Library Utilities
163 modules in backend/src/lib/ (as of 2026-06, excluding co-located tests), providing foundational building blocks used across services and routes. Most are stateless helpers, clients, and infrastructure components — but lib/ now also hosts the first domain modules (billing/, file-operations/), which under the persistence topology (I#2013 ) are the sole owners of Drizzle access for their domain. See Persistence Topology .
By Category
Authentication & Encryption
File Purpose auth.tsPassword hashing (argon2id via Bun.password.hash()), JWT creation tokens.tsToken generation (portal, magic link, 2FA) encryption.tsAES-256-GCM encryption (encryptToken/decryptToken)
Key: ENCRYPTION_KEY env var — see Authentication , HubSpot Integration for encrypted token storage.
Validation & Sanitization
File Purpose validation.tsShared Zod schemas sanitization-helpers.tsstrictTextField(), sanitizedLocalizedText(), optionalSanitizedLocalizedText()schema-validator.tsRuntime schema validation
See Validation Pattern for usage rules.
File Handling
File Purpose file-operations/Domain module — fulfillment/user/template file operations, collection synthesis, canonical chain (PR#1752 )file-operations.tsLegacy file operation helpers file-validation.tsFile type/size validation mime-validation.tsMIME type allowlist storage.tsS3/Tigris object storage client — the buffer-shaped uploadFile/downloadFile helpers are deprecated ; new code streams via FileService temp-file.tsTemporary file handling
Every file goes through CAS (files table is the single source of truth; entities reference via fileId FK). See Files .
Business Logic & Domain Modules
File Purpose billing/Domain module — invoice service, dunning/overdue/retry workers, interest calculator, line-item builder, accountingfunding-calculator.tsFunding amount calculations u-value-calculator.tsThermal transmittance (U-value) calculations contractor-commission.tsContractor commission calculation workflow/Workflow helpers
See Financial Calculations , Energy Calculations .
Access Control
File Purpose permissions.tsPermission definitions and checks ownership-guards.tsverifyProjectAccess(), verifyBuildingAccess(), verifyScenarioAccess()department-access.tsDepartment-scoped data access
Always use RBAC-aware functions from ownership-guards.ts. See RBAC Authorization .
External API Clients
Communication
Directory/File Purpose email/Email sending via Resend email-templates/Email template definitions sms/SMS via Bird (formerly MessageBird) notifications/Notification service + portal notifications
See Resend Email , MessageBird SMS , Notifications .
Infrastructure
File Purpose logger.ts, logger-factory.tsStructured logging cache.tsIn-memory caching redis/Redis client (Upstash REST in cloud, ioredis locally) distributed-lock.tsDistributed locking via Redis db-errors.tsSQLSTATE helpers (isUniqueViolation) — drizzle ≥0.44 wraps errors, so check error.cause, never error.code (PR#2005 ) transactions.tsTransaction helpers env.tsAPP_ENV / environment detectionerrors/Typed error classes (Sentry-aware base error) retry.tsRetry helpers
Background Jobs
Directory Purpose jobs/BullMQ job factory, config, schedulers, queues, processors/ (notifications, entra-sync, hubspot sync/webhooks/association-recon, billing, pdf-conversion, reminders, …)
All recurring/background work goes through BullMQ + Redis here — bare setInterval/in-process loops are forbidden (caught by quick-lint.sh). See Background Jobs .
Utilities
File Purpose pagination.tsCursor/offset pagination helpers sort.tsMulti-column sort builder search-utils.tsFull-text search helpers number-utils.tsNumber formatting pdf-generator.tsPDF document creation