: "Error responses (4xx) should use application/problem+json"
28      given: "$.paths.*.*.responses[?(@property >= '400' && @property < '500')].content"
29      severity: warn
30      then:
31        field: "application/problem+json"
32        function: truthy