npm - @514labs/moose-lib - Versions diffs - 0.6.457 → 0.6.458 - Mend

@514labs/moose-lib 0.6.457 → 0.6.458

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/browserCompatible.d.mts +1 -1
package/dist/browserCompatible.d.ts +1 -1
package/dist/browserCompatible.js +152 -85
package/dist/browserCompatible.js.map +1 -1
package/dist/browserCompatible.mjs +149 -85
package/dist/browserCompatible.mjs.map +1 -1
package/dist/dmv2/index.d.mts +1 -1
package/dist/dmv2/index.d.ts +1 -1
package/dist/dmv2/index.js +152 -85
package/dist/dmv2/index.js.map +1 -1
package/dist/dmv2/index.mjs +149 -85
package/dist/dmv2/index.mjs.map +1 -1
package/dist/{index-FbIy0gSU.d.mts → index-BkvEUvtm.d.mts} +107 -7
package/dist/{index-FbIy0gSU.d.ts → index-BkvEUvtm.d.ts} +107 -7
package/dist/index.d.mts +17 -15
package/dist/index.d.ts +17 -15
package/dist/index.js +223 -42
package/dist/index.js.map +1 -1
package/dist/index.mjs +216 -42
package/dist/index.mjs.map +1 -1
package/dist/moose-runner.js +337 -98
package/dist/moose-runner.js.map +1 -1
package/dist/moose-runner.mjs +339 -100
package/dist/moose-runner.mjs.map +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -395,13 +395,17 @@ var init_runtime = __esm({
         const envUseSSL = this._parseBool(
           this._env("MOOSE_CLICKHOUSE_CONFIG__USE_SSL")
         );
+        const envRlsUser = this._env("MOOSE_CLICKHOUSE_CONFIG__RLS_USER");
+        const envRlsPassword = this._env("MOOSE_CLICKHOUSE_CONFIG__RLS_PASSWORD");
         return {
           host: envHost ?? projectConfig.clickhouse_config.host,
           port: envPort ?? projectConfig.clickhouse_config.host_port.toString(),
           username: envUser ?? projectConfig.clickhouse_config.user,
           password: envPassword ?? projectConfig.clickhouse_config.password,
           database: envDb ?? projectConfig.clickhouse_config.db_name,
-          useSSL: envUseSSL !== void 0 ? envUseSSL : projectConfig.clickhouse_config.use_ssl || false
+          useSSL: envUseSSL !== void 0 ? envUseSSL : projectConfig.clickhouse_config.use_ssl || false,
+          rlsUser: envRlsUser ?? projectConfig.clickhouse_config.rls_user ?? void 0,
+          rlsPassword: envRlsPassword ?? projectConfig.clickhouse_config.rls_password ?? void 0
         };
       }
       async getStandaloneClickhouseConfig(overrides) {
@@ -416,6 +420,8 @@ var init_runtime = __esm({
         const envUseSSL = this._parseBool(
           this._env("MOOSE_CLICKHOUSE_CONFIG__USE_SSL")
         );
+        const envRlsUser = this._env("MOOSE_CLICKHOUSE_CONFIG__RLS_USER");
+        const envRlsPassword = this._env("MOOSE_CLICKHOUSE_CONFIG__RLS_PASSWORD");
         let projectConfig;
         try {
           projectConfig = await readProjectConfig();
@@ -436,7 +442,9 @@ var init_runtime = __esm({
           username: overrides?.username ?? envUser ?? projectConfig?.clickhouse_config.user ?? defaults.username,
           password: overrides?.password ?? envPassword ?? projectConfig?.clickhouse_config.password ?? defaults.password,
           database: overrides?.database ?? envDb ?? projectConfig?.clickhouse_config.db_name ?? defaults.database,
-          useSSL: overrides?.useSSL ?? envUseSSL ?? projectConfig?.clickhouse_config.use_ssl ?? defaults.useSSL
+          useSSL: overrides?.useSSL ?? envUseSSL ?? projectConfig?.clickhouse_config.use_ssl ?? defaults.useSSL,
+          rlsUser: envRlsUser ?? projectConfig?.clickhouse_config.rls_user ?? void 0,
+          rlsPassword: envRlsPassword ?? projectConfig?.clickhouse_config.rls_password ?? void 0
         };
       }
       async getKafkaConfig() {
