diff --git a/.github/codejson/cookiecutter.json b/.github/codejson/cookiecutter.json
new file mode 100644
index 0000000..7555a7c
--- /dev/null
+++ b/.github/codejson/cookiecutter.json
@@ -0,0 +1,67 @@
+{
+ "project_name": "cms-bb2-node-sdk",
+ "project_repo_name": "cms-bb2-node-sdk",
+ "project_org": "CMSgov",
+ "description": "A short description of the project.",
+ "long_description": "A longer description of the project.",
+ "status": ["ideation", "development", "alpha", "beta", "release candidate", "production", "archival"],
+ "license": ["CC0-1.0", "Apache-2.0", "MIT", "MPL-2.0", "GPL-2.0-only", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-3.0-only", "BSD-2-Clause", "BSD-3-Clause", "EPL-2.0", "Other"],
+ "usage_type" : ["openSource", "governmentWideReuse", "exemptByLaw", "exemptByNationalSecurity", "exemptByAgencySystem", "exemptByAgencyMission", "exemptByCIO", "exemptByPolicyDate"],
+ "repository_host": ["github.com/CMSgov", "github.com/CMS-Enterprise", "github.com/DSACMS", "github.cms.gov", "CCSQ GitHub"],
+ "repository_visibility": ["public", "private"],
+ "vcs": ["git", "hg", "svn", "rcs", "bzr"],
+ "forks": 0,
+ "platforms": "web, windows, mac, linux, ios, android, other",
+ "categories": "healthcare",
+ "software_type":["standalone/mobile", "standalone/iot", "standalone/desktop", "standalone/web", "standalone/backend", "standalone/other", "addon", "library", "configurationFiles"],
+ "languages": "",
+ "maintenance": ["internal", "contract", "community", "none"],
+ "contract_number": 0,
+ "tags": "dsacms-tier3",
+ "contact_email": "opensource@cms.hhs.gov",
+ "contact_name": "CMS Open Source Program Office",
+ "feedback_mechanisms": "https://github.com/CMSgov/cms-bb2-node-sdk/issues",
+ "localisation": ["true", "false"],
+ "repository_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs", "Docs"],
+ "user_input": ["Yes", "No"],
+ "fisma_level": ["Low", "Moderate", "High"],
+ "group": "CMS/OA/DSAC",
+ "projects": "",
+ "systems": "",
+ "upstream": "",
+ "subset_in_healthcare": "Policy, Operational, Medicare, Medicaid",
+ "user_type": "Providers, Patients, Government",
+ "__prompts__": {
+ "project_name": "What is the name of the project or software?",
+ "project_repo_name": "What is the name of the repository?",
+ "project_org": "What CMS GitHub organization is it under?",
+ "description": "Provide a short description of the software. It should be a single line containing a single sentence. Maximum 150 characters are allowed.",
+ "long_description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.",
+ "status": "What is the status of the project?",
+ "license": "What license is the project under?",
+ "usage_type": "What is the usage type for this project? For more information on each option, visit github.com/DSACMS/gov-codejson",
+ "repository_host": "Where is the repository hosted?",
+ "vcs": "What version control system is used?",
+ "forks": "How many forks does the repository have?",
+ "platforms": "What platform does the software runs on? Separate items by commas.",
+ "categories": "What categories best describes the project? Separate items by commas. List of categories here: https://yml.publiccode.tools/categories-list.html?highlight=categories",
+ "software_type": "What type of software is the project?",
+ "languages": "What programming language(s) is the software written in? Separate items by commas.",
+ "maintenance": "How is the software maintained?",
+ "contract_number": "What is the contractor number of the project?",
+ "tags": "Provide a list of tags to describe the software for search. Separate items by commas.",
+ "contact_name": "A point of contact is needed for the project. What is the name of the point of contact?",
+ "contact_email": "What is email address of the point of contact?",
+ "feedback_mechanisms": "What are methods a repository receives feedback from the community (e.g. URL to GitHub repository issues page, website, email)",
+ "localisation": "Does the software support multiple spoken languages?",
+ "repository_type": "What type of repository is this project?",
+ "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, upload files, etc.)",
+ "fisma_level": "What FISMA level is this project classified as? Learn more: https://security.cms.gov/learn/federal-information-security-modernization-act-fisma#perform-system-risk-categorization",
+ "group": "Which group at CMS is the project part of?",
+ "projects": "What project is the repository associated with? Separate items by commas.",
+ "systems": "What systems does the repository use or interface with? Separate items by commas.",
+ "upstream": "What upstream dependencies does the repository use? Separate items by commas.",
+ "subset_in_healthcare": "Which subset of healthcare does the project belong to?",
+ "user_type": "Who are the intended users?"
