npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/__tests__/error-contract.integration.ts ADDED Viewed

@@ -0,0 +1,435 @@
+// Error-Contract — one test per KumikoError subclass through the full HTTP
+// stack. This file is the wire-format goldstandard: every error class must
+// come back with a stable code + i18nKey and the shape that the client SDK
+// and docs promise. If you change the contract, this is the file that moves.
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { createEventStoreExecutor } from "../db/event-store-executor";
+import { buildDrizzleTable } from "../db/table-builder";
+import {
+  createEntity,
+  createNumberField,
+  createTextField,
+  defineFeature,
+  type TenantId,
+} from "../engine";
+import {
+  AccessDeniedError,
+  ConflictError,
+  NotFoundError,
+  UnprocessableError,
+  writeFailure,
+} from "../errors";
+import {
+  createEntityTable,
+  createTestUser,
+  setupTestStack,
+  type TestStack,
+  TestUsers,
+} from "../stack";
+// --- Entity + handlers that deliberately raise each Kumiko error class ---
+const itemEntity = createEntity({
+  table: "errctr_items",
+  fields: {
+    name: createTextField({ required: true }),
+    stock: createNumberField({ default: 0 }),
+  },
+});
+const itemTable = buildDrizzleTable("item", itemEntity);
+const errorFeature = defineFeature("errctr", (r) => {
+  r.entity("item", itemEntity);
+  // CRUD create to prep update/delete scenarios (NotFound, VersionConflict).
+  r.writeHandler(
+    "item:create",
+    z.object({ name: z.string().min(1) }),
+    async (event, ctx) => {
+      const crud = createEventStoreExecutor(itemTable, itemEntity, { entityName: "item" });
+      return crud.create(event.payload, event.user, ctx.db);
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // VersionConflict: update with stale version → 409 via CrudExecutor.
+  r.writeHandler(
+    "item:update",
+    z.object({
+      id: z.uuid(),
+      version: z.number().optional(),
+      changes: z.record(z.string(), z.unknown()),
+    }),
+    async (event, ctx) => {
+      const crud = createEventStoreExecutor(itemTable, itemEntity, { entityName: "item" });
+      return crud.update(event.payload, event.user, ctx.db);
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // ValidationError via Zod schema (too-short string).
+  // The "name: z.string().min(3)" constraint triggers a ZodIssue which the
+  // dispatcher wraps into ValidationError.details.fields automatically.
+  r.writeHandler(
+    "item:create-strict",
+    z.object({ name: z.string().min(3) }),
+    async () => writeFailure(new UnprocessableError("unreachable")),
+    { access: { roles: ["Admin"] } },
+  );
+  // ValidationError via a hook (post-schema business validation).
+  const createForHook = r.writeHandler(
+    "item:create-for-hook",
+    z.object({ name: z.string() }),
+    async (event, ctx) => {
+      const crud = createEventStoreExecutor(itemTable, itemEntity, { entityName: "item" });
+      return crud.create(event.payload, event.user, ctx.db);
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  r.hook("validation", createForHook, (data) => {
+    if (data["name"] === "forbidden") {
+      return [{ field: "name", error: "name_is_forbidden" }];
+    }
+    return null;
+  });
+  // ConflictError: generic 409, used e.g. for delete_restricted.
+  r.writeHandler(
+    "item:conflict",
+    z.object({}),
+    async () =>
+      writeFailure(
+        new ConflictError({
+          message: "would leave dangling references",
+          i18nKey: "errctr.errors.dependencyConflict",
+          details: { reason: "has_dependencies", blocker: "order" },
+        }),
+      ),
+    { access: { roles: ["Admin"] } },
+  );
+  // UnprocessableError: business rule, reason surfaces under details.reason.
+  r.writeHandler(
+    "item:unprocessable",
+    z.object({}),
+    async () =>
+      writeFailure(
+        new UnprocessableError("already_fulfilled", {
+          i18nKey: "errctr.errors.alreadyFulfilled",
+          details: { stage: "ship" },
+        }),
+      ),
+    { access: { roles: ["Admin"] } },
+  );
+  // AccessDeniedError in the handler body (distinct from dispatcher-level
+  // role check, which also surfaces AccessDeniedError — both land on 403).
