@friggframework/core 2.0.0-next.77 → 2.0.0-next.79

package/errors/fetch-error.js

@@ -12,14 +12,14 @@ class FetchError extends BaseError {
     constructor(options = {}) {
         const { resource, init, response, responseBody } = options;
         const method = init?.method ?? 'GET';
-        const initText = init
+        let initText = init
             ? init.body instanceof URLSearchParams
                 ? (() => {
-                      init.body = init.body.toString();
-                      return JSON.stringify({ init }, null, 2);
-                  })()
+                    init.body = init.body.toString();
+                    return JSON.stringify({ init }, null, 2);
+                })()
                 : JSON.stringify({ init }, null, 2)
-            : '';        
+            : '';
 
         let responseBodyText = '<response body is unavailable>';
         if (typeof responseBody === 'string') {
@@ -35,10 +35,17 @@ class FetchError extends BaseError {
             }
         }
 
-        const responseHeaderText = response
+        let responseHeaderText = response
             ? JSON.stringify({ headers: responseHeaders }, null, 2)
             : '';
 
+        // sanitize error reporting
+        if (process.env.STAGE !== 'dev') {
+            initText = false;
+            responseHeaderText = false;
+            responseBodyText = false;
+        }
+
         const messageParts = [
             stripIndent`
                 -----------------------------------------------------

package/handlers/backend-utils.js

@@ -154,9 +154,9 @@ const createQueueWorker = (integrationClass) => {
                         params.data.processId,
                         integrationClass
                     );
-                    if (integrationInstance?.status === 'DISABLED') {
+                    if (['DISABLED', 'ERROR'].includes(integrationInstance?.status)) {
                         console.warn(
-                            `[${integrationClass.Definition.name}] Integration for process ${params.data.processId} is DISABLED. Discarding ${params.event} message.`
+                            `[${integrationClass.Definition.name}] Integration for process ${params.data.processId} is ${integrationInstance.status}. Discarding ${params.event} message.`
                         );
                         return;
                     }
@@ -170,9 +170,9 @@ const createQueueWorker = (integrationClass) => {
                         );
                         return;
                     }
-                    if (integrationInstance.status === 'DISABLED') {
+                    if (['DISABLED', 'ERROR'].includes(integrationInstance.status)) {
                         console.warn(
-                            `[${integrationClass.Definition.name}] Integration ${params.data.integrationId} is DISABLED. Discarding ${params.event} message.`
+                            `[${integrationClass.Definition.name}] Integration ${params.data.integrationId} is ${integrationInstance.status}. Discarding ${params.event} message.`
                         );
                         return;
                     }

package/integrations/integration-base.js

@@ -248,6 +248,15 @@ class IntegrationBase {
                 modules[key] = module;
                 this[key] = module;
             }
+
+            // Wire the Delegate pattern so Module can notify this integration
+            // of events it cannot handle itself (e.g. credential invalidation
+            // needing an Integration.status flip). Without this, Module.notify
+            // silently no-ops and Integration.status never updates on auth
+            // failure.
+            if (module && typeof module === 'object') {
+                module.delegate = this;
+            }
         }
 
         return modules;
@@ -530,6 +539,35 @@ class IntegrationBase {
         // For backward compatibility, this is a no-op
         return;
     }
+
+    /**
+     * Receives notifications from modules (the Delegate pattern) when
+     * something integration-level needs attention. Today this catches the
+     * `CREDENTIAL_INVALIDATED` event Module fires from `markCredentialsInvalid`
+     * and flips this integration's status to DISABLED so the queue worker
+     * stops processing further webhooks until the user re-authorizes.
+     *
+     * Modules are wired to this delegate in `_appendModules()`, which runs
+     * during `setIntegrationRecord()` — this covers every construction path
+     * (HTTP read, queue worker, create/update/delete flows, etc.).
+     *
+     * The delegate string below must match `Module.DLGT_CREDENTIAL_INVALIDATED`
+     * in `packages/core/modules/module.js`.
+     *
+     * @param {Object} notifier - The module that fired the event
+     * @param {string} delegateString - Event type string
+     * @param {Object} [object] - Optional event payload
+     * @returns {Promise<void>}
+     */
+    async receiveNotification(notifier, delegateString, object = null) {
+        if (delegateString !== 'CREDENTIAL_INVALIDATED') return;
+        if (!this.id) return;
+        console.log(
+            `[Frigg] Module ${notifier?.name || '?'} reported invalid credentials for integration ${this.id} — marking ERROR`
+        );
+        await this.updateIntegrationStatus.execute(this.id, 'ERROR');
+        this.status = 'ERROR';
+    }
 }
 
 module.exports = { IntegrationBase };

package/integrations/integration-router.js

@@ -190,6 +190,7 @@ function createIntegrationRouter() {
     const processAuthorizationCallback = new ProcessAuthorizationCallback({
         moduleRepository,
         credentialRepository,
+        integrationRepository,
         moduleDefinitions:
             getModulesDefinitionFromIntegrationClasses(integrationClasses),
     });

package/integrations/repositories/integration-repository-documentdb.js

@@ -26,6 +26,15 @@ class IntegrationRepositoryDocumentDB extends IntegrationRepositoryInterface {
         return records.map((doc) => this._mapIntegration(doc));
     }
 
+    async findIntegrationsByEntityId(entityId) {
+        const objectId = toObjectId(entityId);
+        if (!objectId) return [];
+        const records = await findMany(this.prisma, 'Integration', {
+            entityIds: objectId,
+        });
+        return records.map((doc) => this._mapIntegration(doc));
+    }
+
     async deleteIntegrationById(integrationId) {
         const objectId = toObjectId(integrationId);
         if (!objectId) return { acknowledged: true, deletedCount: 0 };

package/integrations/repositories/integration-repository-interface.js

@@ -122,6 +122,23 @@ class IntegrationRepositoryInterface {
     async updateIntegrationConfig(integrationId, config) {
         throw new Error('Method updateIntegrationConfig must be implemented by subclass');
     }
+
+    /**
+     * Find all integrations whose entity set includes the given entity ID.
+     *
+     * Used by the authorization callback flow to walk up from a re-authorized
+     * entity to its parent integrations so that any in a broken state (ERROR,
+     * DISABLED) can be restored to ENABLED.
+     *
+     * @param {string|number} entityId - Entity ID
+     * @returns {Promise<Array>} Array of integration objects (possibly empty)
+     * @abstract
+     */
+    async findIntegrationsByEntityId(entityId) {
+        throw new Error(
+            'Method findIntegrationsByEntityId must be implemented by subclass'
+        );
+    }
 }
 
 module.exports = { IntegrationRepositoryInterface };

package/integrations/repositories/integration-repository-mongo.js

@@ -200,6 +200,33 @@ class IntegrationRepositoryMongo extends IntegrationRepositoryInterface {
         return true; // Mongoose compatibility
     }
 
+    /**
+     * Find all integrations whose entity set includes the given entity ID.
+     *
+     * @param {string} entityId - Entity ID (MongoDB ObjectId as string)
+     * @returns {Promise<Array>} Array of integration objects (possibly empty)
+     */
+    async findIntegrationsByEntityId(entityId) {
+        const integrations = await this.prisma.integration.findMany({
+            where: {
+                entityIds: { has: entityId },
+            },
+            include: {
+                entities: true,
+            },
+        });
+
+        return integrations.map((integration) => ({
+            id: integration.id,
+            entitiesIds: integration.entities.map((e) => e.id),
+            userId: integration.userId,
+            config: integration.config,
+            version: integration.version,
+            status: integration.status,
+            messages: integration.messages,
+        }));
+    }
+
     /**
      * Create a new integration
      * Replaces: IntegrationModel.create({ entities, user, config })

package/integrations/repositories/integration-repository-postgres.js

@@ -347,6 +347,39 @@ class IntegrationRepositoryPostgres extends IntegrationRepositoryInterface {
             messages: converted.messages,
         };
     }
+
+    /**
+     * Find all integrations whose entity set includes the given entity ID.
+     *
+     * @param {string|number} entityId - Entity ID (string from application layer)
+     * @returns {Promise<Array>} Array of integration objects with string IDs (possibly empty)
+     */
+    async findIntegrationsByEntityId(entityId) {
+        const intEntityId = this._convertId(entityId);
+        const integrations = await this.prisma.integration.findMany({
+            where: {
+                entities: {
+                    some: { id: intEntityId },
+                },
+            },
+            include: {
+                entities: true,
+            },
+        });
+
+        return integrations.map((integration) => {
+            const converted = this._convertIntegrationIds(integration);
+            return {
+                id: converted.id,
+                entitiesIds: converted.entities.map((e) => e.id),
+                userId: converted.userId,
+                config: converted.config,
+                version: converted.version,
+                status: converted.status,
+                messages: converted.messages,
+            };
+        });
+    }
 }
 
 module.exports = { IntegrationRepositoryPostgres };

package/integrations/tests/doubles/test-integration-repository.js

@@ -46,6 +46,19 @@ class TestIntegrationRepository {
         return record || null;
     }
 
+    async findIntegrationsByEntityId(entityId) {
+        const target = String(entityId);
+        const results = Array.from(this.store.values()).filter((r) =>
+            (r.entitiesIds || []).map(String).includes(target)
+        );
+        this.operationHistory.push({
+            operation: 'findByEntityId',
+            entityId: target,
+            count: results.length,
+        });
+        return results;
+    }
+
     async updateIntegrationMessages(id, type, title, body, timestamp) {
         const rec = this.store.get(id);
         if (!rec) {

package/modules/module.js

@@ -37,6 +37,10 @@ class Module extends Delegate {
         this.credentialRepository = createCredentialRepository();
         this.moduleRepository = createModuleRepository();
 
+        // Module → parent delegate (typically IntegrationBase) events
+        this.DLGT_CREDENTIAL_INVALIDATED = 'CREDENTIAL_INVALIDATED';
+        this.delegateTypes.push(this.DLGT_CREDENTIAL_INVALIDATED);
+
         Object.assign(this, this.definition.requiredAuthMethods);
 
         const apiParams = {
@@ -142,6 +146,30 @@ class Module extends Delegate {
         // Keep the in-memory snapshot consistent so that callers can read the
         // updated state without another fetch.
         this.credential.authIsValid = false;
+
+        // Propagate upward so a parent delegate (e.g. IntegrationBase) can
+        // react — for instance by flipping Integration.status to DISABLED.
+        // Delegate.notify is a silent no-op when this.delegate is null, so
+        // Module instances constructed outside of an Integration context
+        // (e.g. during ProcessAuthorizationCallback) remain unaffected.
+        //
+        // Best-effort: this method is invoked from the OAuth2Requester 401
+        // refresh catch block, which depends on us NOT throwing. A DB hiccup
+        // in the downstream status flip must not alter refreshAuth's
+        // documented `return false` contract. The credential has already
+        // been persisted as invalid; integrations left un-flipped can be
+        // recovered by the next retry or by operator intervention.
+        try {
+            await this.notify(this.DLGT_CREDENTIAL_INVALIDATED, {
+                credentialId: this.credential.id,
+                moduleName: this.name,
+            });
+        } catch (err) {
+            console.error(
+                `[Frigg] Failed to propagate CREDENTIAL_INVALIDATED for module ${this.name}:`,
+                err?.message || err
+            );
+        }
     }
 
     async deauthorize() {

package/modules/use-cases/process-authorization-callback.js

@@ -1,17 +1,30 @@
 const { Module } = require('../module');
 const { ModuleConstants } = require('../ModuleConstants');
 
+// Statuses considered "broken" for an integration whose credentials have just
+// been successfully re-authorized. Both ERROR (system-driven auth failure) and
+// DISABLED (user paused the integration) are flipped back to ENABLED when the
+// user completes a new authorization flow.
+const STATUSES_RESET_ON_REAUTH = ['ERROR', 'DISABLED'];
+
 class ProcessAuthorizationCallback {
     /**
      * @param {Object} params - Configuration parameters.
      * @param {import('../repositories/module-repository-factory').ModuleRepositoryInterface} params.moduleRepository - Repository for module data operations.
      * @param {import('../../credential/repositories/credential-repository-factory').CredentialRepositoryInterface} params.credentialRepository - Repository for credential data operations.
      * @param {Array<Object>} params.moduleDefinitions - Array of module definitions.
+     * @param {import('../../integrations/repositories/integration-repository-interface').IntegrationRepositoryInterface} [params.integrationRepository] - Repository for integration data operations. When provided, integrations in a broken state linked to the re-authorized entity are restored to ENABLED.
      */
-    constructor({ moduleRepository, credentialRepository, moduleDefinitions }) {
+    constructor({
+        moduleRepository,
+        credentialRepository,
+        moduleDefinitions,
+        integrationRepository,
+    }) {
         this.moduleRepository = moduleRepository;
         this.credentialRepository = credentialRepository;
         this.moduleDefinitions = moduleDefinitions;
+        this.integrationRepository = integrationRepository;
     }
 
     async execute(userId, entityType, params) {
@@ -73,6 +86,18 @@ class ProcessAuthorizationCallback {
             module.credential.id
         );
 
+        // Best-effort: a hiccup here must not fail a successful re-auth whose
+        // credential + entity are already persisted. Operators can recover
+        // stuck integrations manually.
+        try {
+            await this.restoreIntegrationsForEntity(persistedEntity.id);
+        } catch (err) {
+            console.error(
+                `[Frigg] Failed to restore integrations for entity ${persistedEntity.id} after successful re-auth — manual intervention may be needed`,
+                err
+            );
+        }
+
         return {
             credential_id: module.credential.id,
             entity_id: persistedEntity.id,
@@ -80,6 +105,25 @@ class ProcessAuthorizationCallback {
         };
     }
 
+    async restoreIntegrationsForEntity(entityId) {
+        if (!this.integrationRepository) return;
+        const integrations =
+            await this.integrationRepository.findIntegrationsByEntityId(
+                entityId
+            );
+        for (const integration of integrations) {
+            if (STATUSES_RESET_ON_REAUTH.includes(integration.status)) {
+                console.log(
+                    `[Frigg] Restoring integration ${integration.id} from ${integration.status} to ENABLED after successful re-auth (entityId=${entityId})`
+                );
+                await this.integrationRepository.updateIntegrationStatus(
+                    integration.id,
+                    'ENABLED'
+                );
+            }
+        }
+    }
+
     async onTokenUpdate(module, moduleDefinition, userId) {
         const credentialDetails =
             await moduleDefinition.requiredAuthMethods.getCredentialDetails(

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@friggframework/core",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0-next.77",
+    "version": "2.0.0-next.79",
     "dependencies": {
         "@aws-sdk/client-apigatewaymanagementapi": "^3.588.0",
         "@aws-sdk/client-kms": "^3.588.0",
@@ -38,9 +38,9 @@
         }
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0-next.77",
-        "@friggframework/prettier-config": "2.0.0-next.77",
-        "@friggframework/test": "2.0.0-next.77",
+        "@friggframework/eslint-config": "2.0.0-next.79",
+        "@friggframework/prettier-config": "2.0.0-next.79",
+        "@friggframework/test": "2.0.0-next.79",
         "@prisma/client": "^6.17.0",
         "@types/lodash": "4.17.15",
         "@typescript-eslint/eslint-plugin": "^8.0.0",
@@ -80,5 +80,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "0f451bd5c8493b4ec6f82964a976cf2533aa94d8"
+    "gitHead": "b2a04b537ad3efb6206d14862f5dff5053829c73"
 }