@@ -494,6 +502,9 @@ __export(index_exports, {
   MAX_RETRIES: () => MAX_RETRIES,
   MAX_RETRIES_PRODUCER: () => MAX_RETRIES_PRODUCER,
   MAX_RETRY_TIME_MS: () => MAX_RETRY_TIME_MS,
+  MOOSE_RLS_ROLE: () => MOOSE_RLS_ROLE,
+  MOOSE_RLS_SETTING_PREFIX: () => MOOSE_RLS_SETTING_PREFIX,
+  MOOSE_RLS_USER: () => MOOSE_RLS_USER,
   MOOSE_RUNTIME_ENV_PREFIX: () => MOOSE_RUNTIME_ENV_PREFIX,
   MaterializedView: () => MaterializedView,
   MooseCache: () => MooseCache,
@@ -502,6 +513,7 @@ __export(index_exports, {
   QueryClient: () => QueryClient,
   RETRY_FACTOR_PRODUCER: () => RETRY_FACTOR_PRODUCER,
   RETRY_INITIAL_TIME_MS: () => RETRY_INITIAL_TIME_MS,
+  SelectRowPolicy: () => SelectRowPolicy,
   Sql: () => Sql,
   SqlResource: () => SqlResource,
   Stream: () => Stream,
@@ -517,6 +529,7 @@ __export(index_exports, {
   avg: () => avg,
   between: () => between,
   buildQuery: () => buildQuery,
+  buildRowPolicyOptionsFromClaims: () => buildRowPolicyOptionsFromClaims,
   cliLog: () => cliLog,
   columnsFromTable: () => columnsFromTable,
   compilerLog: () => compilerLog,
@@ -547,6 +560,8 @@ __export(index_exports, {
   getMooseClients: () => getMooseClients,
   getMooseUtils: () => getMooseUtils,
   getMooseUtilsFromRequest: () => getMooseUtilsFromRequest,
+  getSelectRowPolicies: () => getSelectRowPolicies,
+  getSelectRowPolicy: () => getSelectRowPolicy,
   getSqlResource: () => getSqlResource,
   getSqlResources: () => getSqlResources,
   getStream: () => getStream,
@@ -934,7 +949,8 @@ function createRegistryFrom(existing) {
     workflows: toTrackingMap(existing?.workflows),
     webApps: toTrackingMap(existing?.webApps),
     materializedViews: toTrackingMap(existing?.materializedViews),
-    views: toTrackingMap(existing?.views)
+    views: toTrackingMap(existing?.views),
+    selectRowPolicies: toTrackingMap(existing?.selectRowPolicies)
   };
 }
 var moose_internal = {
@@ -970,7 +986,11 @@ var moose_internal = {
     void 0,
     markRegistryMutated
   ),
-  views: new MutationTrackingMap(void 0, markRegistryMutated)
+  views: new MutationTrackingMap(void 0, markRegistryMutated),
+  selectRowPolicies: new MutationTrackingMap(
+    void 0,
+    markRegistryMutated
+  )
 };
 var defaultRetentionPeriod = 60 * 60 * 24 * 7;
 var initializeMooseInternalRegistry = () => {
@@ -1001,6 +1021,7 @@ var loadIndex = async () => {
   registry.webApps.clear();
   registry.materializedViews.clear();
   registry.views.clear();
+  registry.selectRowPolicies.clear();
   const outDir = getOutDir();
   const compiledDir = path4.isAbsolute(outDir) ? outDir : path4.join(import_process.default.cwd(), outDir);
   Object.keys(require.cache).forEach((key) => {
@@ -1401,10 +1422,7 @@ var OlapTable = class extends TypedBase {
     }
     tables.set(registryKey, this);
   }
-  /**
-   * Generates the versioned table name following Moose's naming convention
-   * Format: {tableName}_{version_with_dots_replaced_by_underscores}
-   */
+  /** @internal Returns the versioned ClickHouse table name (e.g., "events_1_0_0") */
   generateTableName() {
     if (this._cachedTableName) {
       return this._cachedTableName;
@@ -3113,6 +3131,47 @@ var View = class {
   }
 };
+// src/dmv2/sdk/selectRowPolicy.ts
+var SelectRowPolicy = class {
+  /** @internal */
+  kind = "SelectRowPolicy";
+  /** The name of the row policy */
+  name;
+  /** The policy configuration */
+  config;
+  constructor(name, config) {
+    if (!name.trim()) {
+      throw new Error("SelectRowPolicy name must not be empty");
+    }
+    if (!config.tables.length) {
+      throw new Error(`SelectRowPolicy '${name}': tables must not be empty`);
+    }
+    if (!config.column.trim()) {
+      throw new Error(`SelectRowPolicy '${name}': column must not be empty`);
+    }
+    if (!config.claim.trim()) {
+      throw new Error(`SelectRowPolicy '${name}': claim must not be empty`);
+    }
+    this.name = name;
+    this.config = Object.freeze({
+      ...config,
+      tables: Object.freeze([...config.tables])
+    });
+    const selectRowPolicies = getMooseInternal().selectRowPolicies;
+    if (!isClientOnlyMode() && selectRowPolicies.has(this.name)) {
+      throw new Error(`SelectRowPolicy with name ${this.name} already exists`);
+    }
+    selectRowPolicies.set(this.name, this);
+  }
+  /** Resolved table references for serialization */
+  get tableRefs() {
+    return this.config.tables.map((t) => ({
+      name: t.generateTableName(),
+      ...t.config.database ? { database: t.config.database } : {}
+    }));
+  }
+};
 // src/dmv2/sdk/lifeCycle.ts
 var LifeCycle = /* @__PURE__ */ ((LifeCycle2) => {
   LifeCycle2["FULLY_MANAGED"] = "FULLY_MANAGED";
@@ -3324,6 +3383,12 @@ function getViews() {
 function getView(name) {
   return getMooseInternal().views.get(name);
 }
+function getSelectRowPolicies() {
+  return getMooseInternal().selectRowPolicies;
+}
+function getSelectRowPolicy(name) {
+  return getMooseInternal().selectRowPolicies.get(name);
+}
 // src/index.ts
 init_commons();
@@ -3399,12 +3464,27 @@ var MooseClient = class {
     this.workflow = new WorkflowClient(temporalClient);
   }
 };
+var MOOSE_RLS_ROLE = "moose_rls_role";
+var MOOSE_RLS_USER = "moose_rls_user";
+var MOOSE_RLS_SETTING_PREFIX = "SQL_moose_rls_";
+function buildRowPolicyOptionsFromClaims(config, claims) {
+  const clickhouse_settings = /* @__PURE__ */ Object.create(null);
+  for (const [settingName, claimName] of Object.entries(config)) {
+    const value = claims[claimName];
+    if (value !== void 0 && value !== null) {
+      clickhouse_settings[settingName] = String(value);
+    }
+  }
+  return { role: MOOSE_RLS_ROLE, clickhouse_settings };
+}
 var QueryClient = class {
   client;
   query_id_prefix;
-  constructor(client, query_id_prefix) {
+  rowPolicyOptions;
+  constructor(client, query_id_prefix, rowPolicyOptions) {
     this.client = client;
     this.query_id_prefix = query_id_prefix;
+    this.rowPolicyOptions = rowPolicyOptions;
   }
   async execute(sql3) {
     const [query, query_params] = toQuery(sql3);
@@ -3419,7 +3499,11 @@ var QueryClient = class {
       // where response buffering would harm streaming performance and concurrency
       clickhouse_settings: {
         asterisk_include_materialized_columns: 1,
-        asterisk_include_alias_columns: 1
+        asterisk_include_alias_columns: 1,
+        ...this.rowPolicyOptions?.clickhouse_settings
+      },
+      ...this.rowPolicyOptions && {
+        role: this.rowPolicyOptions.role
       }
     });
     const elapsedMs = import_perf_hooks.performance.now() - start;
@@ -3872,58 +3956,148 @@ var MooseCache = class _MooseCache {
 // src/consumption-apis/standalone.ts
 init_commons();
+var import_node_async_hooks = require("async_hooks");
+var requestContextStorage = new import_node_async_hooks.AsyncLocalStorage();
+function isLegacyRequestArg(arg) {
+  if (arg === null || typeof arg !== "object") return false;
+  const obj = arg;
+  return "method" in obj || "url" in obj || "headers" in obj;
+}
+function getRowPoliciesConfigFromRegistry() {
+  const policies = getSelectRowPolicies();
+  if (policies.size === 0) return void 0;
+  const config = /* @__PURE__ */ Object.create(null);
+  for (const policy of policies.values()) {
+    config[`${MOOSE_RLS_SETTING_PREFIX}${policy.config.column}`] = policy.config.claim;
+  }
+  return config;
+}
 var standaloneUtils = null;
 var initPromise2 = null;
+var standaloneRlsClient = null;
+var standaloneClickhouseConfig = null;
 var toClientConfig = (config) => ({
   ...config,
   useSSL: config.useSSL ? "true" : "false"
 });
-async function getMooseUtils(req) {
-  if (req !== void 0) {
+async function getMooseUtils(options) {
+  if (options !== void 0 && isLegacyRequestArg(options)) {
     console.warn(
-      "[DEPRECATED] getMooseUtils(req) no longer requires a request parameter. Use getMooseUtils() instead."
+      "[DEPRECATED] getMooseUtils(req) no longer requires a request parameter. Use getMooseUtils() instead, or getMooseUtils({ rlsContext }) for row policies."
     );
+    options = void 0;
   }
   const runtimeContext = globalThis._mooseRuntimeContext;
   if (runtimeContext) {
-    return {
-      client: runtimeContext.client,
-      sql,
-      jwt: runtimeContext.jwt
-    };
+    return resolveRuntimeUtils(runtimeContext, options);
   }
-  if (standaloneUtils) {
-    return standaloneUtils;
+  await ensureStandaloneInit();
+  if (options?.rlsContext) {
+    return createStandaloneRlsUtils(options.rlsContext);
   }
-  if (initPromise2) {
-    return initPromise2;
-  }
-  initPromise2 = (async () => {
-    await Promise.resolve().then(() => (init_runtime(), runtime_exports));
-    const configRegistry = globalThis._mooseConfigRegistry;
-    if (!configRegistry) {
+  return standaloneUtils;
+}
+function resolveRuntimeUtils(runtimeContext, options) {
+  const reqCtx = requestContextStorage.getStore();
+  const jwt = reqCtx?.jwt ?? runtimeContext.jwt;
+  let rowPolicyOpts;
+  if (options?.rlsContext) {
+    if (!runtimeContext.rowPoliciesConfig) {
       throw new Error(
-        "Moose not initialized. Ensure you're running within a Moose app or have proper configuration set up."
+        "rlsContext was provided but no row policies are configured. Define at least one SelectRowPolicy before using rlsContext."
       );
     }
-    const clickhouseConfig = await configRegistry.getStandaloneClickhouseConfig();
-    const clickhouseClient = getClickhouseClient(
-      toClientConfig(clickhouseConfig)
+    rowPolicyOpts = buildRowPolicyOptionsFromClaims(
+      runtimeContext.rowPoliciesConfig,
+      options.rlsContext
     );
-    const queryClient = new QueryClient(clickhouseClient, "standalone");
-    const mooseClient = new MooseClient(queryClient);
-    standaloneUtils = {
-      client: mooseClient,
+  } else {
+    rowPolicyOpts = reqCtx?.rowPolicyOpts;
+  }
+  if (rowPolicyOpts) {
+    const rlsClient = runtimeContext.rlsClickhouseClient ?? runtimeContext.clickhouseClient;
+    const scopedQueryClient = new QueryClient(
+      rlsClient,
+      "rls-scoped",
+      rowPolicyOpts
+    );
+    return {
+      client: new MooseClient(scopedQueryClient, runtimeContext.temporalClient),
       sql,
-      jwt: void 0
+      jwt
     };
-    return standaloneUtils;
-  })();
-  try {
-    return await initPromise2;
-  } finally {
-    initPromise2 = null;
   }
+  return {
+    client: runtimeContext.client,
+    sql,
+    jwt
+  };
+}
+async function ensureStandaloneInit() {
+  if (standaloneUtils) return;
+  if (!initPromise2) {
+    initPromise2 = (async () => {
+      await Promise.resolve().then(() => (init_runtime(), runtime_exports));
+      const configRegistry = globalThis._mooseConfigRegistry;
+      if (!configRegistry) {
+        throw new Error(
+          "Moose not initialized. Ensure you're running within a Moose app or have proper configuration set up."
+        );
+      }
+      const clickhouseConfig = await configRegistry.getStandaloneClickhouseConfig();
+      standaloneClickhouseConfig = clickhouseConfig;
+      const clickhouseClient = getClickhouseClient(
+        toClientConfig(clickhouseConfig)
+      );
+      const queryClient = new QueryClient(clickhouseClient, "standalone");
+      const mooseClient = new MooseClient(queryClient);
+      standaloneUtils = {
+        client: mooseClient,
+        sql,
+        jwt: void 0
+      };
+      return standaloneUtils;
+    })();
+    try {
+      await initPromise2;
+    } finally {
+      initPromise2 = null;
+    }
+  } else {
+    await initPromise2;
+  }
+}
+function createStandaloneRlsUtils(rlsContext) {
+  const rowPoliciesConfig = getRowPoliciesConfigFromRegistry();
+  if (!rowPoliciesConfig) {
+    throw new Error(
+      "rlsContext was provided but no SelectRowPolicy primitives are registered. Define at least one SelectRowPolicy before using rlsContext."
+    );
+  }
+  if (!standaloneRlsClient && standaloneClickhouseConfig) {
+    standaloneRlsClient = getClickhouseClient(
+      toClientConfig({
+        ...standaloneClickhouseConfig,
+        username: standaloneClickhouseConfig.rlsUser ?? MOOSE_RLS_USER,
+        password: standaloneClickhouseConfig.rlsPassword ?? standaloneClickhouseConfig.password
+      })
+    );
+  }
+  const rowPolicyOpts = buildRowPolicyOptionsFromClaims(
+    rowPoliciesConfig,
+    rlsContext
+  );
+  const rlsClient = standaloneRlsClient ?? standaloneUtils.client.query.client;
+  const scopedQueryClient = new QueryClient(
+    rlsClient,
+    "rls-scoped",
+    rowPolicyOpts
+  );
+  return {
+    client: new MooseClient(scopedQueryClient),
+    sql,
+    jwt: void 0
+  };
 }
 async function getMooseClients(config) {
   console.warn(
@@ -4966,6 +5140,9 @@ function createQueryHandler(config) {
   MAX_RETRIES,
   MAX_RETRIES_PRODUCER,
   MAX_RETRY_TIME_MS,
+  MOOSE_RLS_ROLE,
+  MOOSE_RLS_SETTING_PREFIX,
+  MOOSE_RLS_USER,
   MOOSE_RUNTIME_ENV_PREFIX,
   MaterializedView,
   MooseCache,
@@ -4974,6 +5151,7 @@ function createQueryHandler(config) {
   QueryClient,
   RETRY_FACTOR_PRODUCER,
   RETRY_INITIAL_TIME_MS,
+  SelectRowPolicy,
   Sql,
   SqlResource,
   Stream,
@@ -4989,6 +5167,7 @@ function createQueryHandler(config) {
   avg,
   between,
   buildQuery,
+  buildRowPolicyOptionsFromClaims,
   cliLog,
   columnsFromTable,
   compilerLog,
@@ -5019,6 +5198,8 @@ function createQueryHandler(config) {
   getMooseClients,
   getMooseUtils,
   getMooseUtilsFromRequest,
+  getSelectRowPolicies,
+  getSelectRowPolicy,
   getSqlResource,
   getSqlResources,
   getStream,