8000 RELEASE XCPD w/ custodian + CCD fixes by leite08 · Pull Request #4015 · metriport/metriport · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

RELEASE XCPD w/ custodian + CCD fixes #4015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jun 13, 2025
Merged

RELEASE XCPD w/ custodian + CCD fixes #4015

merged 9 commits into from
Jun 13, 2025

Conversation

leite08
Copy link
Member
@leite08 leite08 commented Jun 12, 2025
edited by coderabbitai bot
Loading

Issues:

Dependencies

none

Description

Testing

Check each PR.

Release Plan

  • ⚠️ Points to master
  • Merge this

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features
    • Improved security and formatting by HTML-encoding dynamic text fields in generated XML and CDA documents, including patient names, addresses, phone numbers, and various clinical table entries.
    • Added custodian information to registration event responses for enhanced data representation.
  • Bug Fixes
    • Enhanced identifier formatting to safely handle and trim non-string values.
  • Chores
    • Expanded logging in patient data routes to provide more detailed request tracking.
    • Updated middleware to accept additional XML content types in mock gateway utilities.
  • Refactor
    • Improved type safety for organization data structures.
    • Wrapped Lambda handler with enhanced monitoring utility for better observability.
    • Updated script paths in utility package for consistency.

8000
leite08 added 7 commits June 12, 2025 10:39
@leite08
fix(core): inbound XCPD includes custodian
c0d2f72 
Ref eng-454

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
fix: ccd generation HTML encodes text
a52f860 
Ref eng-441

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
refactor(api): log pt ID on search
6fa9a6f 
Ref eng-441

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
fix(core): convert identifier to string before trimming it
14c941c 
Ref eng-441

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
refactor(api): add log to internal consolidated response
909917d 
Ref eng-441

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
Merge pull request #4013 from metriport/eng-441-fix-invalid-chars-emp…
0ff6c0d 
…ty-ccd

ENG-441 Additional fixes for invalid chars in CCDs
@leite08
Merge pull request #4012 from metriport/eng-454-add-custodian-to-xcpd
fafa4f3 
ENG-454 Inbound XCPD includes custodian
< 8000 /div>
@coderabbitai coderabbitai
Copy link
coderabbitai bot commented Jun 12, 2025
edited
Loading

Walkthrough

The changes primarily introduce HTML encoding for dynamic string insertions in CDA and FHIR-to-CDA XML generation, update logging in several API routes, refine type annotations for organization data, and adjust handler wrapping and middleware configuration. No significant changes to control flow or exported function signatures are present.

Changes

File(s) Change Summary
packages/api/src/external/cda/generate-empty-ccd.ts Applied HTML encoding to all dynamic string insertions in generated XML; reordered imports.
packages/core/src/fhir-to-cda/cda-templates/components/allergies.ts
.../encounters.ts
.../family-history.ts
.../immunizations.ts
.../medications.ts
.../problems.ts
.../procedures.ts		 Applied encodeToHtml to relevant text fields in table row generation for allergies, encounters, family history, immunizations, medications, problems, and procedures sections.
packages/core/src/external/carequality/ihe-gateway-v2/inbound/xcpd/create/xcpd-response.ts Added a custodian object to the registrationEvent in the response structure.
packages/core/src/external/fhir/export/string/shared/identifier.ts Improved value extraction and type safety in formatIdentifier by converting values to strings and refining falsy checks.
packages/api/src/routes/internal/medical/patient.ts
packages/api/src/routes/medical/patient.ts		 Added logging statements for consolidated POST and search GET routes, respectively.
packages/lambdas/src/ihe-gateway-v2-inbound-patient-discovery.ts Wrapped Lambda handler with capture.wrapHandler; reorganized and expanded imports.
packages/shared/src/common/metriport-organization.ts Refined type annotation for metriportOrganization to require name, address, and telecom fields.
packages/utils/package.json Changed "mock-ihe-gateway" script path from carequality to saml directory.
packages/utils/src/saml/mock-ihe-gateway.ts Expanded raw body parser to accept more XML content types and removed explicit size limit.

Sequence Diagram(s)

sequenceDiagram
    participant API_Route as API Route Handler
    participant Logger as Logger
    participant CDA_Generator as CDA XML Generator
    participant HTML_Encoder as encodeToHtml Utility

    API_Route->>Logger: Log request details (e.g., conversionType, search query)
    API_Route->>CDA_Generator: Generate CDA/FHIR-to-CDA XML
    CDA_Generator->>HTML_Encoder: Encode dynamic strings for XML
    CDA_Generator-->>API_Route: Return encoded XML
Loading

Possibly related PRs

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

npm error code ERR_SSL_WRONG_VERSION_NUMBER
npm error errno ERR_SSL_WRONG_VERSION_NUMBER
npm error request to https://10.0.0.28:4873/punycode/-/punycode-2.3.1.tgz failed, reason: C0FC16A66F7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:
npm error
npm error A complete log of this run can be found in: /.npm/_logs/2025-06-13T00_34_32_077Z-debug-0.log

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fafa4f3 and 9d09855.

📒 Files selected for processing (1)
  • packages/core/src/external/carequality/ihe-gateway-v2/inbound/xcpd/create/xcpd-response.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/core/src/external/carequality/ihe-gateway-v2/inbound/xcpd/create/xcpd-response.ts
⏰ Context from checks skipped due to timeout of 90000ms (25)
  • GitHub Check: infra-api-lambdas / deploy
  • GitHub Check: ihe_stack / deploy
  • GitHub Check: api / deploy
  • GitHub Check: mllp-server / deploy
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
✨ Finishing Touches
  • 📝 Generate Docstrings
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@leite08 leite08 changed the title RELEASE RELEASE XCPD w/ custodian + CCD fixes Jun 12, 2025
@leite08 leite08 marked this pull request as ready for review June 12, 2025 23:59
coderabbitai[bot]
coderabbitai bot reviewed Jun 13, 2025
View reviewed changes
Copy link
@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🔭 Outside diff range comments (1)
packages/lambdas/src/ihe-gateway-v2-inbound-patient-discovery.ts (1)

27-71: 🛠️ Refactor suggestion

Avoid surfacing analytics/network failures as client (400) errors

analyticsAsync / getSecretValue are nice-to-have side effects.
If either of them throws, the execution jumps to the inner catch, which returns 400 Bad Request – misleading for callers and potentially masking genuine server issues.

Guard the analytics block with its own try / catch and downgrade failures to a log entry so that a transient PostHog or SecretsManager outage does not break the business flow nor misreport the status code.

-      if (result.patientMatch && postHogSecretName) {
-        const postHogApiKey = await getSecretValue(postHogSecretName, region);
-
-        if (postHogApiKey && engineeringCxId) {
-          await analyticsAsync(
-            {
-              distinctId: engineeringCxId,
-              event: EventTypes.inboundPatientDiscovery,
-              properties: {
-                patientId: result.patientId,
-                patientMatch: result.patientMatch,
-                homeCommunityId: pdRequest.samlAttributes.homeCommunityId,
-              },
-            },
-            postHogApiKey
-          );
-        }
-      }
+      if (result.patientMatch && postHogSecretName && engineeringCxId) {
+        try {
+          const postHogApiKey = await getSecretValue(postHogSecretName, region);
+          if (postHogApiKey) {
+            await analyticsAsync(
+              {
+                distinctId: engineeringCxId,
+                event: EventTypes.inboundPatientDiscovery,
+                properties: {
+                  patientId: result.patientId,
+                  patientMatch: result.patientMatch,
+                  homeCommunityId: pdRequest.samlAttributes.homeCommunityId,
+                },
+              },
+              postHogApiKey
+            );
+          }
+        } catch (analyticsError) {
+          log(
+            `Non-blocking analytics failure on ${lambdaName}: ${errorToString(analyticsError)}`
+          );
+        }
+      }

This keeps the happy path untouched while preventing false “Bad Request” responses.
(A separate improvement would be to distinguish between client vs. server errors explicitly, e.g., by throwing domain-specific errors.)

🧹 Nitpick comments (3)
packages/api/src/routes/internal/medical/patient.ts (1)

938-940: Minor string-formatting nit

The log context string ends with an unmatched right parenthesis:

out(`cx ${cxId}, pt ${id}, requestId ${requestId})`);
                          // -------------------^
-out(`cx ${cxId}, pt ${id}, requestId ${requestId})`);
+out(`cx ${cxId}, pt ${id}, requestId ${requestId}`);

Purely cosmetic but keeps logs tidy.

packages/core/src/fhir-to-cda/cda-templates/components/allergies.ts (1)

170-189: Encode all user-supplied strings for consistency & safety.

Great to see encodeToHtml applied to substance and comments. The same sanitisation should be extended to the remaining free-text columns (category, manifestation, onset, onsetDate) to guarantee uniform escaping.

