@openhi/constructs 0.0.103 → 0.0.105

package/lib/provision-default-workspace.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts","../src/data/dynamo/dynamo-control-service.ts","../src/data/dynamo/dynamo-client.ts","../src/data/dynamo/entities/control/configuration-entity.ts","../src/data/dynamo/shard.ts","../src/data/dynamo/entities/control/control-entity-common.ts","../src/data/dynamo/entities/control/membership-entity.ts","../src/data/dynamo/entities/control/role-entity.ts","../src/data/dynamo/entities/control/roleassignment-entity.ts","../src/data/dynamo/entities/control/tenant-entity.ts","../src/data/dynamo/entities/control/user-entity.ts","../src/data/dynamo/entities/control/workspace-entity.ts","../src/data/operations/control/membership/membership-create-operation.ts","../src/data/operations/control/roleassignment/roleassignment-create-operation.ts","../src/data/operations/control/tenant/tenant-create-operation.ts","../src/data/operations/control/user/user-create-operation.ts","../src/data/operations/control/user/user-find-by-sub-operation.ts","../src/data/operations/data-operations-common.ts","../src/lib/compression.ts","../src/data/operations/control/user/user-update-operation.ts","../src/data/operations/control/user/user-resource-helpers.ts","../src/data/operations/control/workspace/workspace-create-operation.ts","../src/data/operations/fhir-reference.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\nimport { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport type { EventBridgeEvent } from \"aws-lambda\";\nimport {\n  PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  type ProvisionDefaultWorkspaceRequestedDetail,\n} from \"./events\";\nimport { getDynamoControlService } from \"../../../data/dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../data/openhi-context\";\nimport { createMembershipOperation } from \"../../../data/operations/control/membership/membership-create-operation\";\nimport { createRoleAssignmentOperation } from \"../../../data/operations/control/roleassignment/roleassignment-create-operation\";\nimport { createTenantOperation } from \"../../../data/operations/control/tenant/tenant-create-operation\";\nimport {\n  findUserBySubOperation,\n  parseUserResource,\n} from \"../../../data/operations/control/user\";\nimport { createWorkspaceOperation } from \"../../../data/operations/control/workspace/workspace-create-operation\";\nimport { idFromReference } from \"../../../data/operations/fhir-reference\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/user-onboarding/provision-default-workspace.handler.md\n *\n * EventBridge workflow handler that provisions the default control-plane\n * records for a newly confirmed Cognito user.\n */\ntype ProvisionDefaultWorkspaceEvent = EventBridgeEvent<\n  typeof PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  ProvisionDefaultWorkspaceRequestedDetail\n>;\n\nconst CURRENT_SK = \"CURRENT\";\nconst VID = \"1\";\n\n// Store the same compact summary shape used by control-plane entities.\nconst summaryFor = (resource: Record<string, unknown>): string => {\n  return JSON.stringify(extractSummary(resource as FhirResourceLike));\n};\n\n// Make onboarding writes replay-safe by deriving deterministic record ids.\nconst stableOnboardingId = (kind: string, cognitoSub: string): string => {\n  return createHash(\"sha256\")\n    .update(kind)\n    .update(\"\\0\")\n    .update(cognitoSub)\n    .digest(\"hex\")\n    .slice(0, 26)\n    .toUpperCase();\n};\n\nexport const handler = async (\n  event: ProvisionDefaultWorkspaceEvent,\n): Promise<void> => {\n  // Events without a Cognito subject cannot be tied to a stable User.\n  const detail = event.detail;\n  if (!detail?.cognitoSub) {\n    console.warn(\n      \"ProvisionDefaultWorkspace: event missing cognitoSub; skipping\",\n    );\n    return;\n  }\n\n  // If onboarding already completed, leave existing records untouched.\n  // The lookup runs before tenant/workspace exist, so use a synthetic\n  // placeholder context — findUserBySubOperation does not read its fields.\n  const service = getDynamoControlService();\n  const existingUser = await findUserBySubOperation({\n    context: {\n      tenantId: \"\",\n      workspaceId: \"\",\n      date: \"\",\n      actorId: \"\",\n      actorName: \"\",\n      actorType: \"internal-system\",\n    },\n    cognitoSub: detail.cognitoSub,\n  });\n  const existingResource = existingUser\n    ? parseUserResource(existingUser.resource)\n    : undefined;\n  const existingTenantId = idFromReference(\n    existingResource?.currentTenant?.reference,\n    \"Tenant/\",\n  );\n  const existingWorkspaceId = idFromReference(\n    existingResource?.currentWorkspace?.reference,\n    \"Workspace/\",\n  );\n\n  if (existingUser && existingTenantId && existingWorkspaceId) {\n    return;\n  }\n\n  const displayName =\n    detail.displayName ||\n    detail.email ||\n    event.resources?.[0] ||\n    detail.cognitoSub;\n  const userId =\n    existingUser?.id ??\n    detail.userId ??\n    stableOnboardingId(\"user\", detail.cognitoSub);\n  const tenantId = stableOnboardingId(\"tenant\", detail.cognitoSub);\n  const workspaceId = stableOnboardingId(\"workspace\", detail.cognitoSub);\n  const userTenantMembershipId = stableOnboardingId(\n    \"tenant-membership\",\n    detail.cognitoSub,\n  );\n  const userWorkspaceMembershipId = stableOnboardingId(\n    \"workspace-membership\",\n    detail.cognitoSub,\n  );\n  const roleAssignmentId = stableOnboardingId(\n    \"tenant-user-role-assignment\",\n    detail.cognitoSub,\n  );\n\n  const lastUpdated = new Date().toISOString();\n\n  // Synthesized OpenHI context for internal-system writes during onboarding.\n  const context: OpenHiContext = {\n    tenantId,\n    workspaceId,\n    date: lastUpdated,\n    actorId: userId,\n    actorName: displayName,\n    actorType: \"internal-system\",\n  };\n\n  const tenantResource = {\n    id: tenantId,\n    displayName: `${displayName}'s Practice`,\n    status: \"active\",\n  };\n  const workspaceResource = {\n    id: workspaceId,\n    displayName: \"Default Workspace\",\n    status: \"active\",\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userResource = {\n    ...(existingResource ?? {}),\n    resourceType: \"User\",\n    id: userId,\n    name: existingResource?.name ?? [{ text: displayName }],\n    status: \"active\",\n    currentTenant: { reference: `Tenant/${tenantId}` },\n    currentWorkspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const userTenantMembershipResource = {\n    id: userTenantMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userWorkspaceMembershipResource = {\n    id: userWorkspaceMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    workspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const roleAssignmentResource = {\n    id: roleAssignmentId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    role: \"tenant-user\",\n  };\n\n  await createTenantOperation({\n    context,\n    body: { id: tenantId, resource: tenantResource },\n  });\n\n  await createWorkspaceOperation({\n    context,\n    body: { id: workspaceId, resource: workspaceResource },\n  });\n\n  // Direct User put/patch: no User operation supports the cognitoSub set or\n  // partial-repair flow yet, so onboarding writes the User record inline.\n  if (existingUser) {\n    await service.entities.user\n      .patch({ id: userId, sk: CURRENT_SK })\n      .set({\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        cognitoSub: detail.cognitoSub,\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  } else {\n    await service.entities.user\n      .put({\n        id: userId,\n        cognitoSub: detail.cognitoSub,\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  }\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userTenantMembershipId,\n      resource: userTenantMembershipResource,\n    },\n  });\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userWorkspaceMembershipId,\n      resource: userWorkspaceMembershipResource,\n    },\n  });\n\n  await createRoleAssignmentOperation({\n    context,\n    body: { id: roleAssignmentId, resource: roleAssignmentResource },\n  });\n};\n","import { Service } from \"electrodb\";\nimport { defaultTableName, dynamoClient } from \"./dynamo-client\";\nimport { ConfigurationEntity } from \"./entities/control/configuration-entity\";\nimport { MembershipEntity } from \"./entities/control/membership-entity\";\nimport { RoleEntity } from \"./entities/control/role-entity\";\nimport { RoleAssignmentEntity } from \"./entities/control/roleassignment-entity\";\nimport { TenantEntity } from \"./entities/control/tenant-entity\";\nimport { UserEntity } from \"./entities/control/user-entity\";\nimport { WorkspaceEntity } from \"./entities/control/workspace-entity\";\n\n/**\n * Control-plane entities only (service \"control\"). Same table as data plane; use\n * DynamoDataService for data-plane entities.\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n */\n\nconst controlPlaneEntities = {\n  configuration: ConfigurationEntity,\n  membership: MembershipEntity,\n  role: RoleEntity,\n  roleAssignment: RoleAssignmentEntity,\n  tenant: TenantEntity,\n  user: UserEntity,\n  workspace: WorkspaceEntity,\n};\n\nconst controlPlaneService = new Service(controlPlaneEntities, {\n  table: defaultTableName,\n  client: dynamoClient,\n});\n\n/**\n * Control-plane service: entities for configuration and control. Use with the\n * data store table (PK, SK, GSI1; UserEntity also uses GSI2).\n */\nexport const DynamoControlService = {\n  entities: controlPlaneService.entities,\n};\n\nexport type DynamoControlServiceType = typeof DynamoControlService;\n\n/**\n * Returns the control-plane service. Table name is resolved from tableName (optional override),\n * then DYNAMO_TABLE_NAME, then \"jesttesttable\".\n */\nexport function getDynamoControlService(\n  tableName?: string,\n): DynamoControlServiceType {\n  const resolved = tableName ?? defaultTableName;\n  const service = new Service(controlPlaneEntities, {\n    table: resolved,\n    client: dynamoClient,\n  });\n  return {\n    entities: service.entities,\n  };\n}\n","import { DynamoDBClient } from \"@aws-sdk/client-dynamodb\";\n\n/**\n * DynamoDB table name for the data store. Set via DYNAMO_TABLE_NAME at runtime\n * (e.g. from Lambda env); defaults for local/test.\n */\nexport const defaultTableName =\n  process.env.DYNAMO_TABLE_NAME ?? \"jesttesttable\";\n\n/**\n * DynamoDB client. When MOCK_DYNAMODB_ENDPOINT is set (e.g. local DynamoDB or\n * jest-dynalite), uses that endpoint with no SSL and region \"local\".\n */\nexport const dynamoClient = new DynamoDBClient({\n  ...(process.env.MOCK_DYNAMODB_ENDPOINT && {\n    endpoint: process.env.MOCK_DYNAMODB_ENDPOINT,\n    sslEnabled: false,\n    region: \"local\",\n  }),\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Configuration data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Partially tenant-isolated, control plane. Cascade of scope\n * levels: resolution order user → workspace → tenant → baseline. Sentinels: tenantId \"BASELINE\" for\n * baseline tier; workspaceId/userId/roleId \"-\" for absent dimension.\n *\n * Key structure: PK = CONFIG#TID#<tenantId>#WID#<workspaceId>#UID#<userId>#RID#<roleId>,\n * SK = KEY#<key>#SK#<sk>. Uniqueness: one Configuration per (tenantId, workspaceId, userId, roleId, key).\n * Standard attributes and key-building conventions align with single-table design.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Configuration entries in a tenant/workspace\n * across the four shards.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entities/configuration.md\n * @see sites/www-docs/content/architecture/control-plane/configuration.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entity-standards.md — Key-building conventions (keys built inside entity)\n */\nexport const ConfigurationEntity = new Entity({\n  model: {\n    entity: \"configuration\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key. \"CURRENT\" for current version; version history in S3. */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant scope. Use \"BASELINE\" when the config is baseline default (no tenant). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"BASELINE\",\n    },\n    /** Workspace scope. Use \"-\" when absent. */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** User scope. Use \"-\" when absent. */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Role scope. Use \"-\" when absent. */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Config type (category), e.g. endpoints, branding, display. */\n    key: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL and for the Configuration resource. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Payload as JSON string. JSON.stringify(resource) on write; JSON.parse(item.resource) on read. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, key, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). Tracks current version; S3 history key. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK, SK (data store key names). PK is built from tenantId, workspaceId, userId, roleId; SK is built from key and sk. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"userId\", \"roleId\"],\n        template:\n          \"CONFIG#TID#${tenantId}#WID#${workspaceId}#UID#${userId}#RID#${roleId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"key\", \"sk\"],\n        template: \"KEY#${key}#SK#${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Configuration entries for a\n     * (tenant, workspace) across the four shards. Use for \"list configs scoped to this tenant\"\n     * (workspaceId = \"-\") or \"list configs scoped to this workspace\". Does not support\n     * hierarchical resolution in one query; use base table GetItem in fallback order\n     * (user → workspace → tenant → baseline) for that.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"gsi1Shard\"],\n        template:\n          \"TID#${tenantId}#WID#${workspaceId}#RT#Configuration#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","/**\n * Shard selection for the data-plane single-table GSI1 partitioning per ADR-011.\n *\n * GSI1's partition key embeds a `SHARD#<n>` segment with `n = computeShard(id)`.\n * The hash is deterministic so updates to the same resource id always land on\n * the same shard (no cross-shard migration on update); reads fan out to all\n * shards in parallel and merge by SK.\n *\n * @see sites/www-docs/content/architecture/adr/ — ADR-011 (single-table DynamoDB)\n */\n\n/** Number of shards in the GSI1 partition key. Fixed at 4 in v1; raising it later is a backfill, not a schema migration. */\nexport const SHARD_COUNT = 4;\n\n/**\n * Returns a deterministic shard index in [0, SHARD_COUNT) for the given resource id.\n *\n * Implementation: 32-bit FNV-1a over the UTF-16 code units of the id, modulo SHARD_COUNT.\n * The function is pure and stable; the same id always returns the same shard.\n *\n * ESLint's `no-bitwise` rule is disabled inside this function because FNV-1a is\n * defined in terms of XOR and unsigned-right-shift — the bitwise ops are the\n * algorithm, not an accidental logical-operator confusion.\n */\nexport function computeShard(id: string): number {\n  /* eslint-disable no-bitwise */\n  let hash = 0x811c9dc5;\n  for (let i = 0; i < id.length; i++) {\n    hash ^= id.charCodeAt(i);\n    hash = Math.imul(hash, 0x01000193);\n  }\n  return (hash >>> 0) % SHARD_COUNT;\n  /* eslint-enable no-bitwise */\n}\n","import { computeShard } from \"../../shard\";\n\n/**\n * Shared GSI1 shard attribute for control-plane entities.\n *\n * Control-plane entities (User, Tenant, Workspace, Membership, Role, RoleAssignment,\n * Configuration) use the same `TID#/WID#/RT#/SHARD#` PK shape on GSI1 as data-plane\n * FHIR resources per ADR-011. The shard index is derived deterministically from `id`\n * via `computeShard` so updates always land on the same shard. Stored as a string\n * because it appears as a literal segment in the GSI1 PK template; the underlying\n * value is 0..3.\n *\n * Not `required` because the value is derived via `watch`/`set`; ElectroDB's\n * required-field check runs before watch propagation, so callers must not fail\n * validation on a derived field.\n */\nexport const gsi1ShardAttribute = {\n  type: \"string\" as const,\n  watch: [\"id\"] as const,\n  set: (_val?: string, item?: { id?: string }) => {\n    if (typeof item?.id !== \"string\" || item.id.length === 0) {\n      return undefined;\n    }\n    return String(computeShard(item.id));\n  },\n};\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Membership data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Membership links a User\n * to a Tenant (and optionally a Workspace). One record per (tenantId, id).\n *\n * Key structure: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT.\n * Uniqueness: one Membership per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Memberships in a tenant across the four\n * shards. Membership is tenant-scoped (not workspace-scoped), so the GSI1 PK uses `WID#-` as a\n * sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const MembershipEntity = new Entity({\n  model: {\n    entity: \"membership\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the user has membership (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; membership id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Membership resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#MEMBERSHIP#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Memberships for a tenant across the\n     * four shards. Membership is tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Membership#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Role data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. Role is a\n * platform-wide role catalog (e.g. tenant-admin, tenant-user, system-admin); not scoped by tenant.\n * RoleAssignment references Role to assign a role to a User in a Tenant/Workspace context.\n *\n * Key structure: PK = ROLE#ID#<id>, SK = CURRENT.\n * The ROLE# prefix prevents key collisions with other non-tenant-isolated entities (User, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one Role per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Roles across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleEntity = new Entity({\n  model: {\n    entity: \"role\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; role id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Role resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = ROLE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"ROLE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Roles across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#Role#SHARD#<n>`.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Role#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * RoleAssignment data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. RoleAssignment assigns\n * a Role to a User in a Tenant (and optionally Workspace) context.\n *\n * Key structure: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT.\n * Uniqueness: one RoleAssignment per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all RoleAssignments in a tenant across the four\n * shards. Tenant-scoped only (workspace context lives inside the resource), so the GSI1 PK uses\n * `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleAssignmentEntity = new Entity({\n  model: {\n    entity: \"roleassignment\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the role assignment applies (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; role assignment id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full RoleAssignment resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#ROLEASSIGNMENT#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all RoleAssignments for a tenant across the\n     * four shards. Tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#RoleAssignment#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Tenant data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Tenant IS the top scope;\n * the workspace dimension is not applicable and uses the sentinel `TENANT`. The tenant's own `id`\n * is stored as `tenantId` to drive the partition key.\n *\n * Key structure: PK = TENANT#ID#<tenantId>, SK = CURRENT.\n * Uniqueness: one Tenant per tenantId (id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Tenants across the four shards. Tenant has\n * no parent tenant or workspace, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const TenantEntity = new Entity({\n  model: {\n    entity: \"tenant\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** The tenant's own id (= resource id). Drives the partition key. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. Equals tenantId. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Tenant resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TENANT#ID#<tenantId>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\"],\n        template: \"TENANT#ID#${tenantId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Tenants across the four shards.\n     * Tenant lives at the platform tier (no parent tenant or workspace), so `TID#-#WID#-`\n     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is `<ISO-8601 lastUpdated>#<id>` (control-plane\n     * unlabeled per DR-004). `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Tenant#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * User data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. User is a\n * platform-wide identity; association with tenants and workspaces is through Membership and\n * RoleAssignment, not the User entity's own key.\n *\n * Key structure: PK = USER#ID#<id>, SK = CURRENT.\n * The USER# prefix prevents key collisions with other non-tenant-isolated entities (Role, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one User per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Users across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n * GSI2 — Cognito sub-lookup per ADR-011: resolves a UserEntity from a Cognito `sub` claim\n * (`USER#SUB#<cognitoSub>` PK, `CURRENT` SK). The `cognitoSub` attribute is populated by the\n * Post Confirmation Lambda (Epic #765 / #770); kept optional here until that write path lands.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-11-01-user-type-definition-fhir-and-data-layer.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const UserEntity = new Entity({\n  model: {\n    entity: \"user\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; platform user id (ohi_uid). */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full User resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Immutable Cognito-issued `sub` claim. Drives GSI2 (sub-lookup). Optional until the\n     * Post Confirmation Lambda (#770) lands; required thereafter.\n     */\n    cognitoSub: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = USER#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"USER#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Users across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#User#SHARD#<n>`.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z` characters.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#User#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n\n    /**\n     * GSI2 — Cognito sub-lookup per ADR-011: resolves the UserEntity from a Cognito `sub` claim.\n     * `condition` skips the index when `cognitoSub` is missing so legacy items without a sub are\n     * not indexed.\n     */\n    gsi2: {\n      index: \"GSI2\",\n      condition: (attrs: { cognitoSub?: string }) =>\n        typeof attrs.cognitoSub === \"string\" && attrs.cognitoSub.length > 0,\n      pk: {\n        field: \"GSI2PK\",\n        casing: \"none\" as const,\n        composite: [\"cognitoSub\"],\n        template: \"USER#SUB#${cognitoSub}\",\n      },\n      sk: {\n        field: \"GSI2SK\",\n        casing: \"none\" as const,\n        composite: [],\n        template: \"CURRENT\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Workspace data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Each workspace belongs\n * to exactly one tenant; both tenantId and workspace id are in the partition key.\n *\n * Key structure: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT.\n * Uniqueness: one Workspace per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Workspaces in a tenant across the four\n * shards. Workspace is itself the workspace identity, so the GSI1 PK uses `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const WorkspaceEntity = new Entity({\n  model: {\n    entity: \"workspace\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant that contains this workspace (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Workspace resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Workspaces for a tenant across the\n     * four shards. Workspace is itself the workspace identity, so `WID#-` is a sentinel.\n     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).\n     * `casing: \"none\"` on the SK preserves ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Workspace#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"lastUpdated\", \"id\"],\n        template: \"${lastUpdated}#${id}\",\n      },\n    },\n  },\n});\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface MembershipCreateParams {\n  context: OpenHiContext;\n  body: { id?: string; resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface MembershipCreateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function createMembershipOperation(\n  params: MembershipCreateParams,\n): Promise<MembershipCreateResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `membership-${Date.now()}`;\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `1`;\n\n  const resource = { resourceType: \"Membership\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.membership\n    .put({\n      tenantId: context.tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface RoleAssignmentCreateParams {\n  context: OpenHiContext;\n  body: { id?: string; resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface RoleAssignmentCreateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function createRoleAssignmentOperation(\n  params: RoleAssignmentCreateParams,\n): Promise<RoleAssignmentCreateResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `roleassignment-${Date.now()}`;\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `1`;\n\n  const resource = { resourceType: \"RoleAssignment\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.roleAssignment\n    .put({\n      tenantId: context.tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface CreateTenantParams {\n  context: OpenHiContext;\n  body: {\n    id?: string;\n    resource?: Record<string, unknown> | string;\n  };\n  tableName?: string;\n}\n\nexport interface CreateTenantResult {\n  id: string;\n  resource: Record<string, unknown>;\n  meta: { lastUpdated: string; versionId: string };\n}\n\n/**\n * Creates a Tenant. Generates an id if not provided.\n */\nexport async function createTenantOperation(\n  params: CreateTenantParams,\n): Promise<CreateTenantResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `tenant-${Date.now()}`;\n  const lastUpdated = context.date;\n  const vid =\n    lastUpdated.replace(/[-:T.Z]/g, \"\").slice(0, 12) || Date.now().toString(36);\n\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const resource = { resourceType: \"Tenant\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.tenant\n    .put({\n      tenantId: id,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return { id, resource, meta: { lastUpdated, versionId: vid } };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface UserCreateParams {\n  context: OpenHiContext;\n  body: { id?: string; resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface UserCreateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function createUserOperation(\n  params: UserCreateParams,\n): Promise<UserCreateResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `user-${Date.now()}`;\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `1`;\n\n  const resource = { resourceType: \"User\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.user\n    .put({\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface FindUserBySubParams {\n  context: OpenHiContext;\n  cognitoSub: string;\n  tableName?: string;\n}\n\nexport interface FindUserBySubResult {\n  id: string;\n  cognitoSub?: string;\n  resource: string;\n  vid: string;\n}\n\n/**\n * Look up a User by Cognito sub via GSI2, projecting the row to a stable\n * result shape. Returns `undefined` when no row matches.\n */\nexport async function findUserBySubOperation(\n  params: FindUserBySubParams,\n): Promise<FindUserBySubResult | undefined> {\n  const { cognitoSub, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const result = await service.entities.user.query\n    .gsi2({ cognitoSub })\n    .go({ limit: 1 });\n  const item = result.data?.[0];\n  if (!item) {\n    return undefined;\n  }\n  return {\n    id: item.id,\n    cognitoSub: item.cognitoSub,\n    resource: item.resource,\n    vid: item.vid,\n  };\n}\n","import { extractSortKey, extractSummary } from \"@openhi/types\";\nimport type { Meta, FhirResourceLike } from \"@openhi/types\";\nimport { compressResource, decompressResource } from \"../../lib/compression\";\nimport { mergeAuditIntoMeta, type MetaWithExtensions } from \"../audit-meta\";\nimport { SHARD_COUNT } from \"../dynamo/shard\";\nimport { NotFoundError } from \"../errors\";\nimport type { OpenHiContext } from \"../openhi-context\";\n\n/**\n * Sort key for the current record version. Matches Dynamo record index SK default.\n * Use this in get/update/delete (and create where applicable) for data-plane entities.\n */\nexport const DATA_ENTITY_SK = \"CURRENT\" as const;\n\n/** Base params for data-entity operations: context and optional table override. */\nexport interface BaseDataEntityParams {\n  context: OpenHiContext;\n  /** Optional table name override; resolved by data service from DYNAMO_TABLE_NAME when omitted. */\n  tableName?: string;\n}\n\n/** Params for get-by-id and delete (context + id + optional tableName). */\nexport interface GetByIdParams extends BaseDataEntityParams {\n  id: string;\n}\n\n/**\n * Mode for list operations introduced by #853 to back FHIR `_summary` opt-ins.\n *\n * - `full` (default): GSI1 fan-out → BatchGet hydration → full FHIR resource per entry.\n * - `summary`: GSI1 fan-out only; the `summary` JSON projected onto GSI1 is parsed and used\n *   as `resource` per entry. Skips BatchGet entirely — that's the cost win the FHIR spec\n *   intends `_summary=true` to deliver.\n * - `count`: GSI1 fan-out only; entries are dropped, only `total` is populated. Routes\n *   should pass `total` into `buildSearchsetBundle({ mode: \"count\", total })`.\n *\n * `_elements` is implemented at the route layer as `full` mode + post-hydration pruning,\n * since per-element pruning has to happen after decompression and is FHIR-spec-defined\n * (always retain root-level mandatories — see `prune-resource-by-elements.ts`).\n */\nexport type ListOperationMode = \"full\" | \"summary\" | \"count\";\n\n/** Params for list (context + optional tableName + optional mode for #853 `_summary`). */\nexport interface ListParams extends BaseDataEntityParams {\n  /** Defaults to `\"full\"` (current behavior); routes pass other modes for `_summary` opt-ins. */\n  mode?: ListOperationMode;\n}\n\n/** Result for create / get-by-id / update: single resource. */\nexport interface SingleResourceResult<T> {\n  id: string;\n  resource: T;\n}\n\n/** Entry shape for list results. */\nexport interface ListEntry<T> {\n  id: string;\n  resource: T;\n}\n\n/**\n * Result for list: entries array plus total count.\n *\n * - For `mode === \"full\"` and `mode === \"summary\"`, `total === entries.length`.\n * - For `mode === \"count\"`, `entries` is empty and `total` is the GSI1 fan-out count.\n *\n * Splitting `total` from `entries.length` lets count-mode routes report a true count\n * while skipping any per-entry work.\n */\nexport interface ListResult<T> {\n  entries: Array<ListEntry<T>>;\n  total: number;\n}\n\n/** Minimal entity shape for get (used by getDataEntityById). */\ninterface EntityWithGet {\n  get(params: {\n    tenantId: string;\n    workspaceId: string;\n    id: string;\n    sk: string;\n  }): { go(): Promise<{ data: { id: string; resource: string } | null }> };\n}\n\n/** Minimal entity shape for delete (used by deleteDataEntityById). */\ninterface EntityWithDelete {\n  delete(params: {\n    tenantId: string;\n    workspaceId: string;\n    id: string;\n    sk: string;\n  }): { go(): Promise<unknown> };\n}\n\n/**\n * Minimal entity shape for list via GSI1 + BatchGet hydration (used by listDataEntitiesByWorkspace).\n * GSI1 is sharded per ADR-011, so listing fans out to each shard and concatenates ids; the\n * `resource` attribute is NOT projected onto GSI1 (per the summary projection in\n * `dynamo-db-data-store.ts`), so the second phase BatchGets the base table for full items.\n *\n * GSI1 INCLUDE projection (per `dynamo-db-data-store.ts`) carries `summary`, `vid`, `lastUpdated`,\n * `createdDate`, `modifiedDate`, `createdById`, `modifiedById` alongside the key attributes.\n * `summary` is what `mode: \"summary\"` returns to the caller without hitting the base table.\n */\ninterface DataEntityWithListAndBatchGet {\n  query: {\n    gsi1(params: {\n      tenantId: string;\n      workspaceId: string;\n      gsi1Shard: string;\n    }): {\n      go(): Promise<{\n        data: Array<{\n          id: string;\n          summary?: string;\n          vid?: string;\n          lastUpdated?: string;\n          createdDate?: string;\n          modifiedDate?: string;\n          createdById?: string;\n          modifiedById?: string;\n        }> | null;\n      }>;\n    };\n  };\n  get(\n    keys: Array<{\n      tenantId: string;\n      workspaceId: string;\n      id: string;\n      sk: string;\n    }>,\n  ): {\n    go(): Promise<{\n      data: Array<{ id: string; resource: string }>;\n      unprocessed: Array<{\n        tenantId: string;\n        workspaceId: string;\n        id: string;\n        sk: string;\n      }>;\n    }>;\n  };\n}\n\n/** Minimal entity shape for put (used by createDataEntityRecord). */\ninterface EntityWithPut {\n  put(attrs: {\n    sk: string;\n    tenantId: string;\n    workspaceId: string;\n    id: string;\n    resource: string;\n    summary: string;\n    vid: string;\n    lastUpdated: string;\n    gsi1sk: string;\n  }): { go(): Promise<unknown> };\n}\n\n/** Minimal entity shape for patch (used by updateDataEntityById). */\ninterface EntityWithPatch {\n  get(params: {\n    tenantId: string;\n    workspaceId: string;\n    id: string;\n    sk: string;\n  }): { go(): Promise<{ data: { id: string; resource: string } | null }> };\n  patch(params: {\n    tenantId: string;\n    workspaceId: string;\n    id: string;\n    sk: string;\n  }): {\n    set(attrs: {\n      resource: string;\n      summary: string;\n      lastUpdated: string;\n      gsi1sk: string;\n    }): {\n      go(): Promise<unknown>;\n    };\n  };\n}\n\n/**\n * Get a single data-entity record by id. Decompresses and parses resource; throws NotFoundError if missing.\n * Use from get-by-id operations with the appropriate entity and resource type.\n */\nexport async function getDataEntityById<T>(\n  entity: EntityWithGet,\n  tenantId: string,\n  workspaceId: string,\n  id: string,\n  resourceLabel: string,\n): Promise<SingleResourceResult<T>> {\n  const result = await entity\n    .get({\n      tenantId,\n      workspaceId,\n      id,\n      sk: DATA_ENTITY_SK,\n    })\n    .go();\n\n  if (!result.data) {\n    throw new NotFoundError(`${resourceLabel} ${id} not found`, {\n      details: { id },\n    });\n  }\n\n  const parsed = JSON.parse(decompressResource(result.data.resource)) as T & {\n    id?: string;\n  };\n  return {\n    id: result.data.id,\n    resource: { ...parsed, id: result.data.id } as T,\n  };\n}\n\n/**\n * Delete a data-entity record by id. Idempotent (no-op if not found).\n * Use from delete operations with the appropriate entity.\n */\nexport async function deleteDataEntityById(\n  entity: EntityWithDelete,\n  tenantId: string,\n  workspaceId: string,\n  id: string,\n): Promise<void> {\n  await entity\n    .delete({\n      tenantId,\n      workspaceId,\n      id,\n      sk: DATA_ENTITY_SK,\n    })\n    .go();\n}\n\n/** Maximum total attempts (initial + retries) when hydrating list ids via BatchGet. */\nconst BATCH_GET_MAX_ATTEMPTS = 3;\n/** Base backoff in milliseconds applied to BatchGet retries; doubles each attempt. */\nconst BATCH_GET_BASE_BACKOFF_MS = 50;\n\n/** Minimal entity shape for BatchGet hydration on the base table; chunks of 100 are handled by ElectroDB. */\ninterface EntityWithBatchGet<TKey, TItem> {\n  get(keys: TKey[]): {\n    go(): Promise<{ data: TItem[]; unprocessed: TKey[] }>;\n  };\n}\n\n/**\n * BatchGet wrapper that retries `UnprocessedKeys` with exponential backoff. ElectroDB chunks the\n * input keys into groups of 100 internally, but does not retry unprocessed keys — DynamoDB can\n * return some keys unprocessed under throttling or partial failure, and the caller must reissue\n * them. Throws after `BATCH_GET_MAX_ATTEMPTS` if any keys remain unprocessed; intended for list\n * hydration (#854) where partial results would silently truncate the response.\n */\nexport async function batchGetWithRetry<TKey, TItem>(\n  entity: EntityWithBatchGet<TKey, TItem>,\n  keys: TKey[],\n): Promise<TItem[]> {\n  if (keys.length === 0) return [];\n\n  const collected: TItem[] = [];\n  let pending = keys;\n  let attempt = 0;\n\n  while (pending.length > 0) {\n    if (attempt > 0) {\n      await new Promise((resolve) =>\n        setTimeout(resolve, BATCH_GET_BASE_BACKOFF_MS * 2 ** (attempt - 1)),\n      );\n    }\n    attempt++;\n    const result = await entity.get(pending).go();\n    collected.push(...result.data);\n    const unprocessed = result.unprocessed ?? [];\n    if (unprocessed.length === 0) break;\n    if (attempt >= BATCH_GET_MAX_ATTEMPTS) {\n      throw new Error(\n        `BatchGet exhausted retries: ${unprocessed.length} key(s) still unprocessed after ${BATCH_GET_MAX_ATTEMPTS} attempt(s)`,\n      );\n    }\n    pending = unprocessed;\n  }\n\n  return collected;\n}\n\n/** GSI1 index item shape — what a sharded `gsi1.query().go()` returns per row. */\nexport interface ShardedListIndexItem {\n  id: string;\n  summary?: string;\n}\n\n/** Hooks that adapt a generic mode-dispatching list to a specific entity's hydration and entry shape. */\nexport interface DispatchListModeHooks<TItem, TEntry> {\n  /** Hydrate the base table for the given ids (typically `batchGetWithRetry(entity, keys)`). */\n  hydrate: (orderedIds: string[]) => Promise<TItem[]>;\n  /** Extract the canonical id from a hydrated item so it can be matched back to the GSI1 order. */\n  getId: (item: TItem) => string;\n  /** Build the result entry for `mode === \"full\"` from a hydrated base-table item. */\n  buildEntry: (id: string, item: TItem) => TEntry;\n  /** Build the result entry for `mode === \"summary\"` from the parsed GSI1 `summary` JSON. */\n  buildSummaryEntry: (\n    id: string,\n    parsedSummary: Record<string, unknown>,\n  ) => TEntry;\n}\n\n/**\n * Mode dispatcher shared by data-plane and control-plane list operations (#853).\n *\n * Given pre-fetched `shardResults` from a sharded GSI1 fan-out, returns either:\n * - `mode === \"count\"` — `{ entries: [], total }` where total is the sum of shard row counts.\n * - `mode === \"summary\"` — entries built from each shard row's parsed `summary` JSON; rows with\n *   missing or unparseable `summary` are dropped.\n * - `mode === \"full\"` — calls `hydrate(orderedIds)` (typically a BatchGet) and builds entries\n *   from hydrated items in per-shard GSI1 sort order; missing items are dropped.\n *\n * Lives here (alongside `listDataEntitiesByWorkspace`) because the same dispatch logic is needed\n * by every list operation that backs a FHIR list/search endpoint, including the seven\n * control-plane peers (User, Role, Tenant, Workspace, Membership, RoleAssignment, Configuration).\n */\nexport async function dispatchListMode<TItem, TEntry>(\n  mode: ListOperationMode,\n  shardResults: Array<{ data: Array<ShardedListIndexItem> | null }>,\n  hooks: DispatchListModeHooks<TItem, TEntry>,\n): Promise<{ entries: TEntry[]; total: number }> {\n  if (mode === \"count\") {\n    let total = 0;\n    for (const shardResult of shardResults) {\n      total += (shardResult.data ?? []).length;\n    }\n    return { entries: [], total };\n  }\n\n  if (mode === \"summary\") {\n    const entries: TEntry[] = [];\n    for (const shardResult of shardResults) {\n      for (const item of shardResult.data ?? []) {\n        if (typeof item.summary !== \"string\") continue;\n        let parsed: Record<string, unknown>;\n        try {\n          parsed = JSON.parse(item.summary) as Record<string, unknown>;\n        } catch {\n          continue;\n        }\n        entries.push(hooks.buildSummaryEntry(item.id, parsed));\n      }\n    }\n    return { entries, total: entries.length };\n  }\n\n  const orderedIds: string[] = [];\n  for (const shardResult of shardResults) {\n    for (const item of shardResult.data ?? []) {\n      orderedIds.push(item.id);\n    }\n  }\n\n  if (orderedIds.length === 0) return { entries: [], total: 0 };\n\n  const items = await hooks.hydrate(orderedIds);\n  const byId = new Map(items.map((item) => [hooks.getId(item), item]));\n\n  const entries: TEntry[] = [];\n  for (const id of orderedIds) {\n    const item = byId.get(id);\n    if (!item) continue;\n    entries.push(hooks.buildEntry(id, item));\n  }\n\n  return { entries, total: entries.length };\n}\n\n/**\n * List data-entity records in a workspace via GSI1.\n *\n * `mode` (default `\"full\"`) selects the read shape — see `dispatchListMode`. The data-plane\n * binding here adds the four-shard fan-out (per ADR-011) and the BatchGet hydration with\n * decompression for `mode === \"full\"`. K-way merge by `gsi1sk` is intentionally NOT done here\n * — full server-side natural sort lands with the FHIR list-endpoint plumbing that adds\n * pagination tokens.\n */\nexport async function listDataEntitiesByWorkspace<T>(\n  entity: DataEntityWithListAndBatchGet,\n  tenantId: string,\n  workspaceId: string,\n  mode: ListOperationMode = \"full\",\n): Promise<ListResult<T>> {\n  const shardResults = await Promise.all(\n    Array.from({ length: SHARD_COUNT }, (_, shard) =>\n      entity.query\n        .gsi1({ tenantId, workspaceId, gsi1Shard: String(shard) })\n        .go(),\n    ),\n  );\n\n  return dispatchListMode<{ id: string; resource: string }, ListEntry<T>>(\n    mode,\n    shardResults,\n    {\n      hydrate: (orderedIds) =>\n        batchGetWithRetry(\n          entity,\n          orderedIds.map((id) => ({\n            tenantId,\n            workspaceId,\n            id,\n            sk: DATA_ENTITY_SK,\n          })),\n        ),\n      getId: (item) => item.id,\n      buildEntry: (id, item) => {\n        const parsed = JSON.parse(decompressResource(item.resource)) as T & {\n          id?: string;\n        };\n        return { id, resource: { ...parsed, id } as T };\n      },\n      buildSummaryEntry: (id, parsed) => ({\n        id,\n        resource: { ...parsed, id } as T,\n      }),\n    },\n  );\n}\n\n/**\n * Create a data-entity record with put. Computes vid from lastUpdated (from resource meta or fallback).\n * Use from create operations (e.g. Practitioner, Encounter) that build the resource with audit in meta.\n */\nexport async function createDataEntityRecord<T>(\n  entity: EntityWithPut,\n  tenantId: string,\n  workspaceId: string,\n  id: string,\n  resourceWithAudit: T & { meta?: { lastUpdated?: string } },\n  fallbackDate: string,\n): Promise<SingleResourceResult<T>> {\n  const lastUpdated =\n    resourceWithAudit.meta?.lastUpdated ??\n    fallbackDate ??\n    new Date().toISOString();\n  const vid =\n    lastUpdated.replace(/[-:T.Z]/g, \"\").slice(0, 12) || Date.now().toString(36);\n\n  const resourceLike = resourceWithAudit as unknown as FhirResourceLike;\n  const summary = JSON.stringify(extractSummary(resourceLike));\n  const gsi1sk = extractSortKey(resourceLike);\n\n  await entity\n    .put({\n      sk: DATA_ENTITY_SK,\n      tenantId,\n      workspaceId,\n      id,\n      resource: compressResource(JSON.stringify(resourceWithAudit)),\n      summary,\n      vid,\n      lastUpdated,\n      gsi1sk,\n    })\n    .go();\n\n  return {\n    id,\n    resource: resourceWithAudit as T,\n  };\n}\n\n/**\n * Build an updated resource with audit in meta for use with updateDataEntityById.\n * Parses existing resource string for existing meta, merges body with id/resourceType/meta (versionId \"2\"),\n * then merges modified audit (modifiedDate, modifiedById, modifiedByName) into meta.\n * Use from update operations (Patient, Encounter, Practitioner) to avoid duplicating this logic.\n */\nexport function buildUpdatedResourceWithAudit<T extends { meta?: Meta }>(\n  body: T,\n  id: string,\n  date: string,\n  actorId: string,\n  actorName: string,\n  existingResourceStr: string,\n  resourceType: string,\n): {\n  resource: T & { id: string; meta: MetaWithExtensions };\n  lastUpdated: string;\n} {\n  const existingMeta: MetaWithExtensions | undefined = (\n    JSON.parse(existingResourceStr) as { meta?: MetaWithExtensions }\n  ).meta;\n\n  const bodyWithMeta = body as T & { id?: string; meta?: Meta };\n  const resourceWithVersion: T & { id: string; meta?: Meta } = {\n    ...body,\n    resourceType: resourceType as T[\"resourceType\"],\n    id,\n    meta: {\n      ...(bodyWithMeta.meta ?? {}),\n      lastUpdated: date,\n      versionId: \"2\",\n    },\n  };\n\n  const resourceWithAudit: T & { id: string; meta: MetaWithExtensions } = {\n    ...resourceWithVersion,\n    meta: mergeAuditIntoMeta(resourceWithVersion.meta ?? existingMeta, {\n      modifiedDate: date,\n      modifiedById: actorId,\n      modifiedByName: actorName,\n    }),\n  };\n\n  return {\n    resource: resourceWithAudit,\n    lastUpdated: date,\n  };\n}\n\n/**\n * Update a data-entity record by id: get existing, throw if not found, then call builder with\n * decompressed existing resource string; builder returns { resource, lastUpdated }; then patch.\n * Use from update operations with the appropriate entity and resource type.\n */\nexport async function updateDataEntityById<T>(\n  entity: EntityWithPatch,\n  tenantId: string,\n  workspaceId: string,\n  id: string,\n  resourceLabel: string,\n  context: OpenHiContext,\n  buildPatched: (existingResourceStr: string) => {\n    resource: unknown;\n    lastUpdated: string;\n  },\n): Promise<SingleResourceResult<T>> {\n  const existing = await entity\n    .get({\n      tenantId,\n      workspaceId,\n      id,\n      sk: DATA_ENTITY_SK,\n    })\n    .go();\n\n  if (!existing.data) {\n    throw new NotFoundError(`${resourceLabel} ${id} not found`, {\n      details: { id },\n    });\n  }\n\n  const existingStr = decompressResource(existing.data.resource);\n  const { resource, lastUpdated } = buildPatched(existingStr);\n\n  const resourceLike = resource as FhirResourceLike;\n  const summary = JSON.stringify(extractSummary(resourceLike));\n  const gsi1sk = extractSortKey(resourceLike);\n\n  await entity\n    .patch({\n      tenantId,\n      workspaceId,\n      id,\n      sk: DATA_ENTITY_SK,\n    })\n    .set({\n      resource: compressResource(JSON.stringify(resource)),\n      summary,\n      lastUpdated,\n      gsi1sk,\n    })\n    .go();\n\n  return {\n    id,\n    resource: resource as T,\n  };\n}\n","import { gzipSync, gunzipSync } from \"node:zlib\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/lib/compression.md\n */\n\n/** Envelope format version. See ADR 2026-02-15-02 (data layer compression). */\nconst ENVELOPE_VERSION = 1;\n\n/**\n * Compression algorithm identifiers supported by the envelope (string values).\n * Only algos that Node.js supports out of the box (zlib): gzip, brotli, deflate.\n * \"none\" = uncompressed payload. zstd was considered in the ADR but requires native addon/WASM.\n */\nexport const COMPRESSION_ALGOS = {\n  NONE: \"none\",\n  GZIP: \"gzip\",\n  BROTLI: \"brotli\",\n  DEFLATE: \"deflate\",\n} as const;\n\n/** Algorithm value for envelope `algo`; only gzip and none are implemented today. */\nexport type CompressionAlgo =\n  (typeof COMPRESSION_ALGOS)[keyof typeof COMPRESSION_ALGOS];\n\n/** Stored value is a JSON string of this envelope. */\ninterface CompressionEnvelope {\n  v: number;\n  algo: string;\n  payload: string;\n}\n\nfunction isEnvelope(obj: unknown): obj is CompressionEnvelope {\n  return (\n    typeof obj === \"object\" &&\n    obj !