@openhi/constructs 0.0.133 → 0.0.134

package/lib/index.d.ts

@@ -19,7 +19,7 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as rds from 'aws-cdk-lib/aws-rds';
 import { HostedZone, HostedZoneProps, IHostedZone, HostedZoneAttributes, ARecord } from 'aws-cdk-lib/aws-route53';
 import { StringParameterProps, StringParameter } from 'aws-cdk-lib/aws-ssm';
-import { Distribution, DistributionProps, CachePolicyProps, BehaviorOptions } from 'aws-cdk-lib/aws-cloudfront';
+import { Distribution, Function as Function$1, DistributionProps, CachePolicyProps, BehaviorOptions } from 'aws-cdk-lib/aws-cloudfront';
 import { StateMachine } from 'aws-cdk-lib/aws-stepfunctions';
 import { RenamableEntityType } from '@openhi/workflows';
 export { ControlPlaneOwningDeleteCompleteV1, ControlPlaneOwningDeleteCompleteV1Detail, ControlPlaneOwningDeleteFailedV1, ControlPlaneOwningDeleteFailedV1Detail, ControlPlaneOwningDeleteV1, ControlPlaneOwningDeleteV1Detail, ControlPlaneRenameCompleteV1, ControlPlaneRenameCompleteV1Detail, ControlPlaneRenameFailedV1, ControlPlaneRenameFailedV1Detail, ControlPlaneRenameV1, ControlPlaneRenameV1Detail, OPENHI_DATA_SOURCE, OPENHI_OPS_SOURCE, OWNING_ENTITY_TYPE, OwningEntityType, PlatformDeploymentCompletedV1, PlatformSystemDataSeededV1, RENAMABLE_ENTITY_TYPE, RenamableEntityType } from '@openhi/workflows';
@@ -1049,7 +1049,11 @@ declare abstract class OpenHiService extends Stack {
      */
     constructor(ohEnv: OpenHiEnvironment, id: string, props?: OpenHiServiceProps);
     /**
-     * DNS prefix for this branche's child zone.
+     * DNS prefix for this branche's child zone. Capped at 56 chars so
+     * that a `<service>-<prefix>` hostname segment stays under the 63-byte
+     * DNS label limit even for the longest current prefix (`admin-`, 6
+     * bytes; the matching API uses `api-`, 4 bytes). 56 leaves 1 byte of
+     * headroom on the longer side.
      */
     get childZonePrefix(): string;
 }
@@ -1666,7 +1670,7 @@ declare class DiscoverableStringParameter extends StringParameter {
 interface PerBranchHostnameProps {
     /**
      * Fully-qualified hostname to alias to the release-branch distribution
-     * (e.g. `admin-pr-123.dev.openhi.org`). Used as the ARecord's
+     * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`). Used as the ARecord's
      * `recordName`.
      */
     readonly hostname: string;
@@ -1687,7 +1691,7 @@ interface PerBranchHostnameProps {
 }
 /**
  * Creates a single Route53 `ARecord` that aliases a per-PR hostname (e.g.
- * `admin-pr-123.dev.openhi.org`) to the release-branch CloudFront
+ * `admin-feat-1093-patient-migration.dev.openhi.org`) to the release-branch CloudFront
  * distribution. The distribution domain and ID are resolved from SSM
  * parameters published by {@link StaticHosting}, addressed against the
  * containing service's {@link OpenHiService.releaseBranchHash} so a
@@ -1780,13 +1784,18 @@ declare class StaticContent extends Construct {
  */
 declare const STATIC_HOSTING_SERVICE_TYPE = "website";
 /**
- * Shared prefix for every per-PR preview hostname / S3 key
- * (`admin-pr-<N>.<zone>`). Consumed by both the `StaticHosting`
- * lifecycle rule (`prefixPattern`) and the per-PR deployment construct
- * (`computeSubDomain` in `OpenHiWebsiteService`) so the two sides
- * cannot drift — a unit test asserts they reference the same constant.
+ * Shared prefix for every per-PR preview hostname / S3 key. Per-PR
+ * uploads land under `admin-<branch-prefix>.<zone>/...` and the
+ * lifecycle rule below expires every object whose key starts with
+ * `admin-`. Release-branch content lands under `admin.<zone>/...`
+ * (note byte 5 is `.`, not `-`); S3 prefix matching is byte-exact from
+ * byte 0, so `admin-` and `admin.` are disjoint — the rule never
+ * matches release content. The constant is locked to the admin-console
+ * domain prefix because no other website service currently consumes
+ * per-PR previews; parameterize on `domainPrefix` when a second
+ * consumer appears.
