Skip to content

feat: Lab Format Generators, Flowsheet Enhancements, Security Fixes, and DevOps Improvements#185

Merged
warrendennis merged 283 commits into
open-osp:mainfrom
openo-beta:staging
Jan 23, 2026
Merged

feat: Lab Format Generators, Flowsheet Enhancements, Security Fixes, and DevOps Improvements#185
warrendennis merged 283 commits into
open-osp:mainfrom
openo-beta:staging

Conversation

@yingbull

Copy link
Copy Markdown
Contributor

Summary

This PR brings the openo-beta/Open-O staging branch changes to the upstream open-osp/Open-O main branch. It includes significant improvements across multiple areas of the OpenO EMR system.

Key Changes

1. Lab Format HL7 Generators (Feature)

  • CML Lab Generator: Extracted HL7 generation logic into dedicated CMLLabHL7Generator utility
  • MDS Lab Generator: New MDSLabHL7Generator with comprehensive MDS-specific segment building
  • GDML Lab Generator: New GDMLLabHL7Generator for GDML format support
  • Refactored SubmitLabByForm2Action for modular lab format dispatch

Related PRs: #1604

2. Flowsheet Measurement Customization (Feature)

  • Patient-level flowsheet measurement updates
  • Provider/patient scoped flowsheet customization
  • New FlowSheetCustomizationService Spring service
  • Revert functionality for measurement changes
  • Relaxed patient-level permissions for better usability

Related PRs: #1078, #1399, #1401

3. Security Fixes

  • CVE-2025-12383: Upgraded jersey-client from 2.39.1 to 2.46
  • Zip Slip Protection: Enhanced path traversal protection in demographic import
  • OWASP Encoding: Applied proper output encoding to error pages
  • NPE Prevention: Fixed tablet signature page null pointer exception
  • PIN Checkbox UI: Fixed malformed HTML in security update form
  • iText Vulnerability: Excluded old vulnerable iText PDF dependency

Related PRs: #1109, #1403, #1404, #1645, #1661, #1829

4. DevContainer & CI/CD Improvements

  • Playwright Integration: UI testing framework with MCP server support
  • Container Image Caching: Optimized GitHub Actions workflows
  • DrugRef2 Container: New dedicated container for DrugRef service
  • Workflow Improvements: Better artifact handling, caching, permissions

Related PRs: #823, #1664, #1796, #1402, #714

5. AI Tooling & Documentation

  • Claude Code Integration: GitHub Actions workflows, settings, and slash commands
  • Copilot Instructions: Enhanced AI context documentation
  • JavaDoc Improvements: Comprehensive documentation across multiple packages
  • Test Documentation: Extracted test writing guide
  • JSP Refactoring Guide: New documentation for JSP migration patterns
  • UI Test Documentation: Comprehensive test execution guides

Related PRs: #1650, #1651, #1639, #1606, #1608, #1838

6. Bug Fixes

  • Billing Reconciliation: Fixed incorrect page link (RA_FORWORD property)
  • MOH Billing Upload: Fixed Struts2 file upload interceptor conflict
  • Export Dosage: Fixed fractional dosage parsing (e.g., "125/5 mg")
  • Allergy Console Error: Fixed browser error when adding allergies
  • LT Med Toggle: Fixed broken toggle functionality
  • Provider Role Search: Fixed i18n label issues
  • EForm Audit: Fixed creation not captured in audit log

Related PRs: #1101, #1090, #1105, #1657, #1610, #1647, #1593

7. Dependency Updates

  • JavaMelody 1.99.4
  • Apache Axis2 upgrade
  • PDFBox 2.0.35
  • JAXWS-RI 2.3.7
  • Spring Integration 5.5.20
  • Jersey Client 2.46

Related PRs: #1633, #1636, #1635, #1637, #1638


Complete PR List

All 64 merged PRs included in this release:

