@medplum/cli 3.2.14 → 3.2.15

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@medplum/cli",
-  "version": "3.2.14",
+  "version": "3.2.15",
   "description": "Medplum Command Line Interface",
   "keywords": [
     "medplum",
@@ -42,28 +42,30 @@
     "test": "jest"
   },
   "dependencies": {
-    "@aws-sdk/client-acm": "3.651.1",
-    "@aws-sdk/client-cloudformation": "3.651.1",
-    "@aws-sdk/client-cloudfront": "3.651.1",
-    "@aws-sdk/client-ecs": "3.651.1",
-    "@aws-sdk/client-s3": "3.651.1",
-    "@aws-sdk/client-ssm": "3.651.1",
-    "@aws-sdk/client-sts": "3.651.1",
-    "@aws-sdk/types": "3.649.0",
-    "@medplum/core": "3.2.14",
-    "@medplum/hl7": "3.2.14",
+    "@aws-sdk/client-acm": "3.654.0",
+    "@aws-sdk/client-cloudformation": "3.654.0",
+    "@aws-sdk/client-cloudfront": "3.654.0",
+    "@aws-sdk/client-ecs": "3.654.0",
+    "@aws-sdk/client-s3": "3.654.0",
+    "@aws-sdk/client-ssm": "3.654.0",
+    "@aws-sdk/client-sts": "3.654.0",
+    "@aws-sdk/types": "3.654.0",
+    "@medplum/core": "3.2.15",
+    "@medplum/hl7": "3.2.15",
     "aws-sdk-client-mock": "4.0.1",
     "commander": "12.1.0",
     "dotenv": "16.4.5",
     "fast-glob": "3.3.2",
     "iconv-lite": "0.6.3",
     "node-fetch": "2.7.0",
+    "semver": "7.6.3",
     "tar": "7.4.3"
   },
   "devDependencies": {
-    "@medplum/fhirtypes": "3.2.14",
-    "@medplum/mock": "3.2.14",
-    "@types/node-fetch": "2.6.11"
+    "@medplum/fhirtypes": "3.2.15",
+    "@medplum/mock": "3.2.15",
+    "@types/node-fetch": "2.6.11",
+    "@types/semver": "7.5.8"
   },
   "engines": {
     "node": ">=18.0.0"

package/dist/cjs/index.cjs

@@ -1,19 +0,0 @@
-#!/usr/bin/env node
-"use strict";var un=Object.create;var Se=Object.defineProperty;var pn=Object.getOwnPropertyDescriptor;var dn=Object.getOwnPropertyNames;var mn=Object.getPrototypeOf,fn=Object.prototype.hasOwnProperty;var hn=(e,t,r)=>t in e?Se(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var gn=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),yn=(e,t)=>{for(var r in t)Se(e,r,{get:t[r],enumerable:!0})},er=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of dn(t))!fn.call(e,n)&&n!==r&&Se(e,n,{get:()=>t[n],enumerable:!(o=pn(t,n))||o.enumerable});return e};var N=(e,t,r)=>(r=e!=null?un(mn(e)):{},er(t||!e||!e.__esModule?Se(r,"default",{value:e,enumerable:!0}):r,e)),En=e=>er(Se({},"__esModule",{value:!0}),e);var T=(e,t,r)=>hn(e,typeof t!="symbol"?t+"":t,r);var Ft=gn((d,Hr)=>{"use strict";d=Hr.exports=m;var E;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?E=function(){var e=Array.prototype.slice.call(arguments,0);e.unshift("SEMVER"),console.log.apply(console,e)}:E=function(){};d.SEMVER_SPEC_VERSION="2.0.0";var Ce=256,He=Number.MAX_SAFE_INTEGER||9007199254740991,Dt=16,Hn=Ce-6,pe=d.re=[],y=d.safeRe=[],l=d.src=[],a=d.tokens={},Br=0;function f(e){a[e]=Br++}var kt="[a-zA-Z0-9-]",Mt=[["\\s",1],["\\d",Ce],[kt,Hn]];function Te(e){for(var t=0;t<Mt.length;t++){var r=Mt[t][0],o=Mt[t][1];e=e.split(r+"*").join(r+"{0,"+o+"}").split(r+"+").join(r+"{1,"+o+"}")}return e}f("NUMERICIDENTIFIER");l[a.NUMERICIDENTIFIER]="0|[1-9]\\d*";f("NUMERICIDENTIFIERLOOSE");l[a.NUMERICIDENTIFIERLOOSE]="\\d+";f("NONNUMERICIDENTIFIER");l[a.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+kt+"*";f("MAINVERSION");l[a.MAINVERSION]="("+l[a.NUMERICIDENTIFIER]+")\\.("+l[a.NUMERICIDENTIFIER]+")\\.("+l[a.NUMERICIDENTIFIER]+")";f("MAINVERSIONLOOSE");l[a.MAINVERSIONLOOSE]="("+l[a.NUMERICIDENTIFIERLOOSE]+")\\.("+l[a.NUMERICIDENTIFIERLOOSE]+")\\.("+l[a.NUMERICIDENTIFIERLOOSE]+")";f("PRERELEASEIDENTIFIER");l[a.PRERELEASEIDENTIFIER]="(?:"+l[a.NUMERICIDENTIFIER]+"|"+l[a.NONNUMERICIDENTIFIER]+")";f("PRERELEASEIDENTIFIERLOOSE");l[a.PRERELEASEIDENTIFIERLOOSE]="(?:"+l[a.NUMERICIDENTIFIERLOOSE]+"|"+l[a.NONNUMERICIDENTIFIER]+")";f("PRERELEASE");l[a.PRERELEASE]="(?:-("+l[a.PRERELEASEIDENTIFIER]+"(?:\\."+l[a.PRERELEASEIDENTIFIER]+")*))";f("PRERELEASELOOSE");l[a.PRERELEASELOOSE]="(?:-?("+l[a.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+l[a.PRERELEASEIDENTIFIERLOOSE]+")*))";f("BUILDIDENTIFIER");l[a.BUILDIDENTIFIER]=kt+"+";f("BUILD");l[a.BUILD]="(?:\\+("+l[a.BUILDIDENTIFIER]+"(?:\\."+l[a.BUILDIDENTIFIER]+")*))";f("FULL");f("FULLPLAIN");l[a.FULLPLAIN]="v?"+l[a.MAINVERSION]+l[a.PRERELEASE]+"?"+l[a.BUILD]+"?";l[a.FULL]="^"+l[a.FULLPLAIN]+"$";f("LOOSEPLAIN");l[a.LOOSEPLAIN]="[v=\\s]*"+l[a.MAINVERSIONLOOSE]+l[a.PRERELEASELOOSE]+"?"+l[a.BUILD]+"?";f("LOOSE");l[a.LOOSE]="^"+l[a.LOOSEPLAIN]+"$";f("GTLT");l[a.GTLT]="((?:<|>)?=?)";f("XRANGEIDENTIFIERLOOSE");l[a.XRANGEIDENTIFIERLOOSE]=l[a.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";f("XRANGEIDENTIFIER");l[a.XRANGEIDENTIFIER]=l[a.NUMERICIDENTIFIER]+"|x|X|\\*";f("XRANGEPLAIN");l[a.XRANGEPLAIN]="[v=\\s]*("+l[a.XRANGEIDENTIFIER]+")(?:\\.("+l[a.XRANGEIDENTIFIER]+")(?:\\.("+l[a.XRANGEIDENTIFIER]+")(?:"+l[a.PRERELEASE]+")?"+l[a.BUILD]+"?)?)?";f("XRANGEPLAINLOOSE");l[a.XRANGEPLAINLOOSE]="[v=\\s]*("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+l[a.XRANGEIDENTIFIERLOOSE]+")(?:"+l[a.PRERELEASELOOSE]+")?"+l[a.BUILD]+"?)?)?";f("XRANGE");l[a.XRANGE]="^"+l[a.GTLT]+"\\s*"+l[a.XRANGEPLAIN]+"$";f("XRANGELOOSE");l[a.XRANGELOOSE]="^"+l[a.GTLT]+"\\s*"+l[a.XRANGEPLAINLOOSE]+"$";f("COERCE");l[a.COERCE]="(^|[^\\d])(\\d{1,"+Dt+"})(?:\\.(\\d{1,"+Dt+"}))?(?:\\.(\\d{1,"+Dt+"}))?(?:$|[^\\d])";f("COERCERTL");pe[a.COERCERTL]=new RegExp(l[a.COERCE],"g");y[a.COERCERTL]=new RegExp(Te(l[a.COERCE]),"g");f("LONETILDE");l[a.LONETILDE]="(?:~>?)";f("TILDETRIM");l[a.TILDETRIM]="(\\s*)"+l[a.LONETILDE]+"\\s+";pe[a.TILDETRIM]=new RegExp(l[a.TILDETRIM],"g");y[a.TILDETRIM]=new RegExp(Te(l[a.TILDETRIM]),"g");var Gn="$1~";f("TILDE");l[a.TILDE]="^"+l[a.LONETILDE]+l[a.XRANGEPLAIN]+"$";f("TILDELOOSE");l[a.TILDELOOSE]="^"+l[a.LONETILDE]+l[a.XRANGEPLAINLOOSE]+"$";f("LONECARET");l[a.LONECARET]="(?:\\^)";f("CARETTRIM");l[a.CARETTRIM]="(\\s*)"+l[a.LONECARET]+"\\s+";pe[a.CARETTRIM]=new RegExp(l[a.CARETTRIM],"g");y[a.CARETTRIM]=new RegExp(Te(l[a.CARETTRIM]),"g");var Jn="$1^";f("CARET");l[a.CARET]="^"+l[a.LONECARET]+l[a.XRANGEPLAIN]+"$";f("CARETLOOSE");l[a.CARETLOOSE]="^"+l[a.LONECARET]+l[a.XRANGEPLAINLOOSE]+"$";f("COMPARATORLOOSE");l[a.COMPARATORLOOSE]="^"+l[a.GTLT]+"\\s*("+l[a.LOOSEPLAIN]+")$|^$";f("COMPARATOR");l[a.COMPARATOR]="^"+l[a.GTLT]+"\\s*("+l[a.FULLPLAIN]+")$|^$";f("COMPARATORTRIM");l[a.COMPARATORTRIM]="(\\s*)"+l[a.GTLT]+"\\s*("+l[a.LOOSEPLAIN]+"|"+l[a.XRANGEPLAIN]+")";pe[a.COMPARATORTRIM]=new RegExp(l[a.COMPARATORTRIM],"g");y[a.COMPARATORTRIM]=new RegExp(Te(l[a.COMPARATORTRIM]),"g");var Vn="$1$2$3";f("HYPHENRANGE");l[a.HYPHENRANGE]="^\\s*("+l[a.XRANGEPLAIN]+")\\s+-\\s+("+l[a.XRANGEPLAIN]+")\\s*$";f("HYPHENRANGELOOSE");l[a.HYPHENRANGELOOSE]="^\\s*("+l[a.XRANGEPLAINLOOSE]+")\\s+-\\s+("+l[a.XRANGEPLAINLOOSE]+")\\s*$";f("STAR");l[a.STAR]="(<|>)?=?\\s*\\*";for($=0;$<Br;$++)E($,l[$]),pe[$]||(pe[$]=new RegExp(l[$]),y[$]=new RegExp(Te(l[$])));var $;d.parse=re;function re(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m)return e;if(typeof e!="string"||e.length>Ce)return null;var r=t.loose?y[a.LOOSE]:y[a.FULL];if(!r.test(e))return null;try{return new m(e,t)}catch{return null}}d.valid=Xn;function Xn(e,t){var r=re(e,t);return r?r.version:null}d.clean=qn;function qn(e,t){var r=re(e.trim().replace(/^[=v]+/,""),t);return r?r.version:null}d.SemVer=m;function m(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof m){if(e.loose===t.loose)return e;e=e.version}else if(typeof e!="string")throw new TypeError("Invalid Version: "+e);if(e.length>Ce)throw new TypeError("version is longer than "+Ce+" characters");if(!(this instanceof m))return new m(e,t);E("SemVer",e,t),this.options=t,this.loose=!!t.loose;var r=e.trim().match(t.loose?y[a.LOOSE]:y[a.FULL]);if(!r)throw new TypeError("Invalid Version: "+e);if(this.raw=e,this.major=+r[1],this.minor=+r[2],this.patch=+r[3],this.major>He||this.major<0)throw new TypeError("Invalid major version");if(this.minor>He||this.minor<0)throw new TypeError("Invalid minor version");if(this.patch>He||this.patch<0)throw new TypeError("Invalid patch version");r[4]?this.prerelease=r[4].split(".").map(function(o){if(/^[0-9]+$/.test(o)){var n=+o;if(n>=0&&n<He)return n}return o}):this.prerelease=[],this.build=r[5]?r[5].split("."):[],this.format()}m.prototype.format=function(){return this.version=this.major+"."+this.minor+"."+this.patch,this.prerelease.length&&(this.version+="-"+this.prerelease.join(".")),this.version};m.prototype.toString=function(){return this.version};m.prototype.compare=function(e){return E("SemVer.compare",this.version,this.options,e),e instanceof m||(e=new m(e,this.options)),this.compareMain(e)||this.comparePre(e)};m.prototype.compareMain=function(e){return e instanceof m||(e=new m(e,this.options)),te(this.major,e.major)||te(this.minor,e.minor)||te(this.patch,e.patch)};m.prototype.comparePre=function(e){if(e instanceof m||(e=new m(e,this.options)),this.prerelease.length&&!e.prerelease.length)return-1;if(!this.prerelease.length&&e.prerelease.length)return 1;if(!this.prerelease.length&&!e.prerelease.length)return 0;var t=0;do{var r=this.prerelease[t],o=e.prerelease[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return te(r,o)}while(++t)};m.prototype.compareBuild=function(e){e instanceof m||(e=new m(e,this.options));var t=0;do{var r=this.build[t],o=e.build[t];if(E("prerelease compare",t,r,o),r===void 0&&o===void 0)return 0;if(o===void 0)return 1;if(r===void 0)return-1;if(r===o)continue;return te(r,o)}while(++t)};m.prototype.inc=function(e,t){switch(e){case"premajor":this.prerelease.length=0,this.patch=0,this.minor=0,this.major++,this.inc("pre",t);break;case"preminor":this.prerelease.length=0,this.patch=0,this.minor++,this.inc("pre",t);break;case"prepatch":this.prerelease.length=0,this.inc("patch",t),this.inc("pre",t);break;case"prerelease":this.prerelease.length===0&&this.inc("patch",t),this.inc("pre",t);break;case"major":(this.minor!==0||this.patch!==0||this.prerelease.length===0)&&this.major++,this.minor=0,this.patch=0,this.prerelease=[];break;case"minor":(this.patch!==0||this.prerelease.length===0)&&this.minor++,this.patch=0,this.prerelease=[];break;case"patch":this.prerelease.length===0&&this.patch++,this.prerelease=[];break;case"pre":if(this.prerelease.length===0)this.prerelease=[0];else{for(var r=this.prerelease.length;--r>=0;)typeof this.prerelease[r]=="number"&&(this.prerelease[r]++,r=-2);r===-1&&this.prerelease.push(0)}t&&(this.prerelease[0]===t?isNaN(this.prerelease[1])&&(this.prerelease=[t,0]):this.prerelease=[t,0]);break;default:throw new Error("invalid increment argument: "+e)}return this.format(),this.raw=this.version,this};d.inc=zn;function zn(e,t,r,o){typeof r=="string"&&(o=r,r=void 0);try{return new m(e,r).inc(t,o).version}catch{return null}}d.diff=Yn;function Yn(e,t){if(_t(e,t))return null;var r=re(e),o=re(t),n="";if(r.prerelease.length||o.prerelease.length){n="pre";var i="prerelease"}for(var s in r)if((s==="major"||s==="minor"||s==="patch")&&r[s]!==o[s])return n+s;return i}d.compareIdentifiers=te;var Fr=/^[0-9]+$/;function te(e,t){var r=Fr.test(e),o=Fr.test(t);return r&&o&&(e=+e,t=+t),e===t?0:r&&!o?-1:o&&!r?1:e<t?-1:1}d.rcompareIdentifiers=Zn;function Zn(e,t){return te(t,e)}d.major=Qn;function Qn(e,t){return new m(e,t).major}d.minor=ei;function ei(e,t){return new m(e,t).minor}d.patch=ti;function ti(e,t){return new m(e,t).patch}d.compare=G;function G(e,t,r){return new m(e,r).compare(new m(t,r))}d.compareLoose=ri;function ri(e,t){return G(e,t,!0)}d.compareBuild=oi;function oi(e,t,r){var o=new m(e,r),n=new m(t,r);return o.compare(n)||o.compareBuild(n)}d.rcompare=ni;function ni(e,t,r){return G(t,e,r)}d.sort=ii;function ii(e,t){return e.sort(function(r,o){return d.compareBuild(r,o,t)})}d.rsort=si;function si(e,t){return e.sort(function(r,o){return d.compareBuild(o,r,t)})}d.gt=ve;function ve(e,t,r){return G(e,t,r)>0}d.lt=Ge;function Ge(e,t,r){return G(e,t,r)<0}d.eq=_t;function _t(e,t,r){return G(e,t,r)===0}d.neq=Wr;function Wr(e,t,r){return G(e,t,r)!==0}d.gte=Ut;function Ut(e,t,r){return G(e,t,r)>=0}d.lte=$t;function $t(e,t,r){return G(e,t,r)<=0}d.cmp=Je;function Je(e,t,r,o){switch(t){case"===":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e===r;case"!==":return typeof e=="object"&&(e=e.version),typeof r=="object"&&(r=r.version),e!==r;case"":case"=":case"==":return _t(e,r,o);case"!=":return Wr(e,r,o);case">":return ve(e,r,o);case">=":return Ut(e,r,o);case"<":return Ge(e,r,o);case"<=":return $t(e,r,o);default:throw new TypeError("Invalid operator: "+t)}}d.Comparator=x;function x(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof x){if(e.loose===!!t.loose)return e;e=e.value}if(!(this instanceof x))return new x(e,t);e=e.trim().split(/\s+/).join(" "),E("comparator",e,t),this.options=t,this.loose=!!t.loose,this.parse(e),this.semver===de?this.value="":this.value=this.operator+this.semver.version,E("comp",this)}var de={};x.prototype.parse=function(e){var t=this.options.loose?y[a.COMPARATORLOOSE]:y[a.COMPARATOR],r=e.match(t);if(!r)throw new TypeError("Invalid comparator: "+e);this.operator=r[1]!==void 0?r[1]:"",this.operator==="="&&(this.operator=""),r[2]?this.semver=new m(r[2],this.options.loose):this.semver=de};x.prototype.toString=function(){return this.value};x.prototype.test=function(e){if(E("Comparator.test",e,this.options.loose),this.semver===de||e===de)return!0;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}return Je(e,this.operator,this.semver,this.options)};x.prototype.intersects=function(e,t){if(!(e instanceof x))throw new TypeError("a Comparator is required");(!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1});var r;if(this.operator==="")return this.value===""?!0:(r=new R(e.value,t),Ve(this.value,r,t));if(e.operator==="")return e.value===""?!0:(r=new R(this.value,t),Ve(e.semver,r,t));var o=(this.operator===">="||this.operator===">")&&(e.operator===">="||e.operator===">"),n=(this.operator==="<="||this.operator==="<")&&(e.operator==="<="||e.operator==="<"),i=this.semver.version===e.semver.version,s=(this.operator===">="||this.operator==="<=")&&(e.operator===">="||e.operator==="<="),u=Je(this.semver,"<",e.semver,t)&&(this.operator===">="||this.operator===">")&&(e.operator==="<="||e.operator==="<"),p=Je(this.semver,">",e.semver,t)&&(this.operator==="<="||this.operator==="<")&&(e.operator===">="||e.operator===">");return o||n||i&&s||u||p};d.Range=R;function R(e,t){if((!t||typeof t!="object")&&(t={loose:!!t,includePrerelease:!1}),e instanceof R)return e.loose===!!t.loose&&e.includePrerelease===!!t.includePrerelease?e:new R(e.raw,t);if(e instanceof x)return new R(e.value,t);if(!(this instanceof R))return new R(e,t);if(this.options=t,this.loose=!!t.loose,this.includePrerelease=!!t.includePrerelease,this.raw=e.trim().split(/\s+/).join(" "),this.set=this.raw.split("||").map(function(r){return this.parseRange(r.trim())},this).filter(function(r){return r.length}),!this.set.length)throw new TypeError("Invalid SemVer Range: "+this.raw);this.format()}R.prototype.format=function(){return this.range=this.set.map(function(e){return e.join(" ").trim()}).join("||").trim(),this.range};R.prototype.toString=function(){return this.range};R.prototype.parseRange=function(e){var t=this.options.loose,r=t?y[a.HYPHENRANGELOOSE]:y[a.HYPHENRANGE];e=e.replace(r,gi),E("hyphen replace",e),e=e.replace(y[a.COMPARATORTRIM],Vn),E("comparator trim",e,y[a.COMPARATORTRIM]),e=e.replace(y[a.TILDETRIM],Gn),e=e.replace(y[a.CARETTRIM],Jn),e=e.split(/\s+/).join(" ");var o=t?y[a.COMPARATORLOOSE]:y[a.COMPARATOR],n=e.split(" ").map(function(i){return ci(i,this.options)},this).join(" ").split(/\s+/);return this.options.loose&&(n=n.filter(function(i){return!!i.match(o)})),n=n.map(function(i){return new x(i,this.options)},this),n};R.prototype.intersects=function(e,t){if(!(e instanceof R))throw new TypeError("a Range is required");return this.set.some(function(r){return Kr(r,t)&&e.set.some(function(o){return Kr(o,t)&&r.every(function(n){return o.every(function(i){return n.intersects(i,t)})})})})};function Kr(e,t){for(var r=!0,o=e.slice(),n=o.pop();r&&o.length;)r=o.every(function(i){return n.intersects(i,t)}),n=o.pop();return r}d.toComparators=ai;function ai(e,t){return new R(e,t).set.map(function(r){return r.map(function(o){return o.value}).join(" ").trim().split(" ")})}function ci(e,t){return E("comp",e,t),e=pi(e,t),E("caret",e),e=li(e,t),E("tildes",e),e=mi(e,t),E("xrange",e),e=hi(e,t),E("stars",e),e}function b(e){return!e||e.toLowerCase()==="x"||e==="*"}function li(e,t){return e.trim().split(/\s+/).map(function(r){return ui(r,t)}).join(" ")}function ui(e,t){var r=t.loose?y[a.TILDELOOSE]:y[a.TILDE];return e.replace(r,function(o,n,i,s,u){E("tilde",e,o,n,i,s,u);var p;return b(n)?p="":b(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":b(s)?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":u?(E("replaceTilde pr",u),p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+(+i+1)+".0"):p=">="+n+"."+i+"."+s+" <"+n+"."+(+i+1)+".0",E("tilde return",p),p})}function pi(e,t){return e.trim().split(/\s+/).map(function(r){return di(r,t)}).join(" ")}function di(e,t){E("caret",e,t);var r=t.loose?y[a.CARETLOOSE]:y[a.CARET];return e.replace(r,function(o,n,i,s,u){E("caret",e,o,n,i,s,u);var p;return b(n)?p="":b(i)?p=">="+n+".0.0 <"+(+n+1)+".0.0":b(s)?n==="0"?p=">="+n+"."+i+".0 <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+".0 <"+(+n+1)+".0.0":u?(E("replaceCaret pr",u),n==="0"?i==="0"?p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+i+"."+(+s+1):p=">="+n+"."+i+"."+s+"-"+u+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+s+"-"+u+" <"+(+n+1)+".0.0"):(E("no pr"),n==="0"?i==="0"?p=">="+n+"."+i+"."+s+" <"+n+"."+i+"."+(+s+1):p=">="+n+"."+i+"."+s+" <"+n+"."+(+i+1)+".0":p=">="+n+"."+i+"."+s+" <"+(+n+1)+".0.0"),E("caret return",p),p})}function mi(e,t){return E("replaceXRanges",e,t),e.split(/\s+/).map(function(r){return fi(r,t)}).join(" ")}function fi(e,t){e=e.trim();var r=t.loose?y[a.XRANGELOOSE]:y[a.XRANGE];return e.replace(r,function(o,n,i,s,u,p){E("xRange",e,o,n,i,s,u,p);var h=b(i),w=h||b(s),I=w||b(u),v=I;return n==="="&&v&&(n=""),p=t.includePrerelease?"-0":"",h?n===">"||n==="<"?o="<0.0.0-0":o="*":n&&v?(w&&(s=0),u=0,n===">"?(n=">=",w?(i=+i+1,s=0,u=0):(s=+s+1,u=0)):n==="<="&&(n="<",w?i=+i+1:s=+s+1),o=n+i+"."+s+"."+u+p):w?o=">="+i+".0.0"+p+" <"+(+i+1)+".0.0"+p:I&&(o=">="+i+"."+s+".0"+p+" <"+i+"."+(+s+1)+".0"+p),E("xRange return",o),o})}function hi(e,t){return E("replaceStars",e,t),e.trim().replace(y[a.STAR],"")}function gi(e,t,r,o,n,i,s,u,p,h,w,I,v){return b(r)?t="":b(o)?t=">="+r+".0.0":b(n)?t=">="+r+"."+o+".0":t=">="+t,b(p)?u="":b(h)?u="<"+(+p+1)+".0.0":b(w)?u="<"+p+"."+(+h+1)+".0":I?u="<="+p+"."+h+"."+w+"-"+I:u="<="+u,(t+" "+u).trim()}R.prototype.test=function(e){if(!e)return!1;if(typeof e=="string")try{e=new m(e,this.options)}catch{return!1}for(var t=0;t<this.set.length;t++)if(yi(this.set[t],e,this.options))return!0;return!1};function yi(e,t,r){for(var o=0;o<e.length;o++)if(!e[o].test(t))return!1;if(t.prerelease.length&&!r.includePrerelease){for(o=0;o<e.length;o++)if(E(e[o].semver),e[o].semver!==de&&e[o].semver.prerelease.length>0){var n=e[o].semver;if(n.major===t.major&&n.minor===t.minor&&n.patch===t.patch)return!0}return!1}return!0}d.satisfies=Ve;function Ve(e,t,r){try{t=new R(t,r)}catch{return!1}return t.test(e)}d.maxSatisfying=Ei;function Ei(e,t,r){var o=null,n=null;try{var i=new R(t,r)}catch{return null}return e.forEach(function(s){i.test(s)&&(!o||n.compare(s)===-1)&&(o=s,n=new m(o,r))}),o}d.minSatisfying=Si;function Si(e,t,r){var o=null,n=null;try{var i=new R(t,r)}catch{return null}return e.forEach(function(s){i.test(s)&&(!o||n.compare(s)===1)&&(o=s,n=new m(o,r))}),o}d.minVersion=wi;function wi(e,t){e=new R(e,t);var r=new m("0.0.0");if(e.test(r)||(r=new m("0.0.0-0"),e.test(r)))return r;r=null;for(var o=0;o<e.set.length;++o){var n=e.set[o];n.forEach(function(i){var s=new m(i.semver.version);switch(i.operator){case">":s.prerelease.length===0?s.patch++:s.prerelease.push(0),s.raw=s.format();case"":case">=":(!r||ve(r,s))&&(r=s);break;case"<":case"<=":break;default:throw new Error("Unexpected operation: "+i.operator)}})}return r&&e.test(r)?r:null}d.validRange=Ii;function Ii(e,t){try{return new R(e,t).range||"*"}catch{return null}}d.ltr=Ri;function Ri(e,t,r){return jt(e,t,"<",r)}d.gtr=Ai;function Ai(e,t,r){return jt(e,t,">",r)}d.outside=jt;function jt(e,t,r,o){e=new m(e,o),t=new R(t,o);var n,i,s,u,p;switch(r){case">":n=ve,i=$t,s=Ge,u=">",p=">=";break;case"<":n=Ge,i=Ut,s=ve,u="<",p="<=";break;default:throw new TypeError('Must provide a hilo val of "<" or ">"')}if(Ve(e,t,o))return!1;for(var h=0;h<t.set.length;++h){var w=t.set[h],I=null,v=null;if(w.forEach(function(O){O.semver===de&&(O=new x(">=0.0.0")),I=I||O,v=v||O,n(O.semver,I.semver,o)?I=O:s(O.semver,v.semver,o)&&(v=O)}),I.operator===u||I.operator===p||(!v.operator||v.operator===u)&&i(e,v.semver))return!1;if(v.operator===p&&s(e,v.semver))return!1}return!0}d.prerelease=Ci;function Ci(e,t){var r=re(e,t);return r&&r.prerelease.length?r.prerelease:null}d.intersects=vi;function vi(e,t,r){return e=new R(e,r),t=new R(t,r),e.intersects(t)}d.coerce=Ti;function Ti(e,t){if(e instanceof m)return e;if(typeof e=="number"&&(e=String(e)),typeof e!="string")return null;t=t||{};var r=null;if(!t.rtl)r=e.match(y[a.COERCE]);else{for(var o;(o=y[a.COERCERTL].exec(e))&&(!r||r.index+r[0].length!