davinci_pas_test_kit 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8afec0fe44554f72cce5bfd53e2ec230aac6b9cf7a1c9619a2e7264f3e09a2ba
+  data.tar.gz: 02c6532a6c3e541a704df48a875e20bf73282e4d8fbf7cd590c6541d7d1183f9
+SHA512:
+  metadata.gz: 2a198d440407b88f2c9fef9002f36ece049baec615418d8a538a14d3314551366546331d44cea15b12e433cfbb25c5e8f087b71d45fa2a66c404618a2f1a4f58
+  data.tar.gz: c21b95655561c420a0a28efaf222d0ad0a480b17aa1dc53c4d2faeee0322bc6de5395c82162197dfd9e748dbf21c58438b1a9a978190f75af10a277accc0af3a

data/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/lib/davinci_pas_test_kit/client_suite.rb

@@ -0,0 +1,289 @@
+require_relative 'ext/inferno_core/record_response_route'
+require_relative 'ext/inferno_core/runnable'
+require_relative 'ext/inferno_core/request'
+require_relative 'validator_suppressions'
+require_relative 'tags'
+require_relative 'urls'
+require_relative 'mock_server'
+require_relative 'custom_groups/v2.0.1/pas_client_authentication_group'
+require_relative 'custom_groups/v2.0.1/pas_client_approval_group'
+require_relative 'custom_groups/v2.0.1/pas_client_denial_group'
+require_relative 'custom_groups/v2.0.1/pas_client_pended_group'
+require_relative 'generated/v2.0.1/pas_client_submit_must_support_use_case_group'
+require_relative 'generated/v2.0.1/pas_client_inquiry_must_support_use_case_group'
+require_relative 'version'
+
+module DaVinciPASTestKit
+  class ClientSuite < Inferno::TestSuite
+    extend MockServer
+
+    id :davinci_pas_client_suite_v201
+    title 'Da Vinci PAS Client Suite v2.0.1'
+    version VERSION
+    description %(
+      The Da Vinci PAS Test Kit Client Suite validates the conformance of client
+      systems to the STU 2 version of the HL7® FHIR®
+      [Da Vinci Prior Authorization Support Implementation Guide](https://hl7.org/fhir/us/davinci-pas/STU2/).
+
+      ## Scope
+
+      These tests are a **DRAFT** intended to allow PAS client implementers to perform
+      preliminary checks of their clients against PAS IG requirements and [provide
+      feedback](https://github.com/inferno-framework/davinci-pas-test-kit/issues)
+      on the tests. Future versions of these tests may validate other
+      requirements and may change the test validation logic.
+
+      ## Test Methodology
+
+      Inferno will simulate a PAS server for the client under test to interact with. The client
+      will be expected to initiate requests to the server and demonstrate its ability to react
+      to the returned responses. Over the course of these interactions,
+      Inferno will seek to observe conformant handling of PAS requirements, including
+      - The ability of the client to initiate and react to
+          - The approval of a prior authorization request
+          - The denial of a prior authorization request
+          - The pending of a prior authorization request and a subsequent final decision
+      - The ability of the client to provide data covering the full scope of required by PAS, including
+          - The ability to send prior auth requests and inquiries with all PAS profiles and all must support elements on
+            those profiles
+          - The ability to handle responses that contain all PAS profiles and all must support elements on those
+            profiles (not included in the current version of these tests)
+
+      Because X12 details, including coded values indicating details like “denied” and “pended”,
+      are not public, Inferno is not currently able to generate a full set of responses to requests
+      or otherwise provide details on specific codes used to represent those concepts
+      and is limited to responses that look similar to the examples in the IG (e.g., [here](https://hl7.org/fhir/us/davinci-pas/STU2/Bundle-ReferralAuthorizationResponseBundleExample.html)).
+      Thus,
+
+      - In order to demonstrate specific workflows, namely pend and denial, users will need to provide the expected
+        response for Inferno to send back
+      - The current tests do not return to the client all PAS profiles and must support elements to confirm support.
