Page MenuHomePhabricator
Create Task
Maniphest T422476

[Hypothesis] 5.2.5b: Productionalize API spec linting
Open, Needs TriagePublic
Actions

Description

5.2.5b [Productionalize API spec linting]: If we finalize the linter architecture and a core set of linting rules, we can improve the quality of OpenAPI descriptions and start introducing programmatic guarantees of their compliance into CI workflows in API development processes.

Background

OpenAPI description (OAD, commonly referred to as a "spec") is a formal description of an API written in compliance with the OpenAPI specification. OADs serve many purposes: documentation, testing and validation, API client and server generation, and others.

As part of the broader API strategy, we're transitioning to using OpenAPI descriptions as the main source of API reference documentation. Well maintained, high quality OADs will become a required artifact for all Wikimedia APIs. To ease this transition and to ensure that creating high quality OADs is a straightforward process, we have created a number of different resources, including an experimental version of a spec linter developed in hypothesis 5.2.5. See that hypothesis (T406171) for more information on why we chose linting as the main mechanism for ensuring OAD quality.

The spec linter is a web-based tool that accepts a valid OpenAPI description (version 3.0.0) and returns a list of potential problems that would make the description incomplete or inconsistent. The current version fulfills the earlier requirements but doesn't yet implement all the planned linting rules and isn't ready for deployment in CI workflows.

This hypothesis seeks to finalize the linter so that API developers inside and outside the Foundation can use it to create complete, correct, and compliant OpenAPI descriptions. We will also prove that the linter works as a convenient and useful tool for making iterative improvements to existing OADs, and that - after some modifications - it's possible to embed it in CI workflows and thus in regular API development processes.

Problem statement

As we're transitioning to an API development model with centralized governance and distributed ownership, there's a need for flexible tools and resources that will help ensure consistency in our API offering without introducing unnecessary process overhead. A linter with a centrally-managed set of rules, compatible with different development processes via straightforward CI integration seems like the right solution to this problem.

Impacted users

The primary impacted group are Wikimedia API developers and maintainers. These users are directly affected by the process changes and will benefit from the new tooling developed in this hypothesis.

The finalization of the linter will indirectly impact API users, who should benefit from higher quality documentation of our APIs.

Scope

  • Experiment to document security mechanisms as part of the OAD
  • Implement the complete set of linting rules
  • Create the linter library/package
  • Create a proof of concept of linting as part of a CI workflow
  • Ensure compliance of the MediaWiki REST API OAD with linting rules
  • Finalize the maintenance process for the example OAD

Out of Scope

  • This work does not include enforcing linting requirements for OADs beyond the MediaWiki APIs owned directly by the MediaWiki Interfaces team.

Expected Outcomes

  • The spec linter implements the full set of agreed-upon rules and can check OpenAPI descriptions for compliance with these rules.
  • The spec linter returns no errors or warnings when linting the OpenAPI description of the MediaWiki REST API.
  • The OAD for the MediaWiki REST API features information about at least two of the supported API security mechanisms.
  • A proof of concept exists for including the spec linter in a CI workflow (most likely starting with a subset of core MediaWiki REST API endpoints). This proof of concept can be used as an example for how to integrate the linter in other workflows.
  • The maintenance process for the OAD example is known and documented.

Known risks & limitations

  • The current set of agreed-upon linting rules doesn't fully consider the technical capabilities of libraries used to implement the spec linter. It's possible that implementation of some rules might prove more complex and time-consuming than anticipated.
    • We will attempt to identify such cases early, perform research spikes to determine viability, and remain flexible in what we include in the final set of linting rules.
  • The size of the MediaWiki REST API OAD and the complexity of its generation mechanism might make it impossible to resolve all linting errors and warnings in this hypothesis.
    • If this happens, we will file appropriate follow-up tasks detailing how we intend to resolve these problems in the future - as part of another hypothesis or essential work. Solutions might include: reevaluating the rules included in the final set, making changes to the OAD generation mechanism, adding or improving descriptions in the OAD.
  • The MediaWiki REST API supports many different security mechanisms. It's possible that the OpenAPI description format isn't suitable for describing these mechanisms completely and correctly.
    • If that's the case, we will focus on including the most important security mechanisms in the OpenAPI description while documenting other mechanisms elsewhere.