== null &&\n    \"v\" in obj &&\n    \"algo\" in obj &&\n    \"payload\" in obj &&\n    typeof (obj as CompressionEnvelope).payload === \"string\"\n  );\n}\n\n/**\n * Compresses a JSON string (e.g. serialized FHIR resource) for storage in DynamoDB.\n * Uses a versioned envelope: { v, algo, payload } with gzip+base64 in payload.\n * Used by the data layer on write; see REST API docs (compression in data layer).\n * Optional compression: pass `{ algo: COMPRESSION_ALGOS.NONE }` to store in envelope without compressing.\n */\nexport function compressResource(\n  jsonString: string,\n  options?: { algo?: CompressionAlgo },\n): string {\n  const algo = options?.algo ?? COMPRESSION_ALGOS.GZIP;\n  if (algo === COMPRESSION_ALGOS.NONE) {\n    const envelope: CompressionEnvelope = {\n      v: ENVELOPE_VERSION,\n      algo: COMPRESSION_ALGOS.NONE,\n      payload: jsonString,\n    };\n    return JSON.stringify(envelope);\n  }\n  const buf = Buffer.from(jsonString, \"utf-8\");\n  const payload = gzipSync(buf).toString(\"base64\");\n  const envelope: CompressionEnvelope = {\n    v: ENVELOPE_VERSION,\n    algo: COMPRESSION_ALGOS.GZIP,\n    payload,\n  };\n  return JSON.stringify(envelope);\n}\n\n/**\n * Decompresses a stored value: versioned envelope (v, algo, payload) or legacy gzip+base64 / raw.\n * If the value is not valid envelope JSON, falls back to legacy: try gzip magic on base64, else return as-is.\n */\nexport function decompressResource(compressedOrRaw: string): string {\n  try {\n    const parsed = JSON.parse(compressedOrRaw) as unknown;\n    if (isEnvelope(parsed)) {\n      if (parsed.algo === COMPRESSION_ALGOS.GZIP) {\n        const buf = Buffer.from(parsed.payload, \"base64\");\n        return gunzipSync(buf).toString(\"utf-8\");\n      }\n      if (parsed.algo === COMPRESSION_ALGOS.NONE) {\n        return parsed.payload;\n      }\n      // Unknown algo: return payload as-is (safe fallback per ADR)\n      return parsed.payload;\n    }\n  } catch {\n    // Not valid envelope JSON — legacy path\n  }\n\n  // Legacy: pre-envelope gzip+base64 or raw\n  try {\n    const buf = Buffer.from(compressedOrRaw, \"base64\");\n    if (buf.length >= 2 && buf[0] === 0x1f && buf[1] === 0x8b) {\n      return gunzipSync(buf).toString(\"utf-8\");\n    }\n  } catch {\n    // not base64 or gunzip failed\n  }\n  return compressedOrRaw;\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { NotFoundError } from \"../../../errors\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface UserUpdateParams {\n  context: OpenHiContext;\n  id: string;\n  body: { resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface UserUpdateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function updateUserOperation(\n  params: UserUpdateParams,\n): Promise<UserUpdateResult> {\n  const { context, id, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const existing = await service.entities.user.get({ id, sk: \"CURRENT\" }).go();\n  if (!existing.data) {\n    throw new NotFoundError(`User not found: ${id}`);\n  }\n\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `${Date.now()}`;\n\n  const resource = { resourceType: \"User\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.user\n    .put({\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import type { User } from \"@openhi/types\";\n\n/**\n * Helpers for working with persisted OpenHI User resources. Co-located with\n * the User operations because both the Cognito triggers and the onboarding\n * workflow consume these alongside `findUserBySubOperation`.\n */\n\n// Defensive parse — JSON.parse may yield any shape, so every field is optional.\nexport type UserResource = Partial<User>;\n\n/**\n * Existing User resources are stored as JSON strings in the data store; parse\n * defensively so a malformed payload returns `undefined` rather than throwing.\n */\nexport function parseUserResource(resource: string): UserResource | undefined {\n  try {\n    return JSON.parse(resource) as UserResource;\n  } catch {\n    return undefined;\n  }\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface CreateWorkspaceParams {\n  context: OpenHiContext;\n  body: {\n    id?: string;\n    resource?: Record<string, unknown> | string;\n  };\n  tableName?: string;\n}\n\nexport interface CreateWorkspaceResult {\n  id: string;\n  resource: Record<string, unknown>;\n  meta: { lastUpdated: string; versionId: string };\n}\n\n/**\n * Creates a Workspace scoped to the context tenant. Generates an id if not provided.\n */\nexport async function createWorkspaceOperation(\n  params: CreateWorkspaceParams,\n): Promise<CreateWorkspaceResult> {\n  const { context, body, tableName } = params;\n  const { tenantId } = context;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `workspace-${Date.now()}`;\n  const lastUpdated = context.date;\n  const vid =\n    lastUpdated.replace(/[-:T.Z]/g, \"\").slice(0, 12) || Date.now().toString(36);\n\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const resource = { resourceType: \"Workspace\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.workspace\n    .put({\n      tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return { id, resource, meta: { lastUpdated, versionId: vid } };\n}\n","/**\n * Pure helpers for working with FHIR Reference fields. Shared across data-plane\n * and control-plane operations and the handlers that wrap them.\n */\n\n/**\n * Extract the id portion from a FHIR-style reference such as `Patient/<id>` or\n * `Tenant/<id>`. Returns `undefined` if the reference is missing, does not\n * match the prefix, or has an empty id after the prefix.\n */\nexport function idFromReference(\n  reference: string | undefined,\n  prefix: string,\n): string | undefined {\n  if (!reference || !reference.startsWith(prefix)) {\n    return undefined;\n  }\n  const id = reference.slice(prefix.length);\n  return id.length > 0 ? id : undefined;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2B;AAC3B,IAAAA,gBAAsD;;;ACDtD,IAAAC,oBAAwB;;;ACAxB,6BAA+B;AAMxB,IAAM,mBACX,QAAQ,IAAI,qBAAqB;AAM5B,IAAM,eAAe,IAAI,sCAAe;AAAA,EAC7C,GAAI,QAAQ,IAAI,0BAA0B;AAAA,IACxC,UAAU,QAAQ,IAAI;AAAA,IACtB,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV;AACF,CAAC;;;ACnBD,uBAAuB;;;ACYhB,IAAM,cAAc;AAYpB,SAAS,aAAa,IAAoB;AAE/C,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,GAAG,QAAQ,KAAK;AAClC,YAAQ,GAAG,WAAW,CAAC;AACvB,WAAO,KAAK,KAAK,MAAM,QAAU;AAAA,EACnC;AACA,UAAQ,SAAS,KAAK;AAExB;;;ACjBO,IAAM,qBAAqB;AAAA,EAChC,MAAM;AAAA,EACN,OAAO,CAAC,IAAI;AAAA,EACZ,KAAK,CAAC,MAAe,SAA2B;AAC9C,QAAI,OAAO,MAAM,OAAO,YAAY,KAAK,GAAG,WAAW,GAAG;AACxD,aAAO;AAAA,IACT;AACA,WAAO,OAAO,aAAa,KAAK,EAAE,CAAC;AAAA,EACrC;AACF;;;AFFO,IAAM,sBAAsB,IAAI,wBAAO;AAAA,EAC5C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,UAAU,QAAQ;AAAA,QACzD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,OAAO,IAAI;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,WAAW;AAAA,QAClD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AGnJD,IAAAC,oBAAuB;AAoBhB,IAAM,mBAAmB,IAAI,yBAAO;AAAA,EACzC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACnHD,IAAAC,oBAAuB;AAsBhB,IAAM,aAAa,IAAI,yBAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AChHD,IAAAC,oBAAuB;AAoBhB,IAAM,uBAAuB,IAAI,yBAAO;AAAA,EAC7C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACnHD,IAAAC,oBAAuB;AAoBhB,IAAM,eAAe,IAAI,yBAAO;AAAA,EACrC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,UAAU;AAAA,QACtB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACnHD,IAAAC,oBAAuB;AAyBhB,IAAM,aAAa,IAAI,yBAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,WAAW,CAAC,UACV,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,SAAS;AAAA,MACpE,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,YAAY;AAAA,QACxB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC;AAAA,QACZ,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AClJD,IAAAC,oBAAuB;AAmBhB,IAAM,kBAAkB,IAAI,yBAAO;AAAA,EACxC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,eAAe,IAAI;AAAA,QAC/B,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AVjGD,IAAM,uBAAuB;AAAA,EAC3B,eAAe;AAAA,EACf,YAAY;AAAA,EACZ,MAAM;AAAA,EACN,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,WAAW;AACb;AAEA,IAAM,sBAAsB,IAAI,0BAAQ,sBAAsB;AAAA,EAC5D,OAAO;AAAA,EACP,QAAQ;AACV,CAAC;AAMM,IAAM,uBAAuB;AAAA,EAClC,UAAU,oBAAoB;AAChC;AAQO,SAAS,wBACd,WAC0B;AAC1B,QAAM,WAAW,aAAa;AAC9B,QAAM,UAAU,IAAI,0BAAQ,sBAAsB;AAAA,IAChD,OAAO;AAAA,IACP,QAAQ;AAAA,EACV,CAAC;AACD,SAAO;AAAA,IACL,UAAU,QAAQ;AAAA,EACpB;AACF;;;AWzDA,mBAAsD;AAgBtD,eAAsB,0BACpB,QACiC;AACjC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,cAAc,KAAK,IAAI,CAAC;AAC9C,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,cAAc,QAAQ,SAAQ,oBAAI,KAAK,GAAE,YAAY;AAC3D,QAAM,MAAM;AAEZ,QAAM,WAAW,EAAE,cAAc,cAAc,IAAI,GAAG,eAAe;AACrE,QAAM,UAAU,KAAK,cAAU,6BAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,WACpB,IAAI;AAAA,IACH,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM,EAAE,aAAa,WAAW,IAAI;AAAA,EACtC;AACF;;;AClDA,IAAAC,gBAAsD;AAgBtD,eAAsB,8BACpB,QACqC;AACrC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,kBAAkB,KAAK,IAAI,CAAC;AAClD,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,cAAc,QAAQ,SAAQ,oBAAI,KAAK,GAAE,YAAY;AAC3D,QAAM,MAAM;AAEZ,QAAM,WAAW,EAAE,cAAc,kBAAkB,IAAI,GAAG,eAAe;AACzE,QAAM,UAAU,KAAK,cAAU,8BAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,eACpB,IAAI;AAAA,IACH,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM,EAAE,aAAa,WAAW,IAAI;AAAA,EACtC;AACF;;;AClDA,IAAAC,gBAAsD;AAsBtD,eAAsB,sBACpB,QAC6B;AAC7B,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,UAAU,KAAK,IAAI,CAAC;AAC1C,QAAM,cAAc,QAAQ;AAC5B,QAAM,MACJ,YAAY,QAAQ,YAAY,EAAE,EAAE,MAAM,GAAG,EAAE,KAAK,KAAK,IAAI,EAAE,SAAS,EAAE;AAE5E,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,WAAW,EAAE,cAAc,UAAU,IAAI,GAAG,eAAe;AACjE,QAAM,UAAU,KAAK,cAAU,8BAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,OACpB,IAAI;AAAA,IACH,UAAU;AAAA,IACV;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO,EAAE,IAAI,UAAU,MAAM,EAAE,aAAa,WAAW,IAAI,EAAE;AAC/D;;;ACrDA,IAAAC,gBAAsD;;;ACoBtD,eAAsB,uBACpB,QAC0C;AAC1C,QAAM,EAAE,YAAY,UAAU,IAAI;AAClC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,SAAS,MAAM,QAAQ,SAAS,KAAK,MACxC,KAAK,EAAE,WAAW,CAAC,EACnB,GAAG,EAAE,OAAO,EAAE,CAAC;AAClB,QAAM,OAAO,OAAO,OAAO,CAAC;AAC5B,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AACA,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,YAAY,KAAK;AAAA,IACjB,UAAU,KAAK;AAAA,IACf,KAAK,KAAK;AAAA,EACZ;AACF;;;ACvCA,IAAAC,gBAA+C;;;ACA/C,uBAAqC;;;ACArC,IAAAC,gBAAsD;;;ACe/C,SAAS,kBAAkB,UAA4C;AAC5E,MAAI;AACF,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACrBA,IAAAC,gBAAsD;AAsBtD,eAAsB,yBACpB,QACgC;AAChC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,EAAE,SAAS,IAAI;AACrB,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,aAAa,KAAK,IAAI,CAAC;AAC7C,QAAM,cAAc,QAAQ;AAC5B,QAAM,MACJ,YAAY,QAAQ,YAAY,EAAE,EAAE,MAAM,GAAG,EAAE,KAAK,KAAK,IAAI,EAAE,SAAS,EAAE;AAE5E,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,WAAW,EAAE,cAAc,aAAa,IAAI,GAAG,eAAe;AACpE,QAAM,UAAU,KAAK,cAAU,8BAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,UACpB,IAAI;AAAA,IACH;AAAA,IACA;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO,EAAE,IAAI,UAAU,MAAM,EAAE,aAAa,WAAW,IAAI,EAAE;AAC/D;;;AC5CO,SAAS,gBACd,WACA,QACoB;AACpB,MAAI,CAAC,aAAa,CAAC,UAAU,WAAW,MAAM,GAAG;AAC/C,WAAO;AAAA,EACT;AACA,QAAM,KAAK,UAAU,MAAM,OAAO,MAAM;AACxC,SAAO,GAAG,SAAS,IAAI,KAAK;AAC9B;;;AtBWA,IAAM,aAAa;AACnB,IAAM,MAAM;AAGZ,IAAM,aAAa,CAAC,aAA8C;AAChE,SAAO,KAAK,cAAU,8BAAe,QAA4B,CAAC;AACpE;AAGA,IAAM,qBAAqB,CAAC,MAAc,eAA+B;AACvE,aAAO,+BAAW,QAAQ,EACvB,OAAO,IAAI,EACX,OAAO,IAAI,EACX,OAAO,UAAU,EACjB,OAAO,KAAK,EACZ,MAAM,GAAG,EAAE,EACX,YAAY;AACjB;AAEO,IAAM,UAAU,OACrB,UACkB;AAElB,QAAM,SAAS,MAAM;AACrB,MAAI,CAAC,QAAQ,YAAY;AACvB,YAAQ;AAAA,MACN;AAAA,IACF;AACA;AAAA,EACF;AAKA,QAAM,UAAU,wBAAwB;AACxC,QAAM,eAAe,MAAM,uBAAuB;AAAA,IAChD,SAAS;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,SAAS;AAAA,MACT,WAAW;AAAA,MACX,WAAW;AAAA,IACb;AAAA,IACA,YAAY,OAAO;AAAA,EACrB,CAAC;AACD,QAAM,mBAAmB,eACrB,kBAAkB,aAAa,QAAQ,IACvC;AACJ,QAAM,mBAAmB;AAAA,IACvB,kBAAkB,eAAe;AAAA,IACjC;AAAA,EACF;AACA,QAAM,sBAAsB;AAAA,IAC1B,kBAAkB,kBAAkB;AAAA,IACpC;AAAA,EACF;AAEA,MAAI,gBAAgB,oBAAoB,qBAAqB;AAC3D;AAAA,EACF;AAEA,QAAM,cACJ,OAAO,eACP,OAAO,SACP,MAAM,YAAY,CAAC,KACnB,OAAO;AACT,QAAM,SACJ,cAAc,MACd,OAAO,UACP,mBAAmB,QAAQ,OAAO,UAAU;AAC9C,QAAM,WAAW,mBAAmB,UAAU,OAAO,UAAU;AAC/D,QAAM,cAAc,mBAAmB,aAAa,OAAO,UAAU;AACrE,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,4BAA4B;AAAA,IAChC;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,OAAO;AAAA,EACT;AAEA,QAAM,eAAc,oBAAI,KAAK,GAAE,YAAY;AAG3C,QAAM,UAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,SAAS;AAAA,IACT,WAAW;AAAA,IACX,WAAW;AAAA,EACb;AAEA,QAAM,iBAAiB;AAAA,IACrB,IAAI;AAAA,IACJ,aAAa,GAAG,WAAW;AAAA,IAC3B,QAAQ;AAAA,EACV;AACA,QAAM,oBAAoB;AAAA,IACxB,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,eAAe;AAAA,IACnB,GAAI,oBAAoB,CAAC;AAAA,IACzB,cAAc;AAAA,IACd,IAAI;AAAA,IACJ,MAAM,kBAAkB,QAAQ,CAAC,EAAE,MAAM,YAAY,CAAC;AAAA,IACtD,QAAQ;AAAA,IACR,eAAe,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IACjD,kBAAkB,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EAC5D;AACA,QAAM,+BAA+B;AAAA,IACnC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,kCAAkC;AAAA,IACtC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,WAAW,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EACrD;AACA,QAAM,yBAAyB;AAAA,IAC7B,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,MAAM;AAAA,EACR;AAEA,QAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,MAAM,EAAE,IAAI,UAAU,UAAU,eAAe;AAAA,EACjD,CAAC;AAED,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,MAAM,EAAE,IAAI,aAAa,UAAU,kBAAkB;AAAA,EACvD,CAAC;AAID,MAAI,cAAc;AAChB,UAAM,QAAQ,SAAS,KACpB,MAAM,EAAE,IAAI,QAAQ,IAAI,WAAW,CAAC,EACpC,IAAI;AAAA,MACH,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,YAAY,OAAO;AAAA,MACnB,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR,OAAO;AACL,UAAM,QAAQ,SAAS,KACpB,IAAI;AAAA,MACH,IAAI;AAAA,MACJ,YAAY,OAAO;AAAA,MACnB,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR;AAEA,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,MAAM,EAAE,IAAI,kBAAkB,UAAU,uBAAuB;AAAA,EACjE,CAAC;AACH;","names":["import_types","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_types","import_types","import_types","import_types","import_types","import_types"]}

package/lib/provision-default-workspace.handler.mjs

@@ -0,0 +1,173 @@
+import {
+  createMembershipOperation,
+  createRoleAssignmentOperation,
+  createTenantOperation,
+  createWorkspaceOperation
+} from "./chunk-BXEG7IOZ.mjs";
+import {
+  findUserBySubOperation,
+  idFromReference,
+  parseUserResource
+} from "./chunk-WNUH2WDZ.mjs";
+import {
+  getDynamoControlService
+} from "./chunk-36YCDLLA.mjs";
+import "./chunk-3QS3WKRC.mjs";
+
+// src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts
+import { createHash } from "crypto";
+import { extractSummary } from "@openhi/types";
+var CURRENT_SK = "CURRENT";
+var VID = "1";
+var summaryFor = (resource) => {
+  return JSON.stringify(extractSummary(resource));
+};
+var stableOnboardingId = (kind, cognitoSub) => {
+  return createHash("sha256").update(kind).update("\0").update(cognitoSub).digest("hex").slice(0, 26).toUpperCase();
+};
+var handler = async (event) => {
+  const detail = event.detail;
+  if (!detail?.cognitoSub) {
+    console.warn(
+      "ProvisionDefaultWorkspace: event missing cognitoSub; skipping"
+    );
+    return;
+  }
+  const service = getDynamoControlService();
+  const existingUser = await findUserBySubOperation({
+    context: {
+      tenantId: "",
+      workspaceId: "",
+      date: "",
+      actorId: "",
+      actorName: "",
+      actorType: "internal-system"
+    },
+    cognitoSub: detail.cognitoSub
+  });
+  const existingResource = existingUser ? parseUserResource(existingUser.resource) : void 0;
+  const existingTenantId = idFromReference(
+    existingResource?.currentTenant?.reference,
+    "Tenant/"
+  );
+  const existingWorkspaceId = idFromReference(
+    existingResource?.currentWorkspace?.reference,
+    "Workspace/"
+  );
+  if (existingUser && existingTenantId && existingWorkspaceId) {
+    return;
+  }
+  const displayName = detail.displayName || detail.email || event.resources?.[0] || detail.cognitoSub;
+  const userId = existingUser?.id ?? detail.userId ?? stableOnboardingId("user", detail.cognitoSub);
+  const tenantId = stableOnboardingId("tenant", detail.cognitoSub);
+  const workspaceId = stableOnboardingId("workspace", detail.cognitoSub);
+  const userTenantMembershipId = stableOnboardingId(
+    "tenant-membership",
+    detail.cognitoSub
+  );
+  const userWorkspaceMembershipId = stableOnboardingId(
+    "workspace-membership",
+    detail.cognitoSub
+  );
+  const roleAssignmentId = stableOnboardingId(
+    "tenant-user-role-assignment",
+    detail.cognitoSub
+  );
+  const lastUpdated = (/* @__PURE__ */ new Date()).toISOString();
+  const context = {
+    tenantId,
+    workspaceId,
+    date: lastUpdated,
+    actorId: userId,
+    actorName: displayName,
+    actorType: "internal-system"
+  };
+  const tenantResource = {
+    id: tenantId,
+    displayName: `${displayName}'s Practice`,
+    status: "active"
+  };
+  const workspaceResource = {
+    id: workspaceId,
+    displayName: "Default Workspace",
+    status: "active",
+    tenant: { reference: `Tenant/${tenantId}` }
+  };
+  const userResource = {
+    ...existingResource ?? {},
+    resourceType: "User",
+    id: userId,
+    name: existingResource?.name ?? [{ text: displayName }],
+    status: "active",
+    currentTenant: { reference: `Tenant/${tenantId}` },
+    currentWorkspace: { reference: `Workspace/${workspaceId}` }
+  };
+  const userTenantMembershipResource = {
+    id: userTenantMembershipId,
+    status: "active",
+    user: { reference: `User/${userId}` },
+    tenant: { reference: `Tenant/${tenantId}` }
+  };
+  const userWorkspaceMembershipResource = {
+    id: userWorkspaceMembershipId,
+    status: "active",
+    user: { reference: `User/${userId}` },
+    tenant: { reference: `Tenant/${tenantId}` },
+    workspace: { reference: `Workspace/${workspaceId}` }
+  };
+  const roleAssignmentResource = {
+    id: roleAssignmentId,
+    status: "active",
+    user: { reference: `User/${userId}` },
+    tenant: { reference: `Tenant/${tenantId}` },
+    role: "tenant-user"
+  };
+  await createTenantOperation({
+    context,
+    body: { id: tenantId, resource: tenantResource }
+  });
+  await createWorkspaceOperation({
+    context,
+    body: { id: workspaceId, resource: workspaceResource }
+  });
+  if (existingUser) {
+    await service.entities.user.patch({ id: userId, sk: CURRENT_SK }).set({
+      resource: JSON.stringify(userResource),
+      summary: summaryFor(userResource),
+      cognitoSub: detail.cognitoSub,
+      vid: VID,
+      lastUpdated
+    }).go();
+  } else {
+    await service.entities.user.put({
+      id: userId,
+      cognitoSub: detail.cognitoSub,
+      resource: JSON.stringify(userResource),
+      summary: summaryFor(userResource),
+      vid: VID,
+      lastUpdated
+    }).go();
+  }
+  await createMembershipOperation({
+    context,
+    body: {
+      id: userTenantMembershipId,
+      resource: userTenantMembershipResource
+    }
+  });
+  await createMembershipOperation({
+    context,
+    body: {
+      id: userWorkspaceMembershipId,
+      resource: userWorkspaceMembershipResource
+    }
+  });
+  await createRoleAssignmentOperation({
+    context,
+    body: { id: roleAssignmentId, resource: roleAssignmentResource }
+  });
+};
+export {
+  handler
+};
+//# sourceMappingURL=provision-default-workspace.handler.mjs.map

package/lib/provision-default-workspace.handler.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\nimport { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport type { EventBridgeEvent } from \"aws-lambda\";\nimport {\n  PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  type ProvisionDefaultWorkspaceRequestedDetail,\n} from \"./events\";\nimport { getDynamoControlService } from \"../../../data/dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../data/openhi-context\";\nimport { createMembershipOperation } from \"../../../data/operations/control/membership/membership-create-operation\";\nimport { createRoleAssignmentOperation } from \"../../../data/operations/control/roleassignment/roleassignment-create-operation\";\nimport { createTenantOperation } from \"../../../data/operations/control/tenant/tenant-create-operation\";\nimport {\n  findUserBySubOperation,\n  parseUserResource,\n} from \"../../../data/operations/control/user\";\nimport { createWorkspaceOperation } from \"../../../data/operations/control/workspace/workspace-create-operation\";\nimport { idFromReference } from \"../../../data/operations/fhir-reference\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/user-onboarding/provision-default-workspace.handler.md\n *\n * EventBridge workflow handler that provisions the default control-plane\n * records for a newly confirmed Cognito user.\n */\ntype ProvisionDefaultWorkspaceEvent = EventBridgeEvent<\n  typeof PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  ProvisionDefaultWorkspaceRequestedDetail\n>;\n\nconst CURRENT_SK = \"CURRENT\";\nconst VID = \"1\";\n\n// Store the same compact summary shape used by control-plane entities.\nconst summaryFor = (resource: Record<string, unknown>): string => {\n  return JSON.stringify(extractSummary(resource as FhirResourceLike));\n};\n\n// Make onboarding writes replay-safe by deriving deterministic record ids.\nconst stableOnboardingId = (kind: string, cognitoSub: string): string => {\n  return createHash(\"sha256\")\n    .update(kind)\n    .update(\"\\0\")\n    .update(cognitoSub)\n    .digest(\"hex\")\n    .slice(0, 26)\n    .toUpperCase();\n};\n\nexport const handler = async (\n  event: ProvisionDefaultWorkspaceEvent,\n): Promise<void> => {\n  // Events without a Cognito subject cannot be tied to a stable User.\n  const detail = event.detail;\n  if (!detail?.cognitoSub) {\n    console.warn(\n      \"ProvisionDefaultWorkspace: event missing cognitoSub; skipping\",\n    );\n    return;\n  }\n\n  // If onboarding already completed, leave existing records untouched.\n  // The lookup runs before tenant/workspace exist, so use a synthetic\n  // placeholder context — findUserBySubOperation does not read its fields.\n  const service = getDynamoControlService();\n  const existingUser = await findUserBySubOperation({\n    context: {\n      tenantId: \"\",\n      workspaceId: \"\",\n      date: \"\",\n      actorId: \"\",\n      actorName: \"\",\n      actorType: \"internal-system\",\n    },\n    cognitoSub: detail.cognitoSub,\n  });\n  const existingResource = existingUser\n    ? parseUserResource(existingUser.resource)\n    : undefined;\n  const existingTenantId = idFromReference(\n    existingResource?.currentTenant?.reference,\n    \"Tenant/\",\n  );\n  const existingWorkspaceId = idFromReference(\n    existingResource?.currentWorkspace?.reference,\n    \"Workspace/\",\n  );\n\n  if (existingUser && existingTenantId && existingWorkspaceId) {\n    return;\n  }\n\n  const displayName =\n    detail.displayName ||\n    detail.email ||\n    event.resources?.[0] ||\n    detail.cognitoSub;\n  const userId =\n    existingUser?.id ??\n    detail.userId ??\n    stableOnboardingId(\"user\", detail.cognitoSub);\n  const tenantId = stableOnboardingId(\"tenant\", detail.cognitoSub);\n  const workspaceId = stableOnboardingId(\"workspace\", detail.cognitoSub);\n  const userTenantMembershipId = stableOnboardingId(\n    \"tenant-membership\",\n    detail.cognitoSub,\n  );\n  const userWorkspaceMembershipId = stableOnboardingId(\n    \"workspace-membership\",\n    detail.cognitoSub,\n  );\n  const roleAssignmentId = stableOnboardingId(\n    \"tenant-user-role-assignment\",\n    detail.cognitoSub,\n  );\n\n  const lastUpdated = new Date().toISOString();\n\n  // Synthesized OpenHI context for internal-system writes during onboarding.\n  const context: OpenHiContext = {\n    tenantId,\n    workspaceId,\n    date: lastUpdated,\n    actorId: userId,\n    actorName: displayName,\n    actorType: \"internal-system\",\n  };\n\n  const tenantResource = {\n    id: tenantId,\n    displayName: `${displayName}'s Practice`,\n    status: \"active\",\n  };\n  const workspaceResource = {\n    id: workspaceId,\n    displayName: \"Default Workspace\",\n    status: \"active\",\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userResource = {\n    ...(existingResource ?? {}),\n    resourceType: \"User\",\n    id: userId,\n    name: existingResource?.name ?? [{ text: displayName }],\n    status: \"active\",\n    currentTenant: { reference: `Tenant/${tenantId}` },\n    currentWorkspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const userTenantMembershipResource = {\n    id: userTenantMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userWorkspaceMembershipResource = {\n    id: userWorkspaceMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    workspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const roleAssignmentResource = {\n    id: roleAssignmentId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    role: \"tenant-user\",\n  };\n\n  await createTenantOperation({\n    context,\n    body: { id: tenantId, resource: tenantResource },\n  });\n\n  await createWorkspaceOperation({\n    context,\n    body: { id: workspaceId, resource: workspaceResource },\n  });\n\n  // Direct User put/patch: no User operation supports the cognitoSub set or\n  // partial-repair flow yet, so onboarding writes the User record inline.\n  if (existingUser) {\n    await service.entities.user\n      .patch({ id: userId, sk: CURRENT_SK })\n      .set({\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        cognitoSub: detail.cognitoSub,\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  } else {\n    await service.entities.user\n      .put({\n        id: userId,\n        cognitoSub: detail.cognitoSub,\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  }\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userTenantMembershipId,\n      resource: userTenantMembershipResource,\n    },\n  });\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userWorkspaceMembershipId,\n      resource: userWorkspaceMembershipResource,\n    },\n  });\n\n  await createRoleAssignmentOperation({\n    context,\n    body: { id: roleAssignmentId, resource: roleAssignmentResource },\n  });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,SAAS,kBAAkB;AAC3B,SAAS,sBAA6C;AA6BtD,IAAM,aAAa;AACnB,IAAM,MAAM;AAGZ,IAAM,aAAa,CAAC,aAA8C;AAChE,SAAO,KAAK,UAAU,eAAe,QAA4B,CAAC;AACpE;AAGA,IAAM,qBAAqB,CAAC,MAAc,eAA+B;AACvE,SAAO,WAAW,QAAQ,EACvB,OAAO,IAAI,EACX,OAAO,IAAI,EACX,OAAO,UAAU,EACjB,OAAO,KAAK,EACZ,MAAM,GAAG,EAAE,EACX,YAAY;AACjB;AAEO,IAAM,UAAU,OACrB,UACkB;AAElB,QAAM,SAAS,MAAM;AACrB,MAAI,CAAC,QAAQ,YAAY;AACvB,YAAQ;AAAA,MACN;AAAA,IACF;AACA;AAAA,EACF;AAKA,QAAM,UAAU,wBAAwB;AACxC,QAAM,eAAe,MAAM,uBAAuB;AAAA,IAChD,SAAS;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,SAAS;AAAA,MACT,WAAW;AAAA,MACX,WAAW;AAAA,IACb;AAAA,IACA,YAAY,OAAO;AAAA,EACrB,CAAC;AACD,QAAM,mBAAmB,eACrB,kBAAkB,aAAa,QAAQ,IACvC;AACJ,QAAM,mBAAmB;AAAA,IACvB,kBAAkB,eAAe;AAAA,IACjC;AAAA,EACF;AACA,QAAM,sBAAsB;AAAA,IAC1B,kBAAkB,kBAAkB;AAAA,IACpC;AAAA,EACF;AAEA,MAAI,gBAAgB,oBAAoB,qBAAqB;AAC3D;AAAA,EACF;AAEA,QAAM,cACJ,OAAO,eACP,OAAO,SACP,MAAM,YAAY,CAAC,KACnB,OAAO;AACT,QAAM,SACJ,cAAc,MACd,OAAO,UACP,mBAAmB,QAAQ,OAAO,UAAU;AAC9C,QAAM,WAAW,mBAAmB,UAAU,OAAO,UAAU;AAC/D,QAAM,cAAc,mBAAmB,aAAa,OAAO,UAAU;AACrE,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,4BAA4B;AAAA,IAChC;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,OAAO;AAAA,EACT;AAEA,QAAM,eAAc,oBAAI,KAAK,GAAE,YAAY;AAG3C,QAAM,UAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,SAAS;AAAA,IACT,WAAW;AAAA,IACX,WAAW;AAAA,EACb;AAEA,QAAM,iBAAiB;AAAA,IACrB,IAAI;AAAA,IACJ,aAAa,GAAG,WAAW;AAAA,IAC3B,QAAQ;AAAA,EACV;AACA,QAAM,oBAAoB;AAAA,IACxB,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,eAAe;AAAA,IACnB,GAAI,oBAAoB,CAAC;AAAA,IACzB,cAAc;AAAA,IACd,IAAI;AAAA,IACJ,MAAM,kBAAkB,QAAQ,CAAC,EAAE,MAAM,YAAY,CAAC;AAAA,IACtD,QAAQ;AAAA,IACR,eAAe,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IACjD,kBAAkB,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EAC5D;AACA,QAAM,+BAA+B;AAAA,IACnC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,kCAAkC;AAAA,IACtC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,WAAW,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EACrD;AACA,QAAM,yBAAyB;AAAA,IAC7B,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,MAAM;AAAA,EACR;AAEA,QAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,MAAM,EAAE,IAAI,UAAU,UAAU,eAAe;AAAA,EACjD,CAAC;AAED,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,MAAM,EAAE,IAAI,aAAa,UAAU,kBAAkB;AAAA,EACvD,CAAC;AAID,MAAI,cAAc;AAChB,UAAM,QAAQ,SAAS,KACpB,MAAM,EAAE,IAAI,QAAQ,IAAI,WAAW,CAAC,EACpC,IAAI;AAAA,MACH,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,YAAY,OAAO;AAAA,MACnB,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR,OAAO;AACL,UAAM,QAAQ,SAAS,KACpB,IAAI;AAAA,MACH,IAAI;AAAA,MACJ,YAAY,OAAO;AAAA,MACnB,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR;AAEA,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,MAAM,EAAE,IAAI,kBAAkB,UAAU,uBAAuB;AAAA,EACjE,CAAC;AACH;","names":[]}