eyeling 1.21.9 → 1.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/HANDBOOK.md +45 -0
- package/dist/browser/eyeling.browser.js +89 -33
- package/examples/arcling/README.md +17 -21
- package/examples/arcling/delfour/delfour.model.go +546 -0
- package/examples/arcling/delfour/delfour.spec.md +1 -2
- package/examples/arcling/flandor/flandor.model.go +630 -0
- package/examples/arcling/flandor/flandor.spec.md +1 -2
- package/examples/arcling/medior/medior.model.go +626 -0
- package/examples/arcling/medior/medior.spec.md +1 -2
- package/eyeling.js +88 -33
- package/lib/builtins.js +72 -29
- package/lib/rules.js +16 -4
- package/package.json +1 -1
- package/test/api.test.js +117 -0
- package/test/arcling.test.js +34 -16
- package/examples/arcling/delfour/delfour.instance.schema.json +0 -201
- package/examples/arcling/delfour/delfour.model.mjs +0 -273
- package/examples/arcling/flandor/flandor.instance.schema.json +0 -285
- package/examples/arcling/flandor/flandor.model.mjs +0 -303
- package/examples/arcling/medior/medior.instance.schema.json +0 -275
- package/examples/arcling/medior/medior.model.mjs +0 -344
|
@@ -0,0 +1,626 @@
|
|
|
1
|
+
package main
|
|
2
|
+
|
|
3
|
+
import (
|
|
4
|
+
"crypto/hmac"
|
|
5
|
+
"crypto/sha256"
|
|
6
|
+
"encoding/hex"
|
|
7
|
+
"encoding/json"
|
|
8
|
+
"errors"
|
|
9
|
+
"fmt"
|
|
10
|
+
"os"
|
|
11
|
+
"sort"
|
|
12
|
+
"strings"
|
|
13
|
+
"time"
|
|
14
|
+
)
|
|
15
|
+
|
|
16
|
+
type Data struct {
|
|
17
|
+
CaseName string `json:"caseName"`
|
|
18
|
+
Region string `json:"region"`
|
|
19
|
+
Question string `json:"question"`
|
|
20
|
+
Timestamps Timestamps `json:"timestamps"`
|
|
21
|
+
EvaluationContext EvaluationContext `json:"evaluationContext"`
|
|
22
|
+
Thresholds Thresholds `json:"thresholds"`
|
|
23
|
+
Signals Signals `json:"signals"`
|
|
24
|
+
Budget Budget `json:"budget"`
|
|
25
|
+
Packages []Package `json:"packages"`
|
|
26
|
+
InsightPolicy InsightPolicy `json:"insightPolicy"`
|
|
27
|
+
Integrity Integrity `json:"integrity"`
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
type Timestamps struct {
|
|
31
|
+
CreatedAt string `json:"createdAt"`
|
|
32
|
+
ExpiresAt string `json:"expiresAt"`
|
|
33
|
+
AuthorizedAt string `json:"authorizedAt"`
|
|
34
|
+
DutyPerformedAt string `json:"dutyPerformedAt"`
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
type EvaluationContext struct {
|
|
38
|
+
ScopeDevice string `json:"scopeDevice"`
|
|
39
|
+
ScopeEvent string `json:"scopeEvent"`
|
|
40
|
+
Purpose string `json:"purpose"`
|
|
41
|
+
ProhibitedReusePurpose string `json:"prohibitedReusePurpose"`
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
type Thresholds struct {
|
|
45
|
+
EgfrBelow int `json:"egfrBelow"`
|
|
46
|
+
ActiveMedicationCountAtLeast int `json:"activeMedicationCountAtLeast"`
|
|
47
|
+
AdmissionsLast180DaysAtLeast int `json:"admissionsLast180DaysAtLeast"`
|
|
48
|
+
HoursSinceDischargeAtMost int `json:"hoursSinceDischargeAtMost"`
|
|
49
|
+
ActiveNeedCountAtLeast int `json:"activeNeedCountAtLeast"`
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
type Lab struct {
|
|
53
|
+
Egfr int `json:"egfr"`
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
type Medications struct {
|
|
57
|
+
ActiveMedicationCount int `json:"activeMedicationCount"`
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
type History struct {
|
|
61
|
+
AdmissionsLast180Days int `json:"admissionsLast180Days"`
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
type Discharge struct {
|
|
65
|
+
HoursSinceDischarge int `json:"hoursSinceDischarge"`
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
type Signals struct {
|
|
69
|
+
Lab Lab `json:"lab"`
|
|
70
|
+
Medications Medications `json:"medications"`
|
|
71
|
+
History History `json:"history"`
|
|
72
|
