@medplum/cli 2.0.24 → 2.0.25

package/dist/cjs/index.cjs

@@ -1,1498 +1,9 @@
 #!/usr/bin/env node
-'use strict';
+"use strict";var vt=Object.create;var I=Object.defineProperty;var bt=Object.getOwnPropertyDescriptor;var Et=Object.getOwnPropertyNames;var Mt=Object.getPrototypeOf,kt=Object.prototype.hasOwnProperty;var Pt=(e,t)=>{for(var o in t)I(e,o,{get:t[o],enumerable:!0})},ye=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of Et(t))!kt.call(e,a)&&a!==o&&I(e,a,{get:()=>t[a],enumerable:!(n=bt(t,a))||n.enumerable});return e};var P=(e,t,o)=>(o=e!=null?vt(Mt(e)):{},ye(t||!e||!e.__esModule?I(o,"default",{value:e,enumerable:!0}):o,e)),xt=e=>ye(I({},"__esModule",{value:!0}),e);var ao={};Pt(ao,{main:()=>wt,run:()=>Ct});module.exports=xt(ao);var q=require("@medplum/core"),ht=require("commander"),St=P(require("dotenv"));var T=require("@medplum/core"),ve=require("os"),be=require("child_process"),Ee=require("http");var he=require("commander");function m(e){return new he.Command(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base url").option("--token-url <tokenUrl>","FHIR server token url").option("--authorize-url <authorizeUrl>","FHIR server authorize url").option("--fhir-url-path <fhirUrlPath>","FHIR server url path")}var Ce=require("@medplum/core");var Se=require("@medplum/core"),h=require("fs"),we=require("os"),G=require("path"),R=class extends Se.ClientStorage{constructor(){super();this.dirName=(0,G.resolve)((0,we.homedir)(),".medplum"),this.fileName=(0,G.resolve)(this.dirName,"credentials")}clear(){this.writeFile({})}getString(o){return this.readFile()?.[o]}setString(o,n){let a=this.readFile()||{};n?a[o]=n:delete a[o],this.writeFile(a)}readFile(){if((0,h.existsSync)(this.fileName))return JSON.parse((0,h.readFileSync)(this.fileName,"utf8"))}writeFile(o){(0,h.existsSync)(this.dirName)||(0,h.mkdirSync)(this.dirName),(0,h.writeFileSync)(this.fileName,JSON.stringify(o,null,2),"utf8")}};async function l(e){let t=e.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",o=e.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH??"",n=e.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN??"",a=e.tokenUrl??process.env.MEDPLUM_TOKEN_URL??"",i=e.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL??"",s=e.fetch??fetch,c=new Ce.MedplumClient({fetch:s,baseUrl:t,tokenUrl:a,fhirUrlPath:o,authorizeUrl:i,storage:new R,onUnauthenticated:At});n&&c.setAccessToken(n);let u=e.clientId||process.env.MEDPLUM_CLIENT_ID,y=e.clientSecret||process.env.MEDPLUM_CLIENT_SECRET;return u&&y&&(c.setBasicAuth(u,y),await c.startClientLogin(u,y)),c}function At(){console.log("Unauthenticated: run `npx medplum login` to sign in")}var Me="medplum-cli",ke="http://localhost:9615",H=m("login"),V=m("whoami");H.action(async e=>{let t=await l(e);await Dt(t)});V.action(async e=>{let t=await l(e);Rt(t)});async function Dt(e){await Nt(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",Me),t.searchParams.set("redirect_uri",ke),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await It(t.toString())}async function Nt(e){let t=(0,Ee.createServer)(async(o,n)=>{let a=new URL(o.url,"http://localhost:9615"),i=a.searchParams.get("code");if(a.pathname==="/"&&i)try{let s=await e.processCode(i,{clientId:Me,redirectUri:ke});n.writeHead(200,{"Content-Type":"text/plain"}),n.end(`Signed in as ${(0,T.getDisplayString)(s)}. You may close this window.`)}catch(s){n.writeHead(400,{"Content-Type":"text/plain"}),n.end(`Error: ${(0,T.normalizeErrorString)(s)}`)}finally{t.close()}else n.writeHead(404,{"Content-Type":"text/plain"}),n.end("Not found")}).listen(9615)}async function It(e){let t=(0,ve.platform)(),o;switch(t){case"openbsd":case"linux":o=`xdg-open '${e}'`;break;case"darwin":o=`open '${e}'`;break;case"win32":o=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}(0,be.exec)(o)}function Rt(e){let t=e.getActiveLogin();t?(console.log(`Server:  ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}var Qe=require("commander");var w=require("@aws-sdk/client-cloudformation"),Pe=require("@aws-sdk/client-cloudfront"),xe=require("@aws-sdk/client-ecs"),Ae=require("@aws-sdk/client-s3"),Y=new w.CloudFormationClient({}),De=new Pe.CloudFrontClient({}),Ne=new xe.ECSClient({}),Ie=new Ae.S3Client({}),Tt="medplum:environment";async function J(){return(await Y.send(new w.ListStacksCommand({}))).StackSummaries?.filter(t=>t.StackName&&t.StackStatus!=="DELETE_COMPLETE")||[]}async function E(e){let t=await J();for(let o of t){let n=o.StackName,a=await X(n);if(a?.tag===e)return a}}async function X(e){let t=new w.DescribeStacksCommand({StackName:e}),n=(await Y.send(t))?.Stacks?.[0],a=n?.Tags?.find(c=>c.Key===Tt);if(!a)return;let i=await Y.send(new w.DescribeStackResourcesCommand({StackName:e}));if(!i.StackResources)return;let s={stack:n,tag:a.Value};for(let c of i.StackResources)c.ResourceType==="AWS::ECS::Cluster"?s.ecsCluster=c:c.ResourceType==="AWS::ECS::Service"?s.ecsService=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("FrontEndAppBucket")?s.appBucket=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("StorageStorageBucket")?s.storageBucket=c:c.ResourceType==="AWS::CloudFront::Distribution"&&c.LogicalResourceId?.startsWith("FrontEndAppDistribution")&&(s.appDistribution=c);return s}function B(e){console.log(`Medplum Tag:     ${e.tag}`),console.log(`Stack Name:      ${e.stack.StackName}`),console.log(`Stack ID:        ${e.stack.StackId}`),console.log(`Status:          ${e.stack.StackStatus}`),console.log(`ECS Cluster:     ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service:     ${Z(e.ecsService)}`),console.log(`App Bucket:      ${e.appBucket?.PhysicalResourceId}`),console.log(`Storage Bucket:  ${e.storageBucket?.PhysicalResourceId}`)}function Z(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function Re(e){let t=await E(e);if(!t){console.log("Stack not found");return}B(t)}var C=require("@aws-sdk/client-acm"),M=require("@aws-sdk/client-ssm"),j=require("@aws-sdk/client-sts"),$=require("crypto"),L=require("fs"),Be=require("path"),Ue=P(require("readline")),Bt=e=>`${e}DomainName`,Fe=e=>`${e}SslCertArn`,F;async function je(){let e={apiPort:8103,region:"us-east-1"};F=Ue.default.createInterface({input:process.stdin,output:process.stdout}),d("MEDPLUM"),r("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),r(""),r("Most Medplum infrastructure is deployed using the AWS CDK."),r("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),r("This tool will help you create those resources."),r(""),r("Upon completion, this tool will:"),r("  1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),r("  2. Optionally generate an AWS CloudFront signing key"),r("  3. Optionally request SSL certificates from AWS Certificate Manager"),r("  4. Optionally write server config settings to AWS Parameter Store"),r(""),r("The Medplum infra config file is an input to the Medplum CDK."),r("The Medplum CDK will create and manage the necessary AWS resources."),r(""),r("We will ask a series of questions to generate your infra config file."),r("Some questions have predefined options in [square brackets]."),r("Some questions have default values in (parentheses), which you can accept by pressing Enter."),r("Press Ctrl+C at any time to exit.");let t=await Ut(e.region);t||(r("It appears that you do not have AWS credentials configured."),r("AWS credentials are not strictly required, but will enable some additional features."),r("If you intend to use AWS credentials, please configure them now."),await U("Do you want to continue without AWS credentials?")),d("ENVIRONMENT NAME"),r('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),r("The environment name is used in multiple places:"),r("  1. As part of config file names (i.e., medplum.demo.config.json)"),r("  2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),r("  3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await f("What is your environment name?","demo"),r('Using environment name "'+e.name+'"...'),d("CONFIG FILE"),r("Medplum Infrastructure will create a config file in the current directory.");let o=await f("What is the config file name?",`medplum.${e.name}.config.json`);(0,L.existsSync)(o)&&(r("Config file already exists."),await U("Do you want to overwrite the config file?")),r('Using config file "'+o+'"...'),p(o,e),d("AWS REGION"),r("Most Medplum resources will be created in a single AWS region."),e.region=await f("Enter your AWS region:","us-east-1"),p(o,e),d("AWS ACCOUNT NUMBER"),r("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&r("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await f("What is your AWS account number?",t),p(o,e),d("STACK NAME"),r("Medplum will create a CloudFormation stack to manage AWS resources."),r("AWS CloudFormation stack names ");let n="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await f("Enter your CloudFormation stack name?",n),p(o,e),d("BASE DOMAIN NAME"),r("Please enter the base domain name for your Medplum deployment."),r(""),r("Medplum deploys multiple subdomains for various services."),r(""),r('For example, "api." for the REST API and "app." for the web application.'),r("The base domain name is the common suffix for all subdomains."),r(""),r('For example, if your base domain name is "example.com",'),r('then the REST API will be "api.example.com".'),r(""),r('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),r(""),r("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await f("Enter your base domain name:");p(o,e),d("SUPPORT EMAIL"),r("Medplum sends transactional emails to users."),r("For example, emails to new users or for password reset."),r("Medplum will use the support email address to send these emails."),r("Note that you must verify the support email address in SES.");let a=await f("Enter your support email address:");d("API DOMAIN NAME"),r("Medplum deploys a REST API for the backend services."),e.apiDomainName=await f("Enter your REST API domain name:","api."+e.domainName),p(o,e),d("APP DOMAIN NAME"),r("Medplum deploys a web application for the user interface."),e.appDomainName=await f("Enter your web application domain name:","app."+e.domainName),p(o,e),d("STORAGE DOMAIN NAME"),r("Medplum deploys a storage service for file uploads."),e.storageDomainName=await f("Enter your storage domain name:","storage."+e.domainName),p(o,e),d("STORAGE BUCKET"),r("Medplum uses an S3 bucket to store binary content such as file uploads."),r("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await f("Enter your storage bucket name:","medplum-"+e.name+"-storage"),p(o,e),d("MAX AVAILABILITY ZONES"),r("Medplum API servers can be deployed in multiple availability zones."),r("This provides redundancy and high availability."),r("However, it also increases the cost of the deployment."),r("If you want to use all availability zones, choose a large number such as 99."),r("If you want to restrict the number, for example to manage EIP limits,"),r("then choose a small number such as 1 or 2."),e.maxAzs=await x("Enter the maximum number of availability zones:",[1,2,3,99],2),d("DATABASE INSTANCES"),r("Medplum uses a relational database to store data."),r("You can set up your own database,"),r("or Medplum can create a new RDS database as part of the CloudFormation stack."),await ee("Do you want to create a new RDS database as part of the CloudFormation stack?")?(r("Medplum will create a new RDS database as part of the CloudFormation stack."),r(""),r("If you need high availability, you can choose multiple instances."),r("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await x("Enter the number of database instances:",[1,2],1)):(r("Medplum will not create a new RDS database."),r("Please create a new RDS database and enter the database name, username, and password."),r('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),p(o,e),d("SERVER INSTANCES"),r("Medplum uses AWS Fargate to run the API servers."),r("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),r("Fargate will automatically scale the number of servers up and down."),r("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await x("Enter the number of server instances:",[1,2,3,4,6,8],1),p(o,e),d("SERVER MEMORY"),r("You can choose the amount of memory for each server instance."),r("The default is 512 MB, which is sufficient for getting started."),r("Note that only certain CPU units are compatible with memory units."),r('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await x("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),p(o,e),d("SERVER CPU"),r("You can choose the amount of CPU for each server instance."),r("CPU is expressed as an integer using AWS CPU units"),r("The default is 256, which is sufficient for getting started."),r("Note that only certain CPU units are compatible with memory units."),r('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await x("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),p(o,e),d("SERVER IMAGE"),r("Medplum uses Docker images for the API servers."),r("You can choose the image to use for the servers."),r("Docker images can be loaded from either Docker Hub or AWS ECR."),r("The default is the latest Medplum release."),e.serverImage=await f("Enter the server image:","medplum/medplum-server:latest"),p(o,e),d("SIGNING KEY"),r("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let{privateKey:i,publicKey:s,passphrase:c}=Lt();e.storagePublicKey=s,p(o,e),d("SSL CERTIFICATES"),r("Medplum will now check for existing SSL certificates for the subdomains.");let u=await Ft(e.region);r("Found "+u.length+" certificate(s).");for(let{region:z,certName:D}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){r("");let N=await jt(e,u,z,D);e[Fe(D)]=N,p(o,e)}d("AWS PARAMETER STORE"),r("Medplum uses AWS Parameter Store to store sensitive configuration values."),r("These values will be encrypted at rest."),r(`The values will be stored in the "/medplum/${e.name}" path.`);let y={port:e.apiPort,baseUrl:`https://${e.apiDomainName}/`,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,signingKey:i,signingKeyPassphrase:c,supportEmail:a};r(JSON.stringify({...y,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await U("Do you want to store these values in AWS Parameter Store?"),await _t(e.region,`/medplum/${e.name}/`,y),d("DONE!"),r("Medplum configuration complete."),r("You can now proceed to deploying the Medplum infrastructure with CDK."),r("Run:"),r(""),r(`    npx cdk bootstrap -c config=${o}`),r(`    npx cdk synth -c config=${o}`),e.region==="us-east-1"?r(`    npx cdk deploy -c config=${o}`):r(`    npx cdk deploy -c config=${o} --all`),r(""),r("See Medplum documentation for more information:"),r(""),r("    https://www.medplum.com/docs/self-hosting/install-on-aws"),r(""),F.close()}function r(e){F.write(e+`
+`)}function d(e){r(`
+`+e+`
+`)}function f(e,t=""){return new Promise(o=>{F.question(e+(t?" ("+t+")":"")+" ",n=>{o(n||t.toString())})})}async function Q(e,t,o=""){let n=e+" ["+t.map(a=>a===o?"("+a+")":a).join("|")+"]";for(;;){let a=await f(n)||o;if(t.includes(a))return a;r("Please choose one of the following options: "+t.join(", "))}}async function x(e,t,o){return parseInt(await Q(e,t.map(n=>n.toString()),o.toString()),10)}async function ee(e){return(await Q(e,["y","n"])).toLowerCase()==="y"}async function U(e){if(!await ee(e))throw r("Exiting..."),new Error("User cancelled")}function p(e,t){(0,L.writeFileSync)((0,Be.resolve)(e),JSON.stringify(t,void 0,2),"utf-8")}async function Ut(e){try{let t=new j.STSClient({region:e}),o=new j.GetCallerIdentityCommand({});return(await t.send(o)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function Ft(e){let t=await Te(e);if(e!=="us-east-1"){let o=await Te("us-east-1");t.push(...o)}return t}async function Te(e){try{let t=new C.ACMClient({region:e}),o=new C.ListCertificatesCommand({MaxItems:1e3});return(await t.send(o)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function jt(e,t,o,n){let a=e[Bt(n)],i=t.find(c=>c.CertificateArn?.includes(o)&&c.DomainName===a);if(i)return r(`Found existing certificate for "${a}" in "${o}.`),i.CertificateArn;if(r(`No existing certificate found for "${a}" in "${o}.`),!await ee("Do you want to request a new certificate?"))return r(`Please add your certificate ARN to the config file in the "${Fe(n)}" setting.`),"TODO";let s=await $t(o,a);return r("Certificate ARN: "+s),s}async function $t(e,t){try{let o=await Q("Validate certificate using DNS or email validation?",["dns","email"],"dns"),n=new C.ACMClient({region:e}),a=new C.RequestCertificateCommand({DomainName:t,ValidationMethod:o.toUpperCase()});return(await n.send(a)).CertificateArn}catch(o){return console.log("Error: Unable to request certificate",o.message),"TODO"}}function Lt(){let e=(0,$.randomUUID)(),t=(0,$.generateKeyPairSync)("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:e}});return{publicKey:t.publicKey,privateKey:t.privateKey,passphrase:e}}async function Ot(e,t){let o=new M.GetParameterCommand({Name:t,WithDecryption:!0});try{return(await e.send(o)).Parameter?.Value}catch(n){if(n.name==="ParameterNotFound")return;throw n}}async function Wt(e,t,o){let n=new M.PutParameterCommand({Name:t,Value:o,Type:"SecureString",Overwrite:!0});await e.send(n)}async function _t(e,t,o){let n=new M.SSMClient({region:e});for(let[a,i]of Object.entries(o)){let s=t+a,c=i.toString(),u=await Ot(n,s);u!==void 0&&u!==c&&(r(`Parameter "${s}" exists with different value.`),await U(`Do you want to overwrite "${s}"?`)),await Wt(n,s,c)}}async function $e(){let e=await J();for(let t of e){let o=t.StackName,n=await X(o);n&&(B(n),console.log(""))}}var qe=require("@aws-sdk/client-cloudfront"),ze=require("@aws-sdk/client-s3"),Ge=P(require("fast-glob")),g=require("fs"),ae=P(require("node-fetch")),He=require("os"),v=require("path"),Ve=require("stream/promises");var k=require("fs"),Le=require("path"),Oe=P(require("tar"));function S(e){console.log(JSON.stringify(e,null,2))}async function te(e,t,o){let n=ne(t.source);if(n)try{console.log("Update bot code.....");let a=await e.updateResource({...o,code:n});console.log(a?"Success! New bot version: "+a.meta?.versionId:"Bot not modified")}catch(a){console.log("Update error: ",a)}}async function We(e,t,o){let n=ne(t.dist??t.source);if(n)try{console.log("Deploying bot...");let a=await e.post(e.fhirUrl("Bot",o.id,"$deploy"),{code:n});console.log("Deploy result: "+a.issue?.[0]?.details?.text)}catch(a){console.log("Deploy error: ",a)}}async function oe(e,t){if(t.length<4){console.log("Error: command needs to be npx medplum <new-bot-name> <project-id> <source-file> <dist-file>");return}let o=t[0],n=t[1],a=t[2],i=t[3];try{let s={name:o,description:""},c=await e.post("admin/projects/"+n+"/bot",s),u=await e.readResource("Bot",c.id),y={name:o,id:c.id,source:a,dist:i};await te(e,y,u),console.log(`Success! Bot created: ${u.id}`),Kt(y)}catch(s){console.log("Error while creating new bot: "+s)}}function _e(e){let t=new RegExp("^"+qt(e).replace(/\\\*/g,".*")+"$"),o=O()?.bots?.filter(n=>t.test(n.name));return o||[]}function O(e){let t=e?`medplum.${e}.config.json`:"medplum.config.json",o=ne(t);if(o)return JSON.parse(o)}function ne(e){let t=(0,Le.resolve)(process.cwd(),e);return(0,k.existsSync)(t)?(0,k.readFileSync)(t,"utf8"):(console.log("Error: File does not exist: "+t),"")}function Kt(e){let t=O();t?.bots?.push(e),(0,k.writeFile)("medplum.config.json",JSON.stringify(t),()=>{console.log(`Bot added to config: ${e.id}`)})}function qt(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function Ke(e){let n=0,a=0;return Oe.default.x({cwd:e,filter:(i,s)=>{if(n++,n>100)throw new Error("Tar extractor reached max number of files");if(a+=s.size,a>10485760)throw new Error("Tar extractor reached max size");return!0}})}function re(){return{extension:[{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}]}}async function Ye(e){let t=O(e);if(!t){console.log("Config not found");return}let o=await E(e);if(!o){console.log("Stack not found");return}let n=o.appBucket;if(!n){console.log("App bucket not found");return}let a=await Gt("@medplum/app","latest");Je(a,{MEDPLUM_BASE_URL:t.baseUrl,MEDPLUM_CLIENT_ID:t.clientId||"",GOOGLE_CLIENT_ID:t.googleClientId||"",RECAPTCHA_SITE_KEY:t.recaptchaSiteKey||"",MEDPLUM_REGISTER_ENABLED:t.registerEnabled?"true":"false"}),await Vt(a,n.PhysicalResourceId),o.appDistribution?.PhysicalResourceId&&await Xt(o.appDistribution.PhysicalResourceId),console.log("Done")}async function zt(e,t){let o=`https://registry.npmjs.org/${e}/${t}`;return(await(0,ae.default)(o)).json()}async function Gt(e,t){let n=(await zt(e,t)).dist.tarball,a=(0,g.mkdtempSync)((0,v.join)((0,He.tmpdir)(),"tarball-"));try{let i=await(0,ae.default)(n),s=Ke(a);return await(0,Ve.pipeline)(i.body,s),(0,v.join)(a,"package","dist")}catch(i){throw(0,g.rmSync)(a,{recursive:!0,force:!0}),i}}function Je(e,t){for(let o of(0,g.readdirSync)(e,{withFileTypes:!0})){let n=(0,v.join)(e,o.name);o.isDirectory()?Je(n,t):o.isFile()&&n.endsWith(".js")&&Ht(n,t)}}function Ht(e,t){let o=(0,g.readFileSync)(e,"utf-8");for(let[n,a]of Object.entries(t))o=o.replaceAll(`__${n}__`,a);(0,g.writeFileSync)(e,o)}async function Vt(e,t){let o=[["css/**/*.css","text/css",!0],["css/**/*.css.map","application/json",!0],["img/**/*.png","image/png",!0],["img/**/*.svg","image/svg+xml",!0],["js/**/*.js","application/javascript",!0],["js/**/*.js.map","application/json",!0],["js/**/*.txt","text/plain",!0],["favicon.ico","image/vnd.microsoft.icon",!0],["robots.txt","text/plain",!0],["workbox-*.js","application/javascript",!0],["workbox-*.js.map","application/json",!0],["manifest.webmanifest","application/manifest+json",!1],["service-worker.js","application/javascript",!1],["service-worker.js.map","application/json",!1],["index.html","text/html",!1]];for(let n of o)await Yt({rootDir:e,bucketName:t,fileNamePattern:n[0],contentType:n[1],cached:n[2]})}async function Yt(e){let t=Ge.default.sync(e.fileNamePattern,{cwd:e.rootDir});for(let o of t)await Jt((0,v.join)(e.rootDir,o),e)}async function Jt(e,t){let o=(0,g.createReadStream)(e),n=e.substring(t.rootDir.length+1).split(v.sep).join("/"),a={Bucket:t.bucketName,Key:n,Body:o,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${n} to ${t.bucketName}...`),await Ie.send(new ze.PutObjectCommand(a))}async function Xt(e){let t=await De.send(new qe.CreateInvalidationCommand({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}var Xe=require("@aws-sdk/client-ecs");async function Ze(e){let t=await E(e);if(!t){console.log("Stack not found");return}let o=t.ecsCluster?.PhysicalResourceId;if(!o){console.log("ECS Cluster not found");return}let n=Z(t.ecsService);if(!n){console.log("ECS Service not found");return}await Ne.send(new Xe.UpdateServiceCommand({cluster:o,service:n,forceNewDeployment:!0})),console.log(`Service "${n}" updated successfully.`)}var b=new Qe.Command("aws").description("Commands to manage AWS resources");b.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(je);b.command("list").description("List Medplum AWS CloudFormation stacks").action($e);b.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>").action(Re);b.command("update-server").alias("deploy-server").description("Update the server image").argument("<tag>").action(Ze);b.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>").action(Ye);var et=require("commander");var tt=m("save"),ot=m("deploy"),nt=m("create"),rt=new et.Command("bot").addCommand(tt).addCommand(ot).addCommand(nt),ie=m("save-bot"),se=m("deploy-bot"),ce=m("create-bot");tt.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let o=await l(t);await W(o,e)});ot.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let o=await l(t);await W(o,e,!0)});nt.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").action(async(e,t,o,n,a)=>{let i=await l(a);await oe(i,[e,t,o,n])});async function W(e,t,o=!1){let n=_e(t);for(let a of n){let i=await e.readResource("Bot",a.id);await te(e,a,i),o&&await We(e,a,i)}console.log(`Number of bots deployed: ${n.length}`)}ie.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let o=await l(t);await W(o,e)});se.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let o=await l(t);await W(o,e,!0)});ce.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,o,n,a)=>{let i=await l(a);await oe(i,[e,t,o,n])});var it=require("commander"),_=require("fs"),me=require("path"),st=require("readline");var ct=m("export"),mt=m("import"),lt=new it.Command("bulk").addCommand(ct).addCommand(mt);ct.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:o,since:n,targetDirectory:a}=e,i=await l(e);(await i.bulkExport(t,o,n)).output?.forEach(async({type:c,url:u})=>{let y=new URL(u),z=await i.download(u),D=`${c}_${y.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",N=(0,me.resolve)(a??"",D);(0,_.writeFile)(`${N}`,await z.text(),()=>{console.log(`${N} is created`)})})});mt.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:o,addExtensionsForMissingValues:n,targetDirectory:a}=t,i=(0,me.resolve)(a??process.cwd(),e),s=await l(t);await Zt(i,parseInt(o,10),s,n)});async function Zt(e,t,o,n){let a=[],i=(0,_.createReadStream)(e),s=(0,st.createInterface)({input:i});for await(let c of s){let u=Qt(c,n);a.push({resource:u,request:{method:"POST",url:u.resourceType}}),a.length%t===0&&(await at(a,o),a=[])}a.length>0&&await at(a,o)}async function at(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(n=>{S(n.response)})}function Qt(e,t){let o=JSON.parse(e);return t?eo(o):o}function eo(e){return e.resourceType==="ExplanationOfBenefit"?to(e):e}function to(e){return e.provider||(e.provider=re()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=re())}),e}var K=require("commander");var dt=m("list"),ut=m("current"),pt=m("switch"),ft=m("invite"),gt=new K.Command("project").addCommand(dt).addCommand(ut).addCommand(pt).addCommand(ft);dt.description("List of current projects").action(async e=>{let t=await l(e);oo(t)});function oo(e){let o=e.getLogins().map(n=>`${n.project.display} (${n.project.reference})`).join(`
 
-var core = require('@medplum/core');
-var commander = require('commander');
-var dotenv = require('dotenv');
-var os = require('os');
-var child_process = require('child_process');
-var http = require('http');
-var fs = require('fs');
-var path = require('path');
-var clientCloudformation = require('@aws-sdk/client-cloudformation');
-var clientCloudfront = require('@aws-sdk/client-cloudfront');
-var clientEcs = require('@aws-sdk/client-ecs');
-var clientS3 = require('@aws-sdk/client-s3');
-var fastGlob = require('fast-glob');
-var fetch$1 = require('node-fetch');
-var promises = require('stream/promises');
-var tar = require('tar');
-var clientAcm = require('@aws-sdk/client-acm');
-var clientSsm = require('@aws-sdk/client-ssm');
-var clientSts = require('@aws-sdk/client-sts');
-var crypto = require('crypto');
-var readline = require('readline');
-
-function createMedplumCommand(name) {
-    return new commander.Command(name)
-        .option('--client-id <clientId>', 'FHIR server client id')
-        .option('--client-secret <clientSecret>', 'FHIR server client secret')
-        .option('--base-url <baseUrl>', 'FHIR server base url')
-        .option('--token-url <tokenUrl>', 'FHIR server token url')
-        .option('--authorize-url <authorizeUrl>', 'FHIR server authorize url')
-        .option('--fhir-url-path <fhirUrlPath>', 'FHIR server url path');
-}
-
-class FileSystemStorage extends core.ClientStorage {
-    constructor() {
-        super();
-        this.dirName = path.resolve(os.homedir(), '.medplum');
-        this.fileName = path.resolve(this.dirName, 'credentials');
-    }
-    clear() {
-        this.writeFile({});
-    }
-    getString(key) {
-        return this.readFile()?.[key];
-    }
-    setString(key, value) {
-        const data = this.readFile() || {};
-        if (value) {
-            data[key] = value;
-        }
-        else {
-            delete data[key];
-        }
-        this.writeFile(data);
-    }
-    readFile() {
-        if (fs.existsSync(this.fileName)) {
-            return JSON.parse(fs.readFileSync(this.fileName, 'utf8'));
-        }
-        return undefined;
-    }
-    writeFile(data) {
-        if (!fs.existsSync(this.dirName)) {
-            fs.mkdirSync(this.dirName);
-        }
-        fs.writeFileSync(this.fileName, JSON.stringify(data, null, 2), 'utf8');
-    }
-}
-
-async function createMedplumClient(options) {
-    const baseUrl = options.baseUrl ?? process.env['MEDPLUM_BASE_URL'] ?? 'https://api.medplum.com/';
-    const fhirUrlPath = options.fhirUrlPath ?? process.env['MEDPLUM_FHIR_URL_PATH'] ?? '';
-    const accessToken = options.accessToken ?? process.env['MEDPLUM_CLIENT_ACCESS_TOKEN'] ?? '';
-    const tokenUrl = options.tokenUrl ?? process.env['MEDPLUM_TOKEN_URL'] ?? '';
-    const authorizeUrl = options.authorizeUrl ?? process.env['MEDPLUM_AUTHORIZE_URL'] ?? '';
-    const fetchApi = options.fetch ?? fetch;
-    const medplumClient = new core.MedplumClient({
-        fetch: fetchApi,
-        baseUrl,
-        tokenUrl,
-        fhirUrlPath,
-        authorizeUrl,
-        storage: new FileSystemStorage(),
-        onUnauthenticated: onUnauthenticated,
-    });
-    if (accessToken) {
-        medplumClient.setAccessToken(accessToken);
-    }
-    const clientId = options.clientId || process.env['MEDPLUM_CLIENT_ID'];
-    const clientSecret = options.clientSecret || process.env['MEDPLUM_CLIENT_SECRET'];
-    if (clientId && clientSecret) {
-        medplumClient.setBasicAuth(clientId, clientSecret);
-        await medplumClient.startClientLogin(clientId, clientSecret);
-    }
-    return medplumClient;
-}
-function onUnauthenticated() {
-    console.log('Unauthenticated: run `npx medplum login` to sign in');
-}
-
-const clientId = 'medplum-cli';
-const redirectUri = 'http://localhost:9615';
-const login = createMedplumCommand('login');
-const whoami = createMedplumCommand('whoami');
-login.action(async (options) => {
-    const medplum = await createMedplumClient(options);
-    await startLogin(medplum);
-});
-whoami.action(async (options) => {
-    const medplum = await createMedplumClient(options);
-    printMe(medplum);
-});
-async function startLogin(medplum) {
-    await startWebServer(medplum);
-    const loginUrl = new URL(medplum.getAuthorizeUrl());
-    loginUrl.searchParams.set('client_id', clientId);
-    loginUrl.searchParams.set('redirect_uri', redirectUri);
-    loginUrl.searchParams.set('scope', 'openid');
-    loginUrl.searchParams.set('response_type', 'code');
-    loginUrl.searchParams.set('prompt', 'login');
-    await openBrowser(loginUrl.toString());
-}
-async function startWebServer(medplum) {
-    const server = http.createServer(async (req, res) => {
-        const url = new URL(req.url, 'http://localhost:9615');
-        const code = url.searchParams.get('code');
-        if (url.pathname === '/' && code) {
-            try {
-                const profile = await medplum.processCode(code, { clientId, redirectUri });
-                res.writeHead(200, { 'Content-Type': 'text/plain' });
-                res.end(`Signed in as ${core.getDisplayString(profile)}. You may close this window.`);
-            }
-            catch (err) {
-                res.writeHead(400, { 'Content-Type': 'text/plain' });
-                res.end(`Error: ${core.normalizeErrorString(err)}`);
-            }
-            finally {
-                server.close();
-            }
-        }
-        else {
-            res.writeHead(404, { 'Content-Type': 'text/plain' });
-            res.end('Not found');
-        }
-    }).listen(9615);
-}
-/**
- * Opens a web browser to the specified URL.
- * See: https://hasinthaindrajee.medium.com/browser-sso-for-cli-applications-b0be743fa656
- * @param url The URL to open.
- */
-async function openBrowser(url) {
-    const os$1 = os.platform();
-    let cmd = undefined;
-    switch (os$1) {
-        case 'openbsd':
-        case 'linux':
-            cmd = `xdg-open '${url}'`;
-            break;
-        case 'darwin':
-            cmd = `open '${url}'`;
-            break;
-        case 'win32':
-            cmd = `cmd /c start "" "${url}"`;
-            break;
-        default:
-            throw new Error('Unsupported platform: ' + os$1);
-    }
-    child_process.exec(cmd);
-}
-/**
- * Prints the current user and project.
- * @param medplum The Medplum client.
- */
-function printMe(medplum) {
-    const loginState = medplum.getActiveLogin();
-    if (loginState) {
-        console.log(`Server:  ${medplum.getBaseUrl()}`);
-        console.log(`Profile: ${loginState.profile.display} (${loginState.profile.reference})`);
-        console.log(`Project: ${loginState.project.display} (${loginState.project.reference})`);
-    }
-    else {
-        console.log('Not logged in');
-    }
-}
-
-const cloudFormationClient = new clientCloudformation.CloudFormationClient({});
-const cloudFrontClient = new clientCloudfront.CloudFrontClient({});
-const ecsClient = new clientEcs.ECSClient({});
-const s3Client = new clientS3.S3Client({});
-const tagKey = 'medplum:environment';
-/**
- * Returns a list of all AWS CloudFormation stacks (both Medplum and non-Medplum).
- * @returns List of AWS CloudFormation stacks.
- */
-async function getAllStacks() {
-    const listResult = await cloudFormationClient.send(new clientCloudformation.ListStacksCommand({}));
-    return (listResult.StackSummaries?.filter((s) => s.StackName && s.StackStatus !== 'DELETE_COMPLETE') || []);
-}
-/**
- * Returns Medplum stack details for the given tag.
- * @param tag The Medplum stack tag.
- * @returns The Medplum stack details.
- */
-async function getStackByTag(tag) {
-    const stackSummaries = await getAllStacks();
-    for (const stackSummary of stackSummaries) {
-        const stackName = stackSummary.StackName;
-        const details = await getStackDetails(stackName);
-        if (details?.tag === tag) {
-            return details;
-        }
-    }
-    return undefined;
-}
-/**
- * Returns Medplum stack details for the given stack name.
- * @param stackName The CloudFormation stack name.
- * @returns The Medplum stack details.
- */
-async function getStackDetails(stackName) {
-    const describeStacksCommand = new clientCloudformation.DescribeStacksCommand({ StackName: stackName });
-    const stackDetails = await cloudFormationClient.send(describeStacksCommand);
-    const stack = stackDetails?.Stacks?.[0];
-    const medplumTag = stack?.Tags?.find((tag) => tag.Key === tagKey);
-    if (!medplumTag) {
-        return undefined;
-    }
-    const stackResources = await cloudFormationClient.send(new clientCloudformation.DescribeStackResourcesCommand({ StackName: stackName }));
-    if (!stackResources.StackResources) {
-        return undefined;
-    }
-    const result = {
-        stack: stack,
-        tag: medplumTag.Value,
-    };
-    for (const resource of stackResources.StackResources) {
-        if (resource.ResourceType === 'AWS::ECS::Cluster') {
-            result.ecsCluster = resource;
-        }
-        else if (resource.ResourceType === 'AWS::ECS::Service') {
-            result.ecsService = resource;
-        }
-        else if (resource.ResourceType === 'AWS::S3::Bucket' &&
-            resource.LogicalResourceId?.startsWith('FrontEndAppBucket')) {
-            result.appBucket = resource;
-        }
-        else if (resource.ResourceType === 'AWS::S3::Bucket' &&
-            resource.LogicalResourceId?.startsWith('StorageStorageBucket')) {
-            result.storageBucket = resource;
-        }
-        else if (resource.ResourceType === 'AWS::CloudFront::Distribution' &&
-            resource.LogicalResourceId?.startsWith('FrontEndAppDistribution')) {
-            result.appDistribution = resource;
-        }
-    }
-    return result;
-}
-/**
- * Prints the given Medplum stack details to stdout.
- * @param details The Medplum stack details.
- */
-function printStackDetails(details) {
-    console.log(`Medplum Tag:     ${details.tag}`);
-    console.log(`Stack Name:      ${details.stack.StackName}`);
-    console.log(`Stack ID:        ${details.stack.StackId}`);
-    console.log(`Status:          ${details.stack.StackStatus}`);
-    console.log(`ECS Cluster:     ${details.ecsCluster?.PhysicalResourceId}`);
-    console.log(`ECS Service:     ${getEcsServiceName(details.ecsService)}`);
-    console.log(`App Bucket:      ${details.appBucket?.PhysicalResourceId}`);
-    console.log(`Storage Bucket:  ${details.storageBucket?.PhysicalResourceId}`);
-}
-/**
- * Parses the ECS service name from the given AWS ECS service resource.
- * @param resource The AWS ECS service resource.
- * @returns The ECS service name.
- */
-function getEcsServiceName(resource) {
-    return resource?.PhysicalResourceId?.split('/')?.pop() || '';
-}
-
-/**
- * The AWS "describe" command prints details about a Medplum CloudFormation stack.
- * @param tag The Medplum stack tag.
- */
-async function describeStacksCommand(tag) {
-    const details = await getStackByTag(tag);
-    if (!details) {
-        console.log('Stack not found');
-        return;
-    }
-    printStackDetails(details);
-}
-
-/**
- * The AWS "list" command prints summary details about all Medplum CloudFormation stacks.
- */
-async function listStacksCommand() {
-    const stackSummaries = await getAllStacks();
-    for (const stackSummary of stackSummaries) {
-        const stackName = stackSummary.StackName;
-        const details = await getStackDetails(stackName);
-        if (!details) {
-            continue;
-        }
-        printStackDetails(details);
-        console.log('');
-    }
-}
-
-function prettyPrint(input) {
-    console.log(JSON.stringify(input, null, 2));
-}
-async function saveBot(medplum, botConfig, bot) {
-    const code = readFileContents(botConfig.source);
-    if (!code) {
-        return;
-    }
-    try {
-        console.log('Update bot code.....');
-        const updateResult = await medplum.updateResource({
-            ...bot,
-            code,
-        });
-        if (!updateResult) {
-            console.log('Bot not modified');
-        }
-        else {
-            console.log('Success! New bot version: ' + updateResult.meta?.versionId);
-        }
-    }
-    catch (err) {
-        console.log('Update error: ', err);
-    }
-}
-async function deployBot(medplum, botConfig, bot) {
-    const code = readFileContents(botConfig.dist ?? botConfig.source);
-    if (!code) {
-        return;
-    }
-    try {
-        console.log('Deploying bot...');
-        const deployResult = (await medplum.post(medplum.fhirUrl('Bot', bot.id, '$deploy'), {
-            code,
-        }));
-        console.log('Deploy result: ' + deployResult.issue?.[0]?.details?.text);
-    }
-    catch (err) {
-        console.log('Deploy error: ', err);
-    }
-}
-async function createBot(medplum, argv) {
-    if (argv.length < 4) {
-        console.log(`Error: command needs to be npx medplum <new-bot-name> <project-id> <source-file> <dist-file>`);
-        return;
-    }
-    const botName = argv[0];
-    const projectId = argv[1];
-    const sourceFile = argv[2];
-    const distFile = argv[3];
-    try {
-        const body = {
-            name: botName,
-            description: '',
-        };
-        const newBot = await medplum.post('admin/projects/' + projectId + '/bot', body);
-        const bot = await medplum.readResource('Bot', newBot.id);
-        const botConfig = {
-            name: botName,
-            id: newBot.id,
-            source: sourceFile,
-            dist: distFile,
-        };
-        await saveBot(medplum, botConfig, bot);
-        console.log(`Success! Bot created: ${bot.id}`);
-        addBotToConfig(botConfig);
-    }
-    catch (err) {
-        console.log('Error while creating new bot: ' + err);
-    }
-}
-function readBotConfigs(botName) {
-    const regExBotName = new RegExp('^' + escapeRegex(botName).replace(/\\\*/g, '.*') + '$');
-    const botConfigs = readConfig()?.bots?.filter((b) => regExBotName.test(b.name));
-    if (!botConfigs) {
-        return [];
-    }
-    return botConfigs;
-}
-function readConfig(tagName) {
-    const fileName = tagName ? `medplum.${tagName}.config.json` : 'medplum.config.json';
-    const content = readFileContents(fileName);
-    if (!content) {
-        return undefined;
-    }
-    return JSON.parse(content);
-}
-function readFileContents(fileName) {
-    const path$1 = path.resolve(process.cwd(), fileName);
-    if (!fs.existsSync(path$1)) {
-        console.log('Error: File does not exist: ' + path$1);
-        return '';
-    }
-    return fs.readFileSync(path$1, 'utf8');
-}
-function addBotToConfig(botConfig) {
-    const config = readConfig();
-    config?.bots?.push(botConfig);
-    fs.writeFile('medplum.config.json', JSON.stringify(config), () => {
-        console.log(`Bot added to config: ${botConfig.id}`);
-    });
-}
-function escapeRegex(str) {
-    return str.replace(/[/\-\\^$*+?.()|[\]{}]/g, '\\$&');
-}
-/**
- * Creates a safe tar extractor that limits the number of files and total size.
- *
- * Expanding archive files without controlling resource consumption is security-sensitive
- *
- * See: https://sonarcloud.io/organizations/medplum/rules?open=typescript%3AS5042&rule_key=typescript%3AS5042
- * @param destinationDir The destination directory where all files will be extracted.
- * @returns A tar file extractor.
- */
-function safeTarExtractor(destinationDir) {
-    const MAX_FILES = 100;
-    const MAX_SIZE = 10 * 1024 * 1024; // 10 MB
-    let fileCount = 0;
-    let totalSize = 0;
-    return tar.x({
-        cwd: destinationDir,
-        filter: (_path, entry) => {
-            fileCount++;
-            if (fileCount > MAX_FILES) {
-                throw new Error('Tar extractor reached max number of files');
-            }
-            totalSize += entry.size;
-            if (totalSize > MAX_SIZE) {
-                throw new Error('Tar extractor reached max size');
-            }
-            return true;
-        },
-    });
-}
-function getUnsupportedExtension() {
-    return {
-        extension: [
-            {
-                url: 'http://hl7.org/fhir/StructureDefinition/data-absent-reason',
-                valueCode: 'unsupported',
-            },
-        ],
-    };
-}
-
-/**
- * The AWS "update-app" command updates the Medplum app in a Medplum CloudFormation stack to the latest version.
- * @param tag The Medplum stack tag.
