HealthClawGuardrails 是 AI Skill Hub 本期精选Agent工作流之一。综合评分 8.0 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
HealthClawGuardrails 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
HealthClawGuardrails 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
# 方式一:pip 安装(推荐)
pip install healthclawguardrails
# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install healthclawguardrails
# 方式三:从源码安装(获取最新功能)
git clone https://github.com/aks129/HealthClawGuardrails
cd HealthClawGuardrails
pip install -e .
# 验证安装
python -c "import healthclawguardrails; print('安装成功')"
# 命令行使用
healthclawguardrails --help
# 基本用法
healthclawguardrails input_file -o output_file
# Python 代码中调用
import healthclawguardrails
# 示例
result = healthclawguardrails.process("input")
print(result)
# healthclawguardrails 配置文件示例(config.yml) app: name: "healthclawguardrails" debug: false log_level: "INFO" # 运行时指定配置文件 healthclawguardrails --config config.yml # 或通过环境变量配置 export HEALTHCLAWGUARDRAILS_API_KEY="your-key" export HEALTHCLAWGUARDRAILS_OUTPUT_DIR="./output"
<img src=".github/assets/healthclaw-logo.png" alt="HealthClaw — AI-Powered Healthcare Intelligence" width="440">
Two threads landed since v1.4.0: a read-authentication hardening pass on the guardrail core, and HL7 Structured Data Capture (SDC) support so the project can populate and extract healthcare forms the standard, interoperable way.
SDC form round-trip — implements the two halves of HL7 SDC:
| Operation | What it does | Mechanisms (v1) |
|---|---|---|
POST /r6/fhir/Questionnaire[/<id>]/$populate | Questionnaire + subject → pre-filled QuestionnaireResponse | expression-based (initialExpression FHIRPath) + observation-based (item.code LOINC) |
POST /r6/fhir/QuestionnaireResponse/$extract | completed QuestionnaireResponse → transaction Bundle | observation-based (observationExtract) + definition-based (definitionExtract) |
r6/sdc/ (expressions.py, populate.py, extract.py); the route layer owns auth, audit, step-up, and store I/O.$populate is read-shaped (tenant-read-authenticated + AuditEvent); $extract reuses the existing write path — step-up + per-resource $validate on commit, with ?dryRun=true to preview the Bundle without committing.questionnaire_populate (read) and questionnaire_extract (write) — so an agent can fill and extract forms end-to-end.healthclaw-intake demo Questionnaire shows the full populate → complete → extract loop.Security hardening — X-Tenant-Id reads are now authenticated, not just tenant-scoped: non-public tenants must present a tenant-bound step-up token or a matching SMART bearer (a bare header gets 401). Plus a public-tenant-aware token-mint guard, the SMART OAuth service advertised in /metadata, and dependency CVE bumps (PyJWT, npm advisories).
Deliberate compliance postures (documented in CLAUDE.md and the design spec): - $populate returns unredacted PHI by design — a form must hold real data, and the read-auth gate is the compensating control. An optional ?redaction= opt-in is a tracked follow-up. - $extract commit is treated as an ingest-class operation (like Bundle/$ingest-context): step-up + $validate gate the write; it is exempt from the per-resource X-Human-Confirmed gate.
One Telegram bot. All your health records. Every major source, automatically.
The v1.4.0 release wires five distinct health data pipelines into HealthClaw — each with its own auth model, transport, and data format — and exposes them as unified Telegram slash commands so you never leave the chat.
| Source | Coverage | Transport | Telegram command |
|---|---|---|---|
| **Fasten TEFCA** | Nationwide — all QHINs (hospitals, EHRs, labs) via CLEAR/ID.me | Webhook push | /connect |
| **HealthEx** | Lab + clinical aggregator | MCP Streamable HTTP pull | /export |
| **Health Bank One** | Identity-verified records + insurance context | MCP Streamable HTTP pull | /hbo-connect, /hbo-pull |
| **Flexpa** | 200+ payers/insurers (CMS-9115 mandate) | SmartHealthConnect bridge | /flexpa-connect |
| **Health Skillz (Epic)** | Epic MyChart + major patient portals | SmartHealthConnect bridge | /epic-connect |
| **MEDENT** | Small-practice EHR (SMART on FHIR direct) | Direct SMART on FHIR pull | /medent-connect, /medent-pull |
Where the code lives: Fasten (webhook + NDJSON ingest), HealthEx / Health Bank One (MCP-client OAuth pull), and MEDENT (SMART-on-FHIR pull) have working connector code in this repo. Flexpa and Health Skillz (Epic) run their payer/portal OAuth pull in the separate SmartHealthConnect service; this repo provides the guardrailed /shc/ingest receiver that those pulls post into — not the payer OAuth client itself. Ingested claims/coverage data is stored, validated, and audited; cost/denial/coverage-gap analytics are not implemented (payer data is retained, not analyzed).
New infrastructure:
/shc/ingest endpoint — SmartHealthConnect bridge receives FHIR bundles from Flexpa and Health Skillz pulls, applies the full guardrail stack, fires Telegram notification/shc/medent/callback broker — MEDENT's OAuth validator requires a public HTTPS redirect URI; Railway acts as the callback broker so the Mac mini agent can still drive the flowscripts/medent_oauth.py — SMART on FHIR Patient Standalone Launch (Dynamic Client Registration + PKCE + token caching + auto-refresh)scripts/export_medent_fhir.py — Pulls US Core R4 resources from any MEDENT practice, redacts PHI in-processHeart rate, HRV, SpO2, steps, sleep, BP, glucose, body weight — from Garmin, Oura, Polar, Suunto, Whoop, Fitbit, Strava, Ultrahuman — flow into HealthClaw as FHIR Observations with correct LOINC codes and device Provenance. Compiled Truth timelines now include wearable-sourced data; SmartHealthConnect's healthy-habits + diet-exercise skills read them through the same fhir_search they already use.
wearables docker-compose profile. It owns per-provider OAuth; we own the FHIR mapping.r6/wearables/mapper.py translates 13 metrics to LOINC + UCUM FHIR Observations. Unknown fields fall through with code.text — no data loss.WEARABLES_POLL_INTERVAL (default 900s), posts through /Bundle/$ingest-context with step-up + X-Agent-Id: wearable-sync.wearables_sync_status MCP tool (16 tools total) returns connection status + _meta.ui.resourceUri pointing at the new Connection Manager MCP App./r6/fhir/mcp-apps/wearables/ — cards per provider: connect / re-auth / sync / view.Quick start: OPEN_WEARABLES_URL=http://open-wearables:8000 docker-compose --profile wearables up -d.
uv sync
cd e2e && npm ci && npx playwright install --with-deps chromium && npm test cd e2e && npm run test:headed # headed browser cd e2e && npm run test:ui # interactive UI mode ```
Every other health tool shows you data. HealthClaw shows you the trail.
GET /<type>/<id>/$compiled-truth — returns current redacted resource + curation state + quality score + full Provenance timeline (newest first).fhir_compiled_truth MCP tool — agents call this before making resource-specific claims; responses carry _meta.ui.resourceUri pointing to an embeddable review surface./r6/fhir/mcp-apps/compiled-truth/<type>/<id> — focused HTML page: current data, evidence timeline, approve / re-evaluate actions. Zero install.curation_state (raw → in_review → curated) and quality_score (0.0–1.0) now persisted on every resource..health-context.yaml — single declaration of jurisdiction, audience, regulations, defaults. Read by the guardrail stack; mirrored in SmartHealthConnect.HealthClaw ships as a Claude Code plugin marketplace. Two plugins are available:
```bash
claude plugin install healthclaw-guardrails@healthclaw-marketplace
claude plugin install smarthealthconnect@healthclaw-marketplace ```
| Plugin | Skills | Source |
|---|---|---|
healthclaw-guardrails | curatr, fasten-connect, fhir-r6-guardrails, fhir-upstream-proxy, healthex-export, phi-redaction | [aks129/HealthClawGuardrails](https://github.com/aks129/HealthClawGuardrails) |
smarthealthconnect | care-completion, diet-exercise, healthy-habits, kids-health, medication-refills, research-monitor | [aks129/SmartHealthConnect](https://github.com/aks129/SmartHealthConnect) |
Each skill is auto-discoverable — Claude loads it when your prompt matches the skill's trigger phrases (e.g. "check my care gaps", "redact this bundle", "run Curatr on my conditions").
Not on Claude/MCP? The same 23 guardrailed tools run on OpenAI, Gemini, LangChain, or plain HTTP via the framework-neutral bridge in adapters/ — see Recipe: run HealthClaw tools on any agent framework. Guardrails stay server-side, so no framework can bypass them.
```bash docker-compose up -d --build
```bash
cd services/shl-server && railway up --service shl-server
```bash
```bash
The 6-step demo at /r6/fhir/demo/agent-loop shows the full guardrail sequence:
export SHL_SERVER_URL=http://localhost:8000 ```
Without SHL_SERVER_URL, shl_generate returns an explicit simulation stub (simulated: true) — never a fake link.
railway variables --service shl-server \ --set BASE_URL=<public-url-of-shl-server> \ --set DB_PATH=/data/db.sqlite
| Variable | Required | Default | Description |
|---|---|---|---|
STEP_UP_SECRET | Production | — | HMAC-SHA256 signing secret |
FHIR_UPSTREAM_URL | No | — | Upstream FHIR server (enables proxy mode) |
SQLALCHEMY_DATABASE_URI | Production | sqlite:///mcp_server.db | Database connection |
SESSION_SECRET | No | (dev key) | Flask session secret |
FHIR_UPSTREAM_TIMEOUT | No | 15 | Upstream request timeout (seconds) |
FHIR_LOCAL_BASE_URL | No | — | Local URL for response URL rewriting |
```bash
FASTEN_PUBLIC_KEY=<key> FASTEN_PRIVATE_KEY=<key> FASTEN_WEBHOOK_SECRET=<secret> FASTEN_CURATR_SCAN=true # auto-run Curatr after each import ```
Records arrive via webhook at /r6/fasten/webhook and are stored under the patient's canonical tenant ID.
TELEGRAM_BOT_TOKEN=<token> TENANT_ID=my-patient \
FHIR_BASE_URL=http://localhost:5000/r6/fhir \
python openclaw/bot.py
Commands: /health, /conditions, /labs, /curatr, /curatr fix, /approve.
Or via Docker Compose:
docker-compose --profile openclaw up -d
Set in .env (leave FHIR_UPSTREAM_URL empty):
MEDPLUM_BASE_URL=https://api.medplum.com/fhir/R4
MEDPLUM_CLIENT_ID=<id>
MEDPLUM_CLIENT_SECRET=<secret>
All guardrails apply to Medplum responses identically to local SQLite mode. Access tokens are cached in Redis (key medplum:access_token; falls back to in-process cache when Redis is unavailable).
---
| Endpoint | Method | Description |
|---|---|---|
/r6/fhir/metadata | GET | CapabilityStatement |
/r6/fhir/health | GET | Liveness probe (reports upstream status) |
/r6/fhir/{type} | POST | Create resource (requires step-up) |
/r6/fhir/{type} | GET | Search resources |
/r6/fhir/{type}/{id} | GET | Read resource (redacted) |
/r6/fhir/{type}/{id} | PUT | Update resource (requires step-up + ETag) |
/r6/fhir/{type}/$validate | POST | Validate resource |
/r6/fhir/Questionnaire[/{id}]/$populate | POST | SDC — pre-fill a QuestionnaireResponse from a subject |
/r6/fhir/QuestionnaireResponse/$extract | POST | SDC — extract a transaction Bundle (?dryRun=true to preview) |
/r6/fhir/{type}/{id}/$deidentify | GET | HIPAA Safe Harbor de-identification |
/r6/fhir/Observation/$stats | GET | Observation statistics |
/r6/fhir/Observation/$lastn | GET | Most recent observations |
/r6/fhir/Permission/$evaluate | POST | R6 access control evaluation |
/r6/fhir/SubscriptionTopic/$list | GET | Subscription topic discovery |
/r6/fhir/Bundle/$ingest-context | POST | Bundle ingestion + context envelope |
/r6/fhir/context/{id} | GET | Retrieve context envelope |
/r6/fhir/AuditEvent | GET | Search audit events |
/r6/fhir/AuditEvent/$export | GET | Export audit trail (NDJSON/Bundle) |
/r6/fhir/demo/agent-loop | POST | 6-step guardrail demo |
/r6/fhir/oauth/* | * | OAuth 2.1 + PKCE + SMART discovery |
/r6/fhir/{type}/{id}/$curatr-evaluate | GET | Evaluate resource data quality (Curatr) |
/r6/fhir/{type}/{id}/$curatr-apply-fix | POST | Apply patient-approved fixes with Provenance |
| Feature | This Project | AWS HealthLake MCP | Medplum MCP | Raw FHIR API |
|---|---|---|---|---|
| Works with any FHIR server | Yes | HealthLake only | Medplum only | N/A |
| PHI redaction on reads | Yes | No | No | No |
| Immutable audit trail | Yes | CloudTrail (separate) | Partial | No |
| Step-up auth for writes | Yes | IAM (separate) | Medplum auth | No |
| Human-in-the-loop | Yes | No | No | No |
| Permission $evaluate (R6) | Yes | No | No | No |
| Setup time | 10 seconds | 30+ minutes | 15+ minutes | Varies |
开源AI安全层,保护临床数据安全,代码质量高
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
经综合评估,HealthClawGuardrails 在Agent工作流赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | HealthClawGuardrails |
| 原始描述 | 开源AI工作流:The security layer between AI agents and clinical data. A healthclaw.io open sou。⭐20 · Python |
| Topics | healthaihealthcarepythonsecurity |
| GitHub | https://github.com/aks129/HealthClawGuardrails |
| License | MIT |
| 语言 | Python |
收录时间:2026-07-03 · 更新时间:2026-07-03 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端