@explorins/pers-shared 2.1.10 → 2.1.12

package/dist/esm/internal/database/schemas/tenant-fields.schema.js

@@ -0,0 +1,54 @@
+/**
+ * Multi-Tenant TypeORM Entity Fields
+ *
+ * MANDATORY for tenant-specific data in PERS Loyalty Backend
+ *
+ * ✅ ALWAYS INCLUDE tenantFields for:
+ * - User-specific data: SigningAccount, UserWallet, UserProfile, UserPreferences
+ * - Business domain data: Campaign, Redemption, Transaction, TokenBalance
+ * - API keys and authentication: ApiKey, RefreshToken, UserSession
+ * - Tenant-specific configuration: BusinessSettings, CampaignTemplates
+ * - Any data that varies by tenant/client
+ *
+ * ❌ EXCLUDE tenantFields for:
+ * - System-wide shared data: TokenContract, GeolocationData, SystemSettings
+ * - Static reference data: Country codes, currency rates, blockchain configs
+ * - Cross-tenant shared resources (explicitly designed to be shared)
+ *
+ * Usage Pattern:
+ * ```typescript
+ * export const MySchema = new EntitySchema<MyModel>({
+ *     columns: {
+ *         ...sharedFields,     // Base fields (id, timestamps, soft delete)
+ *         ...tenantFields,     // Multi-tenant support (tenantId with RLS)
+ *         // entity-specific fields below
+ *     }
+ * });
+ * ```
+ *
+ * CRITICAL: When using tenantFields, MUST include RLS module:
+ * ```typescript
+ * @Module({
+ *   imports: [
+ *     TypeOrmModule.forFeature([MySchema]),
+ *     RLSModule.forFeature([MySchema]),    // REQUIRED for Row Level Security
+ *   ],
+ * })
+ * ```
+ *
+ * Technical Details:
+ * - Provides: tenantId with RLS (Row Level Security) automatic population
+ * - RLS Function: Uses current_setting('rls.tenant_id') for automatic tenant isolation
+ * - Database-level security: Prevents cross-tenant data leaks automatically
+ * - Transparent filtering: All queries automatically filter by current tenant
+ *
+ * See: /documentation/domain-model-best-practices.md for complete patterns
+ */
+export const tenantFields = {
+    tenantId: {
+        type: String,
+        nullable: true,
+        default: () => "current_setting('rls.tenant_id')",
+    },
+};
+//# sourceMappingURL=tenant-fields.schema.js.map

package/dist/esm/internal/database/schemas/tenant-fields.schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant-fields.schema.js","sourceRoot":"","sources":["../../../../../src/internal/database/schemas/tenant-fields.schema.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,CAAC,MAAM,YAAY,GAAmD;IAC1E,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,GAAG,EAAE,CAAC,kCAAkC;KAClD;CACF,CAAC"}

package/dist/esm/internal/enums/lambda.enum.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Lambda function enums for internal microservice communication
+ * Used across multiple domains for lambda-based orchestration
+ */
+/**
+ * Domain enum for Lambda function names
+ * Contains business-meaningful function categories
+ */
+export declare enum LambdaFunctionName {
+    TRANSACTION = "transaction"
+}
+/**
+ * Domain enum for specific invokable Lambda functions
+ * Represents the business operations available through Lambda
+ */
+export declare enum LambdaInvokableFunctionName {
+    RUN_TRANSACTION_ASYNC = "runTransactionAsync",
+    SUBMIT_SIGNED_TRANSACTION = "submitSignedTransaction"
+}
+/**
+ * Domain enum for Lambda invocation types
+ * Business perspective on synchronous vs asynchronous operations
+ */
+export declare enum LambdaInvocationType {
+    SYNCHRONOUS = "RequestResponse",
+    ASYNCHRONOUS = "Event"
+}
+//# sourceMappingURL=lambda.enum.d.ts.map

package/dist/esm/internal/enums/lambda.enum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lambda.enum.d.ts","sourceRoot":"","sources":["../../../../src/internal/enums/lambda.enum.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,oBAAY,kBAAkB;IAC5B,WAAW,gBAAgB;CAC5B;AAED;;;GAGG;AACH,oBAAY,2BAA2B;IACrC,qBAAqB,wBAAwB;IAC7C,yBAAyB,4BAA4B;CACtD;AAED;;;GAGG;AACH,oBAAY,oBAAoB;IAC9B,WAAW,oBAAoB;IAC/B,YAAY,UAAU;CACvB"}

package/dist/esm/internal/enums/lambda.enum.js

@@ -0,0 +1,31 @@
+/**
+ * Lambda function enums for internal microservice communication
+ * Used across multiple domains for lambda-based orchestration
+ */
+/**
+ * Domain enum for Lambda function names
+ * Contains business-meaningful function categories
+ */
+export var LambdaFunctionName;
+(function (LambdaFunctionName) {
+    LambdaFunctionName["TRANSACTION"] = "transaction";
+})(LambdaFunctionName || (LambdaFunctionName = {}));
+/**
+ * Domain enum for specific invokable Lambda functions
+ * Represents the business operations available through Lambda
+ */
+export var LambdaInvokableFunctionName;
+(function (LambdaInvokableFunctionName) {
+    LambdaInvokableFunctionName["RUN_TRANSACTION_ASYNC"] = "runTransactionAsync";
+    LambdaInvokableFunctionName["SUBMIT_SIGNED_TRANSACTION"] = "submitSignedTransaction";
+})(LambdaInvokableFunctionName || (LambdaInvokableFunctionName = {}));
+/**
+ * Domain enum for Lambda invocation types
+ * Business perspective on synchronous vs asynchronous operations
+ */
+export var LambdaInvocationType;
+(function (LambdaInvocationType) {
+    LambdaInvocationType["SYNCHRONOUS"] = "RequestResponse";
+    LambdaInvocationType["ASYNCHRONOUS"] = "Event";
+})(LambdaInvocationType || (LambdaInvocationType = {}));
+//# sourceMappingURL=lambda.enum.js.map

package/dist/esm/internal/enums/lambda.enum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lambda.enum.js","sourceRoot":"","sources":["../../../../src/internal/enums/lambda.enum.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAEX;AAFD,WAAY,kBAAkB;IAC5B,iDAA2B,CAAA;AAC7B,CAAC,EAFW,kBAAkB,KAAlB,kBAAkB,QAE7B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,2BAGX;AAHD,WAAY,2BAA2B;IACrC,4EAA6C,CAAA;IAC7C,oFAAqD,CAAA;AACvD,CAAC,EAHW,2BAA2B,KAA3B,2BAA2B,QAGtC;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,oBAGX;AAHD,WAAY,oBAAoB;IAC9B,uDAA+B,CAAA;IAC/B,8CAAsB,CAAA;AACxB,CAAC,EAHW,oBAAoB,KAApB,oBAAoB,QAG/B"}

package/dist/esm/internal/exceptions/base/error-classification-enums.d.ts

@@ -0,0 +1,118 @@
+/**
+ * Error Classification Enums and Interfaces
+ *
+ * This file defines the error categorization system used throughout the application.
+ *
+ * 🎯 DEVELOPER GUIDANCE:
+ *
+ * When creating errors, choose the appropriate category:
+ *
+ * 1. DOMAIN_RULE: Business logic violations
+ *    → Use BusinessLogicError subclasses (e.g., TokenTypeNotFoundError)
+ *
+ * 2. TECHNICAL: Application/config issues
+ *    → Use TechnicalError.withMessage() for meaningful technical errors
+ *
+ * 3. VALIDATION: Input format/validation failures
+ *    → Let NestJS validation decorators handle these automatically
+ *
+ * 4. INFRASTRUCTURE: External system failures
+ *    → These are usually classified automatically from generic Error() instances
+ *
+ * 5. SECURITY: Auth/authorization issues
+ *    → Use NestJS guards and filters for consistent security errors
+ *
+ * 💡 TIP: Prefer structured errors (BusinessLogicError/TechnicalError) over generic Error()
+ *         for better user experience and debugging capability.
+ *
+ * 📊 QUICK REFERENCE TABLE:
+ * ┌─────────────────┬─────────────┬─────────────────────────────────────┬───────────┐
+ * │ Category        │ HTTP Status │ Example                             │ Retryable │
+ * ├─────────────────┼─────────────┼─────────────────────────────────────┼───────────┤
+ * │ VALIDATION      │ 400         │ "Email format invalid"              │ No        │
+ * │ DOMAIN_RULE     │ 422         │ "Insufficient balance"              │ No        │
+ * │ TECHNICAL       │ 422         │ "Invalid file format"               │ Maybe     │
+ * │ INFRASTRUCTURE  │ 503         │ "Database connection failed"        │ Yes       │
+ * │ SECURITY        │ 403         │ "Access denied"                     │ No        │
+ * │ RATE_LIMIT      │ 429         │ "API rate limit exceeded"           │ Yes       │
+ * │ TIMEOUT         │ 504         │ "Request timeout"                   │ Yes       │
+ * │ UNKNOWN         │ 500         │ Generic Error() instances           │ Yes       │
+ * └─────────────────┴─────────────┴─────────────────────────────────────┴───────────┘
+ */
+/**
+ * Error severity levels for prioritization and alerting
+ *
+ * Determines the urgency of response and escalation procedures:
+ * - Monitoring alert thresholds
+ * - On-call escalation policies
+ * - SLA response times
+ * - Business impact assessment
+ */
+export declare enum ErrorSeverity {
+    /**
+     * Low severity - Minor issues, degraded experience but service functional
+     * Examples: Optional feature failures, cosmetic issues, non-critical warnings
+     * Response Time: 24-48 hours
+     * Escalation: Development team during business hours
+     * Business Impact: Minimal
+     */
+    LOW = "LOW",
+    /**
+     * Medium severity - Noticeable issues, some functionality impaired
+     * Examples: Performance degradation, secondary feature failures, data sync delays
+     * Response Time: 4-8 hours
+     * Escalation: Development team within same day
+     * Business Impact: Moderate
+     */
+    MEDIUM = "MEDIUM",
+    /**
+     * High severity - Significant issues, core functionality impaired
+     * Examples: Payment failures, authentication issues, critical feature outages
+     * Response Time: 1-2 hours
+     * Escalation: Immediate development team notification
+     * Business Impact: High
+     */
+    HIGH = "HIGH",
+    /**
+     * Critical severity - System down, major business impact
+     * Examples: Complete service outage, data corruption, security breaches
+     * Response Time: Immediate (< 15 minutes)
+     * Escalation: Page on-call engineer, notify leadership
+     * Business Impact: Severe
+     */
+    CRITICAL = "CRITICAL"
+}
+/**
+ * API error response format including correlation tracking
+ */
+export interface ApiErrorResponse {
+    code: string;
+    domain: string;
+    message: string;
+    developerMessage?: string;
+    action?: string;
+    timestamp: string;
+    category: string;
+    correlationId: string;
+    retryable: boolean;
+    severity: ErrorSeverity;
+}
+/**
+ * HTTP Status codes used by our error classification system
+ *
+ * Centralized here to maintain consistency across error classification
+ * and avoid duplication with NestJS HttpStatus values.
+ */
+export declare enum ErrorHttpStatus {
+    BAD_REQUEST = 400,
+    UNAUTHORIZED = 401,
+    FORBIDDEN = 403,
+    NOT_FOUND = 404,
+    CONFLICT = 409,
+    UNPROCESSABLE_ENTITY = 422,
+    TOO_MANY_REQUESTS = 429,
+    INTERNAL_SERVER_ERROR = 500,
+    SERVICE_UNAVAILABLE = 503,
+    GATEWAY_TIMEOUT = 504
+}
+//# sourceMappingURL=error-classification-enums.d.ts.map

package/dist/esm/internal/exceptions/base/error-classification-enums.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classification-enums.d.ts","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classification-enums.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAKH;;;;;;;;GAQG;AACH,oBAAY,aAAa;IACvB;;;;;;OAMG;IACH,GAAG,QAAQ;IAEX;;;;;;OAMG;IACH,MAAM,WAAW;IAEjB;;;;;;OAMG;IACH,IAAI,SAAS;IAEb;;;;;;OAMG;IACH,QAAQ,aAAa;CACtB;AAID;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,aAAa,CAAC;CACzB;AAID;;;;;GAKG;AACH,oBAAY,eAAe;IACzB,WAAW,MAAM;IACjB,YAAY,MAAM;IAClB,SAAS,MAAM;IACf,SAAS,MAAM;IACf,QAAQ,MAAM;IACd,oBAAoB,MAAM;IAC1B,iBAAiB,MAAM;IACvB,qBAAqB,MAAM;IAC3B,mBAAmB,MAAM;IACzB,eAAe,MAAM;CACtB"}

package/dist/esm/internal/exceptions/base/error-classification-enums.js

@@ -0,0 +1,108 @@
+/**
+ * Error Classification Enums and Interfaces
+ *
+ * This file defines the error categorization system used throughout the application.
+ *
+ * 🎯 DEVELOPER GUIDANCE:
+ *
+ * When creating errors, choose the appropriate category:
+ *
+ * 1. DOMAIN_RULE: Business logic violations
+ *    → Use BusinessLogicError subclasses (e.g., TokenTypeNotFoundError)
+ *
+ * 2. TECHNICAL: Application/config issues
+ *    → Use TechnicalError.withMessage() for meaningful technical errors
+ *
+ * 3. VALIDATION: Input format/validation failures
+ *    → Let NestJS validation decorators handle these automatically
+ *
+ * 4. INFRASTRUCTURE: External system failures
+ *    → These are usually classified automatically from generic Error() instances
+ *
+ * 5. SECURITY: Auth/authorization issues
+ *    → Use NestJS guards and filters for consistent security errors
+ *
+ * 💡 TIP: Prefer structured errors (BusinessLogicError/TechnicalError) over generic Error()
+ *         for better user experience and debugging capability.
+ *
+ * 📊 QUICK REFERENCE TABLE:
+ * ┌─────────────────┬─────────────┬─────────────────────────────────────┬───────────┐
+ * │ Category        │ HTTP Status │ Example                             │ Retryable │
+ * ├─────────────────┼─────────────┼─────────────────────────────────────┼───────────┤
+ * │ VALIDATION      │ 400         │ "Email format invalid"              │ No        │
+ * │ DOMAIN_RULE     │ 422         │ "Insufficient balance"              │ No        │
+ * │ TECHNICAL       │ 422         │ "Invalid file format"               │ Maybe     │
+ * │ INFRASTRUCTURE  │ 503         │ "Database connection failed"        │ Yes       │
+ * │ SECURITY        │ 403         │ "Access denied"                     │ No        │
+ * │ RATE_LIMIT      │ 429         │ "API rate limit exceeded"           │ Yes       │
+ * │ TIMEOUT         │ 504         │ "Request timeout"                   │ Yes       │
+ * │ UNKNOWN         │ 500         │ Generic Error() instances           │ Yes       │
+ * └─────────────────┴─────────────┴─────────────────────────────────────┴───────────┘
+ */
+// Note: ErrorCategory is now imported from @explorins/pers-shared
+// This library contains only the detailed classification enums and interfaces
+/**
+ * Error severity levels for prioritization and alerting
+ *
+ * Determines the urgency of response and escalation procedures:
+ * - Monitoring alert thresholds
+ * - On-call escalation policies
+ * - SLA response times
+ * - Business impact assessment
+ */
+export var ErrorSeverity;
+(function (ErrorSeverity) {
+    /**
+     * Low severity - Minor issues, degraded experience but service functional
+     * Examples: Optional feature failures, cosmetic issues, non-critical warnings
+     * Response Time: 24-48 hours
+     * Escalation: Development team during business hours
+     * Business Impact: Minimal
+     */
+    ErrorSeverity["LOW"] = "LOW";
+    /**
+     * Medium severity - Noticeable issues, some functionality impaired
+     * Examples: Performance degradation, secondary feature failures, data sync delays
+     * Response Time: 4-8 hours
+     * Escalation: Development team within same day
+     * Business Impact: Moderate
+     */
+    ErrorSeverity["MEDIUM"] = "MEDIUM";
+    /**
+     * High severity - Significant issues, core functionality impaired
+     * Examples: Payment failures, authentication issues, critical feature outages
+     * Response Time: 1-2 hours
+     * Escalation: Immediate development team notification
+     * Business Impact: High
+     */
+    ErrorSeverity["HIGH"] = "HIGH";
+    /**
+     * Critical severity - System down, major business impact
+     * Examples: Complete service outage, data corruption, security breaches
+     * Response Time: Immediate (< 15 minutes)
+     * Escalation: Page on-call engineer, notify leadership
+     * Business Impact: Severe
+     */
+    ErrorSeverity["CRITICAL"] = "CRITICAL";
+})(ErrorSeverity || (ErrorSeverity = {}));
+// Note: All interfaces moved to @explorins/pers-shared for proper data contract separation
+/**
+ * HTTP Status codes used by our error classification system
+ *
+ * Centralized here to maintain consistency across error classification
+ * and avoid duplication with NestJS HttpStatus values.
+ */
+export var ErrorHttpStatus;
+(function (ErrorHttpStatus) {
+    ErrorHttpStatus[ErrorHttpStatus["BAD_REQUEST"] = 400] = "BAD_REQUEST";
+    ErrorHttpStatus[ErrorHttpStatus["UNAUTHORIZED"] = 401] = "UNAUTHORIZED";
+    ErrorHttpStatus[ErrorHttpStatus["FORBIDDEN"] = 403] = "FORBIDDEN";
+    ErrorHttpStatus[ErrorHttpStatus["NOT_FOUND"] = 404] = "NOT_FOUND";
+    ErrorHttpStatus[ErrorHttpStatus["CONFLICT"] = 409] = "CONFLICT";
+    ErrorHttpStatus[ErrorHttpStatus["UNPROCESSABLE_ENTITY"] = 422] = "UNPROCESSABLE_ENTITY";
+    ErrorHttpStatus[ErrorHttpStatus["TOO_MANY_REQUESTS"] = 429] = "TOO_MANY_REQUESTS";
+    ErrorHttpStatus[ErrorHttpStatus["INTERNAL_SERVER_ERROR"] = 500] = "INTERNAL_SERVER_ERROR";
+    ErrorHttpStatus[ErrorHttpStatus["SERVICE_UNAVAILABLE"] = 503] = "SERVICE_UNAVAILABLE";
+    ErrorHttpStatus[ErrorHttpStatus["GATEWAY_TIMEOUT"] = 504] = "GATEWAY_TIMEOUT";
+})(ErrorHttpStatus || (ErrorHttpStatus = {}));
+//# sourceMappingURL=error-classification-enums.js.map

package/dist/esm/internal/exceptions/base/error-classification-enums.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classification-enums.js","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classification-enums.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,kEAAkE;AAClE,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,CAAN,IAAY,aAoCX;AApCD,WAAY,aAAa;IACvB;;;;;;OAMG;IACH,4BAAW,CAAA;IAEX;;;;;;OAMG;IACH,kCAAiB,CAAA;IAEjB;;;;;;OAMG;IACH,8BAAa,CAAA;IAEb;;;;;;OAMG;IACH,sCAAqB,CAAA;AACvB,CAAC,EApCW,aAAa,KAAb,aAAa,QAoCxB;AAoBD,2FAA2F;AAE3F;;;;;GAKG;AACH,MAAM,CAAN,IAAY,eAWX;AAXD,WAAY,eAAe;IACzB,qEAAiB,CAAA;IACjB,uEAAkB,CAAA;IAClB,iEAAe,CAAA;IACf,iEAAe,CAAA;IACf,+DAAc,CAAA;IACd,uFAA0B,CAAA;IAC1B,iFAAuB,CAAA;IACvB,yFAA2B,CAAA;IAC3B,qFAAyB,CAAA;IACzB,6EAAqB,CAAA;AACvB,CAAC,EAXW,eAAe,KAAf,eAAe,QAW1B"}

package/dist/esm/internal/exceptions/base/error-classification.interface.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Error classification and response interfaces for domain-driven error handling
+ */
+import { ErrorCategory } from '@explorins/pers-shared';
+import { ErrorSeverity } from './error-classification-enums';
+export interface ErrorClassificationResult {
+    category: ErrorCategory;
+    severity: ErrorSeverity;
+    retryable: boolean;
+    userFacing: boolean;
+    httpStatusCode: number;
+}
+export interface ApiErrorResponse {
+    code: string;
+    domain: string;
+    message: string;
+    developerMessage?: string;
+    action?: string;
+    timestamp: string;
+    category: string;
+    correlationId: string;
+    retryable?: boolean;
+    severity?: string;
+}
+export interface LoggingContext {
+    domain: string;
+    operation: string;
+    errorCode: string;
+    severity: ErrorSeverity;
+    additionalContext?: Record<string, any>;
+}
+/**
+ * Interface for self-classifying errors
+ */
+export interface SelfClassifyingError {
+    classify(): ErrorClassificationResult;
+    toApiResponse(correlationId: string): ApiErrorResponse;
+    getLoggingContext(): LoggingContext;
+}
+/**
+ * Interface for domain-specific error classifiers
+ */
+export interface DomainErrorClassifier {
+    canClassify(error: any): boolean;
+    classify(error: any): ErrorClassificationResult;
+    formatApiResponse(error: any, correlationId: string): ApiErrorResponse;
+}
+//# sourceMappingURL=error-classification.interface.d.ts.map

package/dist/esm/internal/exceptions/base/error-classification.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classification.interface.d.ts","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classification.interface.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE7D,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,IAAI,yBAAyB,CAAC;IACtC,aAAa,CAAC,aAAa,EAAE,MAAM,GAAG,gBAAgB,CAAC;IACvD,iBAAiB,IAAI,cAAc,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,WAAW,CAAC,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC;IACjC,QAAQ,CAAC,KAAK,EAAE,GAAG,GAAG,yBAAyB,CAAC;IAChD,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,GAAG,gBAAgB,CAAC;CACxE"}

package/dist/esm/internal/exceptions/base/error-classification.interface.js

@@ -0,0 +1,5 @@
+/**
+ * Error classification and response interfaces for domain-driven error handling
+ */
+export {};
+//# sourceMappingURL=error-classification.interface.js.map

package/dist/esm/internal/exceptions/base/error-classification.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classification.interface.js","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classification.interface.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/esm/internal/exceptions/base/error-classifier.d.ts

@@ -0,0 +1,23 @@
+import { StructuredError } from '@explorins/pers-shared';
+/**
+ * Error classification utilities with 3-path decision logic
+ */
+export declare class ErrorClassifier {
+    /**
+     * Simplified error classification with 3-path logic
+     * 1. BusinessLogicError -> Preserve structure (fast path)
+     * 2. TechnicalError -> Preserve message (fast path)
+     * 3. Everything else -> Security-first fallback
+     */
+    static classify(error: any, domain: string): StructuredError;
+    /**
+     * Determine if an error message is safe to expose to users
+     * Uses a balanced approach: block sensitive system data while allowing business messages
+     */
+    private static isSafeForUsers;
+    /**
+     * Convert structured error to HTTP status code
+     */
+    static getHttpStatusCode(structuredError: StructuredError): number;
+}
+//# sourceMappingURL=error-classifier.d.ts.map

package/dist/esm/internal/exceptions/base/error-classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classifier.d.ts","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqD,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAG5G;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe;IAyD5D;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,cAAc;IAgE7B;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,eAAe,EAAE,eAAe,GAAG,MAAM;CAkBnE"}

package/dist/esm/internal/exceptions/base/error-classifier.js

@@ -0,0 +1,145 @@
+import { BusinessLogicError, TechnicalError, ErrorCategory } from '@explorins/pers-shared';
+import { ErrorHttpStatus } from './error-classification-enums';
+/**
+ * Error classification utilities with 3-path decision logic
+ */
+export class ErrorClassifier {
+    /**
+     * Simplified error classification with 3-path logic
+     * 1. BusinessLogicError -> Preserve structure (fast path)
+     * 2. TechnicalError -> Preserve message (fast path)
+     * 3. Everything else -> Security-first fallback
+     */
+    static classify(error, domain) {
+        // Fast path 1: BusinessLogicError (already structured)
+        if (BusinessLogicError.isBusinessError(error)) {
+            const response = error.getResponse();
+            const responseObj = typeof response === 'object' ? response : {};
+            return {
+                category: ErrorCategory.DOMAIN_RULE,
+                code: responseObj.code || 'BUSINESS_ERROR',
+                message: responseObj.message || error.message,
+                userMessage: responseObj.message || error.message,
+                retryable: false
+            };
+        }
+        // Fast path 2: TechnicalError (preserve meaningful messages)
+        if (TechnicalError.isTechnicalError(error)) {
+            const response = error.getResponse();
+            const responseObj = typeof response === 'object' ? response : {};
+            return {
+                category: ErrorCategory.INFRASTRUCTURE,
+                code: 'TECHNICAL_ERROR',
+                message: responseObj.message || error.message,
+                userMessage: responseObj.message || error.message,
+                retryable: false
+            };
+        }
+        // Fast path 3: HttpExceptions with BUSINESS_LOGIC category (for backward compatibility)
+        if (typeof error.getStatus === 'function') {
+            const response = error.getResponse ? error.getResponse() : null;
+            if (typeof response === 'object' && response?.category === 'BUSINESS_LOGIC') {
+                const responseObj = response;
+                return {
+                    category: ErrorCategory.DOMAIN_RULE,
+                    code: responseObj.code || 'BUSINESS_ERROR',
+                    message: responseObj.message || error.message,
+                    userMessage: responseObj.message || error.message,
+                    retryable: false
+                };
+            }
+        }
+        // Security-first fallback for everything else
+        const message = error.message || 'Unknown error';
+        // Check if error message is safe to expose to users
+        const isSafe = this.isSafeForUsers(message);
+        return {
+            category: ErrorCategory.UNKNOWN,
+            code: 'INTERNAL_ERROR',
+            message: isSafe ? message : 'Internal server error',
+            userMessage: isSafe ? message : 'An unexpected error occurred. Please try again.',
+            retryable: true
+        };
+    }
+    /**
+     * Determine if an error message is safe to expose to users
+     * Uses a balanced approach: block sensitive system data while allowing business messages
+     */
+    static isSafeForUsers(message) {
+        if (!message || message.length < 3 || message.length > 300)
+            return false;
+        // Allow common business error phrases that are safe for users
+        const safeBusinessPatterns = [
+            /cannot process payment/i,
+            /unable to complete transaction/i,
+            /insufficient (balance|funds)/i,
+            /user not found/i,
+            /token not active/i,
+            /wallet not found/i,
+            /invalid (amount|address|format)/i,
+            /transaction (failed|rejected|expired)/i,
+            /account (locked|inactive|suspended)/i,
+            /permission denied/i,
+            /rate limit exceeded/i,
+            /service temporarily unavailable/i
+        ];
+        // If it matches safe business patterns, allow it
+        if (safeBusinessPatterns.some(pattern => pattern.test(message))) {
+            return true;
+        }
+        // Block definitely unsafe patterns (system internals and sensitive data)
+        const unsafePatterns = [
+            // System internals with technical context
+            /internal server error/i,
+            /database connection (failed|lost|timeout)/i,
+            /sql (error|exception|syntax)/i,
+            /stack trace|stacktrace/i,
+            /undefined (property|method|function)/i,
+            /null pointer|reference error/i,
+            // Sensitive data indicators  
+            /secret|password|private.?key|credential/i,
+            /jwt.?token|bearer.?token|api.?key/i,
+            /localhost|127\.0\.0\.1|192\.168\.|10\.\d+\./i,
+            /\.env|config\.json|\.xml|\.yml/i,
+            // Technical stack traces and system paths
+            /\/var\/|\/etc\/|\/home\/|\/usr\/bin|\/opt\//i,
+            /node_modules|package\.json|tsconfig/i,
+            /at Object\.|at Function\.|at async/i,
+            // Database and system queries
+            /SELECT.*FROM|INSERT.*INTO|UPDATE.*SET/i,
+            /mongodb|postgresql|redis|elasticsearch/i
+        ];
+        // Block if it matches unsafe patterns
+        if (unsafePatterns.some(pattern => pattern.test(message))) {
+            return false;
+        }
+        // For everything else, apply basic safety checks
+        // Allow if it looks like a user-friendly business message
+        const hasBusinessContext = /\b(user|account|transaction|payment|balance|wallet|token)\b/i.test(message);
+        const hasGenericWords = /\b(invalid|missing|required|expired|failed|rejected|denied)\b/i.test(message);
+        const noSystemJargon = !/\b(undefined|null|exception|stack|trace|object|function|method|class)\b/i.test(message);
+        return (hasBusinessContext || hasGenericWords) && noSystemJargon;
+    }
+    /**
+     * Convert structured error to HTTP status code
+     */
+    static getHttpStatusCode(structuredError) {
+        switch (structuredError.category) {
+            case ErrorCategory.VALIDATION:
+                return ErrorHttpStatus.BAD_REQUEST;
+            case ErrorCategory.DOMAIN_RULE:
+                return ErrorHttpStatus.UNPROCESSABLE_ENTITY;
+            case ErrorCategory.SECURITY:
+                return ErrorHttpStatus.FORBIDDEN;
+            case ErrorCategory.RATE_LIMIT:
+                return ErrorHttpStatus.TOO_MANY_REQUESTS;
+            case ErrorCategory.TIMEOUT:
+                return ErrorHttpStatus.GATEWAY_TIMEOUT;
+            case ErrorCategory.INFRASTRUCTURE:
+                return ErrorHttpStatus.SERVICE_UNAVAILABLE;
+            default:
+                return ErrorHttpStatus.INTERNAL_SERVER_ERROR;
+        }
+    }
+}
+//# sourceMappingURL=error-classifier.js.map

package/dist/esm/internal/exceptions/base/error-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classifier.js","sourceRoot":"","sources":["../../../../../src/internal/exceptions/base/error-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,aAAa,EAAmB,MAAM,wBAAwB,CAAC;AAC5G,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAE/D;;GAEG;AACH,MAAM,OAAO,eAAe;IAC1B;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAU,EAAE,MAAc;QACxC,uDAAuD;QACvD,IAAI,kBAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAe,CAAC,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,QAAQ,EAAE,aAAa,CAAC,WAAW;gBACnC,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,gBAAgB;gBAC1C,OAAO,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;gBAC7C,WAAW,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;gBACjD,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,6DAA6D;QAC7D,IAAI,cAAc,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAe,CAAC,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,QAAQ,EAAE,aAAa,CAAC,cAAc;gBACtC,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;gBAC7C,WAAW,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;gBACjD,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,wFAAwF;QACxF,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAChE,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,EAAE,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBAC5E,MAAM,WAAW,GAAG,QAAe,CAAC;gBACpC,OAAO;oBACL,QAAQ,EAAE,aAAa,CAAC,WAAW;oBACnC,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,gBAAgB;oBAC1C,OAAO,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;oBAC7C,WAAW,EAAE,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO;oBACjD,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,eAAe,CAAC;QAEjD,oDAAoD;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO;YACL,QAAQ,EAAE,aAAa,CAAC,OAAO;YAC/B,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;YACnD,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,iDAAiD;YACjF,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,cAAc,CAAC,OAAe;QAC3C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAEzE,8DAA8D;QAC9D,MAAM,oBAAoB,GAAG;YAC3B,yBAAyB;YACzB,iCAAiC;YACjC,+BAA+B;YAC/B,iBAAiB;YACjB,mBAAmB;YACnB,mBAAmB;YACnB,kCAAkC;YAClC,wCAAwC;YACxC,sCAAsC;YACtC,oBAAoB;YACpB,sBAAsB;YACtB,kCAAkC;SACnC,CAAC;QAEF,iDAAiD;QACjD,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yEAAyE;QACzE,MAAM,cAAc,GAAG;YACrB,0CAA0C;YAC1C,wBAAwB;YACxB,4CAA4C;YAC5C,+BAA+B;YAC/B,yBAAyB;YACzB,uCAAuC;YACvC,+BAA+B;YAE/B,8BAA8B;YAC9B,0CAA0C;YAC1C,oCAAoC;YACpC,8CAA8C;YAC9C,iCAAiC;YAEjC,0CAA0C;YAC1C,8CAA8C;YAC9C,sCAAsC;YACtC,qCAAqC;YAErC,8BAA8B;YAC9B,wCAAwC;YACxC,yCAAyC;SAC1C,CAAC;QAEF,sCAAsC;QACtC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iDAAiD;QACjD,0DAA0D;QAC1D,MAAM,kBAAkB,GAAG,8DAA8D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxG,MAAM,eAAe,GAAG,gEAAgE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvG,MAAM,cAAc,GAAG,CAAC,0EAA0E,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjH,OAAO,CAAC,kBAAkB,IAAI,eAAe,CAAC,IAAI,cAAc,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,eAAgC;QACvD,QAAQ,eAAe,CAAC,QAAQ,EAAE,CAAC;YACjC,KAAK,aAAa,CAAC,UAAU;gBAC3B,OAAO,eAAe,CAAC,WAAW,CAAC;YACrC,KAAK,aAAa,CAAC,WAAW;gBAC5B,OAAO,eAAe,CAAC,oBAAoB,CAAC;YAC9C,KAAK,aAAa,CAAC,QAAQ;gBACzB,OAAO,eAAe,CAAC,SAAS,CAAC;YACnC,KAAK,aAAa,CAAC,UAAU;gBAC3B,OAAO,eAAe,CAAC,iBAAiB,CAAC;YAC3C,KAAK,aAAa,CAAC,OAAO;gBACxB,OAAO,eAAe,CAAC,eAAe,CAAC;YACzC,KAAK,aAAa,CAAC,cAAc;gBAC/B,OAAO,eAAe,CAAC,mBAAmB,CAAC;YAC7C;gBACE,OAAO,eAAe,CAAC,qBAAqB,CAAC;QACjD,CAAC;IACH,CAAC;CACF"}

