Ghasi e-Prescribing Gateway Service — Deployment Topology
Status: populated
Owner: TBD
Last updated: 2026-04-18
Companion: Service Template · 03 platform-services · 02 DDD
Runtime
| Attribute | Value |
|---|
| Runtime | Node.js 22 LTS, NestJS 11 |
| Language | TypeScript 5.x |
| Package | @ghasi/service-eprescribing-gateway |
| Container | Docker; base node:22-alpine |
| Port | 3000 (HTTP) |
| Kong route (direct) | /v1/ghasi-e-prescribing-gateway |
| Via fhir-gateway | /fhir/R4/interop/ghasi-eprescribing/* (preferred for first-party) |
Replicas and Scaling
| Environment | Min replicas | Max replicas | Scale trigger |
|---|
| Production | 3 | 12 | CPU > 65% or request queue > 100 |
| Staging | 2 | 4 | Manual or CPU > 80% |
| Development | 1 | 1 | — |
Higher minimum replicas than typical services due to HIPAA-equivalent criticality. Rolling update strategy; zero-downtime deployments required.
Runtime Dependencies
| Dependency | Type | Notes |
|---|
Postgres 16 (gepgw_* schema) | Primary store | RLS; connection pool via Drizzle |
| NATS JetStream | Event bus | Outbox relay; stream EPRESCRIBING_EVENTS |
| Keycloak | AuthN/AuthZ | JWT + JWKS; B2B client credentials |
| Kong | API gateway | Two routes: direct + interop proxy |
| fhir-gateway | Proxy inbound | Forwards first-party service calls |
| provider-directory-service | Pharmacy routing | Org/Endpoint resolution |
| terminology-service | Coding validation | ATC, RxNorm, SNOMED |
| audit-service | Audit pipeline | Fire-and-forget |
| Redis (Phase 2) | Idempotency + rate limit | Phase 1: Postgres only |
Regions and Data Residency
- Deployed per-region per tenant data residency.
- Reference regions: Afghanistan (AFG), UAE.
- Cross-region prescription routing requires explicit tenant configuration and legal/data-placement ADR (Phase 4 gated).
gepgw_* Postgres stays in declared region.- NATS: per-region cluster; events do not cross regional boundary without ADR.
Resource Limits (per pod)
| Resource | Request | Limit |
|---|
| CPU | 500m | 2000m |
| Memory | 512 Mi | 1 Gi |
Higher than typical services: IG validation and FHIR JSON processing are CPU-intensive.
Environment Variables
| Variable | Purpose |
|---|
DATABASE_URL | gepgw_* Postgres connection |
NATS_URL | JetStream URL |
KEYCLOAK_JWKS_URI | JWKS endpoint |
PROVIDER_DIRECTORY_SERVICE_URL | Routing resolution |
TERMINOLOGY_SERVICE_URL | Coding validation |
AUDIT_SERVICE_URL | Audit pipeline |
REDIS_URL | Phase 2: idempotency/rate-limit store |
IG_VALIDATION_MODE | zod (Phase 1) or hapi (Phase 2) |
HAPI_VALIDATOR_URL | Phase 2: external HAPI FHIR validator URL |
EPRESCRIBING_MODULE_ENTITLEMENT | Feature flag key (ehr.ghasi_eprescribing_gateway) |
SUBSCRIPTION_SIGNING_KEY_ARN | KMS key for HMAC subscription signing |
OTEL_EXPORTER_OTLP_ENDPOINT | OTel collector |