extends: spectral:oas
rules:
  penn-medicine-server-url:
    description: All Penn Medicine API specs must reference the production FHIR R4 base URL.
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://ssproxy\.pennhealth\.com/PRD-FHIR/api/FHIR/R4$'

  penn-medicine-operation-summary-title-case:
    description: Operation summaries must use Title Case.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: pattern
      functionOptions:
        match: '^([A-Z][a-zA-Z0-9]*)(\s[A-Z][a-zA-Z0-9]*)*$'

  penn-medicine-smart-on-fhir-security:
    description: Every Penn Medicine spec must declare the smartOnFhir OAuth2 security scheme.
    severity: error
    given: $.components.securitySchemes
    then:
      field: smartOnFhir
      function: truthy

  penn-medicine-canonical-tags:
    description: Operations must carry one of the canonical Penn Medicine tags.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].tags[*]
    then:
      function: enumeration
      functionOptions:
        values:
          - Patient Access
          - Provider Directory
          - Bulk Data
          - SMART