@fhirfly-io/shl 0.3.2 → 0.5.0

package/dist/chunk-H37YQWF2.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/types.ts","../src/server/handler.ts"],"names":["createHash","timingSafeEqual"],"mappings":";;;;;AA6EO,SAAS,mBAAmB,OAAA,EAAwD;AACzF,EAAA,OAAO,OAAQ,QAA6B,QAAA,KAAa,UAAA;AAC3D;ACxCO,SAAS,cACd,MAAA,EACmD;AACnD,EAAA,MAAM,EAAE,OAAA,EAAS,QAAA,EAAS,GAAI,MAAA;AAC9B,EAAA,MAAM,WAAA,GAAc,kBAAA,CAAmB,MAAA,CAAO,IAAI,CAAA;AAElD,EAAA,OAAO,OAAO,GAAA,KAAkD;AAE9D,IAAA,IAAI,GAAA,CAAI,WAAW,SAAA,EAAW;AAC5B,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS,EAAE,GAAG,WAAA,EAAY;AAAA,QAC1B,IAAA,EAAM;AAAA,OACR;AAAA,IACF;AAGA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,QAAQ,EAAE,CAAA;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AAE/C,IAAA,IAAI,QAAA;AAGJ,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,GAAA,CAAI,WAAW,MAAA,EAAQ;AAClD,MAAA,QAAA,GAAW,MAAM,cAAA,CAAe,QAAA,CAAS,CAAC,CAAA,EAAI,GAAA,EAAK,SAAS,QAAQ,CAAA;AAAA,IACtE,WAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,GAAA,CAAI,WAAW,KAAA,EAAO;AACtD,MAAA,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,CAAS,CAAC,CAAA,EAAI,GAAA,EAAK,SAAS,QAAQ,CAAA;AAAA,IAC1E,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,SAAA,IAAa,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACnF,MAAA,QAAA,GAAW,MAAM,aAAA,CAAc,QAAA,CAAS,CAAC,GAAI,OAAO,CAAA;AAAA,IACtD,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,YAAA,IAAgB,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACtF,MAAA,QAAA,GAAW,MAAM,iBAAiB,QAAA,CAAS,CAAC,GAAI,QAAA,CAAS,CAAC,GAAI,OAAO,CAAA;AAAA,IACvE,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,SAAA,IAAa,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACnF,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qDAAqD,CAAA;AAAA,IAC7F,CAAA,MAAA,IACS,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,YAAA,IAAgB,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACtF,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,wDAAwD,CAAA;AAAA,IAChG,CAAA,MACK;AACH,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,aAAa,CAAA;AAAA,IACrD;AAGA,IAAA,QAAA,CAAS,UAAU,EAAE,GAAG,QAAA,CAAS,OAAA,EAAS,GAAG,WAAA,EAAY;AACzD,IAAA,OAAO,QAAA;AAAA,EACT,CAAA;AACF;AAGA,SAAS,mBAAmB,IAAA,EAAwD;AAClF,EAAA,IAAI,IAAA,KAAS,KAAA,EAAO,OAAO,EAAC;AAC5B,EAAA,MAAM,CAAA,GAAgB,QAAQ,EAAC;AAC/B,EAAA,OAAO;AAAA,IACL,6BAAA,EAA+B,EAAE,MAAA,IAAU,GAAA;AAAA,IAC3C,8BAAA,EAAgC,EAAE,OAAA,IAAW,oBAAA;AAAA,IAC7C,8BAAA,EAAgC,EAAE,OAAA,IAAW;AAAA,GAC/C;AACF;AAEA,eAAe,cAAA,CACb,KAAA,EACA,GAAA,EACA,OAAA,EACA,QAAA,EAC0B;AAE1B,EAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,cAAA,CAAgB,CAAA;AAC/D,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,eAAA,GAAsC,IAAA;AAC1C,EAAA,IAAI,kBAAA,GAAkE,IAAA;AACtE,EAAA,MAAM,OAAA,GAAW,IAAI,IAAA,IAAQ,OAAO,IAAI,IAAA,KAAS,QAAA,GAAW,GAAA,CAAI,IAAA,GAAO,EAAC;AACxE,EAAA,MAAM,gBAAA,GAAmB,OAAO,OAAA,CAAQ,UAAU,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAU,CAAA,GAAI,MAAA;AAEzF,EAAA,eAAA,GAAkB,MAAM,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,QAAA,KAAa;AAElE,IAAA,IAAI,SAAS,SAAA,EAAW;AACtB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAC7C,MAAA,IAAI,SAAA,CAAU,OAAA,EAAQ,IAAK,IAAA,CAAK,KAAI,EAAG;AACrC,QAAA,kBAAA,GAAqB,SAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,MAAM,YAAA,GAAe,SAAS,WAAA,IAAe,CAAA;AAC7C,IAAA,IAAI,QAAA,CAAS,WAAA,KAAgB,MAAA,IAAa,YAAA,IAAgB,SAAS,WAAA,EAAa;AAC9E,MAAA,kBAAA,GAAqB,WAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,QAAA,kBAAA,GAAqB,UAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,YAAA,GAAeA,kBAAW,QAAQ,CAAA,CAAE,OAAO,gBAAgB,CAAA,CAAE,OAAO,KAAK,CAAA;AAC/E,MAAA,MAAM,aAAa,QAAA,CAAS,QAAA;AAC5B,MAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA;AAClC,MAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAEhC,MAAA,IAAI,CAAA,CAAE,WAAW,CAAA,CAAE,MAAA,IAAU,CAACC,sBAAA,CAAgB,CAAA,EAAG,CAAC,CAAA,EAAG;AACnD,QAAA,kBAAA,GAAqB,UAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,OAAO;AAAA,MACL,GAAG,QAAA;AAAA,MACH,aAAa,YAAA,GAAe;AAAA,KAC9B;AAAA,EACF,CAAC,CAAA;AAGD,EAAA,IAAI,uBAAuB,SAAA,EAAW;AACpC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,mBAAmB,CAAA;AAAA,EACvD;AACA,EAAA,IAAI,uBAAuB,WAAA,EAAa;AACtC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,IAAI,uBAAuB,UAAA,EAAY;AACrC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,oBAAoB,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,oBAAoB,IAAA,EAAM;AAC5B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,MAAM,SAAA,GAAY,OAAO,GAAA,CAAI,KAAA,GAAQ,WAAW,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,WAAW,CAAA,GAAI,MAAA;AAC1F,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,KAAA;AAAA,IACA,WAAA,EAAa,gBAAgB,WAAA,IAAe,CAAA;AAAA,IAC5C,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,IAAA,EAAM,UAAA;AAAA,IACN,GAAI,SAAA,GAAY,EAAE,SAAA,KAAc;AAAC,GACnC;AACA,EAAA,IAAI,QAAA,EAAU;AAEZ,IAAA,OAAA,CAAQ,QAAQ,QAAA,CAAS,WAAW,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAA,CAAQ,OAAA,CAAQ,QAAQ,QAAA,CAAS,KAAA,EAAO,WAAW,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,WAAA,KAAgB,QAAA,GACvC,cACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,WAAW,CAAA;AACxC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAEvC,EAAA,OAAO,YAAA,CAAa,KAAK,QAAQ,CAAA;AACnC;AAEA,eAAe,kBAAA,CACb,KAAA,EACA,GAAA,EACA,OAAA,EACA,QAAA,EAC0B;AAE1B,EAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,cAAA,CAAgB,CAAA;AAC/D,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAEA,EAAA,MAAM,WAAA,GAAc,OAAO,WAAA,KAAgB,QAAA,GAAW,cAAc,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,WAAW,CAAA;AACxG,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAGvC,EAAA,IAAI,QAAA,CAAS,SAAS,QAAA,EAAU;AAC9B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,uDAAuD,CAAA;AAAA,EAC3F;AAGA,EAAA,IAAI,kBAAA,GAAqD,IAAA;AACzD,EAAA,MAAM,kBAAkB,MAAM,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,KAAY;AACvE,IAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAA;AAC5C,MAAA,IAAI,SAAA,CAAU,OAAA,EAAQ,IAAK,IAAA,CAAK,KAAI,EAAG;AACrC,QAAA,kBAAA,GAAqB,SAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,QAAQ,WAAA,IAAe,CAAA;AAC5C,IAAA,IAAI,OAAA,CAAQ,WAAA,KAAgB,MAAA,IAAa,YAAA,IAAgB,QAAQ,WAAA,EAAa;AAC5E,MAAA,kBAAA,GAAqB,WAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO;AAAA,MACL,GAAG,OAAA;AAAA,MACH,aAAa,YAAA,GAAe;AAAA,KAC9B;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAI,uBAAuB,SAAA,EAAW;AACpC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,mBAAmB,CAAA;AAAA,EACvD;AACA,EAAA,IAAI,uBAAuB,WAAA,EAAa;AACtC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,IAAI,oBAAoB,IAAA,EAAM;AAC5B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,MAAM,SAAA,GAAY,OAAO,GAAA,CAAI,KAAA,GAAQ,WAAW,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,WAAW,CAAA,GAAI,MAAA;AAC1F,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,KAAA;AAAA,IACA,WAAA,EAAa,gBAAgB,WAAA,IAAe,CAAA;AAAA,IAC5C,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,IAAA,EAAM,QAAA;AAAA,IACN,GAAI,SAAA,GAAY,EAAE,SAAA,KAAc;AAAC,GACnC;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,OAAA,CAAQ,QAAQ,QAAA,CAAS,iBAAiB,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAA,CAAQ,OAAA,CAAQ,QAAQ,QAAA,CAAS,KAAA,EAAO,iBAAiB,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC5E;AAGA,EAAA,MAAM,UAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,YAAA,CAAc,CAAA;AACzD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAAW,UAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AAErF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAe,aAAA,CACb,OACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,UAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,YAAA,CAAc,CAAA;AACzD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAC5B,UACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AAEpC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAe,gBAAA,CACb,KAAA,EACA,KAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,GAAG,KAAK,CAAA,YAAA,EAAe,KAAK,CAAA,IAAA,CAAM,CAAA;AACrE,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,wBAAwB,CAAA;AAAA,EAC5D;AACA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAC5B,UACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AACpC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,YAAA,CAAa,QAAgB,IAAA,EAAgC;AACpE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,GAC3B;AACF","file":"chunk-H37YQWF2.cjs","sourcesContent":["// Copyright 2026 FHIRfly.io LLC. All rights reserved.\n// Licensed under the MIT License. See LICENSE file in the project root.\nimport type { SHLStorage, SHLMetadata } from \"../shl/types.js\";\n\n/**\n * Framework-agnostic incoming request.\n */\nexport interface HandlerRequest {\n  /** HTTP method (uppercase) */\n  method: string;\n  /** Path relative to mount point, e.g., \"/{shlId}\" or \"/{shlId}/content\" */\n  path: string;\n  /** Parsed JSON body (for POST requests) */\n  body?: unknown;\n  /** Request headers (lowercase keys) */\n  headers: Record<string, string | undefined>;\n  /** Query parameters (e.g., { recipient: \"Dr. Smith\" }) */\n  query?: Record<string, string | undefined>;\n}\n\n/**\n * Framework-agnostic outgoing response.\n */\nexport interface HandlerResponse {\n  /** HTTP status code */\n  status: number;\n  /** Response headers */\n  headers: Record<string, string>;\n  /** Response body (string for JSON, Uint8Array for binary) */\n  body: string | Uint8Array;\n}\n\n/**\n * Extended storage interface for server-side operations.\n *\n * Adds `read` and `updateMetadata` to the base `SHLStorage` interface.\n * Server storage needs to read files and atomically update metadata\n * (e.g., increment access counts).\n */\nexport interface SHLServerStorage extends SHLStorage {\n  /** Read a file by key. Returns null if not found. */\n  read(key: string): Promise<string | Uint8Array | null>;\n\n  /**\n   * Atomically read-modify-write metadata for an SHL.\n   *\n   * The `updater` function receives the current metadata and returns\n   * the updated metadata (or `null` to signal no update should occur).\n   *\n   * @param shlId - The SHL identifier\n   * @param updater - Function that transforms metadata\n   * @returns The updated metadata, or null if the SHL was not found or updater returned null\n   */\n  updateMetadata(\n    shlId: string,\n    updater: (current: SHLMetadata) => SHLMetadata | null,\n  ): Promise<SHLMetadata | null>;\n}\n\n/**\n * Extended storage interface that includes audit logging.\n *\n * When a storage backend implements `AuditableStorage`, the server handler\n * will automatically call `onAccess()` after each successful retrieval.\n * This is in addition to the `onAccess` callback on `SHLHandlerConfig`.\n *\n * Existing `SHLServerStorage` implementations continue to work unchanged —\n * audit logging is opt-in.\n */\nexport interface AuditableStorage extends SHLServerStorage {\n  /** Called after each successful SHL retrieval. */\n  onAccess(shlId: string, event: AccessEvent): Promise<void>;\n}\n\n/**\n * Type guard: checks if a storage backend implements AuditableStorage.\n */\nexport function isAuditableStorage(storage: SHLServerStorage): storage is AuditableStorage {\n  return typeof (storage as AuditableStorage).onAccess === \"function\";\n}\n\n/**\n * CORS configuration for the SHL server handler.\n *\n * By default, the handler adds permissive CORS headers to all responses\n * so that browser-based SHL viewers can access self-hosted servers.\n * Set `cors: false` to disable, or provide an object to customize.\n */\nexport interface CorsConfig {\n  /** Allowed origin(s). Default: `\"*\"` */\n  origin?: string;\n  /** Allowed methods. Default: `\"GET, POST, OPTIONS\"` */\n  methods?: string;\n  /** Allowed headers. Default: `\"Content-Type, Authorization\"` */\n  headers?: string;\n}\n\n/**\n * Configuration for the SHL server handler.\n */\nexport interface SHLHandlerConfig {\n  /** Server storage backend (must implement SHLServerStorage) */\n  storage: SHLServerStorage;\n\n  /**\n   * Optional callback invoked on each successful manifest access.\n   * Useful for logging, analytics, or custom access control.\n   */\n  onAccess?: (event: AccessEvent) => void | Promise<void>;\n\n  /**\n   * CORS configuration. Defaults to permissive headers (`Access-Control-Allow-Origin: *`).\n   * Set to `false` to disable CORS headers entirely.\n   */\n  cors?: CorsConfig | false;\n}\n\n/**\n * Event emitted on each successful manifest access.\n */\nexport interface AccessEvent {\n  /** The SHL identifier */\n  shlId: string;\n  /** Current access count (after increment) */\n  accessCount: number;\n  /** Timestamp of the access */\n  timestamp: Date;\n  /** Recipient identifier from query parameter (e.g., provider name) */\n  recipient?: string;\n  /** Retrieval mode used for this access */\n  mode?: \"manifest\" | \"direct\";\n}\n","// Copyright 2026 FHIRfly.io LLC. All rights reserved.\n// Licensed under the MIT License. See LICENSE file in the project root.\nimport type {\n  HandlerRequest,\n  HandlerResponse,\n  SHLHandlerConfig,\n  CorsConfig,\n} from \"./types.js\";\nimport { isAuditableStorage } from \"./types.js\";\nimport type { SHLMetadata, Manifest } from \"../shl/types.js\";\nimport { createHash, timingSafeEqual } from \"node:crypto\";\n\n/**\n * Create a framework-agnostic SHL request handler.\n *\n * Returns an async function that processes incoming requests and returns\n * responses. This handler implements three routes:\n *\n * - `POST /{shlId}` — Manifest endpoint (validates passcode, checks access limits)\n * - `GET /{shlId}/content` — Content endpoint (serves encrypted JWE)\n * - `GET /{shlId}/attachment/{index}` — Attachment endpoint (serves encrypted attachment)\n *\n * By default, CORS headers are added to all responses so browser-based SHL\n * viewers can access self-hosted servers. Set `cors: false` to disable.\n *\n * Framework adapters (Express, Fastify, Lambda) translate their native\n * request/response types to/from `HandlerRequest`/`HandlerResponse`.\n *\n * @example\n * ```ts\n * const handle = createHandler({ storage });\n * const response = await handle({\n *   method: \"POST\",\n *   path: \"/abc123\",\n *   body: { passcode: \"1234\" },\n *   headers: { \"content-type\": \"application/json\" },\n * });\n * ```\n */\nexport function createHandler(\n  config: SHLHandlerConfig,\n): (req: HandlerRequest) => Promise<HandlerResponse> {\n  const { storage, onAccess } = config;\n  const corsHeaders = resolveCorsHeaders(config.cors);\n\n  return async (req: HandlerRequest): Promise<HandlerResponse> => {\n    // Handle CORS preflight\n    if (req.method === \"OPTIONS\") {\n      return {\n        status: 204,\n        headers: { ...corsHeaders },\n        body: \"\",\n      };\n    }\n\n    // Normalize path: strip leading slash, split into segments\n    const path = req.path.replace(/^\\/+/, \"\");\n    const segments = path.split(\"/\").filter(Boolean);\n\n    let response: HandlerResponse;\n\n    // Route: POST /{shlId} → manifest\n    if (segments.length === 1 && req.method === \"POST\") {\n      response = await handleManifest(segments[0]!, req, storage, onAccess);\n    }\n    // Route: GET /{shlId} → direct access (flag U)\n    else if (segments.length === 1 && req.method === \"GET\") {\n      response = await handleDirectAccess(segments[0]!, req, storage, onAccess);\n    }\n    // Route: GET /{shlId}/content → serve encrypted content\n    else if (segments.length === 2 && segments[1] === \"content\" && req.method === \"GET\") {\n      response = await handleContent(segments[0]!, storage);\n    }\n    // Route: GET /{shlId}/attachment/{index} → serve encrypted attachment\n    else if (segments.length === 3 && segments[1] === \"attachment\" && req.method === \"GET\") {\n      response = await handleAttachment(segments[0]!, segments[2]!, storage);\n    }\n    // Method not allowed for known paths\n    else if (segments.length === 2 && segments[1] === \"content\" && req.method !== \"GET\") {\n      response = jsonResponse(405, { error: \"Method not allowed. Use GET for content requests.\" });\n    }\n    else if (segments.length === 3 && segments[1] === \"attachment\" && req.method !== \"GET\") {\n      response = jsonResponse(405, { error: \"Method not allowed. Use GET for attachment requests.