+
+      For further details on limitations of these tests, see the *Testing Limitations* section below.
+
+      All requests and responses will be checked for conformance to the PAS
+      IG requirements individually and used in aggregate to determine whether
+      required features and functionality are present. HL7® FHIR® resources are
+      validated with the Java validator using `tx.fhir.org` as the terminology server.
+
+      ## Running the Tests
+
+      ### Quick Start
+
+      For Inferno to simulate a server that always returns approved responses, it needs
+      only to know the bearer token that the client will send on requests, for which there are two options.
+
+      1. If you want to choose your own bearer token, then
+          1. Select the "2. PAS Client Validation" test from the list on the left.
+          2. Click the '*Run All Tests*' button on the right.
+          3. In the "access_token" field, enter the bearer token that will be sent by the client under test (as part
+             of the Authorization header - Bearer: <provided value>).
+          4. Click the '*Submit*' button at the bottom of the dialog.
+      2. If you want to use a client_id to obtain an access token, then
+          1. Click the '*Run All Tests*' button on the right.
+          2. Provide the client's registered id "client_id" field of the input (NOTE, Inferno doesn't support the
+             registration API, so this must be obtained from another system or configured manually).
+          3. Click the '*Submit*' button at the bottom of the dialog.
+          4. Make a token request that includes the specified client id to the
+             `<inferno host>/custom/davinci_pas_client_suite_v201/mock_auth/token` endpoint to get
+             an access token to use on the request of the requests.
+
+      In either case, the tests will continue from that point, requesting the user to
+      direct the client to make certain requests to demonstrate PAS client capabilities.
+
+      Note: authentication options for these tests have not been finalized and are subject to change.
+
+      ### Complete Setup
+
+      The *Quick Start* approach does not test pended or deny workflows. To test these, provide a
+      json-encoded FHIR bundle in the "Claim pended response JSON" and "Claim deny response JSON" input field after
+      clicking the '*Run All Tests*' button. These responses will be echoed back when a request
+      is made during the corresponding test.
+
+      ### Postman-based Demo
+
+      If you do not have a PAS client but would like to try the tests out, you can use
+      [this postman collection](https://raw.githubusercontent.com/inferno-framework/davinci-pas-test-kit/blob/main/config/PAS%20Test%20Kit%20Client%20Test%20Demo.postman_collection.json)
+      to make requests against Inferno. The following requests and example responses from that collection can be used.
+
+      - Configuration
+        - *Deny Response* example under the *Homecare Prior Authorization Request*: use as the value of the
+          "Claim denied response JSON" input field. NOTE: this contains a placeholder code `DENIEDCODE` for the
+          X12 code representing the denied status. Replace with the X12-specified code before providing to Inferno
+          to accurately replicate a denial workflow for the client under test.
+        - *Pend Response* example under the *Medical Services Prior Authorization Request*: use as the value of the
+          "Claim pended response JSON" input field. NOTE: this contains a placeholder code `PENDEDCODE` for the
+          X12 code representing the pended status. Replace with the X12-specified code before providing to Inferno
+          to accurately replicate a pend workflow for the client under test.
+      - Submissions
+        - *mock token*: for submitting a client id to get back an access token to use on the rest of the tests. Set the
+          collection's access_token variable to the result.
+        - *Referral Prior Authorization Request*: use for the "Approval" workflow test submission.
+        - *Medical Services Prior Authorization Request*: use for the "Pended" workflow test submission.
+        - *Medical Services Inquiry Request*: use for the "Pended" workflow test inquiry.
+
+      No additional requests are present to submit as a part of the must support tests, so
+      testers can simply click the link to indicate they are done submitting requests. Note
+      that the requests within the Postman client are not expected to fully pass the tests as they
+      do not contain all must support items.
