{
  "context": "This criteria evaluates how well the engineer uses the openapi-types package to work with OpenAPI 2.0 security scheme type definitions. The focus is on proper type usage for Swagger 2.0 security schemes including basic auth, API key, and OAuth2 with legacy flow types.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "OpenAPIV2 Import",
      "description": "Imports and uses the OpenAPIV2 namespace from openapi-types package",
      "max_score": 15
    },
    {
      "name": "SecuritySchemeObject Typing",
      "description": "Uses OpenAPIV2.SecuritySchemeObject or its subtypes (SecuritySchemeBasic, SecuritySchemeApiKey, SecuritySchemeOauth2) to properly type security scheme parameters",
      "max_score": 25
    },
    {
      "name": "Basic Auth Type",
      "description": "Correctly uses OpenAPIV2.SecuritySchemeBasic type or checks for type='basic' to identify basic authentication schemes",
      "max_score": 15
    },
    {
      "name": "API Key Type",
      "description": "Correctly uses OpenAPIV2.SecuritySchemeApiKey type or checks for type='apiKey', and accesses the 'in' property to get location",
      "max_score": 15
    },
    {
      "name": "OAuth2 Type",
      "description": "Correctly uses OpenAPIV2.SecuritySchemeOauth2 type or checks for type='oauth2', and accesses the 'flow' property to identify flow type (implicit, password, application, accessCode)",
      "max_score": 20
    },
    {
      "name": "Security Requirement",
      "description": "Uses OpenAPIV2.SecurityRequirementObject or Record<string, string[]> type to properly type security requirement parameters and extracts scheme names",
      "max_score": 10
    }
  ]
}