\" });\n    }\n    else {\n      response = jsonResponse(404, { error: \"Not found\" });\n    }\n\n    // Inject CORS headers into every response\n    response.headers = { ...response.headers, ...corsHeaders };\n    return response;\n  };\n}\n\n/** Resolve CORS headers from config. Returns empty object if disabled. */\nfunction resolveCorsHeaders(cors: SHLHandlerConfig[\"cors\"]): Record<string, string> {\n  if (cors === false) return {};\n  const c: CorsConfig = cors ?? {};\n  return {\n    \"access-control-allow-origin\": c.origin ?? \"*\",\n    \"access-control-allow-methods\": c.methods ?? \"GET, POST, OPTIONS\",\n    \"access-control-allow-headers\": c.headers ?? \"Content-Type, Authorization\",\n  };\n}\n\nasync function handleManifest(\n  shlId: string,\n  req: HandlerRequest,\n  storage: SHLHandlerConfig[\"storage\"],\n  onAccess?: SHLHandlerConfig[\"onAccess\"],\n): Promise<HandlerResponse> {\n  // Read manifest to verify the SHL exists\n  const manifestRaw = await storage.read(`${shlId}/manifest.json`);\n  if (manifestRaw === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Atomically check access control + increment counter\n  let updatedMetadata: SHLMetadata | null = null;\n  let accessDeniedReason: \"expired\" | \"exhausted\" | \"passcode\" | null = null;\n  const reqBody = (req.body && typeof req.body === \"object\" ? req.body : {}) as Record<string, unknown>;\n  const providedPasscode = typeof reqBody[\"passcode\"] === \"string\" ? reqBody[\"passcode\"] : undefined;\n\n  updatedMetadata = await storage.updateMetadata(shlId, (metadata) => {\n    // Check expiration\n    if (metadata.expiresAt) {\n      const expiresAt = new Date(metadata.expiresAt);\n      if (expiresAt.getTime() <= Date.now()) {\n        accessDeniedReason = \"expired\";\n        return null;\n      }\n    }\n\n    // Check access count\n    const currentCount = metadata.accessCount ?? 0;\n    if (metadata.maxAccesses !== undefined && currentCount >= metadata.maxAccesses) {\n      accessDeniedReason = \"exhausted\";\n      return null;\n    }\n\n    // Check passcode (timing-safe comparison with SHA-256 hash)\n    if (metadata.passcode) {\n      if (!providedPasscode) {\n        accessDeniedReason = \"passcode\";\n        return null;\n      }\n      const providedHash = createHash(\"sha256\").update(providedPasscode).digest(\"hex\");\n      const storedHash = metadata.passcode;\n      const a = Buffer.from(providedHash);\n      const b = Buffer.from(storedHash);\n      // Constant-time comparison: compare with self if lengths differ to avoid timing leak\n      if (a.length !== b.length || !timingSafeEqual(a, b)) {\n        accessDeniedReason = \"passcode\";\n        return null;\n      }\n    }\n\n    // Access granted — increment count\n    return {\n      ...metadata,\n      accessCount: currentCount + 1,\n    };\n  });\n\n  // Handle access control failures\n  if (accessDeniedReason === \"expired\") {\n    return jsonResponse(410, { error: \"SHL has expired\" });\n  }\n  if (accessDeniedReason === \"exhausted\") {\n    return jsonResponse(410, { error: \"SHL access limit reached\" });\n  }\n  if (accessDeniedReason === \"passcode\") {\n    return jsonResponse(401, { error: \"Invalid passcode\" });\n  }\n\n  // If updateMetadata returned null but no denied reason, metadata file is missing\n  if (updatedMetadata === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Fire access event (non-blocking)\n  const recipient = typeof req.query?.[\"recipient\"] === \"string\" ? req.query[\"recipient\"] : undefined;\n  const accessEvent = {\n    shlId,\n    accessCount: updatedMetadata.accessCount ?? 1,\n    timestamp: new Date(),\n    mode: \"manifest\" as const,\n    ...(recipient ? { recipient } : {}),\n  };\n  if (onAccess) {\n    // Fire and forget — don't let callback errors break the response\n    Promise.resolve(onAccess(accessEvent)).catch(() => {});\n  }\n  // If storage is auditable, also fire the storage-level audit hook\n  if (isAuditableStorage(storage)) {\n    Promise.resolve(storage.onAccess(shlId, accessEvent)).catch(() => {});\n  }\n\n  // Return manifest\n  const manifestStr = typeof manifestRaw === \"string\"\n    ? manifestRaw\n    : new TextDecoder().decode(manifestRaw);\n  const manifest = JSON.parse(manifestStr) as Manifest;\n\n  return jsonResponse(200, manifest);\n}\n\nasync function handleDirectAccess(\n  shlId: string,\n  req: HandlerRequest,\n  storage: SHLHandlerConfig[\"storage\"],\n  onAccess?: SHLHandlerConfig[\"onAccess\"],\n): Promise<HandlerResponse> {\n  // Read metadata to check if this is a direct-mode SHL\n  const metadataRaw = await storage.read(`${shlId}/metadata.json`);\n  if (metadataRaw === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  const metadataStr = typeof metadataRaw === \"string\" ? metadataRaw : new TextDecoder().decode(metadataRaw);\n  const metadata = JSON.parse(metadataStr) as SHLMetadata;\n\n  // Only direct-mode SHLs support GET retrieval\n  if (metadata.mode !== \"direct\") {\n    return jsonResponse(405, { error: \"Method not allowed. Use POST for manifest requests.\" });\n  }\n\n  // Access control: expiration, access count (atomic)\n  let accessDeniedReason: \"expired\" | \"exhausted\" | null = null;\n  const updatedMetadata = await storage.updateMetadata(shlId, (current) => {\n    if (current.expiresAt) {\n      const expiresAt = new Date(current.expiresAt);\n      if (expiresAt.getTime() <= Date.now()) {\n        accessDeniedReason = \"expired\";\n        return null;\n      }\n    }\n\n    const currentCount = current.accessCount ?? 0;\n    if (current.maxAccesses !== undefined && currentCount >= current.maxAccesses) {\n      accessDeniedReason = \"exhausted\";\n      return null;\n    }\n\n    return {\n      ...current,\n      accessCount: currentCount + 1,\n    };\n  });\n\n  if (accessDeniedReason === \"expired\") {\n    return jsonResponse(410, { error: \"SHL has expired\" });\n  }\n  if (accessDeniedReason === \"exhausted\") {\n    return jsonResponse(410, { error: \"SHL access limit reached\" });\n  }\n  if (updatedMetadata === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Fire access event (non-blocking)\n  const recipient = typeof req.query?.[\"recipient\"] === \"string\" ? req.query[\"recipient\"] : undefined;\n  const directAccessEvent = {\n    shlId,\n    accessCount: updatedMetadata.accessCount ?? 1,\n    timestamp: new Date(),\n    mode: \"direct\" as const,\n    ...(recipient ? { recipient } : {}),\n  };\n  if (onAccess) {\n    Promise.resolve(onAccess(directAccessEvent)).catch(() => {});\n  }\n  // If storage is auditable, also fire the storage-level audit hook\n  if (isAuditableStorage(storage)) {\n    Promise.resolve(storage.onAccess(shlId, directAccessEvent)).catch(() => {});\n  }\n\n  // Serve the encrypted content directly\n  const content = await storage.read(`${shlId}/content.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Content not found\" });\n  }\n\n  const body = typeof content === \"string\" ? content : new TextDecoder().decode(content);\n\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nasync function handleContent(\n  shlId: string,\n  storage: SHLHandlerConfig[\"storage\"],\n): Promise<HandlerResponse> {\n  const content = await storage.read(`${shlId}/content.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Content not found\" });\n  }\n\n  const body = typeof content === \"string\"\n    ? content\n    : new TextDecoder().decode(content);\n\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nasync function handleAttachment(\n  shlId: string,\n  index: string,\n  storage: SHLHandlerConfig[\"storage\"],\n): Promise<HandlerResponse> {\n  if (!/^\\d+$/.test(index)) {\n    return jsonResponse(400, { error: \"Invalid attachment index\" });\n  }\n  const content = await storage.read(`${shlId}/attachment-${index}.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Attachment not found\" });\n  }\n  const body = typeof content === \"string\"\n    ? content\n    : new TextDecoder().decode(content);\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nfunction jsonResponse(status: number, body: unknown): HandlerResponse {\n  return {\n    status,\n    headers: {\n      \"content-type\": \"application/json\",\n      \"cache-control\": \"no-store\",\n    },\n    body: JSON.stringify(body),\n  };\n}\n"]}

package/dist/{chunk-ZEE5RXIS.js → chunk-IYRQRY4A.js}

@@ -1,6 +1,9 @@
 import { createHash, timingSafeEqual } from 'crypto';
 
-// src/server/handler.ts
+// src/server/types.ts
+function isAuditableStorage(storage) {
+  return typeof storage.onAccess === "function";
+}
 function createHandler(config) {
   const { storage, onAccess } = config;
   const corsHeaders = resolveCorsHeaders(config.cors);
@@ -17,12 +20,12 @@ function createHandler(config) {
