fix: rename x-security-scheme-name-link to x-security-scheme-name-reference and update related documentation and tests

vadyvas · vadyvas · commit bd3b2ed4823e · 2025-10-23T15:24:58.000+03:00
diff --git a/__tests__/lint/x-security-scheme-name-link-rule/redocly.yaml b/__tests__/lint/x-security-scheme-name-link-rule/redocly.yaml
@@ -2,4 +2,4 @@ apis:
   main:
     root: ./museum.yaml
 rules:
-  x-security-scheme-name-link: error
+  x-security-scheme-name-reference: error
diff --git a/__tests__/lint/x-security-scheme-name-link-rule/snapshot.txt b/__tests__/lint/x-security-scheme-name-link-rule/snapshot.txt
@@ -1,6 +1,6 @@
 [1] museum.yaml:15:21 at #/workflows/0/x-security/0/schemeName
 
-When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a link to a source description (e.g. `$sourceDescriptions.{name}.{scheme}`)
+When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a reference to a source description (e.g. `$sourceDescriptions.{name}.{scheme}`)
 
 13 | - workflowId: get-museum-hours
 14 |   x-security:
@@ -9,7 +9,7 @@ When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must
 16 |       values:
 17 |         token: some-token
 
-Error was generated by the x-security-scheme-name-link rule.
+Error was generated by the x-security-scheme-name-reference rule.
 
 
 
diff --git a/docs/@v2/rules/built-in-rules.md b/docs/@v2/rules/built-in-rules.md
@@ -136,8 +136,6 @@ Within the Arazzo family of rules, there are rules for the main Arazzo specifica
 - [workflow-dependsOn](./arazzo/workflow-dependsOn.md): the items in the `workflow` `dependsOn` property must exist and be unique
 - [workflowId-unique](./arazzo/workflowId-unique.md): the `workflowId` property must be unique across all workflows
 - [sourceDescriptions-not-empty](./arazzo/sourceDescriptions-not-empty.md): the `sourceDescriptions` must be defined and the list must have at least one entry.
-- [x-security-scheme-name-link](./arazzo/x-security-scheme-name-link.md): when multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must link to a source description (for example, `$sourceDescriptions.{name}.scheme`)
-- [no-x-security-both-scheme-and-scheme-name](./arazzo/no-x-security-both-scheme-and-scheme-name.md): forbids using both `scheme` and `schemeName` in the same `x-security` item
 
 ### Respect
 
@@ -147,6 +145,8 @@ The below rules are being migrated to Respect:
 - [respect-supported-versions](./respect/respect-supported-versions.md): the `version` property must be one of the supported values.
 - [no-x-security-scheme-name-without-openapi](./respect/no-x-security-scheme-name-without-openapi.md): the `x-security` can't use `schemeName` when Step request is described with `x-operation`.
 - [x-security-scheme-required-values](./respect/x-security-scheme-required-values.md) validate that `x-security` have all required `values` described according to the used `scheme`.
+- [x-security-scheme-name-reference](./respect/x-security-scheme-name-reference.md): when multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must reference a source description (for example, `$sourceDescriptions.{name}.scheme`)
+- [no-x-security-both-scheme-and-scheme-name](./respect/no-x-security-both-scheme-and-scheme-name.md): forbids using both `scheme` and `schemeName` in the same `x-security` item
 
 ## Resources
 
diff --git a/docs/@v2/rules/respect/no-x-security-both-scheme-and-scheme-name.md b/docs/@v2/rules/respect/no-x-security-both-scheme-and-scheme-name.md
@@ -8,8 +8,8 @@ Forbids using both `scheme` and `schemeName` in the same `x-security` item.
 
 ## Rationale
 
-A single `x-security` item must reference a security scheme in exactly one way: either by embedding the `scheme` object or by referencing it with `schemeName`.
-Having both is ambiguous and is rejected by the runtime.
+Each `x-security` entry must reference a security scheme in exactly one way—either embed the `scheme` object or reference it via `schemeName`.
+You can include multiple `x-security` entries in a workflow; this rule applies to each entry individually. Using both `scheme` and `schemeName` in the same entry is ambiguous and is rejected by the runtime.
 
 ## Configuration
 
@@ -66,9 +66,9 @@ workflows:
 
 ## Related rules
 
-- [x-security-scheme-name-link](./x-security-scheme-name-link.md)
-- [x-security-scheme-required-values](../respect/x-security-scheme-required-values.md)
+- [x-security-scheme-name-reference](./x-security-scheme-name-reference.md)
+- [x-security-scheme-required-values](./x-security-scheme-required-values.md)
 
 ## Resources
 
-- Rule source: https://github.com/Redocly/redocly-cli/blob/main/packages/core/src/rules/arazzo/no-x-security-both-scheme-and-scheme-name.ts
+- Rule source: https://github.com/Redocly/redocly-cli/blob/main/packages/core/src/rules/respect/no-x-security-both-scheme-and-scheme-name.ts
diff --git a/docs/@v2/rules/respect/x-security-scheme-name-reference.md b/docs/@v2/rules/respect/x-security-scheme-name-reference.md
@@ -1,16 +1,14 @@
-# x-security-scheme-name-link
+# x-security-scheme-name-reference
 
-When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a link to a specific source description (for example, `$sourceDescriptions.{name}.scheme`).
-If there is only one source description, a plain string is allowed.
+When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a reference to a specific source description (for example, `$sourceDescriptions.{name}.scheme`). If there is only one source description, a plain string is allowed.
 
 | Arazzo | Compatibility |
 | ------ | ------------- |
 | 1.x    | ✅            |
 
 ## Design principles
 
-With multiple source descriptions, using a plain `schemeName` is ambiguous.
-Requiring a link of the form `$sourceDescriptions.{name}.scheme` disambiguates which source description provides the security scheme.
+With multiple source descriptions, using a plain `schemeName` is ambiguous. Requiring a reference of the form `$sourceDescriptions.{name}.scheme` disambiguates which source description provides the security scheme.
 
 ## Configuration
 
@@ -22,7 +20,7 @@ An example configuration:
 
 ```yaml
 rules:
-  x-security-scheme-name-link: error
+  x-security-scheme-name-reference: error
 ```
 
 ## Examples
@@ -31,7 +29,7 @@ Given the following configuration:
 
 ```yaml
 rules:
-  x-security-scheme-name-link: error
+  x-security-scheme-name-reference: error
 ```
 
 Example with multiple source descriptions — incorrect (plain string `schemeName`):
@@ -48,13 +46,13 @@ sourceDescriptions:
 workflows:
   - workflowId: list-users
     x-security:
-      - schemeName: BasicAuth   # <- must be a link when multiple sources exist
+      - schemeName: BasicAuth   # <- must be a reference when multiple sources exist
         values:
           username: test@example.com
           password: 123456
 ```
 
-Example with multiple source descriptions — correct (linked `schemeName`):
+Example with multiple source descriptions — correct (referenced `schemeName`):
 
 ```yaml
 sourceDescriptions:
@@ -93,10 +91,9 @@ workflows:
 
 ## Related rules
 
-- [sourceDescriptions-not-empty](./sourceDescriptions-not-empty.md)
-- [sourceDescriptions-name-unique](./sourceDescriptions-name-unique.md)
-- [sourceDescriptions-type](./sourceDescriptions-type.md)
+- [no-x-security-both-scheme-and-scheme-name](./no-x-security-both-scheme-and-scheme-name.md)
+- [x-security-scheme-required-values](./x-security-scheme-required-values.md)
 
