onc_certification_g10_test_kit 8.0.0 → 8.0.2

data/execution_scripts/reference_server/ref_server_authorize_85_all_scopes.rb

@@ -0,0 +1,4 @@
+gem_dir = Gem::Specification.find_by_name('smart_app_launch_test_kit').gem_dir
+load "#{gem_dir}/execution_scripts/reference_server/base_ref_server_authorize.rb"
+
+ref_server_authorize(ARGV[0], target_patient_id: '85')

data/execution_scripts/reference_server/ref_server_authorize_85_granular_scopes.rb

@@ -0,0 +1,15 @@
+gem_dir = Gem::Specification.find_by_name('smart_app_launch_test_kit').gem_dir
+load "#{gem_dir}/execution_scripts/reference_server/base_ref_server_authorize.rb"
+
+GRANULAR_SCOPE_SELECTIONS_TO_CLICK = ['patient/Condition.rs',
+                                      'patient/Condition.rs?category=http://hl7.org/fhir/us/core/CodeSystem/condition-category|health-concern',
+                                      'patient/Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|encounter-diagnosis',
+                                      'patient/Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|problem-list-item',
+                                      'patient/Observation.rs',
+                                      'patient/Observation.rs?category=http://hl7.org/fhir/us/core/CodeSystem/us-core-category|sdoh',
+                                      'patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|social-history',
+                                      'patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|laboratory',
+                                      'patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|survey',
+                                      'patient/Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs'].freeze
+
+ref_server_authorize(ARGV[0], target_patient_id: '85', click_scopes: GRANULAR_SCOPE_SELECTIONS_TO_CLICK)

data/execution_scripts/reference_server/ref_server_authorize_85_limited_scopes.rb

@@ -0,0 +1,28 @@
+gem_dir = Gem::Specification.find_by_name('smart_app_launch_test_kit').gem_dir
+load "#{gem_dir}/execution_scripts/reference_server/base_ref_server_authorize.rb"
+
+LIMITED_SCOPES_TO_UNCHECK = ['patient/AllergyIntolerance.rs',
+                             'patient/CarePlan.rs',
+                             'patient/CareTeam.rs',
+                             'patient/Coverage.rs',
+                             'patient/Device.rs',
+                             'patient/DocumentReference.rs',
+                             'patient/DiagnosticReport.rs',
+                             'patient/Encounter.rs',
+                             'patient/Goal.rs',
+                             'patient/Immunization.rs',
+                             'patient/Location.rs',
+                             'patient/Medication.rs',
+                             'patient/MedicationDispense.rs',
+                             'patient/MedicationRequest.rs',
+                             'patient/Organization.rs',
+                             'patient/Practitioner.rs',
+                             'patient/PractitionerRole.rs',
+                             'patient/Procedure.rs',
+                             'patient/Provenance.rs',
+                             'patient/QuestionnaireResponse.rs',
+                             'patient/RelatedPerson.rs',
+                             'patient/ServiceRequest.rs',
+                             'patient/Specimen.rs'].freeze
+
+ref_server_authorize(ARGV[0], target_patient_id: '85', click_scopes: LIMITED_SCOPES_TO_UNCHECK)

data/execution_scripts/reference_server/ref_server_authorize_launched_all_scopes.rb

@@ -0,0 +1,4 @@
+gem_dir = Gem::Specification.find_by_name('smart_app_launch_test_kit').gem_dir
+load "#{gem_dir}/execution_scripts/reference_server/base_ref_server_authorize.rb"
+
+ref_server_authorize(ARGV[0])

data/execution_scripts/reference_server/ref_server_ehr_launch_85.rb

@@ -0,0 +1,4 @@
+gem_dir = Gem::Specification.find_by_name('smart_app_launch_test_kit').gem_dir
+load "#{gem_dir}/execution_scripts/reference_server/base_ref_server_ehr_launch.rb"
+
+ref_server_ehr_launch(ARGV[0], ARGV[1], 85)

data/execution_scripts/reference_server/ref_server_invalid_launch_and_attest.rb

@@ -0,0 +1,20 @@
+begin
+  require 'selenium-webdriver'
+rescue LoadError
+  warn 'selenium-webdriver is required to run this command script.'
+  warn "Add it to your Gemfile: gem 'selenium-webdriver'"
+  exit(1)
+end
+
+launch_url = ARGV[0]
+attest_url = ARGV[1]
+
+options = Selenium::WebDriver::Options.chrome(args: ['--headless=new'])
+driver = Selenium::WebDriver.for(:chrome, options: options)
+wait = Selenium::WebDriver::Wait.new(timeout: 10)
+driver.get launch_url
+wait.until { driver.find_element(id: 'errorMessage') }
+driver.get attest_url
+wait.until { driver.find_element(:xpath, '//title') }
+driver.quit
+exit(0)

