Community Health Systems · API Governance Rules

Community Health Systems API Rules

Spectral linting rules defining API design standards and conventions for Community Health Systems.

9 Rules error 4 warn 4 info 1
View Rules File View on GitHub

Rule Categories

chs

Rules

error
chs-info-contact
API info must include a contact block.
$.info
error
chs-server-https
Server URLs must use HTTPS.
$.servers[*].url
warn
chs-server-host
Server URLs should point to api.chs.net.
$.servers[*].url
warn
chs-fhir-r4-base
Server URL should include the /fhir/r4 base path.
$.servers[*].url
error
chs-operation-id
Every operation must declare a unique operationId.
$.paths[*][get,post,put,patch,delete]
warn
chs-operation-tags
Operations must declare at least one tag.
$.paths[*][get,post,put,patch,delete]
warn
chs-fhir-mediatype
FHIR responses should use application/fhir+json content type.
$.paths[*][get,post,put,patch].responses.200.content
error
chs-oauth2-smart
API must declare OAuth2 with SMART-on-FHIR scopes.
$.components.securitySchemes
info
chs-fhir-resource-paths
Paths should be capitalized FHIR resource type names.
$.paths

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

# Spectral linting rules for the Community Health Systems FHIR APIs.
# Tuned to CMS Interoperability Final Rule (CMS-9115-F) requirements:
# FHIR R4 servers, SMART-on-FHIR OAuth2 with patient/launch scopes,
# and FHIR Bundle response shapes.
rules:
  chs-info-contact:
    description: API info must include a contact block.
    severity: error
    given: "$.info"
    then:
      field: contact
      function: truthy

  chs-server-https:
    description: Server URLs must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  chs-server-host:
    description: Server URLs should point to api.chs.net.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "api\\.chs\\.net"

  chs-fhir-r4-base:
    description: Server URL should include the /fhir/r4 base path.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "/fhir/r4"

  chs-operation-id:
    description: Every operation must declare a unique operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  chs-operation-tags:
    description: Operations must declare at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  chs-fhir-mediatype:
    description: FHIR responses should use application/fhir+json content type.
    severity: warn
    given: "$.paths[*][get,post,put,patch].responses.200.content"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ['application/fhir+json']
            - required: ['application/json']

  chs-oauth2-smart:
    description: API must declare OAuth2 with SMART-on-FHIR scopes.
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            oauth2:
              type: object
              properties:
                type:
                  const: oauth2

  chs-fhir-resource-paths:
    description: Paths should be capitalized FHIR resource type names.
    severity: info
    given: "$.paths"
    then:
      function: schema
      functionOptions:
        schema:
          type: object