@medplum/cli 3.2.11 → 3.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cjs/index.cjs +10 -10
  2. package/dist/cjs/index.cjs.map +4 -4
  3. package/dist/esm/index.mjs +10 -10
  4. package/dist/esm/index.mjs.map +4 -4
  5. package/package.json +12 -12
package/dist/esm/index.mjs CHANGED
@@ -1,19 +1,19 @@
1
1
  #!/usr/bin/env node
2
- var oo=Object.create;var Be=Object.defineProperty;var no=Object.getOwnPropertyDescriptor;var io=Object.getOwnPropertyNames;var so=Object.getPrototypeOf,ao=Object.prototype.hasOwnProperty;var co=(e,t,r)=>t in e?Be(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var Pt=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var lo=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var uo=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of io(t))!ao.call(e,n)&&n!==r&&Be(e,n,{get:()=>t[n],enumerable:!(o=no(t,n))||o.enumerable});return e};var bt=(e,t,r)=>(r=e!=null?oo(so(e)):{},uo(t||!e||!e.__esModule?Be(r,"default",{value:e,enumerable:!0}):r,e));var T=(e,t,r)=>co(e,typeof t!="symbol"?t+"":t,r);var ft=lo((d,ur)=>{"use strict";d=ur.exports=m;var E;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?E=function(){var e=Array.prototype.slice.call(arguments,0);e.unshift("SEMVER"),console.log.apply(console,e)}:E=function(){};d.SEMVER_SPEC_VERSION="2.0.0";var se=256,Ce=Number.MAX_SAFE_INTEGER||9007199254740991,at=16,un=se-6,Z=d.re=[],y=d.safeRe=[],l=d.src=[],s=d.tokens={},cr=0;function f(e){s[e]=cr++}var lt="[a-zA-Z0-9-]",ct=[["\\s",1],["\\d",se],[lt,un]];function ce(e){for(var t=0;t<ct.length;t++){var r=ct[t][0],o=ct[t][1];e=e.split(r+"*").join(r+"{0,"+o+"}").split(r+"+").join(r+"{1,"+o+"}")}return e}f("NUMERICIDENTIFIER");l[s.NUMERICIDENTIFIER]="0|[1-9]\\d*";f("NUMERICIDENTIFIERLOOSE");l[s.NUMERICIDENTIFIERLOOSE]="\\d+";f("NONNUMERICIDENTIFIER");l[s.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+lt+"*";f("MAINVERSION");l[s.MAINVERSION]="("+l[s.NUMERICIDENTIFIER]+")\\.("+l[s.NUMERICIDENTIFIER]+")\\.("+l[s.NUMERICIDENTIFIER]+")";f("MAINVERSIONLOOSE");l[s.MAINVERSIONLOOSE]="("+l[s.NUMERICIDENTIFIERLOOSE]+")\\.("+l[s.NUMERICIDENTIFIERLOOSE]+")\\.("+l[s.NUMERICIDENTIFIERLOOSE]+")";f("PRERELEASEIDENTIFIER");l[s.PRERELEASEIDENTIFIER]="(?:"+l[s.NUMERICIDENTIFIER]+"|"+l[s.NONNUMERICIDENTIFIER]+")";f("PRERELEASEIDENTIFIERLOOSE");l[s.PRERELEASEIDENTIFIERLOOSE]="(?:"+l[s.NUMERICIDENTIFIERLOOSE]+"|"+l[s.NONNUMERICIDENTIFIER]+")";f("PRERELEASE");l[s.PRERELEASE]="(?:-("+l[s.PRERELEASEIDENTIFIER]+"(?:\\."+l[s.PRERELEASEIDENTIFIER]+")*))";f("PRERELEASELOOSE");l[s.PRERELEASELOOSE]="(?:-?("+l[s.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+l[s.PRERELEASEIDENTIFIERLOOSE]+")*))";f("BUILDIDENTIFIER");l[s.BUILDIDENTIFIER]=lt+"+";f("BUILD");l[s.BUILD]="(?:\\+("+l[s.BUILDIDENTIFIER]+"(?:\\."+l[s.BUILDIDENTIFIER]+")*))";f("FULL");f("FULLPLAIN");l[s.FULLPLAIN]="v?"+l[s.MAINVERSION]+l[s.PRERELEASE]+"?"+l[s.BUILD]+"?";l[s.FULL]="^"+l[s.FULLPLAIN]+"$";f("LOOSEPLAIN");l[s.LOOSEPLAIN]="[v=\\s]*"+l[s.MAINVERSIONLOOSE]+l[s.PRERELEASELOOSE]+"?"+l[s.BUILD]+"?";f("LOOSE");l[s.LOOSE]="^"+l[s.LOOSEPLAIN]+"$";f("GTLT");l[s.GTLT]="((?:<|>)?=?)";f("XRANGEIDENTIFIERLOOSE");l[s.XRANGEIDENTIFIERLOOSE]=l[s.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";f("XRANGEIDENTIFIER");l[s.XRANGEIDENTIFIER]=l[s.NUMERICIDENTIFIER]+"|x|X|\\*";f("XRANGEPLAIN");l[s.XRANGEPLAIN]="[v=\\s]*("+l[s.XRANGEIDENTIFIER]+")(?:\\.("+l[s.XRANGEIDENTIFIER]+")(?:\\.("+l[s.XRANGEIDENTIFIER]+")(?:"+l[s.PRERELEASE]+")?"+l[s.BUILD]+"?)?)?";f("XRANGEPLAINLOOSE");l[s.XRANGEPLAINLOOSE]="[v=\\s]*("+l[s.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[s.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[s.XRANGEIDENTIFIERLOOSE]+")(?:"+l[s.PRERELEASELOOSE]+")?"+l[s.BUILD]+"?)?)?";f("XRANGE");l[s.XRANGE]="^"+l[s.GTLT]+"\\s*"+l[s.XRANGEPLAIN]+"$";f("XRANGELOOSE");l[s.XRANGELOOSE]="^"+l[s.GTLT]+"\\s*"+l[s.XRANGEPLAINLOOSE]+"$";f("COERCE");l[s.COERCE]="(^|[^\\d])(\\d{1,"+at+"})(?:\\.(\\d{1,"+at+"}))?(?:\\.(\\d{1,"+at+"}))?(?:$|[^\\d])";f("COERCERTL");Z[s.COERCERTL]=new RegExp(l[s.COERCE],"g");y[s.COERCERTL]=new RegExp(ce(l[s.COERCE]),"g");f("LONETILDE");l[s.LONETILDE]="(?:~>?)";f("TILDETRIM");l[s.TILDETRIM]="(\\s*)"+l[s.LONETILDE]+"\\s+";Z[s.TILDETRIM]=new RegExp(l[s.TILDETRIM],"g");y[s.TILDETRIM]=new RegExp(ce(l[s.TILDETRIM]),"g");var pn="$1~";f("TILDE");l[s.TILDE]="^"+l[s.LONETILDE]+l[s.XRANGEPLAIN]+"$";f("TILDELOOSE");l[s.TILDELOOSE]="^"+l[s.LONETILDE]+l[s.XRANGEPLAINLOOSE]+"$";f("LONECARET");l[s.LONECARET]="(?:\\^)";f("CARETTRIM");l[s.CARETTRIM]="(\\s*)"+l[s.LONECARET]+"\\s+";Z[s.CARETTRIM]=new RegExp(l[s.CARETTRIM],"g");y[s.CARETTRIM]=new RegExp(ce(l[s.CARETTRIM]),"g");var dn="$1^";f("CARET");l[s.CARET]="^"+l[s.LONECARET]+l[s.XRANGEPLAIN]+"$";f("CARETLOOSE");l[s.CARETLOOSE]="^"+l[s.LONECARET]+l[s.XRANGEPLAINLOOSE]+"$";f("COMPARATORLOOSE");l[s.COMPARATORLOOSE]="^"+l[s.GTLT]+"\\s*("+l[s.LOOSEPLAIN]+")$|^$";f("COMPARATOR");l[s.COMPARATOR]="^"+l[s.GTLT]+"\\s*("+l[s.FULLPLAIN]+")$|^$";f("COMPARATORTRIM");l[s.COMPARATORTRIM]="(\\s*)"+l[s.GTLT]+"\\s*("+l[s.LOOSEPLAIN]+"|"+l[s.XRANGEPLAIN]+")";Z[s.COMPARATORTRIM]=new RegExp(l[s.COMPARATORTRIM],"g");y[s.COMPARATORTRIM]=new RegExp(ce(l[s.COMPARATORTRIM]),"g");var mn="$1$2$3";f("HYPHENRANGE");l[s.HYPHENRANGE]="^\\s*("+l[s.XRANGEPLAIN]+")\\s+-\\s+("+l[s.XRANGEPLAIN]+")\\s*$";f("HYPHENRANGELOOSE");l[s.HYPHENRANGELOOSE]="^\\s*("+l[s.XRANGEPLAINLOOSE]+")\\s+-\\s+("+l[s.XRANGEPLAINLOOSE]+")\\s*$";f("STAR");l[s.STAR]="(<|>)?=?\\s*\\*";for(M=0;M<cr;M++)E(M,l[M]),Z[M]||(Z[M]=new RegExp(l[M]),y[M]=new RegExp(ce(l[M])));var M;d.parse=J;function J(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m)return e;if(typeof e!="string"||e.length>se)return null;var r=t.loose?y[s.LOOSE]:y[s.FULL];if(!r.test(e))return null;try{return new m(e,t)}catch{return null}}d.valid=fn;function fn(e,t){var r=J(e,t);return r?r.version:null}d.clean=hn;function hn(e,t){var r=J(e.trim().replace(/^[=v]+/,""),t);return r?r.version:null}d.SemVer=m;function m(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m){if(e.loose===t.loose)return e;e=e.version}else if(typeof e!="string")throw new TypeError("Invalid Version: "+e);if(e.length>se)throw new TypeError("version is longer than "+se+" characters");if(!(this instanceof m))return new m(e,t);E("SemVer",e,t),this.options=t,this.loose=!!t.loose;var r=e.trim().match(t.loose?y[s.LOOSE]:y[s.FULL]);if(!r)throw new TypeError("Invalid Version: "+e);if(this.raw=e,this.major=+r[1],this.minor=+r[2],this.patch=+r[3],this.major>Ce||this.major<0)throw new TypeError("Invalid major version");if(this.minor>Ce||this.minor<0)throw new TypeError("Invalid minor version");if(this.patch>Ce||this.patch<0)throw new TypeError("Invalid patch version");r[4]?this.prerelease=r[4].split(".").map(function(o){if(/^[0-9]+$/.test(o)){var n=+o;if(n>=0&&n<Ce)return n}return o}):this.prerelease=[],this.build=r[5]?r[5].split("."):[],this.format()}m.prototype.format=function(){return this.version=this.major+"."+this.minor+"."+this.patch,this.prerelease.length&&(this.version+="-"+this.prerelease.join(".")),this.version};m.prototype.toString=function(){return this.version};m.prototype.compare=function(e){return E("SemVer.compare",this.version,this.options,e),e instanceof m||(e=new m(e,this.options)),this.compareMain(e)||this.comparePre(e)};m.prototype.compareMain=function(e){return e instanceof m||(e=new m(e,this.options)),V(this.major,e.major)||V(this.minor,e.minor)||V(this.patch,e.patch)};m.prototype.comparePre=function(e){if(e instanceof m||(e=new m(e,this.options)),this.prerelease.length&&!e.prerelease.length)return-1;if(!this.prerelease.length&&e.prerelease.length)return 1;if(!this.prerelease.length&&!e.prerelease.length)return 0;var t=0;do{var r=this.prerelease[t],o=e.prerelease[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return V(r,o)}while(++t)};m.prototype.compareBuild=function(e){e instanceof m||(e=new m(e,this.options));var t=0;do{var r=this.build[t],o=e.build[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return V(r,o)}while(++t)};m.prototype.inc=function(e,t){switch(e){case"premajor":this.prerelease.length=0,this.patch=0,this.minor=0,this.major++,this.inc("pre",t);break;case"preminor":this.prerelease.length=0,this.patch=0,this.minor++,this.inc("pre",t);break;case"prepatch":this.prerelease.length=0,this.inc("patch",t),this.inc("pre",t);break;case"prerelease":this.prerelease.length===0&&this.inc("patch",t),this.inc("pre",t);break;case"major":(this.minor!==0||this.patch!==0||this.prerelease.length===0)&&this.major++,this.minor=0,this.patch=0,this.prerelease=[];break;case"minor":(this.patch!==0||this.prerelease.length===0)&&this.minor++,this.patch=0,this.prerelease=[];break;case"patch":this.prerelease.length===0&&this.patch++,this.prerelease=[];break;case"pre":if(this.prerelease.length===0)this.prerelease=[0];else{for(var r=this.prerelease.length;--r>=0;)typeof this.prerelease[r]=="number"&&(this.prerelease[r]++,r=-2);r===-1&&this.prerelease.push(0)}t&&(this.prerelease[0]===t?isNaN(this.prerelease[1])&&(this.prerelease=[t,0]):this.prerelease=[t,0]);break;default:throw new Error("invalid increment argument: "+e)}return this.format(),this.raw=this.version,this};d.inc=gn;function gn(e,t,r,o){typeof r=="string"&&(o=r,r=void 0);try{return new m(e,r).inc(t,o).version}catch{return null}}d.diff=yn;function yn(e,t){if(ut(e,t))return null;var r=J(e),o=J(t),n="";if(r.prerelease.length||o.prerelease.length){n="pre";var i="prerelease"}for(var a in r)if((a==="major"||a==="minor"||a==="patch")&&r[a]!==o[a])return n+a;return i}d.compareIdentifiers=V;var sr=/^[0-9]+$/;function V(e,t){var r=sr.test(e),o=sr.test(t);return r&&o&&(e=+e,t=+t),e===t?0:r&&!o?-1:o&&!r?1:e<t?-1:1}d.rcompareIdentifiers=En;function En(e,t){return V(t,e)}d.major=Sn;function Sn(e,t){return new m(e,t).major}d.minor=wn;function wn(e,t){return new m(e,t).minor}d.patch=Rn;function Rn(e,t){return new m(e,t).patch}d.compare=j;function j(e,t,r){return new m(e,r).compare(new m(t,r))}d.compareLoose=In;function In(e,t){return j(e,t,!0)}d.compareBuild=An;function An(e,t,r){var o=new m(e,r),n=new m(t,r);return o.compare(n)||o.compareBuild(n)}d.rcompare=Cn;function Cn(e,t,r){return j(t,e,r)}d.sort=vn;function vn(e,t){return e.sort(function(r,o){return d.compareBuild(r,o,t)})}d.rsort=Tn;function Tn(e,t){return e.sort(function(r,o){return d.compareBuild(o,r,t)})}d.gt=ae;function ae(e,t,r){return j(e,t,r)>0}d.lt=ve;function ve(e,t,r){return j(e,t,r)<0}d.eq=ut;function ut(e,t,r){return j(e,t,r)===0}d.neq=lr;function lr(e,t,r){return j(e,t,r)!==0}d.gte=pt;function pt(e,t,r){return j(e,t,r)>=0}d.lte=dt;function dt(e,t,r){return j(e,t,r)<=0}d.cmp=Te;function Te(e,t,r,o){switch(t){case"===":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e===r;case"!==":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e!==r;case"":case"=":case"==":return ut(e,r,o);case"!=":return lr(e,r,o);case">":return ae(e,r,o);case">=":return pt(e,r,o);case"<":return ve(e,r,o);case"<=":return dt(e,r,o);default:throw new TypeError("Invalid operator: "+t)}}d.Comparator=L;function L(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof L){if(e.loose===!!t.loose)return e;e=e.value}if(!(this instanceof L))return new L(e,t);e=e.trim().split(/\s+/).join(" "),E("comparator",e,t),this.options=t,this.loose=!!t.loose,this.parse(e),this.semver===Q?this.value="":this.value=this.operator+this.semver.version,E("comp",this)}var Q={};L.prototype.parse=function(e){var t=this.options.loose?y[s.COMPARATORLOOSE]:y[s.COMPARATOR],r=e.match(t);if(!r)throw new TypeError("Invalid comparator: "+e);this.operator=r[1]!==void 0?r[1]:"",this.operator==="="&&(this.operator=""),r[2]?this.semver=new m(r[2],this.options.loose):this.semver=Q};L.prototype.toString=function(){return this.value};L.prototype.test=function(e){if(E("Comparator.test",e,this.options.loose),this.semver===Q||e===Q)return!0;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}return Te(e,this.operator,this.semver,this.options)};L.prototype.intersects=function(e,t){if(!(e instanceof L))throw new TypeError("a Comparator is required");(!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1});var r;if(this.operator==="")return this.value===""?!0:(r=new I(e.value,t),Pe(this.value,r,t));if(e.operator==="")return e.value===""?!0:(r=new I(this.value,t),Pe(e.semver,r,t));var o=(this.operator===">="||this.operator===">")&&(e.operator===">="||e.operator===">"),n=(this.operator==="<="||this.operator==="<")&&(e.operator==="<="||e.operator==="<"),i=this.semver.version===e.semver.version,a=(this.operator===">="||this.operator==="<=")&&(e.operator===">="||e.operator==="<="),u=Te(this.semver,"<",e.semver,t)&&(this.operator===">="||this.operator===">")&&(e.operator==="<="||e.operator==="<"),p=Te(this.semver,">",e.semver,t)&&(this.operator==="<="||this.operator==="<")&&(e.operator===">="||e.operator===">");return o||n||i&&a||u||p};d.Range=I;function I(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof I)return e.loose===!!t.loose&&e.includePrerelease===!!t.includePrerelease?e:new I(e.raw,t);if(e instanceof L)return new I(e.value,t);if(!(this instanceof I))return new I(e,t);if(this.options=t,this.loose=!!t.loose,this.includePrerelease=!!t.includePrerelease,this.raw=e.trim().split(/\s+/).join(" "),this.set=this.raw.split("||").map(function(r){return this.parseRange(r.trim())},this).filter(function(r){return r.length}),!this.set.length)throw new TypeError("Invalid SemVer Range: "+this.raw);this.format()}I.prototype.format=function(){return this.range=this.set.map(function(e){return e.join(" ").trim()}).join("||").trim(),this.range};I.prototype.toString=function(){return this.range};I.prototype.parseRange=function(e){var t=this.options.loose,r=t?y[s.HYPHENRANGELOOSE]:y[s.HYPHENRANGE];e=e.replace(r,_n),E("hyphen replace",e),e=e.replace(y[s.COMPARATORTRIM],mn),E("comparator trim",e,y[s.COMPARATORTRIM]),e=e.replace(y[s.TILDETRIM],pn),e=e.replace(y[s.CARETTRIM],dn),e=e.split(/\s+/).join(" ");var o=t?y[s.COMPARATORLOOSE]:y[s.COMPARATOR],n=e.split(" ").map(function(i){return bn(i,this.options)},this).join(" ").split(/\s+/);return this.options.loose&&(n=n.filter(function(i){return!!i.match(o)})),n=n.map(function(i){return new L(i,this.options)},this),n};I.prototype.intersects=function(e,t){if(!(e instanceof I))throw new TypeError("a Range is required");return this.set.some(function(r){return ar(r,t)&&e.set.some(function(o){return ar(o,t)&&r.every(function(n){return o.every(function(i){return n.intersects(i,t)})})})})};function ar(e,t){for(var r=!0,o=e.slice(),n=o.pop();r&&o.length;)r=o.every(function(i){return n.intersects(i,t)}),n=o.pop();return r}d.toComparators=Pn;function Pn(e,t){return new I(e,t).set.map(function(r){return r.map(function(o){return o.value}).join(" ").trim().split(" ")})}function bn(e,t){return E("comp",e,t),e=Ln(e,t),E("caret",e),e=On(e,t),E("tildes",e),e=Dn(e,t),E("xrange",e),e=kn(e,t),E("stars",e),e}function P(e){return!e||e.toLowerCase()==="x"||e==="*"}function On(e,t){return e.trim().split(/\s+/).map(function(r){return Nn(r,t)}).join(" ")}function Nn(e,t){var r=t.loose?y[s.TILDELOOSE]:y[s.TILDE];return e.replace(r,function(o,n,i,a,u){E("tilde",e,o,n,i,a,u);var p;return P(n)?p="":P(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":P(a)?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":u?(E("replaceTilde pr",u),p=">="+n+"."+i+"."+a+"-"+u+" <"+n+"."+(+i+1)+".0"):p=">="+n+"."+i+"."+a+" <"+n+"."+(+i+1)+".0",E("tilde return",p),p})}function Ln(e,t){return e.trim().split(/\s+/).map(function(r){return xn(r,t)}).join(" ")}function xn(e,t){E("caret",e,t);var r=t.loose?y[s.CARETLOOSE]:y[s.CARET];return e.replace(r,function(o,n,i,a,u){E("caret",e,o,n,i,a,u);var p;return P(n)?p="":P(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":P(a)?n==="0"?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+".0 <"+(+n+1)+".0.0":u?(E("replaceCaret pr",u),n==="0"?i==="0"?p=">="+n+"."+i+"."+a+"-"+u+" <"+n+"."+i+"."+(+a+1):p=">="+n+"."+i+"."+a+"-"+u+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+a+"-"+u+" <"+(+n+1)+".0.0"):(E("no pr"),n==="0"?i==="0"?p=">="+n+"."+i+"."+a+" <"+n+"."+i+"."+(+a+1):p=">="+n+"."+i+"."+a+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+a+" <"+(+n+1)+".0.0"),E("caret return",p),p})}function Dn(e,t){return E("replaceXRanges",e,t),e.split(/\s+/).map(function(r){return Mn(r,t)}).join(" ")}function Mn(e,t){e=e.trim();var r=t.loose?y[s.XRANGELOOSE]:y[s.XRANGE];return e.replace(r,function(o,n,i,a,u,p){E("xRange",e,o,n,i,a,u,p);var g=P(i),w=g||P(a),R=w||P(u),v=R;return n==="="&&v&&(n=""),p=t.includePrerelease?"-0":"",g?n===">"||n==="<"?o="<0.0.0-0":o="*":n&&v?(w&&(a=0),u=0,n===">"?(n=">=",w?(i=+i+1,a=0,u=0):(a=+a+1,u=0)):n==="<="&&(n="<",w?i=+i+1:a=+a+1),o=n+i+"."+a+"."+u+p):w?o=">="+i+".0.0"+p+" <"+(+i+1)+".0.0"+p:R&&(o=">="+i+"."+a+".0"+p+" <"+i+"."+(+a+1)+".0"+p),E("xRange return",o),o})}function kn(e,t){return E("replaceStars",e,t),e.trim().replace(y[s.STAR],"")}function _n(e,t,r,o,n,i,a,u,p,g,w,R,v){return P(r)?t="":P(o)?t=">="+r+".0.0":P(n)?t=">="+r+"."+o+".0":t=">="+t,P(p)?u="":P(g)?u="<"+(+p+1)+".0.0":P(w)?u="<"+p+"."+(+g+1)+".0":R?u="<="+p+"."+g+"."+w+"-"+R:u="<="+u,(t+" "+u).trim()}I.prototype.test=function(e){if(!e)return!1;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}for(var t=0;t<this.set.length;t++)if(Un(this.set[t],e,this.options))return!0;return!1};function Un(e,t,r){for(var o=0;o<e.length;o++)if(!e[o].test(t))return!1;if(t.prerelease.length&&!r.includePrerelease){for(o=0;o<e.length;o++)if(E(e[o].semver),e[o].semver!==Q&&e[o].semver.prerelease.length>0){var n=e[o].semver;if(n.major===t.major&&n.minor===t.minor&&n.patch===t.patch)return!0}return!1}return!0}d.satisfies=Pe;function Pe(e,t,r){try{t=new I(t,r)}catch{return!1}return t.test(e)}d.maxSatisfying=$n;function $n(e,t,r){var o=null,n=null;try{var i=new I(t,r)}catch{return null}return e.forEach(function(a){i.test(a)&&(!o||n.compare(a)===-1)&&(o=a,n=new m(o,r))}),o}d.minSatisfying=Fn;function Fn(e,t,r){var o=null,n=null;try{var i=new I(t,r)}catch{return null}return e.forEach(function(a){i.test(a)&&(!o||n.compare(a)===1)&&(o=a,n=new m(o,r))}),o}d.minVersion=jn;function jn(e,t){e=new I(e,t);var r=new m("0.0.0");if(e.test(r)||(r=new m("0.0.0-0"),e.test(r)))return r;r=null;for(var o=0;o<e.set.length;++o){var n=e.set[o];n.forEach(function(i){var a=new m(i.semver.version);switch(i.operator){case">":a.prerelease.length===0?a.patch++:a.prerelease.push(0),a.raw=a.format();case"":case">=":(!r||ae(r,a))&&(r=a);break;case"<":case"<=":break;default:throw new Error("Unexpected operation: "+i.operator)}})}return r&&e.test(r)?r:null}d.validRange=Bn;function Bn(e,t){try{return new I(e,t).range||"*"}catch{return null}}d.ltr=Kn;function Kn(e,t,r){return mt(e,t,"<",r)}d.gtr=Wn;function Wn(e,t,r){return mt(e,t,">",r)}d.outside=mt;function mt(e,t,r,o){e=new m(e,o),t=new I(t,o);var n,i,a,u,p;switch(r){case">":n=ae,i=dt,a=ve,u=">",p=">=";break;case"<":n=ve,i=pt,a=ae,u="<",p="<=";break;default:throw new TypeError('Must provide a hilo val of "<" or ">"')}if(Pe(e,t,o))return!1;for(var g=0;g<t.set.length;++g){var w=t.set[g],R=null,v=null;if(w.forEach(function(O){O.semver===Q&&(O=new L(">=0.0.0")),R=R||O,v=v||O,n(O.semver,R.semver,o)?R=O:a(O.semver,v.semver,o)&&(v=O)}),R.operator===u||R.operator===p||(!v.operator||v.operator===u)&&i(e,v.semver))return!1;if(v.operator===p&&a(e,v.semver))return!1}return!0}d.prerelease=Hn;function Hn(e,t){var r=J(e,t);return r&&r.prerelease.length?r.prerelease:null}d.intersects=Gn;function Gn(e,t,r){return e=new I(e,r),t=new I(t,r),e.intersects(t)}d.coerce=Vn;function Vn(e,t){if(e instanceof m)return e;if(typeof e=="number"&&(e=String(e)),typeof e!="string")return null;t=t||{};var r=null;if(!t.rtl)r=e.match(y[s.COERCE]);else{for(var o;(o=y[s.COERCERTL].exec(e))&&(!r||r.index+r[0].length!==e.length);)(!r||o.index+o[0].length!==r.index+r[0].length)&&(r=o),y[s.COERCERTL].lastIndex=o.index+o[1].length+o[2].length;y[s.COERCERTL].lastIndex=-1}return r===null?null:J(r[2]+"."+(r[3]||"0")+"."+(r[4]||"0"),t)}});import{MEDPLUM_VERSION as $s,normalizeErrorString as Tt}from"@medplum/core";import{Command as Fs,CommanderError as ro}from"commander";import js from"dotenv";import{ContentType as Ae,getDisplayString as Zo,MEDPLUM_CLI_CLIENT_ID as Qo,normalizeErrorString as en}from"@medplum/core";import{exec as tn}from"node:child_process";import{createServer as rn}from"node:http";import{platform as on}from"node:os";import{MedplumClient as yo}from"@medplum/core";import{ClientStorage as po}from"@medplum/core";import{existsSync as Ot,mkdirSync as mo,readFileSync as fo,writeFileSync as ho}from"node:fs";import{homedir as go}from"node:os";import{resolve as Nt}from"node:path";var x=class extends po{constructor(t){super(),this.dirName=Nt(go(),".medplum"),this.fileName=Nt(this.dirName,t+".json")}clear(){this.writeFile({})}getString(t){return this.readFile()?.[t]}setString(t,r){let o=this.readFile()??{};r?o[t]=r:delete o[t],this.writeFile(o)}getObject(t){let r=this.getString(t);return r?JSON.parse(r):void 0}setObject(t,r){this.setString(t,r?JSON.stringify(r):void 0)}readFile(){if(Ot(this.fileName))return JSON.parse(fo(this.fileName,"utf8"))}writeFile(t){Ot(this.dirName)||mo(this.dirName),ho(this.fileName,JSON.stringify(t,null,2),"utf8")}};async function S(e,t=!0){let r=e.profile??"default",o=new x(r),n=o.getObject("options");if(r!=="default"&&!n)throw new Error(`Profile "${r}" does not exist`);let{baseUrl:i,fhirUrlPath:a,accessToken:u,tokenUrl:p,authorizeUrl:g,clientId:w,clientSecret:R}=Eo(e,o),v=e.fetch??fetch,O=new yo({fetch:v,baseUrl:i,tokenUrl:p,fhirUrlPath:a,authorizeUrl:g,storage:o,onUnauthenticated:So,verbose:e.verbose});return t&&(u?O.setAccessToken(u):w&&R&&(O.setBasicAuth(w,R),n?.authType!=="basic"&&await O.startClientLogin(w,R))),O}function Eo(e,t){let r=t.getObject("options"),o=e.baseUrl??r?.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",n=e.fhirUrlPath??r?.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH,i=e.accessToken??r?.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN,a=e.tokenUrl??r?.tokenUrl??process.env.MEDPLUM_TOKEN_URL,u=e.authorizeUrl??r?.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL,p=e.clientId??r?.clientId??process.env.MEDPLUM_CLIENT_ID,g=e.clientSecret??r?.clientSecret??process.env.MEDPLUM_CLIENT_SECRET;return{baseUrl:o,fhirUrlPath:n,accessToken:i,tokenUrl:a,authorizeUrl:u,clientId:p,clientSecret:g}}function So(){console.log("Unauthenticated: run `npx medplum login` to sign in")}import{Command as wo,Option as Ro}from"commander";function h(e){return new wo(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base URL, must be absolute").option("--token-url <tokenUrl>","FHIR server token URL, absolute or relative to base URL").option("--authorize-url <authorizeUrl>","FHIR server authorize URL, absolute or relative to base URL").option("--fhir-url, --fhir-url-path <fhirUrlPath>","FHIR server URL, absolute or relative to base URL").option("--scope <scope>","JWT scope").option("--access-token <accessToken>","Access token for token exchange authentication").option("--callback-url <callbackUrl>","Callback URL for authorization code flow").option("--subject <subject>","Subject for JWT authentication").option("--audience <audience>","Audience for JWT authentication").option("--issuer <issuer>","Issuer for JWT authentication").option("--private-key-path <privateKeyPath>","Private key path for JWT assertion").option("-p, --profile <profile>","Profile name").option("-v --verbose","Verbose output").addOption(new Ro("--auth-type <authType>","Type of authentication").choices(["basic","client-credentials","authorization-code","jwt-bearer","token-exchange","jwt-assertion"]))}import{ContentType as Ze,encodeBase64 as Xt}from"@medplum/core";import{Buffer as Io}from"node:buffer";var H=new TextEncoder,Ke=new TextDecoder,ra=2**32;function Lt(...e){let t=e.reduce((n,{length:i})=>n+i,0),r=new Uint8Array(t),o=0;for(let n of e)r.set(n,o),o+=n.length;return r}var de=e=>Io.from(e).toString("base64url");var q=class extends Error{constructor(r){super(r);T(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}};var N=class extends q{constructor(){super(...arguments);T(this,"code","ERR_JOSE_NOT_SUPPORTED")}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}};var B=class extends q{constructor(){super(...arguments);T(this,"code","ERR_JWS_INVALID")}static get code(){return"ERR_JWS_INVALID"}},me=class extends q{constructor(){super(...arguments);T(this,"code","ERR_JWT_INVALID")}static get code(){return"ERR_JWT_INVALID"}};var Dt,Mt,xt=class extends(Mt=q,Dt=Symbol.asyncIterator,Mt){constructor(){super(...arguments);T(this,Dt);T(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");T(this,"message","multiple matching keys found in the JSON Web Key Set")}static get code(){return"ERR_JWKS_MULTIPLE_MATCHING_KEYS"}};import*as kt from"node:util";var fe=e=>kt.types.isKeyObject(e);import*as _t from"node:crypto";import*as Ut from"node:util";var Co=_t.webcrypto,$t=Co,z=e=>Ut.types.isCryptoKey(e);function _(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function he(e,t){return e.name===t}function We(e){return parseInt(e.name.slice(4),10)}function vo(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function To(e,t){if(t.length&&!t.some(r=>e.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(t.length>2){let o=t.pop();r+=`one of ${t.join(", ")}, or ${o}.`}else t.length===2?r+=`one of ${t[0]} or ${t[1]}.`:r+=`${t[0]}.`;throw new TypeError(r)}}function Ft(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!he(e.algorithm,"HMAC"))throw _("HMAC");let o=parseInt(t.slice(2),10);if(We(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!he(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");let o=parseInt(t.slice(2),10);if(We(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!he(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");let o=parseInt(t.slice(2),10);if(We(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"EdDSA":{if(e.algorithm.name!=="Ed25519"&&e.algorithm.name!=="Ed448")throw _("Ed25519 or Ed448");break}case"ES256":case"ES384":case"ES512":{if(!he(e.algorithm,"ECDSA"))throw _("ECDSA");let o=vo(t);if(e.algorithm.namedCurve!==o)throw _(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}To(e,r)}function jt(e,t,...r){if(r.length>2){let o=r.pop();e+=`one of type ${r.join(", ")}, or ${o}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var ne=(e,...t)=>jt("Key must be ",e,...t);function He(e,t,...r){return jt(`Key for the ${e} algorithm must be `,t,...r)}var Ge=e=>fe(e)||z(e),U=["KeyObject"];(globalThis.CryptoKey||$t?.CryptoKey)&&U.push("CryptoKey");var Po=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let o of t){let n=Object.keys(o);if(!r||r.size===0){r=new Set(n);continue}for(let i of n){if(r.has(i))return!1;r.add(i)}}return!0},Bt=Po;function bo(e){return typeof e=="object"&&e!==null}function Ve(e){if(!bo(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}import{KeyObject as Oo}from"node:crypto";var No=e=>{switch(e){case"prime256v1":return"P-256";case"secp384r1":return"P-384";case"secp521r1":return"P-521";case"secp256k1":return"secp256k1";default:throw new N("Unsupported key curve for this operation")}},Lo=(e,t)=>{let r;if(z(e))r=Oo.from(e);else if(fe(e))r=e;else throw new TypeError(ne(e,...U));if(r.type==="secret")throw new TypeError('only "private" or "public" type keys can be used for this operation');switch(r.asymmetricKeyType){case"ed25519":case"ed448":return`Ed${r.asymmetricKeyType.slice(2)}`;case"x25519":case"x448":return`X${r.asymmetricKeyType.slice(1)}`;case"ec":{let o=r.asymmetricKeyDetails.namedCurve;return t?o:No(o)}default:throw new TypeError("Invalid asymmetric key type for this operation")}},Kt=Lo;var Je=(e,t)=>{let{modulusLength:r}=e.asymmetricKeyDetails;if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)};var Y=e=>e?.[Symbol.toStringTag],xo=(e,t)=>{if(!(t instanceof Uint8Array)){if(!Ge(t))throw new TypeError(He(e,t,...U,"Uint8Array"));if(t.type!=="secret")throw new TypeError(`${Y(t)} instances for symmetric algorithms must be of type "secret"`)}},Do=(e,t,r)=>{if(!Ge(t))throw new TypeError(He(e,t,...U));if(t.type==="secret")throw new TypeError(`${Y(t)} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&t.type==="public")throw new TypeError(`${Y(t)} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&t.type==="public")throw new TypeError(`${Y(t)} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&r==="verify"&&t.type==="private")throw new TypeError(`${Y(t)} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&r==="encrypt"&&t.type==="private")throw new TypeError(`${Y(t)} instances for asymmetric algorithm encryption must be of type "public"`)},Mo=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?xo(e,t):Do(e,t,r)},Wt=Mo;function ko(e,t,r,o,n){if(n.crit!==void 0&&o?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!o||o.crit===void 0)return new Set;if(!Array.isArray(o.crit)||o.crit.length===0||o.crit.some(a=>typeof a!="string"||a.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let i;r!==void 0?i=new Map([...Object.entries(r),...t.entries()]):i=t;for(let a of o.crit){if(!i.has(a))throw new N(`Extension Header Parameter "${a}" is not recognized`);if(n[a]===void 0)throw new e(`Extension Header Parameter "${a}" is missing`);if(i.get(a)&&o[a]===void 0)throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`)}return new Set(o.crit)}var Ht=ko;function Xe(e){switch(e){case"PS256":case"RS256":case"ES256":case"ES256K":return"sha256";case"PS384":case"RS384":case"ES384":return"sha384";case"PS512":case"RS512":case"ES512":return"sha512";case"EdDSA":return;default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}import{constants as Gt}from"node:crypto";var _o={padding:Gt.RSA_PKCS1_PSS_PADDING,saltLength:Gt.RSA_PSS_SALTLEN_DIGEST},Uo=new Map([["ES256","P-256"],["ES256K","secp256k1"],["ES384","P-384"],["ES512","P-521"]]);function qe(e,t){switch(e){case"EdDSA":if(!["ed25519","ed448"].includes(t.asymmetricKeyType))throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448");return t;case"RS256":case"RS384":case"RS512":if(t.asymmetricKeyType!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa");return Je(t,e),t;case"PS256":case"PS384":case"PS512":if(t.asymmetricKeyType==="rsa-pss"){let{hashAlgorithm:r,mgf1HashAlgorithm:o,saltLength:n}=t.asymmetricKeyDetails,i=parseInt(e.slice(-3),10);if(r!==void 0&&(r!==`sha${i}`||o!==r))throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${e}`);if(n!==void 0&&n>i>>3)throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${e}`)}else if(t.asymmetricKeyType!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss");return Je(t,e),{key:t,..._o};case"ES256":case"ES256K":case"ES384":case"ES512":{if(t.asymmetricKeyType!=="ec")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ec");let r=Kt(t),o=Uo.get(e);if(r!==o)throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${o}, got ${r}`);return{dsaEncoding:"ieee-p1363",key:t}}default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}import*as ge from"node:crypto";import{promisify as Fo}from"node:util";function ze(e){switch(e){case"HS256":return"sha256";case"HS384":return"sha384";case"HS512":return"sha512";default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}import{KeyObject as Vt,createSecretKey as $o}from"node:crypto";function Ye(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(ne(t,...U));return $o(t)}if(t instanceof Vt)return t;if(z(t))return Ft(t,e,r),Vt.from(t);throw new TypeError(ne(t,...U,"Uint8Array"))}var jo=Fo(ge.sign),Bo=async(e,t,r)=>{let o=Ye(e,t,"sign");if(e.startsWith("HS")){let n=ge.createHmac(ze(e),o);return n.update(r),n.digest()}return jo(Xe(e),r,qe(e,o))},Jt=Bo;var K=e=>Math.floor(e.getTime()/1e3);var Ko=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,ye=e=>{let t=Ko.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),o=t[3].toLowerCase(),n;switch(o){case"sec":case"secs":case"second":case"seconds":case"s":n=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":n=Math.round(r*60);break;case"hour":case"hours":case"hr":case"hrs":case"h":n=Math.round(r*3600);break;case"day":case"days":case"d":n=Math.round(r*86400);break;case"week":case"weeks":case"w":n=Math.round(r*604800);break;default:n=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-n:n};var Ee=class{constructor(t){T(this,"_payload");T(this,"_protectedHeader");T(this,"_unprotectedHeader");if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=t}setProtectedHeader(t){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=t,this}setUnprotectedHeader(t){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=t,this}async sign(t,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new B("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Bt(this._protectedHeader,this._unprotectedHeader))throw new B("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let o={...this._protectedHeader,...this._unprotectedHeader},n=Ht(B,new Map([["b64",!0]]),r?.crit,this._protectedHeader,o),i=!0;if(n.has("b64")&&(i=this._protectedHeader.b64,typeof i!="boolean"))throw new B('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:a}=o;if(typeof a!="string"||!a)throw new B('JWS "alg" (Algorithm) Header Parameter missing or invalid');Wt(a,t,"sign");let u=this._payload;i&&(u=H.encode(de(u)));let p;this._protectedHeader?p=H.encode(de(JSON.stringify(this._protectedHeader))):p=H.encode("");let g=Lt(p,H.encode("."),u),w=await Jt(a,t,g),R={signature:de(w),payload:""};return i&&(R.payload=Ke.decode(u)),this._unprotectedHeader&&(R.header=this._unprotectedHeader),this._protectedHeader&&(R.protected=Ke.decode(p)),R}};var Se=class{constructor(t){T(this,"_flattened");this._flattened=new Ee(t)}setProtectedHeader(t){return this._flattened.setProtectedHeader(t),this}async sign(t,r){let o=await this._flattened.sign(t,r);if(o.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${o.protected}.${o.payload}.${o.signature}`}};function G(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var we=class{constructor(t={}){T(this,"_payload");if(!Ve(t))throw new TypeError("JWT Claims Set MUST be an object");this._payload=t}setIssuer(t){return this._payload={...this._payload,iss:t},this}setSubject(t){return this._payload={...this._payload,sub:t},this}setAudience(t){return this._payload={...this._payload,aud:t},this}setJti(t){return this._payload={...this._payload,jti:t},this}setNotBefore(t){return typeof t=="number"?this._payload={...this._payload,nbf:G("setNotBefore",t)}:t instanceof Date?this._payload={...this._payload,nbf:G("setNotBefore",K(t))}:this._payload={...this._payload,nbf:K(new Date)+ye(t)},this}setExpirationTime(t){return typeof t=="number"?this._payload={...this._payload,exp:G("setExpirationTime",t)}:t instanceof Date?this._payload={...this._payload,exp:G("setExpirationTime",K(t))}:this._payload={...this._payload,exp:K(new Date)+ye(t)},this}setIssuedAt(t){return typeof t>"u"?this._payload={...this._payload,iat:K(new Date)}:t instanceof Date?this._payload={...this._payload,iat:G("setIssuedAt",K(t))}:typeof t=="string"?this._payload={...this._payload,iat:G("setIssuedAt",K(new Date)+ye(t))}:this._payload={...this._payload,iat:G("setIssuedAt",t)},this}};var ie=class extends we{constructor(){super(...arguments);T(this,"_protectedHeader")}setProtectedHeader(r){return this._protectedHeader=r,this}async sign(r,o){let n=new Se(H.encode(JSON.stringify(this._payload)));if(n.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new me("JWTs MUST NOT use unencoded payload");return n.sign(r,o)}};import{createHmac as Wo,createPrivateKey as Ho,randomBytes as Go}from"node:crypto";import{existsSync as Vo,readFileSync as qt,writeFileSync as zt}from"node:fs";import{basename as Yt,extname as Jo,resolve as Qe}from"node:path";import{extract as Xo}from"tar";function $(e){console.log(JSON.stringify(e,null,2))}async function et(e,t,r){let o=t.source,n=Re(o);if(!n)return;console.log("Saving source code...");let i=await e.createAttachment(n,Yt(o),Yo(o));console.log("Updating bot...");let a=await e.updateResource({...r,sourceCode:i});console.log("Success! New bot version: "+a.meta?.versionId)}async function tt(e,t,r){let o=t.dist??t.source,n=Re(o);if(!n)return;console.log("Deploying bot...");let i=await e.post(e.fhirUrl("Bot",r.id,"$deploy"),{code:n,filename:Yt(o)});console.log("Deploy result: "+i.issue?.[0]?.details?.text)}async function rt(e,t,r,o,n,i,a){let u={name:t,description:"",runtimeVersion:i},p=await e.post("admin/projects/"+r+"/bot",u),g=await e.readResource("Bot",p.id),w={name:t,id:p.id,source:o,dist:n};await et(e,w,g),await tt(e,w,g),console.log(`Success! Bot created: ${g.id}`),a&&qo(w)}function Zt(e){let t=new RegExp("^"+zo(e).replace(/\\\*/g,".*")+"$"),r=D()?.bots?.filter(o=>t.test(o.name));return r||[]}function F(e,t){if(t?.file)return t.file;let r=["medplum"];return e&&r.push(e),r.push("config"),t?.server&&r.push("server"),r.push("json"),r.join(".")}function C(e,t){zt(Qe(e),JSON.stringify(t,void 0,2),"utf-8")}function D(e,t){let r=F(e,t),o=Re(r);if(o)return JSON.parse(o)}function Qt(e){let t=Re(F(e,{server:!0}));if(t)return JSON.parse(t)}function Re(e){let t=Qe(e);return Vo(t)?qt(t,"utf8"):""}function qo(e){let t=D()??{};t.bots||(t.bots=[]),t.bots.push(e),zt("medplum.config.json",JSON.stringify(t,null,2),"utf8"),console.log(`Bot added to config: ${e.id}`)}function zo(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function er(e){let o=0,n=0;return Xo({cwd:e,filter:(i,a)=>{if(o++,o>100)throw new Error("Tar extractor reached max number of files");if(n+=a.size,n>10485760)throw new Error("Tar extractor reached max size");return!0}})}function ot(){return{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}}function Yo(e){let t=Jo(e).toLowerCase();return[".cjs",".mjs",".js"].includes(t)?Ze.JAVASCRIPT:[".cts",".mts",".ts"].includes(t)?Ze.TYPESCRIPT:Ze.TEXT}function Ie(e,t){let r=new x(e),o={name:e,...t};return r.setObject("options",o),o}function tr(e){return new x(e).getObject("options")}async function rr(e,t){let r={typ:"JWT",alg:"HS256"},o=Math.floor(Date.now()/1e3),n={aud:`${t.baseUrl}${t.audience}`,iss:t.issuer,sub:t.subject,nbf:o,iat:o,exp:o+604800},i=Xt(JSON.stringify(r)),a=Xt(JSON.stringify(n)),u=`${i}.${a}`,p=Wo("sha256",t.clientSecret).update(u).digest("base64url"),g=`${u}.${p}`;await e.startJwtBearerLogin(t.clientId,g,t.scope??"")}async function or(e,t){let r=Ho(qt(Qe(t.privateKeyPath))),o=await new ie({}).setProtectedHeader({alg:"RS384",typ:"JWT"}).setIssuer(t.clientId).setSubject(t.clientId).setAudience(`${t.baseUrl}${t.audience}`).setJti(Go(16).toString("hex")).setIssuedAt().setExpirationTime("5m").sign(r);await e.startJwtAssertionLogin(o)}var nr=Qo,ir="http://localhost:9615",nt=h("login"),it=h("whoami"),st=h("token");nt.action(async e=>{let t=e.profile??"default",r=Ie(t,e),o=await S(e,!1);await nn(o,r)});it.action(async e=>{let t=await S(e);cn(t)});st.action(async e=>{let t=await S(e);await t.getProfileAsync();let r=t.getAccessToken();if(!r)throw new Error("Not logged in");console.log("Access token:"),console.log(),console.log(r)});async function nn(e,t){switch(t?.authType??"authorization-code"){case"authorization-code":await ln(e);break;case"basic":e.setBasicAuth(t.clientId,t.clientSecret);break;case"client-credentials":e.setBasicAuth(t.clientId,t.clientSecret),await e.startClientLogin(t.clientId,t.clientSecret);break;case"jwt-bearer":await rr(e,t);break;case"jwt-assertion":await or(e,t);break}}async function sn(e){let t=rn(async(r,o)=>{let n=new URL(r.url,"http://localhost:9615"),i=n.searchParams.get("code");if(r.method==="OPTIONS"){o.writeHead(200,{Allow:"GET, POST","Content-Type":Ae.TEXT}),o.end("OK");return}if(n.pathname==="/"&&i)try{let a=await e.processCode(i,{clientId:nr,redirectUri:ir});o.writeHead(200,{"Content-Type":Ae.TEXT}),o.end(`Signed in as ${Zo(a)}. You may close this window.`)}catch(a){o.writeHead(400,{"Content-Type":Ae.TEXT}),o.end(`Error: ${en(a)}`)}finally{t.close()}else o.writeHead(404,{"Content-Type":Ae.TEXT}),o.end("Not found")}).listen(9615)}async function an(e){let t=on(),r;switch(t){case"openbsd":case"linux":r=`xdg-open '${e}'`;break;case"darwin":r=`open '${e}'`;break;case"win32":r=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}tn(r,(o,n,i)=>{if(o)throw o;if(i)throw new Error("Could not open browser: "+i)})}function cn(e){let t=e.getActiveLogin();t?(console.log(`Server: ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}async function ln(e){await sn(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",nr),t.searchParams.set("redirect_uri",ir),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await an(t.toString())}import{Command as is}from"commander";var mr=bt(ft());import{CloudFormationClient as dr,DescribeStackResourcesCommand as Xn,DescribeStacksCommand as qn,paginateListStacks as zn}from"@aws-sdk/client-cloudformation";import{CloudFrontClient as Yn,CreateInvalidationCommand as Zn}from"@aws-sdk/client-cloudfront";import{ECSClient as Qn}from"@aws-sdk/client-ecs";import{S3Client as ei}from"@aws-sdk/client-s3";import{GetParameterCommand as ti,PutParameterCommand as ri,SSMClient as oi}from"@aws-sdk/client-ssm";import{GetCallerIdentityCommand as ni,STSClient as ii}from"@aws-sdk/client-sts";import{normalizeErrorString as si}from"@medplum/core";import ai from"node-fetch";import{readdirSync as ci}from"node:fs";import Jn from"node:readline";var be;function Oe(){be=Jn.createInterface({input:process.stdin,output:process.stdout})}function Ne(){be.close()}function c(e){be.write(e+`
2
+ var po=Object.create;var We=Object.defineProperty;var mo=Object.getOwnPropertyDescriptor;var fo=Object.getOwnPropertyNames;var ho=Object.getPrototypeOf,go=Object.prototype.hasOwnProperty;var yo=(e,t,r)=>t in e?We(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var Ot=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var Eo=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var So=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of fo(t))!go.call(e,n)&&n!==r&&We(e,n,{get:()=>t[n],enumerable:!(o=mo(t,n))||o.enumerable});return e};var Nt=(e,t,r)=>(r=e!=null?po(ho(e)):{},So(t||!e||!e.__esModule?We(r,"default",{value:e,enumerable:!0}):r,e));var T=(e,t,r)=>yo(e,typeof t!="symbol"?t+"":t,r);var gt=Eo((d,Er)=>{"use strict";d=Er.exports=m;var E;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?E=function(){var e=Array.prototype.slice.call(arguments,0);e.unshift("SEMVER"),console.log.apply(console,e)}:E=function(){};d.SEMVER_SPEC_VERSION="2.0.0";var ce=256,Te=Number.MAX_SAFE_INTEGER||9007199254740991,lt=16,yn=ce-6,Q=d.re=[],y=d.safeRe=[],l=d.src=[],a=d.tokens={},gr=0;function f(e){a[e]=gr++}var pt="[a-zA-Z0-9-]",ut=[["\\s",1],["\\d",ce],[pt,yn]];function ue(e){for(var t=0;t<ut.length;t++){var r=ut[t][0],o=ut[t][1];e=e.split(r+"*").join(r+"{0,"+o+"}").split(r+"+").join(r+"{1,"+o+"}")}return e}f("NUMERICIDENTIFIER");l[a.NUMERICIDENTIFIER]="0|[1-9]\\d*";f("NUMERICIDENTIFIERLOOSE");l[a.NUMERICIDENTIFIERLOOSE]="\\d+";f("NONNUMERICIDENTIFIER");l[a.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+pt+"*";f("MAINVERSION");l[a.MAINVERSION]="("+l[a.NUMERICIDENTIFIER]+")\\.("+l[a.NUMERICIDENTIFIER]+")\\.("+l[a.NUMERICIDENTIFIER]+")";f("MAINVERSIONLOOSE");l[a.MAINVERSIONLOOSE]="("+l[a.NUMERICIDENTIFIERLOOSE]+")\\.("+l[a.NUMERICIDENTIFIERLOOSE]+")\\.("+l[a.NUMERICIDENTIFIERLOOSE]+")";f("PRERELEASEIDENTIFIER");l[a.PRERELEASEIDENTIFIER]="(?:"+l[a.NUMERICIDENTIFIER]+"|"+l[a.NONNUMERICIDENTIFIER]+")";f("PRERELEASEIDENTIFIERLOOSE");l[a.PRERELEASEIDENTIFIERLOOSE]="(?:"+l[a.NUMERICIDENTIFIERLOOSE]+"|"+l[a.NONNUMERICIDENTIFIER]+")";f("PRERELEASE");l[a.PRERELEASE]="(?:-("+l[a.PRERELEASEIDENTIFIER]+"(?:\\."+l[a.PRERELEASEIDENTIFIER]+")*))";f("PRERELEASELOOSE");l[a.PRERELEASELOOSE]="(?:-?("+l[a.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+l[a.PRERELEASEIDENTIFIERLOOSE]+")*))";f("BUILDIDENTIFIER");l[a.BUILDIDENTIFIER]=pt+"+";f("BUILD");l[a.BUILD]="(?:\\+("+l[a.BUILDIDENTIFIER]+"(?:\\."+l[a.BUILDIDENTIFIER]+")*))";f("FULL");f("FULLPLAIN");l[a.FULLPLAIN]="v?"+l[a.MAINVERSION]+l[a.PRERELEASE]+"?"+l[a.BUILD]+"?";l[a.FULL]="^"+l[a.FULLPLAIN]+"$";f("LOOSEPLAIN");l[a.LOOSEPLAIN]="[v=\\s]*"+l[a.MAINVERSIONLOOSE]+l[a.PRERELEASELOOSE]+"?"+l[a.BUILD]+"?";f("LOOSE");l[a.LOOSE]="^"+l[a.LOOSEPLAIN]+"$";f("GTLT");l[a.GTLT]="((?:<|>)?=?)";f("XRANGEIDENTIFIERLOOSE");l[a.XRANGEIDENTIFIERLOOSE]=l[a.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";f("XRANGEIDENTIFIER");l[a.XRANGEIDENTIFIER]=l[a.NUMERICIDENTIFIER]+"|x|X|\\*";f("XRANGEPLAIN");l[a.XRANGEPLAIN]="[v=\\s]*("+l[a.XRANGEIDENTIFIER]+")(?:\\.("+l[a.XRANGEIDENTIFIER]+")(?:\\.("+l[a.XRANGEIDENTIFIER]+")(?:"+l[a.PRERELEASE]+")?"+l[a.BUILD]+"?)?)?";f("XRANGEPLAINLOOSE");l[a.XRANGEPLAINLOOSE]="[v=\\s]*("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:"+l[a.PRERELEASELOOSE]+")?"+l[a.BUILD]+"?)?)?";f("XRANGE");l[a.XRANGE]="^"+l[a.GTLT]+"\\s*"+l[a.XRANGEPLAIN]+"$";f("XRANGELOOSE");l[a.XRANGELOOSE]="^"+l[a.GTLT]+"\\s*"+l[a.XRANGEPLAINLOOSE]+"$";f("COERCE");l[a.COERCE]="(^|[^\\d])(\\d{1,"+lt+"})(?:\\.(\\d{1,"+lt+"}))?(?:\\.(\\d{1,"+lt+"}))?(?:$|[^\\d])";f("COERCERTL");Q[a.COERCERTL]=new RegExp(l[a.COERCE],"g");y[a.COERCERTL]=new RegExp(ue(l[a.COERCE]),"g");f("LONETILDE");l[a.LONETILDE]="(?:~>?)";f("TILDETRIM");l[a.TILDETRIM]="(\\s*)"+l[a.LONETILDE]+"\\s+";Q[a.TILDETRIM]=new RegExp(l[a.TILDETRIM],"g");y[a.TILDETRIM]=new RegExp(ue(l[a.TILDETRIM]),"g");var En="$1~";f("TILDE");l[a.TILDE]="^"+l[a.LONETILDE]+l[a.XRANGEPLAIN]+"$";f("TILDELOOSE");l[a.TILDELOOSE]="^"+l[a.LONETILDE]+l[a.XRANGEPLAINLOOSE]+"$";f("LONECARET");l[a.LONECARET]="(?:\\^)";f("CARETTRIM");l[a.CARETTRIM]="(\\s*)"+l[a.LONECARET]+"\\s+";Q[a.CARETTRIM]=new RegExp(l[a.CARETTRIM],"g");y[a.CARETTRIM]=new RegExp(ue(l[a.CARETTRIM]),"g");var Sn="$1^";f("CARET");l[a.CARET]="^"+l[a.LONECARET]+l[a.XRANGEPLAIN]+"$";f("CARETLOOSE");l[a.CARETLOOSE]="^"+l[a.LONECARET]+l[a.XRANGEPLAINLOOSE]+"$";f("COMPARATORLOOSE");l[a.COMPARATORLOOSE]="^"+l[a.GTLT]+"\\s*("+l[a.LOOSEPLAIN]+")$|^$";f("COMPARATOR");l[a.COMPARATOR]="^"+l[a.GTLT]+"\\s*("+l[a.FULLPLAIN]+")$|^$";f("COMPARATORTRIM");l[a.COMPARATORTRIM]="(\\s*)"+l[a.GTLT]+"\\s*("+l[a.LOOSEPLAIN]+"|"+l[a.XRANGEPLAIN]+")";Q[a.COMPARATORTRIM]=new RegExp(l[a.COMPARATORTRIM],"g");y[a.COMPARATORTRIM]=new RegExp(ue(l[a.COMPARATORTRIM]),"g");var wn="$1$2$3";f("HYPHENRANGE");l[a.HYPHENRANGE]="^\\s*("+l[a.XRANGEPLAIN]+")\\s+-\\s+("+l[a.XRANGEPLAIN]+")\\s*$";f("HYPHENRANGELOOSE");l[a.HYPHENRANGELOOSE]="^\\s*("+l[a.XRANGEPLAINLOOSE]+")\\s+-\\s+("+l[a.XRANGEPLAINLOOSE]+")\\s*$";f("STAR");l[a.STAR]="(<|>)?=?\\s*\\*";for(M=0;M<gr;M++)E(M,l[M]),Q[M]||(Q[M]=new RegExp(l[M]),y[M]=new RegExp(ue(l[M])));var M;d.parse=X;function X(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m)return e;if(typeof e!="string"||e.length>ce)return null;var r=t.loose?y[a.LOOSE]:y[a.FULL];if(!r.test(e))return null;try{return new m(e,t)}catch{return null}}d.valid=In;function In(e,t){var r=X(e,t);return r?r.version:null}d.clean=Rn;function Rn(e,t){var r=X(e.trim().replace(/^[=v]+/,""),t);return r?r.version:null}d.SemVer=m;function m(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m){if(e.loose===t.loose)return e;e=e.version}else if(typeof e!="string")throw new TypeError("Invalid Version: "+e);if(e.length>ce)throw new TypeError("version is longer than "+ce+" characters");if(!(this instanceof m))return new m(e,t);E("SemVer",e,t),this.options=t,this.loose=!!t.loose;var r=e.trim().match(t.loose?y[a.LOOSE]:y[a.FULL]);if(!r)throw new TypeError("Invalid Version: "+e);if(this.raw=e,this.major=+r[1],this.minor=+r[2],this.patch=+r[3],this.major>Te||this.major<0)throw new TypeError("Invalid major version");if(this.minor>Te||this.minor<0)throw new TypeError("Invalid minor version");if(this.patch>Te||this.patch<0)throw new TypeError("Invalid patch version");r[4]?this.prerelease=r[4].split(".").map(function(o){if(/^[0-9]+$/.test(o)){var n=+o;if(n>=0&&n<Te)return n}return o}):this.prerelease=[],this.build=r[5]?r[5].split("."):[],this.format()}m.prototype.format=function(){return this.version=this.major+"."+this.minor+"."+this.patch,this.prerelease.length&&(this.version+="-"+this.prerelease.join(".")),this.version};m.prototype.toString=function(){return this.version};m.prototype.compare=function(e){return E("SemVer.compare",this.version,this.options,e),e instanceof m||(e=new m(e,this.options)),this.compareMain(e)||this.comparePre(e)};m.prototype.compareMain=function(e){return e instanceof m||(e=new m(e,this.options)),V(this.major,e.major)||V(this.minor,e.minor)||V(this.patch,e.patch)};m.prototype.comparePre=function(e){if(e instanceof m||(e=new m(e,this.options)),this.prerelease.length&&!e.prerelease.length)return-1;if(!this.prerelease.length&&e.prerelease.length)return 1;if(!this.prerelease.length&&!e.prerelease.length)return 0;var t=0;do{var r=this.prerelease[t],o=e.prerelease[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return V(r,o)}while(++t)};m.prototype.compareBuild=function(e){e instanceof m||(e=new m(e,this.options));var t=0;do{var r=this.build[t],o=e.build[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return V(r,o)}while(++t)};m.prototype.inc=function(e,t){switch(e){case"premajor":this.prerelease.length=0,this.patch=0,this.minor=0,this.major++,this.inc("pre",t);break;case"preminor":this.prerelease.length=0,this.patch=0,this.minor++,this.inc("pre",t);break;case"prepatch":this.prerelease.length=0,this.inc("patch",t),this.inc("pre",t);break;case"prerelease":this.prerelease.length===0&&this.inc("patch",t),this.inc("pre",t);break;case"major":(this.minor!==0||this.patch!==0||this.prerelease.length===0)&&this.major++,this.minor=0,this.patch=0,this.prerelease=[];break;case"minor":(this.patch!==0||this.prerelease.length===0)&&this.minor++,this.patch=0,this.prerelease=[];break;case"patch":this.prerelease.length===0&&this.patch++,this.prerelease=[];break;case"pre":if(this.prerelease.length===0)this.prerelease=[0];else{for(var r=this.prerelease.length;--r>=0;)typeof this.prerelease[r]=="number"&&(this.prerelease[r]++,r=-2);r===-1&&this.prerelease.push(0)}t&&(this.prerelease[0]===t?isNaN(this.prerelease[1])&&(this.prerelease=[t,0]):this.prerelease=[t,0]);break;default:throw new Error("invalid increment argument: "+e)}return this.format(),this.raw=this.version,this};d.inc=An;function An(e,t,r,o){typeof r=="string"&&(o=r,r=void 0);try{return new m(e,r).inc(t,o).version}catch{return null}}d.diff=Cn;function Cn(e,t){if(dt(e,t))return null;var r=X(e),o=X(t),n="";if(r.prerelease.length||o.prerelease.length){n="pre";var i="prerelease"}for(var s in r)if((s==="major"||s==="minor"||s==="patch")&&r[s]!==o[s])return n+s;return i}d.compareIdentifiers=V;var fr=/^[0-9]+$/;function V(e,t){var r=fr.test(e),o=fr.test(t);return r&&o&&(e=+e,t=+t),e===t?0:r&&!o?-1:o&&!r?1:e<t?-1:1}d.rcompareIdentifiers=vn;function vn(e,t){return V(t,e)}d.major=Tn;function Tn(e,t){return new m(e,t).major}d.minor=bn;function bn(e,t){return new m(e,t).minor}d.patch=Pn;function Pn(e,t){return new m(e,t).patch}d.compare=F;function F(e,t,r){return new m(e,r).compare(new m(t,r))}d.compareLoose=On;function On(e,t){return F(e,t,!0)}d.compareBuild=Nn;function Nn(e,t,r){var o=new m(e,r),n=new m(t,r);return o.compare(n)||o.compareBuild(n)}d.rcompare=Ln;function Ln(e,t,r){return F(t,e,r)}d.sort=xn;function xn(e,t){return e.sort(function(r,o){return d.compareBuild(r,o,t)})}d.rsort=Dn;function Dn(e,t){return e.sort(function(r,o){return d.compareBuild(o,r,t)})}d.gt=le;function le(e,t,r){return F(e,t,r)>0}d.lt=be;function be(e,t,r){return F(e,t,r)<0}d.eq=dt;function dt(e,t,r){return F(e,t,r)===0}d.neq=yr;function yr(e,t,r){return F(e,t,r)!==0}d.gte=mt;function mt(e,t,r){return F(e,t,r)>=0}d.lte=ft;function ft(e,t,r){return F(e,t,r)<=0}d.cmp=Pe;function Pe(e,t,r,o){switch(t){case"===":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e===r;case"!==":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e!==r;case"":case"=":case"==":return dt(e,r,o);case"!=":return yr(e,r,o);case">":return le(e,r,o);case">=":return mt(e,r,o);case"<":return be(e,r,o);case"<=":return ft(e,r,o);default:throw new TypeError("Invalid operator: "+t)}}d.Comparator=L;function L(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof L){if(e.loose===!!t.loose)return e;e=e.value}if(!(this instanceof L))return new L(e,t);e=e.trim().split(/\s+/).join(" "),E("comparator",e,t),this.options=t,this.loose=!!t.loose,this.parse(e),this.semver===ee?this.value="":this.value=this.operator+this.semver.version,E("comp",this)}var ee={};L.prototype.parse=function(e){var t=this.options.loose?y[a.COMPARATORLOOSE]:y[a.COMPARATOR],r=e.match(t);if(!r)throw new TypeError("Invalid comparator: "+e);this.operator=r[1]!==void 0?r[1]:"",this.operator==="="&&(this.operator=""),r[2]?this.semver=new m(r[2],this.options.loose):this.semver=ee};L.prototype.toString=function(){return this.value};L.prototype.test=function(e){if(E("Comparator.test",e,this.options.loose),this.semver===ee||e===ee)return!0;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}return Pe(e,this.operator,this.semver,this.options)};L.prototype.intersects=function(e,t){if(!(e instanceof L))throw new TypeError("a Comparator is required");(!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1});var r;if(this.operator==="")return this.value===""?!0:(r=new R(e.value,t),Oe(this.value,r,t));if(e.operator==="")return e.value===""?!0:(r=new R(this.value,t),Oe(e.semver,r,t));var o=(this.operator===">="||this.operator===">")&&(e.operator===">="||e.operator===">"),n=(this.operator==="<="||this.operator==="<")&&(e.operator==="<="||e.operator==="<"),i=this.semver.version===e.semver.version,s=(this.operator===">="||this.operator==="<=")&&(e.operator===">="||e.operator==="<="),u=Pe(this.semver,"<",e.semver,t)&&(this.operator===">="||this.operator===">")&&(e.operator==="<="||e.operator==="<"),p=Pe(this.semver,">",e.semver,t)&&(this.operator==="<="||this.operator==="<")&&(e.operator===">="||e.operator===">");return o||n||i&&s||u||p};d.Range=R;function R(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof R)return e.loose===!!t.loose&&e.includePrerelease===!!t.includePrerelease?e:new R(e.raw,t);if(e instanceof L)return new R(e.value,t);if(!(this instanceof R))return new R(e,t);if(this.options=t,this.loose=!!t.loose,this.includePrerelease=!!t.includePrerelease,this.raw=e.trim().split(/\s+/).join(" "),this.set=this.raw.split("||").map(function(r){return this.parseRange(r.trim())},this).filter(function(r){return r.length}),!this.set.length)throw new TypeError("Invalid SemVer Range: "+this.raw);this.format()}R.prototype.format=function(){return this.range=this.set.map(function(e){return e.join(" ").trim()}).join("||").trim(),this.range};R.prototype.toString=function(){return this.range};R.prototype.parseRange=function(e){var t=this.options.loose,r=t?y[a.HYPHENRANGELOOSE]:y[a.HYPHENRANGE];e=e.replace(r,Wn),E("hyphen replace",e),e=e.replace(y[a.COMPARATORTRIM],wn),E("comparator trim",e,y[a.COMPARATORTRIM]),e=e.replace(y[a.TILDETRIM],En),e=e.replace(y[a.CARETTRIM],Sn),e=e.split(/\s+/).join(" ");var o=t?y[a.COMPARATORLOOSE]:y[a.COMPARATOR],n=e.split(" ").map(function(i){return kn(i,this.options)},this).join(" ").split(/\s+/);return this.options.loose&&(n=n.filter(function(i){return!!i.match(o)})),n=n.map(function(i){return new L(i,this.options)},this),n};R.prototype.intersects=function(e,t){if(!(e instanceof R))throw new TypeError("a Range is required");return this.set.some(function(r){return hr(r,t)&&e.set.some(function(o){return hr(o,t)&&r.every(function(n){return o.every(function(i){return n.intersects(i,t)})})})})};function hr(e,t){for(var r=!0,o=e.slice(),n=o.pop();r&&o.length;)r=o.every(function(i){return n.intersects(i,t)}),n=o.pop();return r}d.toComparators=Mn;function Mn(e,t){return new R(e,t).set.map(function(r){return r.map(function(o){return o.value}).join(" ").trim().split(" ")})}function kn(e,t){return E("comp",e,t),e=$n(e,t),E("caret",e),e=_n(e,t),E("tildes",e),e=Fn(e,t),E("xrange",e),e=Bn(e,t),E("stars",e),e}function b(e){return!e||e.toLowerCase()==="x"||e==="*"}function _n(e,t){return e.trim().split(/\s+/).map(function(r){return Un(r,t)}).join(" ")}function Un(e,t){var r=t.loose?y[a.TILDELOOSE]:y[a.TILDE];return e.replace(r,function(o,n,i,s,u){E("tilde",e,o,n,i,s,u);var p;return b(n)?p="":b(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":b(s)?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":u?(E("replaceTilde pr",u),p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+(+i+1)+".0"):p=">="+n+"."+i+"."+s+" <"+n+"."+(+i+1)+".0",E("tilde return",p),p})}function $n(e,t){return e.trim().split(/\s+/).map(function(r){return jn(r,t)}).join(" ")}function jn(e,t){E("caret",e,t);var r=t.loose?y[a.CARETLOOSE]:y[a.CARET];return e.replace(r,function(o,n,i,s,u){E("caret",e,o,n,i,s,u);var p;return b(n)?p="":b(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":b(s)?n==="0"?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+".0 <"+(+n+1)+".0.0":u?(E("replaceCaret pr",u),n==="0"?i==="0"?p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+i+"."+(+s+1):p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+s+"-"+u+" <"+(+n+1)+".0.0"):(E("no pr"),n==="0"?i==="0"?p=">="+n+"."+i+"."+s+" <"+n+"."+i+"."+(+s+1):p=">="+n+"."+i+"."+s+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+s+" <"+(+n+1)+".0.0"),E("caret return",p),p})}function Fn(e,t){return E("replaceXRanges",e,t),e.split(/\s+/).map(function(r){return Kn(r,t)}).join(" ")}function Kn(e,t){e=e.trim();var r=t.loose?y[a.XRANGELOOSE]:y[a.XRANGE];return e.replace(r,function(o,n,i,s,u,p){E("xRange",e,o,n,i,s,u,p);var h=b(i),w=h||b(s),I=w||b(u),v=I;return n==="="&&v&&(n=""),p=t.includePrerelease?"-0":"",h?n===">"||n==="<"?o="<0.0.0-0":o="*":n&&v?(w&&(s=0),u=0,n===">"?(n=">=",w?(i=+i+1,s=0,u=0):(s=+s+1,u=0)):n==="<="&&(n="<",w?i=+i+1:s=+s+1),o=n+i+"."+s+"."+u+p):w?o=">="+i+".0.0"+p+" <"+(+i+1)+".0.0"+p:I&&(o=">="+i+"."+s+".0"+p+" <"+i+"."+(+s+1)+".0"+p),E("xRange return",o),o})}function Bn(e,t){return E("replaceStars",e,t),e.trim().replace(y[a.STAR],"")}function Wn(e,t,r,o,n,i,s,u,p,h,w,I,v){return b(r)?t="":b(o)?t=">="+r+".0.0":b(n)?t=">="+r+"."+o+".0":t=">="+t,b(p)?u="":b(h)?u="<"+(+p+1)+".0.0":b(w)?u="<"+p+"."+(+h+1)+".0":I?u="<="+p+"."+h+"."