feat(healthcare): OIG/SAM exclusion screening as $79/mo Stripe Subscription

Convert OIG/SAM from one-time $299/yr to recurring $79/month (card+ACH only) - the first real recurring-billing product in the system. Exclusion screening is a *monthly* federal obligation, so recurring monitoring fits the requirement and is the biggest valuation lever (vs a one-time annual run). Catalog (single source of truth): - service-catalog.ts: add billing_interval + allowed_methods to ComplianceService; oig-sam-screening -> 7900c, billing_interval:"month", allowed_methods:[card,ach], name "(Monthly Monitoring)". - gen-service-catalog.py + check-service-catalog-drift.py: carry/guard the two new fields; regenerate site catalog. Checkout (api/src/routes/checkout.ts): - mode:"subscription" with recurring price_data when billing_interval is set; surcharge absorbed for recurring (clean $79/mo); server-side METHOD_NOT_ALLOWED re-validation against allowed_methods. - ensureColumns + migration 100: compliance_orders.stripe_subscription_id, bundle_upsell_sent_at (+ subscription index). Webhooks (api/src/routes/webhooks.ts): - record stripe_subscription_id on checkout.session.completed (subscription mode). - invoice.paid (subscription_cycle only) -> re-dispatch screening for the cycle; invoice.payment_failed -> admin alert + first-failure customer nudge; customer.subscription.deleted -> mark order cancelled. (API 2026-03-25 moved the subscription link to invoice.parent.subscription_details.subscription.) Fulfillment: - job_server.py: pass recurring_cycle/invoice_id into the order. - npi_provider.py: OIG handler labels renewal cycles "[Monthly cycle]" + re-screen note; bundle action runs only the FIRST screening + flags the $79/mo upsell. Bundle land-and-expand: - Provider Compliance Bundle now includes only the first OIG/SAM screening (was giving away $948/yr of monitoring inside an $899 bundle). - new worker scripts/workers/bundle_upsell.py (+ pw-bundle-upsell timer): ~3 weeks after a paid bundle, emails the customer to continue $79/mo monitoring; dedup via bundle_upsell_sent_at; skips customers who already have an OIG/SAM order. Surfaces updated to $79/mo: PaymentStep (filters methods, "Billed every month, cancel anytime"), order pages, healthcare index, npi-compliance-check tool (also fixed stale $699 bundle drift -> $899), hc_oig_screening + hc_compliance_bundle emails. Docs: billing.md gains a "Stripe-native Subscriptions" section + a reality-check banner (Adyen/ERPNext-gateway model documented there is NOT live; Stripe is the real rail). Fixed run-migrations.yml container name bug (performancewest-postgres-1 -> performancewest-api-postgres-1, overridable). Tests: api/tests/recurring-subscription.test.ts (28 assertions) covers catalog gating, method validation, surcharge suppression, recurring line-item build, invoiceSubscriptionId extraction, renewal-cycle gating. tsc clean; site build clean; catalog drift OK. Manual deploy step: enable invoice.paid, invoice.payment_failed, customer.subscription.deleted on the Stripe webhook endpoint.
2026-06-18 07:54:38 -05:00 · 2026-06-18 07:54:38 -05:00 · cf021e2f91
commit cf021e2f91
parent f481a1d13c
21 changed files with 820 additions and 69 deletions
--- a/scripts/workers/services/npi_provider.py
+++ b/scripts/workers/services/npi_provider.py
@ -15,8 +15,8 @@ Covers slugs:
  npi-reactivation            reactivate a deactivated NPI
  nppes-update                NPPES data update / attestation
  medicare-enrollment         new Medicare enrollment via PECOS
-  oig-sam-screening           OIG LEIE + SAM exclusion screening (annual)
-  provider-compliance-bundle  revalidation watch + screening + NPPES upkeep
+  oig-sam-screening           OIG LEIE + SAM exclusion screening (monthly)
+  provider-compliance-bundle  revalidation watch + first screening + NPPES upkeep

 Intake data needed (collected by the npi-intake wizard step):
  - npi                provider's 10-digit NPI
@ -95,12 +95,13 @@ _SLUG_META = {
        "priority": "high",
    },
    "oig-sam-screening": {
-        "name": "OIG/SAM Exclusion Screening (Annual)",
+        "name": "OIG/SAM Exclusion Screening (Monthly Monitoring)",
        "portal": "https://oig.hhs.gov/exclusions/  +  https://sam.gov/",
        "action": (
            "Run the provider (and any listed staff) against the OIG LEIE and "
            "SAM exclusion lists. Produce the screening certificate and flag any "
-            "matches for escalation."
+            "matches for escalation. Recurring monthly subscription: each renewal "
+            "cycle re-runs the screening against current data and emails the report."
        ),
        "access": (
            "No client access needed - OIG LEIE + SAM.gov are public. Screen by NPI/name, issue certificate."
@ -112,8 +113,9 @@ _SLUG_META = {
        "portal": "https://pecos.cms.hhs.gov/  +  https://nppes.cms.hhs.gov/",
        "action": (
            "Onboard the provider into the annual compliance bundle: enroll in "
-            "revalidation watch, run OIG/SAM screening, and refresh the NPPES "
-            "record. Set the next revalidation reminder."
+            "revalidation watch, run the FIRST OIG/SAM screening (included), and "
+            "refresh the NPPES record. Set the next revalidation reminder, and flag "
+            "for the $79/month exclusion-monitoring upsell after the first screening."
        ),
        "access": (
            "Standard (default): CMS-855 paper filing for the enrollment/revalidation piece, mailed to MAC (daily batch); screening is public (no client action). "
@ -200,8 +202,26 @@ class _BaseNPIHandler:
            "no": "NO — client declined surrogate -> use the STANDARD path (prepare form, e-sign, daily mail batch).",
        }.get(surrogate, "UNDECIDED — confirm with client; default to STANDARD path if not granted.")

+        # Recurring monthly cycle (e.g. OIG/SAM monitoring renewal): the webhook
+        # re-dispatched this order after a renewal charge cleared. Surface it so
+        # the admin re-runs the screening for the new cycle and issues a fresh
+        # dated certificate, rather than treating it as a first fulfillment.
+        recurring = bool(order_data.get("recurring_cycle"))
+        cycle_note = ""
+        title_prefix = ""
+        if recurring:
+            inv = order_data.get("recurring_invoice_id", "")
+            cycle_note = (
+                "\n*** RECURRING MONTHLY CYCLE *** — renewal charge cleared"
+                + (f" (invoice {inv})" if inv else "")
+                + ". Re-run the screening against CURRENT OIG LEIE + SAM data and "
+                "issue a NEW dated certificate for this cycle.\n"
+            )
+            title_prefix = "[Monthly cycle] "
+
        description = (
-            f"{meta['action']}\n\n"
+            cycle_note
+            + f"{meta['action']}\n\n"
            f"Provider: {provider}\n"
            f"NPI: {npi}\n"
            f"PECOS Enrollment ID: {pecos_id or 'not provided'}\n"
@ -220,7 +240,7 @@ class _BaseNPIHandler:
        self._create_todo(
            order_number,
            intake,
-            title=f"{meta['name']} — {provider} (NPI {npi})",
+            title=f"{title_prefix}{meta['name']} — {provider} (NPI {npi})",
            description=description,
            priority=meta["priority"],
        )