npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/__tests__/transition-guard.integration.ts ADDED Viewed

@@ -0,0 +1,340 @@
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { createEventStoreExecutor } from "../db/event-store-executor";
+import { buildDrizzleTable } from "../db/table-builder";
+import {
+  createBooleanField,
+  createEntity,
+  createSelectField,
+  createTextField,
+  defineFeature,
+} from "../engine";
+import { createEntityTable, setupTestStack, type TestStack, TestUsers } from "../stack";
+import { expectErrorIncludes } from "../testing";
+// Two entities, both with a field named `status`, but different transitions.
+// Before the fix, the dispatcher cached the transition map by `fieldName`
+// alone — so whichever entity ran through the pipeline first would poison
+// the cache, and the other entity would be validated against the wrong map.
+const invoiceEntity = createEntity({
+  table: "tg_invoices",
+  fields: {
+    title: createTextField({ required: true }),
+    status: createSelectField({ options: ["draft", "sent", "paid"] as const, default: "draft" }),
+  },
+  transitions: {
+    status: {
+      draft: ["sent"],
+      sent: ["paid"],
+      paid: [],
+    },
+  },
+});
+const orderEntity = createEntity({
+  table: "tg_orders",
+  fields: {
+    title: createTextField({ required: true }),
+    status: createSelectField({
+      options: ["open", "shipped", "delivered"] as const,
+      default: "open",
+    }),
+  },
+  transitions: {
+    status: {
+      open: ["shipped"],
+      shipped: ["delivered"],
+      delivered: [],
+    },
+  },
+});
+// A soft-deletable entity to verify the auto-guard skips isDeleted rows.
+const ticketEntity = createEntity({
+  table: "tg_tickets",
+  fields: {
+    title: createTextField({ required: true }),
+    status: createSelectField({ options: ["open", "closed"] as const, default: "open" }),
+    isDeleted: createBooleanField({ default: false }),
+  },
+  softDelete: true,
+  transitions: {
+    status: {
+      open: ["closed"],
+      closed: [],
+    },
+  },
+});
+const invoiceTable = buildDrizzleTable("invoice", invoiceEntity);
+const orderTable = buildDrizzleTable("order", orderEntity);
+const ticketTable = buildDrizzleTable("ticket", ticketEntity);
+const feature = defineFeature("txguard", (r) => {
+  r.entity("invoice", invoiceEntity);
+  r.entity("order", orderEntity);
+  r.entity("ticket", ticketEntity);
+  r.writeHandler(
+    "invoice:create",
+    z.object({ title: z.string(), status: z.string().optional() }),
+    async (event, ctx) =>
+      createEventStoreExecutor(invoiceTable, invoiceEntity, { entityName: "invoice" }).create(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "invoice:update",
+    z.object({
+      id: z.uuid(),
+      version: z.number().optional(),
+      changes: z.record(z.string(), z.unknown()),
+    }),
+    async (event, ctx) =>
+      createEventStoreExecutor(invoiceTable, invoiceEntity, { entityName: "invoice" }).update(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "order:create",
+    z.object({ title: z.string(), status: z.string().optional() }),
+    async (event, ctx) =>
+      createEventStoreExecutor(orderTable, orderEntity, { entityName: "order" }).create(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "order:update",
+    z.object({
+      id: z.uuid(),
+      version: z.number().optional(),
+      changes: z.record(z.string(), z.unknown()),
+    }),
+    async (event, ctx) =>
+      createEventStoreExecutor(orderTable, orderEntity, { entityName: "order" }).update(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "ticket:create",
+    z.object({ title: z.string() }),
+    async (event, ctx) =>
+      createEventStoreExecutor(ticketTable, ticketEntity, { entityName: "ticket" }).create(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "ticket:delete",
+    z.object({ id: z.uuid() }),
+    async (event, ctx) =>
+      createEventStoreExecutor(ticketTable, ticketEntity, { entityName: "ticket" }).delete(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+  r.writeHandler(
+    "ticket:update",
+    z.object({
+      id: z.uuid(),
+      version: z.number().optional(),
+      changes: z.record(z.string(), z.unknown()),
+    }),
+    async (event, ctx) =>
+      createEventStoreExecutor(ticketTable, ticketEntity, { entityName: "ticket" }).update(
+        event.payload,
+        event.user,
+        ctx.db,
+      ),
+    { access: { openToAll: true } },
+  );
+});
+let stack: TestStack;
+const admin = TestUsers.admin;
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [feature] });
+  await createEntityTable(stack.db, invoiceEntity);
+  await createEntityTable(stack.db, orderEntity);
+  await createEntityTable(stack.db, ticketEntity);
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+describe("auto transition guard: per-entity transition map (cache key includes entity)", () => {
+  test("entity A's transitions don't leak to entity B when both have `status`", async () => {
+    // Create both rows in their default states (draft / open)
+    const invoice = await stack.http.writeOk<{ id: number }>(
+      "txguard:write:invoice:create",
+      { title: "Inv-1" },
+      admin,
+    );
+    const order = await stack.http.writeOk<{ id: number }>(
+      "txguard:write:order:create",
+      { title: "Ord-1" },
+      admin,
+    );
+    // Invoice: draft → sent is ALLOWED by invoice transitions.
