npm - @openhi/constructs - Versions diffs - 0.0.1 → 0.0.2 - Mend

@openhi/constructs 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/index.d.mts CHANGED Viewed

@@ -1,16 +1,15 @@
 import { OPEN_HI_STAGE, OPEN_HI_DEPLOYMENT_TARGET_ROLE, OpenHiEnvironmentConfig, OpenHiConfig } from '@openhi/config';
 import { Stage, StageProps, App, AppProps, Stack, StackProps, RemovalPolicy } from 'aws-cdk-lib';
 import { IConstruct, Construct } from 'constructs';
-import { HttpApiProps, HttpApi, IHttpApi } from 'aws-cdk-lib/aws-apigatewayv2';
-import { GraphqlApiProps } from 'aws-cdk-lib/aws-appsync';
-import { EventBusProps } from 'aws-cdk-lib/aws-events';
+import { Certificate, CertificateProps, ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { HttpApi, HttpApiProps, IHttpApi, DomainName } from 'aws-cdk-lib/aws-apigatewayv2';
+import { GraphqlApi, IGraphqlApi, GraphqlApiProps } from 'aws-cdk-lib/aws-appsync';
+import { UserPool, UserPoolProps, UserPoolClient, UserPoolClientProps, UserPoolDomain, UserPoolDomainProps, IUserPool, IUserPoolClient, IUserPoolDomain } from 'aws-cdk-lib/aws-cognito';
+import { Key, KeyProps, IKey } from 'aws-cdk-lib/aws-kms';
+import { Table, TableProps, ITable } from 'aws-cdk-lib/aws-dynamodb';
+import { EventBus, EventBusProps, IEventBus } from 'aws-cdk-lib/aws-events';
+import { HostedZone, HostedZoneProps, IHostedZone, HostedZoneAttributes } from 'aws-cdk-lib/aws-route53';
 import { StringParameterProps, StringParameter } from 'aws-cdk-lib/aws-ssm';
-import { UserPoolProps, IUserPool, IUserPoolClient, IUserPoolDomain } from 'aws-cdk-lib/aws-cognito';
-import { IKey } from 'aws-cdk-lib/aws-kms';
-import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
-import { HostedZoneAttributes, IHostedZone } from 'aws-cdk-lib/aws-route53';
-import { SetOptional } from 'type-fest';
-import { ITable } from 'aws-cdk-lib/aws-dynamodb';
 /**
  * Properties for creating an OpenHiStage instance.
@@ -216,74 +215,13 @@ declare class OpenHiApp extends App {
     get secondaryEnvironments(): Array<OpenHiEnvironment>;
 }
-interface CoreProps {
-    /**
-     * Pass in options for an event bus, optional.
-     */
-    readonly dataEventBusProps?: EventBusProps;
-    /**
-     * Pass in options for an event bus, optional.
-     */
-    readonly opsEventBusProps?: EventBusProps;
-    /**
-     * Optional args for creating HTTP API.
-     */
-    readonly httpApiProps?: HttpApiProps;
-    /**
-     * Optional args for creating the core GraphQL API.
-     */
-    readonly graphqlApiProps?: GraphqlApiProps;
-}
-/**
- * Service type identifiers for OpenHI services.
- *
- * @remarks
- * These constants define the different types of services that can be deployed
- * within the OpenHI platform. Each service type represents a distinct domain
- * or functional area with its own data model, API endpoints, and business logic.
- *
- * Service types are used for:
- * - Resource naming and tagging
- * - Service discovery and routing
- * - Deployment context calculations
- * - Cross-service communication patterns
- *
- * @public
- */
-declare const OPEN_HI_SERVICE_TYPE: {
-    /**
-     * Authentication service.
-     *   *
-     * Only one instance of the auth service should exist per environment.
-     */
-    readonly AUTH: "auth";
-    /**
-     * Root shared core services.
-     *
-     * Only one instance of the core service should exist per environment.
-     */
-    readonly CORE: "core";
-    /**
-     * Rest API service.
-     */
-    readonly REST_API: "rest-api";
-    /**
-     * Global Infrastructure stack (Route53, ACM).
-     */
-    readonly GLOBAL: "global";
-    /**
-     * Data service (DynamoDB, S3, persistence).
-     */
-    readonly DATA: "data";
-};
 /**
- * Type representing valid OpenHI service type values. This is a union of the
- * values from {@link OPEN_HI_SERVICE_TYPE}.
+ * Known OpenHI service type strings. Each service class defines its own
+ * static SERVICE_TYPE (e.g. OpenHiAuthService.SERVICE_TYPE === "auth").
  *
  * @public
  */
-type OpenHiServiceType = (typeof OPEN_HI_SERVICE_TYPE)[keyof typeof OPEN_HI_SERVICE_TYPE];
+type OpenHiServiceType = "auth" | "rest-api" | "data" | "global" | "graphql-api";
 /**
  * Properties for creating an {@link OpenHiService} stack.
  *
@@ -318,15 +256,12 @@ interface OpenHiServiceProps extends StackProps {
      * A constant that identifies the service type.
      */
     readonly serviceType?: OpenHiServiceType;
-    /**
-     * Optional props for the core construct.
-     */
-    readonly coreProps?: CoreProps;
 }
 /**
  * Represents an OpenHI service stack within the OpenHI platform.
+ * Subclasses must override {@link serviceType} to return their static SERVICE_TYPE.
  */
-declare class OpenHiService extends Stack {
+declare abstract class OpenHiService extends Stack {
     ohEnv: OpenHiEnvironment;
     props: OpenHiServiceProps;
     /**
@@ -375,12 +310,10 @@ declare class OpenHiService extends Stack {
      */
     readonly config: OpenHiEnvironmentConfig;
     /**
-     * A constant that identifies the service type.
-     */
-    readonly serviceType: (typeof OPEN_HI_SERVICE_TYPE)[keyof typeof OPEN_HI_SERVICE_TYPE] | string;
-    /**
-     * Core construct containing shared infrastructure.
+     * Service type identifier. Override in subclasses to return the class's static SERVICE_TYPE.
+     * Used for parameter names, tags, and service discovery.
      */
+    abstract get serviceType(): OpenHiServiceType | string;
     /**
      * Creates a new OpenHI service stack.
      *
@@ -392,15 +325,148 @@ declare class OpenHiService extends Stack {
      *
      */
     constructor(ohEnv: OpenHiEnvironment, id: string, props?: OpenHiServiceProps);
-    /**
-     * Creates or returns the core construct for shared infrastructure.
-     */
     /**
      * DNS prefix for this branche's child zone.
      */
     get childZonePrefix(): string;
 }
+declare class RootWildcardCertificate extends Certificate {
+    /**
+     * Used when storing the Certificate ARN in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_WILDCARD_CERT_ARN";
+    /**
+     * Using a special name here since this will be shared and used among many
+     * stacks and services. Use with OpenHiGlobalService.rootWildcardCertificateFromConstruct.
+     */
+    static ssmParameterName(): string;
+    constructor(scope: Construct, props: CertificateProps);
+}
+declare class RootHttpApi extends HttpApi {
+    /**
+     * Used when storing the API ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_HTTP_API";
+    constructor(scope: Construct, props?: HttpApiProps);
+}
+interface RootGraphqlApiProps extends GraphqlApiProps {
+}
+declare class RootGraphqlApi extends GraphqlApi {
+    /**
+     * Used when storing the GraphQl API ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "ROOT_GRAPHQL_API";
+    static fromConstruct(scope: Construct): IGraphqlApi;
+    constructor(scope: Construct, props?: Omit<RootGraphqlApiProps, "name">);
+}
+declare class CognitoUserPool extends UserPool {
+    /**
+     * Used when storing the User Pool ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL";
+    constructor(scope: Construct, props?: UserPoolProps);
+}
+declare class CognitoUserPoolClient extends UserPoolClient {
+    /**
+     * Used when storing the User Pool Client ID in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_CLIENT";
+    constructor(scope: Construct, props: UserPoolClientProps);
+}
+declare class CognitoUserPoolDomain extends UserPoolDomain {
+    /**
+     * Used when storing the User Pool Domain in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_DOMAIN";
+    constructor(scope: Construct, props: UserPoolDomainProps);
+}
+declare class CognitoUserPoolKmsKey extends Key {
+    /**
+     * Used when storing the KMS Key in SSM.
+     */
+    static readonly SSM_PARAM_NAME = "COGNITO_USER_POOL_KMS_KEY";
+    constructor(scope: Construct, props?: KeyProps);
+}
+/**
+ * DynamoDB table name for the data store. Used for cross-stack reference and
+ * deterministic naming per branch. The table backs multiple use cases (e.g.
+ * CRM, CMS, ERP, EHR).
+ */
+declare function getDynamoDbDataStoreTableName(scope: Construct): string;
+interface DynamoDbDataStoreProps extends Omit<TableProps, "tableName" | "removalPolicy"> {
+    /**
+     * Optional removal policy override. If not set, uses the service's default
+     * removal policy (RETAIN for prod, DESTROY otherwise).
+     */
+    readonly removalPolicy?: RemovalPolicy;
+}
+/**
+ * DynamoDB table implementing the single-table design for app data (e.g. FHIR
+ * resources, CRM, CMS, ERP, EHR).
+ *
+ * @see {@link https://github.com/codedrifters/openhi/blob/main/sites/www-docs/content/architecture/dynamodb-single-table-design.md | DynamoDB Single-Table Design}
+ *
+ * Primary key: PK (String), SK (String).
+ * GSIs: GSI1 (reverse reference), GSI2 (identifier lookup), GSI3 (facility ops), GSI4 (resource type list).
+ */
+declare class DynamoDbDataStore extends Table {
+    constructor(scope: Construct, id: string, props?: DynamoDbDataStoreProps);
+}
+declare class DataEventBus extends EventBus {
+    /*****************************************************************************
+     *
+     * Return a name for this EventBus based on the stack environment hash. This
+     * name is common across all stacks since it's using the environment hash in
+     * it's name.
+     *
+     ****************************************************************************/
+    static getEventBusName(scope: Construct): string;
+    constructor(scope: Construct, props?: EventBusProps);
+}
+declare class OpsEventBus extends EventBus {
+    /*****************************************************************************
+     *
+     * Return a name for this EventBus based on the stack environment hash. This
+     * name is common across all stacks since it's using the environment hash in
+     * it's name.
+     *
+     ****************************************************************************/
+    static getEventBusName(scope: Construct): string;
+    constructor(scope: Construct, props?: EventBusProps);
+}
+interface ChildHostedZoneProps extends HostedZoneProps {
+    /**
+     * The root zone we will attach this sub-zone to.
+     */
+    readonly parentHostedZone: IHostedZone;
+}
+declare class ChildHostedZone extends HostedZone {
+    /**
+     * Used when storing the child zone ID in SSM. Use {@link OpenHiGlobalService.childHostedZoneFromConstruct} to look up.
+     */
+    static readonly SSM_PARAM_NAME = "CHILDHOSTEDZONE";
+    constructor(scope: Construct, id: string, props: ChildHostedZoneProps);
+}
+/**
+ * Placeholder for root hosted zone. Use {@link OpenHiGlobalService.rootHostedZoneFromConstruct}
+ * to obtain an IHostedZone from attributes (e.g. from config). The root zone is always
+ * created manually and imported via config.
+ */
+declare class RootHostedZone extends Construct {
+}
 /*******************************************************************************
  *
  * DiscoverableStringParameterProps: props for creating or looking up SSM
@@ -446,6 +512,12 @@ type BuildParameterNameProps = Pick<DiscoverableStringParameterProps, "ssmParamN
  * the parameter with the name constant.
  */
 declare class DiscoverableStringParameter extends StringParameter {
+    /**
+     * Version of the parameter name format / discoverability schema.
+     * Bump when buildParameterName or tagging semantics change.
+     * Also used to drive replacement of parameters during CloudFormation deploys.
+     */
+    static readonly version = "v1";
     /**
      * Build a param name based on predictable attributes found in services and
      * constructs. Used for storage and retrieval of SSM values across services.
@@ -459,175 +531,134 @@ declare class DiscoverableStringParameter extends StringParameter {
     constructor(scope: Construct, id: string, props: DiscoverableStringParameterProps);
 }
-interface OpenHiCoreServiceProps extends OpenHiServiceProps {
-}
-declare class OpenHiCoreService extends OpenHiService {
-    /*****************************************************************************
-     *
-     * PROPS
-     *
-     * Final props calculated from inputs combined with default values.
-     *
-     ****************************************************************************/
-    readonly props: OpenHiCoreServiceProps;
-    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiCoreServiceProps);
-}
-interface AuthProps {
+interface OpenHiAuthServiceProps extends OpenHiServiceProps {
     /**
-     * Optional props for creating the user pool.
+     * Optional props for the Cognito User Pool.
      */
     readonly userPoolProps?: UserPoolProps;
 }
 /**
- * Auth construct that manages Cognito authentication resources.
+ * OpenHI Auth Service stack.
  *
  * @remarks
- * The Auth construct provides authentication infrastructure including:
+ * The Auth service manages authentication infrastructure including:
  * - Cognito User Pool for user management and authentication
  * - User Pool Client for application integration
  * - User Pool Domain for hosting the Cognito hosted UI
  * - KMS Key for Cognito User Pool encryption
  *
- * When created in the Auth service (`serviceType === OPEN_HI_SERVICE_TYPE.AUTH`),
- * it creates concrete resources. Otherwise, it imports existing resources
- * from SSM Parameter Store.
+ * Resources are created in protected methods; subclasses may override to customize.
+ * Other stacks obtain auth by calling **OpenHiAuthService.userPoolFromConstruct(scope)**,
+ * **OpenHiAuthService.userPoolClientFromConstruct(scope)**,
+ * **OpenHiAuthService.userPoolDomainFromConstruct(scope)**,
+ * and **OpenHiAuthService.userPoolKmsKeyFromConstruct(scope)** for each resource needed.
  *
- * Use {@link Auth.fromConstruct} to obtain an Auth instance (with resources
- * imported from AUTH SSM parameters) when not in the Auth service, e.g. from
- * the Core construct.
+ * Only one instance of the auth service should exist per environment.
  *
  * @public
  */
-declare class Auth extends Construct {
+declare class OpenHiAuthService extends OpenHiService {
+    props: OpenHiAuthServiceProps;
+    static readonly SERVICE_TYPE = "auth";
     /**
-     * Returns an Auth instance that uses resources imported from AUTH SSM
-     * parameters. Use this when creating Core or other stacks that consume
-     * auth resources; the Auth stack must be deployed first.
-     *
-     * @param scope - Construct scope (e.g. Core); must be in a stack that has
-     *   access to the same account/region as the deployed Auth stack.
+     * Returns an IUserPool by looking up the Auth stack's User Pool ID from SSM.
      */
-    static fromConstruct(scope: Construct): Auth;
+    static userPoolFromConstruct(scope: Construct): IUserPool;
     /**
-     * Is this construct being created in the auth service or elsewhere?
+     * Returns an IUserPoolClient by looking up the Auth stack's User Pool Client ID from SSM.
      */
-    readonly isAuthService: boolean;
+    static userPoolClientFromConstruct(scope: Construct): IUserPoolClient;
     /**
-     * KMS Key used to encrypt the Cognito User Pool. We need a custom key so that
-     * we can decrypt tokens when sending emails using something other than SES.
+     * Returns an IUserPoolDomain by looking up the Auth stack's User Pool Domain from SSM.
      */
-    readonly userPoolKmsKey: IKey;
+    static userPoolDomainFromConstruct(scope: Construct): IUserPoolDomain;
     /**
-     * Cognito User Pool for user management and authentication.
+     * Returns an IKey (KMS) by looking up the Auth stack's User Pool KMS Key ARN from SSM.
      */
+    static userPoolKmsKeyFromConstruct(scope: Construct): IKey;
+    get serviceType(): string;
+    readonly userPoolKmsKey: IKey;
     readonly userPool: IUserPool;
-    /**
-     * Cognito User Pool Client for application integration with the User Pool.
-     */
     readonly userPoolClient: IUserPoolClient;
+    readonly userPoolDomain: IUserPoolDomain;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiAuthServiceProps);
     /**
-     * Cognito User Pool Domain for hosting the Cognito hosted UI.
+     * Creates the KMS key for the Cognito User Pool and exports its ARN to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolKmsKeyFromConstruct}.
+     * Override to customize.
      */
-    readonly userPoolDomain: IUserPoolDomain;
-    constructor(scope: Construct, props?: AuthProps);
-    /*****************************************************************************
-     *
-     * Auth Support
-     *
-     ****************************************************************************/
     protected createUserPoolKmsKey(): IKey;
-    protected createUserPool(props?: UserPoolProps): IUserPool;
-    protected createUserPoolClient(props: {
-        userPool: IUserPool;
-    }): IUserPoolClient;
-    protected createUserPoolDomain(props: {
-        userPool: IUserPool;
-    }): IUserPoolDomain;
-}
-interface OpenHiAuthServiceProps extends OpenHiServiceProps {
     /**
-     * Optional props for the auth construct.
+     * Creates the Cognito User Pool and exports its ID to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolFromConstruct}.
+     * Override to customize.
      */
-    readonly authProps?: AuthProps;
-}
-/**
- * OpenHI Auth Service stack.
- *
- * @remarks
- * The Auth service manages authentication infrastructure including:
- * - Cognito User Pool for user management and authentication
- * - User Pool Client for application integration
- * - User Pool Domain for hosting the Cognito hosted UI
- * - KMS Key for Cognito User Pool encryption
- *
- * Only one instance of the auth service should exist per environment.
- *
- * @public
- */
-declare class OpenHiAuthService extends OpenHiService {
-    props: OpenHiAuthServiceProps;
+    protected createUserPool(): IUserPool;
     /**
-     * Auth construct containing authentication resources.
+     * Creates the User Pool Client and exports its ID to SSM (AUTH service type).
+     * Look up via {@link OpenHiAuthService.userPoolClientFromConstruct}.
+     * Override to customize.
      */
-    readonly auth: Auth;
-    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiAuthServiceProps);
+    protected createUserPoolClient(): IUserPoolClient;
+    /**
+     * Creates the User Pool Domain (Cognito hosted UI) and exports domain name to SSM.
+     * Look up via {@link OpenHiAuthService.userPoolDomainFromConstruct}.
+     * Override to customize.
+     */
+    protected createUserPoolDomain(): IUserPoolDomain;
 }
-interface GlobalProps {
+interface OpenHiGlobalServiceProps extends OpenHiServiceProps {
+}
+/**
+ * Global Infrastructure stack: owns global DNS and certificates.
+ * Resources (root zone, optional child zone, wildcard cert) are created
+ * in protected methods; subclasses may override to customize.
+ */
+declare class OpenHiGlobalService extends OpenHiService {
+    static readonly SERVICE_TYPE = "global";
     /**
-     * Root zone configuration attributes. Zone name is required, hosted zone ID
-     * is optional.
+     * Returns an IHostedZone from the given attributes (no SSM). Use when the zone is imported from config.
      */
-    readonly rootHostedZoneAttributes: HostedZoneAttributes;
+    static rootHostedZoneFromConstruct(scope: Construct, props: HostedZoneAttributes): IHostedZone;
     /**
-     * Child zone configuration attributes. Zone name is required, hosted zone ID
-     * is optional.
+     * Returns an ICertificate by looking up the Global stack's wildcard cert ARN from SSM.
      */
-    readonly childHostedZoneAttributes?: SetOptional<HostedZoneAttributes, "hostedZoneId">;
-}
-/**
- * Global construct: owns global infrastructure (e.g. DNS and certificate resources).
- */
-declare class Global extends Construct {
-    props: GlobalProps;
+    static rootWildcardCertificateFromConstruct(scope: Construct): ICertificate;
     /**
-     * Root hosted zone when config provides zoneName.
+     * Returns an IHostedZone by looking up the child hosted zone ID from SSM. Defaults to GLOBAL service type.
      */
+    static childHostedZoneFromConstruct(scope: Construct, props: {
+        zoneName: string;
+        serviceType?: OpenHiServiceType;
+    }): IHostedZone;
+    get serviceType(): string;
     readonly rootHostedZone: IHostedZone;
+    readonly childHostedZone?: IHostedZone;
+    readonly rootWildcardCertificate: ICertificate;
+    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiGlobalServiceProps);
     /**
-     * Child hosted zone when root zone exists.
+     * Validates that config required for the Global stack is present.
      */
-    readonly childHostedZone?: IHostedZone;
+    protected validateConfig(props: OpenHiGlobalServiceProps): void;
     /**
-     * Root wildcard certificate.
+     * Creates the root hosted zone (imported via attributes from config).
+     * Override to customize or create the zone.
      */
-    readonly rootWildcardCertificate: ICertificate;
-    constructor(scope: Construct, id: string, props: GlobalProps);
-}
-interface OpenHiGlobalServiceProps extends OpenHiServiceProps {
-}
-/**
- * Global Infrastructure stack: owns global DNS and certificates
- */
-declare class OpenHiGlobalService extends OpenHiService {
+    protected createRootHostedZone(): IHostedZone;
     /**
-     * Global construct.