     let response;
     if (segments.length === 1 && req.method === "POST") {
       response = await handleManifest(segments[0], req, storage, onAccess);
+    } else if (segments.length === 1 && req.method === "GET") {
+      response = await handleDirectAccess(segments[0], req, storage, onAccess);
     } else if (segments.length === 2 && segments[1] === "content" && req.method === "GET") {
       response = await handleContent(segments[0], storage);
     } else if (segments.length === 3 && segments[1] === "attachment" && req.method === "GET") {
       response = await handleAttachment(segments[0], segments[2], storage);
-    } else if (segments.length === 1 && req.method !== "POST") {
-      response = jsonResponse(405, { error: "Method not allowed. Use POST for manifest requests." });
     } else if (segments.length === 2 && segments[1] === "content" && req.method !== "GET") {
       response = jsonResponse(405, { error: "Method not allowed. Use GET for content requests." });
     } else if (segments.length === 3 && segments[1] === "attachment" && req.method !== "GET") {
@@ -96,19 +99,94 @@ async function handleManifest(shlId, req, storage, onAccess) {
   if (updatedMetadata === null) {
     return jsonResponse(404, { error: "SHL not found" });
   }
+  const recipient = typeof req.query?.["recipient"] === "string" ? req.query["recipient"] : void 0;
+  const accessEvent = {
+    shlId,
+    accessCount: updatedMetadata.accessCount ?? 1,
+    timestamp: /* @__PURE__ */ new Date(),
+    mode: "manifest",
+    ...recipient ? { recipient } : {}
+  };
   if (onAccess) {
-    const event = {
-      shlId,
-      accessCount: updatedMetadata.accessCount ?? 1,
-      timestamp: /* @__PURE__ */ new Date()
-    };
-    Promise.resolve(onAccess(event)).catch(() => {
+    Promise.resolve(onAccess(accessEvent)).catch(() => {
+    });
+  }
+  if (isAuditableStorage(storage)) {
+    Promise.resolve(storage.onAccess(shlId, accessEvent)).catch(() => {
     });
   }
   const manifestStr = typeof manifestRaw === "string" ? manifestRaw : new TextDecoder().decode(manifestRaw);
   const manifest = JSON.parse(manifestStr);
   return jsonResponse(200, manifest);
 }
+async function handleDirectAccess(shlId, req, storage, onAccess) {
+  const metadataRaw = await storage.read(`${shlId}/metadata.json`);
+  if (metadataRaw === null) {
+    return jsonResponse(404, { error: "SHL not found" });
+  }
+  const metadataStr = typeof metadataRaw === "string" ? metadataRaw : new TextDecoder().decode(metadataRaw);
+  const metadata = JSON.parse(metadataStr);
+  if (metadata.mode !== "direct") {
+    return jsonResponse(405, { error: "Method not allowed. Use POST for manifest requests." });
+  }
+  let accessDeniedReason = null;
+  const updatedMetadata = await storage.updateMetadata(shlId, (current) => {
+    if (current.expiresAt) {
+      const expiresAt = new Date(current.expiresAt);
+      if (expiresAt.getTime() <= Date.now()) {
+        accessDeniedReason = "expired";
+        return null;
+      }
+    }
+    const currentCount = current.accessCount ?? 0;
+    if (current.maxAccesses !== void 0 && currentCount >= current.maxAccesses) {
+      accessDeniedReason = "exhausted";
+      return null;
+    }
+    return {
+      ...current,
+      accessCount: currentCount + 1
+    };
+  });
+  if (accessDeniedReason === "expired") {
+    return jsonResponse(410, { error: "SHL has expired" });
+  }
+  if (accessDeniedReason === "exhausted") {
+    return jsonResponse(410, { error: "SHL access limit reached" });
+  }
+  if (updatedMetadata === null) {
+    return jsonResponse(404, { error: "SHL not found" });
+  }
+  const recipient = typeof req.query?.["recipient"] === "string" ? req.query["recipient"] : void 0;
+  const directAccessEvent = {
+    shlId,
+    accessCount: updatedMetadata.accessCount ?? 1,
+    timestamp: /* @__PURE__ */ new Date(),
+    mode: "direct",
+    ...recipient ? { recipient } : {}
+  };
+  if (onAccess) {
+    Promise.resolve(onAccess(directAccessEvent)).catch(() => {
+    });
+  }
+  if (isAuditableStorage(storage)) {
+    Promise.resolve(storage.onAccess(shlId, directAccessEvent)).catch(() => {
+    });
+  }
+  const content = await storage.read(`${shlId}/content.jwe`);
+  if (content === null) {
+    return jsonResponse(404, { error: "Content not found" });
+  }
+  const body = typeof content === "string" ? content : new TextDecoder().decode(content);
+  return {
+    status: 200,
+    headers: {
+      "content-type": "application/jose",
+      "cache-control": "no-store"
+    },
+    body
+  };
+}
 async function handleContent(shlId, storage) {
   const content = await storage.read(`${shlId}/content.jwe`);
   if (content === null) {
@@ -153,6 +231,6 @@ function jsonResponse(status, body) {
   };
 }
 
-export { createHandler };
-//# sourceMappingURL=chunk-ZEE5RXIS.js.map
-//# sourceMappingURL=chunk-ZEE5RXIS.js.map
+export { createHandler, isAuditableStorage };
+//# sourceMappingURL=chunk-IYRQRY4A.js.map
+//# sourceMappingURL=chunk-IYRQRY4A.js.map

package/dist/chunk-IYRQRY4A.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/types.ts","../src/server/handler.ts"],"names":[],"mappings":";;;AA6EO,SAAS,mBAAmB,OAAA,EAAwD;AACzF,EAAA,OAAO,OAAQ,QAA6B,QAAA,KAAa,UAAA;AAC3D;ACxCO,SAAS,cACd,MAAA,EACmD;AACnD,EAAA,MAAM,EAAE,OAAA,EAAS,QAAA,EAAS,GAAI,MAAA;AAC9B,EAAA,MAAM,WAAA,GAAc,kBAAA,CAAmB,MAAA,CAAO,IAAI,CAAA;AAElD,EAAA,OAAO,OAAO,GAAA,KAAkD;AAE9D,IAAA,IAAI,GAAA,CAAI,WAAW,SAAA,EAAW;AAC5B,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS,EAAE,GAAG,WAAA,EAAY;AAAA,QAC1B,IAAA,EAAM;AAAA,OACR;AAAA,IACF;AAGA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,QAAQ,EAAE,CAAA;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AAE/C,IAAA,IAAI,QAAA;AAGJ,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,GAAA,CAAI,WAAW,MAAA,EAAQ;AAClD,MAAA,QAAA,GAAW,MAAM,cAAA,CAAe,QAAA,CAAS,CAAC,CAAA,EAAI,GAAA,EAAK,SAAS,QAAQ,CAAA;AAAA,IACtE,WAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,GAAA,CAAI,WAAW,KAAA,EAAO;AACtD,MAAA,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,CAAS,CAAC,CAAA,EAAI,GAAA,EAAK,SAAS,QAAQ,CAAA;AAAA,IAC1E,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,SAAA,IAAa,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACnF,MAAA,QAAA,GAAW,MAAM,aAAA,CAAc,QAAA,CAAS,CAAC,GAAI,OAAO,CAAA;AAAA,IACtD,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,YAAA,IAAgB,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACtF,MAAA,QAAA,GAAW,MAAM,iBAAiB,QAAA,CAAS,CAAC,GAAI,QAAA,CAAS,CAAC,GAAI,OAAO,CAAA;AAAA,IACvE,CAAA,MAAA,IAES,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,SAAA,IAAa,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACnF,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qDAAqD,CAAA;AAAA,IAC7F,CAAA,MAAA,IACS,QAAA,CAAS,MAAA,KAAW,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,YAAA,IAAgB,GAAA,CAAI,MAAA,KAAW,KAAA,EAAO;AACtF,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,wDAAwD,CAAA;AAAA,IAChG,CAAA,MACK;AACH,MAAA,QAAA,GAAW,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,aAAa,CAAA;AAAA,IACrD;AAGA,IAAA,QAAA,CAAS,UAAU,EAAE,GAAG,QAAA,CAAS,OAAA,EAAS,GAAG,WAAA,EAAY;AACzD,IAAA,OAAO,QAAA;AAAA,EACT,CAAA;AACF;AAGA,SAAS,mBAAmB,IAAA,EAAwD;AAClF,EAAA,IAAI,IAAA,KAAS,KAAA,EAAO,OAAO,EAAC;AAC5B,EAAA,MAAM,CAAA,GAAgB,QAAQ,EAAC;AAC/B,EAAA,OAAO;AAAA,IACL,6BAAA,EAA+B,EAAE,MAAA,IAAU,GAAA;AAAA,IAC3C,8BAAA,EAAgC,EAAE,OAAA,IAAW,oBAAA;AAAA,IAC7C,8BAAA,EAAgC,EAAE,OAAA,IAAW;AAAA,GAC/C;AACF;AAEA,eAAe,cAAA,CACb,KAAA,EACA,GAAA,EACA,OAAA,EACA,QAAA,EAC0B;AAE1B,EAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,cAAA,CAAgB,CAAA;AAC/D,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,eAAA,GAAsC,IAAA;AAC1C,EAAA,IAAI,kBAAA,GAAkE,IAAA;AACtE,EAAA,MAAM,OAAA,GAAW,IAAI,IAAA,IAAQ,OAAO,IAAI,IAAA,KAAS,QAAA,GAAW,GAAA,CAAI,IAAA,GAAO,EAAC;AACxE,EAAA,MAAM,gBAAA,GAAmB,OAAO,OAAA,CAAQ,UAAU,MAAM,QAAA,GAAW,OAAA,CAAQ,UAAU,CAAA,GAAI,MAAA;AAEzF,EAAA,eAAA,GAAkB,MAAM,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,QAAA,KAAa;AAElE,IAAA,IAAI,SAAS,SAAA,EAAW;AACtB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAC7C,MAAA,IAAI,SAAA,CAAU,OAAA,EAAQ,IAAK,IAAA,CAAK,KAAI,EAAG;AACrC,QAAA,kBAAA,GAAqB,SAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,MAAM,YAAA,GAAe,SAAS,WAAA,IAAe,CAAA;AAC7C,IAAA,IAAI,QAAA,CAAS,WAAA,KAAgB,MAAA,IAAa,YAAA,IAAgB,SAAS,WAAA,EAAa;AAC9E,MAAA,kBAAA,GAAqB,WAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,QAAA,kBAAA,GAAqB,UAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,YAAA,GAAe,WAAW,QAAQ,CAAA,CAAE,OAAO,gBAAgB,CAAA,CAAE,OAAO,KAAK,CAAA;AAC/E,MAAA,MAAM,aAAa,QAAA,CAAS,QAAA;AAC5B,MAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA;AAClC,MAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAEhC,MAAA,IAAI,CAAA,CAAE,WAAW,CAAA,CAAE,MAAA,IAAU,CAAC,eAAA,CAAgB,CAAA,EAAG,CAAC,CAAA,EAAG;AACnD,QAAA,kBAAA,GAAqB,UAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,OAAO;AAAA,MACL,GAAG,QAAA;AAAA,MACH,aAAa,YAAA,GAAe;AAAA,KAC9B;AAAA,EACF,CAAC,CAAA;AAGD,EAAA,IAAI,uBAAuB,SAAA,EAAW;AACpC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,mBAAmB,CAAA;AAAA,EACvD;AACA,EAAA,IAAI,uBAAuB,WAAA,EAAa;AACtC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,IAAI,uBAAuB,UAAA,EAAY;AACrC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,oBAAoB,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,oBAAoB,IAAA,EAAM;AAC5B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,MAAM,SAAA,GAAY,OAAO,GAAA,CAAI,KAAA,GAAQ,WAAW,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,WAAW,CAAA,GAAI,MAAA;AAC1F,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,KAAA;AAAA,IACA,WAAA,EAAa,gBAAgB,WAAA,IAAe,CAAA;AAAA,IAC5C,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,IAAA,EAAM,UAAA;AAAA,IACN,GAAI,SAAA,GAAY,EAAE,SAAA,KAAc;AAAC,GACnC;AACA,EAAA,IAAI,QAAA,EAAU;AAEZ,IAAA,OAAA,CAAQ,QAAQ,QAAA,CAAS,WAAW,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAA,CAAQ,OAAA,CAAQ,QAAQ,QAAA,CAAS,KAAA,EAAO,WAAW,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,WAAA,GAAc,OAAO,WAAA,KAAgB,QAAA,GACvC,cACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,WAAW,CAAA;AACxC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAEvC,EAAA,OAAO,YAAA,CAAa,KAAK,QAAQ,CAAA;AACnC;AAEA,eAAe,kBAAA,CACb,KAAA,EACA,GAAA,EACA,OAAA,EACA,QAAA,EAC0B;AAE1B,EAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,cAAA,CAAgB,CAAA;AAC/D,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAEA,EAAA,MAAM,WAAA,GAAc,OAAO,WAAA,KAAgB,QAAA,GAAW,cAAc,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,WAAW,CAAA;AACxG,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAGvC,EAAA,IAAI,QAAA,CAAS,SAAS,QAAA,EAAU;AAC9B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,uDAAuD,CAAA;AAAA,EAC3F;AAGA,EAAA,IAAI,kBAAA,GAAqD,IAAA;AACzD,EAAA,MAAM,kBAAkB,MAAM,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,KAAY;AACvE,IAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAA;AAC5C,MAAA,IAAI,SAAA,CAAU,OAAA,EAAQ,IAAK,IAAA,CAAK,KAAI,EAAG;AACrC,QAAA,kBAAA,GAAqB,SAAA;AACrB,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,QAAQ,WAAA,IAAe,CAAA;AAC5C,IAAA,IAAI,OAAA,CAAQ,WAAA,KAAgB,MAAA,IAAa,YAAA,IAAgB,QAAQ,WAAA,EAAa;AAC5E,MAAA,kBAAA,GAAqB,WAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO;AAAA,MACL,GAAG,OAAA;AAAA,MACH,aAAa,YAAA,GAAe;AAAA,KAC9B;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAI,uBAAuB,SAAA,EAAW;AACpC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,mBAAmB,CAAA;AAAA,EACvD;AACA,EAAA,IAAI,uBAAuB,WAAA,EAAa;AACtC,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,IAAI,oBAAoB,IAAA,EAAM;AAC5B,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACrD;AAGA,EAAA,MAAM,SAAA,GAAY,OAAO,GAAA,CAAI,KAAA,GAAQ,WAAW,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,WAAW,CAAA,GAAI,MAAA;AAC1F,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,KAAA;AAAA,IACA,WAAA,EAAa,gBAAgB,WAAA,IAAe,CAAA;AAAA,IAC5C,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,IAAA,EAAM,QAAA;AAAA,IACN,GAAI,SAAA,GAAY,EAAE,SAAA,KAAc;AAAC,GACnC;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,OAAA,CAAQ,QAAQ,QAAA,CAAS,iBAAiB,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAA,CAAQ,OAAA,CAAQ,QAAQ,QAAA,CAAS,KAAA,EAAO,iBAAiB,CAAC,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC5E;AAGA,EAAA,MAAM,UAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,YAAA,CAAc,CAAA;AACzD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAAW,UAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AAErF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAe,aAAA,CACb,OACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,UAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,YAAA,CAAc,CAAA;AACzD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAC5B,UACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AAEpC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAe,gBAAA,CACb,KAAA,EACA,KAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AACxB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EAChE;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,CAAK,GAAG,KAAK,CAAA,YAAA,EAAe,KAAK,CAAA,IAAA,CAAM,CAAA;AACrE,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,OAAO,YAAA,CAAa,GAAA,EAAK,EAAE,KAAA,EAAO,wBAAwB,CAAA;AAAA,EAC5D;AACA,EAAA,MAAM,IAAA,GAAO,OAAO,OAAA,KAAY,QAAA,GAC5B,UACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AACpC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,YAAA,CAAa,QAAgB,IAAA,EAAgC;AACpE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,GAC3B;AACF","file":"chunk-IYRQRY4A.js","sourcesContent":["// Copyright 2026 FHIRfly.io LLC. All rights reserved.\n// Licensed under the MIT License. See LICENSE file in the project root.\nimport type { SHLStorage, SHLMetadata } from \"../shl/types.js\";\n\n/**\n * Framework-agnostic incoming request.\n */\nexport interface HandlerRequest {\n  /** HTTP method (uppercase) */\n  method: string;\n  /** Path relative to mount point, e.g., \"/{shlId}\" or \"/{shlId}/content\" */\n  path: string;\n  /** Parsed JSON body (for POST requests) */\n  body?: unknown;\n  /** Request headers (lowercase keys) */\n  headers: Record<string, string | undefined>;\n  /** Query parameters (e.g., { recipient: \"Dr. Smith\" }) */\n  query?: Record<string, string | undefined>;\n}\n\n/**\n * Framework-agnostic outgoing response.\n */\nexport interface HandlerResponse {\n  /** HTTP status code */\n  status: number;\n  /** Response headers */\n  headers: Record<string, string>;\n  /** Response body (string for JSON, Uint8Array for binary) */\n  body: string | Uint8Array;\n}\n\n/**\n * Extended storage interface for server-side operations.\n *\n * Adds `read` and `updateMetadata` to the base `SHLStorage` interface.\n * Server storage needs to read files and atomically update metadata\n * (e.g., increment access counts).\n */\nexport interface SHLServerStorage extends SHLStorage {\n  /** Read a file by key. Returns null if not found. */\n  read(key: string): Promise<string | Uint8Array | null>;\n\n  /**\n   * Atomically read-modify-write metadata for an SHL.\n   *\n   * The `updater` function receives the current metadata and returns\n   * the updated metadata (or `null` to signal no update should occur).\n   *\n   * @param shlId - The SHL identifier\n   * @param updater - Function that transforms metadata\n   * @returns The updated metadata, or null if the SHL was not found or updater returned null\n   */\n  updateMetadata(\n    shlId: string,\n    updater: (current: SHLMetadata) => SHLMetadata | null,\n  ): Promise<SHLMetadata | null>;\n}\n\n/**\n * Extended storage interface that includes audit logging.\n *\n * When a storage backend implements `AuditableStorage`, the server handler\n * will automatically call `onAccess()` after each successful retrieval.\n * This is in addition to the `onAccess` callback on `SHLHandlerConfig`.\n *\n * Existing `SHLServerStorage` implementations continue to work unchanged —\n * audit logging is opt-in.\n */\nexport interface AuditableStorage extends SHLServerStorage {\n  /** Called after each successful SHL retrieval. */\n  onAccess(shlId: string, event: AccessEvent): Promise<void>;\n}\n\n/**\n * Type guard: checks if a storage backend implements AuditableStorage.\n */\nexport function isAuditableStorage(storage: SHLServerStorage): storage is AuditableStorage {\n  return typeof (storage as AuditableStorage).onAccess === \"function\";\n}\n\n/**\n * CORS configuration for the SHL server handler.\n *\n * By default, the handler adds permissive CORS headers to all responses\n * so that browser-based SHL viewers can access self-hosted servers.\n * Set `cors: false` to disable, or provide an object to customize.