@openhi/constructs 0.0.110 → 0.0.112

package/lib/rename-rewrite-chunk.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/rename-cascade/rename-rewrite-chunk.handler.ts","../src/data/dynamo/dynamo-control-service.ts","../src/data/dynamo/dynamo-client.ts","../src/data/dynamo/entities/control/configuration-entity.ts","../src/data/dynamo/entities/control/control-entity-common.ts","../src/data/dynamo/shard.ts","../src/data/dynamo/entities/control/configuration-user-projection-entity.ts","../src/data/dynamo/entities/control/configuration-workspace-projection-entity.ts","../src/data/dynamo/entities/control/membership-entity.ts","../src/data/dynamo/entities/control/membership-user-projection-entity.ts","../src/data/dynamo/entities/control/membership-workspace-projection-entity.ts","../src/data/dynamo/entities/control/role-entity.ts","../src/data/dynamo/entities/control/roleassignment-entity.ts","../src/data/dynamo/entities/control/roleassignment-user-projection-entity.ts","../src/data/dynamo/entities/control/roleassignment-workspace-projection-entity.ts","../src/data/dynamo/entities/control/tenant-entity.ts","../src/data/dynamo/entities/control/user-entity.ts","../src/data/dynamo/entities/control/workspace-entity.ts","../src/data/errors/domain-errors.ts","../src/data/operations/control/multi-write-operation.ts","../src/data/operations/control/rename-cascade/rename-cascade-rewrite-chunk-operation.ts"],"sourcesContent":["/**\n * Cascade Step Functions Distributed-Map iteration handler. Receives\n * one chunk of <=50 rewrite targets from the list-targets step and\n * issues a single `TransactWriteItems` via `executeMultiWrite` (#1010).\n *\n * Each target maps to either:\n *\n * - **SK rewrite** — `delete oldKey` + `put newItem` pair (2 transact\n *   items). Used when the SK encodes the renamed normalized name.\n * - **Attr-only update** — single `put newItem` overwrite at the same\n *   key. Used when only the denormalized display-name attribute\n *   changes (the SK is rename-stable).\n *\n * Idempotency: the chunk's `chunkToken` flows through to ElectroDB's\n * `ClientRequestToken` so a Map iteration replayed by Step Functions\n * retry lands on the same transaction id. The state machine's `Catch`\n * block also absorbs `DynamoDB.TransactionCanceledException` as a no-op\n * success — common on partial-replay when the prior run already\n * rewrote the rows (the `vid` race is \"rewrite loses to a later\n * write\" per TR-023 idempotency rule).\n */\n\nimport type { RenameCascadeChunkInput } from \"./events\";\nimport { rewriteRenameCascadeChunkOperation } from \"../../../data/operations/control/rename-cascade/rename-cascade-rewrite-chunk-operation\";\n\nexport interface RewriteChunkOutput {\n  readonly entityType: string;\n  readonly entityId: string;\n  readonly tenantId?: string;\n  readonly targetsRewritten: number;\n  readonly transactItemCount: number;\n}\n\nexport const handler = async (\n  input: RenameCascadeChunkInput,\n): Promise<RewriteChunkOutput> => {\n  const result = await rewriteRenameCascadeChunkOperation({\n    targets: input.targets,\n    token: input.chunkToken,\n  });\n\n  return {\n    entityType: input.entityType,\n    entityId: input.entityId,\n    tenantId: input.tenantId,\n    targetsRewritten: result.targetsRewritten,\n    transactItemCount: result.transactItemCount,\n  };\n};\n","import { Service } from \"electrodb\";\nimport { defaultTableName, dynamoClient } from \"./dynamo-client\";\nimport { ConfigurationEntity } from \"./entities/control/configuration-entity\";\nimport { ConfigurationUserProjectionEntity } from \"./entities/control/configuration-user-projection-entity\";\nimport { ConfigurationWorkspaceProjectionEntity } from \"./entities/control/configuration-workspace-projection-entity\";\nimport { MembershipEntity } from \"./entities/control/membership-entity\";\nimport { MembershipUserProjectionEntity } from \"./entities/control/membership-user-projection-entity\";\nimport { MembershipWorkspaceProjectionEntity } from \"./entities/control/membership-workspace-projection-entity\";\nimport { RoleEntity } from \"./entities/control/role-entity\";\nimport { RoleAssignmentEntity } from \"./entities/control/roleassignment-entity\";\nimport { RoleAssignmentUserProjectionEntity } from \"./entities/control/roleassignment-user-projection-entity\";\nimport { RoleAssignmentWorkspaceProjectionEntity } from \"./entities/control/roleassignment-workspace-projection-entity\";\nimport { TenantEntity } from \"./entities/control/tenant-entity\";\nimport { UserEntity } from \"./entities/control/user-entity\";\nimport { WorkspaceEntity } from \"./entities/control/workspace-entity\";\n\n/**\n * Control-plane entities only (service \"control\"). Same table as data plane; use\n * DynamoDataService for data-plane entities.\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n */\n\nconst controlPlaneEntities = {\n  configuration: ConfigurationEntity,\n  configurationUserProjection: ConfigurationUserProjectionEntity,\n  configurationWorkspaceProjection: ConfigurationWorkspaceProjectionEntity,\n  membership: MembershipEntity,\n  membershipUserProjection: MembershipUserProjectionEntity,\n  membershipWorkspaceProjection: MembershipWorkspaceProjectionEntity,\n  role: RoleEntity,\n  roleAssignment: RoleAssignmentEntity,\n  roleAssignmentUserProjection: RoleAssignmentUserProjectionEntity,\n  roleAssignmentWorkspaceProjection: RoleAssignmentWorkspaceProjectionEntity,\n  tenant: TenantEntity,\n  user: UserEntity,\n  workspace: WorkspaceEntity,\n};\n\nconst controlPlaneService = new Service(controlPlaneEntities, {\n  table: defaultTableName,\n  client: dynamoClient,\n});\n\n/**\n * Control-plane service: entities for configuration and control. Use with the\n * data store table (PK, SK, GSI1; UserEntity also uses GSI2).\n *\n * `transaction` exposes ElectroDB's `service.transaction.write` /\n * `service.transaction.get` builders so the operations-layer multi-write\n * helper (#1010, ADR-018) can compose `TransactWriteItems` across the\n * control-plane entities.\n */\nexport const DynamoControlService = {\n  entities: controlPlaneService.entities,\n  transaction: controlPlaneService.transaction,\n};\n\nexport type DynamoControlServiceType = typeof DynamoControlService;\n\n/**\n * Returns the control-plane service. Table name is resolved from tableName (optional override),\n * then DYNAMO_TABLE_NAME, then \"jesttesttable\".\n */\nexport function getDynamoControlService(\n  tableName?: string,\n): DynamoControlServiceType {\n  const resolved = tableName ?? defaultTableName;\n  const service = new Service(controlPlaneEntities, {\n    table: resolved,\n    client: dynamoClient,\n  });\n  return {\n    entities: service.entities,\n    transaction: service.transaction,\n  };\n}\n","import { DynamoDBClient } from \"@aws-sdk/client-dynamodb\";\n\n/**\n * DynamoDB table name for the data store. Set via DYNAMO_TABLE_NAME at runtime\n * (e.g. from Lambda env); defaults for local/test.\n */\nexport const defaultTableName =\n  process.env.DYNAMO_TABLE_NAME ?? \"jesttesttable\";\n\n/**\n * DynamoDB client. When MOCK_DYNAMODB_ENDPOINT is set (e.g. local DynamoDB or\n * jest-dynalite), uses that endpoint with no SSL and region \"local\".\n */\nexport const dynamoClient = new DynamoDBClient({\n  ...(process.env.MOCK_DYNAMODB_ENDPOINT && {\n    endpoint: process.env.MOCK_DYNAMODB_ENDPOINT,\n    sslEnabled: false,\n    region: \"local\",\n  }),\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute } from \"./control-entity-common\";\n\n/**\n * Configuration data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Partially tenant-isolated, control plane. Cascade of scope\n * levels: resolution order user → workspace → tenant → baseline. Sentinels: tenantId \"BASELINE\" for\n * baseline tier; workspaceId/userId/roleId \"-\" for absent dimension.\n *\n * Key structure: PK = CONFIG#TID#<tenantId>#WID#<workspaceId>#UID#<userId>#RID#<roleId>,\n * SK = KEY#<key>#SK#<sk>. Uniqueness: one Configuration per (tenantId, workspaceId, userId, roleId, key).\n * Standard attributes and key-building conventions align with single-table design.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Configuration entries in a tenant/workspace\n * across the four shards.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entities/configuration.md\n * @see sites/www-docs/content/architecture/control-plane/configuration.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/entity-standards.md — Key-building conventions (keys built inside entity)\n */\nexport const ConfigurationEntity = new Entity({\n  model: {\n    entity: \"configuration\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key. \"CURRENT\" for current version; version history in S3. */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant scope. Use \"BASELINE\" when the config is baseline default (no tenant). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"BASELINE\",\n    },\n    /** Workspace scope. Use \"-\" when absent. */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** User scope. Use \"-\" when absent. */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Role scope. Use \"-\" when absent. */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n      default: \"-\",\n    },\n    /** Config type (category), e.g. endpoints, branding, display. */\n    key: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL and for the Configuration resource. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Payload as JSON string. JSON.stringify(resource) on write; JSON.parse(item.resource) on read. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, key, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). Tracks current version; S3 history key. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK, SK (data store key names). PK is built from tenantId, workspaceId, userId, roleId; SK is built from key and sk. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"userId\", \"roleId\"],\n        template:\n          \"CONFIG#TID#${tenantId}#WID#${workspaceId}#UID#${userId}#RID#${roleId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"key\", \"sk\"],\n        template: \"KEY#${key}#SK#${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Configuration entries for a\n     * (tenant, workspace) across the four shards. Use for \"list configs scoped to this tenant\"\n     * (workspaceId = \"-\") or \"list configs scoped to this workspace\". Does not support\n     * hierarchical resolution in one query; use base table GetItem in fallback order\n     * (user → workspace → tenant → baseline) for that.\n     * SK is `<key>#<id>` — Configuration's `key` is a required entity attribute (the\n     * config category: endpoints, branding, display, …) and the natural sort/lookup\n     * dimension. `casing: \"none\"` preserves the literal key value.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"workspaceId\", \"gsi1Shard\"],\n        template:\n          \"TID#${tenantId}#WID#${workspaceId}#RT#Configuration#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"key\", \"id\"],\n        template: \"${key}#${id}\",\n      },\n    },\n  },\n});\n","import { extractLabel, normalizeLabel } from \"@openhi/types\";\nimport { computeShard } from \"../../shard\";\n\n/**\n * Shared GSI1 shard attribute for control-plane entities.\n *\n * Control-plane entities (User, Tenant, Workspace, Membership, Role, RoleAssignment,\n * Configuration) use the same `TID#/WID#/RT#/SHARD#` PK shape on GSI1 as data-plane\n * FHIR resources per ADR-011. The shard index is derived deterministically from `id`\n * via `computeShard` so updates always land on the same shard. Stored as a string\n * because it appears as a literal segment in the GSI1 PK template; the underlying\n * value is 0..3.\n *\n * Not `required` because the value is derived via `watch`/`set`; ElectroDB's\n * required-field check runs before watch propagation, so callers must not fail\n * validation on a derived field.\n */\nexport const gsi1ShardAttribute = {\n  type: \"string\" as const,\n  watch: [\"id\"] as const,\n  set: (_val?: string, item?: { id?: string }) => {\n    if (typeof item?.id !== \"string\" || item.id.length === 0) {\n      return undefined;\n    }\n    return String(computeShard(item.id));\n  },\n};\n\n/**\n * Shared GSI1 sort-key attribute for control-plane entities.\n *\n * Derives the GSI1SK value at write time from the entity's `resource` JSON\n * string, applying the same label-extraction strategy as the data plane\n * (DR-004 / `@openhi/types` `extractLabel`). When the resource carries a\n * natural label (Tenant.name, Workspace.name, Configuration.key, …) the\n * sort key is `<normalizedLabel>#<id>` so list endpoints sort alphabetically\n * and `BEGINS_WITH` queries serve prefix searches. When no label is\n * extractable, falls back to `<entity.lastUpdated>#<id>` for stable\n * reverse-chronological ordering.