+ }
+}
\ No newline at end of file
diff --git a/.github/codejson/hooks/post_gen_project.py b/.github/codejson/hooks/post_gen_project.py
new file mode 100644
index 0000000..ea2bc84
--- /dev/null
+++ b/.github/codejson/hooks/post_gen_project.py
@@ -0,0 +1,139 @@
+import subprocess
+import shutil
+import json
+import os
+import shutil
+
+def get_date_fields():
+ # Run git commands and capture as string
+ output = subprocess.run(['git', 'log', '--date=iso', '--pretty=%cI', '--max-parents=0', '-n', '1'], capture_output=True, text=True)
+
+ # Store string and strip of leading / trailing whitespace
+ date = output.stdout.strip()
+
+ # Create a dictionary for date information to be pushed to JSON
+ date_information = {"created": f"{date}",
+ "lastModified": "{% now 'utc', '%Y-%m-%dT%H:%M:%S%z' %}",
+ "metadataLastUpdated": "{% now 'utc', '%Y-%m-%dT%H:%M:%S%z' %}"}
+
+ return date_information
+
+def get_scc_labor_hours():
+ if shutil.which('scc') is not None:
+ try:
+ #Run scc and load results into a dictionary
+ #assuming we are in the .git directory of the repo
+ cmd = ['scc', '..', '--format', 'json2', '--exclude-file']
+
+ # Currently only supports specific files
+ files_to_exclude = [
+ "checks.yml,auto-changelog.yml,contributors.yml,repoStructure.yml,code.json,checklist.md,checklist.pdf,README.md,CONTRIBUTING.md,LICENSE,repolinter.json,SECURITY.md,CODE_OF_CONDUCT.md,CODEOWNERS.md,COMMUNITY.md,GOVERNANCE.md"
+ ]
+
+ cmd.extend(files_to_exclude)
+
+ d = json.loads(subprocess.run(cmd,check=True, capture_output=True).stdout)
+
+ l_hours = d['estimatedScheduleMonths'] * 730.001
+
+ return round(l_hours,2)
+
+ except (subprocess.CalledProcessError, KeyError) as e:
+ print(e)
+ return None
+ else:
+ print("scc (https://github.com/boyter/scc) not found on system")
+
+ #Otherwise just use previous value as a default value.
+ return None
+
+def prompt_exemption_text(exemptionType):
+ print(f"âšī¸ You have selected {exemptionType} for your Usage Type.")
+ return input("Please provide a one or two sentence justification for the exemption used. For more information on Usage Type, visit github.com/DSACMS/gov-codejson: ")
+
+def format_multi_select_fields(text):
+ if text == "":
+ return []
+
+ new_text = text.split(",")
+
+ new_text = [text.strip() for text in new_text]
+
+ return new_text
+
+def update_code_json(json_file_path):
+ # Read the JSON
+ with open(json_file_path, 'r') as file:
+ data = json.load(file)
+
+ # Add date_information and labor hours to the JSON
+ data['date'] = get_date_fields()
+
+ # Calculate labor hours
+ hours = get_scc_labor_hours()
+ if hours:
+ data['laborHours'] = hours
+ else:
+ data['laborHours'] = None
+
+ # Check if usageType is an exemption
+ if data['permissions']['usageType'].startswith('exempt'):
+ exemption_text = prompt_exemption_text(data['permissions']['usageType'])
+ data['permissions']['exemptionText'] = exemption_text
+ else:
+ del data['permissions']['exemptionText']
+
+ # Format multi-select options
+ multi_select_fields = ["platforms", "categories", "languages", "tags", "feedbackMechanisms", "projects", "systems", "upstream", "subsetInHealthcare", "userType"]
+ for field in multi_select_fields:
+ data[field] = format_multi_select_fields(data[field][0])
+
+ # Format integer fields
+ if data['reuseFrequency']['forks'].isdigit():
+ data['reuseFrequency']['forks'] = int(data['reuseFrequency']['forks'])
+
+ # Update the JSON
+ with open(json_file_path, 'w') as file:
+ json.dump(data, file, indent = 2)
+
+def main():
+ try:
+ # Change to the parent directory
+ os.chdir('..')
