@medplum/cli 2.0.30 → 2.0.31

package/dist/cjs/index.cjs

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
-"use strict";var Tt=Object.create;var B=Object.defineProperty;var Rt=Object.getOwnPropertyDescriptor;var Ut=Object.getOwnPropertyNames;var Ot=Object.getPrototypeOf,Bt=Object.prototype.hasOwnProperty;var Ft=(e,t)=>{for(var o in t)B(e,o,{get:t[o],enumerable:!0})},Ce=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of Ut(t))!Bt.call(e,a)&&a!==o&&B(e,a,{get:()=>t[a],enumerable:!(n=Rt(t,a))||n.enumerable});return e};var T=(e,t,o)=>(o=e!=null?Tt(Ot(e)):{},Ce(t||!e||!e.__esModule?B(o,"default",{value:e,enumerable:!0}):o,e)),$t=e=>Ce(B({},"__esModule",{value:!0}),e);var Co={};Ft(Co,{main:()=>Dt,run:()=>It});module.exports=$t(Co);var J=require("@medplum/core"),Nt=require("commander"),xt=T(require("dotenv"));var v=require("@medplum/core"),Me=require("child_process"),Pe=require("http"),ke=require("os");var Ee=require("@medplum/core");var be=require("@medplum/core"),w=require("fs"),ve=require("os"),X=require("path"),C=class extends be.ClientStorage{constructor(o){super();this.dirName=(0,X.resolve)((0,ve.homedir)(),".medplum"),this.fileName=(0,X.resolve)(this.dirName,o+".json")}clear(){this.writeFile({})}getString(o){return this.readFile()?.[o]}setString(o,n){let a=this.readFile()??{};n?a[o]=n:delete a[o],this.writeFile(a)}getObject(o){let n=this.getString(o);return n?JSON.parse(n):void 0}setObject(o,n){this.setString(o,n?JSON.stringify(n):void 0)}readFile(){if((0,w.existsSync)(this.fileName))return JSON.parse((0,w.readFileSync)(this.fileName,"utf8"))}writeFile(o){(0,w.existsSync)(this.dirName)||(0,w.mkdirSync)(this.dirName),(0,w.writeFileSync)(this.fileName,JSON.stringify(o,null,2),"utf8")}};async function l(e){let t=e.profile??"default",o=new C(t);Wt(o,t);let{baseUrl:n,fhirUrlPath:a,accessToken:i,tokenUrl:s,authorizeUrl:c,clientId:u,clientSecret:f}=jt(e,o),I=e.fetch??fetch,S=new Ee.MedplumClient({fetch:I,baseUrl:n,tokenUrl:s,fhirUrlPath:a,authorizeUrl:c,storage:o,onUnauthenticated:Lt});return i&&S.setAccessToken(i),u&&f&&(S.setBasicAuth(u,f),await S.startClientLogin(u,f)),S}function jt(e,t){let o=t.getObject("options"),n=e.baseUrl??o?.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",a=e.fhirUrlPath??o?.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH,i=e.accessToken??o?.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN,s=e.tokenUrl??o?.tokenUrl??process.env.MEDPLUM_TOKEN_URL,c=e.authorizeUrl??o?.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL,u=e.clientId??o?.clientId??process.env.MEDPLUM_CLIENT_ID,f=e.clientSecret??o?.clientSecret??process.env.MEDPLUM_CLIENT_SECRET;return{baseUrl:n,fhirUrlPath:a,accessToken:i,tokenUrl:s,authorizeUrl:c,clientId:u,clientSecret:f}}function Lt(){console.log("Unauthenticated: run `npx medplum login` to sign in")}function Wt(e,t){if(t==="default")return;if(!e.getObject("options"))throw new Error(`Profile ${t} does not exist`)}var F=require("commander");function m(e){return new F.Command(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base url").option("--token-url <tokenUrl>","FHIR server token url").option("--authorize-url <authorizeUrl>","FHIR server authorize url").option("--fhir-url-path <fhirUrlPath>","FHIR server url path").option("-p, --profile <profile>","Profile name").addOption(new F.Option("--auth-type <authType>","Type of authentication").choices(["basic","client-credentials","authorization-code","jwt-bearer","token-exchange"]))}var Ae="medplum-cli",Ne="http://localhost:9615",Y=m("login"),Z=m("whoami");Y.action(async e=>{let t=await l(e);if(e.authType==="basic"){console.log("Basic authentication does not require login");return}await _t(t)});Z.action(async e=>{let t=await l(e);zt(t)});async function _t(e){await Kt(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",Ae),t.searchParams.set("redirect_uri",Ne),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await qt(t.toString())}async function Kt(e){let t=(0,Pe.createServer)(async(o,n)=>{let a=new URL(o.url,"http://localhost:9615"),i=a.searchParams.get("code");if(a.pathname==="/"&&i)try{let s=await e.processCode(i,{clientId:Ae,redirectUri:Ne});n.writeHead(200,{"Content-Type":v.ContentType.TEXT}),n.end(`Signed in as ${(0,v.getDisplayString)(s)}. You may close this window.`)}catch(s){n.writeHead(400,{"Content-Type":v.ContentType.TEXT}),n.end(`Error: ${(0,v.normalizeErrorString)(s)}`)}finally{t.close()}else n.writeHead(404,{"Content-Type":v.ContentType.TEXT}),n.end("Not found")}).listen(9615)}async function qt(e){let t=(0,ke.platform)(),o;switch(t){case"openbsd":case"linux":o=`xdg-open '${e}'`;break;case"darwin":o=`open '${e}'`;break;case"win32":o=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}(0,Me.exec)(o)}function zt(e){let t=e.getActiveLogin();t?(console.log(`Server:  ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}var tt=require("commander");var E=require("@aws-sdk/client-cloudformation"),xe=require("@aws-sdk/client-cloudfront"),De=require("@aws-sdk/client-ecs"),Ie=require("@aws-sdk/client-s3"),Q=new E.CloudFormationClient({}),Te=new xe.CloudFrontClient({}),Re=new De.ECSClient({}),Ue=new Ie.S3Client({}),Vt="medplum:environment";async function ee(){return(await Q.send(new E.ListStacksCommand({}))).StackSummaries?.filter(t=>t.StackName&&t.StackStatus!=="DELETE_COMPLETE")||[]}async function A(e){let t=await ee();for(let o of t){let n=o.StackName,a=await te(n);if(a?.tag===e)return a}}async function te(e){let t=new E.DescribeStacksCommand({StackName:e}),n=(await Q.send(t))?.Stacks?.[0],a=n?.Tags?.find(c=>c.Key===Vt);if(!a)return;let i=await Q.send(new E.DescribeStackResourcesCommand({StackName:e}));if(!i.StackResources)return;let s={stack:n,tag:a.Value};for(let c of i.StackResources)c.ResourceType==="AWS::ECS::Cluster"?s.ecsCluster=c:c.ResourceType==="AWS::ECS::Service"?s.ecsService=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("FrontEndAppBucket")?s.appBucket=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("StorageStorageBucket")?s.storageBucket=c:c.ResourceType==="AWS::CloudFront::Distribution"&&c.LogicalResourceId?.startsWith("FrontEndAppDistribution")&&(s.appDistribution=c);return s}function $(e){console.log(`Medplum Tag:     ${e.tag}`),console.log(`Stack Name:      ${e.stack.StackName}`),console.log(`Stack ID:        ${e.stack.StackId}`),console.log(`Status:          ${e.stack.StackStatus}`),console.log(`ECS Cluster:     ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service:     ${oe(e.ecsService)}`),console.log(`App Bucket:      ${e.appBucket?.PhysicalResourceId}`),console.log(`Storage Bucket:  ${e.storageBucket?.PhysicalResourceId}`)}function oe(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function Oe(e){let t=await A(e);if(!t){console.log("Stack not found");return}$(t)}var M=require("@aws-sdk/client-acm"),N=require("@aws-sdk/client-ssm"),W=require("@aws-sdk/client-sts"),_=require("crypto"),K=require("fs"),Fe=require("path"),$e=T(require("readline")),Gt=e=>`${e}DomainName`,je=e=>`${e}SslCertArn`,L;async function Le(){let e={apiPort:8103,region:"us-east-1"};L=$e.default.createInterface({input:process.stdin,output:process.stdout}),d("MEDPLUM"),r("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),r(""),r("Most Medplum infrastructure is deployed using the AWS CDK."),r("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),r("This tool will help you create those resources."),r(""),r("Upon completion, this tool will:"),r("  1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),r("  2. Optionally generate an AWS CloudFront signing key"),r("  3. Optionally request SSL certificates from AWS Certificate Manager"),r("  4. Optionally write server config settings to AWS Parameter Store"),r(""),r("The Medplum infra config file is an input to the Medplum CDK."),r("The Medplum CDK will create and manage the necessary AWS resources."),r(""),r("We will ask a series of questions to generate your infra config file."),r("Some questions have predefined options in [square brackets]."),r("Some questions have default values in (parentheses), which you can accept by pressing Enter."),r("Press Ctrl+C at any time to exit.");let t=await Ht(e.region);t||(r("It appears that you do not have AWS credentials configured."),r("AWS credentials are not strictly required, but will enable some additional features."),r("If you intend to use AWS credentials, please configure them now."),await j("Do you want to continue without AWS credentials?")),d("ENVIRONMENT NAME"),r('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),r("The environment name is used in multiple places:"),r("  1. As part of config file names (i.e., medplum.demo.config.json)"),r("  2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),r("  3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await g("What is your environment name?","demo"),r('Using environment name "'+e.name+'"...'),d("CONFIG FILE"),r("Medplum Infrastructure will create a config file in the current directory.");let o=await g("What is the config file name?",`medplum.${e.name}.config.json`);(0,K.existsSync)(o)&&(r("Config file already exists."),await j("Do you want to overwrite the config file?")),r('Using config file "'+o+'"...'),p(o,e),d("AWS REGION"),r("Most Medplum resources will be created in a single AWS region."),e.region=await g("Enter your AWS region:","us-east-1"),p(o,e),d("AWS ACCOUNT NUMBER"),r("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&r("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await g("What is your AWS account number?",t),p(o,e),d("STACK NAME"),r("Medplum will create a CloudFormation stack to manage AWS resources."),r("AWS CloudFormation stack names ");let n="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await g("Enter your CloudFormation stack name?",n),p(o,e),d("BASE DOMAIN NAME"),r("Please enter the base domain name for your Medplum deployment."),r(""),r("Medplum deploys multiple subdomains for various services."),r(""),r('For example, "api." for the REST API and "app." for the web application.'),r("The base domain name is the common suffix for all subdomains."),r(""),r('For example, if your base domain name is "example.com",'),r('then the REST API will be "api.example.com".'),r(""),r('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),r(""),r("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await g("Enter your base domain name:");p(o,e),d("SUPPORT EMAIL"),r("Medplum sends transactional emails to users."),r("For example, emails to new users or for password reset."),r("Medplum will use the support email address to send these emails."),r("Note that you must verify the support email address in SES.");let a=await g("Enter your support email address:");d("API DOMAIN NAME"),r("Medplum deploys a REST API for the backend services."),e.apiDomainName=await g("Enter your REST API domain name:","api."+e.domainName),e.baseUrl=`https://${e.apiDomainName}/`,p(o,e),d("APP DOMAIN NAME"),r("Medplum deploys a web application for the user interface."),e.appDomainName=await g("Enter your web application domain name:","app."+e.domainName),p(o,e),d("STORAGE DOMAIN NAME"),r("Medplum deploys a storage service for file uploads."),e.storageDomainName=await g("Enter your storage domain name:","storage."+e.domainName),p(o,e),d("STORAGE BUCKET"),r("Medplum uses an S3 bucket to store binary content such as file uploads."),r("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await g("Enter your storage bucket name:","medplum-"+e.name+"-storage"),p(o,e),d("MAX AVAILABILITY ZONES"),r("Medplum API servers can be deployed in multiple availability zones."),r("This provides redundancy and high availability."),r("However, it also increases the cost of the deployment."),r("If you want to use all availability zones, choose a large number such as 99."),r("If you want to restrict the number, for example to manage EIP limits,"),r("then choose a small number such as 1 or 2."),e.maxAzs=await R("Enter the maximum number of availability zones:",[1,2,3,99],2),d("DATABASE INSTANCES"),r("Medplum uses a relational database to store data."),r("You can set up your own database,"),r("or Medplum can create a new RDS database as part of the CloudFormation stack."),await re("Do you want to create a new RDS database as part of the CloudFormation stack?")?(r("Medplum will create a new RDS database as part of the CloudFormation stack."),r(""),r("If you need high availability, you can choose multiple instances."),r("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await R("Enter the number of database instances:",[1,2],1)):(r("Medplum will not create a new RDS database."),r("Please create a new RDS database and enter the database name, username, and password."),r('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),p(o,e),d("SERVER INSTANCES"),r("Medplum uses AWS Fargate to run the API servers."),r("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),r("Fargate will automatically scale the number of servers up and down."),r("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await R("Enter the number of server instances:",[1,2,3,4,6,8],1),p(o,e),d("SERVER MEMORY"),r("You can choose the amount of memory for each server instance."),r("The default is 512 MB, which is sufficient for getting started."),r("Note that only certain CPU units are compatible with memory units."),r('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await R("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),p(o,e),d("SERVER CPU"),r("You can choose the amount of CPU for each server instance."),r("CPU is expressed as an integer using AWS CPU units"),r("The default is 256, which is sufficient for getting started."),r("Note that only certain CPU units are compatible with memory units."),r('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await R("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),p(o,e),d("SERVER IMAGE"),r("Medplum uses Docker images for the API servers."),r("You can choose the image to use for the servers."),r("Docker images can be loaded from either Docker Hub or AWS ECR."),r("The default is the latest Medplum release."),e.serverImage=await g("Enter the server image:","medplum/medplum-server:latest"),p(o,e),d("SIGNING KEY"),r("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let{privateKey:i,publicKey:s,passphrase:c}=Zt();e.storagePublicKey=s,p(o,e),d("SSL CERTIFICATES"),r("Medplum will now check for existing SSL certificates for the subdomains.");let u=await Jt(e.region);r("Found "+u.length+" certificate(s).");for(let{region:I,certName:S}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){r("");let O=await Xt(e,u,I,S);e[je(S)]=O,p(o,e)}d("AWS PARAMETER STORE"),r("Medplum uses AWS Parameter Store to store sensitive configuration values."),r("These values will be encrypted at rest."),r(`The values will be stored in the "/medplum/${e.name}" path.`);let f={port:e.apiPort,baseUrl:e.baseUrl,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,signingKey:i,signingKeyPassphrase:c,supportEmail:a};r(JSON.stringify({...f,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await j("Do you want to store these values in AWS Parameter Store?"),await to(e.region,`/medplum/${e.name}/`,f),d("DONE!"),r("Medplum configuration complete."),r("You can now proceed to deploying the Medplum infrastructure with CDK."),r("Run:"),r(""),r(`    npx cdk bootstrap -c config=${o}`),r(`    npx cdk synth -c config=${o}`),e.region==="us-east-1"?r(`    npx cdk deploy -c config=${o}`):r(`    npx cdk deploy -c config=${o} --all`),r(""),r("See Medplum documentation for more information:"),r(""),r("    https://www.medplum.com/docs/self-hosting/install-on-aws"),r(""),L.close()}function r(e){L.write(e+`
-`)}function d(e){r(`
+"use strict";var go=Object.create;var we=Object.defineProperty;var wo=Object.getOwnPropertyDescriptor;var So=Object.getOwnPropertyNames;var Eo=Object.getPrototypeOf,bo=Object.prototype.hasOwnProperty;var Co=(e,t)=>{for(var r in t)we(e,r,{get:t[r],enumerable:!0})},kt=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of So(t))!bo.call(e,n)&&n!==r&&we(e,n,{get:()=>t[n],enumerable:!(o=wo(t,n))||o.enumerable});return e};var W=(e,t,r)=>(r=e!=null?go(Eo(e)):{},kt(t||!e||!e.__esModule?we(r,"default",{value:e,enumerable:!0}):r,e)),vo=e=>kt(we({},"__esModule",{value:!0}),e);var ii={};Co(ii,{main:()=>fo,run:()=>ho});module.exports=vo(ii);var Ge=require("@medplum/core"),uo=require("commander"),lo=W(require("dotenv"));var $=require("@medplum/core"),mr=require("child_process"),ur=require("http"),lr=require("os");var Ot=require("@medplum/core"),R=require("fs"),Wt=require("os"),ze=require("path"),b=class extends Ot.ClientStorage{constructor(r){super();this.dirName=(0,ze.resolve)((0,Wt.homedir)(),".medplum"),this.fileName=(0,ze.resolve)(this.dirName,r+".json")}clear(){this.writeFile({})}getString(r){return this.readFile()?.[r]}setString(r,o){let n=this.readFile()??{};o?n[r]=o:delete n[r],this.writeFile(n)}getObject(r){let o=this.getString(r);return o?JSON.parse(o):void 0}setObject(r,o){this.setString(r,o?JSON.stringify(o):void 0)}readFile(){if((0,R.existsSync)(this.fileName))return JSON.parse((0,R.readFileSync)(this.fileName,"utf8"))}writeFile(r){(0,R.existsSync)(this.dirName)||(0,R.mkdirSync)(this.dirName),(0,R.writeFileSync)(this.fileName,JSON.stringify(r,null,2),"utf8")}};var Rt=require("@medplum/core");async function u(e){let t=e.profile??"default",r=new b(t),o=r.getObject("options");if(t!=="default"&&!o)throw new Error(`Profile "${t}" does not exist`);let{baseUrl:n,fhirUrlPath:a,accessToken:s,tokenUrl:c,authorizeUrl:p,clientId:f,clientSecret:y}=Ao(e,r),T=e.fetch??fetch,I=new Rt.MedplumClient({fetch:T,baseUrl:n,tokenUrl:c,fhirUrlPath:a,authorizeUrl:p,storage:r,onUnauthenticated:xo});return s&&I.setAccessToken(s),o?.authType==="client_credentials"?(I.setBasicAuth(f,y),await I.startClientLogin(f,y)):o?.authType==="basic"&&I.setBasicAuth(f,y),I}function Ao(e,t){let r=t.getObject("options"),o=e.baseUrl??r?.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",n=e.fhirUrlPath??r?.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH,a=e.accessToken??r?.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN,s=e.tokenUrl??r?.tokenUrl??process.env.MEDPLUM_TOKEN_URL,c=e.authorizeUrl??r?.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL,p=e.clientId??r?.clientId??process.env.MEDPLUM_CLIENT_ID,f=e.clientSecret??r?.clientSecret??process.env.MEDPLUM_CLIENT_SECRET;return{baseUrl:o,fhirUrlPath:n,accessToken:a,tokenUrl:s,authorizeUrl:c,clientId:p,clientSecret:f}}function xo(){console.log("Unauthenticated: run `npx medplum login` to sign in")}var Se=require("commander");function m(e){return new Se.Command(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base url").option("--token-url <tokenUrl>","FHIR server token url").option("--authorize-url <authorizeUrl>","FHIR server authorize url").option("--fhir-url-path <fhirUrlPath>","FHIR server url path").option("--scope <scope>","JWT scope").option("--access-token <accessToken>","Access token for token exchange authentication").option("--callback-url <callbackUrl>","Callback URL for authorization code flow").option("--subject <subject>","Subject for JWT authentication").option("--audience <audience>","Audience for JWT authentication").option("--issuer, <issuer>","Issuer for JWT authentication").option("--private-key-path <privateKeyPath>","Private key path for JWT assertion").option("--audience <audience>","Audience for JWT assertion").option("-p, --profile <profile>","Profile name").addOption(new Se.Option("--auth-type <authType>","Type of authentication").choices(["basic","client-credentials","authorization-code","jwt-bearer","token-exchange","jwt-assertion"]))}var G=require("@medplum/core"),oe=require("crypto"),z=require("fs");var Ee=require("buffer");var A=new TextEncoder,C=new TextDecoder,fi=2**32;function k(...e){let t=e.reduce((n,{length:a})=>n+a,0),r=new Uint8Array(t),o=0;return e.forEach(n=>{r.set(n,o),o+=n.length}),r}var w;Ee.Buffer.isEncoding("base64url")?w=e=>Ee.Buffer.from(e).toString("base64url"):w=e=>Ee.Buffer.from(e).toString("base64").replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_");var X=class extends Error{static get code(){return"ERR_JOSE_GENERIC"}constructor(t){var r;super(t),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,(r=Error.captureStackTrace)===null||r===void 0||r.call(Error,this,this.constructor)}};var d=class extends X{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}};var x=class extends X{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}static get code(){return"ERR_JWS_INVALID"}},J=class extends X{constructor(){super(...arguments),this.code="ERR_JWT_INVALID"}static get code(){return"ERR_JWT_INVALID"}};var Dt=require("crypto"),Ve=W(require("util"),1),P=Ve.types.isKeyObject?e=>Ve.types.isKeyObject(e):e=>e!=null&&e instanceof Dt.KeyObject;var Jt=W(require("crypto"),1),qe=W(require("util"),1),Ko=Jt.webcrypto,be=Ko,v=qe.types.isCryptoKey?e=>qe.types.isCryptoKey(e):e=>!1;function M(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function Ce(e,t){return e.name===t}function Xe(e){return parseInt(e.name.slice(4),10)}function To(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Io(e,t){if(t.length&&!t.some(r=>e.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(t.length>2){let o=t.pop();r+=`one of ${t.join(", ")}, or ${o}.`}else t.length===2?r+=`one of ${t[0]} or ${t[1]}.`:r+=`${t[0]}.`;throw new TypeError(r)}}function Nt(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!Ce(e.algorithm,"HMAC"))throw M("HMAC");let o=parseInt(t.slice(2),10);if(Xe(e.algorithm.hash)!==o)throw M(`SHA-${o}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!Ce(e.algorithm,"RSASSA-PKCS1-v1_5"))throw M("RSASSA-PKCS1-v1_5");let o=parseInt(t.slice(2),10);if(Xe(e.algorithm.hash)!==o)throw M(`SHA-${o}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!Ce(e.algorithm,"RSA-PSS"))throw M("RSA-PSS");let o=parseInt(t.slice(2),10);if(Xe(e.algorithm.hash)!==o)throw M(`SHA-${o}`,"algorithm.hash");break}case"EdDSA":{if(e.algorithm.name!=="Ed25519"&&e.algorithm.name!=="Ed448")throw M("Ed25519 or Ed448");break}case"ES256":case"ES384":case"ES512":{if(!Ce(e.algorithm,"ECDSA"))throw M("ECDSA");let o=To(t);if(e.algorithm.namedCurve!==o)throw M(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Io(e,r)}function Ut(e,t,...r){if(r.length>2){let o=r.pop();e+=`one of type ${r.join(", ")}, or ${o}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor&&t.constructor.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var _=(e,...t)=>Ut("Key must be ",e,...t);function Ye(e,t,...r){return Ut(`Key for the ${e} algorithm must be `,t,...r)}var Ze=e=>P(e)||v(e),l=["KeyObject"];(globalThis.CryptoKey||!(be===null||be===void 0)&&be.CryptoKey)&&l.push("CryptoKey");var Qe=require("util"),ve=require("zlib"),ea=(0,Qe.promisify)(ve.inflateRaw),ta=(0,Qe.promisify)(ve.deflateRaw);var Ro=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let o of t){let n=Object.keys(o);if(!r||r.size===0){r=new Set(n);continue}for(let a of n){if(r.has(a))return!1;r.add(a)}}return!0},Y=Ro;function Mo(e){return typeof e=="object"&&e!==null}function S(e){if(!Mo(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}var Pe=require("crypto"),Bt=require("util");var se=require("buffer"),Ae=require("crypto");var Do=se.Buffer.from([42,134,72,206,61,3,1,7]),Jo=se.Buffer.from([43,129,4,0,34]),No=se.Buffer.from([43,129,4,0,35]),Uo=se.Buffer.from([43,129,4,0,10]),et=new WeakMap,Lo=e=>{switch(e){case"prime256v1":return"P-256";case"secp384r1":return"P-384";case"secp521r1":return"P-521";case"secp256k1":return"secp256k1";default:throw new d("Unsupported key curve for this operation")}},$t=(e,t)=>{var r;let o;if(v(e))o=Ae.KeyObject.from(e);else if(P(e))o=e;else throw new TypeError(_(e,...l));if(o.type==="secret")throw new TypeError('only "private" or "public" type keys can be used for this operation');switch(o.asymmetricKeyType){case"ed25519":case"ed448":return`Ed${o.asymmetricKeyType.slice(2)}`;case"x25519":case"x448":return`X${o.asymmetricKeyType.slice(1)}`;case"ec":{if(et.has(o))return et.get(o);let n=(r=o.asymmetricKeyDetails)===null||r===void 0?void 0:r.namedCurve;if(!n&&o.type==="private")n=$t((0,Ae.createPublicKey)(o),!0);else if(!n){let s=o.export({format:"der",type:"spki"}),c=s[1]<128?14:15,p=s[c],f=s.slice(c+1,c+1+p);if(f.equals(Do))n="prime256v1";else if(f.equals(Jo))n="secp384r1";else if(f.equals(No))n="secp521r1";else if(f.equals(Uo))n="secp256k1";else throw new d("Unsupported key curve for this operation")}if(t)return n;let a=Lo(n);return et.set(o,a),a}default:throw new TypeError("Invalid asymmetric key type for this operation")}};var xe=$t;var Ha=(0,Bt.promisify)(Pe.generateKeyPair);var Gt=require("util"),tt=require("crypto");var za=(0,Gt.promisify)(tt.pbkdf2);var rt=new WeakMap,_e=(e,t)=>{let r=e.readUInt8(1);if(!(r&128))return t===0?r:_e(e.subarray(2+r),t-1);let o=r&127;r=0;for(let n=0;n<o;n++){r<<=8;let a=e.readUInt8(2+n);r|=a}return t===0?r:_e(e.subarray(2+r),t-1)},Fo=(e,t)=>{let r=e.readUInt8(1);if(!(r&128))return _e(e.subarray(2),t);let o=r&127;return _e(e.subarray(2+o),t)},Go=e=>{var t,r;if(rt.has(e))return rt.get(e);let o=(r=(t=e.asymmetricKeyDetails)===null||t===void 0?void 0:t.modulusLength)!==null&&r!==void 0?r:Fo(e.export({format:"der",type:"pkcs1"}),e.type==="private"?1:0)-1<<3;return rt.set(e,o),o};var ce=(e,t)=>{if(Go(e)<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)};var E=require("buffer");var zo=2,jo=3,Vo=4,qo=48,ms=E.Buffer.from([0]),us=E.Buffer.from([zo]),ls=E.Buffer.from([jo]),fs=E.Buffer.from([qo]),hs=E.Buffer.from([Vo]);var ys=new Map([["P-256",E.Buffer.from("06 08 2A 86 48 CE 3D 03 01 07".replace(/ /g,""),"hex")],["secp256k1",E.Buffer.from("06 05 2B 81 04 00 0A".replace(/ /g,""),"hex")],["P-384",E.Buffer.from("06 05 2B 81 04 00 22".replace(/ /g,""),"hex")],["P-521",E.Buffer.from("06 05 2B 81 04 00 23".replace(/ /g,""),"hex")],["ecPublicKey",E.Buffer.from("06 07 2A 86 48 CE 3D 02 01".replace(/ /g,""),"hex")],["X25519",E.Buffer.from("06 03 2B 65 6E".replace(/ /g,""),"hex")],["X448",E.Buffer.from("06 03 2B 65 6F".replace(/ /g,""),"hex")],["Ed25519",E.Buffer.from("06 03 2B 65 70".replace(/ /g,""),"hex")],["Ed448",E.Buffer.from("06 03 2B 65 71".replace(/ /g,""),"hex")]]);var[U,Ke]=process.versions.node.split(".").map(e=>parseInt(e,10)),zt=U>=16||U===15&&Ke>=13,F=!("electron"in process.versions)&&(U>=17||U===16&&Ke>=9),Xo=U>=16||U===15&&Ke>=9,Yo=U>=16||U===15&&Ke>=12;var Qo=(e,t)=>{if(!(t instanceof Uint8Array)){if(!Ze(t))throw new TypeError(Ye(e,t,...l,"Uint8Array"));if(t.type!=="secret")throw new TypeError(`${l.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}},en=(e,t,r)=>{if(!Ze(t))throw new TypeError(Ye(e,t,...l));if(t.type==="secret")throw new TypeError(`${l.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&t.type==="public")throw new TypeError(`${l.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&t.type==="public")throw new TypeError(`${l.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&r==="verify"&&t.type==="private")throw new TypeError(`${l.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&r==="encrypt"&&t.type==="private")throw new TypeError(`${l.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)},tn=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?Qo(e,t):en(e,t,r)},de=tn;function dn(e,t,r,o,n){if(n.crit!==void 0&&o.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!o||o.crit===void 0)return new Set;if(!Array.isArray(o.crit)||o.crit.length===0||o.crit.some(s=>typeof s!="string"||s.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let s of o.crit){if(!a.has(s))throw new d(`Extension Header Parameter "${s}" is not recognized`);if(n[s]===void 0)throw new e(`Extension Header Parameter "${s}" is missing`);if(a.get(s)&&o[s]===void 0)throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`)}return new Set(o.crit)}var Q=dn;var fn=Symbol();var me=W(require("crypto"),1),Qt=require("util");function Te(e){switch(e){case"PS256":case"RS256":case"ES256":case"ES256K":return"sha256";case"PS384":case"RS384":case"ES384":return"sha384";case"PS512":case"RS512":case"ES512":return"sha512";case"EdDSA":return;default:throw new d(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var nt=require("crypto");var Xt={padding:nt.constants.RSA_PKCS1_PSS_PADDING,saltLength:nt.constants.RSA_PSS_SALTLEN_DIGEST},hn=new Map([["ES256","P-256"],["ES256K","secp256k1"],["ES384","P-384"],["ES512","P-521"]]);function Ie(e,t){switch(e){case"EdDSA":if(!["ed25519","ed448"].includes(t.asymmetricKeyType))throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448");return t;case"RS256":case"RS384":case"RS512":if(t.asymmetricKeyType!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa");return ce(t,e),t;case(F&&"PS256"):case(F&&"PS384"):case(F&&"PS512"):if(t.asymmetricKeyType==="rsa-pss"){let{hashAlgorithm:r,mgf1HashAlgorithm:o,saltLength:n}=t.asymmetricKeyDetails,a=parseInt(e.slice(-3),10);if(r!==void 0&&(r!==`sha${a}`||o!==r))throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${e}`);if(n!==void 0&&n>a>>3)throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${e}`)}else if(t.asymmetricKeyType!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss");return ce(t,e),{key:t,...Xt};case(!F&&"PS256"):case(!F&&"PS384"):case(!F&&"PS512"):if(t.asymmetricKeyType!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa");return ce(t,e),{key:t,...Xt};case"ES256":case"ES256K":case"ES384":case"ES512":{if(t.asymmetricKeyType!=="ec")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ec");let r=xe(t),o=hn.get(e);if(r!==o)throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${o}, got ${r}`);return{dsaEncoding:"ieee-p1363",key:t}}default:throw new d(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var ee=W(require("crypto"),1),Yt=require("util");function it(e){switch(e){case"HS256":return"sha256";case"HS384":return"sha384";case"HS512":return"sha512";default:throw new d(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var pe=require("crypto");function He(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(_(t,...l));return(0,pe.createSecretKey)(t)}if(t instanceof pe.KeyObject)return t;if(v(t))return Nt(t,e,r),pe.KeyObject.from(t);throw new TypeError(_(t,...l,"Uint8Array"))}var at;ee.sign.length>3?at=(0,Yt.promisify)(ee.sign):at=ee.sign;var yn=async(e,t,r)=>{let o=He(e,t,"sign");if(e.startsWith("HS")){let n=ee.createHmac(it(e),o);return n.update(r),n.digest()}return at(Te(e),r,Ie(e,o))},st=yn;var Zt;me.verify.length>4&&zt?Zt=(0,Qt.promisify)(me.verify):Zt=me.verify;var ue=e=>Math.floor(e.getTime()/1e3);var wn=/^(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i,ke=e=>{let t=wn.exec(e);if(!t)throw new TypeError("Invalid time period format");let r=parseFloat(t[1]);switch(t[2].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":return Math.round(r);case"minute":case"minutes":case"min":case"mins":case"m":return Math.round(r*60);case"hour":case"hours":case"hr":case"hrs":case"h":return Math.round(r*3600);case"day":case"days":case"d":return Math.round(r*86400);case"week":case"weeks":case"w":return Math.round(r*604800);default:return Math.round(r*31557600)}};var te=class{constructor(t){if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=t}setProtectedHeader(t){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=t,this}setUnprotectedHeader(t){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=t,this}async sign(t,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new x("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Y(this._protectedHeader,this._unprotectedHeader))throw new x("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let o={...this._protectedHeader,...this._unprotectedHeader},n=Q(x,new Map([["b64",!0]]),r?.crit,this._protectedHeader,o),a=!0;if(n.has("b64")&&(a=this._protectedHeader.b64,typeof a!="boolean"))throw new x('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:s}=o;if(typeof s!="string"||!s)throw new x('JWS "alg" (Algorithm) Header Parameter missing or invalid');de(s,t,"sign");let c=this._payload;a&&(c=A.encode(w(c)));let p;this._protectedHeader?p=A.encode(w(JSON.stringify(this._protectedHeader))):p=A.encode("");let f=k(p,A.encode("."),c),y=await st(s,t,f),T={signature:w(y),payload:""};return a&&(T.payload=C.decode(c)),this._unprotectedHeader&&(T.header=this._unprotectedHeader),this._protectedHeader&&(T.protected=C.decode(p)),T}};var le=class{constructor(t){this._flattened=new te(t)}setProtectedHeader(t){return this._flattened.setProtectedHeader(t),this}async sign(t,r){let o=await this._flattened.sign(t,r);if(o.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${o.protected}.${o.payload}.${o.signature}`}};var re=class{constructor(t){if(!S(t))throw new TypeError("JWT Claims Set MUST be an object");this._payload=t}setIssuer(t){return this._payload={...this._payload,iss:t},this}setSubject(t){return this._payload={...this._payload,sub:t},this}setAudience(t){return this._payload={...this._payload,aud:t},this}setJti(t){return this._payload={...this._payload,jti:t},this}setNotBefore(t){return typeof t=="number"?this._payload={...this._payload,nbf:t}:this._payload={...this._payload,nbf:ue(new Date)+ke(t)},this}setExpirationTime(t){return typeof t=="number"?this._payload={...this._payload,exp:t}:this._payload={...this._payload,exp:ue(new Date)+ke(t)},this}setIssuedAt(t){return typeof t>"u"?this._payload={...this._payload,iat:ue(new Date)}:this._payload={...this._payload,iat:t},this}};var fe=class extends re{setProtectedHeader(t){return this._protectedHeader=t,this}async sign(t,r){var o;let n=new le(A.encode(JSON.stringify(this._payload)));if(n.setProtectedHeader(this._protectedHeader),Array.isArray((o=this._protectedHeader)===null||o===void 0?void 0:o.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new J("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};var ct=require("crypto"),rr=require("util");var uu=(0,rr.promisify)(ct.generateKeyPair);var or=require("os"),L=require("path"),nr=W(require("tar"));function D(e){console.log(JSON.stringify(e,null,2))}async function dt(e,t,r){let o=t.source,n=mt(o);if(n)try{console.log("Saving source code...");let a=await e.createAttachment(n,(0,L.basename)(o),Tn(o));console.log("Updating bot.....");let s=await e.updateResource({...r,sourceCode:a});console.log("Success! New bot version: "+s.meta?.versionId)}catch(a){console.log("Update error: ",a)}}async function ir(e,t,r){let o=t.dist??t.source,n=mt(o);if(n)try{console.log("Deploying bot...");let a=await e.post(e.fhirUrl("Bot",r.id,"$deploy"),{code:n});console.log("Deploy result: "+a.issue?.[0]?.details?.text)}catch(a){console.log("Deploy error: ",a)}}async function pt(e,t){if(t.length<4){console.log("Error: command needs to be npx medplum <new-bot-name> <project-id> <source-file> <dist-file>");return}let r=t[0],o=t[1],n=t[2],a=t[3];try{let s={name:r,description:""},c=await e.post("admin/projects/"+o+"/bot",s),p=await e.readResource("Bot",c.id),f={name:r,id:c.id,source:n,dist:a};await dt(e,f,p),console.log(`Success! Bot created: ${p.id}`),_n(f)}catch(s){console.log("Error while creating new bot: "+s)}}function ar(e){let t=new RegExp("^"+Kn(e).replace(/\\\*/g,".*")+"$"),r=Oe()?.bots?.filter(o=>t.test(o.name));return r||[]}function Oe(e){let t=e?`medplum.${e}.config.json`:"medplum.config.json",r=mt(t);if(r)return JSON.parse(r)}function mt(e){let t=(0,L.resolve)(process.cwd(),e);return(0,z.existsSync)(t)?(0,z.readFileSync)(t,"utf8"):(console.log("Error: File does not exist: "+t),"")}function _n(e){let t=Oe();t?.bots?.push(e),(0,z.writeFile)("medplum.config.json",JSON.stringify(t),()=>{console.log(`Bot added to config: ${e.id}`)})}function Kn(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function sr(e){let o=0,n=0;return nr.default.x({cwd:e,filter:(a,s)=>{if(o++,o>100)throw new Error("Tar extractor reached max number of files");if(n+=s.size,n>10485760)throw new Error("Tar extractor reached max size");return!0}})}function ut(){return{extension:[{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}]}}function Tn(e){let t=(0,L.extname)(e).toLowerCase();return[".cjs",".mjs",".js"].includes(t)?G.ContentType.JAVASCRIPT:[".cts",".mts",".ts"].includes(t)?G.ContentType.TYPESCRIPT:G.ContentType.TEXT}function We(e,t){let r=new b(e),o={name:e,...t};r.setObject("options",o),console.log(`${e} profile created`)}function Re(e){return new b(e).getObject("options")}function cr(e,t){return t==="default"?!0:!!e.getObject("options")}async function dr(e,t){let r={typ:"JWT",alg:"HS256"},o=Math.floor(Date.now()/1e3),n={aud:`${t.baseUrl}${t.audience}`,iss:t.issuer,sub:t.subject,nbf:o,iat:o,exp:o+604800},a=(0,G.encodeBase64)(JSON.stringify(r)),s=(0,G.encodeBase64)(JSON.stringify(n)),c=`${a}.${s}`,p=(0,oe.createHmac)("sha256",t.clientSecret).update(c).digest("base64url"),f=`${c}.${p}`,y=new URLSearchParams;y.set("grant_type","urn:ietf:params:oauth:grant-type:jwt-bearer"),y.set("client_id",t.clientId),y.set("assertion",f),y.set("scope",t.scope??"");let T=await e.post(t.tokenUrl,y.toString(),"application/x-www-form-urlencoded",{credentials:"include"});return(await JSON.parse(T)).access_token}async function pr(e,t){let r=(0,or.homedir)(),o=(0,L.join)(r,t.privateKeyPath),n=(0,z.readFileSync)(o),a=(0,oe.createPrivateKey)(n),s=await new fe({}).setProtectedHeader({alg:"RS384",typ:"JWT"}).setIssuer(t.clientId).setSubject(t.clientId).setAudience(`${t.baseUrl}${t.audience}`).setJti((0,oe.randomBytes)(16).toString("hex")).setIssuedAt().setExpirationTime("5m").sign(a),c=new URLSearchParams;c.append("grant_type","client_credentials"),c.append("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),c.append("client_assertion",s);let p=await e.post(t.tokenUrl,c.toString(),"application/x-www-form-urlencoded",{credentials:"include"});if(!p.access_token)throw new Error(`Failed to login: ${p}`);return p.access_token}var fr="medplum-cli",hr="http://localhost:9615",lt=m("login"),ft=m("whoami");lt.action(async e=>{let t=e.profile??"default",r=new b(t);if(cr(r,t)||(console.log("Creating new profile..."),We(t,e)),e.authType==="basic"){console.log("Basic authentication does not require login");return}let o=Re(t),n=await u(e);await In(n,o)});ft.action(async e=>{let t=await u(e);On(t)});async function In(e,t){if(!t?.authType){await Wn(e);return}if(t.authType==="jwt-bearer"){if(!t.clientId||!t.clientSecret)throw new Error("Missing values, make sure to add --client-id, and --client-secret for JWT Bearer login");console.log("Starting JWT login...");let r=await dr(e,t);new b(t.name).setObject("activeLogin",{accessToken:r})}else if(t.authType==="jwt-assertion"){let r=await pr(e,t);new b(t.name).setObject("activeLogin",{accessToken:r})}console.log("Login successful")}async function Hn(e){let t=(0,ur.createServer)(async(r,o)=>{let n=new URL(r.url,"http://localhost:9615"),a=n.searchParams.get("code");if(n.pathname==="/"&&a)try{let s=await e.processCode(a,{clientId:fr,redirectUri:hr});o.writeHead(200,{"Content-Type":$.ContentType.TEXT}),o.end(`Signed in as ${(0,$.getDisplayString)(s)}. You may close this window.`)}catch(s){o.writeHead(400,{"Content-Type":$.ContentType.TEXT}),o.end(`Error: ${(0,$.normalizeErrorString)(s)}`)}finally{t.close()}else o.writeHead(404,{"Content-Type":$.ContentType.TEXT}),o.end("Not found")}).listen(9615)}async function kn(e){let t=(0,lr.platform)(),r;switch(t){case"openbsd":case"linux":r=`xdg-open '${e}'`;break;case"darwin":r=`open '${e}'`;break;case"win32":r=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}(0,mr.exec)(r)}function On(e){let t=e.getActiveLogin();t?(console.log(`Server:  ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}async function Wn(e){await Hn(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",fr),t.searchParams.set("redirect_uri",hr),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await kn(t.toString())}var Jr=require("commander");var B=require("@aws-sdk/client-cloudformation"),yr=require("@aws-sdk/client-cloudfront"),gr=require("@aws-sdk/client-ecs"),wr=require("@aws-sdk/client-s3"),ht=new B.CloudFormationClient({}),Sr=new yr.CloudFrontClient({}),Er=new gr.ECSClient({}),br=new wr.S3Client({}),Rn="medplum:environment";async function yt(){return(await ht.send(new B.ListStacksCommand({}))).StackSummaries?.filter(t=>t.StackName&&t.StackStatus!=="DELETE_COMPLETE")||[]}async function ne(e){let t=await yt();for(let r of t){let o=r.StackName,n=await gt(o);if(n?.tag===e)return n}}async function gt(e){let t=new B.DescribeStacksCommand({StackName:e}),o=(await ht.send(t))?.Stacks?.[0],n=o?.Tags?.find(c=>c.Key===Rn);if(!n)return;let a=await ht.send(new B.DescribeStackResourcesCommand({StackName:e}));if(!a.StackResources)return;let s={stack:o,tag:n.Value};for(let c of a.StackResources)c.ResourceType==="AWS::ECS::Cluster"?s.ecsCluster=c:c.ResourceType==="AWS::ECS::Service"?s.ecsService=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("FrontEndAppBucket")?s.appBucket=c:c.ResourceType==="AWS::S3::Bucket"&&c.LogicalResourceId?.startsWith("StorageStorageBucket")?s.storageBucket=c:c.ResourceType==="AWS::CloudFront::Distribution"&&c.LogicalResourceId?.startsWith("FrontEndAppDistribution")&&(s.appDistribution=c);return s}function Me(e){console.log(`Medplum Tag:     ${e.tag}`),console.log(`Stack Name:      ${e.stack.StackName}`),console.log(`Stack ID:        ${e.stack.StackId}`),console.log(`Status:          ${e.stack.StackStatus}`),console.log(`ECS Cluster:     ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service:     ${wt(e.ecsService)}`),console.log(`App Bucket:      ${e.appBucket?.PhysicalResourceId}`),console.log(`Storage Bucket:  ${e.storageBucket?.PhysicalResourceId}`)}function wt(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function Cr(e){let t=await ne(e);if(!t){console.log("Stack not found");return}Me(t)}var j=require("@aws-sdk/client-acm"),Ne=require("@aws-sdk/client-cloudfront"),ie=require("@aws-sdk/client-ssm"),Ue=require("@aws-sdk/client-sts"),ye=require("crypto"),Le=require("fs"),Ar=require("path"),xr=W(require("readline")),Mn=e=>`${e}DomainName`,Pr=e=>`${e}SslCertArn`,Je;async function _r(){let e={apiPort:8103,region:"us-east-1"};Je=xr.default.createInterface({input:process.stdin,output:process.stdout}),h("MEDPLUM"),i("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),i(""),i("Most Medplum infrastructure is deployed using the AWS CDK."),i("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),i("This tool will help you create those resources."),i(""),i("Upon completion, this tool will:"),i("  1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),i("  2. Optionally generate an AWS CloudFront signing key"),i("  3. Optionally request SSL certificates from AWS Certificate Manager"),i("  4. Optionally write server config settings to AWS Parameter Store"),i(""),i("The Medplum infra config file is an input to the Medplum CDK."),i("The Medplum CDK will create and manage the necessary AWS resources."),i(""),i("We will ask a series of questions to generate your infra config file."),i("Some questions have predefined options in [square brackets]."),i("Some questions have default values in (parentheses), which you can accept by pressing Enter."),i("Press Ctrl+C at any time to exit.");let t=await Dn(e.region);t||(i("It appears that you do not have AWS credentials configured."),i("AWS credentials are not strictly required, but will enable some additional features."),i("If you intend to use AWS credentials, please configure them now."),await De("Do you want to continue without AWS credentials?")),h("ENVIRONMENT NAME"),i('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),i("The environment name is used in multiple places:"),i("  1. As part of config file names (i.e., medplum.demo.config.json)"),i("  2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),i("  3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await K("What is your environment name?","demo"),i('Using environment name "'+e.name+'"...'),h("CONFIG FILE"),i("Medplum Infrastructure will create a config file in the current directory.");let r=await K("What is the config file name?",`medplum.${e.name}.config.json`);(0,Le.existsSync)(r)&&(i("Config file already exists."),await De("Do you want to overwrite the config file?")),i('Using config file "'+r+'"...'),g(r,e),h("AWS REGION"),i("Most Medplum resources will be created in a single AWS region."),e.region=await K("Enter your AWS region:","us-east-1"),g(r,e),h("AWS ACCOUNT NUMBER"),i("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&i("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await K("What is your AWS account number?",t),g(r,e),h("STACK NAME"),i("Medplum will create a CloudFormation stack to manage AWS resources."),i("AWS CloudFormation stack names ");let o="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await K("Enter your CloudFormation stack name?",o),g(r,e),h("BASE DOMAIN NAME"),i("Please enter the base domain name for your Medplum deployment."),i(""),i("Medplum deploys multiple subdomains for various services."),i(""),i('For example, "api." for the REST API and "app." for the web application.'),i("The base domain name is the common suffix for all subdomains."),i(""),i('For example, if your base domain name is "example.com",'),i('then the REST API will be "api.example.com".'),i(""),i('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),i(""),i("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await K("Enter your base domain name:");g(r,e),h("SUPPORT EMAIL"),i("Medplum sends transactional emails to users."),i("For example, emails to new users or for password reset."),i("Medplum will use the support email address to send these emails."),i("Note that you must verify the support email address in SES.");let n=await K("Enter your support email address:");h("API DOMAIN NAME"),i("Medplum deploys a REST API for the backend services."),e.apiDomainName=await K("Enter your REST API domain name:","api."+e.domainName),e.baseUrl=`https://${e.apiDomainName}/`,g(r,e),h("APP DOMAIN NAME"),i("Medplum deploys a web application for the user interface."),e.appDomainName=await K("Enter your web application domain name:","app."+e.domainName),g(r,e),h("STORAGE DOMAIN NAME"),i("Medplum deploys a storage service for file uploads."),e.storageDomainName=await K("Enter your storage domain name:","storage."+e.domainName),g(r,e),h("STORAGE BUCKET"),i("Medplum uses an S3 bucket to store binary content such as file uploads."),i("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await K("Enter your storage bucket name:","medplum-"+e.name+"-storage"),g(r,e),h("MAX AVAILABILITY ZONES"),i("Medplum API servers can be deployed in multiple availability zones."),i("This provides redundancy and high availability."),i("However, it also increases the cost of the deployment."),i("If you want to use all availability zones, choose a large number such as 99."),i("If you want to restrict the number, for example to manage EIP limits,"),i("then choose a small number such as 1 or 2."),e.maxAzs=await he("Enter the maximum number of availability zones:",[1,2,3,99],2),h("DATABASE INSTANCES"),i("Medplum uses a relational database to store data."),i("You can set up your own database,"),i("or Medplum can create a new RDS database as part of the CloudFormation stack."),await Et("Do you want to create a new RDS database as part of the CloudFormation stack?")?(i("Medplum will create a new RDS database as part of the CloudFormation stack."),i(""),i("If you need high availability, you can choose multiple instances."),i("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await he("Enter the number of database instances:",[1,2],1)):(i("Medplum will not create a new RDS database."),i("Please create a new RDS database and enter the database name, username, and password."),i('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),g(r,e),h("SERVER INSTANCES"),i("Medplum uses AWS Fargate to run the API servers."),i("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),i("Fargate will automatically scale the number of servers up and down."),i("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await he("Enter the number of server instances:",[1,2,3,4,6,8],1),g(r,e),h("SERVER MEMORY"),i("You can choose the amount of memory for each server instance."),i("The default is 512 MB, which is sufficient for getting started."),i("Note that only certain CPU units are compatible with memory units."),i('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await he("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),g(r,e),h("SERVER CPU"),i("You can choose the amount of CPU for each server instance."),i("CPU is expressed as an integer using AWS CPU units"),i("The default is 256, which is sufficient for getting started."),i("Note that only certain CPU units are compatible with memory units."),i('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await he("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),g(r,e),h("SERVER IMAGE"),i("Medplum uses Docker images for the API servers."),i("You can choose the image to use for the servers."),i("Docker images can be loaded from either Docker Hub or AWS ECR."),i("The default is the latest Medplum release."),e.serverImage=await K("Enter the server image:","medplum/medplum-server:latest"),g(r,e),h("SIGNING KEY"),i("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let{keyId:a,privateKey:s,publicKey:c,passphrase:p}=await Ln(e.stackName+"SigningKey");e.signingKeyId=a,e.storagePublicKey=c,g(r,e),h("SSL CERTIFICATES"),i("Medplum will now check for existing SSL certificates for the subdomains.");let f=await Jn(e.region);i("Found "+f.length+" certificate(s).");for(let{region:T,certName:I}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){i("");let yo=await Nn(e,f,T,I);e[Pr(I)]=yo,g(r,e)}h("AWS PARAMETER STORE"),i("Medplum uses AWS Parameter Store to store sensitive configuration values."),i("These values will be encrypted at rest."),i(`The values will be stored in the "/medplum/${e.name}" path.`);let y={port:e.apiPort,baseUrl:e.baseUrl,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,signingKeyId:e.signingKeyId,signingKey:s,signingKeyPassphrase:p,supportEmail:n};i(JSON.stringify({...y,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await De("Do you want to store these values in AWS Parameter Store?"),await Fn(e.region,`/medplum/${e.name}/`,y),h("DONE!"),i("Medplum configuration complete."),i("You can now proceed to deploying the Medplum infrastructure with CDK."),i("Run:"),i(""),i(`    npx cdk bootstrap -c config=${r}`),i(`    npx cdk synth -c config=${r}`),e.region==="us-east-1"?i(`    npx cdk deploy -c config=${r}`):i(`    npx cdk deploy -c config=${r} --all`),i(""),i("See Medplum documentation for more information:"),i(""),i("    https://www.medplum.com/docs/self-hosting/install-on-aws"),i(""),Je.close()}function i(e){Je.write(e+`
+`)}function h(e){i(`
 `+e+`
-`)}function g(e,t=""){return new Promise(o=>{L.question(e+(t?" ("+t+")":"")+" ",n=>{o(n||t.toString())})})}async function ne(e,t,o=""){let n=e+" ["+t.map(a=>a===o?"("+a+")":a).join("|")+"]";for(;;){let a=await g(n)||o;if(t.includes(a))return a;r("Please choose one of the following options: "+t.join(", "))}}async function R(e,t,o){return parseInt(await ne(e,t.map(n=>n.toString()),o.toString()),10)}async function re(e){return(await ne(e,["y","n"])).toLowerCase()==="y"}async function j(e){if(!await re(e))throw r("Exiting..."),new Error("User cancelled")}function p(e,t){(0,K.writeFileSync)((0,Fe.resolve)(e),JSON.stringify(t,void 0,2),"utf-8")}async function Ht(e){try{let t=new W.STSClient({region:e}),o=new W.GetCallerIdentityCommand({});return(await t.send(o)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function Jt(e){let t=await Be(e);if(e!=="us-east-1"){let o=await Be("us-east-1");t.push(...o)}return t}async function Be(e){try{let t=new M.ACMClient({region:e}),o=new M.ListCertificatesCommand({MaxItems:1e3});return(await t.send(o)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function Xt(e,t,o,n){let a=e[Gt(n)],i=t.find(c=>c.CertificateArn?.includes(o)&&c.DomainName===a);if(i)return r(`Found existing certificate for "${a}" in "${o}.`),i.CertificateArn;if(r(`No existing certificate found for "${a}" in "${o}.`),!await re("Do you want to request a new certificate?"))return r(`Please add your certificate ARN to the config file in the "${je(n)}" setting.`),"TODO";let s=await Yt(o,a);return r("Certificate ARN: "+s),s}async function Yt(e,t){try{let o=await ne("Validate certificate using DNS or email validation?",["dns","email"],"dns"),n=new M.ACMClient({region:e}),a=new M.RequestCertificateCommand({DomainName:t,ValidationMethod:o.toUpperCase()});return(await n.send(a)).CertificateArn}catch(o){return console.log("Error: Unable to request certificate",o.message),"TODO"}}function Zt(){let e=(0,_.randomUUID)(),t=(0,_.generateKeyPairSync)("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:e}});return{publicKey:t.publicKey,privateKey:t.privateKey,passphrase:e}}async function Qt(e,t){let o=new N.GetParameterCommand({Name:t,WithDecryption:!0});try{return(await e.send(o)).Parameter?.Value}catch(n){if(n.name==="ParameterNotFound")return;throw n}}async function eo(e,t,o){let n=new N.PutParameterCommand({Name:t,Value:o,Type:"SecureString",Overwrite:!0});await e.send(n)}async function to(e,t,o){let n=new N.SSMClient({region:e});for(let[a,i]of Object.entries(o)){let s=t+a,c=i.toString(),u=await Qt(n,s);u!==void 0&&u!==c&&(r(`Parameter "${s}" exists with different value.`),await j(`Do you want to overwrite "${s}"?`)),await eo(n,s,c)}}async function We(){let e=await ee();for(let t of e){let o=t.StackName,n=await te(o);n&&($(n),console.log(""))}}var Ve=require("@aws-sdk/client-cloudfront"),Ge=require("@aws-sdk/client-s3"),h=require("@medplum/core"),He=T(require("fast-glob")),y=require("fs"),me=T(require("node-fetch")),Je=require("os"),P=require("path"),Xe=require("stream/promises");var q=require("@medplum/core"),x=require("fs"),D=require("path"),_e=T(require("tar"));function b(e){console.log(JSON.stringify(e,null,2))}async function ae(e,t,o){let n=t.source,a=se(n);if(a)try{console.log("Saving source code...");let i=await e.createAttachment(a,(0,D.basename)(n),ro(n));console.log("Updating bot.....");let s=await e.updateResource({...o,sourceCode:i});console.log("Success! New bot version: "+s.meta?.versionId)}catch(i){console.log("Update error: ",i)}}async function Ke(e,t,o){let n=t.dist??t.source,a=se(n);if(a)try{console.log("Deploying bot...");let i=await e.post(e.fhirUrl("Bot",o.id,"$deploy"),{code:a});console.log("Deploy result: "+i.issue?.[0]?.details?.text)}catch(i){console.log("Deploy error: ",i)}}async function ie(e,t){if(t.length<4){console.log("Error: command needs to be npx medplum <new-bot-name> <project-id> <source-file> <dist-file>");return}let o=t[0],n=t[1],a=t[2],i=t[3];try{let s={name:o,description:""},c=await e.post("admin/projects/"+n+"/bot",s),u=await e.readResource("Bot",c.id),f={name:o,id:c.id,source:a,dist:i};await ae(e,f,u),console.log(`Success! Bot created: ${u.id}`),oo(f)}catch(s){console.log("Error while creating new bot: "+s)}}function qe(e){let t=new RegExp("^"+no(e).replace(/\\\*/g,".*")+"$"),o=z()?.bots?.filter(n=>t.test(n.name));return o||[]}function z(e){let t=e?`medplum.${e}.config.json`:"medplum.config.json",o=se(t);if(o)return JSON.parse(o)}function se(e){let t=(0,D.resolve)(process.cwd(),e);return(0,x.existsSync)(t)?(0,x.readFileSync)(t,"utf8"):(console.log("Error: File does not exist: "+t),"")}function oo(e){let t=z();t?.bots?.push(e),(0,x.writeFile)("medplum.config.json",JSON.stringify(t),()=>{console.log(`Bot added to config: ${e.id}`)})}function no(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function ze(e){let n=0,a=0;return _e.default.x({cwd:e,filter:(i,s)=>{if(n++,n>100)throw new Error("Tar extractor reached max number of files");if(a+=s.size,a>10485760)throw new Error("Tar extractor reached max size");return!0}})}function ce(){return{extension:[{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}]}}function ro(e){let t=(0,D.extname)(e).toLowerCase();return[".cjs",".mjs",".js"].includes(t)?q.ContentType.JAVASCRIPT:[".cts",".mts",".ts"].includes(t)?q.ContentType.TYPESCRIPT:q.ContentType.TEXT}async function Ye(e,t){let o=z(e);if(!o){console.log("Config not found");return}let n=await A(e);if(!n){console.log("Stack not found");return}let a=n.appBucket;if(!a){console.log("App bucket not found");return}let i=await io("@medplum/app","latest");Ze(i,{MEDPLUM_BASE_URL:o.baseUrl,MEDPLUM_CLIENT_ID:o.clientId??"",GOOGLE_CLIENT_ID:o.googleClientId??"",RECAPTCHA_SITE_KEY:o.recaptchaSiteKey??"",MEDPLUM_REGISTER_ENABLED:o.registerEnabled?"true":"false"}),await co(i,a.PhysicalResourceId,t),n.appDistribution?.PhysicalResourceId&&!t.dryrun&&await uo(n.appDistribution.PhysicalResourceId),console.log("Done")}async function ao(e,t){let o=`https://registry.npmjs.org/${e}/${t}`;return(await(0,me.default)(o)).json()}async function io(e,t){let n=(await ao(e,t)).dist.tarball,a=(0,y.mkdtempSync)((0,P.join)((0,Je.tmpdir)(),"tarball-"));try{let i=await(0,me.default)(n),s=ze(a);return await(0,Xe.pipeline)(i.body,s),(0,P.join)(a,"package","dist")}catch(i){throw(0,y.rmSync)(a,{recursive:!0,force:!0}),i}}function Ze(e,t){for(let o of(0,y.readdirSync)(e,{withFileTypes:!0})){let n=(0,P.join)(e,o.name);o.isDirectory()?Ze(n,t):o.isFile()&&n.endsWith(".js")&&so(n,t)}}function so(e,t){let o=(0,y.readFileSync)(e,"utf-8");for(let[n,a]of Object.entries(t))o=o.replaceAll(`__${n}__`,a);(0,y.writeFileSync)(e,o)}async function co(e,t,o){let n=[["assets/**/*.css",h.ContentType.CSS,!0],["assets/**/*.css.map",h.ContentType.JSON,!0],["assets/**/*.js",h.ContentType.JAVASCRIPT,!0],["assets/**/*.js.map",h.ContentType.JSON,!0],["assets/**/*.txt",h.ContentType.TEXT,!0],["assets/**/*.ico",h.ContentType.FAVICON,!0],["img/**/*.png",h.ContentType.PNG,!0],["img/**/*.svg",h.ContentType.SVG,!0],["robots.txt",h.ContentType.TEXT,!0],["index.html",h.ContentType.HTML,!1]];for(let a of n)await mo({rootDir:e,bucketName:t,fileNamePattern:a[0],contentType:a[1],cached:a[2],dryrun:o.dryrun})}async function mo(e){let t=He.default.sync(e.fileNamePattern,{cwd:e.rootDir});for(let o of t)await lo((0,P.join)(e.rootDir,o),e)}async function lo(e,t){let o=(0,y.createReadStream)(e),n=e.substring(t.rootDir.length+1).split(P.sep).join("/"),a={Bucket:t.bucketName,Key:n,Body:o,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${n} to ${t.bucketName}...`),t.dryrun||await Ue.send(new Ge.PutObjectCommand(a))}async function uo(e){let t=await Te.send(new Ve.CreateInvalidationCommand({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}var Qe=require("@aws-sdk/client-ecs");async function et(e){let t=await A(e);if(!t){console.log("Stack not found");return}let o=t.ecsCluster?.PhysicalResourceId;if(!o){console.log("ECS Cluster not found");return}let n=oe(t.ecsService);if(!n){console.log("ECS Service not found");return}await Re.send(new Qe.UpdateServiceCommand({cluster:o,service:n,forceNewDeployment:!0})),console.log(`Service "${n}" updated successfully.`)}var k=new tt.Command("aws").description("Commands to manage AWS resources");k.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(Le);k.command("list").description("List Medplum AWS CloudFormation stacks").action(We);k.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>").action(Oe);k.command("update-server").alias("deploy-server").description("Update the server image").argument("<tag>").action(et);k.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").action(Ye);var ot=require("commander");var nt=m("save"),rt=m("deploy"),at=m("create"),it=new ot.Command("bot").addCommand(nt).addCommand(rt).addCommand(at),le=m("save-bot"),de=m("deploy-bot"),ue=m("create-bot");nt.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let o=await l(t);await V(o,e)});rt.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let o=await l(t);await V(o,e,!0)});at.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").action(async(e,t,o,n,a)=>{let i=await l(a);await ie(i,[e,t,o,n])});async function V(e,t,o=!1){let n=qe(t);for(let a of n){let i=await e.readResource("Bot",a.id);await ae(e,a,i),o&&await Ke(e,a,i)}console.log(`Number of bots deployed: ${n.length}`)}le.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let o=await l(t);await V(o,e)});de.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let o=await l(t);await V(o,e,!0)});ue.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,o,n,a)=>{let i=await l(a);await ie(i,[e,t,o,n])});var ct=require("commander"),G=require("fs"),pe=require("path"),mt=require("readline");var lt=m("export"),dt=m("import"),ut=new ct.Command("bulk").addCommand(lt).addCommand(dt);lt.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:o,since:n,targetDirectory:a}=e,i=await l(e);(await i.bulkExport(t,o,n)).output?.forEach(async({type:c,url:u})=>{let f=new URL(u),I=await i.download(u),S=`${c}_${f.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",O=(0,pe.resolve)(a??"",S);(0,G.writeFile)(`${O}`,await I.text(),()=>{console.log(`${O} is created`)})})});dt.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:o,addExtensionsForMissingValues:n,targetDirectory:a}=t,i=(0,pe.resolve)(a??process.cwd(),e),s=await l(t);await po(i,parseInt(o,10),s,n)});async function po(e,t,o,n){let a=[],i=(0,G.createReadStream)(e),s=(0,mt.createInterface)({input:i});for await(let c of s){let u=fo(c,n);a.push({resource:u,request:{method:"POST",url:u.resourceType}}),a.length%t===0&&(await st(a,o),a=[])}a.length>0&&await st(a,o)}async function st(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(n=>{b(n.response)})}function fo(e,t){let o=JSON.parse(e);return t?go(o):o}function go(e){return e.resourceType==="ExplanationOfBenefit"?yo(e):e}function yo(e){return e.provider||(e.provider=ce()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=ce())}),e}var H=require("commander");var pt=m("list"),ft=m("current"),gt=m("switch"),yt=m("invite"),ht=new H.Command("project").addCommand(pt).addCommand(ft).addCommand(gt).addCommand(yt);pt.description("List of current projects").action(async e=>{let t=await l(e);ho(t)});function ho(e){let o=e.getLogins().map(n=>`${n.project.display} (${n.project.reference})`).join(`
+`)}function K(e,t=""){return new Promise(r=>{Je.question(e+(t?" ("+t+")":"")+" ",o=>{r(o||t.toString())})})}async function St(e,t,r=""){let o=e+" ["+t.map(n=>n===r?"("+n+")":n).join("|")+"]";for(;;){let n=await K(o)||r;if(t.includes(n))return n;i("Please choose one of the following options: "+t.join(", "))}}async function he(e,t,r){return parseInt(await St(e,t.map(o=>o.toString()),r.toString()),10)}async function Et(e){return(await St(e,["y","n"])).toLowerCase()==="y"}async function De(e){if(!await Et(e))throw i("Exiting..."),new Error("User cancelled")}function g(e,t){(0,Le.writeFileSync)((0,Ar.resolve)(e),JSON.stringify(t,void 0,2),"utf-8")}async function Dn(e){try{let t=new Ue.STSClient({region:e}),r=new Ue.GetCallerIdentityCommand({});return(await t.send(r)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function Jn(e){let t=await vr(e);if(e!=="us-east-1"){let r=await vr("us-east-1");t.push(...r)}return t}async function vr(e){try{let t=new j.ACMClient({region:e}),r=new j.ListCertificatesCommand({MaxItems:1e3});return(await t.send(r)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function Nn(e,t,r,o){let n=e[Mn(o)],a=t.find(c=>c.CertificateArn?.includes(r)&&c.DomainName===n);if(a)return i(`Found existing certificate for "${n}" in "${r}.`),a.CertificateArn;if(i(`No existing certificate found for "${n}" in "${r}.`),!await Et("Do you want to request a new certificate?"))return i(`Please add your certificate ARN to the config file in the "${Pr(o)}" setting.`),"TODO";let s=await Un(r,n);return i("Certificate ARN: "+s),s}async function Un(e,t){try{let r=await St("Validate certificate using DNS or email validation?",["dns","email"],"dns"),o=new j.ACMClient({region:e}),n=new j.RequestCertificateCommand({DomainName:t,ValidationMethod:r.toUpperCase()});return(await o.send(n)).CertificateArn}catch(r){return console.log("Error: Unable to request certificate",r.message),"TODO"}}async function Ln(e){let t=(0,ye.randomUUID)(),r=(0,ye.generateKeyPairSync)("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:t}});return{keyId:(await new Ne.CloudFrontClient({}).send(new Ne.CreatePublicKeyCommand({PublicKeyConfig:{Name:e,CallerReference:(0,ye.randomUUID)(),EncodedKey:r.publicKey}}))).PublicKey?.Id,publicKey:r.publicKey,privateKey:r.privateKey,passphrase:t}}async function $n(e,t){let r=new ie.GetParameterCommand({Name:t,WithDecryption:!0});try{return(await e.send(r)).Parameter?.Value}catch(o){if(o.name==="ParameterNotFound")return;throw o}}async function Bn(e,t,r){let o=new ie.PutParameterCommand({Name:t,Value:r,Type:"SecureString",Overwrite:!0});await e.send(o)}async function Fn(e,t,r){let o=new ie.SSMClient({region:e});for(let[n,a]of Object.entries(r)){let s=t+n,c=a.toString(),p=await $n(o,s);p!==void 0&&p!==c&&(i(`Parameter "${s}" exists with different value.`),await De(`Do you want to overwrite "${s}"?`)),await Bn(o,s,c)}}async function Kr(){let e=await yt();for(let t of e){let r=t.StackName,o=await gt(r);o&&(Me(o),console.log(""))}}var Tr=require("@aws-sdk/client-cloudfront"),Ir=require("@aws-sdk/client-s3"),O=require("@medplum/core"),Hr=W(require("fast-glob")),H=require("fs"),bt=W(require("node-fetch")),kr=require("os"),V=require("path"),Or=require("stream/promises");async function Wr(e,t){let r=Oe(e);if(!r){console.log("Config not found");return}let o=await ne(e);if(!o){console.log("Stack not found");return}let n=o.appBucket;if(!n){console.log("App bucket not found");return}let a=await zn("@medplum/app","latest");Rr(a,{MEDPLUM_BASE_URL:r.baseUrl,MEDPLUM_CLIENT_ID:r.clientId??"",GOOGLE_CLIENT_ID:r.googleClientId??"",RECAPTCHA_SITE_KEY:r.recaptchaSiteKey??"",MEDPLUM_REGISTER_ENABLED:r.registerEnabled?"true":"false"}),await Vn(a,n.PhysicalResourceId,t),o.appDistribution?.PhysicalResourceId&&!t.dryrun&&await Yn(o.appDistribution.PhysicalResourceId),console.log("Done")}async function Gn(e,t){let r=`https://registry.npmjs.org/${e}/${t}`;return(await(0,bt.default)(r)).json()}async function zn(e,t){let o=(await Gn(e,t)).dist.tarball,n=(0,H.mkdtempSync)((0,V.join)((0,kr.tmpdir)(),"tarball-"));try{let a=await(0,bt.default)(o),s=sr(n);return await(0,Or.pipeline)(a.body,s),(0,V.join)(n,"package","dist")}catch(a){throw(0,H.rmSync)(n,{recursive:!0,force:!0}),a}}function Rr(e,t){for(let r of(0,H.readdirSync)(e,{withFileTypes:!0})){let o=(0,V.join)(e,r.name);r.isDirectory()?Rr(o,t):r.isFile()&&o.endsWith(".js")&&jn(o,t)}}function jn(e,t){let r=(0,H.readFileSync)(e,"utf-8");for(let[o,n]of Object.entries(t))r=r.replaceAll(`__${o}__`,n);(0,H.writeFileSync)(e,r)}async function Vn(e,t,r){let o=[["assets/**/*.css",O.ContentType.CSS,!0],["assets/**/*.css.map",O.ContentType.JSON,!0],["assets/**/*.js",O.ContentType.JAVASCRIPT,!0],["assets/**/*.js.map",O.ContentType.JSON,!0],["assets/**/*.txt",O.ContentType.TEXT,!0],["assets/**/*.ico",O.ContentType.FAVICON,!0],["img/**/*.png",O.ContentType.PNG,!0],["img/**/*.svg",O.ContentType.SVG,!0],["robots.txt",O.ContentType.TEXT,!0],["index.html",O.ContentType.HTML,!1]];for(let n of o)await qn({rootDir:e,bucketName:t,fileNamePattern:n[0],contentType:n[1],cached:n[2],dryrun:r.dryrun})}async function qn(e){let t=Hr.default.sync(e.fileNamePattern,{cwd:e.rootDir});for(let r of t)await Xn((0,V.join)(e.rootDir,r),e)}async function Xn(e,t){let r=(0,H.createReadStream)(e),o=e.substring(t.rootDir.length+1).split(V.sep).join("/"),n={Bucket:t.bucketName,Key:o,Body:r,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${o} to ${t.bucketName}...`),t.dryrun||await br.send(new Ir.PutObjectCommand(n))}async function Yn(e){let t=await Sr.send(new Tr.CreateInvalidationCommand({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}var Mr=require("@aws-sdk/client-ecs");async function Dr(e){let t=await ne(e);if(!t){console.log("Stack not found");return}let r=t.ecsCluster?.PhysicalResourceId;if(!r){console.log("ECS Cluster not found");return}let o=wt(t.ecsService);if(!o){console.log("ECS Service not found");return}await Er.send(new Mr.UpdateServiceCommand({cluster:r,service:o,forceNewDeployment:!0})),console.log(`Service "${o}" updated successfully.`)}var q=new Jr.Command("aws").description("Commands to manage AWS resources");q.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(_r);q.command("list").description("List Medplum AWS CloudFormation stacks").action(Kr);q.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>").action(Cr);q.command("update-server").alias("deploy-server").description("Update the server image").argument("<tag>").action(Dr);q.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").action(Wr);var Nr=require("commander");var Ur=m("save"),Lr=m("deploy"),$r=m("create"),Br=new Nr.Command("bot").addCommand(Ur).addCommand(Lr).addCommand($r),Ct=m("save-bot"),vt=m("deploy-bot"),At=m("create-bot");Ur.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let r=await u(t);await $e(r,e)});Lr.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let r=await u(t);await $e(r,e,!0)});$r.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").action(async(e,t,r,o,n)=>{let a=await u(n);await pt(a,[e,t,r,o])});async function $e(e,t,r=!1){let o=ar(t);for(let n of o){let a=await e.readResource("Bot",n.id);await dt(e,n,a),r&&await ir(e,n,a)}console.log(`Number of bots deployed: ${o.length}`)}Ct.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let r=await u(t);await $e(r,e)});vt.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let r=await u(t);await $e(r,e,!0)});At.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,r,o,n)=>{let a=await u(n);await pt(a,[e,t,r,o])});var Gr=require("commander"),Be=require("fs"),xt=require("path"),zr=require("readline");var jr=m("export"),Vr=m("import"),qr=new Gr.Command("bulk").addCommand(jr).addCommand(Vr);jr.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:r,since:o,targetDirectory:n}=e,a=await u(e);(await a.bulkExport(t,r,o)).output?.forEach(async({type:c,url:p})=>{let f=new URL(p),y=await a.download(p),T=`${c}_${f.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",I=(0,xt.resolve)(n??"",T);(0,Be.writeFile)(`${I}`,await y.text(),()=>{console.log(`${I} is created`)})})});Vr.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:r,addExtensionsForMissingValues:o,targetDirectory:n}=t,a=(0,xt.resolve)(n??process.cwd(),e),s=await u(t);await Zn(a,parseInt(r,10),s,o)});async function Zn(e,t,r,o){let n=[],a=(0,Be.createReadStream)(e),s=(0,zr.createInterface)({input:a});for await(let c of s){let p=Qn(c,o);n.push({resource:p,request:{method:"POST",url:p.resourceType}}),n.length%t===0&&(await Fr(n,r),n=[])}n.length>0&&await Fr(n,r)}async function Fr(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(o=>{D(o.response)})}function Qn(e,t){let r=JSON.parse(e);return t?ei(r):r}function ei(e){return e.resourceType==="ExplanationOfBenefit"?ti(e):e}function ti(e){return e.provider||(e.provider=ut()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=ut())}),e}var Fe=require("commander");var Xr=m("list"),Yr=m("current"),Zr=m("switch"),Qr=m("invite"),eo=new Fe.Command("project").addCommand(Xr).addCommand(Yr).addCommand(Zr).addCommand(Qr);Xr.description("List of current projects").action(async e=>{let t=await u(e);ri(t)});function ri(e){let r=e.getLogins().map(o=>`${o.project.display} (${o.project.reference})`).join(`
 
-`);console.log(o)}ft.description("Project you are currently on").action(async e=>{let o=(await l(e)).getActiveLogin();if(!o)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${o.project.display} (${o.project.reference})`)});gt.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let o=await l(t);await So(o,e)});yt.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new H.Option("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,o,n)=>{let a=await l(n),i=a.getActiveLogin();if(!i)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!i.project.reference)throw new Error("No current project to invite user to");let s=i.project.reference.split("/")[1],c={resourceType:n.role,firstName:e,lastName:t,email:o,sendEmail:!!n.sendEmail,admin:!!n.admin};await wo(s,c,a)});async function So(e,t){let n=e.getLogins().find(a=>a.project.reference?.includes(t));n?(await e.setActiveLogin(n),console.log(`Switched to project ${t}
-`)):console.log(`Error: project ${t} not found. Make sure you are added as a user to this project`)}async function wo(e,t,o){try{await o.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}catch(n){console.log("Error while sending invite "+n)}}var St=require("@medplum/core");var fe=m("delete"),ge=m("get"),ye=m("patch"),he=m("post"),Se=m("put");fe.argument("<url>","Resource/$id").action(async(e,t)=>{let o=await l(t);b(await o.delete(U(e,t)))});ge.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let n=await(await l(t)).get(U(e,t));t.asTransaction?b((0,St.convertToTransactionBundle)(n)):b(n)});ye.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);b(await n.patch(U(e,o),we(t)))});he.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);b(await n.post(U(e,o),we(t)))});Se.arguments("<url> <body>").action(async(e,t,o)=>{let n=await l(o);b(await n.put(U(e,o),we(t)))});function we(e){if(e)try{return JSON.parse(e)}catch{return e}}function U(e,t){let o=["admin/","auth/","fhir/R4"],{fhirUrlPath:n}=t;return o.some(a=>e.startsWith(a))?e:n?`${n}/${e}`:"fhir/R4/"+e}var wt=require("commander");var Ct=require("path"),bt=require("fs"),vt=require("os"),Et=m("set"),Mt=m("remove"),Pt=m("list"),kt=m("describe"),At=new wt.Command("profile").addCommand(Et).addCommand(Mt).addCommand(Pt).addCommand(kt);Et.argument("<profileName>","Name of the profile").description("Create a new profile or replace it with the given name and its associated properties").action(async(e,t)=>{new C(e).setObject("options",t),console.log(`${e} profile created`)});Mt.argument("<profileName>","Name of the profile").description("Remove a profile by name").action(async e=>{new C(e).setObject("options",void 0),console.log(`${e} profile removed`)});Pt.description("List all profiles saved").action(async()=>{let e=(0,Ct.resolve)((0,vt.homedir)(),".medplum"),t=(0,bt.readdirSync)(e),o=[];t.forEach(n=>{let a=n.split(".")[0],s=new C(a).getObject("options");s&&o.push({profileName:a,profile:s})}),console.log(o)});kt.argument("<profileName>","Name of the profile").description("Describes a profile").action(async e=>{let o=new C(e).getObject("options");console.log(o)});async function Dt(e){try{let t=new Nt.Command("medplum").description("Command to access Medplum CLI");t.version(J.MEDPLUM_VERSION),t.addCommand(Y),t.addCommand(Z),t.addCommand(ge),t.addCommand(he),t.addCommand(ye),t.addCommand(Se),t.addCommand(fe),t.addCommand(ht),t.addCommand(ut),t.addCommand(it),t.addCommand(le),t.addCommand(de),t.addCommand(ue),t.addCommand(At),t.addCommand(k),await t.parseAsync(e)}catch(t){console.error("Error: "+(0,J.normalizeErrorString)(t))}}async function It(){xt.default.config(),await Dt(process.argv)}require.main===module&&It().catch(e=>console.error("Unhandled error:",e));0&&(module.exports={main,run});
+`);console.log(r)}Yr.description("Project you are currently on").action(async e=>{let r=(await u(e)).getActiveLogin();if(!r)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${r.project.display} (${r.project.reference})`)});Zr.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let r=await u(t);await oi(r,e)});Qr.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new Fe.Option("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,r,o)=>{let n=await u(o),a=n.getActiveLogin();if(!a)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!a.project.reference)throw new Error("No current project to invite user to");let s=a.project.reference.split("/")[1],c={resourceType:o.role,firstName:e,lastName:t,email:r,sendEmail:!!o.sendEmail,admin:!!o.admin};await ni(s,c,n)});async function oi(e,t){let o=e.getLogins().find(n=>n.project.reference?.includes(t));o?(await e.setActiveLogin(o),console.log(`Switched to project ${t}
+`)):console.log(`Error: project ${t} not found. Make sure you are added as a user to this project`)}async function ni(e,t,r){try{await r.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}catch(o){console.log("Error while sending invite "+o)}}var to=require("@medplum/core");var Pt=m("delete"),_t=m("get"),Kt=m("patch"),Tt=m("post"),It=m("put");Pt.argument("<url>","Resource/$id").action(async(e,t)=>{let r=await u(t);D(await r.delete(ge(e,t)))});_t.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let o=await(await u(t)).get(ge(e,t));t.asTransaction?D((0,to.convertToTransactionBundle)(o)):D(o)});Kt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await u(r);D(await o.patch(ge(e,r),Ht(t)))});Tt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await u(r);D(await o.post(ge(e,r),Ht(t)))});It.arguments("<url> <body>").action(async(e,t,r)=>{let o=await u(r);D(await o.put(ge(e,r),Ht(t)))});function Ht(e){if(e)try{return JSON.parse(e)}catch{return e}}function ge(e,t){let r=["admin/","auth/","fhir/R4"],{fhirUrlPath:o}=t;return r.some(n=>e.startsWith(n))?e:o?`${o}/${e}`:"fhir/R4/"+e}var ro=require("commander");var oo=require("path"),no=require("fs"),io=require("os");var ao=m("set"),so=m("remove"),co=m("list"),po=m("describe"),mo=new ro.Command("profile").addCommand(ao).addCommand(so).addCommand(co).addCommand(po);ao.argument("<profileName>","Name of the profile").description("Create a new profile or replace it with the given name and its associated properties").action(async(e,t)=>{We(e,t)});so.argument("<profileName>","Name of the profile").description("Remove a profile by name").action(async e=>{new b(e).setObject("options",void 0),console.log(`${e} profile removed`)});co.description("List all profiles saved").action(async()=>{let e=(0,oo.resolve)((0,io.homedir)(),".medplum"),t=(0,no.readdirSync)(e),r=[];t.forEach(o=>{let n=o.split(".")[0],s=new b(n).getObject("options");s&&r.push({profileName:n,profile:s})}),console.log(r)});po.argument("<profileName>","Name of the profile").description("Describes a profile").action(async e=>{let t=Re(e);console.log(t)});async function fo(e){try{let t=new uo.Command("medplum").description("Command to access Medplum CLI");t.version(Ge.MEDPLUM_VERSION),t.addCommand(lt),t.addCommand(ft),t.addCommand(_t),t.addCommand(Tt),t.addCommand(Kt),t.addCommand(It),t.addCommand(Pt),t.addCommand(eo),t.addCommand(qr),t.addCommand(Br),t.addCommand(Ct),t.addCommand(vt),t.addCommand(At),t.addCommand(mo),t.addCommand(q),await t.parseAsync(e)}catch(t){console.error("Error: "+(0,Ge.normalizeErrorString)(t))}}async function ho(){lo.default.config(),await fo(process.argv)}require.main===module&&ho().catch(e=>console.error("Unhandled error:",e));0&&(module.exports={main,run});
 //# sourceMappingURL=index.cjs.map