data/execution_scripts/reference_server/ref_server_revoke_token_and_run_group.rb

@@ -0,0 +1,43 @@
+begin
+  require 'selenium-webdriver'
+rescue LoadError
+  warn 'selenium-webdriver is required to run this command script.'
+  warn "Add it to your Gemfile: gem 'selenium-webdriver'"
+  exit(1)
+end
+
+def ref_server_revoke_token(session_id, inferno_host)
+  inputs_cli_command = "bundle exec inferno session data #{session_id}#{" -I #{inferno_host}" unless inferno_host.nil?}"
+  inputs = JSON.parse(`#{inputs_cli_command}`)
+
+  token_to_revoke = token_to_revoke(inputs)
+  raise StandardError, 'could not find access token to revoke' if token_to_revoke.nil? || token_to_revoke == ''
+
+  reference_server_url = inputs.find { |input| input['name'] == 'url' }&.dig('value')
+  revocation_url = "#{reference_server_url.chomp('/r4')}/oauth/token/revoke-token"
+
+  options = Selenium::WebDriver::Options.chrome(args: ['--headless=new'])
+  driver = Selenium::WebDriver.for(:chrome, options: options)
+  wait = Selenium::WebDriver::Wait.new(timeout: 10)
+  driver.get revocation_url
+  wait.until { driver.find_element(id: 'revokeToken') }.send_keys(token_to_revoke)
+  driver.find_element(id: 'revokeTokenButton').click
+  wait.until { driver.find_element(id: 'errorMessage').text.include?('successfully') }
+  driver.quit
+end
+
+def token_to_revoke(inputs)
+  JSON.parse(inputs.find { |input| input['name'] == 'smart_auth_info' }&.dig('value'))&.dig('access_token')
+rescue JSON::ParserError
+  nil
+end
+
+session_id = ARGV[0]
+revoke_token_group = ARGV[1]
+inferno_host = ARGV[2]
+
+ref_server_revoke_token(session_id, inferno_host)
+start_run_cli_command =
+  "bundle exec inferno session start_run #{session_id} #{revoke_token_group}" \
+  "#{" -I #{inferno_host}" unless inferno_host.nil?}"
+exec(start_run_cli_command)

data/lib/inferno/terminology/codesystem.rb

@@ -30,14 +30,14 @@ module Inferno
         end
       end
 
-      def is_a_concept_filter?(filter) # rubocop:disable Naming/PredicateName
+      def concept_filter?(filter)
         (filter.op == 'is-a') && (codesystem_model.hierarchyMeaning == 'is-a') && (filter.property == 'concept')
       end
 
       def filter_codes(filter = nil)
         if filter.nil?
           all_codes_in_concept(codesystem_model.concept)
-        elsif is_a_concept_filter? filter
+        elsif concept_filter? filter
           parent_concept = find_concept(filter.value)
           all_codes_in_concept([parent_concept])
         else

data/lib/inferno/terminology/tasks/process_umls.rb

@@ -22,7 +22,7 @@ module Inferno
           if input_file
             start = Time.now
             output_filename = File.join(versioned_temp_dir, 'terminology_umls.txt')
-            output = File.open(output_filename, 'w:UTF-8')
+            output = File.open(output_filename, 'w:UTF-8') # rubocop:disable Style/FileOpen
             line = 0
             excluded = 0
             excluded_systems = Hash.new(0)

data/lib/inferno/terminology/tasks/process_umls_translations.rb

@@ -14,7 +14,7 @@ module Inferno
           if input_file
             start = Time.now
             output_filename = File.join(TEMP_DIR, 'translations_umls.txt')
-            output = File.open(output_filename, 'w:UTF-8')
+            output = File.open(output_filename, 'w:UTF-8') # rubocop:disable Style/FileOpen
             line = 0
             excluded_systems = Hash.new(0)
             begin

data/lib/inferno/terminology/tasks/unzip_umls.rb

@@ -30,7 +30,7 @@ module Inferno
           Zip::File.open(File.expand_path("#{Dir[wildcard_path][0]}/mmsys.zip")) do |zip_file|
             zip_file.each do |entry|
               Inferno.logger.info "Extracting #{entry.name}"
-              f_path = File.join((Dir[wildcard_path][0]).to_s, entry.name)
+              f_path = File.join(Dir[wildcard_path][0].to_s, entry.name)
               FileUtils.mkdir_p(File.dirname(f_path))
               zip_file.extract(entry, f_path) unless File.exist?(f_path)
             end

data/lib/inferno/terminology/validator.rb

@@ -15,7 +15,7 @@ module Inferno
         @bloom_filter = metadata[:bloom_filter]
       end
 
