npm - @openhi/constructs - Versions diffs - 0.0.111 → 0.0.112 - Mend

@openhi/constructs 0.0.111 → 0.0.112

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

package/lib/chunk-23PUSHBV.mjs +24 -0
package/lib/chunk-23PUSHBV.mjs.map +1 -0
package/lib/{chunk-7FUAMZOF.mjs → chunk-53OHXLIL.mjs} +3 -3
package/lib/chunk-6NBGYGFL.mjs +1803 -0
package/lib/chunk-6NBGYGFL.mjs.map +1 -0
package/lib/chunk-7RZHFI77.mjs +22 -0
package/lib/chunk-7RZHFI77.mjs.map +1 -0
package/lib/{chunk-7Q2IJ2J5.mjs → chunk-CUUKXDB2.mjs} +6 -6
package/lib/chunk-FYHBHHWK.mjs +47 -0
package/lib/chunk-FYHBHHWK.mjs.map +1 -0
package/lib/{chunk-MULKGFIJ.mjs → chunk-GBDIGTNV.mjs} +165 -10
package/lib/chunk-GBDIGTNV.mjs.map +1 -0
package/lib/chunk-HQ67J7BP.mjs +199 -0
package/lib/chunk-HQ67J7BP.mjs.map +1 -0
package/lib/{chunk-AJ3G3THO.mjs → chunk-KO64HPWQ.mjs} +2 -2
package/lib/{chunk-BB5MK4L3.mjs → chunk-KSFC72TT.mjs} +3 -3
package/lib/{chunk-2TPJ6HOF.mjs → chunk-NZRW7ROK.mjs} +72 -54
package/lib/chunk-NZRW7ROK.mjs.map +1 -0
package/lib/chunk-QJDHVMKT.mjs +117 -0
package/lib/chunk-QJDHVMKT.mjs.map +1 -0
package/lib/{chunk-IS4VQRI4.mjs → chunk-QMBJ4VHC.mjs} +12 -47
package/lib/chunk-QMBJ4VHC.mjs.map +1 -0
package/lib/chunk-TRY7JGWO.mjs +16 -0
package/lib/chunk-TRY7JGWO.mjs.map +1 -0
package/lib/chunk-W4KR4CSL.mjs +236 -0
package/lib/chunk-W4KR4CSL.mjs.map +1 -0
package/lib/{chunk-AGF3RAAZ.mjs → chunk-WPCBVDFZ.mjs} +2 -2
package/lib/chunk-WQWFVEVX.mjs +66 -0
package/lib/chunk-WQWFVEVX.mjs.map +1 -0
package/lib/{chunk-SYBADQXI.mjs → chunk-ZM4GDHHC.mjs} +77 -2
package/lib/chunk-ZM4GDHHC.mjs.map +1 -0
package/lib/delete-chunk.handler.d.mts +29 -0
package/lib/delete-chunk.handler.d.ts +29 -0
package/lib/delete-chunk.handler.js +2716 -0
package/lib/delete-chunk.handler.js.map +1 -0
package/lib/delete-chunk.handler.mjs +47 -0
package/lib/delete-chunk.handler.mjs.map +1 -0
package/lib/events-CjS-sm0W.d.mts +107 -0
package/lib/events-CjS-sm0W.d.ts +107 -0
package/lib/events-Da_cFgtc.d.mts +208 -0
package/lib/events-Da_cFgtc.d.ts +208 -0
package/lib/finalize.handler.d.mts +35 -0
package/lib/finalize.handler.d.ts +35 -0
package/lib/finalize.handler.js +875 -0
package/lib/finalize.handler.js.map +1 -0
package/lib/finalize.handler.mjs +166 -0
package/lib/finalize.handler.mjs.map +1 -0
package/lib/index.d.mts +189 -2
package/lib/index.d.ts +500 -3
package/lib/index.js +1753 -174
package/lib/index.js.map +1 -1
package/lib/index.mjs +571 -17
package/lib/index.mjs.map +1 -1
package/lib/list-chunks.handler.d.mts +28 -0
package/lib/list-chunks.handler.d.ts +28 -0
package/lib/list-chunks.handler.js +2746 -0
package/lib/list-chunks.handler.js.map +1 -0
package/lib/list-chunks.handler.mjs +54 -0
package/lib/list-chunks.handler.mjs.map +1 -0
package/lib/platform-deploy-bridge.handler.js +76 -1
package/lib/platform-deploy-bridge.handler.js.map +1 -1
package/lib/platform-deploy-bridge.handler.mjs +1 -1
package/lib/pre-token-generation.handler.js +1106 -155
package/lib/pre-token-generation.handler.js.map +1 -1
package/lib/pre-token-generation.handler.mjs +6 -4
package/lib/pre-token-generation.handler.mjs.map +1 -1
package/lib/provision-default-workspace.handler.js +1529 -142
package/lib/provision-default-workspace.handler.js.map +1 -1
package/lib/provision-default-workspace.handler.mjs +8 -4
package/lib/provision-default-workspace.handler.mjs.map +1 -1
package/lib/rename-finalize.handler.d.mts +30 -0
package/lib/rename-finalize.handler.d.ts +30 -0
package/lib/rename-finalize.handler.js +795 -0
package/lib/rename-finalize.handler.js.map +1 -0
package/lib/rename-finalize.handler.mjs +90 -0
package/lib/rename-finalize.handler.mjs.map +1 -0