- */
-async function updateAppCommand(tag) {
-    const config = readConfig(tag);
-    if (!config) {
-        console.log('Config not found');
-        return;
-    }
-    const details = await getStackByTag(tag);
-    if (!details) {
-        console.log('Stack not found');
-        return;
-    }
-    const appBucket = details.appBucket;
-    if (!appBucket) {
-        console.log('App bucket not found');
-        return;
-    }
-    const tmpDir = await downloadNpmPackage('@medplum/app', 'latest');
-    // Replace variables in the app
-    replaceVariables(tmpDir, {
-        MEDPLUM_BASE_URL: config.baseUrl,
-        MEDPLUM_CLIENT_ID: config.clientId || '',
-        GOOGLE_CLIENT_ID: config.googleClientId || '',
-        RECAPTCHA_SITE_KEY: config.recaptchaSiteKey || '',
-        MEDPLUM_REGISTER_ENABLED: config.registerEnabled ? 'true' : 'false',
-    });
-    // Upload the app to S3 with correct content-type and cache-control
-    await uploadAppToS3(tmpDir, appBucket.PhysicalResourceId);
-    // Create a CloudFront invalidation to clear any cached resources
-    if (details.appDistribution?.PhysicalResourceId) {
-        await createInvalidation(details.appDistribution.PhysicalResourceId);
-    }
-    console.log('Done');
-}
-/**
- * Returns NPM package metadata for a given package name.
- * See: https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#getpackageversion
- * @param packageName The npm package name.
- * @param version The npm package version string.
- * @returns The package.json metadata content.
- */
-async function getNpmPackageMetadata(packageName, version) {
-    const url = `https://registry.npmjs.org/${packageName}/${version}`;
-    const response = await fetch$1(url);
-    return response.json();
-}
-/**
- * Downloads and extracts an NPM package.
- * @param packageName The NPM package name.
- * @param version The NPM package version or "latest".
- * @returns Path to temporary directory where the package was downloaded and extracted.
- */
-async function downloadNpmPackage(packageName, version) {
-    const packageMetadata = await getNpmPackageMetadata(packageName, version);
-    const tarballUrl = packageMetadata.dist.tarball;
-    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'tarball-'));
-    try {
-        const response = await fetch$1(tarballUrl);
-        const extractor = safeTarExtractor(tmpDir);
-        await promises.pipeline(response.body, extractor);
-        return path.join(tmpDir, 'package', 'dist');
-    }
-    catch (error) {
-        fs.rmSync(tmpDir, { recursive: true, force: true });
-        throw error;
-    }
-}
-/**
- * Replaces variables in all JS files in the given folder.
- * @param folderName The folder name of the files.
- * @param replacements The collection of variable placeholders and replacements.
- */
-function replaceVariables(folderName, replacements) {
-    for (const item of fs.readdirSync(folderName, { withFileTypes: true })) {
-        const itemPath = path.join(folderName, item.name);
-        if (item.isDirectory()) {
-            replaceVariables(itemPath, replacements);
-        }
-        else if (item.isFile() && itemPath.endsWith('.js')) {
-            replaceVariablesInFile(itemPath, replacements);
-        }
-    }
-}
-/**
- * Replaces variables in the JS file.
- * @param fileName The file name.
- * @param replacements The collection of variable placeholders and replacements.
- */
-function replaceVariablesInFile(fileName, replacements) {
-    let contents = fs.readFileSync(fileName, 'utf-8');
-    for (const [placeholder, replacement] of Object.entries(replacements)) {
-        contents = contents.replaceAll(`process.env.${placeholder}`, `'${replacement}'`);
-    }
-    fs.writeFileSync(fileName, contents);
-}
-/**
- * Uploads the app to S3.
- * Ensures correct content-type and cache-control for each file.
- * @param tmpDir The temporary directory where the app is located.
- * @param bucketName The destination S3 bucket name.
- */
-async function uploadAppToS3(tmpDir, bucketName) {
-    // Manually iterate and upload files
-    // Automatic content-type detection is not reliable on Microsoft Windows
-    // So we explicitly set content-type
-    const uploadPatterns = [
-        // Cached
-        // These files generally have a hash, so they can be cached forever
-        // It is important to upload them first to avoid broken references from index.html
-        ['css/**/*.css', 'text/css', true],
-        ['css/**/*.css.map', 'application/json', true],
-        ['img/**/*.png', 'image/png', true],
-        ['img/**/*.svg', 'image/svg+xml', true],
-        ['js/**/*.js', 'application/javascript', true],
-        ['js/**/*.js.map', 'application/json', true],
-        ['js/**/*.txt', 'text/plain', true],
-        ['favicon.ico', 'image/vnd.microsoft.icon', true],
-        ['robots.txt', 'text/plain', true],
-        ['workbox-*.js', 'application/javascript', true],
-        ['workbox-*.js.map', 'application/json', true],
-        // Not cached
-        ['manifest.webmanifest', 'application/manifest+json', false],
-        ['service-worker.js', 'application/javascript', false],
-        ['service-worker.js.map', 'application/json', false],
-        ['index.html', 'text/html', false],
-    ];
-    for (const uploadPattern of uploadPatterns) {
-        await uploadFolderToS3({
-            rootDir: tmpDir,
-            bucketName,
-            fileNamePattern: uploadPattern[0],
-            contentType: uploadPattern[1],
-            cached: uploadPattern[2],
-        });
-    }
-}
-/**
- * Uploads a directory of files to S3.
- * @param options The upload options such as bucket name, content type, and cache control.
- * @param options.rootDir The root directory of the upload.
- * @param options.bucketName The destination bucket name.
- * @param options.fileNamePattern The glob file pattern to upload.
- * @param options.contentType The content type MIME type.
- * @param options.cached True to mark as public and cached forever.
- */
-async function uploadFolderToS3(options) {
-    const items = fastGlob.sync(options.fileNamePattern, { cwd: options.rootDir });
-    for (const item of items) {
-        await uploadFileToS3(path.join(options.rootDir, item), options);
-    }
-}
-/**
- * Uploads a file to S3.
- * @param filePath The file path.
- * @param options The upload options such as bucket name, content type, and cache control.
- * @param options.rootDir The root directory of the upload.
- * @param options.bucketName The destination bucket name.
- * @param options.contentType The content type MIME type.
- * @param options.cached True to mark as public and cached forever.
- */
-async function uploadFileToS3(filePath, options) {
-    const fileStream = fs.createReadStream(filePath);
-    const s3Key = filePath
-        .substring(options.rootDir.length + 1)
-        .split(path.sep)
-        .join('/');
-    const putObjectParams = {
-        Bucket: options.bucketName,
-        Key: s3Key,
-        Body: fileStream,
-        ContentType: options.contentType,
-        CacheControl: options.cached ? 'public, max-age=31536000' : 'no-cache, no-store, must-revalidate',
-    };
-    console.log(`Uploading ${s3Key} to ${options.bucketName}...`);
-    await s3Client.send(new clientS3.PutObjectCommand(putObjectParams));
-}
-/**
- * Creates a CloudFront invalidation to clear the cache for all files.
- * This is not strictly necessary, but it helps to ensure that the latest version of the app is served.
- * In a perfect world, every deploy is clean, and hashed resources should be cached forever.
- * However, we do not recalculate hashes after variable replacements.
- * So if variables change, we need to invalidate the cache.
- * @param distributionId The CloudFront distribution ID.
- */
-async function createInvalidation(distributionId) {
-    const response = await cloudFrontClient.send(new clientCloudfront.CreateInvalidationCommand({
-        DistributionId: distributionId,
-        InvalidationBatch: {
-            CallerReference: `invalidate-all-${Date.now()}`,
-            Paths: {
-                Quantity: 1,
-                Items: ['/*'],
-            },
-        },
-    }));
-    console.log(`Created invalidation with ID: ${response.Invalidation?.Id}`);
-}
-
-/**
- * The AWS "update-server" command updates the Medplum server in a Medplum CloudFormation stack.
- * @param tag The Medplum stack tag.
- */
-async function updateServerCommand(tag) {
-    const details = await getStackByTag(tag);
-    if (!details) {
-        console.log('Stack not found');
-        return;
-    }
-    const ecsCluster = details.ecsCluster?.PhysicalResourceId;
-    if (!ecsCluster) {
-        console.log('ECS Cluster not found');
-        return;
-    }
-    const ecsService = getEcsServiceName(details.ecsService);
-    if (!ecsService) {
-        console.log('ECS Service not found');
-        return;
-    }
-    await ecsClient.send(new clientEcs.UpdateServiceCommand({
-        cluster: ecsCluster,
-        service: ecsService,
-        forceNewDeployment: true,
-    }));
-    console.log(`Service "${ecsService}" updated successfully.`);
-}
-
-const getDomainSetting = (domain) => `${domain}DomainName`;
-const getDomainCertSetting = (domain) => `${domain}SslCertArn`;
-let terminal;
-async function initStackCommand() {
-    const config = { apiPort: 8103, region: 'us-east-1' };
-    terminal = readline.createInterface({ input: process.stdin, output: process.stdout });
-    header('MEDPLUM');
-    print('This tool prepares the necessary prerequisites for deploying Medplum in your AWS account.');
-    print('');
-    print('Most Medplum infrastructure is deployed using the AWS CDK.');
-    print('However, some AWS resources must be created manually, such as email addresses and SSL certificates.');
-    print('This tool will help you create those resources.');
-    print('');
-    print('Upon completion, this tool will:');
-    print('  1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)');
-    print('  2. Optionally generate an AWS CloudFront signing key');
-    print('  3. Optionally request SSL certificates from AWS Certificate Manager');
-    print('  4. Optionally write server config settings to AWS Parameter Store');
-    print('');
-    print('The Medplum infra config file is an input to the Medplum CDK.');
-    print('The Medplum CDK will create and manage the necessary AWS resources.');
-    print('');
-    print('We will ask a series of questions to generate your infra config file.');
-    print('Some questions have predefined options in [square brackets].');
-    print('Some questions have default values in (parentheses), which you can accept by pressing Enter.');
-    print('Press Ctrl+C at any time to exit.');
-    header('ENVIRONMENT NAME');
-    print('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".');
-    print('The environment name is used in multiple places:');
-    print('  1. As part of config file names (i.e., medplum.demo.config.json)');
-    print('  2. As the base of CloudFormation stack names (i.e., MedplumDemo)');
-    print('  3. AWS Parameter Store keys (i.e., /medplum/demo/...)');
-    config.name = await ask('What is your environment name?', 'demo');
-    print('Using environment name "' + config.name + '"...');
-    header('CONFIG FILE');
-    print('Medplum Infrastructure will create a config file in the current directory.');
-    const configFileName = await ask('What is the config file name?', `medplum.${config.name}.config.json`);
-    if (fs.existsSync(configFileName)) {
-        print('Config file already exists.');
-        await checkOk('Do you want to overwrite the config file?');
-    }
-    print('Using config file "' + configFileName + '"...');
-    writeConfig(configFileName, config);
-    header('AWS REGION');
-    print('Most Medplum resources will be created in a single AWS region.');
-    config.region = await ask('Enter your AWS region:', 'us-east-1');
-    writeConfig(configFileName, config);
-    header('AWS ACCOUNT NUMBER');
-    print('Medplum Infrastructure will use your AWS account number to create AWS resources.');
-    const currentAccountId = await getAccountId(config.region);
-    print('Using the AWS CLI, your current account ID is: ' + currentAccountId);
-    config.accountNumber = await ask('What is your AWS account number?', currentAccountId);
-    writeConfig(configFileName, config);
-    header('STACK NAME');
-    print('Medplum will create a CloudFormation stack to manage AWS resources.');
-    const defaultStackName = 'Medplum' + config.name.charAt(0).toUpperCase() + config.name.slice(1);
-    config.stackName = await ask('Enter your CloudFormation stack name?', defaultStackName);
-    writeConfig(configFileName, config);
-    header('BASE DOMAIN NAME');
-    print('Medplum deploys multiple subdomains for various services.');
-    print('');
-    print('For example, "api." for the REST API and "app." for the web application.');
-    print('The base domain name is the common suffix for all subdomains.');
-    print('');
-    print('For example, if your base domain name is "example.com",');
-    print('then the REST API will be "api.example.com".');
-    print('');
-    print('Note that you must own the base domain, and it must use Route53 DNS.');
-    print('Medplum will create subdomains for you, but you must configure the base domain.');
-    while (!config.domainName) {
-        config.domainName = await ask('Enter your base domain name:');
-    }
-    writeConfig(configFileName, config);
-    header('SUPPORT EMAIL');
-    print('Medplum sends transactional emails to users.');
-    print('For example, emails to new users or for password reset.');
-    print('Medplum will use the support email address to send these emails.');
-    print('Note that you must verify the support email address in SES.');
-    const supportEmail = await ask('Enter your support email address:');
-    header('API DOMAIN NAME');
-    print('Medplum deploys a REST API for the backend services.');
-    config.apiDomainName = await ask('Enter your REST API domain name:', 'api.' + config.domainName);
-    writeConfig(configFileName, config);
-    header('APP DOMAIN NAME');
-    print('Medplum deploys a web application for the user interface.');
-    config.appDomainName = await ask('Enter your web application domain name:', 'app.' + config.domainName);
-    writeConfig(configFileName, config);
-    header('STORAGE DOMAIN NAME');
-    print('Medplum deploys a storage service for file uploads.');
-    config.storageDomainName = await ask('Enter your storage domain name:', 'storage.' + config.domainName);
-    writeConfig(configFileName, config);
-    header('STORAGE BUCKET');
-    print('Medplum uses an S3 bucket to store binary content such as file uploads.');
-    print('Medplum will create a the S3 bucket as part of the CloudFormation stack.');
-    config.storageBucketName = await ask('Enter your storage bucket name:', 'medplum-' + config.name + '-storage');
-    writeConfig(configFileName, config);
-    header('MAX AVAILABILITY ZONES');
-    print('Medplum API servers can be deployed in multiple availability zones.');
-    print('This provides redundancy and high availability.');
-    print('However, it also increases the cost of the deployment.');
-    print('If you want to use all availability zones, choose a large number such as 99.');
-    print('If you want to restrict the number, for example to manage EIP limits,');
-    print('then choose a small number such as 1 or 2.');
-    config.maxAzs = await chooseInt('Enter the maximum number of availability zones:', [1, 2, 3, 99], 2);
-    header('DATABASE INSTANCES');
-    print('Medplum uses a relational database to store data.');
-    print('You can set up your own database,');
-    print('or Medplum can create a new RDS database as part of the CloudFormation stack.');
-    if (await yesOrNo('Do you want to create a new RDS database as part of the CloudFormation stack?')) {
-        print('Medplum will create a new RDS database as part of the CloudFormation stack.');
-        print('');
-        print('If you need high availability, you can choose multiple instances.');
-        print('Use 1 for a single instance, or 2 for a primary and a standby.');
-        config.rdsInstances = await chooseInt('Enter the number of database instances:', [1, 2], 1);
-    }
-    else {
-        print('Medplum will not create a new RDS database.');
-        print('Please create a new RDS database and enter the database name, username, and password.');
-        print('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.');
-        config.rdsSecretsArn = 'TODO';
-    }
-    writeConfig(configFileName, config);
-    header('SERVER INSTANCES');
-    print('Medplum uses AWS Fargate to run the API servers.');
-    print('Medplum will create a new Fargate cluster as part of the CloudFormation stack.');
-    print('Fargate will automatically scale the number of servers up and down.');
-    print('If you need high availability, you can choose multiple instances.');
-    config.desiredServerCount = await chooseInt('Enter the number of server instances:', [1, 2, 3, 4, 6, 8], 1);
-    writeConfig(configFileName, config);
-    header('SERVER MEMORY');
-    print('You can choose the amount of memory for each server instance.');
-    print('The default is 512 MB, which is sufficient for getting started.');
-    print('Note that only certain CPU units are compatible with memory units.');
-    print('Consult AWS Fargate "Task Definition Parameters" for more information.');
-    config.serverMemory = await chooseInt('Enter the server memory (MB):', [512, 1024, 2048, 4096, 8192, 16384], 512);
-    writeConfig(configFileName, config);
-    header('SERVER CPU');
-    print('You can choose the amount of CPU for each server instance.');
-    print('CPU is expressed as an integer using AWS CPU units');
-    print('The default is 256, which is sufficient for getting started.');
-    print('Note that only certain CPU units are compatible with memory units.');
-    print('Consult AWS Fargate "Task Definition Parameters" for more information.');
-    config.serverCpu = await chooseInt('Enter the server CPU:', [256, 512, 1024, 2048, 4096, 8192, 16384], 256);
-    writeConfig(configFileName, config);
-    header('SERVER IMAGE');
-    print('Medplum uses Docker images for the API servers.');
-    print('You can choose the image to use for the servers.');
-    print('Docker images can be loaded from either Docker Hub or AWS ECR.');
-    print('The default is the latest Medplum release.');
-    config.serverImage = await ask('Enter the server image:', 'medplum/medplum-server:latest');
-    writeConfig(configFileName, config);
-    header('SIGNING KEY');
-    print('Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.');
-    const { privateKey, publicKey, passphrase } = generateSigningKey();
-    config.storagePublicKey = publicKey;
-    writeConfig(configFileName, config);
-    header('SSL CERTIFICATES');
-    print(`Medplum will now check for existing SSL certificates for the subdomains.`);
-    const allCerts = await listAllCertificates(config.region);
-    print('Found ' + allCerts.length + ' certificate(s).');
-    // Process certificates for each subdomain
-    // Note: The "api" certificate must be created in the same region as the API
-    // Note: The "app" and "storage" certificates must be created in us-east-1
-    for (const { region, certName } of [
-        { region: config.region, certName: 'api' },
-        { region: 'us-east-1', certName: 'app' },
-        { region: 'us-east-1', certName: 'storage' },
-    ]) {
-        print('');
-        const arn = await processCert(config, allCerts, region, certName);
-        config[getDomainCertSetting(certName)] = arn;
-        writeConfig(configFileName, config);
-    }
-    header('AWS PARAMETER STORE');
-    print('Medplum uses AWS Parameter Store to store sensitive configuration values.');
-    print('These values will be encrypted at rest.');
-    print(`The values will be stored in the "/medplum/${config.name}" path.`);
-    const serverParams = {
-        port: config.apiPort,
-        baseUrl: `https://${config.apiDomainName}/`,
-        appBaseUrl: `https://${config.appDomainName}/`,
-        storageBaseUrl: `https://${config.storageDomainName}/binary/`,
-        binaryStorage: `s3:${config.storageBucketName}`,
-        signingKey: privateKey,
-        signingKeyPassphrase: passphrase,
-        supportEmail: supportEmail,
-    };
-    print(JSON.stringify({
-        ...serverParams,
-        signingKey: '****',
-        signingKeyPassphrase: '****',
-    }, null, 2));
-    await checkOk('Do you want to store these values in AWS Parameter Store?');
-    await writeParameters(config.region, `/medplum/${config.name}/`, serverParams);
-    header('DONE!');
-    print('Medplum configuration complete.');
-    print('You can now proceed to deploying the Medplum infrastructure with CDK.');
-    print('Run:');
-    print('');
-    print(`    npx cdk bootstrap -c config=${configFileName}`);
-    print(`    npx cdk synth -c config=${configFileName}`);
-    if (config.region === 'us-east-1') {
-        print(`    npx cdk deploy -c config=${configFileName}`);
-    }
-    else {
-        print(`    npx cdk deploy -c config=${configFileName} --all`);
-    }
-    print('');
-    print('See Medplum documentation for more information:');
-    print('');
-    print('    https://www.medplum.com/docs/self-hosting/install-on-aws');
-    print('');
-}
-/**
- * Prints to stdout.
- * @param text The text to print.
- */
-function print(text) {
-    terminal.write(text + '\n');
-}
-/**
- * Prints a header with extra line spacing.
- * @param text The text to print.
- */
-function header(text) {
-    print('\n' + text + '\n');
-}
-/**
- * Prints a question and waits for user input.
- * @param text The question text to print.
- * @param defaultValue Optional default value.
- * @returns The selected value, or default value on empty selection.
- */
-function ask(text, defaultValue = '') {
-    return new Promise((resolve) => {
-        terminal.question(text + (defaultValue ? ' (' + defaultValue + ')' : '') + ' ', (answer) => {
-            resolve(answer || defaultValue.toString());
-        });
-    });
-}
-/**
- * Prints a question and waits for user to choose one of the provided options.
- * @param text The prompt text to print.
- * @param options The list of options that the user can select.
- * @param defaultValue Optional default value.
- * @returns The selected value, or default value on empty selection.
- */
-async function choose(text, options, defaultValue = '') {
-    const str = text + ' [' + options.map((o) => (o === defaultValue ? '(' + o + ')' : o)).join('|') + ']';
-    // eslint-disable-next-line no-constant-condition
-    while (true) {
-        const answer = (await ask(str)) || defaultValue;
-        if (options.includes(answer)) {
-            return answer;
-        }
-        print('Please choose one of the following options: ' + options.join(', '));
-    }
-}
-/**
- * Prints a question and waits for the user to choose a valid integer option.
- * @param text The prompt text to print.
- * @param options The list of options that the user can select.
- * @param defaultValue Optional default value.
- * @returns The selected value, or default value on empty selection.
- */
-async function chooseInt(text, options, defaultValue = 0) {
-    return parseInt(await choose(text, options.map((o) => o.toString()), defaultValue.toString()), 10);
-}
-/**
- * Prints a question and waits for the user to choose yes or no.
- * @param text The question to print.
- * @returns true on accept or false on reject.
- */
-async function yesOrNo(text) {
-    return (await choose(text, ['y', 'n'])).toLowerCase() === 'y';
-}
-/**
- * Prints a question and waits for the user to confirm yes. Throws error on no, and exits the program.
- * @param text The prompt text to print.
- */
-async function checkOk(text) {
-    if (!(await yesOrNo(text))) {
-        print('Exiting...');
-        throw new Error('User cancelled');
-    }
-}
-/**
- * Writes a config file to disk.
- * @param configFileName The config file name.
- * @param config The config file contents.
- */
-function writeConfig(configFileName, config) {
-    fs.writeFileSync(path.resolve(configFileName), JSON.stringify(config, undefined, 2), 'utf-8');
-}
-/**
- * Returns the current AWS account ID.
- * This is used as the default value for the "accountNumber" config setting.
- * @param region The AWS region.
- * @returns The AWS account ID.
- */
-async function getAccountId(region) {
-    try {
-        const client = new clientSts.STSClient({ region });
-        const command = new clientSts.GetCallerIdentityCommand({});
-        const response = await client.send(command);
-        return response.Account;
-    }
-    catch (err) {
-        console.log('Warning: Unable to get AWS account ID', err.message);
-        return undefined;
-    }
-}
-/**
- * Returns a list of all AWS certificates.
- * This is used to find existing certificates for the subdomains.
- * If the primary region is not us-east-1, then certificates in us-east-1 will also be returned.
- * @param region The AWS region.
- * @returns The list of AWS Certificates.
- */
-async function listAllCertificates(region) {
-    const result = await listCertificates(region);
-    if (region !== 'us-east-1') {
-        const usEast1Result = await listCertificates('us-east-1');
-        result.push(...usEast1Result);
-    }
-    return result;
-}
-/**
- * Returns a list of AWS Certificates.
- * This is used to find existing certificates for the subdomains.
- * @param region The AWS region.
- * @returns The list of AWS Certificates.
- */
-async function listCertificates(region) {
-    try {
-        const client = new clientAcm.ACMClient({ region });
-        const command = new clientAcm.ListCertificatesCommand({ MaxItems: 1000 });
-        const response = await client.send(command);
-        return response.CertificateSummaryList;
-    }
-    catch (err) {
-        console.log('Warning: Unable to list certificates', err.message);
-        return [];
-    }
-}
-/**
- * Processes a required certificate.
- *
- * 1. If the certificate already exists, return the ARN.
- * 2. If the certificate does not exist, and the user wants to create a new certificate, create it and return the ARN.
- * 3. If the certificate does not exist, and the user does not want to create a new certificate, return a placeholder.
- * @param config In-progress config settings.
- * @param allCerts List of all existing certificates.
- * @param region The AWS region where the certificate is needed.
- * @param certName The name of the certificate (api, app, or storage).
- * @returns The ARN of the certificate or placeholder if a new certificate is needed.
- */
-async function processCert(config, allCerts, region, certName) {
-    const domainName = config[getDomainSetting(certName)];
-    const existingCert = allCerts.find((cert) => cert.CertificateArn?.includes(region) && cert.DomainName === domainName);
-    if (existingCert) {
-        print(`Found existing certificate for "${domainName}" in "${region}.`);
-        return existingCert.CertificateArn;
-    }
-    print(`No existing certificate found for "${domainName}" in "${region}.`);
-    if (!(await yesOrNo('Do you want to request a new certificate?'))) {
-        print(`Please add your certificate ARN to the config file in the "${getDomainCertSetting(certName)}" setting.`);
-        return 'TODO';
-    }
-    const arn = await requestCert(region, domainName);
-    print('Certificate ARN: ' + arn);
-    return arn;
-}
-/**
- * Requests an AWS Certificate.
- * @param region The AWS region.
- * @param domain The domain name.
- * @returns The AWS Certificate ARN on success, or undefined on failure.
- */
-async function requestCert(region, domain) {
-    try {
-        const validationMethod = await choose('Validate certificate using DNS or email validation?', ['dns', 'email'], 'dns');
-        const client = new clientAcm.ACMClient({ region });
-        const command = new clientAcm.RequestCertificateCommand({
-            DomainName: domain,
-            ValidationMethod: validationMethod.toUpperCase(),
-        });
-        const response = await client.send(command);
-        return response.CertificateArn;
-    }
-    catch (err) {
-        console.log('Error: Unable to request certificate', err.message);
-        return 'TODO';
-    }
-}
-/**
- * Generates an AWS CloudFront signing key.
- *
- * Requirements:
- *
- *   1. It must be an SSH-2 RSA key pair.
- *   2. It must be in base64-encoded PEM format.
- *   3. It must be a 2048-bit key pair.
- *
- * See: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs
- * @returns A new signing key.
- */
-function generateSigningKey() {
-    const passphrase = crypto.randomUUID();
-    const signingKey = crypto.generateKeyPairSync('rsa', {
-        modulusLength: 2048,
-        publicKeyEncoding: {
-            type: 'spki',
-            format: 'pem',
-        },
-        privateKeyEncoding: {
-            type: 'pkcs1',
-            format: 'pem',
-            cipher: 'aes-256-cbc',
-            passphrase,
-        },
-    });
-    return {
-        publicKey: signingKey.publicKey,
-        privateKey: signingKey.privateKey,
-        passphrase,
-    };
-}
-/**
- * Writes a parameter to AWS Parameter Store.
- * @param region The AWS region.
- * @param key The parameter key.
- * @param value The parameter value.
- */
-async function writeParameter(region, key, value) {
-    const client = new clientSsm.SSMClient({ region });
-    const command = new clientSsm.PutParameterCommand({
-        Name: key,
-        Value: value,
-        Type: 'SecureString',
-        Overwrite: true,
-    });
-    await client.send(command);
-}
-/**
- * Writes a collection of parameters to AWS Parameter Store.
- * @param region The AWS region.
- * @param prefix The AWS Parameter Store prefix.
- * @param params The parameters to write.
- */
-async function writeParameters(region, prefix, params) {
-    for (const [key, value] of Object.entries(params)) {
-        const valueStr = value.toString();
-        if (valueStr) {
-            await writeParameter(region, prefix + key, valueStr);
-        }
-    }
-}
-
-const aws = new commander.Command('aws').description('Commands to manage AWS resources');
-aws.command('init').description('Initialize a new Medplum AWS CloudFormation stacks').action(initStackCommand);
-aws.command('list').description('List Medplum AWS CloudFormation stacks').action(listStacksCommand);
-aws
-    .command('describe')
-    .description('Describe a Medplum AWS CloudFormation stack by tag')
-    .argument('<tag>')
-    .action(describeStacksCommand);
-aws.command('update-server').description('Update the server image').argument('<tag>').action(updateServerCommand);
-aws.command('update-app').description('Update the app site').argument('<tag>').action(updateAppCommand);
-
-const botSaveCommand = createMedplumCommand('save');
-const botDeployCommand = createMedplumCommand('deploy');
-const botCreateCommand = createMedplumCommand('create');
-const bot = new commander.Command('bot')
-    .addCommand(botSaveCommand)
-    .addCommand(botDeployCommand)
-    .addCommand(botCreateCommand);
-// Commands to deprecate
-const saveBotDeprecate = createMedplumCommand('save-bot');
-const deployBotDeprecate = createMedplumCommand('deploy-bot');
-const createBotDeprecate = createMedplumCommand('create-bot');
-botSaveCommand
-    .description('Saving the bot')
-    .argument('<botName>')
-    .action(async (botName, options) => {
-    const medplum = await createMedplumClient(options);
-    await botWrapper(medplum, botName);
-});
-botDeployCommand
-    .description('Deploy the app to AWS')
-    .argument('<botName>')
-    .action(async (botName, options) => {
-    const medplum = await createMedplumClient(options);
-    await botWrapper(medplum, botName, true);
-});
-botCreateCommand
-    .arguments('<botName> <projectId> <sourceFile> <distFile>')
-    .description('Creating a bot')
-    .action(async (botName, projectId, sourceFile, distFile, options) => {
-    const medplum = await createMedplumClient(options);
-    await createBot(medplum, [botName, projectId, sourceFile, distFile]);
-});
-async function botWrapper(medplum, botName, deploy = false) {
-    const botConfigs = readBotConfigs(botName);
-    for (const botConfig of botConfigs) {
-        const bot = await medplum.readResource('Bot', botConfig.id);
-        await saveBot(medplum, botConfig, bot);
-        if (deploy) {
-            await deployBot(medplum, botConfig, bot);
-        }
-    }
-    console.log(`Number of bots deployed: ${botConfigs.length}`);
-}
-// Deprecate bot commands
-saveBotDeprecate
-    .description('Saves the bot')
-    .argument('<botName>')
-    .action(async (botName, options) => {
-    const medplum = await createMedplumClient(options);
-    await botWrapper(medplum, botName);
-});
-deployBotDeprecate
-    .description('Deploy the bot to AWS')
-    .argument('<botName>')
-    .action(async (botName, options) => {
-    const medplum = await createMedplumClient(options);
-    await botWrapper(medplum, botName, true);
-});
-createBotDeprecate
-    .arguments('<botName> <projectId> <sourceFile> <distFile>')
-    .description('Creates and saves the bot')
-    .action(async (botName, projectId, sourceFile, distFile, options) => {
-    const medplum = await createMedplumClient(options);
-    await createBot(medplum, [botName, projectId, sourceFile, distFile]);
-});
-
-const bulkExportCommand = createMedplumCommand('export');
-const bulkImportCommand = createMedplumCommand('import');
-const bulk = new commander.Command('bulk').addCommand(bulkExportCommand).addCommand(bulkImportCommand);
-bulkExportCommand
-    .option('-e, --export-level <exportLevel>', 'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.')
-    .option('-t, --types <types>', 'optional resource types to export')
-    .option('-s, --since <since>', 'optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).')
-    .option('-d, --target-directory <targetDirectory>', 'optional target directory to save files from the bulk export operations.')
-    .action(async (options) => {
-    const { exportLevel, types, since, targetDirectory } = options;
-    const medplum = await createMedplumClient(options);
-    const response = await medplum.bulkExport(exportLevel, types, since);
-    response.output?.forEach(async ({ type, url }) => {
-        const fileUrl = new URL(url);
-        const data = await medplum.download(url);
-        const fileName = `${type}_${fileUrl.pathname}`.replace(/[^a-zA-Z0-9]+/g, '_') + '.ndjson';
-        const path$1 = path.resolve(targetDirectory ?? '', fileName);
-        fs.writeFile(`${path$1}`, await data.text(), () => {
-            console.log(`${path$1} is created`);
-        });
-    });
-});
-bulkImportCommand
-    .argument('<filename>', 'File Name')
-    .option('--num-resources-per-request <numResourcesPerRequest>', 'optional number of resources to import per batch request. Defaults to 25.', '25')
-    .option('--add-extensions-for-missing-values', 'optional flag to add extensions for missing values in a resource', false)
-    .option('-d, --target-directory <targetDirectory>', 'optional target directory of file to be imported')
-    .action(async (fileName, options) => {
-    const { numResourcesPerRequest, addExtensionsForMissingValues, targetDirectory } = options;
-    const path$1 = path.resolve(targetDirectory ?? process.cwd(), fileName);
-    const medplum = await createMedplumClient(options);
-    await importFile(path$1, parseInt(numResourcesPerRequest, 10), medplum, addExtensionsForMissingValues);
-});
-async function importFile(path, numResourcesPerRequest, medplum, addExtensionsForMissingValues) {
-    let entries = [];
-    const fileStream = fs.createReadStream(path);
-    const rl = readline.createInterface({
-        input: fileStream,
-    });
-    for await (const line of rl) {
-        const resource = parseResource(line, addExtensionsForMissingValues);
-        entries.push({
-            resource: resource,
-            request: {
-                method: 'POST',
-                url: resource.resourceType,
-            },
-        });
-        if (entries.length % numResourcesPerRequest === 0) {
-            await sendBatchEntries(entries, medplum);
-            entries = [];
-        }
-    }
-    if (entries.length > 0) {
-        await sendBatchEntries(entries, medplum);
-    }
-}
-async function sendBatchEntries(entries, medplum) {
-    const result = await medplum.executeBatch({
-        resourceType: 'Bundle',
-        type: 'transaction',
-        entry: entries,
-    });
-    result.entry?.forEach((resultEntry) => {
-        prettyPrint(resultEntry.response);
-    });
-}
-function parseResource(jsonString, addExtensionsForMissingValues) {
-    const resource = JSON.parse(jsonString);
-    if (addExtensionsForMissingValues) {
-        return addExtensionsForMissingValuesResource(resource);
-    }
-    return resource;
-}
-function addExtensionsForMissingValuesResource(resource) {
-    if (resource.resourceType === 'ExplanationOfBenefit') {
-        return addExtensionsForMissingValuesExplanationOfBenefits(resource);
-    }
-    return resource;
-}
-function addExtensionsForMissingValuesExplanationOfBenefits(resource) {
-    if (!resource.provider) {
-        resource.provider = getUnsupportedExtension();
-    }
-    resource.item?.forEach((item) => {
-        if (!item?.productOrService) {
-            item.productOrService = getUnsupportedExtension();
-        }
-    });
-    return resource;
-}
-
-const projectListCommand = createMedplumCommand('list');
-const projectCurrentCommand = createMedplumCommand('current');
-const projectSwitchCommand = createMedplumCommand('switch');
-const projectInviteCommand = createMedplumCommand('invite');
-const project = new commander.Command('project')
-    .addCommand(projectListCommand)
-    .addCommand(projectCurrentCommand)
-    .addCommand(projectSwitchCommand)
-    .addCommand(projectInviteCommand);
-projectListCommand.description('List of current projects').action(async (options) => {
-    const medplum = await createMedplumClient(options);
-    projectList(medplum);
-});
-function projectList(medplum) {
-    const logins = medplum.getLogins();
-    const projects = logins
-        .map((login) => `${login.project.display} (${login.project.reference})`)
-        .join('\n\n');
-    console.log(projects);
-}
-projectCurrentCommand.description('Project you are currently on').action(async (options) => {
-    const medplum = await createMedplumClient(options);
-    const login = medplum.getActiveLogin();
-    if (!login) {
-        throw new Error('Unauthenticated: run `npx medplum login` to login');
-    }
-    console.log(`${login.project.display} (${login.project.reference})`);
-});
-projectSwitchCommand
-    .description('Switching to another project from the current one')
-    .argument('<projectId>')
-    .action(async (projectId, options) => {
-    const medplum = await createMedplumClient(options);
-    await switchProject(medplum, projectId);
-});
-projectInviteCommand
-    .description('Invite a member to your current project (run npx medplum project current to confirm)')
-    .arguments('<firstName> <lastName> <email>')
-    .option('--send-email', 'If you want to send the email when inviting the user')
-    .option('--admin', 'If the user you are inviting is an admin')
-    .addOption(new commander.Option('-r, --role <role>', 'Role of user')
-    .choices(['Practitioner', 'Patient', 'RelatedPerson'])
-    .default('Practitioner'))
-    .action(async (firstName, lastName, email, options) => {
-    const medplum = await createMedplumClient(options);
-    const login = medplum.getActiveLogin();
-    if (!login) {
-        throw new Error('Unauthenticated: run `npx medplum login` to login');
-    }
-    if (!login.project.reference) {
-        throw new Error('No current project to invite user to');
-    }
-    const projectId = login.project.reference.split('/')[1];
-    const inviteBody = {
-        resourceType: options.role,
-        firstName,
-        lastName,
-        email,
-        sendEmail: !!options.sendEmail,
-        admin: !!options.admin,
-    };
-    await inviteUser(projectId, inviteBody, medplum);
-});
-async function switchProject(medplum, projectId) {
-    const logins = medplum.getLogins();
-    const login = logins.find((login) => login.project.reference?.includes(projectId));
-    if (!login) {
-        console.log(`Error: project ${projectId} not found. Make sure you are added as a user to this project`);
-    }
-    else {
-        await medplum.setActiveLogin(login);
-        console.log(`Switched to project ${projectId}\n`);
-    }
-}
-async function inviteUser(projectId, inviteBody, medplum) {
-    try {
-        await medplum.invite(projectId, inviteBody);
-        if (inviteBody.sendEmail) {
-            console.log('Email sent');
-        }
-        console.log('See your users at https://app.medplum.com/admin/users');
-    }
-    catch (err) {
-        console.log('Error while sending invite ' + err);
-    }
-}
-
-const deleteObject = createMedplumCommand('delete');
-const get = createMedplumCommand('get');
-const patch = createMedplumCommand('patch');
-const post = createMedplumCommand('post');
-const put = createMedplumCommand('put');
-deleteObject.argument('<url>', 'Resource/$id').action(async (url, options) => {
-    const medplum = await createMedplumClient(options);
-    prettyPrint(await medplum.delete(cleanUrl(url)));
-});
-get
-    .argument('<url>', 'Resource/$id')
-    .option('--as-transaction', 'Print out the bundle as a transaction type')
-    .action(async (url, options) => {
-    const medplum = await createMedplumClient(options);
-    const response = await medplum.get(cleanUrl(url));
-    if (options.asTransaction) {
-        prettyPrint(core.convertToTransactionBundle(response));
-    }
-    else {
-        prettyPrint(response);
-    }
-});
-patch.arguments('<url> <body>').action(async (url, body, options) => {
-    const medplum = await createMedplumClient(options);
-    prettyPrint(await medplum.patch(cleanUrl(url), parseBody(body)));
-});
-post.arguments('<url> <body>').action(async (url, body, options) => {
-    const medplum = await createMedplumClient(options);
-    prettyPrint(await medplum.post(cleanUrl(url), parseBody(body)));
-});
-put.arguments('<url> <body>').action(async (url, body, options) => {
-    const medplum = await createMedplumClient(options);
-    prettyPrint(await medplum.put(cleanUrl(url), parseBody(body)));
-});
-function parseBody(input) {
-    if (!input) {
-        return undefined;
-    }
-    try {
-        return JSON.parse(input);
-    }
-    catch (err) {
-        return input;
-    }
-}
-function cleanUrl(input) {
-    const knownPrefixes = ['admin/', 'auth/', 'fhir/R4'];
-    if (knownPrefixes.some((p) => input.startsWith(p))) {
-        // If the URL starts with a known prefix, return it as-is
-        return input;
-    }
-    // Otherwise, default to FHIR
-    return 'fhir/R4/' + input;
-}
-
-async function main(argv) {
-    try {
-        const index = new commander.Command('medplum').description('Command to access Medplum CLI');
-        index.version(core.MEDPLUM_VERSION);
-        // Auth commands
-        index.addCommand(login);
-        index.addCommand(whoami);
-        // REST commands
-        index.addCommand(get);
-        index.addCommand(post);
-        index.addCommand(patch);
-        index.addCommand(put);
-        index.addCommand(deleteObject);
-        // Project
-        index.addCommand(project);
-        // Bulk Commands
-        index.addCommand(bulk);
-        // Bot Commands
-        index.addCommand(bot);
-        // Deprecated Bot Commands
-        index.addCommand(saveBotDeprecate);
-        index.addCommand(deployBotDeprecate);
-        index.addCommand(createBotDeprecate);
-        // AWS commands
-        index.addCommand(aws);
-        await index.parseAsync(argv);
-    }
-    catch (err) {
-        console.error('Error: ' + core.normalizeErrorString(err));
-    }
-}
-async function run() {
-    dotenv.config();
-    await main(process.argv);
-}
-if (require.main === module) {
-    run().catch((err) => console.error('Unhandled error:', err));
-}
-
-exports.main = main;
-exports.run = run;
+`);console.log(o)}ut.description("Project you are currently on").action(async e=>{let o=(await l(e)).getActiveLogin();if(!o)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${o.project.display} (${o.project.reference})`)});pt.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let o=await l(t);await no(o,e)});ft.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new K.Option("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,o,n)=>{let a=await l(n),i=a.getActiveLogin();if(!i)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!i.project.reference)throw new Error("No current project to invite user to");let s=i.project.reference.split("/")[1],c={resourceType:n.role,firstName:e,lastName:t,email:o,sendEmail:!!n.sendEmail,admin:!!n.admin};await ro(s,c,a)});async function no(e,t){let n=e.getLogins().find(a=>a.project.reference?.includes(t));n?(await e.setActiveLogin(n),console.log(`Switched to project ${t}
+`)):console.log(`Error: project ${t} not found. Make sure you are added as a user to this project`)}async function ro(e,t,o){try{await o.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}catch(n){console.log("Error while sending invite "+n)}}var yt=require("@medplum/core");var le=m("delete"),de=m("get"),ue=m("patch"),pe=m("post"),fe=m("put");le.argument("<url>","Resource/$id").action(async(e,t)=>{let o=await l(t);S(await o.delete(A(e,t)))});de.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let n=await(await l(t)).get(A(e,t));t.asTransaction?S((0,yt.convertToTransactionBundle)(n)):S(n)});ue.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);S(await n.patch(A(e,o),ge(t)))});pe.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);S(await n.post(A(e,o),ge(t)))});fe.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);S(await n.put(A(e,o),ge(t)))});function ge(e){if(e)try{return JSON.parse(e)}catch{return e}}function A(e,t){let o=["admin/","auth/","fhir/R4"],{fhirUrlPath:n}=t;return o.some(a=>e.startsWith(a))?e:n?`${n}/${e}`:"fhir/R4/"+e}async function wt(e){try{let t=new ht.Command("medplum").description("Command to access Medplum CLI");t.version(q.MEDPLUM_VERSION),t.addCommand(H),t.addCommand(V),t.addCommand(de),t.addCommand(pe),t.addCommand(ue),t.addCommand(fe),t.addCommand(le),t.addCommand(gt),t.addCommand(lt),t.addCommand(rt),t.addCommand(ie),t.addCommand(se),t.addCommand(ce),t.addCommand(b),await t.parseAsync(e)}catch(t){console.error("Error: "+(0,q.normalizeErrorString)(t))}}async function Ct(){St.default.config(),await wt(process.argv)}require.main===module&&Ct().catch(e=>console.error("Unhandled error:",e));0&&(module.exports={main,run});
 //# sourceMappingURL=index.cjs.map