npm - @openhi/constructs - Versions diffs - 0.0.104 → 0.0.106 - Mend

@openhi/constructs 0.0.104 → 0.0.106

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/README.md +14 -0
package/lib/chunk-2PM2NGXI.mjs +31 -0
package/lib/chunk-2PM2NGXI.mjs.map +1 -0
package/lib/chunk-AGF3RAAZ.mjs +20 -0
package/lib/chunk-AGF3RAAZ.mjs.map +1 -0
package/lib/chunk-AO3E22CS.mjs +108 -0
package/lib/chunk-AO3E22CS.mjs.map +1 -0
package/lib/chunk-CHPEQRXU.mjs +45 -0
package/lib/chunk-CHPEQRXU.mjs.map +1 -0
package/lib/chunk-JUNL76HF.mjs +428 -0
package/lib/chunk-JUNL76HF.mjs.map +1 -0
package/lib/chunk-L6UAP4KP.mjs +27 -0
package/lib/chunk-L6UAP4KP.mjs.map +1 -0
package/lib/{chunk-3QS3WKRC.mjs → chunk-LZOMFHX3.mjs} +9 -2
package/lib/chunk-QMIOLLAS.mjs +531 -0
package/lib/chunk-QMIOLLAS.mjs.map +1 -0
package/lib/chunk-SYBADQXI.mjs +607 -0
package/lib/chunk-SYBADQXI.mjs.map +1 -0
package/lib/chunk-VXX4I3EF.mjs +19 -0
package/lib/chunk-VXX4I3EF.mjs.map +1 -0
package/lib/{chunk-MLTYFMSE.mjs → chunk-VYDIGFIX.mjs} +74 -29
package/lib/chunk-VYDIGFIX.mjs.map +1 -0
package/lib/chunk-YU2HRNUP.mjs +33 -0
package/lib/chunk-YU2HRNUP.mjs.map +1 -0
package/lib/chunk-YZZDUJHI.mjs +37 -0
package/lib/chunk-YZZDUJHI.mjs.map +1 -0
package/lib/cors-options-lambda.handler.mjs +1 -1
package/lib/data-store-postgres-replication.handler.mjs +1 -1
package/lib/events-BfrkMoBD.d.mts +44 -0
package/lib/events-BfrkMoBD.d.ts +44 -0
package/lib/events-CVA3_eEB.d.mts +23 -0
package/lib/events-CVA3_eEB.d.ts +23 -0
package/lib/events-DGep6C7w.d.mts +207 -0
package/lib/events-DGep6C7w.d.ts +207 -0
package/lib/firehose-archive-transform.handler.mjs +1 -1
package/lib/index.d.mts +508 -29
package/lib/index.d.ts +773 -30
package/lib/index.js +2536 -105
package/lib/index.js.map +1 -1
package/lib/index.mjs +899 -106
package/lib/index.mjs.map +1 -1
package/lib/openhi-context-CaBH8SFo.d.mts +39 -0
package/lib/openhi-context-CaBH8SFo.d.ts +39 -0
package/lib/platform-deploy-bridge.handler.d.mts +14 -0
package/lib/platform-deploy-bridge.handler.d.ts +14 -0
package/lib/platform-deploy-bridge.handler.js +762 -0
package/lib/platform-deploy-bridge.handler.js.map +1 -0
package/lib/platform-deploy-bridge.handler.mjs +134 -0
package/lib/platform-deploy-bridge.handler.mjs.map +1 -0
package/lib/post-authentication.handler.mjs +1 -1
package/lib/post-confirmation.handler.js +50 -904
package/lib/post-confirmation.handler.js.map +1 -1
package/lib/post-confirmation.handler.mjs +37 -112
package/lib/post-confirmation.handler.mjs.map +1 -1
package/lib/pre-token-generation.handler.js +135 -55
package/lib/pre-token-generation.handler.js.map +1 -1
package/lib/pre-token-generation.handler.mjs +25 -32
package/lib/pre-token-generation.handler.mjs.map +1 -1
package/lib/provision-default-workspace.handler.d.mts +13 -0
package/lib/provision-default-workspace.handler.d.ts +13 -0
package/lib/provision-default-workspace.handler.js +1172 -0
package/lib/provision-default-workspace.handler.js.map +1 -0
package/lib/provision-default-workspace.handler.mjs +175 -0
package/lib/provision-default-workspace.handler.mjs.map +1 -0
package/lib/rest-api-lambda.handler.js +114 -59
package/lib/rest-api-lambda.handler.js.map +1 -1
package/lib/rest-api-lambda.handler.mjs +60 -587
package/lib/rest-api-lambda.handler.mjs.map +1 -1
package/lib/seed-demo-data.handler.d.mts +107 -0
package/lib/seed-demo-data.handler.d.ts +107 -0
package/lib/seed-demo-data.handler.js +2037 -0
package/lib/seed-demo-data.handler.js.map +1 -0
package/lib/seed-demo-data.handler.mjs +23 -0
package/lib/seed-demo-data.handler.mjs.map +1 -0
package/lib/seed-system-data.handler.d.mts +64 -0
package/lib/seed-system-data.handler.d.ts +64 -0
package/lib/seed-system-data.handler.js +1631 -0
package/lib/seed-system-data.handler.js.map +1 -0
package/lib/seed-system-data.handler.mjs +135 -0
package/lib/seed-system-data.handler.mjs.map +1 -0
package/package.json +4 -2
package/lib/chunk-MLTYFMSE.mjs.map +0 -1
/package/lib/{chunk-3QS3WKRC.mjs.map → chunk-LZOMFHX3.mjs.map} +0 -0

package/lib/pre-token-generation.handler.js CHANGED Viewed

@@ -24,6 +24,9 @@ __export(pre_token_generation_handler_exports, {
 });
 module.exports = __toCommonJS(pre_token_generation_handler_exports);
+// src/data/operations/control/user/user-create-operation.ts
+var import_types2 = require("@openhi/types");
 // src/data/dynamo/dynamo-control-service.ts
 var import_electrodb8 = require("electrodb");
@@ -41,6 +44,9 @@ var dynamoClient = new import_client_dynamodb.DynamoDBClient({
 // src/data/dynamo/entities/control/configuration-entity.ts
 var import_electrodb = require("electrodb");
+// src/data/dynamo/entities/control/control-entity-common.ts
+var import_types = require("@openhi/types");
 // src/data/dynamo/shard.ts
 var SHARD_COUNT = 4;
 function computeShard(id) {
@@ -63,6 +69,29 @@ var gsi1ShardAttribute = {
     return String(computeShard(item.id));
   }
 };
+var gsi1skAttribute = {
+  type: "string",
+  watch: ["resource", "lastUpdated", "id"],
+  set: (_val, item) => {
+    const id = typeof item?.id === "string" ? item.id : "";
+    const lastUpdated = typeof item?.lastUpdated === "string" ? item.lastUpdated : "";
+    const fallback = `${lastUpdated}#${id}`;
+    if (typeof item?.resource !== "string" || item.resource.length === 0) {
+      return fallback;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(item.resource);
+    } catch {
+      return fallback;
+    }
+    if (!parsed || typeof parsed !== "object") return fallback;
+    const resourceType = parsed.resourceType;
+    if (typeof resourceType !== "string") return fallback;
+    const label = (0, import_types.extractLabel)(parsed);
+    return label !== void 0 ? `${label}#${id}` : fallback;
+  }
+};
 // src/data/dynamo/entities/control/configuration-entity.ts
 var ConfigurationEntity = new import_electrodb.Entity({
@@ -168,8 +197,9 @@ var ConfigurationEntity = new import_electrodb.Entity({
      * (workspaceId = "-") or "list configs scoped to this workspace". Does not support
      * hierarchical resolution in one query; use base table GetItem in fallback order
      * (user → workspace → tenant → baseline) for that.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * SK is `<key>#<id>` — Configuration's `key` is a required entity attribute (the
+     * config category: endpoints, branding, display, …) and the natural sort/lookup
+     * dimension. `casing: "none"` preserves the literal key value.