==e.length);)(!r||o.index+o[0].length!==r.index+r[0].length)&&(r=o),y[a.COERCERTL].lastIndex=o.index+o[1].length+o[2].length;y[a.COERCERTL].lastIndex=-1}return r===null?null:re(r[2]+"."+(r[3]||"0")+"."+(r[4]||"0"),t)}});var ps={};yn(ps,{handleError:()=>cn,main:()=>an,run:()=>ln});module.exports=En(ps);var Ee=require("@medplum/core"),Le=require("commander"),sn=N(require("dotenv"));var M=require("@medplum/core"),kr=require("node:child_process"),_r=require("node:http"),Ur=require("node:os");var or=require("@medplum/core");var tr=require("@medplum/core"),j=require("node:fs"),rr=require("node:os"),ht=require("node:path"),_=class extends tr.ClientStorage{constructor(t){super(),this.dirName=(0,ht.resolve)((0,rr.homedir)(),".medplum"),this.fileName=(0,ht.resolve)(this.dirName,t+".json")}clear(){this.writeFile({})}getString(t){return this.readFile()?.[t]}setString(t,r){let o=this.readFile()??{};r?o[t]=r:delete o[t],this.writeFile(o)}getObject(t){let r=this.getString(t);return r?JSON.parse(r):void 0}setObject(t,r){this.setString(t,r?JSON.stringify(r):void 0)}readFile(){if((0,j.existsSync)(this.fileName))return JSON.parse((0,j.readFileSync)(this.fileName,"utf8"))}writeFile(t){(0,j.existsSync)(this.dirName)||(0,j.mkdirSync)(this.dirName),(0,j.writeFileSync)(this.fileName,JSON.stringify(t,null,2),"utf8")}};async function S(e,t=!0){let r=e.profile??"default",o=new _(r),n=o.getObject("options");if(r!=="default"&&!n)throw new Error(`Profile "${r}" does not exist`);let{baseUrl:i,fhirUrlPath:s,accessToken:u,tokenUrl:p,authorizeUrl:h,clientId:w,clientSecret:I}=Sn(e,o),v=e.fetch??fetch,O=new or.MedplumClient({fetch:v,baseUrl:i,tokenUrl:p,fhirUrlPath:s,authorizeUrl:h,storage:o,onUnauthenticated:wn,verbose:e.verbose});return t&&(u?O.setAccessToken(u):w&&I&&(O.setBasicAuth(w,I),n?.authType!=="basic"&&await O.startClientLogin(w,I))),O}function Sn(e,t){let r=t.getObject("options"),o=e.baseUrl??r?.baseUrl??process.env.MEDPLUM_BASE_URL??"https://api.medplum.com/",n=e.fhirUrlPath??r?.fhirUrlPath??process.env.MEDPLUM_FHIR_URL_PATH,i=e.accessToken??r?.accessToken??process.env.MEDPLUM_CLIENT_ACCESS_TOKEN,s=e.tokenUrl??r?.tokenUrl??process.env.MEDPLUM_TOKEN_URL,u=e.authorizeUrl??r?.authorizeUrl??process.env.MEDPLUM_AUTHORIZE_URL,p=e.clientId??r?.clientId??process.env.MEDPLUM_CLIENT_ID,h=e.clientSecret??r?.clientSecret??process.env.MEDPLUM_CLIENT_SECRET;return{baseUrl:o,fhirUrlPath:n,accessToken:i,tokenUrl:s,authorizeUrl:u,clientId:p,clientSecret:h}}function wn(){console.log("Unauthenticated: run `npx medplum login` to sign in")}var xe=require("commander");function g(e){return new xe.Command(e).option("--client-id <clientId>","FHIR server client id").option("--client-secret <clientSecret>","FHIR server client secret").option("--base-url <baseUrl>","FHIR server base URL, must be absolute").option("--token-url <tokenUrl>","FHIR server token URL, absolute or relative to base URL").option("--authorize-url <authorizeUrl>","FHIR server authorize URL, absolute or relative to base URL").option("--fhir-url, --fhir-url-path <fhirUrlPath>","FHIR server URL, absolute or relative to base URL").option("--scope <scope>","JWT scope").option("--access-token <accessToken>","Access token for token exchange authentication").option("--callback-url <callbackUrl>","Callback URL for authorization code flow").option("--subject <subject>","Subject for JWT authentication").option("--audience <audience>","Audience for JWT authentication").option("--issuer <issuer>","Issuer for JWT authentication").option("--private-key-path <privateKeyPath>","Private key path for JWT assertion").option("-p, --profile <profile>","Profile name").option("-v --verbose","Verbose output").addOption(new xe.Option("--auth-type <authType>","Type of authentication").choices(["basic","client-credentials","authorization-code","jwt-bearer","token-exchange","jwt-assertion"]))}var ee=require("@medplum/core");var ir=require("node:buffer");var Z=new TextEncoder,gt=new TextDecoder,Es=2**32;function nr(...e){let t=e.reduce((n,{length:i})=>n+i,0),r=new Uint8Array(t),o=0;for(let n of e)r.set(n,o),o+=n.length;return r}var De=e=>ir.Buffer.from(e).toString("base64url");var se=class extends Error{constructor(r){super(r);T(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}};var L=class extends se{constructor(){super(...arguments);T(this,"code","ERR_JOSE_NOT_SUPPORTED")}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}};var V=class extends se{constructor(){super(...arguments);T(this,"code","ERR_JWS_INVALID")}static get code(){return"ERR_JWS_INVALID"}},Me=class extends se{constructor(){super(...arguments);T(this,"code","ERR_JWT_INVALID")}static get code(){return"ERR_JWT_INVALID"}};var ar,cr,sr=class extends(cr=se,ar=Symbol.asyncIterator,cr){constructor(){super(...arguments);T(this,ar);T(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");T(this,"message","multiple matching keys found in the JSON Web Key Set")}static get code(){return"ERR_JWKS_MULTIPLE_MATCHING_KEYS"}};var lr=N(require("node:util"),1),ke=e=>lr.types.isKeyObject(e);var ur=N(require("node:crypto"),1),pr=N(require("node:util"),1),Rn=ur.webcrypto,dr=Rn,ae=e=>pr.types.isCryptoKey(e);function F(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function _e(e,t){return e.name===t}function yt(e){return parseInt(e.name.slice(4),10)}function An(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Cn(e,t){if(t.length&&!t.some(r=>e.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(t.length>2){let o=t.pop();r+=`one of ${t.join(", ")}, or ${o}.`}else t.length===2?r+=`one of ${t[0]} or ${t[1]}.`:r+=`${t[0]}.`;throw new TypeError(r)}}function mr(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!_e(e.algorithm,"HMAC"))throw F("HMAC");let o=parseInt(t.slice(2),10);if(yt(e.algorithm.hash)!==o)throw F(`SHA-${o}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!_e(e.algorithm,"RSASSA-PKCS1-v1_5"))throw F("RSASSA-PKCS1-v1_5");let o=parseInt(t.slice(2),10);if(yt(e.algorithm.hash)!==o)throw F(`SHA-${o}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!_e(e.algorithm,"RSA-PSS"))throw F("RSA-PSS");let o=parseInt(t.slice(2),10);if(yt(e.algorithm.hash)!==o)throw F(`SHA-${o}`,"algorithm.hash");break}case"EdDSA":{if(e.algorithm.name!=="Ed25519"&&e.algorithm.name!=="Ed448")throw F("Ed25519 or Ed448");break}case"ES256":case"ES384":case"ES512":{if(!_e(e.algorithm,"ECDSA"))throw F("ECDSA");let o=An(t);if(e.algorithm.namedCurve!==o)throw F(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Cn(e,r)}function fr(e,t,...r){if(r=r.filter(Boolean),r.length>2){let o=r.pop();e+=`one of type ${r.join(", ")}, or ${o}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var we=(e,...t)=>fr("Key must be ",e,...t);function Et(e,t,...r){return fr(`Key for the ${e} algorithm must be `,t,...r)}var St=e=>ke(e)||ae(e),K=["KeyObject"];(globalThis.CryptoKey||dr?.CryptoKey)&&K.push("CryptoKey");var vn=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let o of t){let n=Object.keys(o);if(!r||r.size===0){r=new Set(n);continue}for(let i of n){if(r.has(i))return!1;r.add(i)}}return!0},hr=vn;function Tn(e){return typeof e=="object"&&e!==null}function Ie(e){if(!Tn(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}var wr=require("node:crypto");function X(e){return Ie(e)&&typeof e.kty=="string"}function gr(e){return e.kty!=="oct"&&typeof e.d=="string"}function yr(e){return e.kty!=="oct"&&typeof e.d>"u"}function Er(e){return X(e)&&e.kty==="oct"&&typeof e.k=="string"}var bn=e=>{switch(e){case"prime256v1":return"P-256";case"secp384r1":return"P-384";case"secp521r1":return"P-521";case"secp256k1":return"secp256k1";default:throw new L("Unsupported key curve for this operation")}},Pn=(e,t)=>{let r;if(ae(e))r=wr.KeyObject.from(e);else if(ke(e))r=e;else{if(X(e))return e.crv;throw new TypeError(we(e,...K))}if(r.type==="secret")throw new TypeError('only "private" or "public" type keys can be used for this operation');switch(r.asymmetricKeyType){case"ed25519":case"ed448":return`Ed${r.asymmetricKeyType.slice(2)}`;case"x25519":case"x448":return`X${r.asymmetricKeyType.slice(1)}`;case"ec":{let o=r.asymmetricKeyDetails.namedCurve;return t?o:bn(o)}default:throw new TypeError("Invalid asymmetric key type for this operation")}},Ir=Pn;var Rr=require("node:crypto"),wt=(e,t)=>{let r;try{e instanceof Rr.KeyObject?r=e.asymmetricKeyDetails?.modulusLength:r=Buffer.from(e.n,"base64url").byteLength<<3}catch{}if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)};var ce=e=>e?.[Symbol.toStringTag],It=(e,t,r)=>{if(t.use!==void 0&&t.use!=="sig")throw new TypeError("Invalid key for this operation, when present its use must be sig");if(t.key_ops!==void 0&&t.key_ops.includes?.(r)!==!0)throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);return!0},On=(e,t,r,o)=>{if(!(t instanceof Uint8Array)){if(o&&X(t)){if(Er(t)&&It(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!St(t))throw new TypeError(Et(e,t,...K,"Uint8Array",o?"JSON Web Key":null));if(t.type!=="secret")throw new TypeError(`${ce(t)} instances for symmetric algorithms must be of type "secret"`)}},Nn=(e,t,r,o)=>{if(o&&X(t))switch(r){case"sign":if(gr(t)&&It(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"verify":if(yr(t)&&It(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!St(t))throw new TypeError(Et(e,t,...K,o?"JSON Web Key":null));if(t.type==="secret")throw new TypeError(`${ce(t)} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&t.type==="public")throw new TypeError(`${ce(t)} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&t.type==="public")throw new TypeError(`${ce(t)} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&r==="verify"&&t.type==="private")throw new TypeError(`${ce(t)} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&r==="encrypt"&&t.type==="private")throw new TypeError(`${ce(t)} instances for asymmetric algorithm encryption must be of type "public"`)};function Ar(e,t,r,o){t.startsWith("HS")||t==="dir"||t.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(t)?On(t,r,o,e):Nn(t,r,o,e)}var Bs=Ar.bind(void 0,!1),Cr=Ar.bind(void 0,!0);function Ln(e,t,r,o,n){if(n.crit!==void 0&&o?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!o||o.crit===void 0)return new Set;if(!Array.isArray(o.crit)||o.crit.length===0||o.crit.some(s=>typeof s!="string"||s.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let i;r!==void 0?i=new Map([...Object.entries(r),...t.entries()]):i=t;for(let s of o.crit){if(!i.has(s))throw new L(`Extension Header Parameter "${s}" is not recognized`);if(n[s]===void 0)throw new e(`Extension Header Parameter "${s}" is missing`);if(i.get(s)&&o[s]===void 0)throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`)}return new Set(o.crit)}var vr=Ln;function Rt(e){switch(e){case"PS256":case"RS256":case"ES256":case"ES256K":return"sha256";case"PS384":case"RS384":case"ES384":return"sha384";case"PS512":case"RS512":case"ES512":return"sha512";case"EdDSA":return;default:throw new L(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var Re=require("node:crypto");var xn=new Map([["ES256","P-256"],["ES256K","secp256k1"],["ES384","P-384"],["ES512","P-521"]]);function At(e,t){let r,o,n;if(t instanceof Re.KeyObject)r=t.asymmetricKeyType,o=t.asymmetricKeyDetails;else switch(n=!0,t.kty){case"RSA":r="rsa";break;case"EC":r="ec";break;case"OKP":{if(t.crv==="Ed25519"){r="ed25519";break}if(t.crv==="Ed448"){r="ed448";break}throw new TypeError("Invalid key for this operation, its crv must be Ed25519 or Ed448")}default:throw new TypeError("Invalid key for this operation, its kty must be RSA, OKP, or EC")}let i;switch(e){case"EdDSA":if(!["ed25519","ed448"].includes(r))throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448");break;case"RS256":case"RS384":case"RS512":if(r!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa");wt(t,e);break;case"PS256":case"PS384":case"PS512":if(r==="rsa-pss"){let{hashAlgorithm:s,mgf1HashAlgorithm:u,saltLength:p}=o,h=parseInt(e.slice(-3),10);if(s!==void 0&&(s!==`sha${h}`||u!==s))throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${e}`);if(p!==void 0&&p>h>>3)throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${e}`)}else if(r!=="rsa")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss");wt(t,e),i={padding:Re.constants.RSA_PKCS1_PSS_PADDING,saltLength:Re.constants.RSA_PSS_SALTLEN_DIGEST};break;case"ES256":case"ES256K":case"ES384":case"ES512":{if(r!=="ec")throw new TypeError("Invalid key for this operation, its asymmetricKeyType must be ec");let s=Ir(t),u=xn.get(e);if(s!==u)throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${u}, got ${s}`);i={dsaEncoding:"ieee-p1363"};break}default:throw new L(`alg ${e} is not supported either by JOSE or your javascript runtime`)}return n?{format:"jwk",key:t,...i}:i?{...i,key:t}:t}var Ue=N(require("node:crypto"),1),Tr=require("node:util");function Ct(e){switch(e){case"HS256":return"sha256";case"HS384":return"sha384";case"HS512":return"sha512";default:throw new L(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var le=require("node:crypto");function vt(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(we(t,...K));return(0,le.createSecretKey)(t)}if(t instanceof le.KeyObject)return t;if(ae(t))return mr(t,e,r),le.KeyObject.from(t);if(X(t))return e.startsWith("HS")?(0,le.createSecretKey)(Buffer.from(t.k,"base64url")):t;throw new TypeError(we(t,...K,"Uint8Array","JSON Web Key"))}var Dn=(0,Tr.promisify)(Ue.sign),Mn=async(e,t,r)=>{let o=vt(e,t,"sign");if(e.startsWith("HS")){let n=Ue.createHmac(Ct(e),o);return n.update(r),n.digest()}return Dn(Rt(e),r,At(e,o))},br=Mn;var q=e=>Math.floor(e.getTime()/1e3);var kn=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,$e=e=>{let t=kn.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),o=t[3].toLowerCase(),n;switch(o){case"sec":case"secs":case"second":case"seconds":case"s":n=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":n=Math.round(r*60);break;case"hour":case"hours":case"hr":case"hrs":case"h":n=Math.round(r*3600);break;case"day":case"days":case"d":n=Math.round(r*86400);break;case"week":case"weeks":case"w":n=Math.round(r*604800);break;default:n=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-n:n};var je=class{constructor(t){T(this,"_payload");T(this,"_protectedHeader");T(this,"_unprotectedHeader");if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=t}setProtectedHeader(t){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=t,this}setUnprotectedHeader(t){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=t,this}async sign(t,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new V("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!hr(this._protectedHeader,this._unprotectedHeader))throw new V("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let o={...this._protectedHeader,...this._unprotectedHeader},n=vr(V,new Map([["b64",!0]]),r?.crit,this._protectedHeader,o),i=!0;if(n.has("b64")&&(i=this._protectedHeader.b64,typeof i!="boolean"))throw new V('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:s}=o;if(typeof s!="string"||!s)throw new V('JWS "alg" (Algorithm) Header Parameter missing or invalid');Cr(s,t,"sign");let u=this._payload;i&&(u=Z.encode(De(u)));let p;this._protectedHeader?p=Z.encode(De(JSON.stringify(this._protectedHeader))):p=Z.encode("");let h=nr(p,Z.encode("."),u),w=await br(s,t,h),I={signature:De(w),payload:""};return i&&(I.payload=gt.decode(u)),this._unprotectedHeader&&(I.header=this._unprotectedHeader),this._protectedHeader&&(I.protected=gt.decode(p)),I}};var Fe=class{constructor(t){T(this,"_flattened");this._flattened=new je(t)}setProtectedHeader(t){return this._flattened.setProtectedHeader(t),this}async sign(t,r){let o=await this._flattened.sign(t,r);if(o.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${o.protected}.${o.payload}.${o.signature}`}};function Q(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var Ke=class{constructor(t={}){T(this,"_payload");if(!Ie(t))throw new TypeError("JWT Claims Set MUST be an object");this._payload=t}setIssuer(t){return this._payload={...this._payload,iss:t},this}setSubject(t){return this._payload={...this._payload,sub:t},this}setAudience(t){return this._payload={...this._payload,aud:t},this}setJti(t){return this._payload={...this._payload,jti:t},this}setNotBefore(t){return typeof t=="number"?this._payload={...this._payload,nbf:Q("setNotBefore",t)}:t instanceof Date?this._payload={...this._payload,nbf:Q("setNotBefore",q(t))}:this._payload={...this._payload,nbf:q(new Date)+$e(t)},this}setExpirationTime(t){return typeof t=="number"?this._payload={...this._payload,exp:Q("setExpirationTime",t)}:t instanceof Date?this._payload={...this._payload,exp:Q("setExpirationTime",q(t))}:this._payload={...this._payload,exp:q(new Date)+$e(t)},this}setIssuedAt(t){return typeof t>"u"?this._payload={...this._payload,iat:q(new Date)}:t instanceof Date?this._payload={...this._payload,iat:Q("setIssuedAt",q(t))}:typeof t=="string"?this._payload={...this._payload,iat:Q("setIssuedAt",q(new Date)+$e(t))}:this._payload={...this._payload,iat:Q("setIssuedAt",t)},this}};var Ae=class extends Ke{constructor(){super(...arguments);T(this,"_protectedHeader")}setProtectedHeader(r){return this._protectedHeader=r,this}async sign(r,o){let n=new Fe(Z.encode(JSON.stringify(this._payload)));if(n.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new Me("JWTs MUST NOT use unencoded payload");return n.sign(r,o)}};var ue=require("node:crypto"),z=require("node:fs"),B=require("node:path"),Pr=require("tar");function W(e){console.log(JSON.stringify(e,null,2))}async function Tt(e,t,r){let o=t.source,n=Be(o);if(!n)return;console.log("Saving source code...");let i=await e.createAttachment(n,(0,B.basename)(o),$n(o));console.log("Updating bot...");let s=await e.updateResource({...r,sourceCode:i});console.log("Success! New bot version: "+s.meta?.versionId)}async function bt(e,t,r){let o=t.dist??t.source,n=Be(o);if(!n)return;console.log("Deploying bot...");let i=await e.post(e.fhirUrl("Bot",r.id,"$deploy"),{code:n,filename:(0,B.basename)(o)});console.log("Deploy result: "+i.issue?.[0]?.details?.text)}async function Pt(e,t,r,o,n,i,s){let u={name:t,description:"",runtimeVersion:i},p=await e.post("admin/projects/"+r+"/bot",u),h=await e.readResource("Bot",p.id),w={name:t,id:p.id,source:o,dist:n};await Tt(e,w,h),await bt(e,w,h),console.log(`Success! Bot created: ${h.id}`),s&&_n(w)}function Or(e){let t=new RegExp("^"+Un(e).replace(/\\\*/g,".*")+"$"),r=U()?.bots?.filter(o=>t.test(o.name));return r||[]}function H(e,t){if(t?.file)return t.file;let r=["medplum"];return e&&r.push(e),r.push("config"),t?.server&&r.push("server"),r.push("json"),r.join(".")}function C(e,t){(0,z.writeFileSync)((0,B.resolve)(e),JSON.stringify(t,void 0,2),"utf-8")}function U(e,t){let r=H(e,t),o=Be(r);if(o)return JSON.parse(o)}function Nr(e){let t=Be(H(e,{server:!0}));if(t)return JSON.parse(t)}function Be(e){let t=(0,B.resolve)(e);return(0,z.existsSync)(t)?(0,z.readFileSync)(t,"utf8"):""}function _n(e){let t=U()??{};t.bots||(t.bots=[]),t.bots.push(e),(0,z.writeFileSync)("medplum.config.json",JSON.stringify(t,null,2),"utf8"),console.log(`Bot added to config: ${e.id}`)}function Un(e){return e.replace(/[/\-\\^$*+?.()|[\]{}]/g,"\\$&")}function Lr(e){let o=0,n=0;return(0,Pr.extract)({cwd:e,filter:(i,s)=>{if(o++,o>100)throw new Error("Tar extractor reached max number of files");if(n+=s.size,n>10485760)throw new Error("Tar extractor reached max size");return!0}})}function Ot(){return{url:"http://hl7.org/fhir/StructureDefinition/data-absent-reason",valueCode:"unsupported"}}function $n(e){let t=(0,B.extname)(e).toLowerCase();return[".cjs",".mjs",".js"].includes(t)?ee.ContentType.JAVASCRIPT:[".cts",".mts",".ts"].includes(t)?ee.ContentType.TYPESCRIPT:ee.ContentType.TEXT}function We(e,t){let r=new _(e),o={name:e,...t};return r.setObject("options",o),o}function xr(e){return new _(e).getObject("options")}async function Dr(e,t){let r={typ:"JWT",alg:"HS256"},o=Math.floor(Date.now()/1e3),n={aud:`${t.baseUrl}${t.audience}`,iss:t.issuer,sub:t.subject,nbf:o,iat:o,exp:o+604800},i=(0,ee.encodeBase64)(JSON.stringify(r)),s=(0,ee.encodeBase64)(JSON.stringify(n)),u=`${i}.${s}`,p=(0,ue.createHmac)("sha256",t.clientSecret).update(u).digest("base64url"),h=`${u}.${p}`;await e.startJwtBearerLogin(t.clientId,h,t.scope??"")}async function Mr(e,t){let r=(0,ue.createPrivateKey)((0,z.readFileSync)((0,B.resolve)(t.privateKeyPath))),o=await new Ae({}).setProtectedHeader({alg:"RS384",typ:"JWT"}).setIssuer(t.clientId).setSubject(t.clientId).setAudience(`${t.baseUrl}${t.audience}`).setJti((0,ue.randomBytes)(16).toString("hex")).setIssuedAt().setExpirationTime("5m").sign(r);await e.startJwtAssertionLogin(o)}var $r=M.MEDPLUM_CLI_CLIENT_ID,jr="http://localhost:9615",Nt=g("login"),Lt=g("whoami"),xt=g("token");Nt.action(async e=>{let t=e.profile??"default",r=We(t,e),o=await S(e,!1);await jn(o,r)});Lt.action(async e=>{let t=await S(e);Bn(t)});xt.action(async e=>{let t=await S(e);await t.getProfileAsync();let r=t.getAccessToken();if(!r)throw new Error("Not logged in");console.log("Access token:"),console.log(),console.log(r)});async function jn(e,t){switch(t?.authType??"authorization-code"){case"authorization-code":await Wn(e);break;case"basic":e.setBasicAuth(t.clientId,t.clientSecret);break;case"client-credentials":e.setBasicAuth(t.clientId,t.clientSecret),await e.startClientLogin(t.clientId,t.clientSecret);break;case"jwt-bearer":await Dr(e,t);break;case"jwt-assertion":await Mr(e,t);break}}async function Fn(e){let t=(0,_r.createServer)(async(r,o)=>{let n=new URL(r.url,"http://localhost:9615"),i=n.searchParams.get("code");if(r.method==="OPTIONS"){o.writeHead(200,{Allow:"GET, POST","Content-Type":M.ContentType.TEXT}),o.end("OK");return}if(n.pathname==="/"&&i)try{let s=await e.processCode(i,{clientId:$r,redirectUri:jr});o.writeHead(200,{"Content-Type":M.ContentType.TEXT}),o.end(`Signed in as ${(0,M.getDisplayString)(s)}. You may close this window.`)}catch(s){o.writeHead(400,{"Content-Type":M.ContentType.TEXT}),o.end(`Error: ${(0,M.normalizeErrorString)(s)}`)}finally{t.close()}else o.writeHead(404,{"Content-Type":M.ContentType.TEXT}),o.end("Not found")}).listen(9615)}async function Kn(e){let t=(0,Ur.platform)(),r;switch(t){case"openbsd":case"linux":r=`xdg-open '${e}'`;break;case"darwin":r=`open '${e}'`;break;case"win32":r=`cmd /c start "" "${e}"`;break;default:throw new Error("Unsupported platform: "+t)}(0,kr.exec)(r,(o,n,i)=>{if(o)throw o;if(i)throw new Error("Could not open browser: "+i)})}function Bn(e){let t=e.getActiveLogin();t?(console.log(`Server:  ${e.getBaseUrl()}`),console.log(`Profile: ${t.profile.display} (${t.profile.reference})`),console.log(`Project: ${t.project.display} (${t.project.reference})`)):console.log("Not logged in")}async function Wn(e){await Fn(e);let t=new URL(e.getAuthorizeUrl());t.searchParams.set("client_id",$r),t.searchParams.set("redirect_uri",jr),t.searchParams.set("scope","openid"),t.searchParams.set("response_type","code"),t.searchParams.set("prompt","login"),await Kn(t.toString())}var So=require("commander");var J=require("@aws-sdk/client-cloudformation"),Qe=require("@aws-sdk/client-cloudfront"),Vr=require("@aws-sdk/client-ecs"),Xr=require("@aws-sdk/client-s3"),fe=require("@aws-sdk/client-ssm"),et=require("@aws-sdk/client-sts"),qr=require("@medplum/core"),zr=N(require("node-fetch")),Yr=require("node:fs"),Zr=N(Ft());var Gr=N(require("node:readline")),Xe;function qe(){Xe=Gr.default.createInterface({input:process.stdin,output:process.stdout})}function ze(){Xe.close()}function c(e){Xe.write(e+`
-`)}function A(e){c(`
-`+e+`
-`)}function P(e,t=""){return new Promise(r=>{Xe.question(e+(t?" ("+t+")":"")+" ",o=>{r(o||t.toString())})})}async function Ye(e,t,r=""){let o=e+" ["+t.map(n=>n===r?"("+n+")":n).join("|")+"]";for(;;){let n=await P(o)||r;if(t.includes(n))return n;c("Please choose one of the following options: "+t.join(", "))}}async function me(e,t,r){return parseInt(await Ye(e,t.map(o=>o.toString()),r.toString()),10)}async function oe(e){return(await Ye(e,["y","n"])).toLowerCase()==="y"}async function be(e){if(!await oe(e))throw c("Exiting..."),new Error("User cancelled")}var Ze=new J.CloudFormationClient({}),bi=new Qe.CloudFrontClient({region:"us-east-1"}),ec=new Vr.ECSClient({}),Pe=new Xr.S3Client({}),Pi="medplum:environment";async function Kt(){let e=[],t=(0,J.paginateListStacks)({client:Ze},{StackStatusFilter:["CREATE_COMPLETE","CREATE_FAILED","CREATE_IN_PROGRESS","DELETE_FAILED","DELETE_IN_PROGRESS","IMPORT_COMPLETE","IMPORT_IN_PROGRESS","IMPORT_ROLLBACK_COMPLETE","IMPORT_ROLLBACK_FAILED","IMPORT_ROLLBACK_IN_PROGRESS","REVIEW_IN_PROGRESS","ROLLBACK_COMPLETE","ROLLBACK_FAILED","ROLLBACK_IN_PROGRESS","UPDATE_COMPLETE","UPDATE_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_FAILED","UPDATE_IN_PROGRESS","UPDATE_ROLLBACK_COMPLETE","UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS","UPDATE_ROLLBACK_FAILED","UPDATE_ROLLBACK_IN_PROGRESS"]});for await(let r of t)if(r.StackSummaries)for(let o of r.StackSummaries)e.push(o);return e}async function he(e){let t=await Kt();for(let r of t){let o=r.StackName,n=await Bt(o);if(n?.tag===e)return n}}async function Bt(e){let t={};if(await Jr(Ze,e,t),await Ze.config.region()!=="us-east-1")try{await Jr(new J.CloudFormationClient({region:"us-east-1"}),e+"-us-east-1",t)}catch{}return t}async function Jr(e,t,r){let o=new J.DescribeStacksCommand({StackName:t}),i=(await e.send(o))?.Stacks?.[0],s=i?.Tags?.find(p=>p.Key===Pi);if(!s)return;let u=await e.send(new J.DescribeStackResourcesCommand({StackName:t}));if(u.StackResources){e===Ze&&(r.stack=i,r.tag=s.Value);for(let p of u.StackResources)Oi(p,r)}}function Oi(e,t){e.ResourceType==="AWS::ECS::Cluster"?t.ecsCluster=e:e.ResourceType==="AWS::ECS::Service"?t.ecsService=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("FrontEndAppBucket")?t.appBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("FrontEndAppDistribution")?t.appDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("FrontEndOriginAccessIdentity")?t.appOriginAccessIdentity=e:e.ResourceType==="AWS::S3::Bucket"&&e.LogicalResourceId?.startsWith("StorageStorageBucket")?t.storageBucket=e:e.ResourceType==="AWS::CloudFront::Distribution"&&e.LogicalResourceId?.startsWith("StorageStorageDistribution")?t.storageDistribution=e:e.ResourceType==="AWS::CloudFront::CloudFrontOriginAccessIdentity"&&e.LogicalResourceId?.startsWith("StorageOriginAccessIdentity")&&(t.storageOriginAccessIdentity=e)}function tt(e){console.log(`Medplum Tag:           ${e.tag}`),console.log(`Stack Name:            ${e.stack?.StackName}`),console.log(`Stack ID:              ${e.stack?.StackId}`),console.log(`Status:                ${e.stack?.StackStatus}`),console.log(`ECS Cluster:           ${e.ecsCluster?.PhysicalResourceId}`),console.log(`ECS Service:           ${Ni(e.ecsService)}`),console.log(`App Bucket:            ${e.appBucket?.PhysicalResourceId}`),console.log(`App Distribution:      ${e.appDistribution?.PhysicalResourceId}`),console.log(`App OAI:               ${e.appOriginAccessIdentity?.PhysicalResourceId}`),console.log(`Storage Bucket:        ${e.storageBucket?.PhysicalResourceId}`),console.log(`Storage Distribution:  ${e.storageDistribution?.PhysicalResourceId}`),console.log(`Storage OAI:           ${e.storageOriginAccessIdentity?.PhysicalResourceId}`)}function Ni(e){return e?.PhysicalResourceId?.split("/")?.pop()||""}async function rt(e){let t=await bi.send(new Qe.CreateInvalidationCommand({DistributionId:e,InvalidationBatch:{CallerReference:`invalidate-all-${Date.now()}`,Paths:{Quantity:1,Items:["/*"]}}}));console.log(`Created invalidation with ID: ${t.Invalidation?.Id}`)}async function ot(e){let o=(await(await(0,zr.default)("https://api.github.com/repos/medplum/medplum/releases?per_page=100",{headers:{Accept:"application/vnd.github+json","X-GitHub-Api-Version":"2022-11-28"}})).json()).map(n=>n.tag_name.startsWith("v")?n.tag_name.slice(1):n.tag_name);return o.sort((n,i)=>Zr.compare(i,n)),e?o.slice(0,o.indexOf(e)):o}async function nt(e,t,r){let o=new fe.SSMClient({region:e});for(let[n,i]of Object.entries(r)){let s=t+n,u=i.toString(),p=await Li(o,s);p!==void 0&&p!==u&&(c(`Parameter "${s}" exists with different value.`),await be(`Do you want to overwrite "${s}"?`)),await xi(o,s,u)}}async function Li(e,t){let r=new fe.GetParameterCommand({Name:t,WithDecryption:!0});try{return(await e.send(r)).Parameter?.Value}catch(o){if(o.name==="ParameterNotFound")return;throw o}}async function xi(e,t,r){let o=new fe.PutParameterCommand({Name:t,Value:r,Type:"SecureString",Overwrite:!0});await e.send(o)}function Y(e,t){if(console.log(`Config not found: ${e} (${H(e,t)})`),t){let o=Object.entries(t);if(o.length>0){console.log("Additional options:");for(let[n,i]of o)console.log(`  ${n}: ${i}`)}}console.log();let r=(0,Yr.readdirSync)(".",{withFileTypes:!0});if(r=r.filter(o=>o.isFile()&&o.name.startsWith("medplum.")&&o.name.endsWith(".json")).map(o=>o.name),r.length===0)console.log("No configs found");else{console.log("Available configs:");for(let o of r)console.log(`  ${o.replaceAll("medplum.","").replaceAll(".config","").replaceAll(".server","").replaceAll(".json","").padEnd(40," ")} (${o})`)}}async function ge(e){console.log(`Stack not found: ${e}`),console.log();try{let t=new et.STSClient,r=new et.GetCallerIdentityCommand({}),o=await t.send(r),n=await t.config.region();console.log("AWS Region:        ",n),console.log("AWS Account ID:    ",o.Account),console.log("AWS Account ARN:   ",o.Arn),console.log("AWS User ID:       ",o.UserId)}catch(t){console.log("Warning: Unable to get AWS account ID",(0,qr.normalizeErrorString)(t))}}async function Qr(e){let t=await he(e);if(!t)throw await ge(e),new Error(`Stack not found: ${e}`);tt(t)}var ne=require("@aws-sdk/client-acm"),it=require("@aws-sdk/client-cloudfront"),st=require("@aws-sdk/client-sts"),to=require("@medplum/core"),Oe=require("node:crypto"),ro=require("node:fs");var Di=e=>`${e}DomainName`,oo=e=>`${e}SslCertArn`;async function no(){let e={apiPort:8103,region:"us-east-1"};qe(),A("MEDPLUM"),c("This tool prepares the necessary prerequisites for deploying Medplum in your AWS account."),c(""),c("Most Medplum infrastructure is deployed using the AWS CDK."),c("However, some AWS resources must be created manually, such as email addresses and SSL certificates."),c("This tool will help you create those resources."),c(""),c("Upon completion, this tool will:"),c("  1. Generate a Medplum CDK config file (i.e., medplum.demo.config.json)"),c("  2. Optionally generate an AWS CloudFront signing key"),c("  3. Optionally request SSL certificates from AWS Certificate Manager"),c("  4. Optionally write server config settings to AWS Parameter Store"),c(""),c("The Medplum infra config file is an input to the Medplum CDK."),c("The Medplum CDK will create and manage the necessary AWS resources."),c(""),c("We will ask a series of questions to generate your infra config file."),c("Some questions have predefined options in [square brackets]."),c("Some questions have default values in (parentheses), which you can accept by pressing Enter."),c("Press Ctrl+C at any time to exit.");let t=await Mi(e.region);t||(c("It appears that you do not have AWS credentials configured."),c("AWS credentials are not strictly required, but will enable some additional features."),c("If you intend to use AWS credentials, please configure them now."),await be("Do you want to continue without AWS credentials?")),A("ENVIRONMENT NAME"),c('Medplum deployments have a short environment name such as "prod", "staging", "alice", or "demo".'),c("The environment name is used in multiple places:"),c("  1. As part of config file names (i.e., medplum.demo.config.json)"),c("  2. As the base of CloudFormation stack names (i.e., MedplumDemo)"),c("  3. AWS Parameter Store keys (i.e., /medplum/demo/...)"),e.name=await P("What is your environment name?","demo"),c('Using environment name "'+e.name+'"...'),A("CONFIG FILE"),c("Medplum Infrastructure will create a config file in the current directory.");let r=await P("What is the config file name?",`medplum.${e.name}.config.json`);(0,ro.existsSync)(r)&&(c("Config file already exists."),await be("Do you want to overwrite the config file?")),c('Using config file "'+r+'"...'),C(r,e),A("AWS REGION"),c("Most Medplum resources will be created in a single AWS region."),e.region=await P("Enter your AWS region:","us-east-1"),C(r,e),A("AWS ACCOUNT NUMBER"),c("Medplum Infrastructure will use your AWS account number to create AWS resources."),t&&c("Using the AWS CLI, your current account ID is: "+t),e.accountNumber=await P("What is your AWS account number?",t),C(r,e),A("STACK NAME"),c("Medplum will create a CloudFormation stack to manage AWS resources."),c("AWS CloudFormation stack names ");let o="Medplum"+e.name.charAt(0).toUpperCase()+e.name.slice(1);for(e.stackName=await P("Enter your CloudFormation stack name?",o),C(r,e),A("BASE DOMAIN NAME"),c("Please enter the base domain name for your Medplum deployment."),c(""),c("Medplum deploys multiple subdomains for various services."),c(""),c('For example, "api." for the REST API and "app." for the web application.'),c("The base domain name is the common suffix for all subdomains."),c(""),c('For example, if your base domain name is "example.com",'),c('then the REST API will be "api.example.com".'),c(""),c('The base domain should include the TLD (i.e., ".com", ".org", ".net").'),c(""),c("Note that you must own the base domain, and it must use Route53 DNS.");!e.domainName;)e.domainName=await P("Enter your base domain name:");C(r,e),A("SUPPORT EMAIL"),c("Medplum sends transactional emails to users."),c("For example, emails to new users or for password reset."),c("Medplum will use the support email address to send these emails."),c("Note that you must verify the support email address in SES.");let n=await P("Enter your support email address:");A("API DOMAIN NAME"),c("Medplum deploys a REST API for the backend services."),e.apiDomainName=await P("Enter your REST API domain name:","api."+e.domainName),e.baseUrl=`https://${e.apiDomainName}/`,C(r,e),A("APP DOMAIN NAME"),c("Medplum deploys a web application for the user interface."),e.appDomainName=await P("Enter your web application domain name:","app."+e.domainName),C(r,e),A("STORAGE DOMAIN NAME"),c("Medplum deploys a storage service for file uploads."),e.storageDomainName=await P("Enter your storage domain name:","storage."+e.domainName),C(r,e),A("STORAGE BUCKET"),c("Medplum uses an S3 bucket to store binary content such as file uploads."),c("Medplum will create a the S3 bucket as part of the CloudFormation stack."),e.storageBucketName=await P("Enter your storage bucket name:",e.storageDomainName),C(r,e),A("MAX AVAILABILITY ZONES"),c("Medplum API servers can be deployed in multiple availability zones."),c("This provides redundancy and high availability."),c("However, it also increases the cost of the deployment."),c("If you want to use all availability zones, choose a large number such as 99."),c("If you want to restrict the number, for example to manage EIP limits,"),c("then choose a small number such as 2 or 3."),e.maxAzs=await me("Enter the maximum number of availability zones:",[2,3,99],2),A("DATABASE INSTANCES"),c("Medplum uses a relational database to store data."),c("Medplum can create a new RDS database as part of the CloudFormation stack,"),c("or can set up your own database and enter the database name, username, and password."),await oe("Do you want to create a new RDS database as part of the CloudFormation stack?")?(c("Medplum will create a new RDS database as part of the CloudFormation stack."),c(""),c("If you need high availability, you can choose multiple instances."),c("Use 1 for a single instance, or 2 for a primary and a standby."),e.rdsInstances=await me("Enter the number of database instances:",[1,2],1)):(c("Medplum will not create a new RDS database."),c("Please create a new RDS database and enter the database name, username, and password."),c('Set the AWS Secrets Manager secret ARN in the config file in the "rdsSecretsArn" setting.'),e.rdsSecretsArn="TODO"),C(r,e),A("SERVER INSTANCES"),c("Medplum uses AWS Fargate to run the API servers."),c("Medplum will create a new Fargate cluster as part of the CloudFormation stack."),c("Fargate will automatically scale the number of servers up and down."),c("If you need high availability, you can choose multiple instances."),e.desiredServerCount=await me("Enter the number of server instances:",[1,2,3,4,6,8],1),C(r,e),A("SERVER MEMORY"),c("You can choose the amount of memory for each server instance."),c("The default is 512 MB, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverMemory=await me("Enter the server memory (MB):",[512,1024,2048,4096,8192,16384],512),C(r,e),A("SERVER CPU"),c("You can choose the amount of CPU for each server instance."),c("CPU is expressed as an integer using AWS CPU units"),c("The default is 256, which is sufficient for getting started."),c("Note that only certain CPU units are compatible with memory units."),c('Consult AWS Fargate "Task Definition Parameters" for more information.'),e.serverCpu=await me("Enter the server CPU:",[256,512,1024,2048,4096,8192,16384],256),C(r,e),A("SERVER IMAGE"),c("Medplum uses Docker images for the API servers."),c("You can choose the image to use for the servers."),c("Docker images can be loaded from either Docker Hub or AWS ECR."),c("The default is the latest Medplum release.");let i=(await ot())[0]??"latest";e.serverImage=await P("Enter the server image:",`medplum/medplum-server:${i}`),C(r,e),A("SIGNING KEY"),c("Medplum uses AWS CloudFront Presigned URLs for binary content such as file uploads.");let s=await $i(e.region,e.stackName+"SigningKey");s?(e.signingKeyId=s.keyId,e.storagePublicKey=s.publicKey,C(r,e)):(c("Unable to generate signing key."),c("Please manually create a signing key and enter the key ID and public key in the config file."),c('You must set the "signingKeyId", "signingKey", and "signingKeyPassphrase" settings.')),A("SSL CERTIFICATES"),c("Medplum will now check for existing SSL certificates for the subdomains.");let u=await ki(e.region);c("Found "+u.length+" certificate(s).");for(let{region:h,certName:w}of[{region:e.region,certName:"api"},{region:"us-east-1",certName:"app"},{region:"us-east-1",certName:"storage"}]){c("");let I=await _i(e,u,h,w);e[oo(w)]=I,C(r,e)}A("AWS PARAMETER STORE"),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${e.name}" path.`);let p={port:e.apiPort,baseUrl:e.baseUrl,appBaseUrl:`https://${e.appDomainName}/`,storageBaseUrl:`https://${e.storageDomainName}/binary/`,binaryStorage:`s3:${e.storageBucketName}`,supportEmail:n};if(s&&(p.signingKeyId=s.keyId,p.signingKey=s.privateKey,p.signingKeyPassphrase=s.passphrase),c(JSON.stringify({...p,signingKey:"****",signingKeyPassphrase:"****"},null,2)),await oe("Do you want to store these values in AWS Parameter Store?"))await nt(e.region,`/medplum/${e.name}/`,p);else{let h=H(e.name,{server:!0});C(h,p),c("Skipping AWS Parameter Store."),c(`Writing values to local config file: ${h}`),c("Please add these values to AWS Parameter Store manually.")}A("DONE!"),c("Medplum configuration complete."),c("You can now proceed to deploying the Medplum infrastructure with CDK."),c("Run:"),c(""),c(`    npx cdk bootstrap -c config=${r}`),c(`    npx cdk synth -c config=${r}`),e.region==="us-east-1"?c(`    npx cdk deploy -c config=${r}`):c(`    npx cdk deploy -c config=${r} --all`),c(""),c("See Medplum documentation for more information:"),c(""),c("    https://www.medplum.com/docs/self-hosting/install-on-aws"),c(""),ze()}async function Mi(e){try{let t=new st.STSClient({region:e}),r=new st.GetCallerIdentityCommand({});return(await t.send(r)).Account}catch(t){console.log("Warning: Unable to get AWS account ID",t.message);return}}async function ki(e){let t=await eo(e);if(e!=="us-east-1"){let r=await eo("us-east-1");t.push(...r)}return t}async function eo(e){try{let t=new ne.ACMClient({region:e}),r=new ne.ListCertificatesCommand({MaxItems:1e3});return(await t.send(r)).CertificateSummaryList}catch(t){return console.log("Warning: Unable to list certificates",t.message),[]}}async function _i(e,t,r,o){let n=e[Di(o)],i=t.find(u=>u.CertificateArn?.includes(r)&&u.DomainName===n);if(i)return c(`Found existing certificate for "${n}" in "${r}.`),i.CertificateArn;if(c(`No existing certificate found for "${n}" in "${r}.`),!await oe("Do you want to request a new certificate?"))return c(`Please add your certificate ARN to the config file in the "${oo(o)}" setting.`),"TODO";let s=await Ui(r,n);return c("Certificate ARN: "+s),s}async function Ui(e,t){try{let r=await Ye("Validate certificate using DNS or email validation?",["dns","email"],"dns"),o=new ne.ACMClient({region:e}),n=new ne.RequestCertificateCommand({DomainName:t,ValidationMethod:r.toUpperCase()});return(await o.send(n)).CertificateArn}catch(r){return console.log("Error: Unable to request certificate",r.message),"TODO"}}async function $i(e,t){let r=(0,Oe.randomUUID)(),o=(0,Oe.generateKeyPairSync)("rsa",{modulusLength:2048,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs1",format:"pem",cipher:"aes-256-cbc",passphrase:r}});try{return{keyId:(await new it.CloudFrontClient({region:e}).send(new it.CreatePublicKeyCommand({PublicKeyConfig:{Name:t,CallerReference:(0,Oe.randomUUID)(),EncodedKey:o.publicKey}}))).PublicKey?.Id,publicKey:o.publicKey,privateKey:o.privateKey,passphrase:r}}catch(n){console.log("Error: Unable to create signing key: ",(0,to.normalizeErrorString)(n));return}}async function io(){let e=await Kt();for(let t of e){let r=t.StackName,o=await Bt(r);o&&(tt(o),console.log(""))}}var so=require("@aws-sdk/client-s3"),k=require("@medplum/core"),ao=N(require("fast-glob")),Wt=N(require("node-fetch")),D=require("node:fs"),co=require("node:os"),ie=require("node:path"),lo=require("node:stream/promises");async function uo(e,t){let r=U(e,t);if(!r)throw Y(e,t),new Error(`Config not found: ${e}`);let o=await he(e);if(!o)throw await ge(e),new Error(`Stack not found: ${e}`);let n=o.appBucket;if(!n)throw new Error(`App bucket not found for stack ${e}`);let i;if(t.tarPath)i=t.tarPath;else{let s=t?.toVersion??"latest";i=await Fi("@medplum/app",s)}po(i,{MEDPLUM_BASE_URL:r.baseUrl,MEDPLUM_CLIENT_ID:r.clientId??"",GOOGLE_CLIENT_ID:r.googleClientId??"",RECAPTCHA_SITE_KEY:r.recaptchaSiteKey??"",MEDPLUM_REGISTER_ENABLED:r.registerEnabled?"true":"false"}),await Bi(i,n.PhysicalResourceId,t),o.appDistribution?.PhysicalResourceId&&!t.dryrun&&await rt(o.appDistribution.PhysicalResourceId),console.log("Done")}async function ji(e,t){let r=`https://registry.npmjs.org/${e}/${t}`;return(await(0,Wt.default)(r)).json()}async