@openhi/constructs 0.0.134 → 0.0.136

package/lib/index.d.mts

@@ -2,7 +2,7 @@ import { OPEN_HI_STAGE, OPEN_HI_DEPLOYMENT_TARGET_ROLE, OpenHiEnvironmentConfig,
 import { Stage, StageProps, App, AppProps, Stack, StackProps, RemovalPolicy, Duration } from 'aws-cdk-lib';
 import { IConstruct, Construct } from 'constructs';
 import { Certificate, CertificateProps, ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
-import { HttpApiProps, HttpApi, IHttpApi, DomainName } from 'aws-cdk-lib/aws-apigatewayv2';
+import { HttpApiProps, HttpApi, IHttpApi, DomainName, CorsPreflightOptions } from 'aws-cdk-lib/aws-apigatewayv2';
 import { GraphqlApi, IGraphqlApi, GraphqlApiProps } from 'aws-cdk-lib/aws-appsync';
 import { UserPool, UserPoolProps, UserPoolClient, UserPoolClientProps, UserPoolDomain, UserPoolDomainProps, IUserPool, IUserPoolClient, IUserPoolDomain } from 'aws-cdk-lib/aws-cognito';
 import { Key, KeyProps, IKey } from 'aws-cdk-lib/aws-kms';
@@ -277,6 +277,24 @@ declare class OpenHiApp extends App {
  * @public
  */
 type OpenHiServiceType = "auth" | "rest-api" | "data" | "global" | "graphql-api" | "website";
+/**
+ * Inputs to {@link OpenHiService.composeServiceDomain}. All fields are
+ * supplied by the caller — the helper itself reads no environment state.
+ *
+ * @public
+ */
+interface ComposeServiceDomainOptions {
+    /** Sub-domain prefix (e.g. `"api"`, `"admin"`). */
+    readonly domainPrefix: string;
+    /** Branch name being deployed. */
+    readonly branchName: string;
+    /** Release branch name (e.g. `"main"`). */
+    readonly defaultReleaseBranch: string;
+    /** Per-branch child-zone prefix (typically `paramCase(branchName)` truncated). */
+    readonly childZonePrefix: string;
+    /** DNS zone name (e.g. `"dev.openhi.org"`). */
+    readonly zoneName: string;
+}
 /**
  * Tag-key suffixes applied by every OpenHiService stack via Tags.of().
  * Full keys are composed `${appName}:${suffix}` — see {@link openHiTagKey}.
@@ -341,6 +359,46 @@ interface OpenHiServiceProps extends StackProps {
 declare abstract class OpenHiService extends Stack {
     ohEnv: OpenHiEnvironment;
     props: OpenHiServiceProps;
+    /**
+     * Compose the full per-deploy domain for an OpenHI service.
+     *
+     * On the release branch (`branchName === defaultReleaseBranch`), the
+     * full domain is `<domainPrefix>.<zoneName>`. On every other branch
+     * the per-PR preview hostname is
+     * `<domainPrefix>-<childZonePrefix>.<zoneName>`.
+     *
+     * Pure helper — reads no environment state. Subclasses expose thin
+     * statics (`composeFullDomain`) that fill in `domainPrefix` from their
+     * own service constant and delegate here.
+     */
+    static composeServiceDomain(opts: ComposeServiceDomainOptions): string;
+    /**
+     * Compute the `childZonePrefix` segment for a given branch — kebab-cased
+     * and truncated to {@link CHILD_ZONE_PREFIX_MAX_LENGTH}. Matches the
+     * per-instance {@link OpenHiService.childZonePrefix} getter so consumers
+     * can compose hostnames identical to the service's own without
+     * instantiating it.
+     */
+    static computeChildZonePrefix(branchName: string): string;
+    /**
+     * Resolve the branch context the service would compute internally given
+     * an environment and optional overrides. Mirrors the same defaulting
+     * (props override → JEST sentinel → `GIT_BRANCH_NAME` env → git
+     * detection on DEV → release branch on stage/prod) the
+     * {@link OpenHiService} constructor uses.
+     *
+     * Consumers (e.g. sibling stack entries) call this to predict the
+     * branch values a service will see at synth time so they can compose
+     * hostnames against the same inputs.
+     */
+    static resolveBranchContext(ohEnv: OpenHiEnvironment, overrides?: {
+        branchName?: string;
+        defaultReleaseBranch?: string;
+    }): {
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+    };
     /**
      * The service/stack ID that was passed to the constructor.
      */
@@ -1794,35 +1852,12 @@ declare class OpenHiGlobalService extends OpenHiService {
 /**
  * @see sites/www-docs/content/packages/@openhi/constructs/services/open-hi-rest-api-service.md
  */
-/**
- * Caller-supplied portion of the runtime-config payload exposed through the
- * public `GET /control/runtime-config` route. The three Cognito IDs are
- * resolved inside the service via SSM lookups against the auth stack, and
- * the API base URL is derived from this stack's own custom domain — so the
- * caller only supplies the OAuth redirect URI (depends on the website's
- * domain).
- */
-interface OpenHiRestApiRuntimeConfig {
-    /** OAuth redirect URI registered on the User Pool client (e.g. https://admin.example.com/oauth/callback). */
-    readonly cognitoRedirectUri: string;
-}
 interface OpenHiRestApiServiceProps extends OpenHiServiceProps {
     /**
      * Optional props passed through to the RootHttpApi (API Gateway HTTP API) construct.
      * Use corsPreflight (CDK CorsPreflightOptions) for CORS; other HttpApiProps (e.g. description, disableExecuteApiEndpoint) apply as well.
      */
     readonly rootHttpApiProps?: RootHttpApiProps;
-    /**
-     * Values exposed through the public `GET /control/runtime-config` route.