+  r.writeHandler(
+    "item:explicit-deny",
+    z.object({}),
+    async () =>
+      writeFailure(
+        new AccessDeniedError({
+          message: "manual access deny",
+          details: { reason: "manual_deny" },
+        }),
+      ),
+    { access: { roles: ["Admin"] } },
+  );
+  // NotFoundError thrown directly as KumikoError (in query handler — proves
+  // the throw-based path, not the writeFailure return-based path).
+  r.queryHandler(
+    "item:detail-strict",
+    z.object({ id: z.uuid() }),
+    async (event) => {
+      throw new NotFoundError("item", event.payload.id);
+    },
+    { access: { openToAll: true } },
+  );
+  // InternalError auto-wrap: handler raises an unexpected TypeError; the
+  // dispatcher wraps it so the wire body is the sanitized InternalError shape.
+  r.writeHandler(
+    "item:boom",
+    z.object({}),
+    async () => {
+      throw new TypeError("cannot_read_prop");
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // Nested cause: user-thrown KumikoError with a .cause chain. The
+  // forensic info should stay server-side (Log), while the response body
+  // carries only the top-level class.
+  r.writeHandler(
+    "item:caused",
+    z.object({}),
+    async () => {
+      const inner = new Error("upstream_service_blew_up");
+      throw new ConflictError({
+        message: "conflict caused by upstream",
+        i18nKey: "errctr.errors.upstream",
+        details: { reason: "upstream_blew_up" },
+        cause: inner,
+      });
+    },
+    { access: { roles: ["Admin"] } },
+  );
+});
+let stack: TestStack;
+const admin = TestUsers.admin;
+const guest = createTestUser({ id: 2, roles: ["Guest"] });
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [errorFeature] });
+  await createEntityTable(stack.db, itemEntity);
+});
+afterAll(async () => stack.cleanup());
+beforeEach(async () => {
+  stack.events.reset();
+  await stack.db.delete(itemTable);
+});
+// --- Helpers ---
+type ErrorBody = {
+  readonly code: string;
+  readonly i18nKey: string;
+  readonly message: string;
+  readonly details?: unknown;
+  readonly requestId?: string;
+  readonly timestamp: string;
+};
+type AnyUser = {
+  readonly id: string;
+  readonly tenantId: TenantId;
+  readonly roles: readonly string[];
+};
+async function writeErrorBody(
+  type: string,
+  payload: unknown,
+  user: AnyUser = admin,
+): Promise<{ status: number; body: { isSuccess: false; error: ErrorBody } }> {
+  const res = await stack.http.write(type, payload, user);
+  const body = (await res.json()) as { isSuccess: false; error: ErrorBody };
+  return { status: res.status, body };
+}
+// The invariant the client SDK keys off. Every 4xx/5xx from /write + /batch
+// must satisfy it — independent of which Kumiko class produced the error.