function Fi(e,t){let o=(await ji(e,t)).dist.tarball,n=(0,D.mkdtempSync)((0,ie.join)((0,co.tmpdir)(),"tarball-"));try{let i=await(0,Wt.default)(o),s=Lr(n);return await(0,lo.pipeline)(i.body,s),(0,ie.join)(n,"package","dist")}catch(i){throw(0,D.rmSync)(n,{recursive:!0,force:!0}),i}}function po(e,t){for(let r of(0,D.readdirSync)(e,{withFileTypes:!0})){let o=(0,ie.join)(e,r.name);r.isDirectory()?po(o,t):r.isFile()&&o.endsWith(".js")&&Ki(o,t)}}function Ki(e,t){let r=(0,D.readFileSync)(e,"utf-8");for(let[o,n]of Object.entries(t))r=r.replaceAll(`__${o}__`,n);(0,D.writeFileSync)(e,r)}async function Bi(e,t,r){let o=[["assets/**/*.css",k.ContentType.CSS,!0],["assets/**/*.css.map",k.ContentType.JSON,!0],["assets/**/*.js",k.ContentType.JAVASCRIPT,!0],["assets/**/*.js.map",k.ContentType.JSON,!0],["assets/**/*.txt",k.ContentType.TEXT,!0],["assets/**/*.ico",k.ContentType.FAVICON,!0],["img/**/*.png",k.ContentType.PNG,!0],["img/**/*.svg",k.ContentType.SVG,!0],["robots.txt",k.ContentType.TEXT,!0],["index.html",k.ContentType.HTML,!1]];for(let n of o)await Wi({rootDir:e,bucketName:t,fileNamePattern:n[0],contentType:n[1],cached:n[2],dryrun:r.dryrun})}async function Wi(e){let t=ao.default.sync(e.fileNamePattern,{cwd:e.rootDir});for(let r of t)await Hi((0,ie.join)(e.rootDir,r),e)}async function Hi(e,t){let r=(0,D.createReadStream)(e),o=e.substring(t.rootDir.length+1).split(ie.sep).join("/"),n={Bucket:t.bucketName,Key:o,Body:r,ContentType:t.contentType,CacheControl:t.cached?"public, max-age=31536000":"no-cache, no-store, must-revalidate"};console.log(`Uploading ${o} to ${t.bucketName}...`),t.dryrun||await Pe.send(new so.PutObjectCommand(n))}var at=require("@aws-sdk/client-s3");async function fo(e,t){if(!U(e,t))throw Y(e,t),new Error(`Config not found: ${e}`);let o=await he(e);if(!o)throw await ge(e),new Error(`Stack not found: ${e}`);await mo("App",o.appBucket,o.appDistribution,o.appOriginAccessIdentity,t),await mo("Storage",o.storageBucket,o.storageDistribution,o.storageOriginAccessIdentity,t),console.log("Done")}async function mo(e,t,r,o,n){if(!t?.PhysicalResourceId)throw new Error(`${e} bucket not found`);if(!r?.PhysicalResourceId)throw new Error(`${e} distribution not found`);if(!o?.PhysicalResourceId)throw new Error(`${e} OAI not found`);let i=t.PhysicalResourceId,s=o.PhysicalResourceId,u=await Gi(i);if(Vi(u,i,s))throw new Error(`${e} bucket already has policy statement`);Xi(u,i,s),console.log(`${e} bucket policy:`),console.log(JSON.stringify(u,void 0,2)),n.dryrun?console.log("Dry run - skipping updates"):(console.log("Updating bucket policy..."),await Ji(i,u),console.log("Bucket policy updated"),console.log("Creating CloudFront invalidation..."),await rt(r.PhysicalResourceId),console.log("CloudFront invalidation created"),console.log(`${e} bucket policy updated`))}async function Gi(e){let t=await Pe.send(new at.GetBucketPolicyCommand({Bucket:e}));return JSON.parse(t.Policy??"{}")}async function Ji(e,t){await Pe.send(new at.PutBucketPolicyCommand({Bucket:e,Policy:JSON.stringify(t)}))}function Vi(e,t,r){return!!e?.Statement?.some(o=>o?.Effect==="Allow"&&o?.Principal?.AWS===`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`&&Array.isArray(o?.Action)&&o?.Action?.includes("s3:GetObject*")&&o?.Action?.includes("s3:GetBucket*")&&o?.Action?.includes("s3:List*")&&Array.isArray(o?.Resource)&&o?.Resource?.includes(`arn:aws:s3:::${t}`)&&o?.Resource?.includes(`arn:aws:s3:::${t}/*`))}function Xi(e,t,r){e.Version||(e.Version="2012-10-17"),e.Statement||(e.Statement=[]),e.Statement.push({Effect:"Allow",Principal:{AWS:`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${r}`},Action:["s3:GetObject*","s3:GetBucket*","s3:List*"],Resource:[`arn:aws:s3:::${t}`,`arn:aws:s3:::${t}/*`]})}async function ho(e,t){try{qe();let r=U(e,t);if(!r)throw Y(e,t),new Error(`Config not found: ${e}`);let o=Nr(e)??{};qi(r,o),Yi(r,o),c("Medplum uses AWS Parameter Store to store sensitive configuration values."),c("These values will be encrypted at rest."),c(`The values will be stored in the "/medplum/${r.name}" path.`),c(JSON.stringify({...o,signingKey:"****",signingKeyPassphrase:"****"},null,2)),(t.yes||await oe("Do you want to store these values in AWS Parameter Store?"))&&await nt(r.region,`/medplum/${r.name}/`,o)}finally{ze()}}function qi(e,t){ct(e.apiPort,t.port,`Infra "apiPort" (${e.apiPort}) does not match server "port" (${t.port})`),ct(e.baseUrl,t.baseUrl,`Infra "baseUrl" (${e.baseUrl}) does not match server "baseUrl" (${t.baseUrl})`),ct(e.appDomainName&&`https://${e.appDomainName}/`,t.appBaseUrl,`Infra "appDomainName" (${e.appDomainName}) does not match server "appBaseUrl" (${t.appBaseUrl})`),ct(e.storageDomainName&&`https://${e.storageDomainName}/binary/`,t.storageBaseUrl,`Infra "storageDomainName" (${e.storageDomainName}) does not match server "storageBaseUrl" (${t.storageBaseUrl})`)}function ct(e,t,r){if(zi(e,t))throw new Error(r)}function zi(e,t){return e!==void 0&&t!==void 0&&e!==t}function Yi(e,t){e.apiPort&&(t.port=e.apiPort),e.baseUrl&&(t.baseUrl=e.baseUrl),e.appDomainName&&(t.appBaseUrl=`https://${e.appDomainName}/`),e.storageDomainName&&(t.storageBaseUrl=`https://${e.storageDomainName}/`)}var yo=require("node:child_process"),ye=N(Ft());async function Eo(e,t){let r=await S(t),o=U(e,t);if(!o)throw console.log(`Configuration file ${H(e)} not found`),Y(e,t),new Error(`Config not found: ${e}`);let n=o.serverImage.lastIndexOf(":"),i=o.serverImage.slice(0,n),s=await Zi(r,o),u=await go(s);for(;u;){if(t.toVersion&&ye.gt(u,t.toVersion)){console.log(`Skipping update to v${u}`);break}console.log(`Performing update to v${u}`),o.serverImage=`${i}:${u}`,Qi(e,o),await r.startAsyncRequest("/admin/super/migrate"),u=await go(u)}}async function Zi(e,t){let r=t.serverImage.lastIndexOf(":"),o=t.serverImage.slice(r+1);if(o==="latest"){o=(await e.get("/healthcheck")).version;let i=o.indexOf("-");i>-1&&(o=o.slice(0,i))}return o}async function go(e,t){let r=await ot(e),o=r[0];return r.filter(n=>n===o||n===t||ye.gte(n,ye.inc(e,"minor"))).pop()}function Qi(e,t){let r=H(e);C(r,t);let o=`npx cdk deploy -c config=${r}${t.region!=="us-east-1"?" --all":""}`;console.log("> "+o);let n=(0,yo.spawnSync)(o,{stdio:"inherit"});if(n.status!==0)throw new Error(`Deploy of ${t.serverImage} failed (exit code ${n.status}): ${n.stderr}`);console.log(n.stdout)}function wo(){let e=new So.Command("aws").description("Commands to manage AWS resources");return e.command("init").description("Initialize a new Medplum AWS CloudFormation stacks").action(no),e.command("list").description("List Medplum AWS CloudFormation stacks").action(io),e.command("describe").description("Describe a Medplum AWS CloudFormation stack by tag").argument("<tag>","The Medplum stack tag").action(Qr),e.command("update-config").alias("deploy-config").description("Update the AWS Parameter Store config values").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--yes","Automatically confirm the update").action(ho),e.addCommand(g("update-server").alias("deploy-server").description("Update the server image").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").action(Eo)),e.command("update-app").alias("deploy-app").description("Update the app site").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--to-version [version]","Specifies the version of the configuration to update. If not specified, the latest version is updated.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").option("--tar-path [tarPath]","Specifies the path to the extracted tarball of the @medplum/app package.").action(uo),e.command("update-bucket-policies").description("Update S3 bucket policies").argument("<tag>","The Medplum stack tag").option("--file [file]","Specifies the config file to use. If not specified, the file is based on the tag.").option("--dryrun","Displays the operations that would be performed using the specified command without actually running them.").action(fo),e}var Io=require("commander");var Ro=g("save"),Ao=g("deploy"),Co=g("create"),vo=new Io.Command("bot").addCommand(Ro).addCommand(Ao).addCommand(Co),Ht=g("save-bot"),Gt=g("deploy-bot"),Jt=g("create-bot");Ro.description("Saving the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await lt(r,e)});Ao.description("Deploy the app to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await lt(r,e,!0)});Co.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creating a bot").option("--runtime-version <runtimeVersion>","Runtime version (awslambda, vmcontext)").option("--no-write-config","Do not write bot to config").action(async(e,t,r,o,n)=>{let i=await S(n);await Pt(i,e,t,r,o,n.runtimeVersion,!!n.writeConfig)});async function lt(e,t,r=!1){let o=Or(t),n=[],i=[],s=0,u=0;for(let p of o)try{let h=await e.readResource("Bot",p.id);await Tt(e,p,h),s++,r&&(await bt(e,p,h),u++)}catch(h){n.push(h),i.push(`${p.name} [${p.id}]`)}if(console.log(`Number of bots saved: ${s}`),console.log(`Number of bots deployed: ${u}`),console.log(`Number of errors: ${n.length}`),n.length)throw new Error(`${n.length} bot(s) had failures. Bots with failures:
-
-    ${i.join(`