-          {
-            "#text": category?.join(", ") ?? NOT_SPECIFIED,
+          {
+            "#text": encodeToHtml(category?.join(", ") ?? NOT_SPECIFIED),
           },
           {
             _ID: `${referenceId}-manifestation`,
-            "#text": manifestation,
+            "#text": encodeToHtml(manifestation ?? NOT_SPECIFIED),
           },
           {
-            "#text": formatDateToHumanReadableFormat(reaction?.onset) ?? NOT_SPECIFIED,
+            "#text": encodeToHtml(
+              formatDateToHumanReadableFormat(reaction?.onset) ?? NOT_SPECIFIED
+            ),
           },
packages/core/src/fhir-to-cda/cda-templates/components/problems.ts (1)

113-133: A couple more fields should be HTML-encoded.

icdCode and the human-readable clinical-status string can theoretically contain characters that break XML. Apply encodeToHtml for completeness and to match the other newly-encoded columns.

-            "#text": getIcdCode(condition.resource.code),
+            "#text": encodeToHtml(getIcdCode(condition.resource.code)),-            "#text": clinicalStatus?._displayName ?? NOT_SPECIFIED,
+            "#text": encodeToHtml(clinicalStatus?._displayName ?? NOT_SPECIFIED),
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 56d5fc3 and fafa4f3.

📒 Files selected for processing (16)
  • packages/api/src/external/cda/generate-empty-ccd.ts (8 hunks)
  • packages/api/src/routes/internal/medical/patient.ts (1 hunks)
  • packages/api/src/routes/medical/patient.ts (2 hunks)
  • packages/core/src/external/carequality/ihe-gateway-v2/inbound/xcpd/create/xcpd-response.ts (1 hunks)
  • packages/core/src/external/fhir/export/string/shared/identifier.ts (1 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/allergies.ts (4 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/encounters.ts (3 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/family-history.ts (3 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/immunizations.ts (3 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/medications.ts (3 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/problems.ts (3 hunks)
  • packages/core/src/fhir-to-cda/cda-templates/components/procedures.ts (3 hunks)
  • packages/lambdas/src/ihe-gateway-v2-inbound-patient-discovery.ts (3 hunks)
  • packages/shared/src/common/metriport-organization.ts (1 hunks)
  • packages/utils/package.json (1 hunks)
  • packages/utils/src/saml/mock-ihe-gateway.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
`**/*.ts`: - Use the Onion Pattern to organize a package's code in layers - Try to use immutable code and avoid sharing state across different functions, objects, and systems - Try...

**/*.ts: - Use the Onion Pattern to organize a package's code in layers

  • Try to use immutable code and avoid sharing state across different functions, objects, and systems
  • Try to build code that's idempotent whenever possible
  • Prefer functional programming style functions: small, deterministic, 1 input, 1 output
  • Minimize coupling / dependencies
  • Avoid modifying objects received as parameter
  • Only add comments to code to explain why something was done, not how it works
  • Naming
    • classes, enums: PascalCase
    • constants, variables, functions: camelCase
    • file names: kebab-case
    • table and column names: snake_case
    • Use meaningful names, so whoever is reading the code understands what it means
    • Don’t use negative names, like notEnabled, prefer isDisabled
    • For numeric values, if the type doesn’t convey the unit, add the unit to the name
  • Typescript
    • Use types
    • Prefer const instead of let
    • Avoid any and casting from any to other types
    • Type predicates: only applicable to narrow down the type, not to force a complete type conversion
    • Prefer deconstructing parameters for functions instead of multiple parameters that might be of
      the same type
    • Don’t use null inside the app, only on code interacting with external interfaces/services,
      like DB and HTTP; convert to undefined before sending inwards into the code
    • Use async/await instead of .then()
    • Use the strict equality operator ===, don’t use abstract equality operator ==
    • When calling a Promise-returning function asynchronously (i.e., not awaiting), use .catch() to
      handle errors (see processAsyncError and emptyFunction depending on the case)
    • Date and Time
      • Always use buildDayjs() to create dayjs instances
      • Prefer dayjs.duration(...) to create duration consts and keep them as duration
  • Prefer Nullish Coalesce (??) than the OR operator (||) to provide a default value
  • Avoid creating arrow functions
  • Use truthy syntax instead of in - i.e., if (data.link) not if ('link' in data)
  • Error handling
    • Pass the original error as the new one’s cause so the stack trace is persisted
    • Error messages should have a static message - add dynamic data to MetriportError's additionalInfo prop
    • Avoid sending multiple events to Sentry for a single error
  • Global constants and variables
    • Move literals to constants declared after imports when possible (avoid magic numbers)
    • Avoid shared, global objects
  • Avoid using console.log and console.error in packages other than utils, infra and shared,
    and try to use out().log instead
  • Avoid multi-line logs
    • don't send objects as a second parameter to console.log() or out().log()
    • don't create multi-line strings when using JSON.stringify()
  • Use eslint to enforce code style
  • Use prettier to format code
  • max column length is 100 chars
  • multi-line comments use /** */
  • scripts: top-level comments go after the import
  • packages/core/src/fhir-to-cda/cda-templates/components/encounters.ts
  • packages/api/src/routes/medical/patient.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/immunizations.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/medications.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/allergies.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/family-history.ts
  • packages/utils/src/saml/mock-ihe-gateway.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/procedures.ts
  • packages/core/src/fhir-to-cda/cda-templates/components/problems.ts
  • packages/core/src/external/carequality/ihe-gateway-v2/inbound/xcpd/create/xcpd-response.ts
  • packages/shared/src/common/metriport-organization.ts
  • packages/core/src/external/fhir/export/string/shared/identifier.ts
  • packages/lambdas/src/ihe-gateway-v2-inbound-patient-discovery.ts
  • packages/api/src/routes/internal/medical/patient.ts
  • packages/api/src/external/cda/generate-empty-ccd.ts
< 8000 details> 🧠 Learnings (2)
packages/api/src/routes/medical/patient.ts (2) 
Learnt from: leite08
PR: metriport/metriport#3814
File: packages/api/src/routes/internal/medical/patient-consolidated.ts:141-174
Timestamp: 2025-05-20T21:26:26.804Z
Learning: The functionality introduced in packages/api/src/routes/internal/medical/patient-consolidated.ts is planned to be refactored in downstream PR #3857, including improvements to error handling and validation.

Learnt from: leite08
PR: metriport/metriport#3942
File: packages/core/src/command/consolidated/search/fhir-resource/search-consolidated.ts:48-55
Timestamp: 2025-06-01T13:42:46.270Z
Learning: In the consolidated search architecture, SearchConsolidatedParams interface allows optional query to support different implementation strategies. The searchPatientConsolidated function requires a defined query parameter because it's only called when query is guaranteed to be present. When query is undefined, SearchConsolidatedDirect branches to use getConsolidatedPatientData instead. This design pattern allows interface flexibility while maintaining implementation specificity.
packages/api/src/routes/internal/medical/patient.ts (1) 
Learnt from: leite08
PR: metriport/metriport#3814
File: packages/api/src/routes/internal/medical/patient-consolidated.ts:141-174
Timestamp: 2025-05-20T21:26:26.804Z
Learning: The functionality introduced in packages/api/src/routes/internal/medical/patient-consolidated.ts is planned to be refactored in downstream PR #3857, including improvements to error handling and validation.
🧬 Code Graph Analysis (8)
packages/core/src/fhir-to-cda/cda-templates/components/encounters.ts (1)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/core/src/fhir-to-cda/cda-templates/components/immunizations.ts (1)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/core/src/fhir-to-cda/cda-templates/components/medications.ts (1)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/core/src/fhir-to-cda/cda-templates/components/allergies.ts (1)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/core/src/fhir-to-cda/cda-templates/components/procedures.ts (2)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/utils/src/fhir/fhir-deduplication/report/resource-props.ts (1)
  • getNotes (314-328)
packages/core/src/fhir-to-cda/cda-templates/components/problems.ts (1)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/shared/src/common/metriport-organization.ts (1)
packages/core/src/domain/organization.ts (1)
  • Organization (52-55)
packages/api/src/external/cda/generate-empty-ccd.ts (2)
packages/shared/src/common/html.ts (1)
  • encodeToHtml (1-8)
packages/shared/src/common/metriport-organization.ts (1)
  • metriportOrganization (4-24)
⏰ Context from checks skipped due to timeout of 90000ms (6)
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: check-pr / lint-build-test
  • GitHub Check: Analyze (javascript)
🔇 Additional comments (12)
packages/core/src/external/fhir/export/string/shared/identifier.ts (1)

37-39: Good defensive conversion, but double-check edge cases

Converting identifier.value with String() is a nice way to accept numbers, but note that:

  • 0 or false are filtered out because of the if (!identifier?.value) guard – that’s fine for FHIR (where value should be a non-empty string) but worth keeping in mind if the upstream type ever loosens.
  • String(null) / String(undefined) will never be reached because of the same guard – 👍.