+function expectErrorShape(error: ErrorBody): void {
+  expect(typeof error.code).toBe("string");
+  expect(error.code.length).toBeGreaterThan(0);
+  expect(typeof error.i18nKey).toBe("string");
+  expect(error.i18nKey).toMatch(/^[a-z]/); // namespaced key, not a sentence
+  expect(typeof error.message).toBe("string");
+  expect(error.timestamp).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+}
+// =============================================================================
+// One test per error class — status, code, i18nKey, details shape
+// =============================================================================
+describe("error contract: wire format per class", () => {
+  test("ValidationError (Zod) → 400, details.fields[] with path + code + i18nKey", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:create-strict", { name: "x" });
+    expect(status).toBe(400);
+    expect(body.isSuccess).toBe(false);
+    expectErrorShape(body.error);
+    expect(body.error.code).toBe("validation_error");
+    const details = body.error.details as {
+      fields: Array<{ path: string; code: string; i18nKey: string }>;
+    };
+    expect(details.fields.length).toBeGreaterThan(0);
+    const nameIssue = details.fields.find((f) => f.path === "name");
+    expect(nameIssue).toBeDefined();
+    expect(nameIssue?.code).toBe("too_small");
+    expect(nameIssue?.i18nKey).toBe("errors.validation.too_small");
+  });
+  test("ValidationError (hook) → 400, details.fields carries hook-reported errors", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:create-for-hook", {
+      name: "forbidden",
+    });
+    expect(status).toBe(400);
+    expect(body.error.code).toBe("validation_error");
+    const details = body.error.details as { fields: Array<{ path: string; code: string }> };
+    expect(details.fields).toContainEqual(
+      expect.objectContaining({ path: "name", code: "name_is_forbidden" }),
+    );
+  });
+  test("AccessDeniedError (handler throws) → 403, code access_denied", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:explicit-deny", {});
+    expect(status).toBe(403);
+    expect(body.error.code).toBe("access_denied");
+    expectErrorShape(body.error);
+    expect((body.error.details as { reason: string }).reason).toBe("manual_deny");
+  });
+  test("AccessDeniedError (dispatcher role check) → 403", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:create", { name: "x" }, guest);
+    expect(status).toBe(403);
+    expect(body.error.code).toBe("access_denied");
+  });
+  test("NotFoundError (thrown from query handler) → 404 via /query", async () => {
+    const res = await stack.http.raw(
+      "POST",
+      "/api/query",
+      {
+        type: "errctr:query:item:detail-strict",
+        payload: { id: "00000000-0000-4000-8000-000000000999" },
+      },
+      await authHeaders(admin),
+    );
+    expect(res.status).toBe(404);
+    const body = (await res.json()) as { error: ErrorBody };
+    expectErrorShape(body.error);
+    expect(body.error.code).toBe("not_found");
+    expect(body.error.details).toMatchObject({
+      reason: "item_not_found",
+      entity: "item",
+      id: "00000000-0000-4000-8000-000000000999",
+    });
+  });
+  test("NotFoundError (unknown write handler) → 404", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:nope", {});
+    expect(status).toBe(404);
+    expect(body.error.code).toBe("not_found");
+    expect(body.error.details).toMatchObject({ entity: "handler", id: expect.any(String) });
+  });
+  test("ConflictError → 409, details carries the business reason", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:conflict", {});
+    expect(status).toBe(409);
+    expect(body.error.code).toBe("conflict");
+    expect(body.error.details).toMatchObject({ reason: "has_dependencies", blocker: "order" });
+  });
+  test("VersionConflictError → 409, details carries version info", async () => {
+    const created = await stack.http.writeOk<{ id: number }>(
+      "errctr:write:item:create",
+      { name: "Widget" },
+      admin,
+    );
+    // First update succeeds — current version becomes 2.
+    await stack.http.writeOk(
+      "errctr:write:item:update",
+      { id: created.id, version: 1, changes: { name: "Widget v2" } },
+      admin,
+    );
+    // Second update with the already-consumed version=1 → VersionConflictError.
+    const { status, body } = await writeErrorBody("errctr:write:item:update", {
+      id: created.id,
+      version: 1,
+      changes: { name: "Widget stale" },
+    });
+    expect(status).toBe(409);
+    expect(body.error.code).toBe("version_conflict");
+    expect(body.error.details).toMatchObject({
+      entityId: created.id,
+      expectedVersion: 1,
+      currentVersion: 2,
+    });
+  });
+  test("UnprocessableError → 422, details.reason preserves the business reason", async () => {
+    const { status, body } = await writeErrorBody("errctr:write:item:unprocessable", {});
+    expect(status).toBe(422);
+    expect(body.error.code).toBe("unprocessable");
+    expect(body.error.details).toMatchObject({ reason: "already_fulfilled", stage: "ship" });
+    expect(body.error.i18nKey).toBe("errctr.errors.alreadyFulfilled");
+  });
+  test("InternalError (auto-wrap) → 500, generic message; dev exposes cause, prod hides it", async () => {
+    // Default test-Run läuft mit NODE_ENV !== "production" — dev-Modus exposed
+    // die cause-Details (causeName/causeMessage/causeStack), damit Handler-
+    // Bugs nicht als nackter "internal error" zurückkommen. Memory:
+    // Framework-DX Fixes 2026-04-25.
+    const dev = await writeErrorBody("errctr:write:item:boom", {});
+    expect(dev.status).toBe(500);
+    expect(dev.body.error.code).toBe("internal_error");
+    // Generic message für Client (keine Stack-Leak im message-Feld), aber
+    // details enthalten die cause-Zusammenfassung für DX.
+    expect(dev.body.error.message).not.toContain("cannot_read_prop");
+    expect(dev.body.error.details).toMatchObject({
+      causeName: "TypeError",
+      causeMessage: "cannot_read_prop",
+    });
+    // Production-Modus: details werden gestripped, der Stack lebt nur im Log.
+    const prevEnv = process.env["NODE_ENV"];
+    process.env["NODE_ENV"] = "production";
+    try {
+      const prod = await writeErrorBody("errctr:write:item:boom", {});
+      expect(prod.status).toBe(500);
+      expect(prod.body.error.code).toBe("internal_error");
+      expect(prod.body.error).not.toHaveProperty("details");
+      expect(prod.body.error.message).not.toContain("cannot_read_prop");
+    } finally {
+      if (prevEnv === undefined) delete process.env["NODE_ENV"];
+      else process.env["NODE_ENV"] = prevEnv;
+    }
+  });
+});
+// =============================================================================
+// Cross-cutting: requestId, timestamp, cause-chain privacy
+// =============================================================================
+describe("error contract: cross-cutting guarantees", () => {
+  test("every error response includes requestId when a header is supplied", async () => {
+    const token = await stack.jwt.sign(admin);
+    const res = await stack.app.request("/api/write", {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        "X-Request-ID": "custom-err-req",
+      },
+      body: JSON.stringify({
+        type: "errctr:write:item:conflict",
+        payload: {},
+      }),
+    });
+    const body = (await res.json()) as { isSuccess: false; error: ErrorBody };
+    expect(body.error.requestId).toBe("custom-err-req");
+  });
+  test("error response contains an ISO timestamp", async () => {
+    const { body } = await writeErrorBody("errctr:write:item:conflict", {});
+    const parsed = new Date(body.error.timestamp);
+    expect(Number.isNaN(parsed.getTime())).toBe(false);
+    // Within a sensible window — not an epoch zero, not a year-3000 garbage
+    // value — proves the serializer ran now and didn't copy a stale value.
+    expect(Math.abs(Date.now() - parsed.getTime())).toBeLessThan(10_000);
+  });
+  test("cause chain stays server-side: response body has no cause field", async () => {
+    const { body } = await writeErrorBody("errctr:write:item:caused", {});
+    expect(body.error).not.toHaveProperty("cause");
+    expect(body.error).not.toHaveProperty("stack");
+    // The top-level error is exposed, but the "upstream_service_blew_up"
+    // cause message must not leak through.
