feat(thalos-dal): add runtime provider and repository wiring

src/Thalos.DAL/Adapters/IdentityDalGrpcContractAdapter.cs

@@ -0,0 +1,47 @@
+using Core.Blueprint.Common.Runtime;
+using Thalos.DAL.Contracts;
+using Thalos.DAL.Grpc;
+
+namespace Thalos.DAL.Adapters;
+
+/// <summary>
+/// Default adapter implementation for DAL gRPC contract translation.
+/// </summary>
+public sealed class IdentityDalGrpcContractAdapter(IBlueprintSystemClock clock) : IIdentityDalGrpcContractAdapter
+{
+    /// <inheritdoc />
+    public IdentityPolicyDalGrpcContract ToGrpcPolicyRequest(IdentityPolicyLookupRequest request)
+    {
+        return new IdentityPolicyDalGrpcContract(request.SubjectId, request.TenantId, request.PermissionCode);
+    }
+
+    /// <inheritdoc />
+    public IdentityPolicyLookupRequest FromGrpcPolicyRequest(IdentityPolicyDalGrpcContract contract)
+    {
+        return new IdentityPolicyLookupRequest(
+            CreateEnvelope(),
+            contract.SubjectId,
+            contract.TenantId,
+            contract.PermissionCode);
+    }
+
+    /// <inheritdoc />
+    public IdentityTokenDalGrpcContract ToGrpcTokenRequest(IdentityTokenLookupRequest request)
+    {
+        return new IdentityTokenDalGrpcContract(request.SubjectId, request.TenantId);
+    }
+
+    /// <inheritdoc />
+    public IdentityTokenLookupRequest FromGrpcTokenRequest(IdentityTokenDalGrpcContract contract)
+    {
+        return new IdentityTokenLookupRequest(
+            CreateEnvelope(),
+            contract.SubjectId,
+            contract.TenantId);
+    }
+
+    private IdentityContractEnvelope CreateEnvelope()
+    {
+        return new IdentityContractEnvelope("1.0.0", $"corr-{clock.UtcNow:yyyyMMddHHmmssfff}");
+    }
+}

src/Thalos.DAL/DependencyInjection/ThalosDalServiceCollectionExtensions.cs

@@ -0,0 +1,38 @@
+using Core.Blueprint.Common.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Thalos.DAL.Adapters;
+using Thalos.DAL.Health;
+using Thalos.DAL.Providers;
+using Thalos.DAL.Providers.InMemory;
+using Thalos.DAL.Repositories;
+
+namespace Thalos.DAL.DependencyInjection;
+
+/// <summary>
+/// Registers thalos dal runtime provider, repository, and adapter implementations.
+/// </summary>
+public static class ThalosDalServiceCollectionExtensions
+{
+    /// <summary>
+    /// Adds thalos dal runtime implementations aligned with blueprint runtime core.
+    /// </summary>
+    /// <param name="services">Service collection.</param>
+    /// <returns>Service collection for fluent chaining.</returns>
+    public static IServiceCollection AddThalosDalRuntime(this IServiceCollection services)
+    {
+        services.AddBlueprintRuntimeCore();
+
+        services.TryAddSingleton<IUserDataProvider, InMemoryUserDataProvider>();
+        services.TryAddSingleton<IRoleDataProvider, InMemoryRoleDataProvider>();
+        services.TryAddSingleton<IPermissionDataProvider, InMemoryPermissionDataProvider>();
+        services.TryAddSingleton<IModuleDataProvider, InMemoryModuleDataProvider>();
+        services.TryAddSingleton<ITenantDataProvider, InMemoryTenantDataProvider>();
+
+        services.TryAddSingleton<IIdentityRepository, IdentityRepository>();
+        services.TryAddSingleton<IIdentityDalGrpcContractAdapter, IdentityDalGrpcContractAdapter>();
+        services.TryAddSingleton<IDalDependencyHealthCheck, DalDependencyHealthCheck>();
+
+        return services;
+    }
+}

src/Thalos.DAL/Health/DalDependencyHealthCheck.cs

@@ -0,0 +1,27 @@
+using Core.Blueprint.Common.Runtime;
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Health;
+
+/// <summary>
+/// Default DAL dependency health check implementation.
+/// </summary>
+public sealed class DalDependencyHealthCheck(IBlueprintSystemClock clock) : IDalDependencyHealthCheck
+{
+    /// <inheritdoc />
+    public Task<DalDependencyHealthStatus> CheckAsync(CancellationToken cancellationToken = default)
+    {
+        var envelope = new IdentityContractEnvelope("1.0.0", $"corr-{clock.UtcNow:yyyyMMddHHmmssfff}");
+        IReadOnlyList<string> dependencyNames =
+        [
+            "IUserDataProvider",
+            "IRoleDataProvider",
+            "IPermissionDataProvider",
+            "IModuleDataProvider",
+            "ITenantDataProvider"
+        ];
+
+        var status = new DalDependencyHealthStatus(envelope, true, dependencyNames);
+        return Task.FromResult(status);
+    }
+}

src/Thalos.DAL/Providers/InMemory/InMemoryModuleDataProvider.cs

@@ -0,0 +1,22 @@
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Providers.InMemory;
+
+/// <summary>
+/// In-memory provider for identity module lookup contracts.
+/// </summary>
+public sealed class InMemoryModuleDataProvider : IModuleDataProvider
+{
+    /// <inheritdoc />
+    public Task<IReadOnlyList<IdentityModuleRecord>> ReadModulesAsync(
+        IdentityModuleLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        IReadOnlyList<IdentityModuleRecord> records =
+        [
+            new IdentityModuleRecord(request.Envelope, "identity", true)
+        ];
+
+        return Task.FromResult(records);
+    }
+}

src/Thalos.DAL/Providers/InMemory/InMemoryPermissionDataProvider.cs

@@ -0,0 +1,23 @@
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Providers.InMemory;
+
+/// <summary>
+/// In-memory provider for identity permission lookup contracts.
+/// </summary>
+public sealed class InMemoryPermissionDataProvider : IPermissionDataProvider
+{
+    /// <inheritdoc />
+    public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
+        IdentityPermissionSetLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        IReadOnlyList<IdentityPermissionRecord> records =
+        [
+            new IdentityPermissionRecord(request.Envelope, "identity.token.issue", "identity.admin"),
+            new IdentityPermissionRecord(request.Envelope, "identity.policy.evaluate", "identity.admin")
+        ];
+
+        return Task.FromResult(records);
+    }
+}

src/Thalos.DAL/Providers/InMemory/InMemoryRoleDataProvider.cs

@@ -0,0 +1,22 @@
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Providers.InMemory;
+
+/// <summary>
+/// In-memory provider for identity role lookup contracts.
+/// </summary>
+public sealed class InMemoryRoleDataProvider : IRoleDataProvider
+{
+    /// <inheritdoc />
+    public Task<IReadOnlyList<IdentityRoleRecord>> ReadRolesAsync(
+        IdentityRoleLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        IReadOnlyList<IdentityRoleRecord> records =
+        [
+            new IdentityRoleRecord(request.Envelope, "identity.admin", request.TenantId)
+        ];
+
+        return Task.FromResult(records);
+    }
+}

src/Thalos.DAL/Providers/InMemory/InMemoryTenantDataProvider.cs

@@ -0,0 +1,23 @@
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Providers.InMemory;
+
+/// <summary>
+/// In-memory provider for identity tenant lookup contracts.
+/// </summary>
+public sealed class InMemoryTenantDataProvider : ITenantDataProvider
+{
+    /// <inheritdoc />
+    public Task<IdentityTenantRecord?> ReadTenantAsync(
+        IdentityTenantLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        var record = new IdentityTenantRecord(
+            request.Envelope,
+            request.TenantId,
+            $"tenant-{request.TenantId}",
+            true);
+
+        return Task.FromResult<IdentityTenantRecord?>(record);
+    }
+}

src/Thalos.DAL/Providers/InMemory/InMemoryUserDataProvider.cs

@@ -0,0 +1,28 @@
+using Thalos.DAL.Contracts;
+
+namespace Thalos.DAL.Providers.InMemory;
+
+/// <summary>
+/// In-memory provider for identity user lookup contracts.
+/// </summary>
+public sealed class InMemoryUserDataProvider : IUserDataProvider
+{
+    /// <inheritdoc />
+    public Task<IdentityUserRecord?> ReadUserAsync(
+        IdentityUserLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        if (request.SubjectId.StartsWith("missing-", StringComparison.OrdinalIgnoreCase))
+        {
+            return Task.FromResult<IdentityUserRecord?>(null);
+        }
+
+        var record = new IdentityUserRecord(
+            request.Envelope,
+            request.SubjectId,
+            "tenant-default",
+            "active");
+
+        return Task.FromResult<IdentityUserRecord?>(record);
+    }
+}

src/Thalos.DAL/Repositories/IdentityRepository.cs

@@ -0,0 +1,52 @@
+using Thalos.DAL.Contracts;
+using Thalos.DAL.Providers;
+
+namespace Thalos.DAL.Repositories;
+
+/// <summary>
+/// Default identity repository implementation composed from DAL providers.
+/// </summary>
+public sealed class IdentityRepository(
+    IUserDataProvider userDataProvider,
+    IPermissionDataProvider permissionDataProvider) : IIdentityRepository
+{
+    /// <inheritdoc />
+    public async Task<IdentityTokenRecord?> ReadIdentityTokenAsync(
+        IdentityTokenLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        var userRequest = new IdentityUserLookupRequest(request.Envelope, request.SubjectId);
+        var userRecord = await userDataProvider.ReadUserAsync(userRequest, cancellationToken);
+        if (userRecord is null)
+        {
+            return null;
+        }
+
+        var token = $"{request.SubjectId}:{request.TenantId}:token";
+        return new IdentityTokenRecord(request.Envelope, request.SubjectId, request.TenantId, token, 1800);
+    }
+
+    /// <inheritdoc />
+    public async Task<IdentityPolicyRecord?> ReadIdentityPolicyAsync(
+        IdentityPolicyLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        var userRequest = new IdentityUserLookupRequest(request.Envelope, request.SubjectId);
+        var userRecord = await userDataProvider.ReadUserAsync(userRequest, cancellationToken);
+        if (userRecord is null)
+        {
+            return null;
+        }
+
+        var contextSatisfied = string.Equals(userRecord.Status, "active", StringComparison.OrdinalIgnoreCase);
+        return new IdentityPolicyRecord(request.Envelope, request.SubjectId, request.PermissionCode, contextSatisfied);
+    }
+
+    /// <inheritdoc />
+    public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionSetAsync(
+        IdentityPermissionSetLookupRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        return permissionDataProvider.ReadPermissionsAsync(request, cancellationToken);
+    }
+}

src/Thalos.DAL/Thalos.DAL.csproj

@@ -5,6 +5,7 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
     <ProjectReference Include="..\..\..\blueprint-platform\src\Core.Blueprint.Common\Core.Blueprint.Common.csproj" />
   </ItemGroup>
 </Project>

tests/Thalos.DAL.UnitTests/RuntimeWiringTests.cs

@@ -0,0 +1,65 @@
+using Microsoft.Extensions.DependencyInjection;
+using Thalos.DAL.Adapters;
+using Thalos.DAL.Contracts;
+using Thalos.DAL.DependencyInjection;
+using Thalos.DAL.Health;
+using Thalos.DAL.Repositories;
+
+namespace Thalos.DAL.UnitTests;
+
+public class RuntimeWiringTests
+{
+    [Fact]
+    public async Task AddThalosDalRuntime_WhenResolved_WiresRepositoryAndProviders()
+    {
+        var services = new ServiceCollection();
+        services.AddThalosDalRuntime();
+
+        using var provider = services.BuildServiceProvider();
+        var repository = provider.GetRequiredService<IIdentityRepository>();
+        var request = new IdentityTokenLookupRequest(
+            new IdentityContractEnvelope("1.0.0", "corr-123"),
+            "user-1",
+            "tenant-1");
+
+        var response = await repository.ReadIdentityTokenAsync(request);
+
+        Assert.NotNull(response);
+        Assert.Equal("user-1", response.SubjectId);
+        Assert.Equal("tenant-1", response.TenantId);
+        Assert.Equal(1800, response.ExpiresInSeconds);
+    }
+
+    [Fact]
+    public void AddThalosDalRuntime_WhenResolved_WiresGrpcContractAdapter()
+    {
+        var services = new ServiceCollection();
+        services.AddThalosDalRuntime();
+
+        using var provider = services.BuildServiceProvider();
+        var adapter = provider.GetRequiredService<IIdentityDalGrpcContractAdapter>();
+        var grpcContract = new Thalos.DAL.Grpc.IdentityTokenDalGrpcContract("user-2", "tenant-2");
+
+        var request = adapter.FromGrpcTokenRequest(grpcContract);
+
+        Assert.Equal("user-2", request.SubjectId);
+        Assert.Equal("tenant-2", request.TenantId);
+        Assert.NotEmpty(request.Envelope.CorrelationId);
+    }
+
+    [Fact]
+    public async Task AddThalosDalRuntime_WhenResolved_WiresDependencyHealthCheck()
+    {
+        var services = new ServiceCollection();
+        services.AddThalosDalRuntime();
+
+        using var provider = services.BuildServiceProvider();
+        var healthCheck = provider.GetRequiredService<IDalDependencyHealthCheck>();
+
+        var status = await healthCheck.CheckAsync();
+
+        Assert.True(status.IsHealthy);
+        Assert.Contains("IUserDataProvider", status.DependencyNames);
+        Assert.Contains("IPermissionDataProvider", status.DependencyNames);
+    }
+}

tests/Thalos.DAL.UnitTests/Thalos.DAL.UnitTests.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.4" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="10.0.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
     <PackageReference Include="xunit" Version="2.9.3" />
     <PackageReference Include="xunit.runner.visualstudio" Version="3.1.4" />