+
Discharge Discharge `json:"discharge"`
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
type Budget struct {
|
|
76
|
+
WindowName string `json:"windowName"`
|
|
77
|
+
MaxEUR int `json:"maxEUR"`
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
type Package struct {
|
|
81
|
+
ID string `json:"id"`
|
|
82
|
+
Name string `json:"name"`
|
|
83
|
+
CostEUR int `json:"costEUR"`
|
|
84
|
+
Touches int `json:"touches"`
|
|
85
|
+
CoversRenalSafetyConcern bool `json:"coversRenalSafetyConcern"`
|
|
86
|
+
CoversPolypharmacyRisk bool `json:"coversPolypharmacyRisk"`
|
|
87
|
+
CoversReadmissionHistory bool `json:"coversReadmissionHistory"`
|
|
88
|
+
CoversRecentDischargeWindow bool `json:"coversRecentDischargeWindow"`
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
type InsightPolicy struct {
|
|
92
|
+
ID string `json:"id"`
|
|
93
|
+
Metric string `json:"metric"`
|
|
94
|
+
SuggestionPolicy string `json:"suggestionPolicy"`
|
|
95
|
+
Type string `json:"type"`
|
|
96
|
+
PolicyProfile string `json:"policyProfile"`
|
|
97
|
+
PolicyType string `json:"policyType"`
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
type Integrity struct {
|
|
101
|
+
Secret string `json:"secret"`
|
|
102
|
+
VerificationMode string `json:"verificationMode"`
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
type Insight struct {
|
|
106
|
+
CreatedAt string `json:"createdAt"`
|
|
107
|
+
ExpiresAt string `json:"expiresAt"`
|
|
108
|
+
ID string `json:"id"`
|
|
109
|
+
Metric string `json:"metric"`
|
|
110
|
+
Region string `json:"region"`
|
|
111
|
+
ScopeDevice string `json:"scopeDevice"`
|
|
112
|
+
ScopeEvent string `json:"scopeEvent"`
|
|
113
|
+
SuggestionPolicy string `json:"suggestionPolicy"`
|
|
114
|
+
Threshold int `json:"threshold"`
|
|
115
|
+
Type string `json:"type"`
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
type Constraint struct {
|
|
119
|
+
LeftOperand string `json:"leftOperand"`
|
|
120
|
+
Operator string `json:"operator"`
|
|
121
|
+
RightOperand string `json:"rightOperand"`
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
type Duty struct {
|
|
125
|
+
Action string `json:"action"`
|
|
126
|
+
Constraint Constraint `json:"constraint"`
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
type Permission struct {
|
|
130
|
+
Action string `json:"action"`
|
|
131
|
+
Constraint Constraint `json:"constraint"`
|
|
132
|
+
Target string `json:"target"`
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
type Prohibition struct {
|
|
136
|
+
Action string `json:"action"`
|
|
137
|
+
Constraint Constraint `json:"constraint"`
|
|
138
|
+
Target string `json:"target"`
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
type Policy struct {
|
|
142
|
+
Duty Duty `json:"duty"`
|
|
143
|
+
Permission Permission `json:"permission"`
|
|
144
|
+
Profile string `json:"profile"`
|
|
145
|
+
Prohibition Prohibition `json:"prohibition"`
|
|
146
|
+
Type string `json:"type"`
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
type Envelope struct {
|
|
150
|
+
Insight Insight `json:"insight"`
|
|
151
|
+
Policy Policy `json:"policy"`
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
type Derived struct {
|
|
155
|
+
RenalSafetyConcern bool `json:"renalSafetyConcern"`
|
|
156
|
+
PolypharmacyRisk bool `json:"polypharmacyRisk"`
|
|
157
|
+
ReadmissionHistory bool `json:"readmissionHistory"`
|
|
158
|
+
RecentDischargeWindow bool `json:"recentDischargeWindow"`
|
|
159
|
+
ActiveNeedCount int `json:"activeNeedCount"`
|
|
160
|
+
NeedsContinuityBundle bool `json:"needsContinuityBundle"`
|
|
161
|
+
EligiblePackageIDs []string `json:"eligiblePackageIds"`
|
|
162
|
+
RecommendedPackageID *string `json:"recommendedPackageId"`
|
|
163
|
+
RecommendedPackageName *string `json:"recommendedPackageName"`