 ## Resources
 
-- Rule source: https://github.com/Redocly/redocly-cli/blob/main/packages/core/src/rules/arazzo/x-security-scheme-name-link.ts
+- Rule source: https://github.com/Redocly/redocly-cli/blob/main/packages/core/src/rules/respect/x-security-scheme-name-reference.ts
diff --git a/docs/@v2/sidebars.yaml b/docs/@v2/sidebars.yaml
@@ -151,13 +151,13 @@
             - page: rules/respect/respect-supported-versions.md
             - page: rules/respect/no-x-security-scheme-name-without-openapi.md
             - page: rules/respect/x-security-scheme-required-values.md
+            - page: rules/respect/x-security-scheme-name-reference.md
+            - page: rules/respect/no-x-security-both-scheme-and-scheme-name.md
             - page: rules/arazzo/criteria-unique.md
             - page: rules/arazzo/parameters-unique.md
             - page: rules/arazzo/requestBody-replacements-unique.md
             - page: rules/arazzo/sourceDescriptions-name-unique.md
             - page: rules/arazzo/sourceDescriptions-type.md
-            - page: rules/arazzo/x-security-scheme-name-link.md
-            - page: rules/arazzo/no-x-security-both-scheme-and-scheme-name.md
             - page: rules/arazzo/stepId-unique.md
             - page: rules/arazzo/step-onFailure-unique.md
             - page: rules/arazzo/step-onSuccess-unique.md
diff --git a/packages/core/src/config/__tests__/__snapshots__/config-resolvers.test.ts.snap b/packages/core/src/config/__tests__/__snapshots__/config-resolvers.test.ts.snap
@@ -10,7 +10,7 @@ exports[`resolveConfig > should ignore minimal from the root and read local file
     "no-enum-type-mismatch": "error",
     "no-required-schema-properties-undefined": "warn",
     "no-schema-type-mismatch": "error",
-    "no-x-security-both-scheme-and-scheme-name": "error",
+    "no-x-security-both-scheme-and-scheme-name": "off",
     "no-x-security-scheme-name-without-openapi": "off",
     "parameters-unique": "error",
     "requestBody-replacements-unique": "warn",
@@ -23,7 +23,7 @@ exports[`resolveConfig > should ignore minimal from the root and read local file
     "stepId-unique": "error",
     "workflow-dependsOn": "error",
     "workflowId-unique": "error",
-    "x-security-scheme-name-link": "error",
+    "x-security-scheme-name-reference": "off",
     "x-security-scheme-required-values": "off",
   },
   "async2Decorators": {},
@@ -381,7 +381,7 @@ exports[`resolveConfig > should resolve extends with local file config which con
     "no-enum-type-mismatch": "error",
     "no-required-schema-properties-undefined": "warn",
     "no-schema-type-mismatch": "error",
-    "no-x-security-both-scheme-and-scheme-name": "error",
+    "no-x-security-both-scheme-and-scheme-name": "off",
     "no-x-security-scheme-name-without-openapi": "off",
     "parameters-unique": "error",
     "requestBody-replacements-unique": "warn",
@@ -394,7 +394,7 @@ exports[`resolveConfig > should resolve extends with local file config which con
     "stepId-unique": "error",
     "workflow-dependsOn": "error",
     "workflowId-unique": "error",
-    "x-security-scheme-name-link": "error",
+    "x-security-scheme-name-reference": "off",
     "x-security-scheme-required-values": "off",
   },
   "async2Decorators": {},
diff --git a/packages/core/src/config/__tests__/load.test.ts b/packages/core/src/config/__tests__/load.test.ts
@@ -144,7 +144,7 @@ describe('loadConfig', () => {
               "stepId-unique": "error",
               "workflow-dependsOn": "off",
               "workflowId-unique": "error",
-              "x-security-scheme-name-link": "off",
+              "x-security-scheme-name-reference": "off",
               "x-security-scheme-required-values": "off",
             },
             "async2Decorators": {},
@@ -439,7 +439,7 @@ describe('loadConfig', () => {
               "no-enum-type-mismatch": "error",
               "no-required-schema-properties-undefined": "warn",
               "no-schema-type-mismatch": "error",
-              "no-x-security-both-scheme-and-scheme-name": "error",
+              "no-x-security-both-scheme-and-scheme-name": "off",
               "no-x-security-scheme-name-without-openapi": "off",
               "parameters-unique": "error",
               "requestBody-replacements-unique": "warn",
@@ -452,7 +452,7 @@ describe('loadConfig', () => {
               "stepId-unique": "error",
               "workflow-dependsOn": "error",
               "workflowId-unique": "error",
-              "x-security-scheme-name-link": "error",
+              "x-security-scheme-name-reference": "off",
               "x-security-scheme-required-values": "off",
             },
             "async2Decorators": {},
@@ -765,7 +765,7 @@ describe('loadConfig', () => {
               "stepId-unique": "error",
               "workflow-dependsOn": "off",
               "workflowId-unique": "error",
-              "x-security-scheme-name-link": "off",
+              "x-security-scheme-name-reference": "off",
               "x-security-scheme-required-values": "off",
             },
             "async2Decorators": {},
diff --git a/packages/core/src/config/all.ts b/packages/core/src/config/all.ts
@@ -292,8 +292,8 @@ const all: RawGovernanceConfig<'built-in'> = {
     'no-required-schema-properties-undefined': 'error',
     'no-enum-type-mismatch': 'error',
     'no-schema-type-mismatch': 'error',
-    'x-security-scheme-name-link': 'error',
-    'no-x-security-both-scheme-and-scheme-name': 'error',
+    'x-security-scheme-name-reference': 'off',
+    'no-x-security-both-scheme-and-scheme-name': 'off',
   },
   overlay1Rules: {
     'info-contact': 'error',
diff --git a/packages/core/src/rules/arazzo/index.ts b/packages/core/src/rules/arazzo/index.ts
@@ -15,12 +15,12 @@ import { NoCriteriaXpath } from '../respect/no-criteria-xpath.js';
 import { CriteriaUnique } from './criteria-unique.js';
 import { NoXSecuritySchemeNameWithoutOpenAPI } from '../respect/no-x-security-scheme-name-without-openapi.js';
 import { XSecuritySchemaRequiredValues } from '../respect/x-security-scheme-required-values.js';
-import { XSecuritySchemeNameLink } from './x-security-scheme-name-link.js';
-import { NoXSecurityBothSchemeAndSchemeName } from './no-x-security-both-scheme-and-scheme-name.js';
 import { NoUnresolvedRefs } from '../common/no-unresolved-refs.js';
 import { NoRequiredSchemaPropertiesUndefined } from '../common/no-required-schema-properties-undefined.js';
 import { NoEnumTypeMismatch } from '../common/no-enum-type-mismatch.js';
 import { NoSchemaTypeMismatch } from '../common/no-schema-type-mismatch.js';
+import { NoXSecurityBothSchemeAndSchemeName } from '../respect/no-x-security-both-scheme-and-scheme-name.js';
+import { XSecuritySchemeNameReference } from '../respect/x-security-scheme-name-reference.js';
 
