CareCompass Healthcare AI Infrastructure SDK

CareCompass helps healthcare teams launch branded healthcare navigation assistants, member support assistants, and patient-facing AI experiences inside their own portals or applications. The SDK combines an embeddable chat experience with Nexalink-hosted healthcare AI infrastructure, reducing the implementation effort required to move from idea to deployable healthcare navigation workflow.

The SDK is publicly installable for developer convenience, but live regulated use requires Nexalink onboarding, issued credentials, and BAA coverage where PHI may be involved. CareCompass is designed for healthcare navigation and support workflows. It is not a general-purpose LLM SDK, not a medical diagnosis tool, not autonomous treatment recommendation software, and not a replacement for clinicians or clinical judgment.

Who It's For

• Healthcare startups building AI-powered patient experiences
• Payer innovation and member engagement teams
• Employer-benefits platforms
• Provider organizations adding patient-facing support workflows
• Digital health engineering teams
• Healthcare product teams that need AI infrastructure quickly

Why Teams Use CareCompass

• Faster deployment: add a healthcare-focused AI assistant to an existing healthcare product without months of infrastructure work.
• Reduced engineering effort: avoid building and operating the supporting healthcare AI infrastructure around the assistant.
• Hosted healthcare AI runtime: chat requests route through Nexalink-hosted APIs and the CareCompass AI runtime.
• Embedded branded experience: use the React component, JavaScript mount helper, generated embed page, or iframe with your display name, labels, theme, logo, and support links.
• Prompt and configuration controls: define approved prompt context, welcome copy, placement, allowed origins, and deployment environment.
• Deployment controls: use key management, origin allowlists, hosted validation, and staging/production credential separation.
• Enterprise onboarding: support BAA-gated onboarding where PHI may be involved.

Why Not Build It Yourself?

Most healthcare teams can access foundation models through OpenAI, Anthropic, Bedrock, Azure OpenAI, or similar providers. The harder work is not obtaining an LLM. The harder work is building and operating the healthcare AI infrastructure around it:

• Healthcare-focused prompts and guardrails
• Hosted inference infrastructure
• Tenant isolation
• Key management
• Deployment validation
• Browser embedding
• Usage tracking
• Compliance-oriented onboarding

CareCompass provides a managed healthcare AI infrastructure layer for these workflows, while keeping the embedded experience configurable for your application and brand.

What You Avoid Building

• Model gateway
• Chat embed
• Prompt validation layer
• Tenant and key management
• Usage tracking
• Hosted inference path
• Staging and production credential separation
• Deployment validation tooling
• Compliance-oriented onboarding workflow

What You Can Build

• Member support assistants
• Benefits navigation assistants
• Provider discovery support flows
• Employer healthcare navigation portals
• Payer member engagement tools
• Digital health support chat experiences

Example Questions CareCompass Can Help With

CareCompass is intended for healthcare navigation and support, not diagnosis or treatment recommendations. Example navigation questions include:

• "How do I find an in-network cardiologist?"
• "What does my deductible mean?"
• "How do I schedule a specialist appointment?"
• "Where can I find behavioral health resources?"
• "What support resources are available through my plan?"

What CareCompass Is Not

• Not a general-purpose LLM SDK
• Not a diagnosis tool
• Not a replacement for clinical judgment
• Not autonomous treatment recommendation software

Quick Start

Account creation and credentials are required because CareCompass is healthcare AI infrastructure for regulated deployment workflows, not an unauthenticated demo widget. The CLI requires Node.js 18 or newer.

npx @nexalink/carecompass-sdk init --account-type developer --api-key <nexalink-api-key> --payer-id acme-health --origin https://members.acme-health.com
npx @nexalink/carecompass-sdk validate --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk doctor --config carecompass/carecompass.config.json

init validates your Nexalink API key, stores it locally, and generates:

• carecompass/carecompass.config.json
• carecompass/system-prompt.md
• carecompass/carecompass-embed.html
• carecompass/carecompass-iframe.html
• carecompass/README.md

npx does not install a permanent carecompass command. Keep using npx @nexalink/carecompass-sdk <command> or install the package.