      */
     gsi1: {
       index: "GSI1",
@@ -181,8 +211,8 @@ var ConfigurationEntity = new import_electrodb.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["key", "id"],
+        template: "${key}#${id}"
       }
     }
   }
@@ -236,6 +266,8 @@ var MembershipEntity = new import_electrodb2.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -266,8 +298,9 @@ var MembershipEntity = new import_electrodb2.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all Memberships for a tenant across the
      * four shards. Membership is tenant-scoped only, so `WID#-` is a sentinel.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
+     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
+     * normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -279,8 +312,8 @@ var MembershipEntity = new import_electrodb2.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     }
   }
@@ -329,6 +362,8 @@ var RoleEntity = new import_electrodb3.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -359,8 +394,9 @@ var RoleEntity = new import_electrodb3.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all Roles across the four shards.
      * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#Role#SHARD#<n>`.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
+     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
+     * normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -372,8 +408,8 @@ var RoleEntity = new import_electrodb3.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     }
   }
@@ -427,6 +463,8 @@ var RoleAssignmentEntity = new import_electrodb4.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -457,8 +495,9 @@ var RoleAssignmentEntity = new import_electrodb4.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all RoleAssignments for a tenant across the
      * four shards. Tenant-scoped only, so `WID#-` is a sentinel.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
+     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
+     * normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -470,8 +509,8 @@ var RoleAssignmentEntity = new import_electrodb4.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     }
   }
@@ -525,6 +564,8 @@ var TenantEntity = new import_electrodb5.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -555,8 +596,9 @@ var TenantEntity = new import_electrodb5.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all Tenants across the four shards.
      * Tenant lives at the platform tier (no parent tenant or workspace), so `TID#-#WID#-`
-     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is `<ISO-8601 lastUpdated>#<id>` (control-plane
-     * unlabeled per DR-004). `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is derived via `gsi1skAttribute` —
+     * `<normalizedName>#<id>` when the resource carries a `name`, else `<lastUpdated>#<id>`
+     * (DR-004). `casing: "none"` preserves the normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -568,8 +610,8 @@ var TenantEntity = new import_electrodb5.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     }
   }
@@ -626,6 +668,8 @@ var UserEntity = new import_electrodb6.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -656,8 +700,9 @@ var UserEntity = new import_electrodb6.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all Users across the four shards.
      * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#User#SHARD#<n>`.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z` characters.
+     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
+     * extractable (string `name`/`title` via introspection), else `<lastUpdated>#<id>`
+     * (DR-004). `casing: "none"` preserves the normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -669,8 +714,8 @@ var UserEntity = new import_electrodb6.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     },
     /**
@@ -745,6 +790,8 @@ var WorkspaceEntity = new import_electrodb7.Entity({
       required: true
     },
     gsi1Shard: gsi1ShardAttribute,
+    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
+    gsi1sk: gsi1skAttribute,
     deleted: {
       type: "boolean",
       required: false
@@ -775,8 +822,9 @@ var WorkspaceEntity = new import_electrodb7.Entity({
     /**
      * GSI1 — Unified Sharded List per ADR-011: list all Workspaces for a tenant across the
      * four shards. Workspace is itself the workspace identity, so `WID#-` is a sentinel.
-     * SK is `<ISO-8601 lastUpdated>#<id>` (control-plane unlabeled per DR-004).
-     * `casing: "none"` on the SK preserves ISO-8601 `T`/`Z`.
+     * SK is derived via `gsi1skAttribute` — `<normalizedName>#<id>` when the resource
+     * carries a `name`, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves
+     * the normalized label and ISO-8601 `T`/`Z`.
      */
     gsi1: {
       index: "GSI1",
@@ -788,8 +836,8 @@ var WorkspaceEntity = new import_electrodb7.Entity({
       sk: {
         field: "GSI1SK",
         casing: "none",
-        composite: ["lastUpdated", "id"],
-        template: "${lastUpdated}#${id}"
+        composite: ["gsi1sk"],
+        template: "${gsi1sk}"
       }
     }
   }
@@ -823,31 +871,15 @@ function getDynamoControlService(tableName) {
   };
 }
-// src/components/cognito/pre-token-generation.handler.ts
-var REFERENCE_TYPES = {
-  Tenant: "Tenant/",
-  Workspace: "Workspace/"
-};
-function idFromReference(reference, prefix) {
-  if (!reference || !reference.startsWith(prefix)) return void 0;
-  const id = reference.slice(prefix.length);
-  return id.length > 0 ? id : void 0;
-}
-function displayNameFor(user) {
-  const first = user.name?.[0];
-  return first?.text ?? first?.family ?? user.displayName ?? void 0;
-}
-function safeParseUser(json) {
-  try {
-    return JSON.parse(json);
-  } catch {
-    return void 0;
-  }
-}
-async function findUserBySub(service, cognitoSub) {
+// src/data/operations/control/user/user-find-by-sub-operation.ts
+async function findUserBySubOperation(params) {
+  const { cognitoSub, tableName } = params;
+  const service = getDynamoControlService(tableName);
   const result = await service.entities.user.query.gsi2({ cognitoSub }).go({ limit: 1 });
   const item = result.data?.[0];
-  if (!item) return void 0;
+  if (!item) {
+    return void 0;
+  }
   return {
     id: item.id,
     cognitoSub: item.cognitoSub,
@@ -855,16 +887,64 @@ async function findUserBySub(service, cognitoSub) {
     vid: item.vid
   };
 }
+// src/data/operations/data-operations-common.ts
+var import_types3 = require("@openhi/types");
+// src/lib/compression.ts
+var import_node_zlib = require("zlib");
+// src/data/operations/control/user/user-update-operation.ts
+var import_types4 = require("@openhi/types");
+// src/data/operations/control/user/user-resource-helpers.ts
+function parseUserResource(resource) {
+  try {
+    return JSON.parse(resource);
+  } catch {
+    return void 0;
+  }
+}
+// src/data/operations/fhir-reference.ts
+function idFromReference(reference, prefix) {
+  if (!reference || !reference.startsWith(prefix)) {
+    return void 0;
+  }
+  const id = reference.slice(prefix.length);
+  return id.length > 0 ? id : void 0;
+}
+// src/components/cognito/pre-token-generation.handler.ts
+var REFERENCE_TYPES = {
+  Tenant: "Tenant/",
+  Workspace: "Workspace/"
+};
+function displayNameFor(user) {
+  const names = user.name;
+  const first = names?.[0];
+  return first?.text ?? first?.family ?? void 0;
+}
+var lookupContext = {
+  tenantId: "",
+  workspaceId: "",
+  date: "",
+  actorId: "",
+  actorName: "",
+  actorType: "internal-system"
+};
 async function resolveClaims(cognitoSub) {
-  const service = getDynamoControlService();
-  const user = await findUserBySub(service, cognitoSub);
+  const user = await findUserBySubOperation({
+    context: lookupContext,
+    cognitoSub
+  });
   if (!user) {
     console.warn(
       `PreTokenGeneration: no User found for cognitoSub; emitting token without OpenHI claims (sub=${cognitoSub})`
     );
     return void 0;
   }
-  const parsed = safeParseUser(user.resource);
+  const parsed = parseUserResource(user.resource);
   if (!parsed) {
     console.warn(
       `PreTokenGeneration: User resource JSON could not be parsed (sub=${cognitoSub}, id=${user.id})`
@@ -882,7 +962,7 @@ async function resolveClaims(cognitoSub) {
   const displayName = displayNameFor(parsed);
   if (!tenantId || !workspaceId || !displayName) {
     console.warn(
-      `PreTokenGeneration: resolved User missing currentTenant/currentWorkspace/displayName; emitting token without OpenHI claims (sub=${cognitoSub}, id=${user.id})`
+      `PreTokenGeneration: resolved User missing currentTenant/currentWorkspace/name; emitting token without OpenHI claims (sub=${cognitoSub}, id=${user.id})`
     );
     return void 0;
   }