npm - @friggframework/core - Versions diffs - 2.0.0-next.6 → 2.0.0-next.60 - Mend

@friggframework/core 2.0.0-next.6 → 2.0.0-next.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/CLAUDE.md +694 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +210 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +69 -0
package/core/CLAUDE.md +690 -0
package/core/Worker.js +8 -21
package/core/create-handler.js +14 -7
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +291 -0
package/credential/repositories/credential-repository.js +302 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +268 -0
package/database/encryption/field-encryption-service.js +226 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +222 -0
package/database/index.js +61 -21
package/database/models/WebsocketConnection.js +16 -10
package/database/models/readme.md +1 -0
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +134 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/health-check-repository.js +108 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +91 -0
package/database/utils/mongodb-schema-init.js +106 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/encrypt/test-encrypt.js +0 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +2 -1
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +334 -0
package/generated/prisma-mongodb/index-browser.js +316 -0
package/generated/prisma-mongodb/index.d.ts +22903 -0
package/generated/prisma-mongodb/index.js +359 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/runtime/binary.d.ts +1 -0
package/generated/prisma-mongodb/runtime/binary.js +289 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +360 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +341 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +356 -0
package/generated/prisma-postgresql/index-browser.js +338 -0
package/generated/prisma-postgresql/index.d.ts +25077 -0
package/generated/prisma-postgresql/index.js +381 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/binary.d.ts +1 -0
package/generated/prisma-postgresql/runtime/binary.js +289 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +343 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +363 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +56 -0
package/handlers/backend-utils.js +186 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +516 -0
package/handlers/routers/integration-defined-routers.js +45 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/integration-defined-workers.js +27 -0
package/index.js +77 -22
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/index.js +12 -10
package/integrations/integration-base.js +326 -55
package/integrations/integration-router.js +374 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +210 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +127 -0
package/integrations/repositories/integration-repository-mongo.js +303 -0
package/integrations/repositories/integration-repository-postgres.js +352 -0
package/integrations/repositories/process-repository-documentdb.js +243 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +90 -0
package/integrations/repositories/process-repository-mongo.js +190 -0
package/integrations/repositories/process-repository-postgres.js +217 -0
package/integrations/tests/doubles/dummy-integration-class.js +83 -0
package/integrations/tests/doubles/test-integration-repository.js +99 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +72 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +93 -0
package/integrations/use-cases/update-process-metrics.js +201 -0
package/integrations/use-cases/update-process-state.js +119 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/entity.js +1 -1
package/{module-plugin → modules}/index.js +0 -8
package/modules/module-factory.js +56 -0
package/modules/module.js +221 -0
package/modules/repositories/module-repository-documentdb.js +307 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +129 -0
package/modules/repositories/module-repository-mongo.js +377 -0
package/modules/repositories/module-repository-postgres.js +426 -0
package/modules/repositories/module-repository.js +316 -0
package/modules/requester/api-key.js +52 -0
package/{module-plugin → modules}/requester/requester.js +1 -0
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +12 -8
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +31 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +133 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +360 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +343 -0
package/queues/queuer-util.js +27 -22
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/core/index.d.ts +2 -2
package/types/integrations/index.d.ts +2 -6
package/types/module-plugin/index.d.ts +5 -59
package/types/syncs/index.d.ts +0 -2
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/mongo.js +0 -45
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/requester/oauth-2.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/database/use-cases/check-encryption-health-use-case.js ADDED Viewed

@@ -0,0 +1,83 @@
+class CheckEncryptionHealthUseCase {
+    constructor({ testEncryptionUseCase }) {
+        this.testEncryptionUseCase = testEncryptionUseCase;
+    }
+    async execute() {
+        const config = this._getEncryptionConfiguration();
+        if (config.isBypassed || config.mode === 'none') {
+            const testResult = config.isBypassed
+                ? 'Encryption bypassed for this stage'
+                : 'No encryption keys configured';
+            return {
+                status: 'disabled',
+                mode: config.mode,
+                bypassed: config.isBypassed,
+                stage: config.stage,
+                testResult,
+                encryptionWorks: false,
+                debug: {
+                    hasKMS: config.hasKMS,
+                    hasAES: config.hasAES,
+                },
+            };
+        }
+        try {
+            const testResults = await this.testEncryptionUseCase.execute();
+            return {
+                ...testResults,
+                mode: config.mode,
+                bypassed: config.isBypassed,
+                stage: config.stage,
+                debug: {
+                    hasKMS: config.hasKMS,
+                    hasAES: config.hasAES,
+                },
+            };
+        } catch (error) {
+            return {
+                status: 'unhealthy',
+                mode: config.mode,
+                bypassed: config.isBypassed,
+                stage: config.stage,
+                testResult: `Encryption test failed: ${error.message}`,
+                encryptionWorks: false,
+                debug: {
+                    hasKMS: config.hasKMS,
+                    hasAES: config.hasAES,
+                },
+            };
+        }
+    }
+    _getEncryptionConfiguration() {
+        const { STAGE, BYPASS_ENCRYPTION_STAGE, KMS_KEY_ARN, AES_KEY_ID } =
+            process.env;
+        const defaultBypassStages = ['dev', 'test', 'local'];
+        const useEnv = BYPASS_ENCRYPTION_STAGE !== undefined;
+        const bypassStages = useEnv
+            ? BYPASS_ENCRYPTION_STAGE.split(',').map((s) => s.trim())
+            : defaultBypassStages;
+        const isBypassed = bypassStages.includes(STAGE);
+        const hasAES = AES_KEY_ID && AES_KEY_ID.trim() !== '';
+        const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '';
+        // Prefer KMS over AES when both are configured (KMS is more secure)
+        const mode = hasKMS ? 'kms' : hasAES ? 'aes' : 'none';
+        return {
+            stage: STAGE || null,
+            isBypassed,
+            hasAES,
+            hasKMS,
+            mode,
+        };
+    }
+}
+module.exports = { CheckEncryptionHealthUseCase };

package/database/use-cases/get-database-state-via-worker-use-case.js ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Get Database State Via Worker Use Case
+ *
+ * Domain logic for getting database state by invoking the worker Lambda.
+ * This use case delegates to the worker Lambda which has Prisma CLI installed,
+ * keeping the router Lambda lightweight.
+ *
+ * Architecture: Hexagonal/Clean
+ * - Use Case (Domain Layer)
+ * - Depends on LambdaInvoker (Infrastructure abstraction)
+ * - Called by Router (Adapter Layer)
+ */
+/**
+ * Domain Use Case: Get database state by invoking worker Lambda
+ *
+ * This use case delegates database state checking to the worker Lambda,
+ * which has Prisma CLI installed. Keeps the router Lambda lightweight.
+ */
+class GetDatabaseStateViaWorkerUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {LambdaInvoker} dependencies.lambdaInvoker - Lambda invocation adapter
+     * @param {string} dependencies.workerFunctionName - Worker Lambda function name
+     */
+    constructor({ lambdaInvoker, workerFunctionName }) {
+        if (!lambdaInvoker) {
+            throw new Error('lambdaInvoker dependency is required');
+        }
+        if (!workerFunctionName) {
+            throw new Error('workerFunctionName is required');
+        }
+        this.lambdaInvoker = lambdaInvoker;
+        this.workerFunctionName = workerFunctionName;
+    }
+    /**
+     * Execute database state check via worker Lambda
+     *
+     * @param {string} stage - Deployment stage (prod, dev, etc)
+     * @returns {Promise<Object>} Database state result
+     */
+    async execute(stage = 'production') {
+        const dbType = process.env.DB_TYPE || 'postgresql';
+        console.log(`Invoking worker Lambda to check database state: ${this.workerFunctionName}`);
+        // Invoke worker Lambda with checkStatus action
+        const result = await this.lambdaInvoker.invoke(this.workerFunctionName, {
+            action: 'checkStatus',
+            dbType,
+            stage,
+        });
+        return result;
+    }
+}
+module.exports = { GetDatabaseStateViaWorkerUseCase };

package/database/use-cases/get-migration-status-use-case.js ADDED Viewed

@@ -0,0 +1,93 @@
+/**
+ * Get Migration Status Use Case
+ *
+ * Retrieves the status of a database migration by process ID.
+ * Formats the Process record for migration-specific response.
