npm - @openhi/constructs - Versions diffs - 0.0.159 → 0.0.161 - Mend

@openhi/constructs 0.0.159 → 0.0.161

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/lib/{chunk-HQ67J7BP.mjs → chunk-5S6VFBLT.mjs} +12 -70
package/lib/chunk-5S6VFBLT.mjs.map +1 -0
package/lib/{chunk-MVQWAIMC.mjs → chunk-6BB4CRSS.mjs} +3 -312
package/lib/chunk-6BB4CRSS.mjs.map +1 -0
package/lib/{chunk-WPCBVDFZ.mjs → chunk-76UM2LQ5.mjs} +2 -2
package/lib/chunk-7TRO2STL.mjs +4616 -0
package/lib/chunk-7TRO2STL.mjs.map +1 -0
package/lib/chunk-BUAYVN3C.mjs +87 -0
package/lib/chunk-BUAYVN3C.mjs.map +1 -0
package/lib/{chunk-23PUSHBV.mjs → chunk-D2Y6DDOC.mjs} +2 -2
package/lib/chunk-DWSWCUZR.mjs +123 -0
package/lib/chunk-DWSWCUZR.mjs.map +1 -0
package/lib/{chunk-VZCPGQXA.mjs → chunk-EUIP2U5F.mjs} +69 -1
package/lib/{chunk-VZCPGQXA.mjs.map → chunk-EUIP2U5F.mjs.map} +1 -1
package/lib/chunk-GJTPXJKD.mjs +46 -0
package/lib/chunk-GJTPXJKD.mjs.map +1 -0
package/lib/chunk-I6LUPJUY.mjs +61 -0
package/lib/chunk-I6LUPJUY.mjs.map +1 -0
package/lib/{chunk-KR2Y2CVQ.mjs → chunk-KA3OMP3X.mjs} +2 -2
package/lib/{chunk-ZM4GDHHC.mjs → chunk-KMEWULMX.mjs} +51 -3
package/lib/chunk-KMEWULMX.mjs.map +1 -0
package/lib/chunk-LKKLO66E.mjs +25 -0
package/lib/chunk-LKKLO66E.mjs.map +1 -0
package/lib/{chunk-CFJDATDK.mjs → chunk-MLFMW5IF.mjs} +43 -9
package/lib/chunk-MLFMW5IF.mjs.map +1 -0
package/lib/chunk-O5VQWB6U.mjs +315 -0
package/lib/chunk-O5VQWB6U.mjs.map +1 -0
package/lib/{chunk-7BQHLC7U.mjs → chunk-P3CTZWC2.mjs} +8 -40
package/lib/chunk-P3CTZWC2.mjs.map +1 -0
package/lib/chunk-P3NFCKTZ.mjs +502 -0
package/lib/chunk-P3NFCKTZ.mjs.map +1 -0
package/lib/{chunk-M7Y3BOQW.mjs → chunk-Q3MKITPY.mjs} +5 -5
package/lib/chunk-Q64MOYJ7.mjs +218 -0
package/lib/chunk-Q64MOYJ7.mjs.map +1 -0
package/lib/chunk-RQKJNMX5.mjs +89 -0
package/lib/chunk-RQKJNMX5.mjs.map +1 -0
package/lib/{chunk-ZWSGM6PZ.mjs → chunk-SD7J3N3C.mjs} +2 -2
package/lib/{chunk-7RZHFI77.mjs → chunk-VESULYQQ.mjs} +2 -2
package/lib/{chunk-AOSEKL7U.mjs → chunk-WOTU36P3.mjs} +6 -103
package/lib/chunk-WOTU36P3.mjs.map +1 -0
package/lib/{chunk-X5E4YJGZ.mjs → chunk-YPTJJ35S.mjs} +2 -2
package/lib/counter-apply-operation-DZM3MIDm.d.mts +63 -0
package/lib/counter-apply-operation-DZM3MIDm.d.ts +63 -0
package/lib/counter-maintenance.handler.d.mts +38 -0
package/lib/counter-maintenance.handler.d.ts +38 -0
package/lib/counter-maintenance.handler.js +2885 -0
package/lib/counter-maintenance.handler.js.map +1 -0
package/lib/counter-maintenance.handler.mjs +180 -0
package/lib/counter-maintenance.handler.mjs.map +1 -0
package/lib/counter-reconciliation.handler.d.mts +116 -0
package/lib/counter-reconciliation.handler.d.ts +116 -0
package/lib/counter-reconciliation.handler.js +3324 -0
package/lib/counter-reconciliation.handler.js.map +1 -0
package/lib/counter-reconciliation.handler.mjs +295 -0
package/lib/counter-reconciliation.handler.mjs.map +1 -0
package/lib/data-store-postgres-replication.handler.js +50 -2
package/lib/data-store-postgres-replication.handler.js.map +1 -1
package/lib/data-store-postgres-replication.handler.mjs +2 -2
package/lib/delete-chunk.handler.js +118 -2
package/lib/delete-chunk.handler.js.map +1 -1
package/lib/delete-chunk.handler.mjs +3 -3
package/lib/{events-DTgo2dcW.d.mts → events-TG654e7L.d.mts} +68 -19
package/lib/{events-DTgo2dcW.d.ts → events-TG654e7L.d.ts} +68 -19
package/lib/finalize.handler.js +50 -2
