@openhi/constructs 0.0.104 → 0.0.106

package/README.md

@@ -1,3 +1,17 @@
 # @openhi/constructs
 
 AWS CDK constructs for deploying OpenHI infrastructure. The library provides reusable constructs for applications, shared infrastructure (auth and core resources), data services, and common components used across OpenHI stacks.
+
+## Source Boundaries
+
+- `src/components`: reusable infrastructure building blocks and thin service integrations around AWS primitives.
+- `src/data`: persistence models, data access operations, API routes, and storage-specific handlers.
+- `src/workflows`: deployed async business processes, their EventBridge event contracts, workflow Lambda constructs, handlers, and tests.
+
+Workflow Lambdas should live under a plane namespace such as `src/workflows/control-plane` or `src/workflows/data-plane`. Trigger-specific handlers in `components` or API routes should stay thin and publish workflow events when the business process can run asynchronously.
+
+Use `events.ts` for EventBridge contracts, `<workflow>.handler.ts` for runtime handlers, `<workflow>-lambda.ts` for Lambda constructs, `<workflow>.handler.test.ts` for handler tests, and a `<domain>-workflow.ts` construct when EventBridge rules or multiple workflow Lambdas are deployed together.
+
+## Strategy
+
+Workflow placement (bus selection, Lambda vs. Step Functions, standard event envelope, idempotency contract, cross-boundary rules) is governed by [ADR-016 — Workflow Boundary Strategy](https://github.com/codedrifters/openhi-planning/blob/main/docs/src/content/docs/requirements/architectural-decisions/ADR-016-workflow-boundary-strategy.md) in the planning repo.

package/lib/chunk-2PM2NGXI.mjs

@@ -0,0 +1,31 @@
+// src/workflows/control-plane/user-onboarding/events.ts
+var USER_ONBOARDING_EVENT_SOURCE = "openhi.control.user-onboarding";
+var PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE = "ProvisionDefaultWorkspaceRequested";
+var buildProvisionDefaultWorkspaceRequestedDetail = (event) => {
+  const attrs = event.request?.userAttributes ?? {};
+  const cognitoSub = attrs.sub?.trim();
+  if (!cognitoSub) {
+    return void 0;
+  }
+  const email = attrs.email?.trim();
+  const displayName = email || event.userName || cognitoSub;
+  return {
+    cognitoSub,
+    ...email ? { email } : {},
+    displayName,
+    trigger: {
+      source: "cognito.post-confirmation",
+      triggerSource: event.triggerSource,
+      userPoolId: event.userPoolId,
+      userName: event.userName,
+      clientId: event.callerContext?.clientId
+    }
+  };
+};
+
+export {
+  USER_ONBOARDING_EVENT_SOURCE,
+  PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,
+  buildProvisionDefaultWorkspaceRequestedDetail
+};
+//# sourceMappingURL=chunk-2PM2NGXI.mjs.map

