@openhi/constructs 0.0.110 → 0.0.112

package/lib/chunk-6NBGYGFL.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/data/dynamo/dynamo-control-service.ts","../src/data/dynamo/entities/control/configuration-entity.ts","../src/data/dynamo/entities/control/control-entity-common.ts","../src/data/dynamo/shard.ts","../src/data/dynamo/entities/control/configuration-user-projection-entity.ts","../src/data/dynamo/entities/control/configuration-workspace-projection-entity.ts","../src/data/dynamo/entities/control/membership-entity.ts","../src/data/dynamo/entities/control/membership-user-projection-entity.ts","../src/data/dynamo/entities/control/membership-workspace-projection-entity.ts","../src/data/dynamo/entities/control/role-entity.ts","../src/data/dynamo/entities/control/roleassignment-entity.ts","../src/data/dynamo/entities/control/roleassignment-user-projection-entity.ts","../src/data/dynamo/entities/control/roleassignment-workspace-projection-entity.ts","../src/data/dynamo/entities/control/tenant-entity.ts","../src/data/dynamo/entities/control/user-entity.ts","../src/data/dynamo/entities/control/workspace-entity.ts"],"sourcesContent":["import { Service } from \"electrodb\";\nimport { defaultTableName, dynamoClient } from \"./dynamo-client\";\nimport { ConfigurationEntity } from \"./entities/control/configuration-entity\";\nimport { ConfigurationUserProjectionEntity } from \"./entities/control/configuration-user-projection-entity\";\nimport { ConfigurationWorkspaceProjectionEntity } from \"./entities/control/configuration-workspace-projection-entity\";\nimport { MembershipEntity } from \"./entities/control/membership-entity\";\nimport { MembershipUserProjectionEntity } from \"./entities/control/membership-user-projection-entity\";\nimport { MembershipWorkspaceProjectionEntity } from \"./entities/control/membership-workspace-projection-entity\";\nimport { RoleEntity } from \"./entities/control/role-entity\";\nimport { RoleAssignmentEntity } from \"./entities/control/roleassignment-entity\";\nimport { RoleAssignmentUserProjectionEntity } from \"./entities/control/roleassignment-user-projection-entity\";\nimport { RoleAssignmentWorkspaceProjectionEntity } from \"./entities/control/roleassignment-workspace-projection-entity\";\nimport { TenantEntity } from \"./entities/control/tenant-entity\";\nimport { UserEntity } from \"./entities/control/user-entity\";\nimport { WorkspaceEntity } from \"./entities/control/workspace-entity\";\n\n/**\n * Control-plane entities only (service \"control\"). Same table as data plane; use\n * DynamoDataService for data-plane entities.\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n */\n\nconst controlPlaneEntities = {\n  configuration: ConfigurationEntity,\n  configurationUserProjection: ConfigurationUserProjectionEntity,\n  configurationWorkspaceProjection: ConfigurationWorkspaceProjectionEntity,\n  membership: MembershipEntity,\n  membershipUserProjection: MembershipUserProjectionEntity,\n  membershipWorkspaceProjection: MembershipWorkspaceProjectionEntity,\n  role: RoleEntity,\n  roleAssignment: RoleAssignmentEntity,\n  roleAssignmentUserProjection: RoleAssignmentUserProjectionEntity,\n  roleAssignmentWorkspaceProjection: RoleAssignmentWorkspaceProjectionEntity,\n  tenant: TenantEntity,\n  user: UserEntity,\n  workspace: WorkspaceEntity,\n};\n\nconst controlPlaneService = new Service(controlPlaneEntities, {\n  table: defaultTableName,\n  client: dynamoClient,\n});\n\n/**\n * Control-plane service: entities for configuration and control. Use with the\n * data store table (PK, SK, GSI1; UserEntity also uses GSI2).\n *\n * `transaction` exposes ElectroDB's `service.transaction.write` /\n * `service.transaction.get` builders so the operations-layer multi-write\n * helper (#1010, ADR-018) can compose `TransactWriteItems` across the\n * control-plane entities.\n */\nexport const DynamoControlService = {\n  entities: controlPlaneService.entities,\n  transaction: controlPlaneService.transaction,\n};\n\nexport type DynamoControlServiceType = typeof DynamoControlService;\n\n/**\n * Returns the control-plane service. Table name is resolved from tableName (optional override),\n * then DYNAMO_TABLE_NAME, then \"jesttesttable\".\n */\nexport function getDynamoControlService(\n  tableName?: string,\n): DynamoControlServiceType {\n  const resolved = tableName ?? defaultTableName;\n  const service = new Service(controlPlaneEntities, {\n    table: resolved,\n    client: dynamoClient,\n  });\n  return {\n    entities: service.entities,\n    transaction: service.transaction,\n  };\n}\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Configuration data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Partially tenant-isolated, control plane. Cascade of scope\n * levels: resolution order user → workspace → tenant → baseline. Sentinels: tenantId \"BASELINE\" for\n * baseline tier; workspaceId/userId/roleId \"-\" for absent dimension.\n *\n * Key structure: PK = CONFIG#TID#<tenantId>#WID#<workspaceId>#UID#<userId>#RID#<roleId>,\n * SK = KEY#<key>#SK#<sk>. Uniqueness: one Configuration per (tenantId, workspaceId, userId, roleId, key).\n * Standard attributes and key-building conventions align with single-table design.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Configuration entries in a tenant/workspace\n * across the four shards.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entities/configuration.md\n * @see sites/www-docs/content/architecture/control-plane/configuration.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entity-standards.md — Key-building conventions (keys built inside entity)\n */\nexport const ConfigurationEntity = new Entity({\n  model: {\n    entity: \"configuration\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key. \"CURRENT\" for current version; version history in S3. */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant scope. Use \"BASELINE\" when the config is baseline default (no tenant). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"BASELINE\",\n    },\n    /** Workspace scope. Use \"-\" when absent. */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** User scope. Use \"-\" when absent. */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Role scope. Use \"-\" when absent. */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Config type (category), e.g. endpoints, branding, display. */\n    key: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL and for the Configuration resource. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Payload as JSON string. JSON.stringify(resource) on write; JSON.parse(item.resource) on read. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, key, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). Tracks current version; S3 history key. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK, SK (data store key names). PK is built from tenantId, workspaceId, userId, roleId; SK is built from key and sk. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"userId\", \"roleId\"],\n        template:\n          \"CONFIG#TID#${tenantId}#WID#${workspaceId}#UID#${userId}#RID#${roleId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"key\", \"sk\"],\n        template: \"KEY#${key}#SK#${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Configuration entries for a\n     * (tenant, workspace) across the four shards. Use for \"list configs scoped to this tenant\"\n     * (workspaceId = \"-\") or \"list configs scoped to this workspace\". Does not support\n     * hierarchical resolution in one query; use base table GetItem in fallback order\n     * (user → workspace → tenant → baseline) for that.\n     * SK is `<key>#<id>` — Configuration's `key` is a required entity attribute (the\n     * config category: endpoints, branding, display, …) and the natural sort/lookup\n     * dimension. `casing: \"none\"` preserves the literal key value.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"gsi1Shard\"],\n        template:\n          \"TID#${tenantId}#WID#${workspaceId}#RT#Configuration#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"key\", \"id\"],\n        template: \"${key}#${id}\",\n      },\n    },\n  },\n});\n","import { extractLabel, normalizeLabel } from \"@openhi/types\";\nimport { computeShard } from \"../../shard\";\n\n/**\n * Shared GSI1 shard attribute for control-plane entities.\n *\n * Control-plane entities (User, Tenant, Workspace, Membership, Role, RoleAssignment,\n * Configuration) use the same `TID#/WID#/RT#/SHARD#` PK shape on GSI1 as data-plane\n * FHIR resources per ADR-011. The shard index is derived deterministically from `id`\n * via `computeShard` so updates always land on the same shard. Stored as a string\n * because it appears as a literal segment in the GSI1 PK template; the underlying\n * value is 0..3.\n *\n * Not `required` because the value is derived via `watch`/`set`; ElectroDB's\n * required-field check runs before watch propagation, so callers must not fail\n * validation on a derived field.\n */\nexport const gsi1ShardAttribute = {\n  type: \"string\" as const,\n  watch: [\"id\"] as const,\n  set: (_val?: string, item?: { id?: string }) => {\n    if (typeof item?.id !== \"string\" || item.id.length === 0) {\n      return undefined;\n    }\n    return String(computeShard(item.id));\n  },\n};\n\n/**\n * Shared GSI1 sort-key attribute for control-plane entities.\n *\n * Derives the GSI1SK value at write time from the entity's `resource` JSON\n * string, applying the same label-extraction strategy as the data plane\n * (DR-004 / `@openhi/types` `extractLabel`). When the resource carries a\n * natural label (Tenant.name, Workspace.name, Configuration.key, …) the\n * sort key is `<normalizedLabel>#<id>` so list endpoints sort alphabetically\n * and `BEGINS_WITH` queries serve prefix searches. When no label is\n * extractable, falls back to `<entity.lastUpdated>#<id>` for stable\n * reverse-chronological ordering.\n *\n * Falls back gracefully on malformed `resource` payloads — JSON parse\n * failures and missing fields both route to the lastUpdated fallback so a\n * single bad write never blocks an entity put. The entity-level\n * `lastUpdated` is preferred over `resource.meta.lastUpdated` so the\n * fallback uses the authoritative timestamp the entity write supplies.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n */\nexport const gsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"resource\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: { resource?: string; lastUpdated?: string; id?: string },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    if (typeof item?.resource !== \"string\" || item.resource.length === 0) {\n      return fallback;\n    }\n\n    let parsed: unknown;\n    try {\n      parsed = JSON.parse(item.resource);\n    } catch {\n      return fallback;\n    }\n    if (!parsed || typeof parsed !== \"object\") return fallback;\n    const resourceType = (parsed as { resourceType?: unknown }).resourceType;\n    if (typeof resourceType !== \"string\") return fallback;\n\n    const label = extractLabel(parsed as Parameters<typeof extractLabel>[0]);\n    return label !== undefined ? `${label}#${id}` : fallback;\n  },\n};\n\n/**\n * Extract a roleId from a RoleAssignment resource payload. Looks first at\n * a flat top-level `roleId` string, then at a FHIR-style `role.reference`\n * (e.g. `Role/<id>`). Returns `undefined` when neither shape is present\n * or the field is malformed — callers fall back to the generic GSI1SK\n * derivation in that case so a single bad write never blocks an entity put.\n */\nfunction extractRoleId(resource: Record<string, unknown>): string | undefined {\n  const flat = resource.roleId;\n  if (typeof flat === \"string\" && flat.length > 0) return flat;\n\n  const role = resource.role;\n  if (role && typeof role === \"object\") {\n    const reference = (role as { reference?: unknown }).reference;\n    if (typeof reference === \"string\" && reference.length > 0) {\n      const slash = reference.lastIndexOf(\"/\");\n      const tail = slash >= 0 ? reference.slice(slash + 1) : reference;\n      if (tail.length > 0) return tail;\n    }\n  }\n  return undefined;\n}\n\n/**\n * RoleAssignment-specific GSI1 sort-key attribute (ADR-018 pattern #8 —\n * \"users with a specific role in a tenant, sorted by user name\").\n *\n * Composes the canonical-row GSI1SK as the discriminator-first shape\n * `<roleId>#<normalizedUserName>#<id>` so a GSI1 query partitioned on\n * the tenant can `begins_with('<roleId>#')` to enumerate every user\n * assigned to a given role, sorted by user name.\n *\n * - `<roleId>` is read from a flat `resource.roleId` field, falling back\n *   to the slug after the final `/` in `resource.role.reference` (the\n *   FHIR Reference shape). Sorting on `roleId` rather than the role's\n *   display name means a Role rename does not cascade onto this index\n *   (TR-024 / ADR-018 § Implementation Notes).\n * - `<normalizedUserName>` is `normalizeLabel(denormalizedUserName)` —\n *   the top-level denormalized field promoted in #1009 (TR-024 rule 3:\n *   canonical-record symmetry).\n *\n * Falls back to `gsi1skAttribute`'s `<lastUpdated>#<id>` shape when\n * either component is missing or malformed, so pre-TR-024 rows and\n * malformed payloads still produce a valid sort key.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n *\n * @see ADR-018 § Access Pattern Coverage — pattern #8\n * @see TR-024 — Denormalized display-name attributes\n */\nexport const roleAssignmentGsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"resource\", \"denormalizedUserName\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: {\n      resource?: string;\n      denormalizedUserName?: string;\n      lastUpdated?: string;\n      id?: string;\n    },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    if (typeof item?.resource !== \"string\" || item.resource.length === 0) {\n      return fallback;\n    }\n\n    let parsed: unknown;\n    try {\n      parsed = JSON.parse(item.resource);\n    } catch {\n      return fallback;\n    }\n    if (!parsed || typeof parsed !== \"object\") return fallback;\n\n    const roleId = extractRoleId(parsed as Record<string, unknown>);\n    if (roleId === undefined) return fallback;\n\n    const denormalizedUserName =\n      typeof item.denormalizedUserName === \"string\"\n        ? item.denormalizedUserName\n        : \"\";\n    const normalizedUserName =\n      denormalizedUserName.length > 0\n        ? normalizeLabel(denormalizedUserName)\n        : \"\";\n    if (normalizedUserName.length === 0) return fallback;\n\n    return `${roleId}#${normalizedUserName}#${id}`;\n  },\n};\n\n/**\n * Membership-specific GSI1 sort-key attribute (ADR-018 pattern #1 —\n * \"users in a tenant, sorted by user name\").\n *\n * Composes the canonical-row GSI1SK as `<normalizedUserName>#<id>` so a\n * GSI1 query partitioned on the tenant range-scans by user-name prefix\n * and returns memberships sorted alphabetically by user name. No role\n * discriminator goes in front — pattern #1 is user-name-first.\n *\n * - `<normalizedUserName>` is `normalizeLabel(denormalizedUserName)` —\n *   the top-level denormalized field promoted in #1009 (TR-024 rule 3:\n *   canonical-record symmetry).\n *\n * Falls back to `gsi1skAttribute`'s `<lastUpdated>#<id>` shape when\n * `denormalizedUserName` is missing, so pre-TR-024 rows and malformed\n * payloads still produce a valid sort key.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n *\n * @see ADR-018 § Access Pattern Coverage — pattern #1\n * @see TR-024 — Denormalized display-name attributes\n */\nexport const membershipGsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"denormalizedUserName\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: {\n      denormalizedUserName?: string;\n      lastUpdated?: string;\n      id?: string;\n    },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    const denormalizedUserName =\n      typeof item?.denormalizedUserName === \"string\"\n        ? item.denormalizedUserName\n        : \"\";\n    const normalizedUserName =\n      denormalizedUserName.length > 0\n        ? normalizeLabel(denormalizedUserName)\n        : \"\";\n    if (normalizedUserName.length === 0) {\n      return fallback;\n    }\n\n    return `${normalizedUserName}#${id}`;\n  },\n};\n","/**\n * Shard selection for the data-plane single-table GSI1 partitioning per ADR-011.\n *\n * GSI1's partition key embeds a `SHARD#<n>` segment with `n = computeShard(id)`.\n * The hash is deterministic so updates to the same resource id always land on\n * the same shard (no cross-shard migration on update); reads fan out to all\n * shards in parallel and merge by SK.\n *\n * @see sites/www-docs/content/architecture/adr/ — ADR-011 (single-table DynamoDB)\n */\n\n/** Number of shards in the GSI1 partition key. Fixed at 4 in v1; raising it later is a backfill, not a schema migration. */\nexport const SHARD_COUNT = 4;\n\n/**\n * Returns a deterministic shard index in [0, SHARD_COUNT) for the given resource id.\n *\n * Implementation: 32-bit FNV-1a over the UTF-16 code units of the id, modulo SHARD_COUNT.\n * The function is pure and stable; the same id always returns the same shard.\n *\n * ESLint's `no-bitwise` rule is disabled inside this function because FNV-1a is\n * defined in terms of XOR and unsigned-right-shift — the bitwise ops are the\n * algorithm, not an accidental logical-operator confusion.\n */\nexport function computeShard(id: string): number {\n  /* eslint-disable no-bitwise */\n  let hash = 0x811c9dc5;\n  for (let i = 0; i < id.length; i++) {\n    hash ^= id.charCodeAt(i);\n    hash = Math.imul(hash, 0x01000193);\n  }\n  return (hash >>> 0) % SHARD_COUNT;\n  /* eslint-enable no-bitwise */\n}\n","import { Entity } from \"electrodb\";\n\n/**\n * Configuration user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection — pattern #10 (user-scope half).**\n * For every user-scoped Configuration write the operations-layer\n * multi-write helper writes one projection row under the user partition\n * so the user-rooted access pattern #10 is served by a single\n * base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #10 user-scope | Configuration is user-scoped (`userId !== \"-\"`) | `USER#ID#<userId>` | `CONFIGURATION#<normalizedConfigName>#<configurationId>` |\n *\n * `<normalizedConfigName>` derives from Configuration's `key` attribute\n * (the canonical name dimension — Configuration carries no `displayName`\n * per TR-024 § Open Item #5, so `key` is the natural sort source). The\n * SK shape is operation-owned: the operations-layer projection writer\n * composes the SK string via `buildConfigurationUserProjectionSk` and\n * supplies it on the `sk` attribute. This entity stores the SK verbatim —\n * no `watch`/derived computation here — so the SK grammar (and any\n * future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'CONFIGURATION#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`configurationId`, `userId`,\n * `tenantId`, `scope`).\n *\n * **Cross-tenant partition.** Unlike Membership/RoleAssignment-workspace\n * partitions, the Configuration user-projection's PK carries no tenant\n * prefix — a user's user-scoped Configurations are cross-tenant by\n * design (a user may carry preferences that follow them across tenant\n * memberships). This mirrors the RoleAssignment user-projection partition.\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged. Tenant-scoped Configurations\n * continue to use the canonical GSI1 path (ADR-011) unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#10 — user-scope half)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const ConfigurationUserProjectionEntity = new Entity({\n  model: {\n    entity: \"configurationUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildConfigurationUserProjectionSk`. The entity stores\n     * the value verbatim so the SK grammar (pattern #10 user-scope) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Configuration canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via the\n     * Configuration get-by-id operation when the projection's `summary`\n     * is insufficient.\n     */\n    configurationId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Tenant the Configuration is associated with. The canonical row\n     * keys off `(tenantId, workspaceId, userId, roleId)`; the projection\n     * carries `tenantId` so consumers reconstructing the canonical PK\n     * have the tenant segment without a hop.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Scope marker. Always `\"user\"` on this projection — recorded\n     * explicitly so future scope-bearing projections (workspace,\n     * tenant, role) can share filter semantics in a unified\n     * cross-projection list query if one ever lands.\n     */\n    scope: {\n      type: \"string\" as const,\n      required: true,\n      default: \"user\",\n    },\n    /**\n     * Configuration's `key` attribute (config category, e.g. endpoints,\n     * branding, display). Mirrored from the canonical row so consumers\n     * reading the projection get the natural display label without a\n     * BatchGet hop. Doubles as the source of `<normalizedConfigName>` in\n     * the SK.\n     */\n    displayName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Summary projection (key display fields as JSON string) — mirrored\n     * from the canonical Configuration row so user-partition queries do\n     * not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Configuration row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Configuration row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied. A\n     * single `Query(PK = USER#ID#<userId>, SK begins_with\n     * 'CONFIGURATION#')` returns the user's user-scoped Configurations\n     * sorted by `<normalizedConfigName>` (then `<configurationId>` as\n     * the tiebreaker).\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Configuration workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection — pattern #10 (workspace-scope half).**\n * For every workspace-scoped Configuration the operations-layer\n * multi-write helper writes one projection row under the workspace\n * partition so the workspace-rooted access pattern #10 is served by a\n * single base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #10 workspace-scope | Configuration is workspace-scoped (`workspaceId !== \"-\"`, `userId === \"-\"`) | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `CONFIGURATION#<normalizedConfigName>#<configurationId>` |\n *\n * The PK co-locates with the canonical Workspace record\n * (`SK = CURRENT`) and the Membership / RoleAssignment workspace-\n * projections (patterns #2, #9), so an admin workspace dashboard can\n * hydrate workspace metadata + member projections + role-assignment\n * projections + workspace-scoped Configurations in a single `Query`.\n *\n * `<normalizedConfigName>` derives from Configuration's `key` attribute\n * (the canonical name dimension — Configuration carries no `displayName`\n * per TR-024 § Open Item #5, so `key` is the natural sort source). The\n * SK shape is operation-owned: the operations-layer projection writer\n * composes the SK string via `buildConfigurationWorkspaceProjectionSk`\n * and supplies it on the `sk` attribute. This entity stores the SK\n * verbatim — no `watch`/derived computation here — so the SK grammar\n * (and any future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'CONFIGURATION#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`configurationId`, `workspaceId`,\n * `tenantId`, `scope`).\n *\n * **Tenant-prefixed partition.** Unlike the Configuration user-\n * projection (whose PK is `USER#ID#<userId>` with no tenant prefix —\n * a user's user-scoped Configurations are cross-tenant by design),\n * the workspace-projection PK carries the tenant prefix because\n * Workspaces are tenant-scoped per ADR-011. This mirrors the\n * Membership / RoleAssignment workspace-projection partitions.\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged. Tenant-scoped Configurations continue to use the\n * canonical GSI1 path (ADR-011) unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#10 — workspace-scope half)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const ConfigurationWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"configurationWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildConfigurationWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #10\n     * workspace-scope) is owned by the operations layer, not\n     * duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Configuration canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via the\n     * Configuration get-by-id operation when the projection's `summary`\n     * is insufficient.\n     */\n    configurationId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Scope marker. Always `\"workspace\"` on this projection — recorded\n     * explicitly so future scope-bearing projections (user, tenant,\n     * role) can share filter semantics in a unified cross-projection\n     * list query if one ever lands.\n     */\n    scope: {\n      type: \"string\" as const,\n      required: true,\n      default: \"workspace\",\n    },\n    /**\n     * Configuration's `key` attribute (config category, e.g. endpoints,\n     * branding, display). Mirrored from the canonical row so consumers\n     * reading the projection get the natural display label without a\n     * BatchGet hop. Doubles as the source of `<normalizedConfigName>`\n     * in the SK.\n     */\n    displayName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Summary projection (key display fields as JSON string) — mirrored\n     * from the canonical Configuration row so workspace-partition\n     * queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Configuration row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Configuration row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. A single\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'CONFIGURATION#')`\n     * returns the workspace's workspace-scoped Configurations sorted by\n     * `<normalizedConfigName>` (then `<configurationId>` as the\n     * tiebreaker).\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport {\n  gsi1ShardAttribute,\n  membershipGsi1skAttribute,\n} from \"./control-entity-common\";\n\n/**\n * Membership data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Membership links a User\n * to a Tenant (and optionally a Workspace). One record per (tenantId, id).\n *\n * Key structure: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT.\n * Uniqueness: one Membership per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Memberships in a tenant across the four\n * shards. Membership is tenant-scoped (not workspace-scoped), so the GSI1 PK uses `WID#-` as a\n * sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const MembershipEntity = new Entity({\n  model: {\n    entity: \"membership\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the user has membership (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; membership id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Membership resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /**\n     * Derived GSI1 sort key — `<normalizedUserName>#<id>` per ADR-018\n     * pattern #1 so a GSI1 query partitioned on the tenant range-scans\n     * by user-name prefix and returns memberships sorted by user name.\n     * Falls back to `<lastUpdated>#<id>` when `denormalizedUserName`\n     * is missing.\n     */\n    gsi1sk: membershipGsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized `linked-data-identity` Reference (e.g. `Practitioner/abc`).\n     * Populated from the FHIR extension on the Membership resource at write\n     * time so future GSIs can index data-plane identity lookups without\n     * deserializing the full resource JSON. See ADR 2026-03-13-02 §6.\n     */\n    linkedDataIdentityRef: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Tenant, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list projection SKs (pattern #3 — `MEMBERSHIP#TENANT#<normalizedTenantName>#…`)\n     * can be composed from a top-level field instead of digging into the\n     * `resource` JSON. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Tenant.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked User, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list canonical-record GSI1SK (pattern #1 —\n     * `<normalizedUserName>#<id>`) and workspace-projection SK (pattern #2)\n     * can be composed from a top-level field. Optional on the schema so\n     * pre-TR-024 rows do not break; the operations-layer multi-write helper\n     * (#1010) makes the field load-bearing at write time per TR-024 rule 2\n     * (write-time source = canonical User.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#MEMBERSHIP#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Memberships for a tenant across the\n     * four shards. Membership is tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is derived via `membershipGsi1skAttribute` — composes\n     * `<normalizedUserName>#<id>` per ADR-018 pattern #1 (users in a\n     * tenant, sorted by user name); falls back to `<lastUpdated>#<id>`\n     * when `denormalizedUserName` is missing. `casing: \"none\"` preserves\n     * the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Membership#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Membership user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every Membership write the\n * operations-layer multi-write helper writes one of two projection rows\n * under the user partition so the user-rooted access patterns #3 and #4\n * are served by a single base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #3 — tenant sub-lane | `workspaceId` absent | `USER#ID#<userId>` | `MEMBERSHIP#TENANT#<normalizedTenantName>#TID#<tenantId>#<id>` |\n * | #4 — workspace sub-lane | `workspaceId` set | `USER#ID#<userId>` | `MEMBERSHIP#WORKSPACE#TID#<tenantId>#<normalizedWorkspaceName>#WID#<workspaceId>#<id>` |\n *\n * Both shapes share the user-partition `PK = USER#ID#<userId>`. The SK\n * shape is operation-owned: the operations-layer projection writer\n * composes the SK string via the `buildMembershipUserProjectionSk*`\n * helpers and supplies it on the `sk` attribute. This entity stores the\n * SK verbatim — no `watch`/derived computation here — so the SK grammar\n * (and any future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'MEMBERSHIP#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`tenantId`, `userId`, `workspaceId?`,\n * `membershipId`) and TR-024 denormalized display names\n * (`denormalizedTenantName`, `denormalizedUserName`,\n * `denormalizedWorkspaceName?`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#3, #4)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const MembershipUserProjectionEntity = new Entity({\n  model: {\n    entity: \"membershipUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildMembershipUserProjectionSk*` helpers. The entity\n     * stores the value verbatim so the SK grammar (patterns #3 and #4)\n     * is owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Tenant in which the membership applies. Always required. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace the membership scopes to. Present iff the projection\n     * row is a pattern-#4 workspace sub-lane row; absent for pattern-#3\n     * tenant sub-lane rows.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Membership canonical-record id. Stored as a discriminating field\n     * so consumers can hydrate the canonical row via\n     * `MembershipEntity.get({ tenantId, id: membershipId })` when the\n     * projection's `summary` is insufficient.\n     */\n    membershipId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical Membership row\n     * so user-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Membership row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Membership row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized Tenant display name — required to compose pattern-#3\n     * SK (`MEMBERSHIP#TENANT#<normalizedTenantName>#…`). Optional on the\n     * schema because pre-TR-024 rows may not carry a display name; the\n     * operations layer falls back gracefully when missing.\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized User display name — mirrored from the canonical\n     * Membership row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the user's\n     * display name without a hop to the User record.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Workspace display name — required to compose\n     * pattern-#4 SK (`MEMBERSHIP#WORKSPACE#TID#<tenantId>#<normalizedWorkspaceName>#…`).\n     * Optional on the schema (TR-024 § Open Item #4 defers a formal\n     * Workspace-rename cascade); the operations layer falls back to a\n     * sentinel when missing so the SK still has a valid shape.\n     */\n    denormalizedWorkspaceName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied.\n     * Both pattern #3 and pattern #4 use this same index — the SK string\n     * encodes the lane discriminator (`MEMBERSHIP#TENANT#…` vs\n     * `MEMBERSHIP#WORKSPACE#…`) so a single `Query(PK = USER#ID#<userId>,\n     * SK begins_with 'MEMBERSHIP#')` returns both lanes interleaved.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Membership workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every workspace-scoped\n * Membership the operations-layer multi-write helper writes one\n * projection row under the workspace partition so the workspace-rooted\n * access pattern #2 is served by a single base-table `Query` with no\n * GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #2 — users in a workspace | `workspaceId` set | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `MEMBERSHIP#<normalizedUserName>#USER#<userId>#<id>` |\n *\n * The PK co-locates with the canonical Workspace record\n * (`SK = CURRENT`) so a single `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>)`\n * returns workspace metadata + every member projection in one round\n * trip. The SK shape is operation-owned: the operations-layer\n * projection writer composes the SK string via the\n * `buildMembershipWorkspaceProjectionSk` helper and supplies it on the\n * `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar lives in one\n * place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'MEMBERSHIP#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`tenantId`, `workspaceId`,\n * `userId`, `membershipId`) and TR-024 denormalized user display name\n * (`denormalizedUserName`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#2)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const MembershipWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"membershipWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildMembershipWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #2) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * User the membership links. Stored as a discriminating field so\n     * consumers can hydrate the canonical User row via\n     * `UserEntity.get({ id: userId, sk: \"CURRENT\" })` when the\n     * projection's `summary` is insufficient.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Membership canonical-record id. Stored as a discriminating field\n     * so consumers can hydrate the canonical row via\n     * `MembershipEntity.get({ tenantId, id: membershipId })` when the\n     * projection's `summary` is insufficient.\n     */\n    membershipId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical Membership row\n     * so workspace-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Membership row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Membership row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized User display name — required to compose the\n     * pattern-#2 SK (`MEMBERSHIP#<normalizedUserName>#…`). Optional on\n     * the schema because pre-TR-024 rows may not carry a display name;\n     * the operations layer falls back to a sentinel when missing so\n     * the SK still has a valid shape. The TR-023 rename-cascade\n     * pipeline rewrites the SK on a User rename.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. Pattern #2 uses this index — the SK\n     * encodes the entity-type prefix (`MEMBERSHIP#…`) so a\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'MEMBERSHIP#')`\n     * returns every member projection for the workspace in normalized-\n     * user-name sort order.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Role data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. Role is a\n * platform-wide role catalog (e.g. tenant-admin, tenant-user, system-admin); not scoped by tenant.\n * RoleAssignment references Role to assign a role to a User in a Tenant/Workspace context.\n *\n * Key structure: PK = ROLE#ID#<id>, SK = CURRENT.\n * The ROLE# prefix prevents key collisions with other non-tenant-isolated entities (User, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one Role per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Roles across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleEntity = new Entity({\n  model: {\n    entity: \"role\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; role id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Role resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = ROLE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"ROLE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Roles across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#Role#SHARD#<n>`.\n     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when\n     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: \"none\"` preserves the\n     * normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Role#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport {\n  gsi1ShardAttribute,\n  roleAssignmentGsi1skAttribute,\n} from \"./control-entity-common\";\n\n/**\n * RoleAssignment data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. RoleAssignment assigns\n * a Role to a User in a Tenant (and optionally Workspace) context.\n *\n * Key structure: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT.\n * Uniqueness: one RoleAssignment per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all RoleAssignments in a tenant across the four\n * shards. Tenant-scoped only (workspace context lives inside the resource), so the GSI1 PK uses\n * `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleAssignmentEntity = new Entity({\n  model: {\n    entity: \"roleassignment\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the role assignment applies (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; role assignment id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full RoleAssignment resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /**\n     * Derived GSI1 sort key — discriminator-first\n     * `<roleId>#<normalizedUserName>#<id>` per ADR-018 pattern #8 so a\n     * GSI1 query partitioned on the tenant can `begins_with('<roleId>#')`\n     * to enumerate every user assigned to a given role, sorted by user\n     * name. Falls back to `<lastUpdated>#<id>` when either component is\n     * missing.\n     */\n    gsi1sk: roleAssignmentGsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Tenant, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list user-projection SK (pattern #5 —\n     * `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#<roleId>#TID#<tenantId>#<id>`)\n     * can be composed from a top-level field instead of digging into the\n     * `resource` JSON. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Tenant.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked User, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list canonical-record GSI1SK (pattern #8 —\n     * `<roleId>#<normalizedUserName>#<id>`) and workspace-projection SK\n     * (pattern #9) can be composed from a top-level field. Optional on\n     * the schema so pre-TR-024 rows do not break; the operations-layer\n     * multi-write helper (#1010) makes the field load-bearing at write\n     * time per TR-024 rule 2 (write-time source = canonical\n     * User.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Role, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list user-projection SK (pattern #5 —\n     * `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#…`) can be composed from\n     * a top-level field. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Role.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#ROLEASSIGNMENT#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all RoleAssignments for a tenant across the\n     * four shards. Tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is derived via `roleAssignmentGsi1skAttribute` — composes the\n     * discriminator-first `<roleId>#<normalizedUserName>#<id>` shape per\n     * ADR-018 pattern #8 (users with a specific role in a tenant, sorted\n     * by user name); falls back to `<lastUpdated>#<id>` when either\n     * component is missing. `casing: \"none\"` preserves the normalized\n     * label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#RoleAssignment#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * RoleAssignment user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every RoleAssignment write\n * the operations-layer multi-write helper writes one projection row\n * under the user partition so the user-rooted access pattern #5 is\n * served by a single base-table `Query` with no GSI hop. The SK encodes\n * a tenant-vs-workspace discriminator sub-prefix so both sub-lanes share\n * the user partition:\n *\n * | Sub-lane | When | PK | SK |\n * |---|---|---|---|\n * | tenant-level | `workspaceId` absent | `USER#ID#<userId>` | `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#<roleId>#TID#<tenantId>#<id>` |\n * | workspace-level | `workspaceId` set | `USER#ID#<userId>` | `ROLEASSIGNMENT#WORKSPACE#<normalizedRoleName>#<roleId>#TID#<tenantId>#WID#<workspaceId>#<id>` |\n *\n * The SK shape is operation-owned: the operations-layer projection\n * writer composes the SK string via the\n * `buildRoleAssignmentUserProjectionSk*` helpers and supplies it on the\n * `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar (and any future\n * revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'ROLEASSIGNMENT#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`tenantId`, `roleId`,\n * `roleAssignmentId`, `userId`, `workspaceId?`) and TR-024 denormalized\n * display names (`denormalizedTenantName`, `denormalizedUserName`,\n * `denormalizedRoleName`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#5)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const RoleAssignmentUserProjectionEntity = new Entity({\n  model: {\n    entity: \"roleAssignmentUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildRoleAssignmentUserProjectionSk*` helpers. The\n     * entity stores the value verbatim so the SK grammar (tenant-lane\n     * vs workspace-lane) is owned by the operations layer, not\n     * duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Tenant in which the role assignment applies. Always required. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace the role assignment scopes to. Present iff the\n     * projection row is the workspace-level sub-lane; absent for\n     * tenant-level sub-lane rows.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Role the assignment grants. Stored as a discriminating field so\n     * `Query(PK = USER#ID#<userId>, SK begins_with 'ROLEASSIGNMENT#…')`\n     * results carry the role id without a hop to the canonical row.\n     */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * RoleAssignment canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via\n     * `RoleAssignmentEntity.get({ tenantId, id: roleAssignmentId })`\n     * when the projection's `summary` is insufficient.\n     */\n    roleAssignmentId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical RoleAssignment\n     * row so user-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical RoleAssignment row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical RoleAssignment row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized Tenant display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Optional on the schema because pre-TR-024 rows may not carry a\n     * display name; the operations layer falls back gracefully when\n     * missing.\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized User display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the user's\n     * display name without a hop to the User record.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Role display name — required to compose the SK's\n     * `<normalizedRoleName>` segment. Optional on the schema (pre-TR-024\n     * rows fall back to a sentinel) but expected to be present at write\n     * time per TR-024 rule 2 (write-time source =\n     * canonical Role.displayName).\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied. Both\n     * sub-lanes (tenant-level and workspace-level) use this same index —\n     * the SK string encodes the lane discriminator\n     * (`ROLEASSIGNMENT#TENANT#…` vs `ROLEASSIGNMENT#WORKSPACE#…`) so a\n     * single `Query(PK = USER#ID#<userId>, SK begins_with\n     * 'ROLEASSIGNMENT#')` returns both lanes interleaved.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * RoleAssignment workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every workspace-scoped\n * RoleAssignment the operations-layer multi-write helper writes one\n * projection row under the workspace partition so the workspace-rooted\n * access pattern #9 is served by a single base-table `Query` with no\n * GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #9 — users with a specific role in a workspace | `workspaceId` set | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `ROLEASSIGNMENT#<roleId>#<normalizedUserName>#USER#<userId>#<id>` |\n *\n * The SK is **discriminator-first** on the raw `<roleId>` (mirroring the\n * canonical GSI1SK from pattern #8): role id discriminates first so a\n * `begins_with('ROLEASSIGNMENT#<roleId>#')` filter returns every user\n * assigned to that role in the workspace, sorted alphabetically by\n * normalized user name. Omitting the `<roleId>#` segment\n * (`begins_with('ROLEASSIGNMENT#')`) returns every role assignment in\n * the workspace interleaved.\n *\n * The PK co-locates with the canonical Workspace record (`SK = CURRENT`)\n * and the Membership workspace-projection rows (pattern #2) so a single\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>)` returns\n * workspace metadata + every member projection + every role-assignment\n * projection in one round trip — the admin workspace-dashboard read shape.\n *\n * The SK shape is operation-owned: the operations-layer projection\n * writer composes the SK string via the\n * `buildRoleAssignmentWorkspaceProjectionSk` helper and supplies it on\n * the `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar lives in one\n * place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'ROLEASSIGNMENT#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`tenantId`, `workspaceId`,\n * `roleId`, `roleAssignmentId`, `userId`) and TR-024 denormalized\n * display names (`denormalizedUserName`, `denormalizedRoleName`).\n *\n * **Rename-cascade interaction (TR-023, Phase 6).** The SK uses the\n * raw `<roleId>` (rename-stable) for the discriminator and\n * `<normalizedUserName>` for the secondary sort. A Role rename does NOT\n * rewrite this SK; a User rename DOES (cascaded by the rename pipeline).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#9)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const RoleAssignmentWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"roleAssignmentWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildRoleAssignmentWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #9) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * User the role assignment grants the role to. Stored as a\n     * discriminating field so consumers can hydrate the canonical User\n     * row via `UserEntity.get({ id: userId, sk: \"CURRENT\" })` when the\n     * projection's `summary` is insufficient.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Role the assignment grants. Stored as a discriminating field —\n     * also rendered into the SK as the discriminator-first segment so\n     * `begins_with('ROLEASSIGNMENT#<roleId>#')` filters one role.\n     */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * RoleAssignment canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via\n     * `RoleAssignmentEntity.get({ tenantId, id: roleAssignmentId })`\n     * when the projection's `summary` is insufficient.\n     */\n    roleAssignmentId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical RoleAssignment\n     * row so workspace-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical RoleAssignment row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical RoleAssignment row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized User display name — required to compose the\n     * pattern-#9 SK (`ROLEASSIGNMENT#<roleId>#<normalizedUserName>#…`).\n     * Optional on the schema because pre-TR-024 rows may not carry a\n     * display name; the operations layer falls back to a sentinel when\n     * missing so the SK still has a valid shape. The TR-023 rename-\n     * cascade pipeline rewrites the SK on a User rename.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Role display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the role's\n     * display name without a hop to the Role record. Not part of the\n     * SK (pattern #9 sorts on `<normalizedUserName>`, not role name) —\n     * a Role rename does NOT rewrite this SK.\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. Pattern #9 uses this index — the SK\n     * encodes the entity-type prefix and discriminator-first roleId\n     * (`ROLEASSIGNMENT#<roleId>#…`) so\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'ROLEASSIGNMENT#<roleId>#')`\n     * returns every user-assignment for that role in the workspace, sorted\n     * by normalized user name.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Tenant data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Tenant IS the top scope;\n * the workspace dimension is not applicable and uses the sentinel `TENANT`. The tenant's own `id`\n * is stored as `tenantId` to drive the partition key.\n *\n * Key structure: PK = TENANT#ID#<tenantId>, SK = CURRENT.\n * Uniqueness: one Tenant per tenantId (id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Tenants across the four shards. Tenant has\n * no parent tenant or workspace, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const TenantEntity = new Entity({\n  model: {\n    entity: \"tenant\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** The tenant's own id (= resource id). Drives the partition key. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. Equals tenantId. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Tenant resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TENANT#ID#<tenantId>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\"],\n        template: \"TENANT#ID#${tenantId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Tenants across the four shards.