npm - @friggframework/core - Versions diffs - 2.0.0-next.44 → 2.0.0-next.46 - Mend

@friggframework/core 2.0.0-next.44 → 2.0.0-next.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/README.md +28 -0
package/application/commands/integration-commands.js +19 -0
package/core/Worker.js +8 -21
package/credential/repositories/credential-repository-mongo.js +14 -8
package/credential/repositories/credential-repository-postgres.js +14 -8
package/credential/repositories/credential-repository.js +3 -8
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +11 -2
package/database/models/WebsocketConnection.js +11 -10
package/database/prisma.js +63 -3
package/database/repositories/health-check-repository-mongodb.js +3 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +3 -2
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +137 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +91 -0
package/database/utils/mongodb-schema-init.js +106 -0
package/database/utils/prisma-runner.js +400 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/encrypt/Cryptor.js +14 -16
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +334 -0
package/generated/prisma-mongodb/index-browser.js +316 -0
package/generated/prisma-mongodb/index.d.ts +22897 -0
package/generated/prisma-mongodb/index.js +359 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/runtime/binary.d.ts +1 -0
package/generated/prisma-mongodb/runtime/binary.js +289 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +362 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +341 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +356 -0
package/generated/prisma-postgresql/index-browser.js +338 -0
package/generated/prisma-postgresql/index.d.ts +25071 -0
package/generated/prisma-postgresql/index.js +381 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/binary.d.ts +1 -0
package/generated/prisma-postgresql/runtime/binary.js +289 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +345 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +363 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/backend-utils.js +118 -3
package/handlers/database-migration-handler.js +227 -0
package/handlers/routers/auth.js +1 -1
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +256 -0
package/handlers/routers/health.js +41 -6
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/use-cases/check-integrations-health-use-case.js +22 -10
package/handlers/workers/db-migration.js +352 -0
package/index.js +28 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/integration-base.js +74 -3
package/integrations/integration-router.js +60 -70
package/integrations/repositories/integration-repository-interface.js +12 -0
package/integrations/repositories/integration-repository-mongo.js +32 -0
package/integrations/repositories/integration-repository-postgres.js +33 -0
package/integrations/repositories/process-repository-postgres.js +43 -20
package/integrations/tests/doubles/dummy-integration-class.js +1 -8
package/integrations/tests/doubles/test-integration-repository.js +2 -2
package/logs/logger.js +0 -4
package/modules/entity.js +0 -1
package/modules/repositories/module-repository-mongo.js +3 -12
package/modules/repositories/module-repository-postgres.js +0 -11
package/modules/repositories/module-repository.js +1 -12
package/modules/use-cases/get-entity-options-by-id.js +1 -1
package/modules/use-cases/get-module.js +1 -2
package/modules/use-cases/refresh-entity-options.js +1 -1
package/modules/use-cases/test-module-auth.js +1 -1
package/package.json +82 -66
package/prisma-mongodb/schema.prisma +21 -21
package/prisma-postgresql/schema.prisma +15 -15
package/queues/queuer-util.js +28 -15
package/types/core/index.d.ts +2 -2
package/types/module-plugin/index.d.ts +0 -2
package/user/repositories/user-repository-mongo.js +53 -12
package/user/repositories/user-repository-postgres.js +53 -14
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +106 -0
package/user/use-cases/login-user.js +1 -1
package/user/user.js +18 -2
package/websocket/repositories/websocket-connection-repository-mongo.js +11 -10
package/websocket/repositories/websocket-connection-repository-postgres.js +11 -10
package/websocket/repositories/websocket-connection-repository.js +11 -10
package/application/commands/integration-commands.test.js +0 -123
package/database/encryption/encryption-integration.test.js +0 -553
package/database/encryption/encryption-schema-registry.test.js +0 -392
package/database/encryption/field-encryption-service.test.js +0 -525
package/database/encryption/mongo-decryption-fix-verification.test.js +0 -348
package/database/encryption/postgres-decryption-fix-verification.test.js +0 -371
package/database/encryption/postgres-relation-decryption.test.js +0 -245
package/database/encryption/prisma-encryption-extension.test.js +0 -439
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/handlers/auth-flow.integration.test.js +0 -147
package/handlers/integration-event-dispatcher.test.js +0 -141
package/handlers/routers/health.test.js +0 -210
package/integrations/tests/use-cases/create-integration.test.js +0 -131
package/integrations/tests/use-cases/delete-integration-for-user.test.js +0 -150
package/integrations/tests/use-cases/find-integration-context-by-external-entity-id.test.js +0 -92
package/integrations/tests/use-cases/get-integration-for-user.test.js +0 -150
package/integrations/tests/use-cases/get-integration-instance.test.js +0 -176
