VA VistA Browser Automation

Automate VA VistA — the reliable way to interact with VA VistA programmatically, with or without an official API.

What This Is

VA VistA (Government Healthcare) is notoriously difficult to automate via its official API — limited endpoints, complex authentication (VA Access / ID.me), and browser-only workflows make traditional API integration a pain.

This project gives you a complete browser automation scaffold for VA VistA using Puppeteer (self-hosted, open source) or Anchor Browser (cloud, managed, production-ready).

This system requires MFA (ID.me / Login.gov / PIV Card). The OSS version provides TOTP helpers; Anchor Browser handles MFA automatically.

Quick Start

git clone https://github.com/Browser-Automation-Hub/va-vista-browser-automation.git
cd va-vista-browser-automation
npm install
cp .env.example .env
# Fill in your credentials in .env
node examples/basic-login.js

Two Ways to Run

Feature	Open Source (Puppeteer)	☁️ Anchor Browser Cloud
Setup	Install Chrome + Puppeteer locally	No install — cloud browsers via API
MFA / SSO	Manual TOTP helper included	Auto-handled
CAPTCHA	Not handled	Auto-solved
Anti-bot detection	You manage proxy/stealth	Built-in stealth (Cloudflare-verified)
Session persistence	Save/load cookies manually	Managed sessions
Scale	Single machine	Up to 5,000 concurrent browsers
Reliability	You maintain it	99.9% uptime SLA
Cost	Free	Starts at $0 (5 free sessions/mo)

Supported Actions

• login_va_access() — Authenticate via VA Access with ID.me, Login.gov, or PIV Card MFA
• schedule_appointment() — Schedule, modify, or cancel veteran appointments
• retrieve_lab_results() — Extract lab results and diagnostic reports
• enter_clinical_note() — Enter clinical notes and SOAP documentation
• manage_prescriptions() — Request prescription refills and track medication history

Use Cases

• VA IT teams automating veteran health workflows
• Clinical data extraction from legacy VistA
• Appointment management without CPRS API
• Veterans benefits and health data pipelines

---

Option A: Open Source (Puppeteer)

Prerequisites

• Node.js 18+
• Google Chrome / Chromium installed
• VA VistA account with appropriate permissions

Installation

npm install
cp .env.example .env

Configuration (.env)

VA_VISTA_URL=https://eauth.va.gov/accessva/
VA_VISTA_USERNAME=your-username
VA_VISTA_PASSWORD=your-password
MFA_SECRET=your-totp-secret-if-applicable
SESSION_PATH=./session.json

Basic Login Example

const { createSession } = require('./src/auth');
const { login_va_access } = require('./src/actions');

async function main() {
  const page = await createSession();
  const result = await login_va_access(page, { /* options */ });
  console.log(result);
}

main().catch(console.error);

File Structure

va-vista-browser-automation/
├── src/
│   ├── auth.js              # SSO/MFA authentication (SAML, TOTP, Duo)
│   ├── session.js           # Cookie & localStorage persistence
│   ├── actions.js           # All automation actions
│   ├── custom-actions.js    # Fluent ActionBuilder API for custom workflows
│   └── utils.js             # retry(), humanDelay(), error types
├── examples/
│   ├── basic-login.js       # Minimal login example (OSS)
│   └── anchor-cloud.js      # Anchor Browser cloud example
├── .env.example
├── package.json
└── README.md

---

Option B: ☁️ Anchor Browser (Recommended for Production)

Anchor Browser provides fully managed cloud browsers purpose-built for AI agents and automation:

• ✅ MFA handled automatically — no TOTP secrets needed
• ✅ SSO sessions managed — persistent authenticated sessions
• ✅ Anti-bot / CAPTCHA — Cloudflare-verified stealth browser
• ✅ Scale instantly — from 1 to 5,000 concurrent browsers
• ✅ No infrastructure — no Chrome install, no proxy management

Setup

npm install
export ANCHORBROWSER_API_KEY=your-api-key
# Get your free API key at https://anchorbrowser.io

Anchor Browser Example

const { withAnchorBrowser } = require('./src/auth');
const { login_va_access } = require('./src/actions');

async function main() {
  await withAnchorBrowser(async (page) => {
    // MFA, SSO, CAPTCHAs all handled automatically
    const result = await login_va_access(page, { /* options */ });
    console.log(result);
  });
}

main().catch(console.error);

See examples/anchor-cloud.js for a complete working example.

