Context
Rule 25 uses a multi-heuristic approach to detect list endpoints:
- Checks if response type is `array`
- Checks if response schema contains `page`/`total_count`/`page_size` fields with an array property
- Excludes `getById` patterns via regex
- Only applies to GET operations with `operationId` matching `/^(get|list|search|find)/i`
Problem
The heuristic is complex and fragile:
- Response-body introspection is unreliable for paginated wrappers with `$ref`
- The `getById` exclusion uses regex patterns that may not cover all single-resource reads
- New list endpoints may not trigger detection if they use different response patterns
Proposal
Standardize on `operationId` convention:
- `list*` or `getAll*` = list endpoint, must have pagination params
- `get*` (without `All`) on a parameterized path = single-resource read, exempt
- Remove response-body introspection heuristic
This requires ensuring all existing list endpoints use `list` or `getAll` prefixes in their `operationId`.
Impact
- Validator change: simplify `validatePaginationParams()`
- Schema changes: audit and rename `operationId` values that don't follow the convention
References
Identified in schema validator audit — Section 3c (Heuristic Detection).
Context
Rule 25 uses a multi-heuristic approach to detect list endpoints:
Problem
The heuristic is complex and fragile:
Proposal
Standardize on `operationId` convention:
This requires ensuring all existing list endpoints use `list` or `getAll` prefixes in their `operationId`.
Impact
References
Identified in schema validator audit — Section 3c (Heuristic Detection).