+
+      ## Testing Limitations
+
+      ### Private X12 details
+
+      HIPAA [requires](https://hl7.org/fhir/us/davinci-pas/STU2/regulations.html) electronic prior authorization
+      processing to use the X12 278 standard. While recent CMS rule-making suggests that [this requirement
+      will not be enforced in the future](https://www.cms.gov/newsroom/fact-sheets/cms-interoperability-and-prior-authorization-final-rule-cms-0057-f),
+      the current PAS IG relies heavily on X12.  As the IG authors note at the
+      top of the [IG home page](https://hl7.org/fhir/us/davinci-pas/STU2/index.html):
+
+      > Note that this implementation guide is intended to support mapping between FHIR and X12 transactions. To respect
+      > X12 intellectual property, all mapping and X12-specific terminology information will be solely published by X12
+      > and made available in accordance with X12 rules - which may require membership and/or payment. Please see this
+      > [Da Vinci External Reference page](https://confluence.hl7.org/display/DVP/Da+Vinci+Reference+to+External+Standards+and+Terminologies)
+      > for details on how to get this mapping.
+      >
+      > There are many situationally required fields that are specified in the X12 TRN03 guide that do not have guidance
+      > in this Implementation Guide. Implementers need to consult the X12 PAS guides to know the requirements for these
+      > fields.
+      >
+      > Several of the profiles will require use of terminologies that are part of X12 which we anticipate being made
+      > publicly available. At such time as this occurs, the implementation guide will be updated to bind to these as
+      > external terminologies.
+
+      The implications of this reliance on proprietary information that is not publicly available means that this test
+      kit:
+
+      - Cannot verify the correct usage of X12-based terminology: terminology requirements for all elements bound to X12
+        value sets will not be validated.
+      - Cannot verify the meaning of codes: validation that a given response conveys something specific, e.g., approval
+        or pending, is not performed.
+      - Cannot verify matching semantics on inquiries: no checking of the identity of the ClaimResponse returned for an
+        inquiry, e.g., that it matches the input or the original request.
+
+      These limitations may be removed in future versions of these tests. In the meantime, testers should consider these
+      requirements to be verified through attestation and should not represent their systems to have passed these tests
+      if these requirements are not met.
+
+      ### Underspecified Subscription Details
+
+      The current PAS specification around subscriptions and notifications
+      is not detailed enough to support testing. Notably,
+      - There are no examples of what a notification payload looks like
+      - There is no instruction on how to turn the notification payload into an inquiry
+
+      Once these details have been clarified, validation of the notification workflows
+      will be added to these tests.
+
+      ### Future Details
+
+      The PAS IG places additional requirements on clients that are not currently tested by this test kit, including
+
+      - Prior Authorization update workflows
+      - Requests for additional information handled through the CDex framework
+      - PDF, CDA, and JPG attachments
+      - US Core profile support for supporting information
+      - The ability to handle responses containing all PAS-defined profiles and must support elements
+      - Most details requiring manual review of the client system, e.g., the requirement that clinicians can update
+        details of the prior authorization request before submitting them
+
+      These and any other requirements found in the PAS IG may be tested in future versions of these tests.