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
type IntegrityResult struct {
|
|
167
|
+
CanonicalEnvelope string `json:"canonicalEnvelope"`
|
|
168
|
+
PayloadHashSHA256 string `json:"payloadHashSHA256"`
|
|
169
|
+
EnvelopeHmacSHA256 string `json:"envelopeHmacSHA256"`
|
|
170
|
+
VerificationMode string `json:"verificationMode"`
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
type Answer struct {
|
|
174
|
+
Name string `json:"name"`
|
|
175
|
+
Region string `json:"region"`
|
|
176
|
+
Metric string `json:"metric"`
|
|
177
|
+
ActiveNeedCount int `json:"activeNeedCount"`
|
|
178
|
+
Threshold int `json:"threshold"`
|
|
179
|
+
RecommendedPackage *string `json:"recommendedPackage"`
|
|
180
|
+
BudgetCapEUR int `json:"budgetCapEUR"`
|
|
181
|
+
PackageCostEUR *int `json:"packageCostEUR"`
|
|
182
|
+
PayloadHashSHA256 string `json:"payloadHashSHA256"`
|
|
183
|
+
EnvelopeHmacSHA256 string `json:"envelopeHmacSHA256"`
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
type Checks struct {
|
|
187
|
+
PayloadHashMatches bool `json:"payloadHashMatches"`
|
|
188
|
+
SignatureVerifies bool `json:"signatureVerifies"`
|
|
189
|
+
ThresholdReached bool `json:"thresholdReached"`
|
|
190
|
+
ScopeComplete bool `json:"scopeComplete"`
|
|
191
|
+
MinimizationRespected bool `json:"minimizationRespected"`
|
|
192
|
+
AuthorizationAllowed bool `json:"authorizationAllowed"`
|
|
193
|
+
DutyTimely bool `json:"dutyTimely"`
|
|
194
|
+
InsurancePricingProhibited bool `json:"insurancePricingProhibited"`
|
|
195
|
+
PackageWithinBudget bool `json:"packageWithinBudget"`
|
|
196
|
+
PackageCoversAllActiveNeeds bool `json:"packageCoversAllActiveNeeds"`
|
|
197
|
+
LowestCostEligiblePackageChosen bool `json:"lowestCostEligiblePackageChosen"`
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
type Result struct {
|
|
201
|
+
CaseName string `json:"caseName"`
|
|
202
|
+
Derived Derived `json:"derived"`
|
|
203
|
+
Envelope Envelope `json:"envelope"`
|
|
204
|
+
Integrity IntegrityResult `json:"integrity"`
|
|
205
|
+
Answer Answer `json:"answer"`
|
|
206
|
+
ReasonWhy []string `json:"reasonWhy"`
|
|
207
|
+
Checks Checks `json:"checks"`
|
|
208
|
+
AllChecksPass bool `json:"allChecksPass"`
|
|
209
|
+
ArcText string `json:"arcText"`
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
func assertTrue(condition bool, message string) error {
|
|
213
|
+
if !condition {
|
|
214
|
+
return errors.New(message)
|
|
215
|
+
}
|
|
216
|
+
return nil
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
func readJSON(path string) (Data, error) {
|
|
220
|
+
var data Data
|
|
221
|
+
b, err := os.ReadFile(path)
|
|
222
|
+
if err != nil {
|
|
223
|
+
return data, err
|
|
224
|
+
}
|
|
225
|
+
err = json.Unmarshal(b, &data)
|
|
226
|
+
return data, err
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
func parseTime(value string) time.Time {
|
|
230
|
+
t, err := time.Parse(time.RFC3339Nano, value)
|
|
231
|
+
if err != nil {
|
|
232
|
+
panic(err)
|
|
233
|
+
}
|
|
234
|
+
return t
|
|
235
|
+
}
|
|
236
|
+
|
|
237
|
+
func stableStringify(value any) string {
|
|
238
|
+
switch v := value.(type) {
|
|
239
|
+
case nil:
|
|
240
|
+
return "null"
|
|
241
|
+
case map[string]any:
|
|
242
|
+
keys := make([]string, 0, len(v))
|
|
243
|
+
for key := range v {
|
|
244
|
+
keys = append(keys, key)
|
|
245
|
+
}
|
|
246
|
+
sort.Strings(keys)
|
|
247
|
+
parts := make([]string, 0, len(keys))
|
|
248
|
+
for _, key := range keys {
|
|
249
|
+
parts = append(parts, fmt.Sprintf("%s:%s", stableStringify(key), stableStringify(v[key])))
|
|
250
|
+
}
|
|
251
|
+
return "{" + strings.Join(parts, ",") + "}"
|
|
252
|
+
case []any:
|
|
253
|
+
parts := make([]string, 0, len(v))
|
|
254
|
+
for _, item := range v {
|
|
255
|
+
parts = append(parts, stableStringify(item))
|
|
256
|
+
}
|
|
257
|
+
return "[" + strings.Join(parts, ",") + "]"
|
|
258
|
+
default:
|
|
259
|
+
b, _ := json.Marshal(v)
|
|
260
|
+
return string(b)
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
func canonicalValue(value any) any {
|
|
265
|
+
b, _ := json.Marshal(value)
|
|
266
|
+
var out any
|
|
267
|
+
_ = json.Unmarshal(b, &out)
|
|
268
|
+
return out
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
func validateInstance(data Data) error {
|
|
272
|
+
if err := assertTrue(data.CaseName != "", "caseName is required"); err != nil {
|
|
273
|
+
return err
|
|
274
|
+
}
|
|
275
|
+
if err := assertTrue(data.Region != "", "region is required"); err != nil {
|
|
276
|
+
return err
|
|
277
|
+
}
|
|
278
|
+
if err := assertTrue(len(data.Packages) > 0, "packages is required"); err != nil {
|
|
279
|
+
return err
|
|
280
|
+
}
|
|
281
|
+
return nil
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
func countTrue(values ...bool) int {
|
|
285
|
+
total := 0
|
|
286
|
+
for _, value := range values {
|
|
287
|
+
if value {
|
|
288
|
+
total++
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
return total
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
func clauseR1RenalSafetyConcern(data Data) bool {
|
|
295
|
+
return data.Signals.Lab.Egfr < data.Thresholds.EgfrBelow
|
|
296
|
+
}
|
|
297
|
+
|
|
298
|
+
func clauseR2PolypharmacyRisk(data Data) bool {
|
|
299
|
+
return data.Signals.Medications.ActiveMedicationCount >= data.Thresholds.ActiveMedicationCountAtLeast
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
func clauseR3ReadmissionHistory(data Data) bool {
|
|
303
|
+
return data.Signals.History.AdmissionsLast180Days >= data.Thresholds.AdmissionsLast180DaysAtLeast
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
func clauseR4RecentDischargeWindow(data Data) bool {
|
|
307
|
+
return data.Signals.Discharge.HoursSinceDischarge <= data.Thresholds.HoursSinceDischargeAtMost
|
|
308
|
+
}
|
|
309
|
+
|
|
310
|
+
func clauseR5ActiveNeedCount(renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow bool) int {
|
|
311
|
+
return countTrue(renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow)
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
func clauseR6NeedsContinuityBundle(data Data, activeNeedCount int) bool {
|
|
315
|
+
return activeNeedCount >= data.Thresholds.ActiveNeedCountAtLeast
|
|
316
|
+
}
|
|
317
|
+
|
|
318
|
+
func deriveInsight(data Data) Insight {
|
|
319
|
+
return Insight{
|
|
320
|
+
CreatedAt: data.Timestamps.CreatedAt,
|
|
321
|
+
ExpiresAt: data.Timestamps.ExpiresAt,
|
|
322
|
+
ID: data.InsightPolicy.ID,
|
|
323
|
+
Metric: data.InsightPolicy.Metric,
|
|
324
|
+
Region: data.Region,
|
|
325
|
+
ScopeDevice: data.EvaluationContext.ScopeDevice,
|
|
326
|
+
ScopeEvent: data.EvaluationContext.ScopeEvent,
|
|
327
|
+
SuggestionPolicy: data.InsightPolicy.SuggestionPolicy,
|
|
328
|
+
Threshold: data.Thresholds.ActiveNeedCountAtLeast,
|
|
329
|
+
Type: data.InsightPolicy.Type,
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
|
|
333
|
+
func derivePolicy(data Data) Policy {
|
|
334
|
+
return Policy{
|
|
335
|
+
Duty: Duty{
|
|
336
|
+
Action: "odrl:delete",
|
|
337
|
+
Constraint: Constraint{
|
|
338
|
+
LeftOperand: "odrl:dateTime",
|
|
339
|
+
Operator: "odrl:eq",
|
|
340
|
+
RightOperand: data.Timestamps.ExpiresAt,
|
|
341
|
+
},
|
|
342
|
+
},
|
|
343
|
+
Permission: Permission{
|
|
344
|
+
Action: "odrl:use",
|
|
345
|
+
Constraint: Constraint{
|
|
346
|
+
LeftOperand: "odrl:purpose",
|
|
347
|
+
Operator: "odrl:eq",
|
|
348
|
+
RightOperand: data.EvaluationContext.Purpose,
|
|
349
|
+
},
|
|
350
|
+
Target: data.InsightPolicy.ID,
|
|
351
|
+
},
|
|
352
|
+
Profile: data.InsightPolicy.PolicyProfile,
|
|
353
|
+
Prohibition: Prohibition{
|
|
354
|
