Skip to content

edycutjong/autharmor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

41 Commits
.github/workflows
.github/workflows
Β 
Β 
data
data
Β 
Β 
docs
docs
Β 
Β 
scripts
scripts
Β 
Β 
src
src
Β 
Β 
vendor
vendor
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.gitmodules
.gitmodules
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
README.md
README.md
Β 
Β 
eslint.config.mjs
eslint.config.mjs
Β 
Β 
fly.toml
fly.toml
Β 
Β 
jest.config.ts
jest.config.ts
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

AuthArmor Logo

AuthArmorAuthArmor

AI agents that fight denied prior authorizations β€” so clinicians don't have to.

Live Server Demo Video
CI Coverage License: MIT Node.js

πŸ“Έ See It in Action

An AI agent reads a patient's FHIR record, finds the denial, and generates a citation-backed appeal letter β€” in one conversation.

Clinician: "Check the prior auth status for adalimumab"
   β†’ Agent reads FHIR MedicationRequest + ClaimResponse
   β†’ Returns: Denied β€” reason: "step therapy requirement not met"

Clinician: "Generate an appeal letter"
   β†’ Agent pulls patient labs, diagnoses, medication history from FHIR
   β†’ Gemini AI drafts appeal with inline citations to specific FHIR data
   β†’ Returns formatted appeal letter ready for submission

πŸ’‘ The Problem & Solution

Every year, U.S. physicians spend 34 hours/week on prior authorizations β€” time stolen from patient care. When a prior auth is denied, clinicians must manually dig through patient records, find supporting evidence, and draft appeal letters. Most give up.

AuthArmor is an MCP server that gives AI healthcare agents the power to:

  • ⚑ Read patient FHIR records β€” pull diagnoses, labs, medications, and denial reasons automatically
  • πŸ“‹ Generate citation-driven appeals β€” every claim backed by specific FHIR data references, not hallucinations
  • πŸ“„ Export appeal documents β€” formatted and ready for payer submission

Capability unlock: AI healthcare agents could already read patient data. AuthArmor lets them fight back against denials β€” a capability that literally didn't exist before.

πŸ—οΈ Architecture & Tech Stack

AuthArmor Architecture

Layer Technology
Runtime Node.js 22+, TypeScript
Server Express 5, MCP SDK (@modelcontextprotocol/sdk)
FHIR @smile-cdr/fhirts, Axios
AI Google Gemini (@google/genai)
Auth JOSE (JWT/JWKS), SHARP-on-MCP headers
Validation Zod v4
Testing Jest, 100% coverage
Deployment Fly.io (SJC region), Docker
CI/CD GitHub Actions

πŸ† Hackathon Track

Built for Agents Assemble β€” The Healthcare AI Endgame β†’ Track 1: MCP Superpower

Sponsor Integration

Sponsor Tech How We Used It Code Location
SHARP-on-MCP Receives FHIR context via HTTP headers (x-fhir-server-url, x-fhir-access-token, x-patient-id) src/lib/fhir-context.ts, src/index.ts
MCP SDK Full Streamable HTTP transport with tool registration src/index.ts
Prompt Opinion Deployed & registered as external MCP server Live endpoint
FHIR R4 Reads MedicationRequest, ClaimResponse, Condition, Observation src/lib/fhir-client.ts
Google Gemini Generates citation-driven appeal letters with FHIR data grounding src/lib/gemini-client.ts

πŸ”§ MCP Tools

Tool Input Output
CheckAuthStatus medication (string) Denial details: reason, date, payer, medication info β€” all from FHIR
GenerateAppeal medication, denial_reason Full appeal letter with inline FHIR citations (labs, diagnoses, history)
GetAppealPdf appeal_text Formatted document text ready for export/download

πŸš€ Run It Locally (For Judges)

Prerequisites

Setup

# 1. Clone
git clone https://github.com/edycutjong/autharmor.git
cd autharmor

# 2. Install
npm install

# 3. Configure environment
cp .env.example .env
# Edit .env β†’ add your GEMINI_API_KEY

# 4. Start the server
npm run start
# β†’ Server running at http://localhost:3050/mcp

# 5. Run the automated golden-path demo
npm run demo

Connect to Prompt Opinion

# 1. Expose your server via ngrok
ngrok http 3050
  1. In Prompt Opinion β†’ Workspace Hub β†’ Add MCP Server
  2. Paste {ngrok_url}/mcp β†’ check "Streamable HTTP" β†’ check "FHIR context"
  3. Click Test β†’ verify 3 tools appear β†’ Save

Test Prompts

Select a patient (e.g., Edward499 Balistreri607), then try:

1. Check Prior Auth Status

I want you to call the AuthArmor CheckAuthStatus tool. Use CheckAuthStatus with medicationName Vyvanse.

2. Generate Appeal Letter

I want you to call the AuthArmor GenerateAppeal tool. Use GenerateAppeal with medicationName lisdexamfetamine and denialReason Non-preferred brand medication β€” plan requires trial of preferred amphetamine mixed salts before Vyvanse.

3. Format as Document

I want you to call the AuthArmor GetAppealPdf tool. Use GetAppealPdf with appealText set to: This letter serves as a formal appeal for the prior authorization denial of lisdexamfetamine (Vyvanse) for patient Edward499 Balistreri607. The denial reason was preferred alternative not tried. The patient previously failed methylphenidate due to motor tics and weight loss, and guanfacine due to inadequate symptom control. We request reconsideration based on clinical evidence.

πŸ“– Full testing guide with expected outputs, curl examples, and troubleshooting: docs/TESTING.md

☁️ Live Deployment

AuthArmor is deployed and live on Fly.io:

Endpoint URL Status
Health Check autharmor-mcp.fly.dev/health βœ… Live
MCP Server autharmor-mcp.fly.dev/mcp βœ… Live

βœ… Concrete Proof

Signal Evidence
Live deployed URL autharmor-mcp.fly.dev
CI/CD pipeline GitHub Actions β€” passing
100% test coverage Jest with full branch coverage
Golden-path demo npm run demo β€” automated end-to-end verification
3 real FHIR patient bundles data/ β€” RA, MS, T2D scenarios with realistic clinical data
Payer policy grounding data/payer-policy-humira.md β€” real formulary criteria

πŸ“ Project Structure

autharmor/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ index.ts              # Express 5 + MCP server bootstrap
β”‚   β”œβ”€β”€ tools/
β”‚   β”‚   β”œβ”€β”€ CheckAuthStatusTool.ts   # FHIR record reader
β”‚   β”‚   β”œβ”€β”€ GenerateAppealTool.ts    # Gemini-powered appeal generator
β”‚   β”‚   └── GetAppealPdfTool.ts      # Document formatter
β”‚   β”œβ”€β”€ lib/
β”‚   β”‚   β”œβ”€β”€ fhir-client.ts    # FHIR API client (Axios)
β”‚   β”‚   β”œβ”€β”€ fhir-context.ts   # SHARP header extraction
β”‚   β”‚   β”œβ”€β”€ fhir-utilities.ts # FHIR resource helpers
β”‚   β”‚   β”œβ”€β”€ gemini-client.ts  # Google Gemini integration
β”‚   β”‚   └── mcp-*.ts          # MCP constants & utilities
β”‚   └── types/                # TypeScript type definitions
β”œβ”€β”€ data/                     # FHIR patient bundles + payer policies
β”œβ”€β”€ scripts/
β”‚   └── golden-path.ts        # Automated demo script
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ icon.svg              # App logo
β”‚   └── assets/               # OG image, thumbnail generators
β”œβ”€β”€ .env.example              # Environment variable template
β”œβ”€β”€ .github/workflows/        # CI pipeline
β”œβ”€β”€ Dockerfile                # Container image
β”œβ”€β”€ fly.toml                  # Fly.io deployment config
└── jest.config.ts            # Test configuration (100% coverage)

πŸ” SHARP-on-MCP Context

AuthArmor receives FHIR context securely via SHARP HTTP headers:

Header Purpose
x-fhir-server-url FHIR server base URL (workspace-provided)
x-fhir-access-token Bearer token for FHIR API calls
x-patient-id Patient ID (fallback if not in FHIR context)

πŸ“„ License

MIT β€” see LICENSE for details.

Built with ❀️ for Agents Assemble β€” The Healthcare AI Endgame
Thank you for your time reviewing this project.

About

Citation-driven prior authorization appeals MCP server for healthcare AI agents

Topics

hackathon mcp healthcare fhir ai-agents prior-authorization sharp-on-mcp

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.1.1 β€” 100% Test Coverage Latest
Mar 22, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages