npm - @friggframework/core - Versions diffs - 2.0.0-next.9 → 2.0.0-next.90 - Mend

@friggframework/core 2.0.0-next.9 → 2.0.0-next.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/CLAUDE.md +702 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +271 -0
package/application/commands/scheduler-commands.js +263 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +73 -0
package/assertions/index.js +0 -3
package/core/CLAUDE.md +690 -0
package/core/Worker.js +60 -24
package/core/create-handler.js +84 -6
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +287 -0
package/credential/repositories/credential-repository.js +300 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +401 -0
package/database/encryption/field-encryption-service.js +254 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +230 -0
package/database/index.js +21 -21
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +138 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +94 -0
package/database/utils/mongodb-schema-init.js +108 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +15 -7
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +335 -0
package/generated/prisma-mongodb/index-browser.js +317 -0
package/generated/prisma-mongodb/index.d.ts +22955 -0
package/generated/prisma-mongodb/index.js +360 -0
package/generated/prisma-mongodb/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/library.js +146 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +368 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +342 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +357 -0
package/generated/prisma-postgresql/index-browser.js +339 -0
package/generated/prisma-postgresql/index.d.ts +25135 -0
package/generated/prisma-postgresql/index.js +382 -0
package/generated/prisma-postgresql/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/library.js +146 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +351 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +364 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +57 -0
package/handlers/backend-utils.js +297 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +518 -0
package/handlers/routers/integration-defined-routers.js +117 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/dlq-processor.js +63 -0
package/handlers/workers/integration-defined-workers.js +30 -0
package/index.js +82 -46
package/infrastructure/scheduler/eventbridge-scheduler-adapter.js +184 -0
package/infrastructure/scheduler/index.js +33 -0
package/infrastructure/scheduler/mock-scheduler-adapter.js +143 -0
package/infrastructure/scheduler/scheduler-service-factory.js +73 -0
package/infrastructure/scheduler/scheduler-service-interface.js +47 -0
package/integrations/EXTENSIONS.md +240 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/extension.js +254 -0
package/integrations/index.js +20 -10
package/integrations/integration-base.js +487 -55
package/integrations/integration-router.js +396 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +219 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +144 -0
package/integrations/repositories/integration-repository-mongo.js +330 -0
package/integrations/repositories/integration-repository-postgres.js +385 -0
package/integrations/repositories/process-repository-documentdb.js +311 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +136 -0
package/integrations/repositories/process-repository-mongo.js +262 -0
package/integrations/repositories/process-repository-postgres.js +380 -0
package/integrations/repositories/process-update-ops-shared.js +112 -0
package/integrations/tests/doubles/config-capturing-integration.js +81 -0
package/integrations/tests/doubles/dummy-integration-class.js +105 -0
package/integrations/tests/doubles/test-integration-repository.js +112 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-by-entity-external-id.js +74 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +76 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/list-integrations-by-entity-external-id.js +46 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +92 -0
package/integrations/use-cases/update-process-metrics.js +214 -0
package/integrations/use-cases/update-process-state.js +158 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/index.js +0 -10
package/modules/module-factory.js +56 -0
package/modules/module.js +274 -0
package/modules/repositories/module-repository-documentdb.js +350 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +145 -0
package/modules/repositories/module-repository-mongo.js +436 -0
package/modules/repositories/module-repository-postgres.js +481 -0
package/modules/repositories/module-repository.js +369 -0
package/modules/requester/api-key.js +52 -0
package/modules/requester/oauth-2.js +396 -0
package/modules/requester/requester.js +280 -0
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +14 -10
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +34 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +243 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +368 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/20260422120000_add_entity_data_column/migration.sql +10 -0
package/prisma-postgresql/migrations/20260422120001_create_process_table/migration.sql +48 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +351 -0
package/queues/queuer-util.js +103 -21
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/associations/index.d.ts +0 -17
package/types/core/index.d.ts +12 -4
package/types/database/index.d.ts +10 -2
package/types/encrypt/index.d.ts +5 -3
package/types/integrations/index.d.ts +3 -8
package/types/module-plugin/index.d.ts +17 -69
package/types/syncs/index.d.ts +0 -17
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/assertions/is-equal.js +0 -17
package/associations/model.js +0 -54
package/database/models/IndividualUser.js +0 -76
package/database/models/OrganizationUser.js +0 -29
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/models/UserModel.js +0 -7
package/database/models/WebsocketConnection.js +0 -49
package/database/mongo.js +0 -45
package/database/mongoose.js +0 -5
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/encrypt/test-encrypt.js +0 -107
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/entity.js +0 -46
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/oauth-2.js +0 -219
package/module-plugin/requester/requester.js +0 -165
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
package/syncs/model.js +0 -62
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/database/encryption/logger.js ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * Encryption Logger
+ *
+ * Centralized logging for encryption operations.
+ * Prevents sensitive data leakage in production logs.
+ */
+const LOG_LEVELS = {
+    DEBUG: 0,
+    INFO: 1,
+    WARN: 2,
+    ERROR: 3,
+};
+class EncryptionLogger {
+    constructor() {
+        this.minLevel = this._getMinLevel();
+    }
+    _getMinLevel() {
+        const level = process.env.FRIGG_LOG_LEVEL || 'INFO';
+        return LOG_LEVELS[level.toUpperCase()] ?? LOG_LEVELS.INFO;
+    }
+    _shouldLog(level) {
+        return LOG_LEVELS[level] >= this.minLevel;
+    }
+    _sanitize(message) {
+        // Remove potential key material or encrypted data from logs
+        if (typeof message === 'string') {
+            // Truncate long base64 strings that might be keys or encrypted data
+            return message.replace(/([A-Za-z0-9+/=]{50,})/g, (match) =>
+                `${match.substring(0, 10)}...[${match.length} chars]`
+            );
+        }
+        return message;
+    }
+    debug(message, ...args) {
+        if (this._shouldLog('DEBUG')) {
+            console.log(`[Frigg Debug]`, this._sanitize(message), ...args);
+        }
+    }
+    info(message, ...args) {
+        if (this._shouldLog('INFO')) {
+            console.log(`[Frigg]`, this._sanitize(message), ...args);
+        }
+    }
+    warn(message, ...args) {
+        if (this._shouldLog('WARN')) {
+            console.warn(`[Frigg]`, this._sanitize(message), ...args);
+        }
+    }
+    error(message, error) {
+        if (this._shouldLog('ERROR')) {
+            const sanitizedMessage = this._sanitize(message);
+            // In production, don't log stack traces with sensitive paths
+            const isProduction = process.env.STAGE === 'production';
+            if (error && !isProduction) {
+                console.error(`[Frigg]`, sanitizedMessage, error);
+            } else if (error) {
+                console.error(`[Frigg]`, sanitizedMessage, error.message);
+            } else {
+                console.error(`[Frigg]`, sanitizedMessage);
+            }
+        }
+    }
+}
+// Singleton instance
+const logger = new EncryptionLogger();
+module.exports = { logger };

package/database/encryption/prisma-encryption-extension.js ADDED Viewed

@@ -0,0 +1,230 @@
+/**
+ * Prisma Client Extension for transparent field-level encryption.
+ * Intercepts Prisma queries to encrypt on write and decrypt on read.
+ */
+const {
+    getEncryptedFields,
+    getFieldsToEncryptOnWrite,
+    getFieldsToDecryptOnRead,
+} = require('./encryption-schema-registry');
+const { FieldEncryptionService } = require('./field-encryption-service');
+function createEncryptionExtension({ cryptor, enabled = true }) {
+    if (!enabled) {
+        return (client) => client;
+    }
+    if (!cryptor) {
+        throw new Error(
+            'Cryptor instance required for encryption extension'
+        );
+    }
+    const encryptionService = new FieldEncryptionService({
+        cryptor,
+        schema: {
+            getEncryptedFields,
+            getFieldsToEncryptOnWrite,
+            getFieldsToDecryptOnRead,
+        },
+    });
+    return {
+        name: 'frigg-field-encryption',
+        query: {
+            $allModels: {
+                async create({ model, args, query }) {
+                    if (args.data) {
+                        args.data = await encryptionService.encryptFields(
+                            model,
+                            args.data
+                        );
+                    }
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async createMany({ model, args, query }) {
+                    if (args.data && Array.isArray(args.data)) {
+                        args.data =
+                            await encryptionService.encryptFieldsInBulk(
+                                model,
+                                args.data
+                            );
+                    } else if (args.data) {
+                        args.data = await encryptionService.encryptFields(
+                            model,
+                            args.data
+                        );
+                    }
+                    return await query(args);
+                },
+                async update({ model, args, query }) {
+                    if (args.data) {
+                        args.data = await encryptionService.encryptFields(
+                            model,
+                            args.data
+                        );
+                    }
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async updateMany({ model, args, query }) {
+                    if (args.data) {
+                        args.data = await encryptionService.encryptFields(
+                            model,
+                            args.data
+                        );
+                    }
+                    return await query(args);
+                },
+                async upsert({ model, args, query }) {
+                    if (args.create) {
+                        args.create = await encryptionService.encryptFields(
+                            model,
+                            args.create
+                        );
+                    }
+                    if (args.update) {
+                        args.update = await encryptionService.encryptFields(
+                            model,
+                            args.update
+                        );
+                    }
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async findUnique({ model, args, query }) {
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async findFirst({ model, args, query }) {
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async findMany({ model, args, query }) {
+                    const results = await query(args);
+                    if (results && Array.isArray(results)) {
+                        return await encryptionService.decryptFieldsInBulk(
+                            model,
+                            results
+                        );
+                    }
+                    return results;
+                },
+                async delete({ model, args, query }) {
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async deleteMany({ model, args, query }) {
+                    return await query(args);
+                },
+                async count({ model, args, query }) {
+                    return await query(args);
+                },
+                async aggregate({ model, args, query }) {
+                    return await query(args);
+                },
+                async groupBy({ model, args, query }) {
+                    return await query(args);
+                },
+                async findFirstOrThrow({ model, args, query }) {
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+                async findUniqueOrThrow({ model, args, query }) {
+                    const result = await query(args);
+                    if (result) {
+                        return await encryptionService.decryptFields(
+                            model,
+                            result
+                        );
+                    }
+                    return result;
+                },
+            },
+        },
+    };
+}
+module.exports = { createEncryptionExtension };

package/database/index.js CHANGED Viewed

@@ -1,25 +1,25 @@
-const { mongoose } = require('./mongoose');
+/**
+ * Database Module Index
+ * Exports Prisma client, connection utilities, and repositories
+ *
+ * Note: Frigg uses the Repository pattern for data access.
+ * Use repositories for data operations:
+ * - SyncRepository (syncs/sync-repository.js)
+ * - IntegrationRepository (integrations/integration-repository.js)
+ * - CredentialRepository (credential/credential-repository.js)
+ * etc.
+ */
+const { prisma, connectPrisma, disconnectPrisma } = require('./prisma');
+const { TokenRepository } = require('../token/repositories/token-repository');
 const {
-    connectToDatabase,
-    disconnectFromDatabase,
-    createObjectId,
-} = require('./mongo');
-const { IndividualUser } = require('./models/IndividualUser');
-const { OrganizationUser } = require('./models/OrganizationUser');
-const { State } = require('./models/State');
-const { Token } = require('./models/Token');
-const { UserModel } = require('./models/UserModel');
-const { WebsocketConnection } = require('./models/WebsocketConnection');
+    WebsocketConnectionRepository,
+} = require('../websocket/repositories/websocket-connection-repository');
 module.exports = {
-    mongoose,
-    connectToDatabase,
-    disconnectFromDatabase,
-    createObjectId,
-    IndividualUser,
-    OrganizationUser,
-    State,
-    Token,
-    UserModel,
-    WebsocketConnection,
+    prisma,
+    connectPrisma,
+    disconnectPrisma,
+    TokenRepository,
+    WebsocketConnectionRepository,
 };

package/database/prisma.js ADDED Viewed

@@ -0,0 +1,182 @@
+const {
+    createEncryptionExtension,
+} = require('./encryption/prisma-encryption-extension');
+const { loadCustomEncryptionSchema } = require('./encryption/encryption-schema-registry');
+const { logger } = require('./encryption/logger');
+const { Cryptor } = require('../encrypt/Cryptor');
+const config = require('./config');
+/**
+ * Ensures DATABASE_URL is set for MongoDB connections
+ * Falls back to MONGO_URI if DATABASE_URL is not set
+ * Infrastructure layer concern - maps legacy MONGO_URI to Prisma's expected DATABASE_URL
+ *
+ * Note: This should only be called when DB_TYPE is 'mongodb' or 'documentdb'
+ */
+function ensureMongoDbUrl() {
+    // If DATABASE_URL is already set, use it
+    if (process.env.DATABASE_URL && process.env.DATABASE_URL.trim()) {
+        return;
+    }
+    // Fallback to MONGO_URI for backwards compatibility with DocumentDB deployments
+    if (process.env.MONGO_URI && process.env.MONGO_URI.trim()) {
+        process.env.DATABASE_URL = process.env.MONGO_URI;
+        logger.debug('Using MONGO_URI as DATABASE_URL for Mongo-compatible connection');
+        return;
+    }
+    // Neither is set - error
+    throw new Error(
+        'DATABASE_URL or MONGO_URI environment variable must be set for MongoDB/DocumentDB'
+    );
+}
+function getEncryptionConfig() {
+    const STAGE = process.env.STAGE || process.env.NODE_ENV || 'development';
+    const shouldBypassEncryption = ['dev', 'test', 'local'].includes(STAGE);
+    if (shouldBypassEncryption) {
+        return { enabled: false };
+    }
+    const hasKMS =
+        process.env.KMS_KEY_ARN && process.env.KMS_KEY_ARN.trim() !== '';
+    const hasAES =
+        process.env.AES_KEY_ID && process.env.AES_KEY_ID.trim() !== '';
+    if (!hasKMS && !hasAES) {
+        logger.warn(
+            'No encryption keys configured (KMS_KEY_ARN or AES_KEY_ID). ' +
+            'Field-level encryption disabled. Set STAGE=production and configure keys to enable.'
+        );
+        return { enabled: false };
+    }
+    return {
+        enabled: true,
+        method: hasKMS ? 'kms' : 'aes',
+    };
+}
+const prismaClientSingleton = () => {
+    let PrismaClient;
+    // Helper to try loading Prisma client from multiple locations
+    const loadPrismaClient = (dbType) => {
+        const paths = [
+            // Lambda layer location (when using Prisma Lambda layer)
+            `/opt/nodejs/node_modules/generated/prisma-${dbType}`,
+            // Local development location (relative to core package)
+            `../generated/prisma-${dbType}`,
+        ];
+        for (const path of paths) {
+            try {
+                return require(path).PrismaClient;
+            } catch (err) {
+                // Continue to next path
+            }
+        }
+        throw new Error(
+            `Cannot find Prisma client for ${dbType}. Tried paths: ${paths.join(', ')}`
+        );
+    };
+    if (config.DB_TYPE === 'mongodb' || config.DB_TYPE === 'documentdb') {
+        // Ensure DATABASE_URL is set (fallback to MONGO_URI if needed)
+        ensureMongoDbUrl();
+        PrismaClient = loadPrismaClient('mongodb');
+    } else if (config.DB_TYPE === 'postgresql') {
+        PrismaClient = loadPrismaClient('postgresql');
+    } else {
+        throw new Error(
+            `Unsupported database type: ${config.DB_TYPE}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
+        );
+    }
+    let client = new PrismaClient({
+        log: process.env.PRISMA_LOG_LEVEL
+            ? process.env.PRISMA_LOG_LEVEL.split(',')
+            : ['error', 'warn'],
+        errorFormat: 'pretty',
+    });
+    const encryptionConfig = getEncryptionConfig();
+    if (encryptionConfig.enabled) {
+        try {
+            // Load custom encryption schema from appDefinition before creating extension
+            loadCustomEncryptionSchema();
+            const cryptor = new Cryptor({
+                shouldUseAws: encryptionConfig.method === 'kms',
+            });
+            client = client.$extends(
+                createEncryptionExtension({
+                    cryptor,
+                    enabled: true,
+                })
+            );
+            logger.info(
+                `Field-level encryption enabled using ${encryptionConfig.method.toUpperCase()}`
+            );
+        } catch (error) {
+            logger.error(
+                'Failed to initialize encryption extension:',
+                error
+            );
+            logger.warn('Continuing without encryption...');
+        }
+    } else {
+        logger.info('Field-level encryption disabled');
+    }
+    return client;
+};
+const globalForPrisma = global;
+// Lazy initialization - only create singleton when first accessed
+function getPrismaClient() {
+    if (!globalForPrisma._prismaInstance) {
+        globalForPrisma._prismaInstance = prismaClientSingleton();
+    }
+    return globalForPrisma._prismaInstance;
+}
+// Export a getter for lazy initialization
+const prisma = new Proxy({}, {
+    get(target, prop) {
+        return getPrismaClient()[prop];
+    }
+});
+async function disconnectPrisma() {
+    await getPrismaClient().$disconnect();
+}
+async function connectPrisma() {
+    await getPrismaClient().$connect();
+    // Initialize MongoDB schema - ensure all collections exist
+    // Only run for MongoDB/DocumentDB (not PostgreSQL)
+    // This prevents "Cannot create namespace in multi-document transaction" errors
+    if (config.DB_TYPE === 'mongodb' || config.DB_TYPE === 'documentdb') {
+        const { initializeMongoDBSchema } = require('./utils/mongodb-schema-init');
+        await initializeMongoDBSchema();
+    }
+    return getPrismaClient();
+}
+module.exports = {
+    prisma,
+    connectPrisma,
+    disconnectPrisma,
+    getEncryptionConfig,
+    ensureMongoDbUrl, // Exported for testing
+};

package/database/repositories/health-check-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,138 @@
+const {
+    HealthCheckRepositoryInterface,
+} = require('./health-check-repository-interface');
+const {
+    toObjectId,
+    fromObjectId,
+    findOne,
+    insertOne,
+    deleteOne,
+} = require('../documentdb-utils');
+const { DocumentDBEncryptionService } = require('../documentdb-encryption-service');
+class HealthCheckRepositoryDocumentDB extends HealthCheckRepositoryInterface {
+    /**
+     * @param {Object} params
+     * @param {Object} params.prismaClient - Prisma client instance
+     */
+    constructor({ prismaClient }) {
+        super();
+        this.prisma = prismaClient;
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+    /**
+     * @returns {Promise<{readyState: number, stateName: string, isConnected: boolean}>}
+     */
+    async getDatabaseConnectionState() {
+        let isConnected = false;
+        let stateName = 'unknown';
+        try {
+            await this.prisma.$runCommandRaw({ ping: 1 });
+            isConnected = true;
+            stateName = 'connected';
+        } catch (error) {
+            stateName = 'disconnected';
+        }
+        return {
+            readyState: isConnected ? 1 : 0,
+            stateName,
+            isConnected,
+        };
+    }
+    /**
+     * @param {number} maxTimeMS
+     * @returns {Promise<number>} Response time in milliseconds
+     */
+    async pingDatabase(maxTimeMS = 2000) {
+        const pingStart = Date.now();
+        let timeoutId;
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutId = setTimeout(() => reject(new Error('Database ping timeout')), maxTimeMS);
+        });
+        try {
+            await Promise.race([
+                this.prisma.$runCommandRaw({ ping: 1 }),
+                timeoutPromise,
+            ]);
+            return Date.now() - pingStart;
+        } finally {
+            clearTimeout(timeoutId);
+        }
+    }
+    async createCredential(credentialData) {
+        const now = new Date();
+        const document = {
+            ...credentialData,
+            createdAt: now,
+            updatedAt: now,
+        };
+        // Encrypt sensitive fields before insert
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'Credential',
+            document
+        );
+        const insertedId = await insertOne(this.prisma, 'Credential', encryptedDocument);
+        const created = await findOne(this.prisma, 'Credential', { _id: insertedId });
+        // Decrypt after read
+        const decrypted = await this.encryptionService.decryptFields(
+            'Credential',
+            created
+        );
+        return {
+            id: fromObjectId(decrypted._id),
+            ...decrypted,
+        };
+    }
+    async findCredentialById(id) {
+        const doc = await findOne(this.prisma, 'Credential', {
+            _id: toObjectId(id),
+        });
+        if (!doc) return null;
+        // Decrypt sensitive fields
+        const decrypted = await this.encryptionService.decryptFields('Credential', doc);
+        return {
+            id: fromObjectId(decrypted._id),
+            ...decrypted,
+        };
+    }
+    async getRawCredentialById(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return null;
+        const result = await this.prisma.$runCommandRaw({
+            find: 'Credential',
+            filter: { _id: objectId },
+        });
+        // Return raw document WITHOUT decryption
+        // This allows the test to verify that fields are actually encrypted in the database
+        return result?.cursor?.firstBatch?.[0] ?? null;
+    }
+    async deleteCredential(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return false;
+        const result = await deleteOne(this.prisma, 'Credential', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+}
+module.exports = { HealthCheckRepositoryDocumentDB };