package/lib/chunk-2PM2NGXI.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/user-onboarding/events.ts"],"sourcesContent":["import type { PostConfirmationTriggerEvent } from \"aws-lambda\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/user-onboarding/events.md\n */\n\n// EventBridge routing values shared by the publisher and workflow rule.\nexport const USER_ONBOARDING_EVENT_SOURCE = \"openhi.control.user-onboarding\";\nexport const PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE =\n  \"ProvisionDefaultWorkspaceRequested\";\n\n// Minimal workflow payload needed to provision and diagnose onboarding.\nexport interface ProvisionDefaultWorkspaceRequestedDetail {\n  readonly cognitoSub: string;\n  readonly userId?: string;\n  readonly email?: string;\n  readonly displayName?: string;\n  readonly trigger: {\n    readonly source: \"cognito.post-confirmation\";\n    readonly triggerSource?: string;\n    readonly userPoolId?: string;\n    readonly userName?: string;\n    readonly clientId?: string;\n  };\n}\n\n// Convert Cognito's Post Confirmation trigger event into the workflow event.\nexport const buildProvisionDefaultWorkspaceRequestedDetail = (\n  event: PostConfirmationTriggerEvent,\n): ProvisionDefaultWorkspaceRequestedDetail | undefined => {\n  // Cognito sub is the required stable identity key for onboarding records.\n  const attrs = event.request?.userAttributes ?? {};\n  const cognitoSub = attrs.sub?.trim();\n  if (!cognitoSub) {\n    return undefined;\n  }\n\n  // Prefer email for display where available; fall back to Cognito metadata.\n  const email = attrs.email?.trim();\n  const displayName = email || event.userName || cognitoSub;\n\n  // Include trigger metadata so failed or duplicate events can be traced.\n  return {\n    cognitoSub,\n    ...(email ? { email } : {}),\n    displayName,\n    trigger: {\n      source: \"cognito.post-confirmation\",\n      triggerSource: event.triggerSource,\n      userPoolId: event.userPoolId,\n      userName: event.userName,\n      clientId: event.callerContext?.clientId,\n    },\n  };\n};\n"],"mappings":";AAOO,IAAM,+BAA+B;AACrC,IAAM,0CACX;AAkBK,IAAM,gDAAgD,CAC3D,UACyD;AAEzD,QAAM,QAAQ,MAAM,SAAS,kBAAkB,CAAC;AAChD,QAAM,aAAa,MAAM,KAAK,KAAK;AACnC,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,EACT;AAGA,QAAM,QAAQ,MAAM,OAAO,KAAK;AAChC,QAAM,cAAc,SAAS,MAAM,YAAY;AAG/C,SAAO;AAAA,IACL;AAAA,IACA,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,IACzB;AAAA,IACA,SAAS;AAAA,MACP,QAAQ;AAAA,MACR,eAAe,MAAM;AAAA,MACrB,YAAY,MAAM;AAAA,MAClB,UAAU,MAAM;AAAA,MAChB,UAAU,MAAM,eAAe;AAAA,IACjC;AAAA,EACF;AACF;","names":[]}

package/lib/chunk-AGF3RAAZ.mjs

@@ -0,0 +1,20 @@
+import {
+  require_lib
+} from "./chunk-SYBADQXI.mjs";
+import {
+  __toESM
+} from "./chunk-LZOMFHX3.mjs";
+
+// src/workflows/control-plane/seed-system-data/events.ts
+var import_workflows = __toESM(require_lib());
+var SEED_SYSTEM_DATA_CONSUMER_NAME = "seed-system-data";
+var SEED_SYSTEM_DATA_ACTOR_SYSTEM = "seed-system-data";
+var SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR = "CONTROL_EVENT_BUS_NAME";
+
+export {
+  import_workflows,
+  SEED_SYSTEM_DATA_CONSUMER_NAME,
+  SEED_SYSTEM_DATA_ACTOR_SYSTEM,
+  SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR
+};
+//# sourceMappingURL=chunk-AGF3RAAZ.mjs.map

package/lib/chunk-AGF3RAAZ.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/seed-system-data/events.ts"],"sourcesContent":["import {\n  PlatformDeploymentCompletedV1,\n  PlatformSystemDataSeededV1,\n} from \"@openhi/workflows\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/seed-system-data/events.md\n */\n\n/**\n * Stable logical name this workflow registers with the shared\n * `WorkflowDedupTable` (TR-015). Used in both the construct grant\n * (`workflowDedupTable.grantConsumer(lambda, SEED_SYSTEM_DATA_CONSUMER_NAME)`)\n * and the handler's runtime `recordIfAbsent` call — keep them aligned by\n * importing this constant in both places.\n */\nexport const SEED_SYSTEM_DATA_CONSUMER_NAME = \"seed-system-data\";\n\n/**\n * Free-form `actor.system` value the handler stamps on the\n * `platform.system-data-seeded.v1` event it publishes when seeding\n * completes. Pinned here so the test can assert the wire value without\n * importing private handler internals.\n */\nexport const SEED_SYSTEM_DATA_ACTOR_SYSTEM = \"seed-system-data\";\n\n/**\n * Env var the Lambda construct injects with the control event bus\n * name. The handler reads it to build the publisher target when\n * emitting `platform.system-data-seeded.v1` after a successful seed.\n */\nexport const SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR = \"CONTROL_EVENT_BUS_NAME\";\n\n/**\n * The trigger this workflow subscribes to on the control event bus. The\n * `platform-deploy-bridge` workflow (#960) republishes terminal CloudFormation\n * stack-success events as `platform.deployment-completed.v1`; on every fire\n * this workflow re-asserts the platform-singleton control-plane records\n * (today: the three canonical Roles; future: additional system data).\n *\n * Re-exported from `@openhi/workflows` for symmetry with the handler's\n * import — keep the construct + handler reading from the same registry\n * entry so a rename upstream surfaces at both call sites.\n */\nexport { PlatformDeploymentCompletedV1, PlatformSystemDataSeededV1 };\n"],"mappings":";;;;;;;;AAAA,uBAGO;AAaA,IAAM,iCAAiC;AAQvC,IAAM,gCAAgC;AAOtC,IAAM,uCAAuC;","names":[]}

package/lib/chunk-AO3E22CS.mjs

@@ -0,0 +1,108 @@
+import {
+  getDynamoControlService
+} from "./chunk-VYDIGFIX.mjs";
+
+// src/data/operations/control/membership/membership-create-operation.ts
+import { extractSummary } from "@openhi/types";
+async function createMembershipOperation(params) {
+  const { context, body, tableName } = params;
+  const service = getDynamoControlService(tableName);
+  const id = body.id ?? `membership-${Date.now()}`;
+  const parsedResource = typeof body.resource === "string" ? JSON.parse(body.resource) : body.resource ?? {};
+  const lastUpdated = context.date ?? (/* @__PURE__ */ new Date()).toISOString();
+  const vid = `1`;
+  const resource = { resourceType: "Membership", id, ...parsedResource };
+  const summary = JSON.stringify(extractSummary(resource));
+  await service.entities.membership.put({
+    tenantId: context.tenantId,
+    id,
+    resource: JSON.stringify(resource),
+    summary,
+    vid,
+    lastUpdated
+  }).go();
+  return {
+    id,
+    resource,
+    meta: { lastUpdated, versionId: vid }
+  };
+}
+
+// src/data/operations/control/roleassignment/roleassignment-create-operation.ts
+import { extractSummary as extractSummary2 } from "@openhi/types";
+async function createRoleAssignmentOperation(params) {
+  const { context, body, tableName } = params;
+  const service = getDynamoControlService(tableName);
+  const id = body.id ?? `roleassignment-${Date.now()}`;
+  const parsedResource = typeof body.resource === "string" ? JSON.parse(body.resource) : body.resource ?? {};
+  const lastUpdated = context.date ?? (/* @__PURE__ */ new Date()).toISOString();
+  const vid = `1`;
+  const resource = { resourceType: "RoleAssignment", id, ...parsedResource };
+  const summary = JSON.stringify(extractSummary2(resource));
+  await service.entities.roleAssignment.put({
+    tenantId: context.tenantId,
+    id,
+    resource: JSON.stringify(resource),
+    summary,
+    vid,
+    lastUpdated
+  }).go();
+  return {
+    id,
+    resource,
+    meta: { lastUpdated, versionId: vid }
+  };
+}
+
+// src/data/operations/control/tenant/tenant-create-operation.ts
+import { extractSummary as extractSummary3 } from "@openhi/types";
+async function createTenantOperation(params) {
+  const { context, body, tableName } = params;
+  const service = getDynamoControlService(tableName);
+  const id = body.id ?? `tenant-${Date.now()}`;
+  const lastUpdated = context.date;
+  const vid = lastUpdated.replace(/[-:T.Z]/g, "").slice(0, 12) || Date.now().toString(36);
+  const parsedResource = typeof body.resource === "string" ? JSON.parse(body.resource) : body.resource ?? {};
+  const resource = { resourceType: "Tenant", id, ...parsedResource };
+  const summary = JSON.stringify(extractSummary3(resource));
+  await service.entities.tenant.put({
+    tenantId: id,
+    id,
+    resource: JSON.stringify(resource),
+    summary,
+    vid,
+    lastUpdated
+  }).go();
+  return { id, resource, meta: { lastUpdated, versionId: vid } };
+}
+
+// src/data/operations/control/workspace/workspace-create-operation.ts
+import { extractSummary as extractSummary4 } from "@openhi/types";
+async function createWorkspaceOperation(params) {
+  const { context, body, tableName } = params;
+  const { tenantId } = context;
+  const service = getDynamoControlService(tableName);
+  const id = body.id ?? `workspace-${Date.now()}`;
+  const lastUpdated = context.date;
+  const vid = lastUpdated.replace(/[-:T.Z]/g, "").slice(0, 12) || Date.now().toString(36);
+  const parsedResource = typeof body.resource === "string" ? JSON.parse(body.resource) : body.resource ?? {};
+  const resource = { resourceType: "Workspace", id, ...parsedResource };
+  const summary = JSON.stringify(extractSummary4(resource));
+  await service.entities.workspace.put({
+    tenantId,
+    id,
+    resource: JSON.stringify(resource),
+    summary,
+    vid,
+    lastUpdated
+  }).go();
+  return { id, resource, meta: { lastUpdated, versionId: vid } };
+}
+
+export {
+  createMembershipOperation,
+  createRoleAssignmentOperation,
+  createTenantOperation,
+  createWorkspaceOperation
+};
+//# sourceMappingURL=chunk-AO3E22CS.mjs.map

package/lib/chunk-AO3E22CS.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/data/operations/control/membership/membership-create-operation.ts","../src/data/operations/control/roleassignment/roleassignment-create-operation.ts","../src/data/operations/control/tenant/tenant-create-operation.ts","../src/data/operations/control/workspace/workspace-create-operation.ts"],"sourcesContent":["import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface MembershipCreateParams {\n  context: OpenHiContext;\n  body: { id?: string; resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface MembershipCreateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function createMembershipOperation(\n  params: MembershipCreateParams,\n): Promise<MembershipCreateResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `membership-${Date.now()}`;\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `1`;\n\n  const resource = { resourceType: \"Membership\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.membership\n    .put({\n      tenantId: context.tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface RoleAssignmentCreateParams {\n  context: OpenHiContext;\n  body: { id?: string; resource?: Record<string, unknown> | string };\n  tableName?: string;\n}\n\nexport interface RoleAssignmentCreateResult {\n  id: string;\n  resource: { resourceType: string; id: string; [key: string]: unknown };\n  meta: { lastUpdated: string; versionId: string };\n}\n\nexport async function createRoleAssignmentOperation(\n  params: RoleAssignmentCreateParams,\n): Promise<RoleAssignmentCreateResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `roleassignment-${Date.now()}`;\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const lastUpdated = context.date ?? new Date().toISOString();\n  const vid = `1`;\n\n  const resource = { resourceType: \"RoleAssignment\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.roleAssignment\n    .put({\n      tenantId: context.tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return {\n    id,\n    resource,\n    meta: { lastUpdated, versionId: vid },\n  };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface CreateTenantParams {\n  context: OpenHiContext;\n  body: {\n    id?: string;\n    resource?: Record<string, unknown> | string;\n  };\n  tableName?: string;\n}\n\nexport interface CreateTenantResult {\n  id: string;\n  resource: Record<string, unknown>;\n  meta: { lastUpdated: string; versionId: string };\n}\n\n/**\n * Creates a Tenant. Generates an id if not provided.\n */\nexport async function createTenantOperation(\n  params: CreateTenantParams,\n): Promise<CreateTenantResult> {\n  const { context, body, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `tenant-${Date.now()}`;\n  const lastUpdated = context.date;\n  const vid =\n    lastUpdated.replace(/[-:T.Z]/g, \"\").slice(0, 12) || Date.now().toString(36);\n\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const resource = { resourceType: \"Tenant\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.tenant\n    .put({\n      tenantId: id,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return { id, resource, meta: { lastUpdated, versionId: vid } };\n}\n","import { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface CreateWorkspaceParams {\n  context: OpenHiContext;\n  body: {\n    id?: string;\n    resource?: Record<string, unknown> | string;\n  };\n  tableName?: string;\n}\n\nexport interface CreateWorkspaceResult {\n  id: string;\n  resource: Record<string, unknown>;\n  meta: { lastUpdated: string; versionId: string };\n}\n\n/**\n * Creates a Workspace scoped to the context tenant. Generates an id if not provided.\n */\nexport async function createWorkspaceOperation(\n  params: CreateWorkspaceParams,\n): Promise<CreateWorkspaceResult> {\n  const { context, body, tableName } = params;\n  const { tenantId } = context;\n  const service = getDynamoControlService(tableName);\n\n  const id = body.id ?? `workspace-${Date.now()}`;\n  const lastUpdated = context.date;\n  const vid =\n    lastUpdated.replace(/[-:T.Z]/g, \"\").slice(0, 12) || Date.now().toString(36);\n\n  const parsedResource =\n    typeof body.resource === \"string\"\n      ? (JSON.parse(body.resource) as Record<string, unknown>)\n      : (body.resource ?? {});\n\n  const resource = { resourceType: \"Workspace\", id, ...parsedResource };\n  const summary = JSON.stringify(extractSummary(resource as FhirResourceLike));\n\n  await service.entities.workspace\n    .put({\n      tenantId,\n      id,\n      resource: JSON.stringify(resource),\n      summary,\n      vid,\n      lastUpdated,\n    })\n    .go();\n\n  return { id, resource, meta: { lastUpdated, versionId: vid } };\n}\n"],"mappings":";;;;;AAAA,SAAS,sBAA6C;AAgBtD,eAAsB,0BACpB,QACiC;AACjC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,cAAc,KAAK,IAAI,CAAC;AAC9C,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,cAAc,QAAQ,SAAQ,oBAAI,KAAK,GAAE,YAAY;AAC3D,QAAM,MAAM;AAEZ,QAAM,WAAW,EAAE,cAAc,cAAc,IAAI,GAAG,eAAe;AACrE,QAAM,UAAU,KAAK,UAAU,eAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,WACpB,IAAI;AAAA,IACH,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM,EAAE,aAAa,WAAW,IAAI;AAAA,EACtC;AACF;;;AClDA,SAAS,kBAAAA,uBAA6C;AAgBtD,eAAsB,8BACpB,QACqC;AACrC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,kBAAkB,KAAK,IAAI,CAAC;AAClD,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,cAAc,QAAQ,SAAQ,oBAAI,KAAK,GAAE,YAAY;AAC3D,QAAM,MAAM;AAEZ,QAAM,WAAW,EAAE,cAAc,kBAAkB,IAAI,GAAG,eAAe;AACzE,QAAM,UAAU,KAAK,UAAUC,gBAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,eACpB,IAAI;AAAA,IACH,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM,EAAE,aAAa,WAAW,IAAI;AAAA,EACtC;AACF;;;AClDA,SAAS,kBAAAC,uBAA6C;AAsBtD,eAAsB,sBACpB,QAC6B;AAC7B,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,UAAU,KAAK,IAAI,CAAC;AAC1C,QAAM,cAAc,QAAQ;AAC5B,QAAM,MACJ,YAAY,QAAQ,YAAY,EAAE,EAAE,MAAM,GAAG,EAAE,KAAK,KAAK,IAAI,EAAE,SAAS,EAAE;AAE5E,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,WAAW,EAAE,cAAc,UAAU,IAAI,GAAG,eAAe;AACjE,QAAM,UAAU,KAAK,UAAUC,gBAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,OACpB,IAAI;AAAA,IACH,UAAU;AAAA,IACV;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO,EAAE,IAAI,UAAU,MAAM,EAAE,aAAa,WAAW,IAAI,EAAE;AAC/D;;;ACrDA,SAAS,kBAAAC,uBAA6C;AAsBtD,eAAsB,yBACpB,QACgC;AAChC,QAAM,EAAE,SAAS,MAAM,UAAU,IAAI;AACrC,QAAM,EAAE,SAAS,IAAI;AACrB,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,KAAK,KAAK,MAAM,aAAa,KAAK,IAAI,CAAC;AAC7C,QAAM,cAAc,QAAQ;AAC5B,QAAM,MACJ,YAAY,QAAQ,YAAY,EAAE,EAAE,MAAM,GAAG,EAAE,KAAK,KAAK,IAAI,EAAE,SAAS,EAAE;AAE5E,QAAM,iBACJ,OAAO,KAAK,aAAa,WACpB,KAAK,MAAM,KAAK,QAAQ,IACxB,KAAK,YAAY,CAAC;AAEzB,QAAM,WAAW,EAAE,cAAc,aAAa,IAAI,GAAG,eAAe;AACpE,QAAM,UAAU,KAAK,UAAUC,gBAAe,QAA4B,CAAC;AAE3E,QAAM,QAAQ,SAAS,UACpB,IAAI;AAAA,IACH;AAAA,IACA;AAAA,IACA,UAAU,KAAK,UAAU,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC,EACA,GAAG;AAEN,SAAO,EAAE,IAAI,UAAU,MAAM,EAAE,aAAa,WAAW,IAAI,EAAE;AAC/D;","names":["extractSummary","extractSummary","extractSummary","extractSummary","extractSummary","extractSummary"]}