Dependencies

Work in this hypothesis is a prerequisite for broader validation and enforcement of OpenAPI style rules in OADs for all Wikimedia APIs.

Details

Other Assignee
AGhirelli-WMF

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenKBachT422476 [Hypothesis] 5.2.5b: Productionalize API spec linting
 OpenNoneT422479 [5.2.5b Epic] Implement and improve linter rules
 DeclinedNoneT421375 Improve linting - requestBody and response examples
 ResolvedMooeypooT419576 Add tests to ensure consistency between OAD example and OpenAPI linter
 ResolvedMGoncalves-WMFT425920 Exclude link objects from wikimedia-paths-parameter-example-exists
 ResolvedMGoncalves-WMFT425952 Fix or disable oas3-valid-media-example date validation
 ResolvedKineticPelagicT422504 Add linting rules for operations and paths
 ResolvedKineticPelagicT422600 Add the remaining linting rules
 ResolvedAGhirelli-WMFT414974 Fix linter issues discovered during implementation of the OAD example
 ResolvedAGhirelli-WMFT415914 Linter: Split rules into more logical groupings
 OpenNoneT422908 Improve linting - info.license
 OpenNoneT422910 Automatically set info.license during spec generation
 OpenNoneT422911 [SPIKE] Verify info.license in non-generated specs
 DeclinedNoneT422912 Improve linter rules for info.license validation
 ResolvedAGhirelli-WMFT423411 Improve linting - unify example validation
 In ProgressKineticPelagicT424002 Improve linting - detect examples in nested schema.properties
 OpenAGhirelli-WMFT424210 Improve linting - enum descriptions
 ResolvedBUG REPORTKineticPelagicT425935 Fix issue line highlighting in the linter
 ResolvedKBachT426821 Improve and standardize linter messages
 ResolvedKBachT426825 Fix linter rule duplicates
 In ProgressBUG REPORTMGoncalves-WMFT426836 Fix schema property example validation
 OpenNoneT422480 [5.2.5b Epic] Improve MediaWiki REST API OpenAPI description
 ResolvedKineticPelagicT420988 Support examples for request parameters in OpenAPI descriptions
 ResolvedKBachT422917 Validate the MediaWiki REST API OpenAPI description
 ResolvedAGhirelli-WMFT425942 [SPIKE] Identify OAD properties not supported by MediaWiki REST Framework
 DuplicateNoneT425427 Support tags in MediaWiki REST API OpenAPI descriptions
 OpenAGhirelli-WMFT425428 Support operation IDs in MediaWiki REST API OpenAPI descriptions
 OpenNoneT392154 Enable localizable 'tags' within OpenAPI spec generation
 OpenNoneT427355 Support requestBody.description in MediaWiki REST Framework OAD generation
 In ProgressAGhirelli-WMFT427356 Support root-level externalDocs in MediaWiki REST Framework OAD generation
 OpenNoneT427359 Generate a valid semver info.version for the default MediaWiki REST module
 OpenNoneT427362 Support path-level summary and description in MediaWiki REST Framework OAD generation
 OpenAGhirelli-WMFT427361 Support response body examples in MediaWiki REST Framework OAD generation
 OpenNoneT427360 Support requestBody content examples in MediaWiki REST Framework OAD generation
 OpenNoneT427793 Fix linter errors and warnings in the MW REST API OAD
 OpenNoneT428147 Fix top-level issues in the MediaWiki REST API OAD
 OpenNoneT428149 Fix type, media type, and array issues in the MediaWiki REST API OAD
 OpenTBurmeisterT428150 Fix summary issues in the MediaWiki REST API OAD
 OpenNoneT428151 Fix description issues in the MediaWiki REST API OAD
 OpenNoneT428153 Add examples to the MediaWiki REST API OAD
 DeclinedNoneT422483 [5.2.5b Epic] Create a proof of concept of a CI workflow with the spec linter
 OpenNoneT422484 [5.2.5b Epic] Add security mechanism information to the MediaWiki REST API description
 ResolvedKineticPelagicT423552 [SPIKE] Add security scheme information to MediaWiki REST API description
 OpenNoneT423553 Verify resulting security requirement information in REST Sandbox
 OpenNoneT427481 Extend MediaWiki Session framework to support OpenAPI metadata
 OpenNoneT427521 Inject global `securitySchemes` and operation requirements into OpenAPI spec generator
 OpenNoneT427522 Document CSRF token body parameters in TokenAware handlers
 OpenKBachT422924 Finalize other OAD resources
 In ProgressKBachT405571 Improve OAD style guide based on feedback and emerging requirements
 ResolvedKBachT410087 Create example/test OAD
 OpenKBachT422927 Define a process for OAD resource synchronization
 In ProgressKBachT422930 Document linter rules
 OpenNoneT422918 [5.2.5b Epic] Prepare the linter for use in CI
 OpenNoneT422920 Deploy the linter in CI
 ResolvedMooeypooT425625 Move linter rules to a separate repository
 ResolvedMooeypooT425626 Connect the new ruleset repository to the linter tool
 OpenNoneT425627 Publish the Wikimedia Spectral ruleset to NPM
 OpenAGhirelli-WMFT415920 Lazy loading of ruleset: Implement caching layer for Spectral ruleset
 OpenAGhirelli-WMFT415916 Spec caching: Cache validation results for identical OpenAPI specs
 OpenAGhirelli-WMFT415917 [SPIKE] Figure out best approach for spec result caching

