@friggframework/core 2.0.0-next.6 → 2.0.0-next.61

package/credential/repositories/credential-repository.js

@@ -0,0 +1,302 @@
+const { prisma } = require('../../database/prisma');
+const {
+    CredentialRepositoryInterface,
+} = require('./credential-repository-interface');
+
+/**
+ * Prisma-based Credential Repository
+ * Handles OAuth credentials and API tokens persistence
+ *
+ * Works identically for both MongoDB and PostgreSQL:
+ * - MongoDB: String IDs with @db.ObjectId
+ * - PostgreSQL: Integer IDs with auto-increment
+ * - Both use same query patterns (no many-to-many differences)
+ *
+ * Migration from Mongoose:
+ * - Constructor injection of Prisma client
+ * - Dynamic schema (strict: false) → JSON field (data)
+ * - All OAuth tokens stored in data JSON field
+ * - Mongoose field names → Prisma field names (user → userId)
+ */
+class CredentialRepository extends CredentialRepositoryInterface {
+    constructor(prismaClient = prisma) {
+        super();
+        this.prisma = prismaClient; // Allow injection for testing
+    }
+
+    /**
+     * Find credential by ID
+     * Replaces: Credential.findById(id)
+     *
+     * @param {string} id - Credential ID
+     * @returns {Promise<Object|null>} Credential object or null
+     */
+    async findCredentialById(id) {
+        const credential = await this.prisma.credential.findUnique({
+            where: { id },
+        });
+
+        if (!credential) {
+            return null;
+        }
+
+        // Extract data from JSON field
+        const data = credential.data || {};
+
+        return {
+            _id: credential.id,
+            id: credential.id,
+            user: credential.userId,
+            userId: credential.userId,
+            externalId: credential.externalId,
+            authIsValid: credential.authIsValid,
+            ...data, // Spread OAuth tokens from JSON field
+        };
+    }
+
+    /**
+     * Update authentication status
+     * Replaces: Credential.updateOne({ _id: credentialId }, { $set: { authIsValid } })
+     *
+     * @param {string} credentialId - Credential ID
+     * @param {boolean} authIsValid - Authentication validity status
+     * @returns {Promise<Object>} Update result
+     */
+    async updateAuthenticationStatus(credentialId, authIsValid) {
+        await this.prisma.credential.update({
+            where: { id: credentialId },
+            data: { authIsValid },
+        });
+
+        return { acknowledged: true, modifiedCount: 1 };
+    }
+
+    /**
+     * Permanently remove a credential document
+     * Replaces: Credential.deleteOne({ _id: credentialId })
+     *
+     * @param {string} credentialId - Credential ID
+     * @returns {Promise<Object>} Deletion result
+     */
+    async deleteCredentialById(credentialId) {
+        try {
+            await this.prisma.credential.delete({
+                where: { id: credentialId },
+            });
+            return { acknowledged: true, deletedCount: 1 };
+        } catch (error) {
+            if (error.code === 'P2025') {
+                // Record not found
+                return { acknowledged: true, deletedCount: 0 };
+            }
+            throw error;
+        }
+    }
+
+    /**
+     * Create or update credential matching identifiers
+     * Replaces: Credential.findOneAndUpdate(query, update, { upsert: true })
+     *
+     * @param {{identifiers: Object, details: Object}} credentialDetails
+     * @returns {Promise<Object>} The persisted credential
+     */
+    async upsertCredential(credentialDetails) {
+        const { identifiers, details } = credentialDetails;
+        if (!identifiers)
+            throw new Error('identifiers required to upsert credential');
+
+        // Build where clause from identifiers
+        const where = this._convertIdentifiersToWhere(identifiers);
+
+        // Separate schema fields from dynamic OAuth data
+        const {
+            user,
+            userId,
+            externalId,
+            authIsValid,
+            
+            ...oauthData
+        } = details;
+
+        // Find existing credential
+        const existing = await this.prisma.credential.findFirst({ where });
+
+        if (existing) {
+            // Update existing - merge OAuth data into existing data JSON
+            const mergedData = { ...(existing.data || {}), ...oauthData };
+
+            const updated = await this.prisma.credential.update({
+                where: { id: existing.id },
+                data: {
+                    userId: userId || user || existing.userId,
+                    externalId:
+                        externalId !== undefined
+                            ? externalId
+                            : existing.externalId,
+                    authIsValid:
+                        authIsValid !== undefined
+                            ? authIsValid
+                            : existing.authIsValid,
+                    data: mergedData,
+                },
+            });
+
+            return {
+                id: updated.id,
+                externalId: updated.externalId,
+                userId: updated.userId,
+                authIsValid: updated.authIsValid,
+                ...(updated.data || {}),
+            };
+        }
+
+        // Create new credential
+        const created = await this.prisma.credential.create({
+            data: {
+                userId: userId || user,
+                externalId,
+                authIsValid: authIsValid,
+                
+                data: oauthData,
+            },
+        });
+
+        return {
+            id: created.id,
+            externalId: created.externalId,
+            userId: created.userId,
+            authIsValid: created.authIsValid,
+            ...(created.data || {}),
+        };
+    }
+
+    /**
+     * Find a credential by filter criteria
+     * Replaces: Credential.findOne(query)
+     *
+     * @param {Object} filter
+     * @param {string} [filter.userId] - User ID
+     * @param {string} [filter.externalId] - External ID
+     * @param {string} [filter.credentialId] - Credential ID
+     * @returns {Promise<Object|null>} Credential object or null if not found
+     */
+    async findCredential(filter) {
+        const where = this._convertFilterToWhere(filter);
+
+        const credential = await this.prisma.credential.findFirst({
+            where,
+        });
+
+        if (!credential) {
+            return null;
+        }
+
+        const data = credential.data || {};
+
+        return {
+            id: credential.id,
+            userId: credential.userId,
+            externalId: credential.externalId,
+            authIsValid: credential.authIsValid,
+            access_token: data.access_token,
+            refresh_token: data.refresh_token,
+            domain: data.domain,
+            ...data,
+        };
+    }
+
+    /**
+     * Update a credential by ID
+     * Replaces: Credential.findByIdAndUpdate(credentialId, { $set: updates })
+     *
+     * @param {string} credentialId - Credential ID
+     * @param {Object} updates - Fields to update
+     * @returns {Promise<Object|null>} Updated credential object or null if not found
+     */
+    async updateCredential(credentialId, updates) {
+        // Get existing credential to merge OAuth data
+        const existing = await this.prisma.credential.findUnique({
+            where: { id: credentialId },
+        });
+
+        if (!existing) {
+            return null;
+        }
+
+        // Separate schema fields from OAuth data
+        const {
+            user,
+            userId,
+            externalId,
+            authIsValid,
+            
+            ...oauthData
+        } = updates;
+
+        // Merge OAuth data with existing
+        const mergedData = { ...(existing.data || {}), ...oauthData };
+
+        const updated = await this.prisma.credential.update({
+            where: { id: credentialId },
+            data: {
+                userId: userId || user || existing.userId,
+                externalId:
+                    externalId !== undefined ? externalId : existing.externalId,
+                authIsValid:
+                    authIsValid !== undefined ? authIsValid : existing.authIsValid,
+                data: mergedData,
+            },
+        });
+
+        const data = updated.data || {};
+
+        return {
+            id: updated.id,
+            userId: updated.userId,
+            externalId: updated.externalId,
+            authIsValid: updated.authIsValid,
+            access_token: data.access_token,
+            refresh_token: data.refresh_token,
+            domain: data.domain,
+            ...data,
+        };
+    }
+
+    /**
+     * Convert identifiers to Prisma where clause
+     * @private
+     * @param {Object} identifiers - Identifier fields
+     * @returns {Object} Prisma where clause
+     */
+    _convertIdentifiersToWhere(identifiers) {
+        const where = {};
+
+        if (identifiers._id) where.id = identifiers._id;
+        if (identifiers.id) where.id = identifiers.id;
+        if (identifiers.user) where.userId = identifiers.user;
+        if (identifiers.userId) where.userId = identifiers.userId;
+        if (identifiers.externalId) where.externalId = identifiers.externalId;
+
+        return where;
+    }
+
+    /**
+     * Convert filter to Prisma where clause
+     * @private
+     * @param {Object} filter - Filter criteria
+     * @returns {Object} Prisma where clause
+     */
+    _convertFilterToWhere(filter) {
+        const where = {};
+
+        if (filter.credentialId) where.id = filter.credentialId;
+        if (filter.id) where.id = filter.id;
+        if (filter.user) where.userId = filter.user;
+        if (filter.userId) where.userId = filter.userId;
+        if (filter.externalId) where.externalId = filter.externalId;
+
+        return where;
+    }
+}
+
+module.exports = { CredentialRepository };

package/credential/use-cases/get-credential-for-user.js

@@ -0,0 +1,25 @@
+class GetCredentialForUser {
+    constructor({ credentialRepository }) {
+        this.credentialRepository = credentialRepository;
+    }
+
+    async execute(credentialId, userId) {
+        const credential = await this.credentialRepository.findCredentialById(
+            credentialId
+        );
+
+        if (!credential) {
+            throw new Error(`Credential with id ${credentialId} not found`);
+        }
+
+        if (credential.userId.toString() !== userId.toString()) {
+            throw new Error(
+                `Credential ${credentialId} does not belong to user ${userId}`
+            );
+        }
+
+        return credential;
+    }
+}
+
+module.exports = { GetCredentialForUser };

package/credential/use-cases/update-authentication-status.js

@@ -0,0 +1,15 @@
+class UpdateAuthenticationStatus {
+    constructor({ credentialRepository }) {
+        this.credentialRepository = credentialRepository;
+    }
+
+    /**
+     * @param {string} credentialId
+     * @param {boolean} authIsValid
+     */
+    async execute(credentialId, authIsValid) {
+        await this.credentialRepository.updateAuthenticationStatus(credentialId, authIsValid);
+    }
+}
+
+module.exports = { UpdateAuthenticationStatus };

package/database/MONGODB_TRANSACTION_FIX.md

@@ -0,0 +1,198 @@
+# MongoDB Transaction Namespace Fix
+
+## Problem
+
+The encryption health check was failing with the following error:
+
+```
+Cannot create namespace frigg.Credential in multi-document transaction.
+Error code: 263
+```
+
+### Root Cause
+
+MongoDB does not allow creating collections (namespaces) inside multi-document transactions. When Prisma tries to create a document in a collection that doesn't exist yet, MongoDB needs to implicitly create the collection. If this happens inside a transaction context, MongoDB throws error code 263.
+
+### Technical Details
+
+- **MongoDB Constraint**: Collections must exist before being used in multi-document transactions
+- **Prisma Behavior**: Prisma may implicitly use transactions for certain operations
+- **Impact**: Health checks fail on fresh databases or when collections haven't been created yet
+
+## Solution
+
+**Implemented a comprehensive schema initialization system that ensures all collections exist at application startup.**
+
+### Architectural Approach
+
+Rather than checking before each individual database operation, we take a **systematic, fail-fast approach**:
+
+1. **Parse Prisma Schema**: Extract all collection names from the Prisma schema definition
+2. **Initialize at Startup**: Create all collections when the database connection is established
+3. **Fail Fast**: If there are database issues, the application fails immediately at startup rather than during runtime operations
+4. **Idempotent**: Safe to run multiple times - only creates collections that don't exist
+
+This follows the **"fail fast"** principle and ensures consistent state across all application instances.
+
+### Changes Made
+
+1. **Created MongoDB Schema Initialization** (`packages/core/database/utils/mongodb-schema-init.js`)
+   - `initializeMongoDBSchema()` - Ensures all Prisma collections exist at startup
+   - `getPrismaCollections()` - Returns list of all Prisma collection names
+   - `PRISMA_COLLECTIONS` - Constant array of all 13 Prisma collections
+   - Only runs for MongoDB (skips PostgreSQL)
+   - Fails fast if database not connected
+
+2. **Created MongoDB Collection Utilities** (`packages/core/database/utils/mongodb-collection-utils.js`)
+   - `ensureCollectionExists(collectionName)` - Ensures a single collection exists
+   - `ensureCollectionsExist(collectionNames)` - Batch creates multiple collections
+   - `collectionExists(collectionName)` - Checks if a collection exists
+   - Handles race conditions gracefully (NamespaceExists errors)
+
+3. **Integrated into Database Connection** (`packages/core/database/prisma.js`)
+   - Modified `connectPrisma()` to call `initializeMongoDBSchema()` after connection
+   - Ensures all collections exist before application handles requests
+
+4. **Updated Health Check Repository** (`packages/core/database/repositories/health-check-repository-mongodb.js`)
+   - Removed per-operation collection existence checks
+   - Added documentation noting schema is initialized at startup
+
+5. **Added Comprehensive Tests**
+   - `mongodb-schema-init.test.js` - Tests schema initialization system
+   - `mongodb-collection-utils.test.js` - Tests collection utility functions
+   - Tests error handling, race conditions, and edge cases
+
+### Implementation Flow
+
+```javascript
+// 1. Application startup - connect to database
+await connectPrisma();
+  └─> await initializeMongoDBSchema();
+       └─> await ensureCollectionsExist([
+            'User', 'Token', 'Credential', 'Entity',
+            'Integration', 'IntegrationMapping', 'Process',
+            'Sync', 'DataIdentifier', 'Association',
+            'AssociationObject', 'State', 'WebsocketConnection'
+           ]);
+
+// 2. Now all collections exist - safe to handle requests
+// No per-operation checks needed!
+await prisma.credential.create({ data: {...} }); // Works without namespace error
+```
+
+## Best Practices Followed
+
+1. **Domain-Driven Design**: Created reusable utility module for MongoDB-specific concerns
+2. **Hexagonal Architecture**: Infrastructure concerns (schema initialization) handled in infrastructure layer
+3. **Test-Driven Development**: Added comprehensive tests for all utility functions
+4. **Fail Fast Principle**: Database issues discovered at startup, not during runtime
+5. **Idempotency**: Safe to run multiple times across multiple instances
+6. **Error Handling**: Graceful degradation on race conditions and errors
+7. **Documentation**: Inline comments, JSDoc, and comprehensive documentation
+
+## Benefits
+
+### Immediate Benefits
+- ✅ Fixes encryption health check failures on fresh databases
+- ✅ Prevents transaction namespace errors across **all** Prisma operations
+- ✅ No per-operation overhead - collections created once at startup
+- ✅ Fail fast - database issues discovered immediately at startup
+- ✅ Idempotent - safe to run multiple times and across multiple instances
+
+### Architectural Benefits
+- ✅ **Clean separation of concerns**: Schema initialization is infrastructure concern, handled at startup
+- ✅ **Follows DDD/Hexagonal Architecture**: Infrastructure layer handles database setup, repositories focus on business operations
+- ✅ **Consistent across all environments**: Dev, test, staging, production all follow same pattern
+- ✅ **No repository-level checks needed**: All repositories benefit automatically
+- ✅ **Well-tested and documented**: Comprehensive test coverage and documentation
+
+### Operational Benefits
+- ✅ **Predictable startup**: Clear logging of schema initialization
+- ✅ **Zero runtime overhead**: Collections created once, not on every operation
+- ✅ **Production-ready**: Handles race conditions, errors, and edge cases gracefully
+
+## Design Decisions
+
+### Why Initialize at Startup?
+
+We considered two approaches:
+
+**❌ Per-Operation Checks (Initial approach)**
+```javascript
+async createCredential(data) {
+    await ensureCollectionExists('Credential'); // Check every time
+    return await prisma.credential.create({ data });
+}
+```
+- Pros: Guarantees collection exists before each operation
+- Cons: Runtime overhead, repeated checks, scattered logic
+
+**✅ Startup Initialization (Final approach)**
+```javascript
+// Once at startup
+await connectPrisma(); // Initializes all collections
+
+// All operations just work
+async createCredential(data) {
+    return await prisma.credential.create({ data }); // No checks needed
+}
+```
+- Pros: Zero runtime overhead, centralized logic, fail fast, consistent
+- Cons: Requires database connection at startup (already required)
+
+### Benefits of Startup Approach
+
+1. **Performance**: Collections created once vs. checking before every operation
+2. **Simplicity**: No conditional logic in repositories
+3. **Reliability**: Fail fast at startup if database has issues
+4. **Maintainability**: Single source of truth for schema initialization
+5. **DDD Alignment**: Infrastructure concerns handled in infrastructure layer
+
+## Logging Output
+
+When the application starts, you'll see clear logging:
+
+```
+Initializing MongoDB schema - ensuring all collections exist...
+Created MongoDB collection: Credential
+MongoDB schema initialization complete - 13 collections verified (45ms)
+```
+
+On subsequent startups (collections already exist):
+```
+Initializing MongoDB schema - ensuring all collections exist...
+MongoDB schema initialization complete - 13 collections verified (12ms)
+```
+
+## References
+
+- [Prisma Issue #8305](https://github.com/prisma/prisma/issues/8305) - MongoDB "Cannot create namespace" error
+- [Mongoose Issue #6699](https://github.com/Automattic/mongoose/issues/6699) - Similar issue in Mongoose
+- [MongoDB Transactions Documentation](https://www.mongodb.com/docs/manual/core/transactions/#transactions-and-operations) - Operations allowed in transactions
+- [Prisma MongoDB Guide](https://www.prisma.io/docs/guides/database/mongodb) - Using Prisma with MongoDB
+
+## Future Considerations
+
+### Automatic Schema Sync
+Consider enhancing the system to:
+- Parse Prisma schema file dynamically to extract collection names
+- Auto-detect schema changes and create new collections
+- Provide CLI command for manual schema initialization
+
+### Migration Support
+For production deployments with existing data:
+- Document migration procedures for new collections
+- Consider pre-migration scripts for blue-green deployments
+- Add health check for schema initialization status
+
+### Multi-Database Support
+The system already handles:
+- ✅ MongoDB - Full schema initialization
+- ✅ PostgreSQL - Skips initialization (uses Prisma migrations)
+- Consider adding explicit migration support for DocumentDB-specific features
+
+### Index Creation
+Future enhancement could also create indexes at startup:
+- Parse Prisma schema for `@@index` directives
+- Create indexes if they don't exist
+- Provide index health checks

package/database/adapters/lambda-invoker.js

@@ -0,0 +1,97 @@
+/**
+ * Lambda Invoker Adapter
+ * Infrastructure layer - handles AWS Lambda function invocations
+ * 
+ * Part of Hexagonal Architecture:
+ * - Infrastructure Layer adapter for AWS SDK
+ * - Used by Domain Layer use cases
+ * - Isolates AWS-specific logic from business logic
+ */
+
+const { LambdaClient, InvokeCommand } = require('@aws-sdk/client-lambda');
+
+/**
+ * Custom error for Lambda invocation failures
+ * Provides structured error information for debugging
+ */
+class LambdaInvocationError extends Error {
+    constructor(message, functionName, statusCode) {
+        super(message);
+        this.name = 'LambdaInvocationError';
+        this.functionName = functionName;
+        this.statusCode = statusCode;
+    }
+}
+
+/**
+ * Adapter for invoking AWS Lambda functions
+ * 
+ * Infrastructure layer - handles AWS SDK communication
+ * Converts AWS SDK responses to domain-friendly formats
+ */
+class LambdaInvoker {
+    /**
+     * @param {LambdaClient} lambdaClient - AWS Lambda client (injected for testability)
+     */
+    constructor(lambdaClient = new LambdaClient({})) {
+        this.client = lambdaClient;
+    }
+
+    /**
+     * Invoke Lambda function synchronously
+     * 
+     * @param {string} functionName - Lambda function name or ARN
+     * @param {Object} payload - Event payload to send to Lambda
+     * @returns {Promise<Object>} Parsed response body
+     * @throws {LambdaInvocationError} If Lambda returns error status
+     * @throws {Error} If AWS SDK call fails
+     */
+    async invoke(functionName, payload) {
+        try {
+            const command = new InvokeCommand({
+                FunctionName: functionName,
+                InvocationType: 'RequestResponse', // Synchronous
+                Payload: JSON.stringify(payload),
+            });
+
+            const response = await this.client.send(command);
+
+            // Parse response payload
+            let result;
+            try {
+                result = JSON.parse(Buffer.from(response.Payload).toString());
+            } catch (parseError) {
+                throw new LambdaInvocationError(
+                    `Failed to parse Lambda response: ${parseError.message}`,
+                    functionName,
+                    null
+                );
+            }
+
+            // Check status code
+            if (result.statusCode === 200) {
+                return result.body;
+            }
+
+            // Lambda returned error status
+            const errorMessage = result.body?.error || 'Lambda invocation failed';
+            throw new LambdaInvocationError(
+                `Lambda ${functionName} returned error: ${errorMessage}`,
+                functionName,
+                result.statusCode
+            );
+        } catch (error) {
+            // Re-throw LambdaInvocationError as-is
+            if (error instanceof LambdaInvocationError) {
+                throw error;
+            }
+
+            // Wrap AWS SDK errors
+            throw new Error(`Failed to invoke Lambda ${functionName}: ${error.message}`);
+        }
+    }
+}
+
+module.exports = { LambdaInvoker, LambdaInvocationError };
+
+