package/dist/esm/internal/exceptions/index.d.ts

@@ -0,0 +1,3 @@
+export * from './base/error-classification-enums';
+export { ErrorClassifier } from './base/error-classifier';
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/internal/exceptions/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/internal/exceptions/index.ts"],"names":[],"mappings":"AACA,cAAc,mCAAmC,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/esm/internal/exceptions/index.js

@@ -0,0 +1,6 @@
+// Error classification utilities (patterns-specific logic only)
+export * from './base/error-classification-enums';
+export { ErrorClassifier } from './base/error-classifier';
+// Note: All error classes (BusinessLogicError, TechnicalError, domain errors) are exported from @explorins/pers-shared
+// This library only contains error classification logic and patterns
+//# sourceMappingURL=index.js.map

package/dist/esm/internal/exceptions/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/internal/exceptions/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,cAAc,mCAAmC,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE1D,uHAAuH;AACvH,qEAAqE"}

package/dist/esm/internal/functions/crypto.functions.d.ts

@@ -0,0 +1,16 @@
+type KeyFormat = 'pem';
+type KeyType = 'pkcs1' | 'pkcs8';
+export interface EncryptedDataObject {
+    encryptedData: string;
+    iv: string;
+    authTag: string;
+}
+export declare const hashString: (input: string, maxLength?: number | null, algorithm?: "sha256" | "sha512" | "md5") => string;
+export declare const checkMatching: (plainString: string, hashedString: string) => Promise<any>;
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare const generatePseudoRandomData: (size?: number) => string;
+export declare const generateDecryptedPrivateKey: (privateKey: string, passphrase: string | undefined, keyType?: KeyType, keyFormat?: KeyFormat) => string;
+export declare const encryptData: (data: string, encryptionKey: string) => EncryptedDataObject;
+export declare const decryptData: (encryptedDataObject: EncryptedDataObject, encryptionKey: string) => string;
+export {};
+//# sourceMappingURL=crypto.functions.d.ts.map