+    // If the cache collided with order's map (open→shipped), the dispatcher
+    // would reject "sent" as not a valid target from any known state.
+    const invoiceResult = await stack.http.writeOk<{ data: { status: string } }>(
+      "txguard:write:invoice:update",
+      { id: invoice["id"], changes: { status: "sent" }, version: 1 },
+      admin,
+    );
+    expect(invoiceResult.data.status).toBe("sent");
+    // Order: open → shipped is ALLOWED by order transitions.
+    // If the cache now holds invoice's map, this would be rejected.
+    const orderResult = await stack.http.writeOk<{ data: { status: string } }>(
+      "txguard:write:order:update",
+      { id: order["id"], changes: { status: "shipped" }, version: 1 },
+      admin,
+    );
+    expect(orderResult.data.status).toBe("shipped");
+  });
+  test("invalid transition on entity A still rejects (guard actually fires)", async () => {
+    const invoice = await stack.http.writeOk<{ id: number }>(
+      "txguard:write:invoice:create",
+      { title: "Inv-2" },
+      admin,
+    );
+    // draft → paid is NOT allowed (only draft → sent, sent → paid)
+    const err = await stack.http.writeErr(
+      "txguard:write:invoice:update",
+      { id: invoice["id"], changes: { status: "paid" }, version: 1 },
+      admin,
+    );
+    expectErrorIncludes(err, "Invalid transition");
+    expectErrorIncludes(err, "draft");
+    expectErrorIncludes(err, "paid");
+  });
+  test("invalid transition uses entity B's own map, not a leaked one", async () => {
+    const order = await stack.http.writeOk<{ id: number }>(
+      "txguard:write:order:create",
+      { title: "Ord-2" },
+      admin,
+    );
+    // open → delivered is NOT allowed (only open → shipped, shipped → delivered)
+    const err = await stack.http.writeErr(
+      "txguard:write:order:update",
+      { id: order["id"], changes: { status: "delivered" }, version: 1 },
+      admin,
+    );
+    expectErrorIncludes(err, "Invalid transition");
+    expectErrorIncludes(err, "open");
+    expectErrorIncludes(err, "delivered");
+  });
+  test("soft-deleted rows bypass the guard (no state-machine enforcement on zombies)", async () => {
+    const ticket = await stack.http.writeOk<{ id: string }>(
+      "txguard:write:ticket:create",
+      { title: "T-1" },
+      admin,
+    );
+    // Raw-DB-mark-deleted — we need a soft-deleted row whose status is a
+    // terminal state. If the guard fired, any status write would throw
+    // "Invalid transition: closed → <x>". We want it silently skipped.
+    const { eq } = await import("drizzle-orm");
+    await stack.db
+      .update(ticketTable)
+      .set({ status: "closed", isDeleted: true })
+      .where(eq(ticketTable["id"], ticket["id"]));
+    // Attempting to move a deleted ticket to "open" would normally violate
+    // "closed → []" (no allowed targets). With the softDelete skip, the
+    // guard steps aside and the request only fails because CrudExecutor
+    // filters deleted rows from updates — giving a `not_found`, not a
+    // transition error. That distinction proves the guard skipped.
+    const err = await stack.http.writeErr(
+      "txguard:write:ticket:update",
+      { id: ticket["id"], changes: { status: "open" }, version: 1 },
+      admin,
+    );
+    // Guard was skipped → we don't see "Invalid transition", we see a different
+    // failure (soft-deleted row is filtered out of the lookup, so "not_found").
