@wildo-ai/platform-config-lib 1.0.1

package/dist/esm/infra-managers/mongo-atlas-manager.service.js

@@ -0,0 +1,307 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { injectable, inject } from 'inversify';
+import { WildoHeaderKeys } from '@wildo-ai/saas-models';
+import axios from 'axios';
+import crypto from 'crypto';
+import { PLATFORM_RUNTIME_BRIDGE_TYPES, } from '../runtime-bridge/platform-runtime-bridge.contracts.js';
+/**
+ * MongoDB Atlas Manager Service
+ * Manages MongoDB Atlas clusters, databases, and users via Atlas API
+ */
+let MongoAtlasManagerService = class MongoAtlasManagerService {
+    logger;
+    apiClient;
+    config = null;
+    logDebug;
+    constructor(logger) {
+        this.logger = logger;
+        this.logDebug = this.logger.debugByType('MongoAtlasManagerService');
+        this.logger.setDebugTypeLogging('MongoAtlasManagerService', true);
+        this.logDebug('MongoDB Atlas manager service initialized');
+        this.apiClient = axios.create({
+            timeout: 30000,
+            headers: {
+                [WildoHeaderKeys.CONTENT_TYPE]: 'application/json',
+                [WildoHeaderKeys.ACCEPT]: 'application/json'
+            }
+        });
+    }
+    /**
+     * Initialize Atlas API configuration
+     */
+    initialize(config) {
+        this.config = config;
+        // Atlas API uses HTTP Digest auth; we'll implement per-request digest
+        this.apiClient.defaults.baseURL = config.baseUrl;
+        this.logDebug('MongoDB Atlas API configured', {
+            baseUrl: config.baseUrl,
+            projectId: config.projectId,
+            hasCredentials: !!(config.publicKey && config.privateKey)
+        });
+    }
+    /**
+     * Check if Atlas API is configured and ready to use
+     * @returns true if initialize() has been called with valid config
+     */
+    isConfigured() {
+        return this.config !== null && !!this.config.publicKey && !!this.config.privateKey;
+    }
+    /**
+     * Get cluster information
+     */
+    async getCluster(clusterName) {
+        if (!this.config)
+            throw new Error('Atlas API not configured. Call initialize() first.');
+        this.logDebug('Getting MongoDB Atlas cluster info', { clusterName });
+        const data = await this.digestRequest('GET', `/groups/${this.config.projectId}/clusters/${encodeURIComponent(clusterName)}`);
+        return data;
+    }
+    /**
+     * List clusters in the Atlas project
+     */
+    async listClusters() {
+        if (!this.config)
+            throw new Error('Atlas API not configured. Call initialize() first.');
+        this.logDebug('Listing MongoDB Atlas clusters');
+        const data = await this.digestRequest('GET', `/groups/${this.config.projectId}/clusters`);
+        return (data?.results || []);
+    }
+    /**
+     * Create a database-scoped user with readWrite role on a specific database
+     */
+    async createDatabaseUser(input) {
+        if (!this.config)
+            throw new Error('Atlas API not configured. Call initialize() first.');
+        const payload = {
+            databaseName: 'admin',
+            username: input.username,
+            password: input.password,
+            roles: [
+                {
+                    roleName: 'readWrite',
+                    databaseName: input.databaseName,
+                },
+            ],
+            scopes: [
+                {
+                    name: input.clusterName,
+                    type: 'CLUSTER',
+                },
+            ],
+        };
+        this.logDebug('Creating Atlas DB user', { username: input.username, db: input.databaseName, cluster: input.clusterName });
+        try {
+            const response = await this.digestRequest('POST', `/groups/${this.config.projectId}/databaseUsers`, payload);
+            // Ensure roles/scopes are set as expected (idempotent)
+            await this.ensureUserRoleOnDb(input.username, input.databaseName, input.clusterName);
+            return response;
+        }
+        catch (e) {
+            // If user already exists or POST fails, try to update (idempotent behavior)
+            this.logDebug('Create user failed, attempting to update existing Atlas DB user', { username: input.username });
+            const updatePath = `/groups/${this.config.projectId}/databaseUsers/admin/${encodeURIComponent(input.username)}`;
+            const updatePayload = {
+                roles: payload.roles,
+                scopes: payload.scopes,
+                // password is optional on update; include only if provided in input
+                ...(input.password ? { password: input.password } : {})
+            };
+            const patched = await this.digestRequest('PATCH', updatePath, updatePayload);
+            // Ensure roles/scopes are set as expected (idempotent)
+            await this.ensureUserRoleOnDb(input.username, input.databaseName, input.clusterName);
+            return patched;
+        }
+    }
+    async ensureUserRoleOnDb(username, databaseName, clusterName) {
+        if (!this.config)
+            throw new Error('Atlas API not configured. Call initialize() first.');
+        const path = `/groups/${this.config.projectId}/databaseUsers/admin/${encodeURIComponent(username)}`;
+        const user = await this.digestRequest('GET', path);
+        const hasRole = Array.isArray(user?.roles) && user.roles.some((r) => r?.roleName === 'readWrite' && r?.databaseName === databaseName);
+        const hasScope = Array.isArray(user?.scopes) && user.scopes.some((s) => s?.type === 'CLUSTER' && s?.name === clusterName);
+        if (!hasRole || !hasScope) {
+            const updatePayload = {
+                roles: [{ roleName: 'readWrite', databaseName }],
+                scopes: [{ name: clusterName, type: 'CLUSTER' }]
+            };
+            await this.digestRequest('PATCH', path, updatePayload);
+        }
+    }
+    /**
+     * Delete a database user
+     */
+    async deleteDatabaseUser(username) {
+        if (!this.config)
+            throw new Error('Atlas API not configured. Call initialize() first.');
+        this.logDebug('Deleting Atlas DB user', { username });
+        await this.digestRequest('DELETE', `/groups/${this.config.projectId}/databaseUsers/admin/${encodeURIComponent(username)}`);
+    }
+    /**
+     * Get connection string for a cluster
+     */
+    async getConnectionString(input) {
+        const cluster = await this.getCluster(input.clusterName);
+        if (input.type === 'standard') {
+            const conn = cluster.mongoURI || cluster.mongoURIWithOptions;
+            if (!conn)
+                throw new Error('Standard connection string not available');
+            return { connectionString: conn };
+        }
+        const conn = cluster.srvAddress || cluster.mongoURIWithOptions;
+        if (!conn)
+            throw new Error('SRV connection string not available');
+        return { connectionString: conn };
+    }
+    /**
+     * Check cluster status
+     */
+    async getClusterStatus(clusterName) {
+        try {
+            const cluster = await this.getCluster(clusterName);
+            const state = cluster.stateName;
+            const healthy = state === 'IDLE' || state === 'UPDATING' || state === 'CREATING';
+            return { state, healthy };
+        }
+        catch (error) {
+            this.logger.error('Failed to check MongoDB Atlas cluster status:', {
+                clusterName,
+                error: error instanceof Error ? error.message : 'Unknown error',
+            });
+            return { state: 'UNKNOWN', healthy: false };
+        }
+    }
+    /**
+     * High-level helper: create per-application database user and return connection string
+     * Atlas does not require an explicit DB create; creating a collection or inserting first document creates it.
+     * Here we only create the user scoped to the cluster and database.
+     */
+    async createApplicationDatabase(input) {
+        await this.createDatabaseUser({
+            clusterName: input.clusterName,
+            databaseName: input.databaseName,
+            username: input.username,
+            password: input.password,
+        });
+        const { connectionString } = await this.getConnectionString({ clusterName: input.clusterName, type: 'srv' });
+        // Ensure the returned SRV URI targets the intended database (avoid defaulting to 'test')
+        let connectionStringWithDb = connectionString;
+        if (!/mongodb\+srv:\/\/[^/]+\/.+/.test(connectionString)) {
+            connectionStringWithDb = connectionString.includes('?')
+                ? connectionString.replace('?', `/${encodeURIComponent(input.databaseName)}?`)
+                : `${connectionString}/${encodeURIComponent(input.databaseName)}`;
+        }
+        // Inject credentials (username:password) and ensure authSource=admin
+        let credentialed = connectionStringWithDb;
+        if (!/^mongodb\+srv:\/\/[^@]+@/i.test(credentialed)) {
+            credentialed = credentialed.replace(/^mongodb\+srv:\/\//i, `mongodb+srv://${encodeURIComponent(input.username)}:${encodeURIComponent(input.password)}@`);
+        }
+        if (!/[?&]authSource=/.test(credentialed)) {
+            credentialed += credentialed.includes('?') ? '&authSource=admin' : '?authSource=admin';
+        }
+        return {
+            databaseName: input.databaseName,
+            username: input.username,
+            connectionString: credentialed,
+        };
+    }
+};
+MongoAtlasManagerService = __decorate([
+    injectable(),
+    __param(0, inject(PLATFORM_RUNTIME_BRIDGE_TYPES.Logger)),
+    __metadata("design:paramtypes", [Object])
+], MongoAtlasManagerService);
+export { MongoAtlasManagerService };
+// =============================
+// HTTP Digest helper methods
+// =============================
+function md5Hex(value) {
+    return crypto.createHash('md5').update(value).digest('hex');
+}
+function parseDigestChallenge(header) {
+    // header format: Digest realm="...", nonce="...", qop="auth", opaque="..."
+    const challenge = { realm: '', nonce: '' };
+    const parts = header.replace(/^Digest\s+/i, '').split(/,\s*/);
+    for (const part of parts) {
+        const [k, v] = part.split('=');
+        const val = v?.replace(/^"|"$/g, '') || '';
+        if (k === 'realm')
+            challenge.realm = val;
+        if (k === 'nonce')
+            challenge.nonce = val;
+        if (k === 'qop')
+            challenge.qop = val;
+        if (k === 'opaque')
+            challenge.opaque = val;
+        if (k === 'algorithm')
+            challenge.algorithm = val;
+    }
+    if (!challenge.realm || !challenge.nonce)
+        return null;
+    return challenge;
+}
+function buildDigestHeader({ method, uri, username, password, challenge, cnonce, nc }) {
+    const ha1 = md5Hex(`${username}:${challenge.realm}:${password}`);
+    const ha2 = md5Hex(`${method}:${uri}`);
+    const response = md5Hex(`${ha1}:${challenge.nonce}:${nc}:${cnonce}:${challenge.qop || 'auth'}:${ha2}`);
+    const hdr = [
+        `Digest username="${username}"`,
+        `realm="${challenge.realm}"`,
+        `nonce="${challenge.nonce}"`,
+        `uri="${uri}"`,
+        `qop=${challenge.qop || 'auth'}`,
+        `nc=${nc}`,
+        `cnonce="${cnonce}"`,
+        `response="${response}"`,
+    ];
+    if (challenge.opaque)
+        hdr.push(`opaque="${challenge.opaque}"`);
+    if (challenge.algorithm)
+        hdr.push(`algorithm=${challenge.algorithm}`);
+    return hdr.join(', ');
+}
+MongoAtlasManagerService.prototype.digestRequest = async function (method, path, body) {
+    if (!this.config)
+        throw new Error('Atlas API not configured. Call initialize() first.');
+    // 1) Probe request to get challenge
+    const probe = await this.apiClient.request({ method, url: path, data: body, validateStatus: () => true });
+    const www = probe.headers[WildoHeaderKeys.WWW_AUTHENTICATE];
+    const challenge = www ? parseDigestChallenge(www) : null;
+    if (!challenge) {
+        if (probe.status >= 200 && probe.status < 300)
+            return probe.data;
+        throw new Error(`Atlas auth challenge not received: status ${probe.status}`);
+    }
+    // 2) Build digest header
+    const cnonce = crypto.randomBytes(8).toString('hex');
+    const nc = '00000001';
+    const authHeader = buildDigestHeader({
+        method,
+        uri: path,
+        username: this.config.publicKey,
+        password: this.config.privateKey,
+        challenge,
+        cnonce,
+        nc,
+    });
+    const resp = await this.apiClient.request({
+        method,
+        url: path,
+        data: body,
+        headers: { Authorization: authHeader }
+    });
+    if (resp.status >= 200 && resp.status < 300)
+        return resp.data;
+    throw new Error(`Atlas request failed: status ${resp.status}`);
+};
+//# sourceMappingURL=mongo-atlas-manager.service.js.map

package/dist/esm/infra-managers/mongo-atlas-manager.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongo-atlas-manager.service.js","sourceRoot":"","sources":["../../../src/infra-managers/mongo-atlas-manager.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,KAAwB,MAAM,OAAO,CAAC;AAC7C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,6BAA6B,GAE9B,MAAM,qDAAqD,CAAC;AAe7D;;;GAGG;AAEI,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IAOqB;IANhD,SAAS,CAAgB;IACzB,MAAM,GAA0B,IAAI,CAAC;IAEnC,QAAQ,CAA+D;IAEjF,YACwD,MAA6B;QAA7B,WAAM,GAAN,MAAM,CAAuB;QAEnF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,CAAC,2CAA2C,CAAC,CAAC;QAE3D,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE;gBACP,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,kBAAkB;gBAClD,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,kBAAkB;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,UAAU,CAAC,MAAsB;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,sEAAsE;QACtE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,8BAA8B,EAAE;YAC5C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,cAAc,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,CAAC;SAC1D,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACI,YAAY;QACjB,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;IACrF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,WAAmB;QACzC,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ,CAAC,oCAAoC,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAmB,KAAK,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