@cosmicdrift/kumiko-bundled-features 0.22.0 → 0.23.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.22.0",
+  "version": "0.23.1",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",

package/src/auth-email-password/__tests__/invite-flow.integration.test.ts

@@ -138,12 +138,12 @@ beforeEach(async () => {
   });
 
   // Alice = Admin von Tenant-A
-  aliceId = await seedUser(stack.db, {
+  ({ id: aliceId } = await seedUser(stack.db, {
     email: ALICE_EMAIL,
     displayName: "Alice",
     passwordHash: await hashPassword("alice-pw-1234"),
     emailVerified: true,
-  });
+  }));
   await seedTenantMembership(stack.db, {
     userId: aliceId,
     tenantId: TENANT_A_ID,
@@ -151,12 +151,12 @@ beforeEach(async () => {
   });
 
   // Bob = Member von Tenant-B (für Branch 1 + 2 tests)
-  bobId = await seedUser(stack.db, {
+  ({ id: bobId } = await seedUser(stack.db, {
     email: BOB_EMAIL,
     displayName: "Bob",
     passwordHash: await hashPassword(BOB_PASSWORD),
     emailVerified: true,
-  });
+  }));
   await seedTenantMembership(stack.db, {
     userId: bobId,
     tenantId: TENANT_B_ID,

package/src/auth-email-password/__tests__/seed-admin.integration.test.ts

@@ -61,7 +61,7 @@ beforeEach(async () => {
 
 describe("seedAdmin", () => {
   test("legt Tenants, User mit gehashtem Password und Memberships an — Login-Roundtrip funktioniert", async () => {
-    const userId = await seedAdmin(stack.db, {
+    const { id: userId } = await seedAdmin(stack.db, {
       email: "admin@example.com",
       password: "secret-pw",
       displayName: "Admin",
@@ -113,7 +113,7 @@ describe("seedAdmin", () => {
 
   test("idempotent: zweiter Aufruf no-op (kein Crash, Stand bleibt)", async () => {
     // Erstaufruf
-    const userId1 = await seedAdmin(stack.db, {
+    const { id: userId1 } = await seedAdmin(stack.db, {
       email: "admin@example.com",
       password: "pw1",
       displayName: "Admin",
@@ -124,7 +124,7 @@ describe("seedAdmin", () => {
     // Zweiter Aufruf — gleicher Email, anderes Password (würde theoretisch
     // einen neuen Hash erzeugen und neu schreiben, der idempotent-Check
     // greift VOR dem Insert).
-    const userId2 = await seedAdmin(stack.db, {
+    const { id: userId2 } = await seedAdmin(stack.db, {
       email: "admin@example.com",
       password: "pw2",
       displayName: "Admin",

package/src/auth-email-password/handlers/invite-signup-complete.write.ts

@@ -138,7 +138,7 @@ export function createInviteSignupCompleteHandler() {
         // @cast-boundary db-runner — TenantDb.raw is DbRunner; seed-helpers
         // operate on plain drizzle-API which both shapes expose identically.
         const dbConn = ctx.db.raw as DbConnection;
-        const userId = await seedUserWithPassword(dbConn, {
+        const { id: userId } = await seedUserWithPassword(dbConn, {
           email: invitationEmail,
           password: event.payload.password,
           displayName: invitationEmail.split("@")[0] ?? invitationEmail,

package/src/auth-email-password/seeding.ts

@@ -46,12 +46,12 @@ export type SeedUserWithPasswordOptions = {
 
 /**
  * Seed a user mit Plain-Password (wird vor dem Insert mit argon2
- * gehasht). Liefert userId, idempotent über email.
+ * gehasht). Liefert die userId, idempotent über email.
  */
 export async function seedUserWithPassword(
   db: DbConnection,
   options: SeedUserWithPasswordOptions,
-): Promise<string> {
+): Promise<{ id: string }> {
   const passwordHash = await hashPassword(options.password);
   return seedUser(db, {
     email: options.email,
@@ -114,7 +114,7 @@ export async function provisionSignupAccount(
     key: options.tenantKey,
     name: options.tenantName,
   });
-  const userId = await seedUserWithPassword(db, {
+  const { id: userId } = await seedUserWithPassword(db, {
     email: options.email,
     password: options.password,
     displayName: options.displayName,
@@ -155,14 +155,17 @@ export type SeedAdminOptions = {
  * Password + N Tenants + N Memberships. Alles idempotent (Re-Run im
  * persistent-DB-Modus läuft durch). Liefert die userId zurück.
  */
-export async function seedAdmin(db: DbConnection, options: SeedAdminOptions): Promise<string> {
+export async function seedAdmin(
+  db: DbConnection,
+  options: SeedAdminOptions,
+): Promise<{ id: string }> {
   const by = options.by ?? TestUsers.systemAdmin;
 
   for (const m of options.memberships) {
     await seedTenant(db, { id: m.tenantId, key: m.tenantKey, name: m.tenantName, by });
   }
 