package/lib/chunk-CHPEQRXU.mjs

@@ -0,0 +1,45 @@
+import {
+  getDynamoControlService
+} from "./chunk-VYDIGFIX.mjs";
+
+// src/data/operations/control/user/user-find-by-sub-operation.ts
+async function findUserBySubOperation(params) {
+  const { cognitoSub, tableName } = params;
+  const service = getDynamoControlService(tableName);
+  const result = await service.entities.user.query.gsi2({ cognitoSub }).go({ limit: 1 });
+  const item = result.data?.[0];
+  if (!item) {
+    return void 0;
+  }
+  return {
+    id: item.id,
+    cognitoSub: item.cognitoSub,
+    resource: item.resource,
+    vid: item.vid
+  };
+}
+
+// src/data/operations/control/user/user-resource-helpers.ts
+function parseUserResource(resource) {
+  try {
+    return JSON.parse(resource);
+  } catch {
+    return void 0;
+  }
+}
+
+// src/data/operations/fhir-reference.ts
+function idFromReference(reference, prefix) {
+  if (!reference || !reference.startsWith(prefix)) {
+    return void 0;
+  }
+  const id = reference.slice(prefix.length);
+  return id.length > 0 ? id : void 0;
+}
+
+export {
+  findUserBySubOperation,
+  parseUserResource,
+  idFromReference
+};
+//# sourceMappingURL=chunk-CHPEQRXU.mjs.map

