npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@backwork/x278

v0.2.0

Published

Agent-native prior authorization protocol reference implementation and TypeScript SDK.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tyler_gibbstyler_gibbs

Keywords

x278prior-authorizationhealthcarefhirda-vinci-paseffect-tstypescriptagentsbackwork

Readme

x278

npm CI License: MIT Runtime: Bun Effect TS

TypeScript SDK and reference implementation for x278, Backwork's proposed agent-native protocol for prior authorization.

x278 models prior authorization as a typed exchange between provider-side and payer-side software agents. A provider agent submits a structured request. A payer agent returns an actionable determination: approved, denied, info-needed, or pended. The provider agent can then attach evidence, wait for review, correct the request, or appeal without restarting the authorization context.

This package is a protocol SDK and runnable reference environment. It is not a certified payer integration, a substitute for Da Vinci PAS conformance testing, or legal/compliance advice.

Install

npm install @backwork/x278
bun add @backwork/x278

The package ships dual ESM/CJS builds, declaration maps, and subpath exports for SDK, HTTP transport, FHIR/PAS helpers, signing, conformance, and protocol types.

Quick Start

Run the provider loop against the deterministic in-memory payer:

import {
  createMockX278Client,
  kneeReplacementMissingDocs
} from "@backwork/x278";

const client = createMockX278Client({
  collectEvidence: (_request, requirements) =>
    requirements.map((requirement) => ({
      id: requirement.id,
      value: `chart evidence for ${requirement.id}`,
      source: "chart"
    }))
});

const trace = await client.requestWithTrace(kneeReplacementMissingDocs);

console.log(trace.steps.map((step) => step.status));
// ["info-needed", "approved"]

console.log(trace.final.authNumber);

The same client loop also handles pended determinations by awaiting the returned subscription handle, and denied determinations by returning a coded reason plus appeal path.

HTTP Client

Use @backwork/x278/http when calling an x278-compatible payer endpoint:

import { createX278HttpClient } from "@backwork/x278/http";

const client = createX278HttpClient({
  baseUrl: "https://payer.example/x278",
  bearerToken: process.env.X278_BEARER_TOKEN,
  collectEvidence: async (_request, requirements) =>
    requirements.map((requirement) => ({
      id: requirement.id,
      value: "supporting chart evidence",
      source: "chart"
    }))
});

const capabilities = await client.capabilities();
const determination = await client.request({
  patient: { memberId: "A1234567", dob: "1971-03-02" },
  provider: { npi: "1972648392", tin: "84-1234567" },
  service: {
    code: "27447",
    codeSystem: "CPT",
    diagnosis: ["M17.11"],
    placeOfService: "21",
    requestedStart: "2026-06-01",
    units: 1,
    urgency: "standard"
  },
  supportingInfo: []
});

The HTTP client includes production-oriented defaults:

  • 30 second request timeout
  • retry support for transient HTTP failures
  • Retry-After handling
  • bearer token and custom header hooks
  • request, response, retry, and error lifecycle hooks
  • redacted debug logging
  • typed ProtocolError failures with request IDs where available
  • /.well-known/x278 capabilities discovery

For local parity, createX278HttpClientFromEnv() reads X278_PAYER_URL and X278_BEARER_TOKEN.

Protocol States

| State | Meaning | Next action | | --- | --- | --- | | approved | Authorization approved by rules or reviewer | Use the returned authorization number and validity window | | denied | Request denied with coded reason and appeal path | Correct, resubmit, or appeal | | info-needed | Payer needs specific documentation | Attach evidence and resume the same authId | | pended | Request accepted but not final | Await the returned subscription/update handle | | error | Malformed or unprocessable exchange | Fix the request or contact the payer |