How It Works

Your Application
  ↓
CareCompass SDK
  ↓
Nexalink Hosted APIs
  ↓
CareCompass AI Runtime

Your application renders the CareCompass UI through the SDK. The browser receives only public embed configuration: payer ID, environment, public embed key, branding, labels, theme, support links, approved prompt settings, placement, and telemetry defaults. The browser does not receive the secret API key, private model endpoint details, SageMaker credentials, AppSync signing roles, or Nexalink server-side allowlists.

Chat requests go to Nexalink-hosted CareCompass API routes. Those hosted routes are responsible for authorization, origin validation, tenant isolation, prompt guardrails, rate limiting, request attribution, usage tracking, and routing to the CareCompass AI runtime.

Account, Credentials, and BAA Requirements

A Nexalink account with SDK access is required beyond package installation so Nexalink can validate payer identity, deployment environment, allowed origins, approved prompt configuration, credentials, and API usage.

CareCompass uses two different keys:

• API key: a secret credential for trusted setup and server-side or CLI workflows, including init sign-in and validation. Never include it in browser code, generated embed HTML, frontend config, or source control.
• Embed key: a public browser-facing identifier for the CareCompass embed. It is safe to include in carecompass.config.json and generated snippets. It identifies the payer, environment, and embed client for runtime requests, but it is not a secret or proof of identity on its own.

API keys are issued in the Nexalink portal. When PHI may be involved, a tenant owner or admin may need to execute the canonical BAA before generating the first key. The secret API key is shown once, stored locally by the developer, and should be handled as a server-side or CLI credential.

React Usage

import { CareCompassEmbed } from "@nexalink/carecompass-sdk";
import config from "./carecompass/carecompass.config.json";

export function MemberSupport() {
  return <CareCompassEmbed config={config} />;
}

JavaScript Usage

import { mountCareCompass } from "@nexalink/carecompass-sdk";
import config from "./carecompass/carecompass.config.json";

mountCareCompass(document.getElementById("carecompass-root"), config);

Configuration Reference

carecompass/carecompass.config.json is safe to commit when it contains only public embed configuration. Store the secret API key only in local CLI credentials or an approved server-side secret store.

{
  "payerId": "acme-health",
  "environment": "staging",
  "apiBaseUrl": "https://www.nexalink.care",
  "embedKey": "embed_public_key_from_nexalink",
  "allowedOrigins": ["https://members.acme-health.com"],
  "branding": {
    "displayName": "Acme Health",
    "logoUrl": "https://members.acme-health.com/logo.svg",
    "supportUrl": "https://members.acme-health.com/support"
  },
  "theme": {
    "primaryColor": "#2563eb",
    "backgroundColor": "#ffffff",
    "textColor": "#111827",
    "borderRadius": "8px",
    "fontFamily": "system-ui, sans-serif"
  },
  "labels": {
    "title": "Acme Care Guide",
    "placeholder": "Ask about benefits, care options, or next steps...",
    "sendButton": "Send",
    "disclaimer": "CareCompass provides navigation support, not medical advice.",
    "errorMessage": "CareCompass is unavailable right now."
  },
  "prompt": {
    "systemInstructionFile": "./system-prompt.md",
    "welcomeMessage": "How can I help you navigate your care today?",
    "allowUserContext": false
  },
  "placement": {
    "mode": "inline"
  },
  "deploymentTarget": "web"
}

carecompass/system-prompt.md defines approved context before a member message reaches the AI runtime: plan terminology, support boundaries, escalation rules, and navigation context. The CLI resolves the prompt file into carecompass/carecompass-embed.html; the browser receives prompt text, not a local file path. Nexalink guardrails still validate prompt content.

carecompass/carecompass-iframe.html contains the iframe to place on the integrating page:

<iframe
  title="Acme Health CareCompass"
  src="/carecompass/carecompass-embed.html"
  style="width: 100%; min-height: 640px; border: 0; border-radius: 8px;"
  loading="lazy"
></iframe>

Serve carecompass/carecompass-embed.html at the iframe src, often by copying the generated carecompass folder into public/static assets.

CLI Reference

init

Runs first-time setup: routes users to signup, validates the API key, stores it locally, and generates the config, prompt starter, embed page, iframe, and setup guide with only public embed configuration.