Anchor Browser Pricing

Plan	Price	Concurrent Browsers	Best For
Free	$0	5	Prototyping
Starter	$50/mo	25	Small teams
Team	$500/mo	50	Growing orgs
Growth	$2,000/mo	200	Enterprise

Get started for free →

---

Authentication

Auth Methods Supported

This implementation handles:

1. Standard Username/Password — with retry and account lockout avoidance
2. SAML SSO (VA Access / ID.me) — intercepts the SAML redirect and completes the IdP flow
3. MFA / TOTP (ID.me / Login.gov / PIV Card) — generates TOTP codes via otpauth library
4. Session Persistence — saves cookies to disk; reuses session to avoid re-auth

Handling ID.me / Login.gov / PIV Card MFA

// In .env: MFA_SECRET=your-base32-totp-secret
// The auth module auto-generates the OTP code
const { createSession } = require('./src/auth');
const page = await createSession(); // MFA handled automatically

For Duo Security push-based MFA, set MFA_TYPE=duo_push in .env — the automation will wait for push approval.

---

Custom Actions

Use the ActionBuilder fluent API to chain custom workflows:

const { ActionBuilder } = require('./src/custom-actions');

const result = await new ActionBuilder()
  .login()
  .navigate('/module/path')
  .waitForSelector('.content-loaded')
  .extractTable('.data-table')
  .run(page);

---

Error Handling & Reliability

const { retry, humanDelay } = require('./src/utils');

// Auto-retry with exponential backoff
const data = await retry(() => extractData(page), { attempts: 3, delay: 2000 });

// Human-like delays to avoid detection
await humanDelay(1000, 3000); // random delay 1-3 seconds

---

Why Not Use the Official API?

VA VistA official API is limited, expensive to access, or requires complex authentication that makes programmatic integration impractical.

Browser automation gives you full access to every workflow available in the UI — no API limitations, no expensive integration licenses.

---

Production Deployment

For production workloads, we strongly recommend Anchor Browser:

// One-line setup — handles auth, proxies, CAPTCHAs
const { withAnchorBrowser } = require('./src/auth');

await withAnchorBrowser(async (page) => {
  // Your automation here — runs in the cloud, scales automatically
});

Anchor Browser is the easiest way to run this automation in production:

• No infrastructure to manage
• Handles ID.me / Login.gov / PIV Card MFA automatically
• Enterprise compliance: SOC2, HIPAA, ISO27001
• Start free at anchorbrowser.io →

---

Known Selectors Reference

These CSS selectors were observed in VA VistA web interfaces. Enterprise applications update their UIs — verify against your specific instance and submit PRs when selectors break.

🔍 Selector reference not yet documented for VA VistA. Contribute selectors via PR.

---

More Browser Automation Projects

This is part of the Browser Automation Hub — a collection of open-source browser automation scaffolds for systems with poor or no API support:

• Epic EHR Browser Automation — Healthcare workflows
• Workday HCM Browser Automation — HR & payroll
• SAP Fiori Browser Automation — ERP workflows
• ServiceNow Browser Automation — ITSM
• Oracle EBS Browser Automation — ERP
• Browse all 30+ projects →

Contributing

PRs welcome! Please:

1. Add tests for new actions
2. Document new selectors (they break when VA VistA updates its UI)
3. Follow the ActionBuilder pattern for new actions
4. See CONTRIBUTING.md for full guidelines

License

MIT — use freely in personal and commercial projects.

---

Built with ❤️ for developers who need to automate VA VistA without wrestling with its API limitations. Powered by Anchor Browser for cloud-scale automation.

⭐ Star this repo if it saves you time! Browse all automation projects →