npm - @forklaunch/core - Versions diffs - 0.19.5 → 1.0.2 - Mend

@forklaunch/core 0.19.5 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/lib/{apiDefinition.types-DnUkFmfT.d.mts → apiDefinition.types-Br0fDuBQ.d.mts} +42 -8
package/lib/{apiDefinition.types-DnUkFmfT.d.ts → apiDefinition.types-Br0fDuBQ.d.ts} +42 -8
package/lib/cache/index.d.mts +3 -133
package/lib/cache/index.d.ts +3 -133
package/lib/http/index.d.mts +88 -3
package/lib/http/index.d.ts +88 -3
package/lib/http/index.js +168 -25
package/lib/http/index.js.map +1 -1
package/lib/http/index.mjs +166 -25
package/lib/http/index.mjs.map +1 -1
package/lib/mappers/index.js.map +1 -1
package/lib/mappers/index.mjs.map +1 -1
package/lib/persistence/index.d.mts +271 -1
package/lib/persistence/index.d.ts +271 -1
package/lib/persistence/index.js +463 -0
package/lib/persistence/index.js.map +1 -1
package/lib/persistence/index.mjs +427 -0
package/lib/persistence/index.mjs.map +1 -1
package/lib/ttlCache.interface-DClm-lSa.d.mts +133 -0
package/lib/ttlCache.interface-DClm-lSa.d.ts +133 -0
package/lib/ws/index.d.mts +1 -1
package/lib/ws/index.d.ts +1 -1
package/package.json +9 -9

package/lib/mappers/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/mappers/index.ts","../../src/mappers/mapper.ts","../../src/mappers/guards/isSchemaResolutionFunction.ts","../../src/mappers/mapServiceSchemas.ts"],"sourcesContent":["export * from './mapper';\nexport * from './mapServiceSchemas';\n","import { Prettify } from '@forklaunch/common';\nimport {\n AnySchemaValidator,\n IdiomaticSchema,\n prettyPrintParseErrors,\n Schema,\n SchemaValidator\n} from '@forklaunch/validator';\nimport { EntitySchema, InferEntity } from '@mikro-orm/core';\n\nexport function requestMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toEntity: (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => Promise<InferEntity<Entity>>;\n };\n}): {\n entity: Entity;\n schema: DomainSchema;\n} & typeof mapperDefinition {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toEntity: async (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => {\n const parsedSchema = sv.parse(sv.schemify(schema), dto);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return mapperDefinition.toEntity(\n dto as Schema<DomainSchema, SV>,\n ...(args as AdditionalArgs)\n );\n }\n };\n}\n\nexport function responseMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toDto: (\n entity: InferEntity<Entity>,\n ...args: AdditionalArgs\n ) => Promise<Schema<DomainSchema, SV>>;\n };\n}): Prettify<\n {\n entity: Entity;\n schema: DomainSchema;\n } & typeof mapperDefinition\n> {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toDto: async (\n entity: InferEntity<Entity~~>,\n~~ ...args: AdditionalArgs\n ) => {\n const domain = await mapperDefinition.toDto(entity, ...args);\n const parsedSchema = sv.parse(sv.schemify(schema), domain);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return domain;\n }\n };\n}\n","import { SchemaResolutionFunction } from '../types/schemaResolution.types';\n\n/*\n Type guard to determine if a value is a SchemaResolutionFunction.\n \n @template Args - The type of the options object expected by the schema resolution function.\n * @param {unknown} value - The value to check.\n * @returns {value is SchemaResolutionFunction<Args>} True if the value is a function (assumed to be a SchemaResolutionFunction), false otherwise.\n /\nexport function isSchemaResolutionFunction<\n Args extends Record<string, unknown>\n>(value: unknown): value is SchemaResolutionFunction<Args> {\n return typeof value === 'function';\n}\n","import { AnySchemaValidator, IdiomaticSchema } from '@forklaunch/validator';\nimport { isSchemaResolutionFunction } from './guards/isSchemaResolutionFunction';\nimport { SchemaResolutionFunction } from './types/schemaResolution.types';\n\n/\n Maps a set of service schema factories or pre-instantiated schemas to their resolved schemas using the provided arguments.\n \n This utility allows you to provide an object whose values are either:\n * - Schema factory functions (SchemaResolutionFunction) that accept an options object (Args) and return a schema or schema group.\n * - Already-instantiated schemas (IdiomaticSchema).\n \n Each factory function will be called with the provided `args` object, and the result will be included in the returned mapping.\n * If a value is already a schema (not a function), it is returned as-is.\n \n @template SV - The schema validator type.\n * @template T - An object whose values are either schema factory functions or instantiated schemas.\n * @template Args - The type of the options object passed to each factory function (e.g., { validator, uuidId, ... }).\n \n @param {T} schemas - An object mapping schema names to either factory functions (SchemaResolutionFunction) or instantiated schemas (IdiomaticSchema).\n * @param {Args} args - The options object to be passed to each schema factory function.\n * @returns {{ [K in keyof T]: T[K] extends SchemaResolutionFunction<Args> ? ReturnType<T[K]> : T[K] }} An object mapping each schema name to its resolved schema.\n \n @example\n * const schemas = {\n * UserSchemas: (opts) => createUserSchemas(opts),\n * ProductSchemas: (opts) => createProductSchemas(opts),\n * AlreadyInstantiated: someSchemaObject\n * };\n * const mapped = mapServiceSchemas(schemas, { validator: myValidator });\n * // mapped.UserSchemas and mapped.ProductSchemas are instantiated, mapped.AlreadyInstantiated is passed through\n */\nexport function mapServiceSchemas<\n SV extends AnySchemaValidator,\n T extends Record<\n string,\n SchemaResolutionFunction<Args> \| IdiomaticSchema<SV>\n >,\n Args extends Record<string, unknown>\n>(\n schemas: T,\n args: Args\n): {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n} {\n return Object.fromEntries(\n Object.entries(schemas).map(([key, value]) => [\n key,\n isSchemaResolutionFunction(value) ? value(args) : value\n ])\n ) as {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCA,uBAMO;AAGA,SAAS,cAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAa4B;AAC1B,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,UAAU,OACR,QACG,SACA;AACH,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,GAAG;AACtD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,UAAM,yCAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO,iBAAiB;AAAA,QACtB;AAAA,QACA,GAAI;AAAA,MACN;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAeE;AACA,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,OAAO,~~OACLA~~,~~YACG~~,~~SACA~~;~~AACH~~,YAAM,SAAS,MAAM,iBAAiB,MAAMA,SAAQ,GAAG,IAAI;AAC3D,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,MAAM;AACzD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,UAAM,yCAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;~~AC3FO~~,SAAS,2BAEd,OAAyD;AACzD,SAAO,OAAO,UAAU;AAC1B;;;ACkBO,SAAS,kBAQd,SACA,MAKA;AACA,SAAO,OAAO;AAAA,IACZ,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAAA,MAC5C;AAAA,MACA,2BAA2B,KAAK,IAAI,MAAM,IAAI,IAAI;AAAA,IACpD,CAAC;AAAA,EACH;AAKF;","names":["entity"]}
1	+ {"version":3,"sources":["../../src/mappers/index.ts","../../src/mappers/mapper.ts","../../src/mappers/guards/isSchemaResolutionFunction.ts","../../src/mappers/mapServiceSchemas.ts"],"sourcesContent":["export * from './mapper';\nexport * from './mapServiceSchemas';\n","import { Prettify } from '@forklaunch/common';\nimport {\n AnySchemaValidator,\n IdiomaticSchema,\n prettyPrintParseErrors,\n Schema,\n SchemaValidator\n} from '@forklaunch/validator';\nimport { EntitySchema, InferEntity } from '@mikro-orm/core';\n\nexport function requestMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toEntity: (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => Promise<InferEntity<Entity>>;\n };\n}): {\n entity: Entity;\n schema: DomainSchema;\n} & typeof mapperDefinition {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toEntity: async (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => {\n const parsedSchema = sv.parse(sv.schemify(schema), dto);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return mapperDefinition.toEntity(\n dto as Schema<DomainSchema, SV>,\n ...(args as AdditionalArgs)\n );\n }\n };\n}\n\nexport function responseMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toDto: (\n entity: InferEntity<Entity>,\n ...args: AdditionalArgs\n ) => Promise<Schema<DomainSchema, SV>>;\n };\n}): Prettify<\n {\n entity: Entity;\n schema: DomainSchema;\n } & typeof mapperDefinition\n> {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toDto: async (entity: InferEntity<Entity>, ...args: AdditionalArgs) => {\n const domain = await mapperDefinition.toDto(entity, ...args);\n const parsedSchema = sv.parse(sv.schemify(schema), domain);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return domain;\n }\n };\n}\n","import { SchemaResolutionFunction } from '../types/schemaResolution.types';\n\n/*\n Type guard to determine if a value is a SchemaResolutionFunction.\n \n @template Args - The type of the options object expected by the schema resolution function.\n * @param {unknown} value - The value to check.\n * @returns {value is SchemaResolutionFunction<Args>} True if the value is a function (assumed to be a SchemaResolutionFunction), false otherwise.\n /\nexport function isSchemaResolutionFunction<\n Args extends Record<string, unknown>\n>(value: unknown): value is SchemaResolutionFunction<Args> {\n return typeof value === 'function';\n}\n","import { AnySchemaValidator, IdiomaticSchema } from '@forklaunch/validator';\nimport { isSchemaResolutionFunction } from './guards/isSchemaResolutionFunction';\nimport { SchemaResolutionFunction } from './types/schemaResolution.types';\n\n/\n Maps a set of service schema factories or pre-instantiated schemas to their resolved schemas using the provided arguments.\n \n This utility allows you to provide an object whose values are either:\n * - Schema factory functions (SchemaResolutionFunction) that accept an options object (Args) and return a schema or schema group.\n * - Already-instantiated schemas (IdiomaticSchema).\n \n Each factory function will be called with the provided `args` object, and the result will be included in the returned mapping.\n * If a value is already a schema (not a function), it is returned as-is.\n \n @template SV - The schema validator type.\n * @template T - An object whose values are either schema factory functions or instantiated schemas.\n * @template Args - The type of the options object passed to each factory function (e.g., { validator, uuidId, ... }).\n \n @param {T} schemas - An object mapping schema names to either factory functions (SchemaResolutionFunction) or instantiated schemas (IdiomaticSchema).\n * @param {Args} args - The options object to be passed to each schema factory function.\n * @returns {{ [K in keyof T]: T[K] extends SchemaResolutionFunction<Args> ? ReturnType<T[K]> : T[K] }} An object mapping each schema name to its resolved schema.\n \n @example\n * const schemas = {\n * UserSchemas: (opts) => createUserSchemas(opts),\n * ProductSchemas: (opts) => createProductSchemas(opts),\n * AlreadyInstantiated: someSchemaObject\n * };\n * const mapped = mapServiceSchemas(schemas, { validator: myValidator });\n * // mapped.UserSchemas and mapped.ProductSchemas are instantiated, mapped.AlreadyInstantiated is passed through\n */\nexport function mapServiceSchemas<\n SV extends AnySchemaValidator,\n T extends Record<\n string,\n SchemaResolutionFunction<Args> \| IdiomaticSchema<SV>\n >,\n Args extends Record<string, unknown>\n>(\n schemas: T,\n args: Args\n): {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n} {\n return Object.fromEntries(\n Object.entries(schemas).map(([key, value]) => [\n key,\n isSchemaResolutionFunction(value) ? value(args) : value\n ])\n ) as {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCA,uBAMO;AAGA,SAAS,cAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAa4B;AAC1B,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,UAAU,OACR,QACG,SACA;AACH,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,GAAG;AACtD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,UAAM,yCAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO,iBAAiB;AAAA,QACtB;AAAA,QACA,GAAI;AAAA,MACN;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAeE;AACA,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,OAAO,OAAOA,YAAgC,SAAyB;AACrE,YAAM,SAAS,MAAM,iBAAiB,MAAMA,SAAQ,GAAG,IAAI;AAC3D,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,MAAM;AACzD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,UAAM,yCAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACxFO,SAAS,2BAEd,OAAyD;AACzD,SAAO,OAAO,UAAU;AAC1B;;;ACkBO,SAAS,kBAQd,SACA,MAKA;AACA,SAAO,OAAO;AAAA,IACZ,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAAA,MAC5C;AAAA,MACA,2BAA2B,KAAK,IAAI,MAAM,IAAI,IAAI;AAAA,IACpD,CAAC;AAAA,EACH;AAKF;","names":["entity"]}

package/lib/mappers/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/mappers/mapper.ts","../../src/mappers/guards/isSchemaResolutionFunction.ts","../../src/mappers/mapServiceSchemas.ts"],"sourcesContent":["import { Prettify } from '@forklaunch/common';\nimport {\n AnySchemaValidator,\n IdiomaticSchema,\n prettyPrintParseErrors,\n Schema,\n SchemaValidator\n} from '@forklaunch/validator';\nimport { EntitySchema, InferEntity } from '@mikro-orm/core';\n\nexport function requestMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toEntity: (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => Promise<InferEntity<Entity>>;\n };\n}): {\n entity: Entity;\n schema: DomainSchema;\n} & typeof mapperDefinition {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toEntity: async (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => {\n const parsedSchema = sv.parse(sv.schemify(schema), dto);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return mapperDefinition.toEntity(\n dto as Schema<DomainSchema, SV>,\n ...(args as AdditionalArgs)\n );\n }\n };\n}\n\nexport function responseMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toDto: (\n entity: InferEntity<Entity>,\n ...args: AdditionalArgs\n ) => Promise<Schema<DomainSchema, SV>>;\n };\n}): Prettify<\n {\n entity: Entity;\n schema: DomainSchema;\n } & typeof mapperDefinition\n> {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toDto: async (\n entity: InferEntity<Entity~~>,\n~~ ...args: AdditionalArgs\n ) => {\n const domain = await mapperDefinition.toDto(entity, ...args);\n const parsedSchema = sv.parse(sv.schemify(schema), domain);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return domain;\n }\n };\n}\n","import { SchemaResolutionFunction } from '../types/schemaResolution.types';\n\n/*\n Type guard to determine if a value is a SchemaResolutionFunction.\n \n @template Args - The type of the options object expected by the schema resolution function.\n * @param {unknown} value - The value to check.\n * @returns {value is SchemaResolutionFunction<Args>} True if the value is a function (assumed to be a SchemaResolutionFunction), false otherwise.\n /\nexport function isSchemaResolutionFunction<\n Args extends Record<string, unknown>\n>(value: unknown): value is SchemaResolutionFunction<Args> {\n return typeof value === 'function';\n}\n","import { AnySchemaValidator, IdiomaticSchema } from '@forklaunch/validator';\nimport { isSchemaResolutionFunction } from './guards/isSchemaResolutionFunction';\nimport { SchemaResolutionFunction } from './types/schemaResolution.types';\n\n/\n Maps a set of service schema factories or pre-instantiated schemas to their resolved schemas using the provided arguments.\n \n This utility allows you to provide an object whose values are either:\n * - Schema factory functions (SchemaResolutionFunction) that accept an options object (Args) and return a schema or schema group.\n * - Already-instantiated schemas (IdiomaticSchema).\n \n Each factory function will be called with the provided `args` object, and the result will be included in the returned mapping.\n * If a value is already a schema (not a function), it is returned as-is.\n \n @template SV - The schema validator type.\n * @template T - An object whose values are either schema factory functions or instantiated schemas.\n * @template Args - The type of the options object passed to each factory function (e.g., { validator, uuidId, ... }).\n \n @param {T} schemas - An object mapping schema names to either factory functions (SchemaResolutionFunction) or instantiated schemas (IdiomaticSchema).\n * @param {Args} args - The options object to be passed to each schema factory function.\n * @returns {{ [K in keyof T]: T[K] extends SchemaResolutionFunction<Args> ? ReturnType<T[K]> : T[K] }} An object mapping each schema name to its resolved schema.\n \n @example\n * const schemas = {\n * UserSchemas: (opts) => createUserSchemas(opts),\n * ProductSchemas: (opts) => createProductSchemas(opts),\n * AlreadyInstantiated: someSchemaObject\n * };\n * const mapped = mapServiceSchemas(schemas, { validator: myValidator });\n * // mapped.UserSchemas and mapped.ProductSchemas are instantiated, mapped.AlreadyInstantiated is passed through\n */\nexport function mapServiceSchemas<\n SV extends AnySchemaValidator,\n T extends Record<\n string,\n SchemaResolutionFunction<Args> \| IdiomaticSchema<SV>\n >,\n Args extends Record<string, unknown>\n>(\n schemas: T,\n args: Args\n): {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n} {\n return Object.fromEntries(\n Object.entries(schemas).map(([key, value]) => [\n key,\n isSchemaResolutionFunction(value) ? value(args) : value\n ])\n ) as {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n };\n}\n"],"mappings":";AACA;AAAA,EAGE;AAAA,OAGK;AAGA,SAAS,cAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAa4B;AAC1B,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,UAAU,OACR,QACG,SACA;AACH,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,GAAG;AACtD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,MAAM,uBAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO,iBAAiB;AAAA,QACtB;AAAA,QACA,GAAI;AAAA,MACN;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAeE;AACA,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,OAAO,~~OACLA~~,~~YACG~~,~~SACA~~;~~AACH~~,YAAM,SAAS,MAAM,iBAAiB,MAAMA,SAAQ,GAAG,IAAI;AAC3D,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,MAAM;AACzD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,MAAM,uBAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;~~AC3FO~~,SAAS,2BAEd,OAAyD;AACzD,SAAO,OAAO,UAAU;AAC1B;;;ACkBO,SAAS,kBAQd,SACA,MAKA;AACA,SAAO,OAAO;AAAA,IACZ,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAAA,MAC5C;AAAA,MACA,2BAA2B,KAAK,IAAI,MAAM,IAAI,IAAI;AAAA,IACpD,CAAC;AAAA,EACH;AAKF;","names":["entity"]}
1	+ {"version":3,"sources":["../../src/mappers/mapper.ts","../../src/mappers/guards/isSchemaResolutionFunction.ts","../../src/mappers/mapServiceSchemas.ts"],"sourcesContent":["import { Prettify } from '@forklaunch/common';\nimport {\n AnySchemaValidator,\n IdiomaticSchema,\n prettyPrintParseErrors,\n Schema,\n SchemaValidator\n} from '@forklaunch/validator';\nimport { EntitySchema, InferEntity } from '@mikro-orm/core';\n\nexport function requestMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toEntity: (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => Promise<InferEntity<Entity>>;\n };\n}): {\n entity: Entity;\n schema: DomainSchema;\n} & typeof mapperDefinition {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toEntity: async (\n dto: Schema<DomainSchema, SV>,\n ...args: AdditionalArgs\n ) => {\n const parsedSchema = sv.parse(sv.schemify(schema), dto);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return mapperDefinition.toEntity(\n dto as Schema<DomainSchema, SV>,\n ...(args as AdditionalArgs)\n );\n }\n };\n}\n\nexport function responseMapper<\n SV extends AnySchemaValidator,\n DomainSchema extends IdiomaticSchema<SV>,\n Entity extends EntitySchema,\n AdditionalArgs extends unknown[] = []\n>({\n schemaValidator,\n schema,\n entity,\n mapperDefinition\n}: {\n schemaValidator: SV;\n schema: DomainSchema;\n entity: Entity;\n mapperDefinition: {\n toDto: (\n entity: InferEntity<Entity>,\n ...args: AdditionalArgs\n ) => Promise<Schema<DomainSchema, SV>>;\n };\n}): Prettify<\n {\n entity: Entity;\n schema: DomainSchema;\n } & typeof mapperDefinition\n> {\n const sv = schemaValidator as SchemaValidator;\n return {\n ...mapperDefinition,\n entity,\n schema,\n\n toDto: async (entity: InferEntity<Entity>, ...args: AdditionalArgs) => {\n const domain = await mapperDefinition.toDto(entity, ...args);\n const parsedSchema = sv.parse(sv.schemify(schema), domain);\n if (!parsedSchema.ok) {\n throw new Error(prettyPrintParseErrors(parsedSchema.errors, 'DTO'));\n }\n return domain;\n }\n };\n}\n","import { SchemaResolutionFunction } from '../types/schemaResolution.types';\n\n/*\n Type guard to determine if a value is a SchemaResolutionFunction.\n \n @template Args - The type of the options object expected by the schema resolution function.\n * @param {unknown} value - The value to check.\n * @returns {value is SchemaResolutionFunction<Args>} True if the value is a function (assumed to be a SchemaResolutionFunction), false otherwise.\n /\nexport function isSchemaResolutionFunction<\n Args extends Record<string, unknown>\n>(value: unknown): value is SchemaResolutionFunction<Args> {\n return typeof value === 'function';\n}\n","import { AnySchemaValidator, IdiomaticSchema } from '@forklaunch/validator';\nimport { isSchemaResolutionFunction } from './guards/isSchemaResolutionFunction';\nimport { SchemaResolutionFunction } from './types/schemaResolution.types';\n\n/\n Maps a set of service schema factories or pre-instantiated schemas to their resolved schemas using the provided arguments.\n \n This utility allows you to provide an object whose values are either:\n * - Schema factory functions (SchemaResolutionFunction) that accept an options object (Args) and return a schema or schema group.\n * - Already-instantiated schemas (IdiomaticSchema).\n \n Each factory function will be called with the provided `args` object, and the result will be included in the returned mapping.\n * If a value is already a schema (not a function), it is returned as-is.\n \n @template SV - The schema validator type.\n * @template T - An object whose values are either schema factory functions or instantiated schemas.\n * @template Args - The type of the options object passed to each factory function (e.g., { validator, uuidId, ... }).\n \n @param {T} schemas - An object mapping schema names to either factory functions (SchemaResolutionFunction) or instantiated schemas (IdiomaticSchema).\n * @param {Args} args - The options object to be passed to each schema factory function.\n * @returns {{ [K in keyof T]: T[K] extends SchemaResolutionFunction<Args> ? ReturnType<T[K]> : T[K] }} An object mapping each schema name to its resolved schema.\n \n @example\n * const schemas = {\n * UserSchemas: (opts) => createUserSchemas(opts),\n * ProductSchemas: (opts) => createProductSchemas(opts),\n * AlreadyInstantiated: someSchemaObject\n * };\n * const mapped = mapServiceSchemas(schemas, { validator: myValidator });\n * // mapped.UserSchemas and mapped.ProductSchemas are instantiated, mapped.AlreadyInstantiated is passed through\n */\nexport function mapServiceSchemas<\n SV extends AnySchemaValidator,\n T extends Record<\n string,\n SchemaResolutionFunction<Args> \| IdiomaticSchema<SV>\n >,\n Args extends Record<string, unknown>\n>(\n schemas: T,\n args: Args\n): {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n} {\n return Object.fromEntries(\n Object.entries(schemas).map(([key, value]) => [\n key,\n isSchemaResolutionFunction(value) ? value(args) : value\n ])\n ) as {\n [K in keyof T]: T[K] extends SchemaResolutionFunction<Args>\n ? ReturnType<T[K]>\n : T[K];\n };\n}\n"],"mappings":";AACA;AAAA,EAGE;AAAA,OAGK;AAGA,SAAS,cAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAa4B;AAC1B,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,UAAU,OACR,QACG,SACA;AACH,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,GAAG;AACtD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,MAAM,uBAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO,iBAAiB;AAAA,QACtB;AAAA,QACA,GAAI;AAAA,MACN;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAKd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAeE;AACA,QAAM,KAAK;AACX,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IAEA,OAAO,OAAOA,YAAgC,SAAyB;AACrE,YAAM,SAAS,MAAM,iBAAiB,MAAMA,SAAQ,GAAG,IAAI;AAC3D,YAAM,eAAe,GAAG,MAAM,GAAG,SAAS,MAAM,GAAG,MAAM;AACzD,UAAI,CAAC,aAAa,IAAI;AACpB,cAAM,IAAI,MAAM,uBAAuB,aAAa,QAAQ,KAAK,CAAC;AAAA,MACpE;AACA,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACxFO,SAAS,2BAEd,OAAyD;AACzD,SAAO,OAAO,UAAU;AAC1B;;;ACkBO,SAAS,kBAQd,SACA,MAKA;AACA,SAAO,OAAO;AAAA,IACZ,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAAA,MAC5C;AAAA,MACA,2BAA2B,KAAK,IAAI,MAAM,IAAI,IAAI;AAAA,IACpD,CAAC;AAAA,EACH;AAKF;","names":["entity"]}

package/lib/persistence/index.d.mts CHANGED Viewed

@@ -1,2 +1,272 @@
+import * as _mikro_orm_core from '@mikro-orm/core';
+import { PropertyChain, PropertyBuilders, UniversalPropertyOptionsBuilder, EntityMetadataWithProperties, EventSubscriber, EventArgs, EntityManager, FilterDef, MikroORM, TransactionEventArgs } from '@mikro-orm/core';
+export { InferEntity } from '@mikro-orm/core';
-export {  }
+/**
+ * Classification levels for entity field compliance.
+ * Drives encryption (phi/pci), audit log redaction (all non-none), and compliance reporting.
+ */
+declare const ComplianceLevel: {
+    readonly pii: "pii";
+    readonly phi: "phi";
+    readonly pci: "pci";
+    readonly none: "none";
+};
+type ComplianceLevel = (typeof ComplianceLevel)[keyof typeof ComplianceLevel];
+/**
+ * Brand symbol — makes ClassifiedProperty structurally distinct from
+ * plain PropertyChain at the TypeScript level.
+ */
+declare const CLASSIFIED: unique symbol;
+/**
+ * Brand-only type used by `AssertAllClassified` to check that every
+ * property has been classified. Both `ClassifiedScalarProperty` and
+ * `ClassifiedRelationChain` extend this.
+ */
+interface ClassifiedProperty {
+    readonly [CLASSIFIED]: true;
+}
+/**
+ * A scalar property classified via `.compliance()`.
+ * Extends `PropertyChain<Value, Options>` so that `defineEntity` (and
+ * therefore `InferEntity`) can still read the value/options types for
+ * entity type inference. The `[CLASSIFIED]` brand prevents unclassified
+ * properties from being accepted by `defineComplianceEntity`.
+ */
+type ClassifiedScalarProperty<Value, Options> = PropertyChain<Value, Options> & ClassifiedProperty;
+/**
+ * Look up the compliance level for a single field on an entity.
+ * Returns `'none'` if the entity or field is not registered.
+ */
+declare function getComplianceMetadata(entityName: string, fieldName: string): ComplianceLevel;
+/**
+ * Get all compliance fields for an entity.
+ * Returns undefined if the entity is not registered.
+ */
+declare function getEntityComplianceFields(entityName: string): Map<string, ComplianceLevel> | undefined;
+/**
+ * Check whether an entity has any fields requiring encryption (phi or pci).
+ */
+declare function entityHasEncryptedFields(entityName: string): boolean;
+/**
+ * Recursively remaps every method on PropertyChain<V,O> so those returning
+ * PropertyChain<V2,O2> instead return ForklaunchPropertyChain<V2,O2>.
+ * This preserves the `.compliance()` method through chained calls like
+ * `.nullable().unique()`.
+ */
+interface ForklaunchPropertyChain<Value, Options> extends RemapReturns<Value, Options> {
+    /**
+     * Classify this field's compliance level. Must be called on every scalar
+     * field passed to `defineComplianceEntity`.
+     * Returns a `ClassifiedScalarProperty` that preserves the PropertyChain
+     * type info for `InferEntity` to work.
+     */
+    compliance(level: ComplianceLevel): ClassifiedScalarProperty<Value, Options>;
+}
+type RemapReturns<Value, Options> = {
+    [K in keyof PropertyChain<Value, Options>]: PropertyChain<Value, Options>[K] extends (...args: infer A) => PropertyChain<infer V2, infer O2> ? (...args: A) => ForklaunchPropertyChain<V2, O2> : PropertyChain<Value, Options>[K];
+};
+/**
+ * Keys on PropertyBuilders that return relation builders.
+ * These are auto-classified as 'none' — the fp proxy wraps them
+ * to return ClassifiedProperty directly.
+ */
+type RelationBuilderKeys = 'manyToOne' | 'oneToMany' | 'manyToMany' | 'oneToOne' | 'embedded';
+/**
+ * The type of `fp` — mirrors `PropertyBuilders` but:
+ * - Scalar methods return `ForklaunchPropertyChain` (must call `.compliance()`)
+ * - Relation methods return `ClassifiedProperty` directly (auto 'none')
+ */
+type ForklaunchPropertyBuilders = {
+    [K in Exclude<keyof PropertyBuilders, RelationBuilderKeys>]: PropertyBuilders[K] extends (...args: infer A) => UniversalPropertyOptionsBuilder<infer V, infer O, infer _IK> ? (...args: A) => ForklaunchPropertyChain<V, O> : PropertyBuilders[K] extends (...args: infer A) => PropertyChain<infer V, infer O> ? (...args: A) => ForklaunchPropertyChain<V, O> : PropertyBuilders[K];
+} & {
+    [K in RelationBuilderKeys]: PropertyBuilders[K] extends (...args: infer A) => PropertyChain<infer V, infer O> ? (...args: A) => ClassifiedRelationChain<V, O> : PropertyBuilders[K];
+};
+/**
+ * A relation builder that is already classified (as 'none') but still
+ * supports chaining relation-specific methods like `.mappedBy()`, `.nullable()`.
+ * All chain methods return ClassifiedRelationChain (preserving the brand).
+ */
+type ClassifiedRelationChain<Value, Options> = {
+    [K in keyof PropertyChain<Value, Options>]: PropertyChain<Value, Options>[K] extends (...args: infer A) => PropertyChain<infer V2, infer O2> ? (...args: A) => ClassifiedRelationChain<V2, O2> : PropertyChain<Value, Options>[K];
+} & ClassifiedProperty;
+/**
+ * ForkLaunch property builder. Drop-in replacement for MikroORM's `p`
+ * that adds `.compliance(level)` to every scalar property builder
+ * and auto-classifies relation builders as 'none'.
+ *
+ * - Scalar fields: `fp.string().compliance('pii')` — must call `.compliance()`
+ * - Relation fields: `fp.manyToOne(Target)` — auto-classified, no `.compliance()` needed
+ *
+ * @example
+ * ```typescript
+ * import { defineComplianceEntity, fp } from '@forklaunch/core/persistence';
+ *
+ * const User = defineComplianceEntity({
+ *   name: 'User',
+ *   properties: {
+ *     id: fp.uuid().primary().compliance('none'),
+ *     email: fp.string().unique().compliance('pii'),
+ *     medicalRecord: fp.string().nullable().compliance('phi'),
+ *     organization: () => fp.manyToOne(Organization).nullable(),
+ *   }
+ * });
+ * ```
+ */
+declare const fp: ForklaunchPropertyBuilders;
+/**
+ * Wrapper around MikroORM's `defineEntity` that enforces compliance
+ * classification on every field at both compile-time and runtime.
+ *
+ * The return type is inferred directly from `defineEntity` — `InferEntity`
+ * works because `ClassifiedScalarProperty<V,O>` extends `PropertyChain<V,O>`.
+ *
+ * @example
+ * ```typescript
+ * const User = defineComplianceEntity({
+ *   name: 'User',
+ *   properties: {
+ *     id: fp.uuid().primary().compliance('none'),
+ *     email: fp.string().unique().compliance('pii'),
+ *     organization: () => fp.manyToOne(Organization).nullable(),
+ *   }
+ * });
+ * export type User = InferEntity<typeof User>;
+ * ```
+ */
+declare function defineComplianceEntity<const TName extends string, const TTableName extends string, const TProperties extends Record<string, ClassifiedProperty>, const TPK extends (keyof TProperties)[] | undefined = undefined, const TBase = never, const TRepository = never, const TForceObject extends boolean = false>(meta: EntityMetadataWithProperties<TName, TTableName, TProperties, TPK, TBase, TRepository, TForceObject>): _mikro_orm_core.EntitySchemaWithMeta<TName, TTableName, _mikro_orm_core.InferEntityFromProperties<TProperties, TPK, TBase, TRepository, TForceObject>, TBase, TProperties, _mikro_orm_core.EntityCtor<_mikro_orm_core.InferEntityFromProperties<TProperties, TPK, TBase, TRepository, TForceObject>>>;
+declare class FieldEncryptor {
+    private readonly masterKey;
+    constructor(masterKey: string);
+    /**
+     * Derive a per-tenant 32-byte key using HKDF-SHA256.
+     * The master key is used as input key material and the tenantId as info context.
+     */
+    deriveKey(tenantId: string): Buffer;
+    /**
+     * Encrypt a plaintext string for a specific tenant.
+     *
+     * @returns Format: `v1:{base64(iv)}:{base64(authTag)}:{base64(ciphertext)}`
+     */
+    encrypt(plaintext: string | null): string | null;
+    encrypt(plaintext: string | null, tenantId: string): string | null;
+    /**
+     * Decrypt a ciphertext string produced by {@link encrypt}.
+     */
+    decrypt(ciphertext: string | null): string | null;
+    decrypt(ciphertext: string | null, tenantId: string): string | null;
+}
+/**
+ * MikroORM EventSubscriber that enforces field-level encryption for
+ * compliance-classified fields (PHI and PCI).
+ *
+ * - **onBeforeCreate / onBeforeUpdate**: Encrypts PHI/PCI fields before
+ *   database persistence. Throws `EncryptionRequiredError` if the encryption
+ *   key is unavailable.
+ * - **onLoad**: Decrypts PHI/PCI fields after loading from the database.
+ *   Pre-migration plaintext (no `v1:` prefix) is returned as-is with a
+ *   console warning to support rolling deployments.
+ *
+ * The tenant ID for key derivation is read from the EntityManager's filter
+ * parameters (set by the tenant context middleware).
+ */
+declare class ComplianceEventSubscriber implements EventSubscriber {
+    private readonly encryptor;
+    constructor(encryptor: FieldEncryptor);
+    beforeCreate(args: EventArgs<unknown>): Promise<void>;
+    beforeUpdate(args: EventArgs<unknown>): Promise<void>;
+    onLoad(args: EventArgs<unknown>): Promise<void>;
+    private encryptFields;
+    private decryptFields;
+    /**
+     * Read the tenant ID from the EntityManager's filter parameters.
+     * The tenant context middleware sets this when forking the EM per request.
+     */
+    private getTenantId;
+}
+/**
+ * Wraps an EntityManager to block `nativeInsert`, `nativeUpdate`, and
+ * `nativeDelete` on entities that have PHI or PCI compliance fields.
+ *
+ * This prevents bypassing the ComplianceEventSubscriber's encryption
+ * by using raw queries. Call this in the tenant context middleware when
+ * creating the request-scoped EM.
+ *
+ * @returns A Proxy-wrapped EntityManager that throws on native query
+ *          operations targeting compliance entities.
+ */
+declare function wrapEmWithNativeQueryBlocking<T extends EntityManager>(em: T): T;
+/**
+ * The name used to register the tenant isolation filter.
+ */
+declare const TENANT_FILTER_NAME = "tenant";
+/**
+ * Creates the tenant filter definition.
+ *
+ * The filter adds `WHERE organizationId = :tenantId` to all queries
+ * on entities that have an `organizationId` or `organization` property.
+ * Entities without either property are unaffected (empty condition).
+ */
+declare function createTenantFilterDef(): FilterDef;
+/**
+ * Registers the global tenant isolation filter on the ORM's entity manager.
+ * Call this once at application bootstrap after `MikroORM.init()`.
+ *
+ * After calling this, every fork of the EM will inherit the filter.
+ * Set the tenant ID per-request via:
+ *
+ * ```ts
+ * em.setFilterParams('tenant', { tenantId: 'org-123' });
+ * ```
+ */
+declare function setupTenantFilter(orm: MikroORM): void;
+/**
+ * Returns a forked EntityManager with the tenant filter disabled.
+ *
+ * Use this only from code paths that have verified super-admin permissions.
+ * Queries executed through the returned EM will return cross-tenant data.
+ */
+declare function getSuperAdminContext(em: EntityManager): EntityManager;
+interface RlsConfig {
+    /**
+     * Whether to enable PostgreSQL Row-Level Security.
+     * Defaults to `true` when the driver is PostgreSQL, `false` otherwise.
+     * Set to `false` to opt out even on PostgreSQL.
+     */
+    enabled?: boolean;
+}
+/**
+ * MikroORM EventSubscriber that executes `SET LOCAL app.tenant_id = :tenantId`
+ * at the start of every transaction when PostgreSQL RLS is enabled.
+ *
+ * This ensures that even if the MikroORM global filter is somehow bypassed,
+ * the database-level RLS policy enforces tenant isolation.
+ *
+ * The tenant ID is read from the EntityManager's filter parameters
+ * (set by the tenant context middleware).
+ */
+declare class RlsEventSubscriber implements EventSubscriber {
+    afterTransactionStart(args: TransactionEventArgs): Promise<void>;
+    private getTenantId;
+}
+/**
+ * Sets up PostgreSQL Row-Level Security integration.
+ *
+ * 1. Registers the `RlsEventSubscriber` to run `SET LOCAL app.tenant_id`
+ *    at the start of every transaction.
+ * 2. Validates that RLS policies exist on tenant-scoped tables (warns if missing).
+ *
+ * Call this at application bootstrap after `MikroORM.init()` and `setupTenantFilter()`.
+ *
+ * @param orm - The initialized MikroORM instance
+ * @param config - RLS configuration (enabled defaults to auto-detect PostgreSQL)
+ */
+declare function setupRls(orm: MikroORM, config?: RlsConfig): void;
+export { type ClassifiedProperty, type ClassifiedRelationChain, type ClassifiedScalarProperty, ComplianceEventSubscriber, ComplianceLevel, ComplianceLevel as ComplianceLevelType, type ForklaunchPropertyBuilders, type ForklaunchPropertyChain, type RlsConfig, RlsEventSubscriber, TENANT_FILTER_NAME, createTenantFilterDef, defineComplianceEntity, entityHasEncryptedFields, fp, getComplianceMetadata, getEntityComplianceFields, getSuperAdminContext, setupRls, setupTenantFilter, wrapEmWithNativeQueryBlocking };

package/lib/persistence/index.d.ts CHANGED Viewed

@@ -1,2 +1,272 @@
+import * as _mikro_orm_core from '@mikro-orm/core';
+import { PropertyChain, PropertyBuilders, UniversalPropertyOptionsBuilder, EntityMetadataWithProperties, EventSubscriber, EventArgs, EntityManager, FilterDef, MikroORM, TransactionEventArgs } from '@mikro-orm/core';
+export { InferEntity } from '@mikro-orm/core';
-export {  }
+/**
+ * Classification levels for entity field compliance.
+ * Drives encryption (phi/pci), audit log redaction (all non-none), and compliance reporting.
+ */
+declare const ComplianceLevel: {
+    readonly pii: "pii";
+    readonly phi: "phi";
+    readonly pci: "pci";
+    readonly none: "none";
+};
+type ComplianceLevel = (typeof ComplianceLevel)[keyof typeof ComplianceLevel];
+/**
+ * Brand symbol — makes ClassifiedProperty structurally distinct from
+ * plain PropertyChain at the TypeScript level.
+ */
+declare const CLASSIFIED: unique symbol;
+/**
+ * Brand-only type used by `AssertAllClassified` to check that every
+ * property has been classified. Both `ClassifiedScalarProperty` and
+ * `ClassifiedRelationChain` extend this.
+ */
+interface ClassifiedProperty {
+    readonly [CLASSIFIED]: true;
+}
+/**
+ * A scalar property classified via `.compliance()`.
+ * Extends `PropertyChain<Value, Options>` so that `defineEntity` (and
+ * therefore `InferEntity`) can still read the value/options types for
+ * entity type inference. The `[CLASSIFIED]` brand prevents unclassified
+ * properties from being accepted by `defineComplianceEntity`.
+ */
+type ClassifiedScalarProperty<Value, Options> = PropertyChain<Value, Options> & ClassifiedProperty;
+/**
+ * Look up the compliance level for a single field on an entity.
+ * Returns `'none'` if the entity or field is not registered.
+ */
+declare function getComplianceMetadata(entityName: string, fieldName: string): ComplianceLevel;
+/**
+ * Get all compliance fields for an entity.
+ * Returns undefined if the entity is not registered.
+ */
+declare function getEntityComplianceFields(entityName: string): Map<string, ComplianceLevel> | undefined;
+/**
+ * Check whether an entity has any fields requiring encryption (phi or pci).
+ */
+declare function entityHasEncryptedFields(entityName: string): boolean;
+/**
+ * Recursively remaps every method on PropertyChain<V,O> so those returning
+ * PropertyChain<V2,O2> instead return ForklaunchPropertyChain<V2,O2>.
+ * This preserves the `.compliance()` method through chained calls like
+ * `.nullable().unique()`.
+ */
+interface ForklaunchPropertyChain<Value, Options> extends RemapReturns<Value, Options> {
+    /**
+     * Classify this field's compliance level. Must be called on every scalar
+     * field passed to `defineComplianceEntity`.
+     * Returns a `ClassifiedScalarProperty` that preserves the PropertyChain
+     * type info for `InferEntity` to work.
+     */
+    compliance(level: ComplianceLevel): ClassifiedScalarProperty<Value, Options>;
+}
+type RemapReturns<Value, Options> = {
+    [K in keyof PropertyChain<Value, Options>]: PropertyChain<Value, Options>[K] extends (...args: infer A) => PropertyChain<infer V2, infer O2> ? (...args: A) => ForklaunchPropertyChain<V2, O2> : PropertyChain<Value, Options>[K];
+};
+/**
+ * Keys on PropertyBuilders that return relation builders.
+ * These are auto-classified as 'none' — the fp proxy wraps them
+ * to return ClassifiedProperty directly.
+ */
+type RelationBuilderKeys = 'manyToOne' | 'oneToMany' | 'manyToMany' | 'oneToOne' | 'embedded';
+/**
+ * The type of `fp` — mirrors `PropertyBuilders` but:
+ * - Scalar methods return `ForklaunchPropertyChain` (must call `.compliance()`)
+ * - Relation methods return `ClassifiedProperty` directly (auto 'none')
+ */
+type ForklaunchPropertyBuilders = {
+    [K in Exclude<keyof PropertyBuilders, RelationBuilderKeys>]: PropertyBuilders[K] extends (...args: infer A) => UniversalPropertyOptionsBuilder<infer V, infer O, infer _IK> ? (...args: A) => ForklaunchPropertyChain<V, O> : PropertyBuilders[K] extends (...args: infer A) => PropertyChain<infer V, infer O> ? (...args: A) => ForklaunchPropertyChain<V, O> : PropertyBuilders[K];
+} & {
+    [K in RelationBuilderKeys]: PropertyBuilders[K] extends (...args: infer A) => PropertyChain<infer V, infer O> ? (...args: A) => ClassifiedRelationChain<V, O> : PropertyBuilders[K];
+};
+/**
+ * A relation builder that is already classified (as 'none') but still
+ * supports chaining relation-specific methods like `.mappedBy()`, `.nullable()`.
+ * All chain methods return ClassifiedRelationChain (preserving the brand).
+ */
+type ClassifiedRelationChain<Value, Options> = {
+    [K in keyof PropertyChain<Value, Options>]: PropertyChain<Value, Options>[K] extends (...args: infer A) => PropertyChain<infer V2, infer O2> ? (...args: A) => ClassifiedRelationChain<V2, O2> : PropertyChain<Value, Options>[K];
+} & ClassifiedProperty;
+/**
+ * ForkLaunch property builder. Drop-in replacement for MikroORM's `p`
+ * that adds `.compliance(level)` to every scalar property builder
+ * and auto-classifies relation builders as 'none'.
+ *
+ * - Scalar fields: `fp.string().compliance('pii')` — must call `.compliance()`
+ * - Relation fields: `fp.manyToOne(Target)` — auto-classified, no `.compliance()` needed
+ *
+ * @example
+ * ```typescript
+ * import { defineComplianceEntity, fp } from '@forklaunch/core/persistence';
+ *
+ * const User = defineComplianceEntity({
+ *   name: 'User',
+ *   properties: {
+ *     id: fp.uuid().primary().compliance('none'),
+ *     email: fp.string().unique().compliance('pii'),
+ *     medicalRecord: fp.string().nullable().compliance('phi'),
+ *     organization: () => fp.manyToOne(Organization).nullable(),
+ *   }
+ * });
+ * ```
+ */
+declare const fp: ForklaunchPropertyBuilders;
+/**
+ * Wrapper around MikroORM's `defineEntity` that enforces compliance
+ * classification on every field at both compile-time and runtime.
+ *
+ * The return type is inferred directly from `defineEntity` — `InferEntity`
+ * works because `ClassifiedScalarProperty<V,O>` extends `PropertyChain<V,O>`.
+ *
+ * @example
+ * ```typescript
+ * const User = defineComplianceEntity({
+ *   name: 'User',
+ *   properties: {
+ *     id: fp.uuid().primary().compliance('none'),
+ *     email: fp.string().unique().compliance('pii'),
+ *     organization: () => fp.manyToOne(Organization).nullable(),
+ *   }
+ * });
+ * export type User = InferEntity<typeof User>;
+ * ```
+ */
+declare function defineComplianceEntity<const TName extends string, const TTableName extends string, const TProperties extends Record<string, ClassifiedProperty>, const TPK extends (keyof TProperties)[] | undefined = undefined, const TBase = never, const TRepository = never, const TForceObject extends boolean = false>(meta: EntityMetadataWithProperties<TName, TTableName, TProperties, TPK, TBase, TRepository, TForceObject>): _mikro_orm_core.EntitySchemaWithMeta<TName, TTableName, _mikro_orm_core.InferEntityFromProperties<TProperties, TPK, TBase, TRepository, TForceObject>, TBase, TProperties, _mikro_orm_core.EntityCtor<_mikro_orm_core.InferEntityFromProperties<TProperties, TPK, TBase, TRepository, TForceObject>>>;
+declare class FieldEncryptor {
+    private readonly masterKey;
+    constructor(masterKey: string);
+    /**
+     * Derive a per-tenant 32-byte key using HKDF-SHA256.
+     * The master key is used as input key material and the tenantId as info context.
+     */
+    deriveKey(tenantId: string): Buffer;
+    /**
+     * Encrypt a plaintext string for a specific tenant.
+     *
+     * @returns Format: `v1:{base64(iv)}:{base64(authTag)}:{base64(ciphertext)}`
+     */
+    encrypt(plaintext: string | null): string | null;
+    encrypt(plaintext: string | null, tenantId: string): string | null;
+    /**
+     * Decrypt a ciphertext string produced by {@link encrypt}.
+     */
+    decrypt(ciphertext: string | null): string | null;
+    decrypt(ciphertext: string | null, tenantId: string): string | null;
+}
+/**
+ * MikroORM EventSubscriber that enforces field-level encryption for
+ * compliance-classified fields (PHI and PCI).
+ *
+ * - **onBeforeCreate / onBeforeUpdate**: Encrypts PHI/PCI fields before
+ *   database persistence. Throws `EncryptionRequiredError` if the encryption
+ *   key is unavailable.
+ * - **onLoad**: Decrypts PHI/PCI fields after loading from the database.
+ *   Pre-migration plaintext (no `v1:` prefix) is returned as-is with a
+ *   console warning to support rolling deployments.
+ *
+ * The tenant ID for key derivation is read from the EntityManager's filter
+ * parameters (set by the tenant context middleware).
+ */
+declare class ComplianceEventSubscriber implements EventSubscriber {
+    private readonly encryptor;
+    constructor(encryptor: FieldEncryptor);
+    beforeCreate(args: EventArgs<unknown>): Promise<void>;
+    beforeUpdate(args: EventArgs<unknown>): Promise<void>;
+    onLoad(args: EventArgs<unknown>): Promise<void>;
+    private encryptFields;
+    private decryptFields;
+    /**
+     * Read the tenant ID from the EntityManager's filter parameters.
+     * The tenant context middleware sets this when forking the EM per request.
+     */
+    private getTenantId;
+}
+/**
+ * Wraps an EntityManager to block `nativeInsert`, `nativeUpdate`, and
+ * `nativeDelete` on entities that have PHI or PCI compliance fields.
+ *
+ * This prevents bypassing the ComplianceEventSubscriber's encryption
+ * by using raw queries. Call this in the tenant context middleware when
+ * creating the request-scoped EM.
+ *
+ * @returns A Proxy-wrapped EntityManager that throws on native query
+ *          operations targeting compliance entities.
+ */
+declare function wrapEmWithNativeQueryBlocking<T extends EntityManager>(em: T): T;
+/**
+ * The name used to register the tenant isolation filter.
+ */
+declare const TENANT_FILTER_NAME = "tenant";
+/**
+ * Creates the tenant filter definition.
+ *
+ * The filter adds `WHERE organizationId = :tenantId` to all queries
+ * on entities that have an `organizationId` or `organization` property.
+ * Entities without either property are unaffected (empty condition).
+ */
+declare function createTenantFilterDef(): FilterDef;
+/**
+ * Registers the global tenant isolation filter on the ORM's entity manager.
+ * Call this once at application bootstrap after `MikroORM.init()`.
+ *
+ * After calling this, every fork of the EM will inherit the filter.
+ * Set the tenant ID per-request via:
+ *
+ * ```ts
+ * em.setFilterParams('tenant', { tenantId: 'org-123' });
+ * ```
+ */
+declare function setupTenantFilter(orm: MikroORM): void;
+/**
+ * Returns a forked EntityManager with the tenant filter disabled.
+ *
+ * Use this only from code paths that have verified super-admin permissions.
+ * Queries executed through the returned EM will return cross-tenant data.
+ */
+declare function getSuperAdminContext(em: EntityManager): EntityManager;
+interface RlsConfig {
+    /**
+     * Whether to enable PostgreSQL Row-Level Security.
+     * Defaults to `true` when the driver is PostgreSQL, `false` otherwise.
+     * Set to `false` to opt out even on PostgreSQL.
+     */
+    enabled?: boolean;
+}
+/**
+ * MikroORM EventSubscriber that executes `SET LOCAL app.tenant_id = :tenantId`
+ * at the start of every transaction when PostgreSQL RLS is enabled.
+ *
+ * This ensures that even if the MikroORM global filter is somehow bypassed,
+ * the database-level RLS policy enforces tenant isolation.
+ *
+ * The tenant ID is read from the EntityManager's filter parameters
+ * (set by the tenant context middleware).
+ */
+declare class RlsEventSubscriber implements EventSubscriber {
+    afterTransactionStart(args: TransactionEventArgs): Promise<void>;
+    private getTenantId;
+}
+/**
+ * Sets up PostgreSQL Row-Level Security integration.
+ *
+ * 1. Registers the `RlsEventSubscriber` to run `SET LOCAL app.tenant_id`
+ *    at the start of every transaction.
+ * 2. Validates that RLS policies exist on tenant-scoped tables (warns if missing).
+ *
+ * Call this at application bootstrap after `MikroORM.init()` and `setupTenantFilter()`.
+ *
+ * @param orm - The initialized MikroORM instance
+ * @param config - RLS configuration (enabled defaults to auto-detect PostgreSQL)
+ */
+declare function setupRls(orm: MikroORM, config?: RlsConfig): void;
+export { type ClassifiedProperty, type ClassifiedRelationChain, type ClassifiedScalarProperty, ComplianceEventSubscriber, ComplianceLevel, ComplianceLevel as ComplianceLevelType, type ForklaunchPropertyBuilders, type ForklaunchPropertyChain, type RlsConfig, RlsEventSubscriber, TENANT_FILTER_NAME, createTenantFilterDef, defineComplianceEntity, entityHasEncryptedFields, fp, getComplianceMetadata, getEntityComplianceFields, getSuperAdminContext, setupRls, setupTenantFilter, wrapEmWithNativeQueryBlocking };