PR # Title/Branch Type
#1838 chore/jsp-refactor-doc Documentation
#1837 feature/additional-ui-tests Testing
#1829 security/exclude-old-itext-vulnerable-dependency Security
#1828 claude/issue-1590-20260119-0545 Bug Fix
#1810 claude/issue-1809-20260118-2050 Documentation
#1807 copilot/fix-test-workflow-caches CI/CD
#1806 copilot/sub-pr-1796-again CI/CD
#1804 copilot/sub-pr-1796 CI/CD
#1803 copilot/sub-pr-1796 CI/CD
#1802 copilot/sub-pr-1796-again CI/CD
#1801 copilot/sub-pr-1796 CI/CD
#1800 copilot/sub-pr-1796-another-one CI/CD
#1799 copilot/sub-pr-1796-again CI/CD
#1798 copilot/sub-pr-1796 CI/CD
#1796 feature/cache-build-workflows CI/CD
#1795 copilot/sub-pr-1792-another-one CI/CD
#1794 copilot/sub-pr-1792-again CI/CD
#1793 copilot/sub-pr-1792 CI/CD
#1792 fix/legacy-test-workflow-fix CI/CD
#1791 copilot/simplify-workflow-steps CI/CD
#1790 copilot/fix-github-actions-workflow CI/CD
#1677 fix/legacy-test-workflow-fix CI/CD
#1669 fix/docker-libraries DevContainer
#1668 chore/workflow-branch-update CI/CD
#1665 copilot/sub-pr-714 CI/CD
#1664 feature/ui-tests-playwright-setup Testing
#1661 fix/demographic-import-with-attachments Security/Bug Fix
#1659 chore/remove-dead-code-demographic-search-1658 Chore
#1657 bug/browser-console-error-when-adding-allergy-1656 Bug Fix
#1652 bug/fix-lock-hashes Bug Fix
#1651 feature/claude-github Feature
#1650 add-claude-github-actions-1768533752660 Feature
#1647 fix/providerrole-search-label-i18n Bug Fix
#1645 fix/security-pin-checkbox-ui Security
#1642 coderabbitai/docstrings/3e8e9c6 Documentation
#1639 copilot/create-ai-context-file Documentation
#1638 copilot/upgrade-spring-integration-to-5-5-20 Dependency
#1637 copilot/upgrade-jaxws-ri-version Dependency
#1636 copilot/upgrade-apache-axis2-version Dependency
#1635 copilot/upgrade-pdfbox-to-2-0-35 Dependency
#1633 copilot/upgrade-javamelody-version Dependency
#1620 copilot/fix-teleplans25dao-parameters Bug Fix
#1610 bug/lt-med-toggle-broken Bug Fix
#1608 copilot/add-java-docs-client-class Documentation
#1606 copilot/document-emaildata-class-and-methods Documentation
#1605 copilot/document-frmbcinrrecord-class Documentation
#1604 feature/create-lab Feature
#1593 bug/eform-creation-not-captured-audit-log-1592 Bug Fix
#1404 security/apply-owasp-output-encoding-error-pages-1196 Security
#1403 security/npe-tablet-signature-1195 Security
#1402 feature/drugref2-container Feature
#1401 fix-flowsheet-scope-order Bug Fix
#1399 issue-1194-relax-flowsheet-permissions Feature
#1166 copilot/fix-parameter-indexing-hrmsubclassdao Bug Fix
#1109 feature/upgrade-jersey-client-cve-2025-12383 Security
#1107 fix/npm-updates-in-devcontainer DevContainer
#1105 bugfix/export-dosage-keep-slash Bug Fix
#1101 fix/billing-reconciliation-link-incorrect-page Bug Fix
#1099 copilot/add-javadoc-inline-comments Documentation
#1090 fix/struts-servlet-upload-conflict Bug Fix
#1078 feat-1050-flowsheet-measurements Feature
#823 playwright-mcp Feature
#777 snyk-fix-1c6cb3aa5210cc1b0208572cfac1020a Security
#714 dogfish-workflows CI/CD

Related Issues

Issues addressed or referenced by commits in this release:

  • #1050 - Flowsheet measurements feature
  • #1194 - Relax flowsheet permissions
  • #1195 - NPE in tablet signature
  • #1196 - OWASP encoding error pages
  • #1590 - Demographic import with attachments
  • #1592 - EForm audit log
  • #1656 - Allergy console error
  • #1658 - Dead code demographic search
  • #1809 - CLAUDE.md documentation

Test Plan

  • Build passes with make install --run-tests
  • All modern JUnit 5 tests pass
  • All legacy JUnit 4 tests pass
  • Manual testing of flowsheet measurement customization
  • Manual testing of lab format generators (CML, MDS, GDML)
  • Manual testing of billing reconciliation link
  • Manual testing of MOH billing file upload
  • Verify security fixes (OWASP encoding, Zip Slip protection)
  • DevContainer builds and runs with Playwright support

Breaking Changes

None expected. All changes maintain backward compatibility.


Deployment Notes

  1. Database schema: No migration scripts required
  2. Configuration: New RA_FORWORD property may need to be configured for billing reconciliation
  3. DevContainer: New Playwright integration available for UI testing

Generated with Claude Code

D3V41 and others added 30 commits January 12, 2026 16:34
…c into a dedicated utility class CMLLabHL7Generator.
…o a dedicated utility class MDSLabHL7Generator. This continues the modularization of lab format generation.

 Changes:
  - Add MDSLabHL7Generator with comprehensive MDS-specific segment building
  - Implement buildMSH(), buildZLB(), buildZRG(), buildZMNSegments(), buildZCLSegments()
  - Implement buildPID(), buildPV1(), buildZFR(), buildZCT(), buildTestSegments(), buildZPD()
  - Add normalizeAccession() for MDS-specific accession format handling
  - Add parseCCDoctor() with support for multiple CC doctor formats
  - Add buildMDSReferenceRange() for MDS-specific reference range formatting
  - Update SubmitLabByForm2Action to route MDS lab types to MDSLabHL7Generator
  - Preserve all critical comments about MDS format requirements
…rating it into SubmitLabByForm2Action.