 import type { Arazzo1Rule } from '../../visitors.js';
 import type { Arazzo1RuleSet } from '../../oas-types.js';
@@ -44,7 +44,7 @@ export const rules: Arazzo1RuleSet<'built-in'> = {
   'criteria-unique': CriteriaUnique,
   'no-x-security-scheme-name-without-openapi': NoXSecuritySchemeNameWithoutOpenAPI,
   'x-security-scheme-required-values': XSecuritySchemaRequiredValues,
-  'x-security-scheme-name-link': XSecuritySchemeNameLink,
+  'x-security-scheme-name-reference': XSecuritySchemeNameReference,
   'no-x-security-both-scheme-and-scheme-name': NoXSecurityBothSchemeAndSchemeName,
   'no-required-schema-properties-undefined': NoRequiredSchemaPropertiesUndefined as Arazzo1Rule,
   'no-enum-type-mismatch': NoEnumTypeMismatch as Arazzo1Rule,
diff --git a/packages/core/src/rules/respect/__tests__/no-x-security-both-scheme-and-schemeName.test.ts b/packages/core/src/rules/respect/__tests__/no-x-security-both-scheme-and-schemeName.test.ts
@@ -4,7 +4,7 @@ import { parseYamlToDocument, replaceSourceWithRef } from '../../../../__tests__
 import { BaseResolver } from '../../../resolve.js';
 import { createConfig } from '../../../config/load.js';
 
