@medplum/cdk 3.1.5 → 3.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs +1 -1
- package/dist/cjs/index.cjs.map +3 -3
- package/dist/esm/index.mjs +1 -1
- package/dist/esm/index.mjs.map +3 -3
- package/package.json +7 -7
package/dist/esm/index.mjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var pe=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as fr}from"aws-cdk-lib";import{readFileSync as yr}from"fs";import{resolve as gr}from"path";import{GetParameterCommand as qt,SSMClient as Wt}from"@aws-sdk/client-ssm";var qe=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},U=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},We=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new He(e,this.prefixParselets,this.infixParselets)}},He=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function Z(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},expression:t?[t]:void 0}]}}function k(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var C=class extends Error{constructor(e,t){super(ze(e)),this.outcome=e,this.cause=t}};function ze(e){let t=e.issue?.map(Ve)??[];return t.length>0?t.join("; "):"Unknown error"}function Ve(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function Qe(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Je(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,Qe(n,s)])),constraints:[],innerTypes:[]};return t}var Ye={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},MetadataResource:{elements:{id:{type:[{code:"string"}]},meta:{type:[{code:"Meta"}]},implicitRules:{type:[{code:"uri"}]},language:{type:[{code:"code"}]},text:{type:[{code:"Narrative"}]},contained:{max:9007199254740991,type:[{code:"Resource"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},url:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},name:{type:[{code:"string"}]},title:{type:[{code:"string"}]},status:{min:1,type:[{code:"code"}]},experimental:{type:[{code:"boolean"}]},date:{type:[{code:"dateTime"}]},publisher:{type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]},description:{type:[{code:"markdown"}]},useContext:{max:9007199254740991,type:[{code:"UsageContext"}]},jurisdiction:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var Ke=Je(Ye);var he=Object.create(null);function me(e){let t;return e?(t=he[e],t||(t=he[e]=Object.create(null))):t=Ke,t}function Ze(e,t){let r=me(t)[e];return!r&&t&&(r=me()[e]),r}var Se={base64Binary:/^([A-Za-z\d+/]{4})*([A-Za-z\d+/]{2}==|[A-Za-z\d+/]{3}=)?$/,canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\s\S]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\s\S]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function a(e){return[{type:c.boolean,value:e}]}function D(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:c.integer,value:e}:typeof e=="number"?{type:c.decimal,value:e}:typeof e=="boolean"?{type:c.boolean,value:e}:typeof e=="string"?{type:c.string,value:e}:f(e)?{type:c.Quantity,value:e}:z(e)?{type:e.resourceType,value:e}:{type:c.BackboneElement,value:e}}function R(e){return e.length===0?!1:!!e[0].value}function A(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function Xe(e,t,r){if(!e.value)return;let i=lt(e.type,t,r?.profileUrl);return i?et(e,t,i):tt(e,t)}function et(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",l;if(r.path.endsWith("[x]")){let d=r.path.split(".").pop().replace("[x]","");for(let S of n){let w=d+Pe(S.code);if(s=i[w],l=i["_"+w],s!==void 0||l!==void 0){o=S.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),s=i[t],o=n[0].code,l=i["_"+t];if(l)if(Array.isArray(s)){s=s.slice();for(let d=0;d<Math.max(s.length,l.length);d++)s[d]=ve(s[d],l[d])}else s=ve(s,l);if(!H(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(d=>fe(d,o)):fe(s,o)}function fe(e,t){return t==="Resource"&&z(e)&&(t=e.resourceType),{type:t,value:e}}function tt(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r)i=r[t];else for(let n in c){let s=t+Pe(n);if(s in r){i=r[s];break}}if(!H(i))return Array.isArray(i)?i.map(D):D(i)}function we(e){let t=[];for(let r of e){let i=!1;for(let n of t)if(R(Ee(r,n))){i=!0;break}i||t.push(r)}return t}function be(e){return a(!R(e))}function xe(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?a(!1):a(e.every((r,i)=>R(Ee(r,t[i]))))}function Ee(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?a(Math.abs(r-i)<1e-8):f(r)&&f(i)?a(Ae(r,i)):a(typeof r=="object"&&typeof i=="object"?X(e,t):r===i)}function Ce(e,t){return e.length===0&&t.length===0?a(!0):e.length!==t.length?a(!1):(e.sort(ye),t.sort(ye),a(e.every((r,i)=>R(rt(r,t[i])))))}function rt(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),l=s?.valueOf();return typeof o=="number"&&typeof l=="number"?a(Math.abs(o-l)<.01):f(o)&&f(l)?a(Ae(o,l)):a(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof l!="object"?!1:o.code===l.code&&o.system===l.system:typeof o=="object"&&typeof l=="object"?X({...o,id:void 0},{...l,id:void 0}):typeof o=="string"&&typeof l=="string"?o.toLowerCase()===l.toLowerCase():o===l)}function ye(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function Te(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return it(r);case"DateTime":return K(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return nt(r);case"Quantity":return f(r);default:return typeof r=="object"&&r?.resourceType===t}}function it(e){return typeof e=="string"&&!!Se.date.exec(e)}function K(e){return typeof e=="string"&&!!Se.dateTime.exec(e)}function nt(e){return!!(e&&typeof e=="object"&&("start"in e&&K(e.start)||"end"in e&&K(e.end)))}function f(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function Ae(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function X(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(ge(s)&&ge(o)){if(!X(s,o))return!1}else if(s!==o)return!1}return!0}function ge(e){return e!==null&&typeof e=="object"}function ve(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return st(e??{},t)}return e}function st(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function ot(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),l=i.getUTCFullYear(),d=i.getUTCMonth(),S=i.getUTCDate(),w=l-n;(d<s||d===s&&S<o)&&w--;let de=l*12+d-(n*12+s);S<o&&de--;let Ge=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:w,months:de,days:Ge}}function H(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!at(e):!1}function at(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var ct=[];for(let e=0;e<256;e++)ct.push(e.toString(16).padStart(2,"0"));function Pe(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var c={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function lt(e,t,r){let i=Ze(e,r);if(i)return ut(i.elements,t)}function ut(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function z(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function W(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var _=()=>[],h={empty:(e,t)=>a(t.length===0||t.every(r=>H(r.value))),hasValue:(e,t)=>a(t.length!==0),exists:(e,t,r)=>a(r?t.filter(i=>R(r.eval(e,[i]))).length>0:t.length>0&&t.every(i=>!H(i.value))),all:(e,t,r)=>a(t.every(i=>R(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return a(!1);return a(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return a(!0);return a(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return a(!1);return a(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return a(!0);return a(!1)},subsetOf:_,supersetOf:_,count:(e,t)=>[{type:c.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>a(t.length===h.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>R(r.eval({parent:e,variables:{$this:i}},[i]))),select:(e,t,r)=>t.map(i=>r.eval(e,[i])).flat(),repeat:_,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t);return we([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t);return[...t,...i]},htmlChecks:(e,t,r)=>[D(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return R(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);if(typeof r=="boolean")return[{type:c.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return a(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return a(!0);if(["false","f","no","n","0","0.0"].includes(i))return a(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:a(h.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="number"?[{type:c.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:c.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:c.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:a(h.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:c.date,value:W(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:a(h.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:c.dateTime,value:W(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:a(h.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="number"?[{type:c.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:c.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:c.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:a(h.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return f(r)?[{type:c.Quantity,value:r}]:typeof r=="number"?[{type:c.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:c.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:c.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:a(h.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return r==null?[]:f(r)?[{type:c.string,value:`${r.value} '${r.unit}'`}]:[{type:c.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:a(h.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:c.time,value:W("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:a(h.toTime(e,t).length===1),indexOf:(e,t,r)=>m((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>m((n,s,o)=>{let l=s,d=o?l+o:n.length;return l<0||l>=n.length?void 0:n.substring(l,d)},e,t,r,i),startsWith:(e,t,r)=>m((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>m((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>m((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>m(r=>r.toUpperCase(),e,t),lower:(e,t)=>m(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>m((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>m((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>m((n,s,o)=>n.replaceAll(s,o),e,t,r,i),length:(e,t)=>m(r=>r.length,e,t),toChars:(e,t)=>m(r=>r?r.split(""):void 0,e,t),abs:(e,t)=>x(Math.abs,e,t),ceiling:(e,t)=>x(Math.ceil,e,t),exp:(e,t)=>x(Math.exp,e,t),floor:(e,t)=>x(Math.floor,e,t),ln:(e,t)=>x(Math.log,e,t),log:(e,t,r)=>x((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>x(Math.pow,e,t,r),round:(e,t)=>x(Math.round,e,t),sqrt:(e,t)=>x(Math.sqrt,e,t),truncate:(e,t)=>x(r=>r|0,e,t),children:_,descendants:_,trace:(e,t,r)=>t,now:()=>[{type:c.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:c.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:c.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=h.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=h.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let l=n.eval(e,t)[0]?.value;if(l!=="years"&&l!=="months"&&l!=="days")throw new Error("Invalid units");let d=ot(s[0].value,o[0].value);return[{type:c.Quantity,value:{value:d[l],unit:l}}]},is:(e,t,r)=>{let i="";return r instanceof ee?i=r.name:r instanceof Re&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:c.boolean,value:Te(n,i)})):[]},not:(e,t)=>h.toBoolean(e,t).map(r=>({type:c.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return D(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:c.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:c.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:c.BackboneElement,value:{namespace:"System",name:"Integer"}}:z(r)?{type:c.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:c.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:c.boolean,value:s.value?.resourceType===n}))}};function m(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=E(r,1);if(typeof n!="string")throw new Error("String function cannot be called with non-string");let s=e(n,...i.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(D):[D(s)]}function x(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=E(r,1),s=f(n),o=s?n.value:n;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let l=e(o,...i.map(w=>w.eval(t,r)[0]?.value)),d=s?c.Quantity:r[0].type,S=s?{...n,value:l}:l;return[{type:d,value:S}]}function E(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}var N=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},ee=class{constructor(e){this.name=e}eval(e,t){let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return z(t)&&t.resourceType===this.name?e:Xe(e,this.name)}toString(){return this.name}},dt=class{eval(){return[]}toString(){return"{}"}},pt=class extends qe{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},ht=class extends U{constructor(e,t){super("as",e,t)}eval(e,t){return h.ofType(e,this.left.eval(e,t),this.right)}},y=class extends U{},b=class extends y{constructor(e,t,r,i){super(e,t,r),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=f(n)?n.value:n,l=f(s)?s.value:s,d=this.impl(o,l);return typeof d=="boolean"?a(d):f(n)?[{type:c.Quantity,value:{...n,value:d}}]:[D(d)]}},mt=class extends U{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:c.string,value:n.map(s=>s.value).join("")}]:n}},ft=class extends y{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return a(r.some(n=>n.value===i[0].value))}},yt=class extends y{constructor(e,t){super("in",e,t)}eval(e,t){let r=A(this.left.eval(e,t)),i=this.right.eval(e,t);return r?a(i.some(n=>n.value===r.value)):[]}},Re=class extends U{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},gt=class extends U{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return we([...r,...i])}},vt=class extends y{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return xe(r,i)}},St=class extends y{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return be(xe(r,i))}},wt=class extends y{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ce(r,i)}},bt=class extends y{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return be(Ce(r,i))}},xt=class extends y{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return a(Te(r[0],i))}},Et=class extends y{constructor(e,t){super("and",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?a(!0):r?.value===!1||i?.value===!1?a(!1):[]}},Ct=class extends y{constructor(e,t){super("or",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?a(!1):r?.value||i?.value?a(!0):[]}},Tt=class extends y{constructor(e,t){super("xor",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return!r||!i?[]:a(r.value!==i.value)}},At=class extends y{constructor(e,t){super("implies",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?a(!0):!r||!i?[]:a(!1)}},Pt=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=h[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},Rt=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var ke=["!=","!~","<=",">=","{}","->"];var u={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},kt={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},It={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new Rt(t,r)},precedence:u.Indexer},Dt={parse(e,t){if(!(t instanceof ee))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new Pt(t.name,r)},precedence:u.FunctionCall};function Nt(e){let t=e.split(" "),r=parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function te(){return new We().registerPrefix("String",{parse:(e,t)=>new N({type:c.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new N({type:c.dateTime,value:W(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new N({type:c.Quantity,value:Nt(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new N({type:t.value.includes(".")?c.decimal:c.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new N({type:c.boolean,value:!0})}).registerPrefix("false",{parse:()=>new N({type:c.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new ee(t.value)}).registerPrefix("{}",{parse:()=>new dt}).registerPrefix("(",kt).registerInfix("[",It).registerInfix("(",Dt).prefix("+",u.UnaryAdd,(e,t)=>new pt("+",t,r=>r)).prefix("-",u.UnarySubtract,(e,t)=>new b("-",t,t,(r,i)=>-i)).infixLeft(".",u.Dot,(e,t,r)=>new Re(e,r)).infixLeft("/",u.Divide,(e,t,r)=>new b("/",e,r,(i,n)=>i/n)).infixLeft("*",u.Multiply,(e,t,r)=>new b("*",e,r,(i,n)=>i*n)).infixLeft("+",u.Add,(e,t,r)=>new b("+",e,r,(i,n)=>i+n)).infixLeft("-",u.Subtract,(e,t,r)=>new b("-",e,r,(i,n)=>i-n)).infixLeft("|",u.Union,(e,t,r)=>new gt(e,r)).infixLeft("=",u.Equals,(e,t,r)=>new vt(e,r)).infixLeft("!=",u.NotEquals,(e,t,r)=>new St(e,r)).infixLeft("~",u.Equivalent,(e,t,r)=>new wt(e,r)).infixLeft("!~",u.NotEquivalent,(e,t,r)=>new bt(e,r)).infixLeft("<",u.LessThan,(e,t,r)=>new b("<",e,r,(i,n)=>i<n)).infixLeft("<=",u.LessThanOrEquals,(e,t,r)=>new b("<=",e,r,(i,n)=>i<=n)).infixLeft(">",u.GreaterThan,(e,t,r)=>new b(">",e,r,(i,n)=>i>n)).infixLeft(">=",u.GreaterThanOrEquals,(e,t,r)=>new b(">=",e,r,(i,n)=>i>=n)).infixLeft("&",u.Ampersand,(e,t,r)=>new mt(e,r)).infixLeft("and",u.And,(e,t,r)=>new Et(e,r)).infixLeft("as",u.As,(e,t,r)=>new ht(e,r)).infixLeft("contains",u.Contains,(e,t,r)=>new ft(e,r)).infixLeft("div",u.Divide,(e,t,r)=>new b("div",e,r,(i,n)=>i/n|0)).infixLeft("in",u.In,(e,t,r)=>new yt(e,r)).infixLeft("is",u.Is,(e,t,r)=>new xt(e,r)).infixLeft("mod",u.Modulo,(e,t,r)=>new b("mod",e,r,(i,n)=>i%n)).infixLeft("or",u.Or,(e,t,r)=>new Ct(e,r)).infixLeft("xor",u.Xor,(e,t,r)=>new Tt(e,r)).infixLeft("implies",u.Implies,(e,t,r)=>new At(e,r))}var wr=te();var Ot=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(Ot||{});var $t=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))($t||{});var Lt=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))(Lt||{});var Mt={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping"};var _t;_t=Symbol.toStringTag;var br=Mt.FHIR_JSON+", */*; q=0.1";var Ut=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(Ut||{}),Bt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Bt||{}),jt=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(jt||{}),Ft=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(Ft||{});var xr=[...ke,"->","<<",">>","=="];var Er=te().registerInfix("->",{precedence:u.Arrow}).registerInfix(";",{precedence:u.Semicolon});var Cr=[...ke,"eq","ne","co"];var Tr=te();var Gt=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(Gt||{});var ie=["string","boolean","number"],re={},ne=class{constructor(t){let{region:r}=t;if(!r)throw new C(k("'region' must be defined as a string literal in config."));re[r]||(re[r]=new Wt({region:r})),this.config=t,this.clients={ssm:re[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new qt({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new C(Z(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new C(Z(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){Vt(t);let{system:r,key:i,type:n}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(i);break}default:throw new C(k(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`))}return Ht(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||Ie(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:Ie(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)&&i.length?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Ht(e,t,r){let i=typeof t;if(!ie.includes(i))throw new C(k(`Invalid value found for type; expected either ${ie.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new C(k(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=parseInt(t,10);if(Number.isNaN(n))throw new C(k(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new C(k(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function Ie(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function zt(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&ie.includes(e.type)}function Vt(e){if(!zt(e))throw new C(k("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function De(e){return new ne(e).normalizeConfig()}import{Stack as je,Tags as Fe}from"aws-cdk-lib";import{Duration as $,RemovalPolicy as Ne,aws_ec2 as g,aws_ecs as L,aws_elasticache as Oe,aws_elasticloadbalancingv2 as B,aws_iam as p,aws_logs as $e,aws_rds as I,aws_route53 as se,aws_s3 as Qt,aws_secretsmanager as Le,aws_ssm as T,aws_route53_targets as Jt,aws_wafv2 as Me}from"aws-cdk-lib";import{Repository as Yt}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as _e}from"aws-cdk-lib/aws-rds";import{Construct as Kt}from"constructs";var O=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var V=class extends Kt{constructor(t,r){super(t,"BackEnd");let i=r.name;if(r.vpcId)this.vpc=g.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let n=new $e.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+i,removalPolicy:Ne.DESTROY});this.vpc=new g.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:g.FlowLogDestination.toCloudWatchLogs(n),trafficType:g.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new p.Role(this,"BotLambdaRole",{assumedBy:new p.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn){let n={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},s=r.rdsReaderInstanceType??r.rdsInstanceType,o={...n,instanceType:s?new g.InstanceType(s):void 0},l=r.rdsInstanceType,d={...n,instanceType:l?new g.InstanceType(l):void 0},S;if(r.rdsInstances>1){S=[];for(let w=1;w<r.rdsInstances;w++)S.push(_e.provisioned("Instance"+(w+1),o))}this.rdsCluster=new I.DatabaseCluster(this,"DatabaseCluster",{engine:I.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?I.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):I.AuroraPostgresEngineVersion.VER_12_9}),credentials:I.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},writer:_e.provisioned("Instance1",d),readers:S,backup:{retention:$.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:I.InstanceUpdateBehaviour.ROLLING}),this.rdsSecretsArn=this.rdsCluster.secret.secretArn,r.rdsProxyEnabled&&(this.rdsProxy=new I.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:I.ProxyTarget.fromCluster(this.rdsCluster),secrets:[this.rdsCluster.secret],vpc:this.vpc}))}if(this.redisSubnetGroup=new Oe.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(n=>n.subnetId)}),this.redisSecurityGroup=new g.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new Le.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Oe.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new Le.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new L.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new p.PolicyDocument({statements:[new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:["arn:aws:logs:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:["arn:aws:secretsmanager:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:["arn:aws:ssm:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:["arn:aws:ses:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["s3:ListBucket","s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:["arn:aws:s3:::*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:ListLayerVersions","lambda:GetLayerVersion","lambda:InvokeFunction"],resources:["arn:aws:lambda:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]})]}),this.taskRole=new p.Role(this,"TaskExecutionRole",{assumedBy:new p.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new L.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new $e.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+i,removalPolicy:Ne.DESTROY}),this.logDriver=new L.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[r.region==="us-east-1"?`aws:/medplum/${i}/`:`aws:${r.region}:/medplum/${i}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let n of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+n.name,{containerName:n.name,image:this.getContainerImage(r,n.image),command:n.command,environment:n.environment,logging:this.logDriver});if(this.fargateSecurityGroup=new g.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new L.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:$.minutes(5)}),r.fargateAutoScaling&&this.fargateService.autoScaleTaskCount({minCapacity:r.fargateAutoScaling.minCapacity,maxCapacity:r.fargateAutoScaling.maxCapacity}).scaleOnCpuUtilization("CpuScaling",{targetUtilizationPercent:r.fargateAutoScaling.targetUtilizationPercent,scaleInCooldown:$.seconds(r.fargateAutoScaling.scaleInCooldown),scaleOutCooldown:$.seconds(r.fargateAutoScaling.scaleOutCooldown)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new B.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:B.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:$.seconds(30),timeout:$.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]}),this.loadBalancer=new B.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Qt.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:B.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:B.ListenerAction.forward([this.targetGroup])}),this.waf=new Me.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Me.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,g.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,g.Port.tcp(6379)),!r.skipDns){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=se.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new se.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:se.RecordTarget.fromAlias(new Jt.LoadBalancerTarget(this.loadBalancer)),zone:s})}this.regionParameter=new T.StringParameter(this,"RegionParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new T.StringParameter(this,"DatabaseSecretsParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new T.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new T.StringParameter(this,"RedisSecretsParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new T.StringParameter(this,"BotLambdaRoleParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let n=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=n?.[1],o=n?.[2];if(s&&o){let l=Yt.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return L.ContainerImage.fromEcrRepository(l,o)}return L.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as Zt,aws_cloudwatch as oe,aws_cloudwatch_actions as Xt,aws_logs as Q,aws_sns as Ue}from"aws-cdk-lib";import{Construct as er}from"constructs";var j=class extends er{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new Q.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:Q.RetentionDays.ONE_YEAR}),this.cloudTrail=new Zt.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=Q.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=Ue.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new Ue.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let i=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[n,s]of i)this.createMetricAlarm(n,s)}createMetricAlarm(t,r){let i=`${this.config.stackName}${t}MetricFilter`,n=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,l=new Q.MetricFilter(this,i,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:n});new oe.Alarm(this,o,{metric:l.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:oe.TreatMissingData.NOT_BREACHING,comparisonOperator:oe.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Xt.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as rr,aws_cloudfront as v,Duration as ir,aws_cloudfront_origins as Be,RemovalPolicy as nr,aws_route53 as ae,aws_s3 as F,aws_route53_targets as sr,aws_wafv2 as or}from"aws-cdk-lib";import{Construct as ar}from"constructs";import{aws_iam as tr}from"aws-cdk-lib";function J(e,t){let r=new tr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var G=class extends ar{constructor(t,r,i){if(super(t,"FrontEnd"),i===r.region?this.appBucket=new F.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:F.BlockPublicAccess.BLOCK_ALL,removalPolicy:nr.DESTROY,encryption:F.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=F.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),i==="us-east-1"&&(this.responseHeadersPolicy=new v.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${r.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com gravatar.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:v.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:v.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:ir.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new or.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new v.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:v.CacheCookieBehavior.all(),headerBehavior:v.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:v.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new v.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=J(this.appBucket,this.originAccessIdentity),this.distribution=new v.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new Be.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new Be.HttpOrigin(r.apiDomainName),allowedMethods:v.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:rr.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?F.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=ae.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new ae.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:ae.RecordTarget.fromAlias(new sr.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as cr,aws_cloudfront as P,Duration as lr,aws_cloudfront_origins as ur,aws_route53 as ce,aws_s3 as M,aws_route53_targets as dr,aws_wafv2 as pr}from"aws-cdk-lib";import{ServerlessClamscan as hr}from"cdk-serverless-clamscan";import{Construct as mr}from"constructs";var q=class extends mr{constructor(t,r,i){if(super(t,"Storage"),i===r.region?(this.storageBucket=new M.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:M.BlockPublicAccess.BLOCK_ALL,encryption:M.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new hr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:M.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=M.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),i==="us-east-1"){let n;if(r.signingKeyId?n=P.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):n=new P.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new P.KeyGroup(this,"StorageKeyGroup",{items:[n]}),this.responseHeadersPolicy=new P.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:P.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:P.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:lr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new pr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new P.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=J(this.storageBucket,this.originAccessIdentity),this.distribution=new P.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new ur.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:P.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:cr.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?M.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=ce.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new ce.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:ce.RecordTarget.fromAlias(new dr.CloudFrontTarget(this.distribution)),zone:o})}}}};var Y=class{constructor(t,r){this.primaryStack=new le(t,r),r.region!=="us-east-1"&&(this.globalStack=new ue(t,r),this.globalStack.addDependency(this.primaryStack))}},le=class extends je{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.backEnd=new V(this,r),this.frontEnd=new G(this,r,r.region),this.storage=new q(this,r,r.region),this.cloudTrail=new j(this,r)}},ue=class extends je{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.frontEnd=new G(this,r,"us-east-1"),this.storage=new q(this,r,"us-east-1"),this.cloudTrail=new j(this,r)}};function vr(e){let t=new fr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(yr(gr(r),"utf-8"));De(i).then(n=>{let s=new Y(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(n=>{console.error(n),process.exit(1)})}pe.main===module&&vr();export{V as BackEnd,j as CloudTrailAlarms,G as FrontEnd,ue as MedplumGlobalStack,le as MedplumPrimaryStack,Y as MedplumStack,q as Storage,O as awsManagedRules,vr as main};
|
|
1
|
+
var pe=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{App as fr}from"aws-cdk-lib";import{readFileSync as yr}from"fs";import{resolve as gr}from"path";import{GetParameterCommand as qt,SSMClient as Wt}from"@aws-sdk/client-ssm";var qe=class{constructor(e,t){this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},U=class{constructor(e,t,r){this.operator=e,this.left=t,this.right=r}toString(){return`${this.left.toString()} ${this.operator} ${this.right.toString()}`}},We=class{constructor(){this.prefixParselets={},this.infixParselets={}}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new He(e,this.prefixParselets,this.infixParselets)}},He=class{constructor(e,t,r){this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};function Z(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},...t?{expression:[t]}:void 0}]}}function k(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var C=class extends Error{constructor(e,t){super(ze(e)),this.outcome=e,this.cause=t}};function ze(e){let t=e.issue?.map(Ve)??[];return t.length>0?t.join("; "):"Unknown error"}function Ve(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function Qe(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Je(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,Qe(n,s)])),constraints:[],innerTypes:[]};return t}var Ye={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},MetadataResource:{elements:{id:{type:[{code:"string"}]},meta:{type:[{code:"Meta"}]},implicitRules:{type:[{code:"uri"}]},language:{type:[{code:"code"}]},text:{type:[{code:"Narrative"}]},contained:{max:9007199254740991,type:[{code:"Resource"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},url:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},name:{type:[{code:"string"}]},title:{type:[{code:"string"}]},status:{min:1,type:[{code:"code"}]},experimental:{type:[{code:"boolean"}]},date:{type:[{code:"dateTime"}]},publisher:{type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]},description:{type:[{code:"markdown"}]},useContext:{max:9007199254740991,type:[{code:"UsageContext"}]},jurisdiction:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var Ke=Je(Ye);var he=Object.create(null);function me(e){let t;return e?(t=he[e],t||(t=he[e]=Object.create(null))):t=Ke,t}function Ze(e,t){let r=me(t)[e];return!r&&t&&(r=me()[e]),r}var Se={base64Binary:/^([A-Za-z\d+/]{4})*([A-Za-z\d+/]{2}==|[A-Za-z\d+/]{3}=)?$/,canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\s\S]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\s\S]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function a(e){return[{type:c.boolean,value:e}]}function D(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:c.integer,value:e}:typeof e=="number"?{type:c.decimal,value:e}:typeof e=="boolean"?{type:c.boolean,value:e}:typeof e=="string"?{type:c.string,value:e}:f(e)?{type:c.Quantity,value:e}:z(e)?{type:e.resourceType,value:e}:{type:c.BackboneElement,value:e}}function R(e){return e.length===0?!1:!!e[0].value}function A(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function Xe(e,t,r){if(!e.value)return;let i=lt(e.type,t,r?.profileUrl);return i?et(e,t,i):tt(e,t)}function et(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",l;if(r.path.endsWith("[x]")){let d=r.path.split(".").pop().replace("[x]","");for(let S of n){let w=d+Pe(S.code);if(s=i[w],l=i["_"+w],s!==void 0||l!==void 0){o=S.code;break}}}else console.assert(n.length===1,"Expected single type",r.path),s=i[t],o=n[0].code,l=i["_"+t];if(l)if(Array.isArray(s)){s=s.slice();for(let d=0;d<Math.max(s.length,l.length);d++)s[d]=ve(s[d],l[d])}else s=ve(s,l);if(!H(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(d=>fe(d,o)):fe(s,o)}function fe(e,t){return t==="Resource"&&z(e)&&(t=e.resourceType),{type:t,value:e}}function tt(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r)i=r[t];else for(let n in c){let s=t+Pe(n);if(s in r){i=r[s];break}}if(!H(i))return Array.isArray(i)?i.map(D):D(i)}function we(e){let t=[];for(let r of e){let i=!1;for(let n of t)if(R(Ee(r,n))){i=!0;break}i||t.push(r)}return t}function be(e){return a(!R(e))}function xe(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?a(!1):a(e.every((r,i)=>R(Ee(r,t[i]))))}function Ee(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?a(Math.abs(r-i)<1e-8):f(r)&&f(i)?a(Ae(r,i)):a(typeof r=="object"&&typeof i=="object"?X(e,t):r===i)}function Ce(e,t){return e.length===0&&t.length===0?a(!0):e.length!==t.length?a(!1):(e.sort(ye),t.sort(ye),a(e.every((r,i)=>R(rt(r,t[i])))))}function rt(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),l=s?.valueOf();return typeof o=="number"&&typeof l=="number"?a(Math.abs(o-l)<.01):f(o)&&f(l)?a(Ae(o,l)):a(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof l!="object"?!1:o.code===l.code&&o.system===l.system:typeof o=="object"&&typeof l=="object"?X({...o,id:void 0},{...l,id:void 0}):typeof o=="string"&&typeof l=="string"?o.toLowerCase()===l.toLowerCase():o===l)}function ye(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function Te(e,t){let{value:r}=e;if(r==null)return!1;switch(t){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return it(r);case"DateTime":return K(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return nt(r);case"Quantity":return f(r);default:return typeof r=="object"&&r?.resourceType===t}}function it(e){return typeof e=="string"&&!!Se.date.exec(e)}function K(e){return typeof e=="string"&&!!Se.dateTime.exec(e)}function nt(e){return!!(e&&typeof e=="object"&&("start"in e&&K(e.start)||"end"in e&&K(e.end)))}function f(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function Ae(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function X(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(ge(s)&&ge(o)){if(!X(s,o))return!1}else if(s!==o)return!1}return!0}function ge(e){return e!==null&&typeof e=="object"}function ve(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return st(e??{},t)}return e}function st(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function ot(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),l=i.getUTCFullYear(),d=i.getUTCMonth(),S=i.getUTCDate(),w=l-n;(d<s||d===s&&S<o)&&w--;let de=l*12+d-(n*12+s);S<o&&de--;let Ge=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:w,months:de,days:Ge}}function H(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!at(e):!1}function at(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}var ct=[];for(let e=0;e<256;e++)ct.push(e.toString(16).padStart(2,"0"));function Pe(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var c={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid"};function lt(e,t,r){let i=Ze(e,r);if(i)return ut(i.elements,t)}function ut(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function z(e){return!!(e&&typeof e=="object"&&"resourceType"in e)}function W(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var _=()=>[],h={empty:(e,t)=>a(t.length===0||t.every(r=>H(r.value))),hasValue:(e,t)=>a(t.length!==0),exists:(e,t,r)=>a(r?t.filter(i=>R(r.eval(e,[i]))).length>0:t.length>0&&t.every(i=>!H(i.value))),all:(e,t,r)=>a(t.every(i=>R(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return a(!1);return a(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return a(!0);return a(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return a(!1);return a(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return a(!0);return a(!1)},subsetOf:_,supersetOf:_,count:(e,t)=>[{type:c.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>a(t.length===h.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>R(r.eval({parent:e,variables:{$this:i}},[i]))),select:(e,t,r)=>t.map(i=>r.eval(e,[i])).flat(),repeat:_,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(t.length-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new Error("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t);return we([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,t);return[...t,...i]},htmlChecks:(e,t,r)=>[D(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return R(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);if(typeof r=="boolean")return[{type:c.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return a(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return a(!0);if(["false","f","no","n","0","0.0"].includes(i))return a(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:a(h.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="number"?[{type:c.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:c.integer,value:parseInt(r,10)}]:typeof r=="boolean"?[{type:c.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:a(h.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:c.date,value:W(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:a(h.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:c.dateTime,value:W(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:a(h.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return typeof r=="number"?[{type:c.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:c.decimal,value:parseFloat(r)}]:typeof r=="boolean"?[{type:c.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:a(h.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return f(r)?[{type:c.Quantity,value:r}]:typeof r=="number"?[{type:c.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:c.Quantity,value:{value:parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:c.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:a(h.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);return r==null?[]:f(r)?[{type:c.string,value:`${r.value} '${r.unit}'`}]:[{type:c.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:a(h.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=E(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:c.time,value:W("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:a(h.toTime(e,t).length===1),indexOf:(e,t,r)=>m((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>m((n,s,o)=>{let l=s,d=o?l+o:n.length;return l<0||l>=n.length?void 0:n.substring(l,d)},e,t,r,i),startsWith:(e,t,r)=>m((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>m((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>m((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>m(r=>r.toUpperCase(),e,t),lower:(e,t)=>m(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>m((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>m((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>m((n,s,o)=>n.replaceAll(s,o),e,t,r,i),length:(e,t)=>m(r=>r.length,e,t),toChars:(e,t)=>m(r=>r?r.split(""):void 0,e,t),abs:(e,t)=>x(Math.abs,e,t),ceiling:(e,t)=>x(Math.ceil,e,t),exp:(e,t)=>x(Math.exp,e,t),floor:(e,t)=>x(Math.floor,e,t),ln:(e,t)=>x(Math.log,e,t),log:(e,t,r)=>x((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>x(Math.pow,e,t,r),round:(e,t)=>x(Math.round,e,t),sqrt:(e,t)=>x(Math.sqrt,e,t),truncate:(e,t)=>x(r=>r|0,e,t),children:_,descendants:_,trace:(e,t,r)=>t,now:()=>[{type:c.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:c.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:c.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=h.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=h.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let l=n.eval(e,t)[0]?.value;if(l!=="years"&&l!=="months"&&l!=="days")throw new Error("Invalid units");let d=ot(s[0].value,o[0].value);return[{type:c.Quantity,value:{value:d[l],unit:l}}]},is:(e,t,r)=>{let i="";return r instanceof ee?i=r.name:r instanceof Re&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:c.boolean,value:Te(n,i)})):[]},not:(e,t)=>h.toBoolean(e,t).map(r=>({type:c.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return D(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:c.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:c.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:c.BackboneElement,value:{namespace:"System",name:"Integer"}}:z(r)?{type:c.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:c.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:c.boolean,value:s.value?.resourceType===n}))}};function m(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=E(r,1);if(typeof n!="string")throw new Error("String function cannot be called with non-string");let s=e(n,...i.map(o=>o?.eval(t,r)[0]?.value));return s===void 0?[]:Array.isArray(s)?s.map(D):[D(s)]}function x(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=E(r,1),s=f(n),o=s?n.value:n;if(typeof o!="number")throw new Error("Math function cannot be called with non-number");let l=e(o,...i.map(w=>w.eval(t,r)[0]?.value)),d=s?c.Quantity:r[0].type,S=s?{...n,value:l}:l;return[{type:d,value:S}]}function E(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}var N=class{constructor(e){this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},ee=class{constructor(e){this.name=e}eval(e,t){let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return z(t)&&t.resourceType===this.name?e:Xe(e,this.name)}toString(){return this.name}},dt=class{eval(){return[]}toString(){return"{}"}},pt=class extends qe{constructor(e,t,r){super(e,t),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},ht=class extends U{constructor(e,t){super("as",e,t)}eval(e,t){return h.ofType(e,this.left.eval(e,t),this.right)}},y=class extends U{},b=class extends y{constructor(e,t,r,i){super(e,t,r),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=f(n)?n.value:n,l=f(s)?s.value:s,d=this.impl(o,l);return typeof d=="boolean"?a(d):f(n)?[{type:c.Quantity,value:{...n,value:d}}]:[D(d)]}},mt=class extends U{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:c.string,value:n.map(s=>s.value).join("")}]:n}},ft=class extends y{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return a(r.some(n=>n.value===i[0].value))}},yt=class extends y{constructor(e,t){super("in",e,t)}eval(e,t){let r=A(this.left.eval(e,t)),i=this.right.eval(e,t);return r?a(i.some(n=>n.value===r.value)):[]}},Re=class extends U{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},gt=class extends U{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return we([...r,...i])}},vt=class extends y{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return xe(r,i)}},St=class extends y{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return be(xe(r,i))}},wt=class extends y{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ce(r,i)}},bt=class extends y{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return be(Ce(r,i))}},xt=class extends y{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return a(Te(r[0],i))}},Et=class extends y{constructor(e,t){super("and",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?a(!0):r?.value===!1||i?.value===!1?a(!1):[]}},Ct=class extends y{constructor(e,t){super("or",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?a(!1):r?.value||i?.value?a(!0):[]}},Tt=class extends y{constructor(e,t){super("xor",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return!r||!i?[]:a(r.value!==i.value)}},At=class extends y{constructor(e,t){super("implies",e,t)}eval(e,t){let r=A(this.left.eval(e,t),"boolean"),i=A(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?a(!0):!r||!i?[]:a(!1)}},Pt=class{constructor(e,t){this.name=e,this.args=t}eval(e,t){let r=h[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},Rt=class{constructor(e,t){this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var ke=["!=","!~","<=",">=","{}","->"];var u={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},kt={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},It={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new Rt(t,r)},precedence:u.Indexer},Dt={parse(e,t){if(!(t instanceof ee))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new Pt(t.name,r)},precedence:u.FunctionCall};function Nt(e){let t=e.split(" "),r=parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function te(){return new We().registerPrefix("String",{parse:(e,t)=>new N({type:c.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new N({type:c.dateTime,value:W(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new N({type:c.Quantity,value:Nt(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new N({type:t.value.includes(".")?c.decimal:c.integer,value:parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new N({type:c.boolean,value:!0})}).registerPrefix("false",{parse:()=>new N({type:c.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new ee(t.value)}).registerPrefix("{}",{parse:()=>new dt}).registerPrefix("(",kt).registerInfix("[",It).registerInfix("(",Dt).prefix("+",u.UnaryAdd,(e,t)=>new pt("+",t,r=>r)).prefix("-",u.UnarySubtract,(e,t)=>new b("-",t,t,(r,i)=>-i)).infixLeft(".",u.Dot,(e,t,r)=>new Re(e,r)).infixLeft("/",u.Divide,(e,t,r)=>new b("/",e,r,(i,n)=>i/n)).infixLeft("*",u.Multiply,(e,t,r)=>new b("*",e,r,(i,n)=>i*n)).infixLeft("+",u.Add,(e,t,r)=>new b("+",e,r,(i,n)=>i+n)).infixLeft("-",u.Subtract,(e,t,r)=>new b("-",e,r,(i,n)=>i-n)).infixLeft("|",u.Union,(e,t,r)=>new gt(e,r)).infixLeft("=",u.Equals,(e,t,r)=>new vt(e,r)).infixLeft("!=",u.NotEquals,(e,t,r)=>new St(e,r)).infixLeft("~",u.Equivalent,(e,t,r)=>new wt(e,r)).infixLeft("!~",u.NotEquivalent,(e,t,r)=>new bt(e,r)).infixLeft("<",u.LessThan,(e,t,r)=>new b("<",e,r,(i,n)=>i<n)).infixLeft("<=",u.LessThanOrEquals,(e,t,r)=>new b("<=",e,r,(i,n)=>i<=n)).infixLeft(">",u.GreaterThan,(e,t,r)=>new b(">",e,r,(i,n)=>i>n)).infixLeft(">=",u.GreaterThanOrEquals,(e,t,r)=>new b(">=",e,r,(i,n)=>i>=n)).infixLeft("&",u.Ampersand,(e,t,r)=>new mt(e,r)).infixLeft("and",u.And,(e,t,r)=>new Et(e,r)).infixLeft("as",u.As,(e,t,r)=>new ht(e,r)).infixLeft("contains",u.Contains,(e,t,r)=>new ft(e,r)).infixLeft("div",u.Divide,(e,t,r)=>new b("div",e,r,(i,n)=>i/n|0)).infixLeft("in",u.In,(e,t,r)=>new yt(e,r)).infixLeft("is",u.Is,(e,t,r)=>new xt(e,r)).infixLeft("mod",u.Modulo,(e,t,r)=>new b("mod",e,r,(i,n)=>i%n)).infixLeft("or",u.Or,(e,t,r)=>new Ct(e,r)).infixLeft("xor",u.Xor,(e,t,r)=>new Tt(e,r)).infixLeft("implies",u.Implies,(e,t,r)=>new At(e,r))}var wr=te();var Ot=(e=>(e.BOOLEAN="BOOLEAN",e.NUMBER="NUMBER",e.QUANTITY="QUANTITY",e.TEXT="TEXT",e.REFERENCE="REFERENCE",e.CANONICAL="CANONICAL",e.DATE="DATE",e.DATETIME="DATETIME",e.PERIOD="PERIOD",e.UUID="UUID",e))(Ot||{});var Lt=(e=>(e.EQUALS="eq",e.NOT_EQUALS="ne",e.GREATER_THAN="gt",e.LESS_THAN="lt",e.GREATER_THAN_OR_EQUALS="ge",e.LESS_THAN_OR_EQUALS="le",e.STARTS_AFTER="sa",e.ENDS_BEFORE="eb",e.APPROXIMATELY="ap",e.CONTAINS="contains",e.EXACT="exact",e.TEXT="text",e.NOT="not",e.ABOVE="above",e.BELOW="below",e.IN="in",e.NOT_IN="not-in",e.OF_TYPE="of-type",e.MISSING="missing",e.PRESENT="present",e.IDENTIFIER="identifier",e.ITERATE="iterate",e))(Lt||{});var $t=(e=>(e.READ="read",e.VREAD="vread",e.UPDATE="update",e.PATCH="patch",e.DELETE="delete",e.HISTORY="history",e.HISTORY_INSTANCE="history-instance",e.HISTORY_TYPE="history-type",e.HISTORY_SYSTEM="history-system",e.CREATE="create",e.SEARCH="search",e.SEARCH_TYPE="search-type",e.SEARCH_SYSTEM="search-system",e.SEARCH_COMPARTMENT="search-compartment",e.CAPABILITIES="capabilities",e.TRANSACTION="transaction",e.BATCH="batch",e.OPERATION="operation",e))($t||{});var Mt={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping"};var _t;_t=Symbol.toStringTag;var br=Mt.FHIR_JSON+", */*; q=0.1";var Ut=(e=>(e.ClientCredentials="client_credentials",e.AuthorizationCode="authorization_code",e.RefreshToken="refresh_token",e.JwtBearer="urn:ietf:params:oauth:grant-type:jwt-bearer",e.TokenExchange="urn:ietf:params:oauth:grant-type:token-exchange",e))(Ut||{}),Bt=(e=>(e.AccessToken="urn:ietf:params:oauth:token-type:access_token",e.RefreshToken="urn:ietf:params:oauth:token-type:refresh_token",e.IdToken="urn:ietf:params:oauth:token-type:id_token",e.Saml1Token="urn:ietf:params:oauth:token-type:saml1",e.Saml2Token="urn:ietf:params:oauth:token-type:saml2",e))(Bt||{}),jt=(e=>(e.ClientSecretBasic="client_secret_basic",e.ClientSecretPost="client_secret_post",e.ClientSecretJwt="client_secret_jwt",e.PrivateKeyJwt="private_key_jwt",e.None="none",e))(jt||{}),Ft=(e=>(e.JwtBearer="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",e))(Ft||{});var xr=[...ke,"->","<<",">>","=="];var Er=te().registerInfix("->",{precedence:u.Arrow}).registerInfix(";",{precedence:u.Semicolon});var Cr=[...ke,"eq","ne","co"];var Tr=te();var Gt=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(Gt||{});var ie=["string","boolean","number"],re={},ne=class{constructor(t){let{region:r}=t;if(!r)throw new C(k("'region' must be defined as a string literal in config."));re[r]||(re[r]=new Wt({region:r})),this.config=t,this.clients={ssm:re[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new qt({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new C(Z(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new C(Z(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){Vt(t);let{system:r,key:i,type:n}=t,s;switch(r){case"aws_ssm_parameter_store":{s=await this.fetchParameterStoreSecret(i);break}default:throw new C(k(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`))}return Ht(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||Ie(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:Ie(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)&&i.length?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Ht(e,t,r){let i=typeof t;if(!ie.includes(i))throw new C(k(`Invalid value found for type; expected either ${ie.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new C(k(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=parseInt(t,10);if(Number.isNaN(n))throw new C(k(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new C(k(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function Ie(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function zt(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&ie.includes(e.type)}function Vt(e){if(!zt(e))throw new C(k("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function De(e){return new ne(e).normalizeConfig()}import{Stack as je,Tags as Fe}from"aws-cdk-lib";import{Duration as L,RemovalPolicy as Ne,aws_ec2 as g,aws_ecs as $,aws_elasticache as Oe,aws_elasticloadbalancingv2 as B,aws_iam as p,aws_logs as Le,aws_rds as I,aws_route53 as se,aws_s3 as Qt,aws_secretsmanager as $e,aws_ssm as T,aws_route53_targets as Jt,aws_wafv2 as Me}from"aws-cdk-lib";import{Repository as Yt}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as _e}from"aws-cdk-lib/aws-rds";import{Construct as Kt}from"constructs";var O=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];var V=class extends Kt{constructor(t,r){super(t,"BackEnd");let i=r.name;if(r.vpcId)this.vpc=g.Vpc.fromLookup(this,"VPC",{vpcId:r.vpcId});else{let n=new Le.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+i,removalPolicy:Ne.DESTROY});this.vpc=new g.Vpc(this,"VPC",{maxAzs:r.maxAzs,flowLogs:{cloudwatch:{destination:g.FlowLogDestination.toCloudWatchLogs(n),trafficType:g.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new p.Role(this,"BotLambdaRole",{assumedBy:new p.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=r.rdsSecretsArn,!this.rdsSecretsArn){let n={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0},s=r.rdsReaderInstanceType??r.rdsInstanceType,o={...n,instanceType:s?new g.InstanceType(s):void 0},l=r.rdsInstanceType,d={...n,instanceType:l?new g.InstanceType(l):void 0},S;if(r.rdsInstances>1){S=[];for(let w=1;w<r.rdsInstances;w++)S.push(_e.provisioned("Instance"+(w+1),o))}this.rdsCluster=new I.DatabaseCluster(this,"DatabaseCluster",{engine:I.DatabaseClusterEngine.auroraPostgres({version:r.rdsInstanceVersion?I.AuroraPostgresEngineVersion.of(r.rdsInstanceVersion,r.rdsInstanceVersion.slice(0,r.rdsInstanceVersion.indexOf(".")),{s3Import:!0,s3Export:!0}):I.AuroraPostgresEngineVersion.VER_12_9}),credentials:I.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,vpc:this.vpc,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},writer:_e.provisioned("Instance1",d),readers:S,backup:{retention:L.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:I.InstanceUpdateBehaviour.ROLLING}),this.rdsSecretsArn=this.rdsCluster.secret.secretArn,r.rdsProxyEnabled&&(this.rdsProxy=new I.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:I.ProxyTarget.fromCluster(this.rdsCluster),secrets:[this.rdsCluster.secret],vpc:this.vpc}))}if(this.redisSubnetGroup=new Oe.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(n=>n.subnetId)}),this.redisSecurityGroup=new g.SecurityGroup(this,"RedisSecurityGroup",{vpc:this.vpc,description:"Redis Security Group",allowAllOutbound:!1}),this.redisPassword=new $e.Secret(this,"RedisPassword",{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}}),this.redisCluster=new Oe.CfnReplicationGroup(this,"RedisCluster",{engine:"Redis",engineVersion:"6.x",cacheNodeType:r.cacheNodeType??"cache.t2.medium",replicationGroupDescription:"RedisReplicationGroup",authToken:this.redisPassword.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[this.redisSecurityGroup.securityGroupId]}),this.redisCluster.node.addDependency(this.redisPassword),this.redisSecrets=new $e.Secret(this,"RedisSecrets",{generateSecretString:{secretStringTemplate:JSON.stringify({host:this.redisCluster.attrPrimaryEndPointAddress,port:this.redisCluster.attrPrimaryEndPointPort,password:this.redisPassword.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}}),this.redisSecrets.node.addDependency(this.redisPassword),this.redisSecrets.node.addDependency(this.redisCluster),this.ecsCluster=new $.Cluster(this,"Cluster",{vpc:this.vpc}),this.taskRolePolicies=new p.PolicyDocument({statements:[new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:["arn:aws:logs:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:["arn:aws:secretsmanager:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:["arn:aws:ssm:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:["arn:aws:ses:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["s3:ListBucket","s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:["arn:aws:s3:::*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:ListLayerVersions","lambda:GetLayerVersion","lambda:InvokeFunction"],resources:["arn:aws:lambda:*"]}),new p.PolicyStatement({effect:p.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]})]}),this.taskRole=new p.Role(this,"TaskExecutionRole",{assumedBy:new p.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new $.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:r.serverMemory,cpu:r.serverCpu,taskRole:this.taskRole}),this.logGroup=new Le.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+i,removalPolicy:Ne.DESTROY}),this.logDriver=new $.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(r,r.serverImage),command:[r.region==="us-east-1"?`aws:/medplum/${i}/`:`aws:${r.region}:/medplum/${i}/`],logging:this.logDriver,environment:r.environment}),this.serviceContainer.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),r.additionalContainers)for(let n of r.additionalContainers)this.taskDefinition.addContainer("AdditionalContainer-"+n.name,{containerName:n.name,image:this.getContainerImage(r,n.image),command:n.command,environment:n.environment,logging:this.logDriver});if(this.fargateSecurityGroup=new g.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new $.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:g.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:r.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:L.minutes(5)}),r.fargateAutoScaling&&this.fargateService.autoScaleTaskCount({minCapacity:r.fargateAutoScaling.minCapacity,maxCapacity:r.fargateAutoScaling.maxCapacity}).scaleOnCpuUtilization("CpuScaling",{targetUtilizationPercent:r.fargateAutoScaling.targetUtilizationPercent,scaleInCooldown:L.seconds(r.fargateAutoScaling.scaleInCooldown),scaleOutCooldown:L.seconds(r.fargateAutoScaling.scaleOutCooldown)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster),this.targetGroup=new B.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:r.apiPort,protocol:B.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:L.seconds(30),timeout:L.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]}),this.loadBalancer=new B.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:r.apiInternetFacing!==!1,http2Enabled:!0}),r.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Qt.Bucket.fromBucketName(this,"LoggingBucket",r.loadBalancerLoggingBucket),r.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:r.apiSslCertArn}],sslPolicy:B.SslPolicy.FORWARD_SECRECY_TLS12_RES_GCM,defaultAction:B.ListenerAction.forward([this.targetGroup])}),this.waf=new Me.CfnWebACL(this,"BackEndWAF",{defaultAction:{allow:{}},scope:"REGIONAL",name:`${r.stackName}-BackEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-BackEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.wafAssociation=new Me.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,g.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,g.Port.tcp(6379)),!r.skipDns){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=se.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new se.ARecord(this,"LoadBalancerAliasRecord",{recordName:r.apiDomainName,target:se.RecordTarget.fromAlias(new Jt.LoadBalancerTarget(this.loadBalancer)),zone:s})}this.regionParameter=new T.StringParameter(this,"RegionParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/awsRegion`,description:"AWS region",stringValue:r.region}),this.databaseSecretsParameter=new T.StringParameter(this,"DatabaseSecretsParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new T.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new T.StringParameter(this,"RedisSecretsParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new T.StringParameter(this,"BotLambdaRoleParameter",{tier:T.ParameterTier.STANDARD,parameterName:`/medplum/${i}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(t,r){let n=new RegExp(`^${t.accountNumber}\\.dkr\\.ecr\\.${t.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(r),s=n?.[1],o=n?.[2];if(s&&o){let l=Yt.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${t.region}:${t.accountNumber}:repository/${s}`);return $.ContainerImage.fromEcrRepository(l,o)}return $.ContainerImage.fromRegistry(r)}};import{aws_cloudtrail as Zt,aws_cloudwatch as oe,aws_cloudwatch_actions as Xt,aws_logs as Q,aws_sns as Ue}from"aws-cdk-lib";import{Construct as er}from"constructs";var j=class extends er{constructor(t,r){if(super(t,"CloudTrailAlarms"),this.config=r,!r.cloudTrailAlarms)return;r.cloudTrailAlarms.logGroupCreate?(this.logGroup=new Q.LogGroup(this,"CloudTrailLogGroup",{logGroupName:r.cloudTrailAlarms.logGroupName,retention:Q.RetentionDays.ONE_YEAR}),this.cloudTrail=new Zt.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=Q.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",r.cloudTrailAlarms.logGroupName),r.cloudTrailAlarms.snsTopicArn?this.alarmTopic=Ue.Topic.fromTopicArn(this,"AlarmTopic",r.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new Ue.Topic(this,"AlarmTopic",{topicName:r.cloudTrailAlarms.snsTopicName});let i=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[n,s]of i)this.createMetricAlarm(n,s)}createMetricAlarm(t,r){let i=`${this.config.stackName}${t}MetricFilter`,n=`${this.config.stackName}${t}Metric`,s=`${this.config.stackName}Metrics`,o=`${this.config.stackName}${t}Alarm`,l=new Q.MetricFilter(this,i,{logGroup:this.logGroup,filterPattern:{logPatternString:r},metricNamespace:s,metricName:n});new oe.Alarm(this,o,{metric:l.metric({}),threshold:1,evaluationPeriods:1,alarmName:o,actionsEnabled:!0,treatMissingData:oe.TreatMissingData.NOT_BREACHING,comparisonOperator:oe.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Xt.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as rr,aws_cloudfront as v,Duration as ir,aws_cloudfront_origins as Be,RemovalPolicy as nr,aws_route53 as ae,aws_s3 as F,aws_route53_targets as sr,aws_wafv2 as or}from"aws-cdk-lib";import{Construct as ar}from"constructs";import{aws_iam as tr}from"aws-cdk-lib";function J(e,t){let r=new tr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var G=class extends ar{constructor(t,r,i){if(super(t,"FrontEnd"),i===r.region?this.appBucket=new F.Bucket(this,"AppBucket",{bucketName:r.appDomainName,publicReadAccess:!1,blockPublicAccess:F.BlockPublicAccess.BLOCK_ALL,removalPolicy:nr.DESTROY,encryption:F.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=F.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:r.appDomainName,region:r.region}),i==="us-east-1"&&(this.responseHeadersPolicy=new v.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${r.apiDomainName} *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${r.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${r.storageDomainName} *.gstatic.com *.google.com *.googleapis.com gravatar.com`,"manifest-src 'self'",`media-src 'self' ${r.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:v.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:v.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:ir.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new or.CfnWebACL(this,"FrontEndWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-FrontEndWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-FrontEndWAF-Metric`,sampledRequestsEnabled:!1}}),this.apiOriginCachePolicy=new v.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${r.stackName}-ApiOriginCachePolicy`,cookieBehavior:v.CacheCookieBehavior.all(),headerBehavior:v.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:v.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new v.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=J(this.appBucket,this.originAccessIdentity),this.distribution=new v.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:new Be.S3Origin(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:r.appApiProxy?{"/api/*":{origin:new Be.HttpOrigin(r.apiDomainName),allowedMethods:v.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:v.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:rr.Certificate.fromCertificateArn(this,"AppCertificate",r.appSslCertArn),domainNames:[r.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:r.appLoggingBucket?F.Bucket.fromBucketName(this,"LoggingBucket",r.appLoggingBucket):void 0,logFilePrefix:r.appLoggingPrefix}),!r.skipDns)){let n=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),s=ae.HostedZone.fromLookup(this,"Zone",{domainName:n});this.dnsRecord=new ae.ARecord(this,"AppAliasRecord",{recordName:r.appDomainName,target:ae.RecordTarget.fromAlias(new sr.CloudFrontTarget(this.distribution)),zone:s})}}};import{aws_certificatemanager as cr,aws_cloudfront as P,Duration as lr,aws_cloudfront_origins as ur,aws_route53 as ce,aws_s3 as M,aws_route53_targets as dr,aws_wafv2 as pr}from"aws-cdk-lib";import{ServerlessClamscan as hr}from"cdk-serverless-clamscan";import{Construct as mr}from"constructs";var q=class extends mr{constructor(t,r,i){if(super(t,"Storage"),i===r.region?(this.storageBucket=new M.Bucket(this,"StorageBucket",{bucketName:r.storageBucketName,publicReadAccess:!1,blockPublicAccess:M.BlockPublicAccess.BLOCK_ALL,encryption:M.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),r.clamscanEnabled&&new hr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:M.Bucket.fromBucketName(this,"LoggingBucket",r.clamscanLoggingBucket),logsPrefix:r.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=M.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:r.storageBucketName,region:r.region}),i==="us-east-1"){let n;if(r.signingKeyId?n=P.PublicKey.fromPublicKeyId(this,"StoragePublicKey",r.signingKeyId):n=new P.PublicKey(this,"StoragePublicKey",{encodedKey:r.storagePublicKey}),this.keyGroup=new P.KeyGroup(this,"StorageKeyGroup",{items:[n]}),this.responseHeadersPolicy=new P.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permission-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:P.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:P.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:lr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=new pr.CfnWebACL(this,"StorageWAF",{defaultAction:{allow:{}},scope:"CLOUDFRONT",name:`${r.stackName}-StorageWAF`,rules:O,visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:`${r.stackName}-StorageWAF-Metric`,sampledRequestsEnabled:!1}}),this.originAccessIdentity=new P.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=J(this.storageBucket,this.originAccessIdentity),this.distribution=new P.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:new ur.S3Origin(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:P.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:cr.Certificate.fromCertificateArn(this,"StorageCertificate",r.storageSslCertArn),domainNames:[r.storageDomainName],webAclId:this.waf.attrArn,logBucket:r.storageLoggingBucket?M.Bucket.fromBucketName(this,"LoggingBucket",r.storageLoggingBucket):void 0,logFilePrefix:r.storageLoggingPrefix}),!r.skipDns){let s=r.hostedZoneName??r.domainName.split(".").slice(-2).join("."),o=ce.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new ce.ARecord(this,"StorageAliasRecord",{recordName:r.storageDomainName,target:ce.RecordTarget.fromAlias(new dr.CloudFrontTarget(this.distribution)),zone:o})}}}};var Y=class{constructor(t,r){this.primaryStack=new le(t,r),r.region!=="us-east-1"&&(this.globalStack=new ue(t,r),this.globalStack.addDependency(this.primaryStack))}},le=class extends je{constructor(t,r){super(t,r.stackName,{env:{region:r.region,account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.backEnd=new V(this,r),this.frontEnd=new G(this,r,r.region),this.storage=new q(this,r,r.region),this.cloudTrail=new j(this,r)}},ue=class extends je{constructor(t,r){super(t,r.stackName+"-us-east-1",{env:{region:"us-east-1",account:r.accountNumber}}),Fe.of(this).add("medplum:environment",r.name),this.frontEnd=new G(this,r,"us-east-1"),this.storage=new q(this,r,"us-east-1"),this.cloudTrail=new j(this,r)}};function vr(e){let t=new fr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(yr(gr(r),"utf-8"));De(i).then(n=>{let s=new Y(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}).catch(n=>{console.error(n),process.exit(1)})}pe.main===module&&vr();export{V as BackEnd,j as CloudTrailAlarms,G as FrontEnd,ue as MedplumGlobalStack,le as MedplumPrimaryStack,Y as MedplumStack,q as Storage,O as awsManagedRules,vr as main};
|
|
2
2
|
//# sourceMappingURL=index.mjs.map
|