+     * Creates the optional child hosted zone (e.g. branch subdomain).
+     * Override to create a child zone when config provides childHostedZoneAttributes.
+     * If you create a ChildHostedZone, also create a DiscoverableStringParameter
+     * with ChildHostedZone.SSM_PARAM_NAME and the zone's hostedZoneId.
      */
-    readonly global: Global;
-    constructor(ohEnv: OpenHiEnvironment, props?: OpenHiGlobalServiceProps);
-}
-declare class CoreHttpApi extends HttpApi {
+    protected createChildHostedZone(): IHostedZone | undefined;
     /**
-     * Used when storing the API ID in SSM.
+     * Creates the root wildcard certificate. On main branch, creates a new cert
+     * with DNS validation; otherwise imports from SSM.
+     * Override to customize certificate creation.
      */
-    static readonly SSM_PARAM_NAME = "CORE_HTTP_API";
-    static fromConstruct(scope: Construct): IHttpApi;
-    constructor(scope: Construct, props?: HttpApiProps);
+    protected createRootWildcardCertificate(): ICertificate;
 }
 interface OpenHiRestApiServiceProps extends OpenHiServiceProps {
@@ -639,26 +670,119 @@ interface OpenHiRestApiServiceProps extends OpenHiServiceProps {
 declare const REST_API_BASE_URL_SSM_NAME = "REST_API_BASE_URL";
 /**
  * REST API service stack: HTTP API, custom domain, and Lambda; exports base URL via SSM.
+ * Resources are created in protected methods; subclasses may override to customize.
  */
 declare class OpenHiRestApiService extends OpenHiService {
-    readonly coreHttpApi: CoreHttpApi;
+    static readonly SERVICE_TYPE = "rest-api";
+    /**
+     * Returns an IHttpApi by looking up the REST API stack's HTTP API ID from SSM.
+     */
+    static rootHttpApiFromConstruct(scope: Construct): IHttpApi;
+    /**
+     * Returns the REST API base URL (e.g. https://api.example.com) by looking it up from SSM.
+     * Use in other stacks for E2E, scripts, or config.
+     */
+    static restApiBaseUrlFromConstruct(scope: Construct): string;
+    get serviceType(): string;
+    readonly rootHttpApi: RootHttpApi;
     constructor(ohEnv: OpenHiEnvironment, props?: OpenHiRestApiServiceProps);
+    /**
+     * Validates that config required for the REST API stack is present.
+     */
+    protected validateConfig(props: OpenHiRestApiServiceProps): void;
+    /**
+     * Creates the hosted zone reference (imported from config).
+     * Override to customize.
+     */
+    protected createHostedZone(): IHostedZone;
+    /**
+     * Creates the wildcard certificate (imported from Global stack via SSM).
+     * Override to customize.
+     */
+    protected createCertificate(): ICertificate;
+    /**
+     * Returns the API domain name string (e.g. api.example.com or api-{prefix}.example.com).
+     * Override to customize.
+     */
+    protected createApiDomainNameString(hostedZone: IHostedZone): string;
+    /**
+     * Creates the SSM parameter for the REST API base URL.
+     * Look up via {@link OpenHiRestApiService.restApiBaseUrlFromConstruct}.
+     * Override to customize.
+     */
+    protected createRestApiBaseUrlParameter(apiDomainName: string): void;
+    /**
+     * Creates the API Gateway custom domain name resource.
+     * Override to customize.
+     */
+    protected createDomainName(_hostedZone: IHostedZone, certificate: ICertificate): DomainName;
+    /**
+     * Creates the Lambda integration, HTTP routes, and API DNS record.
+     * Override to customize. Uses {@link rootHttpApi} set by the constructor.
+     */
+    protected createRestApiLambdaAndRoutes(hostedZone: IHostedZone, domainName: DomainName): void;
+    /**
+     * Creates the Root HTTP API with default domain mapping and exports API ID to SSM.
+     * Look up via {@link OpenHiRestApiService.rootHttpApiFromConstruct}.
+     * Override to customize.