+
Action: "odrl:distribute",
|
|
355
|
+
Constraint: Constraint{
|
|
356
|
+
LeftOperand: "odrl:purpose",
|
|
357
|
+
Operator: "odrl:eq",
|
|
358
|
+
RightOperand: data.EvaluationContext.ProhibitedReusePurpose,
|
|
359
|
+
},
|
|
360
|
+
Target: data.InsightPolicy.ID,
|
|
361
|
+
},
|
|
362
|
+
Type: data.InsightPolicy.PolicyType,
|
|
363
|
+
}
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
func packageCoversAllActiveNeeds(pkg Package, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow bool) bool {
|
|
367
|
+
return (!renalSafetyConcern || pkg.CoversRenalSafetyConcern) &&
|
|
368
|
+
(!polypharmacyRisk || pkg.CoversPolypharmacyRisk) &&
|
|
369
|
+
(!readmissionHistory || pkg.CoversReadmissionHistory) &&
|
|
370
|
+
(!recentDischargeWindow || pkg.CoversRecentDischargeWindow)
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
func clauseS1EligiblePackages(data Data, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow bool) []Package {
|
|
374
|
+
eligible := make([]Package, 0)
|
|
375
|
+
for _, pkg := range data.Packages {
|
|
376
|
+
if pkg.CostEUR <= data.Budget.MaxEUR && packageCoversAllActiveNeeds(pkg, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow) {
|
|
377
|
+
eligible = append(eligible, pkg)
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
sort.Slice(eligible, func(i, j int) bool { return eligible[i].CostEUR < eligible[j].CostEUR })
|
|
381
|
+
return eligible
|
|
382
|
+
}
|
|
383
|
+
|
|
384
|
+
func clauseS2RecommendedPackage(data Data, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow bool) ([]Package, *Package) {
|
|
385
|
+
eligible := clauseS1EligiblePackages(data, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow)
|
|
386
|
+
if len(eligible) == 0 {
|
|
387
|
+
return eligible, nil
|
|
388
|
+
}
|
|
389
|
+
recommended := eligible[0]
|
|
390
|
+
return eligible, &recommended
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
func clauseG1AuthorizedUse(data Data) bool {
|
|
394
|
+
return data.EvaluationContext.Purpose == "care_coordination" && !parseTime(data.Timestamps.AuthorizedAt).After(parseTime(data.Timestamps.ExpiresAt))
|
|
395
|
+
}
|
|
396
|
+
|
|
397
|
+
func clauseG2InsurancePricingProhibited(data Data) bool {
|
|
398
|
+
return data.EvaluationContext.ProhibitedReusePurpose == "insurance_pricing"
|
|
399
|
+
}
|
|
400
|
+
|
|
401
|
+
func clauseG3DutyTimely(data Data) bool {
|
|
402
|
+
return !parseTime(data.Timestamps.DutyPerformedAt).After(parseTime(data.Timestamps.ExpiresAt))
|
|
403
|
+
}
|
|
404
|
+
|
|
405
|
+
func clauseM1CanonicalEnvelope(data Data) (Envelope, string) {
|
|
406
|
+
envelope := Envelope{Insight: deriveInsight(data), Policy: derivePolicy(data)}
|
|
407
|
+
return envelope, stableStringify(canonicalValue(envelope))
|
|
408
|
+
}
|
|
409
|
+
|
|
410
|
+
func sha256Hex(text string) string {
|
|
411
|
+
sum := sha256.Sum256([]byte(text))
|
|
412
|
+
return hex.EncodeToString(sum[:])
|
|
413
|
+
}
|
|
414
|
+
|
|
415
|
+
func hmacSHA256Hex(secret, text string) string {
|
|
416
|
+
mac := hmac.New(sha256.New, []byte(secret))
|
|
417
|
+
_, _ = mac.Write([]byte(text))
|
|
418
|
+
return hex.EncodeToString(mac.Sum(nil))
|
|
419
|
+
}
|
|
420
|
+
|
|
421
|
+
func clauseM4MinimizationRespected(insight Insight) bool {
|
|
422
|
+
b, _ := json.Marshal(insight)
|
|
423
|
+
s := strings.ToLower(string(b))
|
|
424
|
+
return !strings.Contains(s, "name") && !strings.Contains(s, "address") && !strings.Contains(s, "ssn") && !strings.Contains(s, "fullrecord") && !strings.Contains(s, "genome")
|
|
425
|
+
}
|
|
426
|
+
|
|
427
|
+
func clauseM5ScopeComplete(insight Insight) bool {
|
|
428
|
+
return insight.ScopeDevice != "" && insight.ScopeEvent != "" && insight.ExpiresAt != ""
|
|
429
|
+
}
|
|
430
|
+
|
|
431
|
+
func yesNo(value bool) string {
|
|
432
|
+
if value {
|
|
433
|
+
return "PASS"
|
|
434
|
+
}
|
|
435
|
+
return "FAIL"
|
|
436
|
+
}
|
|
437
|
+
|
|
438
|
+
func evaluate(data Data) (Result, error) {
|
|
439
|
+
if err := validateInstance(data); err != nil {
|
|
440
|
+
return Result{}, err
|
|
441
|
+
}
|
|
442
|
+
|
|
443
|
+
renalSafetyConcern := clauseR1RenalSafetyConcern(data)
|
|
444
|
+
polypharmacyRisk := clauseR2PolypharmacyRisk(data)
|
|
445
|
+
readmissionHistory := clauseR3ReadmissionHistory(data)
|
|
446
|
+
recentDischargeWindow := clauseR4RecentDischargeWindow(data)
|
|
447
|
+
activeNeedCount := clauseR5ActiveNeedCount(renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow)
|
|
448
|
+
needsContinuityBundle := clauseR6NeedsContinuityBundle(data, activeNeedCount)
|
|
449
|
+
|
|
450
|
+
envelope, canonicalEnvelope := clauseM1CanonicalEnvelope(data)
|
|
451
|
+
payloadHashSHA256 := sha256Hex(canonicalEnvelope)
|
|
452
|
+
envelopeHmacSHA256 := hmacSHA256Hex(data.Integrity.Secret, canonicalEnvelope)
|
|
453
|
+
|
|
454
|
+
eligible, recommended := clauseS2RecommendedPackage(data, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow)
|
|
455
|
+
recommendedID := (*string)(nil)
|
|
456
|
+
recommendedName := (*string)(nil)
|
|
457
|
+
packageCostEUR := (*int)(nil)
|
|
458
|
+
if recommended != nil {
|
|
459
|
+
recommendedID = &recommended.ID
|
|
460
|
+
recommendedName = &recommended.Name
|
|
461
|
+
packageCostEUR = &recommended.CostEUR
|
|
462
|
+
}
|
|
463
|
+
|
|
464
|
+
checks := Checks{
|
|
465
|
+
PayloadHashMatches: payloadHashSHA256 == sha256Hex(canonicalEnvelope),
|
|
466
|
+
SignatureVerifies: data.Integrity.VerificationMode == "trustedPrecomputedInput" && envelopeHmacSHA256 == hmacSHA256Hex(data.Integrity.Secret, canonicalEnvelope),
|
|
467
|
+
ThresholdReached: needsContinuityBundle,
|
|
468
|
+
ScopeComplete: clauseM5ScopeComplete(envelope.Insight),
|
|
469
|
+
MinimizationRespected: clauseM4MinimizationRespected(envelope.Insight),
|
|
470
|
+
AuthorizationAllowed: clauseG1AuthorizedUse(data),
|
|
471
|
+
DutyTimely: clauseG3DutyTimely(data),
|
|
472
|
+
InsurancePricingProhibited: clauseG2InsurancePricingProhibited(data),
|
|
473
|
+
PackageWithinBudget: recommended != nil && recommended.CostEUR <= data.Budget.MaxEUR,
|
|
474
|
+
PackageCoversAllActiveNeeds: recommended != nil && packageCoversAllActiveNeeds(*recommended, renalSafetyConcern, polypharmacyRisk, readmissionHistory, recentDischargeWindow),
|
|
475
|
+
LowestCostEligiblePackageChosen: recommended != nil && recommended.ID == eligible[0].ID,
|
|
476
|
+
}
|
|
477
|
+
|
|
478
|
+
reasonWhy := []string{
|
|
479
|
+
fmt.Sprintf("RenalSafetyConcern holds because eGFR = %d and the threshold is < %d.", data.Signals.Lab.Egfr, data.Thresholds.EgfrBelow),
|
|
480
|
+
fmt.Sprintf("PolypharmacyRisk holds because the active medication count is %d and the threshold is ≥ %d.", data.Signals.Medications.ActiveMedicationCount, data.Thresholds.ActiveMedicationCountAtLeast),
|
|
481
|
+
fmt.Sprintf("ReadmissionHistory holds because admissionsLast180Days = %d and the threshold is ≥ %d.", data.Signals.History.AdmissionsLast180Days, data.Thresholds.AdmissionsLast180DaysAtLeast),
|
|
482
|
+
fmt.Sprintf("RecentDischargeWindow holds because hoursSinceDischarge = %d and the threshold is ≤ %d.", data.Signals.Discharge.HoursSinceDischarge, data.Thresholds.HoursSinceDischargeAtMost),
|
|
483
|
+
"The recommendation rule selects the least-cost package that covers every active need and remains within budget.",
|
|
484
|
+
func() string {
|
|
485
|
+
if recommended != nil {
|
|
486
|
+
return fmt.Sprintf("The selected package is \"%s\" with cost €%d, touches=%d.", recommended.Name, recommended.CostEUR, recommended.Touches)
|
|
487
|
+
}
|
|
488
|
+
return "No eligible package exists within budget."
