@codemation/host 0.0.1

package/src/infrastructure/persistence/DatabasePersistenceResolver.ts

@@ -0,0 +1,91 @@
+import path from "node:path";
+import type {
+  CodemationApplicationRuntimeConfig,
+  CodemationDatabaseConfig,
+  CodemationDatabaseKind,
+} from "../../presentation/config/CodemationConfig";
+
+export type ResolvedDatabasePersistence =
+  | Readonly<{ kind: "none" }>
+  | Readonly<{ kind: "postgresql"; databaseUrl: string }>
+  | Readonly<{ kind: "pglite"; dataDir: string }>;
+
+const DEFAULT_PGLITE_RELATIVE_DIR = ".codemation/pglite";
+
+/**
+ * Resolves whether persistence uses TCP PostgreSQL, embedded PGlite, or in-memory stores.
+ * Uses {@link CodemationConfig.runtime.database} as the source of truth; optional `CODEMATION_DATABASE_KIND`
+ * and `CODEMATION_PGLITE_DATA_DIR` can override kind / PGlite directory. `DATABASE_URL` is not read here—put
+ * connection strings in `runtime.database.url` (often sourced from `process.env` inside `codemation.config.ts`).
+ */
+export class DatabasePersistenceResolver {
+  resolve(
+    args: Readonly<{ runtimeConfig: CodemationApplicationRuntimeConfig; env: NodeJS.ProcessEnv; consumerRoot: string }>,
+  ): ResolvedDatabasePersistence {
+    const db = args.runtimeConfig.database;
+    if (!db) {
+      return { kind: "none" };
+    }
+    const kind = this.resolveDatabaseKind(this.inferDatabaseKind(db), args.env);
+    if (kind === "postgresql") {
+      const url = db.url?.trim() ?? "";
+      if (!url) {
+        throw new Error('runtime.database.kind is "postgresql" but no database URL was set (runtime.database.url).');
+      }
+      if (!this.isPostgresUrl(url)) {
+        throw new Error(
+          `runtime.database.url must be a postgresql:// or postgres:// URL when kind is postgresql. Received: ${url}`,
+        );
+      }
+      return { kind: "postgresql", databaseUrl: url };
+    }
+    const dataDir = this.resolvePgliteDataDirFromConfig(db, args.env, args.consumerRoot);
+    return { kind: "pglite", dataDir };
+  }
+
+  resolveDatabaseKind(configured: CodemationDatabaseKind | undefined, env: NodeJS.ProcessEnv): CodemationDatabaseKind {
+    const fromEnv = env.CODEMATION_DATABASE_KIND?.trim();
+    if (fromEnv === "postgresql" || fromEnv === "pglite") {
+      return fromEnv;
+    }
+    if (configured) {
+      return configured;
+    }
+    return "pglite";
+  }
+
+  private inferDatabaseKind(db: CodemationDatabaseConfig): CodemationDatabaseKind {
+    if (db.kind) {
+      return db.kind;
+    }
+    const url = db.url?.trim();
+    if (url && this.isPostgresUrl(url)) {
+      return "postgresql";
+    }
+    return "pglite";
+  }
+
+  isPostgresUrl(value: string): boolean {
+    return value.startsWith("postgresql://") || value.startsWith("postgres://");
+  }
+
+  isPgliteUrl(value: string): boolean {
+    return value.startsWith("pglite:");
+  }
+
+  private resolvePgliteDataDirFromConfig(
+    db: NonNullable<CodemationApplicationRuntimeConfig["database"]>,
+    env: NodeJS.ProcessEnv,
+    consumerRoot: string,
+  ): string {
+    const fromEnv = env.CODEMATION_PGLITE_DATA_DIR?.trim();
+    if (fromEnv && fromEnv.length > 0) {
+      return path.isAbsolute(fromEnv) ? fromEnv : path.resolve(consumerRoot, fromEnv);
+    }
+    const configured = db.pgliteDataDir?.trim();
+    if (configured && configured.length > 0) {
+      return path.isAbsolute(configured) ? configured : path.resolve(consumerRoot, configured);
+    }
+    return path.resolve(consumerRoot, DEFAULT_PGLITE_RELATIVE_DIR);
+  }
+}

package/src/infrastructure/persistence/InMemoryTriggerSetupStateRepository.ts

@@ -0,0 +1,23 @@
+import type { PersistedTriggerSetupState, TriggerInstanceId, TriggerSetupStateRepository } from "@codemation/core";
+import { injectable } from "@codemation/core";
+
+@injectable()
+export class InMemoryTriggerSetupStateRepository implements TriggerSetupStateRepository {
+  private readonly statesByKey = new Map<string, PersistedTriggerSetupState>();
+
+  async load(trigger: TriggerInstanceId): Promise<PersistedTriggerSetupState | undefined> {
+    return this.statesByKey.get(this.toKey(trigger));
+  }
+
+  async save(state: PersistedTriggerSetupState): Promise<void> {
+    this.statesByKey.set(this.toKey(state.trigger), state);
+  }
+
+  async delete(trigger: TriggerInstanceId): Promise<void> {
+    this.statesByKey.delete(this.toKey(trigger));
+  }
+
+  private toKey(trigger: TriggerInstanceId): string {
+    return `${trigger.workflowId}:${trigger.nodeId}`;
+  }
+}

package/src/infrastructure/persistence/InMemoryWorkflowActivationRepository.ts

@@ -0,0 +1,18 @@
+import { injectable } from "@codemation/core";
+import type {
+  WorkflowActivationRepository,
+  WorkflowActivationRow,
+} from "../../domain/workflows/WorkflowActivationRepository";
+
+@injectable()
+export class InMemoryWorkflowActivationRepository implements WorkflowActivationRepository {
+  private readonly rows = new Map<string, boolean>();
+
+  async loadAll(): Promise<ReadonlyArray<WorkflowActivationRow>> {
+    return [...this.rows.entries()].map(([workflowId, isActive]) => ({ workflowId, isActive }));
+  }
+
+  async upsert(workflowId: string, active: boolean): Promise<void> {
+    this.rows.set(decodeURIComponent(workflowId), active);
+  }
+}

package/src/infrastructure/persistence/InMemoryWorkflowDebuggerOverlayRepository.ts

@@ -0,0 +1,16 @@
+import { injectable } from "@codemation/core";
+import type { WorkflowDebuggerOverlayRepository } from "../../domain/workflows/WorkflowDebuggerOverlayRepository";
+import type { WorkflowDebuggerOverlayState } from "../../domain/workflows/WorkflowDebuggerOverlayState";
+
+@injectable()
+export class InMemoryWorkflowDebuggerOverlayRepository implements WorkflowDebuggerOverlayRepository {
+  private readonly overlays = new Map<string, WorkflowDebuggerOverlayState>();
+
+  async load(workflowId: string): Promise<WorkflowDebuggerOverlayState | undefined> {
+    return this.overlays.get(decodeURIComponent(workflowId));
+  }
+
+  async save(state: WorkflowDebuggerOverlayState): Promise<void> {
+    this.overlays.set(state.workflowId, state);
+  }
+}

package/src/infrastructure/persistence/InMemoryWorkflowRunRepository.ts

@@ -0,0 +1,94 @@
+import {
+  RunFinishedAtFactory,
+  type NodeId,
+  type NodeOutputs,
+  type ParentExecutionRef,
+  type PersistedRunState,
+  type RunId,
+  type RunPruneCandidate,
+  type RunSummary,
+  type WorkflowExecutionRepository,
+  type WorkflowId,
+} from "@codemation/core";
+import { injectable } from "@codemation/core";
+import { RunSummaryMapper } from "@codemation/core/bootstrap";
+import type { WorkflowRunRepository } from "../../domain/runs/WorkflowRunRepository";
+
+@injectable()
+export class InMemoryWorkflowRunRepository implements WorkflowRunRepository, WorkflowExecutionRepository {
+  private readonly runs = new Map<RunId, PersistedRunState>();
+
+  async createRun(args: {
+    runId: RunId;
+    workflowId: WorkflowId;
+    startedAt: string;
+    parent?: ParentExecutionRef;
+    executionOptions?: PersistedRunState["executionOptions"];
+    control?: PersistedRunState["control"];
+    workflowSnapshot?: PersistedRunState["workflowSnapshot"];
+    mutableState?: PersistedRunState["mutableState"];
+    policySnapshot?: PersistedRunState["policySnapshot"];
+    engineCounters?: PersistedRunState["engineCounters"];
+  }): Promise<void> {
+    this.runs.set(args.runId, {
+      runId: args.runId,
+      workflowId: args.workflowId,
+      startedAt: args.startedAt,
+      parent: args.parent,
+      executionOptions: args.executionOptions,
+      control: args.control,
+      workflowSnapshot: args.workflowSnapshot,
+      mutableState: args.mutableState,
+      policySnapshot: args.policySnapshot,
+      engineCounters: args.engineCounters,
+      status: "running",
+      queue: [],
+      outputsByNode: {} as Record<NodeId, NodeOutputs>,
+      nodeSnapshotsByNodeId: {},
+      connectionInvocations: [],
+    });
+  }
+
+  async load(runId: string): Promise<PersistedRunState | undefined> {
+    return this.runs.get(decodeURIComponent(runId) as RunId);
+  }
+
+  async save(state: PersistedRunState): Promise<void> {
+    this.runs.set(state.runId, state);
+  }
+
+  async deleteRun(runId: RunId): Promise<void> {
+    this.runs.delete(runId);
+  }
+
+  async listRuns(args: Readonly<{ workflowId?: string; limit?: number }>): Promise<ReadonlyArray<RunSummary>> {
+    const limit = args?.limit ?? 50;
+    const workflowId = args?.workflowId ? decodeURIComponent(args.workflowId) : undefined;
+    const summaries = [...this.runs.values()]
+      .filter((s) => (workflowId ? s.workflowId === workflowId : true))
+      .sort((a, b) => b.startedAt.localeCompare(a.startedAt))
+      .slice(0, limit)
+      .map((s) => RunSummaryMapper.fromPersistedState(s));
+    return summaries;
+  }
+
+  async listRunsOlderThan(
+    args: Readonly<{ beforeIso: string; limit?: number }>,
+  ): Promise<ReadonlyArray<RunPruneCandidate>> {
+    const limit = args.limit ?? 100;
+    const out: RunPruneCandidate[] = [];
+    for (const s of this.runs.values()) {
+      if (s.status !== "completed" && s.status !== "failed") continue;
+      const finishedAt = RunFinishedAtFactory.resolveIso(s);
+      if (!finishedAt || finishedAt >= args.beforeIso) continue;
+      out.push({
+        runId: s.runId,
+        workflowId: s.workflowId,
+        startedAt: s.startedAt,
+        finishedAt,
+      });
+    }
+    out.sort((a, b) => a.finishedAt.localeCompare(b.finishedAt));
+    return out.slice(0, limit);
+  }
+}

package/src/infrastructure/persistence/PrismaClientFactory.ts

@@ -0,0 +1,26 @@
+import { PGlite } from "@electric-sql/pglite";
+import { injectable } from "@codemation/core";
+import { PrismaPg } from "@prisma/adapter-pg";
+import { PrismaPGlite } from "pglite-prisma-adapter";
+import { PrismaClient } from "./generated/prisma-client/client.js";
+
+export type PglitePrismaClients = Readonly<{
+  prismaClient: PrismaClient;
+  pglite: PGlite;
+}>;
+
+@injectable()
+export class PrismaClientFactory {
+  createPostgres(databaseUrl: string): PrismaClient {
+    const adapter = new PrismaPg({ connectionString: databaseUrl });
+    return new PrismaClient({ adapter });
+  }
+
+  async createPglite(dataDir: string): Promise<PglitePrismaClients> {
+    const pglite = new PGlite(dataDir);
+    await pglite.waitReady;
+    const adapter = new PrismaPGlite(pglite);
+    const prismaClient = new PrismaClient({ adapter });
+    return { prismaClient, pglite };
+  }
+}

package/src/infrastructure/persistence/PrismaCredentialStore.ts

@@ -0,0 +1,368 @@
+import { inject, injectable } from "@codemation/core";
+
+import type {
+  CredentialInstanceRecord,
+  CredentialOAuth2MaterialMetadata,
+  CredentialOAuth2MaterialRecord,
+  CredentialOAuth2StateRecord,
+  CredentialSecretMaterialRecord,
+  CredentialStore,
+  CredentialTestRecord,
+} from "../../domain/credentials/CredentialServices";
+
+import { PrismaClient } from "./generated/prisma-client/client.js";
+
+@injectable()
+export class PrismaCredentialStore implements CredentialStore {
+  constructor(@inject(PrismaClient) private readonly prisma: PrismaClient) {}
+
+  async listInstances(): Promise<ReadonlyArray<CredentialInstanceRecord>> {
+    const rows = await this.prisma.credentialInstance.findMany({
+      orderBy: { updatedAt: "desc" },
+    });
+    return rows.map((row) => this.toInstanceRecord(row));
+  }
+
+  async getInstance(instanceId: string): Promise<CredentialInstanceRecord | undefined> {
+    const row = await this.prisma.credentialInstance.findUnique({
+      where: { instanceId },
+    });
+    return row ? this.toInstanceRecord(row) : undefined;
+  }
+
+  async saveInstance(
+    args: Readonly<{ instance: CredentialInstanceRecord; secretMaterial?: CredentialSecretMaterialRecord }>,
+  ): Promise<void> {
+    await this.prisma.$transaction(async (transaction) => {
+      await transaction.credentialInstance.upsert({
+        where: { instanceId: args.instance.instanceId },
+        create: {
+          instanceId: args.instance.instanceId,
+          typeId: args.instance.typeId,
+          displayName: args.instance.displayName,
+          sourceKind: args.instance.sourceKind,
+          publicConfigJson: JSON.stringify(args.instance.publicConfig),
+          secretRefJson: JSON.stringify(args.instance.secretRef),
+          tagsJson: JSON.stringify(args.instance.tags),
+          setupStatus: args.instance.setupStatus,
+          createdAt: args.instance.createdAt,
+          updatedAt: args.instance.updatedAt,
+        },
+        update: {
+          typeId: args.instance.typeId,
+          displayName: args.instance.displayName,
+          sourceKind: args.instance.sourceKind,
+          publicConfigJson: JSON.stringify(args.instance.publicConfig),
+          secretRefJson: JSON.stringify(args.instance.secretRef),
+          tagsJson: JSON.stringify(args.instance.tags),
+          setupStatus: args.instance.setupStatus,
+          updatedAt: args.instance.updatedAt,
+        },
+      });
+      if (args.secretMaterial) {
+        await transaction.credentialSecretMaterial.upsert({
+          where: { instanceId: args.secretMaterial.instanceId },
+          create: {
+            instanceId: args.secretMaterial.instanceId,
+            encryptedJson: args.secretMaterial.encryptedJson,
+            encryptionKeyId: args.secretMaterial.encryptionKeyId,
+            schemaVersion: args.secretMaterial.schemaVersion,
+            updatedAt: args.secretMaterial.updatedAt,
+          },
+          update: {
+            encryptedJson: args.secretMaterial.encryptedJson,
+            encryptionKeyId: args.secretMaterial.encryptionKeyId,
+            schemaVersion: args.secretMaterial.schemaVersion,
+            updatedAt: args.secretMaterial.updatedAt,
+          },
+        });
+      }
+    });
+  }
+
+  async deleteInstance(instanceId: string): Promise<void> {
+    await this.prisma.$transaction(async (transaction) => {
+      await transaction.credentialOAuth2State.deleteMany({ where: { instanceId } });
+      await transaction.credentialOAuth2Material.deleteMany({ where: { instanceId } });
+      await transaction.credentialTestResult.deleteMany({ where: { instanceId } });
+      await transaction.credentialBinding.deleteMany({ where: { instanceId } });
+      await transaction.credentialSecretMaterial.deleteMany({ where: { instanceId } });
+      await transaction.credentialInstance.deleteMany({ where: { instanceId } });
+    });
+  }
+
+  async getSecretMaterial(instanceId: string): Promise<CredentialSecretMaterialRecord | undefined> {
+    const row = await this.prisma.credentialSecretMaterial.findUnique({
+      where: { instanceId },
+    });
+    return row
+      ? {
+          instanceId: row.instanceId,
+          encryptedJson: row.encryptedJson,
+          encryptionKeyId: row.encryptionKeyId,
+          schemaVersion: row.schemaVersion,
+          updatedAt: row.updatedAt,
+        }
+      : undefined;
+  }
+
+  async createOAuth2State(record: CredentialOAuth2StateRecord): Promise<void> {
+    await this.prisma.credentialOAuth2State.create({
+      data: {
+        state: record.state,
+        instanceId: record.instanceId,
+        codeVerifier: record.codeVerifier ?? null,
+        providerId: record.providerId ?? null,
+        requestedScopesJson: JSON.stringify(record.requestedScopes),
+        createdAt: record.createdAt,
+        expiresAt: record.expiresAt,
+      },
+    });
+  }
+
+  async consumeOAuth2State(state: string): Promise<CredentialOAuth2StateRecord | undefined> {
+    return await this.prisma.$transaction(async (transaction) => {
+      const row = await transaction.credentialOAuth2State.findUnique({
+        where: { state },
+      });
+      if (!row) {
+        return undefined;
+      }
+      await transaction.credentialOAuth2State.delete({
+        where: { state },
+      });
+      return {
+        state: row.state,
+        instanceId: row.instanceId,
+        codeVerifier: row.codeVerifier ?? undefined,
+        providerId: row.providerId ?? undefined,
+        requestedScopes: JSON.parse(row.requestedScopesJson) as ReadonlyArray<string>,
+        createdAt: row.createdAt,
+        expiresAt: row.expiresAt,
+      };
+    });
+  }
+
+  async getOAuth2Material(instanceId: string): Promise<CredentialOAuth2MaterialRecord | undefined> {
+    const row = await this.prisma.credentialOAuth2Material.findUnique({
+      where: { instanceId },
+    });
+    return row
+      ? {
+          instanceId: row.instanceId,
+          encryptedJson: row.encryptedJson,
+          encryptionKeyId: row.encryptionKeyId,
+          schemaVersion: row.schemaVersion,
+          providerId: row.providerId,
+          connectedEmail: row.connectedEmail ?? undefined,
+          connectedAt: row.connectedAt ?? undefined,
+          scopes: JSON.parse(row.scopesJson) as ReadonlyArray<string>,
+          updatedAt: row.updatedAt,
+        }
+      : undefined;
+  }
+
+  async saveOAuth2Material(
+    args: Readonly<{
+      instanceId: string;
+      encryptedJson: string;
+      encryptionKeyId: string;
+      schemaVersion: number;
+      metadata: CredentialOAuth2MaterialMetadata;
+    }>,
+  ): Promise<void> {
+    await this.prisma.credentialOAuth2Material.upsert({
+      where: { instanceId: args.instanceId },
+      create: {
+        instanceId: args.instanceId,
+        encryptedJson: args.encryptedJson,
+        encryptionKeyId: args.encryptionKeyId,
+        schemaVersion: args.schemaVersion,
+        providerId: args.metadata.providerId,
+        connectedEmail: args.metadata.connectedEmail ?? null,
+        connectedAt: args.metadata.connectedAt ?? null,
+        scopesJson: JSON.stringify(args.metadata.scopes),
+        updatedAt: args.metadata.updatedAt,
+      },
+      update: {
+        encryptedJson: args.encryptedJson,
+        encryptionKeyId: args.encryptionKeyId,
+        schemaVersion: args.schemaVersion,
+        providerId: args.metadata.providerId,
+        connectedEmail: args.metadata.connectedEmail ?? null,
+        connectedAt: args.metadata.connectedAt ?? null,
+        scopesJson: JSON.stringify(args.metadata.scopes),
+        updatedAt: args.metadata.updatedAt,
+      },
+    });
+  }
+
+  async deleteOAuth2Material(instanceId: string): Promise<void> {
+    await this.prisma.credentialOAuth2Material.deleteMany({
+      where: { instanceId },
+    });
+  }
+
+  async upsertBinding(binding: import("@codemation/core").CredentialBinding): Promise<void> {
+    await this.prisma.credentialBinding.upsert({
+      where: {
+        workflowId_nodeId_slotKey: {
+          workflowId: binding.key.workflowId,
+          nodeId: binding.key.nodeId,
+          slotKey: binding.key.slotKey,
+        },
+      },
+      create: {
+        workflowId: binding.key.workflowId,
+        nodeId: binding.key.nodeId,
+        slotKey: binding.key.slotKey,
+        instanceId: binding.instanceId,
+        updatedAt: binding.updatedAt,
+      },
+      update: {
+        instanceId: binding.instanceId,
+        updatedAt: binding.updatedAt,
+      },
+    });
+  }
+
+  async getBinding(
+    key: import("@codemation/core").CredentialBindingKey,
+  ): Promise<import("@codemation/core").CredentialBinding | undefined> {
+    const row = await this.prisma.credentialBinding.findUnique({
+      where: {
+        workflowId_nodeId_slotKey: {
+          workflowId: key.workflowId,
+          nodeId: key.nodeId,
+          slotKey: key.slotKey,
+        },
+      },
+    });
+    return row
+      ? {
+          key: {
+            workflowId: row.workflowId,
+            nodeId: row.nodeId,
+            slotKey: row.slotKey,
+          },
+          instanceId: row.instanceId,
+          updatedAt: row.updatedAt,
+        }
+      : undefined;
+  }
+
+  async listBindingsByWorkflowId(
+    workflowId: string,
+  ): Promise<ReadonlyArray<import("@codemation/core").CredentialBinding>> {
+    const rows = await this.prisma.credentialBinding.findMany({
+      where: { workflowId },
+    });
+    return rows.map((row) => ({
+      key: {
+        workflowId: row.workflowId,
+        nodeId: row.nodeId,
+        slotKey: row.slotKey,
+      },
+      instanceId: row.instanceId,
+      updatedAt: row.updatedAt,
+    }));
+  }
+
+  async saveTestResult(record: CredentialTestRecord): Promise<void> {
+    await this.prisma.credentialTestResult.create({
+      data: {
+        testId: record.testId,
+        instanceId: record.instanceId,
+        status: record.health.status,
+        message: record.health.message ?? null,
+        detailsJson: JSON.stringify(record.health.details ?? {}),
+        testedAt: record.testedAt,
+        expiresAt: record.expiresAt ?? null,
+      },
+    });
+  }
+
+  async getLatestTestResult(instanceId: string): Promise<CredentialTestRecord | undefined> {
+    const row = await this.prisma.credentialTestResult.findFirst({
+      where: { instanceId },
+      orderBy: { testedAt: "desc" },
+    });
+    return row ? this.toTestRecord(row) : undefined;
+  }
+
+  async getLatestTestResults(instanceIds: ReadonlyArray<string>): Promise<ReadonlyMap<string, CredentialTestRecord>> {
+    if (instanceIds.length === 0) {
+      return new Map();
+    }
+    const rows = await this.prisma.credentialTestResult.findMany({
+      where: {
+        instanceId: {
+          in: [...instanceIds],
+        },
+      },
+      orderBy: [{ instanceId: "asc" }, { testedAt: "desc" }],
+    });
+    const latestByInstanceId = new Map<string, CredentialTestRecord>();
+    for (const row of rows) {
+      if (latestByInstanceId.has(row.instanceId)) {
+        continue;
+      }
+      latestByInstanceId.set(row.instanceId, this.toTestRecord(row));
+    }
+    return latestByInstanceId;
+  }
+
+  private toInstanceRecord(
+    row: Readonly<{
+      instanceId: string;
+      typeId: string;
+      displayName: string;
+      sourceKind: string;
+      publicConfigJson: string;
+      secretRefJson: string;
+      tagsJson: string;
+      setupStatus: string;
+      createdAt: string;
+      updatedAt: string;
+    }>,
+  ): CredentialInstanceRecord {
+    return {
+      instanceId: row.instanceId,
+      typeId: row.typeId,
+      displayName: row.displayName,
+      sourceKind: row.sourceKind as CredentialInstanceRecord["sourceKind"],
+      publicConfig: JSON.parse(row.publicConfigJson) as CredentialInstanceRecord["publicConfig"],
+      secretRef: JSON.parse(row.secretRefJson) as CredentialInstanceRecord["secretRef"],
+      tags: JSON.parse(row.tagsJson) as CredentialInstanceRecord["tags"],
+      setupStatus: row.setupStatus as CredentialInstanceRecord["setupStatus"],
+      createdAt: row.createdAt,
+      updatedAt: row.updatedAt,
+    };
+  }
+
+  private toTestRecord(
+    row: Readonly<{
+      testId: string;
+      instanceId: string;
+      status: string;
+      message: string | null;
+      detailsJson: string;
+      testedAt: string;
+      expiresAt: string | null;
+    }>,
+  ): CredentialTestRecord {
+    return {
+      testId: row.testId,
+      instanceId: row.instanceId,
+      health: {
+        status: row.status as CredentialTestRecord["health"]["status"],
+        message: row.message ?? undefined,
+        testedAt: row.testedAt,
+        expiresAt: row.expiresAt ?? undefined,
+        details: JSON.parse(row.detailsJson) as CredentialTestRecord["health"]["details"],
+      },
+      testedAt: row.testedAt,
+      expiresAt: row.expiresAt ?? undefined,
+    };
+  }
+}