refactor: enforce password min-length via domain Password value object

crates/domain/src/tests/value_objects.rs

@@ -139,3 +139,22 @@ fn poster_url_valid() {
 fn poster_url_empty_rejected() {
     assert!(PosterUrl::new("".into()).is_err());
 }
+
+#[test]
+fn password_min_length_enforced() {
+    assert!(Password::new("short".to_string()).is_err());
+    assert!(Password::new("1234567".to_string()).is_err()); // 7 chars
+}
+
+#[test]
+fn password_valid_at_eight_chars() {
+    let p = Password::new("12345678".to_string());
+    assert!(p.is_ok());
+    assert_eq!(p.unwrap().value(), "12345678");
+}
+
+#[test]
+fn password_value_preserves_content() {
+    let raw = "supersecret!".to_string();
+    assert_eq!(Password::new(raw.clone()).unwrap().value(), raw);
+}

crates/domain/src/value_objects.rs

@@ -252,6 +252,27 @@ impl PosterUrl {
     }
 }
 
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct Password(String);
+
+impl Password {
+    const MIN_LENGTH: usize = 8;
+
+    pub fn new(raw: String) -> Result<Self, DomainError> {
+        if raw.len() < Self::MIN_LENGTH {
+            Err(DomainError::ValidationError(
+                "Password must be at least 8 characters".into(),
+            ))
+        } else {
+            Ok(Self(raw))
+        }
+    }
+
+    pub fn value(&self) -> &str {
+        &self.0
+    }
+}
+
 #[cfg(test)]
 #[path = "tests/value_objects.rs"]
 mod tests;