feat: add rule to validate query and querystring parameters usage by n0rahh · Pull Request #2551 · Redocly/redocly-cli

n0rahh · 2026-02-10T08:28:01Z

What/Why/How?

A new rule has been added because if any parameters are in in: query, you cannot use in: querystring, and vice versa.

Reference

https://github.com/Redocly/redocly/issues/15509

Testing

Screenshots (optional)

Check yourself

Code changed? - Tested with Redoc/Realm/Reunite (internal)
All new/updated code is covered by tests
New package installed? - Tested in different environments (browser/node)
Documentation update considered

Security

The security impact of the change has been considered
Code follows company security practices and guidelines

…penAPI 3.2

changeset-bot · 2026-02-10T08:28:06Z

🦋 Changeset detected

Latest commit: 5d7330b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@redocly/openapi-core	Minor
@redocly/cli	Minor
@redocly/respect-core	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-actions · 2026-02-10T08:28:30Z

📦 A new experimental 🧪 version v0.0.0-snapshot.1770712109 of Redocly CLI has been published for testing.

Install with NPM:

npm install @redocly/cli@0.0.0-snapshot.1770712109
# or
npm install @redocly/openapi-core@0.0.0-snapshot.1770712109
# or
npm install @redocly/respect-core@0.0.0-snapshot.1770712109

⚠️ Note: This is a development build and may contain unstable features.

github-actions · 2026-02-10T08:30:23Z

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	79.49% (🎯 78%)	6348 / 7985
🔵	Statements	78.92% (🎯 78%)	6557 / 8308
🔵	Functions	83.42% (🎯 82%)	1304 / 1563
🔵	Branches	71.01% (🎯 70%)	4313 / 6073

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/core/src/config/all.ts	100%	100%	100%	100%
packages/core/src/config/minimal.ts	100%	100%	100%	100%
packages/core/src/config/recommended-strict.ts	100%	100%	100%	100%
packages/core/src/config/recommended.ts	100%	100%	100%	100%
packages/core/src/config/spec.ts	100%	100%	100%	100%
packages/core/src/rules/oas3/index.ts	100%	100%	100%	100%
packages/core/src/rules/oas3/spec-querystring-parameters.ts	100%	83.33%	100%	100%
packages/core/src/types/redocly-yaml.ts	92.3%	82.85%	100%	91.93%	366-373, 375, 520-525, 528-533, 536-541

Generated in workflow #8629 for commit 5d7330b by the Vitest Coverage Report Action

github-actions · 2026-02-10T08:30:31Z

CLI Version	Mean Time ± Std Dev (s)	Relative Performance (Lower is Faster)
cli-latest	3.561s ± 0.059s	▓ 1.00x
cli-next	3.545s ± 0.027s	▓ 1.00x (Fastest)

packages/core/src/config/spec.ts

packages/core/src/rules/oas3/spec-no-mixed-query-and-querystring-parameters.ts

tatomyr · 2026-02-11T08:09:20Z

.changeset/young-ghosts-drop.md

+"@redocly/cli": minor
+---
+
+Added `spec-no-mixed-query-and-querystring-parameters` rule to validate `query` and `querystring` parameter usage in OpenAPI 3.2.


Maybe it's also worth checking that it's the only one querystring declared on the Operation/PathItem to follow the other part of the spec restriction (https://spec.openapis.org/oas/v3.2.0.html#parameter-locations)? I'd suggest renaming the rule to something more general then, i.e. to spec-querystring-parameters.

packages/core/src/rules/oas3/spec-querystring-parameters.ts

packages/core/src/config/minimal.ts

packages/core/src/rules/oas3/__tests__/spec-no-mixed-query-and-querystring-parameters.test.ts

packages/core/src/rules/oas3/__tests__/spec-querystring-parameters.test.ts

tatomyr · 2026-02-13T07:56:33Z

packages/core/src/rules/oas3/spec-querystring-parameters.ts

+      },
+
+      Parameter(parameter: Oas3Parameter, ctx: UserContext) {
+        const location = ctx.parentLocations.PathItem.child(['parameters', ctx.key]);


This looks a bit too complicated. Cannot we simply use the ctx.location or something similar instead?

tatomyr · 2026-02-13T08:00:50Z

packages/core/src/rules/oas3/spec-querystring-parameters.ts

+  return parameters.filter((p) => !('$ref' in p) && p.in === 'querystring').length;
+}
+
+const QUERYSTRING_ONCE_MESSAGE =


Doesn't make sense to declare a const. Simply use it in place.

tatomyr · 2026-02-13T08:02:36Z

packages/core/src/rules/oas3/spec-querystring-parameters.ts

+}
+
+const QUERYSTRING_ONCE_MESSAGE =
+  'Parameters with `in: querystring` should be defined only once per path/operation parameter set (OpenAPI 3.2).';


Suggested change

'Parameters with `in: querystring` should be defined only once per path/operation parameter set (OpenAPI 3.2).';

'Parameters with `in: querystring` should be defined only once per path/operation parameter set.';

I don't think it's needed.

…tion logic

.changeset/young-ghosts-drop.md

JLekawa · 2026-02-13T10:07:41Z

@tatomyr: should this rule be documented in Built-in rules?

tatomyr · 2026-02-13T10:13:57Z

@JLekawa certainly. And not only there but in some other places perhaps too (sidebars, rulesets, the rule's documentation page itself, etc.). @n0rahh please add the corresponding docs as well and mark the corresponding point:

DmitryAnansky · 2026-02-13T10:21:51Z

packages/core/src/rules/oas3/__tests__/spec-querystring-parameters.test.ts

+import { BaseResolver } from '../../../resolve.js';
+import { createConfig } from '../../../config/index.js';
+
+describe('OAS3 spec-querystring-parameters (OAS 3.2)', () => {


Although querystring was introduced in 3.2, this rule also included into other that 3.2 specs, do we need to mention (OAS 3.2) in describe?

No, it won't appear on other spec flavours.

Oh, you mean in the describe's message? Let it remain there for the sake of clarity.

I think now it makes sense to keep it, I did the changes that @tatomyr suggested below

packages/core/src/config/spec.ts

tatomyr · 2026-02-13T10:26:03Z

Please disregard the failing smokes. They are related to a separate issue.

.changeset/young-ghosts-drop.md