npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/engine/build-app-schema.ts ADDED Viewed

@@ -0,0 +1,125 @@
+// Erzeugt aus einer Server-Registry das client-safe AppSchema das die
+// Browser-Renderer-Pipeline konsumiert. Genauer Zweck: dev-server kann
+// die ganze hand-geschriebene `clientSchema`-Spiegelung abschaffen, der
+// Server schickt einfach das aufgelöste AppSchema beim Boot mit.
+//
+// JSON-Safety: Wir projezieren explizit auf eine Whitelist statt
+// JSON.stringify-roundtripping. Functions würden silent gedroppt und
+// Zod-Schemas (v4 hat .toJSON, aber emittiert ein _zod-Envelope) würden
+// als komische Ghost-Properties auftauchen. Das hier ist ein bewusster
+// Vertrag: was die Browser-Renderer-Pipeline liest, taucht hier auf.
+// Neue Browser-needed-Fields müssen explizit erweitert werden.
+//
+// Aktuell projeziert (Stand 2026-04-25):
+//   Entity:    { table?, fields: { type, required?, sortable?, default? } }
+//   Screen:    verbatim (ScreenDefinition ist von Haus aus JSON-safe —
+//              custom-screens haben keine functions, layout/columns/etc.
+//              sind plain literals)
+//   Nav:       verbatim (NavDefinition ist nur strings + literals)
+//   Workspace: verbatim definition + getWorkspaceNavs() von der Registry
+//
+// Feature-Toggles: BISHER NICHT GEFILTERT. Wenn ein Feature über die
+// feature-toggles-bundled-feature global deaktiviert ist, erscheint es
+// trotzdem im AppSchema. Reason: die Toggle-Auflösung lebt im pipeline-
+// dispatcher, nicht in der Registry, und wir haben hier keinen TenantDb-
+// Kontext um sie zu lesen. TODO wenn das ein realer Use-Case wird:
+// `effectiveFeatures` Argument annehmen und über alle iterations filtern.
+import type { AppSchema, EntityDefinition, FeatureSchema, WorkspaceSchema } from "../ui-types";
+import type { Registry } from "./types/feature";
+import type { FieldDefinition } from "./types/fields";
+export function buildAppSchema(registry: Registry): AppSchema {
+  const features: FeatureSchema[] = [];
+  for (const [featureName, feature] of registry.features) {
+    const navs = Object.values(feature.navs);
+    const featureSchema: FeatureSchema = {
+      featureName,
+      entities: projectEntities(feature.entities),
+      screens: Object.values(feature.screens),
+      ...(navs.length > 0 && { navs }),
+    };
+    features.push(featureSchema);
+  }
+  // Workspaces: getAllWorkspaces() liefert mit QUALIFIZIERTEN ids (das
+  // schreibt die Registry beim Store-Overwrite ein). Die Browser-
+  // Renderer erwartet aber kurze ids (matcht gegen URL-Segment, gegen
+  // navigate({ workspaceId })). Wir gehen direkt durch `feature.workspaces`
+  // — dort sind die ids noch in der Autor-Form (short) — und ziehen die
+  // pre-resolved navMembers aus der Registry.
+  const workspaces: WorkspaceSchema[] = [];
+  for (const [featureName, feature] of registry.features) {
+    for (const [shortId, definition] of Object.entries(feature.workspaces)) {
+      const qualified = `${featureName}:workspace:${shortId}`;
+      workspaces.push({
+        definition: { ...definition, id: shortId },
+        navMembers: registry.getWorkspaceNavs(qualified),
+      });
+    }
+  }
+  return {
+    features,
+    ...(workspaces.length > 0 && { workspaces }),
+  };
+}
+function projectEntities(
+  entities: Readonly<Record<string, EntityDefinition>>,
+): Readonly<Record<string, EntityDefinition>> {
+  const out: Record<string, EntityDefinition> = {};
+  for (const [name, entity] of Object.entries(entities)) {
+    out[name] = projectEntity(entity);
+  }
+  return out;
+}
+// EntityDefinition ist eine Discriminated-Union an Field-Types — wir
+// kennen alle JSON-safe Properties pro Field-Type. Statt jede Variante
+// einzeln auszuhandeln, walken wir die Field-Map und filtern auf die
+// Whitelist. Was nicht durchkommt: Server-only-runtime wie ZodValidate-
+// Functions, Computed-Functions, Default-Functions.
+function projectEntity(entity: EntityDefinition): EntityDefinition {
+  const fieldsOut: Record<string, FieldDefinition> = {};
+  for (const [fieldName, fieldDef] of Object.entries(entity.fields)) {
+    fieldsOut[fieldName] = projectField(fieldDef);
+  }
+  // EntityDefinition akzeptiert idType/access/searchWeight als optional —
+  // wir lassen die weg weil der Browser-Renderer sie nicht liest. `table`
+  // schicken wir mit, falls Apps `entity.table` direkt referenzieren.
+  // Kein Cast nötig: alle weggelassenen Felder sind `?`-optional.
+  return {
+    fields: fieldsOut,
+    ...(typeof entity.table === "string" && { table: entity.table }),
+  };
+}
+// Whitelist pro Field. `default` darf nur durch wenn Literal (string/
+// number/boolean/null) — auch wenn die FieldDefinition-Types „default"
+// nur als Literal typisieren, hat das Sample-Pattern
+// `as unknown as EntityDefinition` Authorinnen schon Function-Defaults
+// reinschmuggeln lassen. Diese Defense-in-Depth fängt sie ab BEVOR
+// JSON.stringify sie in der Browser-Injection-Pipeline droppt.
+//
+// Cast am Exit `as FieldDefinition`: type-system-wise erfüllt unsere
+// Out-Map die Discriminated-Union nur mit unverengtem `type`-String —
+// der Cast bridged die Variant-Inferenz, die TS aus einem Generic
+// Record nicht zurückrechnet.
+function projectField(fieldDef: FieldDefinition): FieldDefinition {
+  const def = fieldDef as Record<string, unknown>; // @cast-boundary schema-walk
+  const out: Record<string, unknown> = {};
+  if (typeof def["type"] === "string") out["type"] = def["type"];
+  if (typeof def["required"] === "boolean") out["required"] = def["required"];
+  if (typeof def["sortable"] === "boolean") out["sortable"] = def["sortable"];
+  if (isLiteral(def["default"])) out["default"] = def["default"];
+  // Select: options-Liste ist plain JSON, durchschicken.
+  if (Array.isArray(def["options"])) out["options"] = def["options"];
+  return out as FieldDefinition;
+}
+function isLiteral(value: unknown): boolean {
+  if (value === null) return true;
+  const t = typeof value;
+  return t === "string" || t === "number" || t === "boolean";
+}

package/src/engine/config-helpers.ts ADDED Viewed

@@ -0,0 +1,115 @@
+import type { ConfigScope } from "./constants";
+import type {
+  ConfigBounds,
+  ConfigComputedFn,
+  ConfigKeyDefinition,
+  ConfigKeyType,
+  ConfigValue,
+} from "./types";
+// --- Access Presets ---
+export const access = {
+  all: ["all"] as readonly string[],
+  admin: ["Admin", "SystemAdmin"] as readonly string[],
+  systemAdmin: ["SystemAdmin"] as readonly string[],
+  system: ["system"] as readonly string[],
+  // system + SystemAdmin — use for field-access on identity columns that
+  // framework auth code (SYSTEM_USER) writes during login/registration, but
+  // that a SystemAdmin should also be able to fix manually.
+  privileged: ["system", "SystemAdmin"] as readonly string[],
+  // Any signed-in user role. Use on authenticated-but-not-privileged handlers
+  // (change-password, logout, me-style queries). Does NOT include "system"
+  // since an unauthenticated system call shouldn't be able to hit these.
+  authenticated: ["User", "Admin", "SystemAdmin"] as readonly string[],
+  // Unauthenticated callers reaching public endpoints (server must opt in
+  // via `anonymousAccess`). Combine with authenticated roles when an
+  // endpoint should serve both — e.g. `roles: ["anonymous", "customer"]`
+  // for a product-listing that personalises when a session is present.
+  anonymous: ["anonymous"] as readonly string[],
+  roles: (...roles: string[]): readonly string[] => roles,
+} as const;
+// --- Config Key Options ---
+// Generic so `default` narrows per type-tag — without it,
+// `createUserConfig("boolean", { default: 19 })` would compile.
+//
+// `bounds` is conditional: only `type="number"` admits it. For any other
+// type-tag the field is `never`, so `createTenantConfig("text", { bounds })`
+// fails at the call site. Matches the same pattern as `default`.
+//
+// `computed` is a fallback-resolver the registry calls when no row + no
+// app-override exists — used for plan-based limits (see
+// configuration-layers.md, "Frage 3: Hängt Geld dran?").
+//
+// `allowPerRequest` is conditional against `text`: text keys can never
+// opt in to per-request overrides (XSS/SQL/Shell risk). For other types
+// it's a plain boolean opt-in consumed by resolveConfigOrParam.
+type ConfigKeyOptions<T extends ConfigKeyType> = {
+  write?: readonly string[];
+  read?: readonly string[];
+  default?: ConfigValue<T>;
+  encrypted?: boolean;
+  options?: readonly string[]; // for select type
+  bounds?: T extends "number" ? ConfigBounds : never;
+  computed?: ConfigComputedFn<T>;
+  allowPerRequest?: T extends "text" ? never : boolean;
+};
+// --- Scope Defaults ---
+const SCOPE_DEFAULTS: Record<ConfigScope, { write: readonly string[]; read: readonly string[] }> = {
+  tenant: { write: access.admin, read: access.all },
+  system: { write: access.system, read: access.admin },
+  user: { write: access.all, read: access.all },
+};
+// --- Factory ---
+function createConfigKey<T extends ConfigKeyType>(
+  scope: ConfigScope,
+  type: T,
+  opts: ConfigKeyOptions<T> = {},
+): ConfigKeyDefinition<T> {
+  const defaults = SCOPE_DEFAULTS[scope];
+  return {
+    type,
+    scope,
+    access: {
+      write: opts.write ?? defaults.write,
+      read: opts.read ?? defaults.read,
+    },
+    default: opts.default,
+    ...(opts.encrypted ? { encrypted: true } : {}),
+    ...(opts.options ? { options: opts.options } : {}),
+    bounds: opts.bounds as ConfigBounds | undefined,
+    computed: opts.computed,
+    ...(opts.allowPerRequest === true ? { allowPerRequest: true } : {}),
+  };
+}
+// --- Public API ---
+// Generic on the type-tag so `r.config({keys})` can propagate it into the
+// returned `ConfigKeyHandle<T>` — that's what narrows `ctx.config(handle)`.
+export function createTenantConfig<T extends ConfigKeyType>(
+  type: T,
+  opts?: ConfigKeyOptions<T>,
+): ConfigKeyDefinition<T> {
+  return createConfigKey("tenant", type, opts);
+}
+export function createSystemConfig<T extends ConfigKeyType>(
+  type: T,
+  opts?: ConfigKeyOptions<T>,
+): ConfigKeyDefinition<T> {
+  return createConfigKey("system", type, opts);
+}
+export function createUserConfig<T extends ConfigKeyType>(
+  type: T,
+  opts?: ConfigKeyOptions<T>,
+): ConfigKeyDefinition<T> {
+  return createConfigKey("user", type, opts);
+}

package/src/engine/constants.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import type { TenantId } from "@cosmicdrift/kumiko-framework/engine";
+// All framework constants as `as const` objects with inferred union types.
+// No enums — only const objects + typeof inference.
+// Error codes — the canonical list lives on the KumikoError subclasses in
+// `errors/classes.ts`. Features that need to surface a feature-specific reason
+// attach it under `details.reason` on the relevant Kumiko error class.
+// --- System Hook Names ---
+export const SystemHookNames = {
+  cascadeDelete: "system:hook:cascade-delete",
+} as const;
+export type SystemHookName = (typeof SystemHookNames)[keyof typeof SystemHookNames];
+// --- System Hook Priorities ---
+export const SystemHookPriorities = {
+  cascadeDelete: 500,
+} as const;
+// --- Message Kinds ---
+export const MessageKind = {
+  write: "write",
+  query: "query",
+  command: "command",
+  shared: "shared",
+  broadcast: "broadcast",
+} as const;
+export type MessageKind = (typeof MessageKind)[keyof typeof MessageKind];
+// --- Lifecycle Hook Types ---
+export const LifecycleHookTypes = {
+  preSave: "preSave",
+  postSave: "postSave",
+  preDelete: "preDelete",
+  postDelete: "postDelete",
+  preQuery: "preQuery",
+} as const;
+export type LifecycleHookType = (typeof LifecycleHookTypes)[keyof typeof LifecycleHookTypes];
+// --- Config Scopes ---
+export const ConfigScopes = {
+  system: "system",
+  tenant: "tenant",
+  user: "user",
+} as const;
+export type ConfigScope = (typeof ConfigScopes)[keyof typeof ConfigScopes];
+// --- On Delete Strategies ---
+export const OnDeleteStrategies = {
+  cascade: "cascade",
+  restrict: "restrict",
+  setNull: "setNull",
+  nothing: "nothing",
+} as const;
+export type OnDeleteStrategy = (typeof OnDeleteStrategies)[keyof typeof OnDeleteStrategies];
+// --- Concurrency Modes ---
+export const ConcurrencyModes = {
+  parallel: "parallel",
+  skip: "skip",
+  replace: "replace",
+  sequential: "sequential",
+  debounce: "debounce",
+} as const;
+export type ConcurrencyMode = (typeof ConcurrencyModes)[keyof typeof ConcurrencyModes];
+// --- SSE Channels ---
+export function tenantChannel(tenantId: TenantId): string {
+  return `tenant:${tenantId}`;
+}

package/src/engine/create-app.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import { validateBoot } from "./boot-validator";
+import { createRegistry } from "./registry";
+import type { FeatureDefinition, Registry } from "./types";
+import { DEFAULT_CURRENCIES } from "./types";
+export type AppConfig = {
+  roles: readonly string[];
+  features: readonly FeatureDefinition[];
+  softDelete?: boolean; // Global default for all entities (default: true)
+  currencies?: readonly string[]; // Extends DEFAULT_CURRENCIES
+};
+export type App = {
+  registry: Registry;
+  roles: readonly string[];
+  softDeleteDefault: boolean;
+  currencies: readonly string[];
+};
+export function createApp(config: AppConfig): App {
+  const validRoles = new Set(config.roles);
+  // "system" is reserved for SYSTEM_USER — cannot be used as an app role
+  if (validRoles.has("system")) {
+    throw new Error('Role "system" is reserved for SYSTEM_USER and cannot be used as an app role');
+  }
+  // Special roles that don't need to be in the app's role list
+  const systemRoles = new Set(["all", "system"]);
+  // Validate all roles referenced by features exist in app-defined roles.
+  // openToAll access has no role list — nothing to validate there.
+  for (const feature of config.features) {
+    for (const handler of Object.values(feature.writeHandlers)) {
+      if (handler.access && "roles" in handler.access) {
+        for (const role of handler.access.roles) {
+          if (!validRoles.has(role)) {
+            throw new Error(
+              `Unknown role "${role}" in write handler "${handler.name}" of feature "${feature.name}". Valid roles: ${config.roles.join(", ")}`,
+            );
+          }
+        }
+      }
+    }
+    for (const handler of Object.values(feature.queryHandlers)) {
+      if (handler.access && "roles" in handler.access) {
+        for (const role of handler.access.roles) {
+          if (!validRoles.has(role)) {
+            throw new Error(
+              `Unknown role "${role}" in query handler "${handler.name}" of feature "${feature.name}". Valid roles: ${config.roles.join(", ")}`,
+            );
+          }
+        }
+      }
+    }
+    for (const [key, keyDef] of Object.entries(feature.configKeys)) {
+      for (const role of [...keyDef.access.read, ...keyDef.access.write]) {
+        if (!systemRoles.has(role) && !validRoles.has(role)) {
+          throw new Error(
+            `Unknown role "${role}" in config key "${feature.name}.${key}" of feature "${feature.name}". Valid roles: ${config.roles.join(", ")}`,
+          );
+        }
+      }
+    }
+  }
+  const softDeleteDefault = config.softDelete ?? true;
+  // Merge default + custom currencies, deduplicate
+  const currencies = [...new Set([...DEFAULT_CURRENCIES, ...(config.currencies ?? [])])];
+  // Validate defaultCurrency on entities that have money fields
+  for (const feature of config.features) {
+    for (const [entityName, entity] of Object.entries(feature.entities)) {
+      const hasMoneyField = Object.values(entity.fields).some((f) => f.type === "money");
+      if (entity.defaultCurrency && !currencies.includes(entity.defaultCurrency)) {
+        throw new Error(
+          `Entity "${entityName}" in feature "${feature.name}" has defaultCurrency "${entity.defaultCurrency}" which is not in the currencies list. Available: ${currencies.join(", ")}`,
+        );
+      }
+      if (hasMoneyField && !entity.defaultCurrency) {
+        throw new Error(
+          `Entity "${entityName}" in feature "${feature.name}" has money fields but no defaultCurrency. Set defaultCurrency on the entity definition.`,
+        );
+      }
+    }
+  }
+  // Run boot-time validation before creating registry
+  validateBoot(config.features);
+  return {
+    registry: createRegistry(config.features),
+    roles: config.roles,
+    softDeleteDefault,
+    currencies,
+  };
+}