+    expect(JSON.stringify(body.error)).not.toContain("upstream_service_blew_up");
+  });
+});
+async function authHeaders(user: {
+  id: string;
+  tenantId: TenantId;
+  roles: readonly string[];
+}): Promise<Record<string, string>> {
+  const token = await stack.jwt.sign(user);
+  return { Authorization: `Bearer ${token}` };
+}

package/src/__tests__/field-access.integration.ts ADDED Viewed

@@ -0,0 +1,269 @@
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { buildServer } from "../api/server";
+import { createEventStoreExecutor } from "../db/event-store-executor";
+import { buildDrizzleTable } from "../db/table-builder";
+import {
+  createEntity,
+  createNumberField,
+  createRegistry,
+  createTextField,
+  defineFeature,
+  type SessionUser,
+} from "../engine";
+import {
+  createEntityTable,
+  createTestDb,
+  createTestRedis,
+  createTestUser,
+  type TestDb,
+  type TestRedis,
+  TestUsers,
+} from "../stack";
+// --- Entity with field-level access ---
+const employeeEntity = createEntity({
+  table: "fa_employees",
+  fields: {
+    email: createTextField({ required: true }),
+    firstName: createTextField(),
+    salary: createNumberField({ access: { read: ["Admin", "Accounting"], write: ["Admin"] } }),
+    notes: createTextField({ access: { read: ["Admin"], write: ["Admin"] } }),
+  },
+});
+const employeeTable = buildDrizzleTable("employee", employeeEntity);
+// --- Test infra ---
+const JWT_SECRET = "field-access-test-secret-minimum-32-chars!!";
+let testDb: TestDb;
+let testRedis: TestRedis;
+let app: ReturnType<typeof buildServer>["app"];
+let jwt: ReturnType<typeof buildServer>["jwt"];
+const adminUser = TestUsers.admin;
+const accountingUser = createTestUser({ id: 2, roles: ["Accounting"] });
+const employeeUser = createTestUser({ id: 3, roles: ["Employee"] });
+beforeAll(async () => {
+  testDb = await createTestDb();
+  testRedis = await createTestRedis();
+  await createEntityTable(testDb.db, employeeEntity);
+  const feature = defineFeature("employees", (r) => {
+    r.entity("employee", employeeEntity);
+    r.writeHandler(
+      "employee:create",
+      z.object({
+        email: z.string(),
+        firstName: z.string().optional(),
+        salary: z.number().optional(),
+        notes: z.string().optional(),
+      }),
+      async (event, ctx) => {
+        const db = ctx.db;
+        const crud = createEventStoreExecutor(employeeTable, employeeEntity, {
+          entityName: "employee",
+        });
+        return crud.create(event.payload, event.user, db);
+      },
+      { access: { roles: ["Admin", "Accounting", "Employee"] } },
+    );
+    r.writeHandler(
+      "employee:update",
+      z.object({
+        id: z.uuid(),
+        version: z.number().optional(),
+        changes: z.record(z.string(), z.unknown()),
+      }),
+      async (event, ctx) => {
+        const db = ctx.db;
+        const crud = createEventStoreExecutor(employeeTable, employeeEntity, {
+          entityName: "employee",
+        });
+        return crud.update(event.payload, event.user, db);
+      },
+      { access: { roles: ["Admin", "Accounting", "Employee"] } },
+    );
+    r.queryHandler(
+      "employee:detail",
+      z.object({ id: z.uuid() }),
+      async (query, ctx) => {
+        const db = ctx.db;
+        const crud = createEventStoreExecutor(employeeTable, employeeEntity, {
+          entityName: "employee",
+        });
+        return crud.detail(query.payload, query.user, db);
+      },
+      { access: { roles: ["Admin", "Accounting", "Employee"] } },
+    );
+  });
+  const registry = createRegistry([feature]);
+  const server = buildServer({
+    registry,
+    context: { db: testDb.db, redis: testRedis.redis },
+    jwtSecret: JWT_SECRET,
+  });
+  app = server.app;
+  jwt = server.jwt;
+});
+afterAll(async () => {
+  await testDb.cleanup();
+  await testRedis.cleanup();
+});
+async function req(method: string, path: string, user: SessionUser, body?: unknown) {
+  const token = await jwt.sign(user);
+  const init: RequestInit = {
+    method,
+    headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` },
+  };
+  if (body) init.body = JSON.stringify(body);
+  return app.request(path, init);
+}
+// Seed a record as Admin (has all field access)
+async function seedEmployee(): Promise<number> {
+  const res = await (
+    await req("POST", "/api/write", adminUser, {
+      type: "employees:write:employee:create",