Public Exports

| Import | Purpose | | --- | --- | | @backwork/x278 | Full public SDK surface | | @backwork/x278/http | Fetch-backed HTTP client and transport | | @backwork/x278/sdk | Promise and Effect provider clients | | @backwork/x278/conformance | Conformance harness for x278 transports | | @backwork/x278/types | Protocol schemas, domain types, and typed errors | | @backwork/x278/schemas | Schema-focused alias for protocol validation | | @backwork/x278/evidence | DTR-style evidence and QuestionnaireResponse helpers | | @backwork/x278/fhir-pas | FHIR/PAS/DTR mapping helpers | | @backwork/x278/policy | Versioned executable policy adapter interface | | @backwork/x278/signing | Canonical hashing and signed receipt utilities | | @backwork/x278/smart | SMART Backend Services token provider utilities | | @backwork/x278/subscriptions | Local subscription/webhook broker helpers | | @backwork/x278/payer-agent | Reference payer agent service | | @backwork/x278/provider-client | Lower-level provider loop primitives |

Effect and Promise APIs

x278 is implemented with Effect schemas and services internally, while exposing a Promise API for conventional TypeScript applications.

  • Use createX278EffectClient and runX278ConformanceEffect inside Effect applications.
  • Use createX278Client, createX278HttpClient, and runX278Conformance in Promise-based services.
  • API boundaries accept unknown where appropriate and validate into typed protocol objects before transport use.

Conformance

Transport implementers can run the conformance harness against any x278 transport:

import { createMockPayer, runX278Conformance } from "@backwork/x278";

const report = await runX278Conformance(createMockPayer());

if (!report.ok) {
  throw new Error("x278 conformance failed");
}

The harness exercises the core behaviors described by the protocol: approval, denial, information-needed retry, pended review, signature verification, audit records, and bounded workflow handling.

Conformance reports can also be serialized for release artifacts:

import {
  runX278Conformance,
  toConformanceBadge,
  toConformanceMarkdown
} from "@backwork/x278";

const report = await runX278Conformance(transport);

console.log(toConformanceMarkdown(report));
console.log(toConformanceBadge(report));

Examples

The repository includes runnable examples that use the same public package exports consumers install from npm:

| Command | What it shows | | --- | --- | | bun run example:mock | Full provider loop against the in-memory payer, including info-needed, pended, and denied paths | | bun run example:conformance | Running the conformance harness against a transport | | bun run payer:http + bun run example:http | HTTP client usage against the local reference payer |

For the HTTP example, start the payer in one terminal:

bun run payer:http

Then run the client from another terminal:

bun run example:http

Local Development

bun install
bun run typecheck
bun run test
bun run build

Useful verification commands:

| Command | Purpose | | --- | --- | | bun run test | Unit and protocol behavior tests | | bun run test:live | Live OpenAI Agents SDK and Anthropic SDK proof tests | | bun run release:smoke | Packaged ESM/CJS consumer smoke test | | bun run release:attw | Package export/type validation | | bun run docker:realistic | Provider and payer containers over HTTP | | bun run docker:fhir | HTTP scenario with HAPI FHIR validation | | bun run prove:full | Full local release proof gate |

Live agent tests require provider API keys in the environment. The normal test suite does not call paid model APIs.

Specification

x278 is designed to interoperate with FHIR prior authorization infrastructure, including Da Vinci PAS, DTR, and CRD patterns, rather than replace those rails. Where X12 278/275 applies, production implementers still need the appropriate mapping, licensing, and trading-partner testing outside this SDK.

Status and Boundaries

The repository currently includes:

  • protocol schemas and typed determination states
  • Promise and Effect SDK clients
  • production HTTP client and transport
  • deterministic reference payer agent
  • signed terminal determinations and audit records
  • FHIR/PAS mapping helpers
  • conformance and release proof harnesses
  • Docker-based realistic scenarios

Before production healthcare use, organizations still need real payer endpoint registration, SMART Backend Services/OAuth configuration, PAS/FHIR conformance testing, HIPAA/security review, operational monitoring, and policy/legal review.

This project is not affiliated with CMS, HL7, X12, or the Da Vinci Project.

License

MIT. See LICENSE.