\n */\nexport interface CorsConfig {\n  /** Allowed origin(s). Default: `\"*\"` */\n  origin?: string;\n  /** Allowed methods. Default: `\"GET, POST, OPTIONS\"` */\n  methods?: string;\n  /** Allowed headers. Default: `\"Content-Type, Authorization\"` */\n  headers?: string;\n}\n\n/**\n * Configuration for the SHL server handler.\n */\nexport interface SHLHandlerConfig {\n  /** Server storage backend (must implement SHLServerStorage) */\n  storage: SHLServerStorage;\n\n  /**\n   * Optional callback invoked on each successful manifest access.\n   * Useful for logging, analytics, or custom access control.\n   */\n  onAccess?: (event: AccessEvent) => void | Promise<void>;\n\n  /**\n   * CORS configuration. Defaults to permissive headers (`Access-Control-Allow-Origin: *`).\n   * Set to `false` to disable CORS headers entirely.\n   */\n  cors?: CorsConfig | false;\n}\n\n/**\n * Event emitted on each successful manifest access.\n */\nexport interface AccessEvent {\n  /** The SHL identifier */\n  shlId: string;\n  /** Current access count (after increment) */\n  accessCount: number;\n  /** Timestamp of the access */\n  timestamp: Date;\n  /** Recipient identifier from query parameter (e.g., provider name) */\n  recipient?: string;\n  /** Retrieval mode used for this access */\n  mode?: \"manifest\" | \"direct\";\n}\n","// Copyright 2026 FHIRfly.io LLC. All rights reserved.\n// Licensed under the MIT License. See LICENSE file in the project root.\nimport type {\n  HandlerRequest,\n  HandlerResponse,\n  SHLHandlerConfig,\n  CorsConfig,\n} from \"./types.js\";\nimport { isAuditableStorage } from \"./types.js\";\nimport type { SHLMetadata, Manifest } from \"../shl/types.js\";\nimport { createHash, timingSafeEqual } from \"node:crypto\";\n\n/**\n * Create a framework-agnostic SHL request handler.\n *\n * Returns an async function that processes incoming requests and returns\n * responses. This handler implements three routes:\n *\n * - `POST /{shlId}` — Manifest endpoint (validates passcode, checks access limits)\n * - `GET /{shlId}/content` — Content endpoint (serves encrypted JWE)\n * - `GET /{shlId}/attachment/{index}` — Attachment endpoint (serves encrypted attachment)\n *\n * By default, CORS headers are added to all responses so browser-based SHL\n * viewers can access self-hosted servers. Set `cors: false` to disable.\n *\n * Framework adapters (Express, Fastify, Lambda) translate their native\n * request/response types to/from `HandlerRequest`/`HandlerResponse`.\n *\n * @example\n * ```ts\n * const handle = createHandler({ storage });\n * const response = await handle({\n *   method: \"POST\",\n *   path: \"/abc123\",\n *   body: { passcode: \"1234\" },\n *   headers: { \"content-type\": \"application/json\" },\n * });\n * ```\n */\nexport function createHandler(\n  config: SHLHandlerConfig,\n): (req: HandlerRequest) => Promise<HandlerResponse> {\n  const { storage, onAccess } = config;\n  const corsHeaders = resolveCorsHeaders(config.cors);\n\n  return async (req: HandlerRequest): Promise<HandlerResponse> => {\n    // Handle CORS preflight\n    if (req.method === \"OPTIONS\") {\n      return {\n        status: 204,\n        headers: { ...corsHeaders },\n        body: \"\",\n      };\n    }\n\n    // Normalize path: strip leading slash, split into segments\n    const path = req.path.replace(/^\\/+/, \"\");\n    const segments = path.split(\"/\").filter(Boolean);\n\n    let response: HandlerResponse;\n\n    // Route: POST /{shlId} → manifest\n    if (segments.length === 1 && req.method === \"POST\") {\n      response = await handleManifest(segments[0]!, req, storage, onAccess);\n    }\n    // Route: GET /{shlId} → direct access (flag U)\n    else if (segments.length === 1 && req.method === \"GET\") {\n      response = await handleDirectAccess(segments[0]!, req, storage, onAccess);\n    }\n    // Route: GET /{shlId}/content → serve encrypted content\n    else if (segments.length === 2 && segments[1] === \"content\" && req.method === \"GET\") {\n      response = await handleContent(segments[0]!, storage);\n    }\n    // Route: GET /{shlId}/attachment/{index} → serve encrypted attachment\n    else if (segments.length === 3 && segments[1] === \"attachment\" && req.method === \"GET\") {\n      response = await handleAttachment(segments[0]!, segments[2]!, storage);\n    }\n    // Method not allowed for known paths\n    else if (segments.length === 2 && segments[1] === \"content\" && req.method !== \"GET\") {\n      response = jsonResponse(405, { error: \"Method not allowed. Use GET for content requests.\" });\n    }\n    else if (segments.length === 3 && segments[1] === \"attachment\" && req.method !== \"GET\") {\n      response = jsonResponse(405, { error: \"Method not allowed. Use GET for attachment requests.\" });\n    }\n    else {\n      response = jsonResponse(404, { error: \"Not found\" });\n    }\n\n    // Inject CORS headers into every response\n    response.headers = { ...response.headers, ...corsHeaders };\n    return response;\n  };\n}\n\n/** Resolve CORS headers from config. Returns empty object if disabled. */\nfunction resolveCorsHeaders(cors: SHLHandlerConfig[\"cors\"]): Record<string, string> {\n  if (cors === false) return {};\n  const c: CorsConfig = cors ?? {};\n  return {\n    \"access-control-allow-origin\": c.origin ?? \"*\",\n    \"access-control-allow-methods\": c.methods ?? \"GET, POST, OPTIONS\",\n    \"access-control-allow-headers\": c.headers ?? \"Content-Type, Authorization\",\n  };\n}\n\nasync function handleManifest(\n  shlId: string,\n  req: HandlerRequest,\n  storage: SHLHandlerConfig[\"storage\"],\n  onAccess?: SHLHandlerConfig[\"onAccess\"],\n): Promise<HandlerResponse> {\n  // Read manifest to verify the SHL exists\n  const manifestRaw = await storage.read(`${shlId}/manifest.json`);\n  if (manifestRaw === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Atomically check access control + increment counter\n  let updatedMetadata: SHLMetadata | null = null;\n  let accessDeniedReason: \"expired\" | \"exhausted\" | \"passcode\" | null = null;\n  const reqBody = (req.body && typeof req.body === \"object\" ? req.body : {}) as Record<string, unknown>;\n  const providedPasscode = typeof reqBody[\"passcode\"] === \"string\" ? reqBody[\"passcode\"] : undefined;\n\n  updatedMetadata = await storage.updateMetadata(shlId, (metadata) => {\n    // Check expiration\n    if (metadata.expiresAt) {\n      const expiresAt = new Date(metadata.expiresAt);\n      if (expiresAt.getTime() <= Date.now()) {\n        accessDeniedReason = \"expired\";\n        return null;\n      }\n    }\n\n    // Check access count\n    const currentCount = metadata.accessCount ?? 0;\n    if (metadata.maxAccesses !== undefined && currentCount >= metadata.maxAccesses) {\n      accessDeniedReason = \"exhausted\";\n      return null;\n    }\n\n    // Check passcode (timing-safe comparison with SHA-256 hash)\n    if (metadata.passcode) {\n      if (!providedPasscode) {\n        accessDeniedReason = \"passcode\";\n        return null;\n      }\n      const providedHash = createHash(\"sha256\").update(providedPasscode).digest(\"hex\");\n      const storedHash = metadata.passcode;\n      const a = Buffer.from(providedHash);\n      const b = Buffer.from(storedHash);\n      // Constant-time comparison: compare with self if lengths differ to avoid timing leak\n      if (a.length !== b.length || !timingSafeEqual(a, b)) {\n        accessDeniedReason = \"passcode\";\n        return null;\n      }\n    }\n\n    // Access granted — increment count\n    return {\n      ...metadata,\n      accessCount: currentCount + 1,\n    };\n  });\n\n  // Handle access control failures\n  if (accessDeniedReason === \"expired\") {\n    return jsonResponse(410, { error: \"SHL has expired\" });\n  }\n  if (accessDeniedReason === \"exhausted\") {\n    return jsonResponse(410, { error: \"SHL access limit reached\" });\n  }\n  if (accessDeniedReason === \"passcode\") {\n    return jsonResponse(401, { error: \"Invalid passcode\" });\n  }\n\n  // If updateMetadata returned null but no denied reason, metadata file is missing\n  if (updatedMetadata === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Fire access event (non-blocking)\n  const recipient = typeof req.query?.[\"recipient\"] === \"string\" ? req.query[\"recipient\"] : undefined;\n  const accessEvent = {\n    shlId,\n    accessCount: updatedMetadata.accessCount ?? 