-  const userId = await seedUserWithPassword(db, {
+  const { id: userId } = await seedUserWithPassword(db, {
     email: options.email,
     password: options.password,
     displayName: options.displayName,
@@ -179,5 +182,5 @@ export async function seedAdmin(db: DbConnection, options: SeedAdminOptions): Pr
     });
   }
 
-  return userId;
+  return { id: userId };
 }

package/src/compliance-profiles/seeding.ts

@@ -45,7 +45,7 @@ export type SeedComplianceProfileOptions = {
 export async function seedComplianceProfile(
   db: DbConnection,
   opts: SeedComplianceProfileOptions,
-): Promise<{ id: string | number }> {
+): Promise<{ id: string }> {
   // user.tenantId muss === opts.tenantId sein damit Event-Store-Stream
   // + Projection im selben Tenant-Bucket landen (Memory:
   // feedback_event_store_tenant_consistency).
@@ -73,6 +73,9 @@ export async function seedComplianceProfile(
       if (!result.isSuccess) {
         throw new Error(`seedComplianceProfile create failed: ${JSON.stringify(result)}`);
       }
+      // @cast-boundary db-row: executor.create result.data ist die
+      // inserted Projection-Row (Record<string, unknown>); id ist nach
+      // INSERT garantiert (Runtime-Check direkt darunter).
       const data = result.data as { id?: string };
       if (data.id === undefined) {
         throw new Error("seedComplianceProfile: executor.create did not return an id");

package/src/tenant/__tests__/seed-testing.integration.test.ts

@@ -62,7 +62,7 @@ beforeEach(async () => {
 
 describe("seedTenant", () => {
   test("schreibt Projection-Row mit id/key/name", async () => {
-    const id = await seedTenant(stack.db, {
+    const { id } = await seedTenant(stack.db, {
       id: TENANT_A,
       key: "tenant-a",
       name: "Tenant A",

package/src/tenant/seeding.ts

@@ -24,8 +24,9 @@
 // IS a test fixture, not a user request) while still producing the
 // correct event + projection.
 //
-// Idempotent: calling twice for the same (userId, tenantId) is a no-op on
-// the second call (ifExists="skip", siehe @cosmicdrift/kumiko-framework/seeding).
+// Idempotent (add-only): calling twice for the same (userId, tenantId) is
+// a no-op on the second call. Memberships have no update-semantic — to
+// change roles, write a new event via the regular handler path.
 
 import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import {
@@ -73,12 +74,15 @@ export type SeedTenantOptions = {
 };
 
 /**
- * Seed a tenant through the event-store executor. Idempotent (ifExists="skip"):
- * a second call for the same `id` is a no-op. Same TX-semantics as the real
- * `TenantHandlers.create`, minus the SystemAdmin-access-check and minus
- * ConflictError-on-duplicate.
+ * Seed a tenant through the event-store executor. Idempotent add-only:
+ * a second call for the same `id` is a no-op (no update path). Same
+ * TX-semantics as the real `TenantHandlers.create`, minus the SystemAdmin-
+ * access-check and minus ConflictError-on-duplicate.
  */
-export async function seedTenant(db: DbRunner, options: SeedTenantOptions): Promise<TenantId> {
+export async function seedTenant(
+  db: DbRunner,
+  options: SeedTenantOptions,
+): Promise<{ id: TenantId }> {
   const by = options.by ?? TestUsers.systemAdmin;
   // executor.create erwartet eine TenantDb (mit .insert()-API), nicht
   // die rohe DbConnection. Auch wenn das Tenant-Aggregat selbst NICHT
@@ -88,14 +92,14 @@ export async function seedTenant(db: DbRunner, options: SeedTenantOptions): Prom
   const tdb = createTenantDb(db, by.tenantId, "system");
 
   const existing = await fetchOne(db, tenantTable, { id: options.id });
-  if (existing) return options.id;
+  if (existing) return { id: options.id };
 
   // Idempotenz: Aggregate kann im Event-Store existieren ohne Projection-Row
   // (Projection-Drift nach rebuild, manuellem DELETE, oder async-lag). Wenn
   // Stream-Version > 0 → kein create() — wäre version_conflict. Caller
   // bekommt die ID, Projection wird beim nächsten Dispatcher-Cycle aufgebaut.
   const streamVersion = await getAggregateStreamMaxVersion(db, options.id);
-  if (streamVersion > 0) return options.id;
+  if (streamVersion > 0) return { id: options.id };
 
   const result = await tenantExecutor.create(
     { id: options.id, key: options.key, name: options.name },
@@ -107,7 +111,7 @@ export async function seedTenant(db: DbRunner, options: SeedTenantOptions): Prom
       `seedTenant failed: ${result.error.code} — ${JSON.stringify(result.error.details ?? {})}`,
     );
   }
-  return options.id;
+  return { id: options.id };
 }
 
 /**
@@ -116,11 +120,13 @@ export async function seedTenant(db: DbRunner, options: SeedTenantOptions): Prom
  * projection row in one transaction — identical effect to
  * `TenantHandlers.addMember`, minus the access-check and minus the
  * ConflictError on duplicates (duplicate calls no-op).
+ *
+ * Returns the membership-row id (existing on no-op, freshly minted on create).
  */
 export async function seedTenantMembership(
   db: DbRunner,
   options: SeedTenantMembershipOptions,
-): Promise<void> {
+): Promise<{ id: string }> {
   const by = options.by ?? TestUsers.systemAdmin;
   // Wrap into a system-scoped TenantDb so the insert respects the tenant-
   // override (we write into options.tenantId, which may differ from by.tenantId).
@@ -134,10 +140,11 @@ export async function seedTenantMembership(
     userId: options.userId,
     tenantId: options.tenantId,
   });
-  // skip: idempotent no-op — duplicate seed is expected across beforeEach-
-  // resets that don't truncate this table. Cheaper than try/catch on the
-  // unique-index, and documented in the function JSDoc above.
-  if (existing) return;
+  if (existing) {
+    // @cast-boundary db-row: membership-row id is uuid (string) per
+    // entity definition; fetchOne returns the raw projection row.
+    return { id: existing["id"] as string };
+  }
 
   const result = await executor.create(
     {
@@ -153,4 +160,17 @@ export async function seedTenantMembership(
       `seedTenantMembership failed: ${result.error.code} — ${JSON.stringify(result.error.details ?? {})}`,
     );
   }
+  return { id: extractMembershipId(result.data) };
+}
+
+function extractMembershipId(data: unknown): string {
+  if (typeof data === "object" && data !== null && "id" in data) {
+    // @cast-boundary engine-bridge: executor.create returns the projection
+    // row as Record<string, unknown>; id is uuid per entity definition.
+    const id = (data as { id: unknown }).id;
+    if (typeof id === "string") return id;
+  }
+  throw new Error(
+    `seedTenantMembership: executor.create returned no string id (got ${JSON.stringify(data)})`,
+  );
 }

package/src/text-content/seeding.ts

@@ -36,7 +36,7 @@ export type SeedTextBlockOptions = {
 export async function seedTextBlock(
   db: DbConnection,
   opts: SeedTextBlockOptions,
-): Promise<{ id: string | number }> {
+): Promise<{ id: string }> {
   // Default-user muss user.tenantId === opts.tenantId haben, sonst
   // landet der event-store-stream im user.tenantId-bucket aber die
   // projection-row im opts.tenantId-bucket. Spätere echte writes via
@@ -75,6 +75,9 @@ export async function seedTextBlock(
       if (!result.isSuccess) {
         throw new Error(`seedTextBlock create failed: ${JSON.stringify(result)}`);
       }
+      // @cast-boundary db-row: executor.create result.data ist die
+      // inserted Drizzle-Row (Record<string, unknown>), projected
+      // nach INSERT/RETURNING auf TextBlockRow. Runtime-Check unten.
       const data = result.data as Partial<TextBlockRow>;
       if (data.id === undefined) {
         throw new Error("seedTextBlock: executor.create did not return an id");

package/src/text-content/table.ts

@@ -38,7 +38,7 @@ export const textBlocksTable = buildEntityTable("text-block", textBlockEntity);
 // createdAt, updatedAt, createdBy, updatedBy) die buildBaseColumns
 // erzwingt.
 export type TextBlockRow = {
-  readonly id: string | number;
+  readonly id: string;
   readonly version: number;
   readonly tenantId: string;
   readonly slug: string;

package/src/user/__tests__/seed-testing.integration.test.ts

@@ -47,7 +47,7 @@ beforeEach(async () => {
 
 describe("seedUser", () => {
   test("schreibt Projection-Row mit email/displayName/passwordHash", async () => {
-    const userId = await seedUser(stack.db, {
+    const { id: userId } = await seedUser(stack.db, {
       email: "alice@example.com",
       displayName: "Alice",
       passwordHash: "$argon2id$test-hash",
@@ -62,7 +62,7 @@ describe("seedUser", () => {
   });
 
   test("emittiert user.created-Event auf den Aggregate-Stream", async () => {
-    const userId = await seedUser(stack.db, {
+    const { id: userId } = await seedUser(stack.db, {
       email: "bob@example.com",
       displayName: "Bob",
     });
@@ -84,7 +84,7 @@ describe("seedUser", () => {
       email: "carol@example.com",
       displayName: "Carol Updated",
     });
-    expect(second).toBe(first);
+    expect(second.id).toBe(first.id);
 
     const rows = await selectMany(stack.db, userTable, { email: "carol@example.com" });
     expect(rows).toHaveLength(1);
@@ -96,7 +96,7 @@ describe("seedUser", () => {
   });
 
   test("passwordHash optional — User ohne Hash anlegbar (z.B. SSO-Federation)", async () => {
-    const userId = await seedUser(stack.db, {
+    const { id: userId } = await seedUser(stack.db, {
       email: "dave@example.com",
       displayName: "Dave",
     });
@@ -105,7 +105,7 @@ describe("seedUser", () => {
   });
 
   test("default `by` ist TestUsers.systemAdmin (für audit-trail)", async () => {
-    const userId = await seedUser(stack.db, {
+    const { id: userId } = await seedUser(stack.db, {
       email: "eve@example.com",
       displayName: "Eve",
     });

package/src/user/seeding.ts

@@ -1,9 +1,9 @@
 // Testing-Helper fürs user-Feature. `seedUser` legt einen User direkt
 // über den Event-Store-Executor an — gleicher Pfad wie der echte
 // `UserHandlers.create`, aber ohne Access-Check und ohne ConflictError
-// bei Duplikaten. Verhält sich wie ifExists="skip" (siehe
-// @cosmicdrift/kumiko-framework/seeding): existierende Email → return
-// ohne Event.
+// bei Duplikaten. Idempotent add-only über die `email`-Spalte: ein
+// existierender User → return ohne Event. Kein update-Pfad — Profilfelder
+// ändern läuft über den regulären Handler.
 //
 // Warum nicht direkt `db.insert(userTable)`: das würde den Event-Store
 // umgehen, also kein `user.created`-Event und keine MSP-Konsumenten
@@ -46,10 +46,13 @@ export type SeedUserOptions = {
 
 /**
  * Seed a user. Returns the userId (existing oder neu angelegt).
- * Idempotent über die `email`-Spalte: wenn ein User mit dieser Email
- * existiert, kommt seine ID zurück ohne neuen Insert.
+ * Idempotent add-only über die `email`-Spalte: wenn ein User mit dieser
+ * Email existiert, kommt seine ID zurück ohne neuen Insert.
  */
-export async function seedUser(db: DbConnection, options: SeedUserOptions): Promise<string> {
+export async function seedUser(
+  db: DbConnection,
+  options: SeedUserOptions,
+): Promise<{ id: string }> {
   const by = options.by ?? TestUsers.systemAdmin;
   // executor.create erwartet eine TenantDb (mit .insert()-API). User
   // ist zwar tenant-agnostic (kein tenant_id-Spalte), aber das runtime-
@@ -57,7 +60,9 @@ export async function seedUser(db: DbConnection, options: SeedUserOptions): Prom
   const tdb = createTenantDb(db, by.tenantId, "system");
 
   const existing = await fetchOne(db, userTable, { email: options.email });
-  if (existing) return existing["id"] as string; // @cast-boundary db-row
+  // @cast-boundary db-row: users.id ist uuid-Spalte (string), fetchOne
+  // liefert die Projection-Row als Record<string, unknown>.
+  if (existing) return { id: existing["id"] as string };
 
   const result = await userExecutor.create(
     {
@@ -76,7 +81,7 @@ export async function seedUser(db: DbConnection, options: SeedUserOptions): Prom
       `seedUser failed: ${result.error.code} — ${JSON.stringify(result.error.details ?? {})}`,
     );
   }
-  return extractId(result.data, "seedUser");
+  return { id: extractId(result.data, "seedUser") };
 }
 
 // Extrahiert die `id`-Spalte aus dem executor.create-Result. Der