feat(core): add asyncapi-operation-security-defined lint rule#2759
feat(core): add asyncapi-operation-security-defined lint rule#2759harshit078 wants to merge 23 commits intoRedocly:mainfrom
Conversation
🦋 Changeset detectedLatest commit: bf96d18 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
harshit078
changed the title
harshit078
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
vadyvas
left a comment
vadyvas
left a comment
There was a problem hiding this comment.
I would suggest a slightly different approach:
- keep the AsyncAPI logic separate and do not reuse shared logic from the OAS rule
- use the same rule name,
security-defined, for AsyncAPI as well, and register the AsyncAPI implementation in the AsyncAPI ruleset - do not update the v1 docs in this PR
I think this would make the change smaller, clearer, and safer.
Thank you for the contribution, overall the PR looks good
vadyvas
left a comment
vadyvas
left a comment
There was a problem hiding this comment.
left a few comments, could you take a look?
| 'info-contact': InfoContact as Async2Rule, | ||
| 'info-license-strict': InfoLicenseStrict as Async2Rule, | ||
| 'operation-operationId': OperationOperationId as Async2Rule, | ||
| 'security-defined': SecurityDefined, |
There was a problem hiding this comment.
Please add support for AsyncAPI 3 as well. Right now the rule only applies to AsyncAPI2
There was a problem hiding this comment.
The code uses the rule name security-defined, but the docs still say asyncapi-operation-security-defined
Can you update related changes?
| @@ -0,0 +1,83 @@ | |||
| # asyncapi-operation-security-defined | |||
There was a problem hiding this comment.
Please don’t add this rule to the v1 docs
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 75bf960. Configure here.
2 participants
What/Why/How?
asyncapi-operation-security-definedrule for AsyncAPI 2.x which reports when a security scheme referenced from an operation or serversecurityarray is not defined in ``components.securitySchemes.Reference
#2667
Testing
Screenshots (optional)
Check yourself
Security
Note
Medium Risk
Introduces a new built-in lint rule and enables it by default in AsyncAPI minimal/recommended configs, which may surface new errors/warnings in existing AsyncAPI projects after upgrade.
Overview
Adds a new AsyncAPI lint rule,
security-defined, that reports when an operation/serversecurityentry references a scheme not defined incomponents.securitySchemes(AsyncAPI 2.x) or when an AsyncAPI 3.0 security$refeither points outside#/components/securitySchemesor resolves to an undefined scheme.Registers the rule for both
async2andasync3, adds test coverage, and enables it across the built-inminimal,recommended,recommended-strict,spec, andallconfig presets (plus config snapshot updates). Documentation is updated to list the rule, add a dedicated rule page, include it in ruleset templates/sidebars, and publish a changeset.Reviewed by Cursor Bugbot for commit bf96d18. Bugbot is set up for automated code reviews on this repo. Configure here.