+w+"-"+I:u="<="+u,(t+" "+u).trim()}R.prototype.test=function(e){if(!e)return!1;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}for(var t=0;t<this.set.length;t++)if(Hn(this.set[t],e,this.options))return!0;return!1};function Hn(e,t,r){for(var o=0;o<e.length;o++)if(!e[o].test(t))return!1;if(t.prerelease.length&&!r.includePrerelease){for(o=0;o<e.length;o++)if(E(e[o].semver),e[o].semver!==ee&&e[o].semver.prerelease.length>0){var n=e[o].semver;if(n.major===t.major&&n.minor===t.minor&&n.patch===t.patch)return!0}return!1}return!0}d.satisfies=Oe;function Oe(e,t,r){try{t=new R(t,r)}catch{return!1}return t.test(e)}d.maxSatisfying=Gn;function Gn(e,t,r){var o=null,n=null;try{var i=new R(t,r)}catch{return null}return e.forEach(function(s){i.test(s)&&(!o||n.compare(s)===-1)&&(o=s,n=new m(o,r))}),o}d.minSatisfying=Jn;function Jn(e,t,r){var o=null,n=null;try{var i=new R(t,r)}catch{return null}return e.forEach(function(s){i.test(s)&&(!o||n.compare(s)===1)&&(o=s,n=new m(o,r))}),o}d.minVersion=Vn;function Vn(e,t){e=new R(e,t);var r=new m("0.0.0");if(e.test(r)||(r=new m("0.0.0-0"),e.test(r)))return r;r=null;for(var o=0;o<e.set.length;++o){var n=e.set[o];n.forEach(function(i){var s=new m(i.semver.version);switch(i.operator){case">":s.prerelease.length===0?s.patch++:s.prerelease.push(0),s.raw=s.format();case"":case">=":(!r||le(r,s))&&(r=s);break;case"<":case"<=":break;default:throw new Error("Unexpected operation: "+i.operator)}})}return r&&e.test(r)?r:null}d.validRange=Xn;function Xn(e,t){try{return new R(e,t).range||"*"}catch{return null}}d.ltr=qn;function qn(e,t,r){return ht(e,t,"<",r)}d.gtr=zn;function zn(e,t,r){return ht(e,t,">",r)}d.outside=ht;function ht(e,t,r,o){e=new m(e,o),t=new R(t,o);var n,i,s,u,p;switch(r){case">":n=le,i=ft,s=be,u=">",p=">=";break;case"<":n=be,i=mt,s=le,u="<",p="<=";break;default:throw new TypeError('Must provide a hilo val of "<" or ">"')}if(Oe(e,t,o))return!1;for(var h=0;h<t.set.length;++h){var w=t.set[h],I=null,v=null;if(w.forEach(function(O){O.semver===ee&&(O=new L(">=0.0.0")),I=I||O,v=v||O,n(O.semver,I.semver,o)?I=O:s(O.semver,v.semver,o)&&(v=O)}),I.operator===u||I.operator===p||(!v.operator||v.operator===u)&&i(e,v.semver))return!1;if(v.operator===p&&s(e,v.semver))return!1}return!0}d.prerelease=Yn;function Yn(e,t){var r=X(e,t);return r&&r.prerelease.length?r.prerelease:null}d.intersects=Zn;function Zn(e,t,r){return e=new R(e,r),t=new R(t,r),e.intersects(t)}d.coerce=Qn;function Qn(e,t){if(e instanceof m)return e;if(typeof e=="number"&&(e=String(e)),typeof e!="string")return null;t=t||{};var r=null;if(!t.rtl)r=e.match(y[a.COERCE]);else{for(var o;(o=y[a.COERCERTL].exec(e))&&(!r||r.index+r[0].length!==e.length);)(!r||o.index+o[0].length!==r.index+r[0].length)&&(r=o),y[a.COERCERTL].lastIndex=o.index+o[1].length+o[2].length;y[a.COERCERTL].lastIndex=-1}return r===null?null:X(r[2]+"."+(r[3]||"0")+"."+(r[4]||"0"),t)}});import{MEDPLUM_VERSION as Gs,normalizeErrorString as Pt}from"@medplum/core";import{Command as Js,CommanderError as uo}from"commander";import Vs from"dotenv";import{ContentType as ve,getDisplayString as sn,MEDPLUM_CLI_CLIENT_ID as an,normalizeErrorString as cn}from"@medplum/core";import{exec as ln}from"node:child_process";import{createServer as un}from"node:http";import{platform as pn}from"node:os";import{MedplumClient as vo}from"@medplum/core";import{ClientStorage as wo}from"@medplum/core";import{existsSync as Lt,mkdirSync as Io,readFileSync as Ro,writeFileSync as Ao}from"node:fs";import{homedir as Co}from"node:os";import{resolve as xt}from"node:path";var x=class extends wo{constructor(t){super(),this.dirName=xt(Co(),".medplum"),this.fileName=xt(this.dirName,t+".json")}clear(){this.writeFile({})}getString(t){return this.readFile()?.[t]}setString(t,r){let o=this.readFile()??{};r?o[t]=r:delete o[t],this.writeFile(o)}getObject(t){let r=this.getString(t);return r?JSON.parse(r):void 0}setObject(t,r){this.setString(t,r?JSON.stringify(r):void 0)}readFile(){if(Lt(this.fileName))return JSON.parse(Ro(this.fileName,"utf8"))}writeFile(t){Lt(this.dirName)||Io(this.dirName),Ao(this.fileName,JSON.stringify(t,null,2),"utf8")}};async function S(e,t=!0){let r=e.profile??"default",o=new x(r),n=o.getObject("options");if(r!=="default"&&!n)throw new Error(`Profile "${r}" does not exist`);let{baseUrl:i,fhirUrlPath:s,accessToken:u,tokenUrl:p,authorizeUrl:h,clientId:w,clientSecret:I}=To(e,o),v=e.fetch??fetch,O=new vo({fetch:v,baseUrl:i,tokenUrl:p,fhirUrlPath:s,authorizeUrl:h,storage:o,onUnauthenticated:bo,verbose:e.verbose});return t&&(u?O.setAccessToken(u):w&&I&&(O.setBasicAuth(w,I),n?.authType!=="basic"&&await O.startClientLogin(w,I))),O}function To(e,t){let r=t.getObject("options"),o=e.baseUrl??r?.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",n=e.fhirUrlPath??r?.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH,i=e.accessToken??r?.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN,s=e.tokenUrl??r?.tokenUrl??process.env.MEDPLUM_TOKEN_URL,u=e.authorizeUrl??r?.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL,p=e.clientId??r?.clientId??process.env.MEDPLUM_CLIENT_ID,h=e.clientSecret??r?.clientSecret??process.env.MEDPLUM_CLIENT_SECRET;return{baseUrl:o,fhirUrlPath:n,accessToken:i,tokenUrl:s,authorizeUrl:u,clientId:p,clientSecret:h}}function bo(){console.log("Unauthenticated: run `npx medplum login` to sign in")}import{Command as Po,Option as Oo}from"commander";function g(e){return new Po(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base URL, must be absolute").option("--token-url <tokenUrl>","FHIR server token URL, absolute or relative to base URL").option("--authorize-url <authorizeUrl>","FHIR server authorize URL, absolute or relative to base URL").option("--fhir-url, --fhir-url-path <fhirUrlPath>","FHIR server URL, absolute or relative to base URL").option("--scope <scope>","JWT scope").option("--access-token <accessToken>","Access token for token exchange authentication").option("--callback-url <callbackUrl>","Callback URL for authorization code flow").option("--subject <subject>","Subject for JWT authentication").option("--audience <audience>","Audience for JWT authentication").option("--issuer <issuer>","Issuer for JWT authentication").option("--private-key-path <privateKeyPath>","Private key path for JWT assertion").option("-p, --profile <profile>","Profile name").option("-v --verbose","Verbose output").addOption(new Oo("--auth-type <authType>","Type of authentication").choices(["basic","client-credentials","authorization-code","jwt-bearer","token-exchange","jwt-assertion"]))}import{ContentType as et,encodeBase64 as rr}from"@medplum/core";import{Buffer as No}from"node:buffer";var G=new TextEncoder,He=new TextDecoder,la=2**32;function Dt(...e){let t=e.reduce((n,{length:i})=>n+i,0),r=new Uint8Array(t),o=0;for(let n of e)r.set(n,o),o+=n.length;return r}var fe=e=>No.from(e).toString("base64url");var z=class extends Error{constructor(r){super(r);T(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}};var N=class extends z{constructor(){super(...arguments);T(this,"code","ERR_JOSE_NOT_SUPPORTED")}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}};var K=class extends z{constructor(){super(...arguments);T(this,"code","ERR_JWS_INVALID")}static get code(){return"ERR_JWS_INVALID"}},he=class extends z{constructor(){super(...arguments);T(this,"code","ERR_JWT_INVALID")}static get code(){return"ERR_JWT_INVALID"}};var kt,_t,Mt=class extends(_t=z,kt=Symbol.asyncIterator,_t){constructor(){super(...arguments);T(this,kt);T(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");T(this,"message","multiple matching keys found in the JSON Web Key Set")}static get code(){return"ERR_JWKS_MULTIPLE_MATCHING_KEYS"}};import*as Ut from"node:util";var ge=e=>Ut.types.isKeyObject(e);import*as $t from"node:crypto";import*as jt from"node:util";var xo=$t.webcrypto,Ft=xo,Y=e=>jt.types.isCryptoKey(e);function _(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function ye(e,t){return e.name===t}function Ge(e){return parseInt(e.name.slice(4),10)}function Do(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Mo(e,t){if(t.length&&!t.some(r=>e.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(t.length>2){let o=t.pop();r+=`one of ${t.join(", ")}, or ${o}.`}else t.length===2?r+=`one of ${t[0]} or ${t[1]}.`:r+=`${t[0]}.`;throw new TypeError(r)}}function Kt(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!ye(e.algorithm,"HMAC"))throw _("HMAC");let o=parseInt(t.slice(2),10);if(Ge(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!ye(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");let o=parseInt(t.slice(2),10);if(Ge(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!ye(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");let o=parseInt(t.slice(2),10);if(Ge(e.algorithm.hash)!==o)throw _(`SHA-${o}`,"algorithm.hash");break}case"EdDSA":{if(e.algorithm.name!=="Ed25519"&&e.algorithm.name!=="Ed448")throw _("Ed25519 or Ed448");break}case"ES256":case"ES384":case"ES512":{if(!ye(e.algorithm,"ECDSA"))throw _("ECDSA");let o=Do(t);if(e.algorithm.namedCurve!==o)throw _(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Mo(e,r)}function Bt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let o=r.pop();e+=`one of type ${r.join(", ")}, or ${o}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var ie=(e,...t)=>Bt("Key must be ",e,...t);function Je(e,t,...r){return Bt(`Key for the ${e} algorithm must be `,t,...r)}var Ve=e=>ge(e)||Y(e),U=["KeyObject"];(globalThis.CryptoKey||Ft?.CryptoKey)&&U.push("CryptoKey");var ko=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let o of t){let n=Object.keys(o);if(!r||r.size===0){r=new Set(n);continue}for(let i of n){if(r.has(i))return!1;r.add(i)}}return!0},Wt=ko;function _o(e){return typeof e=="object"&&e!==null}function se(e){if(!_o(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}import{KeyObject as Uo}from"node:crypto";function B(e){return se(e)&&typeof e.kty=="string"}function Ht(e){return e.kty!=="oct"&&typeof e.d=="string"}function Gt(e){return e.kty!=="oct"&&typeof e.d>"u"}function Jt(e){return B(e)&&e.kty==="oct"&&typeof e.k=="string"}var $o=e=>{switch(e){case"prime256v1":return"P-256";case"secp384r1":return"P-384";case"secp521r1":return"P-521";case"secp256k1":return"secp256k1";default:throw new N("Unsupported key curve for this operation")}},jo=(e,t)=>{let r;if(Y(e))r=Uo.from(e);else if(ge(e))r=e;else{if(B(e))return e.crv;throw new TypeError(ie(e,...U))}if(r.type==="secret")throw new TypeError('only "private" or "public" type keys can be used for this operation');switch(r.asymmetricKeyType){case"ed25519":case"ed448":return`Ed${r.asymmetricKeyType.slice(2)}`;case"x25519":case"x448":return`X${r.asymmetricKeyType.slice(1)}`;case"ec":{let o=r.asymmetricKeyDetails.namedCurve;return t?o:$o(o)}default:throw new TypeError("Invalid asymmetric key type for this operation")}},Xt=jo;import{KeyObject as Fo}from"node:crypto";var Xe=(e,t)=>{let r;try{e instanceof Fo?r=e.asymmetricKeyDetails?.modulusLength:r=Buffer.from(e.n,"base64url").byteLength<<3}catch{}if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)};var Z=e=>e?.[Symbol.toStringTag],qe=(e,t,r)=>{if(t.use!==void 0&&t.use!=="sig")throw new TypeError("Invalid key for this operation, when present its use must be sig");if(t.key_ops!==void 0&&t.key_ops.includes?.(r)!==!0)throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);return!0},Ko=(e,t,r,o)=>{if(!(t instanceof Uint8Array)){if(o&&B(t)){if(Jt(t)&&qe(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Ve(t))throw new TypeError(Je(e,t,...U,"Uint8Array",o?"JSON Web Key":null));if(t.type!=="secret")throw new TypeError(`${Z(t)} instances for symmetric algorithms must be of type "secret"`)}},Bo=(e,t,r,o)=>{if(o&&B(t))switch(r){case"sign":if(Ht(t)&&qe(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"verify":if(Gt(t)&&qe(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!Ve(t))throw new TypeError(Je(e,t,...U,o?"JSON Web Key":null));if(t.type==="secret")throw new TypeError(`${Z(t)} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&t.type==="public")throw new TypeError(`${Z(t)} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&t.type==="public")throw new TypeError(`${Z(t)} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&r==="verify"&&t.type==="private")throw new TypeError(`${Z(t)} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&r==="encrypt"&&t.type==="private")throw new TypeError(`${Z(t)} instances for asymmetric algorithm encryption must be of type "public"`)};function qt(e,t,r,o){t.startsWith("HS")||t==="dir"||t.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(t)?Ko(t,r,o,e):Bo(t,r,o,e)}var _a=qt.bind(void 0,!1),zt=qt.bind(void 0,!0);function Wo(e,t,r,o,n){if(n.crit!==void 0&&o?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!o||o.crit===void 0)return new Set;if(!Array.isArray(o.crit)||o.crit.length===0||o.crit.some(s=>typeof s!="string"||s.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let i;r!==void 0?i=new Map([...Object.entries(r),...t.entries()]):i=t;for(let s of o.crit){if(!i.has(s))throw new N(`Extension Header Parameter "${s}" is not recognized`);if(n[s]===void 0)throw new e(`Extension Header Parameter "${s}" is missing`);if(i.get(s)&&o[s]===void 0)throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`)}return new Set(o.crit)}var Yt=Wo;function ze(e){switch(e){case"PS256":case"RS256":case"ES256":case"ES256K":return"sha256";case"PS384":case"RS384":case"ES384":return"sha384";case"PS512":case"RS512":case"ES512":return"sha512";case"EdDSA":return;default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}import{constants as Zt,KeyObject as Ho}from"node:crypto";var Go=new Map([["ES256","P-256"],["ES256K","secp256k1"],["ES384","P-384"],["ES512","P-521"]]);function Ye(e,t){let r,o,n;if(t instanceof Ho)r=t.asymmetricKeyType,o=t.asymmetricKeyDetails;else switch(n=!0,t.kty){case"RSA":r="rsa";break;case"EC":r="ec";break;case"OKP":{if(t.crv==="Ed25519"){r="ed25519";break}if(t.crv==="Ed448"){r="ed448";break}throw new TypeError("Invalid key for this operation, its crv must be Ed25519 or Ed448")}default:throw new TypeError("Invalid key for this operation, its kty must be RSA, OKP, or EC")}let i;switch(e){case"EdDSA":if(!["ed25519","ed448"].includes(r))throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448");break;case"RS256":case"RS384":case"RS512":if(r!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa");Xe(t,e);break;case"PS256":case"PS384":case"PS512":if(r==="rsa-pss"){let{hashAlgorithm:s,mgf1HashAlgorithm:u,saltLength:p}=o,h=parseInt(e.slice(-3),10);if(s!==void 0&&(s!==`sha${h}`||u!==s))throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${e}`);if(p!==void 0&&p>h>>3)throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${e}`)}else if(r!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss");Xe(t,e),i={padding:Zt.RSA_PKCS1_PSS_PADDING,saltLength:Zt.RSA_PSS_SALTLEN_DIGEST};break;case"ES256":case"ES256K":case"ES384":case"ES512":{if(r!=="ec")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ec");let s=Xt(t),u=Go.get(e);if(s!==u)throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${u}, got ${s}`);i={dsaEncoding:"ieee-p1363"};break}default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}return n?{format:"jwk",key:t,...i}:i?{...i,key:t}:t}import*as Ee from"node:crypto";import{promisify as Jo}from"node:util";function Ze(e){switch(e){case"HS256":return"sha256";case"HS384":return"sha384";case"HS512":return"sha512";default:throw new N(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}import{KeyObject as Qt,createSecretKey as er}from"node:crypto";function Qe(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(ie(t,...U));return er(t)}if(t instanceof Qt)return t;if(Y(t))return Kt(t,e,r),Qt.from(t);if(B(t))return e.startsWith("HS")?er(Buffer.from(t.k,"base64url")):t;throw new TypeError(ie(t,...U,"Uint8Array","JSON Web Key"))}var Vo=Jo(Ee.sign),Xo=async(e,t,r)=>{let o=Qe(e,t,"sign");if(e.startsWith("HS")){let n=Ee.createHmac(Ze(e),o);return n.update(r),n.digest()}return Vo(ze(e),r,Ye(e,o))},tr=Xo;var W=e=>Math.floor(e.getTime()/1e3);var qo=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Se=e=>{let t=qo.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),o=t[3].toLowerCase(),n;switch(o){case"sec":case"secs":case"second":case"seconds":case"s":n=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":n=Math.round(r*60);break;case"hour":case"hours":case"hr":case"hrs":case"h":n=Math.round(r*3600);break;case"day":case"days":case"d":n=Math.round(r*86400);break;case"week":case"weeks":case"w":n=Math.round(r*604800);break;default:n=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-n:n};var we=class{constructor(t){T(this,"_payload");T(this,"_protectedHeader");T(this,"_unprotectedHeader");if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=t}setProtectedHeader(t){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=t,this}setUnprotectedHeader(t){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=t,this}async sign(t,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new K("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Wt(this._protectedHeader,this._unprotectedHeader))throw new K("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let o={...this._protectedHeader,...this._unprotectedHeader},n=Yt(K,new Map([["b64",!0]]),r?.crit,this._protectedHeader,o),i=!0;if(n.has("b64")&&(i=this._protectedHeader.b64,typeof i!="boolean"))throw new K('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:s}=o;if(typeof s!="string"||!s)throw new K('JWS "alg" (Algorithm) Header Parameter missing or invalid');zt(s,t,"sign");let u=this._payload;i&&(u=G.encode(fe(u)));let p;this._protectedHeader?p=G.encode(fe(JSON.stringify(this._protectedHeader))):p=G.encode("");let h=Dt(p,G.encode("."),u),w=await tr(s,t,h),I={signature:fe(w),payload:""};return i&&(I.payload=He.decode(u)),this._unprotectedHeader&&(I.header=this._unprotectedHeader),this._protectedHeader&&(I.protected=He.decode(p)),I}};var Ie=class{constructor(t){T(this,"_flattened");this._flattened=new we(t)}setProtectedHeader(t){return this._flattened.setProtectedHeader(t),this}async sign(t,r){let o=await this._flattened.sign(t,r);if(o.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${o.protected}.${o.payload}.${o.signature}`}};function J(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var Re=class{constructor(t={}){T(this,"_payload");if(!se(t))throw new TypeError("JWT Claims Set MUST be an object");this._payload=t}setIssuer(t){return this._payload={...this._payload,iss:t},this}setSubject(t){return this._payload={...this._payload,sub:t},this}setAudience(t){return this._payload={...this._payload,aud:t},this}setJti(t){return this._payload={...this._payload,jti:t},this}setNotBefore(t){return typeof t=="number"?this._payload={...this._payload,nbf:J("setNotBefore",t)}:t instanceof Date?this._payload={...this._payload,nbf:J("setNotBefore",W(t))}:this._payload={...this._payload,nbf:W(new Date)+Se(t)},this}setExpirationTime(t){return typeof t=="number"?this._payload={...this._payload,exp:J("setExpirationTime",t)}:t instanceof Date?this._payload={...this._payload,exp:J("setExpirationTime",W(t))}:this._payload={...this._payload,exp:W(new Date)+Se(t)},this}setIssuedAt(t){return typeof t>"u"?this._payload={...this._payload,iat:W(new Date)}:t instanceof Date?this._payload={...this._payload,iat:J("setIssuedAt",W(t))}:typeof t=="string"?this._payload={...this._payload,iat:J("setIssuedAt",W(new Date)+Se(t))}:this._payload={...this._payload,iat:J("setIssuedAt",t)},this}};var ae=class extends Re{constructor(){super(...arguments);T(this,"_protectedHeader")}setProtectedHeader(r){return this._protectedHeader=r,this}async sign(r,o){let n=new Ie(G.encode(JSON.stringify(this._payload)));if(n.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new he("JWTs MUST NOT use unencoded payload");return n.sign(r,o)}};import{createHmac as zo,createPrivateKey as Yo,randomBytes as Zo}from"node:crypto";import{existsSync as Qo,readFileSync as or,writeFileSync as nr}from"node:fs";import{basename as ir,extname as en,resolve as tt}from"node:path";import{extract as tn}from"tar";function $(e){console.log(JSON.stringify(e,null,2))}async function rt(e,t,r){let o=t.source,n=Ae(o);if(!n)return;console.log("Saving source code...");let i=await e.createAttachment(n,ir(o),nn(o));console.log("Updating bot...");let s=await e.updateResource({...r,sourceCode:i});console.log("Success! New bot version: "+s.meta?.versionId)}async function ot(e,t,r){let o=t.dist??t.source,n=Ae(o);if(!n)return;console.log("Deploying bot...");let i=await e.post(e.fhirUrl("Bot",r.id,"$deploy"),{code:n,filename:ir(o)});console.log("Deploy result: "+i.issue?.[0]?.details?.text)}async function nt(e,t,r,o,n,i,s){let u={name:t,description:"",runtimeVersion:i},p=await e.post("admin/projects/"+r+"/bot",u),h=await e.readResource("Bot",p.id),w={name:t,id:p.id,source:o,dist:n};await rt(e,w,h),await ot(e,w,h),console.log(`Success! Bot created: ${h.id}`),s&&rn(w)}function sr(e){let t=new RegExp("^"+on(e).replace(/\\\*/g,".*")+"$"),r=D()?.bots?.filter(o=>t.test(o.name));return r||[]}function j(e,t){if(t?.file)return t.file;let r=["medplum"];return e&&r.push(e),r.push("config"),t?.server&&r.push("server"),r.push("json"),r.join(".")}function C(e,t){nr(tt(e),JSON.stringify(t,void 0,2),"utf-8")}function D(e,t){let r=j(e,t),o=Ae(r);if(o)return JSON.parse(o)}function ar(e){let t=Ae(j(e,{server:!0}));if(t)return JSON.parse(t)}function Ae(e){let t=tt(e);return Qo(t)?or(t,"utf8"):""}function rn(e){let t=D()??{};t.bots||(t.bots=[]),t.bots.push(e),nr("medplum.config.json",JSON.stringify(t,null,2),"utf8"),console.log(`Bot added to config: ${e.id}`)}function on(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function cr(e){let o=0,n=0;return tn({cwd:e,filter:(i,s)=>{if(o++,o>100)throw new Error("Tar extractor reached max number of files");if(n+=s.size,n>10485760)throw new Error("Tar extractor reached max size");return!0}})}function it(){return{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}}function nn(e){let t=en(e).toLowerCase();return[".cjs",".mjs",".js"].includes(t)?et.JAVASCRIPT:[".cts",".mts",".ts"].includes(t)?et.TYPESCRIPT:et.TEXT}function Ce(e,t){let r=new x(e),o={name:e,...t};return r.setObject("options",o),o}function lr(e){return new x(e).getObject("options")}async function ur(e,t){let r={typ:"JWT",alg:"HS256"},o=Math.floor(Date.now()/1e3),n={aud:`${t.baseUrl}${t.audience}`,iss:t.issuer,sub:t.subject,nbf:o,iat:o,exp:o+604800},i=rr(JSON.stringify(r)),s=rr(JSON.stringify(n)),u=`${i}.${s}`,p=zo("sha256",t.clientSecret).update(u).digest("base64url"),h=`${u}.${p}`;await e.startJwtBearerLogin(t.clientId,h,t.scope??"")}async function pr(e,t){let r=Yo(or(tt(t.privateKeyPath))),o=await new ae({}).setProtectedHeader({alg:"RS384",typ:"JWT"}).setIssuer(t.clientId).setSubject(t.clientId).setAudience(`${t.baseUrl}${t.audience}`).setJti(Zo(16).toString("hex")).setIssuedAt().setExpirationTime("5m").sign(r);await e.startJwtAssertionLogin(o)}var dr=an,mr="http://localhost:9615",st=g("login"),at=g("whoami"),ct=g("token");st.action(async e=>{let t=e.profile??"default",r=Ce(t,e),o=await S(e,!1);await dn(o,r)});at.action(async e=>{let t=await S(e);hn(t)});ct.action(async e=>{let t=await S(e);await t.getProfileAsync();let r=t.getAccessToken();if(!r)throw new Error("Not logged in");console.log("Access token:"),console.log(),console.log(r)});async function dn(e,t){switch(t?.authType??"authorization-code"){case"authorization-code":await gn(e);break;case"basic":e.setBasicAuth(t.clientId,t.clientSecret);break;case"client-credentials":e.setBasicAuth(t.clientId,t.clientSecret),await e.startClientLogin(t.clientId,t.clientSecret);break;case"jwt-bearer":await ur(e,t);break;case"jwt-assertion":await pr(e,t);break}}async function mn(e){let t=un(async(r,o)=>{let n=new URL(r.url,"http://localhost:9615"),i=n.searchParams.get("code");if(r.method==="OPTIONS"){o.writeHead(200,{Allow:"GET, POST","Content-Type":ve.TEXT}),o.end("OK");return}if(n.pathname==="/"&&i)try{let s=await e.processCode(i,{clientId:dr,redirectUri:mr});o.writeHead(200,{"Content-Type":ve.TEXT}),o.end(`Signed in as ${sn(s)}. You may close this window.`)}catch(s){o.writeHead(400,{"Content-Type":ve.TEXT}),o.end(`Error: ${cn(s)}`)}finally{t.close()}else o.writeHead(404,{"Content-Type":ve.TEXT}),o.end("Not found")}).listen(9615)}async function fn(e){let t=pn(),r;switch(t){case"openbsd":case"linux":r=`xdg-open '${e}'`;break;case"darwin":r=`open '${e}'`;break;case"win32":r=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}ln(r,(o,n,i)=>{if(o)throw o;if(i)throw new Error("Could not open browser: "+i)})}function hn(e){let t=e.getActiveLogin();t?(console.log(`Server: ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}async function gn(e){await mn(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",dr),t.searchParams.set("redirect_uri",mr),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await fn(t.toString())}import{Command as ds}from"commander";var Ir=Nt(gt());import{CloudFormationClient as wr,DescribeStackResourcesCommand as ti,DescribeStacksCommand as ri,paginateListStacks as oi}from"@aws-sdk/client-cloudformation";import{CloudFrontClient as ni,CreateInvalidationCommand as ii}from"@aws-sdk/client-cloudfront";import{ECSClient as si}from"@aws-sdk/client-ecs";import{S3Client as ai}from"@aws-sdk/client-s3";import{GetParameterCommand as ci,PutParameterCommand as li,SSMClient as ui}from"@aws-sdk/client-ssm";import{GetCallerIdentityCommand as pi,STSClient as di}from"@aws-sdk/client-sts";import{normalizeErrorString as mi}from"@medplum/core";import fi from"node-fetch";import{readdirSync as hi}from"node:fs";import ei from"node:readline";var Ne;function Le(){Ne=ei.createInterface({input:process.stdin,output:process.stdout})}function xe(){Ne.close()}function c(e){Ne.write(e+`
3
3
  `)}function A(e){c(`
4
4
  `+e+`
5
- `)}function b(e,t=""){return new Promise(r=>{be.question(e+(t?" ("+t+")":"")+" ",o=>{r(o||t.toString())})})}async function Le(e,t,r=""){let o=e+" ["+t.map(n=>n===r?"("+n+")":n).join("|")+"]";for(;;){let n=await b(o)||r;if(t.includes(n))return n;c("Please choose one of the following options: "+t.join(", "))}}async function ee(e,t,r){return parseInt(await Le(e,t.map(o=>o.toString()),r.toString()),10)}async function X(e){return(await Le(e,["y","n"])).toLowerCase()==="y"}async function le(e){if(!await X(e))throw c("Exiting..."),new Error("User cancelled")}var xe=new dr({}),li=new Yn({region:"us-east-1"}),il=new Qn({}),ue=new ei({}),ui="medplum:environment";async function ht(){let e=[],t=zn({client:xe},{StackStatusFilter:["CREATE_COMPLETE","CREATE_FAILED","CREATE_IN_PROGRESS","DELETE_FAILED","DELETE_IN_PROGRESS","IMPORT_COMPLETE","IMPORT_IN_PROGRESS","IMPORT_ROLLBACK_COMPLETE","IMPORT_ROLLBACK_FAILED","IMPORT_ROLLBACK_IN_PROGRESS","REVIEW_IN_PROGRESS","ROLLBACK_COMPLETE","ROLLBACK_FAILED","ROLLBACK_IN_PROGRESS","UPDATE_COMPLETE","UPDATE_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_FAILED","UPDATE_IN_PROGRESS","UPDATE_ROLLBACK_COMPLETE","UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_ROLLBACK_FAILED","UPDATE_ROLLBACK_IN_PROGRESS"]});for await(let r of t)if(r.StackSummaries)for(let o of r.StackSummaries)e.push(o);return e}async function te(e){let t=await ht();for(let r of t){let o=r.StackName,n=await gt(o);if(n?.tag===e)return n}}async function gt(e){let t={};if(await pr(xe,e,t),await xe.config.region()!=="us-east-1")try{await pr(new dr({region:"us-east-1"}),e+"-us-east-1",t)}catch{}return t}async function pr(e,t,r){let o=new qn({StackName:t}),i=(await e.send(o))?.Stacks?.[0],a=i?.Tags?.find(p=>p.Key===ui);if(!a)return;let u=await e.send(new Xn({StackName:t}));if(u.StackResources){e===xe&&(r.stack=i,r.tag=a.Value);for(let p of u.StackResources)pi(p,r)}}function pi(e,t){e.ResourceType==="AWS::ECS::Cluster"?t.ecsCluster=e:e.ResourceType==="AWS::ECS::Service"?t.ecsService=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("FrontEndAppBucket")?t.appBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("FrontEndAppDistribution")?t.appDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("FrontEndOriginAccessIdentity")?t.appOriginAccessIdentity=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("StorageStorageBucket")?t.storageBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("StorageStorageDistribution")?t.storageDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("StorageOriginAccessIdentity")&&(t.storageOriginAccessIdentity=e)}function De(e){console.log(`Medplum Tag: ${e.tag}`),console.log(`Stack Name: ${e.stack?.StackName}`),console.log(`Stack ID: ${e.stack?.StackId}`),console.log(`Status: ${e.stack?.StackStatus}`),console.log(`ECS Cluster: ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service: ${di(e.ecsService)}`),console.log(`App Bucket: ${e.appBucket?.PhysicalResourceId}`),console.log(`App Distribution: ${e.appDistribution?.PhysicalResourceId}`),console.log(`App OAI: ${e.appOriginAccessIdentity?.PhysicalResourceId}`),console.log(`Storage Bucket: ${e.storageBucket?.PhysicalResourceId}`),console.log(`Storage Distribution: ${e.storageDistribution?.PhysicalResourceId}`),console.log(`Storage OAI: ${e.storageOriginAccessIdentity?.PhysicalResourceId}`)}function di(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function Me(e){let t=await li.send(new Zn({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}async function ke(e){let o=(await(await ai("https://api.github.com/repos/medplum/medplum/releases?per_page=100",{headers:{Accept:"application/vnd.github+json","X-GitHub-Api-Version":"2022-11-28"}})).json()).map(n=>n.tag_name.startsWith("v")?n.tag_name.slice(1):n.tag_name);return o.sort((n,i)=>mr.compare(i,n)),e?o.slice(0,o.indexOf(e)):o}async function _e(e,t,r){let o=new oi({region:e});for(let[n,i]of Object.entries(r)){let a=t+n,u=i.toString(),p=await mi(o,a);p!==void 0&&p!==u&&(c(`Parameter "${a}" exists with different value.`),await le(`Do you want to overwrite "${a}"?`)),await fi(o,a,u)}}async function mi(e,t){let r=new ti({Name:t,WithDecryption:!0});try{return(await e.send(r)).Parameter?.Value}catch(o){if(o.name==="ParameterNotFound")return;throw o}}async function fi(e,t,r){let o=new ri({Name:t,Value:r,Type:"SecureString",Overwrite:!0});await e.send(o)}function W(e,t){if(console.log(`Config not found: ${e} (${F(e,t)})`),t){let o=Object.entries(t);if(o.length>0){console.log("Additional options:");for(let[n,i]of o)console.log(` ${n}: ${i}`)}}console.log();let r=ci(".",{withFileTypes:!0});if(r=r.filter(o=>o.isFile()&&o.name.startsWith("medplum.")&&o.name.endsWith(".json")).map(o=>o.name),r.length===0)console.log("No configs found");else{console.log("Available configs:");for(let o of r)console.log(` ${o.replaceAll("medplum.","").replaceAll(".config","").replaceAll(".server","").replaceAll(".json","").padEnd(40," ")} (${o})`)}}async function re(e){console.log(`Stack not found: ${e}`),console.log();try{let t=new ii,r=new ni({}),o=await t.send(r),n=await t.config.region();console.log("AWS Region: ",n),console.log("AWS Account ID: ",o.Account),console.log("AWS Account ARN: ",o.Arn),console.log("AWS User ID: ",o.UserId)}catch(t){console.log("Warning: Unable to get AWS account ID",si(t))}}async function fr(e){let t=await te(e);if(!t)throw await re(e),new Error(`Stack not found: ${e}`);De(t)}import{ACMClient as yr,ListCertificatesCommand as hi,RequestCertificateCommand as gi}from"@aws-sdk/client-acm";import{CloudFrontClient as yi,CreatePublicKeyCommand as Ei}from"@aws-sdk/client-cloudfront";import{GetCallerIdentityCommand as Si,STSClient as wi}from"@aws-sdk/client-sts";import{normalizeErrorString as Ri}from"@medplum/core";import{generateKeyPairSync as Ii,randomUUID as hr}from"node:crypto";import{existsSync as Ai}from"node:fs";var Ci=e=>`${e}DomainName`,Er=e=>`${e}SslCertArn`;async function Sr(){let e={apiPort:8103,region:"us-east-1"};Oe(),A("MEDPLUM"),c("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),c(""),c("Most Medplum infrastructure is deployed using the AWS CDK."),c("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),c("This tool will help you create those resources."),c(""),c("Upon completion, this tool will:"),c(" 1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),c(" 2. Optionally generate an AWS CloudFront signing key"),c(" 3. Optionally request SSL certificates from AWS Certificate Manager"),c(" 4. Optionally write server config settings to AWS Parameter Store"),c(""),c("The Medplum infra config file is an input to the Medplum CDK."),c("The Medplum CDK will create and manage the necessary AWS resources."),c(""),c("We will ask a series of questions to generate your infra config file."),c("Some questions have predefined options in [square brackets]."),c("Some questions have default values in (parentheses), which you can accept by pressing Enter."),c("Press Ctrl+C at any time to exit.");let t=await vi(e.region);t||(c("It appears that you do not have AWS credentials configured."),c("AWS credentials are not strictly required, but will enable some additional features."),c("If you intend to use AWS credentials, please configure them now."),await le("Do you want to continue without AWS credentials?")),A("ENVIRONMENT NAME"),c('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),c("The environment name is used in multiple places:"),c(" 1. As part of config file names (i.e., medplum.demo.config.json)"),c(" 2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),c(" 3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await b("What is your environment name?","demo"),c('Using environment name "'+e.name+'"...'),A("CONFIG FILE"),c("Medplum Infrastructure will create a config file in the current directory.");let r=await b("What is the config file name?",`medplum.${e.name}.config.json`);Ai(r)&&(c("Config file already exists."),await le("Do you want to overwrite the config file?")),c('Using config file "'+r+'"...'),C(r,e),A("AWS REGION"),c("Most Medplum resources will be created in a single AWS region."),e.region=await b("Enter your AWS region:","us-east-1"),C(r,e),A("AWS ACCOUNT NUMBER"),c("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&c("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await b("What is your AWS account number?",t),C(r,e),A("STACK NAME"),c("Medplum will create a CloudFormation stack to manage AWS resources."),c("AWS CloudFormation stack names ");let o="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await b("Enter your CloudFormation stack name?",o),C(r,e),A("BASE DOMAIN NAME"),c("Please enter the base domain name for your Medplum deployment."),c(""),c("Medplum deploys multiple subdomains for various services."),c(""),c('For example, "api." for the REST API and "app." for the web application.'),c("The base domain name is the common suffix for all subdomains."),c(""),c('For example, if your base domain name is "example.com",'),c('then the REST API will be "api.example.com".'),c(""),c('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),c(""),c("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await b("Enter your base domain name:");C(r,e),A("SUPPORT EMAIL"),c("Medplum sends transactional emails to users."),c("For example, emails to new users or for password reset."),c("Medplum will use the support email address to send these emails."),c("Note that you must verify the support email address in SES.");let n=await b("Enter your support email address:");A("API DOMAIN NAME"),c("Medplum deploys a REST API for the backend services."),e.apiDomainName=await b("Enter your REST API domain name:","api."+e.domainName),e.baseUrl=`https://${e.apiDomainName}/`,C(r,e),A("APP DOMAIN NAME"),c("Medplum deploys a web application for the user interface."),e.appDomainName=await b("Enter your web application domain name:","app."+e.domainName),C(r,e),A("STORAGE DOMAIN NAME"),c("Medplum deploys a storage service for file uploads."),e.storageDomainName=await b("Enter your storage domain name:","storage."+e.domainName),C(r,e),A("STORAGE BUCKET"),c("Medplum uses an S3 bucket to store binary content such as file uploads."),c("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await b("Enter your storage bucket name:",e.storageDomainName),C(r,e),A("MAX AVAILABILITY ZONES"),c("Medplum API servers can be deployed in multiple availability zones."),c("This provides redundancy and high availability."),c("However, it also increases the cost of the deployment."),c("If you want to use all availability zones, choose a large number such as 99."),c("If you want to restrict the number, for example to manage EIP limits,"),c("then choose a small number such as 2 or 3."),e.maxAzs=await ee("Enter the maximum number of availability zones:",[2,3,99],2),A("DATABASE INSTANCES"),c("Medplum uses a relational database to store data."),c("Medplum can create a new RDS database as part of the CloudFormation stack,"),c("or can set up your own database and enter the database name, username, and password."),await X("Do you want to create a new RDS database as part of the CloudFormation stack?")?(c("Medplum will create a new RDS database as part of the CloudFormation stack."),c(""),c("If you need high availability, you can choose multiple instances."),c("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await ee("Enter the number of database instances:",[1,2],1)):(c("Medplum will not create a new RDS database."),c("Please create a new RDS database and enter the database name, username, and password."),c('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),C(r,e),A("SERVER INSTANCES"),c("Medplum uses AWS Fargate to run the API servers."),c("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),c("Fargate will automatically scale the number of servers up and down."),c("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await ee("Enter the number of server instances:",[1,2,3,4,6,8],1),C(r,e),A("SERVER MEMORY"),c("You can choose the amount of memory for each server instance."),c("The default is 512 MB, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await ee("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),C(r,e),A("SERVER CPU"),c("You can choose the amount of CPU for each server instance."),c("CPU is expressed as an integer using AWS CPU units"),c("The default is 256, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await ee("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),C(r,e),A("SERVER IMAGE"),c("Medplum uses Docker images for the API servers."),c("You can choose the image to use for the servers."),c("Docker images can be loaded from either Docker Hub or AWS ECR."),c("The default is the latest Medplum release.");let i=(await ke())[0]??"latest";e.serverImage=await b("Enter the server image:",`medplum/medplum-server:${i}`),C(r,e),A("SIGNING KEY"),c("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let a=await Oi(e.region,e.stackName+"SigningKey");a?(e.signingKeyId=a.keyId,e.storagePublicKey=a.publicKey,C(r,e)):(c("Unable to generate signing key."),c("Please manually create a signing key and enter the key ID and public key in the config file."),c('You must set the "signingKeyId", "signingKey", and "signingKeyPassphrase" settings.')),A("SSL CERTIFICATES"),c("Medplum will now check for existing SSL certificates for the subdomains.");let u=await Ti(e.region);c("Found "+u.length+" certificate(s).");for(let{region:g,certName:w}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){c("");let R=await Pi(e,u,g,w);e[Er(w)]=R,C(r,e)}A("AWS PARAMETER STORE"),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${e.name}" path.`);let p={port:e.apiPort,baseUrl:e.baseUrl,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,supportEmail:n};if(a&&(p.signingKeyId=a.keyId,p.signingKey=a.privateKey,p.signingKeyPassphrase=a.passphrase),c(JSON.stringify({...p,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await X("Do you want to store these values in AWS Parameter Store?"))await _e(e.region,`/medplum/${e.name}/`,p);else{let g=F(e.name,{server:!0});C(g,p),c("Skipping AWS Parameter Store."),c(`Writing values to local config file: ${g}`),c("Please add these values to AWS Parameter Store manually.")}A("DONE!"),c("Medplum configuration complete."),c("You can now proceed to deploying the Medplum infrastructure with CDK."),c("Run:"),c(""),c(` npx cdk bootstrap -c config=${r}`),c(` npx cdk synth -c config=${r}`),e.region==="us-east-1"?c(` npx cdk deploy -c config=${r}`):c(` npx cdk deploy -c config=${r} --all`),c(""),c("See Medplum documentation for more information:"),c(""),c(" https://www.medplum.com/docs/self-hosting/install-on-aws"),c(""),Ne()}async function vi(e){try{let t=new wi({region:e}),r=new Si({});return(await t.send(r)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function Ti(e){let t=await gr(e);if(e!=="us-east-1"){let r=await gr("us-east-1");t.push(...r)}return t}async function gr(e){try{let t=new yr({region:e}),r=new hi({MaxItems:1e3});return(await t.send(r)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function Pi(e,t,r,o){let n=e[Ci(o)],i=t.find(u=>u.CertificateArn?.includes(r)&&u.DomainName===n);if(i)return c(`Found existing certificate for "${n}" in "${r}.`),i.CertificateArn;if(c(`No existing certificate found for "${n}" in "${r}.`),!await X("Do you want to request a new certificate?"))return c(`Please add your certificate ARN to the config file in the "${Er(o)}" setting.`),"TODO";let a=await bi(r,n);return c("Certificate ARN: "+a),a}async function bi(e,t){try{let r=await Le("Validate certificate using DNS or email validation?",["dns","email"],"dns"),o=new yr({region:e}),n=new gi({DomainName:t,ValidationMethod:r.toUpperCase()});return(await o.send(n)).CertificateArn}catch(r){return console.log("Error: Unable to request certificate",r.message),"TODO"}}async function Oi(e,t){let r=hr(),o=Ii("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:r}});try{return{keyId:(await new yi({region:e}).send(new Ei({PublicKeyConfig:{Name:t,CallerReference:hr(),EncodedKey:o.publicKey}}))).PublicKey?.Id,publicKey:o.publicKey,privateKey:o.privateKey,passphrase:r}}catch(n){console.log("Error: Unable to create signing key: ",Ri(n));return}}async function wr(){let e=await ht();for(let t of e){let r=t.StackName,o=await gt(r);o&&(De(o),console.log(""))}}import{PutObjectCommand as Ni}from"@aws-sdk/client-s3";import{ContentType as k}from"@medplum/core";import Li from"fast-glob";import Rr from"node-fetch";import{createReadStream as xi,mkdtempSync as Di,readdirSync as Mi,readFileSync as ki,rmSync as _i,writeFileSync as Ui}from"node:fs";import{tmpdir as $i}from"node:os";import{join as Ue,sep as Fi}from"node:path";import{pipeline as ji}from"node:stream/promises";async function Ir(e,t){let r=D(e,t);if(!r)throw W(e,t),new Error(`Config not found: ${e}`);let o=await te(e);if(!o)throw await re(e),new Error(`Stack not found: ${e}`);let n=o.appBucket;if(!n)throw new Error(`App bucket not found for stack ${e}`);let i;if(t.tarPath)i=t.tarPath;else{let a=t?.toVersion??"latest";i=await Ki("@medplum/app",a)}Ar(i,{MEDPLUM_BASE_URL:r.baseUrl,MEDPLUM_CLIENT_ID:r.clientId??"",GOOGLE_CLIENT_ID:r.googleClientId??"",RECAPTCHA_SITE_KEY:r.recaptchaSiteKey??"",MEDPLUM_REGISTER_ENABLED:r.registerEnabled?"true":"false"}),await Hi(i,n.PhysicalResourceId,t),o.appDistribution?.PhysicalResourceId&&!t.dryrun&&await Me(o.appDistribution.PhysicalResourceId),console.log("Done")}async function Bi(e,t){let r=`https://registry.npmjs.org/${e}/${t}`;return(await Rr(r)).json()}async function Ki(e,t){let o=(await Bi(e,t)).dist.tarball,n=Di(Ue($i(),"tarball-"));try{let i=await Rr(o),a=er(n);return await ji(i.body,a),Ue(n,"package","dist")}catch(i){throw _i(n,{recursive:!0,force:!0}),i}}function Ar(e,t){for(let r of Mi(e,{withFileTypes:!0})){let o=Ue(e,r.name);r.isDirectory()?Ar(o,t):r.isFile()&&o.endsWith(".js")&&Wi(o,t)}}function Wi(e,t){let r=ki(e,"utf-8");for(let[o,n]of Object.entries(t))r=r.replaceAll(`__${o}__`,n);Ui(e,r)}async function Hi(e,t,r){let o=[["assets/**/*.css",k.CSS,!0],["assets/**/*.css.map",k.JSON,!0],["assets/**/*.js",k.JAVASCRIPT,!0],["assets/**/*.js.map",k.JSON,!0],["assets/**/*.txt",k.TEXT,!0],["assets/**/*.ico",k.FAVICON,!0],["img/**/*.png",k.PNG,!0],["img/**/*.svg",k.SVG,!0],["robots.txt",k.TEXT,!0],["index.html",k.HTML,!1]];for(let n of o)await Gi({rootDir:e,bucketName:t,fileNamePattern:n[0],contentType:n[1],cached:n[2],dryrun:r.dryrun})}async function Gi(e){let t=Li.sync(e.fileNamePattern,{cwd:e.rootDir});for(let r of t)await Vi(Ue(e.rootDir,r),e)}async function Vi(e,t){let r=xi(e),o=e.substring(t.rootDir.length+1).split(Fi).join("/"),n={Bucket:t.bucketName,Key:o,Body:r,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${o} to ${t.bucketName}...`),t.dryrun||await ue.send(new Ni(n))}import{GetBucketPolicyCommand as Ji,PutBucketPolicyCommand as Xi}from"@aws-sdk/client-s3";async function vr(e,t){if(!D(e,t))throw W(e,t),new Error(`Config not found: ${e}`);let o=await te(e);if(!o)throw await re(e),new Error(`Stack not found: ${e}`);await Cr("App",o.appBucket,o.appDistribution,o.appOriginAccessIdentity,t),await Cr("Storage",o.storageBucket,o.storageDistribution,o.storageOriginAccessIdentity,t),console.log("Done")}async function Cr(e,t,r,o,n){if(!t?.PhysicalResourceId)throw new Error(`${e} bucket not found`);if(!r?.PhysicalResourceId)throw new Error(`${e} distribution not found`);if(!o?.PhysicalResourceId)throw new Error(`${e} OAI not found`);let i=t.PhysicalResourceId,a=o.PhysicalResourceId,u=await qi(i);if(Yi(u,i,a))throw new Error(`${e} bucket already has policy statement`);Zi(u,i,a),console.log(`${e} bucket policy:`),console.log(JSON.stringify(u,void 0,2)),n.dryrun?console.log("Dry run - skipping updates"):(console.log("Updating bucket policy..."),await zi(i,u),console.log("Bucket policy updated"),console.log("Creating CloudFront invalidation..."),await Me(r.PhysicalResourceId),console.log("CloudFront invalidation created"),console.log(`${e} bucket policy updated`))}async function qi(e){let t=await ue.send(new Ji({Bucket:e}));return JSON.parse(t.Policy??"{}")}async function zi(e,t){await ue.send(new Xi({Bucket:e,Policy:JSON.stringify(t)}))}function Yi(e,t,r){return!!e?.Statement?.some(o=>o?.Effect==="Allow"&&o?.Principal?.AWS===`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`&&Array.isArray(o?.Action)&&o?.Action?.includes("s3:GetObject*")&&o?.Action?.includes("s3:GetBucket*")&&o?.Action?.includes("s3:List*")&&Array.isArray(o?.Resource)&&o?.Resource?.includes(`arn:aws:s3:::${t}`)&&o?.Resource?.includes(`arn:aws:s3:::${t}/*`))}function Zi(e,t,r){e.Version||(e.Version="2012-10-17"),e.Statement||(e.Statement=[]),e.Statement.push({Effect:"Allow",Principal:{AWS:`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`},Action:["s3:GetObject*","s3:GetBucket*","s3:List*"],Resource:[`arn:aws:s3:::${t}`,`arn:aws:s3:::${t}/*`]})}async function Tr(e,t){try{Oe();let r=D(e,t);if(!r)throw W(e,t),new Error(`Config not found: ${e}`);let o=Qt(e)??{};Qi(r,o),ts(r,o),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${r.name}" path.`),c(JSON.stringify({...o,signingKey:"****",signingKeyPassphrase:"****"},null,2)),(t.yes||await X("Do you want to store these values in AWS Parameter Store?"))&&await _e(r.region,`/medplum/${r.name}/`,o)}finally{Ne()}}function Qi(e,t){$e(e.apiPort,t.port,`Infra "apiPort" (${e.apiPort}) does not match server "port" (${t.port})`),$e(e.baseUrl,t.baseUrl,`Infra "baseUrl" (${e.baseUrl}) does not match server "baseUrl" (${t.baseUrl})`),$e(e.appDomainName&&`https://${e.appDomainName}/`,t.appBaseUrl,`Infra "appDomainName" (${e.appDomainName}) does not match server "appBaseUrl" (${t.appBaseUrl})`),$e(e.storageDomainName&&`https://${e.storageDomainName}/binary/`,t.storageBaseUrl,`Infra "storageDomainName" (${e.storageDomainName}) does not match server "storageBaseUrl" (${t.storageBaseUrl})`)}function $e(e,t,r){if(es(e,t))throw new Error(r)}function es(e,t){return e!==void 0&&t!==void 0&&e!==t}function ts(e,t){e.apiPort&&(t.port=e.apiPort),e.baseUrl&&(t.baseUrl=e.baseUrl),e.appDomainName&&(t.appBaseUrl=`https://${e.appDomainName}/`),e.storageDomainName&&(t.storageBaseUrl=`https://${e.storageDomainName}/`)}var oe=bt(ft());import{spawnSync as rs}from"node:child_process";async function br(e,t){let r=await S(t),o=D(e,t);if(!o)throw console.log(`Configuration file ${F(e)} not found`),W(e,t),new Error(`Config not found: ${e}`);let n=o.serverImage.lastIndexOf(":"),i=o.serverImage.slice(0,n),a=await os(r,o),u=await Pr(a);for(;u;){if(t.toVersion&&oe.gt(u,t.toVersion)){console.log(`Skipping update to v${u}`);break}console.log(`Performing update to v${u}`),o.serverImage=`${i}:${u}`,ns(e,o),await r.startAsyncRequest("/admin/super/migrate"),u=await Pr(u)}}async function os(e,t){let r=t.serverImage.lastIndexOf(":"),o=t.serverImage.slice(r+1);if(o==="latest"){o=(await e.get("/healthcheck")).version;let i=o.indexOf("-");i>-1&&(o=o.slice(0,i))}return o}async function Pr(e,t){let r=await ke(e),o=r[0];return r.filter(n=>n===o||n===t||oe.gte(n,oe.inc(e,"minor"))).pop()}function ns(e,t){let r=F(e);C(r,t);let o=`npx cdk deploy -c config=${r}${t.region!=="us-east-1"?" --all":""}`;console.log("> "+o);let n=rs(o,{stdio:"inherit"});if(n.status!==0)throw new Error(`Deploy of ${t.serverImage} failed (exit code ${n.status}): ${n.stderr}`);console.log(n.stdout)}function Or(){let e=new is("aws").description("Commands to manage AWS resources");return e.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(Sr),e.command("list").description("List Medplum AWS CloudFormation stacks").action(wr),e.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>","The Medplum stack tag").action(fr),e.command("update-config").alias("deploy-config").description("Update the AWS Parameter Store config values").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--yes","Automatically confirm the update").action(Tr),e.addCommand(h("update-server").alias("deploy-server").description("Update the server image").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").action(br)),e.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--tar-path [tarPath]","Specifies the path to the extracted tarball of the @medplum/app package.").action(Ir),e.command("update-bucket-policies").description("Update S3 bucket policies").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").action(vr),e}import{Command as ss}from"commander";var Nr=h("save"),Lr=h("deploy"),xr=h("create"),Dr=new ss("bot").addCommand(Nr).addCommand(Lr).addCommand(xr),yt=h("save-bot"),Et=h("deploy-bot"),St=h("create-bot");Nr.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Fe(r,e)});Lr.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Fe(r,e,!0)});xr.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").option("--runtime-version <runtimeVersion>","Runtime version (awslambda, vmcontext)").option("--no-write-config","Do not write bot to config").action(async(e,t,r,o,n)=>{let i=await S(n);await rt(i,e,t,r,o,n.runtimeVersion,!!n.writeConfig)});async function Fe(e,t,r=!1){let o=Zt(t),n=[],i=[],a=0,u=0;for(let p of o)try{let g=await e.readResource("Bot",p.id);await et(e,p,g),a++,r&&(await tt(e,p,g),u++)}catch(g){n.push(g),i.push(`${p.name} [${p.id}]`)}if(console.log(`Number of bots saved: ${a}`),console.log(`Number of bots deployed: ${u}`),console.log(`Number of errors: ${n.length}`),n.length)throw new Error(`${n.length} bot(s) had failures. Bots with failures:
5
+ `)}function P(e,t=""){return new Promise(r=>{Ne.question(e+(t?" ("+t+")":"")+" ",o=>{r(o||t.toString())})})}async function De(e,t,r=""){let o=e+" ["+t.map(n=>n===r?"("+n+")":n).join("|")+"]";for(;;){let n=await P(o)||r;if(t.includes(n))return n;c("Please choose one of the following options: "+t.join(", "))}}async function te(e,t,r){return parseInt(await De(e,t.map(o=>o.toString()),r.toString()),10)}async function q(e){return(await De(e,["y","n"])).toLowerCase()==="y"}async function pe(e){if(!await q(e))throw c("Exiting..."),new Error("User cancelled")}var Me=new wr({}),gi=new ni({region:"us-east-1"}),gl=new si({}),de=new ai({}),yi="medplum:environment";async function yt(){let e=[],t=oi({client:Me},{StackStatusFilter:["CREATE_COMPLETE","CREATE_FAILED","CREATE_IN_PROGRESS","DELETE_FAILED","DELETE_IN_PROGRESS","IMPORT_COMPLETE","IMPORT_IN_PROGRESS","IMPORT_ROLLBACK_COMPLETE","IMPORT_ROLLBACK_FAILED","IMPORT_ROLLBACK_IN_PROGRESS","REVIEW_IN_PROGRESS","ROLLBACK_COMPLETE","ROLLBACK_FAILED","ROLLBACK_IN_PROGRESS","UPDATE_COMPLETE","UPDATE_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_FAILED","UPDATE_IN_PROGRESS","UPDATE_ROLLBACK_COMPLETE","UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_ROLLBACK_FAILED","UPDATE_ROLLBACK_IN_PROGRESS"]});for await(let r of t)if(r.StackSummaries)for(let o of r.StackSummaries)e.push(o);return e}async function re(e){let t=await yt();for(let r of t){let o=r.StackName,n=await Et(o);if(n?.tag===e)return n}}async function Et(e){let t={};if(await Sr(Me,e,t),await Me.config.region()!=="us-east-1")try{await Sr(new wr({region:"us-east-1"}),e+"-us-east-1",t)}catch{}return t}async function Sr(e,t,r){let o=new ri({StackName:t}),i=(await e.send(o))?.Stacks?.[0],s=i?.Tags?.find(p=>p.Key===yi);if(!s)return;let u=await e.send(new ti({StackName:t}));if(u.StackResources){e===Me&&(r.stack=i,r.tag=s.Value);for(let p of u.StackResources)Ei(p,r)}}function Ei(e,t){e.ResourceType==="AWS::ECS::Cluster"?t.ecsCluster=e:e.ResourceType==="AWS::ECS::Service"?t.ecsService=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("FrontEndAppBucket")?t.appBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("FrontEndAppDistribution")?t.appDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("FrontEndOriginAccessIdentity")?t.appOriginAccessIdentity=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("StorageStorageBucket")?t.storageBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("StorageStorageDistribution")?t.storageDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("StorageOriginAccessIdentity")&&(t.storageOriginAccessIdentity=e)}function ke(e){console.log(`Medplum Tag: ${e.tag}`),console.log(`Stack Name: ${e.stack?.StackName}`),console.log(`Stack ID: ${e.stack?.StackId}`),console.log(`Status: ${e.stack?.StackStatus}`),console.log(`ECS Cluster: ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service: ${Si(e.ecsService)}`),console.log(`App Bucket: ${e.appBucket?.PhysicalResourceId}`),console.log(`App Distribution: ${e.appDistribution?.PhysicalResourceId}`),console.log(`App OAI: ${e.appOriginAccessIdentity?.PhysicalResourceId}`),console.log(`Storage Bucket: ${e.storageBucket?.PhysicalResourceId}`),console.log(`Storage Distribution: ${e.storageDistribution?.PhysicalResourceId}`),console.log(`Storage OAI: ${e.storageOriginAccessIdentity?.PhysicalResourceId}`)}function Si(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function _e(e){let t=await gi.send(new ii({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}async function Ue(e){let o=(await(await fi("https://api.github.com/repos/medplum/medplum/releases?per_page=100",{headers:{Accept:"application/vnd.github+json","X-GitHub-Api-Version":"2022-11-28"}})).json()).map(n=>n.tag_name.startsWith("v")?n.tag_name.slice(1):n.tag_name);return o.sort((n,i)=>Ir.compare(i,n)),e?o.slice(0,o.indexOf(e)):o}async function $e(e,t,r){let o=new ui({region:e});for(let[n,i]of Object.entries(r)){let s=t+n,u=i.toString(),p=await wi(o,s);p!==void 0&&p!==u&&(c(`Parameter "${s}" exists with different value.`),await pe(`Do you want to overwrite "${s}"?`)),await Ii(o,s,u)}}async function wi(e,t){let r=new ci({Name:t,WithDecryption:!0});try{return(await e.send(r)).Parameter?.Value}catch(o){if(o.name==="ParameterNotFound")return;throw o}}async function Ii(e,t,r){let o=new li({Name:t,Value:r,Type:"SecureString",Overwrite:!0});await e.send(o)}function H(e,t){if(console.log(`Config not found: ${e} (${j(e,t)})`),t){let o=Object.entries(t);if(o.length>0){console.log("Additional options:");for(let[n,i]of o)console.log(` ${n}: ${i}`)}}console.log();let r=hi(".",{withFileTypes:!0});if(r=r.filter(o=>o.isFile()&&o.name.startsWith("medplum.")&&o.name.endsWith(".json")).map(o=>o.name),r.length===0)console.log("No configs found");else{console.log("Available configs:");for(let o of r)console.log(` ${o.replaceAll("medplum.","").replaceAll(".config","").replaceAll(".server","").replaceAll(".json","").padEnd(40," ")} (${o})`)}}async function oe(e){console.log(`Stack not found: ${e}`),console.log();try{let t=new di,r=new pi({}),o=await t.send(r),n=await t.config.region();console.log("AWS Region: ",n),console.log("AWS Account ID: ",o.Account),console.log("AWS Account ARN: ",o.Arn),console.log("AWS User ID: ",o.UserId)}catch(t){console.log("Warning: Unable to get AWS account ID",mi(t))}}async function Rr(e){let t=await re(e);if(!t)throw await oe(e),new Error(`Stack not found: ${e}`);ke(t)}import{ACMClient as vr,ListCertificatesCommand as Ri,RequestCertificateCommand as Ai}from"@aws-sdk/client-acm";import{CloudFrontClient as Ci,CreatePublicKeyCommand as vi}from"@aws-sdk/client-cloudfront";import{GetCallerIdentityCommand as Ti,STSClient as bi}from"@aws-sdk/client-sts";import{normalizeErrorString as Pi}from"@medplum/core";import{generateKeyPairSync as Oi,randomUUID as Ar}from"node:crypto";import{existsSync as Ni}from"node:fs";var Li=e=>`${e}DomainName`,Tr=e=>`${e}SslCertArn`;async function br(){let e={apiPort:8103,region:"us-east-1"};Le(),A("MEDPLUM"),c("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),c(""),c("Most Medplum infrastructure is deployed using the AWS CDK."),c("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),c("This tool will help you create those resources."),c(""),c("Upon completion, this tool will:"),c(" 1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),c(" 2. Optionally generate an AWS CloudFront signing key"),c(" 3. Optionally request SSL certificates from AWS Certificate Manager"),c(" 4. Optionally write server config settings to AWS Parameter Store"),c(""),c("The Medplum infra config file is an input to the Medplum CDK."),c("The Medplum CDK will create and manage the necessary AWS resources."),c(""),c("We will ask a series of questions to generate your infra config file."),c("Some questions have predefined options in [square brackets]."),c("Some questions have default values in (parentheses), which you can accept by pressing Enter."),c("Press Ctrl+C at any time to exit.");let t=await xi(e.region);t||(c("It appears that you do not have AWS credentials configured."),c("AWS credentials are not strictly required, but will enable some additional features."),c("If you intend to use AWS credentials, please configure them now."),await pe("Do you want to continue without AWS credentials?")),A("ENVIRONMENT NAME"),c('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),c("The environment name is used in multiple places:"),c(" 1. As part of config file names (i.e., medplum.demo.config.json)"),c(" 2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),c(" 3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await P("What is your environment name?","demo"),c('Using environment name "'+e.name+'"...'),A("CONFIG FILE"),c("Medplum Infrastructure will create a config file in the current directory.");let r=await P("What is the config file name?",`medplum.${e.name}.config.json`);Ni(r)&&(c("Config file already exists."),await pe("Do you want to overwrite the config file?")),c('Using config file "'+r+'"...'),C(r,e),A("AWS REGION"),c("Most Medplum resources will be created in a single AWS region."),e.region=await P("Enter your AWS region:","us-east-1"),C(r,e),A("AWS ACCOUNT NUMBER"),c("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&c("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await P("What is your AWS account number?",t),C(r,e),A("STACK NAME"),c("Medplum will create a CloudFormation stack to manage AWS resources."),c("AWS CloudFormation stack names ");let o="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await P("Enter your CloudFormation stack name?",o),C(r,e),A("BASE DOMAIN NAME"),c("Please enter the base domain name for your Medplum deployment."),c(""),c("Medplum deploys multiple subdomains for various services."),c(""),c('For example, "api." for the REST API and "app." for the web application.'),c("The base domain name is the common suffix for all subdomains."),c(""),c('For example, if your base domain name is "example.com",'),c('then the REST API will be "api.example.com".'),c(""),c('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),c(""),c("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await P("Enter your base domain name:");C(r,e),A("SUPPORT EMAIL"),c("Medplum sends transactional emails to users."),c("For example, emails to new users or for password reset."),c("Medplum will use the support email address to send these emails."),c("Note that you must verify the support email address in SES.");let n=await P("Enter your support email address:");A("API DOMAIN NAME"),c("Medplum deploys a REST API for the backend services."),e.apiDomainName=await P("Enter your REST API domain name:","api."+e.domainName),e.baseUrl=`https://${e.apiDomainName}/`,C(r,e),A("APP DOMAIN NAME"),c("Medplum deploys a web application for the user interface."),e.appDomainName=await P("Enter your web application domain name:","app."+e.domainName),C(r,e),A("STORAGE DOMAIN NAME"),c("Medplum deploys a storage service for file uploads."),e.storageDomainName=await P("Enter your storage domain name:","storage."+e.domainName),C(r,e),A("STORAGE BUCKET"),c("Medplum uses an S3 bucket to store binary content such as file uploads."),c("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await P("Enter your storage bucket name:",e.storageDomainName),C(r,e),A("MAX AVAILABILITY ZONES"),c("Medplum API servers can be deployed in multiple availability zones."),c("This provides redundancy and high availability."),c("However, it also increases the cost of the deployment."),c("If you want to use all availability zones, choose a large number such as 99."),c("If you want to restrict the number, for example to manage EIP limits,"),c("then choose a small number such as 2 or 3."),e.maxAzs=await te("Enter the maximum number of availability zones:",[2,3,99],2),A("DATABASE INSTANCES"),c("Medplum uses a relational database to store data."),c("Medplum can create a new RDS database as part of the CloudFormation stack,"),c("or can set up your own database and enter the database name, username, and password."),await q("Do you want to create a new RDS database as part of the CloudFormation stack?")?(c("Medplum will create a new RDS database as part of the CloudFormation stack."),c(""),c("If you need high availability, you can choose multiple instances."),c("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await te("Enter the number of database instances:",[1,2],1)):(c("Medplum will not create a new RDS database."),c("Please create a new RDS database and enter the database name, username, and password."),c('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),C(r,e),A("SERVER INSTANCES"),c("Medplum uses AWS Fargate to run the API servers."),c("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),c("Fargate will automatically scale the number of servers up and down."),c("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await te("Enter the number of server instances:",[1,2,3,4,6,8],1),C(r,e),A("SERVER MEMORY"),c("You can choose the amount of memory for each server instance."),c("The default is 512 MB, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await te("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),C(r,e),A("SERVER CPU"),c("You can choose the amount of CPU for each server instance."),c("CPU is expressed as an integer using AWS CPU units"),c("The default is 256, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await te("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),C(r,e),A("SERVER IMAGE"),c("Medplum uses Docker images for the API servers."),c("You can choose the image to use for the servers."),c("Docker images can be loaded from either Docker Hub or AWS ECR."),c("The default is the latest Medplum release.");let i=(await Ue())[0]??"latest";e.serverImage=await P("Enter the server image:",`medplum/medplum-server:${i}`),C(r,e),A("SIGNING KEY"),c("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let s=await _i(e.region,e.stackName+"SigningKey");s?(e.signingKeyId=s.keyId,e.storagePublicKey=s.publicKey,C(r,e)):(c("Unable to generate signing key."),c("Please manually create a signing key and enter the key ID and public key in the config file."),c('You must set the "signingKeyId", "signingKey", and "signingKeyPassphrase" settings.')),A("SSL CERTIFICATES"),c("Medplum will now check for existing SSL certificates for the subdomains.");let u=await Di(e.region);c("Found "+u.length+" certificate(s).");for(let{region:h,certName:w}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){c("");let I=await Mi(e,u,h,w);e[Tr(w)]=I,C(r,e)}A("AWS PARAMETER STORE"),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${e.name}" path.`);let p={port:e.apiPort,baseUrl:e.baseUrl,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,supportEmail:n};if(s&&(p.signingKeyId=s.keyId,p.signingKey=s.privateKey,p.signingKeyPassphrase=s.passphrase),c(JSON.stringify({...p,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await q("Do you want to store these values in AWS Parameter Store?"))await $e(e.region,`/medplum/${e.name}/`,p);else{let h=j(e.name,{server:!0});C(h,p),c("Skipping AWS Parameter Store."),c(`Writing values to local config file: ${h}`),c("Please add these values to AWS Parameter Store manually.")}A("DONE!"),c("Medplum configuration complete."),c("You can now proceed to deploying the Medplum infrastructure with CDK."),c("Run:"),c(""),c(` npx cdk bootstrap -c config=${r}`),c(` npx cdk synth -c config=${r}`),e.region==="us-east-1"?c(` npx cdk deploy -c config=${r}`):c(` npx cdk deploy -c config=${r} --all`),c(""),c("See Medplum documentation for more information:"),c(""),c(" https://www.medplum.com/docs/self-hosting/install-on-aws"),c(""),xe()}async function xi(e){try{let t=new bi({region:e}),r=new Ti({});return(await t.send(r)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function Di(e){let t=await Cr(e);if(e!=="us-east-1"){let r=await Cr("us-east-1");t.push(...r)}return t}async function Cr(e){try{let t=new vr({region:e}),r=new Ri({MaxItems:1e3});return(await t.send(r)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function Mi(e,t,r,o){let n=e[Li(o)],i=t.find(u=>u.CertificateArn?.includes(r)&&u.DomainName===n);if(i)return c(`Found existing certificate for "${n}" in "${r}.`),i.CertificateArn;if(c(`No existing certificate found for "${n}" in "${r}.`),!await q("Do you want to request a new certificate?"))return c(`Please add your certificate ARN to the config file in the "${Tr(o)}" setting.`),"TODO";let s=await ki(r,n);return c("Certificate ARN: "+s),s}async function ki(e,t){try{let r=await De("Validate certificate using DNS or email validation?",["dns","email"],"dns"),o=new vr({region:e}),n=new Ai({DomainName:t,ValidationMethod:r.toUpperCase()});return(await o.send(n)).CertificateArn}catch(r){return console.log("Error: Unable to request certificate",r.message),"TODO"}}async function _i(e,t){let r=Ar(),o=Oi("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:r}});try{return{keyId:(await new Ci({region:e}).send(new vi({PublicKeyConfig:{Name:t,CallerReference:Ar(),EncodedKey:o.publicKey}}))).PublicKey?.Id,publicKey:o.publicKey,privateKey:o.privateKey,passphrase:r}}catch(n){console.log("Error: Unable to create signing key: ",Pi(n));return}}async function Pr(){let e=await yt();for(let t of e){let r=t.StackName,o=await Et(r);o&&(ke(o),console.log(""))}}import{PutObjectCommand as Ui}from"@aws-sdk/client-s3";import{ContentType as k}from"@medplum/core";import $i from"fast-glob";import Or from"node-fetch";import{createReadStream as ji,mkdtempSync as Fi,readdirSync as Ki,readFileSync as Bi,rmSync as Wi,writeFileSync as Hi}from"node:fs";import{tmpdir as Gi}from"node:os";import{join as je,sep as Ji}from"node:path";import{pipeline as Vi}from"node:stream/promises";async function Nr(e,t){let r=D(e,t);if(!r)throw H(e,t),new Error(`Config not found: ${e}`);let o=await re(e);if(!o)throw await oe(e),new Error(`Stack not found: ${e}`);let n=o.appBucket;if(!n)throw new Error(`App bucket not found for stack ${e}`);let i;if(t.tarPath)i=t.tarPath;else{let s=t?.toVersion??"latest";i=await qi("@medplum/app",s)}Lr(i,{MEDPLUM_BASE_URL:r.baseUrl,MEDPLUM_CLIENT_ID:r.clientId??"",GOOGLE_CLIENT_ID:r.googleClientId??"",RECAPTCHA_SITE_KEY:r.recaptchaSiteKey??"",MEDPLUM_REGISTER_ENABLED:r.registerEnabled?"true":"false"}),await Yi(i,n.PhysicalResourceId,t),o.appDistribution?.PhysicalResourceId&&!t.dryrun&&await _e(o.appDistribution.PhysicalResourceId),console.log("Done")}async function Xi(e,t){let r=`https://registry.npmjs.org/${e}/${t}`;return(await Or(r)).json()}async function qi(e,t){let o=(await Xi(e,t)).dist.tarball,n=Fi(je(Gi(),"tarball-"));try{let i=await Or(o),s=cr(n);return await Vi(i.body,s),je(n,"package","dist")}catch(i){throw Wi(n,{recursive:!0,force:!0}),i}}function Lr(e,t){for(let r of Ki(e,{withFileTypes:!0})){let o=je(e,r.name);r.isDirectory()?Lr(o,t):r.isFile()&&o.endsWith(".js")&&zi(o,t)}}function zi(e,t){let r=Bi(e,"utf-8");for(let[o,n]of Object.entries(t))r=r.replaceAll(`__${o}__`,n);Hi(e,r)}async function Yi(e,t,r){let o=[["assets/**/*.css",k.CSS,!0],["assets/**/*.css.map",k.JSON,!0],["assets/**/*.js",k.JAVASCRIPT,!0],["assets/**/*.js.map",k.JSON,!0],["assets/**/*.txt",k.TEXT,!0],["assets/**/*.ico",k.FAVICON,!0],["img/**/*.png",k.PNG,!0],["img/**/*.svg",k.SVG,!0],["robots.txt",k.TEXT,!0],["index.html",k.HTML,!1]];for(let n of o)await Zi({rootDir:e,bucketName:t,fileNamePattern:n[0],contentType:n[1],cached:n[2],dryrun:r.dryrun})}async function Zi(e){let t=$i.sync(e.fileNamePattern,{cwd:e.rootDir});for(let r of t)await Qi(je(e.rootDir,r),e)}async function Qi(e,t){let r=ji(e),o=e.substring(t.rootDir.length+1).split(Ji).join("/"),n={Bucket:t.bucketName,Key:o,Body:r,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${o} to ${t.bucketName}...`),t.dryrun||await de.send(new Ui(n))}import{GetBucketPolicyCommand as es,PutBucketPolicyCommand as ts}from"@aws-sdk/client-s3";async function Dr(e,t){if(!D(e,t))throw H(e,t),new Error(`Config not found: ${e}`);let o=await re(e);if(!o)throw await oe(e),new Error(`Stack not found: ${e}`);await xr("App",o.appBucket,o.appDistribution,o.appOriginAccessIdentity,t),await xr("Storage",o.storageBucket,o.storageDistribution,o.storageOriginAccessIdentity,t),console.log("Done")}async function xr(e,t,r,o,n){if(!t?.PhysicalResourceId)throw new Error(`${e} bucket not found`);if(!r?.PhysicalResourceId)throw new Error(`${e} distribution not found`);if(!o?.PhysicalResourceId)throw new Error(`${e} OAI not found`);let i=t.PhysicalResourceId,s=o.PhysicalResourceId,u=await rs(i);if(ns(u,i,s))throw new Error(`${e} bucket already has policy statement`);is(u,i,s),console.log(`${e} bucket policy:`),console.log(JSON.stringify(u,void 0,2)),n.dryrun?console.log("Dry run - skipping updates"):(console.log("Updating bucket policy..."),await os(i,u),console.log("Bucket policy updated"),console.log("Creating CloudFront invalidation..."),await _e(r.PhysicalResourceId),console.log("CloudFront invalidation created"),console.log(`${e} bucket policy updated`))}async function rs(e){let t=await de.send(new es({Bucket:e}));return JSON.parse(t.Policy??"{}")}async function os(e,t){await de.send(new ts({Bucket:e,Policy:JSON.stringify(t)}))}function ns(e,t,r){return!!e?.Statement?.some(o=>o?.Effect==="Allow"&&o?.Principal?.AWS===`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`&&Array.isArray(o?.Action)&&o?.Action?.includes("s3:GetObject*")&&o?.Action?.includes("s3:GetBucket*")&&o?.Action?.includes("s3:List*")&&Array.isArray(o?.Resource)&&o?.Resource?.includes(`arn:aws:s3:::${t}`)&&o?.Resource?.includes(`arn:aws:s3:::${t}/*`))}function is(e,t,r){e.Version||(e.Version="2012-10-17"),e.Statement||(e.Statement=[]),e.Statement.push({Effect:"Allow",Principal:{AWS:`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`},Action:["s3:GetObject*","s3:GetBucket*","s3:List*"],Resource:[`arn:aws:s3:::${t}`,`arn:aws:s3:::${t}/*`]})}async function Mr(e,t){try{Le();let r=D(e,t);if(!r)throw H(e,t),new Error(`Config not found: ${e}`);let o=ar(e)??{};ss(r,o),cs(r,o),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${r.name}" path.`),c(JSON.stringify({...o,signingKey:"****",signingKeyPassphrase:"****"},null,2)),(t.yes||await q("Do you want to store these values in AWS Parameter Store?"))&&await $e(r.region,`/medplum/${r.name}/`,o)}finally{xe()}}function ss(e,t){Fe(e.apiPort,t.port,`Infra "apiPort" (${e.apiPort}) does not match server "port" (${t.port})`),Fe(e.baseUrl,t.baseUrl,`Infra "baseUrl" (${e.baseUrl}) does not match server "baseUrl" (${t.baseUrl})`),Fe(e.appDomainName&&`https://${e.appDomainName}/`,t.appBaseUrl,`Infra "appDomainName" (${e.appDomainName}) does not match server "appBaseUrl" (${t.appBaseUrl})`),Fe(e.storageDomainName&&`https://${e.storageDomainName}/binary/`,t.storageBaseUrl,`Infra "storageDomainName" (${e.storageDomainName}) does not match server "storageBaseUrl" (${t.storageBaseUrl})`)}function Fe(e,t,r){if(as(e,t))throw new Error(r)}function as(e,t){return e!==void 0&&t!==void 0&&e!==t}function cs(e,t){e.apiPort&&(t.port=e.apiPort),e.baseUrl&&(t.baseUrl=e.baseUrl),e.appDomainName&&(t.appBaseUrl=`https://${e.appDomainName}/`),e.storageDomainName&&(t.storageBaseUrl=`https://${e.storageDomainName}/`)}var ne=Nt(gt());import{spawnSync as ls}from"node:child_process";async function _r(e,t){let r=await S(t),o=D(e,t);if(!o)throw console.log(`Configuration file ${j(e)} not found`),H(e,t),new Error(`Config not found: ${e}`);let n=o.serverImage.lastIndexOf(":"),i=o.serverImage.slice(0,n),s=await us(r,o),u=await kr(s);for(;u;){if(t.toVersion&&ne.gt(u,t.toVersion)){console.log(`Skipping update to v${u}`);break}console.log(`Performing update to v${u}`),o.serverImage=`${i}:${u}`,ps(e,o),await r.startAsyncRequest("/admin/super/migrate"),u=await kr(u)}}async function us(e,t){let r=t.serverImage.lastIndexOf(":"),o=t.serverImage.slice(r+1);if(o==="latest"){o=(await e.get("/healthcheck")).version;let i=o.indexOf("-");i>-1&&(o=o.slice(0,i))}return o}async function kr(e,t){let r=await Ue(e),o=r[0];return r.filter(n=>n===o||n===t||ne.gte(n,ne.inc(e,"minor"))).pop()}function ps(e,t){let r=j(e);C(r,t);let o=`npx cdk deploy -c config=${r}${t.region!=="us-east-1"?" --all":""}`;console.log("> "+o);let n=ls(o,{stdio:"inherit"});if(n.status!==0)throw new Error(`Deploy of ${t.serverImage} failed (exit code ${n.status}): ${n.stderr}`);console.log(n.stdout)}function Ur(){let e=new ds("aws").description("Commands to manage AWS resources");return e.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(br),e.command("list").description("List Medplum AWS CloudFormation stacks").action(Pr),e.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>","The Medplum stack tag").action(Rr),e.command("update-config").alias("deploy-config").description("Update the AWS Parameter Store config values").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--yes","Automatically confirm the update").action(Mr),e.addCommand(g("update-server").alias("deploy-server").description("Update the server image").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").action(_r)),e.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--tar-path [tarPath]","Specifies the path to the extracted tarball of the @medplum/app package.").action(Nr),e.command("update-bucket-policies").description("Update S3 bucket policies").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").action(Dr),e}import{Command as ms}from"commander";var $r=g("save"),jr=g("deploy"),Fr=g("create"),Kr=new ms("bot").addCommand($r).addCommand(jr).addCommand(Fr),St=g("save-bot"),wt=g("deploy-bot"),It=g("create-bot");$r.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Ke(r,e)});jr.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Ke(r,e,!0)});Fr.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").option("--runtime-version <runtimeVersion>","Runtime version (awslambda, vmcontext)").option("--no-write-config","Do not write bot to config").action(async(e,t,r,o,n)=>{let i=await S(n);await nt(i,e,t,r,o,n.runtimeVersion,!!n.writeConfig)});async function Ke(e,t,r=!1){let o=sr(t),n=[],i=[],s=0,u=0;for(let p of o)try{let h=await e.readResource("Bot",p.id);await rt(e,p,h),s++,r&&(await ot(e,p,h),u++)}catch(h){n.push(h),i.push(`${p.name} [${p.id}]`)}if(console.log(`Number of bots saved: ${s}`),console.log(`Number of bots deployed: ${u}`),console.log(`Number of errors: ${n.length}`),n.length)throw new Error(`${n.length} bot(s) had failures. Bots with failures:
6
6
 
7
7
  ${i.join(`
8
- `)}`,{cause:n})}yt.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Fe(r,e)});Et.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Fe(r,e,!0)});St.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,r,o,n)=>{let i=await S(n);await rt(i,e,t,r,o)});import{Command as as}from"commander";import{createReadStream as cs,writeFile as ls}from"node:fs";import{resolve as kr}from"node:path";import{createInterface as us}from"node:readline";var _r=h("export"),Ur=h("import"),$r=new as("bulk").addCommand(_r).addCommand(Ur);_r.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:r,since:o,targetDirectory:n}=e,i=await S(e);(await i.bulkExport(t,r,o,{pollStatusOnAccepted:!0})).output?.forEach(async({type:u,url:p})=>{let g=new URL(p),w=await i.download(p),R=`${u}_${g.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",v=kr(n??"",R);ls(`${v}`,await w.text(),()=>{console.log(`${v} is created`)})})});Ur.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:r,addExtensionsForMissingValues:o,targetDirectory:n}=t,i=kr(n??process.cwd(),e),a=await S(t);await ps(i,parseInt(r,10),a,o)});async function ps(e,t,r,o){let n=[],i=cs(e),a=us({input:i});for await(let u of a){let p=ds(u,o);n.push({resource:p,request:{method:"POST",url:p.resourceType}}),n.length%t===0&&(await Mr(n,r),n=[])}n.length>0&&await Mr(n,r)}async function Mr(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(o=>{$(o.response)})}function ds(e,t){let r=JSON.parse(e);return t?ms(r):r}function ms(e){return e.resourceType==="ExplanationOfBenefit"?fs(e):e}function fs(e){return e.provider||(e.provider=ot()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=ot())}),e}import{formatHl7DateTime as Rs,Hl7Message as Is}from"@medplum/core";import{connect as hs}from"node:net";import{Hl7Message as gs}from"@medplum/core";import{decode as ys,encode as Es}from"iconv-lite";import ws from"node:net";var Fr=class extends EventTarget{addEventListener(e,t,r){super.addEventListener(e,t,r)}removeEventListener(e,t,r){super.removeEventListener(e,t,r)}};var Ss=class extends Event{constructor(e,t){super("message"),this.connection=e,this.message=t}},je=class extends Event{constructor(e){super("error"),this.error=e}},jr=class extends Event{constructor(){super("close")}},Br=class extends Fr{constructor(e,t="utf-8"){super(),this.socket=e,this.encoding=t,this.chunks=[],this.messageQueue=[],e.on("data",r=>{try{if(this.appendData(r),r.at(-2)===28&&r.at(-1)===13){let o=Buffer.concat(this.chunks),n=o.subarray(1,o.length-2),i=ys(n,this.encoding),a=gs.parse(i);this.dispatchEvent(new Ss(this,a)),this.resetBuffer()}}catch(o){this.dispatchEvent(new je(o))}}),e.on("error",r=>{this.resetBuffer(),this.dispatchEvent(new je(r))}),e.on("end",()=>{this.close()}),this.addEventListener("message",r=>{let o=this.messageQueue.shift();if(!o){this.dispatchEvent(new je(new Error(`Received a message when no pending messages were in the queue. Message: ${r.message}`)));return}o.resolve?.(r.message)})}sendImpl(e,t){this.messageQueue.push(t);let r=e.toString(),o=Es(r,this.encoding),n=Buffer.alloc(o.length+3);n.writeInt8(11,0),o.copy(n,1),n.writeInt8(28,o.length+1),n.writeInt8(13,o.length+2),this.socket.write(n)}send(e){this.sendImpl(e,{message:e})}async sendAndWait(e){return new Promise((t,r)=>{let o={message:e,resolve:t,reject:r};this.sendImpl(e,o)})}close(){this.socket.end(),this.socket.destroy(),this.dispatchEvent(new jr)}appendData(e){this.chunks.push(e)}resetBuffer(){this.chunks=[]}},Kr=class extends Fr{constructor(e){super(),this.options=e,this.host=this.options.host,this.port=this.options.port,this.encoding=this.options.encoding,this.keepAlive=this.options.keepAlive??!1}connect(){return this.connection?Promise.resolve(this.connection):new Promise((e,t)=>{let r=hs({host:this.host,port:this.port,keepAlive:this.keepAlive},()=>{let o;this.connection=o=new Br(r,this.encoding),r.off("error",t),o.addEventListener("close",()=>this.dispatchEvent(new jr)),o.addEventListener("error",n=>this.dispatchEvent(new je(n.error))),e(this.connection)});r.on("error",t)})}async send(e){return(await this.connect()).send(e)}async sendAndWait(e){return(await this.connect()).sendAndWait(e)}close(){this.connection&&(this.connection.close(),delete this.connection)}},Wr=class{constructor(e){this.handler=e}start(e,t){let r=ws.createServer(o=>{let n=new Br(o,t);this.handler(n)});r.listen(e),this.server=r}async stop(){return new Promise((e,t)=>{if(!this.server){t(new Error("Stop was called but there is no server running"));return}this.server.close(r=>{if(r){t(r);return}e()}),this.server=void 0})}};import{Command as As}from"commander";import{readFileSync as Cs}from"node:fs";var vs=h("send").description("Send an HL7 v2 message via MLLP").argument("<host>","The destination host name or IP address").argument("<port>","The destination port number").argument("[body]","Optional HL7 message body").option("--generate-example","Generate a sample HL7 message").option("--file <file>","Read the HL7 message from a file").option("--encoding <encoding>","The encoding to use").action(async(e,t,r,o)=>{if(o.generateExample?r=Ps():o.file&&(r=Cs(o.file,"utf8")),!r)throw new Error("Missing HL7 message body");let n=new Kr({host:e,port:Number.parseInt(t,10),encoding:o.encoding});try{let i=await n.sendAndWait(Is.parse(r));console.log(i.toString().replaceAll("\r",`
9
- `))}finally{n.close()}}),Ts=h("listen").description("Starts an HL7 v2 MLLP server").argument("<port>").option("--encoding <encoding>","The encoding to use").action(async(e,t)=>{new Wr(o=>{o.addEventListener("message",({message:n})=>{console.log(n.toString().replaceAll("\r",`
10
- `)),o.send(n.buildAck())})}).start(Number.parseInt(e,10),t.encoding),console.log("Listening on port "+e)}),Hr=new As("hl7").addCommand(vs).addCommand(Ts);function Ps(){let e=Rs(new Date),t=Date.now().toString();return`MSH|^~\\&|ADTSYS|HOSPITAL|RECEIVER|DEST|${e}||ADT^A01|${t}|P|2.5|
8
+ `)}`,{cause:n})}St.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Ke(r,e)});wt.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await Ke(r,e,!0)});It.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,r,o,n)=>{let i=await S(n);await nt(i,e,t,r,o)});import{Command as fs}from"commander";import{createReadStream as hs,writeFile as gs}from"node:fs";import{resolve as Wr}from"node:path";import{createInterface as ys}from"node:readline";var Hr=g("export"),Gr=g("import"),Jr=new fs("bulk").addCommand(Hr).addCommand(Gr);Hr.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:r,since:o,targetDirectory:n}=e,i=await S(e);(await i.bulkExport(t,r,o,{pollStatusOnAccepted:!0})).output?.forEach(async({type:u,url:p})=>{let h=new URL(p),w=await i.download(p),I=`${u}_${h.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",v=Wr(n??"",I);gs(`${v}`,await w.text(),()=>{console.log(`${v} is created`)})})});Gr.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:r,addExtensionsForMissingValues:o,targetDirectory:n}=t,i=Wr(n??process.cwd(),e),s=await S(t);await Es(i,parseInt(r,10),s,o)});async function Es(e,t,r,o){let n=[],i=hs(e),s=ys({input:i});for await(let u of s){let p=Ss(u,o);n.push({resource:p,request:{method:"POST",url:p.resourceType}}),n.length%t===0&&(await Br(n,r),n=[])}n.length>0&&await Br(n,r)}async function Br(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(o=>{$(o.response)})}function Ss(e,t){let r=JSON.parse(e);return t?ws(r):r}function ws(e){return e.resourceType==="ExplanationOfBenefit"?Is(e):e}function Is(e){return e.provider||(e.provider=it()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=it())}),e}import{formatHl7DateTime as Ps,Hl7Message as Os}from"@medplum/core";import{connect as Rs}from"node:net";import{Hl7Message as As}from"@medplum/core";import{decode as Cs,encode as vs}from"iconv-lite";import bs from"node:net";var Vr=class extends EventTarget{addEventListener(e,t,r){super.addEventListener(e,t,r)}removeEventListener(e,t,r){super.removeEventListener(e,t,r)}};var Ts=class extends Event{constructor(e,t){super("message"),this.connection=e,this.message=t}},Be=class extends Event{constructor(e){super("error"),this.error=e}},Xr=class extends Event{constructor(){super("close")}},qr=class extends Vr{constructor(e,t="utf-8"){super(),this.socket=e,this.encoding=t,this.chunks=[],this.messageQueue=[],e.on("data",r=>{try{if(this.appendData(r),r.at(-2)===28&&r.at(-1)===13){let o=Buffer.concat(this.chunks),n=o.subarray(1,o.length-2),i=Cs(n,this.encoding),s=As.parse(i);this.dispatchEvent(new Ts(this,s)),this.resetBuffer()}}catch(o){this.dispatchEvent(new Be(o))}}),e.on("error",r=>{this.resetBuffer(),this.dispatchEvent(new Be(r))}),e.on("end",()=>{this.close()}),this.addEventListener("message",r=>{let o=this.messageQueue.shift();if(!o){this.dispatchEvent(new Be(new Error(`Received a message when no pending messages were in the queue. Message: ${r.message}`)));return}o.resolve?.(r.message)})}sendImpl(e,t){this.messageQueue.push(t);let r=e.toString(),o=vs(r,this.encoding),n=Buffer.alloc(o.length+3);n.writeInt8(11,0),o.copy(n,1),n.writeInt8(28,o.length+1),n.writeInt8(13,o.length+2),this.socket.write(n)}send(e){this.sendImpl(e,{message:e})}async sendAndWait(e){return new Promise((t,r)=>{let o={message:e,resolve:t,reject:r};this.sendImpl(e,o)})}close(){this.socket.end(),this.socket.destroy(),this.dispatchEvent(new Xr)}appendData(e){this.chunks.push(e)}resetBuffer(){this.chunks=[]}},zr=class extends Vr{constructor(e){super(),this.options=e,this.host=this.options.host,this.port=this.options.port,this.encoding=this.options.encoding,this.keepAlive=this.options.keepAlive??!1}connect(){return this.connection?Promise.resolve(this.connection):new Promise((e,t)=>{let r=Rs({host:this.host,port:this.port,keepAlive:this.keepAlive},()=>{let o;this.connection=o=new qr(r,this.encoding),r.off("error",t),o.addEventListener("close",()=>this.dispatchEvent(new Xr)),o.addEventListener("error",n=>this.dispatchEvent(new Be(n.error))),e(this.connection)});r.on("error",t)})}async send(e){return(await this.connect()).send(e)}async sendAndWait(e){return(await this.connect()).sendAndWait(e)}close(){this.connection&&(this.connection.close(),delete this.connection)}},Yr=class{constructor(e){this.handler=e}start(e,t){let r=bs.createServer(o=>{let n=new qr(o,t);this.handler(n)});r.listen(e),this.server=r}async stop(){return new Promise((e,t)=>{if(!this.server){t(new Error("Stop was called but there is no server running"));return}this.server.close(r=>{if(r){t(r);return}e()}),this.server=void 0})}};import{Command as Ns}from"commander";import{readFileSync as Ls}from"node:fs";var xs=g("send").description("Send an HL7 v2 message via MLLP").argument("<host>","The destination host name or IP address").argument("<port>","The destination port number").argument("[body]","Optional HL7 message body").option("--generate-example","Generate a sample HL7 message").option("--file <file>","Read the HL7 message from a file").option("--encoding <encoding>","The encoding to use").action(async(e,t,r,o)=>{if(o.generateExample?r=Ms():o.file&&(r=Ls(o.file,"utf8")),!r)throw new Error("Missing HL7 message body");let n=new zr({host:e,port:Number.parseInt(t,10),encoding:o.encoding});try{let i=await n.sendAndWait(Os.parse(r));console.log(i.toString().replaceAll("\r",`
9
+ `))}finally{n.close()}}),Ds=g("listen").description("Starts an HL7 v2 MLLP server").argument("<port>").option("--encoding <encoding>","The encoding to use").action(async(e,t)=>{new Yr(o=>{o.addEventListener("message",({message:n})=>{console.log(n.toString().replaceAll("\r",`
10
+ `)),o.send(n.buildAck())})}).start(Number.parseInt(e,10),t.encoding),console.log("Listening on port "+e)}),Zr=new Ns("hl7").addCommand(xs).addCommand(Ds);function Ms(){let e=Ps(new Date),t=Date.now().toString();return`MSH|^~\\&|ADTSYS|HOSPITAL|RECEIVER|DEST|${e}||ADT^A01|${t}|P|2.5|
11
11
  EVN|A01|${e}||
12
12
  PID|1|12345|12345^^^HOSP^MR|123456|DOE^JOHN^MIDDLE^SUFFIX|19800101|M|||123 STREET^APT 4B^CITY^ST^12345-6789||555-555-5555||S|
13
- PV1|1|I|2000^2012^01||||12345^DOCTOR^DOC||||||||||1234567^DOCTOR^DOC||AMB|||||||||||||||||||||||||202309280900|`}import{Command as bs}from"commander";import{readdirSync as Os}from"node:fs";import{homedir as Ns}from"node:os";import{resolve as Ls}from"node:path";var Gr=h("set"),Vr=h("remove"),Jr=h("list"),Xr=h("describe"),qr=new bs("profile").addCommand(Gr).addCommand(Vr).addCommand(Jr).addCommand(Xr);Gr.argument("<profileName>","Name of the profile").description("Create a new profile or replace it with the given name and its associated properties").action(async(e,t)=>{Ie(e,t)});Vr.argument("<profileName>","Name of the profile").description("Remove a profile by name").action(async e=>{new x(e).setObject("options",void 0),console.log(`${e} profile removed`)});Jr.description("List all profiles saved").action(async()=>{let e=Ls(Ns(),".medplum"),t=Os(e),r=[];t.forEach(o=>{let n=o.split(".")[0],a=new x(n).getObject("options");a&&r.push({profileName:n,profile:a})}),console.log(r)});Xr.argument("<profileName>","Name of the profile").description("Describes a profile").action(async e=>{let t=tr(e);console.log(t)});import{Command as xs,Option as Ds}from"commander";var zr=h("list"),Yr=h("current"),Zr=h("switch"),Qr=h("invite"),eo=new xs("project").addCommand(zr).addCommand(Yr).addCommand(Zr).addCommand(Qr);zr.description("List of current projects").action(async e=>{let t=await S(e);Ms(t)});function Ms(e){let r=e.getLogins().map(o=>`${o.project.display} (${o.project.reference})`).join(`
13
+ PV1|1|I|2000^2012^01||||12345^DOCTOR^DOC||||||||||1234567^DOCTOR^DOC||AMB|||||||||||||||||||||||||202309280900|`}import{Command as ks}from"commander";import{readdirSync as _s}from"node:fs";import{homedir as Us}from"node:os";import{resolve as $s}from"node:path";var Qr=g("set"),eo=g("remove"),to=g("list"),ro=g("describe"),oo=new ks("profile").addCommand(Qr).addCommand(eo).addCommand(to).addCommand(ro);Qr.argument("<profileName>","Name of the profile").description("Create a new profile or replace it with the given name and its associated properties").action(async(e,t)=>{Ce(e,t)});eo.argument("<profileName>","Name of the profile").description("Remove a profile by name").action(async e=>{new x(e).setObject("options",void 0),console.log(`${e} profile removed`)});to.description("List all profiles saved").action(async()=>{let e=$s(Us(),".medplum"),t=_s(e),r=[];t.forEach(o=>{let n=o.split(".")[0],s=new x(n).getObject("options");s&&r.push({profileName:n,profile:s})}),console.log(r)});ro.argument("<profileName>","Name of the profile").description("Describes a profile").action(async e=>{let t=lr(e);console.log(t)});import{Command as js,Option as Fs}from"commander";var no=g("list"),io=g("current"),so=g("switch"),ao=g("invite"),co=new js("project").addCommand(no).addCommand(io).addCommand(so).addCommand(ao);no.description("List of current projects").action(async e=>{let t=await S(e);Ks(t)});function Ks(e){let r=e.getLogins().map(o=>`${o.project.display} (${o.project.reference})`).join(`
14
14
 
15
- `);console.log(r)}Yr.description("Project you are currently on").action(async e=>{let r=(await S(e)).getActiveLogin();if(!r)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${r.project.display} (${r.project.reference})`)});Zr.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let r=await S(t);await ks(r,e)});Qr.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new Ds("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,r,o)=>{let n=await S(o),i=n.getActiveLogin();if(!i)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!i?.project?.reference)throw new Error("No current project to invite user to");let a=i.project.reference.split("/")[1],u={resourceType:o.role,firstName:e,lastName:t,email:r,sendEmail:!!o.sendEmail,admin:!!o.admin};await _s(a,u,n)});async function ks(e,t){let o=e.getLogins().find(n=>n.project.reference?.includes(t));if(!o)throw new Error(`Project ${t} not found. Make sure you are added as a user to this project`);await e.setActiveLogin(o),console.log(`Switched to project ${t}
16
- `)}async function _s(e,t,r){await r.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}import{convertToTransactionBundle as Us}from"@medplum/core";var wt=h("delete"),Rt=h("get"),It=h("patch"),At=h("post"),Ct=h("put");wt.argument("<url>","Resource/$id").action(async(e,t)=>{let r=await S(t);$(await r.delete(pe(r,e)))});Rt.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let r=await S(t),o=await r.get(pe(r,e));t.asTransaction?$(Us(o)):$(o)});It.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.patch(pe(o,e),vt(t)))});At.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.post(pe(o,e),vt(t)))});Ct.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.put(pe(o,e),vt(t)))});function vt(e){if(e)try{return JSON.parse(e)}catch{return e}}function pe(e,t){return["admin/","auth/","fhir/R4"].some(o=>t.startsWith(o))?t:e.fhirUrl(t).toString()}async function Bs(e){let t=new Fs("medplum").description("Command to access Medplum CLI");t.exitOverride(),t.version($s),t.addCommand(nt),t.addCommand(it),t.addCommand(st),t.addCommand(Rt),t.addCommand(At),t.addCommand(It),t.addCommand(Ct),t.addCommand(wt),t.addCommand(eo),t.addCommand($r),t.addCommand(Dr),t.addCommand(yt),t.addCommand(Et),t.addCommand(St),t.addCommand(qr),t.addCommand(Or()),t.addCommand(Hr);try{await t.parseAsync(e)}catch(r){Ks(r)}}function Ks(e){to(e);let t=e.cause;if(Array.isArray(t))for(let o of t)to(o);let r=1;e instanceof ro&&(r=e.exitCode),process.exit(r)}function to(e){e instanceof ro&&process.stderr.write(`${Tt(e)}
17
- `),process.stderr.write(`Error: ${Tt(e)}
18
- `)}async function Ws(){js.config(),await Bs(process.argv)}Pt.main===module&&Ws().catch(e=>{console.error("Unhandled error:",Tt(e)),process.exit(1)});export{Ks as handleError,Bs as main,Ws as run};
15
+ `);console.log(r)}io.description("Project you are currently on").action(async e=>{let r=(await S(e)).getActiveLogin();if(!r)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${r.project.display} (${r.project.reference})`)});so.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let r=await S(t);await Bs(r,e)});ao.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new Fs("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,r,o)=>{let n=await S(o),i=n.getActiveLogin();if(!i)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!i?.project?.reference)throw new Error("No current project to invite user to");let s=i.project.reference.split("/")[1],u={resourceType:o.role,firstName:e,lastName:t,email:r,sendEmail:!!o.sendEmail,admin:!!o.admin};await Ws(s,u,n)});async function Bs(e,t){let o=e.getLogins().find(n=>n.project.reference?.includes(t));if(!o)throw new Error(`Project ${t} not found. Make sure you are added as a user to this project`);await e.setActiveLogin(o),console.log(`Switched to project ${t}
16
+ `)}async function Ws(e,t,r){await r.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}import{convertToTransactionBundle as Hs}from"@medplum/core";var Rt=g("delete"),At=g("get"),Ct=g("patch"),vt=g("post"),Tt=g("put");Rt.argument("<url>","Resource/$id").action(async(e,t)=>{let r=await S(t);$(await r.delete(me(r,e)))});At.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let r=await S(t),o=await r.get(me(r,e));t.asTransaction?$(Hs(o)):$(o)});Ct.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.patch(me(o,e),bt(t)))});vt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.post(me(o,e),bt(t)))});Tt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);$(await o.put(me(o,e),bt(t)))});function bt(e){if(e)try{return JSON.parse(e)}catch{return e}}function me(e,t){return["admin/","auth/","fhir/R4"].some(o=>t.startsWith(o))?t:e.fhirUrl(t).toString()}async function Xs(e){let t=new Js("medplum").description("Command to access Medplum CLI");t.exitOverride(),t.version(Gs),t.addCommand(st),t.addCommand(at),t.addCommand(ct),t.addCommand(At),t.addCommand(vt),t.addCommand(Ct),t.addCommand(Tt),t.addCommand(Rt),t.addCommand(co),t.addCommand(Jr),t.addCommand(Kr),t.addCommand(St),t.addCommand(wt),t.addCommand(It),t.addCommand(oo),t.addCommand(Ur()),t.addCommand(Zr);try{await t.parseAsync(e)}catch(r){qs(r)}}function qs(e){lo(e);let t=e.cause;if(Array.isArray(t))for(let o of t)lo(o);let r=1;e instanceof uo&&(r=e.exitCode),process.exit(r)}function lo(e){e instanceof uo&&process.stderr.write(`${Pt(e)}
17
+ `),process.stderr.write(`Error: ${Pt(e)}
18
+ `)}async function zs(){Vs.config(),await Xs(process.argv)}Ot.main===module&&zs().catch(e=>{console.error("Unhandled error:",Pt(e)),process.exit(1)});export{qs as handleError,Xs as main,zs as run};
19
19
  //# sourceMappingURL=index.mjs.map