@openhi/constructs 0.0.111 → 0.0.112

package/lib/provision-default-workspace.handler.mjs

@@ -3,16 +3,20 @@ import {
   createRoleAssignmentOperation,
   createTenantOperation,
   createWorkspaceOperation
-} from "./chunk-MULKGFIJ.mjs";
+} from "./chunk-GBDIGTNV.mjs";
+import "./chunk-HQ67J7BP.mjs";
+import "./chunk-QJDHVMKT.mjs";
 import {
   findUserBySubOperation,
   idFromReference,
   parseUserResource
-} from "./chunk-2TPJ6HOF.mjs";
-import "./chunk-IS4VQRI4.mjs";
+} from "./chunk-NZRW7ROK.mjs";
+import "./chunk-QMBJ4VHC.mjs";
+import "./chunk-FYHBHHWK.mjs";
 import {
   getDynamoControlService
-} from "./chunk-QR5JVSCF.mjs";
+} from "./chunk-6NBGYGFL.mjs";
+import "./chunk-TRY7JGWO.mjs";
 import "./chunk-LZOMFHX3.mjs";
 
 // src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts

package/lib/provision-default-workspace.handler.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\nimport { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport type { EventBridgeEvent } from \"aws-lambda\";\nimport {\n  PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  type ProvisionDefaultWorkspaceRequestedDetail,\n} from \"./events\";\nimport { getDynamoControlService } from \"../../../data/dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../data/openhi-context\";\nimport { createMembershipOperation } from \"../../../data/operations/control/membership/membership-create-operation\";\nimport { createRoleAssignmentOperation } from \"../../../data/operations/control/roleassignment/roleassignment-create-operation\";\nimport { createTenantOperation } from \"../../../data/operations/control/tenant/tenant-create-operation\";\nimport {\n  findUserBySubOperation,\n  parseUserResource,\n} from \"../../../data/operations/control/user\";\nimport { createWorkspaceOperation } from \"../../../data/operations/control/workspace/workspace-create-operation\";\nimport { idFromReference } from \"../../../data/operations/fhir-reference\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/user-onboarding/provision-default-workspace.handler.md\n *\n * EventBridge workflow handler that provisions the default control-plane\n * records for a newly confirmed Cognito user.\n */\ntype ProvisionDefaultWorkspaceEvent = EventBridgeEvent<\n  typeof PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  ProvisionDefaultWorkspaceRequestedDetail\n>;\n\nconst CURRENT_SK = \"CURRENT\";\nconst VID = \"1\";\n\n// Store the same compact summary shape used by control-plane entities.\nconst summaryFor = (resource: Record<string, unknown>): string => {\n  return JSON.stringify(extractSummary(resource as FhirResourceLike));\n};\n\n// Make onboarding writes replay-safe by deriving deterministic record ids.\nconst stableOnboardingId = (kind: string, cognitoSub: string): string => {\n  return createHash(\"sha256\")\n    .update(kind)\n    .update(\"\\0\")\n    .update(cognitoSub)\n    .digest(\"hex\")\n    .slice(0, 26)\n    .toUpperCase();\n};\n\nexport const handler = async (\n  event: ProvisionDefaultWorkspaceEvent,\n): Promise<void> => {\n  // Events without a Cognito subject cannot be tied to a stable User.\n  const detail = event.detail;\n  if (!detail?.cognitoSub) {\n    console.warn(\n      \"ProvisionDefaultWorkspace: event missing cognitoSub; skipping\",\n    );\n    return;\n  }\n\n  // If onboarding already completed, leave existing records untouched.\n  // The lookup runs before tenant/workspace exist, so use a synthetic\n  // placeholder context — findUserBySubOperation does not read its fields.\n  const service = getDynamoControlService();\n  const existingUser = await findUserBySubOperation({\n    context: {\n      tenantId: \"\",\n      workspaceId: \"\",\n      date: \"\",\n      actorId: \"\",\n      actorName: \"\",\n      actorType: \"internal-system\",\n    },\n    cognitoSub: detail.cognitoSub,\n  });\n  const existingResource = existingUser\n    ? parseUserResource(existingUser.resource)\n    : undefined;\n  const existingTenantId = idFromReference(\n    existingResource?.currentTenant?.reference,\n    \"Tenant/\",\n  );\n  const existingWorkspaceId = idFromReference(\n    existingResource?.currentWorkspace?.reference,\n    \"Workspace/\",\n  );\n\n  if (existingUser && existingTenantId && existingWorkspaceId) {\n    return;\n  }\n\n  const displayName =\n    detail.displayName ||\n    detail.email ||\n    event.resources?.[0] ||\n    detail.cognitoSub;\n  const userId =\n    existingUser?.id ??\n    detail.userId ??\n    stableOnboardingId(\"user\", detail.cognitoSub);\n  const tenantId = stableOnboardingId(\"tenant\", detail.cognitoSub);\n  const workspaceId = stableOnboardingId(\"workspace\", detail.cognitoSub);\n  const userTenantMembershipId = stableOnboardingId(\n    \"tenant-membership\",\n    detail.cognitoSub,\n  );\n  const userWorkspaceMembershipId = stableOnboardingId(\n    \"workspace-membership\",\n    detail.cognitoSub,\n  );\n  const roleAssignmentId = stableOnboardingId(\n    \"tenant-user-role-assignment\",\n    detail.cognitoSub,\n  );\n\n  const lastUpdated = new Date().toISOString();\n\n  // Synthesized OpenHI context for internal-system writes during onboarding.\n  const context: OpenHiContext = {\n    tenantId,\n    workspaceId,\n    date: lastUpdated,\n    actorId: userId,\n    actorName: displayName,\n    actorType: \"internal-system\",\n  };\n\n  const tenantResource = {\n    id: tenantId,\n    displayName: `${displayName}'s Practice`,\n    status: \"active\",\n  };\n  const workspaceResource = {\n    id: workspaceId,\n    displayName: \"Default Workspace\",\n    status: \"active\",\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userResource = {\n    ...(existingResource ?? {}),\n    resourceType: \"User\",\n    id: userId,\n    name: existingResource?.name ?? [{ text: displayName }],\n    status: \"active\",\n    currentTenant: { reference: `Tenant/${tenantId}` },\n    currentWorkspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const userTenantMembershipResource = {\n    id: userTenantMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userWorkspaceMembershipResource = {\n    id: userWorkspaceMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    workspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const roleAssignmentResource = {\n    id: roleAssignmentId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    role: \"tenant-user\",\n  };\n\n  await createTenantOperation({\n    context,\n    body: { id: tenantId, resource: tenantResource },\n  });\n\n  await createWorkspaceOperation({\n    context,\n    body: { id: workspaceId, resource: workspaceResource },\n  });\n\n  // Direct User put/patch: no User operation supports the cognitoSub set or\n  // partial-repair flow yet, so onboarding writes the User record inline.