or run

npx @tessl/cli init

API Security Validator

A utility that validates and analyzes security configurations in OpenAPI 3.0 documents. The tool should parse OpenAPI documents, extract security requirements, and generate reports about the authentication and authorization mechanisms used.

Capabilities

Validates security scheme definitions

Accepts an OpenAPI 3.0 document and returns true if all security schemes in the components section are valid (have proper type, required fields, and structure), false otherwise @test
Returns false when a security scheme is missing required fields (e.g., an OAuth2 scheme without flows) @test

Extracts security requirements

Given an OpenAPI 3.0 document with global security requirements, returns an array of security requirement names @test
Given an operation with operation-level security requirements, returns the security schemes required for that specific operation @test

Identifies security scheme types

Analyzes security schemes and returns a map of scheme names to their types (http, apiKey, oauth2, openIdConnect) @test

Generates security summary

Creates a summary object containing the count of each security scheme type and a list of all operations that require authentication @test

Implementation

@generates

API

import { OpenAPIV3 } from 'openapi-types';

/**
 * Validates that all security schemes in an OpenAPI document are properly defined
 */
export function validateSecuritySchemes(document: OpenAPIV3.Document): boolean;

/**
 * Extracts global security requirements from a document
 */
export function extractGlobalSecurity(document: OpenAPIV3.Document): string[];

/**
 * Extracts security requirements for a specific operation
 */
export function extractOperationSecurity(
  operation: OpenAPIV3.OperationObject
): string[];

/**
 * Returns a map of security scheme names to their types
 */
export function identifySchemeTypes(
  document: OpenAPIV3.Document
): Record<string, string>;

/**
 * Generates a summary of security configuration
 */
export interface SecuritySummary {
  schemeTypeCounts: Record<string, number>;
  protectedOperations: string[];
}

export function generateSecuritySummary(document: OpenAPIV3.Document): SecuritySummary;

Dependencies { .dependencies }

openapi-types { .dependency }

Provides TypeScript type definitions for OpenAPI 3.0 specifications, including comprehensive security scheme types.

@satisfied-by

Version

Files

task.mdevals/scenario-3/

API Security Validator

Capabilities

Validates security scheme definitions

Extracts security requirements

Identifies security scheme types

Generates security summary

Implementation

API

Dependencies { .dependencies }

openapi-types { .dependency }

Version

Files

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-3/

API Security Validator

Capabilities

Validates security scheme definitions

Extracts security requirements

Identifies security scheme types

Generates security summary

Implementation

API

Dependencies { .dependencies }

openapi-types { .dependency }

task.mdevals/scenario-3/