@openhi/constructs 0.0.0 → 0.0.1

package/lib/index.mjs

@@ -0,0 +1,1120 @@
+import {
+  __commonJS,
+  __toESM
+} from "./chunk-LZOMFHX3.mjs";
+
+// ../config/lib/open-hi-config.js
+var require_open_hi_config = __commonJS({
+  "../config/lib/open-hi-config.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.OPEN_HI_DEPLOYMENT_TARGET_ROLE = exports.OPEN_HI_STAGE = void 0;
+    exports.OPEN_HI_STAGE = {
+      /**
+       * Development environment, typically used for testing and development.
+       */
+      DEV: "dev",
+      /**
+       * Staging environment, used for pre-production testing.
+       */
+      STAGE: "stage",
+      /**
+       * Production environment, used for live deployments.
+       */
+      PROD: "prod"
+    };
+    exports.OPEN_HI_DEPLOYMENT_TARGET_ROLE = {
+      /**
+       * The primary deployment target for this stage (main account/region).
+       * For example, the base DynamoDB region for global tables.
+       */
+      PRIMARY: "primary",
+      /**
+       * A secondary deployment target for this stage (additional account/region).
+       * For example, a replica region for a global DynamoDB table, or another cell in the same region.
+       */
+      SECONDARY: "secondary"
+    };
+  }
+});
+
+// ../config/lib/index.js
+var require_lib = __commonJS({
+  "../config/lib/index.js"(exports) {
+    "use strict";
+    var __createBinding = exports && exports.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports && exports.__exportStar || function(m, exports2) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports2, p)) __createBinding(exports2, m, p);
+    };
+    Object.defineProperty(exports, "__esModule", { value: true });
+    __exportStar(require_open_hi_config(), exports);
+  }
+});
+
+// src/app/open-hi-app.ts
+var import_config2 = __toESM(require_lib());
+import { App } from "aws-cdk-lib";
+
+// src/app/open-hi-environment.ts
+var import_config = __toESM(require_lib());
+import { Stage } from "aws-cdk-lib";
+var OPEN_HI_ENVIRONMENT_SYMBOL = /* @__PURE__ */ Symbol.for(
+  "@openhi/constructs/core.OpenHiEnvironment"
+);
+var OpenHiEnvironment = class _OpenHiEnvironment extends Stage {
+  /**
+   * Creates a new OpenHiEnvironment.
+   */
+  constructor(ohStage, props) {
+    if (props.config.account && props.config.region) {
+      props = {
+        ...props,
+        env: {
+          account: props.config.account,
+          region: props.config.region
+        }
+      };
+    }
+    const stageName = props.deploymentTargetRole === import_config.OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY ? props.deploymentTargetRole : [props.deploymentTargetRole, ohStage.environments.length].join("-");
+    super(ohStage, stageName, {
+      env: props.env ?? ohStage.props.env,
+      ...props
+    });
+    this.ohStage = ohStage;
+    this.props = props;
+    Object.defineProperty(this, OPEN_HI_ENVIRONMENT_SYMBOL, { value: true });
+    this.deploymentTargetRole = props.deploymentTargetRole;
+    this.config = props.config;
+  }
+  /**
+   * Finds the OpenHiEnvironment that contains the given construct.
+   * ```
+   */
+  static of(construct) {
+    return construct.node.scopes.reverse().find(_OpenHiEnvironment.isOpenHiEnvironment);
+  }
+  /**
+   * Type guard to check if a value is an OpenHiEnvironment instance.
+   */
+  static isOpenHiEnvironment(x) {
+    return x !== null && typeof x === "object" && OPEN_HI_ENVIRONMENT_SYMBOL in x;
+  }
+};
+
+// src/app/open-hi-stage.ts
+import { Stage as Stage2 } from "aws-cdk-lib";
+var OPEN_HI_STAGE_SYMBOL = /* @__PURE__ */ Symbol.for("@openhi/constructs/core.OpenHiStage");
+var OpenHiStage = class _OpenHiStage extends Stage2 {
+  /**
+   * Creates a new OpenHiStage instance.
+   */
+  constructor(ohApp, props) {
+    super(ohApp, props.stageType, props);
+    this.ohApp = ohApp;
+    this.props = props;
+    Object.defineProperty(this, OPEN_HI_STAGE_SYMBOL, { value: true });
+    this.stageType = props.stageType;
+  }
+  /**
+   * Finds the OpenHiStage that contains the given construct.
+   */
+  static of(construct) {
+    return construct.node.scopes.reverse().find(_OpenHiStage.isOpenHiStage);
+  }
+  /**
+   * Type guard to check if a value is an OpenHiStage instance.
+   */
+  static isOpenHiStage(x) {
+    return x !== null && typeof x === "object" && OPEN_HI_STAGE_SYMBOL in x;
+  }
+  /**
+   * Gets all OpenHiEnvironment instances contained within this stage.
+   */
+  get environments() {
+    return this.node.children.filter(OpenHiEnvironment.isOpenHiEnvironment);
+  }
+  /**
+   * Gets the primary OpenHiEnvironment for this stage, if one exists.