Credentials are stored at ~/.nexalink/carecompass/credentials.json by default. You can also set CARECOMPASS_API_KEY. For scripted setup, pass --account-type developer. Configure signup with --developer-signup-url or CARECOMPASS_DEVELOPER_SIGNUP_URL; default: https://www.nexalink.care/developer/signup.

Generated HTML defaults to bundler-friendly imports from @nexalink/carecompass-sdk. For a raw browser HTML demo that is not processed by a bundler, add --snippet-mode cdn.

npx @nexalink/carecompass-sdk init --account-type developer --api-key <nexalink-api-key> --payer-id acme-health --origin https://members.acme-health.com
npx @nexalink/carecompass-sdk init --account-type developer --snippet-mode cdn --payer-id acme-health --origin https://members.acme-health.com

validate

Checks local config shape and credentials, then hosted validation for apiBaseUrl, embedKey, payerId, environment, and allowedOrigins unless --local-only is passed. Browser-side validation uses public embed headers and does not send the secret API key.

npx @nexalink/carecompass-sdk validate --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk validate --local-only --config carecompass/carecompass.config.json

snippet

Regenerates the HTML embed snippet after config, branding, origin, or prompt changes. init already runs this once.

npx @nexalink/carecompass-sdk snippet --config carecompass/carecompass.config.json
npx @nexalink/carecompass-sdk snippet --snippet-mode cdn --config carecompass/carecompass.config.json

doctor

Prints a deployment readiness summary for the selected config.

npx @nexalink/carecompass-sdk doctor --config carecompass/carecompass.config.json

Security and Compliance Model

CareCompass is BAA-gated where PHI may be involved and HIPAA-oriented for regulated healthcare deployment workflows, but this README does not claim blanket HIPAA compliance for every implementation or deployment.

The SDK keeps secret keys out of the browser. Browser code receives public embed configuration only. Staging and production apiBaseUrl values must be Nexalink-hosted HTTPS URLs; localhost is accepted only for development.

Nexalink-hosted API routes are responsible for authorization, origin allowlists, tenant isolation, prompt guardrails, rate limiting, request attribution, and usage tracking. Generated snippets escape serialized config, and React renders chat messages and labels as text.

Telemetry is enabled automatically with Nexalink-managed defaults. The SDK sends only allowlisted anonymous deployment-health events to PostHog's public ingestion API. It does not bundle posthog-js, enable session replay or autocapture, identify users, set cookies, or persist analytics state. Prompts, responses, chat history, user context, PHI/PII, credentials, raw errors, stack traces, CLI arguments, terminal input, and file paths are excluded from telemetry.

Runtime Notes

Some development and MVP environments may use scale-to-zero infrastructure, which can add cold-start latency to the first request after an idle period. The request still routes through Nexalink-hosted APIs; the browser embed does not receive infrastructure credentials or call the model endpoint directly.

Troubleshooting

• Missing Nexalink API key: run init, choose Developer, and sign in. For scripts, pass --account-type developer with --api-key <key>, or set CARECOMPASS_API_KEY with CARECOMPASS_ACCOUNT_TYPE=developer.
• zsh: command not found: carecompass: npx does not install a permanent command. Run npx @nexalink/carecompass-sdk <command> or install the package.
• @parcel/core: Failed to resolve 'https://esm.sh/...': regenerate with bundler mode: npx @nexalink/carecompass-sdk snippet --config carecompass/carecompass.config.json. CDN mode is for raw browser HTML.
• CareCompass could not reach http://localhost:3000: hosted sandboxes cannot reach your machine's localhost. Test locally or use a deployed Nexalink apiBaseUrl. Run validate before typing into the embed.
• Origin is not authorized: add the exact website origin to the Nexalink portal SDK configuration.
• Prompt configuration violates CareCompass guardrails: remove unsafe or unsupported instructions and re-run validation.
• CareCompass embed client is not authorized: confirm payerId, embedKey, environment, and allowed origins match the key issued in the Nexalink portal.
• CareCompass AppSync inference service is not configured: Nexalink server operators should confirm NEXT_PUBLIC_API_URL or CARECOMPASS_APPSYNC_URL. The embed does not require a payer-provided LLM URL.

License

This SDK is proprietary software owned by Nexalink Health, Inc. See the included LICENSE file.