\n  if (existingUser) {\n    await service.entities.user\n      .patch({ id: userId, sk: CURRENT_SK })\n      .set({\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        cognitoSub: detail.cognitoSub,\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  } else {\n    await service.entities.user\n      .put({\n        id: userId,\n        cognitoSub: detail.cognitoSub,\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  }\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userTenantMembershipId,\n      resource: userTenantMembershipResource,\n    },\n  });\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userWorkspaceMembershipId,\n      resource: userWorkspaceMembershipResource,\n    },\n  });\n\n  await createRoleAssignmentOperation({\n    context,\n    body: { id: roleAssignmentId, resource: roleAssignmentResource },\n  });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,SAAS,kBAAkB;AAC3B,SAAS,sBAA6C;AA6BtD,IAAM,aAAa;AACnB,IAAM,MAAM;AAGZ,IAAM,aAAa,CAAC,aAA8C;AAChE,SAAO,KAAK,UAAU,eAAe,QAA4B,CAAC;AACpE;AAGA,IAAM,qBAAqB,CAAC,MAAc,eAA+B;AACvE,SAAO,WAAW,QAAQ,EACvB,OAAO,IAAI,EACX,OAAO,IAAI,EACX,OAAO,UAAU,EACjB,OAAO,KAAK,EACZ,MAAM,GAAG,EAAE,EACX,YAAY;AACjB;AAEO,IAAM,UAAU,OACrB,UACkB;AAElB,QAAM,SAAS,MAAM;AACrB,MAAI,CAAC,QAAQ,YAAY;AACvB,YAAQ;AAAA,MACN;AAAA,IACF;AACA;AAAA,EACF;AAKA,QAAM,UAAU,wBAAwB;AACxC,QAAM,eAAe,MAAM,uBAAuB;AAAA,IAChD,SAAS;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,SAAS;AAAA,MACT,WAAW;AAAA,MACX,WAAW;AAAA,IACb;AAAA,IACA,YAAY,OAAO;AAAA,EACrB,CAAC;AACD,QAAM,mBAAmB,eACrB,kBAAkB,aAAa,QAAQ,IACvC;AACJ,QAAM,mBAAmB;AAAA,IACvB,kBAAkB,eAAe;AAAA,IACjC;AAAA,EACF;AACA,QAAM,sBAAsB;AAAA,IAC1B,kBAAkB,kBAAkB;AAAA,IACpC;AAAA,EACF;AAEA,MAAI,gBAAgB,oBAAoB,qBAAqB;AAC3D;AAAA,EACF;AAEA,QAAM,cACJ,OAAO,eACP,OAAO,SACP,MAAM,YAAY,CAAC,KACnB,OAAO;AACT,QAAM,SACJ,cAAc,MACd,OAAO,UACP,mBAAmB,QAAQ,OAAO,UAAU;AAC9C,QAAM,WAAW,mBAAmB,UAAU,OAAO,UAAU;AAC/D,QAAM,cAAc,mBAAmB,aAAa,OAAO,UAAU;AACrE,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,4BAA4B;AAAA,IAChC;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,OAAO;AAAA,EACT;AAEA,QAAM,eAAc,oBAAI,KAAK,GAAE,YAAY;AAG3C,QAAM,UAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,SAAS;AAAA,IACT,WAAW;AAAA,IACX,WAAW;AAAA,EACb;AAEA,QAAM,iBAAiB;AAAA,IACrB,IAAI;AAAA,IACJ,aAAa,GAAG,WAAW;AAAA,IAC3B,QAAQ;AAAA,EACV;AACA,QAAM,oBAAoB;AAAA,IACxB,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,eAAe;AAAA,IACnB,GAAI,oBAAoB,CAAC;AAAA,IACzB,cAAc;AAAA,IACd,IAAI;AAAA,IACJ,MAAM,kBAAkB,QAAQ,CAAC,EAAE,MAAM,YAAY,CAAC;AAAA,IACtD,QAAQ;AAAA,IACR,eAAe,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IACjD,kBAAkB,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EAC5D;AACA,QAAM,+BAA+B;AAAA,IACnC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,kCAAkC;AAAA,IACtC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,WAAW,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EACrD;AACA,QAAM,yBAAyB;AAAA,IAC7B,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,MAAM;AAAA,EACR;AAEA,QAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,MAAM,EAAE,IAAI,UAAU,UAAU,eAAe;AAAA,EACjD,CAAC;AAED,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,MAAM,EAAE,IAAI,aAAa,UAAU,kBAAkB;AAAA,EACvD,CAAC;AAID,MAAI,cAAc;AAChB,UAAM,QAAQ,SAAS,KACpB,MAAM,EAAE,IAAI,QAAQ,IAAI,WAAW,CAAC,EACpC,IAAI;AAAA,MACH,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,YAAY,OAAO;AAAA,MACnB,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR,OAAO;AACL,UAAM,QAAQ,SAAS,KACpB,IAAI;AAAA,MACH,IAAI;AAAA,MACJ,YAAY,OAAO;AAAA,MACnB,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR;AAEA,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,MAAM,EAAE,IAAI,kBAAkB,UAAU,uBAAuB;AAAA,EACjE,CAAC;AACH;","names":[]}