\n *\n * Falls back gracefully on malformed `resource` payloads — JSON parse\n * failures and missing fields both route to the lastUpdated fallback so a\n * single bad write never blocks an entity put. The entity-level\n * `lastUpdated` is preferred over `resource.meta.lastUpdated` so the\n * fallback uses the authoritative timestamp the entity write supplies.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n */\nexport const gsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"resource\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: { resource?: string; lastUpdated?: string; id?: string },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    if (typeof item?.resource !== \"string\" || item.resource.length === 0) {\n      return fallback;\n    }\n\n    let parsed: unknown;\n    try {\n      parsed = JSON.parse(item.resource);\n    } catch {\n      return fallback;\n    }\n    if (!parsed || typeof parsed !== \"object\") return fallback;\n    const resourceType = (parsed as { resourceType?: unknown }).resourceType;\n    if (typeof resourceType !== \"string\") return fallback;\n\n    const label = extractLabel(parsed as Parameters<typeof extractLabel>[0]);\n    return label !== undefined ? `${label}#${id}` : fallback;\n  },\n};\n\n/**\n * Extract a roleId from a RoleAssignment resource payload. Looks first at\n * a flat top-level `roleId` string, then at a FHIR-style `role.reference`\n * (e.g. `Role/<id>`). Returns `undefined` when neither shape is present\n * or the field is malformed — callers fall back to the generic GSI1SK\n * derivation in that case so a single bad write never blocks an entity put.\n */\nfunction extractRoleId(resource: Record<string, unknown>): string | undefined {\n  const flat = resource.roleId;\n  if (typeof flat === \"string\" && flat.length > 0) return flat;\n\n  const role = resource.role;\n  if (role && typeof role === \"object\") {\n    const reference = (role as { reference?: unknown }).reference;\n    if (typeof reference === \"string\" && reference.length > 0) {\n      const slash = reference.lastIndexOf(\"/\");\n      const tail = slash >= 0 ? reference.slice(slash + 1) : reference;\n      if (tail.length > 0) return tail;\n    }\n  }\n  return undefined;\n}\n\n/**\n * RoleAssignment-specific GSI1 sort-key attribute (ADR-018 pattern #8 —\n * \"users with a specific role in a tenant, sorted by user name\").\n *\n * Composes the canonical-row GSI1SK as the discriminator-first shape\n * `<roleId>#<normalizedUserName>#<id>` so a GSI1 query partitioned on\n * the tenant can `begins_with('<roleId>#')` to enumerate every user\n * assigned to a given role, sorted by user name.\n *\n * - `<roleId>` is read from a flat `resource.roleId` field, falling back\n *   to the slug after the final `/` in `resource.role.reference` (the\n *   FHIR Reference shape). Sorting on `roleId` rather than the role's\n *   display name means a Role rename does not cascade onto this index\n *   (TR-024 / ADR-018 § Implementation Notes).\n * - `<normalizedUserName>` is `normalizeLabel(denormalizedUserName)` —\n *   the top-level denormalized field promoted in #1009 (TR-024 rule 3:\n *   canonical-record symmetry).\n *\n * Falls back to `gsi1skAttribute`'s `<lastUpdated>#<id>` shape when\n * either component is missing or malformed, so pre-TR-024 rows and\n * malformed payloads still produce a valid sort key.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n *\n * @see ADR-018 § Access Pattern Coverage — pattern #8\n * @see TR-024 — Denormalized display-name attributes\n */\nexport const roleAssignmentGsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"resource\", \"denormalizedUserName\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: {\n      resource?: string;\n      denormalizedUserName?: string;\n      lastUpdated?: string;\n      id?: string;\n    },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    if (typeof item?.resource !== \"string\" || item.resource.length === 0) {\n      return fallback;\n    }\n\n    let parsed: unknown;\n    try {\n      parsed = JSON.parse(item.resource);\n    } catch {\n      return fallback;\n    }\n    if (!parsed || typeof parsed !== \"object\") return fallback;\n\n    const roleId = extractRoleId(parsed as Record<string, unknown>);\n    if (roleId === undefined) return fallback;\n\n    const denormalizedUserName =\n      typeof item.denormalizedUserName === \"string\"\n        ? item.denormalizedUserName\n        : \"\";\n    const normalizedUserName =\n      denormalizedUserName.length > 0\n        ? normalizeLabel(denormalizedUserName)\n        : \"\";\n    if (normalizedUserName.length === 0) return fallback;\n\n    return `${roleId}#${normalizedUserName}#${id}`;\n  },\n};\n\n/**\n * Membership-specific GSI1 sort-key attribute (ADR-018 pattern #1 —\n * \"users in a tenant, sorted by user name\").\n *\n * Composes the canonical-row GSI1SK as `<normalizedUserName>#<id>` so a\n * GSI1 query partitioned on the tenant range-scans by user-name prefix\n * and returns memberships sorted alphabetically by user name. No role\n * discriminator goes in front — pattern #1 is user-name-first.\n *\n * - `<normalizedUserName>` is `normalizeLabel(denormalizedUserName)` —\n *   the top-level denormalized field promoted in #1009 (TR-024 rule 3:\n *   canonical-record symmetry).\n *\n * Falls back to `gsi1skAttribute`'s `<lastUpdated>#<id>` shape when\n * `denormalizedUserName` is missing, so pre-TR-024 rows and malformed\n * payloads still produce a valid sort key.\n *\n * Not `required` because the value is derived via `watch`/`set`.\n *\n * @see ADR-018 § Access Pattern Coverage — pattern #1\n * @see TR-024 — Denormalized display-name attributes\n */\nexport const membershipGsi1skAttribute = {\n  type: \"string\" as const,\n  watch: [\"denormalizedUserName\", \"lastUpdated\", \"id\"] as const,\n  set: (\n    _val?: string,\n    item?: {\n      denormalizedUserName?: string;\n      lastUpdated?: string;\n      id?: string;\n    },\n  ) => {\n    const id = typeof item?.id === \"string\" ? item.id : \"\";\n    const lastUpdated =\n      typeof item?.lastUpdated === \"string\" ? item.lastUpdated : \"\";\n    const fallback = `${lastUpdated}#${id}`;\n\n    const denormalizedUserName =\n      typeof item?.denormalizedUserName === \"string\"\n        ? item.denormalizedUserName\n        : \"\";\n    const normalizedUserName =\n      denormalizedUserName.length > 0\n        ? normalizeLabel(denormalizedUserName)\n        : \"\";\n    if (normalizedUserName.length === 0) {\n      return fallback;\n    }\n\n    return `${normalizedUserName}#${id}`;\n  },\n};\n","/**\n * Shard selection for the data-plane single-table GSI1 partitioning per ADR-011.\n *\n * GSI1's partition key embeds a `SHARD#<n>` segment with `n = computeShard(id)`.\n * The hash is deterministic so updates to the same resource id always land on\n * the same shard (no cross-shard migration on update); reads fan out to all\n * shards in parallel and merge by SK.\n *\n * @see sites/www-docs/content/architecture/adr/ — ADR-011 (single-table DynamoDB)\n */\n\n/** Number of shards in the GSI1 partition key. Fixed at 4 in v1; raising it later is a backfill, not a schema migration. */\nexport const SHARD_COUNT = 4;\n\n/**\n * Returns a deterministic shard index in [0, SHARD_COUNT) for the given resource id.\n *\n * Implementation: 32-bit FNV-1a over the UTF-16 code units of the id, modulo SHARD_COUNT.\n * The function is pure and stable; the same id always returns the same shard.\n *\n * ESLint's `no-bitwise` rule is disabled inside this function because FNV-1a is\n * defined in terms of XOR and unsigned-right-shift — the bitwise ops are the\n * algorithm, not an accidental logical-operator confusion.\n */\nexport function computeShard(id: string): number {\n  /* eslint-disable no-bitwise */\n  let hash = 0x811c9dc5;\n  for (let i = 0; i < id.length; i++) {\n    hash ^= id.charCodeAt(i);\n    hash = Math.imul(hash, 0x01000193);\n  }\n  return (hash >>> 0) % SHARD_COUNT;\n  /* eslint-enable no-bitwise */\n}\n","import { Entity } from \"electrodb\";\n\n/**\n * Configuration user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection — pattern #10 (user-scope half).**\n * For every user-scoped Configuration write the operations-layer\n * multi-write helper writes one projection row under the user partition\n * so the user-rooted access pattern #10 is served by a single\n * base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #10 user-scope | Configuration is user-scoped (`userId !== \"-\"`) | `USER#ID#<userId>` | `CONFIGURATION#<normalizedConfigName>#<configurationId>` |\n *\n * `<normalizedConfigName>` derives from Configuration's `key` attribute\n * (the canonical name dimension — Configuration carries no `displayName`\n * per TR-024 § Open Item #5, so `key` is the natural sort source). The\n * SK shape is operation-owned: the operations-layer projection writer\n * composes the SK string via `buildConfigurationUserProjectionSk` and\n * supplies it on the `sk` attribute. This entity stores the SK verbatim —\n * no `watch`/derived computation here — so the SK grammar (and any\n * future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'CONFIGURATION#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`configurationId`, `userId`,\n * `tenantId`, `scope`).\n *\n * **Cross-tenant partition.** Unlike Membership/RoleAssignment-workspace\n * partitions, the Configuration user-projection's PK carries no tenant\n * prefix — a user's user-scoped Configurations are cross-tenant by\n * design (a user may carry preferences that follow them across tenant\n * memberships). This mirrors the RoleAssignment user-projection partition.\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged. Tenant-scoped Configurations\n * continue to use the canonical GSI1 path (ADR-011) unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#10 — user-scope half)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const ConfigurationUserProjectionEntity = new Entity({\n  model: {\n    entity: \"configurationUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildConfigurationUserProjectionSk`. The entity stores\n     * the value verbatim so the SK grammar (pattern #10 user-scope) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Configuration canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via the\n     * Configuration get-by-id operation when the projection's `summary`\n     * is insufficient.\n     */\n    configurationId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Tenant the Configuration is associated with. The canonical row\n     * keys off `(tenantId, workspaceId, userId, roleId)`; the projection\n     * carries `tenantId` so consumers reconstructing the canonical PK\n     * have the tenant segment without a hop.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Scope marker. Always `\"user\"` on this projection — recorded\n     * explicitly so future scope-bearing projections (workspace,\n     * tenant, role) can share filter semantics in a unified\n     * cross-projection list query if one ever lands.\n     */\n    scope: {\n      type: \"string\" as const,\n      required: true,\n      default: \"user\",\n    },\n    /**\n     * Configuration's `key` attribute (config category, e.g. endpoints,\n     * branding, display). Mirrored from the canonical row so consumers\n     * reading the projection get the natural display label without a\n     * BatchGet hop. Doubles as the source of `<normalizedConfigName>` in\n     * the SK.\n     */\n    displayName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Summary projection (key display fields as JSON string) — mirrored\n     * from the canonical Configuration row so user-partition queries do\n     * not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Configuration row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Configuration row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied. A\n     * single `Query(PK = USER#ID#<userId>, SK begins_with\n     * 'CONFIGURATION#')` returns the user's user-scoped Configurations\n     * sorted by `<normalizedConfigName>` (then `<configurationId>` as\n     * the tiebreaker).\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Configuration workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection — pattern #10 (workspace-scope half).**\n * For every workspace-scoped Configuration the operations-layer\n * multi-write helper writes one projection row under the workspace\n * partition so the workspace-rooted access pattern #10 is served by a\n * single base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #10 workspace-scope | Configuration is workspace-scoped (`workspaceId !== \"-\"`, `userId === \"-\"`) | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `CONFIGURATION#<normalizedConfigName>#<configurationId>` |\n *\n * The PK co-locates with the canonical Workspace record\n * (`SK = CURRENT`) and the Membership / RoleAssignment workspace-\n * projections (patterns #2, #9), so an admin workspace dashboard can\n * hydrate workspace metadata + member projections + role-assignment\n * projections + workspace-scoped Configurations in a single `Query`.\n *\n * `<normalizedConfigName>` derives from Configuration's `key` attribute\n * (the canonical name dimension — Configuration carries no `displayName`\n * per TR-024 § Open Item #5, so `key` is the natural sort source). The\n * SK shape is operation-owned: the operations-layer projection writer\n * composes the SK string via `buildConfigurationWorkspaceProjectionSk`\n * and supplies it on the `sk` attribute. This entity stores the SK\n * verbatim — no `watch`/derived computation here — so the SK grammar\n * (and any future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'CONFIGURATION#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`configurationId`, `workspaceId`,\n * `tenantId`, `scope`).\n *\n * **Tenant-prefixed partition.** Unlike the Configuration user-\n * projection (whose PK is `USER#ID#<userId>` with no tenant prefix —\n * a user's user-scoped Configurations are cross-tenant by design),\n * the workspace-projection PK carries the tenant prefix because\n * Workspaces are tenant-scoped per ADR-011. This mirrors the\n * Membership / RoleAssignment workspace-projection partitions.\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged. Tenant-scoped Configurations continue to use the\n * canonical GSI1 path (ADR-011) unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#10 — workspace-scope half)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const ConfigurationWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"configurationWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildConfigurationWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #10\n     * workspace-scope) is owned by the operations layer, not\n     * duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Configuration canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via the\n     * Configuration get-by-id operation when the projection's `summary`\n     * is insufficient.\n     */\n    configurationId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Scope marker. Always `\"workspace\"` on this projection — recorded\n     * explicitly so future scope-bearing projections (user, tenant,\n     * role) can share filter semantics in a unified cross-projection\n     * list query if one ever lands.\n     */\n    scope: {\n      type: \"string\" as const,\n      required: true,\n      default: \"workspace\",\n    },\n    /**\n     * Configuration's `key` attribute (config category, e.g. endpoints,\n     * branding, display). Mirrored from the canonical row so consumers\n     * reading the projection get the natural display label without a\n     * BatchGet hop. Doubles as the source of `<normalizedConfigName>`\n     * in the SK.\n     */\n    displayName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Summary projection (key display fields as JSON string) — mirrored\n     * from the canonical Configuration row so workspace-partition\n     * queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Configuration row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Configuration row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. A single\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'CONFIGURATION#')`\n     * returns the workspace's workspace-scoped Configurations sorted by\n     * `<normalizedConfigName>` (then `<configurationId>` as the\n     * tiebreaker).\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport {\n  gsi1ShardAttribute,\n  membershipGsi1skAttribute,\n} from \"./control-entity-common\";\n\n/**\n * Membership data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Membership links a User\n * to a Tenant (and optionally a Workspace). One record per (tenantId, id).\n *\n * Key structure: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT.\n * Uniqueness: one Membership per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Memberships in a tenant across the four\n * shards. Membership is tenant-scoped (not workspace-scoped), so the GSI1 PK uses `WID#-` as a\n * sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const MembershipEntity = new Entity({\n  model: {\n    entity: \"membership\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the user has membership (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; membership id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Membership resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /**\n     * Derived GSI1 sort key — `<normalizedUserName>#<id>` per ADR-018\n     * pattern #1 so a GSI1 query partitioned on the tenant range-scans\n     * by user-name prefix and returns memberships sorted by user name.\n     * Falls back to `<lastUpdated>#<id>` when `denormalizedUserName`\n     * is missing.\n     */\n    gsi1sk: membershipGsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized `linked-data-identity` Reference (e.g. `Practitioner/abc`).\n     * Populated from the FHIR extension on the Membership resource at write\n     * time so future GSIs can index data-plane identity lookups without\n     * deserializing the full resource JSON. See ADR 2026-03-13-02 §6.\n     */\n    linkedDataIdentityRef: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Tenant, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list projection SKs (pattern #3 — `MEMBERSHIP#TENANT#<normalizedTenantName>#…`)\n     * can be composed from a top-level field instead of digging into the\n     * `resource` JSON. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Tenant.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked User, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list canonical-record GSI1SK (pattern #1 —\n     * `<normalizedUserName>#<id>`) and workspace-projection SK (pattern #2)\n     * can be composed from a top-level field. Optional on the schema so\n     * pre-TR-024 rows do not break; the operations-layer multi-write helper\n     * (#1010) makes the field load-bearing at write time per TR-024 rule 2\n     * (write-time source = canonical User.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#MEMBERSHIP#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Memberships for a tenant across the\n     * four shards. Membership is tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is derived via `membershipGsi1skAttribute` — composes\n     * `<normalizedUserName>#<id>` per ADR-018 pattern #1 (users in a\n     * tenant, sorted by user name); falls back to `<lastUpdated>#<id>`\n     * when `denormalizedUserName` is missing. `casing: \"none\"` preserves\n     * the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Membership#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Membership user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every Membership write the\n * operations-layer multi-write helper writes one of two projection rows\n * under the user partition so the user-rooted access patterns #3 and #4\n * are served by a single base-table `Query` with no GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #3 — tenant sub-lane | `workspaceId` absent | `USER#ID#<userId>` | `MEMBERSHIP#TENANT#<normalizedTenantName>#TID#<tenantId>#<id>` |\n * | #4 — workspace sub-lane | `workspaceId` set | `USER#ID#<userId>` | `MEMBERSHIP#WORKSPACE#TID#<tenantId>#<normalizedWorkspaceName>#WID#<workspaceId>#<id>` |\n *\n * Both shapes share the user-partition `PK = USER#ID#<userId>`. The SK\n * shape is operation-owned: the operations-layer projection writer\n * composes the SK string via the `buildMembershipUserProjectionSk*`\n * helpers and supplies it on the `sk` attribute. This entity stores the\n * SK verbatim — no `watch`/derived computation here — so the SK grammar\n * (and any future revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'MEMBERSHIP#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`tenantId`, `userId`, `workspaceId?`,\n * `membershipId`) and TR-024 denormalized display names\n * (`denormalizedTenantName`, `denormalizedUserName`,\n * `denormalizedWorkspaceName?`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#3, #4)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const MembershipUserProjectionEntity = new Entity({\n  model: {\n    entity: \"membershipUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildMembershipUserProjectionSk*` helpers. The entity\n     * stores the value verbatim so the SK grammar (patterns #3 and #4)\n     * is owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Tenant in which the membership applies. Always required. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace the membership scopes to. Present iff the projection\n     * row is a pattern-#4 workspace sub-lane row; absent for pattern-#3\n     * tenant sub-lane rows.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Membership canonical-record id. Stored as a discriminating field\n     * so consumers can hydrate the canonical row via\n     * `MembershipEntity.get({ tenantId, id: membershipId })` when the\n     * projection's `summary` is insufficient.\n     */\n    membershipId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical Membership row\n     * so user-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Membership row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Membership row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized Tenant display name — required to compose pattern-#3\n     * SK (`MEMBERSHIP#TENANT#<normalizedTenantName>#…`). Optional on the\n     * schema because pre-TR-024 rows may not carry a display name; the\n     * operations layer falls back gracefully when missing.\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized User display name — mirrored from the canonical\n     * Membership row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the user's\n     * display name without a hop to the User record.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Workspace display name — required to compose\n     * pattern-#4 SK (`MEMBERSHIP#WORKSPACE#TID#<tenantId>#<normalizedWorkspaceName>#…`).\n     * Optional on the schema (TR-024 § Open Item #4 defers a formal\n     * Workspace-rename cascade); the operations layer falls back to a\n     * sentinel when missing so the SK still has a valid shape.\n     */\n    denormalizedWorkspaceName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied.\n     * Both pattern #3 and pattern #4 use this same index — the SK string\n     * encodes the lane discriminator (`MEMBERSHIP#TENANT#…` vs\n     * `MEMBERSHIP#WORKSPACE#…`) so a single `Query(PK = USER#ID#<userId>,\n     * SK begins_with 'MEMBERSHIP#')` returns both lanes interleaved.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * Membership workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every workspace-scoped\n * Membership the operations-layer multi-write helper writes one\n * projection row under the workspace partition so the workspace-rooted\n * access pattern #2 is served by a single base-table `Query` with no\n * GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #2 — users in a workspace | `workspaceId` set | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `MEMBERSHIP#<normalizedUserName>#USER#<userId>#<id>` |\n *\n * The PK co-locates with the canonical Workspace record\n * (`SK = CURRENT`) so a single `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>)`\n * returns workspace metadata + every member projection in one round\n * trip. The SK shape is operation-owned: the operations-layer\n * projection writer composes the SK string via the\n * `buildMembershipWorkspaceProjectionSk` helper and supplies it on the\n * `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar lives in one\n * place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'MEMBERSHIP#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`tenantId`, `workspaceId`,\n * `userId`, `membershipId`) and TR-024 denormalized user display name\n * (`denormalizedUserName`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#2)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const MembershipWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"membershipWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildMembershipWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #2) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * User the membership links. Stored as a discriminating field so\n     * consumers can hydrate the canonical User row via\n     * `UserEntity.get({ id: userId, sk: \"CURRENT\" })` when the\n     * projection's `summary` is insufficient.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Membership canonical-record id. Stored as a discriminating field\n     * so consumers can hydrate the canonical row via\n     * `MembershipEntity.get({ tenantId, id: membershipId })` when the\n     * projection's `summary` is insufficient.\n     */\n    membershipId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical Membership row\n     * so workspace-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical Membership row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical Membership row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized User display name — required to compose the\n     * pattern-#2 SK (`MEMBERSHIP#<normalizedUserName>#…`). Optional on\n     * the schema because pre-TR-024 rows may not carry a display name;\n     * the operations layer falls back to a sentinel when missing so\n     * the SK still has a valid shape. The TR-023 rename-cascade\n     * pipeline rewrites the SK on a User rename.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. Pattern #2 uses this index — the SK\n     * encodes the entity-type prefix (`MEMBERSHIP#…`) so a\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'MEMBERSHIP#')`\n     * returns every member projection for the workspace in normalized-\n     * user-name sort order.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Role data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. Role is a\n * platform-wide role catalog (e.g. tenant-admin, tenant-user, system-admin); not scoped by tenant.\n * RoleAssignment references Role to assign a role to a User in a Tenant/Workspace context.\n *\n * Key structure: PK = ROLE#ID#<id>, SK = CURRENT.\n * The ROLE# prefix prevents key collisions with other non-tenant-isolated entities (User, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one Role per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Roles across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleEntity = new Entity({\n  model: {\n    entity: \"role\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; role id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Role resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = ROLE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"ROLE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Roles across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#Role#SHARD#<n>`.\n     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when\n     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: \"none\"` preserves the\n     * normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Role#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport {\n  gsi1ShardAttribute,\n  roleAssignmentGsi1skAttribute,\n} from \"./control-entity-common\";\n\n/**\n * RoleAssignment data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. RoleAssignment assigns\n * a Role to a User in a Tenant (and optionally Workspace) context.\n *\n * Key structure: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT.\n * Uniqueness: one RoleAssignment per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all RoleAssignments in a tenant across the four\n * shards. Tenant-scoped only (workspace context lives inside the resource), so the GSI1 PK uses\n * `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-02-control-plane-roles-and-user-tenant-workspace-linkage.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const RoleAssignmentEntity = new Entity({\n  model: {\n    entity: \"roleassignment\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant in which the role assignment applies (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; role assignment id. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full RoleAssignment resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /**\n     * Derived GSI1 sort key — discriminator-first\n     * `<roleId>#<normalizedUserName>#<id>` per ADR-018 pattern #8 so a\n     * GSI1 query partitioned on the tenant can `begins_with('<roleId>#')`\n     * to enumerate every user assigned to a given role, sorted by user\n     * name. Falls back to `<lastUpdated>#<id>` when either component is\n     * missing.\n     */\n    gsi1sk: roleAssignmentGsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Tenant, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list user-projection SK (pattern #5 —\n     * `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#<roleId>#TID#<tenantId>#<id>`)\n     * can be composed from a top-level field instead of digging into the\n     * `resource` JSON. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Tenant.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked User, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list canonical-record GSI1SK (pattern #8 —\n     * `<roleId>#<normalizedUserName>#<id>`) and workspace-projection SK\n     * (pattern #9) can be composed from a top-level field. Optional on\n     * the schema so pre-TR-024 rows do not break; the operations-layer\n     * multi-write helper (#1010) makes the field load-bearing at write\n     * time per TR-024 rule 2 (write-time source = canonical\n     * User.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized display name of the linked Role, captured at row\n     * last-write time. Promoted to a top-level attribute so the ADR-018\n     * adjacency-list user-projection SK (pattern #5 —\n     * `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#…`) can be composed from\n     * a top-level field. Optional on the schema so pre-TR-024 rows do not\n     * break; the operations-layer multi-write helper (#1010) makes the\n     * field load-bearing at write time per TR-024 rule 2 (write-time\n     * source = canonical Role.displayName).\n     * @see TR-024 — Denormalized display-name attributes\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#ROLEASSIGNMENT#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all RoleAssignments for a tenant across the\n     * four shards. Tenant-scoped only, so `WID#-` is a sentinel.\n     * SK is derived via `roleAssignmentGsi1skAttribute` — composes the\n     * discriminator-first `<roleId>#<normalizedUserName>#<id>` shape per\n     * ADR-018 pattern #8 (users with a specific role in a tenant, sorted\n     * by user name); falls back to `<lastUpdated>#<id>` when either\n     * component is missing. `casing: \"none\"` preserves the normalized\n     * label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#RoleAssignment#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * RoleAssignment user-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every RoleAssignment write\n * the operations-layer multi-write helper writes one projection row\n * under the user partition so the user-rooted access pattern #5 is\n * served by a single base-table `Query` with no GSI hop. The SK encodes\n * a tenant-vs-workspace discriminator sub-prefix so both sub-lanes share\n * the user partition:\n *\n * | Sub-lane | When | PK | SK |\n * |---|---|---|---|\n * | tenant-level | `workspaceId` absent | `USER#ID#<userId>` | `ROLEASSIGNMENT#TENANT#<normalizedRoleName>#<roleId>#TID#<tenantId>#<id>` |\n * | workspace-level | `workspaceId` set | `USER#ID#<userId>` | `ROLEASSIGNMENT#WORKSPACE#<normalizedRoleName>#<roleId>#TID#<tenantId>#WID#<workspaceId>#<id>` |\n *\n * The SK shape is operation-owned: the operations-layer projection\n * writer composes the SK string via the\n * `buildRoleAssignmentUserProjectionSk*` helpers and supplies it on the\n * `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar (and any future\n * revision) lives in one place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = USER#ID#<userId>, SK begins_with 'ROLEASSIGNMENT#')` is\n * self-sufficient — no BatchGet hop to the canonical record), plus the\n * projection-discriminating fields (`tenantId`, `roleId`,\n * `roleAssignmentId`, `userId`, `workspaceId?`) and TR-024 denormalized\n * display names (`denormalizedTenantName`, `denormalizedUserName`,\n * `denormalizedRoleName`).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition `USER#ID#<userId>`; the\n * GSI1/GSI2 catalog is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#5)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const RoleAssignmentUserProjectionEntity = new Entity({\n  model: {\n    entity: \"roleAssignmentUserProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * User partition discriminator. Renders as `USER#ID#<userId>` on the\n     * base-table PK. Always required — the projection has no meaning\n     * outside a user partition.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildRoleAssignmentUserProjectionSk*` helpers. The\n     * entity stores the value verbatim so the SK grammar (tenant-lane\n     * vs workspace-lane) is owned by the operations layer, not\n     * duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Tenant in which the role assignment applies. Always required. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace the role assignment scopes to. Present iff the\n     * projection row is the workspace-level sub-lane; absent for\n     * tenant-level sub-lane rows.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Role the assignment grants. Stored as a discriminating field so\n     * `Query(PK = USER#ID#<userId>, SK begins_with 'ROLEASSIGNMENT#…')`\n     * results carry the role id without a hop to the canonical row.\n     */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * RoleAssignment canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via\n     * `RoleAssignmentEntity.get({ tenantId, id: roleAssignmentId })`\n     * when the projection's `summary` is insufficient.\n     */\n    roleAssignmentId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical RoleAssignment\n     * row so user-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical RoleAssignment row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical RoleAssignment row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized Tenant display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Optional on the schema because pre-TR-024 rows may not carry a\n     * display name; the operations layer falls back gracefully when\n     * missing.\n     */\n    denormalizedTenantName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized User display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the user's\n     * display name without a hop to the User record.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Role display name — required to compose the SK's\n     * `<normalizedRoleName>` segment. Optional on the schema (pre-TR-024\n     * rows fall back to a sentinel) but expected to be present at write\n     * time per TR-024 rule 2 (write-time source =\n     * canonical Role.displayName).\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = USER#ID#<userId>, SK = operation-supplied. Both\n     * sub-lanes (tenant-level and workspace-level) use this same index —\n     * the SK string encodes the lane discriminator\n     * (`ROLEASSIGNMENT#TENANT#…` vs `ROLEASSIGNMENT#WORKSPACE#…`) so a\n     * single `Query(PK = USER#ID#<userId>, SK begins_with\n     * 'ROLEASSIGNMENT#')` returns both lanes interleaved.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"userId\"],\n        template: \"USER#ID#${userId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\n\n/**\n * RoleAssignment workspace-projection entity (single-table store, no GSI).\n *\n * **ADR-018 adjacency-list projection.** For every workspace-scoped\n * RoleAssignment the operations-layer multi-write helper writes one\n * projection row under the workspace partition so the workspace-rooted\n * access pattern #9 is served by a single base-table `Query` with no\n * GSI hop:\n *\n * | Pattern | When | PK | SK |\n * |---|---|---|---|\n * | #9 — users with a specific role in a workspace | `workspaceId` set | `TID#<tenantId>#WORKSPACE#ID#<workspaceId>` | `ROLEASSIGNMENT#<roleId>#<normalizedUserName>#USER#<userId>#<id>` |\n *\n * The SK is **discriminator-first** on the raw `<roleId>` (mirroring the\n * canonical GSI1SK from pattern #8): role id discriminates first so a\n * `begins_with('ROLEASSIGNMENT#<roleId>#')` filter returns every user\n * assigned to that role in the workspace, sorted alphabetically by\n * normalized user name. Omitting the `<roleId>#` segment\n * (`begins_with('ROLEASSIGNMENT#')`) returns every role assignment in\n * the workspace interleaved.\n *\n * The PK co-locates with the canonical Workspace record (`SK = CURRENT`)\n * and the Membership workspace-projection rows (pattern #2) so a single\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>)` returns\n * workspace metadata + every member projection + every role-assignment\n * projection in one round trip — the admin workspace-dashboard read shape.\n *\n * The SK shape is operation-owned: the operations-layer projection\n * writer composes the SK string via the\n * `buildRoleAssignmentWorkspaceProjectionSk` helper and supplies it on\n * the `sk` attribute. This entity stores the SK verbatim — no\n * `watch`/derived computation here — so the SK grammar lives in one\n * place: the operations layer.\n *\n * Projection attribute set per ADR-018 § Projection attribute set and\n * the implementation guide § 2: `summary`, `vid`, `lastUpdated` (so\n * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'ROLEASSIGNMENT#')`\n * is self-sufficient — no BatchGet hop to the canonical record), plus\n * the projection-discriminating fields (`tenantId`, `workspaceId`,\n * `roleId`, `roleAssignmentId`, `userId`) and TR-024 denormalized\n * display names (`denormalizedUserName`, `denormalizedRoleName`).\n *\n * **Rename-cascade interaction (TR-023, Phase 6).** The SK uses the\n * raw `<roleId>` (rename-stable) for the discriminator and\n * `<normalizedUserName>` for the secondary sort. A Role rename does NOT\n * rewrite this SK; a User rename DOES (cascaded by the rename pipeline).\n *\n * **No GSI projection.** Per ADR-018 § Decision, cross-cutting reads\n * are served by the main-table partition\n * `TID#<tenantId>#WORKSPACE#ID#<workspaceId>`; the GSI1/GSI2 catalog\n * is unchanged.\n *\n * @see ADR-018 § Access Pattern Coverage (#9)\n * @see .state/adr-018-implementation-guide.md § 1 (SK grammar) and § 2 (attribute set)\n * @see .claude/rules/data-layer-layout.md — projection writers live in operations, not here\n */\nexport const RoleAssignmentWorkspaceProjectionEntity = new Entity({\n  model: {\n    entity: \"roleAssignmentWorkspaceProjection\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /**\n     * Tenant the workspace belongs to. Renders as the leading segment\n     * of the base-table PK. Always required — the workspace partition\n     * is tenant-scoped per ADR-011.\n     */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Workspace partition discriminator. Renders as the trailing\n     * segment of the base-table PK\n     * (`TID#<tenantId>#WORKSPACE#ID#<workspaceId>`). Always required —\n     * the projection has no meaning outside a workspace partition.\n     */\n    workspaceId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Pre-composed sort key — built by the operations-layer projection\n     * writer via `buildRoleAssignmentWorkspaceProjectionSk`. The entity\n     * stores the value verbatim so the SK grammar (pattern #9) is\n     * owned by the operations layer, not duplicated here.\n     */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * User the role assignment grants the role to. Stored as a\n     * discriminating field so consumers can hydrate the canonical User\n     * row via `UserEntity.get({ id: userId, sk: \"CURRENT\" })` when the\n     * projection's `summary` is insufficient.\n     */\n    userId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Role the assignment grants. Stored as a discriminating field —\n     * also rendered into the SK as the discriminator-first segment so\n     * `begins_with('ROLEASSIGNMENT#<roleId>#')` filters one role.\n     */\n    roleId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * RoleAssignment canonical-record id. Stored as a discriminating\n     * field so consumers can hydrate the canonical row via\n     * `RoleAssignmentEntity.get({ tenantId, id: roleAssignmentId })`\n     * when the projection's `summary` is insufficient.\n     */\n    roleAssignmentId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id,\n     * displayName, status) — mirrored from the canonical RoleAssignment\n     * row so workspace-partition queries do not need a BatchGet hop.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id mirrored from the canonical RoleAssignment row. */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Last-updated timestamp mirrored from the canonical RoleAssignment row. */\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Denormalized User display name — required to compose the\n     * pattern-#9 SK (`ROLEASSIGNMENT#<roleId>#<normalizedUserName>#…`).\n     * Optional on the schema because pre-TR-024 rows may not carry a\n     * display name; the operations layer falls back to a sentinel when\n     * missing so the SK still has a valid shape. The TR-023 rename-\n     * cascade pipeline rewrites the SK on a User rename.\n     */\n    denormalizedUserName: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /**\n     * Denormalized Role display name — mirrored from the canonical\n     * RoleAssignment row per TR-024 rule 3 (canonical-record symmetry).\n     * Carried on the projection so consumers can render the role's\n     * display name without a hop to the Role record. Not part of the\n     * SK (pattern #9 sorts on `<normalizedUserName>`, not role name) —\n     * a Role rename does NOT rewrite this SK.\n     */\n    denormalizedRoleName: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /**\n     * Base table: PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>,\n     * SK = operation-supplied. Pattern #9 uses this index — the SK\n     * encodes the entity-type prefix and discriminator-first roleId\n     * (`ROLEASSIGNMENT#<roleId>#…`) so\n     * `Query(PK = TID#<tenantId>#WORKSPACE#ID#<workspaceId>, SK begins_with 'ROLEASSIGNMENT#<roleId>#')`\n     * returns every user-assignment for that role in the workspace, sorted\n     * by normalized user name.\n     */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"workspaceId\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${workspaceId}\",\n      },\n      sk: {\n        field: \"SK\",\n        casing: \"none\" as const,\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Tenant data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Tenant IS the top scope;\n * the workspace dimension is not applicable and uses the sentinel `TENANT`. The tenant's own `id`\n * is stored as `tenantId` to drive the partition key.\n *\n * Key structure: PK = TENANT#ID#<tenantId>, SK = CURRENT.\n * Uniqueness: one Tenant per tenantId (id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Tenants across the four shards. Tenant has\n * no parent tenant or workspace, so the PK uses `TID#-#WID#-` sentinels.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const TenantEntity = new Entity({\n  model: {\n    entity: \"tenant\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** The tenant's own id (= resource id). Drives the partition key. */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. Equals tenantId. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Tenant resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TENANT#ID#<tenantId>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\"],\n        template: \"TENANT#ID#${tenantId}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Tenants across the four shards.\n     * Tenant lives at the platform tier (no parent tenant or workspace), so `TID#-#WID#-`\n     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is derived via `gsi1skAttribute` —\n     * `<normalizedName>#<id>` when the resource carries a `name`, else `<lastUpdated>#<id>`\n     * (DR-004). `casing: \"none\"` preserves the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#Tenant#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * User data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Non-tenant-isolated, control plane. User is a\n * platform-wide identity; association with tenants and workspaces is through Membership and\n * RoleAssignment, not the User entity's own key.\n *\n * Key structure: PK = USER#ID#<id>, SK = CURRENT.\n * The USER# prefix prevents key collisions with other non-tenant-isolated entities (Role, etc.)\n * sharing the same table (ADR 2026-03-11-01 — preferred pattern for all control plane entities).\n * Uniqueness: one User per id.\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Users across the four shards. Non-tenant-\n * isolated, so the PK uses `TID#-#WID#-` sentinels.\n * GSI2 — Cognito sub-lookup per ADR-011: resolves a UserEntity from a Cognito `sub` claim\n * (`USER#SUB#<cognitoSub>` PK, `CURRENT` SK). The `cognitoSub` attribute is populated by the\n * Post Confirmation Lambda (Epic #765 / #770); kept optional here until that write path lands.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-11-01-user-type-definition-fhir-and-data-layer.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const UserEntity = new Entity({\n  model: {\n    entity: \"user\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** FHIR Resource.id; platform user id (ohi_uid). */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full User resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Immutable Cognito-issued `sub` claim. Drives GSI2 (sub-lookup). Optional until the\n     * Post Confirmation Lambda (#770) lands; required thereafter.\n     */\n    cognitoSub: {\n      type: \"string\" as const,\n      required: false,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    /**\n     * TR-022 / ADR-018 lifecycle state for the cascade pipeline.\n     *\n     * - `active` (or undefined) — normal, readable state.\n     * - `deleting` — intermediate state set synchronously by the\n     *   hard-delete API entry point. The owning-delete cascade state\n     *   machine fans out from this transition (DynamoDB stream →\n     *   `control-plane.owning-delete.v1` → Step Functions). Readers MUST\n     *   short-circuit on `deleting` so partial cascades stay invisible.\n     * - `deleted-failed` — terminal failure state set by the cascade\n     *   finalize Lambda when the cascade run fails irrecoverably.\n     *   Operators recover by re-running the cascade or by direct\n     *   intervention.\n     *\n     * The cascade finalize step deletes the canonical record conditional\n     * on `lifecycleState = \"deleting\"`; on replay the conditional check\n     * fails and the finalize step treats that as a no-op success.\n     */\n    lifecycleState: {\n      type: [\"active\", \"deleting\", \"deleted-failed\"] as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = USER#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"id\"],\n        template: \"USER#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Users across the four shards.\n     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#User#SHARD#<n>`.\n     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when\n     * extractable (string `name`/`title` via introspection), else `<lastUpdated>#<id>`\n     * (DR-004). `casing: \"none\"` preserves the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"gsi1Shard\"],\n        template: \"TID#-#WID#-#RT#User#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n\n    /**\n     * GSI2 — Cognito sub-lookup per ADR-011: resolves the UserEntity from a Cognito `sub` claim.\n     * `condition` skips the index when `cognitoSub` is missing so legacy items without a sub are\n     * not indexed.\n     */\n    gsi2: {\n      index: \"GSI2\",\n      condition: (attrs: { cognitoSub?: string }) =>\n        typeof attrs.cognitoSub === \"string\" && attrs.cognitoSub.length > 0,\n      pk: {\n        field: \"GSI2PK\",\n        casing: \"none\" as const,\n        composite: [\"cognitoSub\"],\n        template: \"USER#SUB#${cognitoSub}\",\n      },\n      sk: {\n        field: \"GSI2SK\",\n        casing: \"none\" as const,\n        composite: [],\n        template: \"CURRENT\",\n      },\n    },\n  },\n});\n","import { Entity } from \"electrodb\";\nimport { gsi1ShardAttribute, gsi1skAttribute } from \"./control-entity-common\";\n\n/**\n * Workspace data-store entity (single-table store).\n *\n * **Classification (ADR 2026-03-03-01):** Tenant-isolated, control plane. Each workspace belongs\n * to exactly one tenant; both tenantId and workspace id are in the partition key.\n *\n * Key structure: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT.\n * Uniqueness: one Workspace per (tenantId, id).