-      def validate(code:, system: nil)
+      def validate(code:, system: nil) # rubocop:disable Naming/PredicateMethod
         if system
           raise ProhibitedSystemException, system if TerminologyConfiguration.system_prohibited?(system)
 

data/lib/inferno/terminology/value_set.rb

@@ -394,7 +394,7 @@ module Inferno
           end
         end
 
-        filter_clause = lambda do |filter| # rubocop:disable Lint/ShadowingOuterLocalVariable
+        filter_clause = lambda do |filter|
           where = +''
           case filter.op
           when 'in'
@@ -472,7 +472,7 @@ module Inferno
       # @return [Set] the filtered codes
       def filter_is_a(system, filter)
         children = {}
-        find_children = lambda do |_parent, system| # rubocop:disable Lint/ShadowingOuterLocalVariable
+        find_children = lambda do |_parent, system|
           @db.execute("SELECT c1.code, c2.code
           FROM mrrel r
             JOIN mrconso c1 ON c1.aui=r.aui1

data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb

@@ -14,7 +14,7 @@ module ONCCertificationG10TestKit
     MIN_RESOURCE_COUNT = 2
 
     # Remove us-core-observation-sexual-orientation from bulk data validation as directed by
-    # ASTP/ONC enforcement discretion issued on March 21, 2025:
+    # ONC enforcement discretion issued on March 21, 2025:
     # https://www.healthit.gov/topic/certification-ehrs/enforcement-discretion
     # The enforcement discretion allies to US Core v6 and v7. US Core v5 also inlcude this profile.
     # Since (g)(10) certification test kit does not cover US Core v5, adding profile url to this list
@@ -179,7 +179,7 @@ module ONCCertificationG10TestKit
       end
 
       process_headers = proc { |response|
-        value = (response[:headers].find { |header| header.name.downcase == 'content-type' })&.value
+        value = response[:headers].find { |header| header.name.downcase == 'content-type' }&.value
         unless value&.start_with?('application/fhir+ndjson')
           skip "Content type must have 'application/fhir+ndjson' but found '#{value}'"
         end

data/lib/onc_certification_g10_test_kit/configuration_checker.rb

@@ -2,7 +2,7 @@ require_relative '../inferno/terminology/tasks/check_built_terminology'
 
 module ONCCertificationG10TestKit
   class ConfigurationChecker
-    EXPECTED_HL7_VALIDATOR_VERSION = '1.0.67'.freeze
+    EXPECTED_HL7_VALIDATOR_VERSION = '1.0.78'.freeze
     HL7_VALIDATOR_VERSION_KEY = 'validatorWrapperVersion'.freeze
 
     def configuration_messages

data/lib/onc_certification_g10_test_kit/resource_access_test.rb

@@ -20,8 +20,8 @@ module ONCCertificationG10TestKit
 
     def search_params
       @search_params ||=
-        resource_group.metadata.searches.first[:names].each_with_object({}) do |name, params|
-          params[name] = search_param_value(name)
+        resource_group.metadata.searches.first[:names].to_h do |name|
+          [name, search_param_value(name)]
         end
     end
 

data/lib/onc_certification_g10_test_kit/single_patient_us_core_6_api_group.rb

@@ -174,7 +174,7 @@ module ONCCertificationG10TestKit
 
         next if test_group.optional?
 
-        # Observation Sexual Orientation is removed as directed by ASTP/ONC enforcement discretion
+        # Observation Sexual Orientation is removed as directed by ONC enforcement discretion
         # issued on March 21, 2025:
         # https://www.healthit.gov/topic/certification-ehrs/enforcement-discretion
         next if test_group.id.include?('us_core_v610_observation_sexual_orientation')

data/lib/onc_certification_g10_test_kit/single_patient_us_core_7_api_group.rb

@@ -179,7 +179,7 @@ module ONCCertificationG10TestKit
 
         next if test_group.optional?
 
-        # Observation Sexual Orientation is removed as directed by ASTP/ONC enforcement discretion
+        # Observation Sexual Orientation is removed as directed by ONC enforcement discretion
         # issued on March 21, 2025:
         # https://www.healthit.gov/topic/certification-ehrs/enforcement-discretion
         next if test_group.id.include?('us_core_v700_observation_sexual_orientation')

data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb

@@ -93,12 +93,17 @@ module ONCCertificationG10TestKit
           }
         }
       )
+      output :attest_launch_failed_url
 
       def aud
         'https://inferno.healthit.gov/invalid_aud'
       end
 
       def wait_message(auth_url)
+        attest_launch_failed_url =
+          "#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true"
+        output(attest_launch_failed_url:)
+
         %(
           Inferno will redirect you to an external website for authorization.
           **It is expected this will fail**. If the server does not return to
@@ -108,7 +113,7 @@ module ONCCertificationG10TestKit
 