  */
-declare const PER_BRANCH_PREVIEW_PREFIX = "admin-pr-";
+declare const PER_BRANCH_PREVIEW_PREFIX = "admin-";
 /**
  * Default TTL applied to objects matching the `prefixPattern` lifecycle
  * rule when `enablePreviewLifecycle` is `true` and `previewExpiration`
@@ -1859,21 +1868,40 @@ interface StaticHostingProps {
      */
     readonly description?: string;
     /**
-     * When supplied, the distribution proxies `/api/*` to the supplied REST
-     * API custom domain (e.g. `api.example.com`). Two CloudFront behaviors
-     * are added:
+     * When supplied, the distribution proxies API traffic to the supplied
+     * REST API custom domain (e.g. `api.example.com`). Three CloudFront
+     * behaviors are added — `/config.json`, `/api/control/runtime-config`,
+     * and `/api/*` — and each is wired with two edge stages so per-PR
+     * websites reach their own per-PR API gateway:
      *
-     * - `/api/control/runtime-config` — cached for `runtimeConfigCacheTtl`
-     *   (default 5min) with the `v` query-string parameter in the cache key,
-     *   so the admin-console's bundle-hash-driven cache buster reaches a hot
-     *   CDN cache on every deploy without manual invalidation.
-     * - `/api/*` — `CachePolicy.CACHING_DISABLED`, all methods allowed,
-     *   `OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER` so CloudFront
-     *   sets the Host header to the origin's custom domain (required for
-     *   API Gateway's custom-domain mapping).
+     * 1. **Viewer-request CloudFront Function** copies the viewer `Host`
+     *    header into `x-viewer-host` before CloudFront strips `Host` per
+     *    `ALL_VIEWER_EXCEPT_HOST_HEADER`. The `/config.json` function
+     *    additionally rewrites the URI to the configured
+     *    `runtimeConfigPath` (defaults to `/control/runtime-config`).
+     * 2. **Origin-request Lambda@Edge** reads `x-viewer-host`, computes
+     *    the matching API host by swapping `hostMapping.viewerPrefix` for
+     *    `hostMapping.apiPrefix` at the start of the host, and overrides
+     *    both `request.origin.custom.domainName` and the upstream `Host`
+     *    header so the upstream's custom-domain mapping resolves to the
+     *    correct per-PR stack.
      *
-     * Neither behavior is wired through the viewer-request edge Lambda —
-     * SPA path rewriting only applies to the default S3 origin.
+     * `runtimeConfigPath` and `hostMapping` default to the OpenHI
+     * admin-console / REST API values; downstream consumers (e.g. a
+     * marketing site with its own bootstrap path and origin pair) can
+     * override them per-site without touching the construct.
+     *
+     * Behavior cache keys:
+     * - `/config.json` and `/api/control/runtime-config` share a cache
+     *   policy whose cache key includes the `v` query string AND the
+     *   `Host` header. The `Host` partition prevents PR-A's runtime
+     *   config from being served from PR-B's cache slot.
+     * - `/api/*` uses `CachePolicy.CACHING_DISABLED`, so no cache-key
+     *   partitioning is needed.
+     *
+     * None of these behaviors are wired through the default-behavior
+     * viewer-request edge Lambda — SPA path rewriting only applies to
+     * the default S3 origin.
      *
      * @default - no REST API proxy; the distribution serves S3 only
      */
@@ -1891,6 +1919,33 @@ interface StaticHostingProps {
             readonly defaultTtl?: Duration;
             readonly maxTtl?: Duration;
         };
+        /**
+         * Path the viewer-request CloudFront Function rewrites `/config.json`
+         * to on the REST API origin. Override when a downstream consumer
+         * bootstraps its SPA from a different endpoint.
+         *
+         * @default "/control/runtime-config" — the OpenHI admin-console
+         *   runtime-config endpoint.
+         */
+        readonly runtimeConfigPath?: string;
+        /**
+         * Host-prefix substitution applied by the origin-request Lambda@Edge.
+         * `viewerPrefix` is matched at the start of the viewer's `Host`
+         * header; when it matches, the upstream `Host` (and the custom
+         * origin's `domainName`) becomes `apiPrefix + viewerHost.slice(viewerPrefix.length)`.
+         *
+         * The prefixes are baked into the Lambda@Edge bundle via esbuild
+         * `define` at synth time (Lambda@Edge forbids runtime env vars), so
+         * a change requires re-deploying the website stack.
+         *
+         * @default `{ viewerPrefix: "admin", apiPrefix: "api" }` — maps
+         *   `admin[-<branch>].<zone>` -> `api[-<branch>].<zone>` for the
+         *   OpenHI admin-console / REST API pair.
+         */
+        readonly hostMapping?: {
+            readonly viewerPrefix: string;
+            readonly apiPrefix: string;
+        };
     };
     /**
      * S3 key prefix that the per-PR preview lifecycle rule matches. Must
@@ -1953,13 +2008,47 @@ declare class StaticHosting extends Construct {
     readonly bucket: IBucket;
     readonly distribution: Distribution;
     readonly viewerRequestHandler: NodejsFunction;
+    /**
+     * Viewer-request CloudFront Function attached to the `/config.json`
+     * behavior. Rewrites the URI to `/control/runtime-config` and copies
+     * the viewer `Host` header into `x-viewer-host` so the origin-request
+     * Lambda@Edge can pick the matching per-PR API origin. Only present
+     * when the `restApi` prop is supplied.
+     */
+    readonly configJsonRewriteFunction?: Function$1;
+    /**
+     * Viewer-request CloudFront Function attached to the `/api/*`
+     * behavior. Copies the viewer `Host` header into `x-viewer-host` so
+     * the origin-request Lambda@Edge can route to the matching per-PR
+     * API origin (the `ALL_VIEWER_EXCEPT_HOST_HEADER` origin-request
+     * policy strips the literal `Host` header). Only present when the
+     * `restApi` prop is supplied.
+     */
+    readonly hostCopyFunction?: Function$1;
+    /**
+     * Origin-request Lambda@Edge attached to the `/config.json`,
+     * `/api/control/runtime-config`, and `/api/*` behaviors. Reads
+     * `x-viewer-host` and overrides the upstream origin's `domainName`
+     * (and the `Host` header) to the matching per-PR API host so PR-A's
+     * website calls PR-A's API. Only present when the `restApi` prop is
+     * supplied.
+     */
+    readonly originRequestHandler?: NodejsFunction;
     constructor(scope: Construct, id: string, props: StaticHostingProps);
     /**
-     * Builds the `/api/*` and `/api/control/runtime-config` behaviors backed
-     * by the REST API custom-domain origin. Returns `undefined` when no
-     * `restApi` prop is supplied so the Distribution stays S3-only.
+     * Builds the `/config.json`, `/api/*`, and `/api/control/runtime-config`
+     * behaviors backed by the REST API custom-domain origin, plus the
+     * viewer-request CloudFront Functions and the origin-request
+     * Lambda@Edge that route each request to the matching per-PR API
+     * origin. Returns `undefined` when no `restApi` prop is supplied so
+     * the Distribution stays S3-only.
      */
-    protected buildRestApiBehaviors(branchHash: string, restApi: StaticHostingProps["restApi"]): Record<string, BehaviorOptions> | undefined;
+    protected buildRestApiBehaviors(branchHash: string, restApi: StaticHostingProps["restApi"]): {
+        behaviors: Record<string, BehaviorOptions>;
+        configJsonRewriteFunction: Function$1;
+        hostCopyFunction: Function$1;
+        originRequestHandler: NodejsFunction;
+    } | undefined;
 }
 
 interface ProvisionDefaultWorkspaceLambdaProps {
@@ -2810,12 +2899,6 @@ declare class OpenHiGraphqlService extends OpenHiService {
     protected createRootGraphqlApi(): RootGraphqlApi;
 }
 
-/**
- * Environment variable that supplies the PR number on non-release website
- * deploys. Sibling of `GIT_BRANCH_NAME` used by `OpenHiService`. CI sets
- * this from `github.event.pull_request.number`.
- */
-declare const OPENHI_PR_NUMBER_ENV_VAR = "OPENHI_PR_NUMBER";
 /**
  * @see sites/www-docs/content/packages/@openhi/constructs/services/open-hi-website-service.md
  */
@@ -2882,18 +2965,6 @@ interface OpenHiWebsiteServiceProps extends OpenHiServiceProps {
      * @default false
      */
     readonly restApi?: boolean;
-    /**
-     * Pull-request number used to compute the per-PR preview hostname
-     * (`\<domainPrefix\>-pr-\<N\>.\<zone\>`). Falls back to the
-     * `OPENHI_PR_NUMBER` env var when omitted — CI workflows set the env
-     * var from `github.event.pull_request.number`.
-     *
-     * Required on non-release-branch deploys; ignored on release-branch
-     * deploys where the hostname is `\<domainPrefix\>.\<zone\>`.
-     *
-     * @default - parsed from `OPENHI_PR_NUMBER` env var when set
-     */
-    readonly prNumber?: number;
 }
 /**
  * SSM parameter name suffix for the website's full domain
@@ -2946,7 +3017,9 @@ declare class OpenHiWebsiteService extends OpenHiService {
      * Full domain served by this website. On the release branch this is
      * `<domainPrefix>.<zone>` (e.g. `admin.dev.openhi.org`); on every
      * other branch it is the per-PR preview hostname
-     * `<domainPrefix>-pr-<N>.<zone>` (e.g. `admin-pr-123.dev.openhi.org`).
+     * `<domainPrefix>-<childZonePrefix>.<zone>`
+     * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`), where
+     * `childZonePrefix` is `paramCase(branchName)` truncated to 56 chars.
      */
     readonly fullDomain: string;
     /**
@@ -2965,17 +3038,11 @@ declare class OpenHiWebsiteService extends OpenHiService {
     /**
      * Per-PR alias record. Created on non-release-branch deploys (when
      * `createHostingInfrastructure` is left at its default) so the PR
-     * hostname `<domainPrefix>-pr-<N>.<zone>` resolves to the
+     * hostname `<domainPrefix>-<childZonePrefix>.<zone>` resolves to the
      * release-branch CloudFront distribution. `undefined` on release-branch
      * deploys and on bootstrap deploys that force hosting infra on.
      */
     readonly perBranchHostname?: PerBranchHostname;
-    /**
-     * Pull-request number resolved from props or `OPENHI_PR_NUMBER`.
-     * `undefined` on release-branch deploys (where the hostname is
-     * `<domainPrefix>.<zone>` and no PR number is needed).
-     */
-    readonly prNumber?: number;
     constructor(ohEnv: OpenHiEnvironment, props: OpenHiWebsiteServiceProps);
     /**
      * Validates that config required for the website stack is present.
@@ -2995,17 +3062,12 @@ declare class OpenHiWebsiteService extends OpenHiService {
      */
     protected createCertificate(): ICertificate;
     /**
-     * Resolves the PR number from props or the `OPENHI_PR_NUMBER` env var.
-     * Returns `undefined` on release-branch deploys where no PR number is
-     * needed.
-     */
-    protected resolvePrNumber(props: OpenHiWebsiteServiceProps): number | undefined;
-    /**
-     * Computes the full website domain from `domainPrefix`, the PR number,
-     * and the child zone name. Release-branch deploys serve at
-     * `\<domainPrefix\>.\<zone\>` (e.g. `admin.dev.openhi.org`); every other
-     * deploy serves a per-PR preview at `\<domainPrefix\>-pr-\<N\>.\<zone\>`
-     * (e.g. `admin-pr-123.dev.openhi.org`).
+     * Computes the full website domain from `domainPrefix`,
+     * `childZonePrefix`, and the child zone name. Release-branch deploys
+     * serve at `\<domainPrefix\>.\<zone\>` (e.g. `admin.dev.openhi.org`);
+     * every other deploy serves a per-PR preview at
+     * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>`
+     * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`).
      */
     protected computeFullDomain(hostedZone: IHostedZone): string;
     /**
@@ -3014,8 +3076,11 @@ declare class OpenHiWebsiteService extends OpenHiService {
      * key prefix passed to {@link StaticContent} so the upload prefix
      * always matches the served hostname.
      *
-     * Non-release deploys compose the per-PR slug from
-     * {@link PER_BRANCH_PREVIEW_PREFIX} so the per-PR S3 key prefix
+     * Non-release deploys compose the per-PR slug as
+     * `\<domainPrefix\>-\<childZonePrefix\>`, mirroring the REST API's
+     * `api-\<childZonePrefix\>` convention. When `domainPrefix` is `admin`
+     * (the only consumer today), the resulting sub-domain starts with
+     * {@link PER_BRANCH_PREVIEW_PREFIX}, so the per-PR S3 key prefix
      * matches what `StaticHosting`'s lifecycle rule expires.
      */
     protected computeSubDomain(): string;
@@ -3059,15 +3124,17 @@ declare class OpenHiWebsiteService extends OpenHiService {
      * The S3 key prefix is `\<sub-domain\>.\<zone\>/\<contentDest\>` so the
      * upload location matches the Host-header-derived folder the Lambda@Edge
      * viewer-request handler prepends. Passing the zone name (rather than
-     * `this.fullDomain`) for the `fullDomain` prop keeps the prefix flat
-     * — `admin-pr-123.dev.openhi.org/`, not `admin-pr-123.admin.dev.openhi.org/`.
+     * `this.fullDomain`) for the `fullDomain` prop keeps the prefix flat —
+     * `admin-feat-foo.dev.openhi.org/`, not
+     * `admin-feat-foo.admin.dev.openhi.org/`.
      */
     protected createStaticContent(bucket: IBucket): StaticContent;
     /**
      * Creates the per-PR `PerBranchHostname` alias record on non-release
-     * branch deploys. The record points `\<domainPrefix\>-pr-\<N\>.\<zone\>`
-     * at the release-branch CloudFront distribution (resolved from SSM
-     * against {@link OpenHiService.releaseBranchHash}).
+     * branch deploys. The record points
+     * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>` at the release-branch
+     * CloudFront distribution (resolved from SSM against
+     * {@link OpenHiService.releaseBranchHash}).
      */
     protected createPerBranchHostname(hostedZone: IHostedZone): PerBranchHostname;
     /**
@@ -3264,5 +3331,5 @@ declare class RenameCascadeWorkflow extends Construct {
     constructor(scope: Construct, props: RenameCascadeWorkflowProps);
 }
 
-export { BRIDGED_STATUSES, CLOUDFORMATION_EVENT_SOURCE, CLOUDFORMATION_STACK_STATUS_CHANGE_DETAIL_TYPE, CONTROL_EVENT_BUS_NAME_ENV_VAR, ChildHostedZone, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DEMO_PERIOD, DEMO_TENANT_SPECS, DEMO_URN_SYSTEM, DEV_USERS, DataEventBus, DataStoreHistoricalArchive, DataStorePostgresReplica, DiscoverableStringParameter, DynamoDbDataStore, OPENHI_PR_NUMBER_ENV_VAR, OPENHI_REPO_TAG_KEY_ENV_VAR, OPENHI_RESOURCE_URN_SYSTEM, OPENHI_TAG_KEY_PREFIX_ENV_VAR, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OWNING_DELETE_CASCADE_CONSUMER_NAME, OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY, OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES, OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR, OpenHiApp, OpenHiAuthService, OpenHiDataService, OpenHiEnvironment, OpenHiGlobalService, OpenHiGraphqlService, OpenHiRestApiService, OpenHiService, OpenHiStage, OpenHiWebsiteService, OpsEventBus, OwningDeleteCascadeLambdas, OwningDeleteCascadeWorkflow, PER_BRANCH_PREVIEW_PREFIX, PLACEHOLDER_TENANT_ID, PLACEHOLDER_WORKSPACE_ID, PLATFORM_DEPLOY_BRIDGE_ACTOR_SYSTEM, PLATFORM_SCOPE_TENANT_ID, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE, PerBranchHostname, PlatformDeployBridge, PlatformDeployBridgeLambda, PostAuthenticationLambda, PostConfirmationLambda, PreTokenGenerationLambda, ProvisionDefaultWorkspaceLambda, RENAME_CASCADE_CONSUMER_NAME, RENAME_CASCADE_DEFAULT_CONCURRENCY, RENAME_CASCADE_FAILED_THRESHOLD, RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR, RENAME_CASCADE_SLOW_THRESHOLD_SECONDS, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, RenameCascadeWorkflow, RootGraphqlApi, RootHostedZone, RootHttpApi, RootWildcardCertificate, SEED_DEMO_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, SeedDemoDataWorkflow, SeedSystemDataLambda, SeedSystemDataWorkflow, StaticContent, StaticHosting, USER_ONBOARDING_EVENT_SOURCE, UserOnboardingWorkflow, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, buildFhirCurrentResourceChangeDetail, buildProvisionDefaultWorkspaceRequestedDetail, computeBranchHash, demoMembershipId, demoRoleAssignmentId, demoRolesForUserInTenant, demoScenarioIdentifier, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey, openhiResourceIdentifier };
+export { BRIDGED_STATUSES, CLOUDFORMATION_EVENT_SOURCE, CLOUDFORMATION_STACK_STATUS_CHANGE_DETAIL_TYPE, CONTROL_EVENT_BUS_NAME_ENV_VAR, ChildHostedZone, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DEMO_PERIOD, DEMO_TENANT_SPECS, DEMO_URN_SYSTEM, DEV_USERS, DataEventBus, DataStoreHistoricalArchive, DataStorePostgresReplica, DiscoverableStringParameter, DynamoDbDataStore, OPENHI_REPO_TAG_KEY_ENV_VAR, OPENHI_RESOURCE_URN_SYSTEM, OPENHI_TAG_KEY_PREFIX_ENV_VAR, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OWNING_DELETE_CASCADE_CONSUMER_NAME, OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY, OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES, OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR, OpenHiApp, OpenHiAuthService, OpenHiDataService, OpenHiEnvironment, OpenHiGlobalService, OpenHiGraphqlService, OpenHiRestApiService, OpenHiService, OpenHiStage, OpenHiWebsiteService, OpsEventBus, OwningDeleteCascadeLambdas, OwningDeleteCascadeWorkflow, PER_BRANCH_PREVIEW_PREFIX, PLACEHOLDER_TENANT_ID, PLACEHOLDER_WORKSPACE_ID, PLATFORM_DEPLOY_BRIDGE_ACTOR_SYSTEM, PLATFORM_SCOPE_TENANT_ID, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE, PerBranchHostname, PlatformDeployBridge, PlatformDeployBridgeLambda, PostAuthenticationLambda, PostConfirmationLambda, PreTokenGenerationLambda, ProvisionDefaultWorkspaceLambda, RENAME_CASCADE_CONSUMER_NAME, RENAME_CASCADE_DEFAULT_CONCURRENCY, RENAME_CASCADE_FAILED_THRESHOLD, RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR, RENAME_CASCADE_SLOW_THRESHOLD_SECONDS, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, RenameCascadeWorkflow, RootGraphqlApi, RootHostedZone, RootHttpApi, RootWildcardCertificate, SEED_DEMO_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, SeedDemoDataWorkflow, SeedSystemDataLambda, SeedSystemDataWorkflow, StaticContent, StaticHosting, USER_ONBOARDING_EVENT_SOURCE, UserOnboardingWorkflow, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, buildFhirCurrentResourceChangeDetail, buildProvisionDefaultWorkspaceRequestedDetail, computeBranchHash, demoMembershipId, demoRoleAssignmentId, demoRolesForUserInTenant, demoScenarioIdentifier, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey, openhiResourceIdentifier };
 export type { BridgedStatus, BuildParameterNameProps, CascadeChunkInput, CascadeFinalizeInput, CascadeFinalizeOutput, CascadeListInput, CascadeListOutput, ChildHostedZoneProps, CloudFormationStackStatusChangeDetail, ComputeBranchHashOptions, DataEventBusOptions, DataStoreHistoricalArchiveProps, DataStorePostgresReplicaProps, DemoDevUser, DemoTenantSpec, DemoWorkspaceDataPlaneFixtures, DemoWorkspaceSpec, DiscoverableStringParameterProps, DynamoDbDataStoreProps, FhirCurrentResourceChangeDetail, GrantConsumerOptions, HostingMode, OpenHiAppProps, OpenHiAuthServiceProps, OpenHiDataServiceProps, OpenHiEnvironmentProps, OpenHiGlobalServiceProps, OpenHiGraphqlServiceProps, OpenHiRestApiRuntimeConfig, OpenHiRestApiServiceProps, OpenHiServiceProps, OpenHiServiceType, OpenHiStageProps, OpenHiWebsiteServiceProps, OwningDeleteCascadeLambdasProps, OwningDeleteCascadeWorkflowProps, PerBranchHostnameProps, PlatformDeployBridgeLambdaProps, PlatformDeployBridgeProps, PostConfirmationLambdaProps, PreTokenGenerationLambdaProps, ProvisionDefaultWorkspaceLambdaProps, ProvisionDefaultWorkspaceRequestedDetail, RenameCascadeChunkInput, RenameCascadeFinalizeInput, RenameCascadeFinalizeOutput, RenameCascadeLambdasProps, RenameCascadeListInput, RenameCascadeListOutput, RenameCascadeWorkflowProps, RootGraphqlApiProps, RootHttpApiProps, SeedDemoDataLambdaProps, SeedDemoDataWorkflowProps, SeedSystemDataLambdaProps, SeedSystemDataWorkflowProps, StaticContentProps, StaticHostingProps, UserOnboardingWorkflowProps, WorkflowDedupTableProps };