\n *\n * GSI1 — Unified Sharded List per ADR-011: lists all Workspaces in a tenant across the four\n * shards. Workspace is itself the workspace identity, so the GSI1 PK uses `WID#-` as a sentinel.\n *\n * @see sites/www-docs/content/architecture/adr/2026-03-03-01-tenant-isolated-vs-non-tenant-isolated-entities.md\n * @see sites/www-docs/content/architecture/adr/2026-03-13-01-tenant-and-workspace-fhir-types-control-plane.md\n * @see sites/www-docs/content/packages/@openhi/constructs/data/dynamo/single-table-design.md\n */\nexport const WorkspaceEntity = new Entity({\n  model: {\n    entity: \"workspace\",\n    service: \"control\",\n    version: \"01\",\n  },\n  attributes: {\n    /** Sort key sentinel. Always \"CURRENT\". */\n    sk: {\n      type: \"string\" as const,\n      required: true,\n      default: \"CURRENT\",\n    },\n    /** Tenant that contains this workspace (required). */\n    tenantId: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** FHIR Resource.id; logical id in URL. */\n    id: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Full Workspace resource serialized as JSON string. */\n    resource: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /**\n     * Summary projection (key display fields as JSON string: id, displayName, status).\n     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.\n     */\n    summary: {\n      type: \"string\" as const,\n      required: true,\n    },\n    /** Version id (e.g. ULID). */\n    vid: {\n      type: \"string\" as const,\n      required: true,\n    },\n    lastUpdated: {\n      type: \"string\" as const,\n      required: true,\n    },\n    gsi1Shard: gsi1ShardAttribute,\n    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */\n    gsi1sk: gsi1skAttribute,\n    deleted: {\n      type: \"boolean\" as const,\n      required: false,\n    },\n    /**\n     * TR-022 / ADR-018 lifecycle state for the cascade pipeline.\n     *\n     * - `active` (or undefined) — normal, readable state.\n     * - `deleting` — intermediate state set synchronously by the\n     *   hard-delete API entry point. The owning-delete cascade state\n     *   machine fans out from this transition (DynamoDB stream →\n     *   `control-plane.owning-delete.v1` → Step Functions). Readers MUST\n     *   short-circuit on `deleting` so partial cascades stay invisible.\n     * - `deleted-failed` — terminal failure state set by the cascade\n     *   finalize Lambda when the cascade run fails irrecoverably.\n     *   Operators recover by re-running the cascade or by direct\n     *   intervention.\n     *\n     * The cascade finalize step deletes the canonical record conditional\n     * on `lifecycleState = \"deleting\"`; on replay the conditional check\n     * fails and the finalize step treats that as a no-op success.\n     */\n    lifecycleState: {\n      type: [\"active\", \"deleting\", \"deleted-failed\"] as const,\n      required: false,\n    },\n    bundleId: {\n      type: \"string\" as const,\n      required: false,\n    },\n    msgId: {\n      type: \"string\" as const,\n      required: false,\n    },\n  },\n  indexes: {\n    /** Base table: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */\n    record: {\n      pk: {\n        field: \"PK\",\n        composite: [\"tenantId\", \"id\"],\n        template: \"TID#${tenantId}#WORKSPACE#ID#${id}\",\n      },\n      sk: {\n        field: \"SK\",\n        composite: [\"sk\"],\n        template: \"${sk}\",\n      },\n    },\n\n    /**\n     * GSI1 — Unified Sharded List per ADR-011: list all Workspaces for a tenant across the\n     * four shards. Workspace is itself the workspace identity, so `WID#-` is a sentinel.\n     * SK is derived via `gsi1skAttribute` — `<normalizedName>#<id>` when the resource\n     * carries a `name`, else `<lastUpdated>#<id>` (DR-004). `casing: \"none\"` preserves\n     * the normalized label and ISO-8601 `T`/`Z`.\n     */\n    gsi1: {\n      index: \"GSI1\",\n      pk: {\n        field: \"GSI1PK\",\n        composite: [\"tenantId\", \"gsi1Shard\"],\n        template: \"TID#${tenantId}#WID#-#RT#Workspace#SHARD#${gsi1Shard}\",\n      },\n      sk: {\n        field: \"GSI1SK\",\n        casing: \"none\" as const,\n        composite: [\"gsi1sk\"],\n        template: \"${gsi1sk}\",\n      },\n    },\n  },\n});\n","/**\n * Typed domain errors for the data operations layer.\n * Data operations throw these; adapters (REST, GraphQL, Step Function) map them to\n * HTTP status, GraphQL errors, or workflow envelopes. No HTTP or OperationOutcome here.\n *\n * Full documentation (error types, HTTP mapping, FHIR OperationOutcome.issue.code alignment):\n * @see sites/www-docs/content/packages/@openhi/constructs/data/errors.md\n */\n\n/**\n * Base class for domain errors thrown by data operations.\n * Adapters use instanceof checks or domainErrorToHttpStatus() to map to transport.\n */\nexport class DomainError extends Error {\n  /** Stable code for adapter mapping (e.g. \"NOT_FOUND\", \"VALIDATION\", \"CONFLICT\"). */\n  readonly code: string;\n\n  /** Optional details for validation messages or conflict context. */\n  readonly details?: unknown;\n\n  constructor(\n    message: string,\n    code: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, options);\n    this.name = this.constructor.name;\n    this.code = code;\n    this.details = options?.details;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/** Thrown when a requested resource or entity is not found (e.g. get by id returns nothing). */\nexport class NotFoundError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"NOT_FOUND\", options);\n  }\n}\n\n/** Thrown when input fails validation (e.g. missing required field, invalid format). */\nexport class ValidationError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"VALIDATION\", options);\n  }\n}\n\n/** Thrown when an operation conflicts with current state (e.g. duplicate key, version conflict). */\nexport class ConflictError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"CONFLICT\", options);\n  }\n}\n\n/** Thrown when the caller is authenticated but not authorized for the requested action. */\nexport class ForbiddenError extends DomainError {\n  constructor(\n    message: string,\n    options?: { cause?: unknown; details?: unknown },\n  ) {\n    super(message, \"FORBIDDEN\", options);\n  }\n}\n\n/**\n * Maps a thrown value to the HTTP status code that adapters should use for that domain error.\n * Returns null if the value is not a known domain error (adapter may use 500 or handle otherwise).\n * REST adapters use this to choose status; response body/OperationOutcome remain adapter responsibility.\n */\nexport function domainErrorToHttpStatus(err: unknown): number | null {\n  if (err instanceof NotFoundError) return 404;\n  if (err instanceof ValidationError) return 400;\n  if (err instanceof ConflictError) return 409;\n  if (err instanceof ForbiddenError) return 403;\n  return null;\n}\n","/**\n * Operations-layer multi-write helper for the control plane.\n *\n * Per ADR-018 § Implementation Notes and the ADR-018 implementation\n * guide § 3, every cross-entity mutation in the control plane (canonical\n * record + adjacency-list projections) MUST flow through this helper.\n * Lambda handlers call operations; operations call this helper; nothing\n * under `data/operations/control/` may call `service.transaction.write`\n * directly after #1010 lands.\n *\n * The helper accepts an array of `{ entity, action, item }` triples,\n * maps each one to ElectroDB's transaction-write builder, and submits\n * the batch via `TransactWriteItems` — all-or-nothing atomicity. It\n * enforces the 100-item DynamoDB transaction ceiling at the helper\n * boundary and surfaces conditional-check / transaction-conflict\n * failures as typed domain errors so REST adapters can map to the\n * right HTTP status (409 / 400 / 500).\n *\n * Idempotency belongs to the caller — every call attempts a fresh\n * `TransactWriteItems`. Callers compose conditional expressions\n * (e.g. `vid` matches, `attribute_not_exists(PK)`) per triple via\n * ElectroDB's `where` builder; the helper does not invent conditions.\n *\n * Per ADR-018 Open Item Follow-up #2 the implementation uses ElectroDB's\n * `service.transaction.write` rather than a hand-rolled\n * `TransactWriteItemsCommand`. Reasons: (a) ElectroDB derives the\n * `TransactWriteItem` payload (Item attributes, GSI keys, watch-driven\n * fields) from the entity schema — hand-rolling would duplicate the\n * watch/derive logic and silently drift on schema changes; (b) it\n * preserves the existing single-write call-site idiom\n * (`service.entities.<x>.put({...}).go()` reads almost identically to\n * `entities.<x>.put({...}).commit()` inside the txn builder), keeping\n * the operations layer ergonomic; (c) ElectroDB's `canceled` flag and\n * `ElectroValidationError` propagation give us a single typed handle on\n * cancellation-vs-validation. We can drop to raw `TransactWriteItems`\n * later if a future operation needs DDB features ElectroDB has not yet\n * surfaced.\n *\n * @see ADR-018 § Implementation Notes\n * @see .state/adr-018-implementation-guide.md § 3 — Multi-Write Helper API Contract\n * @see .claude/rules/data-layer-layout.md\n */\n\nimport type { Entity, Service } from \"electrodb\";\nimport { ConflictError, DomainError, ValidationError } from \"../../errors\";\n\n/**\n * Maximum items allowed in a single DynamoDB `TransactWriteItems`\n * call (AWS, raised from 25 → 100 on 2024-09-23). The helper enforces\n * this ceiling at the boundary so callers do not silently lose the\n * tail of an oversized batch when DDB rejects the call.\n */\nexport const TRANSACT_WRITE_ITEM_LIMIT = 100 as const;\n\n/** Supported actions on a multi-write triple. */\nexport type MultiWriteAction = \"put\" | \"create\" | \"delete\";\n\n/**\n * A single entry in a multi-write call: which entity to act on, the\n * action, and the per-action payload.\n *\n * - `put` / `create` — `item` is the full record (matches\n *   `entity.put(item)` / `entity.create(item)` shape).\n * - `delete` — `item` is the key composite (matches\n *   `entity.delete(key)` shape).\n *\n * `entity` is a string key into the service's `entities` map (e.g.\n * `\"membership\"`, `\"tenant\"`). Using a string key avoids leaking the\n * transaction-bound entity reference across the helper boundary —\n * ElectroDB's `service.transaction.write(fn)` only honours entity\n * references that the closure-provided `entities` argument exposes.\n */\nexport interface MultiWriteTriple<EntityKey extends string = string> {\n  readonly entity: EntityKey;\n  readonly action: MultiWriteAction;\n  readonly item: Record<string, unknown>;\n}\n\n/** A service object exposing the ElectroDB `transaction.write` builder. */\ntype ServiceLike = Pick<\n  Service<Record<string, Entity<any, any, any, any>>>,\n  \"transaction\"\n>;\n\n/** Parameters for {@link executeMultiWrite}. */\nexport interface ExecuteMultiWriteParams<EntityKey extends string = string> {\n  /**\n   * ElectroDB `Service` (control-plane or data-plane) exposing\n   * `transaction.write` and the entity set the triples reference.\n   * Inject via `getDynamoControlService(tableName)` /\n   * `getDynamoDataService(tableName)` — matches the service-factory\n   * pattern every other operation under `data/operations/` uses.\n   */\n  readonly service: ServiceLike;\n  /**\n   * The triples to commit atomically. Order is preserved on the wire\n   * (ElectroDB submits them in the same order); duplicates are not\n   * de-duplicated by the helper.\n   */\n  readonly triples: ReadonlyArray<MultiWriteTriple<EntityKey>>;\n  /** Optional idempotency token forwarded to ElectroDB. */\n  readonly token?: string;\n}\n\n/** Successful multi-write result. */\nexport interface ExecuteMultiWriteResult {\n  /** Number of triples committed. */\n  readonly itemsWritten: number;\n  /**\n   * `canceled` flag returned by ElectroDB. Always `false` on the\n   * success path — failures throw {@link ConflictError} or\n   * {@link ValidationError}. Surfaced for completeness so callers can\n   * assert on it in tests if they wish.\n   */\n  readonly canceled: false;\n}\n\n/**\n * Submits `triples` as a single `TransactWriteItems` via ElectroDB's\n * `service.transaction.write` builder. All-or-nothing: every triple\n * lands or none does.\n *\n * Throws:\n * - {@link ValidationError} when `triples` is empty, exceeds the\n *   {@link TRANSACT_WRITE_ITEM_LIMIT}, references an entity that the\n *   service does not expose, or carries an unsupported `action`.\n * - {@link ConflictError} when DynamoDB cancels the transaction\n *   (e.g. `ConditionalCheckFailed`, `TransactionConflict`,\n *   `ProvisionedThroughputExceeded`). The original ElectroDB error\n *   (carrying `CancellationReasons`) is attached as `cause`.