npm - @medplum/cdk - Versions diffs - 3.0.0 → 3.0.2 - Mend

@medplum/cdk 3.0.0 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/cjs/index.cjs +1 -1
package/dist/cjs/index.cjs.map +4 -4
package/dist/esm/index.mjs +1 -1
package/dist/esm/index.mjs.map +4 -4
package/dist/types/backend.d.ts +2 -0
package/dist/types/backend.d.ts.map +1 -1
package/dist/types/storage.d.ts.map +1 -1
package/package.json +6 -6

package/dist/esm/index.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-var le=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as dr}from"aws-cdk-lib";import{readFileSync as pr}from"fs";import{resolve as hr}from"path";import{GetParameterCommand as Bt,SSMClient as Ft}from"@aws-sdk/client-ssm";var Fe=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},M=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},je=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(n,i){let s=n.consumeAndParse(t);return r(i,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(n,i,s){let o=n.consumeAndParse(t);return r(i,s,o)},precedence:t})}construct(e){return new Ge(e,this.prefixParselets,this.infixParselets)}},Ge=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let n=r.parse(this,t);for(;e>this.getPrecedence();){let i=this.consume();n=this.getInfixParselet(i).parse(this,n,i)}return n}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function Y(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},expression:t?[t]:void 0}]}}function A(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var b=class extends Error{constructor(e,t){super(qe(e)),this.outcome=e,this.cause=t}};function qe(e){let t=e.issue?.map(We)??[];return t.length>0?t.join("; "):"Unknown error"}function We(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function He(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let n=t?new Date(t):new Date;n.setUTCHours(0,0,0,0);let i=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),u=n.getUTCFullYear(),p=n.getUTCMonth(),R=n.getUTCDate(),G=u-i;(p<s||p===s&&R<o)&&G--;let ue=u*12+p-(i*12+s);R<o&&ue--;let Be=Math.floor((n.getTime()-r.getTime())/(1e3*60*60*24));return{years:G,months:ue,days:Be}}function ye(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!ze(e):!1}function ze(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var Qe=[];for(let e=0;e<256;e++)Qe.push(e.toString(16).padStart(2,"0"));function ge(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}function Ve(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Je(e){let t=Object.create(null);for(let[r,n]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(n.elements).map(([i,s])=>[i,Ve(i,s)])),constraints:[],innerTypes:[]};return t}var Ye={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},MetadataResource:{elements:{id:{type:[{code:"string"}]},meta:{type:[{code:"Meta"}]},implicitRules:{type:[{code:"uri"}]},language:{type:[{code:"code"}]},text:{type:[{code:"Narrative"}]},contained:{max:9007199254740991,type:[{code:"Resource"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},url:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},name:{type:[{code:"string"}]},title:{type:[{code:"string"}]},status:{min:1,type:[{code:"code"}]},experimental:{type:[{code:"boolean"}]},date:{type:[{code:"dateTime"}]},publisher:{type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]},description:{type:[{code:"markdown"}]},useContext:{max:9007199254740991,type:[{code:"UsageContext"}]},jurisdiction:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};function c(e){return[{type:a.boolean,value:e}]}function k(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:a.integer,value:e}:typeof e=="number"?{type:a.decimal,value:e}:typeof e=="boolean"?{type:a.boolean,value:e}:typeof e=="string"?{type:a.string,value:e}:f(e)?{type:a.Quantity,value:e}:W(e)?{type:e.resourceType,value:e}:{type:a.BackboneElement,value:e}}function E(e){return e.length===0?!1:!!e[0].value}function T(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function Ke(e,t){if(!e.value)return;let r=ot(e.type,t);return r?Ze(e.value,t,r):Xe(e,t)}function Ze(e,t,r){let n=r.type;if(!n||n.length===0)return;let i,s="undefined",o;if(r.path.endsWith("[x]")){let u=r.path.split(".").pop().replace("[x]","");for(let p of n){let R=u+ge(p.code);if(i=e[R],o=e["_"+R],i!==void 0||o!==void 0){s=p.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),i=e[t],s=n[0].code,o=e["_"+t];if(o)if(Array.isArray(i))for(let u=0;u<Math.max(i.length,o.length);u++)i[u]=me(i[u],o[u]);else i=me(i,o);if(!ye(i))return(s==="Element"||s==="BackboneElement")&&(s=r.type[0].code),Array.isArray(i)?i.map(u=>de(u,s)):de(i,s)}function de(e,t){return t==="Resource"&&W(e)&&(t=e.resourceType),{type:t,value:e}}function Xe(e,t){let r=e.value;if(!r||typeof r!="object")return;let n;if(t in r)n=r[t];else for(let i in a){let s=t+ge(i);if(s in r){n=r[s];break}}if(!ye(n))return Array.isArray(n)?n.map(k):k(n)}function ve(e){let t=[];for(let r of e){let n=!1;for(let i of t)if(E(be(r,i))){n=!0;break}n||t.push(r)}return t}function Se(e){return c(!E(e))}function we(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?c(!1):c(e.every((r,n)=>E(be(r,t[n]))))}function be(e,t){let r=e.value?.valueOf(),n=t.value?.valueOf();return typeof r=="number"&&typeof n=="number"?c(Math.abs(r-n)<1e-8):f(r)&&f(n)?c(Ce(r,n)):c(typeof r=="object"&&typeof n=="object"?K(e,t):r===n)}function xe(e,t){return e.length===0&&t.length===0?c(!0):e.length!==t.length?c(!1):(e.sort(pe),t.sort(pe),c(e.every((r,n)=>E(et(r,t[n])))))}function et(e,t){let{type:r,value:n}=e,{type:i,value:s}=t,o=n?.valueOf(),u=s?.valueOf();return typeof o=="number"&&typeof u=="number"?c(Math.abs(o-u)<.01):f(o)&&f(u)?c(Ce(o,u)):c(r==="Coding"&&i==="Coding"?typeof o!="object"||typeof u!="object"?!1:o.code===u.code&&o.system===u.system:typeof o=="object"&&typeof u=="object"?K({...o,id:void 0},{...u,id:void 0}):typeof o=="string"&&typeof u=="string"?o.toLowerCase()===u.toLowerCase():o===u)}function pe(e,t){let r=e.value?.valueOf(),n=t.value?.valueOf();return typeof r=="number"&&typeof n=="number"?r-n:typeof r=="string"&&typeof n=="string"?r.localeCompare(n):0}function Te(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return typeof r=="string"&&!!/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r);case"DateTime":return typeof r=="string"&&!!/^\d{4}(-\d{2}(-\d{2})?)?T/.exec(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return tt(r);case"Quantity":return f(r);default:return typeof r=="object"&&r?.resourceType===t}}function tt(e){return!!(e&&typeof e=="object"&&"start"in e)}function f(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function Ce(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function K(e,t){let r=Object.keys(e),n=Object.keys(t);if(r.length!==n.length)return!1;for(let i of r){let s=e[i],o=t[i];if(he(s)&&he(o)){if(!K(s,o))return!1}else if(s!==o)return!1}return!0}function he(e){return e!==null&&typeof e=="object"}function me(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return rt(e??{},t)}return e}function rt(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}var nt=Je(Ye);var fe=Object.create(null);function it(e){let t;return e?(t=fe[e],t||(t=fe[e]=Object.create(null))):t=nt,t}function st(e,t){return it(t)[e]}var a={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function ot(e,t){let r=st(e);if(r)return at(r.elements,t)}function at(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let n=0;n<t.length;n++){let i=t[n];if(i>="A"&&i<="Z"){let s=t.slice(0,n)+"[x]",o=e[s];if(o)return o}}}function W(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function q(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var L=()=>[],h={empty:(e,t)=>c(t.length===0),exists:(e,t,r)=>c(r?t.filter(n=>E(r.eval(e,[n]))).length>0:t.length>0),all:(e,t,r)=>c(t.every(n=>E(r.eval(e,[n])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return c(!1);return c(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return c(!0);return c(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return c(!1);return c(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return c(!0);return c(!1)},subsetOf:L,supersetOf:L,count:(e,t)=>[{type:a.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let n of t)r.some(i=>i.value===n.value)||r.push(n);return r},isDistinct:(e,t)=>c(t.length===h.distinct(e,t).length),where:(e,t,r)=>t.filter(n=>E(r.eval(e,[n]))),select:(e,t,r)=>t.map(n=>r.eval(e,[n])).flat(),repeat:L,ofType:(e,t,r)=>t.filter(n=>n.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let n=r.eval(e,t)[0]?.value;if(typeof n!="number")throw new Error("Expected a number for skip(num)");return n>=t.length?[]:n<=0?t:t.slice(n,t.length)},take:(e,t,r)=>{let n=r.eval(e,t)[0]?.value;if(typeof n!="number")throw new Error("Expected a number for take(num)");return n>=t.length?t:n<=0?