,aAAa,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC/I,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ,CAAC,gCAAgC,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAM,KAAK,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,WAAW,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAuB,CAAC;IACrD,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAAC,KAA8B;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxF,MAAM,OAAO,GAAG;YACd,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,WAAW;oBACrB,YAAY,EAAE,KAAK,CAAC,YAAY;iBACjC;aACF;YACD,MAAM,EAAE;gBACN;oBACE,IAAI,EAAE,KAAK,CAAC,WAAW;oBACvB,IAAI,EAAE,SAAkB;iBACzB;aACF;SACF,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE,KAAK,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1H,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,gBAAgB,EAAE,OAAO,CAAC,CAAC;YAC7G,uDAAuD;YACvD,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;YACrF,OAAO,QAAsC,CAAC;QAChD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,4EAA4E;YAC5E,IAAI,CAAC,QAAQ,CAAC,iEAAiE,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/G,MAAM,UAAU,GAAG,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,wBAAwB,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChH,MAAM,aAAa,GAAG;gBACpB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,oEAAoE;gBACpE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACxD,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;YAC7E,uDAAuD;YACvD,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;YACrF,OAAO,OAAqC,CAAC;QAC/C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,QAAgB,EAAE,YAAoB,EAAE,WAAmB;QAC1F,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxF,MAAM,IAAI,GAAG,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,wBAAwB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpG,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAM,KAAK,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,QAAQ,KAAK,WAAW,IAAI,CAAC,EAAE,YAAY,KAAK,YAAY,CAAC,CAAC;QAC3I,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,SAAS,IAAI,CAAC,EAAE,IAAI,KAAK,WAAW,CAAC,CAAC;QAC/H,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,aAAa,GAAQ;gBACzB,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;gBAChD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAkB,EAAE,CAAC;aAC1D,CAAC;YACF,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QAC9C,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,SAAS,wBAAwB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7H,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,KAAmC;QAClE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,mBAAmB,CAAC;YAC7D,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YACvE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;QACpC,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,mBAAmB,CAAC;QAC/D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAClE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAAC,WAAmB;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC;YAChC,MAAM,OAAO,GAAG,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,UAAU,CAAC;YACjF,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE;gBACjE,WAAW;gBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAChE,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,yBAAyB,CAAC,KAAqC;QAC1E,MAAM,IAAI,CAAC,kBAAkB,CAAC;YAC5B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC,CAAC;QACH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7G,yFAAyF;QACzF,IAAI,sBAAsB,GAAG,gBAAgB,CAAC;QAC9C,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACzD,sBAAsB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACrD,CAAC,CAAC,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC;gBAC9E,CAAC,CAAC,GAAG,gBAAgB,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;QACtE,CAAC;QACD,qEAAqE;QACrE,IAAI,YAAY,GAAG,sBAAsB,CAAC;QAC1C,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,YAAY,GAAG,YAAY,CAAC,OAAO,CACjC,qBAAqB,EACrB,iBAAiB,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAC7F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1C,YAAY,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,mBAAmB,CAAC;QACzF,CAAC;QACD,OAAO;YACL,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,YAAY;SAC/B,CAAC;IACJ,CAAC;CACF,CAAA;AA3MY,wBAAwB;IADpC,UAAU,EAAE;IAQR,WAAA,MAAM,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAA;;GAPpC,wBAAwB,CA2MpC;;AAED,gCAAgC;AAChC,6BAA6B;AAC7B,gCAAgC;AAEhC,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC;AAUD,SAAS,oBAAoB,CAAC,MAAc;IAC1C,2EAA2E;IAC3E,MAAM,SAAS,GAAoB,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAS,CAAC;IACnE,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,KAAK,OAAO;YAAE,SAAS,CAAC,KAAK,GAAG,GAAG,CAAC;QACzC,IAAI,CAAC,KAAK,OAAO;YAAE,SAAS,CAAC,KAAK,GAAG,GAAG,CAAC;QACzC,IAAI,CAAC,KAAK,KAAK;YAAE,SAAS,CAAC,GAAG,GAAG,GAAG,CAAC;QACrC,IAAI,CAAC,KAAK,QAAQ;YAAE,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC;QAC3C,IAAI,CAAC,KAAK,WAAW;YAAE,SAAS,CAAC,SAAS,GAAG,GAAG,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,EACzB,MAAM,EACN,GAAG,EACH,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,MAAM,EACN,EAAE,EASH;IACC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,QAAQ,IAAI,SAAS,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,IAAI,EAAE,IAAI,MAAM,IAAI,SAAS,CAAC,GAAG,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC;IACvG,MAAM,GAAG,GAAG;QACV,oBAAoB,QAAQ,GAAG;QAC/B,UAAU,SAAS,CAAC,KAAK,GAAG;QAC5B,UAAU,SAAS,CAAC,KAAK,GAAG;QAC5B,QAAQ,GAAG,GAAG;QACd,OAAO,SAAS,CAAC,GAAG,IAAI,MAAM,EAAE;QAChC,MAAM,EAAE,EAAE;QACV,WAAW,MAAM,GAAG;QACpB,aAAa,QAAQ,GAAG;KACzB,CAAC;IACF,IAAI,SAAS,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/D,IAAI,SAAS,CAAC,SAAS;QAAE,GAAG,CAAC,IAAI,CAAC,aAAa,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAOD,wBAAwB,CAAC,SAAS,CAAC,aAAa,GAAG,KAAK,WAAU,MAA2C,EAAE,IAAY,EAAE,IAAU;IACrI,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxF,oCAAoC;IACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1G,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,gBAAgB,CAAuB,CAAC;IAClF,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC,IAAW,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,yBAAyB;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,MAAM,EAAE,GAAG,UAAU,CAAC;IACtB,MAAM,UAAU,GAAG,iBAAiB,CAAC;QACnC,MAAM;QACN,GAAG,EAAE,IAAI;QACT,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;QAC/B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;QAChC,SAAS;QACT,MAAM;QACN,EAAE;KACH,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;QACxC,MAAM;QACN,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE;KACvC,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC,IAAW,CAAC;IACrE,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AACjE,CAAC,CAAC"}

package/dist/esm/infra-managers/postgresql-manager.service.d.ts

@@ -0,0 +1,115 @@
+import { type PlatformRuntimeLogger } from '../runtime-bridge/platform-runtime-bridge.contracts.js';
+import { PostgreSQLAdminConfig, PostgreSQLCreateDatabaseInput, PostgreSQLCreateDatabaseResult, PostgreSQLDeleteDatabaseInput, PostgreSQLDeleteDatabaseResult } from './infra-manager.models.js';
+/**
+ * PostgreSQL Connection Manager Service
+ *
+ * Manages PostgreSQL connections and database provisioning for applications.
+ * Used by the PlatformInfrastructureManagerService to create databases for
+ * applications that opt into PostgreSQL as their persistence adapter.
+ *
+ * Key Features:
+ * - Admin connection management with retry logic
+ * - Database creation (CREATE DATABASE, CREATE USER, GRANT)
+ * - Database deletion (terminate connections, DROP DATABASE/USER)
+ * - Idempotent operations (safe to call multiple times)
+ * - URL-encoded password handling for special characters
+ *
+ * @see DATABASE_AGNOSTIC_REPOSITORY_ANALYSIS.md Section 19.2
+ */
+export declare class PostgreSQLConnectionManagerService {
+    private logger;
+    private adminPool;
+    private adminConfig;
+    protected logDebug: (message: string, context?: Record<string, unknown>) => void;
+    constructor(logger: PlatformRuntimeLogger);
+    /**
+     * Check if PostgreSQL admin is initialized and ready to use
+     * @returns true if initializeAdmin() has been called successfully
+     */
+    isAdminInitialized(): boolean;
+    /**
+     * Initialize PostgreSQL admin connection with retry logic.
+     * Waits for PostgreSQL to be ready before returning.
+     *
+     * @param config - PostgreSQL admin configuration
+     * @param maxRetries - Maximum number of retry attempts (default: 10)
+     * @param retryDelayMs - Delay between retries in milliseconds (default: 3000)
+     * @throws Error if connection cannot be established after all retries
+     */
+    initializeAdmin(config: PostgreSQLAdminConfig, maxRetries?: number, retryDelayMs?: number): Promise<void>;
+    private sleep;
+    /**
+     * Create a new application database with dedicated user.
+     *
+     * Operations performed:
+     * 1. CREATE USER with LOGIN privilege
+     * 2. CREATE DATABASE owned by user
+     * 3. GRANT all privileges on database to user
+     *
+     * This operation is idempotent - if database/user already exist,
+     * it will verify ownership and update password if needed.
+     *
+     * @param input - Database creation parameters
+     * @returns Result including connection URL
+     */
+    createApplicationDatabase(input: PostgreSQLCreateDatabaseInput): Promise<PostgreSQLCreateDatabaseResult>;
+    /**
+     * Delete an application database and its user.
+     *
+     * Operations performed:
+     * 1. Terminate all connections to the database
+     * 2. DROP DATABASE
+     * 3. DROP USER
+     *
+     * This operation is idempotent - if database/user don't exist,
+     * it will return successfully.
+     *
+     * @param input - Database deletion parameters
+     * @returns Result indicating what was deleted
+     */
+    deleteApplicationDatabase(input: PostgreSQLDeleteDatabaseInput): Promise<PostgreSQLDeleteDatabaseResult>;
+    /**
+     * Run Prisma migrations on a database.
+     *
+     * This spawns a child process to run `npx prisma migrate deploy`
+     * with the provided connection URL and schema path.
+     *
+     * @param connectionUrl - PostgreSQL connection URL
+     * @param schemaPath - Path to Prisma schema file
+     * @returns Promise that resolves when migrations complete
+     */
+    runMigrations(connectionUrl: string, schemaPath: string): Promise<{
+        success: boolean;
+        output: string;
+    }>;
+    /**
+     * Check if a database exists
+     */
+    private databaseExists;
+    /**
+     * Check if a user exists
+     */
+    private userExists;
+    /**
+     * Validate a SQL identifier to prevent injection
+     * Only allows alphanumeric characters and underscores
+     */
+    private validateIdentifier;
+    /**
+     * Quote an identifier for safe use in SQL
+     * This is a simple implementation - pg library handles most escaping
+     */
+    private quoteIdentifier;
+    /**
+     * Get the current health status of the admin connection
+     */
+    getAdminHealth(): Promise<{
+        status: 'connected' | 'disconnected';
+        latency?: number;
+    }>;
+    /**
+     * Close the admin connection pool
+     */
+    closeAdmin(): Promise<void>;
+}
+//# sourceMappingURL=postgresql-manager.service.d.ts.map

package/dist/esm/infra-managers/postgresql-manager.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgresql-manager.service.d.ts","sourceRoot":"","sources":["../../../src/infra-managers/postgresql-manager.service.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,qDAAqD,CAAC;AAC7D,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,8BAA8B,EAC9B,6BAA6B,EAC7B,8BAA8B,EAC/B,MAAM,wBAAwB,CAAC;AAEhC;;;;;;;;;;;;;;;GAeG;AACH,qBACa,kCAAkC;IAMG,OAAO,CAAC,MAAM;IAL9D,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,WAAW,CAAsC;IACzD,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;gBAGzB,MAAM,EAAE,qBAAqB;IAWrF;;;OAGG;IACI,kBAAkB,IAAI,OAAO;IAIpC;;;;;;;;OAQG;IACU,eAAe,CAC1B,MAAM,EAAE,qBAAqB,EAC7B,UAAU,GAAE,MAAW,EACvB,YAAY,GAAE,MAAa,GAC1B,OAAO,CAAC,IAAI,CAAC;IAkEhB,OAAO,CAAC,KAAK;IAQb;;;;;;;;;;;;;OAaG;IACU,yBAAyB,CACpC,KAAK,EAAE,6BAA6B,GACnC,OAAO,CAAC,8BAA8B,CAAC;IAqE1C;;;;;;;;;;;;;OAaG;IACU,yBAAyB,CACpC,KAAK,EAAE,6BAA6B,GACnC,OAAO,CAAC,8BAA8B,CAAC;IAiE1C;;;;;;;;;OASG;IACU,aAAa,CACxB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAkDhD;;OAEG;YACW,cAAc;IAQ5B;;OAEG;YACW,UAAU;IAQxB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAS1B;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC;QAAE,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAoBlG;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAQzC"}