\n * - The original {@link DomainError} on rethrow if the caller's own\n *   validation hook surfaces one (e.g. nested ValidationError).\n *\n * Note on `update` / `patch` actions: not yet supported by the triple\n * shape because ElectroDB's transaction-write builder structures them\n * as `entity.update(key).set({...}).commit()` (key + delta), which\n * does not flatten cleanly into a single `item` payload. Add a\n * separate triple variant when the first consumer needs it; today\n * every ADR-018 multi-write is a `put` (canonical + projections) or a\n * `delete` (cascade rewriter). See ADR-018 § Open Item Follow-up #2.\n */\nexport async function executeMultiWrite<EntityKey extends string = string>(\n  params: ExecuteMultiWriteParams<EntityKey>,\n): Promise<ExecuteMultiWriteResult> {\n  const { service, triples, token } = params;\n\n  if (triples.length === 0) {\n    throw new ValidationError(\n      \"executeMultiWrite called with zero triples; at least one triple is required\",\n    );\n  }\n  if (triples.length > TRANSACT_WRITE_ITEM_LIMIT) {\n    throw new ValidationError(\n      `executeMultiWrite received ${triples.length} triples; DynamoDB TransactWriteItems is limited to ${TRANSACT_WRITE_ITEM_LIMIT} items per call`,\n      {\n        details: {\n          itemsRequested: triples.length,\n          limit: TRANSACT_WRITE_ITEM_LIMIT,\n        },\n      },\n    );\n  }\n\n  for (const [index, triple] of triples.entries()) {\n    if (!triple || typeof triple !== \"object\") {\n      throw new ValidationError(\n        `executeMultiWrite triple at index ${index} is not an object`,\n      );\n    }\n    if (typeof triple.entity !== \"string\" || triple.entity.length === 0) {\n      throw new ValidationError(\n        `executeMultiWrite triple at index ${index} is missing a non-empty 'entity' key`,\n      );\n    }\n    if (!isSupportedAction(triple.action)) {\n      throw new ValidationError(\n        `executeMultiWrite triple at index ${index} has unsupported action '${String(\n          triple.action,\n        )}'; supported: 'put' | 'create' | 'delete'`,\n      );\n    }\n    if (!triple.item || typeof triple.item !== \"object\") {\n      throw new ValidationError(\n        `executeMultiWrite triple at index ${index} is missing an 'item' payload`,\n      );\n    }\n  }\n\n  let result: { canceled: boolean; data: unknown };\n  try {\n    result = await service.transaction\n      .write((entities: Record<string, any>) =>\n        triples.map((triple, index) => {\n          const transactEntity = entities[triple.entity];\n          if (transactEntity === undefined) {\n            throw new ValidationError(\n              `executeMultiWrite triple at index ${index} references unknown entity '${triple.entity}'; ensure the service exposes it`,\n            );\n          }\n          switch (triple.action) {\n            case \"put\":\n              return transactEntity.put(triple.item).commit();\n            case \"create\":\n              return transactEntity.create(triple.item).commit();\n            case \"delete\":\n              return transactEntity.delete(triple.item).commit();\n            default:\n              // Exhaustiveness guard; pre-flight validates this already.\n              throw new ValidationError(\n                `executeMultiWrite triple at index ${index} has unsupported action '${String(\n                  (triple as MultiWriteTriple).action,\n                )}'`,\n              );\n          }\n        }),\n      )\n      .go(token === undefined ? undefined : { token });\n  } catch (err) {\n    // Pre-flight ValidationErrors thrown inside the builder bubble\n    // through unchanged so callers see a 400, not a 409.\n    if (err instanceof DomainError) {\n      throw err;\n    }\n    throw new ConflictError(buildCancellationMessage(err), {\n      cause: err,\n      details: extractCancellationReasons(err),\n    });\n  }\n\n  if (result.canceled) {\n    throw new ConflictError(\n      \"TransactWriteItems was canceled by DynamoDB (check CancellationReasons on the cause for details)\",\n      { details: { canceled: true, data: result.data } },\n    );\n  }\n\n  return { itemsWritten: triples.length, canceled: false };\n}\n\nfunction isSupportedAction(value: unknown): value is MultiWriteAction {\n  return value === \"put\" || value === \"create\" || value === \"delete\";\n}\n\nfunction buildCancellationMessage(err: unknown): string {\n  if (err instanceof Error && err.message) {\n    return `TransactWriteItems failed: ${err.message}`;\n  }\n  return \"TransactWriteItems failed (no error message available)\";\n}\n\nfunction extractCancellationReasons(err: unknown): unknown {\n  if (err && typeof err === \"object\") {\n    const cancellationReasons = (err as { CancellationReasons?: unknown })\n      .CancellationReasons;\n    if (cancellationReasons !== undefined) {\n      return { CancellationReasons: cancellationReasons };\n    }\n  }\n  return undefined;\n}\n","/**\n * Atomic chunk rewrite for the TR-023 rename cascade.\n *\n * Each Distributed Map iteration receives up to {@link\n * RENAME_CASCADE_MAX_TARGETS_PER_CHUNK} rewrite targets and submits them\n * all in a single `TransactWriteItems` via the operations-layer multi-\n * write helper (#1010). All-or-nothing semantics: every row in the\n * chunk lands or none does.\n *\n * Each target maps to either:\n *\n * - **SK rewrite** — `delete oldKey` + `put newItem` pair (2 transact\n *   items). The new SK is composed by the\n *   {@link listRenameCascadeTargetsOperation} from the renamed name's\n *   normalized form, so the cascade ends with every projection row\n *   keyed by the new normalized name.\n * - **Attr-only update** — single `put` overwrite at the same key (1\n *   transact item). Used when the renamed attribute is not encoded in\n *   the SK (e.g. Tenant rename's pattern-#4 user-projection row, Role\n *   rename's pattern-#9 workspace-projection row).\n *\n * The 100-item DynamoDB `TransactWriteItems` ceiling enforced by\n * `executeMultiWrite` bounds the chunk; the cascade chunker caps targets\n * at 50 by default so the worst-case (every target is an SK rewrite)\n * still fits.\n *\n * Idempotency: a replayed chunk where every row is already at the new\n * SK fails its `delete oldKey` triple (`attribute_exists` implicit on\n * delete) and the helper throws `ConflictError` — the cascade state\n * machine's `Catch` block absorbs this as a no-op success. Partial\n * replays (some rows at new SK, some still at old) re-run the same\n * delete+put pairs; DynamoDB's all-or-nothing transactions make the\n * partial-write race window impossible.\n *\n * @see .state/adr-018-implementation-guide.md § 5 (Per-item handler)\n * @see ../multi-write-operation.ts (executeMultiWrite)\n * @see .claude/rules/data-layer-layout.md\n */\n\nimport type { RenameCascadeRewriteTarget } from \"./rename-cascade-list-targets-operation\";\nimport { getDynamoControlService } from \"../../../dynamo/dynamo-control-service\";\nimport {\n  TRANSACT_WRITE_ITEM_LIMIT,\n  executeMultiWrite,\n  type MultiWriteTriple,\n} from \"../multi-write-operation\";\n\n/**\n * Maximum rewrite targets the cascade may submit in a single chunk. An\n * SK-rewrite target produces 2 transact items (delete + put); the\n * default cap of 50 ensures the chunk stays at or below the\n * {@link TRANSACT_WRITE_ITEM_LIMIT} ceiling enforced by\n * `executeMultiWrite` even in the worst case where every target is an\n * SK rewrite.\n */\nexport const RENAME_CASCADE_MAX_TARGETS_PER_CHUNK = 50 as const;\n\n/** Inputs accepted by {@link rewriteRenameCascadeChunkOperation}. */\nexport interface RewriteRenameCascadeChunkParams {\n  /** Rewrite targets to commit in this transaction. Length must be 1..50. */\n  readonly targets: ReadonlyArray<RenameCascadeRewriteTarget>;\n  /** Optional table-name override; resolved via env when omitted. */\n  readonly tableName?: string;\n  /** Optional idempotency token forwarded to ElectroDB. */\n  readonly token?: string;\n}\n\n/** Result of {@link rewriteRenameCascadeChunkOperation}. */\nexport interface RewriteRenameCascadeChunkResult {\n  /** Number of rewrite targets committed (NOT the underlying transact item count). */\n  readonly targetsRewritten: number;\n  /** Number of underlying `TransactWriteItems` entries actually issued. */\n  readonly transactItemCount: number;\n}\n\n/**\n * Submit `targets` as a single `TransactWriteItems` via `executeMultiWrite`.\n *\n * Empty input is a no-op (returns zero counts) so the cascade Map\n * iteration can call this unconditionally on every chunk — including\n * the trailing empty chunk that may arise from a partial-replay where\n * the previous run already cleared the page.\n */\nexport async function rewriteRenameCascadeChunkOperation(\n  params: RewriteRenameCascadeChunkParams,\n): Promise<RewriteRenameCascadeChunkResult> {\n  const { targets, tableName, token } = params;\n\n  if (targets.length === 0) {\n    return { targetsRewritten: 0, transactItemCount: 0 };\n  }\n  if (targets.length > RENAME_CASCADE_MAX_TARGETS_PER_CHUNK) {\n    throw new Error(\n      `rewriteRenameCascadeChunkOperation: chunk has ${targets.length} targets; limit is ${RENAME_CASCADE_MAX_TARGETS_PER_CHUNK}`,\n    );\n  }\n\n  const triples: Array<MultiWriteTriple> = [];\n  for (const target of targets) {\n    if (target.skRewriteRequired) {\n      triples.push({\n        entity: target.entity,\n        action: \"delete\",\n        item: { ...target.oldKey },\n      });\n      triples.push({\n        entity: target.entity,\n        action: \"put\",\n        item: { ...target.newItem },\n      });\n    } else {\n      // Attr-only update — same key, rewrite the row in place.\n      triples.push({\n        entity: target.entity,\n        action: \"put\",\n        item: { ...target.newItem },\n      });\n    }\n  }\n\n  if (triples.length > TRANSACT_WRITE_ITEM_LIMIT) {\n    throw new Error(\n      `rewriteRenameCascadeChunkOperation: chunk expanded to ${triples.length} transact items; DynamoDB TransactWriteItems is limited to ${TRANSACT_WRITE_ITEM_LIMIT}`,\n    );\n  }\n\n  const service = getDynamoControlService(tableName);\n  await executeMultiWrite({ service, triples, token });\n\n  return {\n    targetsRewritten: targets.length,\n    transactItemCount: triples.length,\n  };\n}\n\n/**\n * Split a flat target array into chunks of at most\n * {@link RENAME_CASCADE_MAX_TARGETS_PER_CHUNK} items. Used by the\n * cascade list-and-chunk handler to prepare the Distributed Map's\n * `ItemsPath` array.\n */\nexport function chunkRenameCascadeTargets(\n  targets: ReadonlyArray<RenameCascadeRewriteTarget>,\n): Array<Array<RenameCascadeRewriteTarget>> {\n  const chunks: Array<Array<RenameCascadeRewriteTarget>> = [];\n  for (\n    let i = 0;\n    i < targets.length;\n    i += RENAME_CASCADE_MAX_TARGETS_PER_CHUNK\n  ) {\n    chunks.push(targets.slice(i, i + RENAME_CASCADE_MAX_TARGETS_PER_CHUNK));\n  }\n  return