@hiliosai/sdk 0.1.12 → 0.1.14

package/dist/index.js

@@ -0,0 +1,1809 @@
+import env3 from '@ltv/env';
+import http from 'http';
+import os from 'os';
+import { Middleware } from '@moleculer/channels';
+import crypto from 'crypto';
+
+// src/middlewares/datasource.middleware.ts
+function initializeDatasources(constructorRegistry) {
+  const initializedDatasources = {};
+  for (const [key, DatasourceClass] of Object.entries(constructorRegistry)) {
+    initializedDatasources[key] = new DatasourceClass();
+  }
+  return initializedDatasources;
+}
+function createDatasourceMiddleware(datasources) {
+  const initializedDatasources = initializeDatasources(datasources);
+  return {
+    localAction(handler) {
+      return function DatasourceWrapper(ctx) {
+        ctx.datasources = initializedDatasources;
+        return handler.call(this, ctx);
+      };
+    },
+    remoteAction(handler) {
+      return function DatasourceWrapper(ctx) {
+        ctx.datasources = initializedDatasources;
+        return handler.call(this, ctx);
+      };
+    }
+  };
+}
+
+// src/middlewares/memoize.middleware.ts
+function MemoizeMixin(options) {
+  return {
+    name: "",
+    methods: {
+      async memoize(name, params, fn) {
+        if (!this.broker.cacher) return fn();
+        const key = this.broker.cacher.defaultKeygen(
+          `${this.name}:memoize-${name}`,
+          params,
+          {},
+          []
+        );
+        let res = await this.broker.cacher.get(key);
+        if (res) return res;
+        res = await fn();
+        this.broker.cacher.set(key, res, options?.ttl);
+        return res;
+      }
+    }
+  };
+}
+var HEALTH_CHECK_PORT = env3.int("HEALTH_CHECK_PORT", 3301);
+var HEALTH_CHECK_READINESS_PATH = env3.string(
+  "HEALTH_CHECK_READINESS_PATH",
+  "/readyz"
+);
+var HEALTH_CHECK_LIVENESS_PATH = env3.string(
+  "HEALTH_CHECK_LIVENESS_PATH",
+  "/livez"
+);
+var HEALTH_CHECK_DEFAULTS = {
+  PORT: HEALTH_CHECK_PORT,
+  READINESS_PATH: HEALTH_CHECK_READINESS_PATH,
+  LIVENESS_PATH: HEALTH_CHECK_LIVENESS_PATH
+};
+function CreateHealthCheckMiddleware(opts = {}) {
+  const config = {
+    port: opts.port ?? HEALTH_CHECK_DEFAULTS.PORT,
+    readiness: {
+      path: opts.readiness?.path ?? HEALTH_CHECK_DEFAULTS.READINESS_PATH
+    },
+    liveness: {
+      path: opts.liveness?.path ?? HEALTH_CHECK_DEFAULTS.LIVENESS_PATH
+    }
+  };
+  let state = "down";
+  let server;
+  function handler(req, res) {
+    if (res.headersSent) {
+      return;
+    }
+    if (req.url === config.readiness.path || req.url === config.liveness.path) {
+      const resHeader = {
+        "Content-Type": "application/json; charset=utf-8"
+      };
+      const content = {
+        state,
+        uptime: process.uptime(),
+        timestamp: Date.now()
+      };
+      if (req.url === config.readiness.path) {
+        res.writeHead(state === "up" ? 200 : 503, resHeader);
+      } else {
+        res.writeHead(state !== "down" ? 200 : 503, resHeader);
+      }
+      res.end(JSON.stringify(content, null, 2));
+    } else {
+      res.writeHead(404, http.STATUS_CODES[404] ?? "Not Found", {});
+      res.end();
+    }
+  }
+  return {
+    created(broker) {
+      state = "starting";
+      server = http.createServer(handler);
+      server.listen(config.port, (err) => {
+        if (err) {
+          return broker.logger.error(
+            "Unable to start health-check server",
+            err
+          );
+        }
+        broker.logger.info("");
+        broker.logger.info("K8s health-check server listening on");
+        broker.logger.info(
+          `    http://localhost:${config.port}${config.readiness.path}`
+        );
+        broker.logger.info(
+          `    http://localhost:${config.port}${config.liveness.path}`
+        );
+        broker.logger.info("");
+      });
+    },
+    // After broker started
+    started() {
+      state = "up";
+    },
+    // Before broker stopping
+    stopping() {
+      state = "stopping";
+    },
+    // After broker stopped
+    stopped() {
+      state = "down";
+      server.close();
+    }
+  };
+}
+
+// src/configs/permissions.ts
+var PERMISSIONS = {
+  // Authentication required
+  AUTHENTICATED: "authenticated",
+  // Role-based permissions
+  OWNER: "OWNER",
+  ADMIN: "ADMIN",
+  MANAGER: "MANAGER",
+  AGENT: "AGENT",
+  VIEWER: "VIEWER",
+  DEVELOPER: "DEVELOPER",
+  // Entity-specific permissions
+  TENANT_OWNER: "tenant.owner",
+  TENANT_MEMBER: "tenant.member",
+  // Resource permissions
+  "users.read": "users.read",
+  "users.write": "users.write",
+  "users.delete": "users.delete",
+  "tenants.read": "tenants.read",
+  "tenants.write": "tenants.write",
+  "tenants.delete": "tenants.delete",
+  "conversations.read": "conversations.read",
+  "conversations.write": "conversations.write",
+  "conversations.delete": "conversations.delete",
+  "messages.read": "messages.read",
+  "messages.write": "messages.write",
+  "settings.read": "settings.read",
+  "settings.write": "settings.write",
+  "config.read": "config.read",
+  "config.write": "config.write",
+  "billing.read": "billing.read",
+  "billing.write": "billing.write"
+};
+var ROLE_PERMISSIONS = {
+  [PERMISSIONS.OWNER]: [
+    PERMISSIONS.AUTHENTICATED,
+    PERMISSIONS["users.read"],
+    PERMISSIONS["users.write"],
+    PERMISSIONS["users.delete"],
+    PERMISSIONS["tenants.read"],
+    PERMISSIONS["tenants.write"],
+    PERMISSIONS["tenants.delete"],
+    PERMISSIONS["conversations.read"],
+    PERMISSIONS["conversations.write"],
+    PERMISSIONS["conversations.delete"],
+    PERMISSIONS["messages.read"],
+    PERMISSIONS["messages.write"],
+    PERMISSIONS["settings.read"],
+    PERMISSIONS["settings.write"],
+    PERMISSIONS["config.read"],
+    PERMISSIONS["config.write"],
+    PERMISSIONS["billing.read"],
+    PERMISSIONS["billing.write"]
+  ],
+  [PERMISSIONS.ADMIN]: [
+    PERMISSIONS.AUTHENTICATED,
+    PERMISSIONS["users.read"],
+    PERMISSIONS["users.write"],
+    PERMISSIONS["users.delete"],
+    PERMISSIONS["tenants.read"],
+    PERMISSIONS["tenants.write"],
+    PERMISSIONS["tenants.delete"],
+    PERMISSIONS["conversations.read"],
+    PERMISSIONS["conversations.write"],
+    PERMISSIONS["conversations.delete"],
+    PERMISSIONS["messages.read"],
+    PERMISSIONS["messages.write"],
+    PERMISSIONS["settings.read"],
+    PERMISSIONS["settings.write"],
+    PERMISSIONS["config.read"],
+    PERMISSIONS["config.write"],
+    PERMISSIONS["billing.read"]
+  ],
+  [PERMISSIONS.MANAGER]: [
+    PERMISSIONS.AUTHENTICATED,
+    PERMISSIONS["users.read"],
+    PERMISSIONS["users.write"],
+    PERMISSIONS["conversations.read"],
+    PERMISSIONS["conversations.write"],
+    PERMISSIONS["messages.read"],
+    PERMISSIONS["messages.write"],
+    PERMISSIONS["settings.read"],
+    PERMISSIONS["settings.write"]
+  ],
+  [PERMISSIONS.AGENT]: [
+    PERMISSIONS.AUTHENTICATED,
+    PERMISSIONS["conversations.read"],
+    PERMISSIONS["conversations.write"],
+    PERMISSIONS["messages.read"],
+    PERMISSIONS["messages.write"]
+  ],
+  [PERMISSIONS.VIEWER]: [
+    PERMISSIONS.AUTHENTICATED,
+    PERMISSIONS["conversations.read"],
+    PERMISSIONS["messages.read"]
+  ],
+  [PERMISSIONS.DEVELOPER]: [
+    PERMISSIONS.AUTHENTICATED,
+    // Only specific debug/development permissions, not full access
+    "system.debug",
+    "health.check",
+    PERMISSIONS["config.read"]
+  ]
+};
+
+// src/configs/moleculer/bulkhead.ts
+var bulkheadConfig = {
+  // Enable feature.
+  enabled: false,
+  // Maximum concurrent executions.
+  concurrency: 10,
+  // Maximum size of queue
+  maxQueueSize: 100
+};
+var NAMESPACE = env3.string("NAMESPACE", "hios").toLowerCase();
+var CHANNELS = {
+  // Webhook processing channels
+  WEBHOOK: {
+    // Pattern: hios.webhook.{tenantId}.{platform}
+    PATTERN: `${NAMESPACE}.webhook.*.*`,
+    PREFIX: `${NAMESPACE}.webhook`,
+    build: (tenantId, platform) => `${NAMESPACE}.webhook.${tenantId}.${platform}`
+  },
+  // Message processing channels
+  PROCESSING: {
+    // Pattern: hios.processing.{tenantId}.{messageType}
+    PATTERN: `${NAMESPACE}.processing.*.*`,
+    PREFIX: `${NAMESPACE}.processing`,
+    build: (tenantId, messageType) => `${NAMESPACE}.processing.${tenantId}.${messageType}`
+  },
+  // Response/outbound message channels
+  RESPONSE: {
+    // Pattern: hios.response.{tenantId}.{platform}
+    PATTERN: `${NAMESPACE}.response.*.*`,
+    PREFIX: `${NAMESPACE}.response`,
+    build: (tenantId, platform) => `${NAMESPACE}.response.${tenantId}.${platform}`
+  },
+  // System channels
+  SYSTEM: {
+    // Error handling
+    ERRORS: `${NAMESPACE}.system.errors`,
+    // Metrics and monitoring
+    METRICS: `${NAMESPACE}.system.metrics`,
+    // Health checks
+    HEALTH: `${NAMESPACE}.system.health`,
+    // Integration lifecycle events
+    INTEGRATION_REGISTERED: `${NAMESPACE}.system.integration.registered`,
+    INTEGRATION_UNREGISTERED: `${NAMESPACE}.system.integration.unregistered`
+  },
+  // Dead letter queues
+  DLQ: {
+    // Failed webhook processing
+    WEBHOOK_FAILED: `${NAMESPACE}.dlq.webhook.failed`,
+    // Failed message sends
+    SEND_FAILED: `${NAMESPACE}.dlq.send.failed`,
+    // Failed processing
+    PROCESSING_FAILED: `${NAMESPACE}.dlq.processing.failed`,
+    // Build DLQ name for specific integration
+    buildSendFailed: (platform) => `${NAMESPACE}.dlq.send.${platform}.failed`
+  }
+};
+var INTEGRATION_CHANNELS = {
+  // Message events
+  MESSAGE_RECEIVED: `${NAMESPACE}.processing.message.received`,
+  MESSAGE_SENT: `${NAMESPACE}.processing.message.sent`,
+  MESSAGE_FAILED: `${NAMESPACE}.processing.message.failed`
+};
+var CHANNEL_CONFIG = {
+  // Default settings for message channels
+  DEFAULTS: {
+    maxInFlight: 10,
+    maxRetries: 3,
+    deadLettering: {
+      enabled: true
+    }
+  },
+  // High-priority channels (webhooks)
+  HIGH_PRIORITY: {
+    maxInFlight: 50,
+    maxRetries: 5,
+    deadLettering: {
+      enabled: true
+    }
+  },
+  // Low-priority channels (metrics, logs)
+  LOW_PRIORITY: {
+    maxInFlight: 5,
+    maxRetries: 1,
+    deadLettering: {
+      enabled: false
+    }
+  }
+};
+var SUBJECTS = {
+  // All webhook subjects
+  WEBHOOK_ALL: `${NAMESPACE}.webhook.>`,
+  // All processing subjects
+  PROCESSING_ALL: `${NAMESPACE}.processing.>`,
+  // All response subjects
+  RESPONSE_ALL: `${NAMESPACE}.response.>`,
+  // All system subjects
+  SYSTEM_ALL: `${NAMESPACE}.system.>`,
+  // All DLQ subjects
+  DLQ_ALL: `${NAMESPACE}.dlq.>`};
+
+// src/configs/moleculer/channels.ts
+var NAMESPACE2 = NAMESPACE.toUpperCase();
+var middleware = Middleware({
+  adapter: {
+    type: "NATS",
+    options: {
+      nats: {
+        url: env3.string("NATS_URL", "nats://localhost:4222"),
+        /** Connection options for reliability */
+        connectionOptions: {
+          name: "hios",
+          timeout: 1e4,
+          reconnect: true,
+          maxReconnectAttempts: 10,
+          reconnectTimeWait: 2e3,
+          maxReconnectTimeWait: 3e4,
+          pingInterval: 2e4,
+          maxPingOut: 2
+        },
+        /**
+         * Stream configuration for multi-tenant messaging
+         *
+         * Environment variables for production:
+         * - NATS_MAX_MESSAGES: Default 100K (dev) -> 10M+ (prod)
+         * - NATS_MAX_BYTES_GB: Default 1GB (dev) -> 100GB+ (prod)
+         * - NATS_MAX_AGE_DAYS: Default 7 (dev) -> 30+ (prod)
+         * - NATS_MAX_MSG_SIZE_MB: Default 1MB (dev) -> 5MB (prod)
+         * - NATS_REPLICAS: Default 1 (dev) -> 3 (prod)
+         */
+        streamConfig: {
+          name: `${NAMESPACE2}_MESSAGES`,
+          subjects: [
+            SUBJECTS.WEBHOOK_ALL,
+            SUBJECTS.PROCESSING_ALL,
+            SUBJECTS.RESPONSE_ALL,
+            SUBJECTS.SYSTEM_ALL,
+            SUBJECTS.DLQ_ALL
+          ],
+          retention: "limits",
+          max_msgs: env3.int("NATS_MAX_MESSAGES", 1e5),
+          // 100K for dev, 10M+ for prod
+          max_bytes: env3.int("NATS_MAX_BYTES_GB", 1) * 1024 * 1024 * 1024,
+          // 1GB for dev, 100GB+ for prod
+          max_age: env3.int("NATS_MAX_AGE_DAYS", 7) * 24 * 60 * 60 * 1e9,
+          // 7 days dev, 30+ days prod
+          max_msg_size: env3.int("NATS_MAX_MSG_SIZE_MB", 1) * 1024 * 1024,
+          // 1MB dev, 5MB prod
+          storage: "file",
+          // Persistent storage
+          num_replicas: env3.int("NATS_REPLICAS", 1),
+          // 1 for dev, 3 for prod
+          discard: "old",
+          // Remove old messages when limits hit
+          duplicate_window: 2 * 60 * 1e9
+          // 2 minutes dedup window
+        },
+        /** Consumer options optimized for LLM processing */
+        consumerOptions: {
+          config: {
+            // Start with new messages (don't replay old ones on restart)
+            deliver_policy: "new",
+            // Explicit acknowledgment required (critical for LLM processing)
+            ack_policy: "explicit",
+            // Allow 5 unacknowledged messages per consumer (rate limiting)
+            max_ack_pending: 5,
+            // Acknowledgment timeout for LLM processing (2 minutes)
+            ack_wait: 120 * 1e9,
+            // 2 minutes in nanoseconds
+            // Maximum delivery attempts before dead letter
+            max_deliver: 3,
+            // Backoff for failed message retries
+            backoff: [
+              1e9,
+              // 1 second
+              5e9,
+              // 5 seconds
+              3e10
+              // 30 seconds
+            ]
+          }
+        }
+      },
+      /** Application-level flow control */
+      maxInFlight: 5,
+      // Limit concurrent LLM requests per service
+      maxRetries: 2,
+      // App-level retries (NATS handles delivery retries)
+      /** Dead letter queue for failed messages */
+      deadLettering: {
+        enabled: true,
+        queueName: "FAILED_MESSAGES"
+        // Send to dead letter after NATS max_deliver attempts
+      }
+    }
+  }
+});
+var ChannelsMiddleware = {
+  ...middleware
+};
+
+// src/configs/moleculer/circuit-breaker.ts
+var circuitBreakerConfig = {
+  // Enable feature
+  enabled: false,
+  // Threshold value. 0.5 means that 50% should be failed for tripping.
+  threshold: 0.5,
+  // Minimum request count. Below it, CB does not trip.
+  minRequestCount: 20,
+  // Number of seconds for time window.
+  windowTime: 60,
+  // Number of milliseconds to switch from open to half-open state
+  halfOpenTime: 10 * 1e3,
+  // A function to check failed requests.
+  check: (err) => err.code >= 500
+};
+
+// src/configs/moleculer/logger.ts
+var loggerConfig = {
+  type: "Console",
+  options: {
+    // Using colors on the output
+    colors: true,
+    // Print module names with different colors (like docker-compose for containers)
+    moduleColors: false,
+    // Line formatter. It can be "json", "short", "simple", "full", a `Function` or a template string like "{timestamp} {level} {nodeID}/{mod}: {msg}"
+    formatter: "full",
+    // Custom object printer. If not defined, it uses the `util.inspect` method.
+    objectPrinter: null,
+    // Auto-padding the module name in order to messages begin at the same column.
+    autoPadding: false
+  }
+};
+var logger_default = loggerConfig;
+
+// src/configs/moleculer/metrics.ts
+var metricsConfig = {
+  enabled: false,
+  // Available built-in reporters: "Console", "CSV", "Event", "Prometheus", "Datadog", "StatsD"
+  reporter: {
+    type: "Prometheus",
+    options: {
+      // HTTP port
+      port: 3030,
+      // HTTP URL path
+      path: "/metrics",
+      // Default labels which are appended to all metrics labels
+      defaultLabels: (registry) => ({
+        namespace: registry.broker.namespace,
+        nodeID: registry.broker.nodeID
+      })
+    }
+  }
+};
+
+// src/configs/moleculer/registry.ts
+var registryConfig = {
+  // Define balancing strategy. More info: https://moleculer.services/docs/0.14/balancing.html
+  // Available values: "RoundRobin", "Random", "CpuUsage", "Latency", "Shard"
+  strategy: "RoundRobin",
+  // Enable local action call preferring. Always call the local action instance if available.
+  preferLocal: true
+};
+
+// src/configs/moleculer/retry-policy.ts
+var retryPolicyConfig = {
+  // Enable feature
+  enabled: false,
+  // Count of retries
+  retries: 5,
+  // First delay in milliseconds.
+  delay: 100,
+  // Maximum delay in milliseconds.
+  maxDelay: 1e3,
+  // Backoff factor for delay. 2 means exponential backoff.
+  factor: 2,
+  // A function to check failed requests.
+  check: (err) => !!err.retryable
+};
+
+// src/configs/moleculer/tracing.ts
+var tracingConfig = {
+  enabled: true,
+  exporter: "Console",
+  events: true,
+  stackTrace: true
+};
+
+// src/configs/moleculer/tracking.ts
+var trackingConfig = {
+  // Enable feature
+  enabled: false,
+  // Number of milliseconds to wait before shuting down the process.
+  shutdownTimeout: 5e3
+};
+
+// src/configs/moleculer/index.ts
+var pkgNm = env3.string("NAMESPACE", "hios");
+var nodeID = env3.string("NODE_ID") ?? `${pkgNm}-${os.hostname()}-${process.pid}`;
+var configs = {
+  namespace: pkgNm,
+  nodeID,
+  metadata: {},
+  logger: logger_default,
+  // Default log level for built-in console logger. It can be overwritten in logger options above.
+  // Available values: trace, debug, info, warn, error, fatal
+  logLevel: "info",
+  cacher: env3.string("REDIS_URL", "Memory"),
+  // Define a serializer.
+  // Available values: "JSON", "Avro", "ProtoBuf", "MsgPack", "Notepack", "Thrift".
+  // More info: https://moleculer.services/docs/0.14/networking.html#Serialization
+  serializer: "JSON",
+  // Number of milliseconds to wait before reject a request with a RequestTimeout error. Disabled: 0
+  requestTimeout: 10 * 1e3,
+  // Retry policy settings. More info: https://moleculer.services/docs/0.14/fault-tolerance.html#Retry
+  retryPolicy: retryPolicyConfig,
+  // Limit of calling level. If it reaches the limit, broker will throw an MaxCallLevelError error. (Infinite loop protection)
+  maxCallLevel: 100,
+  // Number of seconds to send heartbeat packet to other nodes.
+  heartbeatInterval: 10,
+  // Number of seconds to wait before setting node to unavailable status.
+  heartbeatTimeout: 30,
+  // Cloning the params of context if enabled. High performance impact, use it with caution!