+
+ # Define the codejson directory to remove
+ dir_name = "codejson"
+
+ # Check if codejson directory exists and remove it
+ if os.path.exists(dir_name):
+ shutil.rmtree(dir_name)
+
+ # Get the project name from cookiecutter
+ sub_project_dir = "{{cookiecutter.project_name}}"
+ codejson_file = "code.json"
+ project_root_dir = os.path.abspath('..')
+
+ json_file_path = os.path.join(sub_project_dir, codejson_file)
+
+ if os.path.exists(json_file_path):
+ # Move code.json file to parent directory
+ new_json_path = os.path.join(project_root_dir, codejson_file)
+ shutil.move(json_file_path, new_json_path)
+
+ # Remove the source directory
+ shutil.rmtree(sub_project_dir)
+
+ # Update the json with date and scc information
+ update_code_json(new_json_path)
+ print("Succesfully generated code.json file!")
+
+ else:
+ print(f"Error: {codejson_file} not found in {sub_project_dir}")
+
+ except OSError as error:
+ print(f"Error during OS operations: {error}")
+ except shutil.Error as error:
+ print(f"Error during shutil operations: {error}")
+
+if __name__ == "__main__":
+ main()
diff --git a/.github/codejson/hooks/pre_prompt.sh b/.github/codejson/hooks/pre_prompt.sh
new file mode 100644
index 0000000..083c154
--- /dev/null
+++ b/.github/codejson/hooks/pre_prompt.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+echo -e "âī¸ Welcome to the code.json cookiecutter CLI."
+echo -e "đ We will assist you with creating a code.json file to store metadata of your project."
+echo -e "âšī¸ Visit www.github.com/DSACMS/gov-codejson for more information."
diff --git a/.github/codejson/{{cookiecutter.project_name}}/code.json b/.github/codejson/{{cookiecutter.project_name}}/code.json
new file mode 100644
index 0000000..6ad69f7
--- /dev/null
+++ b/.github/codejson/{{cookiecutter.project_name}}/code.json
@@ -0,0 +1,49 @@
+{
+ "name": "{{ cookiecutter.project_name }}",
+ "description": "{{ cookiecutter.description }}",
+ "longDescription": "{{ cookiecutter.long_description }}",
+ "status": "{{ cookiecutter.status }}",
+ "permissions": {
+ "licenses": [
+ {
+ "URL": "LICENSE",
+ "name": "{{ cookiecutter.license }}"
+ }
+ ],
+ "usageType": "{{ cookiecutter.usage_type }}",
+ "exemptionText": ""
+ },
+ "organization": "Centers for Medicare & Medicaid Services",
+ "repositoryURL": "https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}",
+ "repositoryHost": "{{ cookiecutter.repository_host }}",
+ "repositoryVisibility": "{{ cookiecutter.repository_visibility}}",
+ "vcs": "{{ cookiecutter.vcs }}",
+ "laborHours": [""],
+ "reuseFrequency": {
+ "forks": "{{ cookiecutter.forks }}"
+ },
+ "platforms": [ "{{ cookiecutter.platforms }}" ],
+ "categories": [ "{{ cookiecutter.categories }}" ],
+ "softwareType": "{{ cookiecutter.software_type }}",
+ "languages": [ "{{ cookiecutter.languages }}" ],
+ "maintenance": "{{ cookiecutter.maintenance }}",
+ "contractNumber": "{{ cookiecutter.contract_number }}",
+ "date": [""],
+ "tags": [ "{{ cookiecutter.tags }}" ],
+ "contact": {
+ "email": "{{ cookiecutter.contact_email }}",
+ "name": "{{ cookiecutter.contact_name }}"
+ },
+ "feedbackMechanisms": ["{{ cookiecutter.feedback_mechanisms }}"],
+ "localisation": "{{ cookiecutter.localisation }}",
+ "repositoryType": "{{ cookiecutter.repository_type }}",
+ "userInput": "{{ cookiecutter.user_input }}",
+ "fismaLevel": "{{ cookiecutter.fisma_level }}",
+ "group": "{{ cookiecutter.group }}",
+ "projects": ["{{ cookiecutter.projects }}"],
+ "systems": ["{{ cookiecutter.systems }}"],
+ "upstream": ["{{ cookiecutter.upstream }}"],