\n     * Tenant lives at the platform tier (no parent tenant or workspace), so `TID#-#WID#-`\n     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is derived via `gsi1skAttribute` —\n     * `<normalizedName>#<id>` when the resource carries a `name`, else `<lastUpdated>#<id>`\n     * (DR-004). `casing: \"none\"` preserves the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Tenant#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * User data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. User is a\n * platform-wide identity; association with tenants and workspaces is through Membership and\n * RoleAssignment, not the User entity's own key.\n *\n * Key structure: PK = USER#ID#<id>, SK = CURRENT.\n * The USER# prefix prevents key collisions with other non-tenant-isolated entities (Role, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one User per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Users across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n * GSI2 — Cognito sub-lookup per ADR-011: resolves a UserEntity from a Cognito `sub` claim\n * (`USER#SUB#<cognitoSub>` PK, `CURRENT` SK). The `cognitoSub` attribute is populated by the\n * Post Confirmation Lambda (Epic #765 / #770); kept optional here until that write path lands.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-11-01-user-type-definition-fhir-and-data-layer.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const UserEntity = new Entity({\n  model: {\n    entity: \"user\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; platform user id (ohi_uid). */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full User resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Immutable Cognito-issued `sub` claim. Drives GSI2 (sub-lookup). Optional until the\n     * Post Confirmation Lambda (#770) lands; required thereafter.\n     */\n    cognitoSub: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    /**\n     * TR-022 / ADR-018 lifecycle state for the cascade pipeline.\n     *\n     * - `active` (or undefined) — normal, readable state.\n     * - `deleting` — intermediate state set synchronously by the\n     *   hard-delete API entry point. The owning-delete cascade state\n     *   machine fans out from this transition (DynamoDB stream →\n     *   `control-plane.owning-delete.v1` → Step Functions). Readers MUST\n     *   short-circuit on `deleting` so partial cascades stay invisible.\n     * - `deleted-failed` — terminal failure state set by the cascade\n     *   finalize Lambda when the cascade run fails irrecoverably.\n     *   Operators recover by re-running the cascade or by direct\n     *   intervention.\n     *\n     * The cascade finalize step deletes the canonical record conditional\n     * on `lifecycleState = \"deleting\"`; on replay the conditional check\n     * fails and the finalize step treats that as a no-op success.\n     */\n    lifecycleState: {\n      type: [\"active\", \"deleting\", \"deleted-failed\"] as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = USER#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"USER#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Users across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#User#SHARD#<n>`.\n     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when\n     * extractable (string `name`/`title` via introspection), else `<lastUpdated>#<id>`\n     * (DR-004). `casing: \"none\"` preserves the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#User#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n\n    /**\n     * GSI2 — Cognito sub-lookup per ADR-011: resolves the UserEntity from a Cognito `sub` claim.\n     * `condition` skips the index when `cognitoSub` is missing so legacy items without a sub are\n     * not indexed.\n     */\n    gsi2: {\n      index: \"GSI2\",\n      condition: (attrs: { cognitoSub?: string }) =>\n        typeof attrs.cognitoSub === \"string\" && attrs.cognitoSub.length > 0,\n      pk: {\n        field: \"GSI2PK\",\n        casing: \"none\" as const,\n        composite: [\"cognitoSub\"],\n        template: \"USER#SUB#${cognitoSub}\",\n      },\n      sk: {\n        field: \"GSI2SK\",\n        casing: \"none\" as const,\n        composite: [],\n        template: \"CURRENT\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Workspace data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Each workspace belongs\n * to exactly one tenant; both tenantId and workspace id are in the partition key.\n *\n * Key structure: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT.\n * Uniqueness: one Workspace per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Workspaces in a tenant across the four\n * shards. Workspace is itself the workspace identity, so the GSI1 PK uses `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const WorkspaceEntity = new Entity({\n  model: {\n    entity: \"workspace\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant that contains this workspace (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Workspace resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    /**\n     * TR-022 / ADR-018 lifecycle state for the cascade pipeline.\n     *\n     * - `active` (or undefined) — normal, readable state.\n     * - `deleting` — intermediate state set synchronously by the\n     *   hard-delete API entry point. The owning-delete cascade state\n     *   machine fans out from this transition (DynamoDB stream →\n     *   `control-plane.owning-delete.v1` → Step Functions). Readers MUST\n     *   short-circuit on `deleting` so partial cascades stay invisible.\n     * - `deleted-failed` — terminal failure state set by the cascade\n     *   finalize Lambda when the cascade run fails irrecoverably.\n     *   Operators recover by re-running the cascade or by direct\n     *   intervention.\n     *\n     * The cascade finalize step deletes the canonical record conditional\n     * on `lifecycleState = \"deleting\"`; on replay the conditional check\n     * fails and the finalize step treats that as a no-op success.\n     */\n    lifecycleState: {\n      type: [\"active\", \"deleting\", \"deleted-failed\"] as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Workspaces for a tenant across the\n     * four shards. Workspace is itself the workspace identity, so `WID#-` is a sentinel.\n     * SK is derived via `gsi1skAttribute` — `<normalizedName>#<id>` when the resource\n     * carries a `name`, else `<lastUpdated>#<id>` (DR-004). `casing: \"none\"` preserves\n     * the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Workspace#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n"],"mappings":";;;;;;AAAA,SAAS,eAAe;;;ACAxB,SAAS,cAAc;;;ACAvB,SAAS,cAAc,sBAAsB;;;ACYtC,IAAM,cAAc;AAYpB,SAAS,aAAa,IAAoB;AAE/C,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,GAAG,QAAQ,KAAK;AAClC,YAAQ,GAAG,WAAW,CAAC;AACvB,WAAO,KAAK,KAAK,MAAM,QAAU;AAAA,EACnC;AACA,UAAQ,SAAS,KAAK;AAExB;;;ADhBO,IAAM,qBAAqB;AAAA,EAChC,MAAM;AAAA,EACN,OAAO,CAAC,IAAI;AAAA,EACZ,KAAK,CAAC,MAAe,SAA2B;AAC9C,QAAI,OAAO,MAAM,OAAO,YAAY,KAAK,GAAG,WAAW,GAAG;AACxD,aAAO;AAAA,IACT;AACA,WAAO,OAAO,aAAa,KAAK,EAAE,CAAC;AAAA,EACrC;AACF;AAsBO,IAAM,kBAAkB;AAAA,EAC7B,MAAM;AAAA,EACN,OAAO,CAAC,YAAY,eAAe,IAAI;AAAA,EACvC,KAAK,CACH,MACA,SACG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,QAAI,OAAO,MAAM,aAAa,YAAY,KAAK,SAAS,WAAW,GAAG;AACpE,aAAO;AAAA,IACT;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,KAAK,QAAQ;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AACA,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,UAAM,eAAgB,OAAsC;AAC5D,QAAI,OAAO,iBAAiB,SAAU,QAAO;AAE7C,UAAM,QAAQ,aAAa,MAA4C;AACvE,WAAO,UAAU,SAAY,GAAG,KAAK,IAAI,EAAE,KAAK;AAAA,EAClD;AACF;AASA,SAAS,cAAc,UAAuD;AAC5E,QAAM,OAAO,SAAS;AACtB,MAAI,OAAO,SAAS,YAAY,KAAK,SAAS,EAAG,QAAO;AAExD,QAAM,OAAO,SAAS;AACtB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,YAAa,KAAiC;AACpD,QAAI,OAAO,cAAc,YAAY,UAAU,SAAS,GAAG;AACzD,YAAM,QAAQ,UAAU,YAAY,GAAG;AACvC,YAAM,OAAO,SAAS,IAAI,UAAU,MAAM,QAAQ,CAAC,IAAI;AACvD,UAAI,KAAK,SAAS,EAAG,QAAO;AAAA,IAC9B;AAAA,EACF;AACA,SAAO;AACT;AA6BO,IAAM,gCAAgC;AAAA,EAC3C,MAAM;AAAA,EACN,OAAO,CAAC,YAAY,wBAAwB,eAAe,IAAI;AAAA,EAC/D,KAAK,CACH,MACA,SAMG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,QAAI,OAAO,MAAM,aAAa,YAAY,KAAK,SAAS,WAAW,GAAG;AACpE,aAAO;AAAA,IACT;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,KAAK,QAAQ;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AACA,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAElD,UAAM,SAAS,cAAc,MAAiC;AAC9D,QAAI,WAAW,OAAW,QAAO;AAEjC,UAAM,uBACJ,OAAO,KAAK,yBAAyB,WACjC,KAAK,uBACL;AACN,UAAM,qBACJ,qBAAqB,SAAS,IAC1B,eAAe,oBAAoB,IACnC;AACN,QAAI,mBAAmB,WAAW,EAAG,QAAO;AAE5C,WAAO,GAAG,MAAM,IAAI,kBAAkB,IAAI,EAAE;AAAA,EAC9C;AACF;AAwBO,IAAM,4BAA4B;AAAA,EACvC,MAAM;AAAA,EACN,OAAO,CAAC,wBAAwB,eAAe,IAAI;AAAA,EACnD,KAAK,CACH,MACA,SAKG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,UAAM,uBACJ,OAAO,MAAM,yBAAyB,WAClC,KAAK,uBACL;AACN,UAAM,qBACJ,qBAAqB,SAAS,IAC1B,eAAe,oBAAoB,IACnC;AACN,QAAI,mBAAmB,WAAW,GAAG;AACnC,aAAO;AAAA,IACT;AAEA,WAAO,GAAG,kBAAkB,IAAI,EAAE;AAAA,EACpC;AACF;;;AD5MO,IAAM,sBAAsB,IAAI,OAAO;AAAA,EAC5C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,UAAU,QAAQ;AAAA,QACzD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,OAAO,IAAI;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,WAAW;AAAA,QAClD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,OAAO,IAAI;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AGpJD,SAAS,UAAAA,eAAc;AA8ChB,IAAM,oCAAoC,IAAIA,QAAO;AAAA,EAC1D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,iBAAiB;AAAA,MACf,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC5JD,SAAS,UAAAC,eAAc;AAsDhB,IAAM,yCAAyC,IAAIA,QAAO;AAAA,EAC/D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,iBAAiB;AAAA,MACf,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACtKD,SAAS,UAAAC,eAAc;AAuBhB,IAAM,mBAAmB,IAAIC,QAAO;AAAA,EACzC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,uBAAuB;AAAA,MACrB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACzKD,SAAS,UAAAC,eAAc;AAuChB,IAAM,iCAAiC,IAAIA,QAAO;AAAA,EACvD,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,2BAA2B;AAAA,MACzB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AClKD,SAAS,UAAAC,eAAc;AA0ChB,IAAM,sCAAsC,IAAIA,QAAO;AAAA,EAC5D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACzJD,SAAS,UAAAC,eAAc;AAsBhB,IAAM,aAAa,IAAIC,QAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACnHD,SAAS,UAAAC,eAAc;AAuBhB,IAAM,uBAAuB,IAAIC,QAAO;AAAA,EAC7C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AClLD,SAAS,UAAAC,eAAc;AAyChB,IAAM,qCAAqC,IAAIA,QAAO;AAAA,EAC3D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,kBAAkB;AAAA,MAChB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AChLD,SAAS,UAAAC,gBAAc;AA0DhB,IAAM,0CAA0C,IAAIA,SAAO;AAAA,EAChE,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,kBAAkB;AAAA,MAChB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC/LD,SAAS,UAAAC,gBAAc;AAoBhB,IAAM,eAAe,IAAIC,SAAO;AAAA,EACrC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,UAAU;AAAA,QACtB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACtHD,SAAS,UAAAC,gBAAc;AAyBhB,IAAM,aAAa,IAAIC,SAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAmBA,gBAAgB;AAAA,MACd,MAAM,CAAC,UAAU,YAAY,gBAAgB;AAAA,MAC7C,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,WAAW,CAAC,UACV,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,SAAS;AAAA,MACpE,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,YAAY;AAAA,QACxB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC;AAAA,QACZ,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC3KD,SAAS,UAAAC,gBAAc;AAmBhB,IAAM,kBAAkB,IAAIC,SAAO;AAAA,EACxC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAmBA,gBAAgB;AAAA,MACd,MAAM,CAAC,UAAU,YAAY,gBAAgB;AAAA,MAC7C,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AfpHD,IAAM,uBAAuB;AAAA,EAC3B,eAAe;AAAA,EACf,6BAA6B;AAAA,EAC7B,kCAAkC;AAAA,EAClC,YAAY;AAAA,EACZ,0BAA0B;AAAA,EAC1B,+BAA+B;AAAA,EAC/B,MAAM;AAAA,EACN,gBAAgB;AAAA,EAChB,8BAA8B;AAAA,EAC9B,mCAAmC;AAAA,EACnC,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,WAAW;AACb;AAEA,IAAM,sBAAsB,IAAI,QAAQ,sBAAsB;AAAA,EAC5D,OAAO;AAAA,EACP,QAAQ;AACV,CAAC;AAWM,IAAM,uBAAuB;AAAA,EAClC,UAAU,oBAAoB;AAAA,EAC9B,aAAa,oBAAoB;AACnC;AAQO,SAAS,wBACd,WAC0B;AAC1B,QAAM,WAAW,aAAa;AAC9B,QAAM,UAAU,IAAI,QAAQ,sBAAsB;AAAA,IAChD,OAAO;AAAA,IACP,QAAQ;AAAA,EACV,CAAC;AACD,SAAO;AAAA,IACL,UAAU,QAAQ;AAAA,IAClB,aAAa,QAAQ;AAAA,EACvB;AACF;","names":["Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity","Entity"]}

package/lib/chunk-7RZHFI77.mjs

@@ -0,0 +1,22 @@
+import {
+  require_lib
+} from "./chunk-ZM4GDHHC.mjs";
+import {
+  __toESM
+} from "./chunk-LZOMFHX3.mjs";
+
+// src/workflows/control-plane/owning-delete-cascade/events.ts
+var import_workflows = __toESM(require_lib());
+var OWNING_DELETE_CASCADE_CONSUMER_NAME = "owning-delete-cascade";
+var OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY = 8;
+var OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES = 15;
+var OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR = "OWNING_DELETE_OPS_EVENT_BUS_NAME";
+
+export {
+  OWNING_DELETE_CASCADE_CONSUMER_NAME,
+  OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY,
+  OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES,
+  OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR,
+  import_workflows
+};
+//# sourceMappingURL=chunk-7RZHFI77.mjs.map

package/lib/chunk-7RZHFI77.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/owning-delete-cascade/events.ts"],"sourcesContent":["/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/owning-delete-cascade/events.md\n *\n * Shared event-shape constants for the TR-022 owning-entity hard-delete\n * cascade. The cascade's input detail-type (on the data event bus) and\n * its two terminal detail-types (on the ops event bus) are owned by\n * `@openhi/workflows`; this module re-imports them so the workflow\n * construct can wire the EventBridge rule and the terminal publisher\n * from a single place.\n */\n\nexport {\n  ControlPlaneOwningDeleteCompleteV1,\n  ControlPlaneOwningDeleteFailedV1,\n  ControlPlaneOwningDeleteV1,\n  OPENHI_DATA_SOURCE,\n  OPENHI_OPS_SOURCE,\n  OWNING_ENTITY_TYPE,\n} from \"@openhi/workflows\";\nexport type {\n  ControlPlaneOwningDeleteCompleteV1Detail,\n  ControlPlaneOwningDeleteFailedV1Detail,\n  ControlPlaneOwningDeleteV1Detail,\n  OwningEntityType,\n} from \"@openhi/workflows\";\n\n/**\n * Stable logical name registered with the shared `WorkflowDedupTable`\n * (TR-015). The state machine's `DedupCheck` state writes a row keyed\n * by `(consumerName, eventId, attempt)` to absorb EventBridge retries.\n */\nexport const OWNING_DELETE_CASCADE_CONSUMER_NAME =\n  \"owning-delete-cascade\" as const;\n\n/**\n * Map-state max concurrency. Per the ADR-018 implementation guide\n * section 4: inline Map (NOT Distributed Map — that lives on TR-023's\n * rename cascade), tunable via the construct's `cascadeMapConcurrency`\n * prop. Operators may scale this down on first rollout.\n */\nexport const OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY = 8 as const;\n\n/**\n * Stuck-cascade alarm threshold. Per the implementation guide section\n * 4 \"Observability\" — operator-tunable via\n * `stuckCascadeThresholdMinutes` on the construct prop.\n */\nexport const OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES = 15 as const;\n\n/**\n * Inputs each cascade Map iteration receives. The state machine\n * builds one of these per chunk and passes them in via `ItemsPath`.\n * The handler then issues a single `TransactWriteItems` for the\n * entire chunk.\n */\nexport interface CascadeChunkInput {\n  /** Owner identity carried through every step for observability. */\n  readonly ownerType: \"Workspace\" | \"User\";\n  readonly ownerId: string;\n  readonly tenantId?: string;\n  /** Rows to delete in this chunk. Length must be 1..100. */\n  readonly rows: ReadonlyArray<{\n    readonly entity: string;\n    readonly key: Record<string, string>;\n  }>;\n  /**\n   * Idempotency token uniquely identifying this chunk within the\n   * cascade execution. Forwarded to `executeMultiWrite` so replayed\n   * chunks land idempotently (per AWS SDK `ClientRequestToken`).\n   */\n  readonly chunkToken: string;\n}\n\n/** Inputs the cascade list-and-chunk step receives. */\nexport interface CascadeListInput {\n  readonly ownerType: \"Workspace\" | \"User\";\n  readonly ownerId: string;\n  readonly tenantId?: string;\n  /** Per-entity cursor map from the previous page (start of run is `{}`). */\n  readonly cursors?: Record<string, string | null>;\n  /**\n   * Cumulative `projectionsRemoved` count carried forward across\n   * pages — emitted on the terminal `complete` event.\n   */\n  readonly projectionsRemoved?: number;\n  /** Cumulative `chunkCount` carried forward across pages. */\n  readonly chunkCount?: number;\n}\n\n/** Outputs the cascade list-and-chunk step emits to feed the Map state. */\nexport interface CascadeListOutput {\n  readonly ownerType: \"Workspace\" | \"User\";\n  readonly ownerId: string;\n  readonly tenantId?: string;\n  readonly cursors: Record<string, string | null>;\n  readonly chunks: ReadonlyArray<CascadeChunkInput>;\n  readonly exhausted: boolean;\n  readonly projectionsRemoved: number;\n  readonly chunkCount: number;\n}\n\n/** Inputs the cascade finalize step receives. */\nexport interface CascadeFinalizeInput {\n  readonly ownerType: \"Workspace\" | \"User\";\n  readonly ownerId: string;\n  readonly tenantId?: string;\n  readonly projectionsRemoved: number;\n  readonly chunkCount: number;\n  readonly startedAt: string;\n  /** Optional eventId / correlation carried through the run for ADR-016 envelope. */\n  readonly eventId?: string;\n  readonly correlationId?: string;\n  readonly causationId?: string;\n}\n\n/** Outputs the cascade finalize step emits (used by tests and telemetry). */\nexport interface CascadeFinalizeOutput {\n  readonly ownerType: \"Workspace\" | \"User\";\n  readonly ownerId: string;\n  readonly tenantId?: string;\n  readonly projectionsRemoved: number;\n  readonly chunkCount: number;\n  readonly durationMs: number;\n  readonly completedAt: string;\n  readonly canonicalDeleted: boolean;\n}\n\n/** Env var the construct uses to inject the ops event bus name into the finalize Lambda. */\nexport const OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR =\n  \"OWNING_DELETE_OPS_EVENT_BUS_NAME\" as const;\n"],"mappings":";;;;;;;;AAWA,uBAOO;AAaA,IAAM,sCACX;AAQK,IAAM,4CAA4C;AAOlD,IAAM,gDAAgD;AAiFtD,IAAM,sCACX;","names":[]}

package/lib/{chunk-7Q2IJ2J5.mjs → chunk-CUUKXDB2.mjs}

@@ -1,21 +1,21 @@
 import {
   getRoleByIdOperation
-} from "./chunk-7FUAMZOF.mjs";
+} from "./chunk-53OHXLIL.mjs";
 import {
   require_lib
-} from "./chunk-SYBADQXI.mjs";
+} from "./chunk-ZM4GDHHC.mjs";
 import {
   createMembershipOperation,
   createRoleAssignmentOperation,
   createTenantOperation,
   createWorkspaceOperation
-} from "./chunk-MULKGFIJ.mjs";
+} from "./chunk-GBDIGTNV.mjs";
 import {
   NotFoundError
-} from "./chunk-IS4VQRI4.mjs";
+} from "./chunk-FYHBHHWK.mjs";
 import {
   getDynamoControlService
-} from "./chunk-QR5JVSCF.mjs";
+} from "./chunk-6NBGYGFL.mjs";
 import {
   __toESM
 } from "./chunk-LZOMFHX3.mjs";
@@ -526,4 +526,4 @@ export {
   productionCognitoProvisioner,
   handler
 };
-//# sourceMappingURL=chunk-7Q2IJ2J5.mjs.map
+//# sourceMappingURL=chunk-CUUKXDB2.mjs.map

package/lib/chunk-FYHBHHWK.mjs

@@ -0,0 +1,47 @@
+// src/data/errors/domain-errors.ts
+var DomainError = class extends Error {
+  constructor(message, code, options) {
+    super(message, options);
+    this.name = this.constructor.name;
+    this.code = code;
+    this.details = options?.details;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var NotFoundError = class extends DomainError {
+  constructor(message, options) {
+    super(message, "NOT_FOUND", options);
+  }
+};
+var ValidationError = class extends DomainError {
+  constructor(message, options) {
+    super(message, "VALIDATION", options);
+  }
+};
+var ConflictError = class extends DomainError {
+  constructor(message, options) {
+    super(message, "CONFLICT", options);
+  }
+};
+var ForbiddenError = class extends DomainError {
+  constructor(message, options) {
+    super(message, "FORBIDDEN", options);
+  }
+};
+function domainErrorToHttpStatus(err) {
+  if (err instanceof NotFoundError) return 404;
+  if (err instanceof ValidationError) return 400;
+  if (err instanceof ConflictError) return 409;
+  if (err instanceof ForbiddenError) return 403;
+  return null;
+}
+
+export {
+  DomainError,
+  NotFoundError,
+  ValidationError,
+  ConflictError,
+  ForbiddenError,
+  domainErrorToHttpStatus