-    `)}`,{cause:n})}Ht.description("Saves the bot").argument("<botName>").action(async(e,t)=>{let r=await S(t);await lt(r,e)});Gt.description("Deploy the bot to AWS").argument("<botName>").action(async(e,t)=>{let r=await S(t);await lt(r,e,!0)});Jt.arguments("<botName> <projectId> <sourceFile> <distFile>").description("Creates and saves the bot").action(async(e,t,r,o,n)=>{let i=await S(n);await Pt(i,e,t,r,o)});var bo=require("commander"),ut=require("node:fs"),Vt=require("node:path"),Po=require("node:readline");var Oo=g("export"),No=g("import"),Lo=new bo.Command("bulk").addCommand(Oo).addCommand(No);Oo.option("-e, --export-level <exportLevel>",'Optional export level. Defaults to system level export. "Group/:id" - Group of Patients, "Patient" - All Patients.').option("-t, --types <types>","optional resource types to export").option("-s, --since <since>","optional Resources will be included in the response if their state has changed after the supplied time (e.g. if Resource.meta.lastUpdated is later than the supplied _since time).").option("-d, --target-directory <targetDirectory>","optional target directory to save files from the bulk export operations.").action(async e=>{let{exportLevel:t,types:r,since:o,targetDirectory:n}=e,i=await S(e);(await i.bulkExport(t,r,o,{pollStatusOnAccepted:!0})).output?.forEach(async({type:u,url:p})=>{let h=new URL(p),w=await i.download(p),I=`${u}_${h.pathname}`.replace(/[^a-zA-Z0-9]+/g,"_")+".ndjson",v=(0,Vt.resolve)(n??"",I);(0,ut.writeFile)(`${v}`,await w.text(),()=>{console.log(`${v} is created`)})})});No.argument("<filename>","File Name").option("--num-resources-per-request <numResourcesPerRequest>","optional number of resources to import per batch request. Defaults to 25.","25").option("--add-extensions-for-missing-values","optional flag to add extensions for missing values in a resource",!1).option("-d, --target-directory <targetDirectory>","optional target directory of file to be imported").action(async(e,t)=>{let{numResourcesPerRequest:r,addExtensionsForMissingValues:o,targetDirectory:n}=t,i=(0,Vt.resolve)(n??process.cwd(),e),s=await S(t);await es(i,parseInt(r,10),s,o)});async function es(e,t,r,o){let n=[],i=(0,ut.createReadStream)(e),s=(0,Po.createInterface)({input:i});for await(let u of s){let p=ts(u,o);n.push({resource:p,request:{method:"POST",url:p.resourceType}}),n.length%t===0&&(await To(n,r),n=[])}n.length>0&&await To(n,r)}async function To(e,t){(await t.executeBatch({resourceType:"Bundle",type:"transaction",entry:e})).entry?.forEach(o=>{W(o.response)})}function ts(e,t){let r=JSON.parse(e);return t?rs(r):r}function rs(e){return e.resourceType==="ExplanationOfBenefit"?os(e):e}function os(e){return e.provider||(e.provider=Ot()),e.item?.forEach(t=>{t?.productOrService||(t.productOrService=Ot())}),e}var mt=require("@medplum/core");var Do=require("node:net"),Mo=require("@medplum/core"),dt=require("iconv-lite"),$o=N(require("node:net"),1),xo=class extends EventTarget{addEventListener(e,t,r){super.addEventListener(e,t,r)}removeEventListener(e,t,r){super.removeEventListener(e,t,r)}};var ns=class extends Event{constructor(e,t){super("message"),this.connection=e,this.message=t}},pt=class extends Event{constructor(e){super("error"),this.error=e}},ko=class extends Event{constructor(){super("close")}},_o=class extends xo{constructor(e,t="utf-8"){super(),this.socket=e,this.encoding=t,this.chunks=[],this.messageQueue=[],e.on("data",r=>{try{if(this.appendData(r),r.at(-2)===28&&r.at(-1)===13){let o=Buffer.concat(this.chunks),n=o.subarray(1,o.length-2),i=(0,dt.decode)(n,this.encoding),s=Mo.Hl7Message.parse(i);this.dispatchEvent(new ns(this,s)),this.resetBuffer()}}catch(o){this.dispatchEvent(new pt(o))}}),e.on("error",r=>{this.resetBuffer(),this.dispatchEvent(new pt(r))}),e.on("end",()=>{this.close()}),this.addEventListener("message",r=>{let o=this.messageQueue.shift();if(!o){this.dispatchEvent(new pt(new Error(`Received a message when no pending messages were in the queue. Message: ${r.message}`)));return}o.resolve?.(r.message)})}sendImpl(e,t){this.messageQueue.push(t);let r=e.toString(),o=(0,dt.encode)(r,this.encoding),n=Buffer.alloc(o.length+3);n.writeInt8(11,0),o.copy(n,1),n.writeInt8(28,o.length+1),n.writeInt8(13,o.length+2),this.socket.write(n)}send(e){this.sendImpl(e,{message:e})}async sendAndWait(e){return new Promise((t,r)=>{let o={message:e,resolve:t,reject:r};this.sendImpl(e,o)})}close(){this.socket.end(),this.socket.destroy(),this.dispatchEvent(new ko)}appendData(e){this.chunks.push(e)}resetBuffer(){this.chunks=[]}},Uo=class extends xo{constructor(e){super(),this.options=e,this.host=this.options.host,this.port=this.options.port,this.encoding=this.options.encoding,this.keepAlive=this.options.keepAlive??!1}connect(){return this.connection?Promise.resolve(this.connection):new Promise((e,t)=>{let r=(0,Do.connect)({host:this.host,port:this.port,keepAlive:this.keepAlive},()=>{let o;this.connection=o=new _o(r,this.encoding),r.off("error",t),o.addEventListener("close",()=>this.dispatchEvent(new ko)),o.addEventListener("error",n=>this.dispatchEvent(new pt(n.error))),e(this.connection)});r.on("error",t)})}async send(e){return(await this.connect()).send(e)}async sendAndWait(e){return(await this.connect()).sendAndWait(e)}close(){this.connection&&(this.connection.close(),delete this.connection)}},jo=class{constructor(e){this.handler=e}start(e,t){let r=$o.default.createServer(o=>{let n=new _o(o,t);this.handler(n)});r.listen(e),this.server=r}async stop(){return new Promise((e,t)=>{if(!this.server){t(new Error("Stop was called but there is no server running"));return}this.server.close(r=>{if(r){t(r);return}e()}),this.server=void 0})}};var Fo=require("commander"),Ko=require("node:fs");var is=g("send").description("Send an HL7 v2 message via MLLP").argument("<host>","The destination host name or IP address").argument("<port>","The destination port number").argument("[body]","Optional HL7 message body").option("--generate-example","Generate a sample HL7 message").option("--file <file>","Read the HL7 message from a file").option("--encoding <encoding>","The encoding to use").action(async(e,t,r,o)=>{if(o.generateExample?r=as():o.file&&(r=(0,Ko.readFileSync)(o.file,"utf8")),!r)throw new Error("Missing HL7 message body");let n=new Uo({host:e,port:Number.parseInt(t,10),encoding:o.encoding});try{let i=await n.sendAndWait(mt.Hl7Message.parse(r));console.log(i.toString().replaceAll("\r",`
-`))}finally{n.close()}}),ss=g("listen").description("Starts an HL7 v2 MLLP server").argument("<port>").option("--encoding <encoding>","The encoding to use").action(async(e,t)=>{new jo(o=>{o.addEventListener("message",({message:n})=>{console.log(n.toString().replaceAll("\r",`
-`)),o.send(n.buildAck())})}).start(Number.parseInt(e,10),t.encoding),console.log("Listening on port "+e)}),Bo=new Fo.Command("hl7").addCommand(is).addCommand(ss);function as(){let e=(0,mt.formatHl7DateTime)(new Date),t=Date.now().toString();return`MSH|^~\\&|ADTSYS|HOSPITAL|RECEIVER|DEST|${e}||ADT^A01|${t}|P|2.5|
-EVN|A01|${e}||
-PID|1|12345|12345^^^HOSP^MR|123456|DOE^JOHN^MIDDLE^SUFFIX|19800101|M|||123 STREET^APT 4B^CITY^ST^12345-6789||555-555-5555||S|
-PV1|1|I|2000^2012^01||||12345^DOCTOR^DOC||||||||||1234567^DOCTOR^DOC||AMB|||||||||||||||||||||||||202309280900|`}var Wo=require("commander"),Ho=require("node:fs"),Go=require("node:os"),Jo=require("node:path");var Vo=g("set"),Xo=g("remove"),qo=g("list"),zo=g("describe"),Yo=new Wo.Command("profile").addCommand(Vo).addCommand(Xo).addCommand(qo).addCommand(zo);Vo.argument("<profileName>","Name of the profile").description("Create a new profile or replace it with the given name and its associated properties").action(async(e,t)=>{We(e,t)});Xo.argument("<profileName>","Name of the profile").description("Remove a profile by name").action(async e=>{new _(e).setObject("options",void 0),console.log(`${e} profile removed`)});qo.description("List all profiles saved").action(async()=>{let e=(0,Jo.resolve)((0,Go.homedir)(),".medplum"),t=(0,Ho.readdirSync)(e),r=[];t.forEach(o=>{let n=o.split(".")[0],s=new _(n).getObject("options");s&&r.push({profileName:n,profile:s})}),console.log(r)});zo.argument("<profileName>","Name of the profile").description("Describes a profile").action(async e=>{let t=xr(e);console.log(t)});var ft=require("commander");var Zo=g("list"),Qo=g("current"),en=g("switch"),tn=g("invite"),rn=new ft.Command("project").addCommand(Zo).addCommand(Qo).addCommand(en).addCommand(tn);Zo.description("List of current projects").action(async e=>{let t=await S(e);cs(t)});function cs(e){let r=e.getLogins().map(o=>`${o.project.display} (${o.project.reference})`).join(`
-
-`);console.log(r)}Qo.description("Project you are currently on").action(async e=>{let r=(await S(e)).getActiveLogin();if(!r)throw new Error("Unauthenticated: run `npx medplum login` to login");console.log(`${r.project.display} (${r.project.reference})`)});en.description("Switching to another project from the current one").argument("<projectId>").action(async(e,t)=>{let r=await S(t);await ls(r,e)});tn.description("Invite a member to your current project (run npx medplum project current to confirm)").arguments("<firstName> <lastName> <email>").option("--send-email","If you want to send the email when inviting the user").option("--admin","If the user you are inviting is an admin").addOption(new ft.Option("-r, --role <role>","Role of user").choices(["Practitioner","Patient","RelatedPerson"]).default("Practitioner")).action(async(e,t,r,o)=>{let n=await S(o),i=n.getActiveLogin();if(!i)throw new Error("Unauthenticated: run `npx medplum login` to login");if(!i?.project?.reference)throw new Error("No current project to invite user to");let s=i.project.reference.split("/")[1],u={resourceType:o.role,firstName:e,lastName:t,email:r,sendEmail:!!o.sendEmail,admin:!!o.admin};await us(s,u,n)});async function ls(e,t){let o=e.getLogins().find(n=>n.project.reference?.includes(t));if(!o)throw new Error(`Project ${t} not found. Make sure you are added as a user to this project`);await e.setActiveLogin(o),console.log(`Switched to project ${t}
-`)}async function us(e,t,r){await r.invite(e,t),t.sendEmail&&console.log("Email sent"),console.log("See your users at https://app.medplum.com/admin/users")}var on=require("@medplum/core");var Xt=g("delete"),qt=g("get"),zt=g("patch"),Yt=g("post"),Zt=g("put");Xt.argument("<url>","Resource/$id").action(async(e,t)=>{let r=await S(t);W(await r.delete(Ne(r,e)))});qt.argument("<url>","Resource/$id").option("--as-transaction","Print out the bundle as a transaction type").action(async(e,t)=>{let r=await S(t),o=await r.get(Ne(r,e));t.asTransaction?W((0,on.convertToTransactionBundle)(o)):W(o)});zt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);W(await o.patch(Ne(o,e),Qt(t)))});Yt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);W(await o.post(Ne(o,e),Qt(t)))});Zt.arguments("<url> <body>").action(async(e,t,r)=>{let o=await S(r);W(await o.put(Ne(o,e),Qt(t)))});function Qt(e){if(e)try{return JSON.parse(e)}catch{return e}}function Ne(e,t){return["admin/","auth/","fhir/R4"].some(o=>t.startsWith(o))?t:e.fhirUrl(t).toString()}async function an(e){let t=new Le.Command("medplum").description("Command to access Medplum CLI");t.exitOverride(),t.version(Ee.MEDPLUM_VERSION),t.addCommand(Nt),t.addCommand(Lt),t.addCommand(xt),t.addCommand(qt),t.addCommand(Yt),t.addCommand(zt),t.addCommand(Zt),t.addCommand(Xt),t.addCommand(rn),t.addCommand(Lo),t.addCommand(vo),t.addCommand(Ht),t.addCommand(Gt),t.addCommand(Jt),t.addCommand(Yo),t.addCommand(wo()),t.addCommand(Bo);try{await t.parseAsync(e)}catch(r){cn(r)}}function cn(e){nn(e);let t=e.cause;if(Array.isArray(t))for(let o of t)nn(o);let r=1;e instanceof Le.CommanderError&&(r=e.exitCode),process.exit(r)}function nn(e){e instanceof Le.CommanderError&&process.stderr.write(`${(0,Ee.normalizeErrorString)(e)}
-`),process.stderr.write(`Error: ${(0,Ee.normalizeErrorString)(e)}
-`)}async function ln(){sn.default.config(),await an(process.argv)}require.main===module&&ln().catch(e=>{console.error("Unhandled error:",(0,Ee.normalizeErrorString)(e)),process.exit(1)});0&&(module.exports={handleError,main,run});
-//# sourceMappingURL=index.cjs.map