A virtual health assistant with identity-scoped retrieval and tool-first agent reasoning for healthcare payer environments. Every tool call is guarded by member context, policy enforcement, and PHI filtering.
| Principle | Implementation |
|---|---|
| Tool-first reasoning | Agent reasons over structured tool calls, not free-text generation |
| Identity-scoped retrieval | Every data access is scoped to the authenticated member's context |
| Policy enforcement at every decision | RefusalEngine + ScopeGuard block unauthorized actions before execution |
| PHI boundary enforcement | PHIFilter redacts protected health information from all agent outputs |
| Confidence gating | Low-confidence responses are held back rather than hallucinated |
User Query
|
v
[ContentGuard] -- blocks harmful/injection content
|
v
[ReasoningEngine] -- intent detection, tool selection, confidence scoring
|
v
[ScopeGuard] -- identity-scoped access control (member, dependents, tier)
|
v
[RefusalEngine] -- policy enforcement (blocked actions, sensitive data)
|
v
[ToolRegistry] -- execute healthcare tools (benefits, claims, providers, formulary)
|
v
[PHIFilter] -- redact SSN, DOB, email, phone, MRN from output
|
v
[SSEHandler] -- stream response tokens to client
| Tool | Description | Scope |
|---|---|---|
lookup_benefits |
Deductibles, copays, coverage details | All tiers |
check_claim_status |
Claim processing status and amounts | All tiers |
find_provider |
In-network provider search | All tiers |
check_formulary |
Medication coverage and tier | Standard+ |
schedule_appointment |
Book with in-network provider | Standard+ |
request_prior_auth |
Prior authorization requests | Premium only |
- ContentGuard β blocks prompt injection, harmful content, and medical diagnosis requests
- ScopeGuard β enforces member identity isolation, dependent access, tier restrictions
- RefusalEngine β blocks dangerous actions (account deletion, enrollment changes) and sensitive data in parameters
- PHIFilter β detects and redacts SSN, DOB, email, phone, MRN patterns from all outputs
npm install
npm run build
npm testsrc/
βββ agent/
β βββ orchestrator.ts # Turn handling, safety pipeline, tool execution
β βββ reasoning.ts # Intent detection, tool selection, response synthesis
β βββ state.ts # Conversation state management
βββ identity/
β βββ memberContext.ts # Member identity model
β βββ scopeGuard.ts # Identity-scoped access control
βββ tools/
β βββ registry.ts # Tool registration and execution
β βββ healthcareTools.ts # Healthcare-specific tool implementations
βββ safety/
β βββ refusalEngine.ts # Policy enforcement and action blocking
β βββ phiFilter.ts # PHI detection and redaction
β βββ contentGuard.ts # Content safety and injection detection
βββ streaming/
β βββ sseHandler.ts # SSE connection management and broadcasting
β βββ tokenStream.ts # Token-level streaming
βββ observability/
βββ logger.ts # Structured logging with level filtering
βββ tracer.ts # Distributed tracing with spans
This assistant maps to the Member Apps and AI Orchestration layers of healthcare payer architecture:
Legacy Systems (Facets, QNXT)
βββ FHIR Integration Layer
βββ Data & Analytics
βββ Digital Experience
βββ AI Orchestration β agentic-member-assistant
βββ Member Apps (web, mobile, IVR)
- agentic-eval-harness β Scenario-based evaluation
- agentic-streaming-backend β SSE streaming pipeline
- agentic-policy-engine β Policy governance
- fhir-integration-service β FHIR R4 interoperability
MIT