package/lib/rename-list-targets.handler.d.mts +26 -0
package/lib/rename-list-targets.handler.d.ts +26 -0
package/lib/rename-list-targets.handler.js +2985 -0
package/lib/rename-list-targets.handler.js.map +1 -0
package/lib/rename-list-targets.handler.mjs +431 -0
package/lib/rename-list-targets.handler.mjs.map +1 -0
package/lib/rename-rewrite-chunk.handler.d.mts +35 -0
package/lib/rename-rewrite-chunk.handler.d.ts +35 -0
package/lib/rename-rewrite-chunk.handler.js +2021 -0
package/lib/rename-rewrite-chunk.handler.js.map +1 -0
package/lib/rename-rewrite-chunk.handler.mjs +27 -0
package/lib/rename-rewrite-chunk.handler.mjs.map +1 -0
package/lib/rest-api-lambda.handler.js +4021 -932
package/lib/rest-api-lambda.handler.js.map +1 -1
package/lib/rest-api-lambda.handler.mjs +1786 -80
package/lib/rest-api-lambda.handler.mjs.map +1 -1
package/lib/seed-demo-data.handler.js +1588 -124
package/lib/seed-demo-data.handler.js.map +1 -1
package/lib/seed-demo-data.handler.mjs +10 -6
package/lib/seed-system-data.handler.js +1179 -155
package/lib/seed-system-data.handler.js.map +1 -1
package/lib/seed-system-data.handler.mjs +5 -4
package/lib/seed-system-data.handler.mjs.map +1 -1
package/package.json +3 -3
package/lib/chunk-2TPJ6HOF.mjs.map +0 -1
package/lib/chunk-IS4VQRI4.mjs.map +0 -1
package/lib/chunk-MULKGFIJ.mjs.map +0 -1
package/lib/chunk-QR5JVSCF.mjs +0 -862
package/lib/chunk-QR5JVSCF.mjs.map +0 -1
package/lib/chunk-SYBADQXI.mjs.map +0 -1
/package/lib/{chunk-7FUAMZOF.mjs.map → chunk-53OHXLIL.mjs.map} +0 -0
/package/lib/{chunk-7Q2IJ2J5.mjs.map → chunk-CUUKXDB2.mjs.map} +0 -0
/package/lib/{chunk-AJ3G3THO.mjs.map → chunk-KO64HPWQ.mjs.map} +0 -0
/package/lib/{chunk-BB5MK4L3.mjs.map → chunk-KSFC72TT.mjs.map} +0 -0
/package/lib/{chunk-AGF3RAAZ.mjs.map → chunk-WPCBVDFZ.mjs.map} +0 -0

package/lib/chunk-QR5JVSCF.mjs DELETED Viewed

@@ -1,862 +0,0 @@
-// src/data/dynamo/dynamo-control-service.ts
-import { Service } from "electrodb";
-// src/data/dynamo/dynamo-client.ts
-import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
-var defaultTableName = process.env.DYNAMO_TABLE_NAME ?? "jesttesttable";
-var dynamoClient = new DynamoDBClient({
-  ...process.env.MOCK_DYNAMODB_ENDPOINT && {
-    endpoint: process.env.MOCK_DYNAMODB_ENDPOINT,
-    sslEnabled: false,
-    region: "local"
-  }
-});
-// src/data/dynamo/entities/control/configuration-entity.ts
-import { Entity } from "electrodb";
-// src/data/dynamo/entities/control/control-entity-common.ts
-import { extractLabel } from "@openhi/types";
-// src/data/dynamo/shard.ts
-var SHARD_COUNT = 4;
-function computeShard(id) {
-  let hash = 2166136261;
-  for (let i = 0; i < id.length; i++) {
-    hash ^= id.charCodeAt(i);
-    hash = Math.imul(hash, 16777619);
-  }
-  return (hash >>> 0) % SHARD_COUNT;
-}
-// src/data/dynamo/entities/control/control-entity-common.ts
-var gsi1ShardAttribute = {
-  type: "string",
-  watch: ["id"],
-  set: (_val, item) => {
-    if (typeof item?.id !== "string" || item.id.length === 0) {
-      return void 0;
-    }
-    return String(computeShard(item.id));
-  }
-};
-var gsi1skAttribute = {
-  type: "string",
-  watch: ["resource", "lastUpdated", "id"],
-  set: (_val, item) => {
-    const id = typeof item?.id === "string" ? item.id : "";
-    const lastUpdated = typeof item?.lastUpdated === "string" ? item.lastUpdated : "";
-    const fallback = `${lastUpdated}#${id}`;
-    if (typeof item?.resource !== "string" || item.resource.length === 0) {
-      return fallback;
-    }
-    let parsed;
-    try {
-      parsed = JSON.parse(item.resource);
-    } catch {
-      return fallback;
-    }
-    if (!parsed || typeof parsed !== "object") return fallback;
-    const resourceType = parsed.resourceType;
-    if (typeof resourceType !== "string") return fallback;
-    const label = extractLabel(parsed);
-    return label !== void 0 ? `${label}#${id}` : fallback;
-  }
-};
-// src/data/dynamo/entities/control/configuration-entity.ts
-var ConfigurationEntity = new Entity({
-  model: {
-    entity: "configuration",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key. "CURRENT" for current version; version history in S3. */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** Tenant scope. Use "BASELINE" when the config is baseline default (no tenant). */
-    tenantId: {
-      type: "string",
-      required: true,
-      default: "BASELINE"
-    },
-    /** Workspace scope. Use "-" when absent. */
-    workspaceId: {
-      type: "string",
-      required: true,
-      default: "-"
-    },
-    /** User scope. Use "-" when absent. */
-    userId: {
-      type: "string",
-      required: true,
-      default: "-"
-    },
-    /** Role scope. Use "-" when absent. */
-    roleId: {
-      type: "string",
-      required: true,
-      default: "-"
-    },
-    /** Config type (category), e.g. endpoints, branding, display. */
-    key: {
-      type: "string",
-      required: true
-    },
-    /** FHIR Resource.id; logical id in URL and for the Configuration resource. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Payload as JSON string. JSON.stringify(resource) on write; JSON.parse(item.resource) on read. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, key, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). Tracks current version; S3 history key. */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK, SK (data store key names). PK is built from tenantId, workspaceId, userId, roleId; SK is built from key and sk. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["tenantId", "workspaceId", "userId", "roleId"],
-        template: "CONFIG#TID#${tenantId}#WID#${workspaceId}#UID#${userId}#RID#${roleId}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["key", "sk"],
-        template: "KEY#${key}#SK#${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Configuration entries for a
-     * (tenant, workspace) across the four shards. Use for "list configs scoped to this tenant"
-     * (workspaceId = "-") or "list configs scoped to this workspace". Does not support
-     * hierarchical resolution in one query; use base table GetItem in fallback order
-     * (user → workspace → tenant → baseline) for that.
-     * SK is `<key>#<id>` — Configuration's `key` is a required entity attribute (the
-     * config category: endpoints, branding, display, …) and the natural sort/lookup
-     * dimension. `casing: "none"` preserves the literal key value.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["tenantId", "workspaceId", "gsi1Shard"],
-        template: "TID#${tenantId}#WID#${workspaceId}#RT#Configuration#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["key", "id"],
-        template: "${key}#${id}"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/membership-entity.ts
-import { Entity as Entity2 } from "electrodb";
-var MembershipEntity = new Entity2({
-  model: {
-    entity: "membership",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** Tenant in which the user has membership (required). */
-    tenantId: {
-      type: "string",
-      required: true
-    },
-    /** FHIR Resource.id; membership id. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full Membership resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    },
-    /**
-     * Denormalized `linked-data-identity` Reference (e.g. `Practitioner/abc`).
-     * Populated from the FHIR extension on the Membership resource at write
-     * time so future GSIs can index data-plane identity lookups without
-     * deserializing the full resource JSON. See ADR 2026-03-13-02 §6.
-     */
-    linkedDataIdentityRef: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = TID#<tenantId>#MEMBERSHIP#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["tenantId", "id"],
-        template: "TID#${tenantId}#MEMBERSHIP#ID#${id}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Memberships for a tenant across the
-     * four shards. Membership is tenant-scoped only, so `WID#-` is a sentinel.
-     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
-     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
-     * normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["tenantId", "gsi1Shard"],
-        template: "TID#${tenantId}#WID#-#RT#Membership#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/role-entity.ts
-import { Entity as Entity3 } from "electrodb";
-var RoleEntity = new Entity3({
-  model: {
-    entity: "role",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** FHIR Resource.id; role id. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full Role resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = ROLE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["id"],
-        template: "ROLE#ID#${id}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Roles across the four shards.
-     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#Role#SHARD#<n>`.
-     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
-     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
-     * normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["gsi1Shard"],
-        template: "TID#-#WID#-#RT#Role#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/roleassignment-entity.ts
-import { Entity as Entity4 } from "electrodb";
-var RoleAssignmentEntity = new Entity4({
-  model: {
-    entity: "roleassignment",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** Tenant in which the role assignment applies (required). */
-    tenantId: {
-      type: "string",
-      required: true
-    },
-    /** FHIR Resource.id; role assignment id. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full RoleAssignment resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = TID#<tenantId>#ROLEASSIGNMENT#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["tenantId", "id"],
-        template: "TID#${tenantId}#ROLEASSIGNMENT#ID#${id}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all RoleAssignments for a tenant across the
-     * four shards. Tenant-scoped only, so `WID#-` is a sentinel.
-     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
-     * extractable, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves the
-     * normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["tenantId", "gsi1Shard"],
-        template: "TID#${tenantId}#WID#-#RT#RoleAssignment#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/tenant-entity.ts
-import { Entity as Entity5 } from "electrodb";
-var TenantEntity = new Entity5({
-  model: {
-    entity: "tenant",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** The tenant's own id (= resource id). Drives the partition key. */
-    tenantId: {
-      type: "string",
-      required: true
-    },
-    /** FHIR Resource.id; logical id in URL. Equals tenantId. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full Tenant resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = TENANT#ID#<tenantId>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["tenantId"],
-        template: "TENANT#ID#${tenantId}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Tenants across the four shards.
-     * Tenant lives at the platform tier (no parent tenant or workspace), so `TID#-#WID#-`
-     * sentinels precede `RT#Tenant#SHARD#<n>`. SK is derived via `gsi1skAttribute` —
-     * `<normalizedName>#<id>` when the resource carries a `name`, else `<lastUpdated>#<id>`
-     * (DR-004). `casing: "none"` preserves the normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["gsi1Shard"],
-        template: "TID#-#WID#-#RT#Tenant#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/user-entity.ts
-import { Entity as Entity6 } from "electrodb";
-var UserEntity = new Entity6({
-  model: {
-    entity: "user",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** FHIR Resource.id; platform user id (ohi_uid). */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full User resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Immutable Cognito-issued `sub` claim. Drives GSI2 (sub-lookup). Optional until the
-     * Post Confirmation Lambda (#770) lands; required thereafter.
-     */
-    cognitoSub: {
-      type: "string",
-      required: false
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = USER#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["id"],
-        template: "USER#ID#${id}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Users across the four shards.
-     * Non-tenant-isolated, so `TID#-#WID#-` sentinels precede `RT#User#SHARD#<n>`.
-     * SK is derived via `gsi1skAttribute` — uses the resource's natural label when
-     * extractable (string `name`/`title` via introspection), else `<lastUpdated>#<id>`
-     * (DR-004). `casing: "none"` preserves the normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["gsi1Shard"],
-        template: "TID#-#WID#-#RT#User#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    },
-    /**
-     * GSI2 — Cognito sub-lookup per ADR-011: resolves the UserEntity from a Cognito `sub` claim.
-     * `condition` skips the index when `cognitoSub` is missing so legacy items without a sub are
-     * not indexed.
-     */
-    gsi2: {
-      index: "GSI2",
-      condition: (attrs) => typeof attrs.cognitoSub === "string" && attrs.cognitoSub.length > 0,
-      pk: {
-        field: "GSI2PK",
-        casing: "none",
-        composite: ["cognitoSub"],
-        template: "USER#SUB#${cognitoSub}"
-      },
-      sk: {
-        field: "GSI2SK",
-        casing: "none",
-        composite: [],
-        template: "CURRENT"
-      }
-    }
-  }
-});
-// src/data/dynamo/entities/control/workspace-entity.ts
-import { Entity as Entity7 } from "electrodb";
-var WorkspaceEntity = new Entity7({
-  model: {
-    entity: "workspace",
-    service: "control",
-    version: "01"
-  },
-  attributes: {
-    /** Sort key sentinel. Always "CURRENT". */
-    sk: {
-      type: "string",
-      required: true,
-      default: "CURRENT"
-    },
-    /** Tenant that contains this workspace (required). */
-    tenantId: {
-      type: "string",
-      required: true
-    },
-    /** FHIR Resource.id; logical id in URL. */
-    id: {
-      type: "string",
-      required: true
-    },
-    /** Full Workspace resource serialized as JSON string. */
-    resource: {
-      type: "string",
-      required: true
-    },
-    /**
-     * Summary projection (key display fields as JSON string: id, displayName, status).
-     * Populated on every write via extractSummary(resource); GSI1 INCLUDE surfaces it on lists.
-     */
-    summary: {
-      type: "string",
-      required: true
-    },
-    /** Version id (e.g. ULID). */
-    vid: {
-      type: "string",
-      required: true
-    },
-    lastUpdated: {
-      type: "string",
-      required: true
-    },
-    gsi1Shard: gsi1ShardAttribute,
-    /** Derived GSI1 sort key — name-based when extractable; else `<lastUpdated>#<id>`. */
-    gsi1sk: gsi1skAttribute,
-    deleted: {
-      type: "boolean",
-      required: false
-    },
-    bundleId: {
-      type: "string",
-      required: false
-    },
-    msgId: {
-      type: "string",
-      required: false
-    }
-  },
-  indexes: {
-    /** Base table: PK = TID#<tenantId>#WORKSPACE#ID#<id>, SK = CURRENT. Do not supply PK or SK from outside. */
-    record: {
-      pk: {
-        field: "PK",
-        composite: ["tenantId", "id"],
-        template: "TID#${tenantId}#WORKSPACE#ID#${id}"
-      },
-      sk: {
-        field: "SK",
-        composite: ["sk"],
-        template: "${sk}"
-      }
-    },
-    /**
-     * GSI1 — Unified Sharded List per ADR-011: list all Workspaces for a tenant across the
-     * four shards. Workspace is itself the workspace identity, so `WID#-` is a sentinel.
-     * SK is derived via `gsi1skAttribute` — `<normalizedName>#<id>` when the resource
-     * carries a `name`, else `<lastUpdated>#<id>` (DR-004). `casing: "none"` preserves
-     * the normalized label and ISO-8601 `T`/`Z`.
-     */
-    gsi1: {
-      index: "GSI1",
-      pk: {
-        field: "GSI1PK",
-        composite: ["tenantId", "gsi1Shard"],
-        template: "TID#${tenantId}#WID#-#RT#Workspace#SHARD#${gsi1Shard}"
-      },
-      sk: {
-        field: "GSI1SK",
-        casing: "none",
-        composite: ["gsi1sk"],
-        template: "${gsi1sk}"
-      }
-    }
-  }
-});
-// src/data/dynamo/dynamo-control-service.ts
-var controlPlaneEntities = {
-  configuration: ConfigurationEntity,
-  membership: MembershipEntity,
-  role: RoleEntity,
-  roleAssignment: RoleAssignmentEntity,
-  tenant: TenantEntity,
-  user: UserEntity,
-  workspace: WorkspaceEntity
-};
-var controlPlaneService = new Service(controlPlaneEntities, {
-  table: defaultTableName,
-  client: dynamoClient
-});
-var DynamoControlService = {
-  entities: controlPlaneService.entities
-};
-function getDynamoControlService(tableName) {
-  const resolved = tableName ?? defaultTableName;
-  const service = new Service(controlPlaneEntities, {
-    table: resolved,
-    client: dynamoClient
-  });
-  return {
-    entities: service.entities
-  };
-}
-export {
-  defaultTableName,
-  dynamoClient,
-  SHARD_COUNT,
-  computeShard,
-  getDynamoControlService
-};
-//# sourceMappingURL=chunk-QR5JVSCF.mjs.map