+      payload: { email: "test@test.de", firstName: "Test", salary: 75000, notes: "Internal note" },
+    })
+  ).json();
+  return res.data.id;
+}
+// =============================================================================
+// READ: field filtering based on role
+// =============================================================================
+describe("field-level read access", () => {
+  let employeeId: number;
+  beforeAll(async () => {
+    employeeId = await seedEmployee();
+  });
+  test("Admin sees all fields", async () => {
+    const res = await (
+      await req("POST", "/api/query", adminUser, {
+        type: "employees:query:employee:detail",
+        payload: { id: employeeId },
+      })
+    ).json();
+    expect(res.data["email"]).toBe("test@test.de");
+    expect(res.data["salary"]).toBe(75000);
+    expect(res.data["notes"]).toBe("Internal note");
+    expect(res.data["firstName"]).toBe("Test");
+  });
+  test("Accounting sees salary but not notes", async () => {
+    const res = await (
+      await req("POST", "/api/query", accountingUser, {
+        type: "employees:query:employee:detail",
+        payload: { id: employeeId },
+      })
+    ).json();
+    expect(res.data["email"]).toBe("test@test.de");
+    expect(res.data["salary"]).toBe(75000);
+    expect(res.data["notes"]).toBeUndefined();
+    expect(res.data["firstName"]).toBe("Test");
+  });
+  test("Employee sees neither salary nor notes", async () => {
+    const res = await (
+      await req("POST", "/api/query", employeeUser, {
+        type: "employees:query:employee:detail",
+        payload: { id: employeeId },
+      })
+    ).json();
+    expect(res.data["email"]).toBe("test@test.de");
+    expect(res.data["firstName"]).toBe("Test");
+    expect(res.data["salary"]).toBeUndefined();
+    expect(res.data["notes"]).toBeUndefined();
+  });
+});
+// =============================================================================
+// WRITE: reject forbidden field changes
+// =============================================================================
+describe("field-level write access", () => {
+  test("Admin can update salary", async () => {
+    const id = await seedEmployee();
+    const res = await (
+      await req("POST", "/api/write", adminUser, {
+        type: "employees:write:employee:update",
+        payload: { id, changes: { salary: 80000 }, version: 1 },
+      })
+    ).json();
+    expect(res.isSuccess).toBe(true);
+  });
+  test("Employee cannot update salary — error", async () => {
+    const id = await seedEmployee();
+    const res = await (
+      await req("POST", "/api/write", employeeUser, {
+        type: "employees:write:employee:update",
+        payload: { id, changes: { salary: 999999 }, version: 1 },
+      })
+    ).json();
+    expect(res.isSuccess).toBe(false);
+    expect(res.error.code).toBe("access_denied");
+    expect(res.error.details).toMatchObject({ reason: "field_access_denied", field: "salary" });
+  });
+  test("Employee can update firstName", async () => {
+    const id = await seedEmployee();
+    const res = await (
+      await req("POST", "/api/write", employeeUser, {
+        type: "employees:write:employee:update",
+        payload: { id, changes: { firstName: "Updated" }, version: 1 },
+      })
+    ).json();
+    expect(res.isSuccess).toBe(true);
+    expect(res.data.data["firstName"]).toBe("Updated");
+  });
+  test("Employee cannot create with salary — error", async () => {
+    const res = await (
+      await req("POST", "/api/write", employeeUser, {
+        type: "employees:write:employee:create",
+        payload: { email: "new@test.de", salary: 50000 },
+      })
+    ).json();
+    expect(res.isSuccess).toBe(false);
+    expect(res.error.code).toBe("access_denied");
+    expect(res.error.details).toMatchObject({ reason: "field_access_denied", field: "salary" });
+  });
+  test("Accounting cannot update salary (only read)", async () => {
+    const id = await seedEmployee();
+    const res = await (
+      await req("POST", "/api/write", accountingUser, {
+        type: "employees:write:employee:update",
+        payload: { id, changes: { salary: 60000 }, version: 1 },
+      })
+    ).json();
+    expect(res.isSuccess).toBe(false);
+    expect(res.error.code).toBe("access_denied");
+    expect(res.error.details).toMatchObject({ reason: "field_access_denied", field: "salary" });
+  });
+});