CareCompass Healthcare SDK

CareCompass is a healthcare navigation AI for healthcare apps and portals. The SDK gives payers, providers, employers, and healthcare technology teams a branded member-facing chat experience backed by Nexalink-hosted AI infrastructure.

CareCompass is not a general-purpose LLM SDK, medical diagnosis tool, replacement for clinical decision making, or system for autonomous treatment recommendations.

What You Can Build

• Member navigation assistants
• Benefits guidance tools
• Provider discovery experiences
• Healthcare support chat interfaces
• Employer healthcare navigation portals
• Payer member engagement tools

Why CareCompass

• Healthcare-focused experience: prompts, labels, guardrails, and defaults are oriented around healthcare navigation.
• Hosted AI infrastructure: chat requests go through Nexalink-hosted APIs and the Nexalink-managed AI runtime.
• Branding and customization: configure display name, logo, support links, theme, labels, placement, and approved prompt context.
• Usage tracking: Nexalink tracks usage under issued keys for deployment monitoring and future metered billing.
• Enterprise deployment support: use separate staging/production keys, origin allowlists, validation, BAA-gated onboarding where PHI may be involved, and security controls.

Quick Start

The package is publicly installable for developer convenience. Live regulated use requires Nexalink onboarding, BAA coverage where PHI may be involved, and Nexalink-issued credentials.

npx @nexalink/carecompass-sdk init --account-type developer --api-key <nexalink-api-key> --payer-id acme-health --origin https://members.acme-health.com
npx @nexalink/carecompass-sdk validate --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk doctor --config carecompass/carecompass.config.json

init validates your Nexalink API key, stores it locally, and generates:

• carecompass/carecompass.config.json
• carecompass/system-prompt.md
• carecompass/carecompass-embed.html
• carecompass/carecompass-iframe.html
• carecompass/README.md

npx does not install a permanent carecompass command. Keep using npx @nexalink/carecompass-sdk <command> or install the package. The CLI requires Node.js 18 or newer.

How It Works

Your Application
  ↓
CareCompass SDK
  ↓
Nexalink Hosted APIs
  ↓
CareCompass AI Runtime

Your application renders the React component, JavaScript mount helper, generated embed page, or iframe. The browser receives only public embed configuration: payer ID, environment, public embed key, branding, labels, theme, support links, approved prompt settings, and telemetry defaults. Chat goes to Nexalink-hosted CareCompass API routes.

Account Requirements

A Nexalink account with SDK access is required beyond package installation so Nexalink can validate payer identity, environment, secret API key, public embed key, allowed origins, approved prompt configuration, and API usage. API keys are issued in the Nexalink portal. When PHI may be involved, a tenant owner or admin executes the canonical BAA before generating the first key. The secret API key is shown once, stored locally, and must never be committed or placed in browser code.

Common Use Cases

• Payers: branded member assistants for benefits, coverage navigation, support resources, and next steps.
• Employers: healthcare navigation portals that route employees to plan resources and approved support channels.
• Providers and digital health companies: support chat with model access, validation, and usage tracking behind Nexalink-hosted APIs.

React Example

import { CareCompassEmbed } from "@nexalink/carecompass-sdk";
import config from "./carecompass/carecompass.config.json";

export function MemberSupport() {
  return <CareCompassEmbed config={config} />;
}

JavaScript Example

import { mountCareCompass } from "@nexalink/carecompass-sdk";
import config from "./carecompass/carecompass.config.json";

mountCareCompass(document.getElementById("carecompass-root"), config);

Enterprise Features

CareCompass uses separate credentials for trusted setup and browser runtime:

• API key: a secret credential for trusted setup and server-side/CLI workflows, including init sign-in and validation. Never include it in browser code, generated embed HTML, frontend config, or source control.
• Embed key: a public browser-facing identifier for the CareCompass embed. It is safe to include in carecompass.config.json and generated snippets. It identifies the payer, environment, and embed client for runtime requests, but it is not a secret or proof of identity on its own.

Enterprise concepts include API keys, embed keys, origin allowlists, BAA requirements where PHI may be involved, usage tracking, future Stripe metered billing support, hosted validation, prompt guardrails, rate limiting, request attribution, tenant isolation, and staging/production separation. Enterprise signup and BAA execution happen in the Nexalink web app before API key creation.

Use separate keys and config files for staging and production:

npx @nexalink/carecompass-sdk validate --config carecompass.staging.json
npx @nexalink/carecompass-sdk snippet --config carecompass.staging.json --output carecompass/staging-embed.html
npx @nexalink/carecompass-sdk doctor --config carecompass.staging.json

Before production, confirm the exact origin allowlist, a production-specific embedKey, approved Nexalink-hosted apiBaseUrl, support links, prompt instructions, and no secret API key in generated source code.

Security & Compliance

CareCompass keeps secret SDK API keys out of the browser. The browser uses public embedKey, payer ID, environment, and allowed origin metadata to call Nexalink-hosted embed API routes. Staging and production apiBaseUrl values must be Nexalink-hosted HTTPS URLs; localhost is accepted only for development.

The browser does not receive SageMaker credentials, AppSync signing roles, private model endpoint details, Nexalink server-side allowlists, or the secret SDK API key. Generated snippets escape serialized config, and React renders chat messages and labels as text.

Telemetry is enabled automatically with Nexalink-managed defaults. The SDK sends only allowlisted anonymous deployment-health events to PostHog's public ingestion API. It does not bundle posthog-js, enable session replay or autocapture, identify users, set cookies, or persist analytics state. Prompts, responses, chat history, user context, PHI/PII, credentials, raw errors, stack traces, CLI arguments, terminal input, and file paths are excluded.