[]:t.slice(0,n)},intersect:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t),i=[];for(let s of t)!i.some(o=>o.value===s.value)&&n.some(o=>o.value===s.value)&&i.push(s);return i},exclude:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t),i=[];for(let s of t)n.some(o=>o.value===s.value)||i.push(s);return i},union:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t);return ve([...t,...n])},combine:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t);return[...t,...n]},htmlChecks:(e,t,r)=>[k(!0)],iif:(e,t,r,n,i)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return E(s)?n.eval(e,t):i?i.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);if(typeof r=="boolean")return[{type:a.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return c(!!r);if(typeof r=="string"){let n=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(n))return c(!0);if(["false","f","no","n","0","0.0"].includes(n))return c(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:c(h.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return typeof r=="number"?[{type:a.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:a.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:a.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:c(h.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:a.date,value:q(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:c(h.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:a.dateTime,value:q(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:c(h.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return typeof r=="number"?[{type:a.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:a.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:a.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:c(h.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return f(r)?[{type:a.Quantity,value:r}]:typeof r=="number"?[{type:a.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:a.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:a.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:c(h.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);return r==null?[]:f(r)?[{type:a.string,value:`${r.value} '${r.unit}'`}]:[{type:a.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:c(h.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=w(t,1);if(typeof r=="string"){let n=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(n)return[{type:a.time,value:q("T"+n[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:c(h.toTime(e,t).length===1),indexOf:(e,t,r)=>m((n,i)=>n.indexOf(i),e,t,r),substring:(e,t,r,n)=>m((i,s,o)=>{let u=s,p=o?u+o:i.length;return u<0||u>=i.length?void 0:i.substring(u,p)},e,t,r,n),startsWith:(e,t,r)=>m((n,i)=>n.startsWith(i),e,t,r),endsWith:(e,t,r)=>m((n,i)=>n.endsWith(i),e,t,r),contains:(e,t,r)=>m((n,i)=>n.includes(i),e,t,r),upper:(e,t)=>m(r=>r.toUpperCase(),e,t),lower:(e,t)=>m(r=>r.toLowerCase(),e,t),replace:(e,t,r,n)=>m((i,s,o)=>i.replaceAll(s,o),e,t,r,n),matches:(e,t,r)=>m((n,i)=>!!new RegExp(i).exec(n),e,t,r),replaceMatches:(e,t,r,n)=>m((i,s,o)=>i.replaceAll(s,o),e,t,r,n),length:(e,t)=>m(r=>r.length,e,t),toChars:(e,t)=>m(r=>r?r.split(""):void 0,e,t),abs:(e,t)=>S(Math.abs,e,t),ceiling:(e,t)=>S(Math.ceil,e,t),exp:(e,t)=>S(Math.exp,e,t),floor:(e,t)=>S(Math.floor,e,t),ln:(e,t)=>S(Math.log,e,t),log:(e,t,r)=>S((n,i)=>Math.log(n)/Math.log(i),e,t,r),power:(e,t,r)=>S(Math.pow,e,t,r),round:(e,t)=>S(Math.round,e,t),sqrt:(e,t)=>S(Math.sqrt,e,t),truncate:(e,t)=>S(r=>r|0,e,t),children:L,descendants:L,trace:(e,t,r)=>(console.log("trace",t,r),t),now:()=>[{type:a.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:a.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:a.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,n,i)=>{let s=h.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=h.toDateTime(e,n.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let u=i.eval(e,t)[0]?.value;if(u!=="years"&&u!=="months"&&u!=="days")throw new Error("Invalid units");let p=He(s[0].value,o[0].value);return[{type:a.Quantity,value:{value:p[u],unit:u}}]},is:(e,t,r)=>{let n="";return r instanceof Z?n=r.name:r instanceof Ee&&(n=r.left.name+"."+r.right.name),n?t.map(i=>({type:a.boolean,value:Te(i,n)})):[]},not:(e,t)=>h.toBoolean(e,t).map(r=>({type:a.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let n=r.value,i;if(typeof n=="string")i=n;else if(typeof n=="object"){let s=n;if(s.resource)return k(s.resource);s.reference?i=s.reference:s.type&&s.identifier&&(i=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(i?.includes("?")){let[s]=i.split("?");return{type:s,value:{resourceType:s}}}if(i?.includes("/")){let[s,o]=i.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:a.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:a.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:a.BackboneElement,value:{namespace:"System",name:"Integer"}}:W(r)?{type:a.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:a.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let n=r.eval(e,t)[0].value;if(!n.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let i=n.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:a.boolean,value:s.value?.resourceType===i}))}};function m(e,t,r,...n){if(r.length===0)return[];let[{value:i}]=w(r,1);if(typeof i!="string")throw new Error("String function cannot be called with non-string");let s=e(i,...n.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(k):[k(s)]}function S(e,t,r,...n){if(r.length===0)return[];let[{value:i}]=w(r,1),s=f(i),o=s?i.value:i;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let u=e(o,...n.map(G=>G.eval(t,r)[0]?.value)),p=s?a.Quantity:r[0].type,R=s?{...i,value:u}:u;return[{type:p,value:R}]}function w(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}var I=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},Z=class{constructor(e){this.name=e}eval(e,t){if(this.name==="$this")return t;let r=e.variables[this.name];if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(n=>this.evalValue(n)).filter(n=>n?.value!==void 0)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return W(t)&&t.resourceType===this.name?e:Ke(e,this.name)}toString(){return this.name}},ct=class{eval(){return[]}toString(){return"{}"}},ut=class extends Fe{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},lt=class extends M{constructor(e,t){super("as",e,t)}eval(e,t){return h.ofType(e,this.left.eval(e,t),this.right)}},y=class extends M{},v=class extends y{constructor(e,t,r,n){super(e,t,r),this.impl=n}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let n=this.right.eval(e,t);if(n.length!==1)return[];let i=r[0].value,s=n[0].value,o=f(i)?i.value:i,u=f(s)?s.value:s,p=this.impl(o,u);return typeof p=="boolean"?c(p):f(i)?[{type:a.Quantity,value:{...i,value:p}}]:[k(p)]}},dt=class extends M{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t),i=[...r,...n];return i.length>0&&i.every(s=>typeof s.value=="string")?[{type:a.string,value:i.map(s=>s.value).join("")}]:i}},pt=class extends y{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return c(r.some(i=>i.value===n[0].value))}},ht=class extends y{constructor(e,t){super("in",e,t)}eval(e,t){let r=T(this.left.eval(e,t)),n=this.right.eval(e,t);return r?c(n.some(i=>i.value===r.value)):[]}},Ee=class extends M{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},mt=class extends M{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return ve([...r,...n])}},ft=class extends y{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return we(r,n)}},yt=class extends y{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return Se(we(r,n))}},gt=class extends y{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return xe(r,n)}},vt=class extends y{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return Se(xe(r,n))}},St=class extends y{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let n=this.right.name;return c(Te(r[0],n))}},wt=class extends y{constructor(e,t){super("and",e,t)}eval(e,t){let r=T(this.left.eval(e,t),"boolean"),n=T(this.right.eval(e,t),"boolean");return r?.value===!0&&n?.value===!0?c(!0):r?.value===!1||n?.value===!1?c(!1):[]}},bt=class extends y{constructor(e,t){super("or",e,t)}eval(e,t){let r=T(this.left.eval(e,t),"boolean"),n=T(this.right.eval(e,t),"boolean");return r?.value===!1&&n?.value===!1?c(!1):r?.value||n?.value?c(!0):[]}},xt=class extends y{constructor(e,t){super("xor",e,t)}eval(e,t){let r=T(this.left.eval(e,t),"boolean"),n=T(this.right.eval(e,t),"boolean");return!r||!n?[]:c(r.value!==n.value)}},Tt=class extends y{constructor(e,t){super("implies",e,t)}eval(e,t){let r=T(this.left.eval(e,t),"boolean"),n=T(this.right.eval(e,t),"boolean");return n?.value===!0||r?.value===!1?c(!0):!r||!n?[]:c(!1)}},Ct=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=h[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},Et=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let n=r[0].value;if(typeof n!="number")throw new Error("Invalid indexer expression: should return integer}");let i=this.left.eval(e,t);return n in i?[i[n]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Ae=["!=","!~","<=",">=","{}","->"];var l={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},At={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},Pt={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new Et(t,r)},precedence:l.Indexer},Rt={parse(e,t){if(!(t instanceof Z))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new Ct(t.name,r)},precedence:l.FunctionCall};function kt(e){let t=e.split(" "),r=parseFloat(t[0]),n=t[1];return n?.startsWith("'")&&n.endsWith("'")?n=n.substring(1,n.length-1):n="{"+n+"}",{value:r,unit:n}}function X(){return new je().registerPrefix("String",{parse:(e,t)=>new I({type:a.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new I({type:a.dateTime,value:q(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new I({type:a.Quantity,value:kt(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new I({type:t.value.includes(".")?a.decimal:a.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new I({type:a.boolean,value:!0})}).registerPrefix("false",{parse:()=>new I({type:a.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new Z(t.value)}).registerPrefix("{}",{parse:()=>new ct}).registerPrefix("(",At).registerInfix("[",Pt).registerInfix("(",Rt).prefix("+",l.UnaryAdd,(e,t)=>new ut("+",t,r=>r)).prefix("-",l.UnarySubtract,(e,t)=>new v("-",t,t,(r,n)=>-n)).infixLeft(".",l.Dot,(e,t,r)=>new Ee(e,r)).infixLeft("/",l.Divide,(e,t,r)=>new v("/",e,r,(n,i)=>n/i)).infixLeft("*",l.Multiply,(e,t,r)=>new v("*",e,r,(n,i)=>n*i)).infixLeft("+",l.Add,(e,t,r)=>new v("+",e,r,(n,i)=>n+i)).infixLeft("-",l.Subtract,(e,t,r)=>new v("-",e,r,(n,i)=>n-i)).infixLeft("|",l.Union,(e,t,r)=>new mt(e,r)).infixLeft("=",l.Equals,(e,t,r)=>new ft(e,r)).infixLeft("!=",l.NotEquals,(e,t,r)=>new yt(e,r)).infixLeft("~",l.Equivalent,(e,t,r)=>new gt(e,r)).infixLeft("!~",l.NotEquivalent,(e,t,r)=>new vt(e,r)).infixLeft("<",l.LessThan,(e,t,r)=>new v("<",e,r,(n,i)=>n<i)).infixLeft("<=",l.LessThanOrEquals,(e,t,r)=>new v("<=",e,r,(n,i)=>n<=i)).infixLeft(">",l.GreaterThan,(e,t,r)=>new v(">",e,r,(n,i)=>n>i)).infixLeft(">=",l.GreaterThanOrEquals,(e,t,r)=>new v(">=",e,r,(n,i)=>n>=i)).infixLeft("&",l.Ampersand,(e,t,r)=>new dt(e,r)).infixLeft("and",l.And,(e,t,r)=>new wt(e,r)).infixLeft("as",l.As,(e,t,r)=>new lt(e,r)).infixLeft("contains",l.Contains,(e,t,r)=>new pt(e,r)).infixLeft("div",l.Divide,(e,t,r)=>new v("div",e,r,(n,i)=>n/i|0)).infixLeft("in",l.In,(e,t,r)=>new ht(e,r)).infixLeft("is",l.Is,(e,t,r)=>new St(e,r)).infixLeft("mod",l.Modulo,(e,t,r)=>new v("mod",e,r,(n,i)=>n%i)).infixLeft("or",l.Or,(e,t,r)=>new bt(e,r)).infixLeft("xor",l.Xor,(e,t,r)=>new xt(e,r)).infixLeft("implies",l.Implies,(e,t,r)=>new Tt(e,r))}var yr=X();var It=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(It||{});var Dt=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))(Dt||{});var Nt=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))(Nt||{});var Ot={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript"};var $t;$t=Symbol.toStringTag;var gr=Ot.FHIR_JSON+", */*; q=0.1";var Lt=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(Lt||{}),Mt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Mt||{}),_t=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(_t||{}),Ut=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(Ut||{});var vr=[...Ae,"->","<<",">>","=="];var Sr=X().registerInfix("->",{precedence:l.Arrow}).registerInfix(";",{precedence:l.Semicolon});var wr=[...Ae,"eq","ne","co"];var br=X();var te=["string","boolean","number"],ee={},re=class{constructor(t){let{region:r}=t;if(!r)throw new b(A("'region' must be defined as a string literal in config."));ee[r]||(ee[r]=new Ft({region:r})),this.config=t,this.clients={ssm:ee[r]}}async fetchParameterStoreSecret(t){let n=(await this.clients.ssm.send(new Bt({Name:t,WithDecryption:!0}))).Parameter;if(!n)throw new b(Y(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let i=n.Value;if(!i)throw new b(Y(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return i}async fetchExternalSecret(t){qt(t);let{system:r,key:n,type:i}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(n);break}default:throw new b(A(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${n}'.`))}return jt(n,s,i)}async normalizeInfraConfigArray(t){let r=t[0],n;if(typeof r!="object"&&r!==null||Pe(r)){n=new Array(t.length);for(let i=0;i<t.length;i++){let s=t[i];if(typeof s!="object"){n[i]=s;continue}let o=await this.fetchExternalSecret(s);n[i]=o}}else{n=new Array(t.length);for(let i=0;i<t.length;i++)n[i]=await this.normalizeObjectInInfraConfig(t[i])}return n}async normalizeValueForKey(t,r){let n=t[r];typeof n!="object"?t[r]=n:Pe(n)?t[r]=await this.fetchExternalSecret(n):Array.isArray(n)&&n.length?t[r]=await this.normalizeInfraConfigArray(n):typeof n=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(n))}async normalizeObjectInInfraConfig(t){let r={...t};for(let n of Object.keys(r))await this.normalizeValueForKey(r,n);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function jt(e,t,r){let n=typeof t;if(!te.includes(n))throw new b(A(`Invalid value found for type; expected either ${te.join(", or")} but got ${n}`));if(n===r)return t;if(n==="string"&&r==="boolean"){let i=t.toLowerCase();if(i!=="true"&&i!=="false")throw new b(A(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return i==="true"}else if(n==="string"&&r==="number"){let i=parseInt(t,10);if(Number.isNaN(i))throw new b(A(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return i}else throw new b(A(`Invalid value found for type; expected ${r} value but got value of type ${n}`))}function Pe(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function Gt(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&te.includes(e.type)}function qt(e){if(!Gt(e))throw new b(A("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function Re(e){return new re(e).normalizeConfig()}import{Stack as _e,Tags as Ue}from"aws-cdk-lib";import{Duration as H,RemovalPolicy as ke,aws_ec2 as x,aws_ecs as N,aws_elasticache as Ie,aws_elasticloadbalancingv2 as _,aws_iam as d,aws_logs as De,aws_rds as O,aws_route53 as ne,aws_s3 as Wt,aws_secretsmanager as Ne,aws_ssm as P,aws_route53_targets as Ht,aws_wafv2 as Oe}from"aws-cdk-lib";import{Repository as zt}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as $e}from"aws-cdk-lib/aws-rds";import{Construct as Qt}from"constructs";var D=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var z=class extends Qt{constructor(t,r){super(t,"BackEnd");let n=r.name;if(r.vpcId)this.vpc=x.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let i=new De.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+n,removalPolicy:ke.DESTROY});this.vpc=new x.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:x.FlowLogDestination.toCloudWatchLogs(i),trafficType:x.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new d.Role(this,"BotLambdaRole",{assumedBy:new d.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn){let i={instanceType:r.rdsInstanceType?new x.InstanceType(r.rdsInstanceType):void 0,enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},s;if(r.rdsInstances>1){s=[];for(let o=0;o<r.rdsInstances-1;o++)s.push($e.provisioned("Instance"+(o+2),{...i}))}this.rdsCluster=new O.DatabaseCluster(this,"DatabaseCluster",{engine:O.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?O.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):O.AuroraPostgresEngineVersion.VER_12_9}),credentials:O.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:x.SubnetType.PRIVATE_WITH_EGRESS},writer:$e.provisioned("Instance1",{...i}),readers:s,backup:{retention:H.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:O.InstanceUpdateBehaviour.ROLLING}),this.rdsSecretsArn=this.rdsCluster.secret.secretArn}if(this.redisSubnetGroup=new Ie.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(i=>i.subnetId)}),this.redisSecurityGroup=new x.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new Ne.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Ie.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new Ne.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new N.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new d.PolicyDocument({statements:[new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:["arn:aws:logs:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:["arn:aws:secretsmanager:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:["arn:aws:ssm:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:["arn:aws:ses:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["s3:ListBucket","s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:["arn:aws:s3:::*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:ListLayerVersions","lambda:GetLayerVersion","lambda:InvokeFunction"],resources:["arn:aws:lambda:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]})]}),this.taskRole=new d.Role(this,"TaskExecutionRole",{assumedBy:new d.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new N.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new De.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+n,removalPolicy:ke.DESTROY}),this.logDriver=new N.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[r.region==="us-east-1"?`aws:/medplum/${n}/`:`aws:${r.region}:/medplum/${n}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let i of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+i.name,{containerName:i.name,image:this.getContainerImage(r,i.image),command:i.command,environment:i.environment,logging:this.logDriver});if(this.fargateSecurityGroup=new x.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new N.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:x.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:H.minutes(5)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new _.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:_.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:H.seconds(30),timeout:H.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]}),this.loadBalancer=new _.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Wt.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:_.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:_.ListenerAction.forward([this.targetGroup])}),this.waf=new Oe.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:D,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Oe.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,x.Port.tcp(6379)),!r.skipDns){let i=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=ne.HostedZone.fromLookup(this,"Zone",{domainName:i});this.dnsRecord=new ne.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:ne.RecordTarget.fromAlias(new Ht.LoadBalancerTarget(this.loadBalancer)),zone:s})}this.regionParameter=new P.StringParameter(this,"RegionParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new P.StringParameter(this,"DatabaseSecretsParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.redisSecretsParameter=new P.StringParameter(this,"RedisSecretsParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new P.StringParameter(this,"BotLambdaRoleParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let i=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=i?.[1],o=i?.[2];if(s&&o){let u=zt.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return N.ContainerImage.fromEcrRepository(u,o)}return N.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as Vt,aws_cloudwatch as ie,aws_cloudwatch_actions as Jt,aws_logs as Q,aws_sns as Le}from"aws-cdk-lib";import{Construct as Yt}from"constructs";var U=class extends Yt{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new Q.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:Q.RetentionDays.ONE_YEAR}),this.cloudTrail=new Vt.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=Q.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=Le.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new Le.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let n=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[i,s]of n)this.createMetricAlarm(i,s)}createMetricAlarm(t,r){let n=`${this.config.stackName}${t}MetricFilter`,i=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,u=new Q.MetricFilter(this,n,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:i});new ie.Alarm(this,o,{metric:u.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:ie.TreatMissingData.NOT_BREACHING,comparisonOperator:ie.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Jt.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as Zt,aws_cloudfront as g,Duration as Xt,aws_cloudfront_origins as Me,RemovalPolicy as er,aws_route53 as se,aws_s3 as B,aws_route53_targets as tr,aws_wafv2 as rr}from"aws-cdk-lib";import{Construct as nr}from"constructs";import{aws_iam as Kt}from"aws-cdk-lib";function V(e,t){let r=new Kt.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var F=class extends nr{constructor(t,r,n){if(super(t,"FrontEnd"),n===r.region?this.appBucket=new B.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:B.BlockPublicAccess.BLOCK_ALL,removalPolicy:er.DESTROY,encryption:B.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=B.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),n==="us-east-1"&&(this.responseHeadersPolicy=new g.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'","frame-src 'self' *.medplum.com *.gstatic.com *.google.com",`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:g.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:g.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:Xt.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new rr.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:D,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new g.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:g.CacheCookieBehavior.all(),headerBehavior:g.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:g.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new g.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=V(this.appBucket,this.originAccessIdentity),this.distribution=new g.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new Me.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:g.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new Me.HttpOrigin(r.apiDomainName),allowedMethods:g.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:g.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:Zt.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?B.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let i=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=se.HostedZone.fromLookup(this,"Zone",{domainName:i});this.dnsRecord=new se.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:se.RecordTarget.fromAlias(new tr.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as ir,aws_cloudfront as C,Duration as sr,aws_cloudfront_origins as or,aws_route53 as oe,aws_s3 as $,aws_route53_targets as ar,aws_wafv2 as cr}from"aws-cdk-lib";import{ServerlessClamscan as ur}from"cdk-serverless-clamscan";import{Construct as lr}from"constructs";var j=class extends lr{constructor(t,r,n){if(super(t,"Storage"),n===r.region?(this.storageBucket=new $.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:$.BlockPublicAccess.BLOCK_ALL,encryption:$.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new ur(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:$.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=$.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),n==="us-east-1"){let i;if(r.signingKeyId?i=C.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):i=new C.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new C.KeyGroup(this,"StorageKeyGroup",{items:[i]}),this.responseHeadersPolicy=new C.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *.medplum.com;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:C.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:C.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:sr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new cr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:D,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new C.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=V(this.storageBucket,this.originAccessIdentity),this.distribution=new C.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new or.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:C.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:ir.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?$.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=oe.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new oe.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:oe.RecordTarget.fromAlias(new ar.CloudFrontTarget(this.distribution)),zone:o})}}}};var J=class{constructor(t,r){this.primaryStack=new ae(t,r),r.region!=="us-east-1"&&(this.globalStack=new ce(t,r),this.globalStack.addDependency(this.primaryStack))}},ae=class extends _e{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),Ue.of(this).add("medplum:environment",r.name),this.backEnd=new z(this,r),this.frontEnd=new F(this,r,r.region),this.storage=new j(this,r,r.region),this.cloudTrail=new U(this,r)}},ce=class extends _e{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),Ue.of(this).add("medplum:environment",r.name),this.frontEnd=new F(this,r,"us-east-1"),this.storage=new j(this,r,"us-east-1"),this.cloudTrail=new U(this,r)}};function mr(e){let t=new dr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let n=JSON.parse(pr(hr(r),"utf-8"));Re(n).then(i=>{let s=new J(t,i);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(i=>{console.error(i),process.exit(1)})}le.main===module&&mr();export{z as BackEnd,U as CloudTrailAlarms,F as FrontEnd,ce as MedplumGlobalStack,ae as MedplumPrimaryStack,J as MedplumStack,j as Storage,D as awsManagedRules,mr as main};
+var de=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as fr}from"aws-cdk-lib";import{readFileSync as yr}from"fs";import{resolve as gr}from"path";import{GetParameterCommand as qt,SSMClient as Wt}from"@aws-sdk/client-ssm";var Ge=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},_=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},qe=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(n,i){let s=n.consumeAndParse(t);return r(i,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(n,i,s){let o=n.consumeAndParse(t);return r(i,s,o)},precedence:t})}construct(e){return new We(e,this.prefixParselets,this.infixParselets)}},We=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let n=r.parse(this,t);for(;e>this.getPrecedence();){let i=this.consume();n=this.getInfixParselet(i).parse(this,n,i)}return n}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function K(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},expression:t?[t]:void 0}]}}function k(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var T=class extends Error{constructor(e,t){super(He(e)),this.outcome=e,this.cause=t}};function He(e){let t=e.issue?.map(ze)??[];return t.length>0?t.join("; "):"Unknown error"}function ze(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function Ve(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let n=t?new Date(t):new Date;n.setUTCHours(0,0,0,0);let i=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),a=n.getUTCFullYear(),p=n.getUTCMonth(),S=n.getUTCDate(),A=a-i;(p<s||p===s&&S<o)&&A--;let le=a*12+p-(i*12+s);S<o&&le--;let je=Math.floor((n.getTime()-r.getTime())/(1e3*60*60*24));return{years:A,months:le,days:je}}function ge(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!Qe(e):!1}function Qe(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var Je=[];for(let e=0;e<256;e++)Je.push(e.toString(16).padStart(2,"0"));function ve(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}function Ye(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Ke(e){let t=Object.create(null);for(let[r,n]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(n.elements).map(([i,s])=>[i,Ye(i,s)])),constraints:[],innerTypes:[]};return t}var Ze={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},MetadataResource:{elements:{id:{type:[{code:"string"}]},meta:{type:[{code:"Meta"}]},implicitRules:{type:[{code:"uri"}]},language:{type:[{code:"code"}]},text:{type:[{code:"Narrative"}]},contained:{max:9007199254740991,type:[{code:"Resource"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},url:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},name:{type:[{code:"string"}]},title:{type:[{code:"string"}]},status:{min:1,type:[{code:"code"}]},experimental:{type:[{code:"boolean"}]},date:{type:[{code:"dateTime"}]},publisher:{type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]},description:{type:[{code:"markdown"}]},useContext:{max:9007199254740991,type:[{code:"UsageContext"}]},jurisdiction:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var Se={base64Binary:/^([A-Za-z\d+/]{4})*([A-Za-z\d+/]{2}==|[A-Za-z\d+/]{3}=)?$/,canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\s\S]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\s\S]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function c(e){return[{type:u.boolean,value:e}]}function D(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:u.integer,value:e}:typeof e=="number"?{type:u.decimal,value:e}:typeof e=="boolean"?{type:u.boolean,value:e}:typeof e=="string"?{type:u.string,value:e}:f(e)?{type:u.Quantity,value:e}:W(e)?{type:e.resourceType,value:e}:{type:u.BackboneElement,value:e}}function R(e){return e.length===0?!1:!!e[0].value}function C(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function Xe(e,t){if(!e.value)return;let r=ut(e.type,t);return r?et(e.value,t,r):tt(e,t)}function et(e,t,r){let n=r.type;if(!n||n.length===0)return;let i,s="undefined",o;if(r.path.endsWith("[x]")){let a=r.path.split(".").pop().replace("[x]","");for(let p of n){let S=a+ve(p.code);if(i=e[S],o=e["_"+S],i!==void 0||o!==void 0){s=p.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),i=e[t],s=n[0].code,o=e["_"+t];if(o)if(Array.isArray(i))for(let a=0;a<Math.max(i.length,o.length);a++)i[a]=fe(i[a],o[a]);else i=fe(i,o);if(!ge(i))return(s==="Element"||s==="BackboneElement")&&(s=r.type[0].code),Array.isArray(i)?i.map(a=>pe(a,s)):pe(i,s)}function pe(e,t){return t==="Resource"&&W(e)&&(t=e.resourceType),{type:t,value:e}}function tt(e,t){let r=e.value;if(!r||typeof r!="object")return;let n;if(t in r)n=r[t];else for(let i in u){let s=t+ve(i);if(s in r){n=r[s];break}}if(!ge(n))return Array.isArray(n)?n.map(D):D(n)}function we(e){let t=[];for(let r of e){let n=!1;for(let i of t)if(R(Te(r,i))){n=!0;break}n||t.push(r)}return t}function xe(e){return c(!R(e))}function be(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?c(!1):c(e.every((r,n)=>R(Te(r,t[n]))))}function Te(e,t){let r=e.value?.valueOf(),n=t.value?.valueOf();return typeof r=="number"&&typeof n=="number"?c(Math.abs(r-n)<1e-8):f(r)&&f(n)?c(Ee(r,n)):c(typeof r=="object"&&typeof n=="object"?Z(e,t):r===n)}function Pe(e,t){return e.length===0&&t.length===0?c(!0):e.length!==t.length?c(!1):(e.sort(he),t.sort(he),c(e.every((r,n)=>R(rt(r,t[n])))))}function rt(e,t){let{type:r,value:n}=e,{type:i,value:s}=t,o=n?.valueOf(),a=s?.valueOf();return typeof o=="number"&&typeof a=="number"?c(Math.abs(o-a)<.01):f(o)&&f(a)?c(Ee(o,a)):c(r==="Coding"&&i==="Coding"?typeof o!="object"||typeof a!="object"?!1:o.code===a.code&&o.system===a.system:typeof o=="object"&&typeof a=="object"?Z({...o,id:void 0},{...a,id:void 0}):typeof o=="string"&&typeof a=="string"?o.toLowerCase()===a.toLowerCase():o===a)}function he(e,t){let r=e.value?.valueOf(),n=t.value?.valueOf();return typeof r=="number"&&typeof n=="number"?r-n:typeof r=="string"&&typeof n=="string"?r.localeCompare(n):0}function Ce(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return nt(r);case"DateTime":return Y(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return it(r);case"Quantity":return f(r);default:return typeof r=="object"&&r?.resourceType===t}}function nt(e){return typeof e=="string"&&!!Se.date.exec(e)}function Y(e){return typeof e=="string"&&!!Se.dateTime.exec(e)}function it(e){return!!(e&&typeof e=="object"&&("start"in e&&Y(e.start)||"end"in e&&Y(e.end)))}function f(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function Ee(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function Z(e,t){let r=Object.keys(e),n=Object.keys(t);if(r.length!==n.length)return!1;for(let i of r){let s=e[i],o=t[i];if(me(s)&&me(o)){if(!Z(s,o))return!1}else if(s!==o)return!1}return!0}function me(e){return e!==null&&typeof e=="object"}function fe(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return st(e??{},t)}return e}function st(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}var ot=Ke(Ze);var ye=Object.create(null);function at(e){let t;return e?(t=ye[e],t||(t=ye[e]=Object.create(null))):t=ot,t}function ct(e,t){return at(t)[e]}var u={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function ut(e,t){let r=ct(e);if(r)return lt(r.elements,t)}function lt(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let n=0;n<t.length;n++){let i=t[n];if(i>="A"&&i<="Z"){let s=t.slice(0,n)+"[x]",o=e[s];if(o)return o}}}function W(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function q(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var M=()=>[],h={empty:(e,t)=>c(t.length===0),hasValue:(e,t)=>c(t.length!==0),exists:(e,t,r)=>c(r?t.filter(n=>R(r.eval(e,[n]))).length>0:t.length>0),all:(e,t,r)=>c(t.every(n=>R(r.eval(e,[n])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return c(!1);return c(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return c(!0);return c(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return c(!1);return c(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return c(!0);return c(!1)},subsetOf:M,supersetOf:M,count:(e,t)=>[{type:u.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let n of t)r.some(i=>i.value===n.value)||r.push(n);return r},isDistinct:(e,t)=>c(t.length===h.distinct(e,t).length),where:(e,t,r)=>t.filter(n=>R(r.eval(e,[n]))),select:(e,t,r)=>t.map(n=>r.eval(e,[n])).flat(),repeat:M,ofType:(e,t,r)=>t.filter(n=>n.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let n=r.eval(e,t)[0]?.value;if(typeof n!="number")throw new Error("Expected a number for skip(num)");return n>=t.length?[]:n<=0?t:t.slice(n,t.length)},take:(e,t,r)=>{let n=r.eval(e,t)[0]?.value;if(typeof n!="number")throw new Error("Expected a number for take(num)");return n>=t.length?t:n<=0?[]:t.slice(0,n)},intersect:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t),i=[];for(let s of t)!i.some(o=>o.value===s.value)&&n.some(o=>o.value===s.value)&&i.push(s);return i},exclude:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t),i=[];for(let s of t)n.some(o=>o.value===s.value)||i.push(s);return i},union:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t);return we([...t,...n])},combine:(e,t,r)=>{if(!r)return t;let n=r.eval(e,t);return[...t,...n]},htmlChecks:(e,t,r)=>[D(!0)],iif:(e,t,r,n,i)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return R(s)?n.eval(e,t):i?i.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);if(typeof r=="boolean")return[{type:u.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return c(!!r);if(typeof r=="string"){let n=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(n))return c(!0);if(["false","f","no","n","0","0.0"].includes(n))return c(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:c(h.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return typeof r=="number"?[{type:u.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:u.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:u.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:c(h.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.date,value:q(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:c(h.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.dateTime,value:q(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:c(h.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return typeof r=="number"?[{type:u.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:u.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:u.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:c(h.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return f(r)?[{type:u.Quantity,value:r}]:typeof r=="number"?[{type:u.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:u.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:u.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:c(h.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);return r==null?[]:f(r)?[{type:u.string,value:`${r.value} '${r.unit}'`}]:[{type:u.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:c(h.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=b(t,1);if(typeof r=="string"){let n=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(n)return[{type:u.time,value:q("T"+n[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:c(h.toTime(e,t).length===1),indexOf:(e,t,r)=>m((n,i)=>n.indexOf(i),e,t,r),substring:(e,t,r,n)=>m((i,s,o)=>{let a=s,p=o?a+o:i.length;return a<0||a>=i.length?void 0:i.substring(a,p)},e,t,r,n),startsWith:(e,t,r)=>m((n,i)=>n.startsWith(i),e,t,r),endsWith:(e,t,r)=>m((n,i)=>n.endsWith(i),e,t,r),contains:(e,t,r)=>m((n,i)=>n.includes(i),e,t,r),upper:(e,t)=>m(r=>r.toUpperCase(),e,t),lower:(e,t)=>m(r=>r.toLowerCase(),e,t),replace:(e,t,r,n)=>m((i,s,o)=>i.replaceAll(s,o),e,t,r,n),matches:(e,t,r)=>m((n,i)=>!!new RegExp(i).exec(n),e,t,r),replaceMatches:(e,t,r,n)=>m((i,s,o)=>i.replaceAll(s,o),e,t,r,n),length:(e,t)=>m(r=>r.length,e,t),toChars:(e,t)=>m(r=>r?r.split(""):void 0,e,t),abs:(e,t)=>x(Math.abs,e,t),ceiling:(e,t)=>x(Math.ceil,e,t),exp:(e,t)=>x(Math.exp,e,t),floor:(e,t)=>x(Math.floor,e,t),ln:(e,t)=>x(Math.log,e,t),log:(e,t,r)=>x((n,i)=>Math.log(n)/Math.log(i),e,t,r),power:(e,t,r)=>x(Math.pow,e,t,r),round:(e,t)=>x(Math.round,e,t),sqrt:(e,t)=>x(Math.sqrt,e,t),truncate:(e,t)=>x(r=>r|0,e,t),children:M,descendants:M,trace:(e,t,r)=>t,now:()=>[{type:u.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:u.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:u.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,n,i)=>{let s=h.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=h.toDateTime(e,n.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let a=i.eval(e,t)[0]?.value;if(a!=="years"&&a!=="months"&&a!=="days")throw new Error("Invalid units");let p=Ve(s[0].value,o[0].value);return[{type:u.Quantity,value:{value:p[a],unit:a}}]},is:(e,t,r)=>{let n="";return r instanceof X?n=r.name:r instanceof Ae&&(n=r.left.name+"."+r.right.name),n?t.map(i=>({type:u.boolean,value:Ce(i,n)})):[]},not:(e,t)=>h.toBoolean(e,t).map(r=>({type:u.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let n=r.value,i;if(typeof n=="string")i=n;else if(typeof n=="object"){let s=n;if(s.resource)return D(s.resource);s.reference?i=s.reference:s.type&&s.identifier&&(i=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(i?.includes("?")){let[s]=i.split("?");return{type:s,value:{resourceType:s}}}if(i?.includes("/")){let[s,o]=i.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:u.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:u.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:u.BackboneElement,value:{namespace:"System",name:"Integer"}}:W(r)?{type:u.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:u.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let n=r.eval(e,t)[0].value;if(!n.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let i=n.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:u.boolean,value:s.value?.resourceType===i}))}};function m(e,t,r,...n){if(r.length===0)return[];let[{value:i}]=b(r,1);if(typeof i!="string")throw new Error("String function cannot be called with non-string");let s=e(i,...n.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(D):[D(s)]}function x(e,t,r,...n){if(r.length===0)return[];let[{value:i}]=b(r,1),s=f(i),o=s?i.value:i;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let a=e(o,...n.map(A=>A.eval(t,r)[0]?.value)),p=s?u.Quantity:r[0].type,S=s?{...i,value:a}:a;return[{type:p,value:S}]}function b(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}var N=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},X=class{constructor(e){this.name=e}eval(e,t){if(this.name==="$this")return t;let r=e.variables[this.name];if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(n=>this.evalValue(n)).filter(n=>n?.value!==void 0)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return W(t)&&t.resourceType===this.name?e:Xe(e,this.name)}toString(){return this.name}},dt=class{eval(){return[]}toString(){return"{}"}},pt=class extends Ge{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},ht=class extends _{constructor(e,t){super("as",e,t)}eval(e,t){return h.ofType(e,this.left.eval(e,t),this.right)}},y=class extends _{},w=class extends y{constructor(e,t,r,n){super(e,t,r),this.impl=n}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let n=this.right.eval(e,t);if(n.length!==1)return[];let i=r[0].value,s=n[0].value,o=f(i)?i.value:i,a=f(s)?s.value:s,p=this.impl(o,a);return typeof p=="boolean"?c(p):f(i)?[{type:u.Quantity,value:{...i,value:p}}]:[D(p)]}},mt=class extends _{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t),i=[...r,...n];return i.length>0&&i.every(s=>typeof s.value=="string")?[{type:u.string,value:i.map(s=>s.value).join("")}]:i}},ft=class extends y{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return c(r.some(i=>i.value===n[0].value))}},yt=class extends y{constructor(e,t){super("in",e,t)}eval(e,t){let r=C(this.left.eval(e,t)),n=this.right.eval(e,t);return r?c(n.some(i=>i.value===r.value)):[]}},Ae=class extends _{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},gt=class extends _{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return we([...r,...n])}},vt=class extends y{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return be(r,n)}},St=class extends y{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return xe(be(r,n))}},wt=class extends y{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return Pe(r,n)}},xt=class extends y{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),n=this.right.eval(e,t);return xe(Pe(r,n))}},bt=class extends y{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let n=this.right.name;return c(Ce(r[0],n))}},Tt=class extends y{constructor(e,t){super("and",e,t)}eval(e,t){let r=C(this.left.eval(e,t),"boolean"),n=C(this.right.eval(e,t),"boolean");return r?.value===!0&&n?.value===!0?c(!0):r?.value===!1||n?.value===!1?c(!1):[]}},Pt=class extends y{constructor(e,t){super("or",e,t)}eval(e,t){let r=C(this.left.eval(e,t),"boolean"),n=C(this.right.eval(e,t),"boolean");return r?.value===!1&&n?.value===!1?c(!1):r?.value||n?.value?c(!0):[]}},Ct=class extends y{constructor(e,t){super("xor",e,t)}eval(e,t){let r=C(this.left.eval(e,t),"boolean"),n=C(this.right.eval(e,t),"boolean");return!r||!n?[]:c(r.value!==n.value)}},Et=class extends y{constructor(e,t){super("implies",e,t)}eval(e,t){let r=C(this.left.eval(e,t),"boolean"),n=C(this.right.eval(e,t),"boolean");return n?.value===!0||r?.value===!1?c(!0):!r||!n?[]:c(!1)}},At=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=h[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},Rt=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let n=r[0].value;if(typeof n!="number")throw new Error("Invalid indexer expression: should return integer}");let i=this.left.eval(e,t);return n in i?[i[n]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Re=["!=","!~","<=",">=","{}","->"];var l={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},kt={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},It={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new Rt(t,r)},precedence:l.Indexer},Dt={parse(e,t){if(!(t instanceof X))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new At(t.name,r)},precedence:l.FunctionCall};function Nt(e){let t=e.split(" "),r=parseFloat(t[0]),n=t[1];return n?.startsWith("'")&&n.endsWith("'")?n=n.substring(1,n.length-1):n="{"+n+"}",{value:r,unit:n}}function ee(){return new qe().registerPrefix("String",{parse:(e,t)=>new N({type:u.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new N({type:u.dateTime,value:q(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new N({type:u.Quantity,value:Nt(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new N({type:t.value.includes(".")?u.decimal:u.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new N({type:u.boolean,value:!0})}).registerPrefix("false",{parse:()=>new N({type:u.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new X(t.value)}).registerPrefix("{}",{parse:()=>new dt}).registerPrefix("(",kt).registerInfix("[",It).registerInfix("(",Dt).prefix("+",l.UnaryAdd,(e,t)=>new pt("+",t,r=>r)).prefix("-",l.UnarySubtract,(e,t)=>new w("-",t,t,(r,n)=>-n)).infixLeft(".",l.Dot,(e,t,r)=>new Ae(e,r)).infixLeft("/",l.Divide,(e,t,r)=>new w("/",e,r,(n,i)=>n/i)).infixLeft("*",l.Multiply,(e,t,r)=>new w("*",e,r,(n,i)=>n*i)).infixLeft("+",l.Add,(e,t,r)=>new w("+",e,r,(n,i)=>n+i)).infixLeft("-",l.Subtract,(e,t,r)=>new w("-",e,r,(n,i)=>n-i)).infixLeft("|",l.Union,(e,t,r)=>new gt(e,r)).infixLeft("=",l.Equals,(e,t,r)=>new vt(e,r)).infixLeft("!=",l.NotEquals,(e,t,r)=>new St(e,r)).infixLeft("~",l.Equivalent,(e,t,r)=>new wt(e,r)).infixLeft("!~",l.NotEquivalent,(e,t,r)=>new xt(e,r)).infixLeft("<",l.LessThan,(e,t,r)=>new w("<",e,r,(n,i)=>n<i)).infixLeft("<=",l.LessThanOrEquals,(e,t,r)=>new w("<=",e,r,(n,i)=>n<=i)).infixLeft(">",l.GreaterThan,(e,t,r)=>new w(">",e,r,(n,i)=>n>i)).infixLeft(">=",l.GreaterThanOrEquals,(e,t,r)=>new w(">=",e,r,(n,i)=>n>=i)).infixLeft("&",l.Ampersand,(e,t,r)=>new mt(e,r)).infixLeft("and",l.And,(e,t,r)=>new Tt(e,r)).infixLeft("as",l.As,(e,t,r)=>new ht(e,r)).infixLeft("contains",l.Contains,(e,t,r)=>new ft(e,r)).infixLeft("div",l.Divide,(e,t,r)=>new w("div",e,r,(n,i)=>n/i|0)).infixLeft("in",l.In,(e,t,r)=>new yt(e,r)).infixLeft("is",l.Is,(e,t,r)=>new bt(e,r)).infixLeft("mod",l.Modulo,(e,t,r)=>new w("mod",e,r,(n,i)=>n%i)).infixLeft("or",l.Or,(e,t,r)=>new Pt(e,r)).infixLeft("xor",l.Xor,(e,t,r)=>new Ct(e,r)).infixLeft("implies",l.Implies,(e,t,r)=>new Et(e,r))}var wr=ee();var Ot=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(Ot||{});var $t=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))($t||{});var Lt=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))(Lt||{});var Mt={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript"};var _t;_t=Symbol.toStringTag;var xr=Mt.FHIR_JSON+", */*; q=0.1";var Ut=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(Ut||{}),Bt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Bt||{}),Ft=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(Ft||{}),jt=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(jt||{});var br=[...Re,"->","<<",">>","=="];var Tr=ee().registerInfix("->",{precedence:l.Arrow}).registerInfix(";",{precedence:l.Semicolon});var Pr=[...Re,"eq","ne","co"];var Cr=ee();var Gt=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(Gt||{});var re=["string","boolean","number"],te={},ne=class{constructor(t){let{region:r}=t;if(!r)throw new T(k("'region' must be defined as a string literal in config."));te[r]||(te[r]=new Wt({region:r})),this.config=t,this.clients={ssm:te[r]}}async fetchParameterStoreSecret(t){let n=(await this.clients.ssm.send(new qt({Name:t,WithDecryption:!0}))).Parameter;if(!n)throw new T(K(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let i=n.Value;if(!i)throw new T(K(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return i}async fetchExternalSecret(t){Vt(t);let{system:r,key:n,type:i}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(n);break}default:throw new T(k(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${n}'.`))}return Ht(n,s,i)}async normalizeInfraConfigArray(t){let r=t[0],n;if(typeof r!="object"&&r!==null||ke(r)){n=new Array(t.length);for(let i=0;i<t.length;i++){let s=t[i];if(typeof s!="object"){n[i]=s;continue}let o=await this.fetchExternalSecret(s);n[i]=o}}else{n=new Array(t.length);for(let i=0;i<t.length;i++)n[i]=await this.normalizeObjectInInfraConfig(t[i])}return n}async normalizeValueForKey(t,r){let n=t[r];typeof n!="object"?t[r]=n:ke(n)?t[r]=await this.fetchExternalSecret(n):Array.isArray(n)&&n.length?t[r]=await this.normalizeInfraConfigArray(n):typeof n=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(n))}async normalizeObjectInInfraConfig(t){let r={...t};for(let n of Object.keys(r))await this.normalizeValueForKey(r,n);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Ht(e,t,r){let n=typeof t;if(!re.includes(n))throw new T(k(`Invalid value found for type; expected either ${re.join(", or")} but got ${n}`));if(n===r)return t;if(n==="string"&&r==="boolean"){let i=t.toLowerCase();if(i!=="true"&&i!=="false")throw new T(k(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return i==="true"}else if(n==="string"&&r==="number"){let i=parseInt(t,10);if(Number.isNaN(i))throw new T(k(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return i}else throw new T(k(`Invalid value found for type; expected ${r} value but got value of type ${n}`))}function ke(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function zt(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&re.includes(e.type)}function Vt(e){if(!zt(e))throw new T(k("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function Ie(e){return new ne(e).normalizeConfig()}import{Stack as Be,Tags as Fe}from"aws-cdk-lib";import{Duration as H,RemovalPolicy as De,aws_ec2 as g,aws_ecs as $,aws_elasticache as Ne,aws_elasticloadbalancingv2 as U,aws_iam as d,aws_logs as Oe,aws_rds as I,aws_route53 as ie,aws_s3 as Qt,aws_secretsmanager as $e,aws_ssm as P,aws_route53_targets as Jt,aws_wafv2 as Le}from"aws-cdk-lib";import{Repository as Yt}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as Me}from"aws-cdk-lib/aws-rds";import{Construct as Kt}from"constructs";var O=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var z=class extends Kt{constructor(t,r){super(t,"BackEnd");let n=r.name;if(r.vpcId)this.vpc=g.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let i=new Oe.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+n,removalPolicy:De.DESTROY});this.vpc=new g.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:g.FlowLogDestination.toCloudWatchLogs(i),trafficType:g.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new d.Role(this,"BotLambdaRole",{assumedBy:new d.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn){let i={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},s=r.rdsReaderInstanceType??r.rdsInstanceType,o={...i,instanceType:s?new g.InstanceType(s):void 0},a=r.rdsInstanceType,p={...i,instanceType:a?new g.InstanceType(a):void 0},S;if(r.rdsInstances>1){S=[];for(let A=1;A<r.rdsInstances;A++)S.push(Me.provisioned("Instance"+(A+1),o))}this.rdsCluster=new I.DatabaseCluster(this,"DatabaseCluster",{engine:I.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?I.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):I.AuroraPostgresEngineVersion.VER_12_9}),credentials:I.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},writer:Me.provisioned("Instance1",p),readers:S,backup:{retention:H.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:I.InstanceUpdateBehaviour.ROLLING}),this.rdsSecretsArn=this.rdsCluster.secret.secretArn,r.rdsProxyEnabled&&(this.rdsProxy=new I.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:I.ProxyTarget.fromCluster(this.rdsCluster),secrets:[this.rdsCluster.secret],vpc:this.vpc}))}if(this.redisSubnetGroup=new Ne.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(i=>i.subnetId)}),this.redisSecurityGroup=new g.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new $e.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Ne.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new $e.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new $.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new d.PolicyDocument({statements:[new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:["arn:aws:logs:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:["arn:aws:secretsmanager:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:["arn:aws:ssm:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:["arn:aws:ses:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["s3:ListBucket","s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:["arn:aws:s3:::*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:ListLayerVersions","lambda:GetLayerVersion","lambda:InvokeFunction"],resources:["arn:aws:lambda:*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]})]}),this.taskRole=new d.Role(this,"TaskExecutionRole",{assumedBy:new d.