+ "subsetInHealthcare": ["{{ cookiecutter.subset_in_healthcare }}"],
+ "userType": ["{{ cookiecutter.user_type }}"],
+ "maturityModelTier": 3
+}
\ No newline at end of file
diff --git a/.github/workflows/auto-changelog.yml b/.github/workflows/auto-changelog.yml
new file mode 100644
index 0000000..b406d84
--- /dev/null
+++ b/.github/workflows/auto-changelog.yml
@@ -0,0 +1,15 @@
+name: Changelog
+on:
+ release:
+ types:
+ - created
+jobs:
+ changelog:
+ runs-on: ubuntu-latest
+ steps:
+ - name: "Auto Generate changelog"
+ uses: heinrichreimer/action-github-changelog-generator@v2.3
+ with:
+
+ token: ${{ secrets.GITHUB_TOKEN }}
+
\ No newline at end of file
diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml
new file mode 100644
index 0000000..fb5b072
--- /dev/null
+++ b/.github/workflows/contributors.yml
@@ -0,0 +1,78 @@
+name: Update Contributors Information
+
+on:
+ workflow_dispatch: {}
+ schedule:
+ # Weekly on Saturdays.
+ - cron: "30 1 * * 6"
+ push:
+ branches: [main]
+
+jobs:
+ update-contributors:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ pull-requests: write
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+
+ - name: Update contributor list
+ id: contrib_list
+ uses: akhilmhdh/contributors-readme-action@v2.3.10
+ env:
+
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ with:
+ readme_path: COMMUNITY.md
+ use_username: false
+ commit_message: "update contributors information"
+
+ - name: Get contributors count
+ id: get_contributors
+ env:
+
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+ run: |
+ OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
+ REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)
+ QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }'
+
+ CONTRIBUTORS=$(gh api \
+ -H "Accept: application/vnd.github+json" \
+ -H "X-GitHub-Api-Version: 2022-11-28" \
+ "/repos/$OWNER/$REPO/contributors?per_page=100" | \
+ jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length')
+
+ echo "Total contributors: $CONTRIBUTORS"
+ echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT
+
+
+ - name: Update COMMUNITY.md
+ run: |
+
+ CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}"
+
+
+ perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md
+
+ git config user.name 'github-actions[bot]'
+ git config user.email 'github-actions[bot]@users.noreply.github.com'
+ git add COMMUNITY.md
+ git commit -m "update contributors count to $CONTRIBUTORS" || exit 0
+
+ - name: Push protected
+ uses: CasperWA/push-protected@v2
+ with:
+
+ token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }}
+
+
+ branch: main
\ No newline at end of file
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
new file mode 100644
index 0000000..94ae3f0
--- /dev/null
+++ b/.github/workflows/gitleaks.yml
@@ -0,0 +1,15 @@
+name: Check for Secrets
+on:
+ pull_request:
+ push:
+
+jobs:
+ scan-for-secrets:
+ name: Run gitleaks
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with: {fetch-depth: 0}
+
+ - name: Check for GitLeaks
+ uses: gacts/gitleaks@v1
\ No newline at end of file
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..77d4f41
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,17 @@
+title = "BB2-PYTHON-SDK Gitleaks Config"
+
+[extend]
+# useDefault will extend the base configuration with the default gitleaks config:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+useDefault = true
+
+[allowlist]
+# Recommended practice is to add your secrets to a regexes array,
+# not to a commits array.
+regexTarget = "match"
+description = "whitelist public and test secrets"
+regexes = [
+ '''a''',
+ '''v''',
+ '''c''',
+]
\ No newline at end of file
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..f0a6d49
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,17 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of the level of experience, gender, gender identity, expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers at opensource@cms.hhs.gov.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+
+## Acknowledgements
+
+This CODE_OF_CONDUCT.md was originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions.
\ No newline at end of file
diff --git a/COMMUNITY.md b/COMMUNITY.md
new file mode 100644
index 0000000..dbe9b97
--- /dev/null
+++ b/COMMUNITY.md
@@ -0,0 +1,85 @@
+# COMMUNITY.md
+
+cms-bb2-python-sdk is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security, and alignment with government standards and agency goals.
+
+## Project Members
+
+| Role | Name | Affiliation |
+| :----- | :------ | :------------- |
+| Maintainer | Jimmy Fagan | Nava PBC |
+| Maintainer | Shivam Tiwari | ICF |
+| Maintainer | Brandon Wang | ICF |
+| Maintainer | Connor Lewellyn | Nava PBC |
+
+## Roles & Responsibilities
+
+The members of cms-bb2-python-sdk community are responsible for guiding its development, ensuring quality standards, and fostering a collaborative environment. They play a vital role in making decisions about code contributions, handling releases, and ensuring the project meets its goals and objectives. Below is a list of the key members and their specific roles and responsibilities. We are eagerly seeking individuals who are interested in joining the community and helping shape and support these roles.
+
+### Maintainers:
+
+- @jimmyfagan
+- @clewellyn-nava
+- @bwang-icf
+- @stiwarisemanticbits
+
+### Approvers:
+
+### Reviewers:
+
+| Roles | Responsibilities | Requirements | Defined by |
+| ---------- | :--------------------------------------------- | :-------------------------------------------------------------------------------- | :-------------------------------------------------------- |
+| member | active contributor in the community | multiple contributions to the project. | PROJECT GitHub org Committer Team |
+| reviewer | review contributions from other members | history of review and authorship in a sub-project | COMMUNITY file reviewer entry, and GitHub Org Triage Team |
+| approver | approve accepting contributions | highly experienced and active reviewer + contributor to a sub-project | COMMUNITY file approver entry and GitHub Triage Team |
+| maintainer | set direction and priorities for a sub-project | demonstrated responsibility and excellent technical judgement for the sub-project | COMMUNITY file owner entry and GitHub Org Admin Team |
+
+## Contributors
+
+
+
+Total number of contributors:
+
+
+
+
+
+### Alumni
+
+We'd like to acknowledge the following individuals for their past contributions of this project:
+
+## cms-bb2-python-sdk Open Source Community Guidelines
+
+This document contains principles and guidelines for participating in the cms-bb2-python-sdk open source community.
+
+### Principles
+
+These principles guide our data, product, and process decisions, architecture, and approach.
+
+- Open means transparent and participatory.
+- We take a modular and modern approach to software development.
+- We build open-source software and open-source process.
+- We value ease of implementation.
+- Fostering community includes building capacity and making our software and processes accessible to participants with diverse backgrounds and skillsets.
+- Data (and data science) is as important as software and process. We build open data sets where possible.
+- We strive for transparency for algorithms and places we might be introducing bias.
+
+### Community Guidelines
+
+All community members are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md).
+
+Information on contributing to this repository is available in our [Contributing file](CONTRIBUTING.md).
+
+When participating in cms-bb2-python-sdk open source community conversations and spaces, we ask individuals to follow the following guidelines:
+
+- When joining a conversation for the first time, please introduce yourself by providing a brief intro that includes:
+ - your related organization (if applicable)
+ - your pronouns
+ - your superpower, and how you hope to use it for cms-bb2-python-sdk
+- Embrace a culture of learning, and educate each other. We are all entering this conversation from different starting points and with different backgrounds. There are no dumb questions.
+- Take space and give space. We strive to create an equitable environment in which all are welcome and able to participate. We hope individuals feel comfortable voicing their opinions and providing contributions and will do our best to recognize and make space for individuals who may be struggling to find space here. Likewise, we expect individuals to recognize when they are taking up significant space and take a step back to allow room for others.
+- Be respectful.
+- Default to positive. Assume others' contributions are legitimate and valuable and that they are made with good intention.
+
+### Acknowledgements
+
+The Community Guidelines sections were originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..a470f37
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,143 @@
+# How to Contribute
+
+
+
+We're so thankful you're considering contributing to an [open source project of
+the U.S. government](https://code.gov/)! If you're unsure about anything, just
+ask -- or submit the issue or pull request anyway. The worst that can happen is
+you'll be politely asked to change something. We appreciate all friendly
+contributions.
+
+We encourage you to read this project's CONTRIBUTING policy (you are here), its
+[LICENSE](LICENSE.md), and its [README](README.md).
+
+## Getting Started
+
+If you're new to the project, look for issues labeled with `good-first-issue` or `help-wanted` to get started. These are typically easier problems that don't require deep knowledge of the codebase.
+
+For more information on how to connect to the API , check out our [developer documentation](https://cmsgov.github.io/bluebutton-developer-help/). You can also check out our [Google Group](https://groups.google.com/forum/#!forum/developer-group-for-cms-blue-button-api) for community discussions.
+
+### Building Dependencies
+
+**System Requirements**
+- npm or yarn
+
+### Building the Project
+
+npm
+
+```bash
+npm install cms-bluebutton-sdk
+```
+
+npm with TypeScript
+
+```bash
+npm install --save-dev @types/cms-bluebutton-sdk
+```
+
+Yarn
+
+```bash
+yarn add cms-bluebutton-sdk
+```
+
+Yarn with TypeScript
+
+```bash
+yarn add --dev @types/cms-bluebutton-sdk
+```
+
+### Workflow and Branching
+
+We follow standard GitHub Flow practices:
+
+1. **Fork the project** (external contributors) or create a branch (internal contributors)
+2. **Check out the `main` branch**
+3. **Create a feature branch** with a descriptive name
+4. **Write code and tests** for your change
+5. **From your branch, make a pull request** against `CMSgov/cms-bb2-python-sdk/main`
+6. **Work with repo maintainers** to get your change reviewed
+7. **Wait for your change to be merged** into `main`
+8. **Delete your feature branch** after successful merge
+
+### Coding Style and Linters
+
+**Style Guidelines:**
+- Write clear, self-documenting code with appropriate comments
+
+**Linting:**
+- Each application has its own linting guidelines
+
+### Writing Issues
+
+When creating an issue, please use this format:
+
+```
+module-name: One line summary of the issue (less than 72 characters)
+
+### Expected behavior
+
+As concisely as possible, describe the expected behavior.
+
+### Actual behavior
+
+As concisely as possible, describe the observed behavior.
+
+### Steps to reproduce the behavior
+
+1. List all relevant steps to reproduce the observed behavior
+2. Include specific API calls, user actions, or configuration
+3. Mention any relevant environment details
+
+### Additional context
+
+- Node version
+- Operating system
+- Any relevant logs or error messages
+```
+
+### Writing Pull Requests
+
+**Pull Request Guidelines:**
+- File pull requests against the `main` branch
+- Include a clear description of changes
+- Reference any related issues
+- Ensure all tests pass
+- Include screenshots for UI changes
+
+## Documentation
+
+We welcome improvements to the project documentation. This includes:
+
+- API documentation updates
+- Setup and configuration guides
+- Developer tutorials
+- Code comments and inline documentation
+
+Please file an [issue](https://github.com/CMSGov/cms-bb2-python-sdk/issues) for documentation improvements or submit a pull request with your changes.
+
+**Documentation Resources:**
+- Developer documentation: https://cmsgov.github.io/bluebutton-developer-help/
+- Current deployment: https://sandbox.bluebutton.cms.gov
+- Community discussions: https://groups.google.com/forum/#!forum/developer-group-for-cms-blue-button-api
+
+## Policies
+
+### Open Source Policy
+
+We adhere to the [CMS Open Source
+Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any
+questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
+
+### Security and Responsible Disclosure Policy
+
+_Submit a vulnerability:_ Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+
+For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
+
+## Public domain
+
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+
+All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
new file mode 100644
index 0000000..1eab628
--- /dev/null
+++ b/GOVERNANCE.md
@@ -0,0 +1,3 @@
+# Governance
+
+This project is governed by our [Community Guidelines](COMMUNITY.md) and [Code of Conduct](CODE_OF_CONDUCT.md).
diff --git a/README.md b/README.md
index d3c9c71..dcdfe98 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,58 @@
-# Python SDK for Blue Button 2.0 API
+Python SDK for Blue Button 2.0 API
+=====================================================
+
+## Project Description
This Python software development kit (SDK) provides tools and resources for developers integrating with the [CMS Blue Button 2.0 (BB2.0) API](https://bluebutton.cms.gov/developers/).
+## About the Project
+The [Blue Button 2.0 API](https://bluebutton.cms.gov/) provides Medicare enrollee claims data to applications using the [OAuth2.0 authorization flow](https://datatracker.ietf.org/doc/html/rfc6749). We aim to provide a developer-friendly, standards-based API that enables people with Medicare to connect their claims data to the applications, services, and research programs they trust.
+
+## Project Vision
+The Python SDK helps third-party partners to develop applications that integrate with BlueButton using Python
+
+
+
+## Agency Mission
+The Centers for Medicare & Medicaid Services (CMS) is working to enable Medicare beneficiaries to securely share their health data with applications of their choice through standards-based APIs.
-# Table of Contents
+
-- [Prerequisites](#prerequisites)
+## Core Team
+A list of core team members responsible for the code and documentation in this repository can be found in [COMMUNITY.md](COMMUNITY.md).
+
+## Documentation Index:
+- `README.md` - This file, containing setup and usage instructions
+- `CONTRIBUTING.md` - Guidelines for contributing to the project
+- `COMMUNITY.md` - Community guidelines and code of conduct
+- `SECURITY.md` - Security and vulnerability disclosure policies
+- `LICENSE` - Creative Commons Zero v1.0 Universal
+
+### Table of Contents
+
+- [Local Development](#local-dev)
+- [Setup](#setup)
- [Installation](#installation)
- [Configuration Parameters](#configuration-parameters)
- [Configuration Methods](#configuration-methods)
- [Usage](#usage)
- [Sample App](#sample-app)
- [About](#about)
-- [License](#license)
+- [Policies](#policies)
+- [Public Domain](#public-domain)
- [Security](#security)
-- [Help and Support](#help)
+- [Feedback](#feedback)
+# Local Development
+
+## Repository Structure
+```
+âââ cms_bluebutton
+â âââ tests
+â âââ fixtures
+â âââ test_configs
+```
-## Prerequisites
+## Setup
You'll need a sandbox account and sample access token to access data from the Blue Button 2.0 API.
@@ -309,13 +345,32 @@ if __name__ == '__main__':
For a complete Python React sample app, see [CMS Blue Button Python Sample App](https://github.com/CMSgov/bluebutton-sample-client-python-react).
+# Policies
-## About the Blue Button 2.0 API
+## Development and Software Delivery Lifecycle
-The [Blue Button 2.0 API](https://bluebutton.cms.gov/) provides Medicare enrollee claims data to applications using the [OAuth2.0 authorization flow](https://datatracker.ietf.org/doc/html/rfc6749). We aim to provide a developer-friendly, standards-based API that enables people with Medicare to connect their claims data to the applications, services, and research programs they trust.
+The following guide is for members of the project team who have access to the repository as well as code contributors. The main difference between internal and external contributions is that external contributors will need to fork the project and will not be able to merge their own pull requests. For more information on contributing, see: [CONTRIBUTING.md](./CONTRIBUTING.md).
+
+## Contributing
+
+Thank you for considering contributing to an Open Source project of the US Government! For more information about our contribution guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## Branching Model
-## License
-The CMS Blue Button 2.0 Python SDK is licensed under the Creative Commons Zero v1.0 Universal. For more details, see [License](https://github.com/CMSgov/cms-bb2-python-sdk/blob/main/LICENSE).
