Split PR #522 [3/9]: Core framework (DDD refactor)

[seanspeaks]

Summary

• Core framework changes: DDD refactor, mongoose removal, repository factories, webhook fixes
• 326 files, ~36,466 lines added / ~4,965 removed
• This is the foundational split — PRs 4-8 depend on these core changes

Stack

This is PR 3 of 9 splitting #522 into reviewable chunks:

1. Docs → claude/split-522-01-docs
2. Schemas → claude/split-522-02-schemas
3. Core ← you are here
4. Admin Scripts → claude/split-522-04-admin-scripts
5. AI Agents → claude/split-522-05-ai-agents
6. UI Library → claude/split-522-06-ui-lib
7. CLI → claude/split-522-07-cli
8. Management UI → claude/split-522-08-management-ui
9. E2E & Lockfile → claude/split-522-09-e2e-and-lockfile

Test plan

• Run core package tests (npm test -w packages/core)
• Verify barrel exports in packages/core/index.js
• Check repository factory pattern works correctly
• Verify webhook handler changes

https://claude.ai/code/session_01D3qzNKrmQXgSJoV6BJkcbQ

[sonarqubecloud]

Quality Gate failed

Failed conditions
12 Security Hotspots
10.9% Duplication on New Code (required ≤ 3%)
D Reliability Rating on New Code (required ≥ A)
B Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[d-klotz]

We dont use mongoose anymore, everything needs to go through Prisma.
Please remove this.

[d-klotz]

mongoose is wrong here as well, keep "database"

[d-klotz]

We should keep using bson here instead of mongodb dependency.

[d-klotz]

We should not add this kind of logic into the repositories.
Ideally we should have an additional method called findCredentialsByUserId

[d-klotz]

We should not add this kind of logic into the repositories.
Ideally we should have an additional method called findCredentialsByUserId

[d-klotz]

This must be removed, we don't use mongoose anymore, everything needs to go through Prisma.

Please check the whole file and revert if necessary.

[d-klotz]

This must be removed, we don't use mongoose anymore, everything needs to go through Prisma.

Please check the whole file and revert if necessary.

[d-klotz]

This must be removed, we don't use mongoose anymore, everything needs to go through Prisma.

Please check the whole file and revert if necessary.

[d-klotz]

This must be removed, we don't use mongoose anymore, everything needs to go through Prisma.

Please check the whole file and revert if necessary.

[d-klotz]

Remove mongoose and add bson back.

[d-klotz]

Code review

Found 10 issues (6 runtime bugs, 4 architecture violations):

1. v2 authorize routes call processAuthorizationStep.execute() with wrong argument order -- the use case signature is execute(sessionId, userId, step, stepData) (4 args), but the v2 routes pass (userId, entityType, data, step, sessionId) (5 args, wrong order). The v1 routes at L983 and L1427 call it correctly. Additionally, v2 routes check result.isComplete but the use case returns { completed: true } -- so v2 authorize always reports "pending" even on success, and v2 entity reauthorize hangs with no response (no else branch).

frigg/packages/core/integrations/integration-router.js

Lines 1715 to 1730 in 134ab7a

	const result = await processAuthorizationStep.execute(
	userId,
	params.entityType,
	params.data,
	step,
	sessionId
	);
	if (result.isComplete) {
	res.json({
	status: 'complete',
	entity: result.entity,
	credential: result.credential,
	});
	} else {
	res.json({

frigg/packages/core/integrations/integration-router.js

Lines 2017 to 2030 in 134ab7a

	const result = await processAuthorizationStep.execute(
	userId,
	entity.type,
	params.data,
	step,
	sessionId
	);
	if (result.isComplete) {
	if (result.credential) {
	try {
	await credentialRepository.updateCredential(
	credential.id,
	{

frigg/packages/core/modules/use-cases/process-authorization-step.js

Line 55 in 134ab7a

async execute(sessionId, userId, step, stepData) {

2. prisma used as undeclared global in health-check-repository-mongodb.js -- pingDatabase() references bare prisma.$queryRaw and prisma.$runCommandRaw instead of this.prisma. This will throw ReferenceError on every health check ping for MongoDB deployments. Additionally, trying $queryRaw (SQL) first in a MongoDB-specific repository is semantically wrong -- the original this.prisma.$runCommandRaw({ ping: 1 }) was correct.

frigg/packages/core/database/repositories/health-check-repository-mongodb.js

Lines 48 to 60 in 134ab7a

	);
	// Race between the database ping and the timeout
	await Promise.race([
	prisma.$queryRaw`SELECT 1`.catch(() => {
	// For MongoDB, use runCommandRaw instead
	return prisma.$runCommandRaw({ ping: 1 });
	}),
	timeoutPromise,
	]);
	return Date.now() - pingStart;
	}

3. moduleDef.definition is undefined in production entity type routes -- getModulesDefinitionFromIntegrationClasses() returns raw Definition classes (each item IS the definition, with .moduleName directly on it). The route code then does moduleDef.definition which is undefined, causing TypeError: Cannot read properties of undefined on Definition.getDisplayName. Affects 6 routes (entity types, requirements).

frigg/packages/core/integrations/integration-router.js

Lines 1055 to 1062 in 134ab7a

	// Map module definitions to entity type format
	const types = moduleDefinitions.map((moduleDef) => {
	const Definition = moduleDef.definition;
	return {
	type: moduleDef.moduleName,
	name:
	typeof Definition.getDisplayName === 'function'

frigg/packages/core/integrations/utils/map-integration-dto.js

Lines 28 to 39 in 134ab7a

	...new Set(
	integrationClasses
	.map((integration) =>
	Object.values(integration.Definition.modules).map(
	(module) => module.definition
	)
	)
	.flat()
	),
	];
	};

4. console.log('oops') swallows error, then crashes on undefined.length -- In IndividualUser.js, getUserByUsername catches the DB error with console.log('oops'), leaving getByUser as undefined. The next line getByUser.length throws TypeError.

frigg/packages/core/database/models/IndividualUser.js

Lines 39 to 48 in 134ab7a

	getUserByUsername: async function (username) {
	let getByUser;
	try {
	getByUser = await this.find({ username });
	} catch (e) {
	console.log('oops');
	}
	if (getByUser.length > 1) {
	throw new Error(

5. Duplicated readyState key in getDatabaseConnectionState() -- the returned object has readyState defined twice (copy-paste error). Also loses fidelity: connecting (2) and disconnecting (3) states are coerced to 0 instead of their real values.

frigg/packages/core/database/repositories/health-check-repository-mongodb.js

Lines 31 to 36 in 134ab7a

	return {
	readyState: isConnected ? 1 : 0,
	readyState: isConnected ? 1 : 0,
	stateName,
	isConnected,
	};

6. HEALTHCHECK.md documents x-api-key header but code uses x-frigg-health-api-key -- all curl examples and Kubernetes probe configs in the doc use the wrong header name. Developers following the docs will get 401 errors.

frigg/packages/core/handlers/routers/HEALTHCHECK.md

Line 37 in 134ab7a

- Header: `x-api-key: YOUR_API_KEY`

frigg/packages/core/handlers/routers/health.js

Line 77 in 134ab7a

const apiKey = req.headers['x-frigg-health-api-key'];

7. admin.js handler makes 12 direct repository calls with inline business logic -- violates "Handlers NEVER call repositories directly" (CLAUDE.md Golden Rule #1). Includes password hashing (bcrypt.hash) at L199, pagination logic, duplicate-user checks, and entity filtering -- all in the handler instead of use cases.

frigg/packages/core/handlers/routers/admin.js

Lines 75 to 82 in 134ab7a

	const users = await userRepository.findAllUsers({
	skip,
	limit: parseInt(limit),
	sort,
	excludeFields: ['-hashword'], // Exclude password hash
	});
	const totalCount = await userRepository.countUsers();

frigg/packages/core/handlers/routers/admin.js

Lines 195 to 215 in 134ab7a

	});
	}
	// Hash password (using bcryptjs which is already imported)
	const hashword = await bcrypt.hash(password, 10);
	// Create user with admin-specified attributes
	const userData = {
	username,
	email,
	hashword,
	type,
	};
	// Add optional fields if provided
	if (appUserId) userData.appUserId = appUserId;
	if (organizationId) userData.organizationId = organizationId;
	const user = await userRepository.createIndividualUser(userData);
	// Remove sensitive fields

8. Mongoose model files introduced despite Prisma-first architecture -- new files IndividualUser.js, OrganizationUser.js, UserModel.js, WebsocketConnection.js use Mongoose schemas and models. The PR's own models/readme.md says "todo: we need to get rid of this entire models folder." These bypass the Prisma encryption extension, meaning sensitive fields (hashword, tokens) could be stored unencrypted.

frigg/packages/core/database/models/IndividualUser.js

Line 1 in 134ab7a

const { mongoose } = require('../mongoose');

frigg/packages/core/database/models/WebsocketConnection.js

Line 1 in 134ab7a

const { mongoose } = require('../mongoose');

9. WebsocketConnection.js model embeds AWS SDK and business logic -- the getActiveConnections static imports ApiGatewayManagementApiClient, makes HTTP calls, checks for 410 status, and deletes stale connections. This infrastructure + business logic in a Mongoose model violates hexagonal architecture (CLAUDE.md: "Repositories are pure data access -- No business logic").

frigg/packages/core/database/models/WebsocketConnection.js

Lines 3 to 36 in 134ab7a

	ApiGatewayManagementApiClient,
	PostToConnectionCommand,
	} = require('@aws-sdk/client-apigatewaymanagementapi');
	const schema = new mongoose.Schema({
	connectionId: { type: mongoose.Schema.Types.String },
	});
	// Add a static method to get active connections
	schema.statics.getActiveConnections = async function () {
	try {
	// Return empty array if websockets are not configured
	if (!process.env.WEBSOCKET_API_ENDPOINT) {
	return [];
	}
	const connections = await this.find({}, 'connectionId');
	return connections.map((conn) => ({
	connectionId: conn.connectionId,
	send: async (data) => {
	const apigwManagementApi = new ApiGatewayManagementApiClient({
	endpoint: process.env.WEBSOCKET_API_ENDPOINT,
	});
	try {
	const command = new PostToConnectionCommand({
	ConnectionId: conn.connectionId,
	Data: JSON.stringify(data),
	});
	await apigwManagementApi.send(command);
	} catch (error) {
	if (
	error.statusCode === 410 ||
	error.$metadata?.httpStatusCode === 410

10. registerEventHandlers() falsely marked as REMOVED in integration-base.js -- comment at L79 says "REMOVED: registerEventHandlers() -- Event handling is now done by IntegrationEventDispatcher" but the method is defined at L494, called from initialize() at L509, and depended on by the send() method. The old and new event systems run in parallel.

frigg/packages/core/integrations/integration-base.js

Line 79 in 134ab7a

// REMOVED: registerEventHandlers() - Event handling is now done by IntegrationEventDispatcher

---

Note: This review aligns with the 29 inline comments already left by @d-klotz -- none of those appear to have been addressed yet. The v2 route bugs (issues 1, 3) and the prisma scoping bug (issue 2) are the most critical as they will cause runtime failures on core auth and health check flows.

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}