|
|
489
|
+
}(),
|
|
490
|
+
fmt.Sprintf("Use is permitted only for purpose \"%s\" and expires at %s.", data.EvaluationContext.Purpose, data.Timestamps.ExpiresAt),
|
|
491
|
+
}
|
|
492
|
+
|
|
493
|
+
answer := Answer{
|
|
494
|
+
Name: data.CaseName,
|
|
495
|
+
Region: data.Region,
|
|
496
|
+
Metric: data.InsightPolicy.Metric,
|
|
497
|
+
ActiveNeedCount: activeNeedCount,
|
|
498
|
+
Threshold: data.Thresholds.ActiveNeedCountAtLeast,
|
|
499
|
+
RecommendedPackage: recommendedName,
|
|
500
|
+
BudgetCapEUR: data.Budget.MaxEUR,
|
|
501
|
+
PackageCostEUR: packageCostEUR,
|
|
502
|
+
PayloadHashSHA256: payloadHashSHA256,
|
|
503
|
+
EnvelopeHmacSHA256: envelopeHmacSHA256,
|
|
504
|
+
}
|
|
505
|
+
|
|
506
|
+
arcLines := []string{
|
|
507
|
+
"=== Answer ===",
|
|
508
|
+
fmt.Sprintf("Name: %s", answer.Name),
|
|
509
|
+
fmt.Sprintf("Region: %s", answer.Region),
|
|
510
|
+
fmt.Sprintf("Metric: %s", answer.Metric),
|
|
511
|
+
fmt.Sprintf("Active need count: %d/%d", answer.ActiveNeedCount, answer.Threshold),
|
|
512
|
+
fmt.Sprintf("Recommended package: %s", derefString(answer.RecommendedPackage)),
|
|
513
|
+
fmt.Sprintf("Budget cap: €%d", answer.BudgetCapEUR),
|
|
514
|
+
fmt.Sprintf("Package cost: €%s", derefIntString(answer.PackageCostEUR)),
|
|
515
|
+
fmt.Sprintf("Payload SHA-256: %s", answer.PayloadHashSHA256),
|
|
516
|
+
fmt.Sprintf("Envelope HMAC-SHA-256: %s", answer.EnvelopeHmacSHA256),
|
|
517
|
+
"",
|
|
518
|
+
"=== Reason Why ===",
|
|
519
|
+
}
|
|
520
|
+
arcLines = append(arcLines, reasonWhy...)
|
|
521
|
+
arcLines = append(arcLines, "", "=== Check ===")
|
|
522
|
+
checkOrder := []struct {
|
|
523
|
+
name string
|
|
524
|
+
ok bool
|
|
525
|
+
}{
|
|
526
|
+
{"payloadHashMatches", checks.PayloadHashMatches},
|
|
527
|
+
{"signatureVerifies", checks.SignatureVerifies},
|
|
528
|
+
{"thresholdReached", checks.ThresholdReached},
|
|
529
|
+
{"scopeComplete", checks.ScopeComplete},
|
|
530
|
+
{"minimizationRespected", checks.MinimizationRespected},
|
|
531
|
+
{"authorizationAllowed", checks.AuthorizationAllowed},
|
|
532
|
+
{"dutyTimely", checks.DutyTimely},
|
|
533
|
+
{"insurancePricingProhibited", checks.InsurancePricingProhibited},
|
|
534
|
+
{"packageWithinBudget", checks.PackageWithinBudget},
|
|
535
|
+
{"packageCoversAllActiveNeeds", checks.PackageCoversAllActiveNeeds},
|
|
536
|
+
{"lowestCostEligiblePackageChosen", checks.LowestCostEligiblePackageChosen},
|
|
537
|
+
}
|
|
538
|
+
for _, item := range checkOrder {
|
|
539
|
+
arcLines = append(arcLines, fmt.Sprintf("- %s: %s", yesNo(item.ok), item.name))
|
|
540
|
+
}
|
|
541
|
+
|
|
542
|
+
allChecksPass := checks.PayloadHashMatches && checks.SignatureVerifies && checks.ThresholdReached && checks.ScopeComplete && checks.MinimizationRespected && checks.AuthorizationAllowed && checks.DutyTimely && checks.InsurancePricingProhibited && checks.PackageWithinBudget && checks.PackageCoversAllActiveNeeds && checks.LowestCostEligiblePackageChosen
|
|
543
|
+
|
|
544
|
+
return Result{
|
|
545
|
+
CaseName: data.CaseName,
|
|
546
|
+
Derived: Derived{
|
|
547
|
+
RenalSafetyConcern: renalSafetyConcern,
|
|
548
|
+
PolypharmacyRisk: polypharmacyRisk,
|
|
549
|
+
ReadmissionHistory: readmissionHistory,
|
|
550
|
+
RecentDischargeWindow: recentDischargeWindow,
|
|
551
|
+
ActiveNeedCount: activeNeedCount,
|
|
552
|
+
NeedsContinuityBundle: needsContinuityBundle,