+This project follows standard GitHub flow practices:
+
+* Make changes in feature branches and merge to `main` frequently
+* Pull-requests are reviewed before merging
+* Tests should be written for changes introduced
+* Each change should be deployable to production
+
+## Governance
+For more information about our governance, see [GOVERNANCE.md](GOVERNANCE.md).
+
+## Public Domain
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).
+
+All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
## Security
We do our best to keep our SDKs up to date with vulnerability patching and security testing, but you are responsible for your own review and testing before implementation.
@@ -323,6 +378,5 @@ We do our best to keep our SDKs up to date with vulnerability patching and secur
To report vulnerabilities, please see the [CMS Vulnerability Disclosure Policy](https://www.cms.gov/vulnerability-disclosure-policy) and follow the directions for reporting.
-## Help and Support
-
+## Feedback
Got questions? Need help troubleshooting? Want to propose a new feature? Contact the Blue Button 2.0 team and connect with the community in our [Google Group](https://groups.google.com/forum/#!forum/Developer-group-for-cms-blue-button-api).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..07342ef
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security and Responsible Disclosure Policy
+
+The Centers for Medicare & Medicaid Services is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith.
+
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+
+Review the HHS Disclosure Policy and websites in scope:
+[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
+
+This policy describes *what systems and types of research* are covered under this
+policy, *how to send* us vulnerability reports, and *how long* we ask security
+researchers to wait before publicly disclosing vulnerabilities.
\ No newline at end of file
diff --git a/code.json b/code.json
new file mode 100644
index 0000000..bc9a6f8
--- /dev/null
+++ b/code.json
@@ -0,0 +1,79 @@
+{
+ "name": "cms-bb2-python-sdk",
+ "description": "Python SDK for wworking with BlueButton API",
+ "longDescription": "This Python software development kit (SDK) provides tools and resources for developers integrating with the CMS Blue Button 2.0 (BB2.0) API.",
+ "status": "production",
+ "permissions": {
+ "licenses": [
+ {
+ "URL": "LICENSE",
+ "name": "CC0-1.0"
+ }
+ ],
+ "usageType": "openSource"
+ },
+ "organization": "Centers for Medicare & Medicaid Services",
+ "repositoryURL": "https://github.com/CMS/cms-bb2-python-sdk",
+ "repositoryHost": "github.com/CMSgov",
+ "repositoryVisibility": "public",
+ "vcs": "git",
+ "laborHours": null,
+ "reuseFrequency": {
+ "forks": 0
+ },
+ "platforms": [
+ "windows",
+ "mac",
+ "linux",
+ "web"
+ ],
+ "categories": [
+ "it-development",
+ "application-development"
+ ],
+ "softwareType": "library",
+ "languages": [
+ "python"
+ ],
+ "maintenance": "internal",
+ "contractNumber": "0",
+ "date": {
+ "created": "2022-02-01T16:01:23-05:00",
+ "lastModified": "2025-09-09T13:47:11+0000",
+ "metadataLastUpdated": "2025-09-09T13:47:11+0000"
+ },
+ "tags": [
+ "python",
+ "sdk",
+ "bluebutton"
+ ],
+ "contact": {
+ "email": "jimmyfagan@navapbc.com",
+ "name": "Jimmy Fagan"
+ },
+ "feedbackMechanisms": [
+ "https://github.com/CMS/cms-bb2-python-sdk/issues"
+ ],
+ "localisation": "true",
+ "repositoryType": "Libraries",
+ "userInput": "No",
+ "fismaLevel": "Low",
+ "group": "CMS/OEDA/DASG",
+ "projects": [
+ "BlueButton"
+ ],
+ "systems": [
+ "BlueButton"
+ ],
+ "upstream": [
+ "https://github.com/CMSgov/cms-bb2-python-sdk/network/dependencies"
+ ],
+ "subsetInHealthcare": [
+ "Operational",
+ "Medicare"
+ ],
+ "userType": [
+ "Providers"
+ ],
+ "maturityModelTier": 3
+}
\ No newline at end of file