Skillshub abridge-deploy-integration
install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/jeremylongshore/claude-code-plugins-plus-skills/abridge-deploy-integration" ~/.claude/skills/comeonoliver-skillshub-abridge-deploy-integration && rm -rf "$T"
manifest:
skills/jeremylongshore/claude-code-plugins-plus-skills/abridge-deploy-integration/SKILL.mdsource content
Abridge Deploy Integration
Overview
Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Healthcare deployments require BAA-covered cloud services, encrypted secrets, audit trails, and VPC-restricted networking.
Prerequisites
- Completed
abridge-prod-checklist - BAA-covered cloud account (GCP, AWS, or Azure)
- Container registry access
- Abridge production credentials from partner portal
Instructions
Step 1: HIPAA-Compliant Dockerfile
# Dockerfile FROM node:20-slim AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build FROM node:20-slim RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates curl && rm -rf /var/lib/apt/lists/* # Run as non-root (HIPAA best practice) RUN groupadd -r abridge && useradd -r -g abridge abridge WORKDIR /app COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/package.json ./ USER abridge EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ CMD curl -f http://localhost:3000/health || exit 1 CMD ["node", "dist/server.js"]
Step 2: GCP Cloud Run Deployment (HIPAA BAA)
#!/bin/bash # deploy-cloud-run.sh PROJECT_ID="${GCP_PROJECT_ID}" SERVICE_NAME="abridge-integration" REGION="us-central1" # Build container gcloud builds submit --tag "gcr.io/${PROJECT_ID}/${SERVICE_NAME}" # Deploy to Cloud Run with HIPAA controls gcloud run deploy "${SERVICE_NAME}" \ --image "gcr.io/${PROJECT_ID}/${SERVICE_NAME}" \ --region "${REGION}" \ --platform managed \ --no-allow-unauthenticated \ --min-instances 1 \ --max-instances 10 \ --memory 1Gi \ --cpu 2 \ --timeout 120 \ --set-secrets="ABRIDGE_CLIENT_SECRET=abridge-client-secret:latest,ABRIDGE_ORG_ID=abridge-org-id:latest,EPIC_CLIENT_SECRET=epic-client-secret:latest" \ --vpc-connector "projects/${PROJECT_ID}/locations/${REGION}/connectors/abridge-vpc" \ --vpc-egress all-traffic \ --set-env-vars="NODE_ENV=production,NODE_TLS_MIN_VERSION=TLSv1.3,AUDIT_LOG_ENABLED=true" # Verify health SERVICE_URL=$(gcloud run services describe "${SERVICE_NAME}" --region="${REGION}" --format='value(status.url)') curl -s "${SERVICE_URL}/health" -H "Authorization: Bearer $(gcloud auth print-identity-token)"
Step 3: Health Check Endpoint
// src/server/health.ts import express from 'express'; const app = express(); app.get('/health', async (req, res) => { const checks = { server: 'healthy', abridge: await checkAbridgeApi(), fhir: await checkFhirEndpoint(), timestamp: new Date().toISOString(), }; const allHealthy = Object.values(checks).every(v => v === 'healthy' || typeof v === 'string'); res.status(allHealthy ? 200 : 503).json(checks); }); async function checkAbridgeApi(): Promise<string> { try { const res = await fetch(`${process.env.ABRIDGE_BASE_URL}/health`, { headers: { 'Authorization': `Bearer ${process.env.ABRIDGE_CLIENT_SECRET}` }, signal: AbortSignal.timeout(3000), }); return res.ok ? 'healthy' : 'degraded'; } catch { return 'unhealthy'; } } async function checkFhirEndpoint(): Promise<string> { try { const res = await fetch(`${process.env.EPIC_FHIR_BASE_URL}/metadata`, { signal: AbortSignal.timeout(3000), }); return res.ok ? 'healthy' : 'degraded'; } catch { return 'unhealthy'; } } app.listen(3000, () => console.log('Abridge integration server on :3000'));
Step 4: GCP Secret Manager Setup
# Create secrets (one-time setup) echo -n "partner_secret_here" | gcloud secrets create abridge-client-secret --data-file=- echo -n "org_id_here" | gcloud secrets create abridge-org-id --data-file=- echo -n "epic_secret_here" | gcloud secrets create epic-client-secret --data-file=- # Grant Cloud Run service account access SA="abridge-integration@${GCP_PROJECT_ID}.iam.gserviceaccount.com" gcloud secrets add-iam-policy-binding abridge-client-secret \ --member="serviceAccount:${SA}" --role="roles/secretmanager.secretAccessor"
Output
- HIPAA-compliant Docker image with non-root user
- Cloud Run deployment with VPC connector and TLS 1.3
- Health check endpoint monitoring Abridge + FHIR
- Secrets managed via GCP Secret Manager
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| Deploy rejected | Missing BAA | Sign Google Cloud BAA first |
| Secret access denied | IAM misconfigured | Grant secretAccessor role to service account |
| Health check fails | Cold start latency | Set min-instances to 1 |
| VPC connector error | Not created | Create VPC connector in same region |
Resources
Next Steps
For webhook event handling, see
abridge-webhooks-events