🚀 Auto-PR: Merge test → main

CHANGELOG.md

@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ## [Unreleased]
 
+## [0.1.1-beta.202605171634.2925aa76] - 2026-05-17
+
+- 🔧 Chores & Improvements: Improve Keycloak path matching in docker-compose.beta.yml (broaden /auth/realms/*/broker/* to /auth/realms/*/broker/** with clarifying comment).
+
+**Full Changelog**: https://github.com/Max-Health-Inc/proxy-smart/pull/719
+
+
 ## [0.1.0-alpha.202605142141.3f719102] - 2026-05-14
 
 - 🔧 Chores & Improvements: Update Docker setup and non-root execution

apps/consent-app/package.json

@@ -3,7 +3,7 @@
   "displayName": "Proxy Smart Consent App",
   "description": "SMART on FHIR consent management app — manage FHIR Consent resources for linked Patient records.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite --port 5174",

apps/dtr-app/package.json

@@ -3,7 +3,7 @@
   "displayName": "Proxy Smart DTR App",
   "description": "Da Vinci DTR (Documentation Templates & Rules) — SMART on FHIR app for prior authorization documentation, questionnaire rendering, and CQL-based auto-population.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite --port 5175",

apps/patient-picker/package.json

@@ -3,7 +3,7 @@
   "displayName": "Proxy Smart Patient Picker",
   "description": "Patient selection UI shown during SMART standalone launch when patient context is needed.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite --port 5176",

apps/patient-portal/package.json

@@ -3,7 +3,7 @@
   "displayName": "Proxy Smart Patient Portal",
   "description": "International Patient Portal — SMART on FHIR app for patient access using IPS (International Patient Summary) and IPA (International Patient Access) standards.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite --port 5176",

apps/patient-portal/package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hl7.fhir.uv.ips-generated",
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "description": "Generated TypeScript interfaces for hl7.fhir.uv.ips",
   "type": "module",
   "main": "index.js",

apps/patient-portal/src/components/Dashboard.tsx

@@ -58,6 +58,7 @@ import { PatientScribe } from "@/components/PatientScribe"
 import { DicomUpload } from "@/components/DicomUpload"
 import { PrescriptionsCard, DevicesCard } from "@/components/PrescriptionsDevicesCards"
 import { RecordDetailModal, isResourceVerified } from "@/components/RecordDetailModal"
+import { useUserRole } from "@/lib/use-user-role"
 import { ShareQRDialog } from "@/components/ShareQRDialog"
 import { MedicalTimeline } from "@/components/MedicalTimeline"
 import { checkPacsStatus } from "@/lib/dicomweb"
@@ -78,6 +79,7 @@ interface DashboardProps {
 export function Dashboard({ readOnly = false, patientId: overridePatientId }: DashboardProps) {
   const { t } = useTranslation()
   const { translateCoding } = useFhirTranslation()
+  const { isPractitioner } = useUserRole()
   const [loading, setLoading] = useState(true)
   const [error, setError] = useState<string | null>(null)
   const [showImport, setShowImport] = useState(false)
@@ -781,6 +783,7 @@ export function Dashboard({ readOnly = false, patientId: overridePatientId }: Da
         title={detailTitle}
         resource={detailResource}
         documents={documents}
+        isPractitioner={isPractitioner}
         onResourceUpdated={readOnly ? undefined : refreshData}
         onResourceDeleted={readOnly ? undefined : refreshData}
       />

apps/patient-portal/src/components/RecordDetailModal.tsx

@@ -2,7 +2,7 @@ import {
   Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription, Badge, Button,
 } from "@proxy-smart/shared-ui"
 import { useState } from "react"
-import { ShieldCheck, ShieldAlert, Pencil, Trash2, Undo2 } from "lucide-react"
+import { ShieldCheck, ShieldAlert, Pencil, Trash2, Undo2, CheckCircle2 } from "lucide-react"
 import type { DocumentReference, DynamicFhirResource } from "@/lib/fhir-client"
 import { deleteResource, updateResource } from "@/lib/fhir-client"
 import { isValidConditionVerStatusCode, type ConditionVerStatusCode } from "hl7.fhir.uv.ips-generated/valuesets/ValueSet-ConditionVerStatus"
@@ -24,6 +24,8 @@ export interface RecordDetailModalProps {
   documents?: DocumentReference[]
   onResourceUpdated?: (updated: FhirResource) => void
   onResourceDeleted?: () => void
+  /** When true, enables practitioner-only actions (approve, unrestricted delete) */
+  isPractitioner?: boolean
 }
 
 // ── Verification helpers ─────────────────────────────────────────────────────
@@ -54,23 +56,56 @@ const EDITABLE_TYPES = new Set([
 // ── Component ────────────────────────────────────────────────────────────────
 
 export function RecordDetailModal({
-  open, onOpenChange, title, resource, documents, onResourceUpdated, onResourceDeleted,
+  open, onOpenChange, title, resource, documents, onResourceUpdated, onResourceDeleted, isPractitioner = false,
 }: RecordDetailModalProps) {
   const [editOpen, setEditOpen] = useState(false)
   const [confirmDelete, setConfirmDelete] = useState(false)
   const [deleting, setDeleting] = useState(false)
+  const [approving, setApproving] = useState(false)
   const { t } = useTranslation()
   if (!resource) return null
 
   const verification = extractVerificationStatus(resource)
   const resourceType = resource.resourceType as string | undefined
   const resourceId = resource.id as string | undefined
   const canEdit = onResourceUpdated && resourceType && EDITABLE_TYPES.has(resourceType)
+  // Patients can only delete unverified resources; practitioners can delete any editable resource
   const canDelete = onResourceDeleted && resourceType && resourceId
-    && EDITABLE_TYPES.has(resourceType) && (!verification || !verification.verified)
+    && EDITABLE_TYPES.has(resourceType)
+    && (isPractitioner || (!verification || !verification.verified))
+  // Practitioners can approve provisional resources
+  const canApprove = isPractitioner && onResourceUpdated && verification && !verification.verified
+    && resourceType && EDITABLE_TYPES.has(resourceType)
   const hasSnapshot = ((resource.extension as Array<{ url: string }>) ?? []).some(e => e.url === ORIGINAL_SNAPSHOT_EXT)
   const fields = buildDetailFields(resource, t, documents)
 
+  async function handleApprove() {
+    if (!resource || !onResourceUpdated) return
+    setApproving(true)
+    try {
+      // Upgrade verification status to confirmed and remove the snapshot extension
+      const updated = {
+        ...resource,
+        verificationStatus: {
+          coding: [{
+            system: resource.verificationStatus?.coding?.[0]?.system
+              ?? "http://terminology.hl7.org/CodeSystem/condition-ver-status",
+            code: "confirmed",
+            display: "Confirmed",
+          }],
+          text: "Confirmed",
+        },
+        // Remove the original snapshot extension — changes are now approved
+        extension: ((resource.extension as Array<{ url: string }>) ?? [])
+          .filter(e => e.url !== ORIGINAL_SNAPSHOT_EXT),
+      }
+      const result = await updateResource(updated)
+      onResourceUpdated(result)
+      onOpenChange(false)
+    } catch { /* keep modal open */ }
+    finally { setApproving(false) }
+  }
+
   async function handleDelete() {
     if (!resource || !resourceType || !resourceId) return
     setDeleting(true)
@@ -114,10 +149,21 @@ export function RecordDetailModal({
               {resourceId && <span className="text-xs font-mono text-muted-foreground"> / {resourceId}</span>}
             </DialogDescription>
             {canEdit && (
-              <div className="flex items-center gap-2 mt-1">
+              <div className="flex items-center gap-2 mt-1 flex-wrap">
                 <Button variant="outline" size="sm" className="w-fit" onClick={() => setEditOpen(true)}>
                   <Pencil className="size-3.5 mr-1" />{t("recordDetail.editRecord")}
                 </Button>
+                {canApprove && (
+                  <Button
+                    variant="outline" size="sm"
+                    className="w-fit text-green-700 hover:bg-green-50 dark:text-green-400 dark:hover:bg-green-900/20"
+                    onClick={handleApprove}
+                    disabled={approving}
+                  >
+                    <CheckCircle2 className="size-3.5 mr-1" />
+                    {approving ? t("recordDetail.approving", "Approving…") : t("recordDetail.approve", "Approve")}
+                  </Button>
+                )}
                 {canDelete && !confirmDelete && (
                   <Button variant="outline" size="sm" className="w-fit text-destructive hover:bg-destructive/10" onClick={() => setConfirmDelete(true)}>
                     {hasSnapshot
@@ -158,6 +204,7 @@ export function RecordDetailModal({
           open={editOpen}
           onOpenChange={setEditOpen}
           resource={resource}
+          isPractitioner={isPractitioner}
           onSaved={(updated) => {
             onResourceUpdated(updated)
             setEditOpen(false)

apps/patient-portal/src/components/RecordEditModal.tsx

@@ -25,6 +25,8 @@ export interface RecordEditModalProps {
   resource: FhirResource | null
   /** Called after successful save with the updated resource from the server */
   onSaved: (updated: FhirResource) => void
+  /** When true, edits bypass the provisional downgrade (practitioner workflow) */
+  isPractitioner?: boolean
 }
 
 // ── Editable field definitions per resource type ─────────────────────────────
@@ -79,7 +81,7 @@ const EDITABLE_FIELDS: Record<string, EditableField[]> = {
 
 function getByPath(obj: unknown, path: string): unknown {
   return path.split(".").reduce<unknown>((acc, key) => {
-    if (acc == null || typeof acc !== "object") return undefined
+    if (acc === null || acc === undefined || typeof acc !== "object") return undefined
     return (acc as Record<string, unknown>)[key]
   }, obj)
 }
@@ -90,15 +92,15 @@ function setByPath(obj: FhirResource, path: string, value: unknown): FhirResourc
   let current: unknown = clone
   for (let i = 0; i < keys.length - 1; i++) {
     const k = keys[i]
-    if (current == null || typeof current !== "object") return clone
+    if (current === null || current === undefined || typeof current !== "object") return clone
     const next = (current as FhirResource)[k]
-    if (next == null || typeof next !== "object") {
+    if (next === null || next === undefined || typeof next !== "object") {
       const nextKey = keys[i + 1]
       ;(current as FhirResource)[k] = /^\d+$/.test(nextKey) ? [] : {}
     }
     current = (current as FhirResource)[k]
   }
-  if (current != null && typeof current === "object") {
+  if (current !== null && current !== undefined && typeof current === "object") {
     (current as FhirResource)[keys[keys.length - 1]] = value
   }
   return clone
@@ -146,7 +148,7 @@ function markAsPendingReview(resource: FhirResource, originalResource: FhirResou
 
 // ── Component ────────────────────────────────────────────────────────────────
 
-export function RecordEditModal({ open, onOpenChange, resource, onSaved }: RecordEditModalProps) {
+export function RecordEditModal({ open, onOpenChange, resource, onSaved, isPractitioner = false }: RecordEditModalProps) {
   const [editValues, setEditValues] = useState<Record<string, string>>(() => {
     if (!resource) return {}
     const rt = resource.resourceType as string | undefined
@@ -155,7 +157,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
     const vals: Record<string, string> = {}
     for (const f of flds) {
       const current = getByPath(resource, f.path)
-      vals[f.path] = current != null ? String(current) : ""
+      vals[f.path] = current !== null && current !== undefined ? String(current) : ""
     }
     return vals
   })
@@ -165,6 +167,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
   const resourceType = resource?.resourceType as string | undefined
   const fields = resourceType ? (EDITABLE_FIELDS[resourceType] ?? []) : []
   const wasVerified = resource ? isVerified(resource) : false
+  const willDowngrade = wasVerified && !isPractitioner
   const { t } = useTranslation()
 
   const handleSave = useCallback(async () => {
@@ -183,8 +186,9 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
         updated = setByPath(updated, f.path, coerced)
       }
 
-      // If the resource was verified, mark as provisional (pending review)
-      if (wasVerified) {
+      // Patient edits to verified resources → mark as provisional (pending review)
+      // Practitioner edits keep the resource verified (no approval needed)
+      if (willDowngrade) {
         updated = markAsPendingReview(updated, resource)
       }
 
@@ -196,7 +200,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
     } finally {
       setSaving(false)
     }
-  }, [resource, fields, editValues, wasVerified, onSaved, onOpenChange])
+  }, [resource, fields, editValues, willDowngrade, onSaved, onOpenChange])
 
   if (!resource || !fields.length) return null
 
@@ -209,7 +213,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
             {t("recordEdit.editTitle", { resourceType })}
           </DialogTitle>
           <DialogDescription>
-            {wasVerified && (
+            {willDowngrade && (
               <span className="flex items-center gap-1.5 text-amber-600 dark:text-amber-400 mt-1">
                 <AlertTriangle className="size-3.5" />
                 {t("recordEdit.verifiedWarning")}
@@ -219,7 +223,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
         </DialogHeader>
 