Some MVP and development model endpoints may use scale-to-zero capacity; first request after an idle period can take several minutes while the endpoint warms through Nexalink-hosted APIs.

CLI Reference

init

Runs first-time setup: routes users to signup, validates the API key, stores it locally, and generates the config, prompt starter, embed page, iframe, and setup guide with only public embed configuration.

Credentials are stored at ~/.nexalink/carecompass/credentials.json by default. You can also set CARECOMPASS_API_KEY. For scripted setup, pass --account-type developer. Configure signup with --developer-signup-url or CARECOMPASS_DEVELOPER_SIGNUP_URL; default: https://www.nexalink.care/developer/signup.

Generated HTML defaults to bundler-friendly imports from @nexalink/carecompass-sdk. For a raw browser HTML demo that is not processed by a bundler, add --snippet-mode cdn.

npx @nexalink/carecompass-sdk init --account-type developer --api-key <nexalink-api-key> --payer-id acme-health --origin https://members.acme-health.com
npx @nexalink/carecompass-sdk init --account-type developer --snippet-mode cdn --payer-id acme-health --origin https://members.acme-health.com

validate

Checks local config shape and credentials, then hosted validation for apiBaseUrl, embedKey, payerId, environment, and allowedOrigins unless --local-only is passed. Browser-side validation uses public embed headers and does not send the secret API key.

npx @nexalink/carecompass-sdk validate --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk validate --local-only --config carecompass/carecompass.config.json

snippet

Regenerates the HTML embed snippet after config, branding, origin, or prompt changes. init already runs this once.

npx @nexalink/carecompass-sdk snippet --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk snippet --snippet-mode cdn --config carecompass/carecompass.config.json

doctor

Prints a deployment readiness summary for the selected config.

npx @nexalink/carecompass-sdk doctor --config carecompass/carecompass.config.json

Configuration Reference

carecompass/carecompass.config.json is safe to commit when it contains only public embed configuration. Store the secret API key only in local CLI credentials or an approved server-side secret store.

{
  "payerId": "acme-health",
  "environment": "staging",
  "apiBaseUrl": "https://www.nexalink.care",
  "embedKey": "embed_public_key_from_nexalink",
  "allowedOrigins": ["https://members.acme-health.com"],
  "branding": {
    "displayName": "Acme Health",
    "logoUrl": "https://members.acme-health.com/logo.svg",
    "supportUrl": "https://members.acme-health.com/support"
  },
  "theme": {
    "primaryColor": "#2563eb",
    "backgroundColor": "#ffffff",
    "textColor": "#111827",
    "borderRadius": "8px",
    "fontFamily": "system-ui, sans-serif"
  },
  "labels": {
    "title": "Acme Care Guide",
    "placeholder": "Ask about benefits, care options, or next steps...",
    "sendButton": "Send",
    "disclaimer": "CareCompass provides navigation support, not medical advice.",
    "errorMessage": "CareCompass is unavailable right now."
  },
  "prompt": {
    "systemInstructionFile": "./system-prompt.md",
    "welcomeMessage": "How can I help you navigate your care today?",
    "allowUserContext": false
  },
  "placement": {
    "mode": "inline"
  },
  "deploymentTarget": "web"
}

carecompass/system-prompt.md defines approved context before a member message reaches the AI runtime: plan terminology, support boundaries, escalation rules, and navigation context. The CLI resolves the prompt file into carecompass/carecompass-embed.html; the browser receives prompt text, not a local file path. Nexalink guardrails still validate prompt content.

carecompass/carecompass-iframe.html contains the iframe to place on the integrating page:

<iframe
  title="Acme Health CareCompass"
  src="/carecompass/carecompass-embed.html"
  style="width: 100%; min-height: 640px; border: 0; border-radius: 8px;"
  loading="lazy"
></iframe>

Serve carecompass/carecompass-embed.html at the iframe src, often by copying the generated carecompass folder into public/static assets.

Troubleshooting

• Missing Nexalink API key: run init, choose Developer, and sign in. For scripts, pass --account-type developer with --api-key <key>, or set CARECOMPASS_API_KEY with CARECOMPASS_ACCOUNT_TYPE=developer.
• zsh: command not found: carecompass: npx does not install a permanent command. Run npx @nexalink/carecompass-sdk <command> or install the package.
• @parcel/core: Failed to resolve 'https://esm.sh/...': regenerate with bundler mode: npx @nexalink/carecompass-sdk snippet --config carecompass/carecompass.config.json. CDN mode is for raw browser HTML.
• CareCompass could not reach http://localhost:3000: hosted sandboxes cannot reach your machine's localhost. Test locally or use a deployed Nexalink apiBaseUrl. Run validate before typing into the embed.
• Origin is not authorized: add the exact website origin to the Nexalink portal SDK configuration.
• Prompt configuration violates CareCompass guardrails: remove unsafe or unsupported instructions and re-run validation.
• CareCompass embed client is not authorized: confirm payerId, embedKey, environment, and allowed origins match the key issued in the Nexalink portal.
• CareCompass AppSync inference service is not configured: Nexalink server operators should confirm NEXT_PUBLIC_API_URL or CARECOMPASS_APPSYNC_URL. The embed does not require a payer-provided LLM URL.

License

This SDK is proprietary software owned by Nexalink Health, Inc. See the included LICENSE file.