ReadonlyserviceStable, human-readable name for the service. Must be set explicitly on each subclass
because this.constructor.name gets mangled by minification in production builds,
which breaks tracing/observability span names.
ProtectedrunProtectedspanOptional hook for subclasses to attach extra non-PII span attributes derived from params.
The returned attributes appear on the service.${serviceName} span (and, for jobs,
on job.enqueue.* and job.run.* spans too).
Safe ID-like keys on params (e.g. patientId, templateIds, limit, cursor) are
already auto-extracted via toSpanAttributes("service.input", params) — you don't need
to enumerate them here. Use this hook for derived/computed attributes (counts, flags,
computed names) or for fields you've explicitly verified safe but that aren't in the
global allowlist. Hook output overrides auto-extracted attributes on key collision.
Safe by default: returns {} when not overridden. Only declare keys you've confirmed
are non-PII. Never include emails, names, dob, free-text, etc.
ProtectedspanOptional hook for subclasses to attach extra non-PII span attributes derived from the
successful service result. Only called when run resolves successfully; on error, the
span is marked via markSpanError instead.
Safe by default: returns {} when not overridden. Only declare keys you've confirmed
are non-PII (e.g. counts, status flags, computed summaries). Never include emails,
names, dob, free-text, etc.
Persists a newly-generated session note (text or audio path) AND kicks off chart-review validations against the saved note. The two steps are bundled here so that the contract "every persisted note triggers validations" can't be broken by a future caller that forgets the second step — see UpdateSessionAiNoteService for the post-edit equivalent.
Validation-kickoff failures are logged but never fail the parent save — matching the V1 contract: missing validations are recoverable (the manual "run validations" path can backfill), but losing the note is not.