{"id":29675766,"url":"https://github.com/oxidecomputer/openapi-lint","last_synced_at":"2025-07-22T23:38:38.363Z","repository":{"id":38327707,"uuid":"399938172","full_name":"oxidecomputer/openapi-lint","owner":"oxidecomputer","description":"Validate an OpenAPI schema against some rules","archived":false,"fork":false,"pushed_at":"2024-11-15T01:51:28.000Z","size":42,"stargazers_count":12,"open_issues_count":8,"forks_count":4,"subscribers_count":21,"default_branch":"main","last_synced_at":"2025-07-14T00:09:46.580Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxidecomputer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2021-08-25T19:41:30.000Z","updated_at":"2025-06-19T19:36:45.000Z","dependencies_parsed_at":"2022-07-11T02:00:39.847Z","dependency_job_id":"99d02adc-dcc5-498a-853b-9d0f4fbfb91d","html_url":"https://github.com/oxidecomputer/openapi-lint","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/oxidecomputer/openapi-lint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fopenapi-lint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fopenapi-lint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fopenapi-lint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fopenapi-lint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxidecomputer","download_url":"https://codeload.github.com/oxidecomputer/openapi-lint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fopenapi-lint/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266591232,"owners_count":23953082,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-22T23:38:29.027Z","updated_at":"2025-07-22T23:38:38.347Z","avatar_url":"https://github.com/oxidecomputer.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# openapi-lint\n\nThis is a simple crate to validate OpenAPI v3.0.3 content. It flags constructs\nthat we've determined are not \"ergonomic\" or \"well-designed\". In particular we\ntry to avoid constructs that lead to structures that SDK generators would have\na hard time turning into easy-to-use native constructs.\n\n## Rules\n\n### Type mismatch\n\nA schema that describes a type may include subschemas where one, all, or any of\nthe subschemas might match ( for the `oneOf`, `allOf`, and `anyOf` fields\nrespectively). For example, the following Rust code produces such a schema with\nmixed types:\n\n```rust\n#[derive(JsonSchema)]\npub enum E {\n    ThingA(String),\n    ThingB,\n}\n```\n\nA JSON object that used this `enum` for the type of a field could look like this:\n\n```json\n{\n    \"field\": { \"ThingA\": \"some value\" }\n}\n```\n\nor this:\n\n```json\n{\n    \"field\": \"ThingB\"\n}\n```\n\nSo `field` may be either a string **or** an object. This complicates the\ndescription of these types and is harder to represent in SDKs (in particular\nthose without Rust's ability for enums to have associated values). To avoid\nthis, we can simply use `serde`'s facility for annotating enums. In particular,\nwe prefer [\"adjacently\ntagged\"](https://serde.rs/container-attrs.html#tag--content) enums:\n\n```rust\n#[derive(JsonSchema)]\n#[serde(tag = \"type\", content = \"value\")]\npub enum E {\n    ThingA(String),\n    ThingB,\n}\n```\n\nThis produces JSON like this:\n\n```json\n{\n    \"field1\": { \"type\": \"ThingA\", \"value\": \"some value\" },\n    \"field2\": { \"type\": \"ThingB\" }\n}\n```\n\n### Paths\n\nPaths (routes) with compound-words as components should use kebab case.\n\n| | |\n| --- | --- |\n| This | `/service-processors/{sp_id}/serial-console` |\n| Not this | `/service_processors/{sp_id}/serial_console` |\n\n### Naming\n\nIn general, we use the typical Rust naming conventions.\n\n- All type names should be `PascalCase`.\n- All `operation_id`s should be `snake_case`.\n- All operation properties should be `snake_case`.\n- All struct (and struct enum variant) members should be `snake_case`.\n- All enum variants should be `snake_case`. (Note that depending on the serde\ntagging scheme used, variant names may appear in OpenAPI as either struct\nproperty names (external tagging) or as constant values (internal or adjacent\ntagging). The choice of `snake_case` makes naming uniform regardless of the\ntagging scheme.)\n\nType names are already `PascalCase` by normal Rust conventions. If you need\n(really?) to have a type with a non-PascalCase name, you can renamed it like\nthis:\n\n```rust\n#[derive(JsonSchema)]\n#[allow(non_camel_case_types)]\n#[serde(rename = \"IllumosButUpperCase\")]\nstruct illumosIsAlwaysLowerCaseIGuess {\n    // ...\n}\n```\n\nOperation IDs come from the function name. If you obey the normal Rust\nconvention, your functions are already snake_case. There isn't currently a\nfacility to change the operation name; file an issue in\n(dropshot)[https://github.com/oxidecomputer/dropshot] if this is required.\n\nRust `enum`s typically name variants with `PascalCase`. Typically you'll rename\nthem all to `snake_case`:\n\n```rust\n#[derive(JsonSchema)]\n#[serde(rename_all = \"snake_case\")]\nenum Things {\n    ThingA,\n    ThingB,\n}\n```\n\nSometimes you might prefer `SCREAMING_SNAKE_CASE` e.g. for things that are more\ntypically abbreviated:\n\n```rust\n#[derive(JsonSchema)]\n#[serde(rename_all = \"SCREAMING_SNAKE_CASE\")]\nenum Things {\n    ThingA,\n    ThingB,\n}\n```\n\n### UUIDs\n\nIt's tempting to name fields that are UUIDs with an `_uuid` suffix, but this\nis redundant. For simplicity and consistency we use the `_id` suffix instead.\n\n### Trivial Null Response\n\n(Drophot)[https://github.com/oxidecomputer/dropshot] makes it easy (too easy!)\nto accidentally return a `null` response when you intend to return an empty\nresponse.\n\nConsider this handler:\n\n```rust\n#[endpoint {\n    method = POST,\n    path = \"/device/confirm\",\n}]\npub async fn device_auth_confirm(\n    rqctx: Arc\u003cRequestContext\u003cArc\u003cServerContext\u003e\u003e\u003e,\n) -\u003e Result\u003cHttpResponseOk\u003c()\u003e, HttpError\u003e {\n    // ...\n}\n```\n\nThe corresponding OpenAPI `responses` will be:\n\n```json\n{\n  \"200\": {\n    \"description\": \"successful operation\",\n    \"content\": {\n      \"application/json\": {\n        \"schema\": {\n          \"title\": \"Null\",\n          \"type\": \"string\",\n          \"enum\": [\n            null\n          ]\n        }\n      }\n    }\n  }\n}\n```\n\nInstead, use `HttpResponseUpdatedNoContent`:\n\n```rust\n#[endpoint {\n    method = POST,\n    path = \"/device/confirm\",\n}]\npub async fn device_auth_confirm(\n    rqctx: Arc\u003cRequestContext\u003cArc\u003cServerContext\u003e\u003e\u003e,\n) -\u003e Result\u003cHttpResponseUpdatedNoContent, HttpError\u003e {\n    // ...\n}\n```\n\n## External Rules\n\nThese rules only apply to APIs that are \"external\".\n\n### Rust Documentation\n\nBoth `dropshot` and `schemars` use rustdoc comments as the basis for\ndocumentation fields (specifically `title` and `description`). As such, it's\neasy to accidentally allow internally-relevant documentation leak out as\nexternally-visible in the OpenAPI document. It's not possible to simply infer\nthis from text alone, but we do look for shibboleths such as a Rust path\ndelimeter (`::`) and bracketed expressions with no subsequent parentheses\n(`[title](http://link.dest)` being reasonable).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxidecomputer%2Fopenapi-lint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foxidecomputer%2Fopenapi-lint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxidecomputer%2Fopenapi-lint/lists"}