npm - @friggframework/core - Versions diffs - 2.0.0-next.9 → 2.0.0-next.91 - Mend

@friggframework/core 2.0.0-next.9 → 2.0.0-next.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/CLAUDE.md +702 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +271 -0
package/application/commands/scheduler-commands.js +263 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +73 -0
package/assertions/index.js +0 -3
package/core/CLAUDE.md +690 -0
package/core/Worker.js +60 -24
package/core/create-handler.js +84 -6
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +287 -0
package/credential/repositories/credential-repository.js +300 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +401 -0
package/database/encryption/field-encryption-service.js +254 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +230 -0
package/database/index.js +21 -21
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +138 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +94 -0
package/database/utils/mongodb-schema-init.js +108 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +15 -7
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +335 -0
package/generated/prisma-mongodb/index-browser.js +317 -0
package/generated/prisma-mongodb/index.d.ts +22955 -0
package/generated/prisma-mongodb/index.js +360 -0
package/generated/prisma-mongodb/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/library.js +146 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +368 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +342 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +357 -0
package/generated/prisma-postgresql/index-browser.js +339 -0
package/generated/prisma-postgresql/index.d.ts +25135 -0
package/generated/prisma-postgresql/index.js +382 -0
package/generated/prisma-postgresql/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/library.js +146 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +351 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +364 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +57 -0
package/handlers/backend-utils.js +297 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +518 -0
package/handlers/routers/integration-defined-routers.js +117 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/dlq-processor.js +63 -0
package/handlers/workers/integration-defined-workers.js +30 -0
package/index.js +82 -46
package/infrastructure/scheduler/eventbridge-scheduler-adapter.js +184 -0
package/infrastructure/scheduler/index.js +33 -0
package/infrastructure/scheduler/mock-scheduler-adapter.js +143 -0
package/infrastructure/scheduler/scheduler-service-factory.js +73 -0
package/infrastructure/scheduler/scheduler-service-interface.js +47 -0
package/integrations/EXTENSIONS.md +240 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/extension.js +254 -0
package/integrations/index.js +20 -10
package/integrations/integration-base.js +487 -55
package/integrations/integration-router.js +396 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +219 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +144 -0
package/integrations/repositories/integration-repository-mongo.js +330 -0
package/integrations/repositories/integration-repository-postgres.js +385 -0
package/integrations/repositories/process-repository-documentdb.js +311 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +136 -0
package/integrations/repositories/process-repository-mongo.js +262 -0
package/integrations/repositories/process-repository-postgres.js +380 -0
package/integrations/repositories/process-update-ops-shared.js +112 -0
package/integrations/tests/doubles/config-capturing-integration.js +81 -0
package/integrations/tests/doubles/dummy-integration-class.js +105 -0
package/integrations/tests/doubles/test-integration-repository.js +112 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-by-entity-external-id.js +74 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +76 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/list-integrations-by-entity-external-id.js +46 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +92 -0
package/integrations/use-cases/update-process-metrics.js +214 -0
package/integrations/use-cases/update-process-state.js +158 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/index.js +0 -10
package/modules/module-factory.js +56 -0
package/modules/module.js +274 -0
package/modules/repositories/module-repository-documentdb.js +350 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +145 -0
package/modules/repositories/module-repository-mongo.js +436 -0
package/modules/repositories/module-repository-postgres.js +481 -0
package/modules/repositories/module-repository.js +369 -0
package/modules/requester/api-key.js +52 -0
package/modules/requester/oauth-2.js +396 -0
package/modules/requester/requester.js +280 -0
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +14 -10
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +34 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +243 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +368 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/20260422120000_add_entity_data_column/migration.sql +10 -0
package/prisma-postgresql/migrations/20260422120001_create_process_table/migration.sql +48 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +351 -0
package/queues/queuer-util.js +103 -21
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/associations/index.d.ts +0 -17
package/types/core/index.d.ts +12 -4
package/types/database/index.d.ts +10 -2
package/types/encrypt/index.d.ts +5 -3
package/types/integrations/index.d.ts +3 -8
package/types/module-plugin/index.d.ts +17 -69
package/types/syncs/index.d.ts +0 -17
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/assertions/is-equal.js +0 -17
package/associations/model.js +0 -54
package/database/models/IndividualUser.js +0 -76
package/database/models/OrganizationUser.js +0 -29
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/models/UserModel.js +0 -7
package/database/models/WebsocketConnection.js +0 -49
package/database/mongo.js +0 -45
package/database/mongoose.js +0 -5
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/encrypt/test-encrypt.js +0 -107
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/entity.js +0 -46
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/oauth-2.js +0 -219
package/module-plugin/requester/requester.js +0 -165
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
package/syncs/model.js +0 -62
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/handlers/routers/health.js ADDED Viewed

@@ -0,0 +1,518 @@
+const { Router } = require('express');
+const { createAppHandler } = require('./../app-handler-helpers');
+const { loadAppDefinition } = require('./../app-definition-loader');
+const { ModuleFactory } = require('../../modules/module-factory');
+const {
+    getModulesDefinitionFromIntegrationClasses,
+} = require('../../integrations/utils/map-integration-dto');
+const {
+    createModuleRepository,
+} = require('../../modules/repositories/module-repository-factory');
+const {
+    createHealthCheckRepository,
+} = require('../../database/repositories/health-check-repository-factory');
+const { prisma } = require('../../database/prisma');
+const {
+    TestEncryptionUseCase,
+} = require('../../database/use-cases/test-encryption-use-case');
+const {
+    CheckDatabaseHealthUseCase,
+} = require('../../database/use-cases/check-database-health-use-case');
+const {
+    CheckEncryptionHealthUseCase,
+} = require('../../database/use-cases/check-encryption-health-use-case');
+const {
+    CheckExternalApisHealthUseCase,
+} = require('../use-cases/check-external-apis-health-use-case');
+const {
+    CheckIntegrationsHealthUseCase,
+} = require('../use-cases/check-integrations-health-use-case');
+const router = Router();
+const healthCheckRepository = createHealthCheckRepository({ prismaClient: prisma });
+// Load integrations and create factories just like auth router does
+// This verifies the system can properly load integrations
+let moduleFactory, integrationClasses;
+try {
+    const appDef = loadAppDefinition();
+    integrationClasses = appDef.integrations || [];
+    const moduleRepository = createModuleRepository();
+    const moduleDefinitions = getModulesDefinitionFromIntegrationClasses(integrationClasses);
+    moduleFactory = new ModuleFactory({
+        moduleRepository,
+        moduleDefinitions,
+    });
+} catch (error) {
+    console.error('Failed to load integrations for health check:', error.message);
+    // Factories will be undefined, health check will report unhealthy
+    moduleFactory = undefined;
+    integrationClasses = [];
+}
+const testEncryptionUseCase = new TestEncryptionUseCase({
+    healthCheckRepository,
+});
+const checkDatabaseHealthUseCase = new CheckDatabaseHealthUseCase({
+    healthCheckRepository,
+});
+const checkEncryptionHealthUseCase = new CheckEncryptionHealthUseCase({
+    testEncryptionUseCase,
+});
+const checkExternalApisHealthUseCase = new CheckExternalApisHealthUseCase();
+const checkIntegrationsHealthUseCase = new CheckIntegrationsHealthUseCase({
+    moduleFactory,
+    integrationClasses,
+});
+const validateApiKey = (req, res, next) => {
+    const apiKey = req.headers['x-frigg-health-api-key'];
+    if (req.path === '/health') {
+        return next();
+    }
+    if (!apiKey || apiKey !== process.env.HEALTH_API_KEY) {
+        console.error('Unauthorized access attempt to health endpoint');
+        return res.status(401).json({
+            status: 'error',
+            message: 'Unauthorized - x-frigg-health-api-key header required',
+        });
+    }
+    next();
+};
+router.use(validateApiKey);
+// Helper to detect VPC configuration
+const detectVpcConfiguration = async () => {
+    const results = {
+        isInVpc: false,
+        hasInternetAccess: false,
+        canResolvePublicDns: false,
+        canConnectToAws: false,
+        vpcEndpoints: [],
+    };
+    try {
+        // Check if we're in a VPC by looking for VPC-specific environment
+        // Lambda in VPC has specific network interface configuration
+        const dns = require('dns').promises;
+        // Test 1: Can we resolve public DNS? (indicates DNS configuration)
+        try {
+            await Promise.race([
+                dns.resolve4('www.google.com'),
+                new Promise((_, reject) =>
+                    setTimeout(() => reject(new Error('timeout')), 2000)
+                ),
+            ]);
+            results.canResolvePublicDns = true;
+        } catch (e) {
+            console.log('Public DNS resolution failed:', e.message);
+        }
+        // Test 2: Can we reach internet? (indicates NAT gateway)
+        try {
+            const https = require('https');
+            await new Promise((resolve, reject) => {
+                const req = https.get(
+                    'https://www.google.com',
+                    { timeout: 2000 },
+                    (res) => {
+                        res.destroy();
+                        resolve(true);
+                    }
+                );
+                req.on('error', reject);
+                req.on('timeout', () => {
+                    req.destroy();
+                    reject(new Error('timeout'));
+                });
+            });
+            results.hasInternetAccess = true;
+        } catch (e) {
+            console.log('Internet connectivity test failed:', e.message);
+        }
+        // Test 3: Check for VPC endpoints by trying to resolve internal AWS endpoints
+        const region = process.env.AWS_REGION; // Lambda always provides this
+        const vpcEndpointDomains = [
+            `com.amazonaws.${region}.kms`,
+            `com.amazonaws.vpce.${region}`,
+            `kms.${region}.amazonaws.com`,
+        ];
+        for (const domain of vpcEndpointDomains) {
+            try {
+                const addresses = await Promise.race([
+                    dns.resolve4(domain).catch(() => dns.resolve6(domain)),
+                    new Promise((_, reject) =>
+                        setTimeout(() => reject(new Error('timeout')), 1000)
+                    ),
+                ]);
+                if (addresses && addresses.length > 0) {
+                    // Check if it's a private IP (VPC endpoint indicator)
+                    const isPrivateIp = addresses.some(
+                        (ip) =>
+                            ip.startsWith('10.') ||
+                            ip.startsWith('172.') ||
+                            ip.startsWith('192.168.')
+                    );
+                    if (isPrivateIp) {
+                        results.vpcEndpoints.push(domain);
+                    }
+                }
+            } catch (e) {
+                // Expected for non-existent endpoints
+            }
+        }
+        // Check if Lambda is in VPC using VPC_ENABLED env var set by infrastructure
+        results.isInVpc = process.env.VPC_ENABLED === 'true' ||
+            (!results.hasInternetAccess && results.canResolvePublicDns) ||
+            results.vpcEndpoints.length > 0;
+        results.canConnectToAws =
+            results.hasInternetAccess || results.vpcEndpoints.length > 0;
+    } catch (error) {
+        console.error('VPC detection error:', error.message);
+    }
+    return results;
+};
+// KMS decrypt capability check
+const checkKmsDecryptCapability = async () => {
+    const start = Date.now();
+    const { KMS_KEY_ARN } = process.env;
+    if (!KMS_KEY_ARN) {
+        return {
+            status: 'skipped',
+            reason: 'KMS_KEY_ARN not configured',
+        };
+    }
+    // Log environment for debugging
+    console.log('KMS Check Debug:', {
+        hasKmsKeyArn: !!KMS_KEY_ARN,
+        kmsKeyArnPrefix: KMS_KEY_ARN?.substring(0, 30),
+        awsRegion: process.env.AWS_REGION,
+        hasDiscoveryKey: !!process.env.AWS_DISCOVERY_KMS_KEY_ID,
+    });
+    // First, detect VPC configuration
+    const vpcConfig = await detectVpcConfiguration();
+    console.log('VPC Configuration:', vpcConfig);
+    // Test DNS resolution for KMS endpoint
+    try {
+        const dns = require('dns').promises;
+        const region = process.env.AWS_REGION; // Lambda always provides this
+        const kmsEndpoint = `kms.${region}.amazonaws.com`;
+        console.log('Testing DNS resolution for:', kmsEndpoint);
+        // Wrap DNS resolution in a timeout
+        const dnsPromise = dns.resolve4(kmsEndpoint);
+        const timeoutPromise = new Promise((_, reject) =>
+            setTimeout(() => reject(new Error('DNS resolution timeout')), 3000)
+        );
+        const addresses = await Promise.race([dnsPromise, timeoutPromise]);
+        console.log('KMS endpoint resolved to:', addresses);
+        // Check if resolved to private IP (VPC endpoint)
+        const isVpcEndpoint = addresses.some(
+            (ip) =>
+                ip.startsWith('10.') ||
+                ip.startsWith('172.') ||
+                ip.startsWith('192.168.')
+        );
+        if (isVpcEndpoint) {
+            console.log(
+                'KMS VPC Endpoint detected - using private connectivity'
+            );
+        }
+        // Test TCP connectivity to KMS (port 443)
+        const net = require('net');
+        const testConnection = () =>
+            new Promise((resolve) => {
+                const socket = new net.Socket();
+                const connectionTimeout = setTimeout(() => {
+                    socket.destroy();
+                    resolve({ connected: false, error: 'Connection timeout' });
+                }, 3000);
+                socket.on('connect', () => {
+                    clearTimeout(connectionTimeout);
+                    socket.destroy();
+                    resolve({ connected: true });
+                });
+                socket.on('error', (err) => {
+                    clearTimeout(connectionTimeout);
+                    resolve({ connected: false, error: err.message });
+                });
+                // Try connecting to first resolved address on HTTPS port
+                socket.connect(443, addresses[0]);
+            });
+        const connResult = await testConnection();
+        console.log('TCP connectivity test:', connResult);
+        if (!connResult.connected) {
+            return {
+                status: 'unhealthy',
+                error: `Cannot connect to KMS endpoint: ${connResult.error}`,
+                dnsResolved: true,
+                tcpConnection: false,
+                vpcConfig,
+                latencyMs: Date.now() - start,
+            };
+        }
+    } catch (dnsError) {
+        console.error('DNS resolution failed:', dnsError.message);
+        return {
+            status: 'unhealthy',
+            error: `Cannot resolve KMS endpoint: ${dnsError.message}`,
+            dnsResolved: false,
+            vpcConfig,
+            latencyMs: Date.now() - start,
+        };
+    }
+    try {
+        // Use AWS SDK v3 for consistency with the rest of the codebase
+        // eslint-disable-next-line global-require
+        const {
+            KMSClient,
+            GenerateDataKeyCommand,
+            DecryptCommand,
+        } = require('@aws-sdk/client-kms');
+        // Lambda always provides AWS_REGION
+        const region = process.env.AWS_REGION;
+        const kms = new KMSClient({
+            region,
+            requestHandler: {
+                connectionTimeout: 10000, // 10 second connection timeout
+                requestTimeout: 25000, // 25 second timeout for slow VPC connections
+            },
+            maxAttempts: 1, // No retries on health checks
+        });
+        // Generate a data key (without plaintext logging) then immediately decrypt ciphertext to ensure decrypt perms.
+        const dataKeyResp = await kms.send(
+            new GenerateDataKeyCommand({
+                KeyId: KMS_KEY_ARN,
+                KeySpec: 'AES_256',
+            })
+        );
+        const decryptResp = await kms.send(
+            new DecryptCommand({ CiphertextBlob: dataKeyResp.CiphertextBlob })
+        );
+        const success = Boolean(
+            dataKeyResp.CiphertextBlob && decryptResp.Plaintext
+        );
+        return {
+            status: success ? 'healthy' : 'unhealthy',
+            kmsKeyArnSuffix: KMS_KEY_ARN.slice(-12),
+            vpcConfig,
+            latencyMs: Date.now() - start,
+        };
+    } catch (error) {
+        return {
+            status: 'unhealthy',
+            error: error.message,
+            vpcConfig,
+            latencyMs: Date.now() - start,
+        };
+    }
+};
+router.get('/health', async (_req, res) => {
+    const status = {
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        service: 'frigg-core-api',
+    };
+    res.status(200).json(status);
+});
+router.get('/health/detailed', async (_req, res) => {
+    console.log('Starting detailed health check');
+    const startTime = Date.now();
+    const response = {
+        service: 'frigg-core-api',
+        status: 'healthy',
+        timestamp: new Date().toISOString(),
+        checks: {},
+    };
+    console.log('Health Check Environment:', {
+        hasKmsKeyArn: !!process.env.KMS_KEY_ARN,
+        awsRegion: process.env.AWS_REGION,
+        awsDefaultRegion: process.env.AWS_DEFAULT_REGION,
+        nodeEnv: process.env.NODE_ENV,
+        stage: process.env.STAGE,
+    });
+    try {
+        console.log('Running network diagnostics...');
+        const networkStart = Date.now();
+        response.checks.network = await Promise.race([
+            detectVpcConfiguration(),
+            new Promise((_, reject) =>
+                setTimeout(
+                    () => reject(new Error('Network diagnostics timeout')),
+                    5000
+                )
+            ),
+        ]);
+        response.checks.network.latencyMs = Date.now() - networkStart;
+        console.log('Network diagnostics completed:', response.checks.network);
+    } catch (error) {
+        response.checks.network = {
+            status: 'error',
+            error: error.message,
+        };
+        console.log('Network diagnostics error:', error.message);
+    }
+    try {
+        console.log('About to check KMS capability...');
+        const kmsCheckPromise = checkKmsDecryptCapability();
+        const kmsTimeoutPromise = new Promise((_, reject) =>
+            setTimeout(
+                () => reject(new Error('KMS check timeout after 25 seconds')),
+                25000
+            )
+        );
+        response.checks.kms = await Promise.race([
+            kmsCheckPromise,
+            kmsTimeoutPromise,
+        ]);
+        if (response.checks.kms.status === 'unhealthy') {
+            response.status = 'unhealthy';
+        }
+        console.log('KMS check completed:', response.checks.kms);
+    } catch (error) {
+        response.checks.kms = { status: 'unhealthy', error: error.message };
+        response.status = 'unhealthy';
+        console.log('KMS check error:', error.message);
+    }
+    try {
+        response.checks.database = await checkDatabaseHealthUseCase.execute();
+        if (response.checks.database.status === 'unhealthy') {
+            response.status = 'unhealthy';
+        }
+        console.log('Database check completed:', response.checks.database);
+    } catch (error) {
+        response.checks.database = {
+            status: 'unhealthy',
+            error: error.message,
+        };
+        response.status = 'unhealthy';
+        console.log('Database check error:', error.message);
+    }
+    try {
+        response.checks.encryption = await checkEncryptionHealthUseCase.execute();
+        if (response.checks.encryption.status === 'unhealthy') {
+            response.status = 'unhealthy';
+        }
+        console.log('Encryption check completed:', response.checks.encryption);
+    } catch (error) {
+        response.checks.encryption = {
+            status: 'unhealthy',
+            error: error.message,
+        };
+        response.status = 'unhealthy';
+        console.log('Encryption check error:', error.message);
+    }
+    try {
+        const { apiStatuses, allReachable } = await checkExternalApisHealthUseCase.execute();
+        response.checks.externalApis = apiStatuses;
+        if (!allReachable) {
+            response.status = 'unhealthy';
+        }
+        console.log('External APIs check completed:', response.checks.externalApis);
+    } catch (error) {
+        response.checks.externalApis = {
+            status: 'unhealthy',
+            error: error.message,
+        };
+        response.status = 'unhealthy';
+        console.log('External APIs check error:', error.message);
+    }
+    try {
+        response.checks.integrations = checkIntegrationsHealthUseCase.execute();
+        console.log('Integrations check completed:', response.checks.integrations);
+    } catch (error) {
+        response.checks.integrations = {
+            status: 'unhealthy',
+            error: error.message,
+        };
+        response.status = 'unhealthy';
+        console.log('Integrations check error:', error.message);
+    }
+    response.responseTime = Date.now() - startTime;
+    const statusCode = response.status === 'healthy' ? 200 : 503;
+    res.status(statusCode).json(response);
+    console.log(
+        'Final health status:',
+        response.status,
+        'Response time:',
+        response.responseTime
+    );
+});
+router.get('/health/live', (_req, res) => {
+    res.status(200).json({
+        status: 'alive',
+        timestamp: new Date().toISOString(),
+    });
+});
+router.get('/health/ready', async (_req, res) => {
+    const dbHealth = await checkDatabaseHealthUseCase.execute();
+    const isDbReady = dbHealth.status === 'healthy';
+    const integrationsHealth = checkIntegrationsHealthUseCase.execute();
+    const areModulesReady = integrationsHealth.modules.count > 0;
+    const isReady = isDbReady && areModulesReady;
+    res.status(isReady ? 200 : 503).json({
+        ready: isReady,
+        timestamp: new Date().toISOString(),
+        checks: {
+            database: isDbReady,
+            modules: areModulesReady,
+        },
+    });
+});
+// DB-free: /health/ready probes the DB itself and degrades to 503. Eager-connect
+// here would turn a DB outage into a 500, killing otherwise-healthy containers.
+const handler = createAppHandler('HTTP Event: Health', router, false);
+module.exports = { handler, router };

package/handlers/routers/integration-defined-routers.js ADDED Viewed

@@ -0,0 +1,117 @@
+const { createAppHandler } = require('./../app-handler-helpers');
+const {
+    loadAppDefinition,
+} = require('../app-definition-loader');
+const express = require('express');
+const { Router } = express;
+const { loadRouterFromObject } = require('../backend-utils');
+const { getExtensionRoutes } = require('../../integrations/extension');
+const handlers = {};
+const { integrations: integrationClasses } = loadAppDefinition();
+const routeKey = (method, path) => `${(method || 'ANY').toUpperCase()} ${path}`;
+// Serverless function keys must be alphanumeric; binding keys are developer-chosen.
+const sanitizeBindingKey = (name) => String(name).replace(/[^A-Za-z0-9]/g, '');
+//todo: this should be in a use case class
+for (const IntegrationClass of integrationClasses) {
+    const router = Router();
+    const basePath = `/api/${IntegrationClass.Definition.name}-integration`;
+    // Track (method, path) tuples to fail fast on conflicts between Definition.routes,
+    // extension routes, or two extensions claiming the same path.
+    const claimedRoutes = new Map();
+    const claim = (method, path, source) => {
+        const key = routeKey(method, path);
+        if (claimedRoutes.has(key)) {
+            const prev = claimedRoutes.get(key);
+            throw new Error(
+                `Integration "${IntegrationClass.Definition.name}" route conflict: ` +
+                    `${key} declared by ${prev} and ${source}`
+            );
+        }
+        claimedRoutes.set(key, source);
+    };
+    console.log(`\n│ Configuring routes for ${IntegrationClass.Definition.name} Integration:`);
+    const routes = IntegrationClass.Definition.routes || [];
+    for (const routeDef of routes) {
+        if (typeof routeDef === 'function') {
+            router.use(basePath, routeDef(IntegrationClass));
+            console.log(`│ ANY ${basePath}/* (function handler)`);
+        } else if (routeDef instanceof express.Router) {
+            router.use(basePath, routeDef);
+            console.log(`│ ANY ${basePath}/* (express router)`);
+        } else if (typeof routeDef === 'object') {
+            claim(routeDef.method, routeDef.path, 'Definition.routes');
+            router.use(
+                basePath,
+                loadRouterFromObject(IntegrationClass, routeDef)
+            );
+            const method = (routeDef.method || 'ANY').toUpperCase();
+            const fullPath = `${basePath}${routeDef.path}`;
+            console.log(`│ ${method} ${fullPath}`);
+        }
+    }
+    // Each extension binding gets its own namespaced handler (/{bindingName}),
+    // so two modules' extensions can share a path like /webhooks without colliding.
+    const bindingGroups = new Map();
+    for (const extRoute of getExtensionRoutes(IntegrationClass)) {
+        const namespacedPath = `/${extRoute.bindingName}${extRoute.path}`;
+        claim(
+            extRoute.method,
+            namespacedPath,
+            `extension "${extRoute.extensionName}" (binding "${extRoute.bindingName}")`
+        );
+        if (!bindingGroups.has(extRoute.bindingName)) {
+            bindingGroups.set(extRoute.bindingName, {
+                router: Router(),
+                useDatabase: extRoute.useDatabase,
+            });
+        }
+        const group = bindingGroups.get(extRoute.bindingName);
+        group.router.use(
+            `${basePath}/${extRoute.bindingName}`,
+            loadRouterFromObject(IntegrationClass, extRoute)
+        );
+        console.log(
+            `│ ${extRoute.method.toUpperCase()} ${basePath}/${extRoute.bindingName}${extRoute.path}  (extension: ${extRoute.extensionName}, useDatabase: ${extRoute.useDatabase})`
+        );
+    }
+    console.log('│');
+    handlers[`${IntegrationClass.Definition.name}`] = {
+        handler: createAppHandler(
+            `HTTP Event: ${IntegrationClass.Definition.name}`,
+            router
+        ),
+    };
+    for (const [bindingName, group] of bindingGroups) {
+        // Wire contract: integration-builder.js (devtools) derives the identical
+        // function key for the serverless config. Keep both in sync.
+        const fnKey = `${IntegrationClass.Definition.name}__${sanitizeBindingKey(
+            bindingName
+        )}`;
+        // Distinct binding keys can sanitize to the same fnKey — fail loud rather than overwrite.
+        if (Object.prototype.hasOwnProperty.call(handlers, fnKey)) {
+            throw new Error(
+                `Integration "${IntegrationClass.Definition.name}" extension handler conflict: ` +
+                    `binding "${bindingName}" sanitizes to "${fnKey}", which is already taken. ` +
+                    `Use binding keys that are distinct after stripping non-alphanumeric characters.`
+            );
+        }
+        handlers[fnKey] = {
+            handler: createAppHandler(
+                `HTTP Event: ${IntegrationClass.Definition.name} extension ${bindingName}`,
+                group.router,
+                group.useDatabase
+            ),
+        };
+    }
+}
+module.exports = { handlers };

package/handlers/routers/integration-webhook-routers.js ADDED Viewed

@@ -0,0 +1,67 @@
+const { createAppHandler } = require('./../app-handler-helpers');
+const { loadAppDefinition } = require('../app-definition-loader');
+const { Router } = require('express');
+const { IntegrationEventDispatcher } = require('../integration-event-dispatcher');
+const handlers = {};
+const { integrations: integrationClasses } = loadAppDefinition();
+for (const IntegrationClass of integrationClasses) {
+    const webhookConfig = IntegrationClass.Definition.webhooks;
+    // Skip if webhooks not enabled
+    if (!webhookConfig || (typeof webhookConfig === 'object' && !webhookConfig.enabled)) {
+        continue;
+    }
+    const router = Router();
+    const basePath = `/api/${IntegrationClass.Definition.name}-integration/webhooks`;
+    console.log(`\n│ Configuring webhook routes for ${IntegrationClass.Definition.name}:`);
+    // General webhook route (no integration ID)
+    router.post(basePath, async (req, res, next) => {
+        try {
+            const integrationInstance = new IntegrationClass();
+            const dispatcher = new IntegrationEventDispatcher(integrationInstance);
+            await dispatcher.dispatchHttp({
+                event: 'WEBHOOK_RECEIVED',
+                req,
+                res,
+                next,
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    console.log(`│ POST ${basePath}`);
+    // Integration-specific webhook route (with integration ID)
+    router.post(`${basePath}/:integrationId`, async (req, res, next) => {
+        try {
+            const integrationInstance = new IntegrationClass();
+            const dispatcher = new IntegrationEventDispatcher(integrationInstance);
+            await dispatcher.dispatchHttp({
+                event: 'WEBHOOK_RECEIVED',
+                req,
+                res,
+                next,
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    console.log(`│ POST ${basePath}/:integrationId`);
+    console.log('│');
+    handlers[`${IntegrationClass.Definition.name}Webhook`] = {
+        handler: createAppHandler(
+            `HTTP Event: ${IntegrationClass.Definition.name} Webhook`,
+            router,
+            false  // shouldUseDatabase = false
+        ),
+    };
+}
+module.exports = { handlers };