+    expect(JSON.stringify(err)).not.toContain("Invalid transition");
+    expectErrorIncludes(err, "not_found");
+  });
+  test("concurrent writes on the same row serialize via SELECT FOR UPDATE", async () => {
+    // Two parallel requests both trying to move the SAME invoice from draft.
+    // One legal: draft → sent. One deliberately stale (would also be legal
+    // draft → sent, but since we hold the row lock, the second caller sees
+    // the updated state `sent` when its turn comes and must fail — either
+    // via the transition guard (sent → sent is not defined) or version
+    // conflict. Without the FOR UPDATE both could snapshot `draft` under
+    // READ COMMITTED and race past the guard; the second UPDATE would then
+    // fail only via the optimistic lock, losing the specific error signal.
+    const invoice = await stack.http.writeOk<{ id: number }>(
+      "txguard:write:invoice:create",
+      { title: "Concurrent-1" },
+      admin,
+    );
+    const [res1, res2] = await Promise.all([
+      stack.http.write(
+        "txguard:write:invoice:update",
+        { id: invoice["id"], changes: { status: "sent" }, version: 1 },
+        admin,
+      ),
+      stack.http.write(
+        "txguard:write:invoice:update",
+        { id: invoice["id"], changes: { status: "sent" }, version: 1 },
+        admin,
+      ),
+    ]);
+    const body1 = (await res1.json()) as { isSuccess: boolean; error?: unknown };
+    const body2 = (await res2.json()) as { isSuccess: boolean; error?: unknown };
+    // Exactly one of the two must win. If both succeeded, the row lock
+    // didn't serialize — both wrote draft→sent using a stale snapshot.
+    const successes = [body1, body2].filter((b) => b.isSuccess);
+    const failures = [body1, body2].filter((b) => !b.isSuccess);
+    expect(successes).toHaveLength(1);
+    expect(failures).toHaveLength(1);
+    // The loser saw state `sent` on its (now serialized) guard read and
+    // rejected the transition — NOT a version_conflict, which would be the
+    // optimistic-lock fallback if the guard had race-passed.
+    // The loser's UnprocessableError carries reason "invalid_transition" plus
+    // the from/to states for debugging.
+    const loser = failures[0]?.error as { code: string; details: { reason: string; from: string } };
+    expect(loser.code).toBe("unprocessable");
+    expect(loser.details.reason).toBe("invalid_transition");
+    expect(loser.details.from).toBe("sent");
+  });
+});

package/src/api/__tests__/api.test.ts ADDED Viewed

@@ -0,0 +1,337 @@
+import { describe, expect, test } from "vitest";
+import { z } from "zod";
+import {
+  createEntity,
+  createRegistry,
+  createTextField,
+  defineFeature,
+  type TenantId,
+} from "../../engine";
+import { createTestUser, TestUsers } from "../../stack";
+import { buildServer } from "../server";
+const JWT_SECRET = "test-secret-at-least-32-chars-long!!";
+const testFeature = defineFeature("test", (r) => {
+  r.entity("item", createEntity({ table: "Items", fields: { name: createTextField() } }));
+  r.writeHandler(
+    "item:create",
+    z.object({ name: z.string().min(1) }),
+    async (event) => ({ isSuccess: true, data: { name: event.payload.name } }),
+    { access: { roles: ["Admin"] } },
+  );
+  r.queryHandler(
+    "item:list",
+    z.object({ search: z.string().optional() }),
+    async () => [{ id: 1, name: "Test" }],
+    { access: { openToAll: true } },
+  );
+});
+const registry = createRegistry([testFeature]);
+const { app, jwt } = buildServer({ registry, context: {}, jwtSecret: JWT_SECRET });
+const adminUser = TestUsers.admin;
+const guestUser = createTestUser({ id: 2, roles: ["Guest"] });
+async function authHeader(user: {
+  id: string;
+  tenantId: TenantId;
+  roles: readonly string[];
+}): Promise<Record<string, string>> {
+  const token = await jwt.sign(user);
+  return { Authorization: `Bearer ${token}` };
+}
+function req(method: string, path: string, body?: unknown, headers?: Record<string, string>) {
+  const init: RequestInit = {
+    method,
+    headers: { "Content-Type": "application/json", ...headers },
+  };
+  if (body) init.body = JSON.stringify(body);
+  return app.request(path, init);
+}
+// --- Health ---
+describe("health", () => {
+  test("GET /health returns ok", async () => {
+    const res = await req("GET", "/health");
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ status: "ok" });
+  });
+});
+// --- Auth ---
+describe("auth middleware", () => {
+  test("rejects request without token", async () => {
+    const res = await req("POST", "/api/write", {
+      type: "test:write:item:create",
+      payload: { name: "x" },
+    });
+    expect(res.status).toBe(401);
+  });
+  test("rejects invalid token", async () => {
+    const res = await req(
+      "POST",
+      "/api/write",
+      { type: "test:write:item:create", payload: { name: "x" } },
+      {
+        Authorization: "Bearer invalid.token.here",
+      },
+    );
+    expect(res.status).toBe(401);
+  });
+  test("accepts valid token", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req(
+      "POST",
+      "/api/write",
+      { type: "test:write:item:create", payload: { name: "Test" } },
+      headers,
+    );
+    expect(res.status).toBe(200);
+  });
+});
+// --- Write ---
+describe("POST /api/write", () => {
+  test("dispatches write and returns result", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req(
+      "POST",
+      "/api/write",
+      { type: "test:write:item:create", payload: { name: "Hello" } },
+      headers,
+    );
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.isSuccess).toBe(true);
+    expect(body.data.name).toBe("Hello");
+  });
+  test("returns 400 for validation error", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req(
+      "POST",
+      "/api/write",
+      { type: "test:write:item:create", payload: { name: "" } },
+      headers,
+    );
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.error).toMatchObject({ code: "validation_error", i18nKey: expect.any(String) });
+  });
+  test("returns 403 for access denied", async () => {
+    const headers = await authHeader(guestUser);
+    const res = await req(
+      "POST",
+      "/api/write",
+      { type: "test:write:item:create", payload: { name: "Test" } },
+      headers,
+    );
+    expect(res.status).toBe(403);
+    const body = await res.json();
+    expect(body.error).toMatchObject({ code: "access_denied" });
+  });
+});
+// --- Query ---
+describe("POST /api/query", () => {
+  test("dispatches query and returns data", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req(
+      "POST",
+      "/api/query",
+      { type: "test:query:item:list", payload: {} },
+      headers,
+    );
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.data).toEqual([{ id: 1, name: "Test" }]);
+  });
+  test("returns 404 for unknown query", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req("POST", "/api/query", { type: "nope", payload: {} }, headers);
+    expect(res.status).toBe(404);
+  });
+});
+// --- Command ---
+describe("POST /api/command", () => {
+  test("dispatches command and returns 202", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await req(
+      "POST",
+      "/api/command",
+      { type: "test:write:item:create", payload: { name: "Fire" } },
+      headers,
+    );
+    expect(res.status).toBe(202);
+    const body = await res.json();
+    expect(body.ok).toBe(true);
+  });
+  test("returns 403 for access denied", async () => {
+    const headers = await authHeader(guestUser);
+    const res = await req(
+      "POST",
+      "/api/command",
+      { type: "test:write:item:create", payload: { name: "x" } },
+      headers,
+    );
+    expect(res.status).toBe(403);
+  });
+});
+// --- SSE ---
+describe("GET /api/sse", () => {
+  test("rejects without auth", async () => {
+    const res = await app.request("/api/sse");
+    expect(res.status).toBe(401);
+  });
+  test("returns event stream with auth", async () => {
+    const headers = await authHeader(adminUser);
+    const res = await app.request("/api/sse", { headers });
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/event-stream");
+  });
+});
+// --- r.httpRoute (feature-deklarierte HTTP-Routes außerhalb /api/) ---
+describe("feature-declared HTTP routes (r.httpRoute)", () => {
+  // Eigenes buildServer-Setup mit einem Feature das eine Route deklariert.
+  // Pinst die Verdrahtung end-to-end: r.httpRoute → registry → buildServer
+  // → Hono-app.{get,post}(path) → Response. deps.app erlaubt internal-call
+  // an /api/* (gleicher Auth-Pfad wie ein echter HTTP-Call).