+  contextParamsCloning: false,
+  // Tracking requests and waiting for running requests before shuting down. More info: https://moleculer.services/docs/0.14/context.html#Context-tracking
+  tracking: trackingConfig,
+  // Disable built-in request & emit balancer. (Transporter must support it, as well.). More info: https://moleculer.services/docs/0.14/networking.html#Disabled-balancer
+  disableBalancer: false,
+  // Settings of Service Registry. More info: https://moleculer.services/docs/0.14/registry.html
+  registry: registryConfig,
+  // Settings of Circuit Breaker. More info: https://moleculer.services/docs/0.14/fault-tolerance.html#Circuit-Breaker
+  circuitBreaker: circuitBreakerConfig,
+  // Settings of bulkhead feature. More info: https://moleculer.services/docs/0.14/fault-tolerance.html#Bulkhead
+  bulkhead: bulkheadConfig,
+  // Enable action & event parameter validation. More info: https://moleculer.services/docs/0.14/validating.html
+  validator: "Fastest",
+  // errorHandler: null,
+  transporter: env3.string("TRANSPORTER_URL"),
+  // Enable/disable built-in metrics function. More info: https://moleculer.services/docs/0.14/metrics.html
+  metrics: metricsConfig,
+  // Enable built-in tracing function. More info: https://moleculer.services/docs/0.14/tracing.html
+  tracing: tracingConfig,
+  middlewares: [
+    ChannelsMiddleware,
+    PermissionsMiddleware,
+    ContextHelpersMiddleware
+  ]
+};
+var moleculer_default = configs;
+var nodeEnv = env3.string("NODE_ENV", "development");
+var isDev = nodeEnv === "development";
+var isTest = nodeEnv === "test";
+var isProd = nodeEnv === "production";
+var REDIS_URL = env3.string("REDIS_URL");
+var env_default = env3;
+
+// src/errors/permission.error.ts
+var PermissionError = class _PermissionError extends Error {
+  constructor(message, data) {
+    super(message);
+    this.code = "PERMISSION_DENIED";
+    this.statusCode = 403;
+    this.name = "PermissionError";
+    this.data = data;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _PermissionError);
+    }
+  }
+};
+
+// src/errors/auth.error.ts
+var AuthenticationError = class _AuthenticationError extends Error {
+  constructor(message, data) {
+    super(message);
+    this.code = "AUTH_REQUIRED";
+    this.statusCode = 401;
+    this.name = "AuthenticationError";
+    this.data = data;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _AuthenticationError);
+    }
+  }
+};
+var TenantError = class _TenantError extends Error {
+  constructor(message, data) {
+    super(message);
+    this.code = "TENANT_REQUIRED";
+    this.statusCode = 401;
+    this.name = "TenantError";
+    this.data = data;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _TenantError);
+    }
+  }
+};
+
+// src/middlewares/permissions.middleware.ts
+var permissionHandlers = {
+  [PERMISSIONS.AUTHENTICATED]: async (ctx) => !!ctx.meta.user?.id,
+  [PERMISSIONS.TENANT_OWNER]: async (ctx) => ctx.meta.user?.roles.includes(PERMISSIONS.OWNER) ?? false,
+  [PERMISSIONS.TENANT_MEMBER]: async (ctx) => !!(ctx.meta.user?.tenantId && ctx.meta.tenantId && ctx.meta.user.tenantId === ctx.meta.tenantId)
+};
+var PermissionsMiddleware = {
+  // Wrap local action handlers
+  localAction(handler, action) {
+    if (!action.permissions) {
+      return handler;
+    }
+    const permissions = Array.isArray(action.permissions) ? action.permissions : [action.permissions];
+    const permissionNames = [];
+    const permissionFunctions = [];
+    permissions.forEach((permission) => {
+      if (typeof permission === "function") {
+        permissionFunctions.push(permission);
+        return;
+      }
+      if (typeof permission === "string") {
+        if (permission in permissionHandlers) {
+          const handler2 = permissionHandlers[permission];
+          permissionFunctions.push(handler2);
+          return;
+        }
+        permissionNames.push(permission);
+        return;
+      }
+    });
+    return async function CheckPermissionsMiddleware(ctx) {
+      let hasAccess = false;
+      if (ctx.meta.user?.roles.includes(PERMISSIONS.OWNER)) {
+        hasAccess = true;
+      }
+      if (!hasAccess && permissionFunctions.length > 0) {
+        const results = await Promise.allSettled(
+          permissionFunctions.map((fn) => fn(ctx, action))
+        );
+        hasAccess = results.some(
+          (result) => result.status === "fulfilled" && !!result.value
+        );
+        const failures = results.filter((r) => r.status === "rejected");
+        if (failures.length > 0) {
+          ctx.broker.logger.warn(
+            `${failures.length} permission functions failed`,
+            {
+              action: action.name,
+              userId: ctx.meta.user?.id
+            }
+          );
+        }
+      }
+      if (!hasAccess && permissionNames.length > 0) {
+        const userRoles = ctx.meta.user?.roles ?? [];
+        hasAccess = userRoles.some((role) => {
+          const rolePermissions = ROLE_PERMISSIONS[role] ?? [];
+          return permissionNames.some(
+            (permName) => rolePermissions.includes(permName)
+          );
+        });
+      }
+      if (!hasAccess) {
+        const user = ctx.meta.user;
+        ctx.broker.logger.warn("Access denied:", {
+          action: action.name,
+          userId: user?.id,
+          userRoles: user?.roles,
+          tenantId: ctx.meta.tenantId,
+          requiredPermissions: permissions
+        });
+        const errorDetails = isDev ? {
+          action: action.name,
+          requiredPermissions: permissions.map(
+            (p) => typeof p === "function" ? "[Function]" : String(p)
+          ),
+          userRoles: user?.roles ?? [],
+          userId: user?.id,
+          tenantId: ctx.meta.tenantId
+        } : {
+          action: action.name
+        };
+        throw new PermissionError(
+          "You do not have permission to perform this action",
+          errorDetails
+        );
+      }
+      return handler.call(this, ctx);
+    };
+  }
+};
+
+// src/utils/context-cache.ts
+var ContextCache = class _ContextCache {
+  constructor() {
+    this.memoryCache = /* @__PURE__ */ new Map();
+    this.TTL = 5 * 60 * 1e3;
+    this.cleanupInterval = setInterval(() => this.cleanup(), 60 * 1e3);
+  }
+  static getInstance() {
+    if (!_ContextCache.instance) {
+      _ContextCache.instance = new _ContextCache();
+    }
+    return _ContextCache.instance;
+  }
+  async get(key, factory) {
+    const cached = this.memoryCache.get(key);
+    if (cached && Date.now() - cached.timestamp < this.TTL) {
+      return cached.value;
+    }
+    const value = await factory();
+    this.memoryCache.set(key, { value, timestamp: Date.now() });
+    return value;
+  }
+  set(key, value) {
+    this.memoryCache.set(key, { value, timestamp: Date.now() });
+  }
+  delete(key) {
+    return this.memoryCache.delete(key);
+  }
+  clear() {
+    this.memoryCache.clear();
+  }
+  cleanup() {
+    const now = Date.now();
+    const keysToDelete = [];
+    this.memoryCache.forEach((entry, key) => {
+      if (now - entry.timestamp > this.TTL) {
+        keysToDelete.push(key);
+      }
+    });
+    keysToDelete.forEach((key) => this.memoryCache.delete(key));
+  }
+  destroy() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+    }
+    this.clear();
+  }
+};
+
+// src/utils/permission-calculator.ts
+var PermissionCalculator = class {
+  static calculateUserPermissions(user) {
+    if (!user || !Array.isArray(user.roles)) {
+      return [];
+    }
+    const explicitPermissions = Array.isArray(user.permissions) ? user.permissions : [];
+    const rolePermissions = user.roles.flatMap((role) => {
+      return ROLE_PERMISSIONS[role] ?? [];
+    });
+    const allPermissions = [...explicitPermissions, ...rolePermissions];
+    const uniquePermissions = [];
+    allPermissions.forEach((permission) => {
+      if (!uniquePermissions.includes(permission)) {
+        uniquePermissions.push(permission);
+      }
+    });
+    return uniquePermissions;
+  }
+  static hasPermission(user, permission) {
