Medplum Monthly Update - January 2026
January was a packed month for Medplum. We shipped three patch releases (v5.0.11, v5.0.12, v5.0.13), published the 2026 Roadmap, and landed over 100 commits from 20+ contributors. The biggest themes this month were scheduling, the Provider app, and site reliability — all directly advancing our 2026 roadmap priorities.
Features
Provider App: Spaces, Messaging, and Tasks
The Provider app saw major improvements across messaging, task management, and the new Spaces experience. This work advances the Provider Application roadmap goal of expanding available workflows.
- Spaces streaming and buffered support — real-time communication with both streaming and buffered message delivery
- Server-Sent Events bot implementation — SSE support for bots, enabling real-time AI-powered interactions
- Messaging improvements — URL support in the inbox, participant filtering, and topic-based threading for Communications
- Task management — auto-selection when the task list is empty, priority display for better triage
- Navbar updates for both Medplum and Provider apps by Kevin Wadeshaw, plus a new Get Started page
Scheduling: $find and $book Operations
The most significant feature work this month was a ground-up buildout of FHIR-native scheduling operations. This directly supports the Scheduling initiative on our 2026 roadmap, where we committed to self-scheduling, advanced availability management, and resource scheduling.
$findoperation for querying available slots on a single Schedule resource, now with unique slot identifiers and timezone support (scheduling docs)$bookoperation for creating Appointments through a FHIR operation, with a first pass on the Provider UI booking flow- Provider Calendar refactor to support the new scheduling operations
- Timezone support in
SchedulingParams, enabling scheduling across time zones - New search parameters for
ActivityDefinition.code,Communication.priority, andProjectMembership.active
These operations give developers a clean, standards-based API for building patient self-scheduling and staff scheduling workflows — a capability that has been one of our most requested features.
System-Level Custom FHIR Operations
Developers can now define custom FHIR operations at the system level, not just per-resource. This is a key building block for the Integrations & Plugins roadmap initiative, enabling more flexible bot-powered workflows and custom API endpoints.
FHIR Operations and Terminology
- Patient
$summaryoperation with updated$everythingdocumentation - ConceptMap import and comprehensive terminology operations documentation
- New authentication and security operations and resource validation operations
- X-FHIR-Query support in SDC
$extract— enables dynamic queries in Structured Data Capture extraction, improving form-based data capture workflows - Display language overrides in
ValueSet/$expandandCodeSystem/$validate-code— supports multilingual terminology services, which is important for international deployments
Site Reliability and Infrastructure
These changes support the Enterprise Scale & Infrastructure roadmap priority of handling growing platform traffic.
- Reserved database connections for healthcheck — prevents health checks from being starved during high load
- Redis failover error handling in BullMQ workers — improves resilience during Redis cluster failovers
- Skip caching on write for AuditEvent resources — reduces memory pressure for high-volume audit logging
- Tracing extensions on OperationOutcome — better observability for debugging production issues
- ReindexJob configuration enhancements — more control over reindexing for large datasets
- Per-resourceType padding configuration — fine-grained tuning of array padding for storage optimization
- Array padding calculator — tooling to help determine optimal padding settings
- Automatic pre/post deploy migration generation — streamlines the database migration workflow for self-hosted deployments
Security and Access Control
- Inactive ProjectMembership disables access tokens — when a membership is set to inactive, associated tokens are immediately invalidated (access control docs) (Matt Willer)
- Subscription Bot execution respects ProjectMembership — ensures subscriptions run in the correct membership context (Matt Willer)
- On-behalf-of header support with proper cache disabling (Maddy Li, Cody Ebberson)
SDK and Developer Experience
client.post<T>generic type annotation for better TypeScript ergonomics (Noah Silas)- Nested connections in GraphQL (Maddy Li)
- Configurable base64 caps in core (Sakshum Gadyal)
- Abort signal support for
sleepto allow request cancellation (Mirza Kapetanovic) - Subscription AuditEvent destination extension for routing audit events (Rahul Agarwal)
AI and MCP
Advancing our AI roadmap initiative:
- MCP server updated to replace deprecated methods, keeping Medplum's Model Context Protocol support current (Noah Silas)
- AI operation documentation added (AI operation docs)
Documentation
A significant documentation effort this month improved coverage across the Provider app, scheduling, self-hosting, the Medplum Agent, and compliance.
Provider
- Provider app docs updated (Provider app guide)
- Updated charting documentation
- Revamped multi-tenancy documentation (multi-tenancy identity providers)
- Scheduling docs: availability time zones,
$findbeta status,SchedulingParametersduration param (scheduling docs) - DoseSpot enrollment documentation: how to enroll users with the Enroll Prescriber Bot (medications docs)
- AccessPolicy requirements for Bulk Export API (API docs)
- Observation.valueSampledData documentation
Self-Hosting and Operations
- Self-hosting best practices docs (self-hosting guide)
- AWS Lambda bots on localhost guide (Bots docs)
- Node.js version requirement updated to 22+ (self-hosting guide)
- Docker Compose persistence and restart policies improved
Medplum Agent
The Medplum Agent is an application that runs inside your firewall and connects to devices over low-level protocols such as HL7/MLLP, ASTM, and DICOM, bridging them to the cloud via secure HTTPS WebSocket channels. This month the Agent docs received several updates:
- Minimal access policy for Agent documented
- Enhanced mode
aaModedocumented - Section on deactivating memberships added
Additional Docs
- Integration tables organized into logical groups (integrations overview)
- Terminology services: translated display strings documentation (terminology services guide)
- Compliance documentation and CHPL listing updated for V5 (compliance overview)
- 2026 Roadmap published (2026 roadmap)
Bug Fixes
Forms and UI
- Fixed repeatable items in
QuestionnaireForm - Fixed dark mode on the visit details page
- Fixed color inheritance issue (dark to inherit)
- Updated diagnoses binding URL in OrderLabsPage
Server and API
- Fixed SQL error in date array search parameters
- Fixed search by POST issue via body-parser update
- Fixed CCDA timezone offset conversion to FHIR format (Amanda McGivern)
- Fixed
validateResourceargument merging - Fixed consistent
storageBaseUrlgeneration with/binary/path (Jim Fiorato) - Fixed out-of-order query results in
useSearch - Fixed too-many-requests error re-wrapping in
fetchTokens
Agent
pushToAgentnow returns on first ACK by default- Added logging for enhanced mode acknowledgments
Infrastructure
- Fixed Docker Compose full-stack config after hardened images
- Added persistence to Docker Compose files (Matthew Raspberry)
- Fixed database connection release during seeding
- Fixed Spaces message persistence
Releases
Looking Ahead
January's scheduling work sets the stage for the self-scheduling and resource scheduling features planned for 2026. The Provider app's Spaces and streaming capabilities are moving us closer to a production-ready provider experience. On the infrastructure side, the Redis failover handling and database connection improvements directly support enterprise-scale deployments.
Join us on Discord to share feedback or follow along on GitHub.