+    )
+
+    links [
+      {
+        label: 'Report Issue',
+        url: 'https://github.com/inferno-framework/davinci-pas-test-kit/issues/'
+      },
+      {
+        label: 'Open Source',
+        url: 'https://github.com/inferno-framework/davinci-pas-test-kit/'
+      },
+      {
+        label: 'Implementation Guide',
+        url: 'https://hl7.org/fhir/us/davinci-pas/STU2/'
+      }
+    ]
+
+    def self.test_resumes?(test)
+      !test.config.options[:accepts_multiple_requests]
+    end
+
+    validator do
+      url ENV.fetch('VALIDATOR_URL')
+
+      exclude_message do |message|
+        # Messages expected of the form `<ResourceType>: <FHIRPath>: <message>`
+        # We strip `<ResourceType>: <FHIRPath>: ` for the sake of matching
+        SUPPRESSED_MESSAGES.match?(message.message.sub(/\A\S+: \S+: /, ''))
+      end
+    end
+
+    record_response_route :post, TOKEN_PATH, AUTH_TAG, method(:token_response) do |request|
+      ClientSuite.extract_client_id(request)
+    end
+
+    record_response_route :post, SUBMIT_PATH, SUBMIT_TAG, method(:claim_response),
+                          resumes: method(:test_resumes?) do |request|
+      ClientSuite.extract_bearer_token(request)
+    end
+
+    record_response_route :post, INQUIRE_PATH, INQUIRE_TAG, method(:claim_response),
+                          resumes: method(:test_resumes?) do |request|
+      ClientSuite.extract_bearer_token(request)
+    end
+
+    resume_test_route :get, RESUME_PASS_PATH do |request|
+      ClientSuite.extract_token_from_query_params(request)
+    end
+
+    resume_test_route :get, RESUME_FAIL_PATH, result: 'fail' do |request|
+      ClientSuite.extract_token_from_query_params(request)
+    end
+
+    group from: :pas_client_v201_authentication_group
+    group do
+      title 'PAS Client Validation'
+      description %(
+        These tests perform the functional validation of the client under test.
+        For requests to be recognized by Inferno to be part of this test session
+        they must include the configured bearer token
+        (user provided or generated during the authorization tests)
+        in the Authorization HTTP header with prefix "Bearer: ".
+      )
+
+      group do
+        title 'Demonstrate Workflow Support'
+        description %(
+          The workflow tests validate that the client can participate in complete end-to-end prior
+          authorization interactions, initiating requests and reacting appropriately to the
+          responses returned.
+        )
+        group from: :pas_client_v201_approval_group
+        group from: :pas_client_v201_denial_group
+        group from: :pas_client_v201_pended_group
+      end
+
+      group do
+        title 'Demonstrate Element Support'
+        description %(
+          Demonstrate the ability of the client to support all PAS-defined profiles and the must support elements
+          defined in them. This includes
+
+          - the ability to make prior authorization submission and inquiry requests that contain all
+            PAS-defined profiles and their must support elements.
+          - the ability to receive in responses to those requests all PAS-defined profiles and their
+            must support elements and continue the prior authorization workflow as appropriate (not currently
+            implemented in these tests).
+
+          Clients under test will be asked to make additional requests to Inferno demonstrating coverage
+          of all must support items in the requests. Note that Inferno will consider requests made during
+          the workflow group of tests, so only profiles and must support elements not demonstrated during
+          those tests need to be submitted as a part of these.
+        )
+        group from: :pas_client_v201_submit_must_support_use_case
+        group from: :pas_client_v201_inquiry_must_support_use_case
+      end
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/claim_status/pas_claim_status_test.rb

@@ -0,0 +1,109 @@
+# require 'securerandom' //used for attestation experiment - see below
+# require_relative '../../../urls' // used for attestation experiment - see below
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PasClaimStatusTest < Inferno::Test
+      # include URLs // used for attestation experiment - see below
+
+      id :prior_auth_claim_status
+      title 'Server returns the expected authorization response'
+      description %(
+        This test aims to confirm that the status of the prior authorization matches
+        the anticipated status for the workflow under examination.
+        (NOT YET IMPLEMENTED)
+      )
+      uses_request :pa_submit
+
+      def status
+        if use_case == 'approval'
+          'approved'
+        else
+          use_case == 'denial' ? 'denied' : 'pended'
+        end
+      end
+
+      run do
+        # Experiment with extraction of statuses and use in an attestation
+        # Not used due to the following problems:
+        # - no real clients to test with
+        # - how to express the location we're looking for? The spec never mentions it explicitly.
