npm - @friggframework/core - Versions diffs - 2.0.0--canary.461.d9e41f3.0 → 2.0.0--canary.461.4166d53.0 - Mend

@friggframework/core 2.0.0--canary.461.d9e41f3.0 → 2.0.0--canary.461.4166d53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/database/use-cases/check-encryption-health-use-case.js CHANGED Viewed

@@ -66,8 +66,9 @@ class CheckEncryptionHealthUseCase {
         const isBypassed = bypassStages.includes(STAGE);
         const hasAES = AES_KEY_ID && AES_KEY_ID.trim() !== '';
-        const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '' && !hasAES;
-        const mode = hasAES ? 'aes' : hasKMS ? 'kms' : 'none';
+        const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '';
+        // Prefer KMS over AES when both are configured (KMS is more secure)
+        const mode = hasKMS ? 'kms' : hasAES ? 'aes' : 'none';
         return {
             stage: STAGE || null,

package/database/use-cases/check-encryption-health-use-case.test.js ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * Tests for CheckEncryptionHealthUseCase
+ *
+ * Tests encryption configuration detection and health checking
+ */
+const { CheckEncryptionHealthUseCase } = require('./check-encryption-health-use-case');
+describe('CheckEncryptionHealthUseCase', () => {
+    let originalEnv;
+    beforeEach(() => {
+        // Save original env
+        originalEnv = { ...process.env };
+    });
+    afterEach(() => {
+        // Restore original env
+        process.env = originalEnv;
+    });
+    describe('_getEncryptionConfiguration()', () => {
+        it('should prefer KMS over AES when both are configured', async () => {
+            process.env.STAGE = 'production';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            process.env.AES_KEY_ID = 'aes-key-123';
+            process.env.AES_KEY = 'some-aes-key';
+            const mockTestEncryption = {
+                execute: jest.fn().mockResolvedValue({ success: true }),
+            };
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: mockTestEncryption,
+            });
+            const result = await useCase.execute();
+            expect(result.mode).toBe('kms'); // KMS should be preferred over AES
+            expect(result.debug.hasKMS).toBe(true);
+            expect(result.debug.hasAES).toBe(true);
+        });
+        it('should use AES when only AES is configured', async () => {
+            process.env.STAGE = 'production';
+            process.env.AES_KEY_ID = 'aes-key-123';
+            process.env.AES_KEY = 'some-aes-key';
+            delete process.env.KMS_KEY_ARN;
+            const mockTestEncryption = {
+                execute: jest.fn().mockResolvedValue({ status: 'healthy', encryptionWorks: true }),
+            };
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: mockTestEncryption,
+            });
+            const result = await useCase.execute();
+            expect(result.mode).toBe('aes');
+            expect(result.status).toBe('healthy');
+            expect(result.encryptionWorks).toBe(true);
+        });
+        it('should use KMS when only KMS is configured', async () => {
+            process.env.STAGE = 'production';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            delete process.env.AES_KEY_ID;
+            delete process.env.AES_KEY;
+            const mockTestEncryption = {
+                execute: jest.fn().mockResolvedValue({ status: 'healthy', encryptionWorks: true }),
+            };
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: mockTestEncryption,
+            });
+            const result = await useCase.execute();
+            expect(result.mode).toBe('kms');
+            expect(result.status).toBe('healthy');
+            expect(result.encryptionWorks).toBe(true);
+        });
+        it('should bypass encryption for dev stage', async () => {
+            process.env.STAGE = 'dev';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: { execute: jest.fn() },
+            });
+            const result = await useCase.execute();
+            expect(result.bypassed).toBe(true);
+            expect(result.stage).toBe('dev');
+        });
+        it('should not bypass encryption for production stage', async () => {
+            process.env.STAGE = 'production';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            const mockTestEncryption = {
+                execute: jest.fn().mockResolvedValue({ success: true }),
+            };
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: mockTestEncryption,
+            });
+            const result = await useCase.execute();
+            expect(result.bypassed).toBe(false);
+            expect(result.stage).toBe('production');
+        });
+        it('should use qa stage correctly (not in bypass list)', async () => {
+            process.env.STAGE = 'qa';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            const mockTestEncryption = {
+                execute: jest.fn().mockResolvedValue({ success: true }),
+            };
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: mockTestEncryption,
+            });
+            const result = await useCase.execute();
+            expect(result.bypassed).toBe(false);
+            expect(result.stage).toBe('qa');
+            expect(result.mode).toBe('kms');
+        });
+        it('should return mode none when no encryption keys configured', async () => {
+            process.env.STAGE = 'production';
+            delete process.env.KMS_KEY_ARN;
+            delete process.env.AES_KEY_ID;
+            delete process.env.AES_KEY;
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: { execute: jest.fn() },
+            });
+            const result = await useCase.execute();
+            expect(result.status).toBe('disabled');
+            expect(result.mode).toBe('none');
+            expect(result.bypassed).toBe(false);
+            expect(result.testResult).toBe('No encryption keys configured');
+        });
+    });
+    describe('execute() - bypass scenarios', () => {
+        it('should return disabled status when encryption is bypassed', async () => {
+            process.env.STAGE = 'dev';
+            process.env.KMS_KEY_ARN = 'arn:aws:kms:us-east-1:123:key/abc';
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: { execute: jest.fn() },
+            });
+            const result = await useCase.execute();
+            expect(result.status).toBe('disabled');
+            expect(result.bypassed).toBe(true);
+            expect(result.stage).toBe('dev');
+            expect(result.testResult).toBe('Encryption bypassed for this stage');
+            expect(result.encryptionWorks).toBe(false);
+        });
+        it('should return disabled status when no encryption keys configured', async () => {
+            process.env.STAGE = 'production';
+            delete process.env.KMS_KEY_ARN;
+            delete process.env.AES_KEY_ID;
+            const useCase = new CheckEncryptionHealthUseCase({
+                testEncryptionUseCase: { execute: jest.fn() },
+            });
+            const result = await useCase.execute();
+            expect(result.status).toBe('disabled');
+            expect(result.bypassed).toBe(false);
+            expect(result.mode).toBe('none');
+            expect(result.testResult).toBe('No encryption keys configured');
+        });
+    });
+});

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
     "name": "@friggframework/core",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.461.d9e41f3.0",
+    "version": "2.0.0--canary.461.4166d53.0",
     "dependencies": {
         "@aws-sdk/client-apigatewaymanagementapi": "^3.588.0",
         "@aws-sdk/client-kms": "^3.588.0",
@@ -37,9 +37,9 @@
         }
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.461.d9e41f3.0",
-        "@friggframework/prettier-config": "2.0.0--canary.461.d9e41f3.0",
-        "@friggframework/test": "2.0.0--canary.461.d9e41f3.0",
+        "@friggframework/eslint-config": "2.0.0--canary.461.4166d53.0",
+        "@friggframework/prettier-config": "2.0.0--canary.461.4166d53.0",
+        "@friggframework/test": "2.0.0--canary.461.4166d53.0",
         "@prisma/client": "^6.17.0",
         "@types/lodash": "4.17.15",
         "@typescript-eslint/eslint-plugin": "^8.0.0",
@@ -79,5 +79,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "d9e41f35ba7f87cc8bbc49c2b7b714c5d4056410"
+    "gitHead": "4166d530b765f85965bdaa77cd4341e8d6e2c12f"
 }