npm - @cosmicdrift/kumiko-dev-server - Versions diffs - 0.14.0 → 0.16.0 - Mend

@cosmicdrift/kumiko-dev-server 0.14.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/package.json +8 -12
package/src/__tests__/build-prod-bundle.integration.ts +1 -1
package/src/__tests__/build-prod-bundle.test.ts +1 -1
package/src/__tests__/cache-headers.test.ts +1 -1
package/src/__tests__/classify-change.test.ts +1 -1
package/src/__tests__/compose-features-wiring.integration.ts +10 -9
package/src/__tests__/compose-features.test.ts +1 -1
package/src/__tests__/config-seed-boot.integration.ts +5 -4
package/src/__tests__/crash-tracker.test.ts +1 -1
package/src/__tests__/create-kumiko-server.integration.ts +5 -5
package/src/__tests__/discover-format.test.ts +32 -0
package/src/__tests__/env-schema.integration.ts +1 -1
package/src/__tests__/env-schema.test.ts +1 -1
package/src/__tests__/few-shot-corpus.test.ts +1 -1
package/src/__tests__/inject-schema.test.ts +1 -1
package/src/__tests__/resolve-stylesheet.test.ts +11 -7
package/src/__tests__/resolve-tailwind-cli.test.ts +1 -1
package/src/__tests__/run-prod-app-spec.test.ts +1 -1
package/src/__tests__/run-prod-app.integration.ts +6 -6
package/src/__tests__/scaffold-app-feature.test.ts +1 -1
package/src/__tests__/scaffold-app.test.ts +1 -1
package/src/__tests__/scaffold-deploy.test.ts +1 -1
package/src/__tests__/scaffold-feature.test.ts +1 -1
package/src/__tests__/try-hono-first.test.ts +1 -1
package/src/__tests__/walkthrough.integration.ts +1 -1
package/src/codegen/__tests__/render-codegen.test.ts +50 -0
package/src/codegen/__tests__/run-codegen.test.ts +1 -1
package/src/codegen/__tests__/strict-mode-diagnostics.test.ts +1 -1
package/src/codegen/__tests__/watch.test.ts +1 -1
package/src/codegen/render.ts +7 -2
package/src/codegen/run-codegen.ts +1 -1
package/src/codegen/scan-events.ts +1 -21
package/src/scaffold-app-feature.ts +2 -1
package/src/{drizzle-tables-auth-mode.ts → schema-tables-auth-mode.ts} +1 -1
package/templates/deploy/Dockerfile.template +15 -47
package/CHANGELOG.md +0 -656
package/src/drizzle-config.ts +0 -44
/package/src/{drizzle-tables-minimal.ts → schema-tables-minimal.ts} +0 -0

package/CHANGELOG.md DELETED Viewed

@@ -1,656 +0,0 @@
-# @cosmicdrift/kumiko-dev-server
-## 0.14.0
-### Minor Changes
-- b8e1d48: scaffoldApp baut `src/run-config.ts` + `bin/main.ts` jetzt via ts-morph
-  (AST) statt template-strings. Selbes Tool wie scaffoldAppFeature →
-  ein konsistenter Mechanismus für generate + later modify. Plus:
-  ts-morph als explicit dependency aufgenommen (war bisher nur via
-  hoisted root-dep verfügbar; broken bei publish).
-### Patch Changes
-- ce23d48: `walkthrough.integration.ts` — DX-3.1 walkthrough-snapshot-test. Pins
-  scaffoldApp + scaffoldAppFeature output gegen die Behauptungen in
-  docs.kumiko.so/en/walkthrough/. Catches doc-drift ohne actual
-  `bunx … && yarn install && bun run boot` CI-run.
-  5 Tests: file-list, auto-mount-diff, run-config text-content,
-  composeFeatures(includeBundled:true) = 7 features, bin/main auth.admin
-  stub.
-  - @cosmicdrift/kumiko-framework@0.14.0
-  - @cosmicdrift/kumiko-bundled-features@0.14.0
-## 0.13.0
-### Minor Changes
-- 7bd5c88: `KUMIKO_DRY_RUN_ENV=boot` mode for runProdApp — runs env-validation +
-  composeFeatures + validateBoot + createRegistry without DB/Redis
-  connect, exits with status 0 on success. Used by the
-  `samples/apps/use-all-bundled` smoke-app (Sprint 9.8 Phase C / Empfehlung
-  1 / canonical bug-catcher) and downstream by enterprise's
-  `use-all-features` mirror. Render-modes (human|json|pulumi|k8s|1)
-  behavior unchanged.
-- 575752f: `scaffoldAppFeature` + `kumiko add feature <name>` — DX-2 aus DX-Roadmap.
-  Scaffolded ein neues Feature in `src/features/<name>/` einer bereits via
-  `kumiko new app` scaffolded App + **auto-mountet** es in `src/run-config.ts`
-  via ts-morph (import + `APP_FEATURES`-array-entry, idempotent).
-  User-Promise "defineFeature → nichts woanders eintragen" erfüllt für die
-  run-config-Seite. FEATURE_IMPORT_REGISTRY in drizzle/generate.ts ist
-  DX-4's Refactor — bei DX-1+DX-2-App noch nicht vorhanden.
-  Usage (in einer DX-1-gescaffoldeten App):
-  ```sh
-  bunx kumiko add feature product-catalog
-  # → src/features/product-catalog/{feature.ts,index.ts}
-  # → src/run-config.ts auto-edited: import + APP_FEATURES-entry
-  ```
-- 3d5e9ef: `kumiko-schema-check` CLI — Empfehlung 3 aus Sprint-9.8-Retro
-  (`luminous-watching-moler.md`). Diff't APP_FEATURES (runtime, aus
-  `src/run-config.ts`) gegen FEATURE_IMPORT_REGISTRY (statisch, aus
-  `drizzle/generate.ts`). Fängt Studio's 9.8-Drama: registry 18 features
-  hinter APP_FEATURES → migrations fehlten für mounted features.
-  Usage (im app-workspace):
-  ```sh
-  bunx kumiko-schema-check
-  # or with custom paths:
-  bunx kumiko-schema-check --run-config src/run-config.ts --generate drizzle/generate.ts
-  ```
-  Plus: 5 bundled-features hatten camelCase feature-names statt kebab-case
-  (Memory `feedback_kebab_aggregates`) — aufgedeckt durch den schema-check
-  gegen use-all-bundled. Fix: `channelEmail` → `channel-email`,
-  `channelInApp` → `channel-in-app`, `channelPush` → `channel-push`,
-  `rateLimiting` → `rate-limiting`, `rendererSimple` → `renderer-simple`.
-  Plus `CHANNEL_IN_APP_FEATURE` und `RATE_LIMITING_FEATURE` Konstanten
-  angepasst (waren intern auf camelCase, jetzt kebab-case).
-- 46b84d0: `scaffoldApp` + `kumiko new app <name>` — DX-1.0 aus DX-Roadmap. Generiert
-  ein lauffähiges App-Skelett (package.json, tsconfig, run-config mit
-  secrets+sessions, bin/main.ts mit auth-admin-stub + deterministische
-  tenant-UUID, .env.example, README) in `<cwd>/<name>/`.
-  Boot-Pfad: `KUMIKO_DRY_RUN_ENV=boot bun bin/main.ts` läuft ohne DB/Redis.
-  Held-back für spätere DX-Phasen: drizzle-setup (DX-1.1, blocked-by DX-4
-  auto-registry), Dockerfile (existing `kumiko init-deploy`), first feature
-  scaffold (existing `kumiko create` bzw. DX-2 `kumiko add feature`).
-  Usage:
-  ```sh
-  bunx kumiko new app my-shop
-  cd my-shop && yarn install
-  cp .env.example .env  # JWT_SECRET + KUMIKO_SECRETS_MASTER_KEY_V1 setzen
-  bun run boot          # → boot validation OK
-  ```
-### Patch Changes
-- 2bd60c1: `buildServerBundle` BUILD_ONLY_EXTERNALS erweitert um drizzle-kit's
-  dialect-resolver dynamic-imports: `@planetscale/database`, `@libsql/client`,
-  `better-sqlite3`, `@neondatabase/serverless`, `@vercel/postgres`, `mysql2`.
-  Aufgedeckt durch C1 Empfehlung 4 (bundle-smoke). Bisher schlug
-  `bun build` an dynamic-imports im drizzle-kit auch wenn der App nur
-  postgres nutzt. Externalisieren = build durchläuft + tree-shake wirft
-  die ungenutzten driver-modules eh raus.
-- 8bfb284: Dockerfile.template setzt `YARN_ENABLE_SCRIPTS=false` im Build-Stage. Fixt msgpackr-extract native-build-Failures (ARM, CI) und generell jeden transitiven Native-Dep — der Build-Stage bundlet nur JS via `bun build`, Runtime-Native-Deps werden separat im Runtime-Stage via `bun install --production` installiert. Apps die bisher per-package-Workarounds via `dependenciesMeta.<pkg>.built=false` in der App-package.json brauchten (studio, enterprise) können diese Entries nach Upgrade auf diese dev-server-Version entfernen.
-- cc0ddc0: `Dockerfile.template` emits an inline `start.sh` for createBunServer command-override target.
-  `infra/pulumi/bun-server.ts`'s `createBunServer` overrides the container command with `exec ./start.sh` after injecting DATABASE_URL from the init-container. Apps deployed via createBunServer crashed with `./start.sh: not found` until each one added a per-app `start.sh` in repo root (= studio's PR #22).
-  Now the Dockerfile-template emits the file inline (`RUN printf … > ./start.sh && chmod +x`). Apps no longer need to ship one — the runtime stage generates it. Apps that don't go through createBunServer's command-override still boot via the bottom CMD; start.sh is dead-code in that case.
-- Updated dependencies [7f56b2f]
-- Updated dependencies [68b8118]
-- Updated dependencies [9121928]
-- Updated dependencies [72518fa]
-- Updated dependencies [0a00e7b]
-- Updated dependencies [aca1443]
-- Updated dependencies [c6cb96c]
-- Updated dependencies [3d5e9ef]
-  - @cosmicdrift/kumiko-framework@0.13.0
-  - @cosmicdrift/kumiko-bundled-features@0.13.0
-## 0.12.2
-### Patch Changes
-- Updated dependencies [597de52]
-  - @cosmicdrift/kumiko-framework@0.12.2
-  - @cosmicdrift/kumiko-bundled-features@0.12.2
-## 0.12.1
-### Patch Changes
-- Updated dependencies [f2ad7c4]
-  - @cosmicdrift/kumiko-framework@0.12.1
-  - @cosmicdrift/kumiko-bundled-features@0.12.1
-## 0.12.0
-### Patch Changes
-- Updated dependencies [0c1ebe5]
-  - @cosmicdrift/kumiko-bundled-features@0.12.0
-  - @cosmicdrift/kumiko-framework@0.12.0
-## 0.11.2
-### Patch Changes
-- Updated dependencies [92a84f0]
-  - @cosmicdrift/kumiko-framework@0.11.2
-  - @cosmicdrift/kumiko-bundled-features@0.11.2
-## 0.11.1
-### Patch Changes
-- Updated dependencies [e6f702f]
-  - @cosmicdrift/kumiko-bundled-features@0.11.1
-  - @cosmicdrift/kumiko-framework@0.11.1
-## 0.11.0
-### Patch Changes
-- Updated dependencies [30ea981]
-- Updated dependencies [9347212]
-  - @cosmicdrift/kumiko-framework@0.11.0
-  - @cosmicdrift/kumiko-bundled-features@0.11.0
-## 0.10.0
-### Patch Changes
-- Updated dependencies [d06f029]
-- Updated dependencies [753d392]
-  - @cosmicdrift/kumiko-framework@0.10.0
-  - @cosmicdrift/kumiko-bundled-features@0.10.0
-## 0.9.0
-### Minor Changes
-- 51e22f5: Add deploy-template scaffolding (Sprint 9.6).
-  **New API:**
-  - `scaffoldDeploy({ appName, port?, githubOrg?, destination?, force? })` exported from `@cosmicdrift/kumiko-dev-server`. Generates `deploy/Dockerfile`, `deploy/Dockerfile.dockerignore`, and `deploy/migrate-step.sh` from canonical templates shipped with the package. Substitutes `{{appName}}`, `{{port}}`, `{{githubOrg}}` placeholders.
-  - New CLI command: `kumiko init-deploy --app <name> [--port <n>] [--github-org <org>] [--out <dir>] [--force]`.
-  The templates are extracted from publicstatus's production-tested `deploy/Dockerfile` (node-alpine build stage → bun-alpine runtime, drizzle migrations baked in, healthcheck wired). Refuses to overwrite existing files unless `--force` is passed so a tuned per-app Dockerfile isn't clobbered.
-  **Templates are a starting point, not a contract.** Apps should review and adjust:
-  - **Image tag** is hardcoded `:latest` in `migrate-step.sh.template`. Swap to `:${BUILD_SHA}` for atomic deploys.
-  - **DB defaults** in `migrate-step.sh.template` assume `db user = db name = appName`, host `db`, port `5432`. Adjust to your stack.
-  - **`COPY /app/seeds`** assumes the app uses ES-Operations seed migrations. Comment out if your app has no `seeds/` directory (otherwise `docker build` fails).
-  - **`docker build`-smoke-test:** the templates run untested against a non-publicstatus app-tree. Verify locally before pushing to CI.
-  **Deferred to Sprint 9.7+:** `.github/workflows/build-image.yml.suggested`, `pulumi/secrets-bootstrap.sh`, `pulumi/extraEnv.snippet.ts`.
-  **Plan-Doc drift (for 9.9 update):** Plan-Doc-Tabelle nennt `start.sh` (in-container migrate-then-run); diese Implementation liefert `migrate-step.sh` (host-side deploy-pipeline). Beide Konzepte sind gültig — Plan-Doc-Update sollte das klarstellen.
-- 37fe758: `scaffoldDeploy()` inspects the app source-tree and emits Dockerfile blocks conditionally (Sprint 9.6 follow-up).
-  **Why this exists:** Sprint 9.6's first Dockerfile.template hardcoded `COPY --from=build /app/seeds ./seeds` with a "comment out if you don't use it" note in the changeset. Apps without a `seeds/` directory (e.g. studio.kumiko.so) crashed in Docker-build with `failed to compute cache key: "/app/seeds": not found`. Root-cause was a framework issue (template too rigid), not a per-app symptom — the framework should detect what the app actually has.
-  **Detection:**
-  - `hasSeeds` — `exists(sourceDir/seeds)`. Drives the ES-Ops `COPY ./seeds` block in the runtime stage.
-  - `hasPrivateGhPackages` — scan `package.json` `dependencies` + `devDependencies` for any `@cosmicdriftgamestudio/*` entry. Drives the `ARG GITHUB_TOKEN` blocks (multi-stage with explicit re-declaration inside the build-stage) and the `ENV GITHUB_TOKEN=${GITHUB_TOKEN}` re-export before `yarn install --immutable`.
-  **Template syntax:** mustache-style block conditionals `{{#flag}}…{{/flag}}` (multi-line via `[\s\S]`, surrounding line stripped on falsy). Plain `{{key}}` placeholder substitution is unchanged.
-  **New API:**
-  - `ScaffoldDeployOptions.sourceDir?: string` — defaults to `destination`. Lets the caller scaffold into one dir while detecting optional surfaces in another (rare).
-  - `ScaffoldDeployResult.detected: { hasSeeds, hasPrivateGhPackages }` — surfaced so the CLI can report what was emitted.
-  **6 new tests:** seeds detection (with + without), GH-Packages detection (private + public-only + malformed package.json).
-  Sprint 9.6's "starting point not contract" disclaimer in the original changeset is now obsolete for these two surfaces — apps no longer need to manually comment out lines.
-### Patch Changes
-- Updated dependencies [51e22f5]
-  - @cosmicdrift/kumiko-framework@0.9.0
-  - @cosmicdrift/kumiko-bundled-features@0.9.0
-## 0.8.1
-### Patch Changes
-- Updated dependencies [4b5f91e]
-  - @cosmicdrift/kumiko-framework@0.8.1
-  - @cosmicdrift/kumiko-bundled-features@0.8.1
-## 0.8.0
-### Minor Changes
-- f34af9a: Add framework-core env-schema (Sprint 9.2, Migration Phase 1).
-  **New API:**
-  - `frameworkCoreEnvSchema` exported from `@cosmicdrift/kumiko-dev-server` — Zod-object covering the vars read by framework-core: `PORT` (default `"3000"`), `DATABASE_URL`, `REDIS_URL`, `KUMIKO_INSTANCE_ID`, `KUMIKO_SKIP_ES_OPS`. `DATABASE_URL` + `REDIS_URL` carry `.meta({ kumiko: { pulumi: { secret: true } } })` so `KUMIKO_DRY_RUN_ENV=pulumi` emits `--secret` flags. Plus `FrameworkCoreEnv` type via `z.infer`. `NODE_ENV` is excluded: build-prod-bundle inlines it as a literal at build-time (esbuild define), so runtime env-validation can't observe it.
-  - `composeEnvSchema({ core, features, extend, optionalFeatures })` accepts a new `core?` option. Keys from `core` are tagged with source `"framework-core"` in the resulting sources map and in `KumikoBootError.format()` output. Conflict detection runs across core/features/extend — a feature or `extend` block that re-declares a core var throws `KumikoBootError` at compose-time.
-  **Why:** Phase 1 of the Sprint 9 env-schema migration (`kumiko-studio/docs/plans/sprint-9-env-schemas.md`). Apps wire `composeEnvSchema({ core: frameworkCoreEnvSchema, features, extend })` into `runProdApp` to get aggregated boot-validation for the vars that framework-core reads. `KUMIKO_DRY_RUN_ENV=pulumi|k8s` then enumerates them with source attribution per row — operators see "(framework-core)" next to `DATABASE_URL` rather than guessing whether the framework or the app is the consumer.
-  **Backward-compat:** Purely additive. `runProdApp`'s existing `requireEnv("DATABASE_URL")` / `process.env["KUMIKO_INSTANCE_ID"]` reads remain unchanged. Apps that don't pass `envSchema` behave exactly as before.
-  **Feature-specific vars (Phase 2):** `JWT_SECRET` (auth-email-password), `KUMIKO_SECRETS_MASTER_KEY_*` (secrets), `SMTP_*` (channel-email-smtp), `STRIPE_*` / `MOLLIE_*` (subscription-\*) stay scoped to their owning feature's `r.envSchema()` and are NOT in `frameworkCoreEnvSchema`.
-- dff4123: Add Zod-based env-schema declarations and boot-time validation (Sprint 9.1).
-  **New API:**
-  - `r.envSchema(z.object({...}))` — declare per-feature env-vars at registration time.
-  - `@cosmicdrift/kumiko-framework/env`: `composeEnvSchema({features, extend, optionalFeatures})` merges feature schemas into one app-wide schema, returning `{schema, sources}`. `parseEnv(schema, env, {sources, pulumiPrefix})` validates `process.env` and throws `KumikoBootError` listing ALL problems at once (aggregated, not first-fail).
-  - `@cosmicdrift/kumiko-framework/env/dry-run`: `renderDryRun(composed, mode, opts)` for `human|json|pulumi|k8s` introspection of the required env-vars without booting.
-  - `runProdApp({envSchema, pulumiPrefix, bootErrorReporter, envSource})` runs schema validation before any DB/Redis connection. `KUMIKO_DRY_RUN_ENV=1|human|json|pulumi|k8s` prints the inventory and exits.
-  - Per-var metadata via Zod's `.meta({ kumiko: { pulumi: { name, generator, secret } } })` for deploy-time tooling overrides.
-  **Backward-compat:** Apps without `envSchema` keep working — existing `requireEnv("DATABASE_URL")` calls in `runProdApp` are untouched. Sprint-9.2-9.5 migrates framework + bundled-features + apps to schema-only env handling.
-  **Why:** 2026-05-21 Studio deploy stacked 7 hacks chasing missing env-vars (10+ pipeline-fail iterations, ended in rollback). Schema-first boot validation surfaces ALL misconfigs upfront with `pulumi config set …` suggestions, replacing the discover-by-failing loop with a single dry-run + secrets-bootstrap pass.
-### Patch Changes
-- Updated dependencies [145b8df]
-- Updated dependencies [f34af9a]
-- Updated dependencies [dff4123]
-  - @cosmicdrift/kumiko-bundled-features@0.8.0
-  - @cosmicdrift/kumiko-framework@0.8.0
-## 0.7.0
-### Minor Changes
-- bcf43b6: es-ops: `SeedMembershipRow` exposes `streamTenantId` (stream-tenant aus `kumiko_events.v1`) neben dem payload-`tenantId`. Seed-Authors müssen den `kumiko_events`-JOIN nicht mehr selbst bauen — `m.streamTenantId` ist der korrekte Wert für `systemWriteAs`'s `tenantIdOverride` wenn das Aggregate von einem fremden Executor angelegt wurde (typisches `seedTenantMembership(by=systemAdmin)`-Pattern).
