Update: [AEA-4652] - signature validation on prescription creation#4426
Merged
bencegadanyi1-nhs merged 43 commits intomasterfrom Apr 2, 2026
Merged
Conversation
Contributor
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-4652 |
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
Contributor
There was a problem hiding this comment.
Pull request overview
Adds signature validation for prescription creation (behind a feature flag) and aligns signature-verification error handling/mapping across creation + release flows, with supporting infra/workflow wiring.
Changes:
- Introduces
ENABLE_PRESCRIBING_SIGNATURE_VALIDATIONfeature flag and performs signature verification in the$process-messageroute for prescription-order creation. - Adds
verifyAndFormatPrescriptionSignature()to centralize logging + OperationOutcome issue mapping; updates release-response translation/tests accordingly. - Wires the flag through CDK contexts/ECS env and CI/release workflows; updates e2e expectations and security ignore list.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/e2e-tests/specs/live/process.failures.spec.ts | Updates failure test setup + expected OperationOutcome for signature validation. |
| packages/coordinator/tests/utils/feature-flags.spec.ts | Adds unit tests for the new feature flag helper. |
| packages/coordinator/tests/services/translation/response/release/release-response.spec.ts | Updates tests to mock/expect the new signature verification function and diagnostics. |
| packages/coordinator/tests/services/translation/request/index.spec.ts | Adds tests for creation-time signature verification mapping. |
| packages/coordinator/src/utils/feature-flags.ts | Adds isSignatureValidationEnabled(). |
| packages/coordinator/src/services/verification/signature-verification.ts | Adds verifyAndFormatPrescriptionSignature() mapping errors to FHIR issues + logging. |
| packages/coordinator/src/services/translation/response/release/release-response.ts | Uses formatted signature issues when building invalid-signature outcomes. |
| packages/coordinator/src/services/translation/request/index.ts | Exposes verifySignatureForPrescriptionCreation() used by the route. |
| packages/coordinator/src/routes/process.ts | Performs signature validation on prescription creation when the flag is enabled. |
| packages/cdk/stacks/PrescribeDispenseStack.ts | Adds context plumbing + CFN output for the flag. |
| packages/cdk/resources/ECSTasks.ts | Injects ENABLE_PRESCRIBING_SIGNATURE_VALIDATION into ECS task env. |
| cdk.json | Adds enablePrescribingSignatureValidation context default. |
| .trivyignore.yaml | Adds a time-bounded ignore entry for CVE-2026-33036. |
| .github/workflows/run_regression_tests.yml | Changes regression test tags to a feature-branch tag. |
| .github/workflows/release_ref.yml | Adds ENABLE_PRESCRIBING_SIGNATURE_VALIDATION to ref release env. |
| .github/workflows/release.yml | Adds ENABLE_PRESCRIBING_SIGNATURE_VALIDATION to multiple environments. |
| .github/workflows/pull_request.yml | Enables ENABLE_PRESCRIBING_SIGNATURE_VALIDATION for PR deploys (with TODO). |
| .github/workflows/ci.yml | Adds ENABLE_PRESCRIBING_SIGNATURE_VALIDATION to CI deploy jobs. |
| .github/workflows/cdk_release_code.yml | Adds required boolean input for ENABLE_PRESCRIBING_SIGNATURE_VALIDATION. |
| .github/scripts/fix_cdk_json.sh | Ensures CDK context is populated from ENABLE_PRESCRIBING_SIGNATURE_VALIDATION. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
bencegadanyi1-nhs
temporarily deployed
to
internal-dev
GitHub Actions
Inactive
…ignature-validation
…ignature-validation
…ignature-validation
…ignature-validation
…ignature-validation
tstephen-nhs
reviewed
Apr 2, 2026
| "Allow traffic to Claims Service from FHIR Facade load balancer" | ||
| ) | ||
|
|
||
| new CfnOutput(this, "EnablePrescribingSignatureValidation", { |
Contributor
There was a problem hiding this comment.
I'm wondering why this is output when others aren't? I can't see it being used, sorry if I've missed it.
tstephen-nhs
reviewed
Apr 2, 2026
tstephen-nhs
reviewed
Apr 2, 2026
tstephen-nhs
reviewed
Apr 2, 2026
tstephen-nhs
reviewed
Apr 2, 2026
| handleResponse | ||
| } from "./util" | ||
| import {createHash} from "./create-hash" | ||
| import {fhir} from "@models" |
Contributor
There was a problem hiding this comment.
import {fhir,spine} from @models
tstephen-nhs
reviewed
Apr 2, 2026
| import {isSignatureValidationEnabled} from "../utils/feature-flags" | ||
| import {identifyMessageType} from "../services/translation/common" | ||
| import {verifyAndFormatPrescriptionSignature} from "../services/verification/signature-verification" | ||
| import {spine} from "@models" |
Contributor
There was a problem hiding this comment.
remove second from @models
|
tstephen-nhs
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Details
ENABLE_PRESCRIBING_SIGNATURE_VALIDATIONflag -> lets us turn on signature checks at creation without blowing anything upverifyAndFormatPrescriptionSignature()-> single place for logging +OperationOutcomemapping (no more scattered logic)$process-messageto avoid double translation ->convertPrescriptionBundleToSpineRequestnow returns bothSpineRequest+ParentPrescription, so signature verification reuses it instead of callingconvertParentPrescriptionagain