§01

Overview

What it is: a service for handling protected health information (PHI) for the US healthtech platform platform (part of the healthcare ecosystem leading into MISS #36). Designed for multi-region deployment: US (AWS Secrets Manager + Cognito + KMS) and KSA / Saudi Arabia (HashiCorp Vault + Keycloak) — regional data compliance.
Type / status / role: api (microservice) / active / lead (top author 39/50; + US healthtech platform team Harsh/aniashev).
Activity period: 2026-01-05 → 2026-02-09 (~5 weeks); part of the regain cluster (likely integrates into / is absorbed by MISS).

§02

Stack

Core: Elysia.js (Bun) + Drizzle ORM/PostgreSQL, strict TS (exactOptionalPropertyTypes), bun:test.
Workflows: Temporal (@temporalio client/worker/workflow/activity — durable workflows) + Inngest (event-driven jobs, docker-compose.inngest).
Auth (regional): AuthProvider/TokenProvider interfaces; KeycloakAuthProvider (KSA) and CognitoAuthProvider (US); singleton factory.
Secrets/Crypto: CryptoInitializer singleton with env/Vault/KMS init paths; AWS Secrets Manager (US) / Vault (KSA).
Observability: OpenTelemetry (OTLP-proto exporter), LogTape (structured logging).
External services: notification-service, anon-service (#7), labs-service, keycloak, pii-service (#46) — PHI/PII separation.
Infra: Helm (dual-region charts + values-prod-us.yaml), Docker (+Dockerfile.worker), GitLab CI + GitHub, biome.

§03

Dual-region provider abstraction (src/core/auth/, security/crypto-initializer.ts): a single AuthProvider/TokenProvider interface + factory → switching Keycloak↔Cognito and Vault↔AWS-KMS by DEPLOY_REGION, without parallel code bases. → A thoughtful strategy/factory design for regulatory multi-region (US vs KSA data residency). Strong architectural choice.
Dynamic import to exclude the AWS SDK in KSA mode (crypto-initializer): the KMS provider is loaded dynamically so the AWS SDK isn't pulled in (and TDZ errors from circular deps aren't triggered) when running in Saudi mode. → Subtle understanding of module loading / TDZ / circular deps (non-trivial TS skill).
PHI/PII separation + compliance (external pii-service/anon-service, audit/retention/archive services): processing of protected health data with audit, retention, archival. → Healthcare compliance (HIPAA-like).
Durable workflows on Temporal + event jobs on Inngest — reliable async processing.
Testing/typing discipline: exactOptionalPropertyTypes, constructor injection instead of env-mock (because mock.module() in Bun leaks between files) — mature testability practices.

§04

Sessions found: 0 for the exact path key (local Claude Code sessions directory). A local .claude/ + CLAUDE.md exist; work was likely done from a different path/machine (the US healthtech platform team) or sessions are not in this profile.
What was done with AI: CLAUDE.md captures AI instructions (testing patterns, TS gotchas) — Claude Code was used; no transcripts in the profile.
Pattern: plan-driven (MIGRATION_PLAN/TESTING_PLAN/IMPLEMENTATION_SUMMARY) — documented AI-assisted development.

§05

Production-grade healthcare PHI service: multi-region (US/KSA), Temporal, OTel, Helm.
39 user commits (top author) over ~5 weeks.
Mature engineering: provider abstractions, dynamic-import optimization, audit/retention, test plans.