           * [Perform Invalid Launch](#{auth_url})
           * [Attest launch
-            failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
+            failed](#{attest_launch_failed_url})
         )
       end
     end
@@ -156,12 +161,17 @@ module ONCCertificationG10TestKit
           }
         }
       )
+      output :attest_launch_failed_url
 
       def aud
         'https://inferno.healthit.gov/invalid_aud'
       end
 
       def wait_message(auth_url)
+        attest_launch_failed_url =
+          "#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true"
+        output(attest_launch_failed_url:)
+
         %(
           Inferno will redirect you to an external website for authorization.
           **It is expected this will fail**. If the server does not return to
@@ -171,7 +181,7 @@ module ONCCertificationG10TestKit
 
           * [Perform Invalid Launch](#{auth_url})
           * [Attest launch
-            failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
+            failed](#{attest_launch_failed_url})
         )
       end
     end
@@ -218,12 +228,17 @@ module ONCCertificationG10TestKit
           }
         }
       )
+      output :attest_launch_failed_url
 
       def aud
         'https://inferno.healthit.gov/invalid_aud'
       end
 
       def wait_message(auth_url)
+        attest_launch_failed_url =
+          "#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true"
+        output(attest_launch_failed_url:)
+
         %(
           Inferno will redirect you to an external website for authorization.
           **It is expected this will fail**. If the server does not return to
@@ -233,7 +248,7 @@ module ONCCertificationG10TestKit
 
           * [Perform Invalid Launch](#{auth_url})
           * [Attest launch
-            failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
+            failed](#{attest_launch_failed_url})
         )
       end
     end

data/lib/onc_certification_g10_test_kit/terminology_binding_validator.rb

@@ -122,7 +122,7 @@ module ONCCertificationG10TestKit
       end
     end
 
-    def invalid_codeable_concept?(element)
+    def invalid_codeable_concept?(element) # rubocop:disable Naming/PredicateMethod
       return unless element.is_a? FHIR::CodeableConcept
 
       if binding_definition[:system].present?

data/lib/onc_certification_g10_test_kit/version.rb

@@ -1,4 +1,4 @@
 module ONCCertificationG10TestKit
-  VERSION = '8.0.0'.freeze
-  LAST_UPDATED = '2026-03-09'.freeze # TODO: update next release
+  VERSION = '8.0.2'.freeze
+  LAST_UPDATED = '2026-05-27'.freeze # TODO: update next release
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: onc_certification_g10_test_kit
 version: !ruby/object:Gem::Version
-  version: 8.0.0
+  version: 8.0.2
 platform: ruby
 authors:
-- Stephen MacVicar
+- Inferno Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-09 00:00:00.000000000 Z
+date: 2026-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -44,14 +44,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.2
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
@@ -112,44 +118,62 @@ dependencies:
   name: smart_app_launch_test_kit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
 - !ruby/object:Gem::Dependency
   name: tls_test_kit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
 - !ruby/object:Gem::Dependency
   name: us_core_test_kit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: 1.1.3
 description: ONC Certification (g)(10) Standardized API for Patient and Population
   Services Test Kit
 email:
@@ -159,6 +183,19 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - config/presets/g10_reference_server_preset.json
+- execution_scripts/reference_server/g10_ref_server_usc6_smart2_bulk1_no_terminology_expected.json
+- execution_scripts/reference_server/g10_ref_server_usc6_smart2_bulk1_with_commands.yaml
+- execution_scripts/reference_server/g10_ref_server_usc6_smart2_bulk1_with_commands_expected.json
+- execution_scripts/reference_server/g10_ref_server_usc7_smart2_bulk1_no_terminology_expected.json
+- execution_scripts/reference_server/g10_ref_server_usc7_smart2_bulk1_with_commands.yaml
+- execution_scripts/reference_server/g10_ref_server_usc7_smart2_bulk1_with_commands_expected.json
+- execution_scripts/reference_server/ref_server_authorize_85_all_scopes.rb
+- execution_scripts/reference_server/ref_server_authorize_85_granular_scopes.rb
+- execution_scripts/reference_server/ref_server_authorize_85_limited_scopes.rb
+- execution_scripts/reference_server/ref_server_authorize_launched_all_scopes.rb
+- execution_scripts/reference_server/ref_server_ehr_launch_85.rb
+- execution_scripts/reference_server/ref_server_invalid_launch_and_attest.rb
+- execution_scripts/reference_server/ref_server_revoke_token_and_run_group.rb
 - lib/inferno/exceptions.rb
 - lib/inferno/ext/bloomer.rb
 - lib/inferno/repositiories/validators.rb