+     */
+    protected createRootHttpApi(domainName: DomainName): RootHttpApi;
 }
 interface OpenHiDataServiceProps extends OpenHiServiceProps {
 }
 /**
- * Data storage service stack: centralizes DynamoDB, S3, and other persistence
- * resources for OpenHI. Creates the single-table data store (CRM, CMS, ERP,
- * EHR); add buckets or other resources as needed.
+ * Data storage service stack: centralizes DynamoDB, S3, EventBridge event buses,
+ * and other persistence resources for OpenHI. Creates the single-table data store
+ * (CRM, CMS, ERP, EHR) and the data/ops event buses in protected methods;
+ * subclasses may override to customize.
  */
 declare class OpenHiDataService extends OpenHiService {
+    static readonly SERVICE_TYPE = "data";
     /**
-     * The single-table DynamoDB data store. Use {@link DynamoDbDataStore.fromConstruct}
+     * Returns the data event bus by name (deterministic per branch). Use from other stacks to obtain an IEventBus reference.
+     */
+    static dataEventBusFromConstruct(scope: Construct): IEventBus;
+    /**
+     * Returns the ops event bus by name (deterministic per branch). Use from other stacks to obtain an IEventBus reference.
+     */
+    static opsEventBusFromConstruct(scope: Construct): IEventBus;
+    /**
+     * Returns the data store table by name. Use from other stacks (e.g. REST API Lambda) to obtain an ITable reference.
+     */
+    static dynamoDbDataStoreFromConstruct(scope: Construct, id?: string): ITable;
+    get serviceType(): string;
+    /**
+     * Event bus for data-related events (ingestion, transformation, storage).
+     * Other stacks obtain it via {@link OpenHiDataService.dataEventBusFromConstruct}.
+     */
+    readonly dataEventBus: IEventBus;
+    /**
+     * Event bus for operational events (monitoring, alerting, system health).
+     * Other stacks obtain it via {@link OpenHiDataService.opsEventBusFromConstruct}.
+     */
+    readonly opsEventBus: IEventBus;
+    /**
+     * The single-table DynamoDB data store. Use {@link OpenHiDataService.dynamoDbDataStoreFromConstruct}
      * from other stacks to obtain an ITable reference by name.
      */
     readonly dataStore: ITable;
     constructor(ohEnv: OpenHiEnvironment, props?: OpenHiDataServiceProps);
+    /**
+     * Creates the data event bus.
+     * Override to customize.
+     */
+    protected createDataEventBus(): IEventBus;
+    /**
+     * Creates the ops event bus.
+     * Override to customize.
+     */
+    protected createOpsEventBus(): IEventBus;
+    /**
+     * Creates the single-table DynamoDB data store.
+     * Override to customize.
+     */
+    protected createDataStore(): ITable;
 }
-export { type BuildParameterNameProps, DiscoverableStringParameter, type DiscoverableStringParameterProps, OPEN_HI_SERVICE_TYPE, OpenHiApp, type OpenHiAppProps, OpenHiAuthService, type OpenHiAuthServiceProps, OpenHiCoreService, type OpenHiCoreServiceProps, OpenHiDataService, type OpenHiDataServiceProps, OpenHiEnvironment, type OpenHiEnvironmentProps, OpenHiGlobalService, type OpenHiGlobalServiceProps, OpenHiRestApiService, type OpenHiRestApiServiceProps, OpenHiService, type OpenHiServiceProps, type OpenHiServiceType, OpenHiStage, type OpenHiStageProps, REST_API_BASE_URL_SSM_NAME };
+export { type BuildParameterNameProps, ChildHostedZone, type ChildHostedZoneProps, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, DataEventBus, DiscoverableStringParameter, type DiscoverableStringParameterProps, DynamoDbDataStore, type DynamoDbDataStoreProps, OpenHiApp, type OpenHiAppProps, OpenHiAuthService, type OpenHiAuthServiceProps, OpenHiDataService, type OpenHiDataServiceProps, OpenHiEnvironment, type OpenHiEnvironmentProps, OpenHiGlobalService, type OpenHiGlobalServiceProps, OpenHiRestApiService, type OpenHiRestApiServiceProps, OpenHiService, type OpenHiServiceProps, type OpenHiServiceType, OpenHiStage, type OpenHiStageProps, OpsEventBus, REST_API_BASE_URL_SSM_NAME, RootGraphqlApi, type RootGraphqlApiProps, RootHostedZone, RootHttpApi, RootWildcardCertificate, getDynamoDbDataStoreTableName };