npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.14.0 → 0.15.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

package/src/custom-fields/__tests__/retention.integration.ts CHANGED Viewed

@@ -9,7 +9,9 @@
 // The reference timestamp is the host row's `modified_at`, not a per-key
 // timestamp — see run-retention.ts header for the rationale.
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import {
   createEntity,
   createEntityExecutor,
@@ -25,8 +27,6 @@ import {
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
 import { z } from "zod";
 import { fieldDefinitionEntity } from "../entity";
 import { createCustomFieldsFeature } from "../feature";
@@ -40,7 +40,7 @@ const propertyEntity = createEntity({
     customFields: customFieldsField(),
   },
 });
-const propertyTable = buildDrizzleTable("property", propertyEntity);
+const propertyTable = buildEntityTable("property", propertyEntity);
 const propertyFeature = defineFeature("property-t15d", (r) => {
   r.entity("property", propertyEntity);
@@ -81,8 +81,8 @@ afterAll(async () => {
 beforeEach(async () => {
   await resetEventStore(stack);
-  await stack.db.execute(sql`DELETE FROM read_t15d_properties`);
-  await stack.db.execute(sql`DELETE FROM read_custom_field_definitions`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_t15d_properties`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_custom_field_definitions`);
 });
 async function defineField(fieldKey: string, serializedField: Record<string, unknown>) {
@@ -116,14 +116,16 @@ async function setField(entityId: string, fieldKey: string, value: unknown) {
 // older than the retention cutoff. Faster than waiting `keepFor` real
 // time and the cleanest way to drive the cron under test.
 async function backdateRow(id: string, isoOlderThan: string) {
-  await stack.db.execute(
-    sql`UPDATE read_t15d_properties SET modified_at = ${isoOlderThan}::timestamptz WHERE id = ${id}`,
+  await asRawClient(stack.db).unsafe(
+    `UPDATE read_t15d_properties SET modified_at = $1::timestamptz WHERE id = $2`,
+    [isoOlderThan, id],
   );
 }
 async function readRow(id: string): Promise<Record<string, unknown> | undefined> {
-  const rows = await stack.db.execute(
-    sql`SELECT id, custom_fields FROM read_t15d_properties WHERE id = ${id}`,
+  const rows = await asRawClient(stack.db).unsafe(
+    `SELECT id, custom_fields FROM read_t15d_properties WHERE id = $1`,
+    [id],
   );
   return (rows as ReadonlyArray<Record<string, unknown>>)[0];
 }

package/src/custom-fields/__tests__/user-data-rights.integration.ts CHANGED Viewed

@@ -14,7 +14,9 @@
 //   * Forget strategy=delete: no-op — the host entity's own user-data-
 //     rights hook handles the row delete, jsonb travels with the row.
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import {
   createEntity,
   createEntityExecutor,
@@ -32,8 +34,6 @@ import {
   type TestStack,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
 import { z } from "zod";
 import { createComplianceProfilesFeature } from "../../compliance-profiles";
 import { createDataRetentionFeature } from "../../data-retention";
@@ -52,17 +52,20 @@ const propertyEntity = createEntity({
     customFields: customFieldsField(),
   },
 });
-const propertyTable = buildDrizzleTable("property", propertyEntity);
+const propertyTable = buildEntityTable("property", propertyEntity);
 // Host entity gets its own EXT_USER_DATA-registration too — that's the
 // canonical setup (host bundle handles row-anonymize/delete, custom-fields
 // adds its strip-sensitive-jsonb layer on top). Both hooks fire in the
 // same cleanup-run.
 const hostExportHook: UserDataExportHook = async (ctx) => {
-  const rows = await ctx.db.execute(sql`
+  const rows = await asRawClient(ctx.db).unsafe(
+    `
     SELECT id, name FROM read_t15c_properties
-    WHERE inserted_by_id = ${ctx.userId} AND tenant_id = ${ctx.tenantId}
-  `);
+    WHERE inserted_by_id = $1 AND tenant_id = $2
+  `,
+    [ctx.userId, ctx.tenantId],
+  );
   const list = rows as ReadonlyArray<Record<string, unknown>>;
   if (list.length === 0) return null;
   return {
@@ -73,16 +76,22 @@ const hostExportHook: UserDataExportHook = async (ctx) => {
 const hostDeleteHook: UserDataDeleteHook = async (ctx, strategy) => {
   if (strategy === "delete") {
-    await ctx.db.execute(sql`
+    await asRawClient(ctx.db).unsafe(
+      `
       DELETE FROM read_t15c_properties
-      WHERE inserted_by_id = ${ctx.userId} AND tenant_id = ${ctx.tenantId}
-    `);
+      WHERE inserted_by_id = $1 AND tenant_id = $2
+    `,
+      [ctx.userId, ctx.tenantId],
+    );
   } else {
     // anonymize: clear owner, keep row + non-sensitive customFields
-    await ctx.db.execute(sql`
+    await asRawClient(ctx.db).unsafe(
+      `
       UPDATE read_t15c_properties SET inserted_by_id = NULL
-      WHERE inserted_by_id = ${ctx.userId} AND tenant_id = ${ctx.tenantId}
-    `);
+      WHERE inserted_by_id = $1 AND tenant_id = $2
+    `,
+      [ctx.userId, ctx.tenantId],
+    );
   }
 };
@@ -143,8 +152,8 @@ afterAll(async () => {
 beforeEach(async () => {
   await resetEventStore(stack);
-  await stack.db.execute(sql`DELETE FROM read_t15c_properties`);
-  await stack.db.execute(sql`DELETE FROM read_custom_field_definitions`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_t15c_properties`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_custom_field_definitions`);
 });
 async function defineField(fieldKey: string, serializedField: Record<string, unknown>) {
@@ -175,8 +184,9 @@ async function setField(entityId: string, fieldKey: string, value: unknown) {
 }
 async function readRow(id: string): Promise<Record<string, unknown> | undefined> {
-  const rows = await stack.db.execute(
-    sql`SELECT id, custom_fields FROM read_t15c_properties WHERE id = ${id}`,
+  const rows = await asRawClient(stack.db).unsafe(
+    `SELECT id, custom_fields FROM read_t15c_properties WHERE id = $1`,
+    [id],
   );
   const list = rows as ReadonlyArray<Record<string, unknown>>;
   return list[0];

package/src/custom-fields/__tests__/wire-for-entity.test.ts CHANGED Viewed

@@ -1,6 +1,6 @@
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { describe, expect, test } from "bun:test";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import { createEntity, createTextField, defineFeature } from "@cosmicdrift/kumiko-framework/engine";
-import { describe, expect, test } from "vitest";
 import { customFieldsField, wireCustomFieldsFor } from "../wire-for-entity";
 // B2 wireCustomFieldsFor: einziger Aufruf registriert MSP + postQuery-hook +
@@ -15,7 +15,7 @@ const propertyEntity = createEntity({
   },
 });
-const propertyTable = buildDrizzleTable("property", propertyEntity);
+const propertyTable = buildEntityTable("property", propertyEntity);
 describe("wireCustomFieldsFor", () => {
   test("registers useExtension + MSP + postQuery-entity-hook + search-payload-extension", () => {
@@ -43,7 +43,7 @@ describe("wireCustomFieldsFor", () => {
     expect(feature.entityHooks.postQuery["property"]).toHaveLength(1);
     // 4. search-payload-extension on "property"
-    expect(feature.searchPayloadExtensions["property"]).toHaveLength(1);
+    expect(feature.searchPayloadExtensions!["property"]).toHaveLength(1);
   });
   test("postQuery-hook flattens row.customFields onto root", async () => {
@@ -107,7 +107,7 @@ describe("wireCustomFieldsFor", () => {
       wireCustomFieldsFor(r, "property", propertyTable);
     });
-    const contributor = feature.searchPayloadExtensions["property"]?.[0]?.fn;
+    const contributor = feature.searchPayloadExtensions!["property"]?.[0]?.fn;
     expect(contributor).toBeDefined();
     const result = await contributor?.({
       entityName: "property",

package/src/custom-fields/db/queries/field-access.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { TenantDb } from "@cosmicdrift/kumiko-framework/db";
+export async function selectSerializedFieldDefinition(
+  db: TenantDb,
+  tenantId: string,
+  entityName: string,
+  fieldKey: string,
+): Promise<unknown | null> {
+  const rows = await asRawClient(db.raw).unsafe(
+    "SELECT serialized_field FROM read_custom_field_definitions WHERE entity_name = $1 AND field_key = $2 AND tenant_id = $3 LIMIT 1",
+    [entityName, fieldKey, tenantId],
+  );
+  const first = (rows as ReadonlyArray<Record<string, unknown>>)[0];
+  return first ? (first["serialized_field"] ?? null) : null;
+}

package/src/custom-fields/db/queries/projection.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+function quoteTable(tableName: string): string {
+  return `"${tableName.replace(/"/g, '""')}"`;
+}
+export async function setCustomFieldValue(
+  db: DbRunner,
+  tableName: string,
+  fieldKey: string,
+  valueJson: string,
+  aggregateId: string,
+): Promise<void> {
+  const tbl = quoteTable(tableName);
+  const escapedKey = fieldKey.replace(/'/g, "''");
+  await asRawClient(db).unsafe(
+    `UPDATE ${tbl} SET custom_fields = jsonb_set(custom_fields, '{${escapedKey}}', $1::jsonb, true) WHERE id = $2`,
+    [valueJson, aggregateId],
+  );
+}
+export async function clearCustomFieldKey(
+  db: DbRunner,
+  tableName: string,
+  fieldKey: string,
+  aggregateId: string,
+): Promise<void> {
+  const tbl = quoteTable(tableName);
+  await asRawClient(db).unsafe(
+    `UPDATE ${tbl} SET custom_fields = custom_fields - $1 WHERE id = $2`,
+    [fieldKey, aggregateId],
+  );
+}
+export async function removeCustomFieldKeyFromAllRows(
+  db: DbRunner,
+  tableName: string,
+  fieldKey: string,
+): Promise<void> {
+  const tbl = quoteTable(tableName);
+  await asRawClient(db).unsafe(`UPDATE ${tbl} SET custom_fields = custom_fields - $1`, [fieldKey]);
+}

package/src/custom-fields/db/queries/quota.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { TenantDb } from "@cosmicdrift/kumiko-framework/db";
+export async function countTenantFieldDefinitions(db: TenantDb, tenantId: string): Promise<number> {
+  const rowsResult = await asRawClient(db.raw).unsafe(
+    "SELECT COUNT(*)::int AS n FROM read_custom_field_definitions WHERE tenant_id = $1",
+    [tenantId],
+  );
+  const rows = rowsResult as ReadonlyArray<Record<string, unknown>>;
+  const first = rows[0];
+  if (!first) return 0;
+  const n = first["n"];
+  return typeof n === "number" ? n : Number.parseInt(String(n ?? 0), 10);
+}

package/src/custom-fields/db/queries/retention.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+export async function selectFieldDefinitionsWithSerialized(
+  db: DbRunner,
+  entityName: string,
+  tenantId: string,
+): Promise<readonly { field_key: string; serialized_field: unknown }[]> {
+  return asRawClient(db).unsafe(
+    "SELECT field_key, serialized_field FROM read_custom_field_definitions WHERE entity_name = $1 AND tenant_id = $2",
+    [entityName, tenantId],
+  ) as Promise<readonly { field_key: string; serialized_field: unknown }[]>;
+}
+export async function selectHostRowsWithCustomFields(
+  db: DbRunner,
+  tableName: string,
+  tenantId: string,
+): Promise<readonly unknown[]> {
+  const quoted = `"${tableName.replace(/"/g, '""')}"`;
+  const rowsResult = await asRawClient(db).unsafe(
+    `SELECT id, modified_at, custom_fields FROM ${quoted} WHERE tenant_id = $1 AND custom_fields IS NOT NULL`,
+    [tenantId],
+  );
+  return Array.isArray(rowsResult) ? rowsResult : [];
+}
+export async function updateHostRowCustomFields(
+  db: DbRunner,
+  tableName: string,
+  customFieldsJson: string,
+  rowId: string,
+): Promise<void> {
+  const quoted = `"${tableName.replace(/"/g, '""')}"`;
+  await asRawClient(db).unsafe(`UPDATE ${quoted} SET custom_fields = $1::jsonb WHERE id = $2`, [
+    customFieldsJson,
+    rowId,
+  ]);
+}

package/src/custom-fields/db/queries/user-data-rights.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+function quoteTable(tableName: string): string {
+  return `"${tableName.replace(/"/g, '""')}"`;
+}
+function quoteColumn(columnName: string): string {
+  return `"${columnName.replace(/"/g, '""')}"`;
+}
+export async function selectCustomFieldsHostRows(
+  db: DbRunner,
+  tableName: string,
+  userIdColumn: string,
+  userId: string,
+  tenantId: string,
+): Promise<readonly unknown[]> {
+  const tbl = quoteTable(tableName);
+  const userCol = quoteColumn(userIdColumn);
+  const rowsResult = await asRawClient(db).unsafe(
+    `SELECT id, custom_fields FROM ${tbl} WHERE ${userCol} = $1 AND tenant_id = $2`,
+    [userId, tenantId],
+  );
+  return Array.isArray(rowsResult) ? rowsResult : [];
+}
+export async function stripSensitiveCustomFieldKeys(
+  db: DbRunner,
+  tableName: string,
+  userIdColumn: string,
+  sensitiveKeys: readonly string[],
+  userId: string,
+  tenantId: string,
+): Promise<void> {
+  const tbl = quoteTable(tableName);
+  const userCol = quoteColumn(userIdColumn);
+  const placeholders = sensitiveKeys.map((_, i) => `$${i + 1}`).join(" - ");
+  await asRawClient(db).unsafe(
+    `UPDATE ${tbl} SET custom_fields = custom_fields - ${placeholders} WHERE ${userCol} = $${sensitiveKeys.length + 1} AND tenant_id = $${sensitiveKeys.length + 2}`,
+    [...sensitiveKeys, userId, tenantId],
+  );
+}
+export async function selectFieldDefinitionsForEntity(
+  db: DbRunner,
+  entityName: string,
+  tenantId: string,
+): Promise<readonly { field_key: string; serialized_field: unknown }[]> {
+  return asRawClient(db).unsafe(
+    "SELECT field_key, serialized_field FROM read_custom_field_definitions WHERE entity_name = $1 AND tenant_id = $2",
+    [entityName, tenantId],
+  ) as Promise<readonly { field_key: string; serialized_field: unknown }[]>;
+}

package/src/custom-fields/lib/field-access.ts CHANGED Viewed

@@ -1,12 +1,7 @@
 // T1.5b — per-field write access-check for the set/clear handlers.
-//
-// Loads a fieldDefinition by (tenantId, entityName, fieldKey), reads its
-// `serializedField.fieldAccess.write` array, and verifies the calling user
-// holds at least one of the listed roles. When `fieldAccess.write` is
-// absent or empty the handler-level RBAC is the only gate.
 import type { TenantDb } from "@cosmicdrift/kumiko-framework/db";
-import { sql } from "drizzle-orm";
+import { selectSerializedFieldDefinition } from "../db/queries/field-access";
 import { parseSerializedField } from "./parse-serialized-field";
 export type FieldAccessCheckResult =
@@ -17,36 +12,6 @@ export type FieldAccessCheckResult =
       requiredRoles?: ReadonlyArray<string>;
     };
-// Resolution mirrors the Plan-Doc v2 system+tenant UNION: the active
-// definition for a fieldKey on an entity is either system-scope or
-// tenant-scope, never both (B1 conflict-rule). The tenant-scoped row sits
-// in the caller's tenantId; system-scoped rows would sit under
-// SYSTEM_TENANT_ID. B1 only ships the tenant-scoped pipeline, so we only
-// query the caller's tenant — system-scope lookup will land in B2.
-async function loadSerializedField(
-  db: TenantDb,
-  tenantId: string,
-  entityName: string,
-  fieldKey: string,
-): Promise<unknown | null> {
-  // TenantDb's tenant-filtered API doesn't expose raw SQL — for this
-  // single-row lookup we drop down to the underlying DbRunner. tenantId
-  // is still pinned in the WHERE clause so we don't lose isolation.
-  const rows = await db.raw.execute(sql`
-    SELECT serialized_field
-    FROM read_custom_field_definitions
-    WHERE entity_name = ${entityName}
-      AND field_key = ${fieldKey}
-      AND tenant_id = ${tenantId}
-    LIMIT 1
-  `);
-  const first = (rows as ReadonlyArray<Record<string, unknown>>)[0]; // @cast-boundary db-row
-  return first ? (first["serialized_field"] ?? null) : null;
-}
-// Per Plan-Doc T1.5b: an empty / undefined `write` array means the field
-// inherits the handler-level RBAC unchanged. Only an explicit non-empty
-// list constrains. Intersection is role-name equality (case-sensitive).
 export async function checkFieldAccessForWrite(
   db: TenantDb,
   tenantId: string,
@@ -54,16 +19,12 @@ export async function checkFieldAccessForWrite(
   fieldKey: string,
   userRoles: ReadonlyArray<string>,
 ): Promise<FieldAccessCheckResult> {
-  const serialized = await loadSerializedField(db, tenantId, entityName, fieldKey);
+  const serialized = await selectSerializedFieldDefinition(db, tenantId, entityName, fieldKey);
   if (serialized === null) {
     return { ok: false, reason: "field_definition_not_found" };
   }
   const parsed = parseSerializedField(serialized);
-  // skip: corrupt serialized_field on disk → treat as no-access-restriction
-  // rather than 500. Loader already returned null on missing row, so a
-  // null here means parse-failure on a present row; behave like an open
-  // field (next gate is the handler-level RBAC).
   if (!parsed) return { ok: true };
   const required = parsed.fieldAccess?.write;

package/src/custom-fields/lib/quota.ts CHANGED Viewed

@@ -1,28 +1,5 @@
 // T1.5e — per-tenant fieldDefinition quota.
 //
-// `countTenantFieldDefinitions(db, tenantId)` runs a single COUNT(*) against
-// `read_custom_field_definitions` scoped to the caller's tenant. The
-// `define-tenant-field` handler consults this before insert and rejects
-// with `cap_exceeded` once a configurable per-tenant ceiling is reached.
-//
-// This is a simple projection-count rather than a `cap-counter`-bundle
-// counter, because the read-projection is the authoritative source
-// (soft-deleted rows already drop out) and we don't need rolling-window
-// semantics. A future iteration can swap to `cap-counter` if pricing
-// wants e.g. monthly-roll definition allowances.
-import type { TenantDb } from "@cosmicdrift/kumiko-framework/db";
-import { sql } from "drizzle-orm";
+// Re-exports from db/queries/quota.ts for backward-compatible import paths.
-export async function countTenantFieldDefinitions(db: TenantDb, tenantId: string): Promise<number> {
-  const rowsResult = await db.raw.execute(sql`
-    SELECT COUNT(*)::int AS n
-    FROM read_custom_field_definitions
-    WHERE tenant_id = ${tenantId}
-  `);
-  const rows = rowsResult as ReadonlyArray<Record<string, unknown>>; // @cast-boundary db-row
-  const first = rows[0];
-  if (!first) return 0;
-  const n = first["n"];
-  return typeof n === "number" ? n : Number.parseInt(String(n ?? 0), 10);
-}
+export { countTenantFieldDefinitions } from "../db/queries/quota";

package/src/custom-fields/run-retention.ts CHANGED Viewed

@@ -17,10 +17,22 @@
 import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { getTableName, sql } from "drizzle-orm";
-import type { PgTable } from "drizzle-orm/pg-core";
+import {
+  selectFieldDefinitionsWithSerialized,
+  selectHostRowsWithCustomFields,
+  updateHostRowCustomFields,
+} from "./db/queries/retention";
 import { parseSerializedField } from "./lib/parse-serialized-field";
+const KUMIKO_NAME_SYMBOL = Symbol.for("kumiko:schema:Name");
+function getTableName(table: unknown): string {
+  if (typeof table === "object" && table !== null) {
+    const sym = (table as Record<symbol, unknown>)[KUMIKO_NAME_SYMBOL];
+    if (typeof sym === "string") return sym;
+  }
+  throw new Error("custom-fields/run-retention: table missing kumiko:schema:Name symbol");
+}
 type Instant = InstanceType<ReturnType<typeof getTemporal>["Instant"]>;
 // Lifted from data-retention/keep-for.ts because the helper isn't re-exported
@@ -48,7 +60,7 @@ export interface RunCustomFieldsRetentionOptions {
   readonly db: DbRunner;
   readonly tenantId: string;
   readonly entityName: string;
-  readonly entityTable: PgTable;
+  readonly entityTable: unknown;
   /** Current time, injected for time-travel-tests. */
   readonly now: Instant;
 }
@@ -75,18 +87,13 @@ export async function runCustomFieldsRetention(
     return { rowsScanned: 0, rowsUpdated: 0, removalsByFieldKey: {} };
   }
-  const tableName = sql.identifier(getTableName(opts.entityTable));
-  const rowsResult = await opts.db.execute(sql`
-    SELECT id, modified_at, custom_fields
-    FROM ${tableName}
-    WHERE tenant_id = ${opts.tenantId} AND custom_fields IS NOT NULL
-  `);
+  const tableName = getTableName(opts.entityTable);
+  const rows = await selectHostRowsWithCustomFields(opts.db, tableName, opts.tenantId);
   const removalsByFieldKey: Record<string, number> = {};
   let rowsUpdated = 0;
   let rowsScanned = 0;
-  const rows: ReadonlyArray<unknown> = Array.isArray(rowsResult) ? rowsResult : [];
   for (const raw of rows) {
     rowsScanned++;
     const row = asHostRow(raw);
@@ -125,11 +132,7 @@ export async function runCustomFieldsRetention(
       removalsByFieldKey[key] = (removalsByFieldKey[key] ?? 0) + 1;
     }
-    await opts.db.execute(sql`
-      UPDATE ${tableName}
-      SET custom_fields = ${JSON.stringify(mutated)}::jsonb
-      WHERE id = ${row.id}
-    `);
+    await updateHostRowCustomFields(opts.db, tableName, JSON.stringify(mutated), row.id);
     rowsUpdated++;
   }
@@ -171,12 +174,7 @@ async function loadRetentionPolicies(
   tenantId: string,
   entityName: string,
 ): Promise<Map<string, RetentionPolicy>> {
-  const rowsResult = await db.execute(sql`
-    SELECT field_key, serialized_field
-    FROM read_custom_field_definitions
-    WHERE entity_name = ${entityName} AND tenant_id = ${tenantId}
-  `);
-  const rows: ReadonlyArray<unknown> = Array.isArray(rowsResult) ? rowsResult : [];
+  const rows = await selectFieldDefinitionsWithSerialized(db, entityName, tenantId);
   const out = new Map<string, RetentionPolicy>();
   for (const raw of rows) {
     // skip: see asHostRow rationale.

package/src/custom-fields/wire-for-entity.ts CHANGED Viewed

@@ -3,10 +3,22 @@ import {
   type FeatureRegistrar,
   type JsonbFieldDef,
 } from "@cosmicdrift/kumiko-framework/engine";
-import type { AnyColumn } from "drizzle-orm";
-import { eq, sql } from "drizzle-orm";
-import type { PgTable } from "drizzle-orm/pg-core";
 import { CUSTOM_FIELDS_EXTENSION } from "./constants";
+import {
+  clearCustomFieldKey,
+  removeCustomFieldKeyFromAllRows,
+  setCustomFieldValue,
+} from "./db/queries/projection";
+const KUMIKO_NAME_SYMBOL = Symbol.for("kumiko:schema:Name");
+function getTableName(table: unknown): string {
+  if (typeof table === "object" && table !== null) {
+    const sym = (table as Record<symbol, unknown>)[KUMIKO_NAME_SYMBOL];
+    if (typeof sym === "string") return sym;
+  }
+  throw new Error("wire-for-entity: table missing kumiko:schema:Name symbol");
+}
 import type { CustomFieldClearedPayload, CustomFieldSetPayload } from "./events";
 import { customFieldsFeature } from "./feature";
@@ -40,7 +52,7 @@ export function customFieldsField(): JsonbFieldDef {
 //   });
 //
 // Der `entityTable`-Parameter ist die Drizzle-Table-Instance (typically
-// `buildDrizzleTable(name, entity)`-Output). Die Closure über `entityTable`
+// `buildEntityTable(name, entity)`-Output). Die Closure über `entityTable`
 // erspart der MSP-apply-fn einen runtime-table-lookup über die Registry.
 //
 // **Was registriert wird**:
@@ -67,7 +79,7 @@ export function customFieldsField(): JsonbFieldDef {
 export function wireCustomFieldsFor<TReg extends FeatureRegistrar<string>>(
   r: TReg,
   entityName: string,
-  entityTable: PgTable,
+  entityTable: unknown,
 ): void {
   // biome-ignore lint/correctness/useHookAtTopLevel: r.useExtension is a registrar-API method, not a React hook — false positive on the "use"-prefix heuristic.
   r.useExtension(CUSTOM_FIELDS_EXTENSION, entityName);
@@ -91,14 +103,15 @@ export function wireCustomFieldsFor<TReg extends FeatureRegistrar<string>>(
         // jsonb_set: setze key auf value. Wenn key noch nicht existiert →
         // wird angelegt (create_missing=true ist default). value muss als
-        // jsonb-literal kommen — Drizzle sql-template stringifiziert für uns.
-        const idCol = (entityTable as unknown as Record<string, AnyColumn>)["id"] as AnyColumn; // @cast-boundary db-row
-        await tx
-          .update(entityTable)
-          .set({
-            customFields: sql`jsonb_set(${sql.identifier("custom_fields")}, ${sql.raw(`'{${payload.fieldKey.replace(/'/g, "''")}}'`)}, ${JSON.stringify(payload.value)}::jsonb, true)`,
-          })
-          .where(eq(idCol, event.aggregateId));
+        // jsonb-literal kommen.
+        const tableName = getTableName(entityTable);
+        await setCustomFieldValue(
+          tx,
+          tableName,
+          payload.fieldKey,
+          JSON.stringify(payload.value),
+          event.aggregateId,
+        );
       },
       [clearedEventType]: async (event, tx) => {
         // skip: MSP feuert für alle aggregate-types — nur unsere host-entity
@@ -107,13 +120,8 @@ export function wireCustomFieldsFor<TReg extends FeatureRegistrar<string>>(
         const payload = event.payload as CustomFieldClearedPayload; // @cast-boundary engine-payload
         // jsonb minus operator (`-`) entfernt key aus jsonb-object.
-        const idCol = (entityTable as unknown as Record<string, AnyColumn>)["id"] as AnyColumn; // @cast-boundary db-row
-        await tx
-          .update(entityTable)
-          .set({
-            customFields: sql`${sql.identifier("custom_fields")} - ${payload.fieldKey}`,
-          })
-          .where(eq(idCol, event.aggregateId));
+        const tableName = getTableName(entityTable);
+        await clearCustomFieldKey(tx, tableName, payload.fieldKey, event.aggregateId);
       },
       [fieldDefDeletedType]: async (event, tx) => {
         // fieldDefinition.deleted fires nur einmal pro fieldDef-delete
@@ -125,9 +133,8 @@ export function wireCustomFieldsFor<TReg extends FeatureRegistrar<string>>(
         // ihre Rows.
         if (payload.entityName !== entityName) return;
-        await tx.update(entityTable).set({
-          customFields: sql`${sql.identifier("custom_fields")} - ${payload.fieldKey}`,
-        });
+        const tableName = getTableName(entityTable);
+        await removeCustomFieldKeyFromAllRows(tx, tableName, payload.fieldKey);
       },
     },
   });