+    if (typeof permission !== "string" || !permission.trim()) {
+      return false;
+    }
+    if (!user || typeof user !== "object") {
+      return false;
+    }
+    if (!Array.isArray(user.roles)) {
+      return false;
+    }
+    if (Array.isArray(user.permissions) && user.permissions.includes(permission)) {
+      return true;
+    }
+    return user.roles.some((role) => {
+      const rolePermissions = ROLE_PERMISSIONS[role] ?? [];
+      return rolePermissions.includes(permission);
+    });
+  }
+};
+
+// src/middlewares/context-helpers.middleware.ts
+var ContextHelpersMiddleware = {
+  // Add helper functions to context before action handlers
+  localAction(handler) {
+    return function ContextHelpersWrapper(ctx) {
+      const cache = ContextCache.getInstance();
+      const memoizedPermissions = /* @__PURE__ */ new Map();
+      ctx.hasPermission = function(permission) {
+        if (memoizedPermissions.has(permission)) {
+          const cachedResult = memoizedPermissions.get(permission);
+          return cachedResult === true;
+        }
+        const user = ctx.meta.user;
+        if (!user) {
+          memoizedPermissions.set(permission, false);
+          return false;
+        }
+        const result = PermissionCalculator.hasPermission(user, permission);
+        memoizedPermissions.set(permission, result);
+        return result;
+      };
+      ctx.getUserPermissions = async function() {
+        const user = ctx.meta.user;
+        if (!user) return [];
+        const cacheKey = `permissions:${user.id}:${JSON.stringify(user.roles)}`;
+        return cache.get(cacheKey, () => {
+          return PermissionCalculator.calculateUserPermissions(user);
+        });
+      };
+      ctx.hasRole = function(role) {
+        const user = ctx.ensureUser();
+        return Array.isArray(user.roles) && user.roles.includes(role);
+      };
+      ctx.isTenantMember = function() {
+        const user = ctx.ensureUser();
+        return !!(user.tenantId && ctx.meta.tenantId && user.tenantId === ctx.meta.tenantId);
+      };
+      ctx.isTenantOwner = function() {
+        return ctx.isTenantMember() && ctx.hasRole("OWNER");
+      };
+      ctx.ensureUser = () => {
+        if (!ctx.meta.user) {
+          ctx.broker.logger.error("Authentication required", {
+            action: ctx.action?.name,
+            requestId: ctx.meta.requestId,
+            userAgent: ctx.meta.userAgent,
+            ip: ctx.meta.clientIP
+          });
+          throw new AuthenticationError("Authentication required", {
+            code: "AUTH_REQUIRED",
+            statusCode: 401,
+            requestId: ctx.meta.requestId
+          });
+        }
+        return ctx.meta.user;
+      };
+      ctx.ensureTenant = () => {
+        if (!ctx.meta.tenantId) {
+          ctx.broker.logger.error("Tenant required", {
+            action: ctx.action?.name,
+            userId: ctx.meta.user?.id,
+            requestId: ctx.meta.requestId
+          });
+          throw new TenantError("Tenant required", {
+            code: "TENANT_REQUIRED",
+            statusCode: 401,
+            tenantId: ctx.meta.tenantId,
+            requestId: ctx.meta.requestId
+          });
+        }
+        return {
+          id: ctx.meta.tenantId,
+          name: ctx.meta.tenantName ?? ""
+        };
+      };
+      ctx.auditLog = function(action, resource, metadata) {
+        ctx.broker.logger.info("Audit log", {
+          action,
+          resource: resource ? {
+            type: typeof resource,
+            id: resource.id
+          } : void 0,
+          userId: ctx.meta.user?.id,
+          tenantId: ctx.meta.tenantId,
+          requestId: ctx.meta.requestId,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          ...metadata
+        });
+      };
+      ctx.createError = function(message, code, statusCode = 400) {
+        const errorData = {
+          code,
+          statusCode,
+          userId: ctx.meta.user?.id,
+          tenantId: ctx.meta.tenantId,
+          requestId: ctx.meta.requestId,
+          action: ctx.action?.name,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        ctx.broker.logger.warn("Context error created", {
+          message,
+          ...errorData
+        });
+        if (code === "AUTH_REQUIRED") {
+          return new AuthenticationError(message, errorData);
+        }
+        if (code === "TENANT_REQUIRED") {
+          return new TenantError(message, errorData);
+        }
+        return new Error(message);
+      };
+      return handler.call(this, ctx);
+    };
+  }
+};
+
+// src/mixins/datasource.mixin.ts
+function DatasourceMixin(datasourceConstructors = {}) {
+  const datasourceInstances = {};
+  for (const [key, DatasourceClass] of Object.entries(datasourceConstructors)) {
+    datasourceInstances[key] = new DatasourceClass();
+  }
+  return {
+    /**
+     * Service created lifecycle hook
+     * Initialize datasources and store on service
+     */
+    async created() {
+      for (const [, datasource] of Object.entries(datasourceInstances)) {
+        datasource.broker = this.broker;
+      }
+      for (const [, datasource] of Object.entries(datasourceInstances)) {
+        if (typeof datasource.init === "function") {
+          await datasource.init();
+        }
+      }
+      this.$datasources = datasourceInstances;
+    },
+    /**
+     * Service started lifecycle hook
+     * Connect datasources that have connect method
+     */
+    async started() {
+      for (const [, datasource] of Object.entries(datasourceInstances)) {
+        if (typeof datasource.connect === "function") {
+          await datasource.connect();
+        }
+      }
+    },
+    /**
+     * Service stopped lifecycle hook
+     * Disconnect datasources that have disconnect method
+     */
+    async stopped() {
+      for (const [, datasource] of Object.entries(datasourceInstances)) {
+        if (typeof datasource.disconnect === "function") {
+          await datasource.disconnect();
+        }
+      }
+    },
+    /**
+     * Hooks to inject datasources into context
+     */
+    hooks: {
+      before: {
+        "*": function injectDatasources(ctx) {
+          const datasources = this.$datasources ?? {};
+          for (const [, datasource] of Object.entries(datasources)) {
+            datasource.context = ctx;
+          }
+          ctx.datasources = datasources;
+        }
+      }
+    }
+  };
+}
+
+// src/utils/index.ts
+function omit(obj, keys) {
+  const result = { ...obj };
+  keys.forEach((key) => delete result[key]);
+  return result;
+}
+
+// src/service/define-service.ts
+function defineService(config) {
+  const propsToOmit = ["datasources"];
+  const serviceSchema = omit(
+    config,
+    propsToOmit
+  );
+  return {
+    ...serviceSchema,
+    mixins: [
+      DatasourceMixin(config.datasources),
+      MemoizeMixin(),
+      ...serviceSchema.mixins ?? []
+    ]
+  };
+}
+var SecurityHelpers = {
+  /**
+   * Secure comparison using Node.js crypto.timingSafeEqual
+   */
+  secureCompare(a, b) {
+    try {
+      return crypto.timingSafeEqual(
+        Buffer.from(a, "utf8"),
+        Buffer.from(b, "utf8")
+      );
+    } catch {
+      return false;
+    }
+  },
+  /**
+   * Validate webhook timestamp to prevent replay attacks
+   */
+  validateTimestamp(timestamp, maxAgeMs = 5 * 60 * 1e3) {
+    return Date.now() - timestamp <= maxAgeMs;
+  }
+};
+async function executeWithRetry(operation, maxRetries = 3, baseDelayMs = 1e3, context = "operation") {
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    try {
+      return await operation();
+    } catch (error) {
+      if (attempt === maxRetries) {
+        const err = error instanceof Error ? error : new Error(String(error));
+        throw new Error(
+          `${context} failed after ${maxRetries} retries: ${err.message}`
+        );
+      }
+      const delay = baseDelayMs * Math.pow(2, attempt);
+      const jitter = Math.random() * 1e3;
+      await new Promise((resolve) => setTimeout(resolve, delay + jitter));
+    }
+  }
+  throw new Error("Retry logic error");
+}
+function defineIntegration(config) {
+  const actions = {
+    i_receiveWebhook: {
+      rest: {
+        method: "POST",
+        path: "/:channelId"
+      },
+      params: {
+        channelId: "string",
+        payload: "object",
+        headers: "object",
+        timestamp: "number"
+      },
+      async handler(ctx) {
+        const { channelId, payload, headers, timestamp } = ctx.params;
+        const webhook = {
+          tenantId: ctx.meta.tenantId ?? "unknown",
+          // Should come from channel lookup
+          channelId,
+          platform: config.spec.platform,
+          payload,
+          // Raw webhook payload from gateway
+          headers,
+          timestamp
+        };
+        if (!SecurityHelpers.validateTimestamp(webhook.timestamp)) {
+          throw new Error("Webhook timestamp too old - possible replay attack");
+        }
+        if (config.validateWebhook) {
+          const isValid = await config.validateWebhook(webhook);
+          if (!isValid) {
+            throw new Error("Invalid webhook payload format");
+          }
+        }
+        if (config.validateSignature) {
+          const isValidSignature = config.validateSignature(webhook);
+          if (!isValidSignature) {
+            throw new Error("Webhook signature validation failed");
+          }
+        }
+        const normalizedMessages = await config.normalize(webhook);
+        const results = await Promise.allSettled(
+          normalizedMessages.map(async (message) => {
+            const payload2 = {
+              tenantId: webhook.tenantId,
+              channelId: webhook.channelId,
+              platform: webhook.platform,
+              message,
+              timestamp: Date.now()
+            };
+            return ctx.broker.sendToChannel(
+              INTEGRATION_CHANNELS.MESSAGE_RECEIVED,
+              payload2,
+              CHANNEL_CONFIG.HIGH_PRIORITY
+            );
+          })
+        );
+        const successful = results.filter(
+          (result) => result.status === "fulfilled"
+        ).length;
+        const failed = results.filter(
+          (result) => result.status === "rejected"
+        ).length;
+        if (failed > 0) {
+          const failures = results.filter((result) => result.status === "rejected").map((result) => result.reason);
+          ctx.broker.logger.warn(
+            `Webhook processing partial failure: ${failed}/${normalizedMessages.length} messages failed`,
+            { failures }
+          );
+        }
+        return { success: true, messages: successful, failed };
+      }
+    },
+    i_sendMessage: {
+      rest: {
+        method: "POST",
+        path: "/send"
+      },
+      params: {
+        message: "object",
+        channelId: "string"
+      },
+      async handler(ctx) {
+        const { message, channelId } = ctx.params;
+        const integrationConfig = await config.getChannelConfig(ctx, channelId);
+        if (!integrationConfig) {
+          throw new Error(`Channel configuration not found: ${channelId}`);
+        }
+        const result = await executeWithRetry(
+          () => config.sendMessage(ctx, message, integrationConfig),
+          3,
+          1e3,
+          `Send message via ${config.spec.platform}`
+        );
+        try {
+          if (result.success) {
+            const sentPayload = {
+              tenantId: integrationConfig.tenantId,
+              channelId,
+              platform: config.spec.platform,
+              messageId: result.messageId,
+              metadata: result.metadata,
+              timestamp: Date.now()
+            };
+            await ctx.broker.sendToChannel(
+              INTEGRATION_CHANNELS.MESSAGE_SENT,
+              sentPayload,
+              CHANNEL_CONFIG.DEFAULTS
+            );
+          } else {
+            const failedPayload = {
+              tenantId: integrationConfig.tenantId,
+              channelId,
+              platform: config.spec.platform,
+              error: result.error?.message ?? "Unknown error",
+              message,
+              timestamp: Date.now()
+            };
+            await ctx.broker.sendToChannel(
+              INTEGRATION_CHANNELS.MESSAGE_FAILED,
+              failedPayload,
+              CHANNEL_CONFIG.DEFAULTS
+            );
+          }
+        } catch (channelError) {
+          const err = channelError instanceof Error ? channelError : new Error(String(channelError));
+          ctx.broker.logger.warn("Failed to send message event to channel", {
+            error: err.message,
+            messageId: result.messageId,
+            platform: config.spec.platform
+          });
+        }
+        return result;
+      }
+    },
+    i_healthCheck: {
+      rest: {
+        method: "GET",
+        path: "/health"
+      },
+      params: {
+        config: { type: "object", optional: true }
+      },
+      async handler(ctx) {
+        try {
+          if (config.checkHealth) {
+            const integrationConfig = ctx.params.config;
+            if (integrationConfig) {
+              return await config.checkHealth(ctx, integrationConfig);
+            }
+          }
+          return {
+            status: "healthy",
+            message: `${config.spec.name} integration is running`,
+            details: {
+              id: config.spec.id,
+              version: config.spec.version,
+              timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+              capabilities: config.spec.capabilities
+            }
+          };
+        } catch (error) {
+          const err = error instanceof Error ? error : new Error(String(error));
+          return {
+            status: "unhealthy",
+            message: err.message,
+            details: {
+              id: config.spec.id,
+              timestamp: (/* @__PURE__ */ new Date()).toISOString()
+            }
+          };
+        }
+      }
+    },
+    i_verifyWebhook: {
+      rest: {
+        method: "GET",
+        path: "/:tenantId"
+      },
+      params: {
+        tenantId: "string",
+        mode: "string",
+        token: "string",
+        challenge: "string"
+      },
+      handler(ctx) {
+        if (config.verifyWebhook) {
+          const result = config.verifyWebhook(ctx.params);
+          return result ?? "";
+        }
+        return ctx.params.challenge;
+      }
+    },
+    i_validateCredentials: {
+      params: {
+        credentials: "object"
+      },
+      async handler(ctx) {
+        if (config.validateCredentials) {
+          return await config.validateCredentials(ctx.params.credentials);
+        }
+        return true;
+      }
+    }
+  };
+  if (config.actions) {
+    Object.assign(actions, config.actions);
+  }
+  const baseService = defineService({
+    name: config.name,
+    version: config.version,
+    settings: config.settings,
+    dependencies: config.dependencies,
+    datasources: config.datasources,
+    metadata: {
+      ...config.metadata,
+      spec: config.spec
+    },
+    actions,
+    events: config.events ?? {},
+    methods: {
+      ...config.methods ?? {},
+      // Add integration-specific methods to the service methods (filter out undefined)
+      // Required methods - no need for conditional
+      normalize: config.normalize,
+      getChannelConfig: config.getChannelConfig,
+      sendMessage: config.sendMessage,
+      // Optional methods
+      ...config.validateWebhook && { validateWebhook: config.validateWebhook },
+      ...config.verifyWebhook && { verifyWebhook: config.verifyWebhook },
+      ...config.checkHealth && { checkHealth: config.checkHealth },
+      ...config.validateCredentials && {
+        validateCredentials: config.validateCredentials
+      },
+      ...config.validateSignature && {
+        validateSignature: config.validateSignature
+      }
+    },
+    created: config.created,
+    started: config.started,
+    stopped: config.stopped
+  });
+  return {
+    ...baseService,
+    // Only add the integration spec
+    spec: config.spec
+  };
+}
+
+// src/types/platform.ts
+var IntegrationPlatform = /* @__PURE__ */ ((IntegrationPlatform2) => {
+  IntegrationPlatform2["WHATSAPP"] = "whatsapp";
+  IntegrationPlatform2["TELEGRAM"] = "telegram";
+  IntegrationPlatform2["SLACK"] = "slack";
+  IntegrationPlatform2["EMAIL"] = "email";
+  IntegrationPlatform2["SMS"] = "sms";
+  IntegrationPlatform2["INSTAGRAM"] = "instagram";
+  IntegrationPlatform2["FACEBOOK"] = "facebook";
+  IntegrationPlatform2["DISCORD"] = "discord";
+  IntegrationPlatform2["WEBCHAT"] = "webchat";
+  IntegrationPlatform2["CUSTOM"] = "custom";
+  return IntegrationPlatform2;
+})(IntegrationPlatform || {});
+var IntegrationStatus = /* @__PURE__ */ ((IntegrationStatus2) => {
+  IntegrationStatus2["CONFIGURED"] = "CONFIGURED";
+  IntegrationStatus2["ACTIVE"] = "ACTIVE";
+  IntegrationStatus2["INACTIVE"] = "INACTIVE";
+  IntegrationStatus2["ERROR"] = "ERROR";
+  IntegrationStatus2["SUSPENDED"] = "SUSPENDED";
+  return IntegrationStatus2;
+})(IntegrationStatus || {});
+var IntegrationCapability = /* @__PURE__ */ ((IntegrationCapability2) => {
+  IntegrationCapability2["SEND_MESSAGE"] = "send_message";
+  IntegrationCapability2["RECEIVE_MESSAGE"] = "receive_message";
+  IntegrationCapability2["SEND_IMAGE"] = "send_image";
+  IntegrationCapability2["SEND_VIDEO"] = "send_video";
+  IntegrationCapability2["SEND_AUDIO"] = "send_audio";
+  IntegrationCapability2["SEND_FILE"] = "send_file";
+  IntegrationCapability2["SEND_LOCATION"] = "send_location";
+  IntegrationCapability2["SEND_BUTTONS"] = "send_buttons";
+  IntegrationCapability2["SEND_CAROUSEL"] = "send_carousel";
+  IntegrationCapability2["TYPING_INDICATOR"] = "typing_indicator";
+  IntegrationCapability2["READ_RECEIPT"] = "read_receipt";
+  IntegrationCapability2["GROUP_CHAT"] = "group_chat";
+  IntegrationCapability2["REACTIONS"] = "reactions";
+  IntegrationCapability2["THREADS"] = "threads";
+  IntegrationCapability2["VOICE_CALL"] = "voice_call";
+  IntegrationCapability2["VIDEO_CALL"] = "video_call";
+  return IntegrationCapability2;
+})(IntegrationCapability || {});
+
+// src/types/message.ts
+var MessageContentType = /* @__PURE__ */ ((MessageContentType2) => {
+  MessageContentType2["TEXT"] = "text";
+  MessageContentType2["IMAGE"] = "image";
+  MessageContentType2["VIDEO"] = "video";
+  MessageContentType2["AUDIO"] = "audio";
+  MessageContentType2["FILE"] = "file";
+  MessageContentType2["LOCATION"] = "location";
+  MessageContentType2["BUTTONS"] = "buttons";
+  MessageContentType2["CAROUSEL"] = "carousel";
+  MessageContentType2["REACTION"] = "reaction";
+  return MessageContentType2;
+})(MessageContentType || {});
+
+// src/types/user.ts
+var UserRole = {
+  OWNER: "OWNER",
+  ADMIN: "ADMIN",
+  MANAGER: "MANAGER",
+  AGENT: "AGENT",
+  VIEWER: "VIEWER"
+};
+
+// src/datasources/base.datasource.ts
+var AbstractDatasource = class {
+  /**
+   * Default health check - always returns true
+   * Override for custom health check logic
+   */
+  async healthCheck() {
+    this.broker.logger.info(`Health check for datasource - ${this.name}`);
+    return true;
+  }
+  /**
+   * Default clear method - does nothing
+   * Override to implement clearing logic
+   */
+  async clear() {
+  }
+};
+
+// src/datasources/prisma.datasource.ts
+var PrismaDatasource = class extends AbstractDatasource {
+  constructor(prismaClient) {
+    super();
+    this.name = "prisma";
+    this._client = null;
+    this.providedClient = null;
+    this.providedClient = prismaClient ?? null;
+  }
+  /**
+   * Get Prisma client instance (singleton pattern)
+   */
+  get client() {
+    this._client ?? (this._client = this.initializePrismaClient());
+    this.updateTenantFromContext();
+    return this._client;
+  }
+  /**
+   * Initialize Prisma client using singleton pattern or provided instance
+   */
+  initializePrismaClient() {
+    if (this.providedClient) {
+      this.broker.logger.info("Using provided PrismaClient instance");
+      return this.providedClient;
+    }
+    if (!globalThis.__prisma) {
+      this.broker.logger.info("Creating new PrismaClient singleton");
+      const baseClient = this.createClient();
+      globalThis.__prisma = this.applyExtensions(baseClient);
+    } else {
+      this.broker.logger.info("Using existing PrismaClient singleton");
+    }
+    return globalThis.__prisma;
+  }
+  /**
+   * Create a new Prisma client instance
+   * Override this method in subclasses to provide the actual PrismaClient
+   */
+  createClient() {
+    throw new Error(
+      "createClient() must be implemented by subclass or provide PrismaClient in constructor. Example: class MyPrismaDataSource extends PrismaDatasource { protected createClient() { return new PrismaClient(); } }"
+    );
+  }
+  /**
+   * Apply extensions to the Prisma client
+   * Override this method to add production extensions like soft delete, audit trails, etc.
+   */
+  applyExtensions(client) {
+    return client;
+  }
+  /**
+   * Get extended client with all applied extensions
+   */
+  get extendedClient() {
+    return this.applyExtensions(this.client);
+  }
+  /**
+   * Initialize datasource - called after broker injection
+   */
+  async init() {
+    this.broker.logger.info("Initializing Prisma datasource");
+  }
+  /**
+   * Called automatically when context is injected
+   * Sets tenant context from service context if available
+   */
+  updateTenantFromContext() {
+    const tenantId = this.context?.meta?.tenantId;
+    if (tenantId && typeof tenantId === "string") {
+      this.setTenantContext(tenantId);
+    }
+  }
+  /**
+   * Connect to database - called when service starts
+   */
+  async connect() {
+    try {
+      this.broker.logger.info("Connecting to database via Prisma");
+      await this.client.$connect();
+      this.broker.logger.info("Successfully connected to database");
+    } catch (error) {
+      this.broker.logger.error("Failed to connect to database:", error);
+      throw error;
+    }
+  }
+  /**
+   * Disconnect from database - called when service stops
+   */
+  async disconnect() {
+    try {
+      this.broker.logger.info("Disconnecting from database");
+      await this.client.$disconnect();
+      this.broker.logger.info("Successfully disconnected from database");
+    } catch (error) {
+      this.broker.logger.error("Error disconnecting from database:", error);
+      throw error;
+    }
+  }
+  /**
+   * Health check - verify database connectivity
+   */
+  async healthCheck() {
+    try {
+      this.broker.logger.info("Running Prisma health check");
+      await this.client.$queryRaw`SELECT 1`;
+      this.broker.logger.info("Prisma health check passed");
+      return true;
+    } catch (error) {
+      this.broker.logger.error("Prisma health check failed:", error);
+      return false;
+    }
+  }
+  /**
+   * Clear/reset data - useful for testing
+   */
+  async clear() {
+    if (isTest || isDev) {
+      this.broker.logger.warn(
+        "Clearing database (only allowed in test/dev mode)"
+      );
+      const modelNames = Object.keys(this.client).filter(
+        (key) => !key.startsWith("_") && !key.startsWith("$")
+      );
+      for (const modelName of modelNames.reverse()) {
+        try {
+          const model = this.client[modelName];
+          if (model.deleteMany) {
+            await model.deleteMany();
+          }
+        } catch (error) {
+          this.broker.logger.debug(`Could not clear ${modelName}:`, error);
+        }
+      }
+    } else {
+      throw new Error(
+        "Database clear is only allowed in test/development environments"
+      );
+    }
+  }
+  /**
+   * Transaction wrapper with proper error handling
+   */
+  async transaction(fn, options) {
+    try {
+      return await this.client.$transaction(
+        (tx) => fn(tx),
+        options
+      );
+    } catch (error) {
+      this.broker.logger.error("Transaction failed:", error);
+      throw error;
+    }
+  }
+  /**
+   * Set tenant context for multi-tenant applications
+   * Requires tenant extension to be applied
+   */
+  setTenantContext(tenantId) {
+    const tenantClient = this.client;
+    if (tenantClient.$setTenant) {
+      tenantClient.$setTenant(tenantId);
+      this.broker.logger.debug("Tenant context set:", { tenantId });
+    } else {
+      this.broker.logger.warn(
+        "Tenant extension not available - setTenantContext ignored"
+      );
+    }
+  }
+  /**
+   * Get current tenant context
+   */
+  getCurrentTenant() {
+    const tenantClient = this.client;
+    if (tenantClient.$getCurrentTenant) {
+      return tenantClient.$getCurrentTenant();
+    }
+    return null;
+  }
+  /**
+   * Execute with tenant context (automatically restores previous context)
+   */
+  async withTenant(tenantId, fn) {
+    const previousTenant = this.getCurrentTenant();
+    try {
+      this.setTenantContext(tenantId);
+      return await fn();
+    } finally {
+      if (previousTenant) {
+        this.setTenantContext(previousTenant);
+      } else {
+        const tenantClient = this.client;
+        if (tenantClient.$clearTenant) {
+          tenantClient.$clearTenant();
+        }
+      }
+    }
+  }
+};
+
+// src/datasources/extensions/soft-delete.extension.ts
+var softDeleteExtension = {
+  name: "SoftDelete",
+  query: {
+    // Apply to all models
+    $allModels: {
+      // Override findMany to exclude soft deleted records
+      async findMany({ args, query }) {
+        args.where ?? (args.where = {});
+        if (args.where.deletedAt === void 0) {
+          args.where.deletedAt = null;
+        }
+        return query(args);
+      },
+      // Override findUnique to exclude soft deleted records
+      async findUnique({ args, query }) {
+        args.where ?? (args.where = {});
+        if (args.where.deletedAt === void 0) {
+          args.where.deletedAt = null;
+        }
+        return query(args);
+      },
+      // Override findFirst to exclude soft deleted records
+      async findFirst({ args, query }) {
+        args.where ?? (args.where = {});
+        if (args.where.deletedAt === void 0) {
+          args.where.deletedAt = null;
+        }
+        return query(args);
+      },
+      // Override delete to set deletedAt instead
+      async delete({ args, query }) {
+        return query({
+          ...args,
+          data: { deletedAt: /* @__PURE__ */ new Date() }
+        });
+      },
+      // Override deleteMany to set deletedAt instead
+      async deleteMany({ args, query }) {
+        return query({
+          ...args,
+          data: { deletedAt: /* @__PURE__ */ new Date() }
+        });
+      }
+    }
+  },
+  model: {
+    $allModels: {
+      // Add restore method to all models
+      async restore(where) {
+        const context = globalThis.Prisma?.getExtensionContext?.(this) ?? this;
+        return context.update({
+          where,
+          data: { deletedAt: null }
+        });
+      },
+      // Add findWithDeleted method to include soft deleted records
+      async findWithDeleted(args) {
+        const context = globalThis.Prisma?.getExtensionContext?.(this) ?? this;
+        return context.findMany({
+          ...args,
+          where: {
+            ...args.where
+            // Don't filter by deletedAt
+          }
+        });
+      },
+      // Add findDeleted method to find only soft deleted records
+      async findDeleted(args) {
+        const context = globalThis.Prisma?.getExtensionContext?.(this) ?? this;
+        return context.findMany({
+          ...args,
+          where: {
+            ...args.where,
+            deletedAt: { not: null }
+          }
+        });
+      }
+    }
+  }
+};
+
+// src/datasources/extensions/tenant.extension.ts
+function createTenantExtension() {
+  const tenantContext = {
+    currentTenantId: null
+  };
+  return {
+    name: "Tenant",
+    client: {
+      // Set tenant context
+      $setTenant(tenantId) {
+        tenantContext.currentTenantId = tenantId;
+      },
+      // Get current tenant
+      $getCurrentTenant() {
+        return tenantContext.currentTenantId;
+      },
+      // Clear tenant context
+      $clearTenant() {
+        tenantContext.currentTenantId = null;
+      }
+    },
+    query: {
+      $allModels: {
+        // Automatically add tenantId filter to all read operations
+        async findMany({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.where ?? (args.where = {});
+            (_a = args.where).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        },
+        async findUnique({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.where ?? (args.where = {});
+            (_a = args.where).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        },
+        async findFirst({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.where ?? (args.where = {});
+            (_a = args.where).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        },
+        // Automatically add tenantId to create operations
+        async create({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.data ?? (args.data = {});
+            (_a = args.data).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        },
+        // Add tenantId filter to update operations
+        async update({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.where ?? (args.where = {});
+            (_a = args.where).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        },
+        // Add tenantId filter to delete operations
+        async delete({ args, query }) {
+          var _a;
+          if (tenantContext.currentTenantId) {
+            args.where ?? (args.where = {});
+            (_a = args.where).tenantId ?? (_a.tenantId = tenantContext.currentTenantId);
+          }
+          return query(args);
+        }
+      }
+    }
+  };
+}
+
+// src/datasources/extensions/retry.extension.ts
+var retryExtension = {
+  name: "Retry",
+  client: {
+    async $retryTransaction(fn, options = {}) {
+      const {
+        maxRetries = 3,
+        baseDelay = 100,
+        maxDelay = 5e3,
+        retryableErrors = [
+          "P2034",
+          // Transaction failed due to a write conflict
+          "P2002",
+          // Unique constraint failed
+          "P5000"
+          // Raw query failed
+        ]
+      } = options;
+      let lastError;
+      for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+          return await this.$transaction(fn, {
+            timeout: 1e4,
+            maxWait: 5e3
+          });
+        } catch (error) {
+          lastError = error;
+          const isRetryable = retryableErrors.some(
+            (code) => error.code === code || error.message?.includes(code)
+          );
+          if (!isRetryable || attempt === maxRetries) {
+            throw error;
+          }
+          const delay = Math.min(
+            baseDelay * Math.pow(2, attempt) + Math.random() * 100,
+            maxDelay
+          );
+          if (typeof globalThis !== "undefined" && globalThis.console) {
+            globalThis.console.warn(
+              `Transaction retry ${attempt + 1}/${maxRetries} after ${delay}ms:`,
+              {
+                error: error.message,
+                code: error.code
+              }
+            );
+          }
+          await new Promise((resolve) => setTimeout(resolve, delay));
+        }
+      }
+      throw lastError ?? new Error("Transaction failed after maximum retries");
+    }
+  }
+};
+
+export { AbstractDatasource, CHANNELS, ContextHelpersMiddleware, CreateHealthCheckMiddleware, DatasourceMixin, HEALTH_CHECK_DEFAULTS, INTEGRATION_CHANNELS, IntegrationCapability, IntegrationPlatform, IntegrationStatus, MemoizeMixin, MessageContentType, NAMESPACE, PERMISSIONS, PermissionsMiddleware, PrismaDatasource, REDIS_URL, ROLE_PERMISSIONS, UserRole, createDatasourceMiddleware, createTenantExtension, defineIntegration, defineService, env_default as env, isDev, isProd, isTest, moleculer_default as moleculer, nodeEnv, omit, retryExtension, softDeleteExtension };