npm - @friggframework/core - Versions diffs - 2.0.0-next.8 → 2.0.0-next.80 - Mend

@friggframework/core 2.0.0-next.8 → 2.0.0-next.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (303) hide show

package/CLAUDE.md +694 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +210 -0
package/application/commands/scheduler-commands.js +263 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +73 -0
package/assertions/index.js +0 -3
package/core/CLAUDE.md +690 -0
package/core/Worker.js +60 -24
package/core/create-handler.js +79 -8
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +287 -0
package/credential/repositories/credential-repository.js +300 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +268 -0
package/database/encryption/field-encryption-service.js +226 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +222 -0
package/database/index.js +21 -21
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +138 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +94 -0
package/database/utils/mongodb-schema-init.js +108 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +15 -7
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +335 -0
package/generated/prisma-mongodb/index-browser.js +317 -0
package/generated/prisma-mongodb/index.d.ts +22955 -0
package/generated/prisma-mongodb/index.js +360 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/runtime/binary.d.ts +1 -0
package/generated/prisma-mongodb/runtime/binary.js +289 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +362 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +342 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +357 -0
package/generated/prisma-postgresql/index-browser.js +339 -0
package/generated/prisma-postgresql/index.d.ts +25131 -0
package/generated/prisma-postgresql/index.js +382 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/binary.d.ts +1 -0
package/generated/prisma-postgresql/runtime/binary.js +289 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +345 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +364 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +57 -0
package/handlers/backend-utils.js +262 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +516 -0
package/handlers/routers/integration-defined-routers.js +45 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/dlq-processor.js +63 -0
package/handlers/workers/integration-defined-workers.js +23 -0
package/index.js +82 -46
package/infrastructure/scheduler/eventbridge-scheduler-adapter.js +184 -0
package/infrastructure/scheduler/index.js +33 -0
package/infrastructure/scheduler/mock-scheduler-adapter.js +143 -0
package/infrastructure/scheduler/scheduler-service-factory.js +73 -0
package/infrastructure/scheduler/scheduler-service-interface.js +47 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/index.js +12 -10
package/integrations/integration-base.js +364 -55
package/integrations/integration-router.js +375 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +219 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +144 -0
package/integrations/repositories/integration-repository-mongo.js +330 -0
package/integrations/repositories/integration-repository-postgres.js +385 -0
package/integrations/repositories/process-repository-documentdb.js +243 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +90 -0
package/integrations/repositories/process-repository-mongo.js +190 -0
package/integrations/repositories/process-repository-postgres.js +217 -0
package/integrations/tests/doubles/config-capturing-integration.js +81 -0
package/integrations/tests/doubles/dummy-integration-class.js +105 -0
package/integrations/tests/doubles/test-integration-repository.js +112 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +72 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +92 -0
package/integrations/use-cases/update-process-metrics.js +201 -0
package/integrations/use-cases/update-process-state.js +119 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/index.js +0 -10
package/modules/module-factory.js +56 -0
package/modules/module.js +256 -0
package/modules/repositories/module-repository-documentdb.js +335 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +129 -0
package/modules/repositories/module-repository-mongo.js +408 -0
package/modules/repositories/module-repository-postgres.js +453 -0
package/modules/repositories/module-repository.js +345 -0
package/modules/requester/api-key.js +52 -0
package/modules/requester/oauth-2.js +396 -0
package/{module-plugin → modules}/requester/requester.js +4 -2
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +14 -10
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +31 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +177 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +362 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +345 -0
package/queues/queuer-util.js +103 -21
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/associations/index.d.ts +0 -17
package/types/core/index.d.ts +12 -4
package/types/database/index.d.ts +10 -2
package/types/encrypt/index.d.ts +5 -3
package/types/integrations/index.d.ts +3 -8
package/types/module-plugin/index.d.ts +17 -69
package/types/syncs/index.d.ts +0 -17
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/assertions/is-equal.js +0 -17
package/associations/model.js +0 -54
package/database/models/IndividualUser.js +0 -76
package/database/models/OrganizationUser.js +0 -29
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/models/UserModel.js +0 -7
package/database/models/WebsocketConnection.js +0 -49
package/database/mongo.js +0 -45
package/database/mongoose.js +0 -5
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/encrypt/test-encrypt.js +0 -107
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/entity.js +0 -46
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/oauth-2.js +0 -219
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
package/syncs/model.js +0 -62
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/database/use-cases/get-migration-status-use-case.js ADDED Viewed

@@ -0,0 +1,93 @@
+/**
+ * Get Migration Status Use Case
+ *
+ * Retrieves the status of a database migration by process ID.
+ * Formats the Process record for migration-specific response.
+ *
+ * This use case follows the Frigg hexagonal architecture pattern where:
+ * - Routers (adapters) call use cases
+ * - Use cases contain business logic and formatting
+ * - Use cases call repositories for data access
+ */
+class GetMigrationStatusUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {Object} dependencies.migrationStatusRepository - Repository for migration status (S3)
+     */
+    constructor({ migrationStatusRepository }) {
+        if (!migrationStatusRepository) {
+            throw new Error('migrationStatusRepository dependency is required');
+        }
+        this.migrationStatusRepository = migrationStatusRepository;
+    }
+    /**
+     * Execute get migration status
+     *
+     * @param {string} migrationId - Migration ID to retrieve
+     * @param {string} [stage] - Deployment stage (defaults to env.STAGE)
+     * @returns {Promise<Object>} Migration status from S3
+     * @throws {NotFoundError} If migration not found
+     * @throws {ValidationError} If migrationId is invalid
+     */
+    async execute(migrationId, stage = null) {
+        // Validation
+        this._validateParams(migrationId);
+        const effectiveStage = stage || process.env.STAGE || 'production';
+        // Get migration status from S3
+        try {
+            const migrationStatus = await this.migrationStatusRepository.get(migrationId, effectiveStage);
+            return migrationStatus;
+        } catch (error) {
+            if (error.message.includes('not found')) {
+                throw new NotFoundError(`Migration not found: ${migrationId}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validate parameters
+     * @private
+     */
+    _validateParams(migrationId) {
+        if (!migrationId) {
+            throw new ValidationError('migrationId is required');
+        }
+        if (typeof migrationId !== 'string') {
+            throw new ValidationError('migrationId must be a string');
+        }
+    }
+}
+/**
+ * Custom error for validation failures
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}
+/**
+ * Custom error for not found resources
+ */
+class NotFoundError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'NotFoundError';
+        this.statusCode = 404;
+    }
+}
+module.exports = {
+    GetMigrationStatusUseCase,
+    ValidationError,
+    NotFoundError,
+};

package/database/use-cases/run-database-migration-use-case.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * Run Database Migration Use Case
+ *
+ * Business logic for running Prisma database migrations.
+ * Orchestrates Prisma client generation and migration execution.
+ *
+ * This use case follows the Frigg hexagonal architecture pattern where:
+ * - Handlers (adapters) call use cases
+ * - Use cases contain business logic and orchestration
+ * - Use cases call repositories/utilities for data access
+ */
+class RunDatabaseMigrationUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {Object} dependencies.prismaRunner - Prisma runner utilities
+     */
+    constructor({ prismaRunner }) {
+        if (!prismaRunner) {
+            throw new Error('prismaRunner dependency is required');
+        }
+        this.prismaRunner = prismaRunner;
+    }
+    /**
+     * Execute database migration
+     *
+     * @param {Object} params
+     * @param {string} params.dbType - Database type ('postgresql', 'mongodb', or 'documentdb')
+     * @param {string} params.stage - Deployment stage (determines migration command)
+     * @param {boolean} [params.verbose=false] - Enable verbose output
+     * @returns {Promise<Object>} Migration result { success, dbType, stage, command, message }
+     * @throws {MigrationError} If migration fails
+     * @throws {ValidationError} If parameters are invalid
+     */
+    async execute({ dbType, stage, verbose = false }) {
+        // Validation
+        this._validateParams({ dbType, stage });
+        // Step 1: Generate Prisma client
+        const generateResult = await this.prismaRunner.runPrismaGenerate(dbType, verbose);
+        if (!generateResult.success) {
+            throw new MigrationError(
+                `Failed to generate Prisma client: ${generateResult.error || 'Unknown error'}`,
+                { dbType, stage, step: 'generate', output: generateResult.output }
+            );
+        }
+        // Step 2: Run migrations based on database type
+        let migrationResult;
+        let migrationCommand;
+        if (dbType === 'postgresql') {
+            migrationCommand = this.prismaRunner.getMigrationCommand(stage);
+            migrationResult = await this.prismaRunner.runPrismaMigrate(migrationCommand, verbose);
+            if (!migrationResult.success) {
+                throw new MigrationError(
+                    `PostgreSQL migration failed: ${migrationResult.error || 'Unknown error'}`,
+                    { dbType, stage, command: migrationCommand, step: 'migrate', output: migrationResult.output }
+                );
+            }
+        } else if (dbType === 'mongodb' || dbType === 'documentdb') {
+            migrationCommand = 'db push';
+            // Use non-interactive mode for automated/Lambda environments
+            migrationResult = await this.prismaRunner.runPrismaDbPush(verbose, true);
+            if (!migrationResult.success) {
+                throw new MigrationError(
+                    `Mongo-compatible push failed: ${migrationResult.error || 'Unknown error'}`,
+                    { dbType, stage, command: migrationCommand, step: 'push', output: migrationResult.output }
+                );
+            }
+        } else {
+            throw new ValidationError(
+                `Unsupported database type: ${dbType}. Must be 'postgresql', 'mongodb', or 'documentdb'.`
+            );
+        }
+        // Return success result
+        return {
+            success: true,
+            dbType,
+            stage,
+            command: migrationCommand,
+            message: 'Database migration completed successfully',
+        };
+    }
+    /**
+     * Validate execution parameters
+     * @private
+     */
+    _validateParams({ dbType, stage }) {
+        if (!dbType) {
+            throw new ValidationError('dbType is required');
+        }
+        if (typeof dbType !== 'string') {
+            throw new ValidationError('dbType must be a string');
+        }
+        if (!stage) {
+            throw new ValidationError('stage is required');
+        }
+        if (typeof stage !== 'string') {
+            throw new ValidationError('stage must be a string');
+        }
+    }
+}
+/**
+ * Custom error for migration failures
+ */
+class MigrationError extends Error {
+    constructor(message, context = {}) {
+        super(message);
+        this.name = 'MigrationError';
+        this.context = context;
+    }
+}
+/**
+ * Custom error for validation failures
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}
+module.exports = {
+    RunDatabaseMigrationUseCase,
+    MigrationError,
+    ValidationError,
+};

package/database/use-cases/test-encryption-use-case.js ADDED Viewed

@@ -0,0 +1,253 @@
+/**
+ * Use Case for testing encryption functionality.
+ * Contains business logic for verifying that encryption and decryption work correctly.
+ *
+ * Follows DDD/Hexagonal Architecture:
+ * - Application Layer (this use case)
+ * - Depends on Infrastructure Layer (HealthCheckRepository)
+ */
+class TestEncryptionUseCase {
+    /**
+     * @param {Object} params
+     * @param {import('../health-check-repository-interface').HealthCheckRepositoryInterface} params.healthCheckRepository
+     */
+    constructor({ healthCheckRepository }) {
+        this.repository = healthCheckRepository;
+    }
+    /**
+     * Execute encryption test
+     * Orchestrates the full encryption test workflow using Prisma
+     * @returns {Promise<Object>} Test results with status and details
+     */
+    async execute() {
+        const testData = {
+            testSecret: 'This is a secret value that should be encrypted',
+            normalField: 'This is a normal field that should not be encrypted',
+            nestedSecret: {
+                value: 'This is a nested secret that should be encrypted',
+            },
+        };
+        const credentialData = this._mapTestDataToCredential(testData);
+        const credential = await this._withTimeout(
+            this.repository.createCredential(credentialData),
+            5000,
+            'Save operation timed out'
+        );
+        try {
+            const retrievedCredential = await this._withTimeout(
+                this.repository.findCredentialById(credential.id),
+                5000,
+                'Find operation timed out'
+            );
+            const retrievedTestData =
+                this._mapCredentialToTestData(retrievedCredential);
+            const decryptionWorks = this._verifyDecryption(
+                retrievedTestData,
+                testData
+            );
+            const rawCredential = await this._withTimeout(
+                this.repository.getRawCredentialById(credential.id),
+                5000,
+                'Database verification timed out'
+            );
+            const rawTestData = this._mapRawCredentialToTestData(rawCredential);
+            const encryptionResults = this._verifyEncryptionInDatabase(
+                rawTestData,
+                testData
+            );
+            return this._evaluateEncryptionResults(
+                decryptionWorks,
+                encryptionResults
+            );
+        } finally {
+            await this._withTimeout(
+                this.repository.deleteCredential(credential.id),
+                5000,
+                'Delete operation timed out'
+            );
+        }
+    }
+    /**
+     * Map test data format to Credential model format
+     * @param {Object} testData - Test data with testSecret, normalField, nestedSecret
+     * @returns {Object} Credential data structure
+     * @private
+     */
+    _mapTestDataToCredential(testData) {
+        // Note: Using camelCase for Prisma compatibility (both MongoDB and PostgreSQL)
+        // Changed from snake_case (user_id, entity_id) to camelCase (userId, externalId)
+        return {
+            externalId: 'test-encryption-entity',
+            data: {
+                access_token: testData.testSecret,      // Encrypted field
+                refresh_token: testData.nestedSecret?.value, // Encrypted field
+                domain: testData.normalField,           // Not encrypted
+            },
+        };
+    }
+    /**
+     * Map Credential model format to test data format
+     * @param {Object} credential - Credential from database
+     * @returns {Object} Test data format
+     * @private
+     */
+    _mapCredentialToTestData(credential) {
+        if (!credential) {
+            return null;
+        }
+        return {
+            id: credential.id,
+            testSecret: credential.data.access_token,
+            normalField: credential.data.domain,
+            nestedSecret: {
+                value: credential.data.refresh_token,
+            },
+        };
+    }
+    /**
+     * Map raw Credential data to test data format
+     * @param {Object} rawCredential - Raw credential from database
+     * @returns {Object} Test data format with raw encrypted values
+     * @private
+     */
+    _mapRawCredentialToTestData(rawCredential) {
+        if (!rawCredential) {
+            return null;
+        }
+        return {
+            testSecret: rawCredential.data?.access_token,
+            normalField: rawCredential.data?.domain,
+            nestedSecret: {
+                value: rawCredential.data?.refresh_token,
+            },
+        };
+    }
+    /**
+     * Verify that a document was decrypted correctly
+     * @param {Object} retrievedDoc - Document retrieved from database
+     * @param {Object} originalData - Original unencrypted data
+     * @returns {boolean} True if decryption worked correctly
+     * @private
+     */
+    _verifyDecryption(retrievedDoc, originalData) {
+        return (
+            retrievedDoc &&
+            retrievedDoc.testSecret === originalData.testSecret &&
+            retrievedDoc.normalField === originalData.normalField &&
+            retrievedDoc.nestedSecret?.value === originalData.nestedSecret.value
+        );
+    }
+    /**
+     * Verify that data was encrypted in the database
+     * Business rule: Encrypted fields should contain ':' and differ from original
+     * @param {Object} rawDoc - Raw document from database
+     * @param {Object} originalData - Original unencrypted data
+     * @returns {Object} Encryption verification results
+     * @private
+     */
+    _verifyEncryptionInDatabase(rawDoc, originalData) {
+        const secretIsEncrypted =
+            rawDoc &&
+            typeof rawDoc.testSecret === 'string' &&
+            rawDoc.testSecret.includes(':') &&
+            rawDoc.testSecret !== originalData.testSecret;
+        const nestedIsEncrypted =
+            rawDoc?.nestedSecret?.value &&
+            typeof rawDoc.nestedSecret.value === 'string' &&
+            rawDoc.nestedSecret.value.includes(':') &&
+            rawDoc.nestedSecret.value !== originalData.nestedSecret.value;
+        const normalNotEncrypted =
+            rawDoc && rawDoc.normalField === originalData.normalField;
+        return {
+            secretIsEncrypted,
+            nestedIsEncrypted,
+            normalNotEncrypted,
+        };
+    }
+    /**
+     * Evaluate encryption test results
+     * Business logic for determining if encryption is healthy
+     * @param {boolean} decryptionWorks - Whether decryption succeeded
+     * @param {Object} encryptionResults - Encryption verification results
+     * @returns {Object} Test status and result message
+     * @private
+     */
+    _evaluateEncryptionResults(decryptionWorks, encryptionResults) {
+        const { secretIsEncrypted, nestedIsEncrypted, normalNotEncrypted } =
+            encryptionResults;
+        if (
+            decryptionWorks &&
+            secretIsEncrypted &&
+            nestedIsEncrypted &&
+            normalNotEncrypted
+        ) {
+            return {
+                status: 'enabled',
+                testResult:
+                    'Encryption and decryption verified successfully',
+                encryptionWorks: true,
+            };
+        }
+        if (decryptionWorks && (!secretIsEncrypted || !nestedIsEncrypted)) {
+            return {
+                status: 'unhealthy',
+                testResult: 'Fields are not being encrypted in database',
+                encryptionWorks: false,
+            };
+        }
+        if (decryptionWorks && !normalNotEncrypted) {
+            return {
+                status: 'unhealthy',
+                testResult: 'Normal fields are being incorrectly encrypted',
+                encryptionWorks: false,
+            };
+        }
+        return {
+            status: 'unhealthy',
+            testResult: 'Decryption failed or data mismatch',
+            encryptionWorks: false,
+        };
+    }
+    /**
+     * Execute promise with timeout
+     * @param {Promise} promise - Promise to execute
+     * @param {number} ms - Timeout in milliseconds
+     * @param {string} errorMessage - Error message for timeout
+     * @returns {Promise} Promise that rejects on timeout
+     * @private
+     */
+    _withTimeout(promise, ms, errorMessage) {
+        return Promise.race([
+            promise,
+            new Promise((_, reject) =>
+                setTimeout(() => reject(new Error(errorMessage)), ms)
+            ),
+        ]);
+    }
+}
+module.exports = { TestEncryptionUseCase };

package/database/use-cases/trigger-database-migration-use-case.js ADDED Viewed

@@ -0,0 +1,157 @@
+/**
+ * Trigger Database Migration Use Case
+ *
+ * Business logic for triggering async database migrations via SQS queue.
+ * Creates a Process record for tracking and sends migration job to queue.
+ *
+ * This use case follows the Frigg hexagonal architecture pattern where:
+ * - Routers (adapters) call use cases
+ * - Use cases contain business logic and orchestration
+ * - Use cases call repositories for data access
+ * - Use cases delegate infrastructure concerns (SQS) to utilities
+ *
+ * Flow:
+ * 1. Validate migration parameters
+ * 2. Create Process record (state: INITIALIZING)
+ * 3. Send message to SQS queue (fire-and-forget)
+ * 4. Return process info immediately (async pattern)
+ */
+const { QueuerUtil } = require('../../queues/queuer-util');
+class TriggerDatabaseMigrationUseCase {
+    /**
+     * @param {Object} dependencies
+     * @param {Object} dependencies.migrationStatusRepository - Repository for migration status (S3)
+     * @param {Object} [dependencies.queuerUtil] - SQS utility (injectable for testing)
+     */
+    constructor({ migrationStatusRepository, queuerUtil = QueuerUtil }) {
+        if (!migrationStatusRepository) {
+            throw new Error('migrationStatusRepository dependency is required');
+        }
+        this.migrationStatusRepository = migrationStatusRepository;
+        this.queuerUtil = queuerUtil;
+    }
+    /**
+     * Execute database migration trigger
+     *
+     * @param {Object} params
+     * @param {string} params.userId - User ID triggering the migration
+     * @param {string} params.dbType - Database type ('postgresql', 'mongodb', or 'documentdb')
+     * @param {string} params.stage - Deployment stage (determines migration command)
+     * @returns {Promise<Object>} Process info { success, processId, state, statusUrl, message }
+     * @throws {ValidationError} If parameters are invalid
+     * @throws {Error} If process creation or queue send fails
+     */
+    async execute({ userId, dbType, stage }) {
+        // Validation
+        this._validateParams({ userId, dbType, stage });
+        // Create migration status in S3 (no User table dependency)
+        const migrationStatus = await this.migrationStatusRepository.create({
+            stage: stage || process.env.STAGE || 'production',
+            triggeredBy: userId || 'system',
+            triggeredAt: new Date().toISOString(),
+        });
+        console.log(`Created migration status: ${migrationStatus.migrationId}`);
+        // Get queue URL from environment
+        const queueUrl = process.env.DB_MIGRATION_QUEUE_URL;
+        if (!queueUrl) {
+            throw new Error(
+                'DB_MIGRATION_QUEUE_URL environment variable is not set. ' +
+                'Cannot send migration to queue.'
+            );
+        }
+        // Send message to SQS queue (async fire-and-forget)
+        try {
+            await this.queuerUtil.send(
+                {
+                    migrationId: migrationStatus.migrationId,
+                    dbType,
+                    stage,
+                },
+                queueUrl
+            );
+            console.log(`Sent migration job to queue: ${migrationStatus.migrationId}`);
+        } catch (error) {
+            console.error(`Failed to send migration to queue:`, error);
+            // Update migration status to FAILED
+            await this.migrationStatusRepository.update({
+                migrationId: migrationStatus.migrationId,
+                stage: migrationStatus.stage,
+                state: 'FAILED',
+                error: `Failed to queue migration: ${error.message}`,
+            });
+            throw new Error(
+                `Failed to queue migration: ${error.message}`
+            );
+        }
+        // Return migration info immediately (don't wait for migration completion)
+        return {
+            success: true,
+            migrationId: migrationStatus.migrationId,
+            state: migrationStatus.state,
+            statusUrl: `/db-migrate/${migrationStatus.migrationId}`,
+            s3Key: `migrations/${migrationStatus.stage}/${migrationStatus.migrationId}.json`,
+            message: 'Database migration queued successfully',
+        };
+    }
+    /**
+     * Validate execution parameters
+     * @private
+     */
+    _validateParams({ userId, dbType, stage }) {
+        // userId is optional for system migrations
+        if (userId && typeof userId !== 'string') {
+            throw new ValidationError('userId must be a string');
+        }
+        if (!dbType) {
+            throw new ValidationError('dbType is required');
+        }
+        if (typeof dbType !== 'string') {
+            throw new ValidationError('dbType must be a string');
+        }
+        const validDbTypes = ['postgresql', 'mongodb', 'documentdb'];
+        if (!validDbTypes.includes(dbType)) {
+            throw new ValidationError(
+                `Invalid dbType: "${dbType}". Must be one of: ${validDbTypes.join(', ')}`
+            );
+        }
+        if (!stage) {
+            throw new ValidationError('stage is required');
+        }
+        if (typeof stage !== 'string') {
+            throw new ValidationError('stage must be a string');
+        }
+    }
+}
+/**
+ * Custom error for validation failures
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}
+module.exports = {
+    TriggerDatabaseMigrationUseCase,
+    ValidationError,
+};