OpenSkillIndex← back to search
claude-code

Claude-code-plugins-plus abridge-deploy-integration

install
source · Clone the upstream repo
git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/abridge-pack/skills/abridge-deploy-integration" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-abridge-deploy-integration && rm -rf "$T"
manifest: plugins/saas-packs/abridge-pack/skills/abridge-deploy-integration/SKILL.md
tags
#saas#healthcare#ai#abridge#deployment
source content

Abridge Deploy Integration

Overview

Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Healthcare deployments require BAA-covered cloud services, encrypted secrets, audit trails, and VPC-restricted networking.

Prerequisites

  • Completed 
    abridge-prod-checklist
  • BAA-covered cloud account (GCP, AWS, or Azure)
  • Container registry access
  • Abridge production credentials from partner portal

Instructions

Step 1: HIPAA-Compliant Dockerfile

# Dockerfile
FROM node:20-slim AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

FROM node:20-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
  ca-certificates curl && rm -rf /var/lib/apt/lists/*

# Run as non-root (HIPAA best practice)
RUN groupadd -r abridge && useradd -r -g abridge abridge
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./

USER abridge
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]

Step 2: GCP Cloud Run Deployment (HIPAA BAA)

#!/bin/bash
# deploy-cloud-run.sh

PROJECT_ID="${GCP_PROJECT_ID}"
SERVICE_NAME="abridge-integration"
REGION="us-central1"

# Build container
gcloud builds submit --tag "gcr.io/${PROJECT_ID}/${SERVICE_NAME}"

# Deploy to Cloud Run with HIPAA controls
gcloud run deploy "${SERVICE_NAME}" \
  --image "gcr.io/${PROJECT_ID}/${SERVICE_NAME}" \
  --region "${REGION}" \
  --platform managed \
  --no-allow-unauthenticated \
  --min-instances 1 \
  --max-instances 10 \
  --memory 1Gi \
  --cpu 2 \
  --timeout 120 \
  --set-secrets="ABRIDGE_CLIENT_SECRET=abridge-client-secret:latest,ABRIDGE_ORG_ID=abridge-org-id:latest,EPIC_CLIENT_SECRET=epic-client-secret:latest" \
  --vpc-connector "projects/${PROJECT_ID}/locations/${REGION}/connectors/abridge-vpc" \
  --vpc-egress all-traffic \
  --set-env-vars="NODE_ENV=production,NODE_TLS_MIN_VERSION=TLSv1.3,AUDIT_LOG_ENABLED=true"

# Verify health
SERVICE_URL=$(gcloud run services describe "${SERVICE_NAME}" --region="${REGION}" --format='value(status.url)')
curl -s "${SERVICE_URL}/health" -H "Authorization: Bearer $(gcloud auth print-identity-token)"

Step 3: Health Check Endpoint

// src/server/health.ts
import express from 'express';

const app = express();

app.get('/health', async (req, res) => {
  const checks = {
    server: 'healthy',
    abridge: await checkAbridgeApi(),
    fhir: await checkFhirEndpoint(),
    timestamp: new Date().toISOString(),
  };

  const allHealthy = Object.values(checks).every(v => v === 'healthy' || typeof v === 'string');
  res.status(allHealthy ? 200 : 503).json(checks);
});

async function checkAbridgeApi(): Promise<string> {
  try {
    const res = await fetch(`${process.env.ABRIDGE_BASE_URL}/health`, {
      headers: { 'Authorization': `Bearer ${process.env.ABRIDGE_CLIENT_SECRET}` },
      signal: AbortSignal.timeout(3000),
    });
    return res.ok ? 'healthy' : 'degraded';
  } catch { return 'unhealthy'; }
}

async function checkFhirEndpoint(): Promise<string> {
  try {
    const res = await fetch(`${process.env.EPIC_FHIR_BASE_URL}/metadata`, {
      signal: AbortSignal.timeout(3000),
    });
    return res.ok ? 'healthy' : 'degraded';
  } catch { return 'unhealthy'; }
}

app.listen(3000, () => console.log('Abridge integration server on :3000'));

Step 4: GCP Secret Manager Setup

# Create secrets (one-time setup)
echo -n "partner_secret_here" | gcloud secrets create abridge-client-secret --data-file=-
echo -n "org_id_here" | gcloud secrets create abridge-org-id --data-file=-
echo -n "epic_secret_here" | gcloud secrets create epic-client-secret --data-file=-

# Grant Cloud Run service account access
SA="abridge-integration@${GCP_PROJECT_ID}.iam.gserviceaccount.com"
gcloud secrets add-iam-policy-binding abridge-client-secret \
  --member="serviceAccount:${SA}" --role="roles/secretmanager.secretAccessor"

Output

  • HIPAA-compliant Docker image with non-root user
  • Cloud Run deployment with VPC connector and TLS 1.3
  • Health check endpoint monitoring Abridge + FHIR
  • Secrets managed via GCP Secret Manager

Error Handling

IssueCauseSolution
Deploy rejectedMissing BAASign Google Cloud BAA first
Secret access deniedIAM misconfiguredGrant secretAccessor role to service account
Health check failsCold start latencySet min-instances to 1
VPC connector errorNot createdCreate VPC connector in same region

Resources

Next Steps

For webhook event handling, see 

abridge-webhooks-events
.