{"id":15512323,"url":"https://github.com/patient-discovery/redox-client","last_synced_at":"2025-10-12T09:30:42.317Z","repository":{"id":48497871,"uuid":"287302248","full_name":"patient-discovery/redox-client","owner":"patient-discovery","description":"Ruby gem for using Redox APIs","archived":false,"fork":false,"pushed_at":"2024-08-01T23:30:01.000Z","size":118,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-08T04:24:53.841Z","etag":null,"topics":["ehr","json","redox-apis","redox-client"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patient-discovery.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-13T14:29:29.000Z","updated_at":"2021-07-22T18:25:11.000Z","dependencies_parsed_at":"2022-09-13T22:11:52.457Z","dependency_job_id":null,"html_url":"https://github.com/patient-discovery/redox-client","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/patient-discovery/redox-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patient-discovery%2Fredox-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patient-discovery%2Fredox-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patient-discovery%2Fredox-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patient-discovery%2Fredox-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patient-discovery","download_url":"https://codeload.github.com/patient-discovery/redox-client/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patient-discovery%2Fredox-client/sbom","scorecard":{"id":721949,"data":{"date":"2025-08-11","repo":{"name":"github.com/patient-discovery/redox-client","commit":"137d33098445400080a126ed5cb63f462a50bd26"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 4/29 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/patient-discovery/redox-client/test.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T11:37:15.489Z","repository_id":48497871,"created_at":"2025-08-22T11:37:15.492Z","updated_at":"2025-08-22T11:37:15.492Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010938,"owners_count":26084837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ehr","json","redox-apis","redox-client"],"created_at":"2024-10-02T09:53:35.673Z","updated_at":"2025-10-12T09:30:41.989Z","avatar_url":"https://github.com/patient-discovery.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"[![Gem Version](https://img.shields.io/gem/v/redox-client.svg)](https://badge.fury.io/rb/redox-client)\n[![Ruby Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://github.com/testdouble/standard)\n![Test](https://github.com/patient-discovery/redox-client/workflows/Test/badge.svg)\n\n# redox-client - Ruby gem facade for Redox APIs\n\nThis gem makes it easy to consume [Redox APIs](https://developer.redoxengine.com/).\n\n*Note: This is pre-release software under active development and should be considered unstable until version 1.0.0*\n\n## Features\n - supports creation of multiple Redox Sources, each with its own API key and secret\n - automatically requests Redox access tokens when needed in a thread safe way\n - provides ruby style [DTOs](https://en.wikipedia.org/wiki/Data_transfer_object) to conveniently consume and generate Redox camel cased JSON\n\n## Installation\n\nAdd the following to your `Gemfile`:\n\n```ruby\ngem \"redox-client\"\n```\n\nand run:\n\n```bash\nbundle install\n```\n\n## Usage\nTo uses redox-client effectively you will want to be familiar with the [Redox APIs](https://developer.redoxengine.com/) and in particular how sources, destinations, and subscriptions work.\n\nCreate a Redox Source.\n\n```ruby\nsource = Redox::Source.new(\n    endpoint: ENV[\"REDOX_ENDPOINT\"],\n    api_key: ENV[\"REDOX_API_KEY\"],\n    secret: ENV[\"REDOX_SECRET\"]\n  )\n```\n\nBuild query object for API you wish to execute:\n\n```ruby\nquery = Redox::PatientSearch::Query.new(\n  patient: Redox::Models::Patient.new(\n    demographics: Redox::Models::Demographics.new(\n      first_name: \"Timothy\",\n      middle_name: \"Paul\",\n      ...\n    )\n  )\n)\n```\n\nPerform the query using your source and the appropriate destination id:\n\n```ruby\nresult = query.perform source, \"my-destination-id\"\n```\n\nThe result object is a DTO containing the Redox response:\n\n```ruby\nresult.patient.identifiers.first.id_type   # =\u003e \"MR\"\nresult.patient.identifiers.first.id        # =\u003e \"0000000001\"\n```\n\nSee the `specs/` for more examples.\n\n### Authentication and Lifecycle\n`Redox::Source` requests a Redox access token using the Redox API key and secret. The access token is used until it is near expiration, which is typically 1 day after being issued. So a `Redox::Source` object is intended to be created once and reused.\n\nSince `Redox::Source` has shared state, i.e., the access token and its expiration time, `Redox::Source` uses a [Monitor](https://ruby-doc.org/stdlib-2.6.3/libdoc/monitor/rdoc/MonitorMixin.html) to be thread safe.\n\n\n## Supported APIs\n\n- PatientSearch.Query\n- Scheduling.Booked\n- Media.New\n- File Upload\n\n## Development\n***Nota Bene**: This project uses [VCR](https://relishapp.com/vcr/vcr/docs) to record HTTP requests and responses and play them back during tests. Do NOT use Redox production credentials when developing tests.*\n\n### Initial Setup\nAfter checking out the repo, run `bin/setup` to install gem dependencies and a git pre-commit hook. The pre-commit hook checks test fixtures for Redox credential exposure. While recommended the hook is not required and can be removed or replaced if desired. After setup completes run `rake` to run all the tests.\n\n### Testing\nThis project uses `rspec` and [VCR](https://relishapp.com/vcr/vcr/docs). VCR provides fast deterministic testing of HTTP APIs. It also makes it possible to set up any server response you want to test by authoring the server responses directly. This comes in handy when trying to test edge cases that might occur but are hard to reproduce.\n\nSome effort has been made to filter credentials from recorded HTTP interactions, but you should always carefully review all your changes before pushing them to avoid credential exposure.\n\n### Recording and Playing Back Cassettes\nThe `VCR_MODE` environment variable controls whether VCR is recording cassettes or playing them back. When recoding cassettes the following environment variables are used to call Redox APIs:\n\n- `REDOX_ENDPOINT`: base URL of Redox API endpoint (e.g., https://api.redoxengine.com/)\n- `REDOX_API_KEY`: Redox `apiKey` used by /auth/authenticate\n- `REDOX_SECRET`: Redox `secret` used by /auth/authenticate\n\nSet these to the credentials for the Redox environment you are using for testing.\n\nWhen playing back cassettes these environment variables are ignored and no API requests are made to Redox.\n\nTo make a new test with a new recording, set environment variables above then:\n\n```bash\nenv VCR_MODE=record rspec spec/my_new_spec.rb\n```\n\nThis will record all API requests made by the test. Be **careful**: if you run all the tests with `VCR_MODE=record` it will re-record all the cassettes.\n\nThe default mode is playback, so to playback cassettes just run `rspec`.\n\n### Coding Style\nThis project adheres to [StandardRB](https://github.com/testdouble/standard/blob/master/README.md). Additionally\n[# frozen_string_literal](https://bugs.ruby-lang.org/issues/8976#note-30) is required in Ruby source files, and is enforced by Rubocop.\n\nRun `rake` to run the style checks. Run `rake fix` to fix violations.\n\n### Useful commands\n- `rake` - run all tests (lint, Redox cred scan, rspec)\n- `rake fix` - Fix RuboCop and StandardRB violations\n- `rake vcr:fix` - attempt to replace real looking credentials in VCR cassettes with dummy test values.\n- `rake -T` - see available rake tasks\n- `bin/console` - get an interactive prompt for experimenting\n\n### Release Process\nThis project uses [Semantic Versioning](https://semver.org)\n\nPrepare release on main branch, then run:\n\n```\nrake prepare:release\n```\n\nand follow the instructions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatient-discovery%2Fredox-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpatient-discovery%2Fredox-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatient-discovery%2Fredox-client/lists"}