|
|
553
|
+
EligiblePackageIDs: func() []string {
|
|
554
|
+
ids := make([]string, 0, len(eligible))
|
|
555
|
+
for _, pkg := range eligible {
|
|
556
|
+
ids = append(ids, pkg.ID)
|
|
557
|
+
}
|
|
558
|
+
return ids
|
|
559
|
+
}(),
|
|
560
|
+
RecommendedPackageID: recommendedID,
|
|
561
|
+
RecommendedPackageName: recommendedName,
|
|
562
|
+
},
|
|
563
|
+
Envelope: envelope,
|
|
564
|
+
Integrity: IntegrityResult{
|
|
565
|
+
CanonicalEnvelope: canonicalEnvelope,
|
|
566
|
+
PayloadHashSHA256: payloadHashSHA256,
|
|
567
|
+
EnvelopeHmacSHA256: envelopeHmacSHA256,
|
|
568
|
+
VerificationMode: data.Integrity.VerificationMode,
|
|
569
|
+
},
|
|
570
|
+
Answer: answer,
|
|
571
|
+
ReasonWhy: reasonWhy,
|
|
572
|
+
Checks: checks,
|
|
573
|
+
AllChecksPass: allChecksPass,
|
|
574
|
+
ArcText: strings.Join(arcLines, "\n"),
|
|
575
|
+
}, nil
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
func derefString(value *string) string {
|
|
579
|
+
if value == nil {
|
|
580
|
+
return "<nil>"
|
|
581
|
+
}
|
|
582
|
+
return *value
|
|
583
|
+
}
|
|
584
|
+
|
|
585
|
+
func derefIntString(value *int) string {
|
|
586
|
+
if value == nil {
|
|
587
|
+
return "<nil>"
|
|
588
|
+
}
|
|
589
|
+
return fmt.Sprintf("%d", *value)
|
|
590
|
+
}
|
|
591
|
+
|
|
592
|
+
func main() {
|
|
593
|
+
inputPath := "medior.data.json"
|
|
594
|
+
jsonMode := false
|
|
595
|
+
for _, arg := range os.Args[1:] {
|
|
596
|
+
if arg == "--json" {
|
|
597
|
+
jsonMode = true
|
|
598
|
+
} else if !strings.HasPrefix(arg, "--") {
|
|
599
|
+
inputPath = arg
|
|
600
|
+
}
|
|
601
|
+
}
|
|
602
|
+
|
|
603
|
+
data, err := readJSON(inputPath)
|
|
604
|
+
if err != nil {
|
|
605
|
+
fmt.Fprintln(os.Stderr, err)
|
|
606
|
+
os.Exit(1)
|
|
607
|
+
}
|
|
608
|
+
|
|
609
|
+
result, err := evaluate(data)
|
|
610
|
+
if err != nil {
|
|
611
|
+
fmt.Fprintln(os.Stderr, err)
|
|
612
|
+
os.Exit(1)
|
|
613
|
+
}
|
|
614
|
+
|
|
615
|
+
if jsonMode {
|
|
616
|
+
enc := json.NewEncoder(os.Stdout)
|
|
617
|
+
enc.SetIndent("", " ")
|
|
618
|
+
_ = enc.Encode(result)
|
|
619
|
+
} else {
|
|
620
|
+
fmt.Println(result.ArcText)
|
|
621
|
+
}
|
|
622
|
+
|
|
623
|
+
if !result.AllChecksPass {
|
|
624
|
+
os.Exit(1)
|
|
625
|
+
}
|
|
626
|
+
}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
## Status
|
|
4
4
|
|
|
5
|
-
This document is the **normative specification** for the Medior case. The file `medior.model.
|
|
5
|
+
This document is the **normative specification** for the Medior case. The file `medior.model.go` is the **reference Go implementation** of these clauses. The file `medior.data.json` is the **instance** evaluated in this bundle. The file `medior.expected.json` is the **conformance vector** for that instance.
|
|
6
6
|
|
|
7
7
|
## Insight Economy context
|
|
8
8
|
|
|
@@ -15,7 +15,6 @@ The product being shared is therefore not a raw record, but a permissioned, mini
|
|
|
15
15
|
- “iff” means “if and only if”.
|
|
16
16
|
- A clause identifier such as `R1` or `M3` is normative.
|
|
17
17
|
- A conforming implementation may be written in any language, but it shall produce the same derived values and pass/fail outcomes for the supplied instance.
|
|
18
|
-
- The reference implementation uses ECMAScript because you preferred an international-standard JS language.
|
|
19
18
|
|
|
20
19
|
## Vocabulary
|
|
21
20
|
|