Patient-owned sovereign health records (FHIR/CCDA) as a Kestrel Sovereign feature package
Project description
kestrel-feature-healthcare
Patient-owned sovereign health records (FHIR/CCDA) for Kestrel Sovereign.
An agent holds the owner's clinical records as part of its sovereign
memory. This is a reusable framework capability — a sibling package
alongside kestrel-feature-visual / -reflection / -observability —
not a host-product feature. Any healthcare host on Kestrel consumes it.
Status
Multi-phase epic tracked in KestrelSovereignAI/kestrel-sovereign:
- Phase A — implemented — typed FHIR R4B resource store, owner-DID-scoped, PHI encrypted at rest, audited reads
- Phase B — implemented — CCDA document storage + header extraction (lxml), owner-DID-scoped, encrypted at rest, sharing one append-only PHI access log with Phase A
- Phase C — implemented — pure-Python CCDA → FHIR R4B mapper (no third-party converter): Patient + Allergies / Medications / Problems / Results / Vital Signs / Immunizations / Procedures. Normalized resources land in the Phase A FHIR store, owner-scoped and audited, exactly like any other write.
- Phase D — owner-controlled access/consent surface + export hooks
Phases C/D depend on the sovereign-import receiver and the
data_access_grant consent-verification primitives shipping in
kestrel-sovereign first.
Phase A — PHI handling (required)
Health records are PHI. The store is fail-closed: resource bodies
are encrypted at rest with AES-256-GCM under a per-owner key
HKDF-derived from the host master key, and no operation will store
or return PHI in the clear. The host master key must be configured
(KESTREL_DATA_KEY); without it the FHIR tools fail with a clear
error rather than degrading to plaintext. Every owner read/write/query
is recorded in an append-only access log. Only the resource body is
encrypted — resource_type and fhir_id remain queryable metadata.
Installation
uv pip install kestrel-feature-healthcare
The package registers HealthcareFeature through the
kestrel_sovereign.features entry point group.
Development
uv sync --extra test
uv run --extra test pytest
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kestrel_feature_healthcare-0.7.1.tar.gz.
File metadata
- Download URL: kestrel_feature_healthcare-0.7.1.tar.gz
- Upload date:
- Size: 46.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
174088719e28425563924dd8e97272b119358d3be7e0570676b88cc4cc7c0195
|
|
| MD5 |
6d2e73b2109ef7b24f62f70b83b48ce7
|
|
| BLAKE2b-256 |
5abea40010cd6702d31bef0fcdbfbc54d6ed47a04affa24e045ae1c8acaa0b20
|
Provenance
The following attestation bundles were made for kestrel_feature_healthcare-0.7.1.tar.gz:
Publisher:
publish.yml on KestrelSovereignAI/kestrel-feature-healthcare
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
kestrel_feature_healthcare-0.7.1.tar.gz -
Subject digest:
174088719e28425563924dd8e97272b119358d3be7e0570676b88cc4cc7c0195 - Sigstore transparency entry: 1670840972
- Sigstore integration time:
-
Permalink:
KestrelSovereignAI/kestrel-feature-healthcare@74a63ea27ebff760475c49eb3b0750853b06dacd -
Branch / Tag:
refs/tags/v0.7.1 - Owner: https://github.com/KestrelSovereignAI
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@74a63ea27ebff760475c49eb3b0750853b06dacd -
Trigger Event:
push
-
Statement type:
File details
Details for the file kestrel_feature_healthcare-0.7.1-py3-none-any.whl.
File metadata
- Download URL: kestrel_feature_healthcare-0.7.1-py3-none-any.whl
- Upload date:
- Size: 54.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ca113d583eb6d2d0080e2e8fd115a3d96dcb1caa7d4bcff1759b2a4715addb2
|
|
| MD5 |
c33fac4e8900202c9518915b3a08db24
|
|
| BLAKE2b-256 |
cbaf02d94aeeb27a68d83ae77a49ca9d5308c348a16e9e12e61845ef156b2240
|
Provenance
The following attestation bundles were made for kestrel_feature_healthcare-0.7.1-py3-none-any.whl:
Publisher:
publish.yml on KestrelSovereignAI/kestrel-feature-healthcare
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
kestrel_feature_healthcare-0.7.1-py3-none-any.whl -
Subject digest:
5ca113d583eb6d2d0080e2e8fd115a3d96dcb1caa7d4bcff1759b2a4715addb2 - Sigstore transparency entry: 1670841080
- Sigstore integration time:
-
Permalink:
KestrelSovereignAI/kestrel-feature-healthcare@74a63ea27ebff760475c49eb3b0750853b06dacd -
Branch / Tag:
refs/tags/v0.7.1 - Owner: https://github.com/KestrelSovereignAI
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@74a63ea27ebff760475c49eb3b0750853b06dacd -
Trigger Event:
push
-
Statement type: