npm - @medplum/cdk - Versions diffs - 3.1.10 → 3.1.12 - Mend

@medplum/cdk 3.1.10 → 3.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cjs/index.cjs +1 -1
package/dist/cjs/index.cjs.map +4 -4
package/dist/esm/index.mjs +1 -1
package/dist/esm/index.mjs.map +4 -4
package/dist/types/backend.d.ts.map +1 -1
package/package.json +6 -6

package/dist/esm/index.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-var fe=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as gr}from"aws-cdk-lib";import{readFileSync as vr}from"fs";import{resolve as Sr}from"path";import{GetParameterCommand as Ht,SSMClient as Vt}from"@aws-sdk/client-ssm";var He=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},j=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},Ve=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new ze(e,this.prefixParselets,this.infixParselets)}},ze=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function re(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},...t?{expression:[t]}:void 0}]}}function I(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var E=class extends Error{constructor(e,t){super(Qe(e)),this.outcome=e,this.cause=t}};function Qe(e){let t=e.issue?.map(Je)??[];return t.length>0?t.join("; "):"Unknown error"}function Je(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function Ye(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Ke(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,Ye(n,s)])),constraints:[],innerTypes:[]};return t}var Ze={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var Xe=Ke(Ze);var ye=Object.create(null);function ge(e){let t;return e?(t=ye[e],t||(t=ye[e]=Object.create(null))):t=Xe,t}function et(e,t){let r=ge(t)[e];return!r&&t&&(r=ge()[e]),r}var xe={base64Binary:/^([A-Za-z\d+/]{4})*([A-Za-z\d+/]{2}==|[A-Za-z\d+/]{3}=)?$/,canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\s\S]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\s\S]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function c(e){return[{type:l.boolean,value:e}]}function N(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:l.integer,value:e}:typeof e=="number"?{type:l.decimal,value:e}:typeof e=="boolean"?{type:l.boolean,value:e}:typeof e=="string"?{type:l.string,value:e}:y(e)?{type:l.Quantity,value:e}:J(e)?{type:e.resourceType,value:e}:{type:l.BackboneElement,value:e}}function k(e){return e.length===0?!1:!!e[0].value}function A(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function tt(e,t,r){if(!e.value)return;let i=dt(e.type,t,r?.profileUrl);return i?rt(e,t,i):it(e,t)}function rt(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",a;if(r.path.endsWith("[x]")){let d=r.path.split(".").pop().replace("[x]","");for(let P of n){let w=d+Ie(P.code);if(s=i[w],a=i["_"+w],s!==void 0||a!==void 0){o=P.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),s=i[t],o=n[0].code,a=i["_"+t];if(a)if(Array.isArray(s)){s=s.slice();for(let d=0;d<Math.max(s.length,a.length);d++)s[d]=be(s[d],a[d])}else s=be(s,a);if(!Q(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(d=>ve(d,o)):ve(s,o)}function ve(e,t){return t==="Resource"&&J(e)&&(t=e.resourceType),{type:t,value:e}}function it(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r)i=r[t];else for(let n in l){let s=t+Ie(n);if(s in r){i=r[s];break}}if(!Q(i))return Array.isArray(i)?i.map(N):N(i)}function Ee(e){let t=[];for(let r of e){let i=!1;for(let n of t)if(k(Te(r,n))){i=!0;break}i||t.push(r)}return t}function Ce(e){return c(!k(e))}function Pe(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?c(!1):c(e.every((r,i)=>k(Te(r,t[i]))))}function Te(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?c(Math.abs(r-i)<1e-8):y(r)&&y(i)?c(ke(r,i)):c(typeof r=="object"&&typeof i=="object"?ie(e,t):r===i)}function Ae(e,t){return e.length===0&&t.length===0?c(!0):e.length!==t.length?c(!1):(e.sort(Se),t.sort(Se),c(e.every((r,i)=>k(nt(r,t[i])))))}function nt(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),a=s?.valueOf();return typeof o=="number"&&typeof a=="number"?c(Math.abs(o-a)<.01):y(o)&&y(a)?c(ke(o,a)):c(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof a!="object"?!1:o.code===a.code&&o.system===a.system:typeof o=="object"&&typeof a=="object"?ie({...o,id:void 0},{...a,id:void 0}):typeof o=="string"&&typeof a=="string"?o.toLowerCase()===a.toLowerCase():o===a)}function Se(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function Re(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return st(r);case"DateTime":return te(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return ot(r);case"Quantity":return y(r);default:return typeof r=="object"&&r?.resourceType===t}}function st(e){return typeof e=="string"&&!!xe.date.exec(e)}function te(e){return typeof e=="string"&&!!xe.dateTime.exec(e)}function ot(e){return!!(e&&typeof e=="object"&&("start"in e&&te(e.start)||"end"in e&&te(e.end)))}function y(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function ke(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function ie(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(we(s)&&we(o)){if(!ie(s,o))return!1}else if(s!==o)return!1}return!0}function we(e){return e!==null&&typeof e=="object"}function be(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return at(e??{},t)}return e}function at(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function ct(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),a=i.getUTCFullYear(),d=i.getUTCMonth(),P=i.getUTCDate(),w=a-n;(d<s||d===s&&P<o)&&w--;let V=a*12+d-(n*12+s);P<o&&V--;let B=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:w,months:V,days:B}}function Q(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!lt(e):!1}function lt(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var ut=[];for(let e=0;e<256;e++)ut.push(e.toString(16).padStart(2,"0"));function Ie(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var l={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function dt(e,t,r){let i=et(e,r);if(i)return pt(i.elements,t)}function pt(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function J(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function z(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var T=()=>[],h={empty:(e,t)=>c(t.length===0||t.every(r=>Q(r.value))),hasValue:(e,t)=>c(t.length!==0),exists:(e,t,r)=>c(r?t.filter(i=>k(r.eval(e,[i]))).length>0:t.length>0&&t.every(i=>!Q(i.value))),all:(e,t,r)=>c(t.every(i=>k(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return c(!1);return c(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return c(!0);return c(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return c(!1);return c(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return c(!0);return c(!1)},subsetOf:(e,t,r)=>{if(t.length===0)return c(!0);let i=r.eval(e,O(e));return i.length===0?c(!1):c(t.every(n=>i.some(s=>s.value===n.value)))},supersetOf:(e,t,r)=>{let i=r.eval(e,O(e));return i.length===0?c(!0):t.length===0?c(!1):c(i.every(n=>t.some(s=>s.value===n.value)))},count:(e,t)=>[{type:l.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>c(t.length===h.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>k(r.eval(e,[i]))),select:(e,t,r)=>t.map(i=>r.eval(e,[i])).flat(),repeat:T,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e)),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e)),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e));return Ee([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e));return[...t,...i]},htmlChecks:(e,t,r)=>[N(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return k(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);if(typeof r=="boolean")return[{type:l.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return c(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return c(!0);if(["false","f","no","n","0","0.0"].includes(i))return c(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:c(h.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="number"?[{type:l.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:l.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:l.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:c(h.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:l.date,value:z(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:c(h.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:l.dateTime,value:z(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:c(h.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="number"?[{type:l.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:l.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:l.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:c(h.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return y(r)?[{type:l.Quantity,value:r}]:typeof r=="number"?[{type:l.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:l.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:l.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:c(h.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return r==null?[]:y(r)?[{type:l.string,value:`${r.value} '${r.unit}'`}]:[{type:l.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:c(h.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:l.time,value:z("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:c(h.toTime(e,t).length===1),indexOf:(e,t,r)=>f((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>f((n,s,o)=>{let a=s,d=o?a+o:n.length;return a<0||a>=n.length?void 0:n.substring(a,d)},e,t,r,i),startsWith:(e,t,r)=>f((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>f((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>f((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>f(r=>r.toUpperCase(),e,t),lower:(e,t)=>f(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>f((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>f((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>f((n,s,o)=>n.replaceAll(s,o),e,t,r,i),length:(e,t)=>f(r=>r.length,e,t),toChars:(e,t)=>f(r=>r?r.split(""):void 0,e,t),encode:T,decode:T,escape:T,unescape:T,trim:T,split:T,join:(e,t,r)=>{let i=r?.eval(e,O(e))[0]?.value??"";if(typeof i!="string")throw new Error("Separator must be a string.");return[{type:l.string,value:t.map(n=>n.value?.toString()??"").join(i)}]},abs:(e,t)=>b(Math.abs,e,t),ceiling:(e,t)=>b(Math.ceil,e,t),exp:(e,t)=>b(Math.exp,e,t),floor:(e,t)=>b(Math.floor,e,t),ln:(e,t)=>b(Math.log,e,t),log:(e,t,r)=>b((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>b(Math.pow,e,t,r),round:(e,t)=>b(Math.round,e,t),sqrt:(e,t)=>b(Math.sqrt,e,t),truncate:(e,t)=>b(r=>r|0,e,t),children:T,descendants:T,trace:(e,t,r)=>t,now:()=>[{type:l.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:l.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:l.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=h.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=h.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let a=n.eval(e,t)[0]?.value;if(a!=="years"&&a!=="months"&&a!=="days")throw new Error("Invalid units");let d=ct(s[0].value,o[0].value);return[{type:l.Quantity,value:{value:d[a],unit:a}}]},is:(e,t,r)=>{let i="";return r instanceof ne?i=r.name:r instanceof De&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:l.boolean,value:Re(n,i)})):[]},not:(e,t)=>h.toBoolean(e,t).map(r=>({type:l.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return N(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:l.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:l.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:l.BackboneElement,value:{namespace:"System",name:"Integer"}}:J(r)?{type:l.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:l.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:l.boolean,value:s.value?.resourceType===n}))}};function f(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=x(r,1);if(typeof n!="string")throw new Error("String function cannot be called with non-string");let s=e(n,...i.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(N):[N(s)]}function b(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=x(r,1),s=y(n),o=s?n.value:n;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let a=e(o,...i.map(w=>w.eval(t,r)[0]?.value)),d=s?l.Quantity:r[0].type,P=s?{...n,value:a}:a;return[{type:d,value:P}]}function x(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}function O(e){let t=e;for(;t.parent?.variables.$this;)t=t.parent;return[t.variables.$this]}var $=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},ne=class{constructor(e){this.name=e}eval(e,t){if(this.name==="$this")return t;let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return J(t)&&t.resourceType===this.name?e:tt(e,this.name)}toString(){return this.name}},ht=class{eval(){return[]}toString(){return"{}"}},mt=class extends He{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},ft=class extends j{constructor(e,t){super("as",e,t)}eval(e,t){return h.ofType(e,this.left.eval(e,t),this.right)}},g=class extends j{},S=class extends g{constructor(e,t,r,i){super(e,t,r),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=y(n)?n.value:n,a=y(s)?s.value:s,d=this.impl(o,a);return typeof d=="boolean"?c(d):y(n)?[{type:l.Quantity,value:{...n,value:d}}]:[N(d)]}},yt=class extends j{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:l.string,value:n.map(s=>s.value).join("")}]:n}},gt=class extends g{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return c(r.some(n=>n.value===i[0].value))}},vt=class extends g{constructor(e,t){super("in",e,t)}eval(e,t){let r=A(this.left.eval(e,t)),i=this.right.eval(e,t);return r?c(i.some(n=>n.value===r.value)):[]}},De=class extends j{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},St=class extends j{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ee([...r,...i])}},wt=class extends g{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Pe(r,i)}},bt=class extends g{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ce(Pe(r,i))}},xt=class extends g{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ae(r,i)}},Et=class extends g{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ce(Ae(r,i))}},Ct=class extends g{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return c(Re(r[0],i))}},Pt=class extends g{constructor(e,t){super("and",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?c(!0):r?.value===!1||i?.value===!1?c(!1):[]}},Tt=class extends g{constructor(e,t){super("or",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?c(!1):r?.value||i?.value?c(!0):[]}},At=class extends g{constructor(e,t){super("xor",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return!r||!i?[]:c(r.value!==i.value)}},Rt=class extends g{constructor(e,t){super("implies",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?c(!0):!r||!i?[]:c(!1)}},kt=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=h[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},It=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Oe=["!=","!~","<=",">=","{}","->"];var u={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},Dt={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},Ot={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new It(t,r)},precedence:u.Indexer},Nt={parse(e,t){if(!(t instanceof ne))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new kt(t.name,r)},precedence:u.FunctionCall};function $t(e){let t=e.split(" "),r=parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function se(){return new Ve().registerPrefix("String",{parse:(e,t)=>new $({type:l.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new $({type:l.dateTime,value:z(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new $({type:l.Quantity,value:$t(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new $({type:t.value.includes(".")?l.decimal:l.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new $({type:l.boolean,value:!0})}).registerPrefix("false",{parse:()=>new $({type:l.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new ne(t.value)}).registerPrefix("{}",{parse:()=>new ht}).registerPrefix("(",Dt).registerInfix("[",Ot).registerInfix("(",Nt).prefix("+",u.UnaryAdd,(e,t)=>new mt("+",t,r=>r)).prefix("-",u.UnarySubtract,(e,t)=>new S("-",t,t,(r,i)=>-i)).infixLeft(".",u.Dot,(e,t,r)=>new De(e,r)).infixLeft("/",u.Divide,(e,t,r)=>new S("/",e,r,(i,n)=>i/n)).infixLeft("*",u.Multiply,(e,t,r)=>new S("*",e,r,(i,n)=>i*n)).infixLeft("+",u.Add,(e,t,r)=>new S("+",e,r,(i,n)=>i+n)).infixLeft("-",u.Subtract,(e,t,r)=>new S("-",e,r,(i,n)=>i-n)).infixLeft("|",u.Union,(e,t,r)=>new St(e,r)).infixLeft("=",u.Equals,(e,t,r)=>new wt(e,r)).infixLeft("!=",u.NotEquals,(e,t,r)=>new bt(e,r)).infixLeft("~",u.Equivalent,(e,t,r)=>new xt(e,r)).infixLeft("!~",u.NotEquivalent,(e,t,r)=>new Et(e,r)).infixLeft("<",u.LessThan,(e,t,r)=>new S("<",e,r,(i,n)=>i<n)).infixLeft("<=",u.LessThanOrEquals,(e,t,r)=>new S("<=",e,r,(i,n)=>i<=n)).infixLeft(">",u.GreaterThan,(e,t,r)=>new S(">",e,r,(i,n)=>i>n)).infixLeft(">=",u.GreaterThanOrEquals,(e,t,r)=>new S(">=",e,r,(i,n)=>i>=n)).infixLeft("&",u.Ampersand,(e,t,r)=>new yt(e,r)).infixLeft("and",u.And,(e,t,r)=>new Pt(e,r)).infixLeft("as",u.As,(e,t,r)=>new ft(e,r)).infixLeft("contains",u.Contains,(e,t,r)=>new gt(e,r)).infixLeft("div",u.Divide,(e,t,r)=>new S("div",e,r,(i,n)=>i/n|0)).infixLeft("in",u.In,(e,t,r)=>new vt(e,r)).infixLeft("is",u.Is,(e,t,r)=>new Ct(e,r)).infixLeft("mod",u.Modulo,(e,t,r)=>new S("mod",e,r,(i,n)=>i%n)).infixLeft("or",u.Or,(e,t,r)=>new Tt(e,r)).infixLeft("xor",u.Xor,(e,t,r)=>new At(e,r)).infixLeft("implies",u.Implies,(e,t,r)=>new Rt(e,r))}var xr=se();var Lt=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(Lt||{});var Mt=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.PRESENT="present",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))(Mt||{});var _t=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))(_t||{});var Ut={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping"};var Bt;Bt=Symbol.toStringTag;var Er=Ut.FHIR_JSON+", */*; q=0.1";var jt=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(jt||{}),Gt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Gt||{}),Ft=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(Ft||{}),qt=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(qt||{});var Cr=[...Oe,"->","<<",">>","=="];var Pr=se().registerInfix("->",{precedence:u.Arrow}).registerInfix(";",{precedence:u.Semicolon});var Tr=[...Oe,"eq","ne","co"];var Ar=se();var Wt=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(Wt||{});var ae=["string","boolean","number"],oe={},ce=class{constructor(t){let{region:r}=t;if(!r)throw new E(I("'region' must be defined as a string literal in config."));oe[r]||(oe[r]=new Vt({region:r})),this.config=t,this.clients={ssm:oe[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new Ht({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new E(re(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new E(re(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){Jt(t);let{system:r,key:i,type:n}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(i);break}default:throw new E(I(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`))}return zt(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||Ne(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:Ne(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)&&i.length?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function zt(e,t,r){let i=typeof t;if(!ae.includes(i))throw new E(I(`Invalid value found for type; expected either ${ae.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new E(I(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=parseInt(t,10);if(Number.isNaN(n))throw new E(I(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new E(I(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function Ne(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function Qt(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&ae.includes(e.type)}function Jt(e){if(!Qt(e))throw new E(I("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function $e(e){return new ce(e).normalizeConfig()}import{Stack as qe,Tags as We}from"aws-cdk-lib";import{Duration as M,RemovalPolicy as Le,aws_ec2 as m,aws_ecs as _,aws_elasticache as Me,aws_elasticloadbalancingv2 as G,aws_iam as p,aws_logs as _e,aws_rds as D,aws_route53 as le,aws_s3 as Yt,aws_secretsmanager as Ue,aws_ssm as C,aws_route53_targets as Kt,aws_wafv2 as Be}from"aws-cdk-lib";import{Repository as Zt}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as je}from"aws-cdk-lib/aws-rds";import{Construct as Xt}from"constructs";var L=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var Y=class extends Xt{constructor(t,r){super(t,"BackEnd");let i=r.name,n=r.accountNumber,s=r.region;if(r.vpcId)this.vpc=m.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let a=new _e.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+i,removalPolicy:Le.DESTROY});this.vpc=new m.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:m.FlowLogDestination.toCloudWatchLogs(a),trafficType:m.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new p.Role(this,"BotLambdaRole",{assumedBy:new p.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn){let a={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},d=r.rdsReaderInstanceType??r.rdsInstanceType,P={...a,instanceType:d?new m.InstanceType(d):void 0},w=r.rdsInstanceType,V={...a,instanceType:w?new m.InstanceType(w):void 0},B;if(r.rdsInstances>1){B=[];for(let ee=1;ee<r.rdsInstances;ee++)B.push(je.provisioned("Instance"+(ee+1),P))}this.rdsCluster=new D.DatabaseCluster(this,"DatabaseCluster",{engine:D.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?D.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):D.AuroraPostgresEngineVersion.VER_12_9}),credentials:D.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:m.SubnetType.PRIVATE_WITH_EGRESS},writer:je.provisioned("Instance1",V),readers:B,backup:{retention:M.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:D.InstanceUpdateBehaviour.ROLLING}),this.rdsSecretsArn=this.rdsCluster.secret.secretArn,r.rdsProxyEnabled&&(this.rdsProxy=new D.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:D.ProxyTarget.fromCluster(this.rdsCluster),secrets:[this.rdsCluster.secret],vpc:this.vpc}))}if(this.redisSubnetGroup=new Me.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(a=>a.subnetId)}),r.cacheSecurityGroupId?this.redisSecurityGroup=m.SecurityGroup.fromSecurityGroupId(this,"RedisSecurityGroup",r.cacheSecurityGroupId):this.redisSecurityGroup=new m.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new Ue.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Me.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new Ue.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new _.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new p.PolicyDocument({statements:[new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:[`arn:aws:logs:${s}:${n}:log-group:/ecs/medplum/${i}/*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:[`arn:aws:secretsmanager:${s}:${n}:secret:*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:[`arn:aws:ssm:${s}:${n}:parameter/medplum/${i}/*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:[`arn:aws:ses:${s}:${n}:identity/*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["s3:ListBucket"],resources:[`arn:aws:s3:::${r.storageBucketName}`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:[`arn:aws:s3:::${r.storageBucketName}/*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:InvokeFunction"],resources:[`arn:aws:lambda:${s}:${n}:function:medplum-bot-lambda-*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["lambda:ListLayerVersions"],resources:[`arn:aws:lambda:${s}:${n}:layer:medplum-bot-layer`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["lambda:GetLayerVersion"],resources:[`arn:aws:lambda:${s}:${n}:layer:medplum-bot-layer:*`]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]})]}),this.taskRole=new p.Role(this,"TaskExecutionRole",{assumedBy:new p.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new _.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new _e.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+i,removalPolicy:Le.DESTROY}),this.logDriver=new _.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[s==="us-east-1"?`aws:/medplum/${i}/`:`aws:${s}:/medplum/${i}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let a of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+a.name,{containerName:a.name,image:this.getContainerImage(r,a.image),command:a.command,environment:a.environment,logging:this.logDriver});this.fargateSecurityGroup=new m.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new _.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:m.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:M.minutes(5)}),r.fargateAutoScaling&&this.fargateService.autoScaleTaskCount({minCapacity:r.fargateAutoScaling.minCapacity,maxCapacity:r.fargateAutoScaling.maxCapacity}).scaleOnCpuUtilization("CpuScaling",{targetUtilizationPercent:r.fargateAutoScaling.targetUtilizationPercent,scaleInCooldown:M.seconds(r.fargateAutoScaling.scaleInCooldown),scaleOutCooldown:M.seconds(r.fargateAutoScaling.scaleOutCooldown)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new G.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:G.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:M.seconds(30),timeout:M.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]});let o;if(r.loadBalancerSecurityGroupId&&(o=m.SecurityGroup.fromSecurityGroupId(this,"LoadBalancerSecurityGroup",r.loadBalancerSecurityGroupId)),this.loadBalancer=new G.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0,securityGroup:o}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Yt.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:G.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:G.ListenerAction.forward([this.targetGroup])}),this.waf=new Be.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:L,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Be.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,m.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,m.Port.tcp(6379)),!r.skipDns){let a=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),d=le.HostedZone.fromLookup(this,"Zone",{domainName:a});this.dnsRecord=new le.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:le.RecordTarget.fromAlias(new Kt.LoadBalancerTarget(this.loadBalancer)),zone:d})}this.regionParameter=new C.StringParameter(this,"RegionParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new C.StringParameter(this,"DatabaseSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new C.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new C.StringParameter(this,"RedisSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new C.StringParameter(this,"BotLambdaRoleParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let n=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=n?.[1],o=n?.[2];if(s&&o){let a=Zt.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return _.ContainerImage.fromEcrRepository(a,o)}return _.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as er,aws_cloudwatch as ue,aws_cloudwatch_actions as tr,aws_logs as K,aws_sns as Ge}from"aws-cdk-lib";import{Construct as rr}from"constructs";var F=class extends rr{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new K.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:K.RetentionDays.ONE_YEAR}),this.cloudTrail=new er.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=K.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=Ge.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new Ge.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let i=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[n,s]of i)this.createMetricAlarm(n,s)}createMetricAlarm(t,r){let i=`${this.config.stackName}${t}MetricFilter`,n=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,a=new K.MetricFilter(this,i,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:n});new ue.Alarm(this,o,{metric:a.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:ue.TreatMissingData.NOT_BREACHING,comparisonOperator:ue.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new tr.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as nr,aws_cloudfront as v,Duration as sr,aws_cloudfront_origins as Fe,RemovalPolicy as or,aws_route53 as de,aws_s3 as q,aws_route53_targets as ar,aws_wafv2 as cr}from"aws-cdk-lib";import{Construct as lr}from"constructs";import{aws_iam as ir}from"aws-cdk-lib";function Z(e,t){let r=new ir.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var W=class extends lr{constructor(t,r,i){if(super(t,"FrontEnd"),i===r.region?this.appBucket=new q.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:q.BlockPublicAccess.BLOCK_ALL,removalPolicy:or.DESTROY,encryption:q.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=q.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),i==="us-east-1"&&(this.responseHeadersPolicy=new v.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${r.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:v.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:v.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:sr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new cr.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:L,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new v.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:v.CacheCookieBehavior.all(),headerBehavior:v.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:v.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new v.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=Z(this.appBucket,this.originAccessIdentity),this.distribution=new v.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new Fe.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new Fe.HttpOrigin(r.apiDomainName),allowedMethods:v.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:nr.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?q.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=de.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new de.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:de.RecordTarget.fromAlias(new ar.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as ur,aws_cloudfront as R,Duration as dr,aws_cloudfront_origins as pr,aws_route53 as pe,aws_s3 as U,aws_route53_targets as hr,aws_wafv2 as mr}from"aws-cdk-lib";import{ServerlessClamscan as fr}from"cdk-serverless-clamscan";import{Construct as yr}from"constructs";var H=class extends yr{constructor(t,r,i){if(super(t,"Storage"),i===r.region?(this.storageBucket=new U.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:U.BlockPublicAccess.BLOCK_ALL,encryption:U.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new fr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:U.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=U.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),i==="us-east-1"){let n;if(r.signingKeyId?n=R.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):n=new R.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new R.KeyGroup(this,"StorageKeyGroup",{items:[n]}),this.responseHeadersPolicy=new R.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:R.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:R.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:dr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new mr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:L,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new R.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=Z(this.storageBucket,this.originAccessIdentity),this.distribution=new R.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new pr.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:R.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:ur.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?U.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=pe.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new pe.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:pe.RecordTarget.fromAlias(new hr.CloudFrontTarget(this.distribution)),zone:o})}}}};var X=class{constructor(t,r){this.primaryStack=new he(t,r),r.region!=="us-east-1"&&(this.globalStack=new me(t,r),this.globalStack.addDependency(this.primaryStack))}},he=class extends qe{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),We.of(this).add("medplum:environment",r.name),this.backEnd=new Y(this,r),this.frontEnd=new W(this,r,r.region),this.storage=new H(this,r,r.region),this.cloudTrail=new F(this,r)}},me=class extends qe{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),We.of(this).add("medplum:environment",r.name),this.frontEnd=new W(this,r,"us-east-1"),this.storage=new H(this,r,"us-east-1"),this.cloudTrail=new F(this,r)}};function wr(e){let t=new gr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(vr(Sr(r),"utf-8"));$e(i).then(n=>{let s=new X(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(n=>{console.error(n),process.exit(1)})}fe.main===module&&wr();export{Y as BackEnd,F as CloudTrailAlarms,W as FrontEnd,me as MedplumGlobalStack,he as MedplumPrimaryStack,X as MedplumStack,H as Storage,L as awsManagedRules,wr as main};
+var Se=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as Tr}from"aws-cdk-lib";import{readFileSync as Pr}from"fs";import{resolve as Ar}from"path";import{GetParameterCommand as Kt,SSMClient as Zt}from"@aws-sdk/client-ssm";var Qe=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},G=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},Je=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new Ye(e,this.prefixParselets,this.infixParselets)}},Ye=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function se(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},...t?{expression:[t]}:void 0}]}}function I(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var E=class extends Error{constructor(e,t){super(Ke(e)),this.outcome=e,this.cause=t}};function Ke(e){let t=e.issue?.map(Ze)??[];return t.length>0?t.join("; "):"Unknown error"}function Ze(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function Xe(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function et(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,Xe(n,s)])),constraints:[],innerTypes:[]};return t}var tt={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var rt=et(tt);var we=Object.create(null);function be(e){let t;return e?(t=we[e],t||(t=we[e]=Object.create(null))):t=rt,t}function it(e,t){let r=be(t)[e];return!r&&t&&(r=be()[e]),r}var Pe={base64Binary:/^([A-Za-z\d+/]{4})*([A-Za-z\d+/]{2}==|[A-Za-z\d+/]{3}=)?$/,canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\s\S]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\s\S]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function c(e){return[{type:l.boolean,value:e}]}function N(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:l.integer,value:e}:typeof e=="number"?{type:l.decimal,value:e}:typeof e=="boolean"?{type:l.boolean,value:e}:typeof e=="string"?{type:l.string,value:e}:y(e)?{type:l.Quantity,value:e}:Z(e)?{type:e.resourceType,value:e}:{type:l.BackboneElement,value:e}}function k(e){return e.length===0?!1:!!e[0].value}function A(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function nt(e,t,r){if(!e.value)return;let i=yt(e.type,t,r?.profileUrl);return i?st(e,t,i):ot(e,t)}function st(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",a;if(r.path.endsWith("[x]")){let u=r.path.split(".").pop().replace("[x]","");for(let T of n){let w=u+$e(T.code);if(s=i[w],a=i["_"+w],s!==void 0||a!==void 0){o=T.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),s=i[t],o=n[0].code,a=i["_"+t];if(a)if(Array.isArray(s)){s=s.slice();for(let u=0;u<Math.max(s.length,a.length);u++)s[u]=Te(s[u],a[u])}else s=Te(s,a);if(!Y(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(u=>xe(u,o)):xe(s,o)}function xe(e,t){return t==="Resource"&&Z(e)&&(t=e.resourceType),{type:t,value:e}}function ot(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r)i=r[t];else for(let n in l){let s=t+$e(n);if(s in r){i=r[s];break}}if(!Y(i))return Array.isArray(i)?i.map(N):N(i)}function Ae(e){let t=[];for(let r of e){let i=!1;for(let n of t)if(k(Ie(r,n))){i=!0;break}i||t.push(r)}return t}function Re(e){return c(!k(e))}function ke(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?c(!1):c(e.every((r,i)=>k(Ie(r,t[i]))))}function Ie(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?c(Math.abs(r-i)<1e-8):y(r)&&y(i)?c(Ne(r,i)):c(typeof r=="object"&&typeof i=="object"?oe(e,t):r===i)}function De(e,t){return e.length===0&&t.length===0?c(!0):e.length!==t.length?c(!1):(e.sort(Ee),t.sort(Ee),c(e.every((r,i)=>k(at(r,t[i])))))}function at(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),a=s?.valueOf();return typeof o=="number"&&typeof a=="number"?c(Math.abs(o-a)<.01):y(o)&&y(a)?c(Ne(o,a)):c(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof a!="object"?!1:o.code===a.code&&o.system===a.system:typeof o=="object"&&typeof a=="object"?oe({...o,id:void 0},{...a,id:void 0}):typeof o=="string"&&typeof a=="string"?o.toLowerCase()===a.toLowerCase():o===a)}function Ee(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function Oe(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return ct(r);case"DateTime":return ne(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return lt(r);case"Quantity":return y(r);default:return typeof r=="object"&&r?.resourceType===t}}function ct(e){return typeof e=="string"&&!!Pe.date.exec(e)}function ne(e){return typeof e=="string"&&!!Pe.dateTime.exec(e)}function lt(e){return!!(e&&typeof e=="object"&&("start"in e&&ne(e.start)||"end"in e&&ne(e.end)))}function y(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function Ne(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function oe(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(Ce(s)&&Ce(o)){if(!oe(s,o))return!1}else if(s!==o)return!1}return!0}function Ce(e){return e!==null&&typeof e=="object"}function Te(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return ut(e??{},t)}return e}function ut(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function pt(e){if(e)return vt(e)?e.reference.split("/")[1]:e.id}function dt(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),a=i.getUTCFullYear(),u=i.getUTCMonth(),T=i.getUTCDate(),w=a-n;(u<s||u===s&&T<o)&&w--;let Q=a*12+u-(n*12+s);T<o&&Q--;let F=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:w,months:Q,days:F}}function ht(e,...t){let r=e;for(let i=0;i<t.length&&r;i++)r=r?.extension?.find(n=>n.url===t[i]);return r}function Y(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!mt(e):!1}function mt(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var ft=[];for(let e=0;e<256;e++)ft.push(e.toString(16).padStart(2,"0"));function $e(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var l={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function yt(e,t,r){let i=it(e,r);if(i)return gt(i.elements,t)}function gt(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function Z(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function vt(e){return!!(e&&typeof e=="object"&&"reference"in e&&typeof e.reference=="string")}function J(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var P=()=>[],m={empty:(e,t)=>c(t.length===0||t.every(r=>Y(r.value))),hasValue:(e,t)=>c(t.length!==0),exists:(e,t,r)=>c(r?t.filter(i=>k(r.eval(e,[i]))).length>0:t.length>0&&t.every(i=>!Y(i.value))),all:(e,t,r)=>c(t.every(i=>k(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return c(!1);return c(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return c(!0);return c(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return c(!1);return c(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return c(!0);return c(!1)},subsetOf:(e,t,r)=>{if(t.length===0)return c(!0);let i=r.eval(e,O(e));return i.length===0?c(!1):c(t.every(n=>i.some(s=>s.value===n.value)))},supersetOf:(e,t,r)=>{let i=r.eval(e,O(e));return i.length===0?c(!0):t.length===0?c(!1):c(i.every(n=>t.some(s=>s.value===n.value)))},count:(e,t)=>[{type:l.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>c(t.length===m.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>k(r.eval(e,[i]))),select:(e,t,r)=>t.map(i=>r.eval(e,[i])).flat(),repeat:P,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e)),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e)),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e));return Ae([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,O(e));return[...t,...i]},htmlChecks:(e,t,r)=>[N(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return k(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);if(typeof r=="boolean")return[{type:l.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return c(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return c(!0);if(["false","f","no","n","0","0.0"].includes(i))return c(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:c(m.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="number"?[{type:l.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:l.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:l.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:c(m.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:l.date,value:J(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:c(m.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:l.dateTime,value:J(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:c(m.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return typeof r=="number"?[{type:l.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:l.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:l.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:c(m.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return y(r)?[{type:l.Quantity,value:r}]:typeof r=="number"?[{type:l.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:l.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:l.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:c(m.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);return r==null?[]:y(r)?[{type:l.string,value:`${r.value} '${r.unit}'`}]:[{type:l.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:c(m.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=x(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:l.time,value:J("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:c(m.toTime(e,t).length===1),indexOf:(e,t,r)=>f((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>f((n,s,o)=>{let a=s,u=o?a+o:n.length;return a<0||a>=n.length?void 0:n.substring(a,u)},e,t,r,i),startsWith:(e,t,r)=>f((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>f((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>f((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>f(r=>r.toUpperCase(),e,t),lower:(e,t)=>f(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>f((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>f((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>f((n,s,o)=>n.replaceAll(s,o),e,t,r,i),length:(e,t)=>f(r=>r.length,e,t),toChars:(e,t)=>f(r=>r?r.split(""):void 0,e,t),encode:P,decode:P,escape:P,unescape:P,trim:P,split:P,join:(e,t,r)=>{let i=r?.eval(e,O(e))[0]?.value??"";if(typeof i!="string")throw new Error("Separator must be a string.");return[{type:l.string,value:t.map(n=>n.value?.toString()??"").join(i)}]},abs:(e,t)=>b(Math.abs,e,t),ceiling:(e,t)=>b(Math.ceil,e,t),exp:(e,t)=>b(Math.exp,e,t),floor:(e,t)=>b(Math.floor,e,t),ln:(e,t)=>b(Math.log,e,t),log:(e,t,r)=>b((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>b(Math.pow,e,t,r),round:(e,t)=>b(Math.round,e,t),sqrt:(e,t)=>b(Math.sqrt,e,t),truncate:(e,t)=>b(r=>r|0,e,t),children:P,descendants:P,trace:(e,t,r)=>t,now:()=>[{type:l.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:l.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:l.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=m.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=m.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let a=n.eval(e,t)[0]?.value;if(a!=="years"&&a!=="months"&&a!=="days")throw new Error("Invalid units");let u=dt(s[0].value,o[0].value);return[{type:l.Quantity,value:{value:u[a],unit:a}}]},is:(e,t,r)=>{let i="";return r instanceof K?i=r.name:r instanceof Le&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:l.boolean,value:Oe(n,i)})):[]},not:(e,t)=>m.toBoolean(e,t).map(r=>({type:l.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return N(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:l.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:l.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:l.BackboneElement,value:{namespace:"System",name:"Integer"}}:Z(r)?{type:l.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:l.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:l.boolean,value:s.value?.resourceType===n}))},getResourceKey:(e,t)=>{let r=t[0].value;return r?.id?[{type:l.id,value:r.id}]:[]},getReferenceKey:(e,t,r)=>{let i=t[0].value;if(!i?.reference)return[];let n="";return r instanceof K&&(n=r.name),n&&!i.reference.startsWith(n+"/")?[]:[{type:l.id,value:pt(i)}]},extension:(e,t,r)=>{let i=r.eval(e,t)[0].value,n=t?.[0]?.value;if(n){let s=ht(n,i);if(s)return[{type:l.Extension,value:s}]}return[]}};function f(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=x(r,1);if(typeof n!="string")throw new Error("String function cannot be called with non-string");let s=e(n,...i.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(N):[N(s)]}function b(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=x(r,1),s=y(n),o=s?n.value:n;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let a=e(o,...i.map(w=>w.eval(t,r)[0]?.value)),u=s?l.Quantity:r[0].type,T=s?{...n,value:a}:a;return[{type:u,value:T}]}function x(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}function O(e){let t=e;for(;t.parent?.variables.$this;)t=t.parent;return[t.variables.$this]}var M=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},K=class{constructor(e){this.name=e}eval(e,t){if(this.name==="$this")return t;let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return Z(t)&&t.resourceType===this.name?e:nt(e,this.name)}toString(){return this.name}},St=class{eval(){return[]}toString(){return"{}"}},wt=class extends Qe{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},bt=class extends G{constructor(e,t){super("as",e,t)}eval(e,t){return m.ofType(e,this.left.eval(e,t),this.right)}},g=class extends G{},S=class extends g{constructor(e,t,r,i){super(e,t,r),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=y(n)?n.value:n,a=y(s)?s.value:s,u=this.impl(o,a);return typeof u=="boolean"?c(u):y(n)?[{type:l.Quantity,value:{...n,value:u}}]:[N(u)]}},xt=class extends G{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:l.string,value:n.map(s=>s.value).join("")}]:n}},Et=class extends g{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return c(r.some(n=>n.value===i[0].value))}},Ct=class extends g{constructor(e,t){super("in",e,t)}eval(e,t){let r=A(this.left.eval(e,t)),i=this.right.eval(e,t);return r?c(i.some(n=>n.value===r.value)):[]}},Le=class extends G{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},Tt=class extends G{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ae([...r,...i])}},Pt=class extends g{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return ke(r,i)}},At=class extends g{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Re(ke(r,i))}},Rt=class extends g{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return De(r,i)}},kt=class extends g{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Re(De(r,i))}},It=class extends g{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return c(Oe(r[0],i))}},Dt=class extends g{constructor(e,t){super("and",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?c(!0):r?.value===!1||i?.value===!1?c(!1):[]}},Ot=class extends g{constructor(e,t){super("or",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?c(!1):r?.value||i?.value?c(!0):[]}},Nt=class extends g{constructor(e,t){super("xor",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return!r||!i?[]:c(r.value!==i.value)}},$t=class extends g{constructor(e,t){super("implies",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?c(!0):!r||!i?[]:c(!1)}},Lt=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=m[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},Mt=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Me=["!=","!~","<=",">=","{}","->"];var p={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},_t={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},Ut={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new Mt(t,r)},precedence:p.Indexer},Bt={parse(e,t){if(!(t instanceof K))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new Lt(t.name,r)},precedence:p.FunctionCall};function jt(e){let t=e.split(" "),r=parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function ae(){return new Je().registerPrefix("String",{parse:(e,t)=>new M({type:l.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new M({type:l.dateTime,value:J(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new M({type:l.Quantity,value:jt(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new M({type:t.value.includes(".")?l.decimal:l.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new M({type:l.boolean,value:!0})}).registerPrefix("false",{parse:()=>new M({type:l.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new K(t.value)}).registerPrefix("{}",{parse:()=>new St}).registerPrefix("(",_t).registerInfix("[",Ut).registerInfix("(",Bt).prefix("+",p.UnaryAdd,(e,t)=>new wt("+",t,r=>r)).prefix("-",p.UnarySubtract,(e,t)=>new S("-",t,t,(r,i)=>-i)).infixLeft(".",p.Dot,(e,t,r)=>new Le(e,r)).infixLeft("/",p.Divide,(e,t,r)=>new S("/",e,r,(i,n)=>i/n)).infixLeft("*",p.Multiply,(e,t,r)=>new S("*",e,r,(i,n)=>i*n)).infixLeft("+",p.Add,(e,t,r)=>new S("+",e,r,(i,n)=>i+n)).infixLeft("-",p.Subtract,(e,t,r)=>new S("-",e,r,(i,n)=>i-n)).infixLeft("|",p.Union,(e,t,r)=>new Tt(e,r)).infixLeft("=",p.Equals,(e,t,r)=>new Pt(e,r)).infixLeft("!=",p.NotEquals,(e,t,r)=>new At(e,r)).infixLeft("~",p.Equivalent,(e,t,r)=>new Rt(e,r)).infixLeft("!~",p.NotEquivalent,(e,t,r)=>new kt(e,r)).infixLeft("<",p.LessThan,(e,t,r)=>new S("<",e,r,(i,n)=>i<n)).infixLeft("<=",p.LessThanOrEquals,(e,t,r)=>new S("<=",e,r,(i,n)=>i<=n)).infixLeft(">",p.GreaterThan,(e,t,r)=>new S(">",e,r,(i,n)=>i>n)).infixLeft(">=",p.GreaterThanOrEquals,(e,t,r)=>new S(">=",e,r,(i,n)=>i>=n)).infixLeft("&",p.Ampersand,(e,t,r)=>new xt(e,r)).infixLeft("and",p.And,(e,t,r)=>new Dt(e,r)).infixLeft("as",p.As,(e,t,r)=>new bt(e,r)).infixLeft("contains",p.Contains,(e,t,r)=>new Et(e,r)).infixLeft("div",p.Divide,(e,t,r)=>new S("div",e,r,(i,n)=>i/n|0)).infixLeft("in",p.In,(e,t,r)=>new Ct(e,r)).infixLeft("is",p.Is,(e,t,r)=>new It(e,r)).infixLeft("mod",p.Modulo,(e,t,r)=>new S("mod",e,r,(i,n)=>i%n)).infixLeft("or",p.Or,(e,t,r)=>new Ot(e,r)).infixLeft("xor",p.Xor,(e,t,r)=>new Nt(e,r)).infixLeft("implies",p.Implies,(e,t,r)=>new $t(e,r))}var Ir=ae();var Ft=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(Ft||{});var Gt=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.PRESENT="present",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))(Gt||{});var qt=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))(qt||{});var Wt={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping"};var Ht;Ht=Symbol.toStringTag;var Dr=Wt.FHIR_JSON+", */*; q=0.1";var zt=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(zt||{}),Vt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Vt||{}),Qt=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(Qt||{}),Jt=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(Jt||{});var Or=[...Me,"->","<<",">>","=="];var Nr=ae().registerInfix("->",{precedence:p.Arrow}).registerInfix(";",{precedence:p.Semicolon});var $r=[...Me,"eq","ne","co"];var Lr=ae();var Yt=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(Yt||{});var le=["string","boolean","number"],ce={},ue=class{constructor(t){let{region:r}=t;if(!r)throw new E(I("'region' must be defined as a string literal in config."));ce[r]||(ce[r]=new Zt({region:r})),this.config=t,this.clients={ssm:ce[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new Kt({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new E(se(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new E(se(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){tr(t);let{system:r,key:i,type:n}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(i);break}default:throw new E(I(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`))}return Xt(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||_e(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:_e(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)&&i.length?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Xt(e,t,r){let i=typeof t;if(!le.includes(i))throw new E(I(`Invalid value found for type; expected either ${le.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new E(I(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=parseInt(t,10);if(Number.isNaN(n))throw new E(I(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new E(I(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function _e(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function er(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&le.includes(e.type)}function tr(e){if(!er(e))throw new E(I("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function Ue(e){return new ue(e).normalizeConfig()}import{Stack as ze,Tags as Ve}from"aws-cdk-lib";import{Duration as U,RemovalPolicy as $,aws_ec2 as h,aws_ecs as B,aws_elasticache as Be,aws_elasticloadbalancingv2 as q,aws_iam as d,aws_logs as je,aws_rds as D,aws_route53 as pe,aws_s3 as rr,aws_secretsmanager as Fe,aws_ssm as C,aws_route53_targets as ir,aws_wafv2 as Ge}from"aws-cdk-lib";import{Repository as nr}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as qe}from"aws-cdk-lib/aws-rds";import{Secret as sr,SecretTargetAttachment as or}from"aws-cdk-lib/aws-secretsmanager";import{Construct as ar}from"constructs";import de from"assert";var _=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var X=class extends ar{constructor(t,r){super(t,"BackEnd");let i=r.name,n=r.accountNumber,s=r.region;if(r.vpcId)this.vpc=h.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let a=new je.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+i,removalPolicy:$.DESTROY});this.vpc=new h.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:h.FlowLogDestination.toCloudWatchLogs(a),trafficType:h.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new d.Role(this,"BotLambdaRole",{assumedBy:new d.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn||r.rdsForceRetain){let a={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},u=r.rdsReaderInstanceType??r.rdsInstanceType,T={...a,instanceType:u?new h.InstanceType(u):void 0},w=r.rdsInstanceType,Q={...a,instanceType:w?new h.InstanceType(w):void 0},F;if(r.rdsInstances>1){F=[];for(let ie=1;ie<r.rdsInstances;ie++)F.push(qe.provisioned("Instance"+(ie+1),T))}this.rdsCluster=new D.DatabaseCluster(this,"DatabaseCluster",{engine:D.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?D.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):D.AuroraPostgresEngineVersion.VER_12_9}),credentials:D.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:h.SubnetType.PRIVATE_WITH_EGRESS},writer:qe.provisioned("Instance1",Q),readers:F,backup:{retention:U.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:D.InstanceUpdateBehaviour.ROLLING,removalPolicy:$.RETAIN});let L=this.rdsCluster.secret;de(L!==void 0,"rdsCluster.secret is undefined"),L.applyRemovalPolicy($.RETAIN),de(L instanceof or,"rdsCluster.secret is not a SecretTargetAttachment");let ve=L.node.scope;de(ve instanceof sr,"rdsCluster.secretAttachment.node.scope is not a Secret"),ve.applyRemovalPolicy($.RETAIN),this.rdsSecretsArn||(this.rdsSecretsArn=L.secretArn),r.rdsProxyEnabled&&(this.rdsProxy=new D.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:D.ProxyTarget.fromCluster(this.rdsCluster),secrets:[L],vpc:this.vpc}))}if(this.redisSubnetGroup=new Be.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(a=>a.subnetId)}),r.cacheSecurityGroupId?this.redisSecurityGroup=h.SecurityGroup.fromSecurityGroupId(this,"RedisSecurityGroup",r.cacheSecurityGroupId):this.redisSecurityGroup=new h.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new Fe.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Be.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new Fe.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new B.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new d.PolicyDocument({statements:[new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:[`arn:aws:logs:${s}:${n}:log-group:/ecs/medplum/${i}/*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:[`arn:aws:secretsmanager:${s}:${n}:secret:*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:[`arn:aws:ssm:${s}:${n}:parameter/medplum/${i}/*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:[`arn:aws:ses:${s}:${n}:identity/*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["s3:ListBucket"],resources:[`arn:aws:s3:::${r.storageBucketName}`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:[`arn:aws:s3:::${r.storageBucketName}/*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:InvokeFunction"],resources:[`arn:aws:lambda:${s}:${n}:function:medplum-bot-lambda-*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["lambda:ListLayerVersions"],resources:[`arn:aws:lambda:${s}:${n}:layer:medplum-bot-layer`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["lambda:GetLayerVersion"],resources:[`arn:aws:lambda:${s}:${n}:layer:medplum-bot-layer:*`]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]}),new d.PolicyStatement({effect:d.Effect.ALLOW,actions:["comprehend:DetectEntities","comprehend:DetectKeyPhrases","comprehend:DetectDominantLanguage","comprehend:DetectSentiment","comprehend:DetectTargetedSentiment","comprehend:DetectSyntax","comprehendmedical:DetectEntitiesV2","textract:DetectDocumentText","textract:AnalyzeDocument","textract:StartDocumentTextDetection","textract:GetDocumentTextDetection"],resources:["*"]})]}),this.taskRole=new d.Role(this,"TaskExecutionRole",{assumedBy:new d.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new B.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new je.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+i,removalPolicy:$.DESTROY}),this.logDriver=new B.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[s==="us-east-1"?`aws:/medplum/${i}/`:`aws:${s}:/medplum/${i}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let a of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+a.name,{containerName:a.name,image:this.getContainerImage(r,a.image),command:a.command,environment:a.environment,logging:this.logDriver});this.fargateSecurityGroup=new h.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new B.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:h.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:U.minutes(5)}),r.fargateAutoScaling&&this.fargateService.autoScaleTaskCount({minCapacity:r.fargateAutoScaling.minCapacity,maxCapacity:r.fargateAutoScaling.maxCapacity}).scaleOnCpuUtilization("CpuScaling",{targetUtilizationPercent:r.fargateAutoScaling.targetUtilizationPercent,scaleInCooldown:U.seconds(r.fargateAutoScaling.scaleInCooldown),scaleOutCooldown:U.seconds(r.fargateAutoScaling.scaleOutCooldown)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new q.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:q.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:U.seconds(30),timeout:U.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]});let o;if(r.loadBalancerSecurityGroupId&&(o=h.SecurityGroup.fromSecurityGroupId(this,"LoadBalancerSecurityGroup",r.loadBalancerSecurityGroupId)),this.loadBalancer=new q.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0,securityGroup:o}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(rr.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:q.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:q.ListenerAction.forward([this.targetGroup])}),this.waf=new Ge.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:_,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Ge.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&(this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsCluster.connections.securityGroups.forEach(a=>{a.applyRemovalPolicy($.RETAIN),a.node.children.forEach(u=>{(u instanceof h.CfnSecurityGroupIngress||u instanceof h.CfnSecurityGroupEgress)&&u.applyRemovalPolicy($.RETAIN)})})),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,h.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,h.Port.tcp(6379)),!r.skipDns){let a=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),u=pe.HostedZone.fromLookup(this,"Zone",{domainName:a});this.dnsRecord=new pe.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:pe.RecordTarget.fromAlias(new ir.LoadBalancerTarget(this.loadBalancer)),zone:u})}this.regionParameter=new C.StringParameter(this,"RegionParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new C.StringParameter(this,"DatabaseSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new C.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new C.StringParameter(this,"RedisSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new C.StringParameter(this,"BotLambdaRoleParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${i}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let n=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=n?.[1],o=n?.[2];if(s&&o){let a=nr.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return B.ContainerImage.fromEcrRepository(a,o)}return B.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as cr,aws_cloudwatch as he,aws_cloudwatch_actions as lr,aws_logs as ee,aws_sns as We}from"aws-cdk-lib";import{Construct as ur}from"constructs";var W=class extends ur{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new ee.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:ee.RetentionDays.ONE_YEAR}),this.cloudTrail=new cr.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=ee.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=We.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new We.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let i=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[n,s]of i)this.createMetricAlarm(n,s)}createMetricAlarm(t,r){let i=`${this.config.stackName}${t}MetricFilter`,n=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,a=new ee.MetricFilter(this,i,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:n});new he.Alarm(this,o,{metric:a.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:he.TreatMissingData.NOT_BREACHING,comparisonOperator:he.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new lr.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as dr,aws_cloudfront as v,Duration as hr,aws_cloudfront_origins as He,RemovalPolicy as mr,aws_route53 as me,aws_s3 as H,aws_route53_targets as fr,aws_wafv2 as yr}from"aws-cdk-lib";import{Construct as gr}from"constructs";import{aws_iam as pr}from"aws-cdk-lib";function te(e,t){let r=new pr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var z=class extends gr{constructor(t,r,i){if(super(t,"FrontEnd"),i===r.region?this.appBucket=new H.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:H.BlockPublicAccess.BLOCK_ALL,removalPolicy:mr.DESTROY,encryption:H.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=H.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),i==="us-east-1"&&(this.responseHeadersPolicy=new v.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${r.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:v.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:v.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:hr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new yr.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:_,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new v.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:v.CacheCookieBehavior.all(),headerBehavior:v.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:v.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new v.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=te(this.appBucket,this.originAccessIdentity),this.distribution=new v.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new He.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new He.HttpOrigin(r.apiDomainName),allowedMethods:v.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:dr.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?H.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=me.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new me.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:me.RecordTarget.fromAlias(new fr.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as vr,aws_cloudfront as R,Duration as Sr,aws_cloudfront_origins as wr,aws_route53 as fe,aws_s3 as j,aws_route53_targets as br,aws_wafv2 as xr}from"aws-cdk-lib";import{ServerlessClamscan as Er}from"cdk-serverless-clamscan";import{Construct as Cr}from"constructs";var V=class extends Cr{constructor(t,r,i){if(super(t,"Storage"),i===r.region?(this.storageBucket=new j.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:j.BlockPublicAccess.BLOCK_ALL,encryption:j.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new Er(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:j.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=j.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),i==="us-east-1"){let n;if(r.signingKeyId?n=R.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):n=new R.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new R.KeyGroup(this,"StorageKeyGroup",{items:[n]}),this.responseHeadersPolicy=new R.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:R.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:R.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:Sr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new xr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:_,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new R.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=te(this.storageBucket,this.originAccessIdentity),this.distribution=new R.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new wr.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:R.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:vr.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?j.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=fe.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new fe.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:fe.RecordTarget.fromAlias(new br.CloudFrontTarget(this.distribution)),zone:o})}}}};var re=class{constructor(t,r){this.primaryStack=new ye(t,r),r.region!=="us-east-1"&&(this.globalStack=new ge(t,r),this.globalStack.addDependency(this.primaryStack))}},ye=class extends ze{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),Ve.of(this).add("medplum:environment",r.name),this.backEnd=new X(this,r),this.frontEnd=new z(this,r,r.region),this.storage=new V(this,r,r.region),this.cloudTrail=new W(this,r)}},ge=class extends ze{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),Ve.of(this).add("medplum:environment",r.name),this.frontEnd=new z(this,r,"us-east-1"),this.storage=new V(this,r,"us-east-1"),this.cloudTrail=new W(this,r)}};function Rr(e){let t=new Tr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(Pr(Ar(r),"utf-8"));Ue(i).then(n=>{let s=new re(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(n=>{console.error(n),process.exit(1)})}Se.main===module&&Rr();export{X as BackEnd,W as CloudTrailAlarms,z as FrontEnd,ge as MedplumGlobalStack,ye as MedplumPrimaryStack,re as MedplumStack,V as Storage,_ as awsManagedRules,Rr as main};
 //# sourceMappingURL=index.mjs.map