npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.14.0 → 0.16.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.14.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/src/user-data-rights/__tests__/run-forget-cleanup.integration.ts CHANGED Viewed

@@ -15,14 +15,14 @@
 // Unit-Test pinned (policy-to-strategy.test.ts), nicht hier. Hier nur
 // der end-to-end-Default-Pfad (delete).
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { asRawClient, insertOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import {
   setupTestStack,
   type TestStack,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature } from "../../compliance-profiles";
 import { createDataRetentionFeature, tenantRetentionOverrideEntity } from "../../data-retention";
 import { createFilesFeature } from "../../files";
@@ -70,7 +70,7 @@ beforeAll(async () => {
   await unsafeCreateEntityTable(stack.db, tenantRetentionOverrideEntity);
   // tenant-membership-Tabelle (von tenant-feature) manuell anlegen weil
   // wir ohne tenant-feature im stack arbeiten — minimaler Setup.
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(`
     CREATE TABLE IF NOT EXISTS read_tenant_memberships (
       id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
       tenant_id UUID NOT NULL,
@@ -87,7 +87,7 @@ beforeAll(async () => {
       UNIQUE(user_id, tenant_id)
     )
   `);
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(`
     CREATE TABLE IF NOT EXISTS file_refs (
       id UUID PRIMARY KEY,
       tenant_id UUID NOT NULL,
@@ -109,9 +109,9 @@ afterAll(async () => {
 });
 beforeEach(async () => {
-  await stack.db.delete(userTable);
-  await stack.db.execute(sql`DELETE FROM read_tenant_memberships`);
-  await stack.db.execute(sql`DELETE FROM file_refs`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM "${userTable.tableName}"`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_tenant_memberships`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM file_refs`);
 });
 type Instant = InstanceType<ReturnType<typeof getTemporal>["Instant"]>;
@@ -131,7 +131,7 @@ async function seedUser(
     displayName?: string;
   } = {},
 ): Promise<void> {
-  await stack.db.insert(userTable).values({
+  await insertOne(stack.db, userTable, {
     id,
     tenantId: TENANT_SYSTEM,
     email: overrides.email ?? `user-${id}@example.com`,
@@ -146,11 +146,14 @@ async function seedUser(
 }
 async function seedMembership(userId: string, tenantId: string): Promise<void> {
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(
+    `
     INSERT INTO read_tenant_memberships (tenant_id, user_id, roles)
-    VALUES (${tenantId}, ${userId}, '["Member"]')
+    VALUES ($1, $2, '["Member"]')
     ON CONFLICT (user_id, tenant_id) DO NOTHING
-  `);
+  `,
+    [tenantId, userId],
+  );
 }
 async function seedFileRef(
@@ -159,11 +162,14 @@ async function seedFileRef(
   insertedById: string | null,
   fileName: string,
 ): Promise<void> {
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(
+    `
     INSERT INTO file_refs (id, tenant_id, storage_key, file_name, mime_type, size, inserted_by_id)
-    VALUES (${id}, ${tenantId}, ${`storage/${id}`}, ${fileName}, 'application/pdf', 1024, ${insertedById})
+    VALUES ($1, $2, $3, $4, 'application/pdf', 1024, $5)
     ON CONFLICT (id) DO NOTHING
-  `);
+  `,
+    [id, tenantId, `storage/${id}`, fileName, insertedById],
+  );
 }
 async function fetchUser(id: string): Promise<{
@@ -173,10 +179,13 @@ async function fetchUser(id: string): Promise<{
   status: string;
   deleted_at: string | null;
 } | null> {
-  const result = await stack.db.execute(sql`
+  const result = await asRawClient(stack.db).unsafe(
+    `
     SELECT email, display_name, password_hash, status, deleted_at
-    FROM read_users WHERE id = ${id}
-  `);
+    FROM read_users WHERE id = $1
+  `,
+    [id],
+  );
   // biome-ignore lint/suspicious/noExplicitAny: drizzle execute typing
   const rows = ((result as any).rows ?? result) as Array<{
     email: string;
@@ -189,18 +198,24 @@ async function fetchUser(id: string): Promise<{
 }
 async function fetchFileRefsForUser(tenantId: string, userId: string): Promise<unknown[]> {
-  const result = await stack.db.execute(sql`
+  const result = await asRawClient(stack.db).unsafe(
+    `
     SELECT id, file_name, inserted_by_id
-    FROM file_refs WHERE tenant_id = ${tenantId} AND inserted_by_id = ${userId}
-  `);
+    FROM file_refs WHERE tenant_id = $1 AND inserted_by_id = $2
+  `,
+    [tenantId, userId],
+  );
   // biome-ignore lint/suspicious/noExplicitAny: drizzle execute typing
   return ((result as any).rows ?? result) as unknown[];
 }
 async function fetchAllFileRefs(tenantId: string): Promise<unknown[]> {
-  const result = await stack.db.execute(sql`
-    SELECT id, file_name, inserted_by_id FROM file_refs WHERE tenant_id = ${tenantId}
-  `);
+  const result = await asRawClient(stack.db).unsafe(
+    `
+    SELECT id, file_name, inserted_by_id FROM file_refs WHERE tenant_id = $1
+  `,
+    [tenantId],
+  );
   // biome-ignore lint/suspicious/noExplicitAny: drizzle execute typing
   return ((result as any).rows ?? result) as unknown[];
 }
@@ -245,7 +260,7 @@ describe("runForgetCleanup :: happy path (Cross-Tenant Account-Deletion)", () =>
     expect(aliceRow?.email).not.toContain("alice@example.com");
     expect(aliceRow?.email).toContain("anonymized.invalid");
     expect([USER_DELETED_DISPLAY_NAME, USER_ANONYMIZED_DISPLAY_NAME]).toContain(
-      aliceRow?.display_name,
+      aliceRow!.display_name,
     );
     expect(aliceRow?.password_hash).toBeNull();
@@ -352,9 +367,12 @@ describe("runForgetCleanup :: PII-Audit nach Cleanup", () => {
     });
     // Cross-Tabellen-PII-Check: koennen wir noch IRGENDWO Original-Werte finden?
-    const userRows = await stack.db.execute(sql`
-      SELECT id FROM read_users WHERE email = ${ORIGINAL_EMAIL} OR display_name = ${ORIGINAL_NAME}
-    `);
+    const userRows = await asRawClient(stack.db).unsafe(
+      `
+      SELECT id FROM read_users WHERE email = $1 OR display_name = $2
+    `,
+      [ORIGINAL_EMAIL, ORIGINAL_NAME],
+    );
     // biome-ignore lint/suspicious/noExplicitAny: drizzle execute typing
     const userMatches = (userRows as any).rows ?? userRows;
     expect(userMatches).toHaveLength(0);
@@ -577,7 +595,7 @@ describe("runForgetCleanup :: sendDeletionExecutedEmail callback (Atom 5b)", ()
     // einem vorigen Run schon anonymisiert hat aber status haengen blieb,
     // oder durch external Migration). Skip schuetzt vor crashing-callback
     // mit invaliden Args.
-    await stack.db.insert(userTable).values({
+    await insertOne(stack.db, userTable, {
       id: ALICE_ID,
       tenantId: TENANT_SYSTEM,
       email: "",

package/src/user-data-rights/__tests__/run-user-export.integration.ts CHANGED Viewed

@@ -14,14 +14,14 @@
 //   - Orphan-User (0 Memberships): user-Profil-Hook laeuft trotzdem
 //     ueber Pseudo-Tenant.
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { asRawClient, insertOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import {
   setupTestStack,
   type TestStack,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature } from "../../compliance-profiles";
 import { createDataRetentionFeature } from "../../data-retention";
 import { createFilesFeature } from "../../files";
@@ -57,7 +57,7 @@ beforeAll(async () => {
   });
   await unsafeCreateEntityTable(stack.db, userEntity);
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(`
     CREATE TABLE IF NOT EXISTS read_tenant_memberships (
       id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
       tenant_id UUID NOT NULL,
@@ -74,7 +74,7 @@ beforeAll(async () => {
       UNIQUE(user_id, tenant_id)
     )
   `);
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(`
     CREATE TABLE IF NOT EXISTS file_refs (
       id UUID PRIMARY KEY,
       tenant_id UUID NOT NULL,
@@ -96,9 +96,9 @@ afterAll(async () => {
 });
 beforeEach(async () => {
-  await stack.db.delete(userTable);
-  await stack.db.execute(sql`DELETE FROM read_tenant_memberships`);
-  await stack.db.execute(sql`DELETE FROM file_refs`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM "${userTable.tableName}"`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM read_tenant_memberships`);
+  await asRawClient(stack.db).unsafe(`DELETE FROM file_refs`);
 });
 const NOW = () => getTemporal().Now.instant();
@@ -107,7 +107,7 @@ async function seedUser(
   id: string,
   overrides: { email?: string; displayName?: string; roles?: string } = {},
 ): Promise<void> {
-  await stack.db.insert(userTable).values({
+  await insertOne(stack.db, userTable, {
     id,
     tenantId: TENANT_SYSTEM,
     email: overrides.email ?? `user-${id}@example.com`,
@@ -121,11 +121,14 @@ async function seedUser(
 }
 async function seedMembership(userId: string, tenantId: string): Promise<void> {
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(
+    `
     INSERT INTO read_tenant_memberships (tenant_id, user_id, roles)
-    VALUES (${tenantId}, ${userId}, '["Member"]')
+    VALUES ($1, $2, '["Member"]')
     ON CONFLICT (user_id, tenant_id) DO NOTHING
-  `);
+  `,
+    [tenantId, userId],
+  );
 }
 async function seedFileRef(
@@ -134,11 +137,14 @@ async function seedFileRef(
   insertedById: string | null,
   fileName: string,
 ): Promise<void> {
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(
+    `
     INSERT INTO file_refs (id, tenant_id, storage_key, file_name, mime_type, size, inserted_by_id)
-    VALUES (${id}, ${tenantId}, ${`storage/${id}`}, ${fileName}, 'application/pdf', 1024, ${insertedById})
+    VALUES ($1, $2, $3, $4, 'application/pdf', 1024, $5)
     ON CONFLICT (id) DO NOTHING
-  `);
+  `,
+    [id, tenantId, `storage/${id}`, fileName, insertedById],
+  );
 }
 describe("runUserExport :: alle Daten enthalten + Cross-Tenant", () => {

package/src/user-data-rights/__tests__/token-helpers.test.ts CHANGED Viewed

@@ -6,7 +6,7 @@
 //   - Web-Crypto-Universal: laeuft in vitest (= bun-runtime via vitest)
 //     ohne node:crypto-Import. Memory `feedback_universal_deps`.
-import { describe, expect, test } from "vitest";
+import { describe, expect, test } from "bun:test";
 import { generateDownloadToken, hashDownloadToken } from "../token-helpers";
 describe("generateDownloadToken", () => {

package/src/user-data-rights/__tests__/user-data-rights.integration.ts CHANGED Viewed

@@ -6,8 +6,8 @@
 // Tieferer Cross-Feature-Test (mit useExtension(EXT_USER_DATA, ...) +
 // Sprint-2-H1/H2-Hooks) kommt in S2.T1 (Cross-Data-Matrix).
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { setupTestStack, type TestStack } from "@cosmicdrift/kumiko-framework/stack";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature } from "../../compliance-profiles";
 import { createDataRetentionFeature } from "../../data-retention";
 import { createUserFeature } from "../../user";

package/src/user-data-rights/__tests__/zip-path.test.ts CHANGED Viewed

@@ -5,8 +5,8 @@
 // Filename mit "../" einen ZIP-Reader dazu bringen, ausserhalb des
 // Extract-Roots zu schreiben.
+import { describe, expect, test } from "bun:test";
 import type { TenantId } from "@cosmicdrift/kumiko-framework/engine";
-import { describe, expect, test } from "vitest";
 import { buildFileRefZipPath, sanitizeZipFilename } from "../zip-path";
 const TENANT = "00000000-0000-0000-0000-000000000001" as TenantId;

package/src/user-data-rights/audit-download.ts CHANGED Viewed

@@ -15,7 +15,7 @@
 // **ES via tokenCrud.update:** kein direct-UPDATE. Memory
 // `feedback_no_fake_dispatcher` + `feedback_event_store_tenant_consistency`.
-import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
 import { createEventStoreExecutor, createTenantDb } from "@cosmicdrift/kumiko-framework/db";
 import { createSystemUser, type TenantId } from "@cosmicdrift/kumiko-framework/engine";
 import type { getTemporal } from "@cosmicdrift/kumiko-framework/time";
@@ -29,7 +29,7 @@ const attemptCrud = createEventStoreExecutor(downloadAttemptsTable, downloadAtte
 type Instant = InstanceType<ReturnType<typeof getTemporal>["Instant"]>;
 export interface RecordDownloadUseArgs {
-  readonly db: DbConnection;
+  readonly db: DbRunner;
   readonly tokenId: string;
   readonly tokenVersion: number;
   readonly tokenUseCount: number;
@@ -85,7 +85,7 @@ export async function recordDownloadUse(args: RecordDownloadUseArgs): Promise<vo
 export type DownloadAttemptResult = "notFound" | "expired" | "failed" | "signedUrlNotSupported";
 export interface RecordInvalidAttemptArgs {
-  readonly db: DbConnection;
+  readonly db: DbRunner;
   readonly tenantId: TenantId;
   readonly now: Instant;
   readonly result: DownloadAttemptResult;

package/src/user-data-rights/db/queries/export-jobs.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
+import type { TenantId } from "@cosmicdrift/kumiko-framework/engine";
+export type ExportJobCleanupCandidate = {
+  readonly id: string;
+  readonly version: number;
+  readonly status: string;
+  readonly requestedFromTenantId: TenantId;
+  readonly downloadStorageKey: string | null;
+  readonly expiresAt: Temporal.Instant | null;
+};
+export async function selectExportJobsForStorageCleanup(
+  db: DbConnection,
+  doneStatus: string,
+  failedStatus: string,
+): Promise<readonly ExportJobCleanupCandidate[]> {
+  return asRawClient(db).unsafe<ExportJobCleanupCandidate>(
+    `SELECT id, version, status, requested_from_tenant_id AS "requestedFromTenantId", download_storage_key AS "downloadStorageKey", expires_at AS "expiresAt" FROM read_export_jobs WHERE status IN ($1, $2) AND download_storage_key IS NOT NULL`,
+    [doneStatus, failedStatus],
+  );
+}

package/src/user-data-rights/db/queries/forget-cleanup.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
+export async function selectUsersDueForForgetCleanup(
+  db: DbConnection,
+  status: string,
+  gracePeriodEnd: string,
+): Promise<readonly { id: string }[]> {
+  return asRawClient(db).unsafe<{ id: string }>(
+    `SELECT id FROM read_users WHERE status = $1 AND grace_period_end <= $2`,
+    [status, gracePeriodEnd],
+  );
+}

package/src/user-data-rights/handlers/cancel-deletion.write.ts CHANGED Viewed

@@ -1,6 +1,6 @@
+import { fetchOne, updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
 import { UnprocessableError, writeFailure } from "@cosmicdrift/kumiko-framework/errors";
-import { eq, sql } from "drizzle-orm";
 import { z } from "zod";
 import { USER_STATUS, userTable } from "../../user";
@@ -23,18 +23,13 @@ export const cancelDeletionWrite = defineWriteHandler({
     // ctx.db.raw (kein TenantDb-Wrapper) weil User-Entity tenant-agnostisch
     // ist — siehe request-deletion.write.ts fuer die Begruendung. Cancel
     // muss aus jedem Tenant-Mode den User finden + zuruecksetzen koennen.
-    //
-    // Combined query: status + grace_period_end-vs-now in einem Pass.
-    const checkRows = await ctx.db.raw
-      .select({
-        status: userTable["status"],
-        inGrace: sql<boolean>`(${userTable["gracePeriodEnd"]} > now())`,
-      })
-      .from(userTable)
-      .where(eq(userTable["id"], event.user.id))
-      .limit(1);
+    const row = await fetchOne<{ status: string; grace_period_end: Date | null }>(
+      ctx.db.raw,
+      userTable,
+      { id: event.user.id },
+    );
-    if (checkRows.length === 0) {
+    if (!row) {
       return writeFailure(
         new UnprocessableError("user_not_found", {
           details: { reason: "user_not_found", userId: event.user.id },
@@ -42,19 +37,28 @@ export const cancelDeletionWrite = defineWriteHandler({
       );
     }
-    const row = checkRows[0];
-    if (!row || row.status !== USER_STATUS.DeletionRequested) {
+    if (row["status"] !== USER_STATUS.DeletionRequested) {
       return writeFailure(
         new UnprocessableError("no_pending_deletion", {
           details: {
             reason: "no_pending_deletion",
-            currentStatus: row?.status,
+            currentStatus: row["status"],
           },
         }),
       );
     }
-    if (!row.inGrace) {
+    // inGrace computed JS-side: compare grace_period_end (Temporal.Instant
+    // from bun-db boundary) against current server clock.
+    const gracePeriodEnd = row["grace_period_end"];
+    const inGrace =
+      gracePeriodEnd != null &&
+      Temporal.Instant.compare(
+        gracePeriodEnd as unknown as Temporal.Instant,
+        Temporal.Now.instant(),
+      ) > 0;
+    if (!inGrace) {
       return writeFailure(
         new UnprocessableError("grace_period_expired", {
           details: { reason: "grace_period_expired" },
@@ -62,13 +66,15 @@ export const cancelDeletionWrite = defineWriteHandler({
       );
     }
-    await ctx.db.raw
-      .update(userTable)
-      .set({
+    await updateMany(
+      ctx.db.raw,
+      userTable,
+      {
         status: USER_STATUS.Active,
         gracePeriodEnd: null,
-      })
-      .where(eq(userTable["id"], event.user.id));
+      },
+      { id: event.user.id },
+    );
     // gracePeriodEnd=null im Response symmetrisch zu request-deletion's
     // ISO-Timestamp — Frontend kann beide Endpoints uniform behandeln.
@@ -77,7 +83,7 @@ export const cancelDeletionWrite = defineWriteHandler({
       data: {
         userId: event.user.id,
         status: USER_STATUS.Active,
-        gracePeriodEnd: null as string | null, // @cast-boundary generic-record
+        gracePeriodEnd: null as string | null,
       },
     };
   },

package/src/user-data-rights/handlers/download-by-job.query.ts CHANGED Viewed

@@ -23,12 +23,10 @@
 //   6. Audit-Update: useCount + 1, IP, UA, lastUsedAt (best-effort)
 //   7. Return {url, expiresAt}
-import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
-import { fetchOne } from "@cosmicdrift/kumiko-framework/db";
+import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
 import { NotFoundError, UnprocessableError } from "@cosmicdrift/kumiko-framework/errors";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { eq } from "drizzle-orm";
 import { z } from "zod";
 import { createFileProviderForTenant } from "../../file-foundation";
 import { recordDownloadUse, recordInvalidAttempt } from "../audit-download";
@@ -76,15 +74,11 @@ export const downloadByJobQuery = defineQueryHandler({
     // Step 1-2: job-lookup + cross-user-isolation
     // ctx.db.raw weil tenant-agnostisch — Alice in Tenant B sucht den
     // aus Tenant A erstellten Job.
-    const jobRow = (await fetchOne(
-      ctx.db.raw,
-      exportJobsTable,
-      eq(exportJobsTable["id"], jobId),
-    )) as JobRow | null; // @cast-boundary db-row
+    const jobRow = await fetchOne<JobRow>(ctx.db.raw, exportJobsTable, { id: jobId });
     if (!jobRow || jobRow.userId !== userId) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+        db: ctx.db.raw,
         tenantId,
         now,
         result: "notFound",
@@ -102,7 +96,7 @@ export const downloadByJobQuery = defineQueryHandler({
     if (jobRow.status !== EXPORT_JOB_STATUS.Done) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+        db: ctx.db.raw,
         tenantId,
         now,
         result: "failed",
@@ -119,7 +113,7 @@ export const downloadByJobQuery = defineQueryHandler({
     }
     if (!jobRow.downloadStorageKey) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+        db: ctx.db.raw,
         tenantId,
         now,
         result: "expired",
@@ -142,7 +136,7 @@ export const downloadByJobQuery = defineQueryHandler({
     );
     if (!provider.getSignedUrl) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+        db: ctx.db.raw,
         tenantId,
         now,
         result: "signedUrlNotSupported",
@@ -173,21 +167,17 @@ export const downloadByJobQuery = defineQueryHandler({
     // den plain-Token, aber wir wollen den useCount inkrementieren
     // damit die Audit-Felder konsistent sind (UI-clicks zaehlen auch
     // als Use). Lookup via jobId — UNIQUE-Index garantiert max 1 Row.
-    const tokenRow = (await fetchOne(
-      ctx.db.raw,
-      exportDownloadTokensTable,
-      eq(exportDownloadTokensTable["jobId"], jobId),
-    )) as TokenRow | null; // @cast-boundary db-row
+    const tokenRow = await fetchOne<TokenRow>(ctx.db.raw, exportDownloadTokensTable, {
+      jobId,
+    });
     if (tokenRow) {
       await recordDownloadUse({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+        db: ctx.db.raw,
         tokenId: tokenRow.id,
         tokenVersion: tokenRow.version,
         tokenUseCount: tokenRow.useCount ?? 0,
-        tenantId: jobRow.requestedFromTenantId as Parameters<
-          typeof recordDownloadUse
-        >[0]["tenantId"], // @cast-boundary engine-bridge
+        tenantId: jobRow.requestedFromTenantId,
         now,
         ip: query.payload.auditMeta?.ip ?? null,
         userAgent: query.payload.auditMeta?.userAgent ?? null,

package/src/user-data-rights/handlers/download-by-token.query.ts CHANGED Viewed

@@ -26,12 +26,10 @@
 // signedUrl — User klickt 1× Email-Link, Browser folgt redirect, Download
 // startet. Dieser query-handler liefert nur das JSON.
-import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
-import { fetchOne } from "@cosmicdrift/kumiko-framework/db";
+import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
 import { NotFoundError, UnprocessableError } from "@cosmicdrift/kumiko-framework/errors";
 import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { eq } from "drizzle-orm";
 import { z } from "zod";
 import { createFileProviderForTenant } from "../../file-foundation";
 import { recordDownloadUse, recordInvalidAttempt } from "../audit-download";
@@ -87,11 +85,9 @@ export const downloadByTokenQuery = defineQueryHandler({
     const hash = await hashDownloadToken(query.payload.token);
     // ctx.db.raw weil Token+Job tenant-agnostisch — anonymous-pfad hat
     // keinen tenant-context im query.user.
-    const tokenRow = (await fetchOne(
-      ctx.db.raw,
-      exportDownloadTokensTable,
-      eq(exportDownloadTokensTable["tokenHash"], hash),
-    )) as TokenRow | null; // @cast-boundary db-row
+    const tokenRow = await fetchOne<TokenRow>(ctx.db.raw, exportDownloadTokensTable, {
+      tokenHash: hash,
+    });
     if (!tokenRow) {
       // Invalid token — 404 ohne Existenz-Leak. Generic NotFoundError
@@ -116,18 +112,15 @@ export const downloadByTokenQuery = defineQueryHandler({
       // Audit-Skip noch nicht moeglich — jobRow noch nicht geladen,
       // tenantId unbekannt. Wir laden den Job hier noch fuer Audit-Context
       // (best-effort — wenn Job auch fehlt, audit-skip ist akzeptabel).
-      const jobForAudit = (await fetchOne(
+      const jobForAudit = await fetchOne<{ requestedFromTenantId: string }>(
         ctx.db.raw,
         exportJobsTable,
-        eq(exportJobsTable["id"], tokenRow.jobId),
-      )) as { requestedFromTenantId: string } | null; // @cast-boundary db-row
+        { id: tokenRow.jobId },
+      );
       if (jobForAudit) {
-        const auditDb = ctx.db.raw as DbConnection; // @cast-boundary db-runner
         await recordInvalidAttempt({
-          db: auditDb,
-          tenantId: jobForAudit.requestedFromTenantId as Parameters<
-            typeof recordInvalidAttempt
-          >[0]["tenantId"], // @cast-boundary engine-bridge
+          db: ctx.db.raw,
+          tenantId: jobForAudit.requestedFromTenantId,
           now,
           result: "expired",
           via: "token",
@@ -144,11 +137,9 @@ export const downloadByTokenQuery = defineQueryHandler({
     }
     // Step 3-4: job-checks
-    const jobRow = (await fetchOne(
-      ctx.db.raw,
-      exportJobsTable,
-      eq(exportJobsTable["id"], tokenRow.jobId),
-    )) as JobRow | null; // @cast-boundary db-row
+    const jobRow = await fetchOne<JobRow>(ctx.db.raw, exportJobsTable, {
+      id: tokenRow.jobId,
+    });
     if (!jobRow) {
       throw new NotFoundError("export-download", undefined, {
@@ -157,10 +148,8 @@ export const downloadByTokenQuery = defineQueryHandler({
     }
     if (jobRow.status !== EXPORT_JOB_STATUS.Done) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
-        tenantId: jobRow.requestedFromTenantId as Parameters<
-          typeof recordInvalidAttempt
-        >[0]["tenantId"], // @cast-boundary engine-bridge
+        db: ctx.db.raw,
+        tenantId: jobRow.requestedFromTenantId,
         now,
         result: "failed",
         via: "token",
@@ -176,10 +165,8 @@ export const downloadByTokenQuery = defineQueryHandler({
     }
     if (!jobRow.downloadStorageKey) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
-        tenantId: jobRow.requestedFromTenantId as Parameters<
-          typeof recordInvalidAttempt
-        >[0]["tenantId"], // @cast-boundary engine-bridge
+        db: ctx.db.raw,
+        tenantId: jobRow.requestedFromTenantId,
         now,
         result: "expired",
         via: "token",
@@ -203,10 +190,8 @@ export const downloadByTokenQuery = defineQueryHandler({
     );
     if (!provider.getSignedUrl) {
       await recordInvalidAttempt({
-        db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
-        tenantId: jobRow.requestedFromTenantId as Parameters<
-          typeof recordInvalidAttempt
-        >[0]["tenantId"], // @cast-boundary engine-bridge
+        db: ctx.db.raw,
+        tenantId: jobRow.requestedFromTenantId,
         now,
         result: "signedUrlNotSupported",
         via: "token",
@@ -236,11 +221,11 @@ export const downloadByTokenQuery = defineQueryHandler({
     // Wrapper (trusted-source). Direct-API-caller koennen luegen, aber
     // Audit ist nicht security-relevant.
     await recordDownloadUse({
-      db: ctx.db.raw as DbConnection, // @cast-boundary db-runner
+      db: ctx.db.raw,
       tokenId: tokenRow.id,
       tokenVersion: tokenRow.version,
       tokenUseCount: tokenRow.useCount ?? 0,
-      tenantId: jobRow.requestedFromTenantId as Parameters<typeof recordDownloadUse>[0]["tenantId"], // @cast-boundary engine-bridge
+      tenantId: jobRow.requestedFromTenantId,
       now,
       ip: query.payload.auditMeta?.ip ?? null,
       userAgent: query.payload.auditMeta?.userAgent ?? null,