+ *
+ * This use case follows the Frigg hexagonal architecture pattern where:
+ * - Routers (adapters) call use cases
+ * - Use cases contain business logic and formatting
+ * - Use cases call repositories for data access
+ */
+class GetMigrationStatusUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {Object} dependencies.migrationStatusRepository - Repository for migration status (S3)
+     */
+    constructor({ migrationStatusRepository }) {
+        if (!migrationStatusRepository) {
+            throw new Error('migrationStatusRepository dependency is required');
+        }
+        this.migrationStatusRepository = migrationStatusRepository;
+    }
+    /**
+     * Execute get migration status
+     *
+     * @param {string} migrationId - Migration ID to retrieve
+     * @param {string} [stage] - Deployment stage (defaults to env.STAGE)
+     * @returns {Promise<Object>} Migration status from S3
+     * @throws {NotFoundError} If migration not found
+     * @throws {ValidationError} If migrationId is invalid
+     */
+    async execute(migrationId, stage = null) {
+        // Validation
+        this._validateParams(migrationId);
+        const effectiveStage = stage || process.env.STAGE || 'production';
+        // Get migration status from S3
+        try {
+            const migrationStatus = await this.migrationStatusRepository.get(migrationId, effectiveStage);
+            return migrationStatus;
+        } catch (error) {
+            if (error.message.includes('not found')) {
+                throw new NotFoundError(`Migration not found: ${migrationId}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validate parameters
+     * @private
+     */
+    _validateParams(migrationId) {
+        if (!migrationId) {
+            throw new ValidationError('migrationId is required');
+        }
+        if (typeof migrationId !== 'string') {
+            throw new ValidationError('migrationId must be a string');
+        }
+    }
+}
+/**
+ * Custom error for validation failures
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}
+/**
+ * Custom error for not found resources
+ */
+class NotFoundError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'NotFoundError';
+        this.statusCode = 404;
+    }
+}
+module.exports = {
+    GetMigrationStatusUseCase,
+    ValidationError,
+    NotFoundError,
+};

package/database/use-cases/run-database-migration-use-case.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * Run Database Migration Use Case
+ *
+ * Business logic for running Prisma database migrations.
+ * Orchestrates Prisma client generation and migration execution.
+ *
+ * This use case follows the Frigg hexagonal architecture pattern where:
+ * - Handlers (adapters) call use cases
+ * - Use cases contain business logic and orchestration
+ * - Use cases call repositories/utilities for data access
+ */
+class RunDatabaseMigrationUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {Object} dependencies.prismaRunner - Prisma runner utilities
+     */
+    constructor({ prismaRunner }) {
+        if (!prismaRunner) {
+            throw new Error('prismaRunner dependency is required');
+        }
+        this.prismaRunner = prismaRunner;
+    }
+    /**
+     * Execute database migration
+     *
+     * @param {Object} params
+     * @param {string} params.dbType - Database type ('postgresql', 'mongodb', or 'documentdb')
+     * @param {string} params.stage - Deployment stage (determines migration command)
+     * @param {boolean} [params.verbose=false] - Enable verbose output
+     * @returns {Promise<Object>} Migration result { success, dbType, stage, command, message }
+     * @throws {MigrationError} If migration fails
+     * @throws {ValidationError} If parameters are invalid
+     */
+    async execute({ dbType, stage, verbose = false }) {
+        // Validation
+        this._validateParams({ dbType, stage });
+        // Step 1: Generate Prisma client
+        const generateResult = await this.prismaRunner.runPrismaGenerate(dbType, verbose);
+        if (!generateResult.success) {
+            throw new MigrationError(
+                `Failed to generate Prisma client: ${generateResult.error || 'Unknown error'}`,
+                { dbType, stage, step: 'generate', output: generateResult.output }
+            );
+        }
+        // Step 2: Run migrations based on database type
+        let migrationResult;
+        let migrationCommand;
+        if (dbType === 'postgresql') {
+            migrationCommand = this.prismaRunner.getMigrationCommand(stage);
+            migrationResult = await this.prismaRunner.runPrismaMigrate(migrationCommand, verbose);
+            if (!migrationResult.success) {
+                throw new MigrationError(
+                    `PostgreSQL migration failed: ${migrationResult.error || 'Unknown error'}`,
+                    { dbType, stage, command: migrationCommand, step: 'migrate', output: migrationResult.output }
+                );
+            }
+        } else if (dbType === 'mongodb' || dbType === 'documentdb') {
+            migrationCommand = 'db push';
+            // Use non-interactive mode for automated/Lambda environments
+            migrationResult = await this.prismaRunner.runPrismaDbPush(verbose, true);
+            if (!migrationResult.success) {
+                throw new MigrationError(
+                    `Mongo-compatible push failed: ${migrationResult.error || 'Unknown error'}`,
+                    { dbType, stage, command: migrationCommand, step: 'push', output: migrationResult.output }
+                );
+            }
+        } else {
+            throw new ValidationError(
+                `Unsupported database type: ${dbType}. Must be 'postgresql', 'mongodb', or 'documentdb'.`
+            );
+        }
+        // Return success result
+        return {
+            success: true,
+            dbType,
+            stage,
+            command: migrationCommand,
+            message: 'Database migration completed successfully',
+        };
+    }
+    /**
+     * Validate execution parameters
+     * @private
+     */
+    _validateParams({ dbType, stage }) {
+        if (!dbType) {
+            throw new ValidationError('dbType is required');
+        }
+        if (typeof dbType !== 'string') {
+            throw new ValidationError('dbType must be a string');
+        }
+        if (!stage) {
+            throw new ValidationError('stage is required');
+        }
+        if (typeof stage !== 'string') {
+            throw new ValidationError('stage must be a string');
+        }
+    }
+}
+/**
+ * Custom error for migration failures
+ */
+class MigrationError extends Error {
+    constructor(message, context = {}) {
+        super(message);
+        this.name = 'MigrationError';
+        this.context = context;
+    }
+}
+/**
+ * Custom error for validation failures
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}
+module.exports = {
+    RunDatabaseMigrationUseCase,
+    MigrationError,
+    ValidationError,
+};

package/database/use-cases/test-encryption-use-case.js ADDED Viewed

@@ -0,0 +1,253 @@
+/**
+ * Use Case for testing encryption functionality.
+ * Contains business logic for verifying that encryption and decryption work correctly.
+ *
+ * Follows DDD/Hexagonal Architecture:
+ * - Application Layer (this use case)
+ * - Depends on Infrastructure Layer (HealthCheckRepository)
+ */
+class TestEncryptionUseCase {
+    /**
+     * @param {Object} params
+     * @param {import('../health-check-repository-interface').HealthCheckRepositoryInterface} params.healthCheckRepository
+     */
+    constructor({ healthCheckRepository }) {
+        this.repository = healthCheckRepository;
+    }
+    /**
+     * Execute encryption test
+     * Orchestrates the full encryption test workflow using Prisma
+     * @returns {Promise<Object>} Test results with status and details
+     */
+    async execute() {
+        const testData = {
+            testSecret: 'This is a secret value that should be encrypted',
+            normalField: 'This is a normal field that should not be encrypted',
+            nestedSecret: {
+                value: 'This is a nested secret that should be encrypted',
+            },
+        };
+        const credentialData = this._mapTestDataToCredential(testData);
+        const credential = await this._withTimeout(
+            this.repository.createCredential(credentialData),
+            5000,
+            'Save operation timed out'
+        );
+        try {
+            const retrievedCredential = await this._withTimeout(
+                this.repository.findCredentialById(credential.id),
+                5000,
+                'Find operation timed out'
+            );
+            const retrievedTestData =
+                this._mapCredentialToTestData(retrievedCredential);
+            const decryptionWorks = this._verifyDecryption(
+                retrievedTestData,
+                testData
+            );
+            const rawCredential = await this._withTimeout(
+                this.repository.getRawCredentialById(credential.id),
+                5000,
+                'Database verification timed out'
+            );
+            const rawTestData = this._mapRawCredentialToTestData(rawCredential);
+            const encryptionResults = this._verifyEncryptionInDatabase(
+                rawTestData,
+                testData
+            );
+            return this._evaluateEncryptionResults(
+                decryptionWorks,
+                encryptionResults
+            );
+        } finally {
+            await this._withTimeout(
+                this.repository.deleteCredential(credential.id),
+                5000,
+                'Delete operation timed out'
+            );
+        }
+    }
+    /**
+     * Map test data format to Credential model format
+     * @param {Object} testData - Test data with testSecret, normalField, nestedSecret
+     * @returns {Object} Credential data structure
+     * @private
+     */
+    _mapTestDataToCredential(testData) {
+        // Note: Using camelCase for Prisma compatibility (both MongoDB and PostgreSQL)
+        // Changed from snake_case (user_id, entity_id) to camelCase (userId, externalId)
+        return {
+            externalId: 'test-encryption-entity',
+            data: {
+                access_token: testData.testSecret,      // Encrypted field
+                refresh_token: testData.nestedSecret?.value, // Encrypted field
+                domain: testData.normalField,           // Not encrypted
+            },
+        };
+    }
+    /**
+     * Map Credential model format to test data format
+     * @param {Object} credential - Credential from database
+     * @returns {Object} Test data format
+     * @private
+     */
+    _mapCredentialToTestData(credential) {
+        if (!credential) {
+            return null;
+        }
+        return {
+            id: credential.id,
+            testSecret: credential.data.access_token,
+            normalField: credential.data.domain,
+            nestedSecret: {
+                value: credential.data.refresh_token,
+            },
+        };
+    }
+    /**
+     * Map raw Credential data to test data format
+     * @param {Object} rawCredential - Raw credential from database
+     * @returns {Object} Test data format with raw encrypted values
+     * @private
+     */
+    _mapRawCredentialToTestData(rawCredential) {
+        if (!rawCredential) {
+            return null;
+        }
+        return {
+            testSecret: rawCredential.data?.access_token,
+            normalField: rawCredential.data?.domain,
+            nestedSecret: {
+                value: rawCredential.data?.refresh_token,
+            },
+        };
+    }
+    /**
+     * Verify that a document was decrypted correctly
+     * @param {Object} retrievedDoc - Document retrieved from database
+     * @param {Object} originalData - Original unencrypted data
+     * @returns {boolean} True if decryption worked correctly
+     * @private
+     */
+    _verifyDecryption(retrievedDoc, originalData) {
+        return (
+            retrievedDoc &&
+            retrievedDoc.testSecret === originalData.testSecret &&
+            retrievedDoc.normalField === originalData.normalField &&
+            retrievedDoc.nestedSecret?.value === originalData.nestedSecret.value
+        );
+    }
+    /**
+     * Verify that data was encrypted in the database
+     * Business rule: Encrypted fields should contain ':' and differ from original
+     * @param {Object} rawDoc - Raw document from database
+     * @param {Object} originalData - Original unencrypted data
+     * @returns {Object} Encryption verification results
+     * @private
+     */
+    _verifyEncryptionInDatabase(rawDoc, originalData) {
+        const secretIsEncrypted =
+            rawDoc &&
+            typeof rawDoc.testSecret === 'string' &&
+            rawDoc.testSecret.includes(':') &&
+            rawDoc.testSecret !== originalData.testSecret;
+        const nestedIsEncrypted =
+            rawDoc?.nestedSecret?.value &&
+            typeof rawDoc.nestedSecret.value === 'string' &&
+            rawDoc.nestedSecret.value.includes(':') &&
+            rawDoc.nestedSecret.value !== originalData.nestedSecret.value;
+        const normalNotEncrypted =
+            rawDoc && rawDoc.normalField === originalData.normalField;
+        return {
+            secretIsEncrypted,
+            nestedIsEncrypted,
+            normalNotEncrypted,
+        };
+    }
+    /**
+     * Evaluate encryption test results
+     * Business logic for determining if encryption is healthy
+     * @param {boolean} decryptionWorks - Whether decryption succeeded
+     * @param {Object} encryptionResults - Encryption verification results
+     * @returns {Object} Test status and result message
+     * @private
+     */
+    _evaluateEncryptionResults(decryptionWorks, encryptionResults) {
+        const { secretIsEncrypted, nestedIsEncrypted, normalNotEncrypted } =
+            encryptionResults;
+        if (
+            decryptionWorks &&
+            secretIsEncrypted &&
+            nestedIsEncrypted &&
+            normalNotEncrypted
+        ) {
+            return {
+                status: 'enabled',
+                testResult:
+                    'Encryption and decryption verified successfully',
+                encryptionWorks: true,
+            };
+        }
+        if (decryptionWorks && (!secretIsEncrypted || !nestedIsEncrypted)) {
+            return {
+                status: 'unhealthy',
+                testResult: 'Fields are not being encrypted in database',
+                encryptionWorks: false,
+            };
+        }
+        if (decryptionWorks && !normalNotEncrypted) {
+            return {
+                status: 'unhealthy',
+                testResult: 'Normal fields are being incorrectly encrypted',
+                encryptionWorks: false,
+            };
+        }
+        return {
+            status: 'unhealthy',
+            testResult: 'Decryption failed or data mismatch',
+            encryptionWorks: false,
+        };
+    }
+    /**
+     * Execute promise with timeout
+     * @param {Promise} promise - Promise to execute
+     * @param {number} ms - Timeout in milliseconds
+     * @param {string} errorMessage - Error message for timeout
+     * @returns {Promise} Promise that rejects on timeout
+     * @private
+     */
+    _withTimeout(promise, ms, errorMessage) {
+        return Promise.race([
+            promise,
+            new Promise((_, reject) =>
+                setTimeout(() => reject(new Error(errorMessage)), ms)
+            ),
+        ]);
+    }
+}
+module.exports = { TestEncryptionUseCase };