justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(healthcare): route NPPES/PECOS Playwright flows through residential SOCKS proxy

Browse source 
CMS healthcare portals (NPPES, PECOS, I&A) block datacenter IPs, so the
healthcare browser automation needs to egress via the residential proxy on
hg409y7ez04.sn.mynetname.net (username 'performancewest').

- undetected_browser: use_proxy now accepts an env-var name, so callers can
  select a domain-specific proxy. _proxy_config(proxy_env) reads it and falls
  back to UNDETECTED_PROXY_URL. Healthcare uses 'HEALTHCARE_PROXY_URL'.
- probe_npi_undetected: launches with use_proxy='HEALTHCARE_PROXY_URL' when set.
- npi_provider: documents that the (future) automated NPPES/PECOS flows must
  use the healthcare proxy.
- Plumb HEALTHCARE_PROXY_URL (+ UNDETECTED_PROXY_URL fallback) through the
  ansible env template and docker-compose workers env.

The credential itself is NOT in the repo. Set the full URL in the ansible
vault as vault_healthcare_proxy_url:
  socks5://performancewest:<password>@hg409y7ez04.sn.mynetname.net:<port>
Verified parsing + Playwright proxy-dict wiring with a unit test.
This commit is contained in:
justin 2026-06-05 14:36:01 -05:00
parent bd9a70607f
commit 17318f6e7d
5 changed files with 70 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
infra/ansible/roles/app/templates/app.env.j2
View file

@ -119,6 +119,16 @@ HESTIA_URL={{ vault_hestia_url | default('https://cp.carrierone.com:8083') }}
HESTIA_USER={{ vault_hestia_user | default('admin') }}
HESTIA_PASS={{ vault_hestia_pass | default('') }}
# ── Residential proxy (healthcare NPPES/PECOS automation) ────────────────────
# CMS healthcare portals (NPPES, PECOS, I&A) block datacenter IPs, so the
# Playwright healthcare flows route through a residential SOCKS proxy.
# Format: socks5://performancewest:<password>@hg409y7ez04.sn.mynetname.net:<port>
# (username is "performancewest"). Set the full URL in the ansible vault as
# vault_healthcare_proxy_url. Leave blank to run without a proxy.
# UNDETECTED_PROXY_URL is the generic fallback used by FCC/state flows.
HEALTHCARE_PROXY_URL={{ vault_healthcare_proxy_url | default('') }}
UNDETECTED_PROXY_URL={{ vault_undetected_proxy_url | default(vault_healthcare_proxy_url | default('')) }}
# ── Application URLs ──────────────────────────────────────────────────────────
DOMAIN=https://{{ domain }}
SITE_URL=https://{{ domain }}