package/lib/finalize.handler.js.map +1 -1
package/lib/finalize.handler.mjs +4 -4
package/lib/firehose-archive-transform.handler.js +50 -2
package/lib/firehose-archive-transform.handler.js.map +1 -1
package/lib/firehose-archive-transform.handler.mjs +2 -2
package/lib/index.d.mts +1283 -4
package/lib/index.d.ts +1389 -24
package/lib/index.js +4113 -320
package/lib/index.js.map +1 -1
package/lib/index.mjs +602 -195
package/lib/index.mjs.map +1 -1
package/lib/list-chunks.handler.js +118 -2
package/lib/list-chunks.handler.js.map +1 -1
package/lib/list-chunks.handler.mjs +3 -3
package/lib/platform-deploy-bridge.handler.js +50 -2
package/lib/platform-deploy-bridge.handler.js.map +1 -1
package/lib/platform-deploy-bridge.handler.mjs +1 -1
package/lib/pre-token-generation.handler.js +68 -0
package/lib/pre-token-generation.handler.js.map +1 -1
package/lib/pre-token-generation.handler.mjs +9 -5
package/lib/pre-token-generation.handler.mjs.map +1 -1
package/lib/provision-default-workspace.handler.js +887 -4
package/lib/provision-default-workspace.handler.js.map +1 -1
package/lib/provision-default-workspace.handler.mjs +14 -9
package/lib/provision-default-workspace.handler.mjs.map +1 -1
package/lib/rename-finalize.handler.js +50 -2
package/lib/rename-finalize.handler.js.map +1 -1
package/lib/rename-finalize.handler.mjs +2 -2
package/lib/rename-list-targets.handler.js +118 -2
package/lib/rename-list-targets.handler.js.map +1 -1
package/lib/rename-list-targets.handler.mjs +11 -9
package/lib/rename-list-targets.handler.mjs.map +1 -1
package/lib/rename-rewrite-chunk.handler.js +68 -0
package/lib/rename-rewrite-chunk.handler.js.map +1 -1
package/lib/rename-rewrite-chunk.handler.mjs +2 -2
package/lib/rest-api-lambda.handler.js +1454 -251
package/lib/rest-api-lambda.handler.js.map +1 -1
package/lib/rest-api-lambda.handler.mjs +673 -821
package/lib/rest-api-lambda.handler.mjs.map +1 -1
package/lib/seed-demo-data.handler.d.mts +1 -1
package/lib/seed-demo-data.handler.d.ts +1 -1
package/lib/seed-demo-data.handler.js +4004 -201
package/lib/seed-demo-data.handler.js.map +1 -1
package/lib/seed-demo-data.handler.mjs +10 -7
package/lib/seed-system-data.handler.js +118 -2
package/lib/seed-system-data.handler.js.map +1 -1
package/lib/seed-system-data.handler.mjs +5 -5
package/package.json +1 -1
package/lib/chunk-7BQHLC7U.mjs.map +0 -1
package/lib/chunk-AOSEKL7U.mjs.map +0 -1
package/lib/chunk-BQMJSDOD.mjs +0 -1136
package/lib/chunk-BQMJSDOD.mjs.map +0 -1
package/lib/chunk-CFJDATDK.mjs.map +0 -1
package/lib/chunk-E6MCKJVS.mjs +0 -212
package/lib/chunk-E6MCKJVS.mjs.map +0 -1
package/lib/chunk-HQ67J7BP.mjs.map +0 -1
package/lib/chunk-MVQWAIMC.mjs.map +0 -1
package/lib/chunk-ZM4GDHHC.mjs.map +0 -1
/package/lib/{chunk-WPCBVDFZ.mjs.map → chunk-76UM2LQ5.mjs.map} +0 -0
/package/lib/{chunk-23PUSHBV.mjs.map → chunk-D2Y6DDOC.mjs.map} +0 -0
/package/lib/{chunk-KR2Y2CVQ.mjs.map → chunk-KA3OMP3X.mjs.map} +0 -0
/package/lib/{chunk-M7Y3BOQW.mjs.map → chunk-Q3MKITPY.mjs.map} +0 -0
/package/lib/{chunk-ZWSGM6PZ.mjs.map → chunk-SD7J3N3C.mjs.map} +0 -0
/package/lib/{chunk-7RZHFI77.mjs.map → chunk-VESULYQQ.mjs.map} +0 -0
/package/lib/{chunk-X5E4YJGZ.mjs.map → chunk-YPTJJ35S.mjs.map} +0 -0

package/lib/delete-chunk.handler.mjs CHANGED Viewed

@@ -1,12 +1,12 @@
 import {
   OWNING_DELETE_PROJECTION_ENTITY,
   deleteOwningChildChunkOperation
-} from "./chunk-M7Y3BOQW.mjs";
-import "./chunk-ZM4GDHHC.mjs";
+} from "./chunk-Q3MKITPY.mjs";
 import "./chunk-QJDHVMKT.mjs";
 import "./chunk-FYHBHHWK.mjs";
-import "./chunk-VZCPGQXA.mjs";
+import "./chunk-EUIP2U5F.mjs";
 import "./chunk-TRY7JGWO.mjs";
+import "./chunk-KMEWULMX.mjs";
 import "./chunk-LZOMFHX3.mjs";
 // src/workflows/control-plane/owning-delete-cascade/delete-chunk.handler.ts

package/lib/{events-DTgo2dcW.d.mts → events-TG654e7L.d.mts} RENAMED Viewed

@@ -30,16 +30,54 @@ declare const DEMO_PERIOD: {
     readonly start: "2026-01-01T00:00:00Z";
 };
-/** Placeholder Tenant id seeded by the workflow as the dev-user `currentTenant`. */
+/**
+ * Placeholder Tenant id.
+ *
+ * The placeholder is a **system sentinel**, not a user-facing demo
+ * tenant. It exists for two reasons:
+ *
+ *   1. `pre-token-generation.handler.ts` stamps this id into the
+ *      JWT `ohi_tid` claim when a User cannot be resolved (no
+ *      DynamoDB record, missing `currentTenant`/`currentWorkspace`,
+ *      etc.) so the token still satisfies `openHiContextMiddleware`
+ *      and downstream APIs return a deterministic 403 instead of
+ *      crashing on a missing claim.
+ *   2. The seed workflow re-asserts a Tenant + Workspace record at
+ *      these ids so the JWT fallback dereferences to a real DynamoDB
+ *      row (avoids dangling references on read paths that follow
+ *      `Tenant/placeholder-tenant-id`).
+ *
+ * Dev users' `currentTenant`/`currentWorkspace` no longer point here
+ * (issue #1301) — they point at the on-site demo tenant below. The
+ * placeholder records remain seeded purely as a structural sentinel.
+ */
 declare const PLACEHOLDER_TENANT_ID = "placeholder-tenant-id";
-/** Placeholder Workspace id seeded by the workflow as the dev-user `currentWorkspace`. */
+/** Placeholder Workspace id. See {@link PLACEHOLDER_TENANT_ID}. */
 declare const PLACEHOLDER_WORKSPACE_ID = "placeholder-workspace-id";
+/**
+ * Stable Tenant id for the on-site-medical UAT demo tenant
+ * (issue #1301). Downstream demo-data tickets (#1302 providers,
+ * #1303 facilities, #1304 patients/encounters, etc.) import this
+ * constant to attach their fixture resources without re-discovering
+ * the tenant.
+ *
+ * This is the tenant every seeded dev user lands on at sign-in
+ * (`currentTenant` on the seeded User resource). UAT testers see
+ * "On-Site Medical — Demo" in the Tenant Switcher on first sign-in.
+ */
+declare const ON_SITE_DEMO_TENANT_ID = "on-site-demo-tenant";
+/**
+ * Stable Workspace id under {@link ON_SITE_DEMO_TENANT_ID}. Single
+ * workspace for v1 UAT; workspace topology (per business line vs
+ * per jurisdiction) is deferred pending an ADR (#1301 design note).
+ */
+declare const ON_SITE_DEMO_WORKSPACE_ID = "on-site-demo-workspace";
 /**
  * Dev-user descriptor. Every entry produces:
  *   - one Cognito user (idempotent create-then-skip),
  *   - one DynamoDB User record (id = `dev-<email-local-part>`),
- *   - four Memberships (placeholder + the three demo tenants),
- *   - four `tenant-admin` RoleAssignments (one per tenant the user
+ *   - five Memberships (placeholder + on-site demo + three demo tenants),
+ *   - five `tenant-admin` RoleAssignments (one per tenant the user
  *     belongs to),
  *   - one `system-admin` RoleAssignment scoped to {@link PLATFORM_SCOPE_TENANT_ID}.
  */
@@ -48,6 +86,10 @@ interface DemoDevUser {
     readonly id: string;
     /** Email used as the Cognito `Username` and as the seed for the password algorithm. */
     readonly email: string;
+    /** Given name, populated on the seeded User FHIR resource as `name[0].given[0]`. */
+    readonly firstName: string;
+    /** Family name, populated on the seeded User FHIR resource as `name[0].family`. */
+    readonly lastName: string;
 }
 /**
  * Hardcoded dev-user roster. Adding a new developer is a one-line
@@ -58,8 +100,9 @@ interface DemoDevUser {
 declare const DEV_USERS: ReadonlyArray<DemoDevUser>;
 /**
  * A single workspace inside a demo tenant. The mixed tenant has two
- * workspaces (wound-care and primary-care sub-workspaces); the other
- * two tenants have one each.
+ * workspaces (wound-care and primary-care sub-workspaces); every
+ * other tenant (placeholder, on-site demo, wound-care, primary-care)
+ * has exactly one.
  */
 interface DemoWorkspaceSpec {
     /** Stable id (DynamoDB record id; also drives the canonical OHI URN). */
@@ -80,9 +123,10 @@ interface DemoWorkspaceSpec {
  */
 interface DemoTenantSpec {
     /**
-     * Scenario slug — `placeholder`, `demo-wound-care`, `demo-primary-care`,
-     * `demo-mixed`. The placeholder tenant's slug is `placeholder`; the
-     * three demo tenants use `demo-*` slugs.
+     * Scenario slug — `placeholder`, `on-site-demo`, `demo-wound-care`,
+     * `demo-primary-care`, `demo-mixed`. The placeholder tenant uses
+     * `placeholder`; the on-site UAT demo tenant uses `on-site-demo`
+     * (#1301); the three demo tenants use `demo-*` slugs.
      */
     readonly scenario: string;
     /** Stable id (DynamoDB record id; also drives the canonical OHI URN). */
@@ -93,17 +137,22 @@ interface DemoTenantSpec {
     readonly workspaces: ReadonlyArray<DemoWorkspaceSpec>;
 }
 /**
- * The full demo-tenant graph. Four entries: the placeholder tenant the
- * JWT-claim fallback resolves to, plus the three v1 demo scenarios
- * (OPS-009 §"v1 scenarios"):
+ * The full demo-tenant graph. Five entries: the placeholder tenant
+ * the JWT-claim fallback resolves to, the on-site-medical UAT demo
+ * tenant every dev user lands on at sign-in (#1301), and the three
+ * v1 demo scenarios (OPS-009 §"v1 scenarios"):
  *
  *   0. Placeholder tenant — dereferences the JWT-claim fallback in
- *      `pre-token-generation.handler.ts` and acts as every dev user's
- *      `currentTenant`/`currentWorkspace` so Post-Confirmation skips
- *      default provisioning when a seeded User signs in.
- *   1. Single-workspace wound-care tenant.
- *   2. Single-workspace primary-care tenant.
- *   3. Two-workspace mixed tenant — exercises the cross-workspace
+ *      `pre-token-generation.handler.ts`. Carries no user-facing
+ *      content; exists purely so the JWT fallback resolves to a real
+ *      DynamoDB row instead of dangling.
+ *   1. On-site-medical UAT demo tenant — every seeded dev user's
+ *      `currentTenant`/`currentWorkspace`. Downstream demo-data
+ *      tickets (providers, facilities, patients) attach to this
+ *      tenant via {@link ON_SITE_DEMO_TENANT_ID}.
+ *   2. Single-workspace wound-care tenant.
+ *   3. Single-workspace primary-care tenant.
+ *   4. Two-workspace mixed tenant — exercises the cross-workspace
  *      isolation flow that single-workspace tenants cannot.
  */
 declare const DEMO_TENANT_SPECS: ReadonlyArray<DemoTenantSpec>;
@@ -146,4 +195,4 @@ declare const openhiResourceIdentifier: (params: {
  */
 declare const demoRolesForUserInTenant: (_user: DemoDevUser, _tenantId: string) => ReadonlyArray<PlatformRoleCode>;
-export { DEMO_PERIOD as D, OPENHI_RESOURCE_URN_SYSTEM as O, PLACEHOLDER_TENANT_ID as P, SEED_DEMO_DATA_CONSUMER_NAME as S, DEMO_TENANT_SPECS as a, DEMO_URN_SYSTEM as b, DEV_USERS as c, type DemoDevUser as d, type DemoTenantSpec as e, type DemoWorkspaceSpec as f, PLACEHOLDER_WORKSPACE_ID as g, demoMembershipId as h, demoRoleAssignmentId as i, demoRolesForUserInTenant as j, demoScenarioIdentifier as k, openhiResourceIdentifier as o };
+export { DEMO_PERIOD as D, ON_SITE_DEMO_TENANT_ID as O, PLACEHOLDER_TENANT_ID as P, SEED_DEMO_DATA_CONSUMER_NAME as S, DEMO_TENANT_SPECS as a, DEMO_URN_SYSTEM as b, DEV_USERS as c, type DemoDevUser as d, type DemoTenantSpec as e, type DemoWorkspaceSpec as f, ON_SITE_DEMO_WORKSPACE_ID as g, OPENHI_RESOURCE_URN_SYSTEM as h, PLACEHOLDER_WORKSPACE_ID as i, demoMembershipId as j, demoRoleAssignmentId as k, demoRolesForUserInTenant as l, demoScenarioIdentifier as m, openhiResourceIdentifier as o };

package/lib/{events-DTgo2dcW.d.ts → events-TG654e7L.d.ts} RENAMED Viewed

@@ -30,16 +30,54 @@ declare const DEMO_PERIOD: {
     readonly start: "2026-01-01T00:00:00Z";
 };
-/** Placeholder Tenant id seeded by the workflow as the dev-user `currentTenant`. */
+/**
+ * Placeholder Tenant id.
+ *
+ * The placeholder is a **system sentinel**, not a user-facing demo
+ * tenant. It exists for two reasons:
+ *
+ *   1. `pre-token-generation.handler.ts` stamps this id into the
+ *      JWT `ohi_tid` claim when a User cannot be resolved (no
+ *      DynamoDB record, missing `currentTenant`/`currentWorkspace`,
+ *      etc.) so the token still satisfies `openHiContextMiddleware`
+ *      and downstream APIs return a deterministic 403 instead of
+ *      crashing on a missing claim.
+ *   2. The seed workflow re-asserts a Tenant + Workspace record at
+ *      these ids so the JWT fallback dereferences to a real DynamoDB
+ *      row (avoids dangling references on read paths that follow
+ *      `Tenant/placeholder-tenant-id`).
+ *
+ * Dev users' `currentTenant`/`currentWorkspace` no longer point here
+ * (issue #1301) — they point at the on-site demo tenant below. The
+ * placeholder records remain seeded purely as a structural sentinel.
+ */
 declare const PLACEHOLDER_TENANT_ID = "placeholder-tenant-id";
-/** Placeholder Workspace id seeded by the workflow as the dev-user `currentWorkspace`. */
+/** Placeholder Workspace id. See {@link PLACEHOLDER_TENANT_ID}. */
 declare const PLACEHOLDER_WORKSPACE_ID = "placeholder-workspace-id";
+/**
+ * Stable Tenant id for the on-site-medical UAT demo tenant
+ * (issue #1301). Downstream demo-data tickets (#1302 providers,
+ * #1303 facilities, #1304 patients/encounters, etc.) import this
+ * constant to attach their fixture resources without re-discovering
+ * the tenant.
+ *
+ * This is the tenant every seeded dev user lands on at sign-in
+ * (`currentTenant` on the seeded User resource). UAT testers see
+ * "On-Site Medical — Demo" in the Tenant Switcher on first sign-in.
+ */
+declare const ON_SITE_DEMO_TENANT_ID = "on-site-demo-tenant";
+/**
+ * Stable Workspace id under {@link ON_SITE_DEMO_TENANT_ID}. Single
+ * workspace for v1 UAT; workspace topology (per business line vs
+ * per jurisdiction) is deferred pending an ADR (#1301 design note).
+ */
+declare const ON_SITE_DEMO_WORKSPACE_ID = "on-site-demo-workspace";
 /**
  * Dev-user descriptor. Every entry produces:
  *   - one Cognito user (idempotent create-then-skip),
  *   - one DynamoDB User record (id = `dev-<email-local-part>`),
- *   - four Memberships (placeholder + the three demo tenants),
- *   - four `tenant-admin` RoleAssignments (one per tenant the user
+ *   - five Memberships (placeholder + on-site demo + three demo tenants),
+ *   - five `tenant-admin` RoleAssignments (one per tenant the user
  *     belongs to),
  *   - one `system-admin` RoleAssignment scoped to {@link PLATFORM_SCOPE_TENANT_ID}.
  */
@@ -48,6 +86,10 @@ interface DemoDevUser {
     readonly id: string;
     /** Email used as the Cognito `Username` and as the seed for the password algorithm. */
     readonly email: string;
+    /** Given name, populated on the seeded User FHIR resource as `name[0].given[0]`. */
+    readonly firstName: string;
+    /** Family name, populated on the seeded User FHIR resource as `name[0].family`. */
+    readonly lastName: string;
 }
 /**
  * Hardcoded dev-user roster. Adding a new developer is a one-line
@@ -58,8 +100,9 @@ interface DemoDevUser {
 declare const DEV_USERS: ReadonlyArray<DemoDevUser>;
 /**
  * A single workspace inside a demo tenant. The mixed tenant has two
- * workspaces (wound-care and primary-care sub-workspaces); the other
- * two tenants have one each.
+ * workspaces (wound-care and primary-care sub-workspaces); every
+ * other tenant (placeholder, on-site demo, wound-care, primary-care)
+ * has exactly one.
  */
 interface DemoWorkspaceSpec {
     /** Stable id (DynamoDB record id; also drives the canonical OHI URN). */
@@ -80,9 +123,10 @@ interface DemoWorkspaceSpec {
  */
 interface DemoTenantSpec {
     /**
-     * Scenario slug — `placeholder`, `demo-wound-care`, `demo-primary-care`,
-     * `demo-mixed`. The placeholder tenant's slug is `placeholder`; the
-     * three demo tenants use `demo-*` slugs.
+     * Scenario slug — `placeholder`, `on-site-demo`, `demo-wound-care`,
+     * `demo-primary-care`, `demo-mixed`. The placeholder tenant uses
+     * `placeholder`; the on-site UAT demo tenant uses `on-site-demo`
+     * (#1301); the three demo tenants use `demo-*` slugs.
      */
     readonly scenario: string;
     /** Stable id (DynamoDB record id; also drives the canonical OHI URN). */
@@ -93,17 +137,22 @@ interface DemoTenantSpec {
     readonly workspaces: ReadonlyArray<DemoWorkspaceSpec>;
 }
 /**
- * The full demo-tenant graph. Four entries: the placeholder tenant the
- * JWT-claim fallback resolves to, plus the three v1 demo scenarios
- * (OPS-009 §"v1 scenarios"):
+ * The full demo-tenant graph. Five entries: the placeholder tenant
+ * the JWT-claim fallback resolves to, the on-site-medical UAT demo
+ * tenant every dev user lands on at sign-in (#1301), and the three
+ * v1 demo scenarios (OPS-009 §"v1 scenarios"):
  *
  *   0. Placeholder tenant — dereferences the JWT-claim fallback in
- *      `pre-token-generation.handler.ts` and acts as every dev user's
- *      `currentTenant`/`currentWorkspace` so Post-Confirmation skips
- *      default provisioning when a seeded User signs in.
- *   1. Single-workspace wound-care tenant.
- *   2. Single-workspace primary-care tenant.
- *   3. Two-workspace mixed tenant — exercises the cross-workspace
+ *      `pre-token-generation.handler.ts`. Carries no user-facing
+ *      content; exists purely so the JWT fallback resolves to a real
+ *      DynamoDB row instead of dangling.
+ *   1. On-site-medical UAT demo tenant — every seeded dev user's
+ *      `currentTenant`/`currentWorkspace`. Downstream demo-data
+ *      tickets (providers, facilities, patients) attach to this
+ *      tenant via {@link ON_SITE_DEMO_TENANT_ID}.
+ *   2. Single-workspace wound-care tenant.
+ *   3. Single-workspace primary-care tenant.
+ *   4. Two-workspace mixed tenant — exercises the cross-workspace
  *      isolation flow that single-workspace tenants cannot.
  */
 declare const DEMO_TENANT_SPECS: ReadonlyArray<DemoTenantSpec>;
@@ -146,4 +195,4 @@ declare const openhiResourceIdentifier: (params: {
  */
 declare const demoRolesForUserInTenant: (_user: DemoDevUser, _tenantId: string) => ReadonlyArray<PlatformRoleCode>;
-export { DEMO_PERIOD as D, OPENHI_RESOURCE_URN_SYSTEM as O, PLACEHOLDER_TENANT_ID as P, SEED_DEMO_DATA_CONSUMER_NAME as S, DEMO_TENANT_SPECS as a, DEMO_URN_SYSTEM as b, DEV_USERS as c, type DemoDevUser as d, type DemoTenantSpec as e, type DemoWorkspaceSpec as f, PLACEHOLDER_WORKSPACE_ID as g, demoMembershipId as h, demoRoleAssignmentId as i, demoRolesForUserInTenant as j, demoScenarioIdentifier as k, openhiResourceIdentifier as o };
+export { DEMO_PERIOD as D, ON_SITE_DEMO_TENANT_ID as O, PLACEHOLDER_TENANT_ID as P, SEED_DEMO_DATA_CONSUMER_NAME as S, DEMO_TENANT_SPECS as a, DEMO_URN_SYSTEM as b, DEV_USERS as c, type DemoDevUser as d, type DemoTenantSpec as e, type DemoWorkspaceSpec as f, ON_SITE_DEMO_WORKSPACE_ID as g, OPENHI_RESOURCE_URN_SYSTEM as h, PLACEHOLDER_WORKSPACE_ID as i, demoMembershipId as j, demoRoleAssignmentId as k, demoRolesForUserInTenant as l, demoScenarioIdentifier as m, openhiResourceIdentifier as o };

package/lib/finalize.handler.js CHANGED Viewed

@@ -139,7 +139,7 @@ var require_control_plane = __commonJS({
   "../workflows/lib/detail-types/control-plane.js"(exports2) {
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.ControlPlaneRenameFailedV1 = exports2.ControlPlaneRenameCompleteV1 = exports2.ControlPlaneRenameV1 = exports2.RENAMABLE_ENTITY_TYPE = exports2.ControlPlaneOwningDeleteFailedV1 = exports2.ControlPlaneOwningDeleteCompleteV1 = exports2.ControlPlaneOwningDeleteV1 = exports2.OWNING_ENTITY_TYPE = void 0;
+    exports2.ControlPlaneWorkspaceDeletedV1 = exports2.ControlPlaneWorkspaceCreatedV1 = exports2.ControlPlaneRoleAssignmentDeletedV1 = exports2.ControlPlaneRoleAssignmentCreatedV1 = exports2.ControlPlaneMembershipDeletedV1 = exports2.ControlPlaneMembershipCreatedV1 = exports2.ControlPlaneRenameFailedV1 = exports2.ControlPlaneRenameCompleteV1 = exports2.ControlPlaneRenameV1 = exports2.RENAMABLE_ENTITY_TYPE = exports2.ControlPlaneOwningDeleteFailedV1 = exports2.ControlPlaneOwningDeleteCompleteV1 = exports2.ControlPlaneOwningDeleteV1 = exports2.OWNING_ENTITY_TYPE = void 0;
     var sources_1 = require_sources();
     var registry_1 = require_registry();
     exports2.OWNING_ENTITY_TYPE = {
@@ -181,6 +181,36 @@ var require_control_plane = __commonJS({
       source: sources_1.OPENHI_OPS_SOURCE,
       dedupRequired: true
     });
+    exports2.ControlPlaneMembershipCreatedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.membership-created.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
+    exports2.ControlPlaneMembershipDeletedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.membership-deleted.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
+    exports2.ControlPlaneRoleAssignmentCreatedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.role-assignment-created.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
+    exports2.ControlPlaneRoleAssignmentDeletedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.role-assignment-deleted.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
+    exports2.ControlPlaneWorkspaceCreatedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.workspace-created.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
+    exports2.ControlPlaneWorkspaceDeletedV1 = (0, registry_1.defineDetailType)({
+      detailType: "control-plane.workspace-deleted.v1",
+      source: sources_1.OPENHI_CONTROL_SOURCE,
+      dedupRequired: true
+    });
   }
 });
@@ -578,7 +608,7 @@ var require_lib = __commonJS({
   "../workflows/lib/index.js"(exports2) {
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.workflowDedupClient = exports2.recordIfAbsent = exports2.markFailed = exports2.encodeSortKey = exports2.WorkflowDedupTableNameMissingError = exports2.WorkflowDedupInvalidInputError = exports2.WORKFLOW_DEDUP_TABLE_NAME_ENV_VAR = exports2.WORKFLOW_DEDUP_MAX_CONSUMER_NAME_LENGTH = exports2.WORKFLOW_DEDUP_DEFAULT_TTL_SECONDS = exports2.parseWorkflowEvent = exports2.UnsupportedEnvelopeVersionError = exports2.InvalidWorkflowEventError = exports2.workflowsClient = exports2.publishWorkflowEvent = exports2.WorkflowPublishError = exports2.isWellFormedDetailType = exports2.defineDetailType = exports2.RENAMABLE_ENTITY_TYPE = exports2.PlatformSystemDataSeededV1 = exports2.PlatformDeploymentCompletedV1 = exports2.OWNING_ENTITY_TYPE = exports2.InvalidDetailTypeRegistrationError = exports2.ControlPlaneRenameV1 = exports2.ControlPlaneRenameFailedV1 = exports2.ControlPlaneRenameCompleteV1 = exports2.ControlPlaneOwningDeleteV1 = exports2.ControlPlaneOwningDeleteFailedV1 = exports2.ControlPlaneOwningDeleteCompleteV1 = exports2.OPENHI_OPS_SOURCE = exports2.OPENHI_DATA_SOURCE = exports2.OPENHI_CONTROL_SOURCE = exports2.DEFAULT_BUS_NAME_BY_SOURCE = exports2.workflowUserActorFromClaims = exports2.isWorkflowUserActor = exports2.isWorkflowSystemActor = exports2.MissingActorContextError = exports2.isSupportedEnvelopeVersion = exports2.ENVELOPE_VERSION = void 0;
+    exports2.workflowDedupClient = exports2.recordIfAbsent = exports2.markFailed = exports2.encodeSortKey = exports2.WorkflowDedupTableNameMissingError = exports2.WorkflowDedupInvalidInputError = exports2.WORKFLOW_DEDUP_TABLE_NAME_ENV_VAR = exports2.WORKFLOW_DEDUP_MAX_CONSUMER_NAME_LENGTH = exports2.WORKFLOW_DEDUP_DEFAULT_TTL_SECONDS = exports2.parseWorkflowEvent = exports2.UnsupportedEnvelopeVersionError = exports2.InvalidWorkflowEventError = exports2.workflowsClient = exports2.publishWorkflowEvent = exports2.WorkflowPublishError = exports2.isWellFormedDetailType = exports2.defineDetailType = exports2.RENAMABLE_ENTITY_TYPE = exports2.PlatformSystemDataSeededV1 = exports2.PlatformDeploymentCompletedV1 = exports2.OWNING_ENTITY_TYPE = exports2.InvalidDetailTypeRegistrationError = exports2.ControlPlaneWorkspaceDeletedV1 = exports2.ControlPlaneWorkspaceCreatedV1 = exports2.ControlPlaneRoleAssignmentDeletedV1 = exports2.ControlPlaneRoleAssignmentCreatedV1 = exports2.ControlPlaneRenameV1 = exports2.ControlPlaneRenameFailedV1 = exports2.ControlPlaneRenameCompleteV1 = exports2.ControlPlaneOwningDeleteV1 = exports2.ControlPlaneOwningDeleteFailedV1 = exports2.ControlPlaneOwningDeleteCompleteV1 = exports2.ControlPlaneMembershipDeletedV1 = exports2.ControlPlaneMembershipCreatedV1 = exports2.OPENHI_OPS_SOURCE = exports2.OPENHI_DATA_SOURCE = exports2.OPENHI_CONTROL_SOURCE = exports2.DEFAULT_BUS_NAME_BY_SOURCE = exports2.workflowUserActorFromClaims = exports2.isWorkflowUserActor = exports2.isWorkflowSystemActor = exports2.MissingActorContextError = exports2.isSupportedEnvelopeVersion = exports2.ENVELOPE_VERSION = void 0;
     var envelope_version_1 = require_envelope_version();
     Object.defineProperty(exports2, "ENVELOPE_VERSION", { enumerable: true, get: function() {
       return envelope_version_1.ENVELOPE_VERSION;
@@ -613,6 +643,12 @@ var require_lib = __commonJS({
       return sources_1.OPENHI_OPS_SOURCE;
     } });
     var detail_types_1 = require_detail_types();
+    Object.defineProperty(exports2, "ControlPlaneMembershipCreatedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneMembershipCreatedV1;
+    } });
+    Object.defineProperty(exports2, "ControlPlaneMembershipDeletedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneMembershipDeletedV1;
+    } });
     Object.defineProperty(exports2, "ControlPlaneOwningDeleteCompleteV1", { enumerable: true, get: function() {
       return detail_types_1.ControlPlaneOwningDeleteCompleteV1;
     } });
@@ -631,6 +667,18 @@ var require_lib = __commonJS({
     Object.defineProperty(exports2, "ControlPlaneRenameV1", { enumerable: true, get: function() {
       return detail_types_1.ControlPlaneRenameV1;
     } });
+    Object.defineProperty(exports2, "ControlPlaneRoleAssignmentCreatedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneRoleAssignmentCreatedV1;
+    } });
+    Object.defineProperty(exports2, "ControlPlaneRoleAssignmentDeletedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneRoleAssignmentDeletedV1;
+    } });
+    Object.defineProperty(exports2, "ControlPlaneWorkspaceCreatedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneWorkspaceCreatedV1;
+    } });
+    Object.defineProperty(exports2, "ControlPlaneWorkspaceDeletedV1", { enumerable: true, get: function() {
+      return detail_types_1.ControlPlaneWorkspaceDeletedV1;
+    } });
     Object.defineProperty(exports2, "InvalidDetailTypeRegistrationError", { enumerable: true, get: function() {
       return detail_types_1.InvalidDetailTypeRegistrationError;
     } });