Aidbox & Formbox: February 2602 Product Update

In February, we focused on three areas that matter most in production and regulated environments:

1. Data lifecycle control for compliance
2. Enterprise-grade secret management
3. Modular deployment with Formbox as a standalone product

These updates are designed to reduce operational risk, simplify governance, and improve deployment flexibility.

$purge — Patient Data Lifecycle Management

Aidbox now implements the $purge operation, which permanently deletes a Patient resource and all resources in their compartment, including full version history, in a single call.

The operation supports both synchronous and asynchronous execution modes, custom compartment definitions to control the scope of deletion, and produces audit events for compliance tracking.

This enables:

• Compliance-driven data deletion — support for "right to erasure" and data retention policies with a single auditable operation (AuditEvent with action: "E", subtype: "$purge")
• Complete compartment cleanup — all resources referencing the patient (Observations, Conditions, Encounters, etc.) are removed, including historical versions
• Scoped deletion control — pass a custom CompartmentDefinition to purge only specific resource types (e.g., only Observations) while leaving others intact
• Safe async processing for large datasets — use Prefer: respond-async to delete compartment resources in background tasks, with status polling and cancellation support
• Idempotent by design — re-running $purge after a partial failure is safe; purging a non-existent patient returns success without error
• Environment resets — simplified cleanup for test and staging systems.

$purge provides a standardized, auditable mechanism for managing patient data lifecycle in regulated and high-control environments.

External Vault Integration — Secure Secret Management

Aidbox now supports integration with external vault systems for managing secrets referenced in FHIR resources, without ever persisting actual secret values in the database.

Resources like Client, IdentityProvider, TokenIntrospector, and AidboxTopicDestination carry a data-absent-reason extension marked masked along with a logical secret name reference, instead of storing the actual secret. At runtime, Aidbox resolves secrets from filesystem-mounted files via a vault configuration that maps logical names to file paths and enforces access scope per resource.

This allows organizations to:

• Keep secrets out of the database and API responses — values are never stored in FHIR resources or returned by the API
• Rotate secrets without downtime — secret files use short TTL caching with file modification time validation, so rotation requires no Aidbox restart
• Use any vault provider — the filesystem interface is vendor-agnostic, working with HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, GCP Secret Manager, Kubernetes Secrets, or Docker bind-mounts
• Enforce access control — scope configuration restricts which resources can access which secrets, preventing unauthorized usage
• Avoid custom integration code — no SDKs, plugins, or vault-specific code required; the only contract is files on disk

By decoupling secret storage from runtime configuration through standard FHIR extensions and a simple filesystem contract, teams gain stronger governance, improved security posture, and  compliance alignment without vendor lock-in.

Formbox as a Standalone Product

Formbox now supports deployment as a standalone product independent of a full Aidbox instance. 

This enables:

• Modular adoption for structured data capture use cases
• Simpler procurement and licensing decisions
• Independent scaling of form workflows
• Cleaner architecture separation in larger deployments

Aidbox

Security & Deployment Hardening

Startup Validation for JWT Keys

We now validate JWT authentication keys at startup and reject misconfigured environments before they run, helping teams catch issues early. This improves deployment safety and reduces debugging time for authorization problems, especially in regulated environments. See key format requirements for details.

For improved secrets governance, Aidbox can now integrate with an external vault system for managing sensitive configuration outside the database. This enables centralized rotation and stronger compliance with enterprise security policies.

Configurable Token Introspection Caching

Authentication token caching (cache_ttl) is now configurable. This allows teams to tune performance versus freshness for high-throughput APIs and federated identity environments.

PostgreSQL Visibility & Performance

Native PostgreSQL EXPLAIN Support in _explain

The _explain parameter now supports native PostgreSQL options including analyze, buffers, and verbose. This allows teams to inspect real execution plans directly from Aidbox and diagnose slow FHIR queries without switching tools.

Configurable JDBC Application Name

You can now configure the JDBC application name visible in pg_stat_activity. This improves observability in multi-service environments and helps DBAs quickly identify which workloads originate from Aidbox.

SQL Migrations via Init Bundles

SQL migrations are now supported through init bundles. This enables consistent schema management across environments and reduces configuration drift in infrastructure-as-code pipelines.

Optimized FHIR Bundle Processing

FHIR bundle processing was optimized by improving TokenIntrospector authentication handling and removing unnecessary operation resolution. These changes reduce CPU overhead and increase throughput for transaction and bulk ingestion workflows.

FHIR Server Enhancements 

Published Aidbox Implementation Guide Packages

Aidbox custom resources are now published as installable FHIR packages with StructureDefinitions. This enables reproducible deployments, cleaner IG version management, and consistent validation across environments.

Advanced Search Configuration Support

Support was added for the BOX_FHIR_SEARCH_CHAIN_SUBSELECT setting. This allows more efficient chained search execution strategies in complex query scenarios.

Messaging & Subscription Modernization

Amazon SNS as a Topic Destination

Aidbox now supports Amazon SNS as an AidboxTopicDestination. This enables direct integration with AWS-native event pipelines and simplifies cloud-based notification architectures.

Migration to Standard FHIR Topic-Based Subscriptions

The deprecated ZEN Topic-Based Subscription implementation has been removed. Aidbox now relies on standard FHIR Topic-Based Subscriptions, reducing custom maintenance and improving interoperability alignment.

Bug Fixes & Operational Stability

This release includes stability improvements across export, validation, search, and clustering workflows. The fixes below address real production edge cases and multi-cloud reliability gaps.

Fixes

• Fixed $export URL signing for GCP and Azure to restore reliable bulk export in cloud environments.
• Fixed validation endpoint inconsistencies affecting certain FHIR operations.
• Corrected CORS headers for streaming responses to prevent blocked cross-origin requests.
• Resolved canonical URL clashes between installed FHIR packages.
• Corrected OrgBac operation definitions.
• Implemented cache invalidation across replicas after UI package installation to maintain cluster consistency.
• Fixed recursive search parameter handling and other search-related edge cases.

Formbox

Twilio Email Integration

Formbox now integrates with the Twilio email provider, enabling direct form delivery to recipients via email and supporting native notification workflows without custom messaging infrastructure.

Advanced Questionnaire Behaviors

Exclusive option behavior is now supported in forms, allowing a specific answer option to automatically deselect all others when selected, even for repeating questions. This enables more precise questionnaire logic without custom client-side scripting.

Offline Support Example

Added an example demonstrating how to embed forms into an application with offline support via request interception, enabling their use without continuous network connectivity.

Formbox Renderer

SMART Web Messaging Support

The open-source Formbox Renderer now supports embedding via SMART Web Messaging. This reduces custom frontend integration work in SMART-on-FHIR environments.

FHIR R4 and R3 Converters

Converters for FHIR R4 and R3 are now included. This improves compatibility in environments operating across mixed FHIR versions.

Translation & Signature Extensions

Formbox Renderer now supports language and translation extensions for string and markdown content, as well as the signatureRequired extension at both questionnaire and item levels, enabling multilingual localization and regulated signature workflows.

Explore the Full Release

Review the complete technical changes and configuration details in the release notes. If you have questions or want to discuss migration details, join the Aidbox community on Zulip and talk directly with the team and other implementers.