-describe('Arazzo no-x-security-both-scheme-and-schemeName', () => {
+describe('Respect no-x-security-both-scheme-and-schemeName', () => {
   it('should report when both scheme and schemeName are provided at workflow level', async () => {
     const document = parseYamlToDocument(
       outdent`
diff --git a/packages/core/src/rules/respect/__tests__/x-security-scheme-name-reference.test.ts b/packages/core/src/rules/respect/__tests__/x-security-scheme-name-reference.test.ts
@@ -4,7 +4,7 @@ import { parseYamlToDocument, replaceSourceWithRef } from '../../../../__tests__
 import { BaseResolver } from '../../../resolve.js';
 import { createConfig } from '../../../config/load.js';
 
-describe('Arazzo x-security-scheme-name-link', () => {
+describe('Arazzo x-security-scheme-name-reference', () => {
   it('should report when multiple sourceDescriptions exist and schemeName is a plain string', async () => {
     const document = parseYamlToDocument(
       outdent`
@@ -36,7 +36,7 @@ describe('Arazzo x-security-scheme-name-link', () => {
       externalRefResolver: new BaseResolver(),
       document,
       config: await createConfig({
-        rules: { 'x-security-scheme-name-link': 'error' },
+        rules: { 'x-security-scheme-name-reference': 'error' },
       }),
     });
 
@@ -50,16 +50,16 @@ describe('Arazzo x-security-scheme-name-link', () => {
               "source": "arazzo.yaml",
             },
           ],
-          "message": "When multiple \`sourceDescriptions\` exist, \`workflow.x-security.schemeName\` must be a link to a source description (e.g. \`$sourceDescriptions.{name}.{scheme}\`)",
-          "ruleId": "x-security-scheme-name-link",
+          "message": "When multiple \`sourceDescriptions\` exist, \`workflow.x-security.schemeName\` must be a reference to a source description (e.g. \`$sourceDescriptions.{name}.{scheme}\`)",
+          "ruleId": "x-security-scheme-name-reference",
           "severity": "error",
           "suggest": [],
         },
       ]
     `);
   });
 
-  it('should not report when multiple sourceDescriptions exist and schemeName is a valid link', async () => {
+  it('should not report when multiple sourceDescriptions exist and schemeName is a valid reference', async () => {
     const document = parseYamlToDocument(
       outdent`
         arazzo: '1.0.1'
@@ -90,7 +90,7 @@ describe('Arazzo x-security-scheme-name-link', () => {
       externalRefResolver: new BaseResolver(),
       document,
       config: await createConfig({
-        rules: { 'x-security-scheme-name-link': 'error' },
+        rules: { 'x-security-scheme-name-reference': 'error' },
       }),
     });
 