-     * When supplied, the service plumbs five `OPENHI_RUNTIME_CONFIG_*`
-     * environment variables to the REST API Lambda — the three Cognito IDs
-     * are resolved internally from the auth stack via SSM, the API base URL
-     * is derived from this stack's own custom domain (e.g.
-     * `https://api.<zone>`), and the OAuth redirect URI is passed verbatim.
-     *
-     * Omit to leave the route returning 500 (missing-env-var diagnostic).
-     */
-    readonly runtimeConfig?: OpenHiRestApiRuntimeConfig;
 }
 /**
  * SSM parameter name suffix for the REST API base URL.
@@ -1835,12 +1870,40 @@ declare const REST_API_BASE_URL_SSM_NAME = "REST_API_BASE_URL";
  * the CloudFront `/api/*` origin host.
  */
 declare const REST_API_DOMAIN_NAME_SSM_NAME = "REST_API_DOMAIN_NAME";
+/**
+ * Localhost / 127.0.0.1 dev origins auto-injected into CORS `allowOrigins`
+ * on every non-prod (`stageType !== "prod"`) REST API deploy. Both schemes
+ * (`http`, `https`) and both ports the local SPAs use (`3000`, `5173`) are
+ * covered so admin-console / on-site previews running on `localhost` or
+ * `127.0.0.1` can call the API direct cross-origin without per-consumer
+ * boilerplate.
+ */
+declare const DEV_CORS_ALLOW_ORIGINS: ReadonlyArray<string>;
 /**
  * REST API service stack: HTTP API, custom domain, and Lambda; exports base URL via SSM.
  * Resources are created in protected methods; subclasses may override to customize.
  */
 declare class OpenHiRestApiService extends OpenHiService {
     static readonly SERVICE_TYPE: "rest-api";
+    /**
+     * Sub-domain prefix used by the REST API. Release-branch hostname is
+     * `api.<zone>`; per-PR preview hostname is `api-<childZonePrefix>.<zone>`.
+     */
+    static readonly API_DOMAIN_PREFIX = "api";
+    /**
+     * Compose the REST API's full per-deploy domain. Thin wrapper over
+     * {@link OpenHiService.composeServiceDomain} that pins `domainPrefix`
+     * to {@link API_DOMAIN_PREFIX}.
+     *
+     * Use from sibling stacks that need to predict the API's hostname
+     * before the REST API stack is synthesised.
+     */
+    static composeFullDomain(opts: {
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+        zoneName: string;
+    }): string;
     /**
      * Returns an IHttpApi by looking up the REST API stack's HTTP API ID from SSM.
      */
@@ -1884,6 +1947,9 @@ declare class OpenHiRestApiService extends OpenHiService {
     protected createCertificate(): ICertificate;
     /**
      * Returns the API domain name string (e.g. api.example.com or api-\{prefix\}.example.com).
+     * Delegates to {@link OpenHiRestApiService.composeFullDomain} so the
+     * release-vs-feature composition stays in one place; picks up
+     * `this.defaultReleaseBranch` (not a hard-coded `"main"`).
      * Override to customize.
      */
     protected createApiDomainNameString(hostedZone: IHostedZone): string;
@@ -1917,18 +1983,24 @@ declare class OpenHiRestApiService extends OpenHiService {
      * Override to customize.
      */
     protected createRootHttpApi(domainName: DomainName): RootHttpApi;
+    /**
+     * Builds the full `CorsPreflightOptions` from a merged origins array,
+     * filling defaults for `allowMethods`/`allowHeaders`/`allowCredentials`/
+     * `maxAge` from the caller-supplied block when present.
+     */
+    protected buildCorsPreflightOptions(allowOrigins: ReadonlyArray<string>, cors: CorsPreflightOptions | undefined): CorsPreflightOptions;
     /**
      * Builds the `OPENHI_RUNTIME_CONFIG_*` env-var map the REST API Lambda
-     * exposes through `GET /control/runtime-config`. Returns `undefined` when
-     * the `runtimeConfig` prop is omitted so no env vars are set.
-     *
-     * The three Cognito IDs are resolved via SSM lookups against the auth
-     * stack from a dedicated sub-scope (`runtime-config`) so they don't
-     * collide with the user-pool / user-pool-client constructs already
-     * created in {@link createRootHttpApi}. `apiBaseUrl` is derived from
-     * this stack's own custom domain so callers don't have to hardcode it.
+     * exposes through `GET /control/runtime-config`. The four values are
+     * always populated — the three Cognito IDs are resolved via SSM lookups
+     * against the auth stack from a dedicated sub-scope (`runtime-config`)
+     * so they don't collide with the user-pool / user-pool-client constructs
+     * already created in {@link createRootHttpApi}, and `apiBaseUrl` is
+     * derived from this stack's own custom domain. The OAuth callback URL
+     * is no longer plumbed through the API — the admin-console derives it
+     * client-side from `window.location.origin`.
      */
-    protected resolveRuntimeConfigEnvVars(): Record<string, string> | undefined;
+    protected resolveRuntimeConfigEnvVars(): Record<string, string>;
 }
 
 /**
@@ -2334,6 +2406,17 @@ interface OpenHiWebsiteServiceProps extends OpenHiServiceProps {
  * (e.g. www.example.com).
  */
 declare const SSM_PARAM_NAME_FULL_DOMAIN = "WEBSITE_FULL_DOMAIN";
+/**
+ * Sub-domain prefix the openhi admin console is deployed under. The
+ * website-service deploys at `admin.<zone>` (release branch) or
+ * `admin-<childZonePrefix>.<zone>` (per-PR), so any stack that needs to
+ * reference the admin console's hostname — most notably the REST API
+ * stack composing its CORS `allowOrigins` — should import this constant
+ * rather than redeclaring the literal.
