npm - @friggframework/core - Versions diffs - 2.0.0-next.41 → 2.0.0-next.43 - Mend

@friggframework/core 2.0.0-next.41 → 2.0.0-next.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

package/CLAUDE.md +693 -0
package/README.md +931 -50
package/application/commands/README.md +421 -0
package/application/commands/credential-commands.js +224 -0
package/application/commands/entity-commands.js +315 -0
package/application/commands/integration-commands.js +160 -0
package/application/commands/integration-commands.test.js +123 -0
package/application/commands/user-commands.js +213 -0
package/application/index.js +69 -0
package/core/CLAUDE.md +690 -0
package/core/create-handler.js +0 -6
package/credential/repositories/credential-repository-factory.js +47 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +301 -0
package/credential/repositories/credential-repository-postgres.js +307 -0
package/credential/repositories/credential-repository.js +307 -0
package/credential/use-cases/get-credential-for-user.js +21 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/config.js +117 -0
package/database/encryption/README.md +683 -0
package/database/encryption/encryption-integration.test.js +553 -0
package/database/encryption/encryption-schema-registry.js +141 -0
package/database/encryption/encryption-schema-registry.test.js +392 -0
package/database/encryption/field-encryption-service.js +226 -0
package/database/encryption/field-encryption-service.test.js +525 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/mongo-decryption-fix-verification.test.js +348 -0
package/database/encryption/postgres-decryption-fix-verification.test.js +371 -0
package/database/encryption/postgres-relation-decryption.test.js +245 -0
package/database/encryption/prisma-encryption-extension.js +222 -0
package/database/encryption/prisma-encryption-extension.test.js +439 -0
package/database/index.js +25 -12
package/database/models/readme.md +1 -0
package/database/prisma.js +162 -0
package/database/repositories/health-check-repository-factory.js +38 -0
package/database/repositories/health-check-repository-interface.js +86 -0
package/database/repositories/health-check-repository-mongodb.js +72 -0
package/database/repositories/health-check-repository-postgres.js +75 -0
package/database/repositories/health-check-repository.js +108 -0
package/database/use-cases/check-database-health-use-case.js +34 -0
package/database/use-cases/check-encryption-health-use-case.js +82 -0
package/database/use-cases/test-encryption-use-case.js +252 -0
package/encrypt/Cryptor.js +20 -152
package/encrypt/index.js +1 -2
package/encrypt/test-encrypt.js +0 -2
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +0 -3
package/handlers/auth-flow.integration.test.js +147 -0
package/handlers/backend-utils.js +25 -45
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/integration-event-dispatcher.test.js +141 -0
package/handlers/routers/HEALTHCHECK.md +103 -1
package/handlers/routers/auth.js +3 -14
package/handlers/routers/health.js +63 -424
package/handlers/routers/health.test.js +7 -0
package/handlers/routers/integration-defined-routers.js +8 -5
package/handlers/routers/user.js +27 -5
package/handlers/routers/websocket.js +5 -3
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +32 -0
package/handlers/workers/integration-defined-workers.js +6 -3
package/index.js +45 -22
package/integrations/index.js +12 -10
package/integrations/integration-base.js +224 -53
package/integrations/integration-router.js +386 -178
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-factory.js +50 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-factory.js +44 -0
package/integrations/repositories/integration-repository-interface.js +115 -0
package/integrations/repositories/integration-repository-mongo.js +271 -0
package/integrations/repositories/integration-repository-postgres.js +319 -0
package/integrations/tests/doubles/dummy-integration-class.js +90 -0
package/integrations/tests/doubles/test-integration-repository.js +99 -0
package/integrations/tests/use-cases/create-integration.test.js +131 -0
package/integrations/tests/use-cases/delete-integration-for-user.test.js +150 -0
package/integrations/tests/use-cases/find-integration-context-by-external-entity-id.test.js +92 -0
package/integrations/tests/use-cases/get-integration-for-user.test.js +150 -0
package/integrations/tests/use-cases/get-integration-instance.test.js +176 -0
package/integrations/tests/use-cases/get-integrations-for-user.test.js +176 -0
package/integrations/tests/use-cases/get-possible-integrations.test.js +188 -0
package/integrations/tests/use-cases/update-integration-messages.test.js +142 -0
package/integrations/tests/use-cases/update-integration-status.test.js +103 -0
package/integrations/tests/use-cases/update-integration.test.js +141 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/delete-integration-for-user.js +73 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +72 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +87 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/index.js +11 -0
package/integrations/use-cases/load-integration-context-full.test.js +329 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/load-integration-context.test.js +114 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +93 -0
package/integrations/utils/map-integration-dto.js +36 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/{module-plugin → modules}/entity.js +1 -0
package/{module-plugin → modules}/index.js +0 -8
package/modules/module-factory.js +56 -0
package/modules/module-hydration.test.js +205 -0
package/modules/module.js +221 -0
package/modules/repositories/module-repository-factory.js +33 -0
package/modules/repositories/module-repository-interface.js +129 -0
package/modules/repositories/module-repository-mongo.js +386 -0
package/modules/repositories/module-repository-postgres.js +437 -0
package/modules/repositories/module-repository.js +327 -0
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +12 -8
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +59 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +31 -0
package/modules/use-cases/get-module.js +56 -0
package/modules/use-cases/process-authorization-callback.js +122 -0
package/modules/use-cases/refresh-entity-options.js +59 -0
package/modules/use-cases/test-module-auth.js +55 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +14 -6
package/prisma-mongodb/schema.prisma +318 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +300 -0
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-factory.js +38 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-factory.js +33 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +212 -0
package/token/repositories/token-repository-postgres.js +257 -0
package/token/repositories/token-repository.js +219 -0
package/types/integrations/index.d.ts +2 -6
package/types/module-plugin/index.d.ts +5 -57
package/types/syncs/index.d.ts +0 -2
package/user/repositories/user-repository-factory.js +46 -0
package/user/repositories/user-repository-interface.js +198 -0
package/user/repositories/user-repository-mongo.js +250 -0
package/user/repositories/user-repository-postgres.js +311 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/tests/use-cases/create-individual-user.test.js +24 -0
package/user/tests/use-cases/create-organization-user.test.js +28 -0
package/user/tests/use-cases/create-token-for-user-id.test.js +19 -0
package/user/tests/use-cases/get-user-from-bearer-token.test.js +64 -0
package/user/tests/use-cases/login-user.test.js +140 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +77 -0
package/websocket/repositories/websocket-connection-repository-factory.js +37 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +155 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +195 -0
package/websocket/repositories/websocket-connection-repository.js +160 -0
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/mongo.js +0 -171
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -104
package/encrypt/encrypt.test.js +0 -1069
package/handlers/routers/middleware/loadUser.js +0 -15
package/handlers/routers/middleware/requireLoggedInUser.js +0 -12
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/test/auther.test.js +0 -97
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/api-key.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/requester/oauth-2.js +0 -0
/package/{module-plugin → modules}/requester/requester.js +0 -0
/package/{module-plugin → modules}/requester/requester.test.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/modules/use-cases/process-authorization-callback.js ADDED Viewed

@@ -0,0 +1,122 @@
+const { Module } = require('../module');
+const { ModuleConstants } = require('../ModuleConstants');
+class ProcessAuthorizationCallback {
+    /**
+     * @param {Object} params - Configuration parameters.
+     * @param {import('../repositories/module-repository-factory').ModuleRepositoryInterface} params.moduleRepository - Repository for module data operations.
+     * @param {import('../../credential/repositories/credential-repository-factory').CredentialRepositoryInterface} params.credentialRepository - Repository for credential data operations.
+     * @param {Array<Object>} params.moduleDefinitions - Array of module definitions.
+     */
+    constructor({ moduleRepository, credentialRepository, moduleDefinitions }) {
+        this.moduleRepository = moduleRepository;
+        this.credentialRepository = credentialRepository;
+        this.moduleDefinitions = moduleDefinitions;
+    }
+    async execute(userId, entityType, params) {
+        const moduleDefinition = this.moduleDefinitions.find((def) => {
+            return entityType === def.moduleName;
+        });
+        if (!moduleDefinition) {
+            throw new Error(
+                `Module definition not found for entity type: ${entityType}`
+            );
+        }
+        // todo: check if we need to pass entity to Module, right now it's null
+        let entity = null;
+        const module = new Module({
+            userId,
+            entity,
+            definition: moduleDefinition,
+        });
+        let tokenResponse;
+        if (module.apiClass.requesterType === ModuleConstants.authType.oauth2) {
+            tokenResponse = await moduleDefinition.requiredAuthMethods.getToken(
+                module.api,
+                params
+            );
+        } else {
+            tokenResponse =
+                await moduleDefinition.requiredAuthMethods.setAuthParams(
+                    module.api,
+                    params
+                );
+            await this.onTokenUpdate(module, moduleDefinition, userId);
+        }
+        const authRes = await module.testAuth();
+        if (!authRes) {
+            throw new Error('Authorization failed');
+        }
+        const entityDetails =
+            await moduleDefinition.requiredAuthMethods.getEntityDetails(
+                module.api,
+                params,
+                tokenResponse,
+                userId
+            );
+        Object.assign(
+            entityDetails.details,
+            module.apiParamsFromEntity(module.api)
+        );
+        const persistedEntity = await this.findOrCreateEntity(
+            entityDetails,
+            entityType,
+            module.credential.id
+        );
+        return {
+            credential_id: module.credential.id,
+            entity_id: persistedEntity.id,
+            type: module.getName(),
+        };
+    }
+    async onTokenUpdate(module, moduleDefinition, userId) {
+        const credentialDetails =
+            await moduleDefinition.requiredAuthMethods.getCredentialDetails(
+                module.api,
+                userId
+            );
+        Object.assign(
+            credentialDetails.details,
+            module.apiParamsFromCredential(module.api)
+        );
+        credentialDetails.details.authIsValid = true;
+        const persisted = await this.credentialRepository.upsertCredential(credentialDetails);
+        module.credential = persisted;
+    }
+    async findOrCreateEntity(entityDetails, moduleName, credentialId) {
+        const { identifiers, details } = entityDetails;
+        const existingEntity = await this.moduleRepository.findEntity({
+            externalId: identifiers.externalId,
+            user: identifiers.user,
+            moduleName: moduleName,
+        });
+        if (existingEntity) {
+            return existingEntity;
+        }
+        return await this.moduleRepository.createEntity({
+            ...identifiers,
+            ...details,
+            moduleName: moduleName,
+            credential: credentialId,
+        });
+    }
+}
+module.exports = { ProcessAuthorizationCallback };

package/modules/use-cases/refresh-entity-options.js ADDED Viewed

@@ -0,0 +1,59 @@
+const { Module } = require('../module');
+class RefreshEntityOptions {
+    /**
+     * @param {Object} params
+     * @param {import('../repositories/module-repository-interface').ModuleRepositoryInterface} params.moduleRepository
+     * @param {} params.moduleDefinitions
+     */
+    constructor({ moduleRepository, moduleDefinitions }) {
+        this.moduleRepository = moduleRepository;
+        this.moduleDefinitions = moduleDefinitions;
+    }
+    /**
+     * Retrieve a Module instance for a given user and entity/module type.
+     * @param {string} userId
+     * @param {string} entityId
+     */
+    async execute(entityId, userId, options) {
+        const entity = await this.moduleRepository.findEntityById(
+            entityId,
+            userId
+        );
+        if (!entity) {
+            throw new Error(`Entity ${entityId} not found`);
+        }
+        if (entity.userId !== userId) {
+            throw new Error(
+                `Entity ${entityId} does not belong to user ${userId}`
+            );
+        }
+        const entityType = entity.type;
+        const moduleDefinition = this.moduleDefinitions.find((def) => {
+            const modelName =
+                Module.getEntityModelFromDefinition(def).modelName;
+            return entityType === modelName;
+        });
+        if (!moduleDefinition) {
+            throw new Error(
+                `Module definition not found for entity type: ${entityType}`
+            );
+        }
+        const module = new Module({
+            userId,
+            entity,
+            definition: moduleDefinition,
+        });
+        await module.refreshEntityOptions(options);
+        return module.getEntityOptions();
+    }
+}
+module.exports = { RefreshEntityOptions };

package/modules/use-cases/test-module-auth.js ADDED Viewed

@@ -0,0 +1,55 @@
+const { Module } = require('../module');
+class TestModuleAuth {
+    /**
+     * @param {Object} params - Configuration parameters.
+     * @param {import('../repositories/module-repository-interface').ModuleRepositoryInterface} params.moduleRepository - Repository for module data operations.
+     * @param {Array<Object>} params.moduleDefinitions - Array of module definitions.
+     */
+    constructor({ moduleRepository, moduleDefinitions }) {
+        this.moduleRepository = moduleRepository;
+        this.moduleDefinitions = moduleDefinitions;
+    }
+    async execute(entityId, userId) {
+        const entity = await this.moduleRepository.findEntityById(
+            entityId,
+            userId
+        );
+        if (!entity) {
+            throw new Error(`Entity ${entityId} not found`);
+        }
+        if (entity.userId !== userId) {
+            throw new Error(
+                `Entity ${entityId} does not belong to user ${userId}`
+            );
+        }
+        const entityType = entity.type;
+        const moduleDefinition = this.moduleDefinitions.find((def) => {
+            const modelName =
+                Module.getEntityModelFromDefinition(def).modelName;
+            return entityType === modelName;
+        });
+        if (!moduleDefinition) {
+            throw new Error(
+                `Module definition not found for entity type: ${entityType}`
+            );
+        }
+        const module = new Module({
+            userId,
+            entity,
+            definition: moduleDefinition,
+        });
+        const testAuthResponse = await module.testAuth();
+        return testAuthResponse;
+    }
+}
+module.exports = { TestModuleAuth };

package/modules/utils/map-module-dto.js ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * @param {import('../module').Module} moduleInstance
+ * Convert a Module domain instance to a plain DTO suitable for JSON responses.
+ */
+function mapModuleClassToModuleDTO(moduleInstance) {
+    if (!moduleInstance) return null;
+    return {
+        id: moduleInstance.entity.id,
+        name: moduleInstance.name,
+        userId: moduleInstance.userId,
+        entity: moduleInstance.entity,
+        credentialId: moduleInstance.credential?._id?.toString(),
+        type: moduleInstance.getName()
+    };
+}
+module.exports = { mapModuleClassToModuleDTO };

package/package.json CHANGED Viewed

@@ -1,9 +1,10 @@
 {
   "name": "@friggframework/core",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0-next.41",
+  "version": "2.0.0-next.43",
   "dependencies": {
     "@hapi/boom": "^10.0.1",
+    "@prisma/client": "^6.16.3",
     "aws-sdk": "^2.1200.0",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.20.2",
@@ -22,9 +23,9 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0-next.41",
-    "@friggframework/prettier-config": "2.0.0-next.41",
-    "@friggframework/test": "2.0.0-next.41",
+    "@friggframework/eslint-config": "2.0.0-next.43",
+    "@friggframework/prettier-config": "2.0.0-next.43",
+    "@friggframework/test": "2.0.0-next.43",
     "@types/lodash": "4.17.15",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "chai": "^4.3.6",
@@ -34,12 +35,19 @@
     "eslint-plugin-promise": "^7.0.0",
     "jest": "^29.7.0",
     "prettier": "^2.7.1",
+    "prisma": "^6.16.3",
     "sinon": "^16.1.1",
     "typescript": "^5.0.2"
   },
   "scripts": {
     "lint:fix": "prettier --write --loglevel error . && eslint . --fix",
-    "test": "jest --passWithNoTests # TODO"
+    "test": "jest --passWithNoTests # TODO",
+    "prisma:generate:mongo": "npx prisma generate --schema ./prisma-mongodb/schema.prisma",
+    "prisma:generate:postgres": "npx prisma generate --schema ./prisma-postgresql/schema.prisma",
+    "prisma:generate": "npm run prisma:generate:mongo && npm run prisma:generate:postgres",
+    "prisma:push:mongo": "npx prisma db push --schema ./prisma-mongodb/schema.prisma",
+    "prisma:migrate:postgres": "npx prisma migrate dev --schema ./prisma-postgresql/schema.prisma",
+    "postinstall": "npm run prisma:generate"
   },
   "author": "",
   "license": "MIT",
@@ -56,5 +64,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "a5c413164c1b492a228689851d037706f7f869af"
+  "gitHead": "2619db8a4e885887ad9071fe166cf0e8dee12d91"
 }

package/prisma-mongodb/schema.prisma ADDED Viewed

@@ -0,0 +1,318 @@
+// Frigg Framework - Prisma Schema
+// MongoDB database schema for enterprise integration platform
+// Migration from Mongoose ODM to Prisma ORM
+generator client {
+  provider = "prisma-client-js"
+  output   = "../node_modules/@prisma-mongodb/client"
+}
+datasource db {
+  provider = "mongodb"
+  url      = env("DATABASE_URL")
+}
+// ============================================================================
+// USER MODELS
+// ============================================================================
+/// User model with discriminator pattern support
+/// Replaces Mongoose discriminators (IndividualUser, OrganizationUser)
+model User {
+  id    String   @id @default(auto()) @map("_id") @db.ObjectId
+  type  UserType
+  // Timestamps
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  // IndividualUser fields (nullable for organizations)
+  email          String?
+  username       String?
+  hashword       String? // Bcrypt hashed password (handled in application layer)
+  appUserId      String?
+  organizationId String? @db.ObjectId
+  // Self-referential relation for organization membership
+  organization User?  @relation("OrgMembers", fields: [organizationId], references: [id], onDelete: NoAction, onUpdate: NoAction)
+  members      User[] @relation("OrgMembers")
+  // OrganizationUser fields (nullable for individuals)
+  appOrgId String?
+  name     String?
+  // Relations
+  tokens       Token[]
+  credentials  Credential[]
+  entities     Entity[]
+  integrations Integration[]
+  @@unique([email])
+  @@unique([username])
+  @@unique([appOrgId])
+  @@index([type])
+  @@index([appUserId])
+  @@map("User")
+}
+enum UserType {
+  INDIVIDUAL
+  ORGANIZATION
+}
+// ============================================================================
+// AUTHENTICATION MODELS
+// ============================================================================
+/// Authentication tokens with expiration
+/// Bcrypt hashed tokens stored (handled in application layer)
+model Token {
+  id      String    @id @default(auto()) @map("_id") @db.ObjectId
+  token   String // Bcrypt hashed
+  created DateTime  @default(now())
+  expires DateTime?
+  userId  String    @db.ObjectId
+  user    User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+  @@index([userId])
+  @@index([expires])
+  @@map("Token")
+}
+// ============================================================================
+// CREDENTIAL & ENTITY MODELS
+// ============================================================================
+/// OAuth credentials and API tokens
+/// All sensitive data encrypted with KMS at rest
+model Credential {
+  id         String   @id @default(auto()) @map("_id") @db.ObjectId
+  userId     String?  @db.ObjectId
+  user       User?    @relation(fields: [userId], references: [id], onDelete: Cascade)
+  subType    String?
+  authIsValid Boolean?
+  externalId String?
+  // Dynamic OAuth fields stored as JSON (encrypted via Prisma middleware)
+  // Contains: access_token, refresh_token, domain, expires_in, token_type, etc.
+  data Json @default("{}")
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  // Relations
+  entities Entity[]
+  @@index([userId])
+  @@index([externalId])
+  @@map("Credential")
+}
+/// External service entities (API connections)
+model Entity {
+  id           String      @id @default(auto()) @map("_id") @db.ObjectId
+  credentialId String?     @db.ObjectId
+  credential   Credential? @relation(fields: [credentialId], references: [id], onDelete: SetNull)
+  subType      String?
+  userId       String?     @db.ObjectId
+  user         User?       @relation(fields: [userId], references: [id], onDelete: Cascade)
+  name         String?
+  moduleName   String?
+  externalId   String?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  // Relations - many-to-many with scalar lists
+  integrations    Integration[] @relation("IntegrationEntities", fields: [integrationIds], references: [id])
+  integrationIds  String[]      @db.ObjectId
+  syncs           Sync[]        @relation("SyncEntities", fields: [syncIds], references: [id])
+  syncIds         String[]      @db.ObjectId
+  dataIdentifiers    DataIdentifier[]
+  associationObjects AssociationObject[]
+  @@index([userId])
+  @@index([externalId])
+  @@index([moduleName])
+  @@index([credentialId])
+  @@map("Entity")
+}
+// ============================================================================
+// INTEGRATION MODELS
+// ============================================================================
+/// Main integration configuration and state
+model Integration {
+  id     String            @id @default(auto()) @map("_id") @db.ObjectId
+  userId String?           @db.ObjectId
+  user   User?             @relation(fields: [userId], references: [id], onDelete: Cascade)
+  status IntegrationStatus @default(ENABLED)
+  // Configuration and version
+  config  Json?   // Integration configuration object
+  version String?
+  // Entity references (many-to-many via explicit scalar list)
+  entities  Entity[] @relation("IntegrationEntities", fields: [entityIds], references: [id])
+  entityIds String[] @db.ObjectId
+  // Message arrays (stored as JSON)
+  errors   Json @default("[]")
+  warnings Json @default("[]")
+  info     Json @default("[]")
+  logs     Json @default("[]")
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  // Relations
+  associations Association[]
+  syncs        Sync[]
+  mappings     IntegrationMapping[]
+  @@index([userId])
+  @@index([status])
+  @@map("Integration")
+}
+enum IntegrationStatus {
+  ENABLED
+  NEEDS_CONFIG
+  PROCESSING
+  DISABLED
+  ERROR
+}
+/// Integration-specific data mappings
+/// All mapping data encrypted with KMS
+model IntegrationMapping {
+  id            String      @id @default(auto()) @map("_id") @db.ObjectId
+  integrationId String      @db.ObjectId
+  integration   Integration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+  sourceId      String?
+  // Encrypted mapping data (handled via Prisma middleware)
+  mapping Json?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  @@unique([integrationId, sourceId])
+  @@index([integrationId])
+  @@index([sourceId])
+  @@map("IntegrationMapping")
+}
+// ============================================================================
+// SYNC MODELS
+// ============================================================================
+/// Bidirectional data synchronization tracking
+model Sync {
+  id            String       @id @default(auto()) @map("_id") @db.ObjectId
+  integrationId String?      @db.ObjectId
+  integration   Integration? @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+  // Entity references (many-to-many via explicit scalar list)
+  entities  Entity[] @relation("SyncEntities", fields: [entityIds], references: [id])
+  entityIds String[] @db.ObjectId
+  hash String
+  name String
+  // Data identifiers (extracted to separate model)
+  dataIdentifiers DataIdentifier[]
+  @@index([integrationId])
+  @@index([hash])
+  @@index([name])
+  @@map("Sync")
+}
+/// Data identifier for sync operations
+/// Replaces nested array structure in Mongoose
+model DataIdentifier {
+  id       String  @id @default(auto()) @map("_id") @db.ObjectId
+  syncId   String? @db.ObjectId
+  sync     Sync?   @relation(fields: [syncId], references: [id], onDelete: Cascade)
+  entityId String  @db.ObjectId
+  entity   Entity  @relation(fields: [entityId], references: [id], onDelete: Cascade)
+  // Identifier data (can be any structure)
+  idData Json
+  hash String
+  @@index([syncId])
+  @@index([entityId])
+  @@index([hash])
+  @@map("DataIdentifier")
+}
+// ============================================================================
+// ASSOCIATION MODELS
+// ============================================================================
+/// Entity associations with cardinality tracking
+model Association {
+  id            String          @id @default(auto()) @map("_id") @db.ObjectId
+  integrationId String          @db.ObjectId
+  integration   Integration     @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+  name          String
+  type          AssociationType
+  primaryObject String
+  // Associated objects (extracted to separate model)
+  objects AssociationObject[]
+  @@index([integrationId])
+  @@index([name])
+  @@map("Association")
+}
+/// Association object entry
+/// Replaces nested array structure in Mongoose
+model AssociationObject {
+  id            String       @id @default(auto()) @map("_id") @db.ObjectId
+  associationId String       @db.ObjectId
+  association   Association  @relation(fields: [associationId], references: [id], onDelete: Cascade)
+  entityId      String       @db.ObjectId
+  entity        Entity       @relation(fields: [entityId], references: [id], onDelete: Cascade)
+  objectType    String
+  objId         String
+  metadata      Json? // Optional metadata
+  @@index([associationId])
+  @@index([entityId])
+  @@map("AssociationObject")
+}
+enum AssociationType {
+  ONE_TO_MANY
+  ONE_TO_ONE
+  MANY_TO_ONE
+}
+// ============================================================================
+// UTILITY MODELS
+// ============================================================================
+/// Generic state storage
+model State {
+  id    String @id @default(auto()) @map("_id") @db.ObjectId
+  state Json?
+  @@map("State")
+}
+/// AWS API Gateway WebSocket connection tracking
+model WebsocketConnection {
+  id           String  @id @default(auto()) @map("_id") @db.ObjectId
+  connectionId String?
+  @@index([connectionId])
+  @@map("WebsocketConnection")
+}