+{"version":3,"sources":["../src/workflows/control-plane/user-onboarding/provision-default-workspace.handler.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\nimport { extractSummary, type FhirResourceLike } from \"@openhi/types\";\nimport type { EventBridgeEvent } from \"aws-lambda\";\nimport {\n  PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  type ProvisionDefaultWorkspaceRequestedDetail,\n} from \"./events\";\nimport { getDynamoControlService } from \"../../../data/dynamo/dynamo-control-service\";\nimport type { OpenHiContext } from \"../../../data/openhi-context\";\nimport { createMembershipOperation } from \"../../../data/operations/control/membership/membership-create-operation\";\nimport { createRoleAssignmentOperation } from \"../../../data/operations/control/roleassignment/roleassignment-create-operation\";\nimport { createTenantOperation } from \"../../../data/operations/control/tenant/tenant-create-operation\";\nimport {\n  findUserBySubOperation,\n  parseUserResource,\n} from \"../../../data/operations/control/user\";\nimport { createWorkspaceOperation } from \"../../../data/operations/control/workspace/workspace-create-operation\";\nimport { idFromReference } from \"../../../data/operations/fhir-reference\";\n\n/**\n * @see sites/www-docs/content/packages/@openhi/constructs/workflows/control-plane/user-onboarding/provision-default-workspace.handler.md\n *\n * EventBridge workflow handler that provisions the default control-plane\n * records for a newly confirmed Cognito user.\n */\ntype ProvisionDefaultWorkspaceEvent = EventBridgeEvent<\n  typeof PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE,\n  ProvisionDefaultWorkspaceRequestedDetail\n>;\n\nconst CURRENT_SK = \"CURRENT\";\nconst VID = \"1\";\n\n// Store the same compact summary shape used by control-plane entities.\nconst summaryFor = (resource: Record<string, unknown>): string => {\n  return JSON.stringify(extractSummary(resource as FhirResourceLike));\n};\n\n// Make onboarding writes replay-safe by deriving deterministic record ids.\nconst stableOnboardingId = (kind: string, cognitoSub: string): string => {\n  return createHash(\"sha256\")\n    .update(kind)\n    .update(\"\\0\")\n    .update(cognitoSub)\n    .digest(\"hex\")\n    .slice(0, 26)\n    .toUpperCase();\n};\n\nexport const handler = async (\n  event: ProvisionDefaultWorkspaceEvent,\n): Promise<void> => {\n  // Events without a Cognito subject cannot be tied to a stable User.\n  const detail = event.detail;\n  if (!detail?.cognitoSub) {\n    console.warn(\n      \"ProvisionDefaultWorkspace: event missing cognitoSub; skipping\",\n    );\n    return;\n  }\n\n  // If onboarding already completed, leave existing records untouched.\n  // The lookup runs before tenant/workspace exist, so use a synthetic\n  // placeholder context — findUserBySubOperation does not read its fields.