+ *
+ * @public
+ */
+declare const ADMIN_DOMAIN_PREFIX = "admin";
 /**
  * Website service stack. Release-branch deploys compose `StaticHosting`
  * (bucket + CloudFront distribution with a wildcard SAN for per-PR
@@ -2348,6 +2431,28 @@ declare const SSM_PARAM_NAME_FULL_DOMAIN = "WEBSITE_FULL_DOMAIN";
  */
 declare class OpenHiWebsiteService extends OpenHiService {
     static readonly SERVICE_TYPE: "website";
+    /**
+     * Default `domainPrefix` for this service when none is supplied.
+     * Release-branch hostname is `www.<zone>`; per-PR preview hostname is
+     * `www-<childZonePrefix>.<zone>`.
+     */
+    static readonly DEFAULT_DOMAIN_PREFIX = "www";
+    /**
+     * Compose the website's full per-deploy domain. Thin wrapper over
+     * {@link OpenHiService.composeServiceDomain} that fills in
+     * {@link DEFAULT_DOMAIN_PREFIX} when `domainPrefix` is omitted.
+     *
+     * Use from sibling stacks that need to predict the website's hostname
+     * before the website stack is synthesised — e.g. the REST API stack
+     * computing its CORS `allowOrigins` for the admin-console.
+     */
+    static composeFullDomain(opts: {
+        domainPrefix?: string;
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+        zoneName: string;
+    }): string;
     /**
      * Looks up the static-hosting bucket ARN published by the release-branch
      * deploy of this service.
@@ -2431,13 +2536,16 @@ declare class OpenHiWebsiteService extends OpenHiService {
      * every other deploy serves a per-PR preview at
      * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>`
      * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`).
+     *
+     * Delegates to {@link OpenHiWebsiteService.composeFullDomain} so the
+     * release-vs-feature composition stays in one place.
      */
     protected computeFullDomain(hostedZone: IHostedZone): string;
     /**
      * Returns the sub-domain label (left of the zone) for the current
-     * deploy. Used both for {@link fullDomain} and for the per-branch S3
-     * key prefix passed to {@link StaticContent} so the upload prefix
-     * always matches the served hostname.
+     * deploy. Used for the per-branch S3 key prefix passed to
+     * {@link StaticContent} so the upload prefix always matches the
+     * served hostname.
      *
      * Non-release deploys compose the per-PR slug as
      * `\<domainPrefix\>-\<childZonePrefix\>`, mirroring the REST API's
@@ -2694,4 +2802,4 @@ declare class RenameCascadeWorkflow extends Construct {
     constructor(scope: Construct, props: RenameCascadeWorkflowProps);
 }
 
-export { type BuildParameterNameProps, ChildHostedZone, type ChildHostedZoneProps, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, type ComputeBranchHashOptions, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DataEventBus, type DataEventBusOptions, DataStoreHistoricalArchive, type DataStoreHistoricalArchiveProps, DataStorePostgresReplica, type DataStorePostgresReplicaProps, type DemoWorkspaceDataPlaneFixtures, DiscoverableStringParameter, type DiscoverableStringParameterProps, DynamoDbDataStore, type DynamoDbDataStoreProps, type FhirCurrentResourceChangeDetail, type GrantConsumerOptions, HostingMode, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OpenHiApp, type OpenHiAppProps, OpenHiAuthService, type OpenHiAuthServiceProps, OpenHiDataService, type OpenHiDataServiceProps, OpenHiEnvironment, type OpenHiEnvironmentProps, OpenHiGlobalService, type OpenHiGlobalServiceProps, OpenHiGraphqlService, type OpenHiGraphqlServiceProps, type OpenHiRestApiRuntimeConfig, OpenHiRestApiService, type OpenHiRestApiServiceProps, OpenHiService, type OpenHiServiceProps, type OpenHiServiceType, OpenHiStage, type OpenHiStageProps, OpenHiWebsiteService, type OpenHiWebsiteServiceProps, OpsEventBus, OwningDeleteCascadeLambdas, type OwningDeleteCascadeLambdasProps, OwningDeleteCascadeWorkflow, type OwningDeleteCascadeWorkflowProps, PER_BRANCH_PREVIEW_PREFIX, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PerBranchHostname, type PerBranchHostnameProps, PlatformDeployBridge, PlatformDeployBridgeLambda, type PlatformDeployBridgeLambdaProps, type PlatformDeployBridgeProps, PostAuthenticationLambda, PostConfirmationLambda, type PostConfirmationLambdaProps, PreTokenGenerationLambda, type PreTokenGenerationLambdaProps, ProvisionDefaultWorkspaceLambda, type ProvisionDefaultWorkspaceLambdaProps, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, type RenameCascadeLambdasProps, RenameCascadeWorkflow, type RenameCascadeWorkflowProps, RootGraphqlApi, type RootGraphqlApiProps, RootHostedZone, RootHttpApi, type RootHttpApiProps, RootWildcardCertificate, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, type SeedDemoDataLambdaProps, SeedDemoDataWorkflow, type SeedDemoDataWorkflowProps, SeedSystemDataLambda, type SeedSystemDataLambdaProps, SeedSystemDataWorkflow, type SeedSystemDataWorkflowProps, StaticContent, type StaticContentProps, StaticHosting, type StaticHostingProps, UserOnboardingWorkflow, type UserOnboardingWorkflowProps, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, type WorkflowDedupTableProps, buildFhirCurrentResourceChangeDetail, computeBranchHash, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey };
+export { ADMIN_DOMAIN_PREFIX, type BuildParameterNameProps, ChildHostedZone, type ChildHostedZoneProps, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, type ComposeServiceDomainOptions, type ComputeBranchHashOptions, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DEV_CORS_ALLOW_ORIGINS, DataEventBus, type DataEventBusOptions, DataStoreHistoricalArchive, type DataStoreHistoricalArchiveProps, DataStorePostgresReplica, type DataStorePostgresReplicaProps, type DemoWorkspaceDataPlaneFixtures, DiscoverableStringParameter, type DiscoverableStringParameterProps, DynamoDbDataStore, type DynamoDbDataStoreProps, type FhirCurrentResourceChangeDetail, type GrantConsumerOptions, HostingMode, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OpenHiApp, type OpenHiAppProps, OpenHiAuthService, type OpenHiAuthServiceProps, OpenHiDataService, type OpenHiDataServiceProps, OpenHiEnvironment, type OpenHiEnvironmentProps, OpenHiGlobalService, type OpenHiGlobalServiceProps, OpenHiGraphqlService, type OpenHiGraphqlServiceProps, OpenHiRestApiService, type OpenHiRestApiServiceProps, OpenHiService, type OpenHiServiceProps, type OpenHiServiceType, OpenHiStage, type OpenHiStageProps, OpenHiWebsiteService, type OpenHiWebsiteServiceProps, OpsEventBus, OwningDeleteCascadeLambdas, type OwningDeleteCascadeLambdasProps, OwningDeleteCascadeWorkflow, type OwningDeleteCascadeWorkflowProps, PER_BRANCH_PREVIEW_PREFIX, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PerBranchHostname, type PerBranchHostnameProps, PlatformDeployBridge, PlatformDeployBridgeLambda, type PlatformDeployBridgeLambdaProps, type PlatformDeployBridgeProps, PostAuthenticationLambda, PostConfirmationLambda, type PostConfirmationLambdaProps, PreTokenGenerationLambda, type PreTokenGenerationLambdaProps, ProvisionDefaultWorkspaceLambda, type ProvisionDefaultWorkspaceLambdaProps, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, type RenameCascadeLambdasProps, RenameCascadeWorkflow, type RenameCascadeWorkflowProps, RootGraphqlApi, type RootGraphqlApiProps, RootHostedZone, RootHttpApi, type RootHttpApiProps, RootWildcardCertificate, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, type SeedDemoDataLambdaProps, SeedDemoDataWorkflow, type SeedDemoDataWorkflowProps, SeedSystemDataLambda, type SeedSystemDataLambdaProps, SeedSystemDataWorkflow, type SeedSystemDataWorkflowProps, StaticContent, type StaticContentProps, StaticHosting, type StaticHostingProps, UserOnboardingWorkflow, type UserOnboardingWorkflowProps, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, type WorkflowDedupTableProps, buildFhirCurrentResourceChangeDetail, computeBranchHash, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey };

package/lib/index.d.ts

@@ -1,7 +1,7 @@
 import { Duration, RemovalPolicy, App, AppProps, Stage, StageProps, Stack, StackProps } from 'aws-cdk-lib';
 import { Construct, IConstruct } from 'constructs';
 import { ICertificate, Certificate, CertificateProps } from 'aws-cdk-lib/aws-certificatemanager';
-import { IHttpApi, HttpApiProps, HttpApi, DomainName } from 'aws-cdk-lib/aws-apigatewayv2';
+import { IHttpApi, HttpApiProps, HttpApi, DomainName, CorsPreflightOptions } from 'aws-cdk-lib/aws-apigatewayv2';
 import { IGraphqlApi, GraphqlApi, GraphqlApiProps } from 'aws-cdk-lib/aws-appsync';
 import { UserPool, UserPoolProps, UserPoolClient, UserPoolClientProps, UserPoolDomain, UserPoolDomainProps, IUserPool, IUserPoolClient, IUserPoolDomain } from 'aws-cdk-lib/aws-cognito';
 import { Key, KeyProps, IKey } from 'aws-cdk-lib/aws-kms';
@@ -914,6 +914,24 @@ declare class OpenHiApp extends App {
  * @public
  */
 type OpenHiServiceType = "auth" | "rest-api" | "data" | "global" | "graphql-api" | "website";
+/**
+ * Inputs to {@link OpenHiService.composeServiceDomain}. All fields are
+ * supplied by the caller — the helper itself reads no environment state.
+ *
+ * @public
+ */
+interface ComposeServiceDomainOptions {
+    /** Sub-domain prefix (e.g. `"api"`, `"admin"`). */
+    readonly domainPrefix: string;
+    /** Branch name being deployed. */
+    readonly branchName: string;
+    /** Release branch name (e.g. `"main"`). */
+    readonly defaultReleaseBranch: string;
+    /** Per-branch child-zone prefix (typically `paramCase(branchName)` truncated). */
+    readonly childZonePrefix: string;
+    /** DNS zone name (e.g. `"dev.openhi.org"`). */
+    readonly zoneName: string;
+}
 /**
  * Tag-key suffixes applied by every OpenHiService stack via Tags.of().
  * Full keys are composed `${appName}:${suffix}` — see {@link openHiTagKey}.
@@ -978,6 +996,46 @@ interface OpenHiServiceProps extends StackProps {
 declare abstract class OpenHiService extends Stack {
     ohEnv: OpenHiEnvironment;
     props: OpenHiServiceProps;
+    /**
+     * Compose the full per-deploy domain for an OpenHI service.
+     *
+     * On the release branch (`branchName === defaultReleaseBranch`), the
+     * full domain is `<domainPrefix>.<zoneName>`. On every other branch
+     * the per-PR preview hostname is
+     * `<domainPrefix>-<childZonePrefix>.<zoneName>`.
+     *
+     * Pure helper — reads no environment state. Subclasses expose thin
+     * statics (`composeFullDomain`) that fill in `domainPrefix` from their
+     * own service constant and delegate here.
+     */
+    static composeServiceDomain(opts: ComposeServiceDomainOptions): string;
+    /**
+     * Compute the `childZonePrefix` segment for a given branch — kebab-cased
+     * and truncated to {@link CHILD_ZONE_PREFIX_MAX_LENGTH}. Matches the
+     * per-instance {@link OpenHiService.childZonePrefix} getter so consumers
+     * can compose hostnames identical to the service's own without
+     * instantiating it.
+     */
+    static computeChildZonePrefix(branchName: string): string;
+    /**
+     * Resolve the branch context the service would compute internally given
+     * an environment and optional overrides. Mirrors the same defaulting
+     * (props override → JEST sentinel → `GIT_BRANCH_NAME` env → git
+     * detection on DEV → release branch on stage/prod) the
+     * {@link OpenHiService} constructor uses.
+     *
+     * Consumers (e.g. sibling stack entries) call this to predict the
+     * branch values a service will see at synth time so they can compose
+     * hostnames against the same inputs.
+     */
+    static resolveBranchContext(ohEnv: OpenHiEnvironment, overrides?: {
+        branchName?: string;
+        defaultReleaseBranch?: string;
+    }): {
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+    };
     /**
      * The service/stack ID that was passed to the constructor.
      */
@@ -2431,35 +2489,12 @@ declare class OpenHiGlobalService extends OpenHiService {
 /**
  * @see sites/www-docs/content/packages/@openhi/constructs/services/open-hi-rest-api-service.md
  */
-/**
- * Caller-supplied portion of the runtime-config payload exposed through the
- * public `GET /control/runtime-config` route. The three Cognito IDs are
- * resolved inside the service via SSM lookups against the auth stack, and
- * the API base URL is derived from this stack's own custom domain — so the
- * caller only supplies the OAuth redirect URI (depends on the website's
- * domain).
- */
-interface OpenHiRestApiRuntimeConfig {
-    /** OAuth redirect URI registered on the User Pool client (e.g. https://admin.example.com/oauth/callback). */
-    readonly cognitoRedirectUri: string;
-}
 interface OpenHiRestApiServiceProps extends OpenHiServiceProps {
     /**
      * Optional props passed through to the RootHttpApi (API Gateway HTTP API) construct.
      * Use corsPreflight (CDK CorsPreflightOptions) for CORS; other HttpApiProps (e.g. description, disableExecuteApiEndpoint) apply as well.
      */
     readonly rootHttpApiProps?: RootHttpApiProps;
-    /**
-     * Values exposed through the public `GET /control/runtime-config` route.
-     * When supplied, the service plumbs five `OPENHI_RUNTIME_CONFIG_*`
-     * environment variables to the REST API Lambda — the three Cognito IDs
-     * are resolved internally from the auth stack via SSM, the API base URL
-     * is derived from this stack's own custom domain (e.g.
-     * `https://api.<zone>`), and the OAuth redirect URI is passed verbatim.
-     *
-     * Omit to leave the route returning 500 (missing-env-var diagnostic).
-     */
-    readonly runtimeConfig?: OpenHiRestApiRuntimeConfig;
 }
 /**
  * SSM parameter name suffix for the REST API base URL.
@@ -2472,12 +2507,40 @@ declare const REST_API_BASE_URL_SSM_NAME = "REST_API_BASE_URL";
  * the CloudFront `/api/*` origin host.
  */
 declare const REST_API_DOMAIN_NAME_SSM_NAME = "REST_API_DOMAIN_NAME";
+/**
+ * Localhost / 127.0.0.1 dev origins auto-injected into CORS `allowOrigins`
+ * on every non-prod (`stageType !== "prod"`) REST API deploy. Both schemes
+ * (`http`, `https`) and both ports the local SPAs use (`3000`, `5173`) are
+ * covered so admin-console / on-site previews running on `localhost` or
+ * `127.0.0.1` can call the API direct cross-origin without per-consumer
+ * boilerplate.
+ */
+declare const DEV_CORS_ALLOW_ORIGINS: ReadonlyArray<string>;
 /**
  * REST API service stack: HTTP API, custom domain, and Lambda; exports base URL via SSM.
  * Resources are created in protected methods; subclasses may override to customize.
  */
 declare class OpenHiRestApiService extends OpenHiService {
     static readonly SERVICE_TYPE: "rest-api";
+    /**
+     * Sub-domain prefix used by the REST API. Release-branch hostname is
+     * `api.<zone>`; per-PR preview hostname is `api-<childZonePrefix>.<zone>`.
+     */
+    static readonly API_DOMAIN_PREFIX = "api";
+    /**
+     * Compose the REST API's full per-deploy domain. Thin wrapper over
+     * {@link OpenHiService.composeServiceDomain} that pins `domainPrefix`
+     * to {@link API_DOMAIN_PREFIX}.
+     *
+     * Use from sibling stacks that need to predict the API's hostname
+     * before the REST API stack is synthesised.
+     */
+    static composeFullDomain(opts: {
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+        zoneName: string;
+    }): string;
     /**
      * Returns an IHttpApi by looking up the REST API stack's HTTP API ID from SSM.
      */
@@ -2521,6 +2584,9 @@ declare class OpenHiRestApiService extends OpenHiService {
     protected createCertificate(): ICertificate;
     /**
      * Returns the API domain name string (e.g. api.example.com or api-\{prefix\}.example.com).
+     * Delegates to {@link OpenHiRestApiService.composeFullDomain} so the
+     * release-vs-feature composition stays in one place; picks up
+     * `this.defaultReleaseBranch` (not a hard-coded `"main"`).
      * Override to customize.
      */
     protected createApiDomainNameString(hostedZone: IHostedZone): string;
@@ -2554,18 +2620,24 @@ declare class OpenHiRestApiService extends OpenHiService {
      * Override to customize.
      */
     protected createRootHttpApi(domainName: DomainName): RootHttpApi;
+    /**
+     * Builds the full `CorsPreflightOptions` from a merged origins array,
+     * filling defaults for `allowMethods`/`allowHeaders`/`allowCredentials`/
+     * `maxAge` from the caller-supplied block when present.
+     */
+    protected buildCorsPreflightOptions(allowOrigins: ReadonlyArray<string>, cors: CorsPreflightOptions | undefined): CorsPreflightOptions;
     /**
      * Builds the `OPENHI_RUNTIME_CONFIG_*` env-var map the REST API Lambda
-     * exposes through `GET /control/runtime-config`. Returns `undefined` when
-     * the `runtimeConfig` prop is omitted so no env vars are set.
-     *
-     * The three Cognito IDs are resolved via SSM lookups against the auth
-     * stack from a dedicated sub-scope (`runtime-config`) so they don't
-     * collide with the user-pool / user-pool-client constructs already
-     * created in {@link createRootHttpApi}. `apiBaseUrl` is derived from
-     * this stack's own custom domain so callers don't have to hardcode it.
+     * exposes through `GET /control/runtime-config`. The four values are
+     * always populated — the three Cognito IDs are resolved via SSM lookups
+     * against the auth stack from a dedicated sub-scope (`runtime-config`)
+     * so they don't collide with the user-pool / user-pool-client constructs
+     * already created in {@link createRootHttpApi}, and `apiBaseUrl` is
+     * derived from this stack's own custom domain. The OAuth callback URL
+     * is no longer plumbed through the API — the admin-console derives it
+     * client-side from `window.location.origin`.
      */
-    protected resolveRuntimeConfigEnvVars(): Record<string, string> | undefined;
+    protected resolveRuntimeConfigEnvVars(): Record<string, string>;
 }
 
 /**
@@ -2971,6 +3043,17 @@ interface OpenHiWebsiteServiceProps extends OpenHiServiceProps {
  * (e.g. www.example.com).
  */
 declare const SSM_PARAM_NAME_FULL_DOMAIN = "WEBSITE_FULL_DOMAIN";
+/**
+ * Sub-domain prefix the openhi admin console is deployed under. The
+ * website-service deploys at `admin.<zone>` (release branch) or
+ * `admin-<childZonePrefix>.<zone>` (per-PR), so any stack that needs to
+ * reference the admin console's hostname — most notably the REST API
+ * stack composing its CORS `allowOrigins` — should import this constant
+ * rather than redeclaring the literal.
+ *
+ * @public
+ */
+declare const ADMIN_DOMAIN_PREFIX = "admin";
 /**
  * Website service stack. Release-branch deploys compose `StaticHosting`
  * (bucket + CloudFront distribution with a wildcard SAN for per-PR
@@ -2985,6 +3068,28 @@ declare const SSM_PARAM_NAME_FULL_DOMAIN = "WEBSITE_FULL_DOMAIN";
  */
 declare class OpenHiWebsiteService extends OpenHiService {
     static readonly SERVICE_TYPE: "website";
+    /**
+     * Default `domainPrefix` for this service when none is supplied.
+     * Release-branch hostname is `www.<zone>`; per-PR preview hostname is
+     * `www-<childZonePrefix>.<zone>`.
+     */
+    static readonly DEFAULT_DOMAIN_PREFIX = "www";
+    /**
+     * Compose the website's full per-deploy domain. Thin wrapper over
+     * {@link OpenHiService.composeServiceDomain} that fills in
+     * {@link DEFAULT_DOMAIN_PREFIX} when `domainPrefix` is omitted.
+     *
+     * Use from sibling stacks that need to predict the website's hostname
+     * before the website stack is synthesised — e.g. the REST API stack
+     * computing its CORS `allowOrigins` for the admin-console.
+     */
+    static composeFullDomain(opts: {
+        domainPrefix?: string;
+        branchName: string;
+        defaultReleaseBranch: string;
+        childZonePrefix: string;
+        zoneName: string;
+    }): string;
     /**
      * Looks up the static-hosting bucket ARN published by the release-branch
      * deploy of this service.
@@ -3068,13 +3173,16 @@ declare class OpenHiWebsiteService extends OpenHiService {
      * every other deploy serves a per-PR preview at
      * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>`
      * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`).
+     *
+     * Delegates to {@link OpenHiWebsiteService.composeFullDomain} so the
+     * release-vs-feature composition stays in one place.
      */
     protected computeFullDomain(hostedZone: IHostedZone): string;
     /**
      * Returns the sub-domain label (left of the zone) for the current
-     * deploy. Used both for {@link fullDomain} and for the per-branch S3
-     * key prefix passed to {@link StaticContent} so the upload prefix
-     * always matches the served hostname.
+     * deploy. Used for the per-branch S3 key prefix passed to
+     * {@link StaticContent} so the upload prefix always matches the
+     * served hostname.
      *
      * Non-release deploys compose the per-PR slug as
      * `\<domainPrefix\>-\<childZonePrefix\>`, mirroring the REST API's
@@ -3331,5 +3439,5 @@ declare class RenameCascadeWorkflow extends Construct {
     constructor(scope: Construct, props: RenameCascadeWorkflowProps);
 }
 
-export { BRIDGED_STATUSES, CLOUDFORMATION_EVENT_SOURCE, CLOUDFORMATION_STACK_STATUS_CHANGE_DETAIL_TYPE, CONTROL_EVENT_BUS_NAME_ENV_VAR, ChildHostedZone, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DEMO_PERIOD, DEMO_TENANT_SPECS, DEMO_URN_SYSTEM, DEV_USERS, DataEventBus, DataStoreHistoricalArchive, DataStorePostgresReplica, DiscoverableStringParameter, DynamoDbDataStore, OPENHI_REPO_TAG_KEY_ENV_VAR, OPENHI_RESOURCE_URN_SYSTEM, OPENHI_TAG_KEY_PREFIX_ENV_VAR, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OWNING_DELETE_CASCADE_CONSUMER_NAME, OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY, OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES, OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR, OpenHiApp, OpenHiAuthService, OpenHiDataService, OpenHiEnvironment, OpenHiGlobalService, OpenHiGraphqlService, OpenHiRestApiService, OpenHiService, OpenHiStage, OpenHiWebsiteService, OpsEventBus, OwningDeleteCascadeLambdas, OwningDeleteCascadeWorkflow, PER_BRANCH_PREVIEW_PREFIX, PLACEHOLDER_TENANT_ID, PLACEHOLDER_WORKSPACE_ID, PLATFORM_DEPLOY_BRIDGE_ACTOR_SYSTEM, PLATFORM_SCOPE_TENANT_ID, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE, PerBranchHostname, PlatformDeployBridge, PlatformDeployBridgeLambda, PostAuthenticationLambda, PostConfirmationLambda, PreTokenGenerationLambda, ProvisionDefaultWorkspaceLambda, RENAME_CASCADE_CONSUMER_NAME, RENAME_CASCADE_DEFAULT_CONCURRENCY, RENAME_CASCADE_FAILED_THRESHOLD, RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR, RENAME_CASCADE_SLOW_THRESHOLD_SECONDS, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, RenameCascadeWorkflow, RootGraphqlApi, RootHostedZone, RootHttpApi, RootWildcardCertificate, SEED_DEMO_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, SeedDemoDataWorkflow, SeedSystemDataLambda, SeedSystemDataWorkflow, StaticContent, StaticHosting, USER_ONBOARDING_EVENT_SOURCE, UserOnboardingWorkflow, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, buildFhirCurrentResourceChangeDetail, buildProvisionDefaultWorkspaceRequestedDetail, computeBranchHash, demoMembershipId, demoRoleAssignmentId, demoRolesForUserInTenant, demoScenarioIdentifier, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey, openhiResourceIdentifier };
-export type { BridgedStatus, BuildParameterNameProps, CascadeChunkInput, CascadeFinalizeInput, CascadeFinalizeOutput, CascadeListInput, CascadeListOutput, ChildHostedZoneProps, CloudFormationStackStatusChangeDetail, ComputeBranchHashOptions, DataEventBusOptions, DataStoreHistoricalArchiveProps, DataStorePostgresReplicaProps, DemoDevUser, DemoTenantSpec, DemoWorkspaceDataPlaneFixtures, DemoWorkspaceSpec, DiscoverableStringParameterProps, DynamoDbDataStoreProps, FhirCurrentResourceChangeDetail, GrantConsumerOptions, HostingMode, OpenHiAppProps, OpenHiAuthServiceProps, OpenHiDataServiceProps, OpenHiEnvironmentProps, OpenHiGlobalServiceProps, OpenHiGraphqlServiceProps, OpenHiRestApiRuntimeConfig, OpenHiRestApiServiceProps, OpenHiServiceProps, OpenHiServiceType, OpenHiStageProps, OpenHiWebsiteServiceProps, OwningDeleteCascadeLambdasProps, OwningDeleteCascadeWorkflowProps, PerBranchHostnameProps, PlatformDeployBridgeLambdaProps, PlatformDeployBridgeProps, PostConfirmationLambdaProps, PreTokenGenerationLambdaProps, ProvisionDefaultWorkspaceLambdaProps, ProvisionDefaultWorkspaceRequestedDetail, RenameCascadeChunkInput, RenameCascadeFinalizeInput, RenameCascadeFinalizeOutput, RenameCascadeLambdasProps, RenameCascadeListInput, RenameCascadeListOutput, RenameCascadeWorkflowProps, RootGraphqlApiProps, RootHttpApiProps, SeedDemoDataLambdaProps, SeedDemoDataWorkflowProps, SeedSystemDataLambdaProps, SeedSystemDataWorkflowProps, StaticContentProps, StaticHostingProps, UserOnboardingWorkflowProps, WorkflowDedupTableProps };
+export { ADMIN_DOMAIN_PREFIX, BRIDGED_STATUSES, CLOUDFORMATION_EVENT_SOURCE, CLOUDFORMATION_STACK_STATUS_CHANGE_DETAIL_TYPE, CONTROL_EVENT_BUS_NAME_ENV_VAR, ChildHostedZone, CognitoUserPool, CognitoUserPoolClient, CognitoUserPoolDomain, CognitoUserPoolKmsKey, ControlEventBus, DATA_STORE_CHANGE_DETAIL_MAX_UTF8_BYTES, DATA_STORE_CHANGE_DETAIL_TYPE, DATA_STORE_CHANGE_EVENT_SOURCE, DEFAULT_PREVIEW_EXPIRATION_DAYS, DEMO_DATA_PLANE_FIXTURES, DEMO_PERIOD, DEMO_TENANT_SPECS, DEMO_URN_SYSTEM, DEV_CORS_ALLOW_ORIGINS, DEV_USERS, DataEventBus, DataStoreHistoricalArchive, DataStorePostgresReplica, DiscoverableStringParameter, DynamoDbDataStore, OPENHI_REPO_TAG_KEY_ENV_VAR, OPENHI_RESOURCE_URN_SYSTEM, OPENHI_TAG_KEY_PREFIX_ENV_VAR, OPENHI_TAG_SUFFIX_BRANCH_NAME, OPENHI_TAG_SUFFIX_REPO_NAME, OPENHI_TAG_SUFFIX_SERVICE_TYPE, OPENHI_TAG_SUFFIX_STAGE_TYPE, OWNING_DELETE_CASCADE_CONSUMER_NAME, OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY, OWNING_DELETE_CASCADE_STUCK_THRESHOLD_MINUTES, OWNING_DELETE_OPS_EVENT_BUS_ENV_VAR, OpenHiApp, OpenHiAuthService, OpenHiDataService, OpenHiEnvironment, OpenHiGlobalService, OpenHiGraphqlService, OpenHiRestApiService, OpenHiService, OpenHiStage, OpenHiWebsiteService, OpsEventBus, OwningDeleteCascadeLambdas, OwningDeleteCascadeWorkflow, PER_BRANCH_PREVIEW_PREFIX, PLACEHOLDER_TENANT_ID, PLACEHOLDER_WORKSPACE_ID, PLATFORM_DEPLOY_BRIDGE_ACTOR_SYSTEM, PLATFORM_SCOPE_TENANT_ID, POSTGRES_REPLICA_CLUSTER_ARN_SSM_NAME, POSTGRES_REPLICA_DATABASE_NAME_SSM_NAME, POSTGRES_REPLICA_SECRET_ARN_SSM_NAME, PROVISION_DEFAULT_WORKSPACE_DETAIL_TYPE, PerBranchHostname, PlatformDeployBridge, PlatformDeployBridgeLambda, PostAuthenticationLambda, PostConfirmationLambda, PreTokenGenerationLambda, ProvisionDefaultWorkspaceLambda, RENAME_CASCADE_CONSUMER_NAME, RENAME_CASCADE_DEFAULT_CONCURRENCY, RENAME_CASCADE_FAILED_THRESHOLD, RENAME_CASCADE_OPS_EVENT_BUS_ENV_VAR, RENAME_CASCADE_SLOW_THRESHOLD_SECONDS, REST_API_BASE_URL_SSM_NAME, REST_API_DOMAIN_NAME_SSM_NAME, RenameCascadeLambdas, RenameCascadeWorkflow, RootGraphqlApi, RootHostedZone, RootHttpApi, RootWildcardCertificate, SEED_DEMO_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_ACTOR_SYSTEM, SEED_SYSTEM_DATA_CONSUMER_NAME, SEED_SYSTEM_DATA_CONTROL_BUS_ENV_VAR, SSM_PARAM_NAME_FULL_DOMAIN, STATIC_HOSTING_SERVICE_TYPE, SeedDemoDataLambda, SeedDemoDataWorkflow, SeedSystemDataLambda, SeedSystemDataWorkflow, StaticContent, StaticHosting, USER_ONBOARDING_EVENT_SOURCE, UserOnboardingWorkflow, WorkflowDedupConsumerNameInvalidError, WorkflowDedupTable, WorkflowDedupTableDuplicateError, buildFhirCurrentResourceChangeDetail, buildProvisionDefaultWorkspaceRequestedDetail, computeBranchHash, demoMembershipId, demoRoleAssignmentId, demoRolesForUserInTenant, demoScenarioIdentifier, getDynamoDbDataStoreTableName, getPostgresReplicaSchemaName, getWorkflowDedupTableName, openHiTagKey, openhiResourceIdentifier };
+export type { BridgedStatus, BuildParameterNameProps, CascadeChunkInput, CascadeFinalizeInput, CascadeFinalizeOutput, CascadeListInput, CascadeListOutput, ChildHostedZoneProps, CloudFormationStackStatusChangeDetail, ComposeServiceDomainOptions, ComputeBranchHashOptions, DataEventBusOptions, DataStoreHistoricalArchiveProps, DataStorePostgresReplicaProps, DemoDevUser, DemoTenantSpec, DemoWorkspaceDataPlaneFixtures, DemoWorkspaceSpec, DiscoverableStringParameterProps, DynamoDbDataStoreProps, FhirCurrentResourceChangeDetail, GrantConsumerOptions, HostingMode, OpenHiAppProps, OpenHiAuthServiceProps, OpenHiDataServiceProps, OpenHiEnvironmentProps, OpenHiGlobalServiceProps, OpenHiGraphqlServiceProps, OpenHiRestApiServiceProps, OpenHiServiceProps, OpenHiServiceType, OpenHiStageProps, OpenHiWebsiteServiceProps, OwningDeleteCascadeLambdasProps, OwningDeleteCascadeWorkflowProps, PerBranchHostnameProps, PlatformDeployBridgeLambdaProps, PlatformDeployBridgeProps, PostConfirmationLambdaProps, PreTokenGenerationLambdaProps, ProvisionDefaultWorkspaceLambdaProps, ProvisionDefaultWorkspaceRequestedDetail, RenameCascadeChunkInput, RenameCascadeFinalizeInput, RenameCascadeFinalizeOutput, RenameCascadeLambdasProps, RenameCascadeListInput, RenameCascadeListOutput, RenameCascadeWorkflowProps, RootGraphqlApiProps, RootHttpApiProps, SeedDemoDataLambdaProps, SeedDemoDataWorkflowProps, SeedSystemDataLambdaProps, SeedSystemDataWorkflowProps, StaticContentProps, StaticHostingProps, UserOnboardingWorkflowProps, WorkflowDedupTableProps };