package/lib/chunk-CHPEQRXU.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/data/operations/control/user/user-find-by-sub-operation.ts","../src/data/operations/control/user/user-resource-helpers.ts","../src/data/operations/fhir-reference.ts"],"sourcesContent":["import { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport { OpenHiContext } from \"../../../openhi-context\";\n\nexport interface FindUserBySubParams {\n  context: OpenHiContext;\n  cognitoSub: string;\n  tableName?: string;\n}\n\nexport interface FindUserBySubResult {\n  id: string;\n  cognitoSub?: string;\n  resource: string;\n  vid: string;\n}\n\n/**\n * Look up a User by Cognito sub via GSI2, projecting the row to a stable\n * result shape. Returns `undefined` when no row matches.\n */\nexport async function findUserBySubOperation(\n  params: FindUserBySubParams,\n): Promise<FindUserBySubResult | undefined> {\n  const { cognitoSub, tableName } = params;\n  const service = getDynamoControlService(tableName);\n\n  const result = await service.entities.user.query\n    .gsi2({ cognitoSub })\n    .go({ limit: 1 });\n  const item = result.data?.[0];\n  if (!item) {\n    return undefined;\n  }\n  return {\n    id: item.id,\n    cognitoSub: item.cognitoSub,\n    resource: item.resource,\n    vid: item.vid,\n  };\n}\n","import type { User } from \"@openhi/types\";\n\n/**\n * Helpers for working with persisted OpenHI User resources. Co-located with\n * the User operations because both the Cognito triggers and the onboarding\n * workflow consume these alongside `findUserBySubOperation`.\n */\n\n// Defensive parse — JSON.parse may yield any shape, so every field is optional.\nexport type UserResource = Partial<User>;\n\n/**\n * Existing User resources are stored as JSON strings in the data store; parse\n * defensively so a malformed payload returns `undefined` rather than throwing.\n */\nexport function parseUserResource(resource: string): UserResource | undefined {\n  try {\n    return JSON.parse(resource) as UserResource;\n  } catch {\n    return undefined;\n  }\n}\n","/**\n * Pure helpers for working with FHIR Reference fields. Shared across data-plane\n * and control-plane operations and the handlers that wrap them.\n */\n\n/**\n * Extract the id portion from a FHIR-style reference such as `Patient/<id>` or\n * `Tenant/<id>`. Returns `undefined` if the reference is missing, does not\n * match the prefix, or has an empty id after the prefix.\n */\nexport function idFromReference(\n  reference: string | undefined,\n  prefix: string,\n): string | undefined {\n  if (!reference || !reference.startsWith(prefix)) {\n    return undefined;\n  }\n  const id = reference.slice(prefix.length);\n  return id.length > 0 ? id : undefined;\n}\n"],"mappings":";;;;;AAoBA,eAAsB,uBACpB,QAC0C;AAC1C,QAAM,EAAE,YAAY,UAAU,IAAI;AAClC,QAAM,UAAU,wBAAwB,SAAS;AAEjD,QAAM,SAAS,MAAM,QAAQ,SAAS,KAAK,MACxC,KAAK,EAAE,WAAW,CAAC,EACnB,GAAG,EAAE,OAAO,EAAE,CAAC;AAClB,QAAM,OAAO,OAAO,OAAO,CAAC;AAC5B,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AACA,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,YAAY,KAAK;AAAA,IACjB,UAAU,KAAK;AAAA,IACf,KAAK,KAAK;AAAA,EACZ;AACF;;;ACxBO,SAAS,kBAAkB,UAA4C;AAC5E,MAAI;AACF,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACXO,SAAS,gBACd,WACA,QACoB;AACpB,MAAI,CAAC,aAAa,CAAC,UAAU,WAAW,MAAM,GAAG;AAC/C,WAAO;AAAA,EACT;AACA,QAAM,KAAK,UAAU,MAAM,OAAO,MAAM;AACxC,SAAO,GAAG,SAAS,IAAI,KAAK;AAC9B;","names":[]}