@@ -125,7 +125,7 @@ describe('Arazzo x-security-scheme-name-link', () => {
       externalRefResolver: new BaseResolver(),
       document,
       config: await createConfig({
-        rules: { 'x-security-scheme-name-link': 'error' },
+        rules: { 'x-security-scheme-name-reference': 'error' },
       }),
     });
 
diff --git a/packages/core/src/rules/respect/no-x-security-both-scheme-and-scheme-name.ts b/packages/core/src/rules/respect/no-x-security-both-scheme-and-scheme-name.ts
@@ -1,3 +1,5 @@
+import { getOwn } from '../../utils.js';
+
 import type { Arazzo1Rule } from '../../visitors.js';
 import type { UserContext } from '../../walk.js';
 import type { ExtendedSecurity } from '../../typings/arazzo.js';
@@ -10,10 +12,8 @@ export const NoXSecurityBothSchemeAndSchemeName: Arazzo1Rule = () => {
     if (!Array.isArray(extendedSecurity)) return;
 
     for (const security of extendedSecurity) {
-      if (!security || typeof security !== 'object') continue;
-
-      const hasScheme = Object.prototype.hasOwnProperty.call(security, 'scheme');
-      const hasSchemeName = Object.prototype.hasOwnProperty.call(security, 'schemeName');
+      const hasScheme = getOwn(security, 'scheme');
+      const hasSchemeName = getOwn(security, 'schemeName');
 
       if (hasScheme && hasSchemeName) {
         report({
diff --git a/packages/core/src/rules/respect/x-security-scheme-name-reference.ts b/packages/core/src/rules/respect/x-security-scheme-name-reference.ts
@@ -1,7 +1,7 @@
 import type { Arazzo1Rule } from '../../visitors.js';
 import type { UserContext } from '../../walk.js';
 
-export const XSecuritySchemeNameLink: Arazzo1Rule = () => {
+export const XSecuritySchemeNameReference: Arazzo1Rule = () => {
   let sourceDescriptionsCount = 0;
 
   return {
@@ -19,17 +19,15 @@ export const XSecuritySchemeNameLink: Arazzo1Rule = () => {
         }
 
         for (const security of extendedSecurity) {
-          if (!security || typeof security !== 'object') continue;
-
           if ('schemeName' in security) {
-            const schemeName = (security as { schemeName?: unknown }).schemeName;
-            const isLink =
+            const schemeName = security.schemeName;
+            const isReference =
               typeof schemeName === 'string' && schemeName.startsWith('$sourceDescriptions.');
 
-            if (!isLink) {
+            if (!isReference) {
               report({
                 message:
-                  'When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a link to a source description (e.g. `$sourceDescriptions.{name}.{scheme}`)',
+                  'When multiple `sourceDescriptions` exist, `workflow.x-security.schemeName` must be a reference to a source description (e.g. `$sourceDescriptions.{name}.{scheme}`)',
                 location: location.child([
                   'x-security',
                   extendedSecurity.indexOf(security),
diff --git a/packages/core/src/types/redocly-yaml.ts b/packages/core/src/types/redocly-yaml.ts
@@ -175,7 +175,7 @@ const builtInArazzo1Rules = [
   'no-required-schema-properties-undefined',
   'no-enum-type-mismatch',
   'no-schema-type-mismatch',
-  'x-security-scheme-name-link',
+  'x-security-scheme-name-reference',
 ] as const;
 
 export type BuiltInArazzo1RuleId = typeof builtInArazzo1Rules[number];
diff --git a/packages/respect-core/src/modules/__tests__/flow-runner/resolve-security-scheme.test.ts b/packages/respect-core/src/modules/__tests__/flow-runner/resolve-security-scheme.test.ts
diff --git a/packages/respect-core/src/modules/__tests__/flow-runner/resolve-x-security-parameters.ts.test.ts b/packages/respect-core/src/modules/__tests__/flow-runner/resolve-x-security-parameters.ts.test.ts
diff --git a/packages/respect-core/src/modules/flow-runner/get-test-description-from-file.ts b/packages/respect-core/src/modules/flow-runner/get-test-description-from-file.ts
diff --git a/packages/respect-core/src/modules/flow-runner/resolve-security-scheme.ts b/packages/respect-core/src/modules/flow-runner/resolve-security-scheme.ts
diff --git a/packages/respect-core/src/utils/api-fetcher.ts b/packages/respect-core/src/utils/api-fetcher.ts