+};
+//# sourceMappingURL=chunk-FYHBHHWK.mjs.map

package/lib/chunk-FYHBHHWK.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/data/errors/domain-errors.ts"],"sourcesContent":["/**\n * Typed domain errors for the data operations layer.\n * Data operations throw these; adapters (REST, GraphQL, Step Function) map them to\n * HTTP status, GraphQL errors, or workflow envelopes. No HTTP or OperationOutcome here.\n *\n * Full documentation (error types, HTTP mapping, FHIR OperationOutcome.issue.code alignment):\n * @see sites/www-docs/content/packages/@openhi/constructs/data/errors.md\n */\n\n/**\n * Base class for domain errors thrown by data operations.\n * Adapters use instanceof checks or domainErrorToHttpStatus() to map to transport.\n */\nexport class DomainError extends Error {\n  /** Stable code for adapter mapping (e.g. \"NOT_FOUND\", \"VALIDATION\", \"CONFLICT\"). */\n  readonly code: string;\n\n  /** Optional details for validation messages or conflict context. */\n  readonly details?: unknown;\n\n  constructor(\n    message: string,\n    code: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, options);\n    this.name = this.constructor.name;\n    this.code = code;\n    this.details = options?.details;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/** Thrown when a requested resource or entity is not found (e.g. get by id returns nothing). */\nexport class NotFoundError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"NOT_FOUND\", options);\n  }\n}\n\n/** Thrown when input fails validation (e.g. missing required field, invalid format). */\nexport class ValidationError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"VALIDATION\", options);\n  }\n}\n\n/** Thrown when an operation conflicts with current state (e.g. duplicate key, version conflict). */\nexport class ConflictError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"CONFLICT\", options);\n  }\n}\n\n/** Thrown when the caller is authenticated but not authorized for the requested action. */\nexport class ForbiddenError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"FORBIDDEN\", options);\n  }\n}\n\n/**\n * Maps a thrown value to the HTTP status code that adapters should use for that domain error.\n * Returns null if the value is not a known domain error (adapter may use 500 or handle otherwise).\n * REST adapters use this to choose status; response body/OperationOutcome remain adapter responsibility.\n */\nexport function domainErrorToHttpStatus(err: unknown): number | null {\n  if (err instanceof NotFoundError) return 404;\n  if (err instanceof ValidationError) return 400;\n  if (err instanceof ConflictError) return 409;\n  if (err instanceof ForbiddenError) return 403;\n  return null;\n}\n"],"mappings":";AAaO,IAAM,cAAN,cAA0B,MAAM;AAAA,EAOrC,YACE,SACA,MACA,SACA;AACA,UAAM,SAAS,OAAO;AACtB,SAAK,OAAO,KAAK,YAAY;AAC7B,SAAK,OAAO;AACZ,SAAK,UAAU,SAAS;AACxB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAGO,IAAM,gBAAN,cAA4B,YAAY;AAAA,EAC7C,YACE,SACA,SACA;AACA,UAAM,SAAS,aAAa,OAAO;AAAA,EACrC;AACF;AAGO,IAAM,kBAAN,cAA8B,YAAY;AAAA,EAC/C,YACE,SACA,SACA;AACA,UAAM,SAAS,cAAc,OAAO;AAAA,EACtC;AACF;AAGO,IAAM,gBAAN,cAA4B,YAAY;AAAA,EAC7C,YACE,SACA,SACA;AACA,UAAM,SAAS,YAAY,OAAO;AAAA,EACpC;AACF;AAGO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,YACE,SACA,SACA;AACA,UAAM,SAAS,aAAa,OAAO;AAAA,EACrC;AACF;AAOO,SAAS,wBAAwB,KAA6B;AACnE,MAAI,eAAe,cAAe,QAAO;AACzC,MAAI,eAAe,gBAAiB,QAAO;AAC3C,MAAI,eAAe,cAAe,QAAO;AACzC,MAAI,eAAe,eAAgB,QAAO;AAC1C,SAAO;AACT;","names":[]}

package/lib/{chunk-MULKGFIJ.mjs → chunk-GBDIGTNV.mjs}

@@ -1,12 +1,25 @@
+import {
+  buildMembershipUserProjectionItem,
+  buildMembershipWorkspaceProjectionItem,
+  buildRoleAssignmentUserProjectionItem,
+  buildRoleAssignmentWorkspaceProjectionItem,
+  extractReferenceSlug,
+  extractReferenceSlug2
+} from "./chunk-HQ67J7BP.mjs";
+import {
+  executeMultiWrite
+} from "./chunk-QJDHVMKT.mjs";
 import {
   DATA_ENTITY_SK,
-  ValidationError,
   createDataEntityRecord,
   getDynamoDataService
-} from "./chunk-IS4VQRI4.mjs";
+} from "./chunk-QMBJ4VHC.mjs";
+import {
+  ValidationError
+} from "./chunk-FYHBHHWK.mjs";
 import {
   getDynamoControlService
-} from "./chunk-QR5JVSCF.mjs";
+} from "./chunk-6NBGYGFL.mjs";
 
 // src/data/operations/control/membership/membership-create-operation.ts
 import {
@@ -14,6 +27,22 @@ import {
   extractSummary,
   LinkedDataIdentityCardinalityError
 } from "@openhi/types";
+
+// src/data/operations/control/denormalized-display-names.ts
+function extractDenormalizedReferenceDisplay(resource, fieldName) {
+  const field = resource[fieldName];
+  if (!field || typeof field !== "object") {
+    return void 0;
+  }
+  const display = field.display;
+  if (typeof display !== "string") {
+    return void 0;
+  }
+  const trimmed = display.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+
+// src/data/operations/control/membership/membership-create-operation.ts
 async function createMembershipOperation(params) {
   const { context, body, tableName } = params;
   const service = getDynamoControlService(tableName);
@@ -34,16 +63,76 @@ async function createMembershipOperation(params) {
     }
     throw e;
   }
+  const resourceRecord = resource;
+  const denormalizedTenantName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "tenant"
+  );
+  const denormalizedUserName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "user"
+  );
+  const denormalizedWorkspaceName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "workspace"
+  );
   const summary = JSON.stringify(extractSummary(resource));
-  await service.entities.membership.put({
+  const userIdFromResource = extractReferenceSlug(resourceRecord, "user");
+  const workspaceIdFromResource = extractReferenceSlug(
+    resourceRecord,
+    "workspace"
+  );
+  const userProjectionItem = userIdFromResource !== void 0 ? buildMembershipUserProjectionItem({
+    tenantId: context.tenantId,
+    userId: userIdFromResource,
+    workspaceId: workspaceIdFromResource,
+    membershipId: id,
+    summary,
+    vid,
+    lastUpdated,
+    denormalizedTenantName,
+    denormalizedUserName,
+    denormalizedWorkspaceName
+  }) : void 0;
+  const workspaceProjectionItem = userIdFromResource !== void 0 && workspaceIdFromResource !== void 0 ? buildMembershipWorkspaceProjectionItem({
+    tenantId: context.tenantId,
+    workspaceId: workspaceIdFromResource,
+    userId: userIdFromResource,
+    membershipId: id,
+    summary,
+    vid,
+    lastUpdated,
+    denormalizedUserName
+  }) : void 0;
+  const canonicalItem = {
     tenantId: context.tenantId,
     id,
     resource: JSON.stringify(resource),
     summary,
     vid,
     lastUpdated,
-    linkedDataIdentityRef
-  }).go();
+    linkedDataIdentityRef,
+    denormalizedTenantName,
+    denormalizedUserName
+  };
+  const triples = [
+    { entity: "membership", action: "put", item: canonicalItem }
+  ];
+  if (userProjectionItem) {
+    triples.push({
+      entity: "membershipUserProjection",
+      action: "put",
+      item: userProjectionItem
+    });
+  }
+  if (workspaceProjectionItem) {
+    triples.push({
+      entity: "membershipWorkspaceProjection",
+      action: "put",
+      item: workspaceProjectionItem
+    });
+  }
+  await executeMultiWrite({ service, triples });
   return {
     id,
     resource,
@@ -61,15 +150,80 @@ async function createRoleAssignmentOperation(params) {
   const lastUpdated = context.date ?? (/* @__PURE__ */ new Date()).toISOString();
   const vid = `1`;
   const resource = { resourceType: "RoleAssignment", id, ...parsedResource };
+  const resourceRecord = resource;
+  const denormalizedTenantName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "tenant"
+  );
+  const denormalizedUserName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "user"
+  );
+  const denormalizedRoleName = extractDenormalizedReferenceDisplay(
+    resourceRecord,
+    "role"
+  );
   const summary = JSON.stringify(extractSummary2(resource));
-  await service.entities.roleAssignment.put({
+  const userIdFromResource = extractReferenceSlug2(resourceRecord, "user");
+  const roleIdFromResource = extractReferenceSlug2(resourceRecord, "role");
+  const workspaceIdFromResource = extractReferenceSlug2(
+    resourceRecord,
+    "workspace"
+  );
+  const userProjectionItem = userIdFromResource !== void 0 && roleIdFromResource !== void 0 ? buildRoleAssignmentUserProjectionItem({
+    tenantId: context.tenantId,
+    userId: userIdFromResource,
+    workspaceId: workspaceIdFromResource,
+    roleId: roleIdFromResource,
+    roleAssignmentId: id,
+    summary,
+    vid,
+    lastUpdated,
+    denormalizedTenantName,
+    denormalizedUserName,
+    denormalizedRoleName
+  }) : void 0;
+  const workspaceProjectionItem = userIdFromResource !== void 0 && roleIdFromResource !== void 0 && workspaceIdFromResource !== void 0 ? buildRoleAssignmentWorkspaceProjectionItem({
+    tenantId: context.tenantId,
+    workspaceId: workspaceIdFromResource,
+    userId: userIdFromResource,
+    roleId: roleIdFromResource,
+    roleAssignmentId: id,
+    summary,
+    vid,
+    lastUpdated,
+    denormalizedUserName,
+    denormalizedRoleName
+  }) : void 0;
+  const canonicalItem = {
     tenantId: context.tenantId,
     id,
     resource: JSON.stringify(resource),
     summary,
     vid,
-    lastUpdated
-  }).go();
+    lastUpdated,
+    denormalizedTenantName,
+    denormalizedUserName,
+    denormalizedRoleName
+  };
+  const triples = [
+    { entity: "roleAssignment", action: "put", item: canonicalItem }
+  ];
+  if (userProjectionItem) {
+    triples.push({
+      entity: "roleAssignmentUserProjection",
+      action: "put",
+      item: userProjectionItem
+    });
+  }
+  if (workspaceProjectionItem) {
+    triples.push({
+      entity: "roleAssignmentWorkspaceProjection",
+      action: "put",
+      item: workspaceProjectionItem
+    });
+  }
+  await executeMultiWrite({ service, triples });
   return {
     id,
     resource,
@@ -170,9 +324,10 @@ async function createWorkspaceOperation(params) {
 }
 
 export {
+  extractDenormalizedReferenceDisplay,
   createMembershipOperation,
   createRoleAssignmentOperation,
   createTenantOperation,
   createWorkspaceOperation
 };
-//# sourceMappingURL=chunk-MULKGFIJ.mjs.map
+//# sourceMappingURL=chunk-GBDIGTNV.mjs.map