+        #
+        # # Extract the response status
+        # status_values = []
+        # if resource.resourceType == 'Bundle'
+        #   resource.entry.each do |one_entry|
+        #     next unless one_entry.resource.resourceType == 'ClaimResponse'
+        #
+        #     one_entry.resource.item.each do |one_item|
+        #       one_item.adjudication.each do |one_adjudication|
+        #         one_adjudication.extension
+        #           .select { |ext| ext.url == 'http://hl7.org/fhir/us/davinci-pas/StructureDefinition/extension-reviewAction' }
+        #           .each do |review_action_ext|
+        #             review_action_ext.extension.select { |ext| ext.url == 'http://hl7.org/fhir/us/davinci-pas/StructureDefinition/extension-reviewActionCode' }
+        #               .each do |review_action_code_ext|
+        #                 review_action_code_ext.valueCodeableConcept.coding.select { |coding| coding.system == 'https://codesystem.x12.org/005010/306' }
+        #                   .each do |one_code|
+        #                     if one_code.code
+        #                       status_values << "#{one_code.code}#{one_code.display ? " (#{one_code.display})" : ''}"
+        #                     end
+        #                   end
+        #               end
+        #           end
+        #       end
+        #     end
+        #   end
+        # end
+        #
+        # assert !status_values.empty?, 'No status values found **where??**'
+        #
+        # # Attestation
+        # attestation_key = SecureRandom.uuid
+        # status_display = status_values.reduce('') { |result, status| result + "- #{status}\n" }
+        # wait(
+        #   identifier: attestation_key,
+        #   message: %(
+        #     **Status Validation for `#{status}`**:
+        #
+        #     The following adjudication status
+        #     #{status_values.length > 1 ? 'values were' : 'value was'}
+        #     found in the response **where??**:
+        #
+        #     #{status_display}
+        #
+        #     I attest that
+        #     #{status_values.length > 1 ? 'one of the status values' : 'the status value'}
+        #     returned by the server indicates that the request was #{status}
+        #
+        #     [Click here](#{resume_pass_url}?token=#{attestation_key}) if the above statement is **true**.
+        #
+        #     [Click here](#{resume_fail_url}?token=#{attestation_key}) if the above statement is **false**.
+        #   )
+        # )
+        #
+        # end of experiment with attestation code
+
+        # TODO: Implement subscription for pended: Inferno will subscribe to the server to receive notification
+        # when the submitted claim status will be updated.
+        if use_case == 'pended'
+          # rubocop:disable Layout/LineLength
+          wait(
+            identifier: use_case,
+            message: %(
+              Inferno has received a 'Pended' claim response as expected.
+
+              Please
+              **[click
+              here](#{Inferno::Application['base_url']}/custom/davinci_pas_server_suite_v201/resume_after_notification?use_case=#{use_case})**
+              when the status of this claim has been finalized to inform Inferno to resume testing.
+
+              Future versions of this test may implement automated monitoring
+              capabilities described in the implementation guide.
+            )
+          )
+          # rubocop:enable Layout/LineLength
+        end
+      end
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_approval_submit_response_attest.rb

@@ -0,0 +1,39 @@
+require_relative '../../../urls'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientApprovalSubmitResponseAttest < Inferno::Test
+      include URLs
+
+      id :pas_client_v201_approval_submit_response_attest
+      title 'Check that the client registers the request as approved (Attestation)'
+      description %(
+        This test provides the tester an opportunity to observe their client following
+        the receipt of the approved response and attest that users are able to determine
+        that the response has been approved.
+      )
+      input :access_token,
+            title: 'Access Token',
+            description: %(
+              Access token that the client will provide in the Authorization header of each request
+              made during this test.
+            )
+
+      run do
+        wait(
+          identifier: access_token,
+          message: %(
+            **Approval Workflow Test**:
+
+            I attest that the client system displays the submitted claim as 'approved' meaning that
+            the user can proceed with ordering or providing the requested service.
+
+            [Click here](#{resume_pass_url}?token=#{access_token}) if the above statement is **true**.
+
+            [Click here](#{resume_fail_url}?token=#{access_token}) if the above statement is **false**.
+          )
+        )
+      end
+    end
+  end
+end