healthclaw-guardrails

HealthClaw Guardrails

The security layer between AI agents and clinical data. A healthclaw.io open source project.

v1.5.0 | 614 Python + 65 Node tests | 20 MCP tools | FHIR R4 US Core v9 + R6 v6.0.0-ballot3 | Fasten TEFCA · HealthEx · HBO · Flexpa · Epic · MEDENT | Open Wearables | Real-world actions (calls/SMS) | SMART Health Links | Claude Code plugin

FHIR standardized how health data is structured. MCP standardized how AI connects to tools. Nobody standardized the guardrails in between. This project does.

What's new in v1.4.0 — Multi-Connector Health Data Pipeline

One Telegram bot. All your health records. Every major source, automatically.

The v1.4.0 release wires five distinct health data pipelines into HealthClaw — each with its own auth model, transport, and data format — and exposes them as unified Telegram slash commands so you never leave the chat.

Source	Coverage	Transport	Telegram command
Fasten TEFCA	Nationwide — all QHINs (hospitals, EHRs, labs) via CLEAR/ID.me	Webhook push	/connect
HealthEx	Lab + clinical aggregator	MCP Streamable HTTP pull	/export
Health Bank One	Identity-verified records + insurance context	MCP Streamable HTTP pull	/hbo-connect, /hbo-pull
Flexpa	200+ payers/insurers (CMS-9115 mandate)	SmartHealthConnect bridge	/flexpa-connect
Health Skillz (Epic)	Epic MyChart + major patient portals	SmartHealthConnect bridge	/epic-connect
MEDENT	Small-practice EHR (SMART on FHIR direct)	Direct SMART on FHIR pull	/medent-connect, /medent-pull

New infrastructure:

• /shc/ingest endpoint — SmartHealthConnect bridge receives FHIR bundles from Flexpa and Health Skillz pulls, applies the full guardrail stack, fires Telegram notification
• /shc/medent/callback broker — MEDENT's OAuth validator requires a public HTTPS redirect URI; Railway acts as the callback broker so the Mac mini agent can still drive the flow
• scripts/medent_oauth.py — SMART on FHIR Patient Standalone Launch (Dynamic Client Registration + PKCE + token caching + auto-refresh)
• scripts/export_medent_fhir.py — Pulls US Core R4 resources from any MEDENT practice, redacts PHI in-process
• Telegram: all 6 new commands deployed to all 7 OpenClaw personas (Sally, Mary, Dom, Kristy, Joe, Ronny, Shervin)

What's new in v1.3.0 — Wearables

Heart rate, HRV, SpO2, steps, sleep, BP, glucose, body weight — from Garmin, Oura, Polar, Suunto, Whoop, Fitbit, Strava, Ultrahuman — flow into HealthClaw as FHIR Observations with correct LOINC codes and device Provenance. Compiled Truth timelines now include wearable-sourced data; SmartHealthConnect's healthy-habits + diet-exercise skills read them through the same fhir_search they already use.

• Open Wearables sidecar (the-momentum/open-wearables, MIT) runs under a new wearables docker-compose profile. It owns per-provider OAuth; we own the FHIR mapping.
• r6/wearables/mapper.py translates 13 metrics to LOINC + UCUM FHIR Observations. Unknown fields fall through with code.text — no data loss.
• Daemon poller syncs every WEARABLES_POLL_INTERVAL (default 900s), posts through /Bundle/$ingest-context with step-up + X-Agent-Id: wearable-sync.
• wearables_sync_status MCP tool (16 tools total) returns connection status + _meta.ui.resourceUri pointing at the new Connection Manager MCP App.
• MCP App at /r6/fhir/mcp-apps/wearables/ — cards per provider: connect / re-auth / sync / view.

Quick start: OPEN_WEARABLES_URL=http://open-wearables:8000 docker-compose --profile wearables up -d.

What's new in v1.2.0 — Compiled Truth

Every other health tool shows you data. HealthClaw shows you the trail.

• GET /<type>/<id>/$compiled-truth — returns current redacted resource + curation state + quality score + full Provenance timeline (newest first).
• fhir_compiled_truth MCP tool — agents call this before making resource-specific claims; responses carry _meta.ui.resourceUri pointing to an embeddable review surface.
• MCP App at /r6/fhir/mcp-apps/compiled-truth/<type>/<id> — focused HTML page: current data, evidence timeline, approve / re-evaluate actions. Zero install.
• Activated schema — curation_state (raw → in_review → curated) and quality_score (0.0–1.0) now persisted on every resource.
• .health-context.yaml — single declaration of jurisdiction, audience, regulations, defaults. Read by the guardrail stack; mirrored in SmartHealthConnect.

What It Does

This is a vendor-neutral guardrail proxy that sits between any AI agent and any FHIR server. Every request passes through: