@medplum/cdk 5.1.1 → 5.1.2

package/dist/esm/index.mjs

@@ -1,4 +1,4 @@
-var mt=Object.defineProperty;var ft=(e,t,r)=>t in e?mt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var c=(e,t,r)=>ft(e,typeof t!="symbol"?t+"":t,r);import{App as Xr}from"aws-cdk-lib";import{readFileSync as ei}from"node:fs";import{resolve as ti}from"node:path";import{GetParameterCommand as Er,SSMClient as Tr}from"@aws-sdk/client-ssm";var yt=Object.defineProperty,gt=(e,t,r)=>t in e?yt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,g=(e,t,r)=>gt(e,typeof t!="symbol"?t+"":t,r),vt=class{constructor(e,t){g(this,"operator"),g(this,"child"),this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},Y=class{constructor(e,t,r){g(this,"operator"),g(this,"left"),g(this,"right"),this.operator=e,this.left=t,this.right=r}toString(){return`(${this.left.toString()} ${this.operator} ${this.right.toString()})`}},St=class{constructor(){g(this,"prefixParselets",{}),g(this,"infixParselets",{})}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new bt(e,this.prefixParselets,this.infixParselets)}},bt=class{constructor(e,t,r){g(this,"tokens"),g(this,"prefixParselets"),g(this,"infixParselets"),this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw new Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw new Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw new Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw new Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}},wt=class{constructor(e=10){g(this,"max"),g(this,"cache"),this.max=e,this.cache=new Map}clear(){this.cache.clear()}get(e){let t=this.cache.get(e);return t&&(this.cache.delete(e),this.cache.set(e,t)),t}set(e,t){this.cache.has(e)?this.cache.delete(e):this.cache.size>=this.max&&this.cache.delete(this.first()),this.cache.set(e,t)}delete(e){this.cache.delete(e)}keys(){return this.cache.keys()}first(){return this.cache.keys().next().value}};var xt="http://hl7.org";var Et="unauthorized";var oe={resourceType:"OperationOutcome",id:Et,issue:[{severity:"error",code:"login",details:{text:"Unauthorized"}}]},si={...oe,issue:[...oe.issue,{severity:"error",code:"expired",details:{text:"Token expired"}}]},oi={...oe,issue:[...oe.issue,{severity:"error",code:"invalid",details:{text:"Token not issued for this audience"}}]};function Se(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},...t?{expression:[t]}:void 0}]}}function B(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var D=class extends Error{constructor(e,t){super(Tt(e),t),g(this,"outcome"),this.name="OperationOutcomeError",this.outcome=e}};function Tt(e){let t=e.issue?.map(Ct)??[];return t.length>0?t.join("; "):"Unknown error"}function Ct(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function At(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Pt(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,type:r,path:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,At(n,s)])),constraints:[],innerTypes:[]};return t}var Rt={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},DataRequirementCodeFilter:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{type:[{code:"string"}]},searchParam:{type:[{code:"string"}]},valueSet:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/ValueSet"]}]},code:{max:9007199254740991,type:[{code:"Coding"}]}}},DataRequirementDateFilter:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{type:[{code:"string"}]},searchParam:{type:[{code:"string"}]},"value[x]":{type:[{code:"dateTime"},{code:"Period"},{code:"Duration"}]}}},DataRequirementSort:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},direction:{min:1,type:[{code:"code"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},DosageDoseAndRate:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{type:[{code:"CodeableConcept"}]},"dose[x]":{type:[{code:"Range"},{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},"rate[x]":{type:[{code:"Ratio"},{code:"Range"},{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},ElementDefinitionSlicingDiscriminator:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},path:{min:1,type:[{code:"string"}]}}},ElementDefinitionSlicing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},discriminator:{max:9007199254740991,type:[{code:"ElementDefinitionSlicingDiscriminator"}]},description:{type:[{code:"string"}]},ordered:{type:[{code:"boolean"}]},rules:{min:1,type:[{code:"code"}]}}},ElementDefinitionBase:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},min:{min:1,type:[{code:"unsignedInt"}]},max:{min:1,type:[{code:"string"}]}}},ElementDefinitionType:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition","http://hl7.org/fhir/StructureDefinition/ImplementationGuide"]}]},targetProfile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition","http://hl7.org/fhir/StructureDefinition/ImplementationGuide"]}]},aggregation:{max:9007199254740991,type:[{code:"code"}]},versioning:{type:[{code:"code"}]}}},ElementDefinitionExample:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},label:{min:1,type:[{code:"string"}]},"value[x]":{min:1,type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},ElementDefinitionConstraint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},key:{min:1,type:[{code:"id"}]},requirements:{type:[{code:"string"}]},severity:{min:1,type:[{code:"code"}]},human:{min:1,type:[{code:"string"}]},expression:{type:[{code:"string"}]},xpath:{type:[{code:"string"}]},source:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},ElementDefinitionBinding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},strength:{min:1,type:[{code:"code"}]},description:{type:[{code:"string"}]},valueSet:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/ValueSet"]}]}}},ElementDefinitionMapping:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},identity:{min:1,type:[{code:"id"}]},language:{type:[{code:"code"}]},map:{min:1,type:[{code:"string"}]},comment:{type:[{code:"string"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},onBehalfOf:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},accounts:{max:9007199254740991,type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},SubstanceAmountReferenceRange:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},lowLimit:{type:[{code:"Quantity"}]},highLimit:{type:[{code:"Quantity"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TimingRepeat:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"bounds[x]":{type:[{code:"Duration"},{code:"Range"},{code:"Period"}]},count:{type:[{code:"positiveInt"}]},countMax:{type:[{code:"positiveInt"}]},duration:{type:[{code:"decimal"}]},durationMax:{type:[{code:"decimal"}]},durationUnit:{type:[{code:"code"}]},frequency:{type:[{code:"positiveInt"}]},frequencyMax:{type:[{code:"positiveInt"}]},period:{type:[{code:"decimal"}]},periodMax:{type:[{code:"decimal"}]},periodUnit:{type:[{code:"code"}]},dayOfWeek:{max:9007199254740991,type:[{code:"code"}]},timeOfDay:{max:9007199254740991,type:[{code:"time"}]},when:{max:9007199254740991,type:[{code:"code"}]},offset:{type:[{code:"unsignedInt"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var kt=Pt(Rt);var Le=Object.create(null);function It(e){let t;return t=Le[e],t||(t=Le[e]=Object.create(null)),t}function Dt(e,t){if(t){let r=It(t)[e];if(r)return r}return kt[e]}function Nt(e,t,r){let i=e.path;return Ot(_t(e,t,r),i,t)}function Ot(e,t,r){let i=t?t+".":"";return e===void 0?{type:"undefined",value:void 0,path:`${i}${r}`}:Array.isArray(e)?e.map((n,s)=>({...n,path:`${i}${r}[${s}]`})):{...e,path:`${i}${r}`}}var ai=new wt(1e3);var Be={canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\r\n\t\u0020-\uFFFF]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\r\n\t\u0020-\uFFFF]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function l(e){return[{type:u.boolean,value:e}]}function W(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:u.integer,value:e}:typeof e=="number"?{type:u.decimal,value:e}:typeof e=="boolean"?{type:u.boolean,value:e}:typeof e=="string"?{type:u.string,value:e}:E(e)?{type:u.Quantity,value:e}:le(e)?{type:e.resourceType,value:e}:zt(e)?{type:u.CodeableConcept,value:e}:He(e)?{type:u.Coding,value:e}:{type:u.BackboneElement,value:e}}function L(e){return e.length===0?!1:!!e[0].value}function M(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function _t(e,t,r){if(!e.value)return;let i=Yt(e.type,t,r?.profileUrl);return i?Lt(e,t,i):Mt(e,t)}function Lt(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",a,m=r.path.lastIndexOf("."),S=r.path.substring(m+1);for(let y of n){let O=S.replace("[x]",Ve(y.code));if(s=i[O],a=i["_"+O],s!==void 0||a!==void 0){o=y.code;break}}if(a)if(Array.isArray(s)){s=s.slice();for(let y=0;y<Math.max(s.length,a.length);y++)s[y]=ge(s[y],a[y])}else if(!s&&Array.isArray(a)){s=a.slice();for(let y=0;y<a.length;y++)s[y]=ge(void 0,a[y])}else s=ge(s,a);if(!J(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(y=>Me(y,o)):Me(s,o)}function Me(e,t){return t==="Resource"&&le(e)&&(t=e.resourceType),{type:t,value:e}}function Mt(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r){let n=r[t];Array.isArray(n)?i=n.map(W):i=W(n)}else{let n=t.endsWith("[x]")?t.substring(0,t.length-3):t;for(let s of Object.values(u)){let o=n+Ve(s);if(o in r){let a=r[o];Array.isArray(a)?i=a.map(m=>({type:s,value:m})):i={type:s,value:a};break}}}if(Array.isArray(i)){if(i.length===0||J(i[0]))return}else if(J(i))return;return i}function Ge(e){let t=[];for(let r of e){let i=!1;for(let n of t)if(L(ce(r,n))){i=!0;break}i||t.push(r)}return t}function $t(e){return l(!L(e))}function Ut(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?l(!1):l(e.every((r,i)=>L(ce(r,t[i]))))}function Bt(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?l(!0):l(e.some((r,i)=>!L(ce(r,t[i]))))}function ce(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?l(Math.abs(r-i)<1e-8):E(r)&&E(i)?l(We(r,i)):l(typeof r=="object"&&typeof i=="object"?be(e,t):r===i)}function Fe(e,t){return e.length===0&&t.length===0?l(!0):e.length!==t.length?l(!1):(e.sort($e),t.sort($e),l(e.every((r,i)=>L(Gt(r,t[i])))))}function Gt(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),a=s?.valueOf();return typeof o=="number"&&typeof a=="number"?l(Math.abs(o-a)<.01):E(o)&&E(a)?l(We(o,a)):l(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof a!="object"?!1:o.code===a.code&&o.system===a.system:typeof o=="object"&&typeof a=="object"?be({...o,id:void 0},{...a,id:void 0}):typeof o=="string"&&typeof a=="string"?o.toLowerCase()===a.toLowerCase():o===a)}function $e(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function je(e,t){let{value:r}=e;if(r==null)return!1;let i=t;switch(i.startsWith("System.")&&(i=i.substring(7)),i.startsWith("FHIR.")&&(i=i.substring(5)),i){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return Ft(r);case"DateTime":return ve(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return jt(r);case"Quantity":return E(r);default:return e.type===i||typeof r=="object"&&r?.resourceType===i}}function Ft(e){return typeof e=="string"&&!!Be.date.exec(e)}function ve(e){return typeof e=="string"&&!!Be.dateTime.exec(e)}function jt(e){return!!(e&&typeof e=="object"&&("start"in e&&ve(e.start)||"end"in e&&ve(e.end)))}function E(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function We(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function be(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(Ue(s)&&Ue(o)){if(!be(s,o))return!1}else if(s!==o)return!1}return!0}function Ue(e){return e!==null&&typeof e=="object"}function ge(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return Wt(e??{},t)}return e}function Wt(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function qt(e){if(e)return Zt(e)?e.reference.split("/")[1]:e.id}function Ht(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),a=i.getUTCFullYear(),m=i.getUTCMonth(),S=i.getUTCDate(),y=a-n;(m<s||m===s&&S<o)&&y--;let O=a*12+m-(n*12+s);S<o&&O--;let re=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:y,months:O,days:re}}function Vt(e,...t){let r=e;for(let i=0;i<t.length&&r;i++)r=r?.extension?.find(n=>n.url===t[i]);return r}function J(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!Qt(e):!1}function Qt(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}function qe(e){return e!==null&&typeof e=="object"}function He(e){return qe(e)&&"code"in e&&typeof e.code=="string"}function zt(e){return qe(e)&&"coding"in e&&Array.isArray(e.coding)&&e.coding.every(He)}var Jt=[];for(let e=0;e<256;e++)Jt.push(e.toString(16).padStart(2,"0"));function Ve(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var Qe=Object.freeze([]);var u={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Element:"Element",ElementDefinition:"ElementDefinition",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",MoneyQuantity:"MoneyQuantity",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SimpleQuantity:"SimpleQuantity",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid",xhtml:"xhtml"};function Yt(e,t,r){let i=Dt(e,r);if(i)return Kt(i.elements,t)}function Kt(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function le(e,t){return!(!e||typeof e!="object"||!("resourceType"in e)||t&&e.resourceType!==t)}function Zt(e,t){return e&&typeof e=="object"&&"reference"in e&&typeof e.reference=="string"?t?e.reference.match(new RegExp(`^${t}(/|\\?)`))!==null:!0:!1}function se(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var _=()=>[],b={empty:(e,t)=>l(t.every(r=>J(r.value))),hasValue:(e,t)=>l(t.length!==0),exists:(e,t,r)=>l(r?t.some(i=>L(r.eval(e,[i]))):t.length>0&&t.every(i=>!J(i.value))),all:(e,t,r)=>l(t.every(i=>L(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return l(!1);return l(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return l(!0);return l(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return l(!1);return l(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return l(!0);return l(!1)},subsetOf:(e,t,r)=>{if(t.length===0)return l(!0);let i=r.eval(e,j(e));return i.length===0?l(!1):l(t.every(n=>i.some(s=>s.value===n.value)))},supersetOf:(e,t,r)=>{let i=r.eval(e,j(e));return i.length===0?l(!0):t.length===0?l(!1):l(i.every(n=>t.some(s=>s.value===n.value)))},count:(e,t)=>[{type:u.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>l(t.length===b.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>L(r.eval(e,[i]))),select:(e,t,r)=>t.flatMap(i=>r.eval({parent:e,variables:{$this:i}},[i])),repeat:_,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new TypeError("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new TypeError("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,j(e)),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,j(e)),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,j(e));return Ge([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,j(e));return[...t,...i]},htmlChecks:(e,t,r)=>[W(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return L(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);if(typeof r=="boolean")return[{type:u.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return l(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return l(!0);if(["false","f","no","n","0","0.0"].includes(i))return l(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:l(b.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return typeof r=="number"?[{type:u.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:u.integer,value:Number.parseInt(r,10)}]:typeof r=="boolean"?[{type:u.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:l(b.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.date,value:se(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:l(b.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.dateTime,value:se(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:l(b.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return typeof r=="number"?[{type:u.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:u.decimal,value:Number.parseFloat(r)}]:typeof r=="boolean"?[{type:u.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:l(b.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return E(r)?[{type:u.Quantity,value:r}]:typeof r=="number"?[{type:u.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:u.Quantity,value:{value:Number.parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:u.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:l(b.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);return r==null?[]:E(r)?[{type:u.string,value:`${r.value} '${r.unit}'`}]:[{type:u.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:l(b.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=I(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:u.time,value:se("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:l(b.toTime(e,t).length===1),indexOf:(e,t,r)=>x((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>x((n,s,o)=>{let a=s,m=o?a+o:n.length;return a<0||a>=n.length?void 0:n.substring(a,m)},e,t,r,i),startsWith:(e,t,r)=>x((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>x((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>x((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>x(r=>r.toUpperCase(),e,t),lower:(e,t)=>x(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>x((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>x((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>x((n,s,o)=>n.replaceAll(new RegExp(s,"g"),o.replaceAll(/\$\{(\w+)\}/g,"$<$1>")),e,t,r,i),length:(e,t)=>x(r=>r.length,e,t),toChars:(e,t)=>x(r=>r?r.split(""):void 0,e,t),encode:_,decode:_,escape:_,unescape:_,trim:_,split:_,join:(e,t,r)=>{let i=r?.eval(e,j(e))[0]?.value??"";if(typeof i!="string")throw new TypeError("Separator must be a string.");return[{type:u.string,value:t.map(n=>n.value?.toString()??"").join(i)}]},abs:(e,t)=>k(Math.abs,e,t),ceiling:(e,t)=>k(Math.ceil,e,t),exp:(e,t)=>k(Math.exp,e,t),floor:(e,t)=>k(Math.floor,e,t),ln:(e,t)=>k(Math.log,e,t),log:(e,t,r)=>k((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>k(Math.pow,e,t,r),round:(e,t,...r)=>k((i,n=0)=>{if(typeof n!="number"||n<0)throw new Error("Invalid precision provided to round()");let s=Math.pow(10,n);return Math.round(i*s)/s},e,t,...r),sqrt:(e,t)=>k(Math.sqrt,e,t),truncate:(e,t)=>k(r=>Math.trunc(r),e,t),children:_,descendants:_,trace:(e,t,r)=>t,now:()=>[{type:u.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:u.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:u.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=b.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=b.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let a=n.eval(e,t)[0]?.value;if(a!=="years"&&a!=="months"&&a!=="days")throw new Error("Invalid units");let m=Ht(s[0].value,o[0].value);return[{type:u.Quantity,value:{value:m[a],unit:a}}]},is:(e,t,r)=>{let i="";return r instanceof ae?i=r.name:r instanceof ze&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:u.boolean,value:je(n,i)})):[]},not:(e,t)=>b.toBoolean(e,t).map(r=>({type:u.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return W(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:u.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:u.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:u.BackboneElement,value:{namespace:"System",name:"Integer"}}:le(r)?{type:u.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:u.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:u.boolean,value:s.value?.resourceType===n}))},getResourceKey:(e,t)=>{let r=t[0].value;return r?.id?[{type:u.id,value:r.id}]:[]},getReferenceKey:(e,t,r)=>{let i=t[0].value;if(!i?.reference)return[];let n="";return r instanceof ae&&(n=r.name),n&&!i.reference.startsWith(n+"/")?[]:[{type:u.id,value:qt(i)}]},extension:(e,t,r)=>{let i=r.eval(e,t)[0].value,n=t?.[0]?.value;if(n){let s=Vt(n,i);if(s)return[{type:u.Extension,value:s}]}return[]}};function x(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=I(r,1);if(typeof n!="string")throw new TypeError("String function cannot be called with non-string");let s=i.map(a=>a?.eval(t,r)[0]?.value),o=e(n,...s);return o===void 0?[]:Array.isArray(o)?o.map(W):[W(o)]}function k(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=I(r,1),s=E(n),o=s?n.value:n;if(typeof o!="number")throw new TypeError("Math function cannot be called with non-number");let a=e(o,...i.map(y=>y.eval(t,r)[0]?.value)),m=s?u.Quantity:r[0].type,S=s?{...n,value:a}:a;return[{type:m,value:S}]}function I(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}function j(e){let t=e;for(;t.parent?.variables.$this;)t=t.parent;return[t.variables.$this]}var H=class{constructor(e){g(this,"value"),this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},ae=class{constructor(e){g(this,"name"),this.name=e}eval(e,t){if(this.name==="$this")return t;let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return le(t,this.name)?e:Nt(e,this.name)}toString(){return this.name}},Xt=class{eval(){return[]}toString(){return"{}"}},er=class extends vt{constructor(e,t,r){super(e,t),g(this,"impl"),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},tr=class extends Y{constructor(e,t){super("as",e,t)}eval(e,t){return b.ofType(e,this.left.eval(e,t),this.right)}},T=class extends Y{},R=class extends T{constructor(e,t,r,i){super(e,t,r),g(this,"impl"),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=E(n)?n.value:n,a=E(s)?s.value:s,m=this.impl(o,a);return typeof m=="boolean"?l(m):E(n)?[{type:u.Quantity,value:{...n,value:m}}]:[W(m)]}},rr=class extends Y{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:u.string,value:n.map(s=>s.value).join("")}]:n}},ir=class extends T{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return l(r.some(n=>n.value===i[0].value))}},nr=class extends T{constructor(e,t){super("in",e,t)}eval(e,t){let r=M(this.left.eval(e,t)),i=this.right.eval(e,t);return r?l(i.some(n=>ce(r,n)[0].value)):[]}},ze=class extends Y{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},sr=class extends Y{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ge([...r,...i])}},or=class extends T{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ut(r,i)}},ar=class extends T{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Bt(r,i)}},cr=class extends T{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Fe(r,i)}},lr=class extends T{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return $t(Fe(r,i))}},ur=class extends T{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return l(je(r[0],i))}},dr=class extends T{constructor(e,t){super("and",e,t)}eval(e,t){let r=M(this.left.eval(e,t),"boolean"),i=M(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?l(!0):r?.value===!1||i?.value===!1?l(!1):[]}},pr=class extends T{constructor(e,t){super("or",e,t)}eval(e,t){let r=M(this.left.eval(e,t),"boolean"),i=M(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?l(!1):r?.value||i?.value?l(!0):[]}},hr=class extends T{constructor(e,t){super("xor",e,t)}eval(e,t){let r=M(this.left.eval(e,t),"boolean"),i=M(this.right.eval(e,t),"boolean");return!r||!i?[]:l(r.value!==i.value)}},mr=class extends T{constructor(e,t){super("implies",e,t)}eval(e,t){let r=M(this.left.eval(e,t),"boolean"),i=M(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?l(!0):!r||!i?[]:l(!1)}},fr=class{constructor(e,t){g(this,"name"),g(this,"args"),this.name=e,this.args=t}eval(e,t){let r=b[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},yr=class{constructor(e,t){g(this,"left"),g(this,"expr"),this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Je=["!=","!~","<=",">=","{}","->"];var h={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},gr={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},vr={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new yr(t,r)},precedence:h.Indexer},Sr={parse(e,t){if(!(t instanceof ae))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new fr(t.name,r)},precedence:h.FunctionCall};function br(e){let t=e.split(" "),r=Number.parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function we(){return new St().registerPrefix("String",{parse:(e,t)=>new H({type:u.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new H({type:u.dateTime,value:se(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new H({type:u.Quantity,value:br(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new H({type:t.value.includes(".")?u.decimal:u.integer,value:Number.parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new H({type:u.boolean,value:!0})}).registerPrefix("false",{parse:()=>new H({type:u.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new ae(t.value)}).registerPrefix("{}",{parse:()=>new Xt}).registerPrefix("(",gr).registerInfix("[",vr).registerInfix("(",Sr).prefix("+",h.UnaryAdd,(e,t)=>new er("+",t,r=>r)).prefix("-",h.UnarySubtract,(e,t)=>new R("-",t,t,(r,i)=>-i)).infixLeft(".",h.Dot,(e,t,r)=>new ze(e,r)).infixLeft("/",h.Divide,(e,t,r)=>new R("/",e,r,(i,n)=>i/n)).infixLeft("*",h.Multiply,(e,t,r)=>new R("*",e,r,(i,n)=>i*n)).infixLeft("+",h.Add,(e,t,r)=>new R("+",e,r,(i,n)=>i+n)).infixLeft("-",h.Subtract,(e,t,r)=>new R("-",e,r,(i,n)=>i-n)).infixLeft("|",h.Union,(e,t,r)=>new sr(e,r)).infixLeft("=",h.Equals,(e,t,r)=>new or(e,r)).infixLeft("!=",h.NotEquals,(e,t,r)=>new ar(e,r)).infixLeft("~",h.Equivalent,(e,t,r)=>new cr(e,r)).infixLeft("!~",h.NotEquivalent,(e,t,r)=>new lr(e,r)).infixLeft("<",h.LessThan,(e,t,r)=>new R("<",e,r,(i,n)=>i<n)).infixLeft("<=",h.LessThanOrEquals,(e,t,r)=>new R("<=",e,r,(i,n)=>i<=n)).infixLeft(">",h.GreaterThan,(e,t,r)=>new R(">",e,r,(i,n)=>i>n)).infixLeft(">=",h.GreaterThanOrEquals,(e,t,r)=>new R(">=",e,r,(i,n)=>i>=n)).infixLeft("&",h.Ampersand,(e,t,r)=>new rr(e,r)).infixLeft("and",h.And,(e,t,r)=>new dr(e,r)).infixLeft("as",h.As,(e,t,r)=>new tr(e,r)).infixLeft("contains",h.Contains,(e,t,r)=>new ir(e,r)).infixLeft("div",h.Divide,(e,t,r)=>new R("div",e,r,(i,n)=>Math.trunc(i/n))).infixLeft("in",h.In,(e,t,r)=>new nr(e,r)).infixLeft("is",h.Is,(e,t,r)=>new ur(e,r)).infixLeft("mod",h.Modulo,(e,t,r)=>new R("mod",e,r,(i,n)=>i%n)).infixLeft("or",h.Or,(e,t,r)=>new pr(e,r)).infixLeft("xor",h.Xor,(e,t,r)=>new hr(e,r)).infixLeft("implies",h.Implies,(e,t,r)=>new mr(e,r))}var ci=we();var d={EQUALS:"eq",NOT_EQUALS:"ne",GREATER_THAN:"gt",LESS_THAN:"lt",GREATER_THAN_OR_EQUALS:"ge",LESS_THAN_OR_EQUALS:"le",STARTS_AFTER:"sa",ENDS_BEFORE:"eb",APPROXIMATELY:"ap",CONTAINS:"contains",STARTS_WITH:"sw",EXACT:"exact",TEXT:"text",NOT:"not",ABOVE:"above",BELOW:"below",IN:"in",NOT_IN:"not-in",OF_TYPE:"of-type",MISSING:"missing",PRESENT:"present",IDENTIFIER:"identifier",ITERATE:"iterate"},li={contains:d.CONTAINS,exact:d.EXACT,above:d.ABOVE,below:d.BELOW,text:d.TEXT,not:d.NOT,in:d.IN,"not-in":d.NOT_IN,"of-type":d.OF_TYPE,missing:d.MISSING,identifier:d.IDENTIFIER,iterate:d.ITERATE},ui={eq:d.EQUALS,ne:d.NOT_EQUALS,lt:d.LESS_THAN,le:d.LESS_THAN_OR_EQUALS,gt:d.GREATER_THAN,ge:d.GREATER_THAN_OR_EQUALS,sa:d.STARTS_AFTER,eb:d.ENDS_BEFORE,ap:d.APPROXIMATELY,sw:d.STARTS_WITH};var di=[d.MISSING,d.PRESENT];var ne={READ:"read",VREAD:"vread",UPDATE:"update",DELETE:"delete",HISTORY:"history",CREATE:"create",SEARCH:"search"},pi=[ne.READ,ne.VREAD,ne.HISTORY,ne.SEARCH];var wr={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",JWT:"application/jwt",MULTIPART_FORM_DATA:"multipart/form-data",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping",XML:"text/xml",CDA_XML:"application/cda+xml",OCTET_STREAM:"application/octet-stream"};var xr;xr=Symbol.toStringTag;var hi={Event:typeof globalThis.Event<"u"?globalThis.Event:void 0,ErrorEvent:void 0,CloseEvent:void 0};var mi={maxReconnectionDelay:1e4,minReconnectionDelay:1e3+Math.random()*4e3,minUptime:5e3,reconnectionDelayGrowFactor:1.3,connectionTimeout:4e3,maxRetries:1/0,maxEnqueuedMessages:1/0,startClosed:!1,debug:!1};var fi=[WebSocket.CLOSING,WebSocket.CLOSED];var yi=wr.FHIR_JSON+", */*; q=0.1";var gi=[...Je,"->","<<",">>","=="];var vi=we().registerInfix("->",{precedence:h.Arrow}).registerInfix(";",{precedence:h.Semicolon});var Si=" ".repeat(2);var bi=[...Je,"eq","ne","co"];var wi={eq:d.EXACT,ne:d.NOT_EQUALS,co:d.CONTAINS,sw:d.STARTS_WITH,ew:void 0,gt:d.GREATER_THAN,lt:d.LESS_THAN,ge:d.GREATER_THAN_OR_EQUALS,le:d.LESS_THAN_OR_EQUALS,ap:d.APPROXIMATELY,sa:d.STARTS_AFTER,eb:d.ENDS_BEFORE,pr:d.PRESENT,po:void 0,ss:void 0,sb:void 0,in:d.IN,ni:d.NOT_IN,re:d.EQUALS,identifier:d.IDENTIFIER};var xi=we();var Ei=`${xt}/fhir/StructureDefinition/patient-preferredPharmacy`;var Ee=["string","boolean","number"],xe={},Te=class{constructor(t){c(this,"config");c(this,"clients");let{region:r}=t;if(!r)throw new D(B("'region' must be defined as a string literal in config."));xe[r]||(xe[r]=new Tr({region:r})),this.config=t,this.clients={ssm:xe[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new Er({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new D(Se(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new D(Se(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){Pr(t);let{system:r,key:i,type:n}=t,s;if(r==="aws_ssm_parameter_store")s=await this.fetchParameterStoreSecret(i);else throw new D(B(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`));return Cr(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||Ye(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:Ye(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)&&i.length?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Cr(e,t,r){let i=typeof t;if(!Ee.includes(i))throw new D(B(`Invalid value found for type; expected either ${Ee.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new D(B(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=Number.parseInt(t,10);if(Number.isNaN(n))throw new D(B(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new D(B(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function Ye(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function Ar(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&Ee.includes(e.type)}function Pr(e){if(!Ar(e))throw new D(B("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function Ke(e){return new Te(e).normalizeConfig()}import{Stack as at,Tags as ct}from"aws-cdk-lib";import{Duration as Q,RemovalPolicy as w,aws_ec2 as v,aws_ecs as G,aws_elasticache as et,aws_elasticloadbalancingv2 as K,aws_iam as f,aws_logs as tt,aws_rds as N,aws_route53 as Ce,aws_s3 as Ir,aws_secretsmanager as Ae,aws_ssm as C,aws_route53_targets as Dr,aws_wafv2 as Nr}from"aws-cdk-lib";import{Repository as Or}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as rt,DBClusterStorageType as it,ParameterGroup as ue}from"aws-cdk-lib/aws-rds";import{Secret as _r,SecretTargetAttachment as Lr}from"aws-cdk-lib/aws-secretsmanager";import{Construct as Mr}from"constructs";import Pe from"node:assert";import{aws_logs as Ze,aws_wafv2 as Xe}from"aws-cdk-lib";var Rr=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];function kr(e){let t=[...Rr];if(e){let r={name:"IPAllowListRule",priority:50,action:{allow:{}},statement:{ipSetReferenceStatement:{arn:e}},visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:"IPAllowListRule",sampledRequestsEnabled:!0}};t.push(r)}return t}function V(e,t,r,i,n,s,o){let a=new Xe.CfnWebACL(e,t,{name:r,scope:i,defaultAction:n?{block:{}}:{allow:{}},rules:kr(n),visibilityConfig:{metricName:`${r}-Metric`,cloudWatchMetricsEnabled:!0,sampledRequestsEnabled:!1}});if(s){let m;o?m=new Ze.LogGroup(e,"WAFLogs",{logGroupName:s}):m=Ze.LogGroup.fromLogGroupName(e,"WAFLogs",s),new Xe.CfnLoggingConfiguration(e,"WAFLoggingConfiguration",{resourceArn:a.attrArn,logDestinationConfigs:[m.logGroupArn]}).addDependency(a)}return a}var de=class extends Mr{constructor(r,i){super(r,"BackEnd");c(this,"vpc");c(this,"botLambdaRole");c(this,"rdsSecretsArn");c(this,"rdsCluster");c(this,"rdsProxy");c(this,"redisSubnetGroup");c(this,"redisSecurityGroup");c(this,"redisPassword");c(this,"redisCluster");c(this,"redisSecrets");c(this,"ecsCluster");c(this,"taskRolePolicies");c(this,"taskRole");c(this,"taskDefinition");c(this,"logGroup");c(this,"logDriver");c(this,"serviceContainer");c(this,"fargateSecurityGroup");c(this,"fargateService");c(this,"targetGroup");c(this,"loadBalancer");c(this,"waf");c(this,"wafAssociation");c(this,"dnsRecord");c(this,"regionParameter");c(this,"databaseSecretsParameter");c(this,"databaseProxyEndpointParameter");c(this,"redisSecretsParameter");c(this,"botLambdaRoleParameter");c(this,"rdsClusterParameterGroup");c(this,"rdsWriterParameterGroup");c(this,"rdsReaderParameterGroup");let n=i.name,s=i.accountNumber,o=i.region;if(i.vpcId)this.vpc=v.Vpc.fromLookup(this,"VPC",{vpcId:i.vpcId});else{let p=new tt.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+n,removalPolicy:w.DESTROY});this.vpc=new v.Vpc(this,"VPC",{maxAzs:i.maxAzs,flowLogs:{cloudwatch:{destination:v.FlowLogDestination.toCloudWatchLogs(p),trafficType:v.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new f.Role(this,"BotLambdaRole",{assumedBy:new f.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=i.rdsSecretsArn,!this.rdsSecretsArn||i.rdsForceRetain){let{engine:p,majorVersion:P}=$r(i.rdsInstanceVersion,N.AuroraPostgresEngineVersion.VER_16_9),U={statement_timeout:"60000",default_transaction_isolation:"REPEATABLE READ",...i.rdsClusterParameters};if(i.rdsPersistentParameterGroups){let F=`MedplumPG${P}`;this.rdsClusterParameterGroup=new ue(this,`${F}ClusterParameterGroup`,{engine:p,parameters:U,removalPolicy:w.RETAIN}),this.rdsClusterParameterGroup.bindToCluster({}),this.rdsWriterParameterGroup=new ue(this,`${F}WriterInstanceParameterGroup`,{engine:p,removalPolicy:w.RETAIN}),this.rdsWriterParameterGroup.bindToInstance({}),this.rdsReaderParameterGroup=new ue(this,`${F}ReaderInstanceParameterGroup`,{engine:p,removalPolicy:w.RETAIN}),this.rdsReaderParameterGroup.bindToInstance({})}if(i.rdsIdsMajorVersionSuffix){if(!i.rdsPersistentParameterGroups||!this.rdsClusterParameterGroup||!this.rdsWriterParameterGroup||!this.rdsReaderParameterGroup)throw new Error("rdsPersistentParameterGroups must be true when rdsIdsMajorVersionSuffix is true");this.rdsClusterParameterGroup,this.rdsWriterParameterGroup,this.rdsReaderParameterGroup}let ie={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0,caCertificate:N.CaCertificate.RDS_CA_RSA2048_G1},lt=new ue(this,"MedplumDatabaseClusterParams",{engine:p,parameters:U}),Oe=i.rdsReaderInstanceType??i.rdsInstanceType,ut={...ie,instanceType:Oe?new v.InstanceType(Oe):void 0,parameterGroup:i.rdsIdsMajorVersionSuffix?this.rdsReaderParameterGroup:void 0},fe=i.rdsInstanceType,dt={...ie,instanceType:fe?new v.InstanceType(fe):void 0,parameterGroup:i.rdsIdsMajorVersionSuffix?this.rdsWriterParameterGroup:void 0},ye;if(i.rdsInstances>1){ye=[];for(let F=1;F<i.rdsInstances;F++)ye.push(rt.provisioned("Instance"+(F+1),ut))}let pt={credentials:N.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,storageType:fe?.match(/^\w+d\w*\./i)?it.AURORA_IOPT1:it.AURORA,vpc:this.vpc,vpcSubnets:{subnetType:v.SubnetType.PRIVATE_WITH_EGRESS},backup:{retention:Q.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:N.InstanceUpdateBehaviour.ROLLING,removalPolicy:w.RETAIN,autoMinorVersionUpgrade:i.rdsAutoMinorVersionUpgrade},ht=Ur(i.rdsIdsMajorVersionSuffix?P:void 0);this.rdsCluster=new N.DatabaseCluster(this,ht,{...pt,engine:p,writer:rt.provisioned("Instance1",dt),readers:ye,parameterGroup:this.rdsClusterParameterGroup??lt});let q=this.rdsCluster.secret;Pe(q!==void 0,"rdsCluster.secret is undefined"),q.applyRemovalPolicy(w.RETAIN),Pe(q instanceof Lr,"rdsCluster.secret is not a SecretTargetAttachment");let _e=q.node.scope;Pe(_e instanceof _r,"rdsCluster.secretAttachment.node.scope is not a Secret"),_e.applyRemovalPolicy(w.RETAIN),this.rdsSecretsArn||(this.rdsSecretsArn=q.secretArn),i.rdsProxyEnabled&&(this.rdsProxy=new N.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:N.ProxyTarget.fromCluster(this.rdsCluster),secrets:[q],vpc:this.vpc}))}this.redisSubnetGroup=new et.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(p=>p.subnetId)});let a=this.createRedisCluster("Redis",{nodeType:i.cacheNodeType,securityGroupId:i.cacheSecurityGroupId,engine:i.cacheEngine,engineVersion:i.cacheEngineVersion});this.redisSecurityGroup=a.securityGroup,this.redisPassword=a.password,this.redisCluster=a.cluster,this.redisSecrets=a.secrets;let m=[{key:"cacheRedis",id:"CacheRedis"},{key:"rateLimitRedis",id:"RateLimitRedis"},{key:"pubSubRedis",id:"PubSubRedis"},{key:"backgroundJobsRedis",id:"BackgroundJobsRedis"}],S=[];for(let{key:p,id:P}of m){let U=i[p];if(U){let ie=this.createRedisCluster(P,{nodeType:U.nodeType,securityGroupId:U.securityGroupId,engine:U.engine,engineVersion:U.engineVersion});S.push({id:P,...ie})}}let y={vpc:this.vpc};i.containerInsightsV2&&(y={...y,containerInsightsV2:i.containerInsightsV2}),this.ecsCluster=new G.Cluster(this,"Cluster",y),this.taskRolePolicies=new f.PolicyDocument({statements:[new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:[`arn:aws:logs:${o}:${s}:log-group:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:[`arn:aws:secretsmanager:${o}:${s}:secret:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:[`arn:aws:ssm:${o}:${s}:parameter/medplum/${n}/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:[`arn:aws:ses:${o}:${s}:identity/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["s3:ListBucket"],resources:[`arn:aws:s3:::${i.storageBucketName}`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:[`arn:aws:s3:::${i.storageBucketName}/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:InvokeFunction"],resources:[`arn:aws:lambda:${o}:${s}:function:medplum-bot-lambda-*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:ListLayerVersions"],resources:[`arn:aws:lambda:${o}:${s}:layer:medplum-bot-layer`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:GetLayerVersion"],resources:[`arn:aws:lambda:${o}:${s}:layer:medplum-bot-layer:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["comprehend:DetectEntities","comprehend:DetectKeyPhrases","comprehend:DetectDominantLanguage","comprehend:DetectSentiment","comprehend:DetectTargetedSentiment","comprehend:DetectSyntax","comprehendmedical:DetectEntitiesV2","textract:DetectDocumentText","textract:AnalyzeDocument","textract:StartDocumentTextDetection","textract:GetDocumentTextDetection"],resources:["*"]})]}),this.taskRole=new f.Role(this,"TaskExecutionRole",{assumedBy:new f.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new G.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:i.serverMemory,cpu:i.serverCpu,taskRole:this.taskRole}),i.fireLens?.enabled?this.logDriver=new G.FireLensLogDriver({options:{...i.fireLens.logDriverConfig?.options}}):(this.logGroup=new tt.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+n,removalPolicy:w.DESTROY}),this.logDriver=new G.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}));let O;i.containerRegistryCredentialsSecretArn&&(O=Ae.Secret.fromSecretCompleteArn(this,"RegistryCredentialsSecret",i.containerRegistryCredentialsSecretArn)),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(i,i.serverImage,O),command:[o==="us-east-1"?`aws:/medplum/${n}/`:`aws:${o}:/medplum/${n}/`],logging:this.logDriver,environment:i.environment}),this.serviceContainer.addPortMappings({containerPort:i.apiPort,hostPort:i.apiPort});for(let p of i.additionalContainers??Qe)this.taskDefinition.addContainer("AdditionalContainer-"+p.name,{containerName:p.name,image:this.getContainerImage(i,p.image,O),command:p.command,environment:p.environment,logging:this.logDriver,essential:p.essential??!1});i.fireLens?.enabled&&this.taskDefinition.addFirelensLogRouter("FireLensRouter",{image:G.ContainerImage.fromRegistry("public.ecr.aws/aws-observability/aws-for-fluent-bit:stable"),essential:!0,firelensConfig:i.fireLens.logRouterConfig,environment:i.fireLens.environment}),this.fargateSecurityGroup=new v.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new G.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:v.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:i.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:Q.minutes(5),minHealthyPercent:50}),i.fargateAutoScaling&&this.fargateService.autoScaleTaskCount({minCapacity:i.fargateAutoScaling.minCapacity,maxCapacity:i.fargateAutoScaling.maxCapacity}).scaleOnCpuUtilization("CpuScaling",{targetUtilizationPercent:i.fargateAutoScaling.targetUtilizationPercent,scaleInCooldown:Q.seconds(i.fargateAutoScaling.scaleInCooldown),scaleOutCooldown:Q.seconds(i.fargateAutoScaling.scaleOutCooldown)}),this.rdsCluster&&this.fargateService.node.addDependency(this.rdsCluster),this.rdsProxy&&this.fargateService.node.addDependency(this.rdsProxy),this.fargateService.node.addDependency(this.redisCluster);for(let{cluster:p}of S)this.fargateService.node.addDependency(p);this.targetGroup=new K.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:i.apiPort,protocol:K.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:Q.seconds(30),timeout:Q.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]});let re;i.loadBalancerSecurityGroupId&&(re=v.SecurityGroup.fromSecurityGroupId(this,"LoadBalancerSecurityGroup",i.loadBalancerSecurityGroupId)),this.loadBalancer=new K.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:i.apiInternetFacing!==!1,http2Enabled:!0,securityGroup:re}),i.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Ir.Bucket.fromBucketName(this,"LoggingBucket",i.loadBalancerLoggingBucket),i.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:i.apiSslCertArn}],sslPolicy:K.SslPolicy.RECOMMENDED_TLS,defaultAction:K.ListenerAction.forward([this.targetGroup])}),this.waf=V(this,"BackEndWAF",`${i.stackName}-BackEndWAF`,"REGIONAL",i.apiWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.wafAssociation=new Nr.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&(this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsCluster.connections.securityGroups.forEach(p=>{p.applyRemovalPolicy(w.RETAIN),p.node.children.forEach(P=>{(P instanceof v.CfnSecurityGroupIngress||P instanceof v.CfnSecurityGroupEgress)&&P.applyRemovalPolicy(w.RETAIN)})})),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,v.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,v.Port.tcp(6379));for(let p of S)p.securityGroup.addIngressRule(this.fargateSecurityGroup,v.Port.tcp(6379)),p.secretsParameter=new C.StringParameter(this,`${p.id}SecretsParameter`,{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/${p.id}Secrets`,description:`${p.id} secrets ARN`,stringValue:p.secrets.secretArn});if(!i.skipDns){let p=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),P=Ce.HostedZone.fromLookup(this,"Zone",{domainName:p});this.dnsRecord=new Ce.ARecord(this,"LoadBalancerAliasRecord",{recordName:i.apiDomainName,target:Ce.RecordTarget.fromAlias(new Dr.LoadBalancerTarget(this.loadBalancer)),zone:P})}this.regionParameter=new C.StringParameter(this,"RegionParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/awsRegion`,description:"AWS region",stringValue:i.region}),this.databaseSecretsParameter=new C.StringParameter(this,"DatabaseSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new C.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new C.StringParameter(this,"RedisSecretsParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new C.StringParameter(this,"BotLambdaRoleParameter",{tier:C.ParameterTier.STANDARD,parameterName:`/medplum/${n}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn})}getContainerImage(r,i,n){let o=new RegExp(`^${r.accountNumber}\\.dkr\\.ecr\\.${r.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(i),a=o?.[1],m=o?.[2];if(a&&m){let S=Or.fromRepositoryArn(this,"ServerImageRepo",`arn:aws:ecr:${r.region}:${r.accountNumber}:repository/${a}`);return G.ContainerImage.fromEcrRepository(S,m)}return G.ContainerImage.fromRegistry(i,{credentials:n})}createRedisCluster(r,i){let n;i.securityGroupId?n=v.SecurityGroup.fromSecurityGroupId(this,`${r}SecurityGroup`,i.securityGroupId):(n=new v.SecurityGroup(this,`${r}SecurityGroup`,{vpc:this.vpc,description:`${r} Security Group`,allowAllOutbound:!1}),n.applyRemovalPolicy(w.RETAIN));let s=new Ae.Secret(this,`${r}Password`,{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}});s.applyRemovalPolicy(w.RETAIN);let o=new et.CfnReplicationGroup(this,`${r}Cluster`,{engine:i.engine??"Redis",engineVersion:i.engineVersion??"6.x",cacheNodeType:i.nodeType??"cache.t2.medium",replicationGroupDescription:`${r}ReplicationGroup`,authToken:s.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[n.securityGroupId]});o.node.addDependency(s),o.applyRemovalPolicy(w.RETAIN);let a=new Ae.Secret(this,`${r}Secrets`,{generateSecretString:{secretStringTemplate:JSON.stringify({host:o.attrPrimaryEndPointAddress,port:o.attrPrimaryEndPointPort,password:s.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}});return a.node.addDependency(s),a.node.addDependency(o),a.applyRemovalPolicy(w.RETAIN),{securityGroup:n,password:s,cluster:o,secrets:a}}};function $r(e,t){if(!e){if(t)return{engine:N.DatabaseClusterEngine.auroraPostgres({version:t}),majorVersion:t.auroraPostgresMajorVersion};throw new Error("Missing or empty RDS version: "+e)}let r=e.slice(0,e.indexOf("."));return{engine:N.DatabaseClusterEngine.auroraPostgres({version:N.AuroraPostgresEngineVersion.of(e,r,{s3Import:!0,s3Export:!0})}),majorVersion:r}}function Ur(e){return e?`DatabaseClusterPG${e}`:"DatabaseCluster"}import{aws_cloudtrail as Br,aws_cloudwatch as Re,aws_cloudwatch_actions as Gr,aws_logs as pe,aws_sns as nt}from"aws-cdk-lib";import{Construct as Fr}from"constructs";var Z=class extends Fr{constructor(r,i){super(r,"CloudTrailAlarms");c(this,"config");c(this,"logGroup");c(this,"cloudTrail");c(this,"alarmTopic");if(this.config=i,!i.cloudTrailAlarms)return;i.cloudTrailAlarms.logGroupCreate?(this.logGroup=new pe.LogGroup(this,"CloudTrailLogGroup",{logGroupName:i.cloudTrailAlarms.logGroupName,retention:pe.RetentionDays.ONE_YEAR}),this.cloudTrail=new Br.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=pe.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",i.cloudTrailAlarms.logGroupName),i.cloudTrailAlarms.snsTopicArn?this.alarmTopic=nt.Topic.fromTopicArn(this,"AlarmTopic",i.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new nt.Topic(this,"AlarmTopic",{topicName:i.cloudTrailAlarms.snsTopicName});let n=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[s,o]of n)this.createMetricAlarm(s,o)}createMetricAlarm(r,i){let n=`${this.config.stackName}${r}MetricFilter`,s=`${this.config.stackName}${r}Metric`,o=`${this.config.stackName}Metrics`,a=`${this.config.stackName}${r}Alarm`,m=new pe.MetricFilter(this,n,{logGroup:this.logGroup,filterPattern:{logPatternString:i},metricNamespace:o,metricName:s});new Re.Alarm(this,a,{metric:m.metric({}),threshold:1,evaluationPeriods:1,alarmName:a,actionsEnabled:!0,treatMissingData:Re.TreatMissingData.NOT_BREACHING,comparisonOperator:Re.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Gr.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as Wr,aws_cloudfront as A,Duration as qr,aws_cloudfront_origins as st,RemovalPolicy as Hr,aws_route53 as ke,aws_s3 as X,aws_route53_targets as Vr}from"aws-cdk-lib";import{Construct as Qr}from"constructs";import{aws_iam as jr}from"aws-cdk-lib";function he(e,t){let r=new jr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var ee=class extends Qr{constructor(r,i,n){super(r,"FrontEnd");c(this,"appBucket");c(this,"responseHeadersPolicy");c(this,"waf");c(this,"apiOriginCachePolicy");c(this,"originAccessIdentity");c(this,"originAccessPolicyStatement");c(this,"distribution");c(this,"dnsRecord");if(n===i.region?this.appBucket=new X.Bucket(this,"AppBucket",{bucketName:i.appDomainName,publicReadAccess:!1,blockPublicAccess:X.BlockPublicAccess.BLOCK_ALL,removalPolicy:Hr.DESTROY,encryption:X.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=X.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:i.appDomainName,region:i.region}),n==="us-east-1"&&(this.responseHeadersPolicy=new A.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permissions-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${i.apiDomainName} *.medplum.com *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${i.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${i.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${i.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:A.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:A.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:qr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=V(this,"FrontEndWAF",`${i.stackName}-FrontEndWAF`,"CLOUDFRONT",i.appWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.apiOriginCachePolicy=new A.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${i.stackName}-ApiOriginCachePolicy`,cookieBehavior:A.CacheCookieBehavior.all(),headerBehavior:A.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:A.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new A.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=he(this.appBucket,this.originAccessIdentity),this.distribution=new A.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:st.S3BucketOrigin.withOriginAccessIdentity(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:A.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:i.appApiProxy?{"/api/*":{origin:new st.HttpOrigin(i.apiDomainName),allowedMethods:A.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:A.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:Wr.Certificate.fromCertificateArn(this,"AppCertificate",i.appSslCertArn),domainNames:[i.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:i.appLoggingBucket?X.Bucket.fromBucketName(this,"LoggingBucket",i.appLoggingBucket):void 0,logFilePrefix:i.appLoggingPrefix}),!i.skipDns)){let s=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),o=ke.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new ke.ARecord(this,"AppAliasRecord",{recordName:i.appDomainName,target:ke.RecordTarget.fromAlias(new Vr.CloudFrontTarget(this.distribution)),zone:o})}}};import{aws_certificatemanager as zr,aws_cloudfront as $,Duration as ot,aws_cloudfront_origins as Jr,aws_route53 as Ie,aws_s3 as z,aws_route53_targets as Yr}from"aws-cdk-lib";import{ServerlessClamscan as Kr}from"cdk-serverless-clamscan";import{Construct as Zr}from"constructs";var te=class extends Zr{constructor(r,i,n){super(r,"Storage");c(this,"storageBucket");c(this,"keyGroup");c(this,"responseHeadersPolicy");c(this,"waf");c(this,"originAccessIdentity");c(this,"originAccessPolicyStatement");c(this,"distribution");c(this,"dnsRecord");if(n===i.region?(this.storageBucket=new z.Bucket(this,"StorageBucket",{bucketName:i.storageBucketName,publicReadAccess:!1,blockPublicAccess:z.BlockPublicAccess.BLOCK_ALL,encryption:z.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),i.clamscanEnabled&&new Kr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:z.Bucket.fromBucketName(this,"LoggingBucket",i.clamscanLoggingBucket),logsPrefix:i.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=z.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:i.storageBucketName,region:i.region}),n==="us-east-1"){let s;if(i.signingKeyId?s=$.PublicKey.fromPublicKeyId(this,"StoragePublicKey",i.signingKeyId):s=new $.PublicKey(this,"StoragePublicKey",{encodedKey:i.storagePublicKey}),this.keyGroup=new $.KeyGroup(this,"StorageKeyGroup",{items:[s]}),this.responseHeadersPolicy=new $.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permissions-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},corsBehavior:{accessControlAllowCredentials:!1,accessControlAllowOrigins:[i.appDomainName,"https://ccda.medplum.com"],accessControlAllowHeaders:["*"],accessControlAllowMethods:["GET","HEAD","OPTIONS"],accessControlMaxAge:ot.seconds(600),originOverride:!1},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; connect-src https://ccda.medplum.com; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:$.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:$.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:ot.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=V(this,"StorageWAF",`${i.stackName}-StorageWAF`,"CLOUDFRONT",i.storageWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.originAccessIdentity=new $.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=he(this.storageBucket,this.originAccessIdentity),this.distribution=new $.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:Jr.S3BucketOrigin.withOriginAccessIdentity(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:$.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:zr.Certificate.fromCertificateArn(this,"StorageCertificate",i.storageSslCertArn),domainNames:[i.storageDomainName],webAclId:this.waf.attrArn,logBucket:i.storageLoggingBucket?z.Bucket.fromBucketName(this,"LoggingBucket",i.storageLoggingBucket):void 0,logFilePrefix:i.storageLoggingPrefix}),!i.skipDns){let o=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),a=Ie.HostedZone.fromLookup(this,"Zone",{domainName:o});this.dnsRecord=new Ie.ARecord(this,"StorageAliasRecord",{recordName:i.storageDomainName,target:Ie.RecordTarget.fromAlias(new Yr.CloudFrontTarget(this.distribution)),zone:a})}}}};var me=class{constructor(t,r){c(this,"primaryStack");c(this,"globalStack");this.primaryStack=new De(t,r),r.region!=="us-east-1"&&(this.globalStack=new Ne(t,r),this.globalStack.addDependency(this.primaryStack))}},De=class extends at{constructor(r,i){super(r,i.stackName,{env:{region:i.region,account:i.accountNumber}});c(this,"backEnd");c(this,"frontEnd");c(this,"storage");c(this,"cloudTrail");ct.of(this).add("medplum:environment",i.name),this.backEnd=new de(this,i),this.frontEnd=new ee(this,i,i.region),this.storage=new te(this,i,i.region),this.cloudTrail=new Z(this,i)}},Ne=class extends at{constructor(r,i){super(r,i.stackName+"-us-east-1",{env:{region:"us-east-1",account:i.accountNumber}});c(this,"frontEnd");c(this,"storage");c(this,"cloudTrail");ct.of(this).add("medplum:environment",i.name),this.frontEnd=new ee(this,i,"us-east-1"),this.storage=new te(this,i,"us-east-1"),this.cloudTrail=new Z(this,i)}};async function ri(e){let t=new Xr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(ei(ti(r),"utf-8")),n=await Ke(i),s=new me(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}import.meta.main&&ri().catch(e=>{console.error(e),process.exit(1)});export{de as BackEnd,Z as CloudTrailAlarms,ee as FrontEnd,Ne as MedplumGlobalStack,De as MedplumPrimaryStack,me as MedplumStack,te as Storage,V as buildWaf,ri as main};
+var ft=Object.defineProperty;var yt=(e,t,r)=>t in e?ft(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var c=(e,t,r)=>yt(e,typeof t!="symbol"?t+"":t,r);import{App as Xr}from"aws-cdk-lib";import{readFileSync as ei}from"node:fs";import{resolve as ti}from"node:path";import{GetParameterCommand as Er,SSMClient as Tr}from"@aws-sdk/client-ssm";var gt=Object.defineProperty,vt=(e,t,r)=>t in e?gt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,v=(e,t,r)=>vt(e,typeof t!="symbol"?t+"":t,r),Se=class{constructor(e=10){v(this,"max"),v(this,"cache"),this.max=e,this.cache=new Map}clear(){this.cache.clear()}get(e){let t=this.cache.get(e);return t&&(this.cache.delete(e),this.cache.set(e,t)),t}set(e,t){this.cache.has(e)?this.cache.delete(e):this.cache.size>=this.max&&this.cache.delete(this.first()),this.cache.set(e,t)}delete(e){this.cache.delete(e)}keys(){return this.cache.keys()}first(){return this.cache.keys().next().value}},St=class{constructor(e,t){v(this,"operator"),v(this,"child"),this.operator=e,this.child=t}toString(){return`${this.operator}(${this.child.toString()})`}},K=class{constructor(e,t,r){v(this,"operator"),v(this,"left"),v(this,"right"),this.operator=e,this.left=t,this.right=r}toString(){return`(${this.left.toString()} ${this.operator} ${this.right.toString()})`}},bt=class{constructor(){v(this,"prefixParselets",{}),v(this,"infixParselets",{})}registerInfix(e,t){return this.infixParselets[e]=t,this}registerPrefix(e,t){return this.prefixParselets[e]=t,this}prefix(e,t,r){return this.registerPrefix(e,{parse(i,n){let s=i.consumeAndParse(t);return r(n,s)}})}infixLeft(e,t,r){return this.registerInfix(e,{parse(i,n,s){let o=i.consumeAndParse(t);return r(n,s,o)},precedence:t})}construct(e){return new wt(e,this.prefixParselets,this.infixParselets)}},wt=class{constructor(e,t,r){v(this,"tokens"),v(this,"prefixParselets"),v(this,"infixParselets"),this.tokens=e,this.prefixParselets=t,this.infixParselets=r}hasMore(){return this.tokens.length>0}match(e){return this.peek()?.id!==e?!1:(this.consume(),!0)}consumeAndParse(e=1/0){let t=this.consume(),r=this.prefixParselets[t.id];if(!r)throw new Error(`Parse error at "${t.value}" (line ${t.line}, column ${t.column}). No matching prefix parselet.`);let i=r.parse(this,t);for(;e>this.getPrecedence();){let n=this.consume();i=this.getInfixParselet(n).parse(this,i,n)}return i}getPrecedence(){let e=this.peek();if(!e)return 1/0;let t=this.getInfixParselet(e);return t?t.precedence:1/0}consume(e,t){if(!this.tokens.length)throw new Error("Cant consume unknown more tokens.");if(e&&this.peek()?.id!==e){let r=this.peek();throw new Error(`Expected ${e} but got "${r.id}" (${r.value}) at line ${r.line} column ${r.column}.`)}if(t&&this.peek()?.value!==t){let r=this.peek();throw new Error(`Expected "${t}" but got "${r.value}" at line ${r.line} column ${r.column}.`)}return this.tokens.shift()}peek(){return this.tokens.length>0?this.tokens[0]:void 0}removeComments(){this.tokens=this.tokens.filter(e=>e.id!=="Comment")}getInfixParselet(e){return this.infixParselets[e.id==="Symbol"?e.value:e.id]}};var xt="http://hl7.org";var Et="unauthorized";var oe={resourceType:"OperationOutcome",id:Et,issue:[{severity:"error",code:"login",details:{text:"Unauthorized"}}]},si={...oe,issue:[...oe.issue,{severity:"error",code:"expired",details:{text:"Token expired"}}]},oi={...oe,issue:[...oe.issue,{severity:"error",code:"invalid",details:{text:"Token not issued for this audience"}}]};function be(e,t){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"invalid",details:{text:e},...t?{expression:[t]}:void 0}]}}function F(e){return{resourceType:"OperationOutcome",issue:[{severity:"error",code:"structure",details:{text:e}}]}}var O=class extends Error{constructor(e,t){super(Tt(e),t),v(this,"outcome"),this.name="OperationOutcomeError",this.outcome=e}};function Tt(e){let t=e.issue?.map(Ct)??[];return t.length>0?t.join("; "):"Unknown error"}function Ct(e){let t;return e.details?.text?e.diagnostics?t=`${e.details.text} (${e.diagnostics})`:t=e.details.text:e.diagnostics?t=e.diagnostics:t="Unknown error",e.expression?.length&&(t+=` (${e.expression.join(", ")})`),t}function At(e,t){let r=t.max&&t.max===Number.MAX_SAFE_INTEGER?Number.POSITIVE_INFINITY:t.max;return{path:e,description:"",type:t.type??[],min:t.min??0,max:r??1,isArray:!!r&&r>1,constraints:[]}}function Pt(e){let t=Object.create(null);for(let[r,i]of Object.entries(e))t[r]={name:r,type:r,path:r,elements:Object.fromEntries(Object.entries(i.elements).map(([n,s])=>[n,At(n,s)])),constraints:[],innerTypes:[]};return t}var Rt={Element:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]}}},BackboneElement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]}}},Address:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"code"}]},text:{type:[{code:"string"}]},line:{max:9007199254740991,type:[{code:"string"}]},city:{type:[{code:"string"}]},district:{type:[{code:"string"}]},state:{type:[{code:"string"}]},postalCode:{type:[{code:"string"}]},country:{type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Age:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Annotation:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"author[x]":{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Organization"]},{code:"string"}]},time:{type:[{code:"dateTime"}]},text:{min:1,type:[{code:"markdown"}]}}},Attachment:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},contentType:{type:[{code:"code"}]},language:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]},url:{type:[{code:"url"}]},size:{type:[{code:"unsignedInt"}]},hash:{type:[{code:"base64Binary"}]},title:{type:[{code:"string"}]},creation:{type:[{code:"dateTime"}]}}},CodeableConcept:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},coding:{max:9007199254740991,type:[{code:"Coding"}]},text:{type:[{code:"string"}]}}},Coding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"uri"}]},version:{type:[{code:"string"}]},code:{type:[{code:"code"}]},display:{type:[{code:"string"}]},userSelected:{type:[{code:"boolean"}]}}},ContactDetail:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"string"}]},telecom:{max:9007199254740991,type:[{code:"ContactPoint"}]}}},ContactPoint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},system:{type:[{code:"code"}]},value:{type:[{code:"string"}]},use:{type:[{code:"code"}]},rank:{type:[{code:"positiveInt"}]},period:{type:[{code:"Period"}]}}},Contributor:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{min:1,type:[{code:"string"}]},contact:{max:9007199254740991,type:[{code:"ContactDetail"}]}}},Count:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},DataRequirement:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},"subject[x]":{type:[{code:"CodeableConcept"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Group"]}]},mustSupport:{max:9007199254740991,type:[{code:"string"}]},codeFilter:{max:9007199254740991,type:[{code:"DataRequirementCodeFilter"}]},dateFilter:{max:9007199254740991,type:[{code:"DataRequirementDateFilter"}]},limit:{type:[{code:"positiveInt"}]},sort:{max:9007199254740991,type:[{code:"DataRequirementSort"}]}}},DataRequirementCodeFilter:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{type:[{code:"string"}]},searchParam:{type:[{code:"string"}]},valueSet:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/ValueSet"]}]},code:{max:9007199254740991,type:[{code:"Coding"}]}}},DataRequirementDateFilter:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{type:[{code:"string"}]},searchParam:{type:[{code:"string"}]},"value[x]":{type:[{code:"dateTime"},{code:"Period"},{code:"Duration"}]}}},DataRequirementSort:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},direction:{min:1,type:[{code:"code"}]}}},Distance:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Dosage:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},sequence:{type:[{code:"integer"}]},text:{type:[{code:"string"}]},additionalInstruction:{max:9007199254740991,type:[{code:"CodeableConcept"}]},patientInstruction:{type:[{code:"string"}]},timing:{type:[{code:"Timing"}]},"asNeeded[x]":{type:[{code:"boolean"},{code:"CodeableConcept"}]},site:{type:[{code:"CodeableConcept"}]},route:{type:[{code:"CodeableConcept"}]},method:{type:[{code:"CodeableConcept"}]},doseAndRate:{max:9007199254740991,type:[{code:"DosageDoseAndRate"}]},maxDosePerPeriod:{type:[{code:"Ratio"}]},maxDosePerAdministration:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},maxDosePerLifetime:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},DosageDoseAndRate:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{type:[{code:"CodeableConcept"}]},"dose[x]":{type:[{code:"Range"},{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},"rate[x]":{type:[{code:"Ratio"},{code:"Range"},{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Duration:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},ElementDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},representation:{max:9007199254740991,type:[{code:"code"}]},sliceName:{type:[{code:"string"}]},sliceIsConstraining:{type:[{code:"boolean"}]},label:{type:[{code:"string"}]},code:{max:9007199254740991,type:[{code:"Coding"}]},slicing:{type:[{code:"ElementDefinitionSlicing"}]},short:{type:[{code:"string"}]},definition:{type:[{code:"markdown"}]},comment:{type:[{code:"markdown"}]},requirements:{type:[{code:"markdown"}]},alias:{max:9007199254740991,type:[{code:"string"}]},min:{type:[{code:"unsignedInt"}]},max:{type:[{code:"string"}]},base:{type:[{code:"ElementDefinitionBase"}]},contentReference:{type:[{code:"uri"}]},type:{max:9007199254740991,type:[{code:"ElementDefinitionType"}]},"defaultValue[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},meaningWhenMissing:{type:[{code:"markdown"}]},orderMeaning:{type:[{code:"string"}]},"fixed[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},"pattern[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]},example:{max:9007199254740991,type:[{code:"ElementDefinitionExample"}]},"minValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},"maxValue[x]":{type:[{code:"date"},{code:"dateTime"},{code:"instant"},{code:"time"},{code:"decimal"},{code:"integer"},{code:"positiveInt"},{code:"unsignedInt"},{code:"Quantity"}]},maxLength:{type:[{code:"integer"}]},condition:{max:9007199254740991,type:[{code:"id"}]},constraint:{max:9007199254740991,type:[{code:"ElementDefinitionConstraint"}]},mustSupport:{type:[{code:"boolean"}]},isModifier:{type:[{code:"boolean"}]},isModifierReason:{type:[{code:"string"}]},isSummary:{type:[{code:"boolean"}]},binding:{type:[{code:"ElementDefinitionBinding"}]},mapping:{max:9007199254740991,type:[{code:"ElementDefinitionMapping"}]}}},ElementDefinitionSlicingDiscriminator:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},path:{min:1,type:[{code:"string"}]}}},ElementDefinitionSlicing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},discriminator:{max:9007199254740991,type:[{code:"ElementDefinitionSlicingDiscriminator"}]},description:{type:[{code:"string"}]},ordered:{type:[{code:"boolean"}]},rules:{min:1,type:[{code:"code"}]}}},ElementDefinitionBase:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},path:{min:1,type:[{code:"string"}]},min:{min:1,type:[{code:"unsignedInt"}]},max:{min:1,type:[{code:"string"}]}}},ElementDefinitionType:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition","http://hl7.org/fhir/StructureDefinition/ImplementationGuide"]}]},targetProfile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition","http://hl7.org/fhir/StructureDefinition/ImplementationGuide"]}]},aggregation:{max:9007199254740991,type:[{code:"code"}]},versioning:{type:[{code:"code"}]}}},ElementDefinitionExample:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},label:{min:1,type:[{code:"string"}]},"value[x]":{min:1,type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},ElementDefinitionConstraint:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},key:{min:1,type:[{code:"id"}]},requirements:{type:[{code:"string"}]},severity:{min:1,type:[{code:"code"}]},human:{min:1,type:[{code:"string"}]},expression:{type:[{code:"string"}]},xpath:{type:[{code:"string"}]},source:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},ElementDefinitionBinding:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},strength:{min:1,type:[{code:"code"}]},description:{type:[{code:"string"}]},valueSet:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/ValueSet"]}]}}},ElementDefinitionMapping:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},identity:{min:1,type:[{code:"id"}]},language:{type:[{code:"code"}]},map:{min:1,type:[{code:"string"}]},comment:{type:[{code:"string"}]}}},Expression:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},description:{type:[{code:"string"}]},name:{type:[{code:"id"}]},language:{min:1,type:[{code:"code"}]},expression:{type:[{code:"string"}]},reference:{type:[{code:"uri"}]}}},Extension:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},url:{min:1,type:[{code:"uri"}]},"value[x]":{type:[{code:"base64Binary"},{code:"boolean"},{code:"canonical"},{code:"code"},{code:"date"},{code:"dateTime"},{code:"decimal"},{code:"id"},{code:"instant"},{code:"integer"},{code:"markdown"},{code:"oid"},{code:"positiveInt"},{code:"string"},{code:"time"},{code:"unsignedInt"},{code:"uri"},{code:"url"},{code:"uuid"},{code:"Address"},{code:"Age"},{code:"Annotation"},{code:"Attachment"},{code:"CodeableConcept"},{code:"Coding"},{code:"ContactPoint"},{code:"Count"},{code:"Distance"},{code:"Duration"},{code:"HumanName"},{code:"Identifier"},{code:"Money"},{code:"Period"},{code:"Quantity"},{code:"Range"},{code:"Ratio"},{code:"Reference"},{code:"SampledData"},{code:"Signature"},{code:"Timing"},{code:"ContactDetail"},{code:"Contributor"},{code:"DataRequirement"},{code:"Expression"},{code:"ParameterDefinition"},{code:"RelatedArtifact"},{code:"TriggerDefinition"},{code:"UsageContext"},{code:"Dosage"},{code:"Meta"}]}}},HumanName:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},text:{type:[{code:"string"}]},family:{type:[{code:"string"}]},given:{max:9007199254740991,type:[{code:"string"}]},prefix:{max:9007199254740991,type:[{code:"string"}]},suffix:{max:9007199254740991,type:[{code:"string"}]},period:{type:[{code:"Period"}]}}},Identifier:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},use:{type:[{code:"code"}]},type:{type:[{code:"CodeableConcept"}]},system:{type:[{code:"uri"}]},value:{type:[{code:"string"}]},period:{type:[{code:"Period"}]},assigner:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MarketingStatus:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},country:{min:1,type:[{code:"CodeableConcept"}]},jurisdiction:{type:[{code:"CodeableConcept"}]},status:{min:1,type:[{code:"CodeableConcept"}]},dateRange:{min:1,type:[{code:"Period"}]},restoreDate:{type:[{code:"dateTime"}]}}},Meta:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},versionId:{type:[{code:"id"}]},lastUpdated:{type:[{code:"instant"}]},source:{type:[{code:"uri"}]},profile:{max:9007199254740991,type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]},security:{max:9007199254740991,type:[{code:"Coding"}]},tag:{max:9007199254740991,type:[{code:"Coding"}]},project:{type:[{code:"uri"}]},author:{type:[{code:"Reference"}]},onBehalfOf:{type:[{code:"Reference"}]},account:{type:[{code:"Reference"}]},accounts:{max:9007199254740991,type:[{code:"Reference"}]},compartment:{max:9007199254740991,type:[{code:"Reference"}]}}},Money:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},currency:{type:[{code:"code"}]}}},Narrative:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},status:{min:1,type:[{code:"code"}]},div:{min:1,type:[{code:"xhtml"}]}}},ParameterDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},name:{type:[{code:"code"}]},use:{min:1,type:[{code:"code"}]},min:{type:[{code:"integer"}]},max:{type:[{code:"string"}]},documentation:{type:[{code:"string"}]},type:{min:1,type:[{code:"code"}]},profile:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/StructureDefinition"]}]}}},Period:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},start:{type:[{code:"dateTime"}]},end:{type:[{code:"dateTime"}]}}},Population:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"age[x]":{type:[{code:"Range"},{code:"CodeableConcept"}]},gender:{type:[{code:"CodeableConcept"}]},race:{type:[{code:"CodeableConcept"}]},physiologicalCondition:{type:[{code:"CodeableConcept"}]}}},ProdCharacteristic:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},height:{type:[{code:"Quantity"}]},width:{type:[{code:"Quantity"}]},depth:{type:[{code:"Quantity"}]},weight:{type:[{code:"Quantity"}]},nominalVolume:{type:[{code:"Quantity"}]},externalDiameter:{type:[{code:"Quantity"}]},shape:{type:[{code:"string"}]},color:{max:9007199254740991,type:[{code:"string"}]},imprint:{max:9007199254740991,type:[{code:"string"}]},image:{max:9007199254740991,type:[{code:"Attachment"}]},scoring:{type:[{code:"CodeableConcept"}]}}},ProductShelfLife:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},identifier:{type:[{code:"Identifier"}]},type:{min:1,type:[{code:"CodeableConcept"}]},period:{min:1,type:[{code:"Quantity"}]},specialPrecautionsForStorage:{max:9007199254740991,type:[{code:"CodeableConcept"}]}}},Quantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},Range:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},low:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},high:{type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]}}},Ratio:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},numerator:{type:[{code:"Quantity"}]},denominator:{type:[{code:"Quantity"}]}}},Reference:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},reference:{type:[{code:"string"}]},type:{type:[{code:"uri"}]},identifier:{type:[{code:"Identifier"}]},display:{type:[{code:"string"}]}}},RelatedArtifact:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},label:{type:[{code:"string"}]},display:{type:[{code:"string"}]},citation:{type:[{code:"markdown"}]},url:{type:[{code:"url"}]},document:{type:[{code:"Attachment"}]},resource:{type:[{code:"canonical",targetProfile:["http://hl7.org/fhir/StructureDefinition/Resource"]}]}}},SampledData:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},origin:{min:1,type:[{code:"Quantity",profile:["http://hl7.org/fhir/StructureDefinition/SimpleQuantity"]}]},period:{min:1,type:[{code:"decimal"}]},factor:{type:[{code:"decimal"}]},lowerLimit:{type:[{code:"decimal"}]},upperLimit:{type:[{code:"decimal"}]},dimensions:{min:1,type:[{code:"positiveInt"}]},data:{type:[{code:"string"}]}}},Signature:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,max:9007199254740991,type:[{code:"Coding"}]},when:{min:1,type:[{code:"instant"}]},who:{min:1,type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},onBehalfOf:{type:[{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Practitioner","http://hl7.org/fhir/StructureDefinition/PractitionerRole","http://hl7.org/fhir/StructureDefinition/RelatedPerson","http://hl7.org/fhir/StructureDefinition/Patient","http://hl7.org/fhir/StructureDefinition/Device","http://hl7.org/fhir/StructureDefinition/Organization"]}]},targetFormat:{type:[{code:"code"}]},sigFormat:{type:[{code:"code"}]},data:{type:[{code:"base64Binary"}]}}},SubstanceAmount:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},"amount[x]":{type:[{code:"Quantity"},{code:"Range"},{code:"string"}]},amountType:{type:[{code:"CodeableConcept"}]},amountText:{type:[{code:"string"}]},referenceRange:{type:[{code:"SubstanceAmountReferenceRange"}]}}},SubstanceAmountReferenceRange:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},lowLimit:{type:[{code:"Quantity"}]},highLimit:{type:[{code:"Quantity"}]}}},Timing:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},modifierExtension:{max:9007199254740991,type:[{code:"Extension"}]},event:{max:9007199254740991,type:[{code:"dateTime"}]},repeat:{type:[{code:"TimingRepeat"}]},code:{type:[{code:"CodeableConcept"}]}}},TimingRepeat:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},"bounds[x]":{type:[{code:"Duration"},{code:"Range"},{code:"Period"}]},count:{type:[{code:"positiveInt"}]},countMax:{type:[{code:"positiveInt"}]},duration:{type:[{code:"decimal"}]},durationMax:{type:[{code:"decimal"}]},durationUnit:{type:[{code:"code"}]},frequency:{type:[{code:"positiveInt"}]},frequencyMax:{type:[{code:"positiveInt"}]},period:{type:[{code:"decimal"}]},periodMax:{type:[{code:"decimal"}]},periodUnit:{type:[{code:"code"}]},dayOfWeek:{max:9007199254740991,type:[{code:"code"}]},timeOfDay:{max:9007199254740991,type:[{code:"time"}]},when:{max:9007199254740991,type:[{code:"code"}]},offset:{type:[{code:"unsignedInt"}]}}},TriggerDefinition:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},type:{min:1,type:[{code:"code"}]},name:{type:[{code:"string"}]},"timing[x]":{type:[{code:"Timing"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/Schedule"]},{code:"date"},{code:"dateTime"}]},data:{max:9007199254740991,type:[{code:"DataRequirement"}]},condition:{type:[{code:"Expression"}]}}},UsageContext:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},code:{min:1,type:[{code:"Coding"}]},"value[x]":{min:1,type:[{code:"CodeableConcept"},{code:"Quantity"},{code:"Range"},{code:"Reference",targetProfile:["http://hl7.org/fhir/StructureDefinition/PlanDefinition","http://hl7.org/fhir/StructureDefinition/ResearchStudy","http://hl7.org/fhir/StructureDefinition/InsurancePlan","http://hl7.org/fhir/StructureDefinition/HealthcareService","http://hl7.org/fhir/StructureDefinition/Group","http://hl7.org/fhir/StructureDefinition/Location","http://hl7.org/fhir/StructureDefinition/Organization"]}]}}},MoneyQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},SimpleQuantity:{elements:{id:{type:[{code:"string"}]},extension:{max:9007199254740991,type:[{code:"Extension"}]},value:{type:[{code:"decimal"}]},comparator:{max:0,type:[{code:"code"}]},unit:{type:[{code:"string"}]},system:{type:[{code:"uri"}]},code:{type:[{code:"code"}]}}},IdentityProvider:{elements:{authorizeUrl:{min:1,type:[{code:"string"}]},tokenUrl:{min:1,type:[{code:"string"}]},tokenAuthMethod:{type:[{code:"code"}]},userInfoUrl:{min:1,type:[{code:"string"}]},clientId:{min:1,type:[{code:"string"}]},clientSecret:{min:1,type:[{code:"string"}]},usePkce:{type:[{code:"boolean"}]},useSubject:{type:[{code:"boolean"}]}}}};var kt=Pt(Rt);var Me=Object.create(null);function It(e){let t;return t=Me[e],t||(t=Me[e]=Object.create(null)),t}function Dt(e,t){if(t){let r=It(t)[e];if(r)return r}return kt[e]}function Nt(e,t,r){let i=e.path;return Ot(_t(e,t,r),i,t)}function Ot(e,t,r){let i=t?t+".":"";return e===void 0?{type:"undefined",value:void 0,path:`${i}${r}`}:Array.isArray(e)?e.map((n,s)=>({...n,path:`${i}${r}[${s}]`})):{...e,path:`${i}${r}`}}var ai=new Se(1e3);var Ge={canonical:/^\S*$/,code:/^[^\s]+( [^\s]+)*$/,date:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1]))?)?$/,dateTime:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2]\d|3[0-1])(T([01]\d|2[0-3])(:[0-5]\d:([0-5]\d|60)(\.\d{1,9})?)?)?)?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00)?)?)?$/,id:/^[A-Za-z0-9\-.]{1,64}$/,instant:/^(\d(\d(\d[1-9]|[1-9]0)|[1-9]00)|[1-9]000)-(0[1-9]|1[0-2])-(0[1-9]|[1-2]\d|3[0-1])T([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?(Z|[+-]((0\d|1[0-3]):[0-5]\d|14:00))$/,markdown:/^[\r\n\t\u0020-\uFFFF]+$/,oid:/^urn:oid:[0-2](\.(0|[1-9]\d*))+$/,string:/^[\r\n\t\u0020-\uFFFF]+$/,time:/^([01]\d|2[0-3]):[0-5]\d:([0-5]\d|60)(\.\d{1,9})?$/,uri:/^\S*$/,url:/^\S*$/,uuid:/^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/,xhtml:/.*/};function l(e){return[{type:u.boolean,value:e}]}function q(e){return e==null?{type:"undefined",value:void 0}:Number.isSafeInteger(e)?{type:u.integer,value:e}:typeof e=="number"?{type:u.decimal,value:e}:typeof e=="boolean"?{type:u.boolean,value:e}:typeof e=="string"?{type:u.string,value:e}:P(e)?{type:u.Quantity,value:e}:le(e)?{type:e.resourceType,value:e}:zt(e)?{type:u.CodeableConcept,value:e}:Ve(e)?{type:u.Coding,value:e}:{type:u.BackboneElement,value:e}}function $(e){return e.length===0?!1:!!e[0].value}function U(e,t){if(e.length!==0){if(e.length===1&&(!t||e[0].type===t))return e[0];throw new Error(`Expected singleton of type ${t}, but found ${JSON.stringify(e)}`)}}function _t(e,t,r){if(!e.value)return;let i=Yt(e.type,t,r?.profileUrl);return i?Lt(e,t,i):Mt(e,t)}function Lt(e,t,r){let i=e.value,n=r.type;if(!n||n.length===0)return;let s,o="undefined",a,d=r.path.lastIndexOf("."),y=r.path.substring(d+1),b=y,C=!1;y.endsWith("[x]")&&(b=y.substring(0,y.length-3),C=!0);for(let g of n){let p=b;if(C&&(p+=Qe(g.code)),s=i[p],a=i["_"+p],s!==void 0||a!==void 0){o=g.code;break}}if(a)if(Array.isArray(s)){s=s.slice();for(let g=0;g<Math.max(s.length,a.length);g++)s[g]=ge(s[g],a[g])}else if(!s&&Array.isArray(a)){s=a.slice();for(let g=0;g<a.length;g++)s[g]=ge(void 0,a[g])}else s=ge(s,a);if(!Y(s))return(o==="Element"||o==="BackboneElement")&&(o=r.type[0].code),Array.isArray(s)?s.map(g=>$e(g,o)):$e(s,o)}function $e(e,t){return t==="Resource"&&le(e)&&(t=e.resourceType),{type:t,value:e}}function Mt(e,t){let r=e.value;if(!r||typeof r!="object")return;let i;if(t in r){let n=r[t];Array.isArray(n)?i=n.map(q):i=q(n)}else{let n=t.endsWith("[x]")?t.substring(0,t.length-3):t;for(let s of Object.values(u)){let o=n+Qe(s);if(o in r){let a=r[o];Array.isArray(a)?i=a.map(d=>({type:s,value:d})):i={type:s,value:a};break}}}if(Array.isArray(i)){if(i.length===0||Y(i[0]))return}else if(Y(i))return;return i}function Fe(e){let t=[];for(let r of e){let i=!1;for(let n of t)if($(ce(r,n))){i=!0;break}i||t.push(r)}return t}function $t(e){return l(!$(e))}function Ut(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?l(!1):l(e.every((r,i)=>$(ce(r,t[i]))))}function Bt(e,t){return e.length===0||t.length===0?[]:e.length!==t.length?l(!0):l(e.some((r,i)=>!$(ce(r,t[i]))))}function ce(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?l(Math.abs(r-i)<1e-8):P(r)&&P(i)?l(qe(r,i)):l(typeof r=="object"&&typeof i=="object"?we(e,t):r===i)}function je(e,t){return e.length===0&&t.length===0?l(!0):e.length!==t.length?l(!1):(e.sort(Ue),t.sort(Ue),l(e.every((r,i)=>$(Gt(r,t[i])))))}function Gt(e,t){let{type:r,value:i}=e,{type:n,value:s}=t,o=i?.valueOf(),a=s?.valueOf();return typeof o=="number"&&typeof a=="number"?l(Math.abs(o-a)<.01):P(o)&&P(a)?l(qe(o,a)):l(r==="Coding"&&n==="Coding"?typeof o!="object"||typeof a!="object"?!1:o.code===a.code&&o.system===a.system:typeof o=="object"&&typeof a=="object"?we({...o,id:void 0},{...a,id:void 0}):typeof o=="string"&&typeof a=="string"?o.toLowerCase()===a.toLowerCase():o===a)}function Ue(e,t){let r=e.value?.valueOf(),i=t.value?.valueOf();return typeof r=="number"&&typeof i=="number"?r-i:typeof r=="string"&&typeof i=="string"?r.localeCompare(i):0}function We(e,t){let{value:r}=e;if(r==null)return!1;let i=t;switch(i.startsWith("System.")&&(i=i.substring(7)),i.startsWith("FHIR.")&&(i=i.substring(5)),i){case"Boolean":return typeof r=="boolean";case"Decimal":case"Integer":return typeof r=="number";case"Date":return Ft(r);case"DateTime":return ve(r);case"Time":return typeof r=="string"&&!!/^T\d/.exec(r);case"Period":return jt(r);case"Quantity":return P(r);default:return e.type===i||typeof r=="object"&&r?.resourceType===i}}function Ft(e){return typeof e=="string"&&!!Ge.date.exec(e)}function ve(e){return typeof e=="string"&&!!Ge.dateTime.exec(e)}function jt(e){return!!(e&&typeof e=="object"&&("start"in e&&ve(e.start)||"end"in e&&ve(e.end)))}function P(e){return!!(e&&typeof e=="object"&&"value"in e&&typeof e.value=="number")}function qe(e,t){return Math.abs(e.value-t.value)<.01&&(e.unit===t.unit||e.code===t.code||e.unit===t.code||e.code===t.unit)}function we(e,t){let r=Object.keys(e),i=Object.keys(t);if(r.length!==i.length)return!1;for(let n of r){let s=e[n],o=t[n];if(Be(s)&&Be(o)){if(!we(s,o))return!1}else if(s!==o)return!1}return!0}function Be(e){return e!==null&&typeof e=="object"}function ge(e,t){if(t){if(typeof t!="object")throw new Error("Primitive extension must be an object");return Wt(e??{},t)}return e}function Wt(e,t){return delete t.__proto__,delete t.constructor,Object.assign(e,t)}function qt(e){if(e)return Zt(e)?e.reference.split("/")[1]:e.id}function Ht(e,t){let r=new Date(e);r.setUTCHours(0,0,0,0);let i=t?new Date(t):new Date;i.setUTCHours(0,0,0,0);let n=r.getUTCFullYear(),s=r.getUTCMonth(),o=r.getUTCDate(),a=i.getUTCFullYear(),d=i.getUTCMonth(),y=i.getUTCDate(),b=a-n;(d<s||d===s&&y<o)&&b--;let C=a*12+d-(n*12+s);y<o&&C--;let g=Math.floor((i.getTime()-r.getTime())/(1e3*60*60*24));return{years:b,months:C,days:g}}function Vt(e,...t){let r=e;for(let i=0;i<t.length&&r;i++)r=r?.extension?.find(n=>n.url===t[i]);return r}function Y(e){if(e==null)return!0;let t=typeof e;return t==="string"||t==="object"?!Qt(e):!1}function Qt(e){if(e==null)return!1;let t=typeof e;return t==="string"&&e!==""||t==="object"&&("length"in e&&e.length>0||Object.keys(e).length>0)}function He(e){return e!==null&&typeof e=="object"}function Ve(e){return He(e)&&"code"in e&&typeof e.code=="string"}function zt(e){return He(e)&&"coding"in e&&Array.isArray(e.coding)&&e.coding.every(Ve)}var Jt=[];for(let e=0;e<256;e++)Jt.push(e.toString(16).padStart(2,"0"));function Qe(e){return e?e.charAt(0).toUpperCase()+e.substring(1):""}var ze=Object.freeze([]);var u={Address:"Address",Age:"Age",Annotation:"Annotation",Attachment:"Attachment",BackboneElement:"BackboneElement",CodeableConcept:"CodeableConcept",Coding:"Coding",ContactDetail:"ContactDetail",ContactPoint:"ContactPoint",Contributor:"Contributor",Count:"Count",DataRequirement:"DataRequirement",Distance:"Distance",Dosage:"Dosage",Duration:"Duration",Element:"Element",ElementDefinition:"ElementDefinition",Expression:"Expression",Extension:"Extension",HumanName:"HumanName",Identifier:"Identifier",MarketingStatus:"MarketingStatus",Meta:"Meta",Money:"Money",MoneyQuantity:"MoneyQuantity",Narrative:"Narrative",ParameterDefinition:"ParameterDefinition",Period:"Period",Population:"Population",ProdCharacteristic:"ProdCharacteristic",ProductShelfLife:"ProductShelfLife",Quantity:"Quantity",Range:"Range",Ratio:"Ratio",Reference:"Reference",RelatedArtifact:"RelatedArtifact",SampledData:"SampledData",Signature:"Signature",SimpleQuantity:"SimpleQuantity",SubstanceAmount:"SubstanceAmount",SystemString:"http://hl7.org/fhirpath/System.String",Timing:"Timing",TriggerDefinition:"TriggerDefinition",UsageContext:"UsageContext",base64Binary:"base64Binary",boolean:"boolean",canonical:"canonical",code:"code",date:"date",dateTime:"dateTime",decimal:"decimal",id:"id",instant:"instant",integer:"integer",markdown:"markdown",oid:"oid",positiveInt:"positiveInt",string:"string",time:"time",unsignedInt:"unsignedInt",uri:"uri",url:"url",uuid:"uuid",xhtml:"xhtml"};function Yt(e,t,r){let i=Dt(e,r);if(i)return Kt(i.elements,t)}function Kt(e,t){let r=e[t]??e[t+"[x]"];if(r)return r;for(let i=0;i<t.length;i++){let n=t[i];if(n>="A"&&n<="Z"){let s=t.slice(0,i)+"[x]",o=e[s];if(o)return o}}}function le(e,t){return!(!e||typeof e!="object"||!("resourceType"in e)||t&&e.resourceType!==t)}function Zt(e,t){return e&&typeof e=="object"&&"reference"in e&&typeof e.reference=="string"?t?e.reference.match(new RegExp(`^${t}(/|\\?)`))!==null:!0:!1}function se(e){if(e.startsWith("T"))return e+"T00:00:00.000Z".substring(e.length);if(e.length<=10)return e;try{return new Date(e).toISOString()}catch{return e}}var M=()=>[],w={empty:(e,t)=>l(t.every(r=>Y(r.value))),hasValue:(e,t)=>l(t.length!==0),exists:(e,t,r)=>l(r?t.some(i=>$(r.eval(e,[i]))):t.length>0&&t.every(i=>!Y(i.value))),all:(e,t,r)=>l(t.every(i=>$(r.eval(e,[i])))),allTrue:(e,t)=>{for(let r of t)if(!r.value)return l(!1);return l(!0)},anyTrue:(e,t)=>{for(let r of t)if(r.value)return l(!0);return l(!1)},allFalse:(e,t)=>{for(let r of t)if(r.value)return l(!1);return l(!0)},anyFalse:(e,t)=>{for(let r of t)if(!r.value)return l(!0);return l(!1)},subsetOf:(e,t,r)=>{if(t.length===0)return l(!0);let i=r.eval(e,W(e));return i.length===0?l(!1):l(t.every(n=>i.some(s=>s.value===n.value)))},supersetOf:(e,t,r)=>{let i=r.eval(e,W(e));return i.length===0?l(!0):t.length===0?l(!1):l(i.every(n=>t.some(s=>s.value===n.value)))},count:(e,t)=>[{type:u.integer,value:t.length}],distinct:(e,t)=>{let r=[];for(let i of t)r.some(n=>n.value===i.value)||r.push(i);return r},isDistinct:(e,t)=>l(t.length===w.distinct(e,t).length),where:(e,t,r)=>t.filter(i=>$(r.eval(e,[i]))),select:(e,t,r)=>t.flatMap(i=>r.eval({parent:e,variables:{$this:i}},[i])),repeat:M,ofType:(e,t,r)=>t.filter(i=>i.type===r.name),single:(e,t)=>{if(t.length>1)throw new Error("Expected input length one for single()");return t.length===0?[]:t.slice(0,1)},first:(e,t)=>t.length===0?[]:t.slice(0,1),last:(e,t)=>t.length===0?[]:t.slice(-1,t.length),tail:(e,t)=>t.length===0?[]:t.slice(1,t.length),skip:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new TypeError("Expected a number for skip(num)");return i>=t.length?[]:i<=0?t:t.slice(i,t.length)},take:(e,t,r)=>{let i=r.eval(e,t)[0]?.value;if(typeof i!="number")throw new TypeError("Expected a number for take(num)");return i>=t.length?t:i<=0?[]:t.slice(0,i)},intersect:(e,t,r)=>{if(!r)return t;let i=r.eval(e,W(e)),n=[];for(let s of t)!n.some(o=>o.value===s.value)&&i.some(o=>o.value===s.value)&&n.push(s);return n},exclude:(e,t,r)=>{if(!r)return t;let i=r.eval(e,W(e)),n=[];for(let s of t)i.some(o=>o.value===s.value)||n.push(s);return n},union:(e,t,r)=>{if(!r)return t;let i=r.eval(e,W(e));return Fe([...t,...i])},combine:(e,t,r)=>{if(!r)return t;let i=r.eval(e,W(e));return[...t,...i]},htmlChecks:(e,t,r)=>[q(!0)],iif:(e,t,r,i,n)=>{let s=r.eval(e,t);if(s.length>1||s.length===1&&typeof s[0].value!="boolean")throw new Error("Expected criterion to evaluate to a Boolean");return $(s)?i.eval(e,t):n?n.eval(e,t):[]},toBoolean:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);if(typeof r=="boolean")return[{type:u.boolean,value:r}];if(typeof r=="number"&&(r===0||r===1))return l(!!r);if(typeof r=="string"){let i=r.toLowerCase();if(["true","t","yes","y","1","1.0"].includes(i))return l(!0);if(["false","f","no","n","0","0.0"].includes(i))return l(!1)}return[]},convertsToBoolean:(e,t)=>t.length===0?[]:l(w.toBoolean(e,t).length===1),toInteger:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return typeof r=="number"?[{type:u.integer,value:r}]:typeof r=="string"&&/^[+-]?\d+$/.exec(r)?[{type:u.integer,value:Number.parseInt(r,10)}]:typeof r=="boolean"?[{type:u.integer,value:r?1:0}]:[]},convertsToInteger:(e,t)=>t.length===0?[]:l(w.toInteger(e,t).length===1),toDate:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.date,value:se(r)}]:[]},convertsToDate:(e,t)=>t.length===0?[]:l(w.toDate(e,t).length===1),toDateTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return typeof r=="string"&&/^\d{4}(-\d{2}(-\d{2})?)?/.exec(r)?[{type:u.dateTime,value:se(r)}]:[]},convertsToDateTime:(e,t)=>t.length===0?[]:l(w.toDateTime(e,t).length===1),toDecimal:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return typeof r=="number"?[{type:u.decimal,value:r}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?$/.exec(r)?[{type:u.decimal,value:Number.parseFloat(r)}]:typeof r=="boolean"?[{type:u.decimal,value:r?1:0}]:[]},convertsToDecimal:(e,t)=>t.length===0?[]:l(w.toDecimal(e,t).length===1),toQuantity:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return P(r)?[{type:u.Quantity,value:r}]:typeof r=="number"?[{type:u.Quantity,value:{value:r,unit:"1"}}]:typeof r=="string"&&/^-?\d{1,9}(\.\d{1,9})?/.exec(r)?[{type:u.Quantity,value:{value:Number.parseFloat(r),unit:"1"}}]:typeof r=="boolean"?[{type:u.Quantity,value:{value:r?1:0,unit:"1"}}]:[]},convertsToQuantity:(e,t)=>t.length===0?[]:l(w.toQuantity(e,t).length===1),toString:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);return r==null?[]:P(r)?[{type:u.string,value:`${r.value} '${r.unit}'`}]:[{type:u.string,value:r.toString()}]},convertsToString:(e,t)=>t.length===0?[]:l(w.toString(e,t).length===1),toTime:(e,t)=>{if(t.length===0)return[];let[{value:r}]=N(t,1);if(typeof r=="string"){let i=/^T?(\d{2}(:\d{2}(:\d{2})?)?)/.exec(r);if(i)return[{type:u.time,value:se("T"+i[1])}]}return[]},convertsToTime:(e,t)=>t.length===0?[]:l(w.toTime(e,t).length===1),indexOf:(e,t,r)=>A((i,n)=>i.indexOf(n),e,t,r),substring:(e,t,r,i)=>A((n,s,o)=>{let a=s,d=o?a+o:n.length;return a<0||a>=n.length?void 0:n.substring(a,d)},e,t,r,i),startsWith:(e,t,r)=>A((i,n)=>i.startsWith(n),e,t,r),endsWith:(e,t,r)=>A((i,n)=>i.endsWith(n),e,t,r),contains:(e,t,r)=>A((i,n)=>i.includes(n),e,t,r),upper:(e,t)=>A(r=>r.toUpperCase(),e,t),lower:(e,t)=>A(r=>r.toLowerCase(),e,t),replace:(e,t,r,i)=>A((n,s,o)=>n.replaceAll(s,o),e,t,r,i),matches:(e,t,r)=>A((i,n)=>!!new RegExp(n).exec(i),e,t,r),replaceMatches:(e,t,r,i)=>A((n,s,o)=>n.replaceAll(new RegExp(s,"g"),o.replaceAll(/\$\{(\w+)\}/g,"$<$1>")),e,t,r,i),length:(e,t)=>A(r=>r.length,e,t),toChars:(e,t)=>A(r=>r?r.split(""):void 0,e,t),encode:M,decode:M,escape:M,unescape:M,trim:M,split:M,join:(e,t,r)=>{let i=r?.eval(e,W(e))[0]?.value??"";if(typeof i!="string")throw new TypeError("Separator must be a string.");return[{type:u.string,value:t.map(n=>n.value?.toString()??"").join(i)}]},abs:(e,t)=>D(Math.abs,e,t),ceiling:(e,t)=>D(Math.ceil,e,t),exp:(e,t)=>D(Math.exp,e,t),floor:(e,t)=>D(Math.floor,e,t),ln:(e,t)=>D(Math.log,e,t),log:(e,t,r)=>D((i,n)=>Math.log(i)/Math.log(n),e,t,r),power:(e,t,r)=>D(Math.pow,e,t,r),round:(e,t,...r)=>D((i,n=0)=>{if(typeof n!="number"||n<0)throw new Error("Invalid precision provided to round()");let s=Math.pow(10,n);return Math.round(i*s)/s},e,t,...r),sqrt:(e,t)=>D(Math.sqrt,e,t),truncate:(e,t)=>D(r=>Math.trunc(r),e,t),children:M,descendants:M,trace:(e,t,r)=>t,now:()=>[{type:u.dateTime,value:new Date().toISOString()}],timeOfDay:()=>[{type:u.time,value:new Date().toISOString().substring(11)}],today:()=>[{type:u.date,value:new Date().toISOString().substring(0,10)}],between:(e,t,r,i,n)=>{let s=w.toDateTime(e,r.eval(e,t));if(s.length===0)throw new Error("Invalid start date");let o=w.toDateTime(e,i.eval(e,t));if(o.length===0)throw new Error("Invalid end date");let a=n.eval(e,t)[0]?.value;if(a!=="years"&&a!=="months"&&a!=="days")throw new Error("Invalid units");let d=Ht(s[0].value,o[0].value);return[{type:u.Quantity,value:{value:d[a],unit:a}}]},is:(e,t,r)=>{let i="";return r instanceof ae?i=r.name:r instanceof Je&&(i=r.left.name+"."+r.right.name),i?t.map(n=>({type:u.boolean,value:We(n,i)})):[]},not:(e,t)=>w.toBoolean(e,t).map(r=>({type:u.boolean,value:!r.value})),resolve:(e,t)=>t.map(r=>{let i=r.value,n;if(typeof i=="string")n=i;else if(typeof i=="object"){let s=i;if(s.resource)return q(s.resource);s.reference?n=s.reference:s.type&&s.identifier&&(n=`${s.type}?identifier=${s.identifier.system}|${s.identifier.value}`)}if(n?.includes("?")){let[s]=n.split("?");return{type:s,value:{resourceType:s}}}if(n?.includes("/")){let[s,o]=n.split("/");return{type:s,value:{resourceType:s,id:o}}}return{type:u.BackboneElement,value:void 0}}).filter(r=>!!r.value),as:(e,t)=>t,type:(e,t)=>t.map(({value:r})=>typeof r=="boolean"?{type:u.BackboneElement,value:{namespace:"System",name:"Boolean"}}:typeof r=="number"?{type:u.BackboneElement,value:{namespace:"System",name:"Integer"}}:le(r)?{type:u.BackboneElement,value:{namespace:"FHIR",name:r.resourceType}}:{type:u.BackboneElement,value:null}),conformsTo:(e,t,r)=>{let i=r.eval(e,t)[0].value;if(!i.startsWith("http://hl7.org/fhir/StructureDefinition/"))throw new Error("Expected a StructureDefinition URL");let n=i.replace("http://hl7.org/fhir/StructureDefinition/","");return t.map(s=>({type:u.boolean,value:s.value?.resourceType===n}))},getResourceKey:(e,t)=>{let r=t[0].value;return r?.id?[{type:u.id,value:r.id}]:[]},getReferenceKey:(e,t,r)=>{let i=t[0].value;if(!i?.reference)return[];let n="";return r instanceof ae&&(n=r.name),n&&!i.reference.startsWith(n+"/")?[]:[{type:u.id,value:qt(i)}]},extension:(e,t,r)=>{let i=r.eval(e,t)[0].value,n=t?.[0]?.value;if(n){let s=Vt(n,i);if(s)return[{type:u.Extension,value:s}]}return[]}};function A(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=N(r,1);if(typeof n!="string")throw new TypeError("String function cannot be called with non-string");let s=i.map(a=>a?.eval(t,r)[0]?.value),o=e(n,...s);return o===void 0?[]:Array.isArray(o)?o.map(q):[q(o)]}function D(e,t,r,...i){if(r.length===0)return[];let[{value:n}]=N(r,1),s=P(n),o=s?n.value:n;if(typeof o!="number")throw new TypeError("Math function cannot be called with non-number");let a=e(o,...i.map(b=>b.eval(t,r)[0]?.value)),d=s?u.Quantity:r[0].type,y=s?{...n,value:a}:a;return[{type:d,value:y}]}function N(e,t){if(e.length!==t)throw new Error(`Expected ${t} arguments`);for(let r of e)if(r==null)throw new Error("Expected non-null argument");return e}function W(e){let t=e;for(;t.parent?.variables.$this;)t=t.parent;return[t.variables.$this]}var Q=class{constructor(e){v(this,"value"),this.value=e}eval(){return[this.value]}toString(){let e=this.value.value;return typeof e=="string"?`'${e}'`:e.toString()}},ae=class{constructor(e){v(this,"name"),this.name=e}eval(e,t){if(this.name==="$this")return t;let r=this.getVariable(e);if(r)return[r];if(this.name.startsWith("%"))throw new Error(`Undefined variable ${this.name}`);return t.flatMap(i=>this.evalValue(i)).filter(i=>i?.value!==void 0)}getVariable(e){let t=e.variables[this.name];if(t!==void 0)return t;if(e.parent)return this.getVariable(e.parent)}evalValue(e){let t=e.value;if(!(!t||typeof t!="object"))return le(t,this.name)?e:Nt(e,this.name)}toString(){return this.name}},Xt=class{eval(){return[]}toString(){return"{}"}},er=class extends St{constructor(e,t,r){super(e,t),v(this,"impl"),this.impl=r}eval(e,t){return this.impl(this.child.eval(e,t))}toString(){return this.operator+this.child.toString()}},tr=class extends K{constructor(e,t){super("as",e,t)}eval(e,t){return w.ofType(e,this.left.eval(e,t),this.right)}},R=class extends K{},I=class extends R{constructor(e,t,r,i){super(e,t,r),v(this,"impl"),this.impl=i}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.eval(e,t);if(i.length!==1)return[];let n=r[0].value,s=i[0].value,o=P(n)?n.value:n,a=P(s)?s.value:s,d=this.impl(o,a);return typeof d=="boolean"?l(d):P(n)?[{type:u.Quantity,value:{...n,value:d}}]:[q(d)]}},rr=class extends K{constructor(e,t){super("&",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t),n=[...r,...i];return n.length>0&&n.every(s=>typeof s.value=="string")?[{type:u.string,value:n.map(s=>s.value).join("")}]:n}},ir=class extends R{constructor(e,t){super("contains",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return l(r.some(n=>n.value===i[0].value))}},nr=class extends R{constructor(e,t){super("in",e,t)}eval(e,t){let r=U(this.left.eval(e,t)),i=this.right.eval(e,t);return r?l(i.some(n=>ce(r,n)[0].value)):[]}},Je=class extends K{constructor(e,t){super(".",e,t)}eval(e,t){return this.right.eval(e,this.left.eval(e,t))}toString(){return`${this.left.toString()}.${this.right.toString()}`}},sr=class extends K{constructor(e,t){super("|",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Fe([...r,...i])}},or=class extends R{constructor(e,t){super("=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Ut(r,i)}},ar=class extends R{constructor(e,t){super("!=",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return Bt(r,i)}},cr=class extends R{constructor(e,t){super("~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return je(r,i)}},lr=class extends R{constructor(e,t){super("!~",e,t)}eval(e,t){let r=this.left.eval(e,t),i=this.right.eval(e,t);return $t(je(r,i))}},ur=class extends R{constructor(e,t){super("is",e,t)}eval(e,t){let r=this.left.eval(e,t);if(r.length!==1)return[];let i=this.right.name;return l(We(r[0],i))}},dr=class extends R{constructor(e,t){super("and",e,t)}eval(e,t){let r=U(this.left.eval(e,t),"boolean"),i=U(this.right.eval(e,t),"boolean");return r?.value===!0&&i?.value===!0?l(!0):r?.value===!1||i?.value===!1?l(!1):[]}},hr=class extends R{constructor(e,t){super("or",e,t)}eval(e,t){let r=U(this.left.eval(e,t),"boolean"),i=U(this.right.eval(e,t),"boolean");return r?.value===!1&&i?.value===!1?l(!1):r?.value||i?.value?l(!0):[]}},pr=class extends R{constructor(e,t){super("xor",e,t)}eval(e,t){let r=U(this.left.eval(e,t),"boolean"),i=U(this.right.eval(e,t),"boolean");return!r||!i?[]:l(r.value!==i.value)}},mr=class extends R{constructor(e,t){super("implies",e,t)}eval(e,t){let r=U(this.left.eval(e,t),"boolean"),i=U(this.right.eval(e,t),"boolean");return i?.value===!0||r?.value===!1?l(!0):!r||!i?[]:l(!1)}},fr=class{constructor(e,t){v(this,"name"),v(this,"args"),this.name=e,this.args=t}eval(e,t){let r=w[this.name];if(!r)throw new Error("Unrecognized function: "+this.name);return r(e,t,...this.args)}toString(){return`${this.name}(${this.args.map(e=>e.toString()).join(", ")})`}},yr=class{constructor(e,t){v(this,"left"),v(this,"expr"),this.left=e,this.expr=t}eval(e,t){let r=this.expr.eval(e,t);if(r.length!==1)return[];let i=r[0].value;if(typeof i!="number")throw new Error("Invalid indexer expression: should return integer}");let n=this.left.eval(e,t);return i in n?[n[i]]:[]}toString(){return`${this.left.toString()}[${this.expr.toString()}]`}};var Ye=["!=","!~","<=",">=","{}","->"];var m={FunctionCall:0,Dot:1,Indexer:2,UnaryAdd:3,UnarySubtract:3,Multiply:4,Divide:4,IntegerDivide:4,Modulo:4,Add:5,Subtract:5,Ampersand:5,Is:6,As:6,Union:7,GreaterThan:8,GreaterThanOrEquals:8,LessThan:8,LessThanOrEquals:8,Equals:9,Equivalent:9,NotEquals:9,NotEquivalent:9,In:10,Contains:10,And:11,Xor:12,Or:12,Implies:13,Arrow:100,Semicolon:200},gr={parse(e){let t=e.consumeAndParse();if(!e.match(")"))throw new Error("Parse error: expected `)` got `"+e.peek()?.value+"`");return t}},vr={parse(e,t){let r=e.consumeAndParse();if(!e.match("]"))throw new Error("Parse error: expected `]`");return new yr(t,r)},precedence:m.Indexer},Sr={parse(e,t){if(!(t instanceof ae))throw new Error("Unexpected parentheses");let r=[];for(;!e.match(")");)r.push(e.consumeAndParse()),e.match(",");return new fr(t.name,r)},precedence:m.FunctionCall};function br(e){let t=e.split(" "),r=Number.parseFloat(t[0]),i=t[1];return i?.startsWith("'")&&i.endsWith("'")?i=i.substring(1,i.length-1):i="{"+i+"}",{value:r,unit:i}}function xe(){return new bt().registerPrefix("String",{parse:(e,t)=>new Q({type:u.string,value:t.value})}).registerPrefix("DateTime",{parse:(e,t)=>new Q({type:u.dateTime,value:se(t.value)})}).registerPrefix("Quantity",{parse:(e,t)=>new Q({type:u.Quantity,value:br(t.value)})}).registerPrefix("Number",{parse:(e,t)=>new Q({type:t.value.includes(".")?u.decimal:u.integer,value:Number.parseFloat(t.value)})}).registerPrefix("true",{parse:()=>new Q({type:u.boolean,value:!0})}).registerPrefix("false",{parse:()=>new Q({type:u.boolean,value:!1})}).registerPrefix("Symbol",{parse:(e,t)=>new ae(t.value)}).registerPrefix("{}",{parse:()=>new Xt}).registerPrefix("(",gr).registerInfix("[",vr).registerInfix("(",Sr).prefix("+",m.UnaryAdd,(e,t)=>new er("+",t,r=>r)).prefix("-",m.UnarySubtract,(e,t)=>new I("-",t,t,(r,i)=>-i)).infixLeft(".",m.Dot,(e,t,r)=>new Je(e,r)).infixLeft("/",m.Divide,(e,t,r)=>new I("/",e,r,(i,n)=>i/n)).infixLeft("*",m.Multiply,(e,t,r)=>new I("*",e,r,(i,n)=>i*n)).infixLeft("+",m.Add,(e,t,r)=>new I("+",e,r,(i,n)=>i+n)).infixLeft("-",m.Subtract,(e,t,r)=>new I("-",e,r,(i,n)=>i-n)).infixLeft("|",m.Union,(e,t,r)=>new sr(e,r)).infixLeft("=",m.Equals,(e,t,r)=>new or(e,r)).infixLeft("!=",m.NotEquals,(e,t,r)=>new ar(e,r)).infixLeft("~",m.Equivalent,(e,t,r)=>new cr(e,r)).infixLeft("!~",m.NotEquivalent,(e,t,r)=>new lr(e,r)).infixLeft("<",m.LessThan,(e,t,r)=>new I("<",e,r,(i,n)=>i<n)).infixLeft("<=",m.LessThanOrEquals,(e,t,r)=>new I("<=",e,r,(i,n)=>i<=n)).infixLeft(">",m.GreaterThan,(e,t,r)=>new I(">",e,r,(i,n)=>i>n)).infixLeft(">=",m.GreaterThanOrEquals,(e,t,r)=>new I(">=",e,r,(i,n)=>i>=n)).infixLeft("&",m.Ampersand,(e,t,r)=>new rr(e,r)).infixLeft("and",m.And,(e,t,r)=>new dr(e,r)).infixLeft("as",m.As,(e,t,r)=>new tr(e,r)).infixLeft("contains",m.Contains,(e,t,r)=>new ir(e,r)).infixLeft("div",m.Divide,(e,t,r)=>new I("div",e,r,(i,n)=>Math.trunc(i/n))).infixLeft("in",m.In,(e,t,r)=>new nr(e,r)).infixLeft("is",m.Is,(e,t,r)=>new ur(e,r)).infixLeft("mod",m.Modulo,(e,t,r)=>new I("mod",e,r,(i,n)=>i%n)).infixLeft("or",m.Or,(e,t,r)=>new hr(e,r)).infixLeft("xor",m.Xor,(e,t,r)=>new pr(e,r)).infixLeft("implies",m.Implies,(e,t,r)=>new mr(e,r))}var ci=xe();var h={EQUALS:"eq",NOT_EQUALS:"ne",GREATER_THAN:"gt",LESS_THAN:"lt",GREATER_THAN_OR_EQUALS:"ge",LESS_THAN_OR_EQUALS:"le",STARTS_AFTER:"sa",ENDS_BEFORE:"eb",APPROXIMATELY:"ap",CONTAINS:"contains",STARTS_WITH:"sw",EXACT:"exact",TEXT:"text",NOT:"not",ABOVE:"above",BELOW:"below",IN:"in",NOT_IN:"not-in",OF_TYPE:"of-type",MISSING:"missing",PRESENT:"present",IDENTIFIER:"identifier",ITERATE:"iterate"},li={contains:h.CONTAINS,exact:h.EXACT,above:h.ABOVE,below:h.BELOW,text:h.TEXT,not:h.NOT,in:h.IN,"not-in":h.NOT_IN,"of-type":h.OF_TYPE,missing:h.MISSING,identifier:h.IDENTIFIER,iterate:h.ITERATE},ui={eq:h.EQUALS,ne:h.NOT_EQUALS,lt:h.LESS_THAN,le:h.LESS_THAN_OR_EQUALS,gt:h.GREATER_THAN,ge:h.GREATER_THAN_OR_EQUALS,sa:h.STARTS_AFTER,eb:h.ENDS_BEFORE,ap:h.APPROXIMATELY,sw:h.STARTS_WITH};var di=[h.MISSING,h.PRESENT];var hi=new Se(1e3);var ne={READ:"read",VREAD:"vread",UPDATE:"update",DELETE:"delete",HISTORY:"history",CREATE:"create",SEARCH:"search"},pi=[ne.READ,ne.VREAD,ne.HISTORY,ne.SEARCH];var wr={CSS:"text/css",DICOM:"application/dicom",FAVICON:"image/vnd.microsoft.icon",FHIR_JSON:"application/fhir+json",FORM_URL_ENCODED:"application/x-www-form-urlencoded",HL7_V2:"x-application/hl7-v2+er7",HTML:"text/html",JAVASCRIPT:"text/javascript",JSON:"application/json",JSON_PATCH:"application/json-patch+json",JWT:"application/jwt",MULTIPART_FORM_DATA:"multipart/form-data",PNG:"image/png",SCIM_JSON:"application/scim+json",SVG:"image/svg+xml",TEXT:"text/plain",TYPESCRIPT:"text/typescript",PING:"x-application/ping",XML:"text/xml",CDA_XML:"application/cda+xml",OCTET_STREAM:"application/octet-stream"};var xr;xr=Symbol.toStringTag;var mi={Event:typeof globalThis.Event<"u"?globalThis.Event:void 0,ErrorEvent:void 0,CloseEvent:void 0};var fi={maxReconnectionDelay:1e4,minReconnectionDelay:1e3+Math.random()*4e3,minUptime:5e3,reconnectionDelayGrowFactor:1.3,connectionTimeout:4e3,maxRetries:1/0,maxEnqueuedMessages:1/0,startClosed:!1,debug:!1};var yi=[WebSocket.CLOSING,WebSocket.CLOSED];var gi=new Se(1e3);var vi=wr.FHIR_JSON+", */*; q=0.1";var Si=[...Ye,"->","<<",">>","=="];var bi=xe().registerInfix("->",{precedence:m.Arrow}).registerInfix(";",{precedence:m.Semicolon});var wi=" ".repeat(2);var xi=[...Ye,"eq","ne","co"];var Ei={eq:h.EXACT,ne:h.NOT_EQUALS,co:h.CONTAINS,sw:h.STARTS_WITH,ew:void 0,gt:h.GREATER_THAN,lt:h.LESS_THAN,ge:h.GREATER_THAN_OR_EQUALS,le:h.LESS_THAN_OR_EQUALS,ap:h.APPROXIMATELY,sa:h.STARTS_AFTER,eb:h.ENDS_BEFORE,pr:h.PRESENT,po:void 0,ss:void 0,sb:void 0,in:h.IN,ni:h.NOT_IN,re:h.EQUALS,identifier:h.IDENTIFIER};var Ti=xe();var Ci=`${xt}/fhir/StructureDefinition/patient-preferredPharmacy`;var Te=["string","boolean","number"],Ee={},Ce=class{constructor(t){c(this,"config");c(this,"clients");let{region:r}=t;if(!r)throw new O(F("'region' must be defined as a string literal in config."));Ee[r]||(Ee[r]=new Tr({region:r})),this.config=t,this.clients={ssm:Ee[r]}}async fetchParameterStoreSecret(t){let i=(await this.clients.ssm.send(new Er({Name:t,WithDecryption:!0}))).Parameter;if(!i)throw new O(be(`Key '${t}' not found. Make sure your key is correct and that it is defined in your Parameter Store.`));let n=i.Value;if(!n)throw new O(be(`Key '${t}' found but has no value. Make sure your key is correct and that it is defined in your Parameter Store.`));return n}async fetchExternalSecret(t){Pr(t);let{system:r,key:i,type:n}=t,s;if(r==="aws_ssm_parameter_store")s=await this.fetchParameterStoreSecret(i);else throw new O(F(`Unknown system '${r}' for ExternalSecret. Unable to fetch the secret for key '${i}'.`));return Cr(i,s,n)}async normalizeInfraConfigArray(t){let r=t[0],i;if(typeof r!="object"&&r!==null||Ke(r)){i=new Array(t.length);for(let n=0;n<t.length;n++){let s=t[n];if(typeof s!="object"){i[n]=s;continue}let o=await this.fetchExternalSecret(s);i[n]=o}}else{i=new Array(t.length);for(let n=0;n<t.length;n++)i[n]=await this.normalizeObjectInInfraConfig(t[n])}return i}async normalizeValueForKey(t,r){let i=t[r];typeof i!="object"?t[r]=i:Ke(i)?t[r]=await this.fetchExternalSecret(i):Array.isArray(i)?t[r]=await this.normalizeInfraConfigArray(i):typeof i=="object"&&(t[r]=await this.normalizeObjectInInfraConfig(i))}async normalizeObjectInInfraConfig(t){let r={...t};for(let i of Object.keys(r))await this.normalizeValueForKey(r,i);return r}async normalizeConfig(){return this.normalizeObjectInInfraConfig(this.config)}};function Cr(e,t,r){let i=typeof t;if(!Te.includes(i))throw new O(F(`Invalid value found for type; expected either ${Te.join(", or")} but got ${i}`));if(i===r)return t;if(i==="string"&&r==="boolean"){let n=t.toLowerCase();if(n!=="true"&&n!=="false")throw new O(F(`Invalid value found for key '${e}'; expected boolean value but got '${t}'`));return n==="true"}else if(i==="string"&&r==="number"){let n=Number.parseInt(t,10);if(Number.isNaN(n))throw new O(F(`Invalid value found for key '${e}'; expected integer value but got '${t}'`));return n}else throw new O(F(`Invalid value found for type; expected ${r} value but got value of type ${i}`))}function Ke(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&typeof e.type=="string"}function Ar(e){return typeof e=="object"&&typeof e.system=="string"&&typeof e.key=="string"&&Te.includes(e.type)}function Pr(e){if(!Ar(e))throw new O(F("obj is not a valid `ExternalSecret`, must contain a valid `system`, `key`, and `type` prop."))}async function Ze(e){return new Ce(e).normalizeConfig()}import{Stack as ct,Tags as lt}from"aws-cdk-lib";import{Duration as H,RemovalPolicy as x,aws_ec2 as S,aws_ecs as _,aws_elasticache as tt,aws_elasticloadbalancingv2 as Z,aws_iam as f,aws_logs as rt,aws_rds as L,aws_route53 as Ae,aws_s3 as Ir,aws_secretsmanager as Pe,aws_ssm as E,aws_route53_targets as Dr,aws_wafv2 as Nr}from"aws-cdk-lib";import{Repository as Or}from"aws-cdk-lib/aws-ecr";import{ClusterInstance as it,DBClusterStorageType as nt,ParameterGroup as ue}from"aws-cdk-lib/aws-rds";import{Secret as _r,SecretTargetAttachment as Lr}from"aws-cdk-lib/aws-secretsmanager";import{Construct as Mr}from"constructs";import Re from"node:assert";import{aws_logs as Xe,aws_wafv2 as et}from"aws-cdk-lib";var Rr=[{name:"AWS-AWSManagedRulesCommonRuleSet",priority:10,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesCommonRuleSet",excludedRules:[{name:"NoUserAgent_HEADER"},{name:"UserAgent_BadBots_HEADER"},{name:"SizeRestrictions_QUERYSTRING"},{name:"SizeRestrictions_Cookie_HEADER"},{name:"SizeRestrictions_BODY"},{name:"SizeRestrictions_URIPATH"},{name:"EC2MetaDataSSRF_BODY"},{name:"EC2MetaDataSSRF_COOKIE"},{name:"EC2MetaDataSSRF_URIPATH"},{name:"EC2MetaDataSSRF_QUERYARGUMENTS"},{name:"GenericLFI_QUERYARGUMENTS"},{name:"GenericLFI_URIPATH"},{name:"GenericLFI_BODY"},{name:"RestrictedExtensions_URIPATH"},{name:"RestrictedExtensions_QUERYARGUMENTS"},{name:"GenericRFI_QUERYARGUMENTS"},{name:"GenericRFI_BODY"},{name:"GenericRFI_URIPATH"},{name:"CrossSiteScripting_COOKIE"},{name:"CrossSiteScripting_QUERYARGUMENTS"},{name:"CrossSiteScripting_BODY"},{name:"CrossSiteScripting_URIPATH"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWS-AWSManagedRulesCommonRuleSet"}},{name:"AWS-AWSManagedRulesAmazonIpReputationList",priority:20,statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesAmazonIpReputationList",excludedRules:[{name:"AWSManagedIPReputationList"},{name:"AWSManagedReconnaissanceList"}]}},overrideAction:{count:{}},visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesAmazonIpReputationList"}},{name:"AWSManagedRulesSQLiRuleSet",priority:30,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRulesSQLiRuleSet"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesSQLiRuleSet",excludedRules:[{name:"SQLi_QUERYARGUMENTS"},{name:"SQLiExtendedPatterns_QUERYARGUMENTS"},{name:"SQLi_BODY"},{name:"SQLiExtendedPatterns_BODY"},{name:"SQLi_COOKIE"},{name:"SQLi_URIPATH"}]}}},{name:"AWSManagedRuleLinux",priority:40,visibilityConfig:{sampledRequestsEnabled:!0,cloudWatchMetricsEnabled:!0,metricName:"AWSManagedRuleLinux"},overrideAction:{count:{}},statement:{managedRuleGroupStatement:{vendorName:"AWS",name:"AWSManagedRulesLinuxRuleSet",excludedRules:[{name:"LFI_URIPATH"},{name:"LFI_QUERYSTRING"},{name:"LFI_COOKIE"}]}}}];function kr(e){let t=[...Rr];if(e){let r={name:"IPAllowListRule",priority:50,action:{allow:{}},statement:{ipSetReferenceStatement:{arn:e}},visibilityConfig:{cloudWatchMetricsEnabled:!0,metricName:"IPAllowListRule",sampledRequestsEnabled:!0}};t.push(r)}return t}function z(e,t,r,i,n,s,o){let a=new et.CfnWebACL(e,t,{name:r,scope:i,defaultAction:n?{block:{}}:{allow:{}},rules:kr(n),visibilityConfig:{metricName:`${r}-Metric`,cloudWatchMetricsEnabled:!0,sampledRequestsEnabled:!1}});if(s){let d;o?d=new Xe.LogGroup(e,"WAFLogs",{logGroupName:s}):d=Xe.LogGroup.fromLogGroupName(e,"WAFLogs",s),new et.CfnLoggingConfiguration(e,"WAFLoggingConfiguration",{resourceArn:a.attrArn,logDestinationConfigs:[d.logGroupArn]}).addDependency(a)}return a}var de=class extends Mr{constructor(r,i){super(r,"BackEnd");c(this,"vpc");c(this,"botLambdaRole");c(this,"rdsSecretsArn");c(this,"rdsCluster");c(this,"rdsProxy");c(this,"redisSubnetGroup");c(this,"redisSecurityGroup");c(this,"redisPassword");c(this,"redisCluster");c(this,"redisSecrets");c(this,"ecsCluster");c(this,"taskRolePolicies");c(this,"taskRole");c(this,"taskDefinition");c(this,"logGroup");c(this,"logDriver");c(this,"serviceContainer");c(this,"fargateSecurityGroup");c(this,"fargateService");c(this,"targetGroup");c(this,"loadBalancer");c(this,"waf");c(this,"wafAssociation");c(this,"dnsRecord");c(this,"regionParameter");c(this,"databaseSecretsParameter");c(this,"databaseProxyEndpointParameter");c(this,"redisSecretsParameter");c(this,"botLambdaRoleParameter");c(this,"workersParameter");c(this,"rdsClusterParameterGroup");c(this,"rdsWriterParameterGroup");c(this,"rdsReaderParameterGroup");let n=i.name,s=i.accountNumber,o=i.region;if(i.vpcId)this.vpc=S.Vpc.fromLookup(this,"VPC",{vpcId:i.vpcId});else{let p=new rt.LogGroup(this,"VpcFlowLogs",{logGroupName:"/medplum/flowlogs/"+n,removalPolicy:x.DESTROY});this.vpc=new S.Vpc(this,"VPC",{maxAzs:i.maxAzs,flowLogs:{cloudwatch:{destination:S.FlowLogDestination.toCloudWatchLogs(p),trafficType:S.FlowLogTrafficType.ALL}}})}if(this.botLambdaRole=new f.Role(this,"BotLambdaRole",{assumedBy:new f.ServicePrincipal("lambda.amazonaws.com")}),this.rdsSecretsArn=i.rdsSecretsArn,!this.rdsSecretsArn||i.rdsForceRetain){let{engine:p,majorVersion:T}=$r(i.rdsInstanceVersion,L.AuroraPostgresEngineVersion.VER_16_9),G={statement_timeout:"60000",default_transaction_isolation:"REPEATABLE READ",...i.rdsClusterParameters};if(i.rdsPersistentParameterGroups){let j=`MedplumPG${T}`;this.rdsClusterParameterGroup=new ue(this,`${j}ClusterParameterGroup`,{engine:p,parameters:G,removalPolicy:x.RETAIN}),this.rdsClusterParameterGroup.bindToCluster({}),this.rdsWriterParameterGroup=new ue(this,`${j}WriterInstanceParameterGroup`,{engine:p,removalPolicy:x.RETAIN}),this.rdsWriterParameterGroup.bindToInstance({}),this.rdsReaderParameterGroup=new ue(this,`${j}ReaderInstanceParameterGroup`,{engine:p,removalPolicy:x.RETAIN}),this.rdsReaderParameterGroup.bindToInstance({})}if(i.rdsIdsMajorVersionSuffix){if(!i.rdsPersistentParameterGroups||!this.rdsClusterParameterGroup||!this.rdsWriterParameterGroup||!this.rdsReaderParameterGroup)throw new Error("rdsPersistentParameterGroups must be true when rdsIdsMajorVersionSuffix is true");this.rdsClusterParameterGroup,this.rdsWriterParameterGroup,this.rdsReaderParameterGroup}let ie={enablePerformanceInsights:!0,isFromLegacyInstanceProps:!0,caCertificate:L.CaCertificate.RDS_CA_RSA2048_G1},ut=new ue(this,"MedplumDatabaseClusterParams",{engine:p,parameters:G}),_e=i.rdsReaderInstanceType??i.rdsInstanceType,dt={...ie,instanceType:_e?new S.InstanceType(_e):void 0,parameterGroup:i.rdsIdsMajorVersionSuffix?this.rdsReaderParameterGroup:void 0},fe=i.rdsInstanceType,ht={...ie,instanceType:fe?new S.InstanceType(fe):void 0,parameterGroup:i.rdsIdsMajorVersionSuffix?this.rdsWriterParameterGroup:void 0},ye;if(i.rdsInstances>1){ye=[];for(let j=1;j<i.rdsInstances;j++)ye.push(it.provisioned("Instance"+(j+1),dt))}let pt={credentials:L.Credentials.fromGeneratedSecret("clusteradmin"),defaultDatabaseName:"medplum",storageEncrypted:!0,storageType:fe?.match(/^\w+d\w*\./i)?nt.AURORA_IOPT1:nt.AURORA,vpc:this.vpc,vpcSubnets:{subnetType:S.SubnetType.PRIVATE_WITH_EGRESS},backup:{retention:H.days(7)},cloudwatchLogsExports:["postgresql"],instanceUpdateBehaviour:L.InstanceUpdateBehaviour.ROLLING,removalPolicy:x.RETAIN,autoMinorVersionUpgrade:i.rdsAutoMinorVersionUpgrade},mt=Ur(i.rdsIdsMajorVersionSuffix?T:void 0);this.rdsCluster=new L.DatabaseCluster(this,mt,{...pt,engine:p,writer:it.provisioned("Instance1",ht),readers:ye,parameterGroup:this.rdsClusterParameterGroup??ut});let V=this.rdsCluster.secret;Re(V!==void 0,"rdsCluster.secret is undefined"),V.applyRemovalPolicy(x.RETAIN),Re(V instanceof Lr,"rdsCluster.secret is not a SecretTargetAttachment");let Le=V.node.scope;Re(Le instanceof _r,"rdsCluster.secretAttachment.node.scope is not a Secret"),Le.applyRemovalPolicy(x.RETAIN),this.rdsSecretsArn||(this.rdsSecretsArn=V.secretArn),i.rdsProxyEnabled&&(this.rdsProxy=new L.DatabaseProxy(this,"DatabaseProxy",{proxyTarget:L.ProxyTarget.fromCluster(this.rdsCluster),secrets:[V],vpc:this.vpc}))}this.redisSubnetGroup=new tt.CfnSubnetGroup(this,"RedisSubnetGroup",{description:"Redis Subnet Group",subnetIds:this.vpc.privateSubnets.map(p=>p.subnetId)});let a=this.createRedisCluster("Redis",{nodeType:i.cacheNodeType,securityGroupId:i.cacheSecurityGroupId,engine:i.cacheEngine,engineVersion:i.cacheEngineVersion});this.redisSecurityGroup=a.securityGroup,this.redisPassword=a.password,this.redisCluster=a.cluster,this.redisSecrets=a.secrets;let d=[{key:"cacheRedis",id:"CacheRedis"},{key:"rateLimitRedis",id:"RateLimitRedis"},{key:"pubSubRedis",id:"PubSubRedis"},{key:"backgroundJobsRedis",id:"BackgroundJobsRedis"}],y=[];for(let{key:p,id:T}of d){let G=i[p];if(G){let ie=this.createRedisCluster(T,{nodeType:G.nodeType,securityGroupId:G.securityGroupId,engine:G.engine,engineVersion:G.engineVersion});y.push({id:T,...ie})}}let b={vpc:this.vpc};i.containerInsightsV2&&(b={...b,containerInsightsV2:i.containerInsightsV2}),this.ecsCluster=new _.Cluster(this,"Cluster",b),this.taskRolePolicies=new f.PolicyDocument({statements:[new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["logs:PutLogEvents","logs:CreateLogGroup","logs:CreateLogStream","logs:DescribeLogStreams","logs:DescribeLogGroups","logs:PutRetentionPolicy"],resources:[`arn:aws:logs:${o}:${s}:log-group:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecrets","secretsmanager:ListSecretVersionIds"],resources:[`arn:aws:secretsmanager:${o}:${s}:secret:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["ssm:GetParametersByPath","ssm:GetParameters","ssm:GetParameter","ssm:DescribeParameters"],resources:[`arn:aws:ssm:${o}:${s}:parameter/medplum/${n}/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:[`arn:aws:ses:${o}:${s}:identity/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["s3:ListBucket"],resources:[`arn:aws:s3:::${i.storageBucketName}`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["s3:GetObject","s3:PutObject","s3:DeleteObject"],resources:[`arn:aws:s3:::${i.storageBucketName}/*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["iam:ListRoles","iam:GetRole","iam:PassRole"],resources:[this.botLambdaRole.roleArn]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:CreateFunction","lambda:GetFunction","lambda:GetFunctionConfiguration","lambda:UpdateFunctionCode","lambda:UpdateFunctionConfiguration","lambda:InvokeFunction"],resources:[`arn:aws:lambda:${o}:${s}:function:medplum-bot-lambda-*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:ListLayerVersions"],resources:[`arn:aws:lambda:${o}:${s}:layer:medplum-bot-layer`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["lambda:GetLayerVersion"],resources:[`arn:aws:lambda:${o}:${s}:layer:medplum-bot-layer:*`]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["xray:PutTraceSegments","xray:PutTelemetryRecords","xray:GetSamplingRules","xray:GetSamplingTargets","xray:GetSamplingStatisticSummaries"],resources:["*"]}),new f.PolicyStatement({effect:f.Effect.ALLOW,actions:["comprehend:DetectEntities","comprehend:DetectKeyPhrases","comprehend:DetectDominantLanguage","comprehend:DetectSentiment","comprehend:DetectTargetedSentiment","comprehend:DetectSyntax","comprehendmedical:DetectEntitiesV2","textract:DetectDocumentText","textract:AnalyzeDocument","textract:StartDocumentTextDetection","textract:GetDocumentTextDetection"],resources:["*"]})]}),this.taskRole=new f.Role(this,"TaskExecutionRole",{assumedBy:new f.ServicePrincipal("ecs-tasks.amazonaws.com"),description:"Medplum Server Task Execution Role",inlinePolicies:{TaskExecutionPolicies:this.taskRolePolicies}}),this.taskDefinition=new _.FargateTaskDefinition(this,"TaskDefinition",{memoryLimitMiB:i.serverMemory,cpu:i.serverCpu,taskRole:this.taskRole}),i.fireLens?.enabled?this.logDriver=new _.FireLensLogDriver({options:{...i.fireLens.logDriverConfig?.options}}):(this.logGroup=new rt.LogGroup(this,"LogGroup",{logGroupName:"/ecs/medplum/"+n,removalPolicy:x.DESTROY}),this.logDriver=new _.AwsLogDriver({logGroup:this.logGroup,streamPrefix:"Medplum"}));let C;i.containerRegistryCredentialsSecretArn&&(C=Pe.Secret.fromSecretCompleteArn(this,"RegistryCredentialsSecret",i.containerRegistryCredentialsSecretArn)),this.serviceContainer=this.taskDefinition.addContainer("MedplumTaskDefinition",{image:this.getContainerImage(i,i.serverImage,C,"Server"),command:[o==="us-east-1"?`aws:/medplum/${n}/`:`aws:${o}:/medplum/${n}/`],logging:this.logDriver,environment:i.environment}),this.serviceContainer.addPortMappings({containerPort:i.apiPort,hostPort:i.apiPort}),this.addSidecarContainers(this.taskDefinition,i,i.additionalContainers,C),this.fargateSecurityGroup=new S.SecurityGroup(this,"ServiceSecurityGroup",{allowAllOutbound:!0,securityGroupName:"MedplumSecurityGroup",vpc:this.vpc}),this.fargateService=new _.FargateService(this,"FargateService",{cluster:this.ecsCluster,taskDefinition:this.taskDefinition,assignPublicIp:!1,vpcSubnets:{subnetType:S.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:i.desiredServerCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:H.minutes(5),minHealthyPercent:50}),this.addAutoScaling(this.fargateService,i.fargateAutoScaling),this.addServiceDependencies(this.fargateService,y),this.targetGroup=new Z.ApplicationTargetGroup(this,"TargetGroup",{vpc:this.vpc,port:i.apiPort,protocol:Z.ApplicationProtocol.HTTP,healthCheck:{path:"/healthcheck",interval:H.seconds(30),timeout:H.seconds(3),healthyThresholdCount:2,unhealthyThresholdCount:5},targets:[this.fargateService]});let g;i.loadBalancerSecurityGroupId&&(g=S.SecurityGroup.fromSecurityGroupId(this,"LoadBalancerSecurityGroup",i.loadBalancerSecurityGroupId)),this.loadBalancer=new Z.ApplicationLoadBalancer(this,"LoadBalancer",{vpc:this.vpc,internetFacing:i.apiInternetFacing!==!1,http2Enabled:!0,securityGroup:g}),i.loadBalancerLoggingBucket&&this.loadBalancer.logAccessLogs(Ir.Bucket.fromBucketName(this,"LoggingBucket",i.loadBalancerLoggingBucket),i.loadBalancerLoggingPrefix),this.loadBalancer.addListener("HttpsListener",{port:443,certificates:[{certificateArn:i.apiSslCertArn}],sslPolicy:Z.SslPolicy.RECOMMENDED_TLS,defaultAction:Z.ListenerAction.forward([this.targetGroup])}),this.waf=z(this,"BackEndWAF",`${i.stackName}-BackEndWAF`,"REGIONAL",i.apiWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.wafAssociation=new Nr.CfnWebACLAssociation(this,"LoadBalancerAssociation",{resourceArn:this.loadBalancer.loadBalancerArn,webAclArn:this.waf.attrArn}),this.rdsCluster&&(this.rdsCluster.connections.allowDefaultPortFrom(this.fargateSecurityGroup),this.rdsCluster.connections.securityGroups.forEach(p=>{p.applyRemovalPolicy(x.RETAIN),p.node.children.forEach(T=>{(T instanceof S.CfnSecurityGroupIngress||T instanceof S.CfnSecurityGroupEgress)&&T.applyRemovalPolicy(x.RETAIN)})})),this.rdsProxy&&this.rdsProxy.connections.allowFrom(this.fargateSecurityGroup,S.Port.tcp(5432)),this.redisSecurityGroup.addIngressRule(this.fargateSecurityGroup,S.Port.tcp(6379));for(let p of y)p.securityGroup.addIngressRule(this.fargateSecurityGroup,S.Port.tcp(6379)),p.secretsParameter=new E.StringParameter(this,`${p.id}SecretsParameter`,{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/${p.id}Secrets`,description:`${p.id} secrets ARN`,stringValue:p.secrets.secretArn});for(let p of i.workerServices??[])this.createWorkerService(i,p,C,y);if(!i.skipDns){let p=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),T=Ae.HostedZone.fromLookup(this,"Zone",{domainName:p});this.dnsRecord=new Ae.ARecord(this,"LoadBalancerAliasRecord",{recordName:i.apiDomainName,target:Ae.RecordTarget.fromAlias(new Dr.LoadBalancerTarget(this.loadBalancer)),zone:T})}this.regionParameter=new E.StringParameter(this,"RegionParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/awsRegion`,description:"AWS region",stringValue:i.region}),this.databaseSecretsParameter=new E.StringParameter(this,"DatabaseSecretsParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/DatabaseSecrets`,description:"Database secrets ARN",stringValue:this.rdsSecretsArn}),this.rdsProxy&&(this.databaseProxyEndpointParameter=new E.StringParameter(this,"DatabaseProxyEndpointParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/databaseProxyEndpoint`,description:"Database proxy endpoint",stringValue:this.rdsProxy?.endpoint})),this.redisSecretsParameter=new E.StringParameter(this,"RedisSecretsParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/RedisSecrets`,description:"Redis secrets ARN",stringValue:this.redisSecrets.secretArn}),this.botLambdaRoleParameter=new E.StringParameter(this,"BotLambdaRoleParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/botLambdaRoleArn`,description:"Bot lambda execution role ARN",stringValue:this.botLambdaRole.roleArn}),i.workers&&(this.workersParameter=new E.StringParameter(this,"WorkersParameter",{tier:E.ParameterTier.STANDARD,parameterName:`/medplum/${n}/workers`,description:"Background workers configuration",stringValue:JSON.stringify(i.workers)}))}getContainerImage(r,i,n,s){let a=new RegExp(`^${r.accountNumber}\\.dkr\\.ecr\\.${r.region}\\.amazonaws\\.com/(.*)[:@](.*)$`).exec(i),d=a?.[1],y=a?.[2];if(d&&y){let b=Or.fromRepositoryArn(this,`${s}ImageRepo`,`arn:aws:ecr:${r.region}:${r.accountNumber}:repository/${d}`);return _.ContainerImage.fromEcrRepository(b,y)}return _.ContainerImage.fromRegistry(i,{credentials:n})}addSidecarContainers(r,i,n,s,o){let a=o?`${o}`:"";for(let d of n??ze)r.addContainer(`${a}AdditionalContainer-${d.name}`,{containerName:d.name,image:this.getContainerImage(i,d.image,s,`${a||"Server"}-${d.name}`),command:d.command,environment:d.environment,logging:this.logDriver,essential:d.essential??!1});i.fireLens?.enabled&&r.addFirelensLogRouter(`${a}FireLensRouter`,{image:_.ContainerImage.fromRegistry("public.ecr.aws/aws-observability/aws-for-fluent-bit:stable"),essential:!0,firelensConfig:i.fireLens.logRouterConfig,environment:i.fireLens.environment})}addAutoScaling(r,i,n){if(!i)return;let s=n??"";r.autoScaleTaskCount({minCapacity:i.minCapacity,maxCapacity:i.maxCapacity}).scaleOnCpuUtilization(`${s}CpuScaling`,{targetUtilizationPercent:i.targetUtilizationPercent,scaleInCooldown:H.seconds(i.scaleInCooldown),scaleOutCooldown:H.seconds(i.scaleOutCooldown)})}addServiceDependencies(r,i){this.rdsCluster&&r.node.addDependency(this.rdsCluster),this.rdsProxy&&r.node.addDependency(this.rdsProxy),r.node.addDependency(this.redisCluster);for(let{cluster:n}of i)r.node.addDependency(n)}createWorkerService(r,i,n,s){let o=r.name,a=r.region,d=i.id+"Worker",y=new _.FargateTaskDefinition(this,`${d}TaskDefinition`,{memoryLimitMiB:i.serverMemory??r.serverMemory,cpu:i.serverCpu??r.serverCpu,taskRole:this.taskRole}),b=i.serverImage??r.serverImage,C=a==="us-east-1"?`aws:/medplum/${o}/,env`:`aws:${a}:/medplum/${o}/,env`,g={...r.environment,...i.environment};!i.workers&&!Object.keys(i.environment??{}).some(T=>T.startsWith("MEDPLUM_WORKERS"))&&(g.MEDPLUM_WORKERS_ENABLED=JSON.stringify(["*"])),y.addContainer(`${d}Container`,{image:this.getContainerImage(r,b,n,d),command:[C],logging:this.logDriver,environment:g}),y.defaultContainer?.addPortMappings({containerPort:r.apiPort,hostPort:r.apiPort}),this.addSidecarContainers(y,r,i.additionalContainers??r.additionalContainers,n,d);let p=new _.FargateService(this,`${d}FargateService`,{cluster:this.ecsCluster,taskDefinition:y,assignPublicIp:!1,vpcSubnets:{subnetType:S.SubnetType.PRIVATE_WITH_EGRESS},desiredCount:i.desiredCount,securityGroups:[this.fargateSecurityGroup],healthCheckGracePeriod:H.minutes(5),minHealthyPercent:50});this.addServiceDependencies(p,s),this.addAutoScaling(p,i.fargateAutoScaling,d)}createRedisCluster(r,i){let n;i.securityGroupId?n=S.SecurityGroup.fromSecurityGroupId(this,`${r}SecurityGroup`,i.securityGroupId):(n=new S.SecurityGroup(this,`${r}SecurityGroup`,{vpc:this.vpc,description:`${r} Security Group`,allowAllOutbound:!1}),n.applyRemovalPolicy(x.RETAIN));let s=new Pe.Secret(this,`${r}Password`,{generateSecretString:{secretStringTemplate:"{}",generateStringKey:"password",excludeCharacters:"@%*()_+=`~{}|[]\\:\";'?,./"}});s.applyRemovalPolicy(x.RETAIN);let o=new tt.CfnReplicationGroup(this,`${r}Cluster`,{engine:i.engine??"Redis",engineVersion:i.engineVersion??"6.x",cacheNodeType:i.nodeType??"cache.t2.medium",replicationGroupDescription:`${r}ReplicationGroup`,authToken:s.secretValueFromJson("password").toString(),transitEncryptionEnabled:!0,atRestEncryptionEnabled:!0,multiAzEnabled:!0,cacheSubnetGroupName:this.redisSubnetGroup.ref,numNodeGroups:1,replicasPerNodeGroup:1,securityGroupIds:[n.securityGroupId]});o.node.addDependency(s),o.applyRemovalPolicy(x.RETAIN);let a=new Pe.Secret(this,`${r}Secrets`,{generateSecretString:{secretStringTemplate:JSON.stringify({host:o.attrPrimaryEndPointAddress,port:o.attrPrimaryEndPointPort,password:s.secretValueFromJson("password").toString(),tls:{}}),generateStringKey:"unused"}});return a.node.addDependency(s),a.node.addDependency(o),a.applyRemovalPolicy(x.RETAIN),{securityGroup:n,password:s,cluster:o,secrets:a}}};function $r(e,t){if(!e){if(t)return{engine:L.DatabaseClusterEngine.auroraPostgres({version:t}),majorVersion:t.auroraPostgresMajorVersion};throw new Error("Missing or empty RDS version: "+e)}let r=e.slice(0,e.indexOf("."));return{engine:L.DatabaseClusterEngine.auroraPostgres({version:L.AuroraPostgresEngineVersion.of(e,r,{s3Import:!0,s3Export:!0})}),majorVersion:r}}function Ur(e){return e?`DatabaseClusterPG${e}`:"DatabaseCluster"}import{aws_cloudtrail as Br,aws_cloudwatch as ke,aws_cloudwatch_actions as Gr,aws_logs as he,aws_sns as st}from"aws-cdk-lib";import{Construct as Fr}from"constructs";var X=class extends Fr{constructor(r,i){super(r,"CloudTrailAlarms");c(this,"config");c(this,"logGroup");c(this,"cloudTrail");c(this,"alarmTopic");if(this.config=i,!i.cloudTrailAlarms)return;i.cloudTrailAlarms.logGroupCreate?(this.logGroup=new he.LogGroup(this,"CloudTrailLogGroup",{logGroupName:i.cloudTrailAlarms.logGroupName,retention:he.RetentionDays.ONE_YEAR}),this.cloudTrail=new Br.Trail(this,"CloudTrail",{sendToCloudWatchLogs:!0,cloudWatchLogGroup:this.logGroup,includeGlobalServiceEvents:!0})):this.logGroup=he.LogGroup.fromLogGroupName(this,"CloudTrailLogGroup",i.cloudTrailAlarms.logGroupName),i.cloudTrailAlarms.snsTopicArn?this.alarmTopic=st.Topic.fromTopicArn(this,"AlarmTopic",i.cloudTrailAlarms.snsTopicArn):this.alarmTopic=new st.Topic(this,"AlarmTopic",{topicName:i.cloudTrailAlarms.snsTopicName});let n=[["UnauthorizedApiCalls","{ ($.errorCode = *UnauthorizedOperation) || ($.errorCode = AccessDenied*) }"],["SignInWithoutMfa","{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != Yes) }"],["RootAccountUsage","{ $.userIdentity.type = Root && $.userIdentity.invokedBy NOT EXISTS && $.eventType != AwsServiceEvent }"],["IamPolicyChanges","{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}"],["CloudTrailConfigurationChanges","{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"],["SignInFailures",'{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'],["DisabledCmks","{($.eventSource = kms.amazonaws.com) && (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion)) }"],["S3PolicyChanges","{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }"],["ConfigServiceChanges","{($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}"],["SecurityGroupChanges","{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}"],["NetworkAclChanges","{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"],["NetworkGatewayChanges","{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }"],["RouteTableChanges","{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }"],["VpcChanges","{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }"],["OrganizationsChanges","{ ($.eventSource = organizations.amazonaws.com) && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUnit)) }"]];for(let[s,o]of n)this.createMetricAlarm(s,o)}createMetricAlarm(r,i){let n=`${this.config.stackName}${r}MetricFilter`,s=`${this.config.stackName}${r}Metric`,o=`${this.config.stackName}Metrics`,a=`${this.config.stackName}${r}Alarm`,d=new he.MetricFilter(this,n,{logGroup:this.logGroup,filterPattern:{logPatternString:i},metricNamespace:o,metricName:s});new ke.Alarm(this,a,{metric:d.metric({}),threshold:1,evaluationPeriods:1,alarmName:a,actionsEnabled:!0,treatMissingData:ke.TreatMissingData.NOT_BREACHING,comparisonOperator:ke.ComparisonOperator.GREATER_THAN_THRESHOLD,datapointsToAlarm:1}).addAlarmAction(new Gr.SnsAction(this.alarmTopic))}};import{aws_certificatemanager as Wr,aws_cloudfront as k,Duration as qr,aws_cloudfront_origins as ot,RemovalPolicy as Hr,aws_route53 as Ie,aws_s3 as ee,aws_route53_targets as Vr}from"aws-cdk-lib";import{Construct as Qr}from"constructs";import{aws_iam as jr}from"aws-cdk-lib";function pe(e,t){let r=new jr.PolicyStatement;return r.addActions("s3:GetObject*"),r.addActions("s3:GetBucket*"),r.addActions("s3:List*"),r.addResources(e.bucketArn),r.addResources(`${e.bucketArn}/*`),r.addCanonicalUserPrincipal(t.cloudFrontOriginAccessIdentityS3CanonicalUserId),e.addToResourcePolicy(r),r}var te=class extends Qr{constructor(r,i,n){super(r,"FrontEnd");c(this,"appBucket");c(this,"responseHeadersPolicy");c(this,"waf");c(this,"apiOriginCachePolicy");c(this,"originAccessIdentity");c(this,"originAccessPolicyStatement");c(this,"distribution");c(this,"dnsRecord");if(n===i.region?this.appBucket=new ee.Bucket(this,"AppBucket",{bucketName:i.appDomainName,publicReadAccess:!1,blockPublicAccess:ee.BlockPublicAccess.BLOCK_ALL,removalPolicy:Hr.DESTROY,encryption:ee.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}):this.appBucket=ee.Bucket.fromBucketAttributes(this,"AppBucket",{bucketName:i.appDomainName,region:i.region}),n==="us-east-1"&&(this.responseHeadersPolicy=new k.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permissions-Policy",value:"accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:["default-src 'none'","base-uri 'self'","child-src 'self'",`connect-src 'self' ${i.apiDomainName} *.medplum.com *.google.com`,"font-src 'self' fonts.gstatic.com","form-action 'self' *.gstatic.com *.google.com","frame-ancestors 'none'",`frame-src 'self' ${i.storageDomainName} *.medplum.com *.gstatic.com *.google.com`,`img-src 'self' data: ${i.storageDomainName} *.gstatic.com *.google.com *.googleapis.com`,"manifest-src 'self'",`media-src 'self' ${i.storageDomainName}`,"script-src 'self' *.medplum.com *.gstatic.com *.google.com","style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com","worker-src 'self' blob: *.gstatic.com *.google.com","upgrade-insecure-requests"].join("; "),override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:k.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:k.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,override:!0},strictTransportSecurity:{accessControlMaxAge:qr.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=z(this,"FrontEndWAF",`${i.stackName}-FrontEndWAF`,"CLOUDFRONT",i.appWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.apiOriginCachePolicy=new k.CachePolicy(this,"ApiOriginCachePolicy",{cachePolicyName:`${i.stackName}-ApiOriginCachePolicy`,cookieBehavior:k.CacheCookieBehavior.all(),headerBehavior:k.CacheHeaderBehavior.allowList("Authorization","Content-Encoding","Content-Type","If-None-Match","Origin","Referer","User-Agent","X-Medplum"),queryStringBehavior:k.CacheQueryStringBehavior.all()}),this.originAccessIdentity=new k.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=pe(this.appBucket,this.originAccessIdentity),this.distribution=new k.Distribution(this,"AppDistribution",{defaultRootObject:"index.html",defaultBehavior:{origin:ot.S3BucketOrigin.withOriginAccessIdentity(this.appBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:k.ViewerProtocolPolicy.REDIRECT_TO_HTTPS},additionalBehaviors:i.appApiProxy?{"/api/*":{origin:new ot.HttpOrigin(i.apiDomainName),allowedMethods:k.AllowedMethods.ALLOW_ALL,cachePolicy:this.apiOriginCachePolicy,viewerProtocolPolicy:k.ViewerProtocolPolicy.REDIRECT_TO_HTTPS}}:void 0,certificate:Wr.Certificate.fromCertificateArn(this,"AppCertificate",i.appSslCertArn),domainNames:[i.appDomainName],errorResponses:[{httpStatus:403,responseHttpStatus:200,responsePagePath:"/index.html"},{httpStatus:404,responseHttpStatus:200,responsePagePath:"/index.html"}],webAclId:this.waf.attrArn,logBucket:i.appLoggingBucket?ee.Bucket.fromBucketName(this,"LoggingBucket",i.appLoggingBucket):void 0,logFilePrefix:i.appLoggingPrefix}),!i.skipDns)){let s=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),o=Ie.HostedZone.fromLookup(this,"Zone",{domainName:s});this.dnsRecord=new Ie.ARecord(this,"AppAliasRecord",{recordName:i.appDomainName,target:Ie.RecordTarget.fromAlias(new Vr.CloudFrontTarget(this.distribution)),zone:o})}}};import{aws_certificatemanager as zr,aws_cloudfront as B,Duration as at,aws_cloudfront_origins as Jr,aws_route53 as De,aws_s3 as J,aws_route53_targets as Yr}from"aws-cdk-lib";import{ServerlessClamscan as Kr}from"cdk-serverless-clamscan";import{Construct as Zr}from"constructs";var re=class extends Zr{constructor(r,i,n){super(r,"Storage");c(this,"storageBucket");c(this,"keyGroup");c(this,"responseHeadersPolicy");c(this,"waf");c(this,"originAccessIdentity");c(this,"originAccessPolicyStatement");c(this,"distribution");c(this,"dnsRecord");if(n===i.region?(this.storageBucket=new J.Bucket(this,"StorageBucket",{bucketName:i.storageBucketName,publicReadAccess:!1,blockPublicAccess:J.BlockPublicAccess.BLOCK_ALL,encryption:J.BucketEncryption.S3_MANAGED,enforceSSL:!0,versioned:!0}),i.clamscanEnabled&&new Kr(this,"ServerlessClamscan",{defsBucketAccessLogsConfig:{logsBucket:J.Bucket.fromBucketName(this,"LoggingBucket",i.clamscanLoggingBucket),logsPrefix:i.clamscanLoggingPrefix}}).addSourceBucket(this.storageBucket)):this.storageBucket=J.Bucket.fromBucketAttributes(this,"StorageBucket",{bucketName:i.storageBucketName,region:i.region}),n==="us-east-1"){let s;if(i.signingKeyId?s=B.PublicKey.fromPublicKeyId(this,"StoragePublicKey",i.signingKeyId):s=new B.PublicKey(this,"StoragePublicKey",{encodedKey:i.storagePublicKey}),this.keyGroup=new B.KeyGroup(this,"StorageKeyGroup",{items:[s]}),this.responseHeadersPolicy=new B.ResponseHeadersPolicy(this,"ResponseHeadersPolicy",{customHeadersBehavior:{customHeaders:[{header:"Permissions-Policy",value:"accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()",override:!0}]},corsBehavior:{accessControlAllowCredentials:!1,accessControlAllowOrigins:[i.appDomainName,"https://ccda.medplum.com"],accessControlAllowHeaders:["*"],accessControlAllowMethods:["GET","HEAD","OPTIONS"],accessControlMaxAge:at.seconds(600),originOverride:!1},securityHeadersBehavior:{contentSecurityPolicy:{contentSecurityPolicy:"default-src 'none'; connect-src https://ccda.medplum.com; base-uri 'none'; form-action 'none'; frame-ancestors *;",override:!0},contentTypeOptions:{override:!0},frameOptions:{frameOption:B.HeadersFrameOption.DENY,override:!0},referrerPolicy:{referrerPolicy:B.HeadersReferrerPolicy.NO_REFERRER,override:!0},strictTransportSecurity:{accessControlMaxAge:at.seconds(63072e3),includeSubdomains:!0,preload:!0,override:!0},xssProtection:{protection:!0,modeBlock:!0,override:!0}}}),this.waf=z(this,"StorageWAF",`${i.stackName}-StorageWAF`,"CLOUDFRONT",i.storageWafIpSetArn,i.wafLogGroupName,i.wafLogGroupCreate),this.originAccessIdentity=new B.OriginAccessIdentity(this,"OriginAccessIdentity",{}),this.originAccessPolicyStatement=pe(this.storageBucket,this.originAccessIdentity),this.distribution=new B.Distribution(this,"StorageDistribution",{defaultBehavior:{origin:Jr.S3BucketOrigin.withOriginAccessIdentity(this.storageBucket,{originAccessIdentity:this.originAccessIdentity}),responseHeadersPolicy:this.responseHeadersPolicy,viewerProtocolPolicy:B.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,trustedKeyGroups:[this.keyGroup]},certificate:zr.Certificate.fromCertificateArn(this,"StorageCertificate",i.storageSslCertArn),domainNames:[i.storageDomainName],webAclId:this.waf.attrArn,logBucket:i.storageLoggingBucket?J.Bucket.fromBucketName(this,"LoggingBucket",i.storageLoggingBucket):void 0,logFilePrefix:i.storageLoggingPrefix}),!i.skipDns){let o=i.hostedZoneName??i.domainName.split(".").slice(-2).join("."),a=De.HostedZone.fromLookup(this,"Zone",{domainName:o});this.dnsRecord=new De.ARecord(this,"StorageAliasRecord",{recordName:i.storageDomainName,target:De.RecordTarget.fromAlias(new Yr.CloudFrontTarget(this.distribution)),zone:a})}}}};var me=class{constructor(t,r){c(this,"primaryStack");c(this,"globalStack");this.primaryStack=new Ne(t,r),r.region!=="us-east-1"&&(this.globalStack=new Oe(t,r),this.globalStack.addDependency(this.primaryStack))}},Ne=class extends ct{constructor(r,i){super(r,i.stackName,{env:{region:i.region,account:i.accountNumber}});c(this,"backEnd");c(this,"frontEnd");c(this,"storage");c(this,"cloudTrail");lt.of(this).add("medplum:environment",i.name),this.backEnd=new de(this,i),this.frontEnd=new te(this,i,i.region),this.storage=new re(this,i,i.region),this.cloudTrail=new X(this,i)}},Oe=class extends ct{constructor(r,i){super(r,i.stackName+"-us-east-1",{env:{region:"us-east-1",account:i.accountNumber}});c(this,"frontEnd");c(this,"storage");c(this,"cloudTrail");lt.of(this).add("medplum:environment",i.name),this.frontEnd=new te(this,i,"us-east-1"),this.storage=new re(this,i,"us-east-1"),this.cloudTrail=new X(this,i)}};async function ri(e){let t=new Xr({context:e}),r=t.node.tryGetContext("config");if(!r){console.log('Missing "config" context variable'),console.log("Usage: cdk deploy -c config=my-config.json");return}let i=JSON.parse(ei(ti(r),"utf-8")),n=await Ze(i),s=new me(t,n);console.log("Stack",s.primaryStack.stackId),t.synth()}import.meta.main&&ri().catch(e=>{console.error(e),process.exit(1)});export{de as BackEnd,X as CloudTrailAlarms,te as FrontEnd,Oe as MedplumGlobalStack,Ne as MedplumPrimaryStack,me as MedplumStack,re as Storage,z as buildWaf,ri as main};
 /*!
  * Reconnecting WebSocket
  * by Pedro Ladaria <pedro.ladaria@gmail.com>