Looks good overall.

packages/utils/package.json (1)

27-29:

✅ Verification successful

Verify that the new script target actually exists

The script now references src/saml/mock-ihe-gateway. Ensure:

  1. packages/utils/src/saml/mock-ihe-gateway.ts is committed.
  2. The file’s default export is still executable via ts-node (no breaking import path changes).

🏁 Script executed:

#!/bin/bash
# List the expected file to confirm it’s present
fd mock-ihe-gateway.ts -I

Length of output: 71

🏁 Script executed:

#!/bin/bash
# Display the first few lines to check for a shebang and inspect default export
echo "=== Shebang Check ==="
head -n 5 packages/utils/src/saml/mock-ihe-gateway.ts

echo -e "\n=== Default Export Check ==="
grep -R "export default" packages/utils/src/saml/mock-ihe-gateway.ts || echo "No default export found"

Length of output: 579

Script target verified and ready to run

  • Confirmed packages/utils/src/saml/mock-ihe-gateway.ts is present.
  • This is a standalone ts-node script (top-level code), so no default export is required for execution.
packages/api/src/routes/medical/patient.ts (2)

8-9: out() usage: make sure typings still align

You added import { out } from "@metriport/core/util/log";.
Double-check that out(string) returns an object with .log() – older versions exported out() (no params) returning a logger. If the signature changed you’ll get a TS error at compile time.

No change requested if it already compiles.

202-203: Patient & customer identifiers now hit the logs

cx ${patient.cxId} pt ${patient.id} is useful for debugging, but these are PHI/PII. Confirm that:

  • The logger is configured to route these fields to a secure destination (or to be redacted in lower-envs).
  • We’re not violating any internal policy that forbids patient identifiers in plain logs.

If that’s already covered by the logging infra, 👍.

packages/core/src/fhir-to-cda/cda-templates/components/medications.ts (2)

3-3: HTML-encoding import is a solid addition

Importing encodeToHtml brings the medications component in line with the other CDA templates and mitigates injection issues.

116-117: Text is now safely escaped – verify callers aren’t double-encoding

encodeToHtml(medicationName ?? NOT_SPECIFIED) correctly escapes unsafe characters.
Just confirm upstream data hasn’t already been encoded, otherwise you’ll end up with &amp;lt;.

packages/core/src/fhir-to-cda/cda-templates/components/encounters.ts (2)

3-3: Consistent HTML escaping introduced

Good to see encodeToHtml imported – aligns with other sections.

153-159: Escaping provider & location fields looks good

Both practitioner info and location description are now HTML-safe. No further issues spotted.

packages/core/src/fhir-to-cda/cda-templates/components/family-history.ts (2)

8-8: Import of encodeToHtml aligns with security best practices

👍 Brings the family-history template in line with the new encoding standard.

136-143: Relationship, name & comments now escaped

The new encoding prevents broken markup when commas/apostrophes appear in free-text. Looks correct.

packages/shared/src/common/metriport-organization.ts (1)

4-5: Type-safety refinement looks solid.
Narrowing the type with Required<…> guarantees callers always have the critical organisation fields available. No additional concerns.

packages/api/src/external/cda/generate-empty-ccd.ts (1)

30-48: Encoding additions LGTM.

Dynamic patient and organisation strings are now safely escaped, eliminating injection risks in generated CCDs.
No further issues spotted.

leite08 added 2 commits June 12, 2025 17:26
@leite08
fix(core): custodian on XCPD doesn't have assignedCustodian
763059f 
Ref eng-454

Signed-off-by: Rafael Leite <2132564+leite08@users.noreply.github.com>
@leite08
Merge pull request #4016 from metriport/eng-454-add-custodian-to-xcpd_2
9d09855 
ENG-454 Custodian on XCPD doesn't have assignedCustodian
@leite08 leite08 added this pull request to the merge queue Jun 13, 2025
Merged via the queue into master with commit 35cb6fb Jun 13, 2025
73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@RamilGaripov RamilGaripov RamilGaripov approved these changes

@Goncharo Goncharo Awaiting requested review from Goncharo Goncharo is a code owner

@Orta21 Orta21 Awaiting requested review from Orta21 Orta21 is a code owner

@thomasyopes thomasyopes Awaiting requested review from thomasyopes thomasyopes is a code owner

@lucasdellabella lucasdellabella Awaiting requested review from lucasdellabella lucasdellabella is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leite08 @RamilGaripov
0