package/integrations/tests/use-cases/get-integrations-for-user.test.js +0 -176
package/integrations/tests/use-cases/get-possible-integrations.test.js +0 -188
package/integrations/tests/use-cases/update-integration-messages.test.js +0 -142
package/integrations/tests/use-cases/update-integration-status.test.js +0 -103
package/integrations/tests/use-cases/update-integration.test.js +0 -141
package/integrations/use-cases/create-process.test.js +0 -178
package/integrations/use-cases/get-process.test.js +0 -190
package/integrations/use-cases/load-integration-context-full.test.js +0 -329
package/integrations/use-cases/load-integration-context.test.js +0 -114
package/integrations/use-cases/update-process-metrics.test.js +0 -308
package/integrations/use-cases/update-process-state.test.js +0 -256
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/modules/module-hydration.test.js +0 -205
package/modules/requester/requester.test.js +0 -28
package/user/tests/use-cases/create-individual-user.test.js +0 -24
package/user/tests/use-cases/create-organization-user.test.js +0 -28
package/user/tests/use-cases/create-token-for-user-id.test.js +0 -19
package/user/tests/use-cases/get-user-from-bearer-token.test.js +0 -64
package/user/tests/use-cases/login-user.test.js +0 -140

package/database/encryption/encryption-integration.test.js DELETED Viewed

@@ -1,553 +0,0 @@
-/**
- * Integration tests for field-level encryption
- * Tests transparent encryption/decryption with Prisma for MongoDB and PostgreSQL
- *
- * These tests verify:
- * - Create operations encrypt fields
- * - Read operations decrypt fields
- * - Update operations handle encryption
- * - Upsert operations work correctly
- * - FindMany operations decrypt arrays
- * - Null/undefined/empty values are handled
- * - Database stores encrypted data
- *
- * Database-Agnostic Design:
- * - Uses repository pattern for raw database access (getRawCredentialById)
- * - MongoDB: Uses Mongoose for raw collection access
- * - PostgreSQL: Uses Prisma $queryRaw for raw SQL queries
- * - Field names match Prisma schema (userId, externalId, not user_id/entity_id)
- * - Uses externalId (string) for test data instead of userId (ObjectId reference)
- *
- * Prerequisites:
- * - Database must be running and accessible
- * - For MongoDB: Replica set recommended (for transactions)
- * - For PostgreSQL: Database must exist
- * - Database type configured in backend/index.js app definition
- *
- * Note: Test explicitly passes 'mongodb' to repository factory for testing purposes
- */
-// Set default DATABASE_URL for testing if not already set
-if (!process.env.DATABASE_URL) {
-    process.env.DATABASE_URL = 'mongodb://localhost:27017/frigg?replicaSet=rs0';
-}
-// Enable encryption for testing (bypass test stage check)
-process.env.STAGE = 'integration-test';
-process.env.AES_KEY_ID = 'test-key-id';
-process.env.AES_KEY = 'test-aes-key-32-characters-long!';
-jest.mock('../config', () => ({
-    DB_TYPE: 'mongodb',
-    getDatabaseType: jest.fn(() => 'mongodb'),
-    PRISMA_LOG_LEVEL: 'error,warn',
-    PRISMA_QUERY_LOGGING: false,
-}));
-const { prisma, connectPrisma, disconnectPrisma } = require('../prisma');
-const { createHealthCheckRepository } = require('../repositories/health-check-repository-factory');
-const { mongoose } = require('../mongoose');
-describe('Field-Level Encryption Integration Tests', () => {
-    // Use externalId for test identification (works with both MongoDB and PostgreSQL)
-    const testExternalId = 'test-encryption-integration-id';
-    let repository;
-    beforeAll(async () => {
-        await connectPrisma();
-        // Connect mongoose for raw database queries
-        if (mongoose.connection.readyState === 0) {
-            await mongoose.connect(process.env.DATABASE_URL);
-        }
-        // Create database-specific repository for raw access
-        // Pass explicit database type for testing
-        repository = createHealthCheckRepository('mongodb');
-    });
-    afterAll(async () => {
-        // Clean up test data - delete all test credentials by externalId
-        await prisma.credential.deleteMany({
-            where: { externalId: { startsWith: 'test-encryption-' } },
-        });
-        await mongoose.disconnect();
-        await disconnectPrisma();
-    });
-    afterEach(async () => {
-        // Clean up after each test
-        await prisma.credential.deleteMany({
-            where: { externalId: { startsWith: 'test-encryption-' } },
-        });
-    });
-    describe('Create Operations', () => {
-        it('should encrypt sensitive fields on create', async () => {
-            const credential = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'secret-token-123',
-                        refresh_token: 'refresh-token-456',
-                        domain: 'example.com',
-                    },
-                },
-            });
-            // Verify decrypted values returned to application
-            expect(credential.data.access_token).toBe('secret-token-123');
-            expect(credential.data.refresh_token).toBe('refresh-token-456');
-            expect(credential.data.domain).toBe('example.com');
-            // Verify raw database has encrypted values
-            const rawDoc = await repository.getRawCredentialById(credential.id);
-            expect(rawDoc.data.access_token).not.toBe('secret-token-123');
-            expect(rawDoc.data.access_token).toContain(':');
-            expect(rawDoc.data.refresh_token).not.toBe('refresh-token-456');
-            expect(rawDoc.data.refresh_token).toContain(':');
-            // domain should NOT be encrypted (not in schema registry)
-            expect(rawDoc.data.domain).toBe('example.com');
-        });
-        it('should handle null and undefined values', async () => {
-            const credential = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: null,
-                        domain: 'example.com',
-                    },
-                },
-            });
-            expect(credential.data.access_token).toBeNull();
-            expect(credential.data.domain).toBe('example.com');
-        });
-        it('should handle empty strings', async () => {
-            const credential = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: '',
-                        domain: 'example.com',
-                    },
-                },
-            });
-            // Empty strings should not be encrypted
-            expect(credential.data.access_token).toBe('');
-            expect(credential.data.domain).toBe('example.com');
-        });
-    });
-    describe('Read Operations', () => {
-        it('should decrypt fields on findUnique', async () => {
-            // Create with encrypted data
-            const created = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'secret-find-unique',
-                        domain: 'findunique.com',
-                    },
-                },
-            });
-            // Read back
-            const found = await prisma.credential.findUnique({
-                where: { id: created.id },
-            });
-            expect(found.data.access_token).toBe('secret-find-unique');
-            expect(found.data.domain).toBe('findunique.com');
-        });
-        it('should decrypt fields on findFirst', async () => {
-            await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'secret-find-first',
-                        domain: 'findfirst.com',
-                    },
-                },
-            });
-            const found = await prisma.credential.findFirst({
-                where: { externalId: { startsWith: 'test-encryption-' } },
-            });
-            expect(found.data.access_token).toBe('secret-find-first');
-            expect(found.data.domain).toBe('findfirst.com');
-        });
-        it('should decrypt array of results on findMany', async () => {
-            // Create multiple credentials
-            await prisma.credential.createMany({
-                data: [
-                    {
-                        externalId: 'test-encryption-entity-1',
-                        data: {
-                            access_token: 'secret-1',
-                            domain: 'domain1.com',
-                        },
-                    },
-                    {
-                        externalId: 'test-encryption-entity-2',
-                        data: {
-                            access_token: 'secret-2',
-                            domain: 'domain2.com',
-                        },
-                    },
-                    {
-                        externalId: 'test-encryption-entity-3',
-                        data: {
-                            access_token: 'secret-3',
-                            domain: 'domain3.com',
-                        },
-                    },
-                ],
-            });
-            const credentials = await prisma.credential.findMany({
-                where: { externalId: { startsWith: 'test-encryption-' } },
-            });
-            expect(credentials).toHaveLength(3);
-            expect(credentials[0].data.access_token).toBe('secret-1');
-            expect(credentials[1].data.access_token).toBe('secret-2');
-            expect(credentials[2].data.access_token).toBe('secret-3');
-        });
-        it('should return null for non-existent records', async () => {
-            // Use a valid ObjectId format that doesn't exist in database
-            const { ObjectId } = require('mongodb');
-            const nonExistentId = new ObjectId().toString();
-            const found = await prisma.credential.findUnique({
-                where: { id: nonExistentId },
-            });
-            expect(found).toBeNull();
-        });
-        it('should return empty array for no matches', async () => {
-            const credentials = await prisma.credential.findMany({
-                where: { externalId: 'non-existent-external-id' },
-            });
-            expect(credentials).toEqual([]);
-        });
-    });
-    describe('Update Operations', () => {
-        it('should encrypt new values on update', async () => {
-            // Create
-            const created = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'old-token',
-                        domain: 'old.com',
-                    },
-                },
-            });
-            // Update
-            const updated = await prisma.credential.update({
-                where: { id: created.id },
-                data: {
-                    data: {
-                        access_token: 'new-token',
-                        domain: 'new.com',
-                    },
-                },
-            });
-            // Verify decrypted values
-            expect(updated.data.access_token).toBe('new-token');
-            expect(updated.data.domain).toBe('new.com');
-            // Verify raw database has new encrypted value
-            const rawDoc = await repository.getRawCredentialById(created.id);
-            expect(rawDoc.data.access_token).not.toBe('new-token');
-            expect(rawDoc.data.access_token).toContain(':');
-        });
-        it('should handle partial updates', async () => {
-            const created = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'original-token',
-                        refresh_token: 'original-refresh',
-                        domain: 'original.com',
-                    },
-                },
-            });
-            // Update only access_token
-            const updated = await prisma.credential.update({
-                where: { id: created.id },
-                data: {
-                    data: {
-                        ...created.data,
-                        access_token: 'updated-token',
-                    },
-                },
-            });
-            expect(updated.data.access_token).toBe('updated-token');
-            expect(updated.data.refresh_token).toBe('original-refresh');
-            expect(updated.data.domain).toBe('original.com');
-        });
-    });
-    describe('Upsert Operations', () => {
-        it('should encrypt on insert path', async () => {
-            // Use a valid ObjectId format that doesn't exist in database
-            const { ObjectId } = require('mongodb');
-            const nonExistentId = new ObjectId().toString();
-            const upserted = await prisma.credential.upsert({
-                where: {
-                    id: nonExistentId,
-                },
-                create: {
-                    id: nonExistentId,
-                    externalId: 'test-encryption-upsert-entity',
-                    data: {
-                        access_token: 'upsert-create-token',
-                        domain: 'upsert-create.com',
-                    },
-                },
-                update: {
-                    data: {
-                        access_token: 'upsert-update-token',
-                        domain: 'upsert-update.com',
-                    },
-                },
-            });
-            expect(upserted.data.access_token).toBe('upsert-create-token');
-            // Verify encryption in database
-            const rawDoc = await repository.getRawCredentialById(upserted.id);
-            expect(rawDoc.data.access_token).not.toBe('upsert-create-token');
-            expect(rawDoc.data.access_token).toContain(':');
-        });
-        it('should encrypt on update path', async () => {
-            // Create first
-            const created = await prisma.credential.create({
-                data: {
-                    externalId: 'test-encryption-upsert-update-entity',
-                    data: {
-                        access_token: 'original-token',
-                        domain: 'original.com',
-                    },
-                },
-            });
-            // Upsert (should hit update path)
-            const upserted = await prisma.credential.upsert({
-                where: {
-                    id: created.id,
-                },
-                create: {
-                    externalId: 'test-encryption-upsert-update-entity',
-                    data: {
-                        access_token: 'create-path-token',
-                        domain: 'create.com',
-                    },
-                },
-                update: {
-                    data: {
-                        access_token: 'update-path-token',
-                        domain: 'update.com',
-                    },
-                },
-            });
-            expect(upserted.data.access_token).toBe('update-path-token');
-            // Verify encryption in database
-            const rawDoc = await repository.getRawCredentialById(upserted.id);
-            expect(rawDoc.data.access_token).not.toBe('update-path-token');
-            expect(rawDoc.data.access_token).toContain(':');
-        });
-    });
-    describe('Delete Operations', () => {
-        it('should decrypt deleted record', async () => {
-            const created = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'to-be-deleted',
-                        domain: 'delete.com',
-                    },
-                },
-            });
-            const deleted = await prisma.credential.delete({
-                where: { id: created.id },
-            });
-            expect(deleted.data.access_token).toBe('to-be-deleted');
-            expect(deleted.data.domain).toBe('delete.com');
-        });
-    });
-    describe('CreateMany Operations', () => {
-        it('should encrypt fields in bulk create', async () => {
-            const result = await prisma.credential.createMany({
-                data: [
-                    {
-                        externalId: 'test-encryption-bulk-1',
-                        data: {
-                            access_token: 'bulk-secret-1',
-                            domain: 'bulk1.com',
-                        },
-                    },
-                    {
-                        externalId: 'test-encryption-bulk-2',
-                        data: {
-                            access_token: 'bulk-secret-2',
-                            domain: 'bulk2.com',
-                        },
-                    },
-                ],
-            });
-            expect(result.count).toBe(2);
-            // Verify encryption in database by reading back with Prisma and checking one record's raw form
-            const credentials = await prisma.credential.findMany({
-                where: { externalId: { startsWith: 'test-encryption-' } },
-            });
-            // Check raw database for first credential
-            const rawDoc = await repository.getRawCredentialById(credentials[0].id);
-            expect(rawDoc.data.access_token).toContain(':');
-            expect(rawDoc.data.access_token).not.toMatch(/bulk-secret-/);
-            // Verify decryption when reading
-            const tokens = credentials.map((c) => c.data.access_token);
-            expect(tokens).toContain('bulk-secret-1');
-            expect(tokens).toContain('bulk-secret-2');
-        });
-    });
-    describe('Non-Encrypted Fields', () => {
-        it('should not encrypt fields not in schema registry', async () => {
-            const credential = await prisma.credential.create({
-                data: {
-                    externalId: testExternalId,
-                    data: {
-                        access_token: 'secret-token',
-                        domain: 'example.com',
-                        custom_field: 'should-not-encrypt',
-                    },
-                },
-            });
-            // Verify domain is not encrypted (not in schema)
-            const rawDoc = await repository.getRawCredentialById(credential.id);
-            expect(rawDoc.data.domain).toBe('example.com');
-            expect(rawDoc.data.custom_field).toBe('should-not-encrypt');
-            // access_token should be encrypted (in schema)
-            expect(rawDoc.data.access_token).not.toBe('secret-token');
-        });
-    });
-    describe('Error Handling', () => {
-        it('should handle malformed encrypted data gracefully', async () => {
-            let created;
-            try {
-                // Create a credential first to get a valid ID
-                created = await prisma.credential.create({
-                    data: {
-                        externalId: 'test-encryption-malformed-entity',
-                        data: {
-                            access_token: 'valid-token',
-                            domain: 'malformed.com',
-                        },
-                    },
-                });
-                // Manually corrupt the encrypted data in the database
-                // Use realistic corrupted format: 4 colon-separated parts (passes _isEncrypted check)
-                // but contains invalid base64 that will fail during decryption
-                const { ObjectId } = require('mongodb');
-                const dbType = 'mongodb';
-                if (dbType === 'mongodb') {
-                    const { mongoose } = require('../mongoose');
-                    // Ensure mongoose is connected
-                    if (mongoose.connection.readyState !== 1) {
-                        await mongoose.connect(process.env.DATABASE_URL);
-                    }
-                    await mongoose.connection.db.collection('Credential').updateOne(
-                        { _id: new ObjectId(created.id) },
-                        { $set: { 'data.access_token': 'CORRUPT:INVALID:DATA:FAKE=' } }
-                    );
-                } else {
-                    // PostgreSQL - use raw query to corrupt data
-                    await prisma.$executeRaw`
-                        UPDATE "Credential"
-                        SET data = jsonb_set(data, '{access_token}', '"CORRUPT:INVALID:DATA:FAKE="')
-                        WHERE id = ${created.id}
-                    `;
-                }
-                // Attempt to read should fail with decryption error
-                // Fix: Remove async wrapper - expect needs the promise directly for .rejects to work
-                await expect(
-                    prisma.credential.findUnique({
-                        where: { id: created.id },
-                    })
-                ).rejects.toThrow();
-            } finally {
-                // Cleanup - ensure it runs even if test throws
-                // Use raw database delete to bypass Prisma encryption extension
-                // (the encrypted data is corrupted so Prisma delete would fail)
-                if (created) {
-                    const { ObjectId } = require('mongodb');
-                    const { mongoose } = require('../mongoose');
-                    await mongoose.connection.db.collection('Credential').deleteOne(
-                        { _id: new ObjectId(created.id) }
-                    );
-                }
-            }
-        });
-    });
-    describe('Count and Aggregate Operations', () => {
-        it('should not interfere with count operations', async () => {
-            await prisma.credential.createMany({
-                data: [
-                    {
-                        externalId: 'test-encryption-count-1',
-                        data: { access_token: 'token1', domain: 'count1.com' },
-                    },
-                    {
-                        externalId: 'test-encryption-count-2',
-                        data: { access_token: 'token2', domain: 'count2.com' },
-                    },
-                ],
-            });
-            const count = await prisma.credential.count({
-                where: { externalId: { startsWith: 'test-encryption-' } },
-            });
-            expect(count).toBe(2);
-        });
-    });
-});