Add SMART Health Links eligibility example

[aleksandrkislitsyn]

Summary

Adds an Aidbox-integrated SMART Health Links (SHL) example built on Bun + TypeScript. It securely shares the result of a long-running real-time eligibility (RTE) check with an unauthenticated client:

1. Client kicks off the check → receives a shlink: carrying an encryption key
2. Polls a manifest (can-change → finalized) while the async job runs
3. Fetches the encrypted file (JWE, alg: dir / enc: A256GCM) and decrypts it client-side

The SHL key is the only secret — the server stores only ciphertext.

What's included

• Bun + TypeScript service — native Bun.serve, no build step. Mints links, runs the async RTE job, manages manifest lifecycle, delivers the encrypted file.
• Aidbox integration — init bundle with a SHLink custom resource and an shl-app App routing $kickoff (authenticated), manifest/{shlId}, and file/{fileId} (public).
• Self-contained browser viewer (src/viewer.html, served at GET /) — resolves a shlink: and decrypts it with WebCrypto, with a step-by-step view of each HTTP call behind the flow.
• QR code — the viewer renders the minted link as a scannable QR via an inline, dependency-free QR encoder (byte mode, EC level M, versions 1–20), so a phone wallet can pick up the link. No CDN — satisfies the viewer's strict CSP.

Output

A FHIR CoverageEligibilityResponse, encrypted as a JWE.

Verification

• bunx tsc --noEmit passes.
• Full stack runs via docker compose up --build (Aidbox + app); kickoff mints links and the viewer decrypts the result.
• The QR encoder was round-trip tested against an independent decoder across every version 1–13 (including realistic ~300-char shlink payloads).

🤖 Generated with Claude Code