@digitaldefiance/node-express-suite 3.6.21 → 3.6.22

package/src/services/database-initialization.ts

@@ -1,1648 +0,0 @@
-import {
-  ECIES,
-  EmailString,
-  IECIESConfig,
-  MemberType,
-  SecureBuffer,
-  SecureString,
-} from '@digitaldefiance/ecies-lib';
-import {
-  TranslatableGenericError,
-  TranslatableHandleableGenericError,
-} from '@digitaldefiance/i18n-lib';
-import { Connection, Types } from '@digitaldefiance/mongoose-types';
-import {
-  Member as BackendMember,
-  ECIESService,
-} from '@digitaldefiance/node-ecies-lib';
-import {
-  AccountStatus,
-  getSuiteCoreI18nEngine,
-  IFailableResult,
-  SuiteCoreComponentId,
-  SuiteCoreStringKey,
-  TranslatableSuiteError,
-  TranslatableSuiteHandleableError,
-} from '@digitaldefiance/suite-core-lib';
-import { crc32 } from 'crc';
-import { createHash, randomBytes } from 'crypto';
-import * as fs from 'fs';
-import { ObjectId as MongoObjectId } from 'mongodb';
-import * as path from 'path';
-import { BackupCode } from '../backup-code';
-import { IMnemonicDocument } from '../documents/mnemonic';
-import { IRoleDocument } from '../documents/role';
-import { IUserDocument } from '../documents/user';
-import { IUserRoleDocument } from '../documents/user-role';
-import { BaseModelName } from '../enumerations/base-model-name';
-import { Environment } from '../environment';
-import { IDBInitResult } from '../interfaces';
-import { IApplication } from '../interfaces/application';
-import { IServerInitResult } from '../interfaces/server-init-result';
-import { ModelRegistry } from '../model-registry';
-import { KeyWrappingService } from '../services/key-wrapping';
-import { convertObjectIdToGenericId } from '../types/id-converters';
-import { debugLog, directLog, withTransaction } from '../utils';
-import { BackupCodeService } from './backup-code';
-import { MnemonicService } from './mnemonic';
-import { RoleService } from './role';
-import { SystemUserService } from './system-user';
-
-export abstract class DatabaseInitializationService {
-  // Static initialization state management
-  protected static initializationPromises = new Map<
-    string,
-    Promise<IFailableResult<IServerInitResult>>
-  >();
-  protected static initializationLock = new Map<string, boolean>();
-  protected static defaultI18nTFunc(
-    str: string,
-    variables?: Record<string, unknown>,
-    language?: string,
-    application?: IApplication,
-  ): string {
-    // Handles template strings with {{component.key}} syntax
-    return getSuiteCoreI18nEngine(
-      application ? { constants: application.constants } : undefined,
-    ).t(str, variables, language);
-  }
-
-  /**
-   * Get the mnemonic or generate a new one if not present
-   * @param mnemonic The existing mnemonic or undefined
-   * @param eciesService The ECIES service to generate a new mnemonic
-   * @returns The existing or new mnemonic
-   */
-  public static mnemonicOrNew(
-    mnemonic: SecureString | undefined,
-    eciesService: ECIESService,
-  ): SecureString {
-    return mnemonic && mnemonic.hasValue
-      ? mnemonic
-      : eciesService.generateNewMnemonic();
-  }
-  /**
-   * Generate a cache key for a user based on their details
-   * @param username The username
-   * @param email The email address
-   * @param mnemonic The mnemonic
-   * @param id The user ID
-   * @returns The generated cache key
-   */
-  public static cacheKey<I extends Types.ObjectId | string = Types.ObjectId>(
-    username: string,
-    email: EmailString,
-    mnemonic: SecureString,
-    id: I,
-    idToString: (id: I) => string = (id) => String(id),
-  ): string {
-    const combined = `${username}|${email.email}|${mnemonic.value}|${idToString(
-      id,
-    )}`;
-    const buffer = Buffer.from(combined, 'utf-8');
-    const crcHash = crc32(buffer);
-    return crcHash.toString(16).padStart(8, '0');
-  }
-  /**
-   * Get a cached BackendMember or create a new one if not cached
-   * @param username The username
-   * @param email The email address
-   * @param mnemonic The mnemonic or undefined to generate a new one
-   * @param memberType The type of member (Admin, Member, System)
-   * @param eciesService The ECIES service to handle key generation
-   * @param memberId Optional specific member ID to use
-   * @param createdBy Optional ID of the user who created this member
-   * @returns The cached or newly created BackendMember and the mnemonic used
-   */
-  public static cacheOrNew<I extends Types.ObjectId | string = Types.ObjectId>(
-    username: string,
-    email: EmailString,
-    mnemonic: SecureString | undefined,
-    memberType: MemberType,
-    eciesService: ECIESService,
-    memberId?: I,
-    createdBy?: I,
-    idGenerator?: () => I,
-    idToString: (id: I) => string = (id) => String(id),
-  ): {
-    member: BackendMember<I>;
-    mnemonic: SecureString;
-  } {
-    const m = this.mnemonicOrNew(mnemonic, eciesService);
-
-    const newId: I = memberId
-      ? memberId
-      : idGenerator
-      ? idGenerator()
-      : convertObjectIdToGenericId<I>(new MongoObjectId());
-    const key = DatabaseInitializationService.cacheKey(
-      username,
-      email,
-      m,
-      newId,
-      idToString,
-    );
-    if (!global.__MEMBER_CACHE__) {
-      global.__MEMBER_CACHE__ = new Map<
-        string,
-        {
-          member: BackendMember<Types.ObjectId>;
-          mnemonic: SecureString;
-        }
-      >();
-    }
-    if (!global.__MEMBER_CACHE__.has(key)) {
-      const { wallet } = eciesService.walletAndSeedFromMnemonic(m);
-
-      // Get private key from wallet
-      const privateKey = wallet.getPrivateKey();
-      // Get compressed public key (already includes prefix)
-      const publicKeyWithPrefix = eciesService.getPublicKey(
-        Buffer.from(privateKey),
-      );
-
-      const user: BackendMember<I> = new BackendMember<I>(
-        eciesService,
-        memberType,
-        username,
-        email,
-        publicKeyWithPrefix,
-        new SecureBuffer(privateKey),
-        wallet,
-        newId,
-        undefined,
-        undefined,
-        createdBy,
-      );
-      global.__MEMBER_CACHE__.set(key, {
-        mnemonic: m,
-        member: user as unknown as BackendMember<Types.ObjectId>,
-      });
-      return { mnemonic: m, member: user };
-    } else {
-      return global.__MEMBER_CACHE__.get(key)! as {
-        mnemonic: SecureString;
-        member: BackendMember<I>;
-      };
-    }
-  }
-
-  /**
-   * Generate a random password
-   * @param length The length of the password
-   * @returns The generated password
-   */
-  public static generatePassword(length: number): string {
-    const specialCharacters = "!@#$%^&*()_+-=[]{};':|,.<>/?";
-    const numbers = '0123456789';
-    const letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
-    // Get a random character from a string
-    const getRandomChar = (chars: string): string => {
-      // amazonq-ignore-next-line false positive
-      const randomIndex = randomBytes(1)[0] % chars.length;
-      return chars[randomIndex];
-    };
-
-    // Start with one of each required character type
-    // amazonq-ignore-next-line false positive
-    let password = '';
-    password += getRandomChar(letters);
-    password += getRandomChar(numbers);
-    password += getRandomChar(specialCharacters);
-
-    // Fill the rest with random characters from all types
-    const allCharacters = specialCharacters + numbers + letters;
-    for (let i = password.length; i < length; i++) {
-      password += getRandomChar(allCharacters);
-    }
-
-    // Shuffle the password characters to avoid predictable pattern
-    const chars = password.split('');
-    for (let i = chars.length - 1; i > 0; i--) {
-      // amazonq-ignore-next-line already fixed
-      const j = randomBytes(1)[0] % (i + 1);
-      [chars[i], chars[j]] = [chars[j], chars[i]];
-    }
-    return chars.join('');
-  }
-
-  /**
-   * Drops the database
-   * @param connection The database connection
-   * @returns True if the database was dropped, false if not connected
-   */
-  public static async dropDatabase(connection: Connection): Promise<boolean> {
-    if (!connection.db) return false;
-    debugLog(
-      true,
-      'warn',
-      this.defaultI18nTFunc('{{SuiteCoreStringKey.Admin_DroppingDatabase}}'),
-    );
-    return connection.db.dropDatabase();
-  }
-
-  public static getInitOptions<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    application: IApplication,
-  ): {
-    adminId?: I;
-    adminMnemonic?: SecureString;
-    adminPassword?: SecureString;
-    adminRoleId?: I;
-    adminUserRoleId?: I;
-    adminBackupCodes?: BackupCode[];
-    memberId?: I;
-    memberMnemonic?: SecureString;
-    memberPassword?: SecureString;
-    memberRoleId?: I;
-    memberUserRoleId?: I;
-    memberBackupCodes?: BackupCode[];
-    systemId?: I;
-    systemMnemonic?: SecureString;
-    systemPassword?: SecureString;
-    systemRoleId?: I;
-    systemUserRoleId?: I;
-    systemBackupCodes?: BackupCode[];
-  } {
-    const env = application.environment as Environment<I>;
-    return {
-      adminId: env.adminId,
-      adminMnemonic: env.adminMnemonic?.hasValue
-        ? env.adminMnemonic
-        : undefined,
-      adminPassword: env.adminPassword?.hasValue
-        ? env.adminPassword
-        : undefined,
-      adminRoleId: env.adminRoleId as I,
-      adminUserRoleId: env.adminUserRoleId,
-      adminBackupCodes: env.adminBackupCodes,
-      memberId: env.memberId,
-      memberMnemonic: env.memberMnemonic?.hasValue
-        ? env.memberMnemonic
-        : undefined,
-      memberPassword: env.memberPassword?.hasValue
-        ? env.memberPassword
-        : undefined,
-      memberRoleId: env.memberRoleId as I,
-      memberUserRoleId: env.memberUserRoleId,
-      memberBackupCodes: env.memberBackupCodes,
-      systemId: env.systemId,
-      systemMnemonic: env.systemMnemonic?.hasValue
-        ? env.systemMnemonic
-        : undefined,
-      systemPassword: env.systemPassword?.hasValue
-        ? env.systemPassword
-        : undefined,
-      systemRoleId: env.systemRoleId as I,
-      systemUserRoleId: env.systemUserRoleId,
-      systemBackupCodes: env.systemBackupCodes,
-    };
-  }
-
-  public static serverInitResultHash<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    serverInitResult: IServerInitResult<I>,
-    idToString: (id: I) => string = (id) => String(id),
-  ): string {
-    const h = createHash('sha256');
-    h.update(idToString(serverInitResult.adminUser._id as I));
-    h.update(idToString(serverInitResult.adminRole._id as I));
-    h.update(idToString(serverInitResult.adminUserRole._id as I));
-    h.update(serverInitResult.adminUsername);
-    h.update(serverInitResult.adminEmail);
-    h.update(serverInitResult.adminMnemonic);
-    h.update(serverInitResult.adminPassword);
-    h.update(serverInitResult.adminUser.publicKey);
-    serverInitResult.adminBackupCodes.map((bc) => h.update(bc));
-    h.update(idToString(serverInitResult.memberUser._id as I));
-    h.update(idToString(serverInitResult.memberRole._id as I));
-    h.update(idToString(serverInitResult.memberUserRole._id as I));
-    h.update(serverInitResult.memberUsername);
-    h.update(serverInitResult.memberEmail);
-    h.update(serverInitResult.memberMnemonic);
-    h.update(serverInitResult.memberPassword);
-    h.update(serverInitResult.memberUser.publicKey);
-    serverInitResult.memberBackupCodes.map((bc) => h.update(bc));
-    h.update(idToString(serverInitResult.systemUser._id as I));
-    h.update(idToString(serverInitResult.systemRole._id as I));
-    h.update(idToString(serverInitResult.systemUserRole._id as I));
-    h.update(serverInitResult.systemUsername);
-    h.update(serverInitResult.systemEmail);
-    h.update(serverInitResult.systemMnemonic);
-    h.update(serverInitResult.systemPassword);
-    h.update(serverInitResult.systemUser.publicKey);
-    serverInitResult.systemBackupCodes.map((bc) => h.update(bc));
-    return h.digest('hex');
-  }
-
-  /**
-   * Initialize the user database with default users and roles (with dependency injection)
-   * @param application The application
-   * @param keyWrappingService The key wrapping service
-   * @param mnemonicService The mnemonic service
-   * @param eciesService The ECIES service
-   * @param roleService The role service
-   * @param backupCodeService The backup code service
-   * @returns The result of the initialization
-   */
-  public static async initUserDbWithServices<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    application: IApplication,
-    keyWrappingService: KeyWrappingService,
-    mnemonicService: MnemonicService<I>,
-    eciesService: ECIESService,
-    roleService: RoleService<I>,
-    backupCodeService: BackupCodeService<I>,
-    idGenerator?: () => I,
-    idToString: (id: I) => string = (id) =>
-      application.constants.idProvider.idToString(id),
-  ): Promise<IDBInitResult<IServerInitResult<I>>> {
-    const engine = getSuiteCoreI18nEngine({ constants: application.constants });
-    const isTestEnvironment = process.env['NODE_ENV'] === 'test';
-    const options =
-      DatabaseInitializationService.getInitOptions<I>(application);
-    const effectiveIdGenerator: () => I = (idGenerator ??
-      (() =>
-        application.environment.idAdapter(
-          application.constants.idProvider.generate(),
-        ))) as () => I;
-    const UserModel = ModelRegistry.instance.getTypedModel<
-      IUserDocument<string, I>
-    >(BaseModelName.User);
-    const RoleModel = ModelRegistry.instance.getTypedModel<IRoleDocument<I>>(
-      BaseModelName.Role,
-    );
-    const adminUserId: I = options.adminId ?? effectiveIdGenerator();
-    const adminRoleId: I = options.adminRoleId ?? effectiveIdGenerator();
-    const adminUserRoleId: I =
-      options.adminUserRoleId ?? effectiveIdGenerator();
-    const memberUserId: I = options.memberId ?? effectiveIdGenerator();
-    const memberRoleId: I = options.memberRoleId ?? effectiveIdGenerator();
-    const memberUserRoleId: I =
-      options.memberUserRoleId ?? effectiveIdGenerator();
-    const systemUserId: I = options.systemId ?? effectiveIdGenerator();
-    const systemRoleId: I = options.systemRoleId ?? effectiveIdGenerator();
-    const systemUserRoleId: I =
-      options.systemUserRoleId ?? effectiveIdGenerator();
-
-    // Check for existing users and roles with optimized queries
-    // Use lean() for better performance on read-only operations
-    const [existingUsers, existingRoles] = await Promise.all([
-      UserModel.find({
-        username: {
-          $in: [
-            application.constants.SystemUser,
-            application.constants.AdministratorUser,
-            application.constants.MemberUser,
-          ],
-        },
-      }).lean(),
-      RoleModel.find({
-        name: {
-          $in: [
-            application.constants.AdministratorRole,
-            application.constants.MemberRole,
-            application.constants.SystemRole,
-          ],
-        },
-      }).lean(),
-    ]);
-
-    if (existingUsers.length > 0 || existingRoles.length > 0) {
-      // Database is already initialized, return the existing data
-      const existingAdminUser = existingUsers.find(
-        (u) => u.username === application.constants.AdministratorUser,
-      );
-      const existingMemberUser = existingUsers.find(
-        (u) => u.username === application.constants.MemberUser,
-      );
-      const existingSystemUser = existingUsers.find(
-        (u) => u.username === application.constants.SystemUser,
-      );
-
-      if (existingAdminUser && existingMemberUser && existingSystemUser) {
-        const adminUserDoc = UserModel.hydrate(existingAdminUser);
-        const memberUserDoc = UserModel.hydrate(existingMemberUser);
-        const systemUserDoc = UserModel.hydrate(existingSystemUser);
-
-        // Try to construct a minimal result from existing data
-        // Note: This is a fallback case and some data may not be available
-        const UserRoleModel = ModelRegistry.instance.getTypedModel<
-          IUserRoleDocument<I>
-        >(BaseModelName.UserRole);
-        const [
-          adminRole,
-          memberRole,
-          systemRole,
-          adminUserRole,
-          memberUserRole,
-          systemUserRole,
-        ] = await Promise.all([
-          RoleModel.findOne({ name: application.constants.AdministratorRole }),
-          RoleModel.findOne({ name: application.constants.MemberRole }),
-          RoleModel.findOne({ name: application.constants.SystemRole }),
-          UserRoleModel.findOne({ userId: adminUserDoc._id }),
-          UserRoleModel.findOne({ userId: memberUserDoc._id }),
-          UserRoleModel.findOne({ userId: systemUserDoc._id }),
-        ]);
-
-        // detailed case
-        if (
-          adminRole &&
-          memberRole &&
-          systemRole &&
-          adminUserRole &&
-          memberUserRole &&
-          systemUserRole
-        ) {
-          return {
-            alreadyInitialized: true,
-            success: false,
-            data: {
-              adminRole,
-              adminUserRole,
-              adminUser: adminUserDoc,
-              adminUsername: adminUserDoc.username,
-              adminEmail: adminUserDoc.email,
-              adminMnemonic: '', // Not available in fallback
-              adminPassword: '', // Not available in fallback
-              adminBackupCodes: [], // Not available in fallback
-              adminMember: {} as BackendMember<I>, // Not available in fallback
-              memberRole,
-              memberUserRole,
-              memberUser: memberUserDoc,
-              memberUsername: memberUserDoc.username,
-              memberEmail: memberUserDoc.email,
-              memberMnemonic: '', // Not available in fallback
-              memberPassword: '', // Not available in fallback
-              memberBackupCodes: [], // Not available in fallback
-              memberMember: {} as BackendMember<I>, // Not available in fallback
-              systemRole,
-              systemUserRole,
-              systemUser: systemUserDoc,
-              systemUsername: systemUserDoc.username,
-              systemEmail: systemUserDoc.email,
-              systemMnemonic: '', // Not available in fallback
-              systemPassword: '', // Not available in fallback
-              systemBackupCodes: [], // Not available in fallback
-              systemMember: {} as BackendMember<I>, // Not available in fallback
-            },
-            message: engine.translate(
-              SuiteCoreComponentId,
-              SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized,
-            ),
-            error: new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized,
-              ),
-            ),
-          };
-        }
-      }
-
-      // basic case
-      return {
-        alreadyInitialized: true,
-        success: false,
-        message: engine.translate(
-          SuiteCoreComponentId,
-          SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized,
-        ),
-        error: new Error(
-          engine.translate(
-            SuiteCoreComponentId,
-            SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized,
-          ),
-        ),
-      };
-    }
-
-    debugLog(
-      application.environment.detailedDebug,
-      'log',
-      engine.translate(
-        SuiteCoreComponentId,
-        SuiteCoreStringKey.Admin_SettingUpUsersAndRoles,
-      ),
-    );
-    const now = new Date();
-
-    // Add a small random delay in test environments to reduce collision probability