+   */
+  get primaryEnvironment() {
+    return this.environments.find(
+      (env) => env.deploymentTargetRole === "primary"
+    );
+  }
+  /**
+   * Gets all secondary OpenHiEnvironment instances for this stage.
+   */
+  get secondaryEnvironments() {
+    return this.environments.filter(
+      (env) => env.deploymentTargetRole === "secondary"
+    );
+  }
+};
+
+// src/app/open-hi-app.ts
+var OPEN_HI_APP_SYMBOL = /* @__PURE__ */ Symbol.for("@openhi/constructs/core.OpenHiApp");
+var OpenHiApp = class _OpenHiApp extends App {
+  /**
+   * Finds the OpenHiApp instance that contains the given construct in its
+   * construct tree.
+   */
+  static of(construct) {
+    return construct.node.scopes.reverse().find(_OpenHiApp.isOpenHiApp);
+  }
+  /**
+   * Type guard that checks if a value is an OpenHiApp instance.
+   */
+  static isOpenHiApp(x) {
+    return x !== null && typeof x === "object" && OPEN_HI_APP_SYMBOL in x;
+  }
+  /**
+   * Creates a new OpenHiApp instance.
+   */
+  constructor(props) {
+    super(props);
+    Object.defineProperty(this, OPEN_HI_APP_SYMBOL, { value: true });
+    this.appName = props.appName ?? "openhi";
+    this.config = props.config;
+    Object.values(import_config2.OPEN_HI_STAGE).forEach((stageType) => {
+      if (this.config.deploymentTargets?.[stageType]) {
+        const stage = new OpenHiStage(this, { stageType });
+        if (this.config.deploymentTargets?.[stageType]?.[import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY]) {
+          const envConfig = this.config.deploymentTargets[stageType][import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY];
+          new OpenHiEnvironment(stage, {
+            deploymentTargetRole: import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY,
+            config: envConfig,
+            env: { account: envConfig.account, region: envConfig.region }
+          });
+        }
+        if (this.config.deploymentTargets?.[stageType]?.[import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY]) {
+          this.config.deploymentTargets[stageType][import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY].forEach((envConfig) => {
+            new OpenHiEnvironment(stage, {
+              deploymentTargetRole: import_config2.OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY,
+              config: envConfig,
+              env: { account: envConfig.account, region: envConfig.region }
+            });
+          });
+        }
+      }
+    });
+  }
+  /*****************************************************************************
+   *
+   * Stages
+   *
+   ****************************************************************************/
+  /**
+     * Gets all OpenHiStage instances that are direct children of this app.
+  
+     */
+  get stages() {
+    return this.node.children.filter(OpenHiStage.isOpenHiStage);
+  }
+  /**
+   * Gets the development stage, if it exists.
+   */
+  get devStage() {
+    return this.stages.find((stage) => stage.stageType === import_config2.OPEN_HI_STAGE.DEV);
+  }
+  /**
+   * Gets the staging stage, if it exists.
+   */
+  get stageStage() {
+    return this.stages.find((stage) => stage.stageType === import_config2.OPEN_HI_STAGE.STAGE);
+  }
+  /**
+   * Gets the production stage, if it exists.
+   */
+  get prodStage() {
+    return this.stages.find((stage) => stage.stageType === import_config2.OPEN_HI_STAGE.PROD);
+  }
+  /*****************************************************************************
+   *
+   * Environments
+   *
+   ****************************************************************************/
+  /**
+   * Gets all OpenHiEnvironment instances across all stages in this app.
+   */
+  get environments() {
+    return this.stages.flatMap((stage) => stage.environments);
+  }
+  /**
+   * Gets all primary environments across all stages in this app.
+   */
+  get primaryEnvironments() {
+    return this.environments.filter(
+      (env) => env.deploymentTargetRole === "primary"
+    );
+  }
+  /**
+   * Gets all secondary environments across all stages in this app.
+   */
+  get secondaryEnvironments() {
+    return this.environments.filter(
+      (env) => env.deploymentTargetRole === "secondary"
+    );
+  }
+};
+
+// src/app/open-hi-service.ts
+var import_config3 = __toESM(require_lib());
+import {
+  findGitBranch,
+  findGitRepoName,
+  hashString
+} from "@codedrifters/utils";
+import { RemovalPolicy, Stack, Tags } from "aws-cdk-lib";
+import { paramCase } from "change-case";
+var OPEN_HI_SERVICE_TYPE = {
+  /**
+   * Authentication service.
+   *   *
+   * Only one instance of the auth service should exist per environment.
+   */
+  AUTH: "auth",
+  /**
+   * Root shared core services.
+   *
+   * Only one instance of the core service should exist per environment.
+   */
+  CORE: "core",
+  /**
+   * Rest API service.
+   */
+  REST_API: "rest-api",
+  /**
+   * Global Infrastructure stack (Route53, ACM).
+   */
+  GLOBAL: "global",
+  /**
+   * Data service (DynamoDB, S3, persistence).
+   */
+  DATA: "data"
+};
+var OpenHiService = class extends Stack {
+  /**
+   * Core construct containing shared infrastructure.
+   */
+  // public core: Core;
+  /**
+   * Creates a new OpenHI service stack.
+   *
+   * @param ohEnv - The OpenHI environment (stage) this service belongs to
+   * @param id - Unique identifier for this service stack (e.g., "user-service")
+   * @param props - Optional properties for configuring the service
+   *
+   * @throws {Error} If account and region are not defined in props or environment
+   *
+   */
+  constructor(ohEnv, id, props = {}) {
+    const { account, region } = props.env || ohEnv;
+    if (!account || !region) {
+      throw new Error(
+        "Account and region must be defined in OpenHiServiceProps or OpenHiEnvironment"
+      );
+    }
+    const appName = props.appName ?? ohEnv.ohStage.ohApp.appName ?? "openhi";
+    const repoName = props.repoName ?? findGitRepoName();
+    const defaultReleaseBranch = props.defaultReleaseBranch ?? "main";
+    const branchName = props.branchName ?? (process.env.JEST_WORKER_ID ? "test-branch" : ohEnv.ohStage.stageType === import_config3.OPEN_HI_STAGE.DEV ? findGitBranch() : defaultReleaseBranch);
+    const environmentHash = hashString(
+      [appName, ohEnv.deploymentTargetRole, account, region].join("-"),
+      6
+    );
+    const branchHash = hashString(
+      [appName, ohEnv.deploymentTargetRole, account, region, branchName].join(
+        "-"
+      ),
+      6
+    );
+    const stackHash = hashString(
+      [
+        appName,
+        ohEnv.deploymentTargetRole,
+        account,
+        region,
+        branchName,
+        id
+      ].join("-"),
+      6
+    );
+    const removalPolicy = props.removalPolicy ?? (ohEnv.ohStage.stageType === import_config3.OPEN_HI_STAGE.PROD ? RemovalPolicy.RETAIN : RemovalPolicy.DESTROY);
+    Object.assign(props, { removalPolicy });
+    const description = `OpenHi Service: ${id} [${branchName}] - ${branchHash}`;
+    const hostedZoneId = ohEnv.props.config.hostedZoneId;
+    const zoneName = ohEnv.props.config.zoneName;
+    if (hostedZoneId && zoneName) {
+      props = {
+        ...props,
+        coreProps: {
+          ...props.coreProps
+        }
+      };
+    }
+    super(ohEnv, [branchHash, id, account, region].join("-"), {
+      ...props,
+      description
+    });
+    this.ohEnv = ohEnv;
+    this.props = props;
+    this.serviceId = id;
+    this.removalPolicy = removalPolicy;
+    this.config = props.config ?? ohEnv.props.config;
+    this.serviceType = props.serviceType ?? id;
+    this.deploymentTargetRole = ohEnv.deploymentTargetRole;
+    this.repoName = repoName;
+    this.appName = appName;
+    this.defaultReleaseBranch = defaultReleaseBranch;
+    this.branchName = branchName;
+    this.environmentHash = environmentHash;
+    this.branchHash = branchHash;
+    this.stackHash = stackHash;
+    Tags.of(this).add(`${appName}:repo-name`, repoName.slice(0, 255));
+    Tags.of(this).add(`${appName}:branch-name`, branchName.slice(0, 255));
+    Tags.of(this).add(
+      `${appName}:service-type`,
+      this.serviceType.slice(0, 255)
+    );
+    Tags.of(this).add(
+      `${appName}:stage-type`,
+      ohEnv.ohStage.stageType.slice(0, 255)
+    );
+  }
+  /**
+   * Creates or returns the core construct for shared infrastructure.
+   */
+  /*
+  protected createCore(props: OpenHiServiceProps = {}): Core {
+    if (!this.core) {
+      return new Core(this, props.coreProps);
+    }
+    return this.core;
+  }
+  */
+  /**
+   * DNS prefix for this branche's child zone.
+   */
+  get childZonePrefix() {
+    return paramCase(this.branchName).slice(0, 200);
+  }
+};
+
+// src/components/ssm/discoverable-string-parameter.ts
+import { Tags as Tags2 } from "aws-cdk-lib";
+import {
+  StringParameter
+} from "aws-cdk-lib/aws-ssm";
+var DiscoverableStringParameter = class _DiscoverableStringParameter extends StringParameter {
+  /**
+   * Build a param name based on predictable attributes found in services and
+   * constructs. Used for storage and retrieval of SSM values across services.
+   */
+  static buildParameterName(scope, props) {
+    const stack = OpenHiService.of(scope);
+    return "/" + [
+      props.branchHash ?? stack.branchHash,
+      props.serviceType ?? stack.serviceType,
+      props.account ?? stack.account,
+      props.region ?? stack.region,
+      props.ssmParamName
+    ].join("/").toUpperCase();
+  }
+  /**
+   * Read the string value of an SSM parameter created with DiscoverableStringParameter,
+   * using props that include ssmParamName and optional overrides (e.g. serviceType).
+   */
+  static valueForLookupName(scope, props) {
+    const paramName = _DiscoverableStringParameter.buildParameterName(
+      scope,
+      props
+    );
+    return StringParameter.valueForStringParameter(scope, paramName);
+  }
+  constructor(scope, id, props) {
+    const { ssmParamName, branchHash, serviceType, account, region, ...rest } = props;
+    const parameterName = _DiscoverableStringParameter.buildParameterName(
+      scope,
+      props
+    );
+    super(scope, id, {
+      ...rest,
+      parameterName
+    });
+    const { appName } = OpenHiService.of(scope);
+    Tags2.of(this).add(`${appName}:param-name`, ssmParamName);
+  }
+};
+
+// src/services/open-hi-core-service.ts
+import { Code, Function, Runtime } from "aws-cdk-lib/aws-lambda";
+var OpenHiCoreService = class extends OpenHiService {
+  constructor(ohEnv, props = {}) {
+    props = {
+      ...props
+    };
+    super(ohEnv, OPEN_HI_SERVICE_TYPE.CORE, props);
+    this.props = props;
+    new Function(this, "test-fn", {
+      runtime: Runtime.NODEJS_LATEST,
+      handler: "index.handler",
+      code: Code.fromInline(
+        'exports.handler = async () => { return {statusCode:200, body:"ok"} }'
+      )
+    });
+  }
+};
+
+// src/components/auth.ts
+import { Construct } from "constructs";
+
+// src/components/cognito/core-user-pool.ts
+import {
+  UserPool,
+  VerificationEmailStyle
+} from "aws-cdk-lib/aws-cognito";
+var _CoreUserPool = class _CoreUserPool extends UserPool {
+  static fromConstruct(scope) {
+    const userPoolId = DiscoverableStringParameter.valueForLookupName(scope, {
+      ssmParamName: _CoreUserPool.SSM_PARAM_NAME,
+      serviceType: OPEN_HI_SERVICE_TYPE.AUTH
+    });
+    return UserPool.fromUserPoolId(scope, "user-pool", userPoolId);
+  }
+  constructor(scope, props = {}) {
+    const service = OpenHiService.of(scope);
+    super(scope, "user-pool", {
+      /**
+       * Defaults
+       */
+      selfSignUpEnabled: true,
+      signInAliases: {
+        email: true
+      },
+      userVerification: {
+        emailSubject: "Verify your email!",
+        emailBody: "Your verification code is {####}.",
+        emailStyle: VerificationEmailStyle.CODE
+      },
+      removalPolicy: props.removalPolicy ?? service.removalPolicy,
+      /**
+       * Over-rideable props
+       */
+      ...props,
+      /**
+       * Required
+       */
+      userPoolName: ["core", "user", "pool", service.branchHash].join("-")
+    });
+    new DiscoverableStringParameter(this, "user-pool-param", {
+      ssmParamName: _CoreUserPool.SSM_PARAM_NAME,
+      stringValue: this.userPoolId
+    });
+  }
+};
+/**
+ * Used when storing the User Pool ID in SSM.
+ */
+_CoreUserPool.SSM_PARAM_NAME = "CORE_USER_POOL";
+var CoreUserPool = _CoreUserPool;
+
+// src/components/cognito/core-user-pool-client.ts
+import {
+  UserPoolClient
+} from "aws-cdk-lib/aws-cognito";
+var _CoreUserPoolClient = class _CoreUserPoolClient extends UserPoolClient {
+  static fromConstruct(scope) {
+    const userPoolClientId = DiscoverableStringParameter.valueForLookupName(
+      scope,
+      {
+        ssmParamName: _CoreUserPoolClient.SSM_PARAM_NAME,
+        serviceType: OPEN_HI_SERVICE_TYPE.AUTH
+      }
+    );
+    return UserPoolClient.fromUserPoolClientId(
+      scope,
+      "user-pool-client",
+      userPoolClientId
+    );
+  }
+  constructor(scope, props) {
+    super(scope, "user-pool-client", {
+      /**
+       * Defaults
+       */
+      generateSecret: false,
+      oAuth: {
+        flows: {
+          authorizationCodeGrant: true,
+          implicitCodeGrant: true
+        },
+        callbackUrls: [`https://localhost:3000/oauth/callback`]
+      },
+      /**
+       * Overrideable props
+       */
+      ...props
+    });
+    new DiscoverableStringParameter(this, "user-pool-client-param", {
+      ssmParamName: _CoreUserPoolClient.SSM_PARAM_NAME,
+      stringValue: this.userPoolClientId
+    });
+  }
+};
+/**
+ * Used when storing the User Pool Client ID in SSM.
+ */
+_CoreUserPoolClient.SSM_PARAM_NAME = "CORE_USER_POOL_CLIENT";
+var CoreUserPoolClient = _CoreUserPoolClient;
+
+// src/components/cognito/core-user-pool-domain.ts
+import {
+  UserPoolDomain
+} from "aws-cdk-lib/aws-cognito";
+var _CoreUserPoolDomain = class _CoreUserPoolDomain extends UserPoolDomain {
+  static fromConstruct(scope) {
+    const userPoolDomain = DiscoverableStringParameter.valueForLookupName(
+      scope,
+      {
+        ssmParamName: _CoreUserPoolDomain.SSM_PARAM_NAME,
+        serviceType: OPEN_HI_SERVICE_TYPE.AUTH
+      }
+    );
+    return UserPoolDomain.fromDomainName(
+      scope,
+      "user-pool-domain",
+      userPoolDomain
+    );
+  }
+  constructor(scope, props) {
+    const id = props.cognitoDomain?.domainPrefix ? "cognito-domain" : "custom-domain";
+    super(scope, id, {
+      ...props
+    });
+    new DiscoverableStringParameter(this, "user-pool-domain-param", {
+      ssmParamName: _CoreUserPoolDomain.SSM_PARAM_NAME,
+      stringValue: this.domainName
+    });
+  }
+};
+/**
+ * Used when storing the User Pool Domain in SSM.
+ */
+_CoreUserPoolDomain.SSM_PARAM_NAME = "CORE_USER_POOL_DOMAIN";
+var CoreUserPoolDomain = _CoreUserPoolDomain;
+
+// src/components/cognito/core-user-pool-kms-key.ts
+import { Key } from "aws-cdk-lib/aws-kms";
+var _CoreUserPoolKmsKey = class _CoreUserPoolKmsKey extends Key {
+  static fromConstruct(scope) {
+    const keyArn = DiscoverableStringParameter.valueForLookupName(scope, {
+      ssmParamName: _CoreUserPoolKmsKey.SSM_PARAM_NAME,
+      serviceType: OPEN_HI_SERVICE_TYPE.AUTH
+    });
+    return Key.fromKeyArn(scope, "kms-key", keyArn);
+  }
+  constructor(scope, props = {}) {
+    const service = OpenHiService.of(scope);
+    super(scope, "kms-key", {
+      ...props,
+      // alias: ["alias", "cognito", service.branchHash].join("/"),
+      description: `KMS Key for Cognito User Pool - ${service.branchHash}`,
+      removalPolicy: props.removalPolicy ?? service.removalPolicy
+    });
+    new DiscoverableStringParameter(this, "kms-key-param", {
+      ssmParamName: _CoreUserPoolKmsKey.SSM_PARAM_NAME,
+      stringValue: this.keyArn
+    });
+  }
+};
+/**
+ * Used when storing the KMS Key in SSM.
+ */
+_CoreUserPoolKmsKey.SSM_PARAM_NAME = "CORE_USER_POOL_KMS_KEY";
+var CoreUserPoolKmsKey = _CoreUserPoolKmsKey;
+
+// src/components/auth.ts
+var Auth = class _Auth extends Construct {
+  /**
+   * Returns an Auth instance that uses resources imported from AUTH SSM
+   * parameters. Use this when creating Core or other stacks that consume
+   * auth resources; the Auth stack must be deployed first.
+   *
+   * @param scope - Construct scope (e.g. Core); must be in a stack that has
+   *   access to the same account/region as the deployed Auth stack.
+   */
+  static fromConstruct(scope) {
+    return new _Auth(scope, {});
+  }
+  constructor(scope, props = {}) {
+    super(scope, "auth");
+    const service = OpenHiService.of(this);
+    this.isAuthService = service.serviceType === OPEN_HI_SERVICE_TYPE.AUTH;
+    this.userPoolKmsKey = this.createUserPoolKmsKey();
+    this.userPool = this.createUserPool({
+      ...props.userPoolProps,
+      customSenderKmsKey: this.userPoolKmsKey
+    });
+    this.userPoolClient = this.createUserPoolClient({
+      userPool: this.userPool
+    });
+    this.userPoolDomain = this.createUserPoolDomain({
+      userPool: this.userPool
+    });
+  }
+  /*****************************************************************************
+   *
+   * Auth Support
+   *
+   ****************************************************************************/
+  createUserPoolKmsKey() {
+    return this.isAuthService ? new CoreUserPoolKmsKey(this) : CoreUserPoolKmsKey.fromConstruct(this);
+  }
+  createUserPool(props) {
+    return this.isAuthService ? new CoreUserPool(this, props) : CoreUserPool.fromConstruct(this);
+  }
+  createUserPoolClient(props) {
+    return this.isAuthService ? new CoreUserPoolClient(this, { userPool: props.userPool }) : CoreUserPoolClient.fromConstruct(this);
+  }
+  createUserPoolDomain(props) {
+    const service = OpenHiService.of(this);
+    return this.isAuthService ? new CoreUserPoolDomain(this, {
+      userPool: props.userPool,
+      cognitoDomain: {
+        domainPrefix: `auth-${service.branchHash}`
+      }
+    }) : CoreUserPoolDomain.fromConstruct(this);
+  }
+};
+
+// src/services/open-hi-auth-service.ts
+var OpenHiAuthService = class extends OpenHiService {
+  constructor(ohEnv, props = {}) {
+    super(ohEnv, OPEN_HI_SERVICE_TYPE.AUTH, props);
+    this.props = props;
+    this.auth = new Auth(this, props.authProps);
+  }
+};
+
+// src/components/global.ts
+import {
+  CertificateValidation
+} from "aws-cdk-lib/aws-certificatemanager";
+import { Construct as Construct3 } from "constructs";
+
+// src/components/acm/root-wildcard-certificate.ts
+import {
+  Certificate
+} from "aws-cdk-lib/aws-certificatemanager";
+import { StringParameter as StringParameter2 } from "aws-cdk-lib/aws-ssm";
+var _RootWildcardCertificate = class _RootWildcardCertificate extends Certificate {
+  /**
+   * Using a special name here since this will be shared and used among many
+   * stacks and services.
+   */
+  static ssmParameterName() {
+    return "/" + ["GLOBAL", _RootWildcardCertificate.SSM_PARAM_NAME].join("/").toUpperCase();
+  }
+  static fromConstruct(scope) {
+    const certificateArn = StringParameter2.valueForStringParameter(
+      scope,
+      _RootWildcardCertificate.ssmParameterName()
+    );
+    return Certificate.fromCertificateArn(
+      scope,
+      "wildcard-certificate",
+      certificateArn
+    );
+  }
+  constructor(scope, props) {
+    super(scope, "root-wildcard-certificate", { ...props });
+    new StringParameter2(this, "wildcard-cert-param", {
+      parameterName: _RootWildcardCertificate.ssmParameterName(),
+      stringValue: this.certificateArn
+    });
+  }
+};
+/**
+ * Used when storing the Certificate ARN in SSM.
+ */
+_RootWildcardCertificate.SSM_PARAM_NAME = "ROOT_WILDCARD_CERT_ARN";
+var RootWildcardCertificate = _RootWildcardCertificate;
+
+// src/components/route-53/child-hosted-zone.ts
+import { Duration } from "aws-cdk-lib";
+import {
+  HostedZone,
+  NsRecord
+} from "aws-cdk-lib/aws-route53";
+var _ChildHostedZone = class _ChildHostedZone extends HostedZone {
+  static fromConstruct(scope, props) {
+    const hostedZoneId = DiscoverableStringParameter.valueForLookupName(scope, {
+      ssmParamName: _ChildHostedZone.SSM_PARAM_NAME,
+      serviceType: props.serviceType ?? OPEN_HI_SERVICE_TYPE.GLOBAL
+    });
+    return HostedZone.fromHostedZoneAttributes(scope, "child-zone", {
+      hostedZoneId,
+      zoneName: props.zoneName
+    });
+  }
+  constructor(scope, id, props) {
+    super(scope, id, { ...props });
+    new NsRecord(this, "child-ns-record", {
+      zone: props.parentHostedZone,
+      recordName: this.zoneName,
+      values: this.hostedZoneNameServers || [],
+      ttl: Duration.minutes(5)
+    });
+    new DiscoverableStringParameter(this, "child-zone-param", {
+      ssmParamName: _ChildHostedZone.SSM_PARAM_NAME,
+      stringValue: this.hostedZoneId,
+      description: "Route53 child hosted zone ID."
+    });
+  }
+};
+/**
+ * Used when storing the API ID in SSM.
+ */
+_ChildHostedZone.SSM_PARAM_NAME = "CHILDHOSTEDZONE";
+var ChildHostedZone = _ChildHostedZone;
+
+// src/components/route-53/root-hosted-zone.ts
+import {
+  HostedZone as HostedZone2
+} from "aws-cdk-lib/aws-route53";
+import { Construct as Construct2 } from "constructs";
+var RootHostedZone = class extends Construct2 {
+  static fromConstruct(scope, props) {
+    return HostedZone2.fromHostedZoneAttributes(scope, "root-zone", {
+      hostedZoneId: props.hostedZoneId,
+      zoneName: props.zoneName
+    });
+  }
+};
+
+// src/components/global.ts
+var Global = class extends Construct3 {
+  constructor(scope, id, props) {
+    super(scope, id);
+    this.props = props;
+    const { rootHostedZoneAttributes, childHostedZoneAttributes } = props;
+    const service = OpenHiService.of(this);
+    this.rootHostedZone = RootHostedZone.fromConstruct(
+      this,
+      rootHostedZoneAttributes
+    );
+    if (childHostedZoneAttributes) {
+      this.childHostedZone = new ChildHostedZone(this, "child-zone", {
+        parentHostedZone: this.rootHostedZone,
+        zoneName: childHostedZoneAttributes.zoneName
+      });
+    }
+    if (service.branchName === "main") {
+      this.rootWildcardCertificate = new RootWildcardCertificate(this, {
+        domainName: `*.${this.rootHostedZone.zoneName}`,
+        subjectAlternativeNames: [this.rootHostedZone.zoneName],
+        validation: CertificateValidation.fromDns(this.rootHostedZone)
+      });
+    } else {
+      this.rootWildcardCertificate = RootWildcardCertificate.fromConstruct(this);
+    }
+  }
+};
+
+// src/services/open-hi-global-service.ts
+var OpenHiGlobalService = class extends OpenHiService {
+  constructor(ohEnv, props = {}) {
+    super(ohEnv, OPEN_HI_SERVICE_TYPE.GLOBAL, props);
+    const { config } = props;
+    if (!config) {
+      throw new Error("Config is required");
+    }
+    if (!config.zoneName) {
+      throw new Error("Zone name is required to import the root zone");
+    }
+    if (!config.hostedZoneId) {
+      throw new Error("Hosted zone ID is required to import the root zone");
+    }
+    this.global = new Global(this, "global", {
+      rootHostedZoneAttributes: {
+        zoneName: config.zoneName,
+        hostedZoneId: config.hostedZoneId
+      }
+      /*
+      childHostedZoneAttributes: {
+        zoneName: `${this.childZonePrefix}.${config.zoneName}`,
+        hostedZoneId: config.hostedZoneId,
+      },
+      */
+    });
+  }
+};
+
+// src/services/open-hi-rest-api-service.ts
+import {
+  DomainName,
+  HttpMethod,
+  HttpRoute,
+  HttpRouteKey
+} from "aws-cdk-lib/aws-apigatewayv2";
+import { HttpLambdaIntegration } from "aws-cdk-lib/aws-apigatewayv2-integrations";
+import { ARecord, HostedZone as HostedZone3, RecordTarget } from "aws-cdk-lib/aws-route53";
+import { ApiGatewayv2DomainProperties } from "aws-cdk-lib/aws-route53-targets";
+
+// src/components/api-gateway/core-http-api.ts
+import { HttpApi } from "aws-cdk-lib/aws-apigatewayv2";
+var _CoreHttpApi = class _CoreHttpApi extends HttpApi {
+  static fromConstruct(scope) {
+    const httpApiId = DiscoverableStringParameter.valueForLookupName(scope, {
+      ssmParamName: _CoreHttpApi.SSM_PARAM_NAME,
+      serviceType: OPEN_HI_SERVICE_TYPE.REST_API
+    });
+    return HttpApi.fromHttpApiAttributes(scope, "http-api", {
+      httpApiId
+    });
+  }
+  constructor(scope, props = {}) {
+    const stack = OpenHiService.of(scope);
+    super(scope, "http-api", {
+      /**
+       * User provided props
+       */
+      ...props,
+      /**
+       * Required
+       */
+      apiName: ["core", "http", "api", stack.branchHash].join("-")
+    });
+    new DiscoverableStringParameter(this, "http-api-url-param", {
+      ssmParamName: _CoreHttpApi.SSM_PARAM_NAME,
+      serviceType: OPEN_HI_SERVICE_TYPE.REST_API,
+      stringValue: this.httpApiId
+    });
+  }
+};
+/**
+ * Used when storing the API ID in SSM.
+ */
+_CoreHttpApi.SSM_PARAM_NAME = "CORE_HTTP_API";
+var CoreHttpApi = _CoreHttpApi;
+
+// src/components/dynamodb/dynamo-db-data-store.ts
+import {
+  AttributeType,
+  BillingMode,
+  ProjectionType,
+  Table
+} from "aws-cdk-lib/aws-dynamodb";
+function getDynamoDbDataStoreTableName(scope) {
+  const stack = OpenHiService.of(scope);
+  return `data-store-${stack.branchHash}`;
+}
+var DynamoDbDataStore = class extends Table {
+  /**
+   * Import the data store table by name for use in another stack (e.g. data
+   * service or Lambda). Uses the same naming as {@link getDynamoDbDataStoreTableName}.
+   */
+  static fromConstruct(scope, id = "dynamo-db-data-store") {
+    return Table.fromTableName(scope, id, getDynamoDbDataStoreTableName(scope));
+  }
+  constructor(scope, id, props = {}) {
+    const service = OpenHiService.of(scope);
+    super(scope, id, {
+      ...props,
+      tableName: getDynamoDbDataStoreTableName(scope),
+      partitionKey: {
+        name: "PK",
+        type: AttributeType.STRING
+      },
+      sortKey: {
+        name: "SK",
+        type: AttributeType.STRING
+      },
+      billingMode: BillingMode.PAY_PER_REQUEST,
+      removalPolicy: props.removalPolicy ?? service.removalPolicy
+    });
+    this.addGlobalSecondaryIndex({
+      indexName: "GSI1",
+      partitionKey: {
+        name: "GSI1PK",
+        type: AttributeType.STRING
+      },
+      sortKey: {
+        name: "GSI1SK",
+        type: AttributeType.STRING
+      },
+      projectionType: ProjectionType.INCLUDE,
+      nonKeyAttributes: ["srcType", "srcId", "path", "srcPk", "srcSk", "ts"]
+    });
+    this.addGlobalSecondaryIndex({
+      indexName: "GSI2",
+      partitionKey: {
+        name: "GSI2PK",
+        type: AttributeType.STRING
+      },
+      sortKey: {
+        name: "GSI2SK",
+        type: AttributeType.STRING
+      },
+      projectionType: ProjectionType.INCLUDE,
+      nonKeyAttributes: ["resourcePk", "resourceSk", "display", "status"]
+    });
+    this.addGlobalSecondaryIndex({
+      indexName: "GSI3",
+      partitionKey: {
+        name: "GSI3PK",
+        type: AttributeType.STRING
+      },
+      sortKey: {
+        name: "GSI3SK",
+        type: AttributeType.STRING
+      },
+      projectionType: ProjectionType.INCLUDE,
+      nonKeyAttributes: ["resourcePk", "resourceSk"]
+    });
+    this.addGlobalSecondaryIndex({
+      indexName: "GSI4",
+      partitionKey: {
+        name: "GSI4PK",
+        type: AttributeType.STRING
+      },
+      sortKey: {
+        name: "GSI4SK",
+        type: AttributeType.STRING
+      },
+      projectionType: ProjectionType.ALL
+    });
+  }
+};
+
+// src/data/lambda/rest-api-lambda.ts
+import path from "path";
+import { Runtime as Runtime2 } from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
+import { Construct as Construct4 } from "constructs";
+var RestApiLambda = class extends Construct4 {
+  constructor(scope, props) {
+    super(scope, "rest-api-lambda");
+    this.lambda = new NodejsFunction(this, "handler", {
+      entry: path.join(__dirname, "rest-api-lambda.handler.js"),
+      runtime: Runtime2.NODEJS_LATEST,
+      environment: {
+        DYNAMO_TABLE_NAME: props.dynamoTableName
+      }
+    });
+  }
+};
+
+// src/services/open-hi-rest-api-service.ts
+var REST_API_BASE_URL_SSM_NAME = "REST_API_BASE_URL";
+var OpenHiRestApiService = class extends OpenHiService {
+  constructor(ohEnv, props = {}) {
+    super(ohEnv, OPEN_HI_SERVICE_TYPE.REST_API, props);
+    const { config } = props;
+    if (!config) {
+      throw new Error("Config is required");
+    }
+    if (!config.hostedZoneId) {
+      throw new Error("Hosted zone ID is required");
+    }
+    if (!config.zoneName) {
+      throw new Error("Zone name is required");
+    }
+    const hostedZone = HostedZone3.fromHostedZoneAttributes(this, "root-zone", {
+      hostedZoneId: config.hostedZoneId,
+      zoneName: config.zoneName
+    });
+    const certificate = RootWildcardCertificate.fromConstruct(this);
+    const apiPrefix = this.branchName === "main" ? `api` : `api-${this.childZonePrefix}`;
+    const apiDomainName = [apiPrefix, hostedZone.zoneName].join(".");
+    const restApiBaseUrl = `https://${apiDomainName}`;
+    new DiscoverableStringParameter(this, "rest-api-base-url-param", {
+      ssmParamName: REST_API_BASE_URL_SSM_NAME,
+      stringValue: restApiBaseUrl,
+      description: "REST API base URL for this deployment (E2E, scripts)"
+    });
+    const domainName = new DomainName(this, "domain", {
+      domainName: apiDomainName,
+      certificate
+    });
+    this.coreHttpApi = new CoreHttpApi(this, {
+      defaultDomainMapping: {
+        domainName,
+        mappingKey: void 0
+        // serve at root of domain
+      }
+    });
+    const dataStoreTable = DynamoDbDataStore.fromConstruct(this);
+    const { lambda } = new RestApiLambda(this, {
+      dynamoTableName: dataStoreTable.tableName
+    });
+    dataStoreTable.grant(
+      lambda,
+      "dynamodb:GetItem",
+      "dynamodb:Query",
+      "dynamodb:BatchGetItem",
+      "dynamodb:ConditionCheckItem",
+      "dynamodb:DescribeTable",
+      "dynamodb:BatchWriteItem",
+      "dynamodb:PutItem",
+      "dynamodb:UpdateItem",
+      "dynamodb:DeleteItem"
+    );
+    const integration = new HttpLambdaIntegration("lambda-integration", lambda);
+    new HttpRoute(this, "proxy-route-root", {
+      httpApi: this.coreHttpApi,
+      routeKey: HttpRouteKey.with("/", HttpMethod.ANY),
+      integration
+    });
+    new HttpRoute(this, "proxy-route", {
+      httpApi: this.coreHttpApi,
+      routeKey: HttpRouteKey.with("/{proxy+}", HttpMethod.ANY),
+      integration
+    });
+    new ARecord(this, "api-a-record", {
+      zone: hostedZone,
+      recordName: apiPrefix,
+      target: RecordTarget.fromAlias(
+        new ApiGatewayv2DomainProperties(
+          domainName.regionalDomainName,
+          domainName.regionalHostedZoneId
+        )
+      )
+    });
+  }
+};
+
+// src/services/open-hi-data-service.ts
+var OpenHiDataService = class extends OpenHiService {
+  constructor(ohEnv, props = {}) {
+    super(ohEnv, OPEN_HI_SERVICE_TYPE.DATA, props);
+    this.dataStore = new DynamoDbDataStore(this, "dynamo-db-data-store");
+  }
+};
+export {
+  DiscoverableStringParameter,
+  OPEN_HI_SERVICE_TYPE,
+  OpenHiApp,
+  OpenHiAuthService,
+  OpenHiCoreService,
+  OpenHiDataService,
+  OpenHiEnvironment,
+  OpenHiGlobalService,
+  OpenHiRestApiService,
+  OpenHiService,
+  OpenHiStage,
+  REST_API_BASE_URL_SSM_NAME
+};
+//# sourceMappingURL=index.mjs.map