1,\n    timestamp: new Date(),\n    mode: \"manifest\" as const,\n    ...(recipient ? { recipient } : {}),\n  };\n  if (onAccess) {\n    // Fire and forget — don't let callback errors break the response\n    Promise.resolve(onAccess(accessEvent)).catch(() => {});\n  }\n  // If storage is auditable, also fire the storage-level audit hook\n  if (isAuditableStorage(storage)) {\n    Promise.resolve(storage.onAccess(shlId, accessEvent)).catch(() => {});\n  }\n\n  // Return manifest\n  const manifestStr = typeof manifestRaw === \"string\"\n    ? manifestRaw\n    : new TextDecoder().decode(manifestRaw);\n  const manifest = JSON.parse(manifestStr) as Manifest;\n\n  return jsonResponse(200, manifest);\n}\n\nasync function handleDirectAccess(\n  shlId: string,\n  req: HandlerRequest,\n  storage: SHLHandlerConfig[\"storage\"],\n  onAccess?: SHLHandlerConfig[\"onAccess\"],\n): Promise<HandlerResponse> {\n  // Read metadata to check if this is a direct-mode SHL\n  const metadataRaw = await storage.read(`${shlId}/metadata.json`);\n  if (metadataRaw === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  const metadataStr = typeof metadataRaw === \"string\" ? metadataRaw : new TextDecoder().decode(metadataRaw);\n  const metadata = JSON.parse(metadataStr) as SHLMetadata;\n\n  // Only direct-mode SHLs support GET retrieval\n  if (metadata.mode !== \"direct\") {\n    return jsonResponse(405, { error: \"Method not allowed. Use POST for manifest requests.\" });\n  }\n\n  // Access control: expiration, access count (atomic)\n  let accessDeniedReason: \"expired\" | \"exhausted\" | null = null;\n  const updatedMetadata = await storage.updateMetadata(shlId, (current) => {\n    if (current.expiresAt) {\n      const expiresAt = new Date(current.expiresAt);\n      if (expiresAt.getTime() <= Date.now()) {\n        accessDeniedReason = \"expired\";\n        return null;\n      }\n    }\n\n    const currentCount = current.accessCount ?? 0;\n    if (current.maxAccesses !== undefined && currentCount >= current.maxAccesses) {\n      accessDeniedReason = \"exhausted\";\n      return null;\n    }\n\n    return {\n      ...current,\n      accessCount: currentCount + 1,\n    };\n  });\n\n  if (accessDeniedReason === \"expired\") {\n    return jsonResponse(410, { error: \"SHL has expired\" });\n  }\n  if (accessDeniedReason === \"exhausted\") {\n    return jsonResponse(410, { error: \"SHL access limit reached\" });\n  }\n  if (updatedMetadata === null) {\n    return jsonResponse(404, { error: \"SHL not found\" });\n  }\n\n  // Fire access event (non-blocking)\n  const recipient = typeof req.query?.[\"recipient\"] === \"string\" ? req.query[\"recipient\"] : undefined;\n  const directAccessEvent = {\n    shlId,\n    accessCount: updatedMetadata.accessCount ?? 1,\n    timestamp: new Date(),\n    mode: \"direct\" as const,\n    ...(recipient ? { recipient } : {}),\n  };\n  if (onAccess) {\n    Promise.resolve(onAccess(directAccessEvent)).catch(() => {});\n  }\n  // If storage is auditable, also fire the storage-level audit hook\n  if (isAuditableStorage(storage)) {\n    Promise.resolve(storage.onAccess(shlId, directAccessEvent)).catch(() => {});\n  }\n\n  // Serve the encrypted content directly\n  const content = await storage.read(`${shlId}/content.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Content not found\" });\n  }\n\n  const body = typeof content === \"string\" ? content : new TextDecoder().decode(content);\n\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nasync function handleContent(\n  shlId: string,\n  storage: SHLHandlerConfig[\"storage\"],\n): Promise<HandlerResponse> {\n  const content = await storage.read(`${shlId}/content.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Content not found\" });\n  }\n\n  const body = typeof content === \"string\"\n    ? content\n    : new TextDecoder().decode(content);\n\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nasync function handleAttachment(\n  shlId: string,\n  index: string,\n  storage: SHLHandlerConfig[\"storage\"],\n): Promise<HandlerResponse> {\n  if (!/^\\d+$/.test(index)) {\n    return jsonResponse(400, { error: \"Invalid attachment index\" });\n  }\n  const content = await storage.read(`${shlId}/attachment-${index}.jwe`);\n  if (content === null) {\n    return jsonResponse(404, { error: \"Attachment not found\" });\n  }\n  const body = typeof content === \"string\"\n    ? content\n    : new TextDecoder().decode(content);\n  return {\n    status: 200,\n    headers: {\n      \"content-type\": \"application/jose\",\n      \"cache-control\": \"no-store\",\n    },\n    body,\n  };\n}\n\nfunction jsonResponse(status: number, body: unknown): HandlerResponse {\n  return {\n    status,\n    headers: {\n      \"content-type\": \"application/json\",\n      \"cache-control\": \"no-store\",\n    },\n    body: JSON.stringify(body),\n  };\n}\n"]}

package/dist/{chunk-YBDRWUQU.js → chunk-YUMCDN7I.js}

@@ -174,7 +174,11 @@ var CODE_SYSTEMS = {
   CVX: "http://hl7.org/fhir/sid/cvx",
   ICD10CM: "http://hl7.org/fhir/sid/icd-10-cm",
   CONDITION_CLINICAL: "http://terminology.hl7.org/CodeSystem/condition-clinical",
-  ALLERGY_CLINICAL: "http://terminology.hl7.org/CodeSystem/allergyintolerance-clinical"
+  ALLERGY_CLINICAL: "http://terminology.hl7.org/CodeSystem/allergyintolerance-clinical",
+  /** CMS Patient-Shared Health Document category code system */
+  CMS_PATIENT_SHARED_CATEGORY: "https://cms.gov/fhir/CodeSystem/patient-shared-category",
+  /** V3 ActCode security label for patient-asserted data */
+  SECURITY_PATAST: "PATAST"
 };
 
 // src/ips/medication.ts
@@ -1100,8 +1104,9 @@ function resolveDocuments(documents, patientRef, profile, generateUuid2) {
       contentType,
       data: base64Content
     };
-    const typeCode = doc.typeCode ?? "34133-9";
-    const typeDisplay = doc.typeDisplay ?? "Summarization of episode note";
+    const isPshd = profile === "pshd";
+    const typeCode = isPshd ? "60591-5" : doc.typeCode ?? "34133-9";
+    const typeDisplay = isPshd ? "Patient summary Document" : doc.typeDisplay ?? "Summarization of episode note";
     const docRefResource = {
       resourceType: "DocumentReference",
       id: docRefId,
@@ -1127,7 +1132,29 @@ function resolveDocuments(documents, patientRef, profile, generateUuid2) {
         }
       ]
     };
-    if (profile === "ips") {
+    if (isPshd) {
+      docRefResource.category = [
+        {
+          coding: [
+            {
+              system: CODE_SYSTEMS.CMS_PATIENT_SHARED_CATEGORY,
+              code: "patient-shared",
+              display: "Patient Shared"
+            }
+          ]
+        }
+      ];
+      docRefResource.author = [{ reference: patientRef }];
+      docRefResource.meta = {
+        security: [
+          {
+            system: "http://terminology.hl7.org/CodeSystem/v3-ActCode",
+            code: CODE_SYSTEMS.SECURITY_PATAST,
+            display: "patient asserted"
+          }
+        ]
+      };
+    } else if (profile === "ips") {
       docRefResource.meta = {
         profile: ["http://hl7.org/fhir/uv/ips/StructureDefinition/DocumentReference-uv-ips"]
       };
@@ -1326,11 +1353,9 @@ var Bundle = class {
   async build(options) {
     const profile = options?.profile ?? "ips";
     const bundleId = options?.bundleId ?? generateUuid();
-    const compositionId = generateUuid();
     const patientId = generateUuid();
-    const compositionDate = options?.compositionDate ?? (/* @__PURE__ */ new Date()).toISOString();
+    const timestamp = options?.compositionDate ?? (/* @__PURE__ */ new Date()).toISOString();
     const patientFullUrl = `urn:uuid:${patientId}`;
-    const compositionFullUrl = `urn:uuid:${compositionId}`;
     const patientResource = normalizePatient(this._patient, patientId, profile);
     const [medResult, condResult, allergyResult, immResult, resultResult] = await Promise.all([
       resolveMedications(this._medications, patientFullUrl, profile, generateUuid),
@@ -1347,6 +1372,22 @@ var Bundle = class {
       ...immResult.warnings,
       ...resultResult.warnings
     ];
+    if (profile === "pshd") {
+      return this.buildPshdBundle(
+        bundleId,
+        timestamp,
+        patientFullUrl,
+        patientResource,
+        medResult.entries,