-    if (isTestEnvironment) {
-      const delay = (randomBytes(1)[0] % 50) + 10; // 10-60ms random delay (reduced)
-      await new Promise((resolve) => setTimeout(resolve, delay));
-    }
-
-    try {
-      // Use test-optimized settings for better performance
-      const transactionOptions = isTestEnvironment
-        ? { timeoutMs: 15000, retryAttempts: 2 } // Reduced timeout and retries for tests
-        : { timeoutMs: 120000 }; // Keep original production timeout
-
-      const result = await withTransaction<{
-        adminRole: IRoleDocument<I>;
-        memberRole: IRoleDocument<I>;
-        systemRole: IRoleDocument<I>;
-        systemDoc: IUserDocument<string, I>;
-        systemUserRoleDoc: IUserRoleDocument<I>;
-        systemPassword: string;
-        systemMnemonic: string;
-        systemBackupCodes: BackupCode[];
-        systemMember: BackendMember<I>;
-        adminDoc: IUserDocument<string, I>;
-        adminUserRoleDoc: IUserRoleDocument<I>;
-        adminPassword: string;
-        adminMnemonic: string;
-        adminBackupCodes: BackupCode[];
-        adminMember: BackendMember<I>;
-        memberDoc: IUserDocument<string, I>;
-        memberUserRoleDoc: IUserRoleDocument<I>;
-        memberPassword: string;
-        memberMnemonic: string;
-        memberBackupCodes: BackupCode[];
-        memberUser: BackendMember<I>;
-      }>(
-        application.db.connection,
-        application.environment.mongo.useTransactions,
-        undefined,
-        async (sess) => {
-          // Check if admin role already exists
-          let adminRole = await RoleModel.findOne({
-            name: application.constants.AdministratorRole,
-          }).session(sess ?? null);
-          if (!adminRole) {
-            const adminRoleDocs = await RoleModel.create(
-              [
-                {
-                  _id: adminRoleId as I,
-                  name: application.constants.AdministratorRole,
-                  admin: true,
-                  member: true,
-                  system: false,
-                  child: false,
-                  createdAt: now,
-                  updatedAt: now,
-                  createdBy: systemUserId as I,
-                  updatedBy: systemUserId as I,
-                },
-              ],
-              { session: sess },
-            );
-            if (adminRoleDocs.length !== 1) {
-              throw new TranslatableSuiteError(
-                SuiteCoreStringKey.Error_FailedToCreateRoleTemplate,
-                {
-                  NAME: application.constants.AdministratorRole,
-                },
-              );
-            }
-            adminRole = adminRoleDocs[0];
-          }
-
-          // Check if member role already exists
-          let memberRole = await RoleModel.findOne({
-            name: application.constants.MemberRole,
-          }).session(sess ?? null);
-          if (!memberRole) {
-            const memberRoleDocs = await RoleModel.create(
-              [
-                {
-                  _id: memberRoleId as I,
-                  name: application.constants.MemberRole,
-                  admin: false,
-                  member: true,
-                  child: false,
-                  system: false,
-                  createdAt: now,
-                  updatedAt: now,
-                  createdBy: systemUserId as I,
-                  updatedBy: systemUserId as I,
-                },
-              ],
-              { session: sess },
-            );
-            if (memberRoleDocs.length !== 1) {
-              throw new TranslatableSuiteError(
-                SuiteCoreStringKey.Error_FailedToCreateRoleTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Member,
-                  ),
-                },
-              );
-            }
-            memberRole = memberRoleDocs[0];
-          }
-
-          // Check if system role already exists
-          let systemRole = await RoleModel.findOne({
-            name: application.constants.SystemRole,
-          }).session(sess ?? null);
-          if (!systemRole) {
-            const systemRoleDocs = await RoleModel.create(
-              [
-                {
-                  _id: systemRoleId as I,
-                  name: application.constants.SystemRole,
-                  admin: true,
-                  member: true,
-                  system: true,
-                  child: false,
-                  createdAt: now,
-                  updatedAt: now,
-                  createdBy: systemUserId as I,
-                  updatedBy: systemUserId as I,
-                },
-              ],
-              { session: sess },
-            );
-            if (systemRoleDocs.length !== 1) {
-              throw new TranslatableSuiteError(
-                SuiteCoreStringKey.Error_FailedToCreateRoleTemplate,
-              );
-            }
-            systemRole = systemRoleDocs[0];
-          }
-
-          const systemUser = DatabaseInitializationService.cacheOrNew<I>(
-            application.constants.SystemUser,
-            new EmailString(application.constants.SystemEmail),
-            options.systemMnemonic!,
-            MemberType.System,
-            eciesService,
-            systemUserId as I,
-            systemUserId as I,
-            effectiveIdGenerator,
-            idToString,
-          );
-          backupCodeService.setSystemUser(systemUser.member);
-          SystemUserService.setSystemUser(
-            systemUser.member,
-            application.constants,
-          );
-          // Encrypt mnemonic for recovery
-          const systemEncryptedMnemonic = systemUser.member
-            .encryptData(Buffer.from(systemUser.mnemonic.value ?? '', 'utf-8'))
-            .toString('hex');
-          const systemMnemonicDoc = await mnemonicService.addMnemonic(
-            systemUser.mnemonic,
-            sess,
-          );
-          if (!systemMnemonicDoc) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_System,
-                  ),
-                },
-              ),
-            );
-          }
-          const systemPasswordSecure = options.systemPassword
-            ? options.systemPassword
-            : new SecureString(this.generatePassword(16));
-
-          const systemWrapped = keyWrappingService.wrapSecret(
-            systemUser.member.privateKey!,
-            systemPasswordSecure,
-            application.constants,
-          );
-          const systemBackupCodes =
-            options.systemBackupCodes ?? BackupCode.generateBackupCodes();
-          const encryptedSystemBackupCodes =
-            await BackupCode.encryptBackupCodes(
-              systemUser.member,
-              systemUser.member,
-              systemBackupCodes,
-            );
-          const systemDocs = await UserModel.create(
-            [
-              {
-                _id: systemUserId as I,
-                username: application.constants.SystemUser,
-                email: application.constants.SystemEmail,
-                publicKey: systemUser.member.publicKey.toString('hex'),
-                duressPasswords: [],
-                mnemonicRecovery: systemEncryptedMnemonic,
-                mnemonicId: systemMnemonicDoc._id,
-                passwordWrappedPrivateKey: systemWrapped,
-                backupCodes: encryptedSystemBackupCodes,
-                timezone: application.environment.timezone,
-                siteLanguage: 'en-US',
-                emailVerified: true,
-                darkMode: false,
-                accountStatus: AccountStatus.Active,
-                directChallenge: true, // allow direct challenge login by default
-                createdAt: now,
-                updatedAt: now,
-                createdBy: systemUserId as I,
-                updatedBy: systemUserId as I,
-              },
-            ],
-            { session: sess },
-          );
-          if (systemDocs.length !== 1) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToCreateUserTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_System,
-                  ),
-                },
-              ),
-            );
-          }
-
-          const systemDoc = systemDocs[0];
-
-          // Create admin user-role relationship
-          const systemUserRoleDoc = await roleService.addUserToRole(
-            systemRoleId as I,
-            systemUserId as I,
-            systemUserId as I,
-            sess,
-            systemUserRoleId,
-          );
-
-          if (!systemUser.mnemonic.value) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_MnemonicIsNullTemplate,
-                {
-                  NAME: SuiteCoreStringKey.Common_System,
-                },
-              ),
-            );
-          }
-
-          const adminUser = DatabaseInitializationService.cacheOrNew<I>(
-            application.constants.AdministratorUser,
-            new EmailString(application.constants.AdministratorEmail),
-            options.adminMnemonic,
-            MemberType.User,
-            eciesService,
-            adminUserId as I,
-            systemDoc._id,
-            effectiveIdGenerator,
-            idToString,
-          );
-          // Encrypt mnemonic for recovery
-          const adminEncryptedMnemonic = adminUser.member
-            .encryptData(Buffer.from(adminUser.mnemonic.value ?? '', 'utf-8'))
-            .toString('hex');
-          const adminMnemonicDoc = await mnemonicService.addMnemonic(
-            adminUser.mnemonic,
-            sess,
-          );
-          if (!adminMnemonicDoc) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Admin,
-                  ),
-                },
-              ),
-            );
-          }
-          const adminPasswordSecure = options.adminPassword
-            ? options.adminPassword
-            : new SecureString(this.generatePassword(16));
-
-          const adminWrapped = keyWrappingService.wrapSecret(
-            adminUser.member.privateKey!,
-            adminPasswordSecure,
-          );
-          const adminBackupCodes =
-            options.adminBackupCodes ?? BackupCode.generateBackupCodes();
-          const encryptedAdminBackupCodes = await BackupCode.encryptBackupCodes(
-            adminUser.member,
-            systemUser.member,
-            adminBackupCodes,
-          );
-          const adminDocs = await UserModel.create(
-            [
-              {
-                _id: adminUserId as I,
-                username: application.constants.AdministratorUser,
-                email: application.constants.AdministratorEmail,
-                publicKey: adminUser.member.publicKey.toString('hex'),
-                duressPasswords: [],
-                mnemonicRecovery: adminEncryptedMnemonic,
-                mnemonicId: adminMnemonicDoc._id,
-                passwordWrappedPrivateKey: adminWrapped,
-                backupCodes: encryptedAdminBackupCodes,
-                timezone: application.environment.timezone,
-                siteLanguage: 'en-US',
-                emailVerified: true,
-                accountStatus: AccountStatus.Active,
-                directChallenge: true,
-                createdAt: now,
-                updatedAt: now,
-                createdBy: systemUserId as I,
-                updatedBy: systemUserId as I,
-              },
-            ],
-            { session: sess },
-          );
-          if (adminDocs.length !== 1) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToCreateUserTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Admin,
-                  ),
-                },
-              ),
-            );
-          }
-
-          const adminDoc = adminDocs[0];
-
-          // Create admin user-role relationship
-          const adminUserRoleDoc = await roleService.addUserToRole(
-            adminRoleId as I,
-            adminUserId as I,
-            systemUserId as I,
-            sess,
-            adminUserRoleId,
-          );
-
-          if (!adminUser.mnemonic.value) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_MnemonicIsNullTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Admin,
-                  ),
-                },
-              ),
-            );
-          }
-
-          const memberUser = DatabaseInitializationService.cacheOrNew<I>(
-            application.constants.MemberUser,
-            new EmailString(application.constants.MemberEmail),
-            options.memberMnemonic,
-            MemberType.User,
-            eciesService,
-            memberUserId as I,
-            systemDoc._id,
-            effectiveIdGenerator,
-            idToString,
-          );
-          const memberPasswordSecure = options.memberPassword
-            ? options.memberPassword
-            : new SecureString(this.generatePassword(16));
-
-          const memberMnemonicDoc = await mnemonicService.addMnemonic(
-            memberUser.mnemonic,
-            sess,
-          );
-          if (!memberMnemonicDoc) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Member,
-                  ),
-                },
-              ),
-            );
-          }
-
-          // Encrypt mnemonic for recovery
-          const encryptedMemberMnemonic = memberUser.member
-            .encryptData(Buffer.from(memberUser.mnemonic.value ?? '', 'utf-8'))
-            .toString('hex');
-          const memberWrapped = keyWrappingService.wrapSecret(
-            memberUser.member.privateKey!,
-            memberPasswordSecure,
-          );
-          const memberBackupCodes =
-            options.memberBackupCodes ?? BackupCode.generateBackupCodes();
-          const encryptedMemberBackupCodes =
-            await BackupCode.encryptBackupCodes(
-              memberUser.member,
-              systemUser.member,
-              memberBackupCodes,
-            );
-          const memberDocs = await UserModel.create(
-            [
-              {
-                _id: memberUserId as I,
-                username: application.constants.MemberUser,
-                email: application.constants.MemberEmail,
-                publicKey: memberUser.member.publicKey.toString('hex'),
-                mnemonicId: memberMnemonicDoc._id,
-                mnemonicRecovery: encryptedMemberMnemonic,
-                passwordWrappedPrivateKey: memberWrapped,
-                backupCodes: encryptedMemberBackupCodes,
-                duressPasswords: [],
-                timezone: application.environment.timezone,
-                siteLanguage: 'en-US',
-                emailVerified: true,
-                accountStatus: AccountStatus.Active,
-                directChallenge: true,
-                createdAt: now,
-                updatedAt: now,
-                createdBy: systemUserId as I,
-                updatedBy: systemUserId as I,
-              },
-            ],
-            { session: sess },
-          );
-          if (memberDocs.length !== 1) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_FailedToCreateUserTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Member,
-                  ),
-                },
-              ),
-            );
-          }
-
-          const memberDoc = memberDocs[0];
-
-          // Create member user-role relationship
-          const memberUserRoleDoc = await roleService.addUserToRole(
-            memberRoleId as I,
-            memberUserId as I,
-            systemUserId as I,
-            sess,
-            memberUserRoleId,
-          );
-
-          if (!memberUser.mnemonic.value) {
-            throw new Error(
-              engine.translate(
-                SuiteCoreComponentId,
-                SuiteCoreStringKey.Error_MnemonicIsNullTemplate,
-                {
-                  NAME: engine.translate(
-                    SuiteCoreComponentId,
-                    SuiteCoreStringKey.Common_Member,
-                  ),
-                },
-              ),
-            );
-          }
-
-          return {
-            adminRole,
-            memberRole,
-            systemRole,
-            systemDoc,
-            systemUserRoleDoc,
-            systemPassword: systemPasswordSecure.notNullValue,
-            systemMnemonic: systemUser.mnemonic.notNullValue,
-            systemBackupCodes: systemBackupCodes,
-            systemMember: systemUser.member,
-            adminDoc,
-            adminUserRoleDoc,
-            adminPassword: adminPasswordSecure.notNullValue,
-            adminMnemonic: adminUser.mnemonic.notNullValue,
-            adminBackupCodes: adminBackupCodes,
-            adminMember: adminUser.member,
-            memberDoc,
-            memberUserRoleDoc,
-            memberPassword: memberPasswordSecure.notNullValue,
-            memberMnemonic: memberUser.mnemonic.notNullValue,
-            memberBackupCodes: memberBackupCodes,
-            memberUser: memberUser.member,
-          };
-        },
-        transactionOptions,
-      );
-
-      return {
-        alreadyInitialized: false,
-        success: true,
-        data: {
-          adminRole: result.adminRole,
-          adminUserRole: result.adminUserRoleDoc,
-          adminUser: result.adminDoc,
-          adminUsername: result.adminDoc.username,
-          adminEmail: result.adminDoc.email,
-          adminMnemonic: result.adminMnemonic,
-          adminPassword: result.adminPassword,
-          adminBackupCodes: result.adminBackupCodes.map((bc) => bc.value ?? ''),
-          adminMember: result.adminMember,
-          memberRole: result.memberRole,
-          memberUserRole: result.memberUserRoleDoc,
-          memberUser: result.memberDoc,
-          memberUsername: result.memberDoc.username,
-          memberEmail: result.memberDoc.email,
-          memberMnemonic: result.memberMnemonic,
-          memberPassword: result.memberPassword,
-          memberBackupCodes: result.memberBackupCodes.map(
-            (bc) => bc.value ?? '',
-          ),
-          memberMember: result.memberUser,
-          systemRole: result.systemRole,
-          systemUserRole: result.systemUserRoleDoc,
-          systemUser: result.systemDoc,
-          systemUsername: result.systemDoc.username,
-          systemEmail: result.systemDoc.email,
-          systemMnemonic: result.systemMnemonic,
-          systemPassword: result.systemPassword,
-          systemBackupCodes: result.systemBackupCodes.map(
-            (bc) => bc.value ?? '',
-          ),
-          systemMember: result.systemMember,
-        },
-      };
-    } catch (error) {
-      // Check if it's a translatable error and display cleanly
-      if (
-        error instanceof TranslatableGenericError ||
-        error instanceof TranslatableHandleableGenericError ||
-        error instanceof TranslatableSuiteError ||
-        error instanceof TranslatableSuiteHandleableError
-      ) {
-        return {
-          alreadyInitialized: false,
-          success: false,
-          message: (error as Error).message,
-          error: error as Error,
-        };
-      }
-
-      return {
-        alreadyInitialized: false,
-        success: false,
-        message: engine.translate(
-          SuiteCoreComponentId,
-          SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase,
-        ),
-        error:
-          error instanceof Error
-            ? error
-            : new Error(
-                engine.translate(
-                  SuiteCoreComponentId,
-                  SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase,
-                ),
-              ),
-      };
-    }
-  }
-
-  public static serverInitResultsToDotEnv<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    serverInitResult: IServerInitResult<I>,
-    idToString: (id: I) => string = (id) => String(id),
-  ): string {
-    return `ADMIN_ID="${idToString(serverInitResult.adminUser._id as I)}"
-ADMIN_MNEMONIC="${serverInitResult.adminMnemonic}"
-ADMIN_ROLE_ID="${idToString(serverInitResult.adminRole._id as I)}"
-ADMIN_USER_ROLE_ID="${idToString(serverInitResult.adminUserRole._id as I)}"
-ADMIN_PASSWORD="${serverInitResult.adminPassword}"
-MEMBER_ID="${idToString(serverInitResult.memberUser._id as I)}"
-MEMBER_MNEMONIC="${serverInitResult.memberMnemonic}"
-MEMBER_ROLE_ID="${idToString(serverInitResult.memberRole._id as I)}"
-MEMBER_USER_ROLE_ID="${idToString(serverInitResult.memberUserRole._id as I)}"
-MEMBER_PASSWORD="${serverInitResult.memberPassword}"
-SYSTEM_ID="${idToString(serverInitResult.systemUser._id as I)}"
-SYSTEM_MNEMONIC="${serverInitResult.systemMnemonic}"
-SYSTEM_PUBLIC_KEY="${serverInitResult.systemUser.publicKey}"
-SYSTEM_ROLE_ID="${idToString(serverInitResult.systemRole._id as I)}"
-SYSTEM_USER_ROLE_ID="${idToString(serverInitResult.systemUserRole._id as I)}"
-SYSTEM_PASSWORD="${serverInitResult.systemPassword}"
-`;
-  }
-
-  public static printServerInitResults<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    result: IServerInitResult<I>,
-    printDotEnv: boolean = true,
-    idToString: (id: I) => string = (id) => String(id),
-  ): void {
-    debugLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '\n=== {{SuiteCoreStringKey.Admin_AccountCredentials}} ===',
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_ID}}: {id}',
-        {
-          id: idToString(result.systemUser._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Role}}: {roleName}',
-        {
-          roleName: result.systemRole.name,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}',
-        {
-          roleId: idToString(result.systemRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}',
-        {
-          userRoleId: idToString(result.systemUserRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Username}}: {username}',
-        {
-          username: result.systemUsername,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Email}}: {email}',
-        {
-          email: result.systemEmail,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Password}}: {password}',
-        {
-          password: result.systemPassword,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}',
-        {
-          mnemonic: result.systemMnemonic,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}',
-        {
-          publicKey: result.systemUser.publicKey,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      `${this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_BackupCodes}}',
-      )}: ${result.systemBackupCodes.join(', ')}`,
-    );
-    directLog(true, 'log', '');
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_ID}}: {id}',
-        {
-          id: idToString(result.adminUser._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Role}}: {roleName}',
-        {
-          roleName: result.adminRole.name,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}',
-        {
-          roleId: idToString(result.adminRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}',
-        {
-          userRoleId: idToString(result.adminUserRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Username}}: {username}',
-        {
-          username: result.adminUsername,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Email}}: {email}',
-        {
-          email: result.adminEmail,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Password}}: {password}',
-        {
-          password: result.adminPassword,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}',
-        {
-          mnemonic: result.adminMnemonic,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}',
-        {
-          publicKey: result.adminUser.publicKey,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      `${this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_BackupCodes}}',
-      )}: ${result.adminBackupCodes.join(', ')}`,
-    );
-    directLog(true, 'log', '');
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_ID}}: {id}',
-        {
-          id: idToString(result.memberUser._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Role}}: {roleName}',
-        {
-          roleName: result.memberRole.name,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}',
-        {
-          roleId: idToString(result.memberRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}',
-        {
-          userRoleId: idToString(result.memberUserRole._id as I),
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Username}}: {username}',
-        {
-          username: result.memberUsername,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Email}}: {email}',
-        {
-          email: result.memberEmail,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Password}}: {password}',
-        {
-          password: result.memberPassword,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}',
-        {
-          mnemonic: result.memberMnemonic,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}',
-        {
-          publicKey: result.memberUser.publicKey,
-        },
-      ),
-    );
-    directLog(
-      true,
-      'log',
-      `${this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_BackupCodes}}',
-      )}: ${result.memberBackupCodes.join(', ')}`,
-    );
-    directLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '\n=== {{SuiteCoreStringKey.Admin_EndCredentials}} ===',
-      ),
-    );
-
-    if (printDotEnv) {
-      directLog(true, 'log', '');
-      debugLog(
-        true,
-        'log',
-        this.defaultI18nTFunc(
-          '=== {{SuiteCoreStringKey.Admin_DotEnvFormat}} ===',
-        ),
-      );
-      directLog(
-        true,
-        'log',
-        this.serverInitResultsToDotEnv(result, idToString),
-      );
-      debugLog(
-        true,
-        'log',
-        this.defaultI18nTFunc(
-          '=== {{SuiteCoreStringKey.Admin_EndDotEnvFormat}} ===',
-        ),
-      );
-    }
-  }
-
-  public static setEnvFromInitResults<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    result: IServerInitResult<I>,
-    idToString: (id: I) => string = (id) => String(id),
-  ): void {
-    process.env['ADMIN_ID'] = idToString(result.adminUser._id as I);
-    process.env['ADMIN_PUBLIC_KEY'] = result.adminUser.publicKey;
-    process.env['ADMIN_MNEMONIC'] = result.adminMnemonic;
-    process.env['ADMIN_PASSWORD'] = result.adminPassword;
-    process.env['ADMIN_ROLE_ID'] = idToString(result.adminRole._id as I);
-    process.env['ADMIN_USER_ROLE_ID'] = idToString(
-      result.adminUserRole._id as I,
-    );
-    //
-    process.env['MEMBER_ID'] = idToString(result.memberUser._id as I);
-    process.env['MEMBER_PUBLIC_KEY'] = result.memberUser.publicKey;
-    process.env['MEMBER_MNEMONIC'] = result.memberMnemonic;
-    process.env['MEMBER_PASSWORD'] = result.memberPassword;
-    process.env['MEMBER_ROLE_ID'] = idToString(result.memberRole._id as I);
-    process.env['MEMBER_USER_ROLE_ID'] = idToString(
-      result.memberUserRole._id as I,
-    );
-    //
-    process.env['SYSTEM_ID'] = idToString(result.systemUser._id as I);
-    process.env['SYSTEM_PUBLIC_KEY'] = result.systemUser.publicKey;
-    process.env['SYSTEM_MNEMONIC'] = result.systemMnemonic;
-    process.env['SYSTEM_PASSWORD'] = result.systemPassword;
-    process.env['SYSTEM_ROLE_ID'] = idToString(result.systemRole._id as I);
-    process.env['SYSTEM_USER_ROLE_ID'] = idToString(
-      result.systemUserRole._id as I,
-    );
-  }
-
-  /**
-   * Write initialization results to a .env file
-   * Updates or adds the credential variables in the specified .env file
-   * @param envFilePath Path to the .env file to update
-   * @param result The initialization results containing credentials
-   * @param idToString Function to convert IDs to strings
-   */
-  public static writeEnvFile<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    envFilePath: string,
-    result: IServerInitResult<I>,
-    idToString: (id: I) => string = (id) => String(id),
-  ): void {
-    // Ensure the directory exists
-    const dir = path.dirname(envFilePath);
-    if (!fs.existsSync(dir)) {
-      fs.mkdirSync(dir, { recursive: true });
-    }
-
-    // Read existing .env file or create empty content
-    let envContent = '';
-    if (fs.existsSync(envFilePath)) {
-      envContent = fs.readFileSync(envFilePath, 'utf-8');
-    }
-
-    // Define the credentials to update
-    const credentials = {
-      ADMIN_ID: idToString(result.adminUser._id as I),
-      ADMIN_MNEMONIC: result.adminMnemonic,
-      ADMIN_ROLE_ID: idToString(result.adminRole._id as I),
-      ADMIN_USER_ROLE_ID: idToString(result.adminUserRole._id as I),
-      ADMIN_PASSWORD: result.adminPassword,
-      MEMBER_ID: idToString(result.memberUser._id as I),
-      MEMBER_MNEMONIC: result.memberMnemonic,
-      MEMBER_ROLE_ID: idToString(result.memberRole._id as I),
-      MEMBER_USER_ROLE_ID: idToString(result.memberUserRole._id as I),
-      MEMBER_PASSWORD: result.memberPassword,
-      SYSTEM_ID: idToString(result.systemUser._id as I),
-      SYSTEM_MNEMONIC: result.systemMnemonic,
-      SYSTEM_PUBLIC_KEY: result.systemUser.publicKey,
-      SYSTEM_ROLE_ID: idToString(result.systemRole._id as I),
-      SYSTEM_USER_ROLE_ID: idToString(result.systemUserRole._id as I),
-      SYSTEM_PASSWORD: result.systemPassword,
-    };
-
-    // Update or add each credential
-    for (const [key, value] of Object.entries(credentials)) {
-      const regex = new RegExp(`^${key}=.*$`, 'm');
-      const newLine = `${key}="${value}"`;
-
-      if (regex.test(envContent)) {
-        // Update existing line
-        envContent = envContent.replace(regex, newLine);
-      } else {
-        // Add new line (append to end)
-        if (envContent && !envContent.endsWith('\n')) {
-          envContent += '\n';
-        }
-        envContent += newLine + '\n';
-      }
-    }
-
-    // Write back to file
-    fs.writeFileSync(envFilePath, envContent, 'utf-8');
-    debugLog(
-      true,
-      'log',
-      this.defaultI18nTFunc(
-        '{{SuiteCoreStringKey.Admin_CredentialsWrittenToEnv}}',
-        {
-          path: envFilePath,
-        },
-      ),
-    );
-  }
-
-  /**
-   * Initialize the user database with default users and roles (convenience method)
-   * This method creates the necessary services and calls initUserDbWithServices
-   * @param application The application
-   * @returns The result of the initialization
-   */
-  public static async initUserDb<
-    I extends Types.ObjectId | string = Types.ObjectId,
-  >(
-    application: IApplication,
-    idGenerator?: () => I,
-    idToString: (id: I) => string = (id) =>
-      application.constants.idProvider.idToString(id),
-  ): Promise<IFailableResult<IServerInitResult<I>>> {
-    const mnemonicModel = ModelRegistry.instance.getTypedModel<
-      IMnemonicDocument<I>
-    >(BaseModelName.Mnemonic);
-    const mnemonicService = new MnemonicService(
-      mnemonicModel,
-      application.environment.mnemonicHmacSecret,
-      application.constants,
-    );
-    const config: IECIESConfig = {
-      curveName: ECIES.CURVE_NAME,
-      primaryKeyDerivationPath: ECIES.PRIMARY_KEY_DERIVATION_PATH,
-      mnemonicStrength: ECIES.MNEMONIC_STRENGTH,
-      symmetricAlgorithm: ECIES.SYMMETRIC_ALGORITHM_CONFIGURATION,
-      symmetricKeyBits: ECIES.SYMMETRIC.KEY_BITS,
-      symmetricKeyMode: ECIES.SYMMETRIC.MODE,
-    };
-    const eciesService = new ECIESService(config);
-    const roleService = new RoleService<I>(application);
-    const keyWrappingService = new KeyWrappingService();
-    const backupCodeService = new BackupCodeService<I>(
-      application,
-      eciesService,
-      keyWrappingService,
-      roleService,
-    );
-
-    return this.initUserDbWithServices<I>(
-      application,
-      keyWrappingService,
-      mnemonicService,
-      eciesService,
-      roleService,
-      backupCodeService,
-      idGenerator,
-      idToString,
-    );
-  }
-}