rules:
  healthlake-operation-summary:
    description: All operations must have a summary
    severity: error
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy
  healthlake-operation-id:
    description: All operations must have an operationId
    severity: error
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy
  healthlake-operation-tags:
    description: All operations should have tags
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy
  healthlake-response-200:
    description: All operations should have a 200 response
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete].responses"
    then:
      field: "200"
      function: truthy
  healthlake-schema-description:
    description: Schema components should have descriptions
    severity: info
    given: "$.components.schemas.*"
    then:
      field: description
      function: truthy
  healthlake-fhir-datastore:
    description: FHIR datastore operations should follow naming conventions
    severity: info
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy
  healthlake-hipaa-security:
    description: HIPAA-eligible service must document security requirements
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy
  healthlake-job-operations:
    description: Job operations should have consistent naming patterns
    severity: info
    given: "$.paths.*[get,post,put,patch,delete][?(@property == 'operationId' && @.match('Job'))]"
    then:
      function: truthy