-### Patch Changes
-- Updated dependencies [bcf43b6]
-  - @cosmicdrift/kumiko-framework@0.7.0
-  - @cosmicdrift/kumiko-bundled-features@0.7.0
-## 0.6.0
-### Minor Changes
-- 8489d18: feat(es-ops): Phase 1.5 — tenantIdOverride + dry-run-validator + E2E-Test + Doku
-  Phase 1.5 schließt die Lücken aus Phase 1 die den ersten Driver-Use-Case
-  (publicstatus admin-roles) blockten. Siehe Retro:
-  `kumiko-platform/docs/plans/features/es-ops-phase1-retro.md` (PR #9).
-  **A1 — tenantIdOverride:**
-  `SeedMigrationContext.systemWriteAs(qn, payload, tenantIdOverride?)`.
-  Default SYSTEM_TENANT_ID (unverändert für System-scope-Aggregates wie
-  config-values). Mit override: `createSystemUser(tenantIdOverride)` als
-  Executor, damit der Event-Store-Executor den Aggregate-Stream im
-  richtigen Tenant findet. Fix für die `version_conflict`-Klasse-Bug
-  (Memory `feedback_event_store_tenant_consistency.md`).
-  **A2 — dry-run-validator:**
-  Runner parsed seed-files vor `migration.run()` per regex
-  `systemWriteAs\(["']([^"']+)["']`, sammelt handler-QNs, validiert
-  gegen `registry.getWriteHandler(qn)`. Fail-fast mit klarer Message
-  - Datei + QN statt zur Runtime "handler not found". Catched camelCase-
-    typos (kebab-case-vs-camelCase Drift) + andere QN-Drift zur Boot-Zeit.
-    runProdApp reicht den richtigen Registry rein (`registry` neu in
-    RunPendingSeedMigrationsArgs).
-  **A3 — E2E-Test:**
-  `packages/bundled-features/src/__tests__/es-ops-e2e.integration.ts`
-  mit `setupTestStack`-Pattern: tenant+config Features echt geladen,
-  echtes Membership-Aggregate via TenantHandlers.addMember im Demo-Tenant,
-  seed-migration ruft update-member-roles mit tenantIdOverride → write
-  geht durch, Marker landed, Event in Store, Read-Model aktualisiert.
-  Plus typo-Test: seed mit camelCase fail-t Dry-Run mit
-  `/dry-run found.*unknown handler-QN/`. **TDD-First**: ohne A1+A2 wäre
-  der test rot.
-  **A4 — Doku:**
-  `framework/src/es-ops/README.md` erweitert um „Wann brauche ich
-  tenantIdOverride?" + „Deployment-Anforderungen" (Docker COPY, Idempotenz,
-  Multi-Replica) + „Lokaler Smoke vor Push". Recipe-README + seed-files
-  auf neue API aktualisiert.
-  **A5 — Smoke-Skript-Template:**
-  `samples/recipes/seed-migration/scripts/smoke.ts` als copy-paste-Template
-  für App-Authors: Bun-runnable, offline (read-only, kein DB-Write),
-  validiert Module-Load + QN-Resolution + System-User-Access. Recipe-
-  README dokumentiert Pflicht-Pattern.
-  **Bonus-Fix:**
-  `tenant:write:create`-access auf `["system", "SystemAdmin"]` erweitert
-  (symmetrisch zu update-member-roles). Aufgedeckt durch Recipe-Smoke +
-  initial-tenants-Seed. Pinning-Test in `tenant.integration.ts` updated.
-  **Test-State:** 45/45 grün (Pre-Push). Typecheck clean. Biome clean.
-  as-cast-Audit clean. Guard-silent-skip clean. Recipe-Smoke clean.
-  **Folge-Step (separater PR):** publicstatus driver-sample reaktivieren
-  mit lokalem Pre-Push-Smoke gegen publicstatus' echtes Feature-Set.
-### Patch Changes
-- Updated dependencies [8489d18]
-  - @cosmicdrift/kumiko-framework@0.6.0
-  - @cosmicdrift/kumiko-bundled-features@0.6.0
-## 0.5.2
-### Patch Changes
-- 4f0d781: fix(tenant): updateMemberRoles erlaubt "system"-Rolle (symmetrisch zu create)
-  Drift innerhalb des tenant-Features: `tenant:write:create` akzeptierte
-  `["system", "SystemAdmin"]`, `tenant:write:update-member-roles` aber
-  nur `["SystemAdmin"]`. Konsequenz: ops-tooling und seed-migrations
-  (`createSystemUser` mit `roles: ["system"]`) konnten den Handler nicht
-  aufrufen — `access_denied`.
-  Live entdeckt beim ersten Driver-Sample der es-ops Phase 1: publicstatus
-  seed `2026-05-20-fix-admin-roles.ts` rief `update-member-roles` via
-  `systemWriteAs` → access_denied → Pod CrashLoopBackOff.
-  Plus access-rule-Pinning-Test in `tenant.integration.ts`-scenario-7.
-- Updated dependencies [4f0d781]
-  - @cosmicdrift/kumiko-framework@0.5.2
-  - @cosmicdrift/kumiko-bundled-features@0.5.2
-## 0.5.1
-### Patch Changes
-- 0e00015: fix(es-ops): path.resolve statt path.join für seedsDir → seed-files
-  Bun's `await import()` braucht absolute Pfade. Wenn der App-Author
-  `runProdApp({ seedsDir: "./seeds" })` setzt (relativ), würde
-  `path.join("./seeds", "foo.ts")` einen relativen Pfad liefern → Bun's
-  Import-Resolver such relativ zum `runner.ts`-Modul (nicht zum
-  `process.cwd()`) → `Cannot find module 'seeds/...' from '<runner-path>'`.
-  `path.resolve` löst gegen `process.cwd()` auf → absolute Pfade →
-  Import funktioniert. Aufgedeckt beim ersten Live-Boot der publicstatus-
-  Driver-Migration (Pod CrashLoopBackOff).
-- Updated dependencies [0e00015]
-  - @cosmicdrift/kumiko-framework@0.5.1
-  - @cosmicdrift/kumiko-bundled-features@0.5.1
-## 0.5.0
-### Minor Changes
-- 7ff69ab: feat(es-ops): Phase 1 — file-based seed-migrations
-  Neues first-class Operations-Pattern fürs Framework. Liefert `seed-migrations`
-  als drizzle-migrate-equivalent für Event-Sourcing-Aggregate-Updates die
-  idempotent-Seeder nicht erfassen können (z.B. „Member hat schon eine
-  Rolle, aber jetzt soll noch eine dazukommen").
-  Public-API:
-  - `runProdApp({ seedsDir })` — Auto-apply pending Migrations beim Boot
-  - `SeedMigration`-Interface (default-Export einer `seeds/<id>.ts`-File)
-  - `SeedMigrationContext` mit `systemWriteAs` (ruft existing write-handler
-    als System-User) + Read-Helpers (`findUserByEmail`,
-    `findMembershipsOfUser`, `findTenants`)
-  - CLI: `bunx kumiko ops seed:new|status|apply`
-  - Tracking-Table `kumiko_es_operations` mit `operation_type`-Discriminator
-    (vorbereitet auf Phase 2+ Operations: projection-rebuild, event-replay,
-    stream-migration, ...)
-  - Env-Flags: `KUMIKO_SKIP_ES_OPS=1` (alle skippen für Recovery),
-    `KUMIKO_SKIP_ES_OPS_<ID>=1` (einzelne kaputte skippen)
-  Garantien: single-run via tracking, atomic via per-migration-Tx,
-  chronological order via filename-prefix, fail-stop bei Failure (kein
-  Partial-Apply), ES-konform via Handler-Dispatch.
-  Sub-path-Export: `@cosmicdrift/kumiko-framework/es-ops`
-  Plan-Doc: `kumiko-platform/docs/plans/features/es-ops.md`
-  Recipe: `samples/recipes/seed-migration/`
-  Driver-Use-Case: publicstatus admin-roles-drift (parallel-Branch
-  `feat/es-ops-driver-admin-roles`).
-  Phase 2+ skizziert + offen markiert — Implementation pro Use-Case.
-### Patch Changes
-- Updated dependencies [7ff69ab]
-  - @cosmicdrift/kumiko-framework@0.5.0
-  - @cosmicdrift/kumiko-bundled-features@0.5.0
-## 0.4.1
-### Patch Changes
-- 010b410: feat(auth-email-password): "Bestätigungs-Mail erneut senden" im LoginScreen
-  LoginScreen bietet bei reason=email_not_verified jetzt einen Resend-Link
-  im Fehler-Banner — der existierende `requestEmailVerification`-Endpoint
-  wird direkt aufgerufen, der Banner wechselt nach Erfolg zum Info-Variant
-  ("Wir haben dir eine neue Bestätigungs-Mail geschickt.").
-  UX-Details:
-  - Bei 429 → inline-Hint "Bitte warte kurz und versuche es erneut."
-  - Bei Netzwerk/sonstigen Fehlern → inline-Hint "Konnte nicht senden."
-  - Anti-Typo-Gate: ändert der User die Email-Eingabe nach dem Login-Fail,
-    verschwindet der Resend-Link — sonst würde Resend silent-success an die
-    geänderte (potentiell typoed) Adresse gehen ohne User-Feedback.
-  - Andere Failure-Codes (invalid_credentials etc.) zeigen weiterhin keinen
-    Resend-Link.
-  i18n: 4 neue Keys (DE+EN) im `auth.login.resend*`-Namespace, additive.
-  Apps die ihre Translations override-en müssen nichts ändern.
-  Additive UI-Feature — keine API-Breaks, keine Schema-Migration.
-- Updated dependencies [010b410]
-  - @cosmicdrift/kumiko-framework@0.4.1
-  - @cosmicdrift/kumiko-bundled-features@0.4.1
-## 0.4.0
-### Minor Changes
-- 825e7d2: Visual-Tree V.1.4 → V.1.6 — Feature-complete Editor + Folder-Hierarchy + Roving-tabindex.
-  **V.1.4** — explicit `folder?: string` Schema-Field auf text-block-entity. Slug bleibt
-  kebab-only validiert, Folder explizit gesetzt. Tree gruppiert via `groupBlocksByFolder`
-  (ersetzt `groupBlocksBySlugPrefix`). `Subscribe<T>` Signature um optional `emitError`
-  erweitert für explicit async-error-Pfade. ProviderBranch zeigt Error-Banner mit
-  Retry-Button. Drift-Test pinnt seedTextBlock-vs-set.write Slug-Validation.
-  **V.1.4b** — URL-State-Routing für Editor-Target via `nav.searchParams`. F5 + Back-Button
-  stellen den Editor-State wieder her. Format: `?t=text-content:edit&a_slug=...&a_lang=...`.
-  Plus `useDispatchTarget` hook ersetzt globalen `dispatchTarget` als empfohlenen Production-
-  Pfad (legacy bleibt für Test-Hooks).
-  **V.1.5** — Arrow-Key-Navigation (`<aside role="tree">`, ARIA-tree-Pattern) + SSE-driven
-  Tree-Refresh. `ClientFeatureDefinition.treeEntities?: string[]` listet Entity-Namen pro
-  Provider; live-events triggern provider-re-mount → Stale-Tree-state="stub"→"filled"
-  flippt nach save automatisch.
-  **V.1.5c+d** — Active-Node-Highlight (explicit blue + 2px border-l + scrollIntoView),
-  VS-Code-Polish (compact spacing, focus-visible, folder-icon-color text-amber, indent-
-  guides per ancestor-depth), Folder-Wrapper für legal-pages ("📁 Legal" + slug-first
-  Verschachtelung) und text-content ("📁 Content").
-  **V.1.6** — Multi-level Folder-Splitting (`folder="page/marketing"` → nested folders,
-  walk-or-create-pattern, folder/leaf-collision-tolerant). Roving-tabindex (nur focused-
-  treeitem hat tabIndex=0, Tab cyclt aus dem Tree raus).
-  35/35 kumiko check PASS, 13/13 group-blocks + 22/22 text-content integration tests grün.
-  Browser + Keyboard lokal validated.
-  **Breaking**: `TreeContext` Type entfernt (V.1.2 SR2-Rip — war nie genutzt). Provider sind
-  session-bound: `TreeChildrenSubscribe = () => Subscribe<T>` statt `(ctx) => Subscribe<T>`.
-  **V.1.7-Followups**: useEffect-deps in VisualTree-focus-init (Performance), Cancellation-
-  Token in TreeProvider's fetch (emit-after-unmount-warning), inline-rename, drag-drop,
-  file-icons per slug-extension, parent-jump bei ArrowLeft auf collapsed-item.
-### Patch Changes
-- Updated dependencies [825e7d2]
-  - @cosmicdrift/kumiko-framework@0.4.0
-  - @cosmicdrift/kumiko-bundled-features@0.4.0
-## 0.3.0
-### Minor Changes
-- 0.3.0 bringt zwei neue Subsysteme (Step-Engine Tier-3 + Visual-Tree) plus
-  eine AST-Codemod-Pipeline als Vorarbeit für den L2-AI-Layer.
-  ### Breaking Changes
-  - `skipTransitionGuard` → `unsafeSkipTransitionGuard` (Rename in
-    feature-ast + engine). Der `unsafe`-Prefix macht die Tragweite des
-    Casts sichtbar und ist konsistent zur `unsafeProjectionUpsert`- und
-    `r.rawTable`-Konvention. Migration: 1:1-Ersetzung, keine Verhaltens-Änderung.
-  ### Features
-  - **Step-Engine M.4 — Tier-3 Workflow-Engine.** Neue Step-Vocabulary
-    `wait`, `waitForEvent`, `retry` ermöglicht persistierte Long-Running-Flows
-    über Job-Boundaries hinweg. Q7 Snapshot-at-Start hängt jedem Step-Run
-    einen SHA-256-Fingerprint des Aggregat-Zustands an, sodass Replays
-    deterministisch gegen den ursprünglichen Eingangszustand laufen.
-  - **Visual-Tree V.1.x — Tree-API + Editor-Panel.** Neue `VisualTree`-
-    Component plus TreeProvider-Pattern; erste TreeProviders für
-    `text-content` und `legal-pages` (CMS-light + Impressum/Privacy).
-    Fundament für den späteren No-Code-Designer (~3000 LOC, 98 Tests).
-  - **Codemod-Pipeline.** AST-basierte Patcher-Module für strukturelle
-    Feature-Edits — wird vom kommenden L2-AI-Layer als Tool-Surface
-    verwendet, ist aber eigenständig nutzbar für ts-morph-style Migrationen.
-  - **user-data-rights Sample-Recipe.** DSGVO Art. 15/17/18/20 vollständig
-    als Sample-Recipe (`samples/recipes/`) inklusive README — zeigt die
-    Export- und Forget-Pipeline gegen den `compliance-profiles`-Default
-    (`eu-dsgvo`).
-  ### Fixes
-  - `tier-engine`: auto-default-tier-Hook benutzt jetzt `ctx.db.raw` für
-    Event-Store-Operationen (#37, vorher: stiller Bug, 22 Tage live).
-  - `engine`: unsafe-projection-upsert nutzt `as never` statt `as any` —
-    schmaler Cast-Surface, weniger Compiler-Knebel.
-  - `visual-tree`: runtime-isolation marker für client-konsumierte Files,
-    damit der Multi-Entry-Build den richtigen Bundle-Split bekommt.
-  - `feature-ast`: vollständiger `unsafeSkipTransitionGuard`-Rename (war
-    in zwei Modulen noch der alte Name).
-  - `framework`: Error-Reasons + `noConsole`-Lint + No-Date-API-Guard
-    wieder push-ready.
-  ### Library-Updates
-  hono 4.12, jose 6.2, stripe 22.1, meilisearch 0.58, marked 18,
-  bun-types 1.3.13, lucide-react 1.14, bullmq 5.76, ioredis 5.10,
-  i18next 26.0, react + radix-ui-primitives auf aktuelle Minors.
-### Patch Changes
-- Updated dependencies
-  - @cosmicdrift/kumiko-framework@0.3.0
-  - @cosmicdrift/kumiko-bundled-features@0.3.0
-## 0.2.3
-### Patch Changes
-- Updated dependencies [1dbd038]
-  - @cosmicdrift/kumiko-bundled-features@0.2.3
-  - @cosmicdrift/kumiko-framework@0.2.3
-## 0.2.2
-### Patch Changes
-- 7a7da3e: Re-publish 0.2.1 → 0.2.2 mit korrekt aufgelösten cross-package-Versionen.
-  0.2.1 hatte `workspace:*` als Wert in den dependencies (npm publish ohne
-  yarn-pack rewrite), Konsumenten bekamen "Workspace not found".
-  publish-with-oidc.sh nutzt jetzt `yarn pack` (rewrited workspace:\*) +
-  `npm publish <tarball>` (OIDC + provenance).
-- Updated dependencies [7a7da3e]
-  - @cosmicdrift/kumiko-framework@0.2.2
-  - @cosmicdrift/kumiko-bundled-features@0.2.2
-## 0.2.1
-### Patch Changes
-- 48b7f6a: CI: switch publish to npm-CLI with OIDC Trusted Publishing + provenance.
-  No source changes — verifies the new publish path produces a verified-
-  provenance attestation on npmjs.com instead of token-based publish.
-- Updated dependencies [48b7f6a]
-  - @cosmicdrift/kumiko-framework@0.2.1
-  - @cosmicdrift/kumiko-bundled-features@0.2.1
-## 0.2.0
-### Minor Changes
-- 6c70b6f: fix(tenant): seedTenant idempotent gegen Event-Store-Projection-Drift.
-  Verhindert version_conflict beim App-Boot wenn Aggregat existiert aber
-  Projection-Row fehlt (rebuild-drift, async-lag, manueller DB-Eingriff).
-### Patch Changes
-- Updated dependencies [6c70b6f]
-  - @cosmicdrift/kumiko-framework@0.2.0
-  - @cosmicdrift/kumiko-bundled-features@0.2.0
-## 0.1.0
-### Minor Changes
-- 59ba6d7: Initial public release of Kumiko — AI-native backend builder.
-  What ships in 0.1.0:
-  - **Engine** (`@cosmicdrift/kumiko-framework`): `defineFeature`, `r.entity`, `r.writeHandler`, `r.queryHandler`, `r.projection`, `r.multiStreamProjection`, `r.hook`, `r.translations`, `r.crud`, `r.referenceData`, `r.screen`, `r.nav`, `r.authClaims`, full lifecycle pipeline with field-level access checks
-  - **Pipeline** (`@cosmicdrift/kumiko-framework`): `createDispatcher`, JWT auth via jose, Zod schema validation, role-based access checks, command/write/query split
-  - **DB** (`@cosmicdrift/kumiko-framework`): Drizzle helpers (`buildDrizzleTable`, `applyCursorQuery`), CRUD executor, Postgres dialect, optimistic locking, soft delete, multi-tenant scoping
-  - **Event sourcing** (`@cosmicdrift/kumiko-framework`): aggregate streams, single + multi-stream projections, event upcasters, asOf queries, archive support, AsyncDaemon-pattern dispatcher
-  - **Bundled features** (`@cosmicdrift/kumiko-bundled-features`): auth-email-password, sessions, tenants, users, jobs, secrets, file-provider-s3, mail-transport-smtp/inmemory, billing-foundation, cap-counter, channel-in-app, delivery, feature-toggles, legal-pages
-  - **Renderer** (`@cosmicdrift/kumiko-renderer`, `@cosmicdrift/kumiko-renderer-web`): schema-driven CRUD UI for React + Expo Web, override paths, list debounce, theme tokens
-  - **Headless** (`@cosmicdrift/kumiko-headless`): view-models for list/edit screens, locale-aware
-  - **Dev server** (`@cosmicdrift/kumiko-dev-server`): `runDevApp`, `runProdApp`, `kumiko-build` for production bundles (client + server), Docker-ready
-  - **Realtime** (`@cosmicdrift/kumiko-dispatcher-live`): SSE broadcast across tenants, Redis Pub/Sub backend
-  - **CLI** (`bin/kumiko.ts`): interactive dev menu, test runners, check pipeline (Biome + TypeScript + 18 guards + Vitest)
-  This is a pre-1.0 release — APIs may change between minor versions. Breaking changes will be documented per release.
-### Patch Changes
-- Updated dependencies [59ba6d7]
-  - @cosmicdrift/kumiko-framework@0.1.0
-  - @cosmicdrift/kumiko-bundled-features@0.1.0