@adtrackify/at-service-common 3.19.18 → 3.19.20

package/dist/cjs/__tests__/identity-cache/identity-cache-dynamodb-service.spec.js

@@ -29,6 +29,15 @@ const mockedDynamoDbClient = index_js_1.DynamoDbClient;
 describe('IdentityCacheDynamoDbService', () => {
     beforeEach(() => {
         jest.clearAllMocks();
+        mockedDynamoDbClient.safeGet.mockReset();
+        mockedDynamoDbClient.safePut.mockReset();
+        mockedDynamoDbClient.safeDelete.mockReset();
+        mockedDynamoDbClient.safeBatchGet.mockReset();
+        mockedDynamoDbClient.safeBatchWrite.mockReset();
+        mockedDynamoDbClient.safeQueryByGSI.mockReset();
+        mockedDynamoDbClient.batchWrite.mockReset();
+        mockInvokeFunction.mockReset();
+        identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.lambdaInvokeClient = undefined;
     });
     describe('getIdentityWithCaching', () => {
         const pixelId = 'pixel123';
@@ -155,7 +164,7 @@ describe('IdentityCacheDynamoDbService', () => {
                 const incomingIdentity = {
                     traits: { emails: ['test@email.com'] },
                 };
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 mockInvokeFunction.mockResolvedValueOnce({
                     statusCode: 200,
                     body: JSON.stringify({
@@ -175,7 +184,7 @@ describe('IdentityCacheDynamoDbService', () => {
                 const incomingIdentity = {
                     traits: { emails: ['test@email.com'] },
                 };
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 mockInvokeFunction.mockResolvedValueOnce({
                     statusCode: 200,
                     body: JSON.stringify({ identity: undefined }),
@@ -209,7 +218,7 @@ describe('IdentityCacheDynamoDbService', () => {
                 const incomingIdentity = {
                     traits: { emails: ['test@email.com'] },
                 };
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 mockInvokeFunction.mockResolvedValueOnce({
                     statusCode: 200,
                     body: JSON.stringify({
@@ -239,26 +248,22 @@ describe('IdentityCacheDynamoDbService', () => {
             it('should build correct pk for email lookup (lowercase)', async () => {
                 const pixelId = 'pixel123';
                 const email = 'Test@Email.COM';
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { emails: [email] },
                 });
-                expect(mockedDynamoDbClient.safeBatchGet).toHaveBeenCalledWith(expect.any(String), [
-                    { pk: `email#${pixelId}#test@email.com` },
-                ]);
+                expect(mockedDynamoDbClient.safeGet).toHaveBeenCalledWith(expect.any(String), 'pk', `email#${pixelId}#test@email.com`);
             });
         });
-        describe('buildUserIdPk', () => {
-            it('should build correct pk for userId lookup (trimmed)', async () => {
+        describe('buildUserIdPk (no longer used for lookup)', () => {
+            it('should NOT lookup by userId (optimization: email-only secondary lookup)', async () => {
                 const pixelId = 'pixel123';
                 const userId = '  user789  ';
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { userIds: [userId] },
                 });
-                expect(mockedDynamoDbClient.safeBatchGet).toHaveBeenCalledWith(expect.any(String), [
-                    { pk: `user_id#${pixelId}#user789` },
-                ]);
+                expect(mockedDynamoDbClient.safeBatchGet).not.toHaveBeenCalled();
             });
         });
     });
@@ -324,66 +329,62 @@ describe('IdentityCacheDynamoDbService', () => {
             });
         });
         describe('without identityId (secondary lookup)', () => {
-            it('should use batch get for email and userId lookups', async () => {
-                const cachedResponse = {
+            it('should use single get for email lookup (pointer-based)', async () => {
+                const pointerRecord = {
                     pk: `email#${pixelId}#test@email.com`,
                     pixelId,
                     identityId: 'resolved-id',
-                    response: {
-                        identityId: 'resolved-id',
-                        traits: { emails: ['test@email.com'] },
-                    },
+                    gsi1pk: 'resolved-id',
                     updatedAt: new Date().toISOString(),
                 };
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([cachedResponse]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(pointerRecord);
                 const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { emails: ['test@email.com'], userIds: ['user123'] },
                 });
-                expect(mockedDynamoDbClient.safeBatchGet).toHaveBeenCalledWith(expect.any(String), [
-                    { pk: `email#${pixelId}#test@email.com` },
-                    { pk: `user_id#${pixelId}#user123` },
-                ]);
+                expect(mockedDynamoDbClient.safeGet).toHaveBeenCalledWith(expect.any(String), 'pk', `email#${pixelId}#test@email.com`);
+                expect(mockedDynamoDbClient.safeBatchGet).not.toHaveBeenCalled();
                 expect(result.resolvedIdentity).toBeDefined();
                 expect(result.resolvedIdentity?.traits?.emails).toContain('test@email.com');
                 expect(result.isCacheStale).toBe(true);
             });
-            it('should detect conflict when multiple identityIds found', async () => {
-                const response1 = {
+            it('should return discovered identityId with stale flag for Neptune resolution', async () => {
+                const pointerRecord = {
                     pk: `email#${pixelId}#test@email.com`,
                     pixelId,
-                    identityId: 'identity-1',
-                    response: { identityId: 'identity-1' },
-                    updatedAt: new Date().toISOString(),
-                };
-                const response2 = {
-                    pk: `user_id#${pixelId}#user123`,
-                    pixelId,
-                    identityId: 'identity-2',
-                    response: { identityId: 'identity-2' },
+                    identityId: 'discovered-id',
+                    gsi1pk: 'discovered-id',
                     updatedAt: new Date().toISOString(),
                 };
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([response1, response2]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(pointerRecord);
                 const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { emails: ['test@email.com'], userIds: ['user123'] },
                 });
-                expect(result.resolvedIdentity).toBeUndefined();
+                expect(result.resolvedIdentity).toBeDefined();
+                expect(result.resolvedIdentity?.identityId).toBe('discovered-id');
                 expect(result.isCacheStale).toBe(true);
             });
             it('should return cache miss when no secondary keys match', async () => {
-                mockedDynamoDbClient.safeBatchGet.mockResolvedValueOnce([]);
+                mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
                 const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { emails: ['unknown@email.com'] },
                 });
                 expect(result.resolvedIdentity).toBeUndefined();
                 expect(result.isCacheStale).toBe(true);
             });
-            it('should return cache miss when no secondary keys to lookup', async () => {
+            it('should return cache miss when no emails to lookup', async () => {
+                const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                    traits: { userIds: ['user123'] },
+                });
+                expect(result.resolvedIdentity).toBeUndefined();
+                expect(result.isCacheStale).toBe(true);
+                expect(mockedDynamoDbClient.safeGet).not.toHaveBeenCalled();
+            });
+            it('should return cache miss when empty traits', async () => {
                 const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: {},
                 });
                 expect(result.resolvedIdentity).toBeUndefined();
                 expect(result.isCacheStale).toBe(true);
-                expect(mockedDynamoDbClient.safeBatchGet).not.toHaveBeenCalled();
             });
         });
         describe('error handling (fail-open)', () => {
@@ -395,8 +396,8 @@ describe('IdentityCacheDynamoDbService', () => {
                 expect(result.resolvedIdentity).toBeUndefined();
                 expect(result.isCacheStale).toBe(true);
             });
-            it('should return cache miss on safeBatchGet error', async () => {
-                mockedDynamoDbClient.safeBatchGet.mockRejectedValueOnce(new Error('DynamoDB error'));
+            it('should return cache miss on safeGet error for email lookup', async () => {
+                mockedDynamoDbClient.safeGet.mockRejectedValueOnce(new Error('DynamoDB error'));
                 const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
                     traits: { emails: ['test@email.com'] },
                 });
@@ -419,7 +420,7 @@ describe('IdentityCacheDynamoDbService', () => {
     });
     describe('updateIdentityCache', () => {
         const pixelId = 'pixel123';
-        it('should write identity with all secondary keys', async () => {
+        it('should write identity with email pointer (no full blob on secondary keys)', async () => {
             const identity = {
                 identityId: 'identity456',
                 traits: {
@@ -430,13 +431,21 @@ describe('IdentityCacheDynamoDbService', () => {
             await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
             expect(mockedDynamoDbClient.safeBatchWrite).toHaveBeenCalledTimes(1);
             const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
-            expect(writtenItems).toHaveLength(5);
+            expect(writtenItems).toHaveLength(3);
             const pks = writtenItems.map((item) => item.pk);
             expect(pks).toContain(`identity#${pixelId}#identity456`);
             expect(pks).toContain(`email#${pixelId}#test@email.com`);
             expect(pks).toContain(`email#${pixelId}#other@email.com`);
-            expect(pks).toContain(`user_id#${pixelId}#user1`);
-            expect(pks).toContain(`user_id#${pixelId}#user2`);
+            expect(pks).not.toContain(`user_id#${pixelId}#user1`);
+            expect(pks).not.toContain(`user_id#${pixelId}#user2`);
+            const identityItem = writtenItems.find((item) => item.pk.startsWith('identity#'));
+            expect(identityItem).toBeDefined();
+            expect(identityItem.response).toBeDefined();
+            expect(identityItem.response.identityId).toBe('identity456');
+            const emailItem = writtenItems.find((item) => item.pk.startsWith('email#'));
+            expect(emailItem).toBeDefined();
+            expect(emailItem.response).toBeUndefined();
+            expect(emailItem.identityId).toBe('identity456');
         });
         it('should not throw on safeBatchWrite error (fail-open)', async () => {
             mockedDynamoDbClient.safeBatchWrite.mockRejectedValueOnce(new Error('DynamoDB error'));
@@ -781,5 +790,352 @@ describe('IdentityCacheDynamoDbService', () => {
             expect(result.isCacheStale).toBe(false);
         });
     });
+    describe('multiple emails pointer writes', () => {
+        const pixelId = 'pixel123';
+        it('should write ALL emails as pointer records (not just first)', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: {
+                    emails: ['first@email.com', 'second@email.com', 'third@email.com', 'fourth@email.com'],
+                },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            expect(writtenItems).toHaveLength(5);
+            const emailPks = writtenItems
+                .filter((item) => item.pk.startsWith('email#'))
+                .map((item) => item.pk);
+            expect(emailPks).toContain(`email#${pixelId}#first@email.com`);
+            expect(emailPks).toContain(`email#${pixelId}#second@email.com`);
+            expect(emailPks).toContain(`email#${pixelId}#third@email.com`);
+            expect(emailPks).toContain(`email#${pixelId}#fourth@email.com`);
+        });
+        it('should skip null/undefined emails in array', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: {
+                    emails: ['valid@email.com', null, undefined, '', 'another@email.com'],
+                },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            const emailItems = writtenItems.filter((item) => item.pk.startsWith('email#'));
+            expect(emailItems).toHaveLength(2);
+            expect(emailItems.map((e) => e.pk)).toContain(`email#${pixelId}#valid@email.com`);
+            expect(emailItems.map((e) => e.pk)).toContain(`email#${pixelId}#another@email.com`);
+        });
+        it('should handle empty emails array', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: { emails: [] },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            expect(writtenItems).toHaveLength(1);
+            expect(writtenItems[0].pk).toBe(`identity#${pixelId}#identity456`);
+        });
+        it('should handle email normalization (lowercase)', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: {
+                    emails: ['UPPERCASE@EMAIL.COM', 'MixedCase@Email.Com'],
+                },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            const emailPks = writtenItems
+                .filter((item) => item.pk.startsWith('email#'))
+                .map((item) => item.pk);
+            expect(emailPks).toContain(`email#${pixelId}#uppercase@email.com`);
+            expect(emailPks).toContain(`email#${pixelId}#mixedcase@email.com`);
+        });
+    });
+    describe('null/undefined traits edge cases', () => {
+        const pixelId = 'pixel123';
+        it('should handle null traits object', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: null,
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            expect(writtenItems).toHaveLength(1);
+        });
+        it('should handle undefined traits object', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: undefined,
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            expect(writtenItems).toHaveLength(1);
+        });
+        it('should return cache miss for identity with null traits in lookup', async () => {
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: null,
+            });
+            expect(result.resolvedIdentity).toBeUndefined();
+            expect(result.isCacheStale).toBe(true);
+            expect(mockedDynamoDbClient.safeGet).not.toHaveBeenCalled();
+        });
+        it('should handle identity with undefined emails in traits', async () => {
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: { userIds: ['user123'] },
+            });
+            expect(result.resolvedIdentity).toBeUndefined();
+            expect(result.isCacheStale).toBe(true);
+        });
+    });
+    describe('backward compatibility (old full-blob format)', () => {
+        const pixelId = 'pixel123';
+        it('should read old format email record with full response blob', async () => {
+            const oldFormatEmailRecord = {
+                pk: `email#${pixelId}#test@email.com`,
+                pixelId,
+                identityId: 'discovered-id',
+                gsi1pk: 'discovered-id',
+                response: {
+                    identityId: 'discovered-id',
+                    traits: { emails: ['test@email.com', 'other@email.com'] },
+                },
+                updatedAt: new Date().toISOString(),
+            };
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(oldFormatEmailRecord);
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: { emails: ['test@email.com'] },
+            });
+            expect(result.resolvedIdentity).toBeDefined();
+            expect(result.resolvedIdentity?.identityId).toBe('discovered-id');
+            expect(result.isCacheStale).toBe(true);
+        });
+        it('should read new format pointer record (no response blob)', async () => {
+            const newFormatPointerRecord = {
+                pk: `email#${pixelId}#test@email.com`,
+                pixelId,
+                identityId: 'discovered-id',
+                gsi1pk: 'discovered-id',
+                updatedAt: new Date().toISOString(),
+            };
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(newFormatPointerRecord);
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: { emails: ['test@email.com'] },
+            });
+            expect(result.resolvedIdentity).toBeDefined();
+            expect(result.resolvedIdentity?.identityId).toBe('discovered-id');
+            expect(result.isCacheStale).toBe(true);
+        });
+        it('should trigger Neptune resolution after finding pointer record', async () => {
+            const lambdaArn = 'arn:aws:lambda:us-east-1:123456789:function:identity-private';
+            const pointerRecord = {
+                pk: `email#${pixelId}#test@email.com`,
+                pixelId,
+                identityId: 'discovered-id',
+                gsi1pk: 'discovered-id',
+                updatedAt: new Date().toISOString(),
+            };
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(pointerRecord);
+            mockInvokeFunction.mockResolvedValueOnce({
+                statusCode: 200,
+                body: JSON.stringify({
+                    identity: {
+                        identityId: 'discovered-id',
+                        traits: { emails: ['test@email.com', 'resolved@email.com'] },
+                    },
+                }),
+            });
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(pixelId, { traits: { emails: ['test@email.com'] } }, lambdaArn);
+            expect(mockInvokeFunction).toHaveBeenCalledWith(lambdaArn, expect.objectContaining({
+                pixelId,
+                context: {
+                    identity: expect.objectContaining({
+                        identityId: 'discovered-id',
+                    }),
+                },
+            }));
+            expect(result?.identityId).toBe('discovered-id');
+        });
+    });
+    describe('deleteIdentityCache with multiple email pointers', () => {
+        const pixelId = 'pixel123';
+        it('should delete all email pointers from both incoming and resolved identities', async () => {
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue([
+                { pk: `identity#${pixelId}#identity456`, pixelId },
+            ]);
+            mockedDynamoDbClient.batchWrite.mockResolvedValue({ $metadata: {} });
+            const incomingIdentity = {
+                identityId: 'identity456',
+                traits: { emails: ['incoming1@email.com', 'incoming2@email.com'] },
+            };
+            const resolvedIdentity = {
+                identityId: 'identity456',
+                traits: { emails: ['resolved1@email.com', 'resolved2@email.com', 'resolved3@email.com'] },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, incomingIdentity, resolvedIdentity);
+            expect(mockedDynamoDbClient.batchWrite).toHaveBeenCalled();
+            const batchWriteCall = mockedDynamoDbClient.batchWrite.mock.calls[0][0];
+            const deleteRequests = batchWriteCall.RequestItems[Object.keys(batchWriteCall.RequestItems)[0]];
+            const deletedPks = deleteRequests.map((req) => req.DeleteRequest.Key.pk);
+            expect(deletedPks).toContain(`identity#${pixelId}#identity456`);
+            expect(deletedPks).toContain(`email#${pixelId}#incoming1@email.com`);
+            expect(deletedPks).toContain(`email#${pixelId}#incoming2@email.com`);
+            expect(deletedPks).toContain(`email#${pixelId}#resolved1@email.com`);
+            expect(deletedPks).toContain(`email#${pixelId}#resolved2@email.com`);
+            expect(deletedPks).toContain(`email#${pixelId}#resolved3@email.com`);
+        });
+        it('should handle empty emails in delete', async () => {
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue([
+                { pk: `identity#${pixelId}#identity456`, pixelId },
+            ]);
+            mockedDynamoDbClient.batchWrite.mockResolvedValue({ $metadata: {} });
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId: 'identity456', traits: { emails: [] } }, { identityId: 'identity456' });
+            expect(mockedDynamoDbClient.batchWrite).toHaveBeenCalled();
+        });
+        it('should handle missing traits in delete', async () => {
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue([
+                { pk: `identity#${pixelId}#identity456`, pixelId },
+            ]);
+            mockedDynamoDbClient.batchWrite.mockResolvedValue({ $metadata: {} });
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId: 'identity456' }, { identityId: 'identity456' });
+            expect(mockedDynamoDbClient.batchWrite).toHaveBeenCalled();
+        });
+        it('should not delete items from other pixelIds', async () => {
+            const otherPixelId = 'other-pixel';
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue([
+                { pk: `identity#${pixelId}#identity456`, pixelId },
+                { pk: `identity#${otherPixelId}#identity456`, pixelId: otherPixelId },
+            ]);
+            mockedDynamoDbClient.batchWrite.mockResolvedValue({ $metadata: {} });
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId: 'identity456' }, { identityId: 'identity456' });
+            const batchWriteCall = mockedDynamoDbClient.batchWrite.mock.calls[0][0];
+            const deleteRequests = batchWriteCall.RequestItems[Object.keys(batchWriteCall.RequestItems)[0]];
+            const deletedPks = deleteRequests.map((req) => req.DeleteRequest.Key.pk);
+            expect(deletedPks).toContain(`identity#${pixelId}#identity456`);
+            expect(deletedPks).not.toContain(`identity#${otherPixelId}#identity456`);
+        });
+    });
+    describe('GSI1 query for reverse lookups', () => {
+        const pixelId = 'pixel123';
+        it('should find all records by identityId via GSI1', async () => {
+            const identityId = 'identity456';
+            const mockResults = [
+                { pk: `identity#${pixelId}#${identityId}`, pixelId, identityId },
+                { pk: `email#${pixelId}#email1@test.com`, pixelId, identityId },
+                { pk: `email#${pixelId}#email2@test.com`, pixelId, identityId },
+            ];
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue(mockResults);
+            mockedDynamoDbClient.batchWrite.mockResolvedValue({ $metadata: {} });
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId }, { identityId });
+            expect(mockedDynamoDbClient.safeQueryByGSI).toHaveBeenCalledWith(expect.any(String), expect.any(String), 'gsi1pk', identityId);
+        });
+        it('should handle GSI1 query returning empty results', async () => {
+            mockedDynamoDbClient.safeQueryByGSI.mockResolvedValue([]);
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId: 'unknown-id' }, { identityId: 'unknown-id' });
+            expect(mockedDynamoDbClient.batchWrite).not.toHaveBeenCalled();
+        });
+        it('should handle GSI1 query error gracefully (fail-open)', async () => {
+            mockedDynamoDbClient.safeQueryByGSI.mockRejectedValueOnce(new Error('GSI query failed'));
+            await expect(identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.deleteIdentityCache(pixelId, { identityId: 'identity456' }, { identityId: 'identity456' })).resolves.toBeUndefined();
+        });
+    });
+    describe('email pointer lookups', () => {
+        const pixelId = 'pixel123';
+        it('should only lookup first email (optimization)', async () => {
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: { emails: ['first@email.com', 'second@email.com', 'third@email.com'] },
+            });
+            expect(mockedDynamoDbClient.safeGet).toHaveBeenCalledTimes(1);
+            expect(mockedDynamoDbClient.safeGet).toHaveBeenCalledWith(expect.any(String), 'pk', `email#${pixelId}#first@email.com`);
+        });
+        it('should handle whitespace in email during lookup', async () => {
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityFromCache(pixelId, {
+                traits: { emails: ['  test@email.com  '] },
+            });
+            expect(mockedDynamoDbClient.safeGet).toHaveBeenCalled();
+        });
+    });
+    describe('fail-open behavior comprehensive', () => {
+        const pixelId = 'pixel123';
+        const lambdaArn = 'arn:aws:lambda:us-east-1:123456789:function:identity-private';
+        it('should return incoming identity when Neptune throws (fail-open fallback)', async () => {
+            const incomingIdentity = {
+                identityId: 'identity456',
+                traits: { emails: ['test@email.com'] },
+            };
+            mockedDynamoDbClient.safeGet.mockRejectedValueOnce(new Error('DynamoDB down'));
+            mockInvokeFunction.mockRejectedValueOnce(new Error('Lambda down'));
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(pixelId, incomingIdentity, lambdaArn);
+            expect(result).toEqual(incomingIdentity);
+        });
+        it('should continue when cache write fails after Neptune success', async () => {
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
+            mockInvokeFunction.mockResolvedValueOnce({
+                statusCode: 200,
+                body: JSON.stringify({
+                    identity: { identityId: 'resolved-id', traits: { emails: ['test@email.com'] } },
+                }),
+            });
+            mockedDynamoDbClient.safeBatchWrite.mockRejectedValueOnce(new Error('Write failed'));
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(pixelId, { traits: { emails: ['test@email.com'] } }, lambdaArn);
+            expect(result?.identityId).toBe('resolved-id');
+        });
+        it('should return incoming identity when Neptune returns non-200', async () => {
+            const incomingIdentity = {
+                identityId: 'incoming-id',
+                traits: { emails: ['test@email.com'] },
+            };
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
+            mockInvokeFunction.mockResolvedValueOnce({
+                statusCode: 500,
+                body: 'Internal Server Error',
+            });
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(pixelId, incomingIdentity, lambdaArn);
+            expect(result).toEqual(incomingIdentity);
+        });
+        it('should return incoming identity when Neptune returns malformed JSON (fail-open)', async () => {
+            const incomingIdentity = {
+                identityId: 'test-id',
+                traits: { emails: ['test@email.com'] },
+            };
+            mockedDynamoDbClient.safeGet.mockResolvedValueOnce(null);
+            mockInvokeFunction.mockResolvedValueOnce({
+                statusCode: 200,
+                body: 'not valid json',
+            });
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(pixelId, incomingIdentity, lambdaArn);
+            expect(result).toEqual(incomingIdentity);
+        });
+        it('should return undefined only when both inputs are invalid', async () => {
+            const result = await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.getIdentityWithCaching(null, null, lambdaArn);
+            expect(result).toBeUndefined();
+        });
+    });
+    describe('gsi1pk attribute on all records', () => {
+        const pixelId = 'pixel123';
+        it('should include gsi1pk on identity record', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: { emails: ['test@email.com'] },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            const identityItem = writtenItems.find((item) => item.pk.startsWith('identity#'));
+            expect(identityItem).toBeDefined();
+            expect(identityItem.gsi1pk).toBe('identity456');
+        });
+        it('should include gsi1pk on all email pointer records', async () => {
+            const identity = {
+                identityId: 'identity456',
+                traits: { emails: ['email1@test.com', 'email2@test.com'] },
+            };
+            await identity_cache_dynamodb_service_js_1.IdentityCacheDynamoDbService.updateIdentityCache(pixelId, identity);
+            const writtenItems = mockedDynamoDbClient.safeBatchWrite.mock.calls[0][1];
+            const emailItems = writtenItems.filter((item) => item.pk.startsWith('email#'));
+            for (const emailItem of emailItems) {
+                expect(emailItem.gsi1pk).toBe('identity456');
+            }
+        });
+    });
 });
 //# sourceMappingURL=identity-cache-dynamodb-service.spec.js.map