@cosmicdrift/kumiko-bundled-features 0.14.0 → 0.16.0

package/src/billing-foundation/projection.ts

@@ -14,15 +14,16 @@
 // `drizzle/generate.ts` ergänzen (= via subscriptionsProjectionTable-
 // import). setupTestStack pusht sie automatisch via r.projection.table.
 
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import { defineApply } from "@cosmicdrift/kumiko-framework/engine";
+import { upsertSubscriptionProjectionRow } from "./db/queries/subscription-projection";
 import { subscriptionEntity } from "./entities";
 import type { SubscriptionEventPayload } from "./events";
 
 // Drizzle-table-instance aus dem entity-shape. Wird sowohl von der
 // projection-apply als auch von list-query / get-helper genutzt damit
 // alle drei Stellen denselben column-namespace teilen.
-export const subscriptionsProjectionTable = buildDrizzleTable("subscription", subscriptionEntity);
+export const subscriptionsProjectionTable = buildEntityTable("subscription", subscriptionEntity);
 
 // =============================================================================
 // Shared helpers
@@ -62,17 +63,35 @@ async function upsert(
   // jemand nur teil-felder updated (z.B. invoice-payment-failed nur
   // status+tier), nutzen wir trotzdem den vollen payload für den
   // INSERT-Pfad und nur den teil-`set` für ON CONFLICT.
-  await tx
-    .insert(subscriptionsProjectionTable)
-    .values({
-      id: event.aggregateId,
-      tenantId: event.tenantId,
-      ...fullSetFromPayload(fullPayload),
-    })
-    .onConflictDoUpdate({
-      target: subscriptionsProjectionTable["id"],
-      set,
-    });
+  const insertCols = {
+    id: event.aggregateId,
+    tenant_id: event.tenantId,
+    provider_name: fullPayload.providerName,
+    provider_customer_id: fullPayload.providerCustomerId,
+    provider_subscription_id: fullPayload.providerSubscriptionId,
+    status: fullPayload.status,
+    tier: fullPayload.tier,
+    current_period_end: fullPayload.currentPeriodEndIso,
+  };
+  // Map camelCase set-keys to snake_case DB columns.
+  const setMap: Record<keyof typeof set, string> = {
+    providerName: "provider_name",
+    providerCustomerId: "provider_customer_id",
+    providerSubscriptionId: "provider_subscription_id",
+    status: "status",
+    tier: "tier",
+    currentPeriodEnd: "current_period_end",
+  };
+  const insertParams = Object.values(insertCols);
+  const setEntries = Object.entries(set).filter(([, v]) => v !== undefined);
+  const setClauses: string[] = [];
+  const allParams: unknown[] = [...insertParams];
+  for (const [k, v] of setEntries) {
+    allParams.push(v);
+    setClauses.push(`"${setMap[k as keyof typeof set]}" = $${allParams.length}`);
+  }
+  const tableName = (subscriptionsProjectionTable as { tableName: string }).tableName;
+  await upsertSubscriptionProjectionRow(tx, tableName, insertCols, setClauses, allParams);
 }
 
 // =============================================================================

package/src/cap-counter/__tests__/cap-counter.integration.ts

@@ -6,6 +6,7 @@
 // assert. Mirrors the mail-foundation / file-foundation integration
 // test pattern.
 
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
 import { defineFeature, type WriteHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
 import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
@@ -17,7 +18,6 @@ import {
   testTenantId,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { z } from "zod";
 import { CapCounterHandlers, CapCounterQueries } from "../constants";
 import {

package/src/cap-counter/__tests__/enforce-cap.test.ts

@@ -3,8 +3,7 @@
 // without spinning up the test-stack — the real event-store +
 // dispatcher integration is exercised in cap-counter.integration.ts.
 
-import { describe, expect, test, vi } from "vitest";
-
+import { describe, expect, mock, test } from "bun:test";
 // Temporal: rely on the global ambient declaration from temporal-spec.
 // The framework polyfill is loaded by setupTestStack, but pure unit
 // tests (no stack) need a manual polyfill — vitest.setup.ts does that.
@@ -18,35 +17,38 @@ import {
   enforceRollingCapAndMaybeNotify,
 } from "../enforce-cap";
 
-// --- Calendar-Period stub: db.select().from(...).where(...).limit(1) ---
+// Test-mock: ctx.db unterstützt sowohl bun-db's .unsafe() (selectMany ruft das)
+// als auch drizzle's .select().from().where() chain (rolling-path nutzt das
+// direkt). Beide pfade returnen denselben rows-set unabhängig von filtern.
+
+function makeMockDb(rows: unknown[]) {
+  return {
+    unsafe: async () => rows,
+    begin: async <T>(fn: (tx: unknown) => Promise<T>) =>
+      fn({ unsafe: async () => rows, begin: async () => undefined }),
+    select: () => ({
+      from: () => ({
+        where: Object.assign(async () => rows, {
+          // calendar path also chains .limit(1) after .where()
+          limit: async () => rows,
+        }),
+      }),
+    }),
+  };
+}
 
 function stubCalendarCtx(rows: { value: number; lastSoftWarnedAt: unknown }[]) {
   const ctx = {
-    db: {
-      select: () => ({
-        from: () => ({
-          where: () => ({
-            limit: async () => rows,
-          }),
-        }),
-      }),
-    },
+    db: makeMockDb(rows),
     user: { tenantId: "tenant-test" },
   };
   return ctx as unknown as Parameters<typeof enforceCap>[0];
 }
 
-// --- Rolling-Window stub: db.select(...).from(...).where(...) returns rows ---
-
 function stubRollingCtx(eventPayloads: { amount: number }[]) {
+  const rows = eventPayloads.map((p) => ({ payload: p }));
   const ctx = {
-    db: {
-      select: () => ({
-        from: () => ({
-          where: async () => eventPayloads.map((p) => ({ payload: p })),
-        }),
-      }),
-    },
+    db: makeMockDb(rows),
     user: { tenantId: "tenant-test" },
   };
   return ctx as unknown as Parameters<typeof enforceRollingCap>[0];
@@ -284,7 +286,7 @@ describe("enforceCapAndMaybeNotify — calendar", () => {
 
   test("ok → notifier NICHT aufgerufen", async () => {
     const ctx = stubCalendarCtx([{ value: 100, lastSoftWarnedAt: null }]);
-    const notify = vi.fn();
+    const notify = mock();
     const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(result.state).toBe("ok");
     expect(notify).not.toHaveBeenCalled();
@@ -292,19 +294,21 @@ describe("enforceCapAndMaybeNotify — calendar", () => {
 
   test("soft-hit, crossed=true → notifier mit info-payload + ctx.write markSoftWarned", async () => {
     const ctx = stubCalendarCtx([{ value: 1100, lastSoftWarnedAt: null }]);
-    const write = vi.fn(async () => ({ isSuccess: true, data: {} }));
+    const write = mock(async () => ({ isSuccess: true, data: {} }));
     (ctx as unknown as { write: typeof write }).write = write;
-    const notify = vi.fn();
+    const notify = mock();
 
     const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(result.state).toBe("soft-hit");
-    expect(notify).toHaveBeenCalledExactlyOnceWith({
+    expect(notify).toHaveBeenCalledTimes(1);
+    expect(notify).toHaveBeenCalledWith({
       capName: "mails-per-month",
       value: 1100,
       limit: 1000,
       tenantId: "tenant-test",
     });
-    expect(write).toHaveBeenCalledExactlyOnceWith("cap-counter:write:mark-soft-warned", {
+    expect(write).toHaveBeenCalledTimes(1);
+    expect(write).toHaveBeenCalledWith("cap-counter:write:mark-soft-warned", {
       capName: "mails-per-month",
       periodStartIso: PERIOD,
     });
@@ -312,7 +316,7 @@ describe("enforceCapAndMaybeNotify — calendar", () => {
 
   test("soft-hit, crossed=false (already warned) → notifier NICHT erneut aufgerufen", async () => {
     const ctx = stubCalendarCtx([{ value: 1150, lastSoftWarnedAt: "2026-05-15T12:00:00Z" }]);
-    const notify = vi.fn();
+    const notify = mock();
     const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(result.state).toBe("soft-hit");
     expect(notify).not.toHaveBeenCalled();
@@ -320,7 +324,7 @@ describe("enforceCapAndMaybeNotify — calendar", () => {
 
   test("hard-hit → throws CapExceededError BEVOR notifier feuert", async () => {
     const ctx = stubCalendarCtx([{ value: 1500, lastSoftWarnedAt: null }]);
-    const notify = vi.fn();
+    const notify = mock();
     await expect(enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify })).rejects.toThrow(
       CapExceededError,
     );
@@ -342,7 +346,7 @@ describe("enforceRollingCapAndMaybeNotify — rolling", () => {
 
   test("ok → notifier NICHT aufgerufen", async () => {
     const ctx = stubRollingCtx([{ amount: 100 }]);
-    const notify = vi.fn();
+    const notify = mock();
     const result = await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(result.state).toBe("ok");
     expect(notify).not.toHaveBeenCalled();
@@ -350,10 +354,11 @@ describe("enforceRollingCapAndMaybeNotify — rolling", () => {
 
   test("soft-hit → notifier feuert (ohne dedup, Caller-Verantwortung)", async () => {
     const ctx = stubRollingCtx([{ amount: 6000 }, { amount: 5000 }]);
-    const notify = vi.fn();
+    const notify = mock();
     const result = await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(result.state).toBe("soft-hit");
-    expect(notify).toHaveBeenCalledExactlyOnceWith({
+    expect(notify).toHaveBeenCalledTimes(1);
+    expect(notify).toHaveBeenCalledWith({
       capName: "ai-tokens-7d",
       value: 11000,
       limit: 10000,
@@ -367,7 +372,7 @@ describe("enforceRollingCapAndMaybeNotify — rolling", () => {
     // ein Refactor heimlich Dedup einbaut ohne projection-row, fällt
     // das hier auf.
     const ctx = stubRollingCtx([{ amount: 11000 }]);
-    const notify = vi.fn();
+    const notify = mock();
     await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
     expect(notify).toHaveBeenCalledTimes(2);

package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts

@@ -8,6 +8,7 @@
 //   5. Failed handler: counter NICHT inkrementiert (cap-quota nicht
 //      verbrannt für gescheiterte writes)
 
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
 import { defineFeature, type WriteHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
 import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
@@ -18,7 +19,6 @@ import {
   testTenantId,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { z } from "zod";
 import { CapCounterQueries } from "../constants";
 import type { SoftHitNotifier } from "../enforce-cap";

package/src/cap-counter/enforce-cap.ts

@@ -1,6 +1,6 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { createEntityExecutor, type HandlerContext } from "@cosmicdrift/kumiko-framework/engine";
 import { eventsTable } from "@cosmicdrift/kumiko-framework/event-store";
-import { and, eq, gte } from "drizzle-orm";
 import { rollingCapAggregateId } from "./aggregate-id";
 import {
   CAP_COUNTER_ROLLING_AGGREGATE_TYPE,
@@ -109,13 +109,12 @@ export async function enforceCap(
   const softThreshold = options.limit * tolerance.soft;
   const hardThreshold = options.limit * tolerance.hard;
 
-  const rows = await ctx.db
-    .select()
-    .from(table)
-    .where(
-      and(eq(table["capName"], options.capName), eq(table["periodStart"], options.periodStartIso)),
-    )
-    .limit(1);
+  const rows = await selectMany(
+    ctx.db,
+    table,
+    { capName: options.capName, periodStart: options.periodStartIso },
+    { limit: 1 },
+  );
 
   const row = rows[0];
   const value = row ? (row["value"] as number) : 0; // @cast-boundary db-row
@@ -189,18 +188,13 @@ export async function enforceRollingCap(
   // covers the prefix; the additional aggregate_id eq narrows to the
   // single rolling-stream. Postgres can use the index even with the
   // aggregate_id filter applied as a residual.
-  const rows = await ctx.db
-    .select({ payload: eventsTable.payload })
-    .from(eventsTable)
-    .where(
-      and(
-        eq(eventsTable.tenantId, ctx.user.tenantId),
-        eq(eventsTable.aggregateType, CAP_COUNTER_ROLLING_AGGREGATE_TYPE),
-        eq(eventsTable.aggregateId, aggregateId),
-        eq(eventsTable.type, ROLLING_INCREMENTED_EVENT_QN),
-        gte(eventsTable.createdAt, cutoff),
-      ),
-    );
+  const rows = await selectMany<{ payload: { amount?: number } }>(ctx.db, eventsTable, {
+    tenantId: ctx.user.tenantId,
+    aggregateType: CAP_COUNTER_ROLLING_AGGREGATE_TYPE,
+    aggregateId,
+    type: ROLLING_INCREMENTED_EVENT_QN,
+    createdAt: { gte: cutoff },
+  });
 
   let value = 0;
   for (const row of rows) {

package/src/cap-counter/handlers/get-counter.query.ts

@@ -1,5 +1,5 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { createEntityExecutor, type QueryHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
-import { and, eq } from "drizzle-orm";
 import { z } from "zod";
 import { capCounterEntity } from "../entity";
 
@@ -25,18 +25,12 @@ export const getCounterQuery: QueryHandlerDef = {
     const { capName, periodStartIso } = query.payload as z.infer<typeof getCounterSchema>; // @cast-boundary engine-payload
 
     // ctx.db is tenant-scoped; filter by capName + periodStart explicitly.
-    const rows = await ctx.db
-      .select()
-      .from(table)
-      .where(
-        and(
-          eq(table["capName"], capName),
-          // periodStart is stored as Temporal.Instant; compare against
-          // the iso string directly (timestamptz-column round-trips).
-          eq(table["periodStart"], periodStartIso),
-        ),
-      )
-      .limit(1);
+    const rows = await selectMany(
+      ctx.db,
+      table,
+      { capName, periodStart: periodStartIso },
+      { limit: 1 },
+    );
 
     return rows[0] ?? null;
   },

package/src/cap-counter/handlers/increment.write.ts

@@ -1,5 +1,5 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { createEntityExecutor, type WriteHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
-import { eq } from "drizzle-orm";
 import { Temporal } from "temporal-polyfill";
 import { z } from "zod";
 import { capCounterAggregateId } from "../aggregate-id";
@@ -55,7 +55,7 @@ export const incrementCapHandler: WriteHandlerDef = {
 
     // Read existing aggregate's projection-row to decide create vs update.
     // ctx.db is auto-tenant-scoped — id-lookup is unique per tenant.
-    const existing = await ctx.db.select().from(table).where(eq(table["id"], aggregateId)).limit(1);
+    const existing = await selectMany(ctx.db, table, { id: aggregateId }, { limit: 1 });
 
     if (existing.length === 0) {
       return executor.create(

package/src/cap-counter/handlers/mark-soft-warned.write.ts

@@ -1,5 +1,5 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { createEntityExecutor, type WriteHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
-import { eq } from "drizzle-orm";
 import { Temporal } from "temporal-polyfill";
 import { z } from "zod";
 import { capCounterAggregateId } from "../aggregate-id";
@@ -32,7 +32,7 @@ export const markSoftWarnedHandler: WriteHandlerDef = {
       payload.periodStartIso,
     );
 
-    const existing = await ctx.db.select().from(table).where(eq(table["id"], aggregateId)).limit(1);
+    const existing = await selectMany(ctx.db, table, { id: aggregateId }, { limit: 1 });
     if (existing.length === 0) {
       throw new Error(
         `cap-counter: cannot mark-soft-warned, no counter found for tenant=${event.user.tenantId} cap=${payload.capName} period=${payload.periodStartIso}`,

package/src/channel-in-app/handlers/inbox.query.ts

@@ -1,5 +1,5 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { and, desc, eq } from "drizzle-orm";
 import { z } from "zod";
 import { inAppMessagesTable } from "../tables";
 
@@ -11,18 +11,12 @@ export const inboxQuery = defineQueryHandler({
   }),
   access: { openToAll: true },
   handler: async (query, ctx) => {
-    const conditions = [eq(inAppMessagesTable.userId, query.user.id)];
-    if (query.payload.unreadOnly) {
-      conditions.push(eq(inAppMessagesTable.isRead, false));
-    }
-
-    const rows = await ctx.db
-      .select()
-      .from(inAppMessagesTable)
-      .where(and(...conditions))
-      .orderBy(desc(inAppMessagesTable.createdAt))
-      .limit(query.payload.limit);
-
+    const where: Record<string, unknown> = { userId: query.user.id };
+    if (query.payload.unreadOnly) where["isRead"] = false;
+    const rows = await selectMany(ctx.db, inAppMessagesTable, where, {
+      limit: query.payload.limit,
+      orderBy: { col: "createdAt", direction: "desc" },
+    });
     return { rows };
   },
 });

package/src/channel-in-app/handlers/mark-all-read.write.ts

@@ -1,5 +1,5 @@
+import { updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { and, eq } from "drizzle-orm";
 import { z } from "zod";
 import { inAppMessagesTable } from "../tables";
 
@@ -8,14 +8,12 @@ export const markAllReadWrite = defineWriteHandler({
   schema: z.object({}),
   access: { openToAll: true },
   handler: async (event, ctx) => {
-    const rows = await ctx.db
-      .update(inAppMessagesTable)
-      .set({ isRead: true, readAt: Temporal.Now.instant() })
-      .where(
-        and(eq(inAppMessagesTable.userId, event.user.id), eq(inAppMessagesTable.isRead, false)),
-      )
-      .returning();
-
+    const rows = await updateMany(
+      ctx.db,
+      inAppMessagesTable,
+      { isRead: true, readAt: Temporal.Now.instant() },
+      { userId: event.user.id, isRead: false },
+    );
     return { isSuccess: true, data: { marked: rows.length } };
   },
 });

package/src/channel-in-app/handlers/mark-read.write.ts

@@ -1,6 +1,6 @@
+import { updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
 import { NotFoundError, writeFailure } from "@cosmicdrift/kumiko-framework/errors";
-import { and, eq } from "drizzle-orm";
 import { z } from "zod";
 import { inAppMessagesTable } from "../tables";
 
@@ -12,21 +12,15 @@ export const markReadWrite = defineWriteHandler({
   }),
   access: { openToAll: true },
   handler: async (event, ctx) => {
-    const rows = await ctx.db
-      .update(inAppMessagesTable)
-      .set({ isRead: true, readAt: Temporal.Now.instant() })
-      .where(
-        and(
-          eq(inAppMessagesTable.id, event.payload.id),
-          eq(inAppMessagesTable.userId, event.user.id),
-        ),
-      )
-      .returning();
-
+    const rows = await updateMany(
+      ctx.db,
+      inAppMessagesTable,
+      { isRead: true, readAt: Temporal.Now.instant() },
+      { id: event.payload.id, userId: event.user.id },
+    );
     if (rows.length === 0) {
       return writeFailure(new NotFoundError("inAppMessage", event.payload.id));
     }
-
-    return { isSuccess: true, data: { id: rows[0]?.["id"] } };
+    return { isSuccess: true, data: { id: (rows[0] as { id: number } | undefined)?.id } };
   },
 });

package/src/channel-in-app/handlers/unread-count.query.ts

@@ -1,5 +1,5 @@
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import { defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { and, count, eq } from "drizzle-orm";
 import { z } from "zod";
 import { inAppMessagesTable } from "../tables";
 
@@ -8,13 +8,14 @@ export const unreadCountQuery = defineQueryHandler({
   schema: z.object({}),
   access: { openToAll: true },
   handler: async (query, ctx) => {
-    const rows = await ctx.db
-      .select({ value: count() })
-      .from(inAppMessagesTable)
-      .where(
-        and(eq(inAppMessagesTable.userId, query.user.id), eq(inAppMessagesTable.isRead, false)),
-      );
-
-    return { count: rows[0]?.["value"] ?? 0 };
+    // bun-db hat keinen aggregate-helper — selectMany alle matching rows,
+    // count() in JS. Pragma: unread-counts sind low-cardinality (user-
+    // scoped, max ~hunderte rows). Wenn das wachsen sollte: raw .unsafe()
+    // mit COUNT(*).
+    const rows = await selectMany(ctx.db, inAppMessagesTable, {
+      userId: query.user.id,
+      isRead: false,
+    });
+    return { count: rows.length };
   },
 });

package/src/channel-in-app/in-app-channel.ts

@@ -1,3 +1,4 @@
+import { insertOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import { tenantChannel } from "@cosmicdrift/kumiko-framework/engine";
 import type { DeliveryChannel } from "../delivery";
 import { inAppMessagesTable } from "./tables";
@@ -14,23 +15,20 @@ export const inAppChannel: DeliveryChannel = {
     // address is the user-id string after the ES migration — keep it as-is.
     const userId = address;
 
-    const rows = await ctx.db
-      .insert(inAppMessagesTable)
-      .values({
-        tenantId: ctx.tenantId,
-        userId,
-        notificationType: message.notificationType,
-        title: message.title,
-        body: message.body ?? null,
-        data: message.data ? JSON.stringify(message.data) : null,
-      })
-      .returning();
+    const row = await insertOne<{ id: string }>(ctx.db, inAppMessagesTable, {
+      tenantId: ctx.tenantId,
+      userId,
+      notificationType: message.notificationType,
+      title: message.title,
+      body: message.body ?? null,
+      data: message.data ? JSON.stringify(message.data) : null,
+    });
 
     if (ctx.sseBroker) {
       ctx.sseBroker.pushToChannel(tenantChannel(ctx.tenantId), {
         type: "channel-in-app:event:delivered",
         data: {
-          id: rows[0]?.["id"],
+          id: row?.id,
           userId,
           notificationType: message.notificationType,
           title: message.title,

package/src/channel-in-app/tables.ts

@@ -3,10 +3,10 @@ import {
   instant,
   table as pgTable,
   serial,
+  sql,
   text,
   uuid,
 } from "@cosmicdrift/kumiko-framework/db";
-import { sql } from "drizzle-orm";
 
 export const inAppMessagesTable = pgTable("in_app_messages", {
   id: serial("id").primaryKey(),

package/src/compliance-profiles/__tests__/compliance-profiles.integration.ts

@@ -1,3 +1,4 @@
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
 import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
 import {
@@ -7,7 +8,6 @@ import {
   testTenantId,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature, tenantComplianceProfileEntity } from "../feature";
 
 const SET_PROFILE = "compliance-profiles:write:set-profile";

package/src/compliance-profiles/__tests__/seeding.integration.ts

@@ -8,6 +8,7 @@
 //   3. Override wird als JSON-String persistiert + via for-tenant
 //      korrekt zurueckgelesen
 
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
 import {
   createTestUser,
@@ -16,7 +17,6 @@ import {
   testTenantId,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature, tenantComplianceProfileEntity } from "../feature";
 import { seedComplianceProfile } from "../seeding";
 

package/src/compliance-profiles/_internal/parse-override.ts

@@ -0,0 +1,19 @@
+import type { ComplianceProfileOverride } from "@cosmicdrift/kumiko-framework/compliance";
+import { parseJsonSafe } from "@cosmicdrift/kumiko-framework/utils";
+
+export function parseComplianceProfileOverride(
+  raw: string | null,
+  tenantId: string,
+  callerLabel: string,
+): ComplianceProfileOverride | undefined {
+  if (!raw || raw.trim() === "") return undefined;
+  const parsed = parseJsonSafe<ComplianceProfileOverride | null>(raw, null);
+  if (parsed === null) {
+    // biome-ignore lint/suspicious/noConsole: operator visibility for DB-corruption edge-case
+    console.warn(
+      `[${callerLabel}] tenant ${tenantId}: stored override is not valid JSON, ignoring.`,
+    );
+    return undefined;
+  }
+  return parsed;
+}