\n  const service = getDynamoControlService();\n  const existingUser = await findUserBySubOperation({\n    context: {\n      tenantId: \"\",\n      workspaceId: \"\",\n      date: \"\",\n      actorId: \"\",\n      actorName: \"\",\n      actorType: \"internal-system\",\n    },\n    cognitoSub: detail.cognitoSub,\n  });\n  const existingResource = existingUser\n    ? parseUserResource(existingUser.resource)\n    : undefined;\n  const existingTenantId = idFromReference(\n    existingResource?.currentTenant?.reference,\n    \"Tenant/\",\n  );\n  const existingWorkspaceId = idFromReference(\n    existingResource?.currentWorkspace?.reference,\n    \"Workspace/\",\n  );\n\n  if (existingUser && existingTenantId && existingWorkspaceId) {\n    return;\n  }\n\n  const displayName =\n    detail.displayName ||\n    detail.email ||\n    event.resources?.[0] ||\n    detail.cognitoSub;\n  const userId =\n    existingUser?.id ??\n    detail.userId ??\n    stableOnboardingId(\"user\", detail.cognitoSub);\n  const tenantId = stableOnboardingId(\"tenant\", detail.cognitoSub);\n  const workspaceId = stableOnboardingId(\"workspace\", detail.cognitoSub);\n  const userTenantMembershipId = stableOnboardingId(\n    \"tenant-membership\",\n    detail.cognitoSub,\n  );\n  const userWorkspaceMembershipId = stableOnboardingId(\n    \"workspace-membership\",\n    detail.cognitoSub,\n  );\n  const roleAssignmentId = stableOnboardingId(\n    \"tenant-user-role-assignment\",\n    detail.cognitoSub,\n  );\n\n  const lastUpdated = new Date().toISOString();\n\n  // Synthesized OpenHI context for internal-system writes during onboarding.\n  const context: OpenHiContext = {\n    tenantId,\n    workspaceId,\n    date: lastUpdated,\n    actorId: userId,\n    actorName: displayName,\n    actorType: \"internal-system\",\n  };\n\n  const tenantResource = {\n    id: tenantId,\n    displayName: `${displayName}'s Practice`,\n    status: \"active\",\n  };\n  const workspaceResource = {\n    id: workspaceId,\n    displayName: \"Default Workspace\",\n    status: \"active\",\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userResource = {\n    ...(existingResource ?? {}),\n    resourceType: \"User\",\n    id: userId,\n    name: existingResource?.name ?? [{ text: displayName }],\n    status: \"active\",\n    currentTenant: { reference: `Tenant/${tenantId}` },\n    currentWorkspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const userTenantMembershipResource = {\n    id: userTenantMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n  };\n  const userWorkspaceMembershipResource = {\n    id: userWorkspaceMembershipId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    workspace: { reference: `Workspace/${workspaceId}` },\n  };\n  const roleAssignmentResource = {\n    id: roleAssignmentId,\n    status: \"active\",\n    user: { reference: `User/${userId}` },\n    tenant: { reference: `Tenant/${tenantId}` },\n    role: \"tenant-user\",\n  };\n\n  await createTenantOperation({\n    context,\n    body: { id: tenantId, resource: tenantResource },\n  });\n\n  await createWorkspaceOperation({\n    context,\n    body: { id: workspaceId, resource: workspaceResource },\n  });\n\n  // Direct User put/patch: no User operation supports the cognitoSub set or\n  // partial-repair flow yet, so onboarding writes the User record inline.\n  if (existingUser) {\n    await service.entities.user\n      .patch({ id: userId, sk: CURRENT_SK })\n      .set({\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        cognitoSub: detail.cognitoSub,\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  } else {\n    await service.entities.user\n      .put({\n        id: userId,\n        cognitoSub: detail.cognitoSub,\n        resource: JSON.stringify(userResource),\n        summary: summaryFor(userResource),\n        vid: VID,\n        lastUpdated,\n      })\n      .go();\n  }\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userTenantMembershipId,\n      resource: userTenantMembershipResource,\n    },\n  });\n\n  await createMembershipOperation({\n    context,\n    body: {\n      id: userWorkspaceMembershipId,\n      resource: userWorkspaceMembershipResource,\n    },\n  });\n\n  await createRoleAssignmentOperation({\n    context,\n    body: { id: roleAssignmentId, resource: roleAssignmentResource },\n  });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,kBAAkB;AAC3B,SAAS,sBAA6C;AA6BtD,IAAM,aAAa;AACnB,IAAM,MAAM;AAGZ,IAAM,aAAa,CAAC,aAA8C;AAChE,SAAO,KAAK,UAAU,eAAe,QAA4B,CAAC;AACpE;AAGA,IAAM,qBAAqB,CAAC,MAAc,eAA+B;AACvE,SAAO,WAAW,QAAQ,EACvB,OAAO,IAAI,EACX,OAAO,IAAI,EACX,OAAO,UAAU,EACjB,OAAO,KAAK,EACZ,MAAM,GAAG,EAAE,EACX,YAAY;AACjB;AAEO,IAAM,UAAU,OACrB,UACkB;AAElB,QAAM,SAAS,MAAM;AACrB,MAAI,CAAC,QAAQ,YAAY;AACvB,YAAQ;AAAA,MACN;AAAA,IACF;AACA;AAAA,EACF;AAKA,QAAM,UAAU,wBAAwB;AACxC,QAAM,eAAe,MAAM,uBAAuB;AAAA,IAChD,SAAS;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,SAAS;AAAA,MACT,WAAW;AAAA,MACX,WAAW;AAAA,IACb;AAAA,IACA,YAAY,OAAO;AAAA,EACrB,CAAC;AACD,QAAM,mBAAmB,eACrB,kBAAkB,aAAa,QAAQ,IACvC;AACJ,QAAM,mBAAmB;AAAA,IACvB,kBAAkB,eAAe;AAAA,IACjC;AAAA,EACF;AACA,QAAM,sBAAsB;AAAA,IAC1B,kBAAkB,kBAAkB;AAAA,IACpC;AAAA,EACF;AAEA,MAAI,gBAAgB,oBAAoB,qBAAqB;AAC3D;AAAA,EACF;AAEA,QAAM,cACJ,OAAO,eACP,OAAO,SACP,MAAM,YAAY,CAAC,KACnB,OAAO;AACT,QAAM,SACJ,cAAc,MACd,OAAO,UACP,mBAAmB,QAAQ,OAAO,UAAU;AAC9C,QAAM,WAAW,mBAAmB,UAAU,OAAO,UAAU;AAC/D,QAAM,cAAc,mBAAmB,aAAa,OAAO,UAAU;AACrE,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,4BAA4B;AAAA,IAChC;AAAA,IACA,OAAO;AAAA,EACT;AACA,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,OAAO;AAAA,EACT;AAEA,QAAM,eAAc,oBAAI,KAAK,GAAE,YAAY;AAG3C,QAAM,UAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,SAAS;AAAA,IACT,WAAW;AAAA,IACX,WAAW;AAAA,EACb;AAEA,QAAM,iBAAiB;AAAA,IACrB,IAAI;AAAA,IACJ,aAAa,GAAG,WAAW;AAAA,IAC3B,QAAQ;AAAA,EACV;AACA,QAAM,oBAAoB;AAAA,IACxB,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,eAAe;AAAA,IACnB,GAAI,oBAAoB,CAAC;AAAA,IACzB,cAAc;AAAA,IACd,IAAI;AAAA,IACJ,MAAM,kBAAkB,QAAQ,CAAC,EAAE,MAAM,YAAY,CAAC;AAAA,IACtD,QAAQ;AAAA,IACR,eAAe,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IACjD,kBAAkB,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EAC5D;AACA,QAAM,+BAA+B;AAAA,IACnC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,EAC5C;AACA,QAAM,kCAAkC;AAAA,IACtC,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,WAAW,EAAE,WAAW,aAAa,WAAW,GAAG;AAAA,EACrD;AACA,QAAM,yBAAyB;AAAA,IAC7B,IAAI;AAAA,IACJ,QAAQ;AAAA,IACR,MAAM,EAAE,WAAW,QAAQ,MAAM,GAAG;AAAA,IACpC,QAAQ,EAAE,WAAW,UAAU,QAAQ,GAAG;AAAA,IAC1C,MAAM;AAAA,EACR;AAEA,QAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,MAAM,EAAE,IAAI,UAAU,UAAU,eAAe;AAAA,EACjD,CAAC;AAED,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA,MAAM,EAAE,IAAI,aAAa,UAAU,kBAAkB;AAAA,EACvD,CAAC;AAID,MAAI,cAAc;AAChB,UAAM,QAAQ,SAAS,KACpB,MAAM,EAAE,IAAI,QAAQ,IAAI,WAAW,CAAC,EACpC,IAAI;AAAA,MACH,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,YAAY,OAAO;AAAA,MACnB,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR,OAAO;AACL,UAAM,QAAQ,SAAS,KACpB,IAAI;AAAA,MACH,IAAI;AAAA,MACJ,YAAY,OAAO;AAAA,MACnB,UAAU,KAAK,UAAU,YAAY;AAAA,MACrC,SAAS,WAAW,YAAY;AAAA,MAChC,KAAK;AAAA,MACL;AAAA,IACF,CAAC,EACA,GAAG;AAAA,EACR;AAEA,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,MAAM,EAAE,IAAI,kBAAkB,UAAU,uBAAuB;AAAA,EACjE,CAAC;AACH;","names":[]}

package/lib/rename-finalize.handler.d.mts

@@ -0,0 +1,30 @@
+import { EventBridgeClient } from '@aws-sdk/client-eventbridge';
+import { f as RenameCascadeFinalizeInput, g as RenameCascadeFinalizeOutput } from './events-Da_cFgtc.mjs';
+export { c as RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR } from './events-Da_cFgtc.mjs';
+import '@openhi/workflows';
+
+/**
+ * Final step of the TR-023 rename cascade.
+ *
+ * After the Distributed Map state rewrites every affected projection
+ * row, this handler emits `control-plane.rename-complete.v1` on the ops
+ * event bus, carrying the cascade's chunk count, items rewritten, and
+ * duration. UI subscribers consume the event to refresh stale list
+ * views.
+ *
+ * Unlike the owning-delete cascade's finalize step, this handler does
+ * NOT touch the canonical record — the rename is a consumer that only
+ * rewrites projections; the canonical Tenant / User / Role row was
+ * already updated by the originating PUT that triggered the cascade's
+ * upstream `control-plane.rename.v1` event.
+ */
+
+/** Test seam: per-handler-call EventBridge client + clock. */
+interface FinalizeHandlerDependencies {
+    readonly eventBridgeClient?: EventBridgeClient;
+    readonly now?: () => Date;
+    readonly eventIdGenerator?: () => string;
+}
+declare const handler: (input: RenameCascadeFinalizeInput, deps?: FinalizeHandlerDependencies) => Promise<RenameCascadeFinalizeOutput>;
+
+export { type FinalizeHandlerDependencies, handler };

package/lib/rename-finalize.handler.d.ts

@@ -0,0 +1,30 @@
+import { EventBridgeClient } from '@aws-sdk/client-eventbridge';
+import { f as RenameCascadeFinalizeInput, g as RenameCascadeFinalizeOutput } from './events-Da_cFgtc.js';
+export { c as RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR } from './events-Da_cFgtc.js';
+import '@openhi/workflows';
+
+/**
+ * Final step of the TR-023 rename cascade.
+ *
+ * After the Distributed Map state rewrites every affected projection
+ * row, this handler emits `control-plane.rename-complete.v1` on the ops
+ * event bus, carrying the cascade's chunk count, items rewritten, and
+ * duration. UI subscribers consume the event to refresh stale list
+ * views.
+ *
+ * Unlike the owning-delete cascade's finalize step, this handler does
+ * NOT touch the canonical record — the rename is a consumer that only
+ * rewrites projections; the canonical Tenant / User / Role row was
+ * already updated by the originating PUT that triggered the cascade's
+ * upstream `control-plane.rename.v1` event.
+ */
+
+/** Test seam: per-handler-call EventBridge client + clock. */
+interface FinalizeHandlerDependencies {
+    readonly eventBridgeClient?: EventBridgeClient;
+    readonly now?: () => Date;
+    readonly eventIdGenerator?: () => string;
+}
+declare const handler: (input: RenameCascadeFinalizeInput, deps?: FinalizeHandlerDependencies) => Promise<RenameCascadeFinalizeOutput>;
+
+export { type FinalizeHandlerDependencies, handler };