Event Timeline

KBach created this task.Apr 7 2026, 10:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 7 2026, 10:40 AM
KBach created subtask T422479: [5.2.5b Epic] Implement and improve linter rules.Apr 7 2026, 11:09 AM
KBach created subtask T422480: [5.2.5b Epic] Improve MediaWiki REST API OpenAPI description.Apr 7 2026, 11:22 AM
KBach created subtask T422483: [5.2.5b Epic] Create a proof of concept of a CI workflow with the spec linter.Apr 7 2026, 11:34 AM
KBach renamed this task from [Hypothesis] 5.2.5b: Productionalize API Spec Linting to [Hypothesis] 5.2.5b: Productionalize API spec linting.Apr 7 2026, 1:30 PM
HCoplin-WMF edited projects, added [MWI] FY2025-26 Q4; removed MW-Interfaces-Team.Apr 7 2026, 2:00 PM
apaskulin subscribed.Apr 7 2026, 2:20 PM
KBach added a subtask: T405571: Improve OAD style guide based on feedback and emerging requirements.Apr 8 2026, 2:11 PM
KBach added a subtask: T422484: [5.2.5b Epic] Add security mechanism information to the MediaWiki REST API description.Apr 9 2026, 10:35 AM
KBach added a project: Tool-wmf-openapi-linter.Apr 9 2026, 3:24 PM
KBach created subtask T422924: Finalize other OAD resources.Apr 10 2026, 10:06 AM
KBach removed a subtask: T405571: Improve OAD style guide based on feedback and emerging requirements.
apaskulin added a project: Tech-Docs-Team.Apr 10 2026, 1:44 PM
apaskulin moved this task from Backlog to Active projects on the Tech-Docs-Team board.
KBach mentioned this in T415914: Linter: Split rules into more logical groupings.Apr 15 2026, 1:16 PM
KBach mentioned this in T415916: Spec caching: Cache validation results for identical OpenAPI specs.
KBach mentioned this in T415917: [SPIKE] Figure out best approach for spec result caching.
KBach mentioned this in T415920: Lazy loading of ruleset: Implement caching layer for Spectral ruleset.
KBach added a subtask: T422918: [5.2.5b Epic] Prepare the linter for use in CI.May 7 2026, 7:53 AM
KBach added a subtask: T415920: Lazy loading of ruleset: Implement caching layer for Spectral ruleset.May 7 2026, 7:59 AM
KBach added a subtask: T415916: Spec caching: Cache validation results for identical OpenAPI specs.
KBach closed subtask T422483: [5.2.5b Epic] Create a proof of concept of a CI workflow with the spec linter as Declined.May 7 2026, 8:03 AM
TBurmeister subscribed.Thu, Jun 4, 3:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits