ReadonlyserviceStable, human-readable name for the service. Must be set explicitly on each subclass
because this.constructor.name gets mangled by minification in production builds,
which breaks tracing/observability span names.
ProtectedrunProtectedspanOptional hook for subclasses to attach extra non-PII span attributes derived from params.
The returned attributes appear on the service.${serviceName} span (and, for jobs,
on job.enqueue.* and job.run.* spans too).
Safe ID-like keys on params (e.g. patientId, templateIds, limit, cursor) are
already auto-extracted via toSpanAttributes("service.input", params) — you don't need
to enumerate them here. Use this hook for derived/computed attributes (counts, flags,
computed names) or for fields you've explicitly verified safe but that aren't in the
global allowlist. Hook output overrides auto-extracted attributes on key collision.
Safe by default: returns {} when not overridden. Only declare keys you've confirmed
are non-PII. Never include emails, names, dob, free-text, etc.
ProtectedspanOptional hook for subclasses to attach extra non-PII span attributes derived from the
successful service result. Only called when run resolves successfully; on error, the
span is marked via markSpanError instead.
Safe by default: returns {} when not overridden. Only declare keys you've confirmed
are non-PII (e.g. counts, status flags, computed summaries). Never include emails,
names, dob, free-text, etc.
Hourly sweep: prune expired job-execution records, then fan out one SyncIntegrationJobbable per active integration whose entity has the
integratedQueuesV2flag enabled. The flag is the v1/v2 ownership boundary — entities with it OFF are still synced by the legacy app, so skipped.Owns the
@repo/dbaccess (census/job repos) so the cron route stays a thin handler with no restricted imports; the route just invokes this service.