npm - @friggframework/core - Versions diffs - 2.0.0-next.8 → 2.0.0-next.80 - Mend

@friggframework/core 2.0.0-next.8 → 2.0.0-next.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (303) hide show

package/CLAUDE.md +694 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +210 -0
package/application/commands/scheduler-commands.js +263 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +73 -0
package/assertions/index.js +0 -3
package/core/CLAUDE.md +690 -0
package/core/Worker.js +60 -24
package/core/create-handler.js +79 -8
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +287 -0
package/credential/repositories/credential-repository.js +300 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +268 -0
package/database/encryption/field-encryption-service.js +226 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +222 -0
package/database/index.js +21 -21
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +138 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +94 -0
package/database/utils/mongodb-schema-init.js +108 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +15 -7
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +335 -0
package/generated/prisma-mongodb/index-browser.js +317 -0
package/generated/prisma-mongodb/index.d.ts +22955 -0
package/generated/prisma-mongodb/index.js +360 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-mongodb/runtime/binary.d.ts +1 -0
package/generated/prisma-mongodb/runtime/binary.js +289 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +362 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +342 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +357 -0
package/generated/prisma-postgresql/index-browser.js +339 -0
package/generated/prisma-postgresql/index.d.ts +25131 -0
package/generated/prisma-postgresql/index.js +382 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query-engine-debian-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query-engine-rhel-openssl-3.0.x +0 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/binary.d.ts +1 -0
package/generated/prisma-postgresql/runtime/binary.js +289 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +345 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +364 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +57 -0
package/handlers/backend-utils.js +262 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +516 -0
package/handlers/routers/integration-defined-routers.js +45 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/dlq-processor.js +63 -0
package/handlers/workers/integration-defined-workers.js +23 -0
package/index.js +82 -46
package/infrastructure/scheduler/eventbridge-scheduler-adapter.js +184 -0
package/infrastructure/scheduler/index.js +33 -0
package/infrastructure/scheduler/mock-scheduler-adapter.js +143 -0
package/infrastructure/scheduler/scheduler-service-factory.js +73 -0
package/infrastructure/scheduler/scheduler-service-interface.js +47 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/index.js +12 -10
package/integrations/integration-base.js +364 -55
package/integrations/integration-router.js +375 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +219 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +144 -0
package/integrations/repositories/integration-repository-mongo.js +330 -0
package/integrations/repositories/integration-repository-postgres.js +385 -0
package/integrations/repositories/process-repository-documentdb.js +243 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +90 -0
package/integrations/repositories/process-repository-mongo.js +190 -0
package/integrations/repositories/process-repository-postgres.js +217 -0
package/integrations/tests/doubles/config-capturing-integration.js +81 -0
package/integrations/tests/doubles/dummy-integration-class.js +105 -0
package/integrations/tests/doubles/test-integration-repository.js +112 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +72 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +92 -0
package/integrations/use-cases/update-process-metrics.js +201 -0
package/integrations/use-cases/update-process-state.js +119 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/index.js +0 -10
package/modules/module-factory.js +56 -0
package/modules/module.js +256 -0
package/modules/repositories/module-repository-documentdb.js +335 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +129 -0
package/modules/repositories/module-repository-mongo.js +408 -0
package/modules/repositories/module-repository-postgres.js +453 -0
package/modules/repositories/module-repository.js +345 -0
package/modules/requester/api-key.js +52 -0
package/modules/requester/oauth-2.js +396 -0
package/{module-plugin → modules}/requester/requester.js +4 -2
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +14 -10
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +31 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +177 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +362 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +345 -0
package/queues/queuer-util.js +103 -21
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/associations/index.d.ts +0 -17
package/types/core/index.d.ts +12 -4
package/types/database/index.d.ts +10 -2
package/types/encrypt/index.d.ts +5 -3
package/types/integrations/index.d.ts +3 -8
package/types/module-plugin/index.d.ts +17 -69
package/types/syncs/index.d.ts +0 -17
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/assertions/is-equal.js +0 -17
package/associations/model.js +0 -54
package/database/models/IndividualUser.js +0 -76
package/database/models/OrganizationUser.js +0 -29
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/models/UserModel.js +0 -7
package/database/models/WebsocketConnection.js +0 -49
package/database/mongo.js +0 -45
package/database/mongoose.js +0 -5
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/encrypt/test-encrypt.js +0 -107
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/entity.js +0 -46
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/oauth-2.js +0 -219
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
package/syncs/model.js +0 -62
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/user/repositories/user-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,441 @@
+const bcrypt = require('bcryptjs');
+const { prisma } = require('../../database/prisma');
+const {
+    toObjectId,
+    fromObjectId,
+    findOne,
+    insertOne,
+    updateOne,
+    deleteOne,
+} = require('../../database/documentdb-utils');
+const {
+    createTokenRepository,
+} = require('../../token/repositories/token-repository-factory');
+const { UserRepositoryInterface } = require('./user-repository-interface');
+const { ClientSafeError } = require('../../errors');
+const {
+    DocumentDBEncryptionService,
+} = require('../../database/documentdb-encryption-service');
+/**
+ * User repository for DocumentDB.
+ * Uses DocumentDBEncryptionService for field-level encryption.
+ *
+ * Encrypted fields: User.hashword
+ *
+ * @see DocumentDBEncryptionService
+ * @see encryption-schema-registry.js
+ */
+class UserRepositoryDocumentDB extends UserRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+        this.tokenRepository = createTokenRepository();
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+    async getSessionToken(token) {
+        const jsonToken =
+            this.tokenRepository.getJSONTokenFromBase64BufferToken(token);
+        const sessionToken = await this.tokenRepository.validateAndGetToken(
+            jsonToken
+        );
+        return sessionToken;
+    }
+    async findOrganizationUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'ORGANIZATION',
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'INDIVIDUAL',
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async createToken(userId, rawToken, minutes = 120) {
+        const createdToken = await this.tokenRepository.createTokenWithExpire(
+            fromObjectId(toObjectId(userId)),
+            rawToken,
+            minutes
+        );
+        return this.tokenRepository.createBase64BufferToken(
+            createdToken,
+            rawToken
+        );
+    }
+    async createIndividualUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'INDIVIDUAL',
+            email: params.email ?? null,
+            username: params.username ?? null,
+            appUserId: params.appUserId ?? null,
+            organizationId: params.organization
+                ? toObjectId(params.organization)
+                : params.organizationId
+                ? toObjectId(params.organizationId)
+                : null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new ClientSafeError('Password must be a string', 400);
+            }
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            // Bcrypt hash the password
+            document.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+        // Encrypt sensitive fields before insert
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'User',
+            document
+        );
+        const insertedId = await insertOne(
+            this.prisma,
+            'User',
+            encryptedDocument
+        );
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error(
+                '[UserRepositoryDocumentDB] User not found after insert',
+                {
+                    insertedId: fromObjectId(insertedId),
+                    params: {
+                        username: params.username,
+                        appUserId: params.appUserId,
+                        email: params.email,
+                    },
+                }
+            );
+            throw new Error(
+                'Failed to create individual user: Document not found after insert. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            created
+        );
+        return this._mapUser(decrypted);
+    }
+    async createOrganizationUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'ORGANIZATION',
+            appOrgId: params.appOrgId ?? null,
+            name: params.name ?? null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        // Encrypt sensitive fields before insert (consistency with individual user)
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'User',
+            document
+        );
+        const insertedId = await insertOne(
+            this.prisma,
+            'User',
+            encryptedDocument
+        );
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error(
+                '[UserRepositoryDocumentDB] Organization user not found after insert',
+                {
+                    insertedId: fromObjectId(insertedId),
+                    params: {
+                        appOrgId: params.appOrgId,
+                        name: params.name,
+                    },
+                }
+            );
+            throw new Error(
+                'Failed to create organization user: Document not found after insert. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            created
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByUsername(username) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            username,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByAppUserId(appUserId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            appUserId,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'ORGANIZATION',
+            appOrgId,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByEmail(email) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            email,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async updateIndividualUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = await this._prepareUpdatePayload(updates);
+        payload.updatedAt = new Date();
+        // Encrypt sensitive fields before update
+        const encryptedPayload = await this.encryptionService.encryptFields(
+            'User',
+            payload
+        );
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'INDIVIDUAL' },
+            { $set: encryptedPayload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        // Defensive check: verify document was found after update
+        if (!updated) {
+            console.error(
+                '[UserRepositoryDocumentDB] Individual user not found after update',
+                {
+                    userId: fromObjectId(objectId),
+                    updates,
+                }
+            );
+            throw new Error(
+                'Failed to update individual user: Document not found after update. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            updated
+        );
+        return this._mapUser(decrypted);
+    }
+    async updateOrganizationUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = { ...updates, updatedAt: new Date() };
+        const encryptedPayload = await this.encryptionService.encryptFields(
+            'User',
+            payload
+        );
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'ORGANIZATION' },
+            { $set: encryptedPayload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        if (!updated) {
+            console.error(
+                '[UserRepositoryDocumentDB] Organization user not found after update',
+                {
+                    userId: fromObjectId(objectId),
+                    updates,
+                }
+            );
+            throw new Error(
+                'Failed to update organization user: Document not found after update. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            updated
+        );
+        return this._mapUser(decrypted);
+    }
+    async deleteUser(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return false;
+        const result = await deleteOne(this.prisma, 'User', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+    _mapUser(doc) {
+        if (!doc) {
+            console.warn(
+                '[UserRepositoryDocumentDB] _mapUser received null/undefined document'
+            );
+            return null;
+        }
+        // Use optional chaining for robustness
+        return {
+            id: fromObjectId(doc?._id),
+            type: doc?.type ?? null,
+            email: doc?.email ?? null,
+            username: doc?.username ?? null,
+            hashword: doc?.hashword ?? null,
+            appUserId: doc?.appUserId ?? null,
+            organizationId: doc?.organizationId
+                ? fromObjectId(doc.organizationId)
+                : null,
+            appOrgId: doc?.appOrgId ?? null,
+            name: doc?.name ?? null,
+            createdAt: this._parseDate(doc?.createdAt),
+            updatedAt: this._parseDate(doc?.updatedAt),
+        };
+    }
+    async _prepareUpdatePayload(updates = {}) {
+        const payload = { ...updates };
+        if (
+            payload.hashword !== undefined &&
+            payload.hashword !== null &&
+            payload.hashword !== ''
+        ) {
+            if (typeof payload.hashword !== 'string') {
+                throw new ClientSafeError('Password must be a string', 400);
+            }
+            if (payload.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            payload.hashword = await bcrypt.hash(payload.hashword, 10);
+        }
+        if (payload.organization !== undefined) {
+            payload.organizationId = toObjectId(payload.organization);
+            delete payload.organization;
+        }
+        if (payload.organizationId !== undefined) {
+            payload.organizationId = payload.organizationId
+                ? toObjectId(payload.organizationId)
+                : null;
+        }
+        return payload;
+    }
+    /**
+     * Parse date value safely, returning undefined for invalid dates
+     * @private
+     * @param {*} value - Date value from database
+     * @returns {Date|undefined} Valid Date object or undefined
+     */
+    _parseDate(value) {
+        if (!value) return undefined;
+        const date = new Date(value);
+        return isNaN(date.getTime()) ? undefined : date;
+    }
+    /**
+     * Link an individual user to an organization user
+     * @param {string} individualUserId - Individual user ID (MongoDB ObjectId string)
+     * @param {string} organizationUserId - Organization user ID (MongoDB ObjectId string)
+     * @returns {Promise<Object>} Updated individual user object
+     */
+    async linkIndividualToOrganization(individualUserId, organizationUserId) {
+        const doc = await updateOne(
+            this.prisma,
+            'User',
+            { _id: toObjectId(individualUserId), type: 'INDIVIDUAL' },
+            { $set: { organizationId: toObjectId(organizationUserId) } }
+        );
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+}
+module.exports = { UserRepositoryDocumentDB };

package/user/repositories/user-repository-factory.js ADDED Viewed

@@ -0,0 +1,52 @@
+const { UserRepositoryMongo } = require('./user-repository-mongo');
+const { UserRepositoryPostgres } = require('./user-repository-postgres');
+const { UserRepositoryDocumentDB } = require('./user-repository-documentdb');
+const databaseConfig = require('../../database/config');
+/**
+ * User Repository Factory
+ * Creates the appropriate repository adapter based on database type
+ *
+ * Database-specific implementations:
+ * - MongoDB: Uses String IDs (ObjectId), no conversion needed
+ * - PostgreSQL: Uses Int IDs, converts String ↔ Int
+ *
+ * All repository methods return String IDs regardless of database type,
+ * ensuring application layer consistency.
+ *
+ * Usage:
+ * ```javascript
+ * const repository = createUserRepository();
+ * const user = await repository.findIndividualUserById(id); // ID is string
+ * const orgUser = await repository.findOrganizationUserById(id); // ID is string
+ * ```
+ *
+ * @returns {UserRepositoryInterface} Configured repository adapter
+ */
+function createUserRepository() {
+    const dbType = databaseConfig.DB_TYPE;
+    switch (dbType) {
+        case 'mongodb':
+            return new UserRepositoryMongo();
+        case 'postgresql':
+            return new UserRepositoryPostgres();
+        case 'documentdb':
+            return new UserRepositoryDocumentDB();
+        default:
+            throw new Error(
+                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
+            );
+    }
+}
+module.exports = {
+    createUserRepository,
+    // Export adapters for direct testing
+    UserRepositoryMongo,
+    UserRepositoryPostgres,
+    UserRepositoryDocumentDB,
+};

package/user/repositories/user-repository-interface.js ADDED Viewed

@@ -0,0 +1,201 @@
+/**
+ * User Repository Interface
+ * Abstract base class defining the contract for user persistence adapters
+ *
+ * This follows the Port in Hexagonal Architecture:
+ * - Domain layer depends on this abstraction
+ * - Concrete adapters implement this interface
+ * - Use cases receive repositories via dependency injection
+ *
+ * Note: Currently, User model has identical structure across MongoDB and PostgreSQL,
+ * so UserRepository serves both. This interface exists for consistency and
+ * future-proofing if database-specific implementations become needed.
+ *
+ * @abstract
+ */
+class UserRepositoryInterface {
+    /**
+     * Get session token from base64 buffer token
+     *
+     * @param {string} token - Base64 buffer token
+     * @returns {Promise<Object>} Session token object
+     * @abstract
+     */
+    async getSessionToken(token) {
+        throw new Error(
+            'Method getSessionToken must be implemented by subclass'
+        );
+    }
+    /**
+     * Find organization user by ID
+     *
+     * @param {string|number} userId - User ID
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findOrganizationUserById(userId) {
+        throw new Error(
+            'Method findOrganizationUserById must be implemented by subclass'
+        );
+    }
+    /**
+     * Find individual user by ID
+     *
+     * @param {string|number} userId - User ID
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findIndividualUserById(userId) {
+        throw new Error(
+            'Method findIndividualUserById must be implemented by subclass'
+        );
+    }
+    /**
+     * Create token with expiration
+     *
+     * @param {string|number} userId - User ID
+     * @param {string} rawToken - Raw unhashed token
+     * @param {number} minutes - Minutes until expiration (default 120)
+     * @returns {Promise<string>} Base64 buffer token
+     * @abstract
+     */
+    async createToken(userId, rawToken, minutes = 120) {
+        throw new Error('Method createToken must be implemented by subclass');
+    }
+    /**
+     * Create individual user
+     *
+     * @param {Object} params - User creation parameters
+     * @returns {Promise<Object>} Created user object
+     * @abstract
+     */
+    async createIndividualUser(params) {
+        throw new Error(
+            'Method createIndividualUser must be implemented by subclass'
+        );
+    }
+    /**
+     * Create organization user
+     *
+     * @param {Object} params - Organization creation parameters
+     * @returns {Promise<Object>} Created organization object
+     * @abstract
+     */
+    async createOrganizationUser(params) {
+        throw new Error(
+            'Method createOrganizationUser must be implemented by subclass'
+        );
+    }
+    /**
+     * Find individual user by username
+     *
+     * @param {string} username - Username to search for
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findIndividualUserByUsername(username) {
+        throw new Error(
+            'Method findIndividualUserByUsername must be implemented by subclass'
+        );
+    }
+    /**
+     * Find individual user by app user ID
+     *
+     * @param {string} appUserId - App user ID to search for
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findIndividualUserByAppUserId(appUserId) {
+        throw new Error(
+            'Method findIndividualUserByAppUserId must be implemented by subclass'
+        );
+    }
+    /**
+     * Find organization user by app org ID
+     *
+     * @param {string} appOrgId - App organization ID to search for
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        throw new Error(
+            'Method findOrganizationUserByAppOrgId must be implemented by subclass'
+        );
+    }
+    /**
+     * Find individual user by email
+     *
+     * @param {string} email - Email to search for
+     * @returns {Promise<Object|null>} User object or null
+     * @abstract
+     */
+    async findIndividualUserByEmail(email) {
+        throw new Error(
+            'Method findIndividualUserByEmail must be implemented by subclass'
+        );
+    }
+    /**
+     * Update individual user
+     *
+     * @param {string|number} userId - User ID
+     * @param {Object} updates - Fields to update
+     * @returns {Promise<Object>} Updated user object
+     * @abstract
+     */
+    async updateIndividualUser(userId, updates) {
+        throw new Error(
+            'Method updateIndividualUser must be implemented by subclass'
+        );
+    }
+    /**
+     * Update organization user
+     *
+     * @param {string|number} userId - User ID
+     * @param {Object} updates - Fields to update
+     * @returns {Promise<Object>} Updated user object
+     * @abstract
+     */
+    async updateOrganizationUser(userId, updates) {
+        throw new Error(
+            'Method updateOrganizationUser must be implemented by subclass'
+        );
+    }
+    /**
+     * Delete user by ID
+     *
+     * @param {string|number} userId - User ID to delete
+     * @returns {Promise<boolean>} True if deleted successfully
+     * @abstract
+     */
+    async deleteUser(userId) {
+        throw new Error('Method deleteUser must be implemented by subclass');
+    }
+    /**
+     * Link an individual user to an organization user
+     *
+     * @param {string|number} individualUserId - Individual user ID
+     * @param {string|number} organizationUserId - Organization user ID
+     * @returns {Promise<Object>} Updated individual user object
+     * @abstract
+     */
+    async linkIndividualToOrganization(individualUserId, organizationUserId) {
+        throw new Error(
+            'Method linkIndividualToOrganization must be implemented by subclass'
+        );
+    }
+}
+module.exports = { UserRepositoryInterface };