         <div className="space-y-4 py-2 max-h-[60vh] overflow-y-auto">
-          {wasVerified && (
+          {willDowngrade && (
             <Badge variant="secondary" className="text-xs bg-amber-100 text-amber-800 dark:bg-amber-900/20 dark:text-amber-300">
               {t("recordEdit.pendingReview")}
             </Badge>
@@ -254,7 +258,7 @@ export function RecordEditModal({ open, onOpenChange, resource, onSaved }: Recor
             ) : (
               <>
                 <Save className="size-4 mr-1" />
-                {wasVerified ? t("recordEdit.saveAsProvisional") : t("recordEdit.saveChanges")}
+                {willDowngrade ? t("recordEdit.saveAsProvisional") : t("recordEdit.saveChanges")}
               </>
             )}
           </Button>

apps/patient-portal/src/lib/use-user-role.ts

@@ -0,0 +1,54 @@
+import { useMemo } from "react"
+import { smartAuth } from "@/lib/smart-auth"
+
+export type FhirUserType = "Patient" | "Practitioner" | "RelatedPerson" | "Person" | null
+
+export interface UserRole {
+  /** The full fhirUser reference (e.g. "Practitioner/abc-123") */
+  fhirUser: string | null
+  /** Extracted resource type from fhirUser */
+  userType: FhirUserType
+  /** Whether the current user is a Practitioner */
+  isPractitioner: boolean
+  /** Whether the current user is a Patient */
+  isPatient: boolean
+  /** The resource ID portion of the fhirUser reference */
+  userId: string | null
+}
+
+const FHIR_USER_TYPES = ["Patient", "Practitioner", "RelatedPerson", "Person"] as const
+
+function parseFhirUser(fhirUser: string | undefined | null): { type: FhirUserType; id: string | null } {
+  if (!fhirUser) return { type: null, id: null }
+
+  // Absolute URL: https://fhir.example.com/Patient/123
+  const absMatch = fhirUser.match(/\/(Patient|Practitioner|RelatedPerson|Person)\/([^/]+)$/)
+  if (absMatch) return { type: absMatch[1] as FhirUserType, id: absMatch[2] }
+
+  // Relative reference: Practitioner/123
+  for (const t of FHIR_USER_TYPES) {
+    if (fhirUser.startsWith(`${t}/`)) {
+      return { type: t as FhirUserType, id: fhirUser.slice(t.length + 1) }
+    }
+  }
+
+  return { type: null, id: null }
+}
+
+/**
+ * Hook that derives the user's role from the SMART token's fhirUser claim.
+ * Re-evaluates only when the token changes (memoized).
+ */
+export function useUserRole(): UserRole {
+  const token = smartAuth.getToken()
+  return useMemo(() => {
+    const { type, id } = parseFhirUser(token?.fhirUser)
+    return {
+      fhirUser: token?.fhirUser ?? null,
+      userType: type,
+      isPractitioner: type === "Practitioner",
+      isPatient: type === "Patient" || type === null, // default to patient if unknown
+      userId: id,
+    }
+  }, [token?.fhirUser])
+}

apps/smart-dicom-template/package.json

@@ -3,7 +3,7 @@
   "displayName": "SMART DICOM Algorithm Template",
   "description": "Starter kit for building SMART on FHIR imaging algorithm apps. Clone, implement your algorithm in src/algorithm.ts, and deploy as a SMART app.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite --port 5180",

apps/ui/package.json

@@ -3,7 +3,7 @@
   "displayName": "Proxy Smart Admin UI",
   "description": "A web-based administration interface for managing healthcare applications and resources via Proxy Smart.",
   "private": true,
-  "version": "0.1.0-alpha.202605150936.c7b6b88c",
+  "version": "0.1.1-beta.202605171634.2925aa76",
   "type": "module",
   "scripts": {
     "dev": "vite",

backend/package.json

@@ -1,7 +1,7 @@
 {
   "name": "proxy-smart-backend",
   "displayName": "Proxy Smart Backend",
-  "version": "0.1.0-RELEASE.202605151033.0e17e030",
+  "version": "0.1.1-beta.202605191043.72318795",
   "type": "module",
   "scripts": {
     "test": "bun test",