GDMLLabHL7Generator features:
  - MSH segment with GDML-specific message header format
  - PID segment with correct field mapping (HIN in PID-2, accession in PID-3)
  - ZDR segments for CC doctor parsing and name component extraction
  - OBR segment with XCN format for ordering provider (billing number, name)
  - OBX segments with GDML reference range format (low-high^formatted text)
  - Value type normalization (converts FT to ST for proper display)
  - NTE segment support for test-specific notes

  SubmitLabByForm2Action changes:
  - Import GDMLLabHL7Generator utility class
  - Add GDML routing logic in generateHL7() method alongside MDS and CML
- Add class-level JavaDoc with healthcare context explaining INR monitoring
- Add @SInCE tag with 2026-01-14 date from git history
- Add @see tags for related classes (FrmRecord, FrmRecordHelp, FrmData)
- Document all 7 public methods with @param, @return, and @throws tags
- Include healthcare domain context for BC anticoagulation therapy
- Explain HL7 integration and provincial lab system connectivity

Co-authored-by: yingbull <8680161+yingbull@users.noreply.github.com>
Co-authored-by: yingbull <8680161+yingbull@users.noreply.github.com>
…ethods

Co-authored-by: yingbull <8680161+yingbull@users.noreply.github.com>
D3V41 and others added 14 commits January 19, 2026 22:18
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
…graphicDataAction42Action.java

Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
feat: add additional foundational config for futher UI tests
docs: add comprehensive JavaDoc to AbstractModel.java
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…attachments

Resolve demographic import with ZIP attachments
- Fix Bootstrap version references (5.0.2 -> 5.3.0 CDN)
- Preserve OWASP Encoder usage for user inputs (don't replace with JSTL)
- Correct import ordering in Step 1.2 (imports must come before security)
- Enhance CSRF token guidance with project-specific implementation details
- Add OpenO package naming examples (ca.openosp.openo.*)
- Add PathValidationUtils security guidance for file operations
- Make CSS XSS warning more prominent with safer alternatives
- Fix JavaScript encoding example with proper variable retrieval
- Add language identifier to markdown code block (markdownlint)

Co-authored-by: Michael Yingbull <yingbull@users.noreply.github.com>
Copilot AI review requested due to automatic review settings January 20, 2026 20:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

LiamStanziani and others added 2 commits January 22, 2026 16:19
…g format instead of epoch timestamp format. This caused Ocean eReferral imports to fail with a warning message when importing sent eReferrals back into the EMR.
@LiamStanziani

Copy link
Copy Markdown
Contributor

Fixed the merge conflicts

@D3V41

D3V41 commented Jan 22, 2026

Copy link
Copy Markdown
Contributor

Additional Fix: Ocean eReferral Import DOB Format (Issue #1830)
Change: Added @JsonFormat(shape = JsonFormat.Shape.NUMBER) to DemographicSearchResult.dob field (line 43)

Context:
The demographic search REST endpoint was returning DOB in yyyy-mm-dd string format, but Ocean expects epoch timestamp format (matching the original Struts 1 behavior). This mismatch was causing Ocean to display an incorrect warning message
("Ocean has not received a confirmation...") when importing sent eReferrals back into the EMR.

Background
During the Struts 1 to Struts 2 migration (*2Action pattern), the original behavior was to send DOB in epoch format. The REST endpoint must maintain this legacy behavior for backward compatibility with Ocean's integration expectations.

@LiamStanziani

LiamStanziani commented Jan 22, 2026

Copy link
Copy Markdown
Contributor

Additional fix added: JavaScript Syntax Error in Allergy Dialog (Fixed in this PR: openo-beta#1861)

Issue: Uncaught SyntaxError: expected expression, got '}' when clicking "Penicillin" (or other quick-add allergy buttons) in the ShowAllergies2.jsp page.

Cause: Extra closing brace } in AddReaction2.jsp at line 173. The doSubmit() function had two closing braces instead of one:

  function doSubmit() {
      // ...
      return true;
    }
  }  // <-- stray brace causing the error

Fixed by: Removing the extra closing brace in src/main/webapp/oscarRx/AddReaction2.jsp.

@warrendennis warrendennis left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update package from Open O-beta approved for merge into Open O main

@warrendennis warrendennis merged commit 13310be into open-osp:main Jan 23, 2026
9 of 11 checks passed
@warrendennis warrendennis deleted the staging branch January 23, 2026 01:02
@LiamStanziani LiamStanziani restored the staging branch January 23, 2026 14:08
@yingbull yingbull deleted the staging branch January 23, 2026 22:14
@yingbull yingbull mentioned this pull request Jan 23, 2026
22 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants