@openhi/constructs 0.0.0 → 0.0.2

package/lib/index.d.ts

@@ -1,3 +1,869 @@
-export * from "./app";
-export * from "./components";
-export * from "./services";
+import { RemovalPolicy, App, AppProps, Stage, StageProps, Stack, StackProps } from 'aws-cdk-lib';
+import { Construct, IConstruct } from 'constructs';
+import { ICertificate, Certificate, CertificateProps } from 'aws-cdk-lib/aws-certificatemanager';
+import { IHttpApi, HttpApi, HttpApiProps, DomainName } from 'aws-cdk-lib/aws-apigatewayv2';
+import { GraphqlApi, IGraphqlApi, GraphqlApiProps } from 'aws-cdk-lib/aws-appsync';
+import { UserPool, UserPoolProps, UserPoolClient, UserPoolClientProps, UserPoolDomain, UserPoolDomainProps, IUserPool, IUserPoolClient, IUserPoolDomain } from 'aws-cdk-lib/aws-cognito';
+import { Key, KeyProps, IKey } from 'aws-cdk-lib/aws-kms';
+import { Table, TableProps, ITable } from 'aws-cdk-lib/aws-dynamodb';
+import { EventBus, EventBusProps, IEventBus } from 'aws-cdk-lib/aws-events';
+import { HostedZone, HostedZoneProps, IHostedZone, HostedZoneAttributes } from 'aws-cdk-lib/aws-route53';
+import { StringParameterProps, StringParameter } from 'aws-cdk-lib/aws-ssm';
+
+/*******************************************************************************
+ *
+ * OpenHi Config
+ *
+ * These types are kept in their own package to prevent dependency conflicts and
+ * conditions between @openhi/constructs and @openhi/platform.
+ *
+ ******************************************************************************/
+/**
+ * Stage Types
+ *
+ * What stage of deployment is this? Dev, staging, or prod?
+ */
+declare const OPEN_HI_STAGE: {
+    /**
+     * Development environment, typically used for testing and development.
+     */
+    readonly DEV: "dev";
+    /**
+     * Staging environment, used for pre-production testing.
+     */
+    readonly STAGE: "stage";
+    /**
+     * Production environment, used for live deployments.
+     */
+    readonly PROD: "prod";
+};
+/**
+ * Deployment Target Role
+ *
+ * Is this (account, region) the primary or a secondary deployment target for the stage?
+ * Works for both multi-region (different regions) and cellular (same region, different accounts).
+ */
+declare const OPEN_HI_DEPLOYMENT_TARGET_ROLE: {
+    /**
+     * The primary deployment target for this stage (main account/region).
+     * For example, the base DynamoDB region for global tables.
+     */
+    readonly PRIMARY: "primary";
+    /**
+     * A secondary deployment target for this stage (additional account/region).
+     * For example, a replica region for a global DynamoDB table, or another cell in the same region.
+     */
+    readonly SECONDARY: "secondary";
+};
+interface OpenHiEnvironmentConfig {
+    account: string;
+    region: string;
+    /**
+     * Route53 zone containing DNS for this service.
+     */
+    hostedZoneId?: string;
+    zoneName?: string;
+}
+/**
+ * Represents the configuration for OpenHi services across different stages and
+ * deployment targets.
+ */
+interface OpenHiConfig {
+    versions?: {
+        cdk?: {
+            cdkLibVersion?: string;
+            cdkCliVersion?: string;
+        };
+    };
+    deploymentTargets?: {
+        [OPEN_HI_STAGE.DEV]?: {
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY]?: OpenHiEnvironmentConfig;
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY]?: Array<OpenHiEnvironmentConfig>;
+        };
+        [OPEN_HI_STAGE.STAGE]?: {
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY]?: OpenHiEnvironmentConfig;
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY]?: Array<OpenHiEnvironmentConfig>;
+        };
+        [OPEN_HI_STAGE.PROD]?: {
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.PRIMARY]?: OpenHiEnvironmentConfig;
+            [OPEN_HI_DEPLOYMENT_TARGET_ROLE.SECONDARY]?: Array<OpenHiEnvironmentConfig>;
+        };
+    };
+}
+
+/**
+ * Properties for creating an OpenHiStage instance.
+ */
+interface OpenHiStageProps extends StageProps {
+    /**
+     * The type of the OpenHi stage.
+     */
+    readonly stageType: (typeof OPEN_HI_STAGE)[keyof typeof OPEN_HI_STAGE];
+}
+/**
+ * Represents a deployment stage in the OpenHi infrastructure hierarchy.
+ */
+declare class OpenHiStage extends Stage {
+    /**
+     * The OpenHiApp that this stage belongs to.
+     *
+     * @public
+     */
+    ohApp: OpenHiApp;
+    /**
+     * Properties for configuring the stage.
+     *
+     * @public
+     */
+    props: OpenHiStageProps;
+    /**
+     * Finds the OpenHiStage that contains the given construct.
+     */
+    static of(construct: IConstruct): OpenHiStage | undefined;
+    /**
+     * Type guard to check if a value is an OpenHiStage instance.
+     */
+    static isOpenHiStage(this: void, x: any): x is OpenHiStage;
+    /**
+     * The type of this OpenHi stage.
+     */
+    readonly stageType: (typeof OPEN_HI_STAGE)[keyof typeof OPEN_HI_STAGE];
+    /**
+     * Creates a new OpenHiStage instance.
+     */
+    constructor(
+    /**
+     * The OpenHiApp that this stage belongs to.
+     *
+     * @public
+     */
+    ohApp: OpenHiApp, 
+    /**
+     * Properties for configuring the stage.
+     *
+     * @public
+     */
+    props: OpenHiStageProps);
+    /**
+     * Gets all OpenHiEnvironment instances contained within this stage.
+     */
+    get environments(): Array<OpenHiEnvironment>;
+    /**
+     * Gets the primary OpenHiEnvironment for this stage, if one exists.
+     */
+    get primaryEnvironment(): OpenHiEnvironment | undefined;
+    /**
+     * Gets all secondary OpenHiEnvironment instances for this stage.
+     */
+    get secondaryEnvironments(): Array<OpenHiEnvironment>;
+}
+
+/**
+ * Properties for creating an OpenHiEnvironment.
+ */
+interface OpenHiEnvironmentProps extends StageProps {
+    /**
+     * The deployment target role for this (account, region).
+     */
+    readonly deploymentTargetRole: (typeof OPEN_HI_DEPLOYMENT_TARGET_ROLE)[keyof typeof OPEN_HI_DEPLOYMENT_TARGET_ROLE];
+    /**
+     * Configuration for this specific environment.
+     */
+    readonly config: OpenHiEnvironmentConfig;
+}
+/**
+ * Represents an OpenHi environment within an AWS CDK stage.
+ */
+declare class OpenHiEnvironment extends Stage {
+    /**
+     * The OpenHiStage that contains this environment.
+     */
+    ohStage: OpenHiStage;
+    /**
+     * Properties for creating the environment.
+     */
+    props: OpenHiEnvironmentProps;
+    /**
+     * Finds the OpenHiEnvironment that contains the given construct.
+     * ```
+     */
+    static of(construct: IConstruct): OpenHiEnvironment | undefined;
+    /**
+     * Type guard to check if a value is an OpenHiEnvironment instance.
+     */
+    static isOpenHiEnvironment(this: void, x: any): x is OpenHiEnvironment;
+    /**
+     * Configuration for this specific environment.
+     */
+    readonly config: OpenHiEnvironmentConfig;
+    /**
+     * The deployment target role for this (account, region).
+     */
+    readonly deploymentTargetRole: (typeof OPEN_HI_DEPLOYMENT_TARGET_ROLE)[keyof typeof OPEN_HI_DEPLOYMENT_TARGET_ROLE];
+    /**
+     * Creates a new OpenHiEnvironment.
+     */
+    constructor(
+    /**
+     * The OpenHiStage that contains this environment.
+     */
+    ohStage: OpenHiStage, 
+    /**
+     * Properties for creating the environment.
+     */
+    props: OpenHiEnvironmentProps);
+}
+
+/**
+ * Properties for creating an OpenHiApp instance.
+ */
+interface OpenHiAppProps extends AppProps {
+    /**
+     * Optional name for the application.
+     * ```
+     */
+    readonly appName?: string;
+    /**
+     * The OpenHi configuration object that defines stages, environments, and
+     * their associated AWS account and region settings.
+     */
+    readonly config: OpenHiConfig;
+}
+/**
+ * Root application construct for OpenHi CDK applications.
+ */
+declare class OpenHiApp extends App {
+    /**
+     * Finds the OpenHiApp instance that contains the given construct in its
+     * construct tree.
+     */
+    static of(construct: IConstruct): OpenHiApp | undefined;
+    /**
+     * Type guard that checks if a value is an OpenHiApp instance.
+     */
+    static isOpenHiApp(this: void, x: any): x is OpenHiApp;
+    /**
+     * Name for the application.
+     */
+    readonly appName: string;
+    /**
+     * The OpenHi configuration object for this application.
+     */
+    readonly config: OpenHiConfig;
+    /**
+     * Creates a new OpenHiApp instance.
+     */
+    constructor(props: OpenHiAppProps);
+    /*****************************************************************************
+     *
+     * Stages
+     *
+     ****************************************************************************/
+    /**
+     * Gets all OpenHiStage instances that are direct children of this app.
+  
+     */
+    get stages(): Array<OpenHiStage>;
+    /**
+     * Gets the development stage, if it exists.
+     */
+    get devStage(): OpenHiStage | undefined;
+    /**
+     * Gets the staging stage, if it exists.
+     */
+    get stageStage(): OpenHiStage | undefined;
+    /**
+     * Gets the production stage, if it exists.
+     */
+    get prodStage(): OpenHiStage | undefined;
+    /*****************************************************************************
+     *
+     * Environments
+     *
+     ****************************************************************************/
+    /**
+     * Gets all OpenHiEnvironment instances across all stages in this app.
+     */
+    get environments(): Array<OpenHiEnvironment>;
+    /**
+     * Gets all primary environments across all stages in this app.
+     */
+    get primaryEnvironments(): Array<OpenHiEnvironment>;
+    /**
+     * Gets all secondary environments across all stages in this app.
+     */
+    get secondaryEnvironments(): Array<OpenHiEnvironment>;
+}
+
+/**
+ * Known OpenHI service type strings. Each service class defines its own
+ * static SERVICE_TYPE (e.g. OpenHiAuthService.SERVICE_TYPE === "auth").
+ *
+ * @public
+ */
+type OpenHiServiceType = "auth" | "rest-api" | "data" | "global" | "graphql-api";
+/**
+ * Properties for creating an {@link OpenHiService} stack.
+ *
+ * @public
+ */
+interface OpenHiServiceProps extends StackProps {
+    /**
+     * Optional branch name override.
+     */
+    readonly branchName?: string;
+    /**
+     * Optional repository name override.
+     */
+    readonly repoName?: string;
+    /**
+     * Optional application name override.
+     */
+    readonly appName?: string;
+    /**
+     * Default release branch name.
+     */
+    readonly defaultReleaseBranch?: string;
+    /**
+     * The removal policy for persistent stack resources.
+     */
+    readonly removalPolicy?: RemovalPolicy;
+    /**
+     * Environment configuration for this service.
+     */
+    readonly config?: OpenHiEnvironmentConfig;
+    /**
+     * A constant that identifies the service type.
+     */
+    readonly serviceType?: OpenHiServiceType;
+}
+/**
+ * Represents an OpenHI service stack within the OpenHI platform.
+ * Subclasses must override {@link serviceType} to return their static SERVICE_TYPE.
+ */
+declare abstract class OpenHiService extends Stack {
+    ohEnv: OpenHiEnvironment;
+    props: OpenHiServiceProps;
+    /**
+     * The service/stack ID that was passed to the constructor.
+     */
+    readonly serviceId: string;
+    /**
+     * The deployment target role identifier.
+     */
+    readonly deploymentTargetRole: string;
+    /**
+     * Repository name used in resource tagging.
+     */
+    readonly repoName: string;
+    /**
+     * Application name identifier.
+     */
+    readonly appName: string;
+    /**
+     * Default release branch name.
+     */
+    readonly defaultReleaseBranch: string;
+    /**
+     * Branch name used when calculating resource names and hashes.
+     */
+    readonly branchName: string;
+    /**
+     * Short hash unique to the deployment target (app name, deployment target role, account, region).
+     */
+    readonly environmentHash: string;
+    /**
+     * Short hash unique to the environment and branch combination.
+     */
+    readonly branchHash: string;
+    /**
+     * Short hash unique to the specific stack/service.
+     */
+    readonly stackHash: string;
+    /**
+     * The removal policy for persistent stack resources.
+     */
+    readonly removalPolicy: RemovalPolicy;
+    /**
+     * Environment configuration for this service.
+     * This is either the value passed in or the default config
+     */
+    readonly config: OpenHiEnvironmentConfig;
+    /**
+     * Service type identifier. Override in subclasses to return the class's static SERVICE_TYPE.
+     * Used for parameter names, tags, and service discovery.
+     */
+    abstract get serviceType(): OpenHiServiceType | string;
+    /**
+     * Creates a new OpenHI service stack.
+     *
+     * @param ohEnv - The OpenHI environment (stage) this service belongs to
+     * @param id - Unique identifier for this service stack (e.g., "user-service")
+     * @param props - Optional properties for configuring the service
+     *
+     * @throws {Error} If account and region are not defined in props or environment
+     *
+     */
+    constructor(ohEnv: OpenHiEnvironment, id: string, props?: OpenHiServiceProps);
+    /**
+     * DNS prefix for this branche's child zone.
+     */
+    get childZonePrefix(): string;
+}
+
+declare class RootWildcardCertificate extends Certificate {
+    /**
+     * Used when storing the Certificate ARN in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_WILDCARD_CERT_ARN";
+    /**
+     * Using a special name here since this will be shared and used among many
+     * stacks and services. Use with OpenHiGlobalService.rootWildcardCertificateFromConstruct.
+     */
+    static ssmParameterName(): string;
+    constructor(scope: Construct, props: CertificateProps);
+}
+
+declare class RootHttpApi extends HttpApi {
+    /**
+     * Used when storing the API ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_HTTP_API";
+    constructor(scope: Construct, props?: HttpApiProps);
+}
+
+interface RootGraphqlApiProps extends GraphqlApiProps {
+}
+declare class RootGraphqlApi extends GraphqlApi {
+    /**
+     * Used when storing the GraphQl API ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_GRAPHQL_API";
+    static fromConstruct(scope: Construct): IGraphqlApi;
+    constructor(scope: Construct, props?: Omit<RootGraphqlApiProps, "name">);
+}
+
+declare class CognitoUserPool extends UserPool {
+    /**
+     * Used when storing the User Pool ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL";
+    constructor(scope: Construct, props?: UserPoolProps);
+}
+
+declare class CognitoUserPoolClient extends UserPoolClient {
+    /**
+     * Used when storing the User Pool Client ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_CLIENT";
+    constructor(scope: Construct, props: UserPoolClientProps);
+}
+
+declare class CognitoUserPoolDomain extends UserPoolDomain {
+    /**
+     * Used when storing the User Pool Domain in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_DOMAIN";
+    constructor(scope: Construct, props: UserPoolDomainProps);
+}
+
+declare class CognitoUserPoolKmsKey extends Key {
+    /**
+     * Used when storing the KMS Key in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_KMS_KEY";
+    constructor(scope: Construct, props?: KeyProps);
+}
+
+/**
+ * DynamoDB table name for the data store. Used for cross-stack reference and
+ * deterministic naming per branch. The table backs multiple use cases (e.g.
+ * CRM, CMS, ERP, EHR).
+ */
+declare function getDynamoDbDataStoreTableName(scope: Construct): string;
+interface DynamoDbDataStoreProps extends Omit<TableProps, "tableName" | "removalPolicy"> {
+    /**
+     * Optional removal policy override. If not set, uses the service's default
+     * removal policy (RETAIN for prod, DESTROY otherwise).
+     */
+    readonly removalPolicy?: RemovalPolicy;
+}
+/**
+ * DynamoDB table implementing the single-table design for app data (e.g. FHIR
+ * resources, CRM, CMS, ERP, EHR).
+ *
+ * @see {@link https://github.com/codedrifters/openhi/blob/main/sites/www-docs/content/architecture/dynamodb-single-table-design.md | DynamoDB Single-Table Design}
+ *
+ * Primary key: PK (String), SK (String).
+ * GSIs: GSI1 (reverse reference), GSI2 (identifier lookup), GSI3 (facility ops), GSI4 (resource type list).
+ */
+declare class DynamoDbDataStore extends Table {
+    constructor(scope: Construct, id: string, props?: DynamoDbDataStoreProps);
+}
+
+declare class DataEventBus extends EventBus {
+    /*****************************************************************************
+     *
+     * Return a name for this EventBus based on the stack environment hash. This
+     * name is common across all stacks since it's using the environment hash in
+     * it's name.
+     *
+     ****************************************************************************/
+    static getEventBusName(scope: Construct): string;
+    constructor(scope: Construct, props?: EventBusProps);
+}
+
+declare class OpsEventBus extends EventBus {
+    /*****************************************************************************
+     *
+     * Return a name for this EventBus based on the stack environment hash. This
+     * name is common across all stacks since it's using the environment hash in
+     * it's name.
+     *
+     ****************************************************************************/
+    static getEventBusName(scope: Construct): string;
+    constructor(scope: Construct, props?: EventBusProps);
+}
+
+interface ChildHostedZoneProps extends HostedZoneProps {
+    /**
+     * The root zone we will attach this sub-zone to.
+     */
+    readonly parentHostedZone: IHostedZone;
+}
+declare class ChildHostedZone extends HostedZone {
+    /**
+     * Used when storing the child zone ID in SSM. Use {@link OpenHiGlobalService.childHostedZoneFromConstruct} to look up.
+     */
+    static readonly SSM_PARAM_NAME = "CHILDHOSTEDZONE";
+    constructor(scope: Construct, id: string, props: ChildHostedZoneProps);
+}
+
+/**
+ * Placeholder for root hosted zone. Use {@link OpenHiGlobalService.rootHostedZoneFromConstruct}
+ * to obtain an IHostedZone from attributes (e.g. from config). The root zone is always
+ * created manually and imported via config.
+ */
+declare class RootHostedZone extends Construct {
+}
+
+/*******************************************************************************
+ *
+ * DiscoverableStringParameterProps: props for creating or looking up SSM
+ * parameters. Includes StringParameterProps (minus parameterName) plus
+ * name-building fields used by buildParameterName.
+ *
+ ******************************************************************************/
+interface DiscoverableStringParameterProps extends Omit<StringParameterProps, "parameterName"> {
+    /**
+     * SSM param name used to build the SSM parameter name via buildParameterName
+     * and stored as a tag on the parameter for discoverability.
+     */
+    readonly ssmParamName: string;
+    /**
+     * The environment hash the parameter belongs to.
+     * @default - the current stack's environment hash
+     */
+    readonly branchHash?: string;
+    /**
+     * The service type the parameter belongs to.
+     * @default - the current stack's service type
+     */
+    readonly serviceType?: string;
+    /**
+     * The AWS account the parameter belongs to.
+     * @default - the current stack's account
+     */
+    readonly account?: string;
+    /**
+     * The AWS region the parameter belongs to.
+     * @default - the current stack's region
+     */
+    readonly region?: string;
+}
+/**
+ * Props for buildParameterName and valueForLookupName.
+ * Includes ssmParamName (required) and optional overrides (branchHash, serviceType, account, region).
+ */
+type BuildParameterNameProps = Pick<DiscoverableStringParameterProps, "ssmParamName" | "branchHash" | "serviceType" | "account" | "region">;
+/**
+ * Discoverable SSM string parameter construct. Extends CDK StringParameter:
+ * builds parameterName from the given name via buildParameterName and tags
+ * the parameter with the name constant.
+ */
+declare class DiscoverableStringParameter extends StringParameter {
+    /**
+     * Version of the parameter name format / discoverability schema.
+     * Bump when buildParameterName or tagging semantics change.
+     * Also used to drive replacement of parameters during CloudFormation deploys.