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new $.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new Oe.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+n,removalPolicy:De.DESTROY}),this.logDriver=new $.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[r.region==="us-east-1"?`aws:/medplum/${n}/`:`aws:${r.region}:/medplum/${n}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let i of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+i.name,{containerName:i.name,image:this.getContainerImage(r,i.image),command:i.command,environment:i.environment,logging:this.logDriver});if(this.fargateSecurityGroup=new g.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new $.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:H.minutes(5)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new U.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:U.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:H.seconds(30),timeout:H.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]}),this.loadBalancer=new U.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Qt.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:U.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:U.ListenerAction.forward([this.targetGroup])}),this.waf=new Le.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Le.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,g.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,g.Port.tcp(6379)),!r.skipDns){let i=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=ie.HostedZone.fromLookup(this,"Zone",{domainName:i});this.dnsRecord=new ie.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:ie.RecordTarget.fromAlias(new Jt.LoadBalancerTarget(this.loadBalancer)),zone:s})}this.regionParameter=new P.StringParameter(this,"RegionParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new P.StringParameter(this,"DatabaseSecretsParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new P.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new P.StringParameter(this,"RedisSecretsParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new P.StringParameter(this,"BotLambdaRoleParameter",{tier:P.ParameterTier.STANDARD,parameterName:`/medplum/${n}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let i=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=i?.[1],o=i?.[2];if(s&&o){let a=Yt.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return $.ContainerImage.fromEcrRepository(a,o)}return $.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as Zt,aws_cloudwatch as se,aws_cloudwatch_actions as Xt,aws_logs as V,aws_sns as _e}from"aws-cdk-lib";import{Construct as er}from"constructs";var B=class extends er{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new V.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:V.RetentionDays.ONE_YEAR}),this.cloudTrail=new Zt.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=V.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=_e.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new _e.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let n=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[i,s]of n)this.createMetricAlarm(i,s)}createMetricAlarm(t,r){let n=`${this.config.stackName}${t}MetricFilter`,i=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,a=new V.MetricFilter(this,n,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:i});new se.Alarm(this,o,{metric:a.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:se.TreatMissingData.NOT_BREACHING,comparisonOperator:se.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Xt.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as rr,aws_cloudfront as v,Duration as nr,aws_cloudfront_origins as Ue,RemovalPolicy as ir,aws_route53 as oe,aws_s3 as F,aws_route53_targets as sr,aws_wafv2 as or}from"aws-cdk-lib";import{Construct as ar}from"constructs";import{aws_iam as tr}from"aws-cdk-lib";function Q(e,t){let r=new tr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var j=class extends ar{constructor(t,r,n){if(super(t,"FrontEnd"),n===r.region?this.appBucket=new F.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:F.BlockPublicAccess.BLOCK_ALL,removalPolicy:ir.DESTROY,encryption:F.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=F.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),n==="us-east-1"&&(this.responseHeadersPolicy=new v.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${r.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:v.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:v.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:nr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new or.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new v.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:v.CacheCookieBehavior.all(),headerBehavior:v.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:v.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new v.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=Q(this.appBucket,this.originAccessIdentity),this.distribution=new v.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new Ue.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new Ue.HttpOrigin(r.apiDomainName),allowedMethods:v.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:rr.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?F.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let i=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=oe.HostedZone.fromLookup(this,"Zone",{domainName:i});this.dnsRecord=new oe.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:oe.RecordTarget.fromAlias(new sr.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as cr,aws_cloudfront as E,Duration as ur,aws_cloudfront_origins as lr,aws_route53 as ae,aws_s3 as L,aws_route53_targets as dr,aws_wafv2 as pr}from"aws-cdk-lib";import{ServerlessClamscan as hr}from"cdk-serverless-clamscan";import{Construct as mr}from"constructs";var G=class extends mr{constructor(t,r,n){if(super(t,"Storage"),n===r.region?(this.storageBucket=new L.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:L.BlockPublicAccess.BLOCK_ALL,encryption:L.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new hr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:L.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=L.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),n==="us-east-1"){let i;if(r.signingKeyId?i=E.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):i=new E.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new E.KeyGroup(this,"StorageKeyGroup",{items:[i]}),this.responseHeadersPolicy=new E.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:E.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:E.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:ur.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new pr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new E.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=Q(this.storageBucket,this.originAccessIdentity),this.distribution=new E.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new lr.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:E.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:cr.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?L.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=ae.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new ae.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:ae.RecordTarget.fromAlias(new dr.CloudFrontTarget(this.distribution)),zone:o})}}}};var J=class{constructor(t,r){this.primaryStack=new ce(t,r),r.region!=="us-east-1"&&(this.globalStack=new ue(t,r),this.globalStack.addDependency(this.primaryStack))}},ce=class extends Be{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.backEnd=new z(this,r),this.frontEnd=new j(this,r,r.region),this.storage=new G(this,r,r.region),this.cloudTrail=new B(this,r)}},ue=class extends Be{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.frontEnd=new j(this,r,"us-east-1"),this.storage=new G(this,r,"us-east-1"),this.cloudTrail=new B(this,r)}};function vr(e){let t=new fr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let n=JSON.parse(yr(gr(r),"utf-8"));Ie(n).then(i=>{let s=new J(t,i);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(i=>{console.error(i),process.exit(1)})}de.main===module&&vr();export{z as BackEnd,B as CloudTrailAlarms,j as FrontEnd,ue as MedplumGlobalStack,ce as MedplumPrimaryStack,J as MedplumStack,G as Storage,O as awsManagedRules,vr as main};
 //# sourceMappingURL=index.mjs.map