+        condResult.entries,
+        allergyResult.entries,
+        immResult.entries,
+        resultResult.entries,
+        docResult.entries
+      );
+    }
+    const compositionId = generateUuid();
+    const compositionFullUrl = `urn:uuid:${compositionId}`;
     const medRefs = medResult.entries.map((e) => ({ reference: e.fullUrl }));
     const condRefs = condResult.entries.map((e) => ({ reference: e.fullUrl }));
     const allergyRefs = allergyResult.entries.map((e) => ({ reference: e.fullUrl }));
@@ -1355,7 +1396,7 @@ var Bundle = class {
     const composition = this.buildComposition(
       compositionId,
       patientFullUrl,
-      compositionDate,
+      timestamp,
       profile,
       medRefs,
       allergyRefs,
@@ -1381,7 +1422,7 @@ var Bundle = class {
         value: `urn:uuid:${bundleId}`
       },
       type: "document",
-      timestamp: compositionDate,
+      timestamp,
       entry: entries
     };
     return bundle;
@@ -1401,6 +1442,37 @@ var Bundle = class {
         path: "Patient.birthDate"
       });
     }
+    if (profile === "pshd") {
+      if (this._documents.length === 0) {
+        issues.push({
+          severity: "error",
+          message: "PSHD requires at least one DocumentReference (1..1)",
+          path: "Bundle.entry:DocumentReference"
+        });
+      } else {
+        const hasPdf = this._documents.some(
+          (d) => (d.contentType ?? "application/pdf") === "application/pdf"
+        );
+        if (!hasPdf) {
+          issues.push({
+            severity: "error",
+            message: "PSHD requires at least one PDF document (contentType application/pdf)",
+            path: "DocumentReference.content.attachment.contentType"
+          });
+        }
+      }
+      if (!this._patient.gender) {
+        issues.push({
+          severity: "warning",
+          message: "Patient.gender recommended for PSHD demographic matching",
+          path: "Patient.gender"
+        });
+      }
+      return {
+        valid: issues.filter((i) => i.severity === "error").length === 0,
+        issues
+      };
+    }
     if (profile === "ips") {
       if (!this.hasValidName()) {
         issues.push({
@@ -1476,6 +1548,37 @@ var Bundle = class {
     const s = this._patient;
     return !!(s.given || s.family || s.name);
   }
+  buildPshdBundle(bundleId, timestamp, patientFullUrl, patientResource, medEntries, condEntries, allergyEntries, immEntries, resultEntries, docEntries) {
+    const entries = [
+      { fullUrl: patientFullUrl, resource: patientResource },
+      ...medEntries,
+      ...condEntries,
+      ...allergyEntries,
+      ...immEntries,
+      ...resultEntries,
+      ...docEntries
+    ];
+    for (const entry of entries) {
+      const meta = entry.resource.meta;
+      if (meta?.profile) {
+        delete meta.profile;
+        if (Object.keys(meta).length === 0) {
+          delete entry.resource.meta;
+        }
+      }
+    }
+    return {
+      resourceType: "Bundle",
+      id: bundleId,
+      identifier: {
+        system: "urn:ietf:rfc:3986",
+        value: `urn:uuid:${bundleId}`
+      },
+      type: "collection",
+      timestamp,
+      entry: entries
+    };
+  }
   buildComposition(id, patientRef, date, profile, medRefs, allergyRefs, condRefs, immRefs, resultRefs) {
     const composition = {
       resourceType: "Composition",
@@ -1604,6 +1707,7 @@ function generateUuid() {
 var shl_exports = {};
 __export(shl_exports, {
   AzureStorage: () => AzureStorage,
+  EXPIRATION_PRESETS: () => EXPIRATION_PRESETS,
   FhirflyStorage: () => FhirflyStorage,
   GCSStorage: () => GCSStorage,
   LocalStorage: () => LocalStorage,
@@ -1615,6 +1719,18 @@ __export(shl_exports, {
   getEntryContent: () => getEntryContent,
   revoke: () => revoke
 });
+
+// src/shl/types.ts
+var EXPIRATION_PRESETS = {
+  "point-of-care": 15 * 60 * 1e3,
+  // 15 minutes
+  "appointment": 24 * 60 * 60 * 1e3,
+  // 24 hours
+  "travel": 90 * 24 * 60 * 60 * 1e3,
+  // 90 days
+  "permanent": 0
+  // no expiration
+};
 function base64url(data) {
   return data.toString("base64url");
 }
@@ -1702,13 +1818,43 @@ async function generateQRCode(url) {
   });
 }
 async function create(options) {
-  const { bundle, passcode, expiresAt, maxAccesses, label, storage, debug } = options;
+  const { bundle, passcode, maxAccesses, label, storage, debug } = options;
+  let expiresAt;
+  if (typeof options.expiresAt === "string") {
+    const preset = options.expiresAt;
+    const durationMs = EXPIRATION_PRESETS[preset];
+    if (durationMs === void 0) {
+      throw new ValidationError(`Unknown expiration preset: "${preset}"`);
+    }
+    expiresAt = durationMs > 0 ? new Date(Date.now() + durationMs) : void 0;
+  } else {
+    expiresAt = options.expiresAt;
+  }
   if (!bundle || typeof bundle !== "object") {
     throw new ValidationError("bundle is required and must be an object");
   }
   if (!storage?.baseUrl) {
     throw new ValidationError("storage with baseUrl is required");
   }
+  let mode = options.mode ?? "manifest";
+  if (options.compliance === "pshd") {
+    mode = "direct";
+    if (passcode) {
+      throw new ValidationError(
+        "PSHD compliance forbids passcode (flag U is incompatible with flag P)"
+      );
+    }
+    if (!expiresAt && options.expiresAt !== "permanent") {
+      throw new ValidationError(
+        "PSHD compliance requires expiresAt (short-lived links for point-of-care)"
+      );
+    }
+  }
+  if (mode === "direct" && passcode) {
+    throw new ValidationError(
+      "Direct mode (flag U) is incompatible with passcode (flag P)"
+    );
+  }
   const key = generateKey();
   const shlId = generateShlId();
   let jwe;
@@ -1768,31 +1914,34 @@ async function create(options) {
       );
     }
   }
-  const manifest = {
-    files: [
-      {
-        contentType: "application/fhir+json;fhirVersion=4.0.1",
-        location: `${baseUrl}/${shlId}/content`
-      },
-      ...attachments.map((att, i) => ({
-        contentType: att.contentType,
-        location: `${baseUrl}/${shlId}/attachment/${i}`
-      }))
-    ],
-    status: "finalized",
-    lastUpdated: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  try {
-    await storage.store(`${shlId}/manifest.json`, JSON.stringify(manifest));
-  } catch (err) {
-    throw new StorageError(
-      `Failed to store manifest: ${err instanceof Error ? err.message : String(err)}`,
-      "store"
-    );
+  if (mode === "manifest") {
+    const manifest = {
+      files: [
+        {
+          contentType: "application/fhir+json;fhirVersion=4.0.1",
+          location: `${baseUrl}/${shlId}/content`
+        },
+        ...attachments.map((att, i) => ({
+          contentType: att.contentType,
+          location: `${baseUrl}/${shlId}/attachment/${i}`
+        }))
+      ],
+      status: "finalized",
+      lastUpdated: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    try {
+      await storage.store(`${shlId}/manifest.json`, JSON.stringify(manifest));
+    } catch (err) {
+      throw new StorageError(
+        `Failed to store manifest: ${err instanceof Error ? err.message : String(err)}`,
+        "store"
+      );
+    }
   }
   const metadata = {
     createdAt: (/* @__PURE__ */ new Date()).toISOString()
   };
+  if (mode === "direct") metadata.mode = "direct";
   if (passcode) {
     metadata.passcode = createHash("sha256").update(passcode).digest("hex");
   }
@@ -1806,7 +1955,7 @@ async function create(options) {
       "store"
     );
   }
-  const flags = buildFlags(passcode);
+  const flags = buildFlags(mode, passcode);
   const shlPayload = {
     url: `${baseUrl}/${shlId}`,
     key: base64url(key),
@@ -1833,8 +1982,8 @@ async function create(options) {
   if (debug) result.debugBundlePath = `${shlId}/bundle.json`;
   return result;
 }
-function buildFlags(passcode) {
-  const flags = ["L"];
+function buildFlags(mode, passcode) {
+  const flags = [mode === "direct" ? "U" : "L"];
   if (passcode) flags.push("P");
   return flags.sort().join("");
 }
@@ -1941,5 +2090,5 @@ async function revoke(shlId, storage) {
 }
 
 export { ips_exports, shl_exports };
-//# sourceMappingURL=chunk-YBDRWUQU.js.map
-//# sourceMappingURL=chunk-YBDRWUQU.js.map
+//# sourceMappingURL=chunk-YUMCDN7I.js.map
+//# sourceMappingURL=chunk-YUMCDN7I.js.map