+     */
+    static readonly version = "v1";
+    /**
+     * Build a param name based on predictable attributes found in services and
+     * constructs. Used for storage and retrieval of SSM values across services.
+     */
+    static buildParameterName(scope: Construct, props: BuildParameterNameProps): string;
+    /**
+     * Read the string value of an SSM parameter created with DiscoverableStringParameter,
+     * using props that include ssmParamName and optional overrides (e.g. serviceType).
+     */
+    static valueForLookupName(scope: Construct, props: BuildParameterNameProps): string;
+    constructor(scope: Construct, id: string, props: DiscoverableStringParameterProps);
+}
+
+interface OpenHiAuthServiceProps extends OpenHiServiceProps {
+    /**
+     * Optional props for the Cognito User Pool.
+     */
+    readonly userPoolProps?: UserPoolProps;
+}
+/**
+ * OpenHI Auth Service stack.
+ *
+ * @remarks
+ * The Auth service manages authentication infrastructure including:
+ * - Cognito User Pool for user management and authentication
+ * - User Pool Client for application integration
+ * - User Pool Domain for hosting the Cognito hosted UI
+ * - KMS Key for Cognito User Pool encryption
+ *
+ * Resources are created in protected methods; subclasses may override to customize.
+ * Other stacks obtain auth by calling **OpenHiAuthService.userPoolFromConstruct(scope)**,
+ * **OpenHiAuthService.userPoolClientFromConstruct(scope)**,
+ * **OpenHiAuthService.userPoolDomainFromConstruct(scope)**,
+ * and **OpenHiAuthService.userPoolKmsKeyFromConstruct(scope)** for each resource needed.
+ *
+ * Only one instance of the auth service should exist per environment.
+ *
+ * @public
+ */
+declare class OpenHiAuthService extends OpenHiService {
+    props: OpenHiAuthServiceProps;
+    static readonly SERVICE_TYPE = "auth";
+    /**
+     * Returns an IUserPool by looking up the Auth stack's User Pool ID from SSM.
+     */
+    static userPoolFromConstruct(scope: Construct): IUserPool;
+    /**
+     * Returns an IUserPoolClient by looking up the Auth stack's User Pool Client ID from SSM.
+     */
+    static userPoolClientFromConstruct(scope: Construct): IUserPoolClient;
+    /**
+     * Returns an IUserPoolDomain by looking up the Auth stack's User Pool Domain from SSM.
+     */
+    static userPoolDomainFromConstruct(scope: Construct): IUserPoolDomain;
+    /**
+     * Returns an IKey (KMS) by looking up the Auth stack's User Pool KMS Key ARN from SSM.
+     */
+    static userPoolKmsKeyFromConstruct(scope: Construct): IKey;
+    get serviceType(): string;
+    readonly userPoolKmsKey: IKey;
+    readonly userPool: IUserPool;
+    readonly userPoolClient: IUserPoolClient;
+    readonly userPoolDomain: IUserPoolDomain;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiAuthServiceProps);
+    /**
+     * Creates the KMS key for the Cognito User Pool and exports its ARN to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolKmsKeyFromConstruct}.
+     * Override to customize.
+     */
+    protected createUserPoolKmsKey(): IKey;
+    /**
+     * Creates the Cognito User Pool and exports its ID to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolFromConstruct}.
+     * Override to customize.
+     */
+    protected createUserPool(): IUserPool;
+    /**
+     * Creates the User Pool Client and exports its ID to SSM (AUTH service type).
+     * Look up via {@link OpenHiAuthService.userPoolClientFromConstruct}.
+     * Override to customize.
+     */
+    protected createUserPoolClient(): IUserPoolClient;
+    /**
+     * Creates the User Pool Domain (Cognito hosted UI) and exports domain name to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolDomainFromConstruct}.
+     * Override to customize.
+     */
+    protected createUserPoolDomain(): IUserPoolDomain;
+}
+
+interface OpenHiGlobalServiceProps extends OpenHiServiceProps {
+}
+/**
+ * Global Infrastructure stack: owns global DNS and certificates.
+ * Resources (root zone, optional child zone, wildcard cert) are created
+ * in protected methods; subclasses may override to customize.