chunks;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,qBAAwB;;;ACAxB,6BAA+B;AAMxB,IAAM,mBACX,QAAQ,IAAI,qBAAqB;AAM5B,IAAM,eAAe,IAAI,sCAAe;AAAA,EAC7C,GAAI,QAAQ,IAAI,0BAA0B;AAAA,IACxC,UAAU,QAAQ,IAAI;AAAA,IACtB,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV;AACF,CAAC;;;ACnBD,uBAAuB;;;ACAvB,mBAA6C;;;ACYtC,IAAM,cAAc;AAYpB,SAAS,aAAa,IAAoB;AAE/C,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,GAAG,QAAQ,KAAK;AAClC,YAAQ,GAAG,WAAW,CAAC;AACvB,WAAO,KAAK,KAAK,MAAM,QAAU;AAAA,EACnC;AACA,UAAQ,SAAS,KAAK;AAExB;;;ADhBO,IAAM,qBAAqB;AAAA,EAChC,MAAM;AAAA,EACN,OAAO,CAAC,IAAI;AAAA,EACZ,KAAK,CAAC,MAAe,SAA2B;AAC9C,QAAI,OAAO,MAAM,OAAO,YAAY,KAAK,GAAG,WAAW,GAAG;AACxD,aAAO;AAAA,IACT;AACA,WAAO,OAAO,aAAa,KAAK,EAAE,CAAC;AAAA,EACrC;AACF;AAsBO,IAAM,kBAAkB;AAAA,EAC7B,MAAM;AAAA,EACN,OAAO,CAAC,YAAY,eAAe,IAAI;AAAA,EACvC,KAAK,CACH,MACA,SACG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,QAAI,OAAO,MAAM,aAAa,YAAY,KAAK,SAAS,WAAW,GAAG;AACpE,aAAO;AAAA,IACT;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,KAAK,QAAQ;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AACA,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,UAAM,eAAgB,OAAsC;AAC5D,QAAI,OAAO,iBAAiB,SAAU,QAAO;AAE7C,UAAM,YAAQ,2BAAa,MAA4C;AACvE,WAAO,UAAU,SAAY,GAAG,KAAK,IAAI,EAAE,KAAK;AAAA,EAClD;AACF;AASA,SAAS,cAAc,UAAuD;AAC5E,QAAM,OAAO,SAAS;AACtB,MAAI,OAAO,SAAS,YAAY,KAAK,SAAS,EAAG,QAAO;AAExD,QAAM,OAAO,SAAS;AACtB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,YAAa,KAAiC;AACpD,QAAI,OAAO,cAAc,YAAY,UAAU,SAAS,GAAG;AACzD,YAAM,QAAQ,UAAU,YAAY,GAAG;AACvC,YAAM,OAAO,SAAS,IAAI,UAAU,MAAM,QAAQ,CAAC,IAAI;AACvD,UAAI,KAAK,SAAS,EAAG,QAAO;AAAA,IAC9B;AAAA,EACF;AACA,SAAO;AACT;AA6BO,IAAM,gCAAgC;AAAA,EAC3C,MAAM;AAAA,EACN,OAAO,CAAC,YAAY,wBAAwB,eAAe,IAAI;AAAA,EAC/D,KAAK,CACH,MACA,SAMG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,QAAI,OAAO,MAAM,aAAa,YAAY,KAAK,SAAS,WAAW,GAAG;AACpE,aAAO;AAAA,IACT;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,MAAM,KAAK,QAAQ;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AACA,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAElD,UAAM,SAAS,cAAc,MAAiC;AAC9D,QAAI,WAAW,OAAW,QAAO;AAEjC,UAAM,uBACJ,OAAO,KAAK,yBAAyB,WACjC,KAAK,uBACL;AACN,UAAM,qBACJ,qBAAqB,SAAS,QAC1B,6BAAe,oBAAoB,IACnC;AACN,QAAI,mBAAmB,WAAW,EAAG,QAAO;AAE5C,WAAO,GAAG,MAAM,IAAI,kBAAkB,IAAI,EAAE;AAAA,EAC9C;AACF;AAwBO,IAAM,4BAA4B;AAAA,EACvC,MAAM;AAAA,EACN,OAAO,CAAC,wBAAwB,eAAe,IAAI;AAAA,EACnD,KAAK,CACH,MACA,SAKG;AACH,UAAM,KAAK,OAAO,MAAM,OAAO,WAAW,KAAK,KAAK;AACpD,UAAM,cACJ,OAAO,MAAM,gBAAgB,WAAW,KAAK,cAAc;AAC7D,UAAM,WAAW,GAAG,WAAW,IAAI,EAAE;AAErC,UAAM,uBACJ,OAAO,MAAM,yBAAyB,WAClC,KAAK,uBACL;AACN,UAAM,qBACJ,qBAAqB,SAAS,QAC1B,6BAAe,oBAAoB,IACnC;AACN,QAAI,mBAAmB,WAAW,GAAG;AACnC,aAAO;AAAA,IACT;AAEA,WAAO,GAAG,kBAAkB,IAAI,EAAE;AAAA,EACpC;AACF;;;AD5MO,IAAM,sBAAsB,IAAI,wBAAO;AAAA,EAC5C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA,IACX,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,UAAU,QAAQ;AAAA,QACzD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,OAAO,IAAI;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,eAAe,WAAW;AAAA,QAClD,UACE;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,OAAO,IAAI;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AGpJD,IAAAC,oBAAuB;AA8ChB,IAAM,oCAAoC,IAAI,yBAAO;AAAA,EAC1D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,iBAAiB;AAAA,MACf,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC5JD,IAAAC,oBAAuB;AAsDhB,IAAM,yCAAyC,IAAI,yBAAO;AAAA,EAC/D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,iBAAiB;AAAA,MACf,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACtKD,IAAAC,oBAAuB;AAuBhB,IAAM,mBAAmB,IAAI,yBAAO;AAAA,EACzC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,uBAAuB;AAAA,MACrB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACzKD,IAAAC,oBAAuB;AAuChB,IAAM,iCAAiC,IAAI,yBAAO;AAAA,EACvD,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,2BAA2B;AAAA,MACzB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AClKD,IAAAC,oBAAuB;AA0ChB,IAAM,sCAAsC,IAAI,yBAAO;AAAA,EAC5D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACzJD,IAAAC,oBAAuB;AAsBhB,IAAM,aAAa,IAAI,yBAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACnHD,IAAAC,oBAAuB;AAuBhB,IAAM,uBAAuB,IAAI,yBAAO;AAAA,EAC7C,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AClLD,IAAAC,oBAAuB;AAyChB,IAAM,qCAAqC,IAAI,yBAAO;AAAA,EAC3D,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,kBAAkB;AAAA,MAChB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,wBAAwB;AAAA,MACtB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AChLD,IAAAC,qBAAuB;AA0DhB,IAAM,0CAA0C,IAAI,0BAAO;AAAA,EAChE,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMV,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,kBAAkB;AAAA,MAChB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,sBAAsB;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,aAAa;AAAA,QACrC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC/LD,IAAAC,qBAAuB;AAoBhB,IAAM,eAAe,IAAI,0BAAO;AAAA,EACrC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,UAAU;AAAA,QACtB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;ACtHD,IAAAC,qBAAuB;AAyBhB,IAAM,aAAa,IAAI,0BAAO;AAAA,EACnC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAmBA,gBAAgB;AAAA,MACd,MAAM,CAAC,UAAU,YAAY,gBAAgB;AAAA,MAC7C,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,WAAW;AAAA,QACvB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,WAAW,CAAC,UACV,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,SAAS;AAAA,MACpE,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,YAAY;AAAA,QACxB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC;AAAA,QACZ,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC3KD,IAAAC,qBAAuB;AAmBhB,IAAM,kBAAkB,IAAI,0BAAO;AAAA,EACxC,OAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA;AAAA,IAEV,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,IACX;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA,IAEA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,aAAa;AAAA,MACX,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,WAAW;AAAA;AAAA,IAEX,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAmBA,gBAAgB;AAAA,MACd,MAAM,CAAC,UAAU,YAAY,gBAAgB;AAAA,MAC7C,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,SAAS;AAAA;AAAA,IAEP,QAAQ;AAAA,MACN,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,IAAI;AAAA,QAC5B,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,IAAI;AAAA,QAChB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAM;AAAA,MACJ,OAAO;AAAA,MACP,IAAI;AAAA,QACF,OAAO;AAAA,QACP,WAAW,CAAC,YAAY,WAAW;AAAA,QACnC,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,QACF,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,WAAW,CAAC,QAAQ;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AhBpHD,IAAM,uBAAuB;AAAA,EAC3B,eAAe;AAAA,EACf,6BAA6B;AAAA,EAC7B,kCAAkC;AAAA,EAClC,YAAY;AAAA,EACZ,0BAA0B;AAAA,EAC1B,+BAA+B;AAAA,EAC/B,MAAM;AAAA,EACN,gBAAgB;AAAA,EAChB,8BAA8B;AAAA,EAC9B,mCAAmC;AAAA,EACnC,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,WAAW;AACb;AAEA,IAAM,sBAAsB,IAAI,2BAAQ,sBAAsB;AAAA,EAC5D,OAAO;AAAA,EACP,QAAQ;AACV,CAAC;AAWM,IAAM,uBAAuB;AAAA,EAClC,UAAU,oBAAoB;AAAA,EAC9B,aAAa,oBAAoB;AACnC;AAQO,SAAS,wBACd,WAC0B;AAC1B,QAAM,WAAW,aAAa;AAC9B,QAAM,UAAU,IAAI,2BAAQ,sBAAsB;AAAA,IAChD,OAAO;AAAA,IACP,QAAQ;AAAA,EACV,CAAC;AACD,SAAO;AAAA,IACL,UAAU,QAAQ;AAAA,IAClB,aAAa,QAAQ;AAAA,EACvB;AACF;;;AiB/DO,IAAM,cAAN,cAA0B,MAAM;AAAA,EAOrC,YACE,SACA,MACA,SACA;AACA,UAAM,SAAS,OAAO;AACtB,SAAK,OAAO,KAAK,YAAY;AAC7B,SAAK,OAAO;AACZ,SAAK,UAAU,SAAS;AACxB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAaO,IAAM,kBAAN,cAA8B,YAAY;AAAA,EAC/C,YACE,SACA,SACA;AACA,UAAM,SAAS,cAAc,OAAO;AAAA,EACtC;AACF;AAGO,IAAM,gBAAN,cAA4B,YAAY;AAAA,EAC7C,YACE,SACA,SACA;AACA,UAAM,SAAS,YAAY,OAAO;AAAA,EACpC;AACF;;;ACTO,IAAM,4BAA4B;AAyFzC,eAAsB,kBACpB,QACkC;AAClC,QAAM,EAAE,SAAS,SAAS,MAAM,IAAI;AAEpC,MAAI,QAAQ,WAAW,GAAG;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,MAAI,QAAQ,SAAS,2BAA2B;AAC9C,UAAM,IAAI;AAAA,MACR,8BAA8B,QAAQ,MAAM,uDAAuD,yBAAyB;AAAA,MAC5H;AAAA,QACE,SAAS;AAAA,UACP,gBAAgB,QAAQ;AAAA,UACxB,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,aAAW,CAAC,OAAO,MAAM,KAAK,QAAQ,QAAQ,GAAG;AAC/C,QAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,YAAM,IAAI;AAAA,QACR,qCAAqC,KAAK;AAAA,MAC5C;AAAA,IACF;AACA,QAAI,OAAO,OAAO,WAAW,YAAY,OAAO,OAAO,WAAW,GAAG;AACnE,YAAM,IAAI;AAAA,QACR,qCAAqC,KAAK;AAAA,MAC5C;AAAA,IACF;AACA,QAAI,CAAC,kBAAkB,OAAO,MAAM,GAAG;AACrC,YAAM,IAAI;AAAA,QACR,qCAAqC,KAAK,4BAA4B;AAAA,UACpE,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AACA,QAAI,CAAC,OAAO,QAAQ,OAAO,OAAO,SAAS,UAAU;AACnD,YAAM,IAAI;AAAA,QACR,qCAAqC,KAAK;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,QAAQ,YACpB;AAAA,MAAM,CAAC,aACN,QAAQ,IAAI,CAAC,QAAQ,UAAU;AAC7B,cAAM,iBAAiB,SAAS,OAAO,MAAM;AAC7C,YAAI,mBAAmB,QAAW;AAChC,gBAAM,IAAI;AAAA,YACR,qCAAqC,KAAK,+BAA+B,OAAO,MAAM;AAAA,UACxF;AAAA,QACF;AACA,gBAAQ,OAAO,QAAQ;AAAA,UACrB,KAAK;AACH,mBAAO,eAAe,IAAI,OAAO,IAAI,EAAE,OAAO;AAAA,UAChD,KAAK;AACH,mBAAO,eAAe,OAAO,OAAO,IAAI,EAAE,OAAO;AAAA,UACnD,KAAK;AACH,mBAAO,eAAe,OAAO,OAAO,IAAI,EAAE,OAAO;AAAA,UACnD;AAEE,kBAAM,IAAI;AAAA,cACR,qCAAqC,KAAK,4BAA4B;AAAA,gBACnE,OAA4B;AAAA,cAC/B,CAAC;AAAA,YACH;AAAA,QACJ;AAAA,MACF,CAAC;AAAA,IACH,EACC,GAAG,UAAU,SAAY,SAAY,EAAE,MAAM,CAAC;AAAA,EACnD,SAAS,KAAK;AAGZ,QAAI,eAAe,aAAa;AAC9B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,cAAc,yBAAyB,GAAG,GAAG;AAAA,MACrD,OAAO;AAAA,MACP,SAAS,2BAA2B,GAAG;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,UAAU;AACnB,UAAM,IAAI;AAAA,MACR;AAAA,MACA,EAAE,SAAS,EAAE,UAAU,MAAM,MAAM,OAAO,KAAK,EAAE;AAAA,IACnD;AAAA,EACF;AAEA,SAAO,EAAE,cAAc,QAAQ,QAAQ,UAAU,MAAM;AACzD;AAEA,SAAS,kBAAkB,OAA2C;AACpE,SAAO,UAAU,SAAS,UAAU,YAAY,UAAU;AAC5D;AAEA,SAAS,yBAAyB,KAAsB;AACtD,MAAI,eAAe,SAAS,IAAI,SAAS;AACvC,WAAO,8BAA8B,IAAI,OAAO;AAAA,EAClD;AACA,SAAO;AACT;AAEA,SAAS,2BAA2B,KAAuB;AACzD,MAAI,OAAO,OAAO,QAAQ,UAAU;AAClC,UAAM,sBAAuB,IAC1B;AACH,QAAI,wBAAwB,QAAW;AACrC,aAAO,EAAE,qBAAqB,oBAAoB;AAAA,IACpD;AAAA,EACF;AACA,SAAO;AACT;;;AC5MO,IAAM,uCAAuC;AA4BpD,eAAsB,mCACpB,QAC0C;AAC1C,QAAM,EAAE,SAAS,WAAW,MAAM,IAAI;AAEtC,MAAI,QAAQ,WAAW,GAAG;AACxB,WAAO,EAAE,kBAAkB,GAAG,mBAAmB,EAAE;AAAA,EACrD;AACA,MAAI,QAAQ,SAAS,sCAAsC;AACzD,UAAM,IAAI;AAAA,MACR,iDAAiD,QAAQ,MAAM,sBAAsB,oCAAoC;AAAA,IAC3H;AAAA,EACF;AAEA,QAAM,UAAmC,CAAC;AAC1C,aAAW,UAAU,SAAS;AAC5B,QAAI,OAAO,mBAAmB;AAC5B,cAAQ,KAAK;AAAA,QACX,QAAQ,OAAO;AAAA,QACf,QAAQ;AAAA,QACR,MAAM,EAAE,GAAG,OAAO,OAAO;AAAA,MAC3B,CAAC;AACD,cAAQ,KAAK;AAAA,QACX,QAAQ,OAAO;AAAA,QACf,QAAQ;AAAA,QACR,MAAM,EAAE,GAAG,OAAO,QAAQ;AAAA,MAC5B,CAAC;AAAA,IACH,OAAO;AAEL,cAAQ,KAAK;AAAA,QACX,QAAQ,OAAO;AAAA,QACf,QAAQ;AAAA,QACR,MAAM,EAAE,GAAG,OAAO,QAAQ;AAAA,MAC5B,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,QAAQ,SAAS,2BAA2B;AAC9C,UAAM,IAAI;AAAA,MACR,yDAAyD,QAAQ,MAAM,8DAA8D,yBAAyB;AAAA,IAChK;AAAA,EACF;AAEA,QAAM,UAAU,wBAAwB,SAAS;AACjD,QAAM,kBAAkB,EAAE,SAAS,SAAS,MAAM,CAAC;AAEnD,SAAO;AAAA,IACL,kBAAkB,QAAQ;AAAA,IAC1B,mBAAmB,QAAQ;AAAA,EAC7B;AACF;;;ApBpGO,IAAM,UAAU,OACrB,UACgC;AAChC,QAAM,SAAS,MAAM,mCAAmC;AAAA,IACtD,SAAS,MAAM;AAAA,IACf,OAAO,MAAM;AAAA,EACf,CAAC;AAED,SAAO;AAAA,IACL,YAAY,MAAM;AAAA,IAClB,UAAU,MAAM;AAAA,IAChB,UAAU,MAAM;AAAA,IAChB,kBAAkB,OAAO;AAAA,IACzB,mBAAmB,OAAO;AAAA,EAC5B;AACF;","names":["import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb","import_electrodb"]}

package/lib/rename-rewrite-chunk.handler.mjs

@@ -0,0 +1,27 @@
+import {
+  rewriteRenameCascadeChunkOperation
+} from "./chunk-WQWFVEVX.mjs";
+import "./chunk-QJDHVMKT.mjs";
+import "./chunk-FYHBHHWK.mjs";
+import "./chunk-6NBGYGFL.mjs";
+import "./chunk-TRY7JGWO.mjs";
+import "./chunk-LZOMFHX3.mjs";
+
+// src/workflows/control-plane/rename-cascade/rename-rewrite-chunk.handler.ts
+var handler = async (input) => {
+  const result = await rewriteRenameCascadeChunkOperation({
+    targets: input.targets,
+    token: input.chunkToken
+  });
+  return {
+    entityType: input.entityType,
+    entityId: input.entityId,
+    tenantId: input.tenantId,
+    targetsRewritten: result.targetsRewritten,
+    transactItemCount: result.transactItemCount
+  };
+};
+export {
+  handler
+};
+//# sourceMappingURL=rename-rewrite-chunk.handler.mjs.map

package/lib/rename-rewrite-chunk.handler.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/workflows/control-plane/rename-cascade/rename-rewrite-chunk.handler.ts"],"sourcesContent":["/**\n * Cascade Step Functions Distributed-Map iteration handler. Receives\n * one chunk of <=50 rewrite targets from the list-targets step and\n * issues a single `TransactWriteItems` via `executeMultiWrite` (#1010).\n *\n * Each target maps to either:\n *\n * - **SK rewrite** — `delete oldKey` + `put newItem` pair (2 transact\n *   items). Used when the SK encodes the renamed normalized name.\n * - **Attr-only update** — single `put newItem` overwrite at the same\n *   key. Used when only the denormalized display-name attribute\n *   changes (the SK is rename-stable).\n *\n * Idempotency: the chunk's `chunkToken` flows through to ElectroDB's\n * `ClientRequestToken` so a Map iteration replayed by Step Functions\n * retry lands on the same transaction id. The state machine's `Catch`\n * block also absorbs `DynamoDB.TransactionCanceledException` as a no-op\n * success — common on partial-replay when the prior run already\n * rewrote the rows (the `vid` race is \"rewrite loses to a later\n * write\" per TR-023 idempotency rule).\n */\n\nimport type { RenameCascadeChunkInput } from \"./events\";\nimport { rewriteRenameCascadeChunkOperation } from \"../../../data/operations/control/rename-cascade/rename-cascade-rewrite-chunk-operation\";\n\nexport interface RewriteChunkOutput {\n  readonly entityType: string;\n  readonly entityId: string;\n  readonly tenantId?: string;\n  readonly targetsRewritten: number;\n  readonly transactItemCount: number;\n}\n\nexport const handler = async (\n  input: RenameCascadeChunkInput,\n): Promise<RewriteChunkOutput> => {\n  const result = await rewriteRenameCascadeChunkOperation({\n    targets: input.targets,\n    token: input.chunkToken,\n  });\n\n  return {\n    entityType: input.entityType,\n    entityId: input.entityId,\n    tenantId: input.tenantId,\n    targetsRewritten: result.targetsRewritten,\n    transactItemCount: result.transactItemCount,\n  };\n};\n"],"mappings":";;;;;;;;;;AAiCO,IAAM,UAAU,OACrB,UACgC;AAChC,QAAM,SAAS,MAAM,mCAAmC;AAAA,IACtD,SAAS,MAAM;AAAA,IACf,OAAO,MAAM;AAAA,EACf,CAAC;AAED,SAAO;AAAA,IACL,YAAY,MAAM;AAAA,IAClB,UAAU,MAAM;AAAA,IAChB,UAAU,MAAM;AAAA,IAChB,kBAAkB,OAAO;AAAA,IACzB,mBAAmB,OAAO;AAAA,EAC5B;AACF;","names":[]}