+  const routeFeature = defineFeature("routes", (r) => {
+    r.entity("item", createEntity({ table: "Items", fields: { name: createTextField() } }));
+    r.queryHandler("item:list", z.object({}), async () => [{ id: 7 }], {
+      access: { openToAll: true },
+    });
+    r.httpRoute({
+      method: "GET",
+      path: "/version",
+      anonymous: true,
+      handler: (c) => c.json({ version: "1.2.3" }),
+    });
+    r.httpRoute({
+      method: "GET",
+      path: "/probe-deps",
+      anonymous: true,
+      handler: (c, deps) => {
+        // Beweist dass deps.app die Hono-App-Instanz ist — Handler kann
+        // sie für internal app.fetch(...)-Calls nutzen (typischer
+        // Use-Case: feed.xml ruft /api/query intern auf).
+        return c.json({
+          hasApp: typeof deps.app === "object" && typeof deps.app.fetch === "function",
+        });
+      },
+    });
+  });
+  const routeRegistry = createRegistry([routeFeature]);
+  const { app: routeApp } = buildServer({
+    registry: routeRegistry,
+    context: {},
+    jwtSecret: JWT_SECRET,
+  });
+  test("GET /version returnt deklarierten JSON-Response", async () => {
+    const res = await routeApp.request("/version");
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ version: "1.2.3" });
+  });
+  test("Handler bekommt deps.app — Hono-Instance für internal-fetch", async () => {
+    const res = await routeApp.request("/probe-deps");
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { hasApp: boolean };
+    expect(body.hasApp).toBe(true);
+  });
+  test("Handler kann via deps.app intern /api/query aufrufen (anonymous + defaultTenantId)", async () => {
+    // Realistischer Use-Case (publicstatus feed.xml): die r.httpRoute
+    // baut eine View aus internen /api/query-Daten. Anonymous-Access mit
+    // defaultTenantId macht den inner-Call ohne Bearer-Token möglich;
+    // pinst dass deps.app.fetch identisch zu einem echten HTTP-Call läuft.
+    const inner = defineFeature("inner", (r) => {
+      r.entity("item", createEntity({ table: "Items", fields: { name: createTextField() } }));
+      // Bewusst "anonymous" — openToAll schließt anonymous-User explizit
+      // aus (siehe access.ts), damit das Aktivieren von anonymousAccess
+      // nicht versehentlich jeden openToAll-Handler public macht.
+      r.queryHandler("item:list", z.object({}), async () => [{ id: 42, name: "hello" }], {
+        access: { roles: ["anonymous"] },
+      });
+      r.httpRoute({
+        method: "GET",
+        path: "/feed",
+        anonymous: true,
+        handler: async (c, deps) => {
+          const queryRes = await deps.app.fetch(
+            new Request(`${new URL(c.req.url).origin}/api/query`, {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({ type: "inner:query:item:list", payload: {} }),
+            }),
+          );
+          const body = (await queryRes.json()) as { data?: unknown };
+          return c.json({ status: queryRes.status, items: body.data });
+        },
+      });
+    });
+    const innerRegistry = createRegistry([inner]);
+    const { app: innerApp } = buildServer({
+      registry: innerRegistry,
+      context: {},
+      jwtSecret: JWT_SECRET,
+      anonymousAccess: {
+        defaultTenantId: "00000000-0000-4000-8000-000000000000" as TenantId,
+      },
+    });
+    const res = await innerApp.request("/feed");
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { status: number; items: unknown };
+    expect(body.status).toBe(200);
+    expect(body.items).toEqual([{ id: 42, name: "hello" }]);
+  });
+  test("Boot-Validator: Route auf /api/* ist verboten", () => {
+    expect(() =>
+      defineFeature("bad", (r) => {
+        r.httpRoute({
+          method: "GET",
+          path: "/api/forbidden",
+          handler: (c) => c.text("nope"),
+        });
+      }),
+    ).toThrow(/\/api\/\* namespace.*reserved/);
+  });
+  test("Boot-Validator: doppelte method+path-Combo wird abgelehnt", () => {
+    expect(() =>
+      defineFeature("dup", (r) => {
+        r.httpRoute({ method: "GET", path: "/x", handler: (c) => c.text("a") });
+        r.httpRoute({ method: "GET", path: "/x", handler: (c) => c.text("b") });
+      }),
+    ).toThrow(/already registered/);
+  });
+});