+ */
+declare class OpenHiGlobalService extends OpenHiService {
+    static readonly SERVICE_TYPE = "global";
+    /**
+     * Returns an IHostedZone from the given attributes (no SSM). Use when the zone is imported from config.
+     */
+    static rootHostedZoneFromConstruct(scope: Construct, props: HostedZoneAttributes): IHostedZone;
+    /**
+     * Returns an ICertificate by looking up the Global stack's wildcard cert ARN from SSM.
+     */
+    static rootWildcardCertificateFromConstruct(scope: Construct): ICertificate;
+    /**
+     * Returns an IHostedZone by looking up the child hosted zone ID from SSM. Defaults to GLOBAL service type.
+     */
+    static childHostedZoneFromConstruct(scope: Construct, props: {
+        zoneName: string;
+        serviceType?: OpenHiServiceType;
+    }): IHostedZone;
+    get serviceType(): string;
+    readonly rootHostedZone: IHostedZone;
+    readonly childHostedZone?: IHostedZone;
+    readonly rootWildcardCertificate: ICertificate;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiGlobalServiceProps);
+    /**
+     * Validates that config required for the Global stack is present.
+     */
+    protected validateConfig(props: OpenHiGlobalServiceProps): void;
+    /**
+     * Creates the root hosted zone (imported via attributes from config).
+     * Override to customize or create the zone.
+     */
+    protected createRootHostedZone(): IHostedZone;
+    /**
+     * Creates the optional child hosted zone (e.g. branch subdomain).
+     * Override to create a child zone when config provides childHostedZoneAttributes.
+     * If you create a ChildHostedZone, also create a DiscoverableStringParameter
+     * with ChildHostedZone.SSM_PARAM_NAME and the zone's hostedZoneId.
+     */
+    protected createChildHostedZone(): IHostedZone | undefined;
+    /**
+     * Creates the root wildcard certificate. On main branch, creates a new cert
+     * with DNS validation; otherwise imports from SSM.
+     * Override to customize certificate creation.
+     */
+    protected createRootWildcardCertificate(): ICertificate;
+}
+
+interface OpenHiRestApiServiceProps extends OpenHiServiceProps {
+}
+/**
+ * SSM parameter name suffix for the REST API base URL.
+ * Full parameter name is built via buildParameterName with serviceType REST_API.
+ */
+declare const REST_API_BASE_URL_SSM_NAME = "REST_API_BASE_URL";
+/**
+ * REST API service stack: HTTP API, custom domain, and Lambda; exports base URL via SSM.
+ * Resources are created in protected methods; subclasses may override to customize.
+ */
+declare class OpenHiRestApiService extends OpenHiService {
+    static readonly SERVICE_TYPE = "rest-api";
+    /**
+     * Returns an IHttpApi by looking up the REST API stack's HTTP API ID from SSM.
+     */
+    static rootHttpApiFromConstruct(scope: Construct): IHttpApi;
+    /**
+     * Returns the REST API base URL (e.g. https://api.example.com) by looking it up from SSM.
+     * Use in other stacks for E2E, scripts, or config.
+     */
+    static restApiBaseUrlFromConstruct(scope: Construct): string;
+    get serviceType(): string;
+    readonly rootHttpApi: RootHttpApi;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiRestApiServiceProps);
+    /**
+     * Validates that config required for the REST API stack is present.
+     */
+    protected validateConfig(props: OpenHiRestApiServiceProps): void;
+    /**
+     * Creates the hosted zone reference (imported from config).
+     * Override to customize.
+     */
+    protected createHostedZone(): IHostedZone;
+    /**
+     * Creates the wildcard certificate (imported from Global stack via SSM).
+     * Override to customize.
+     */
+    protected createCertificate(): ICertificate;
+    /**
+     * Returns the API domain name string (e.g. api.example.com or api-{prefix}.example.com).
+     * Override to customize.
+     */
+    protected createApiDomainNameString(hostedZone: IHostedZone): string;
+    /**
+     * Creates the SSM parameter for the REST API base URL.
+     * Look up via {@link OpenHiRestApiService.restApiBaseUrlFromConstruct}.
+     * Override to customize.
+     */
+    protected createRestApiBaseUrlParameter(apiDomainName: string): void;
+    /**
+     * Creates the API Gateway custom domain name resource.
+     * Override to customize.
+     */
+    protected createDomainName(_hostedZone: IHostedZone, certificate: ICertificate): DomainName;
+    /**
+     * Creates the Lambda integration, HTTP routes, and API DNS record.
+     * Override to customize. Uses {@link rootHttpApi} set by the constructor.
+     */
+    protected createRestApiLambdaAndRoutes(hostedZone: IHostedZone, domainName: DomainName): void;
+    /**
+     * Creates the Root HTTP API with default domain mapping and exports API ID to SSM.
+     * Look up via {@link OpenHiRestApiService.rootHttpApiFromConstruct}.
+     * Override to customize.
+     */
+    protected createRootHttpApi(domainName: DomainName): RootHttpApi;
+}
+
+interface OpenHiDataServiceProps extends OpenHiServiceProps {
+}
+/**
+ * Data storage service stack: centralizes DynamoDB, S3, EventBridge event buses,
+ * and other persistence resources for OpenHI. Creates the single-table data store
+ * (CRM, CMS, ERP, EHR) and the data/ops event buses in protected methods;
+ * subclasses may override to customize.
+ */
+declare class OpenHiDataService extends OpenHiService {
+    static readonly SERVICE_TYPE = "data";
+    /**
+     * Returns the data event bus by name (deterministic per branch). Use from other stacks to obtain an IEventBus reference.
+     */
+    static dataEventBusFromConstruct(scope: Construct): IEventBus;
+    /**
+     * Returns the ops event bus by name (deterministic per branch). Use from other stacks to obtain an IEventBus reference.
+     */
+    static opsEventBusFromConstruct(scope: Construct): IEventBus;
+    /**
+     * Returns the data store table by name. Use from other stacks (e.g. REST API Lambda) to obtain an ITable reference.
+     */
+    static dynamoDbDataStoreFromConstruct(scope: Construct, id?: string): ITable;
+    get serviceType(): string;
+    /**
+     * Event bus for data-related events (ingestion, transformation, storage).
+     * Other stacks obtain it via {@link OpenHiDataService.dataEventBusFromConstruct}.
+     */
+    readonly dataEventBus: IEventBus;
+    /**
+     * Event bus for operational events (monitoring, alerting, system health).
+     * Other stacks obtain it via {@link OpenHiDataService.opsEventBusFromConstruct}.
+     */
+    readonly opsEventBus: IEventBus;
+    /**
+     * The single-table DynamoDB data store. Use {@link OpenHiDataService.dynamoDbDataStoreFromConstruct}
+     * from other stacks to obtain an ITable reference by name.
+     */
+    readonly dataStore: ITable;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiDataServiceProps);
+    /**
+     * Creates the data event bus.
+     * Override to customize.
+     */
+    protected createDataEventBus(): IEventBus;
+    /**
+     * Creates the ops event bus.
+     * Override to customize.
+     */
+    protected createOpsEventBus(): IEventBus;
+    /**
+     * Creates the single-table DynamoDB data store.
+     * Override to customize.
+     */
+    protected createDataStore(): ITable;
+}
+
+export { ChildHostedZone, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, DataEventBus, DiscoverableStringParameter, DynamoDbDataStore, OpenHiApp, OpenHiAuthService, OpenHiDataService, OpenHiEnvironment, OpenHiGlobalService, OpenHiRestApiService, OpenHiService, OpenHiStage, OpsEventBus, REST_API_BASE_URL_SSM_NAME, RootGraphqlApi, RootHostedZone, RootHttpApi, RootWildcardCertificate, getDynamoDbDataStoreTableName };
+export type { BuildParameterNameProps, ChildHostedZoneProps, DiscoverableStringParameterProps, DynamoDbDataStoreProps, OpenHiAppProps, OpenHiAuthServiceProps, OpenHiDataServiceProps, OpenHiEnvironmentProps, OpenHiGlobalServiceProps, OpenHiRestApiServiceProps, OpenHiServiceProps, OpenHiServiceType, OpenHiStageProps, RootGraphqlApiProps };