npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/event-store/admin-api.ts ADDED Viewed

@@ -0,0 +1,257 @@
+// Event-Store Admin-API — Marten-Bypass für Legacy-Daten-Importe.
+// Spec + Verhalten: docs/plans/features/event-store-admin-api.md
+//
+// Guard-Rail: dieses Modul ist NICHT aus event-store/index.ts re-exportiert.
+// Import nur via deep-path `@cosmicdrift/kumiko-framework/event-store/admin-api`. Das
+// Guard-Script `scripts/guard-admin-api.ts` blockt Aufrufe aus App-Code —
+// Allowlist: samples/*/migration/, scripts/migrations/, die Definition
+// selbst, das Guard-Script selbst.
+import { sql } from "drizzle-orm";
+import type { DbRunner } from "../db";
+import { isUniqueViolation } from "../db/pg-error";
+import type { TenantId } from "../engine/types";
+import { VersionConflictError } from "./errors";
+import type { EventMetadata } from "./event-store";
+import { eventsTable } from "./events-schema";
+export type RawEventToAppend = {
+  readonly aggregateId: string;
+  readonly aggregateType: string;
+  readonly tenantId: TenantId;
+  // Predecessor version. 0 writes a new stream at version 1; > 0 requires
+  // the predecessor to exist (same UUID, same tenant). Mirrors EventToAppend.
+  readonly expectedVersion: number;
+  readonly type: string;
+  readonly eventVersion?: number;
+  readonly payload: Record<string, unknown>;
+  readonly metadata: EventMetadata;
+  // Historisch preserved — MUSS gesetzt sein, kein Default auf now().
+  readonly createdAt: Temporal.Instant;
+  // Historisch preserved. Legacy-UserId oder 'system' für pre-auth Daten.
+  // Bewusst getrennt von metadata.userId: der Migration-Runner läuft unter
+  // einer eigenen Service-Identität, der Legacy-Actor ist der Ursprung.
+  readonly createdBy: string;
+};
+// Mirrors append()'s two-path structure: typed builder equivalent for v=0,
+// INSERT … SELECT … WHERE EXISTS gate for v>0. Caller-supplied createdAt +
+// createdBy skip the usual userResolver/now() paths.
+export async function appendRaw(runner: DbRunner, event: RawEventToAppend): Promise<void> {
+  const newVersion = event.expectedVersion + 1;
+  const eventVersion = event.eventVersion ?? 1;
+  try {
+    if (event.expectedVersion === 0) {
+      await insertRawFirst(runner, event, newVersion, eventVersion);
+    } else {
+      await insertRawSubsequent(runner, event, newVersion, eventVersion);
+    }
+  } catch (e) {
+    if (isUniqueViolation(e)) {
+      throw new VersionConflictError(event.aggregateId, event.expectedVersion);
+    }
+    throw e;
+  }
+}
+async function insertRawFirst(
+  runner: DbRunner,
+  event: RawEventToAppend,
+  newVersion: number,
+  eventVersion: number,
+): Promise<void> {
+  await runner.execute(sql`
+    INSERT INTO ${eventsTable} (
+      aggregate_id, aggregate_type, tenant_id, version,
+      type, event_version, payload, metadata, created_at, created_by
+    )
+    VALUES (
+      ${event.aggregateId}::uuid,
+      ${event.aggregateType},
+      ${event.tenantId}::uuid,
+      ${newVersion},
+      ${event.type},
+      ${eventVersion},
+      ${JSON.stringify(event.payload)}::jsonb,
+      ${JSON.stringify(event.metadata)}::jsonb,
+      ${event.createdAt.toString()}::timestamptz,
+      ${event.createdBy}
+    )
+  `);
+}
+async function insertRawSubsequent(
+  runner: DbRunner,
+  event: RawEventToAppend,
+  newVersion: number,
+  eventVersion: number,
+): Promise<void> {
+  const rows = await runner.execute<{ id: string }>(sql`
+    INSERT INTO ${eventsTable} (
+      aggregate_id, aggregate_type, tenant_id, version,
+      type, event_version, payload, metadata, created_at, created_by
+    )
+    SELECT ${event.aggregateId}::uuid,
+           ${event.aggregateType},
+           ${event.tenantId}::uuid,
+           ${newVersion},
+           ${event.type},
+           ${eventVersion},
+           ${JSON.stringify(event.payload)}::jsonb,
+           ${JSON.stringify(event.metadata)}::jsonb,
+           ${event.createdAt.toString()}::timestamptz,
+           ${event.createdBy}
+    WHERE EXISTS (
+      SELECT 1 FROM ${eventsTable}
+      WHERE aggregate_id = ${event.aggregateId}::uuid
+        AND version = ${event.expectedVersion}
+        AND tenant_id = ${event.tenantId}::uuid
+    )
+    RETURNING id
+  `);
+  if (rows.length === 0) {
+    throw new VersionConflictError(event.aggregateId, event.expectedVersion);
+  }
+}
+// Batch append. One multi-VALUES INSERT — atomic by PG statement semantics.
+// Three pre-flight checks identify the specific conflicting aggregate, so the
+// thrown VersionConflictError points at a real event (not at a batch-first
+// placeholder). The INSERT's UNIQUE constraint is still the authoritative
+// gate — pre-flight is for diagnostic precision, not correctness.
+export async function appendRawBatch(
+  runner: DbRunner,
+  events: readonly RawEventToAppend[],
+): Promise<void> {
+  const firstEvent = events[0];
+  // skip: empty batch is a no-op by contract — callers that chunk a stream
+  // into size-N batches shouldn't need to guard the tail-case themselves.
+  if (!firstEvent) return;
+  verifyContiguousWithinBatch(events);
+  await verifyPredecessors(runner, events);
+  await verifyNoDuplicates(runner, events);
+  const rows = events.map((e) => {
+    const newVersion = e.expectedVersion + 1;
+    const eventVersion = e.eventVersion ?? 1;
+    return sql`(
+      ${e.aggregateId}::uuid,
+      ${e.aggregateType},
+      ${e.tenantId}::uuid,
+      ${newVersion},
+      ${e.type},
+      ${eventVersion},
+      ${JSON.stringify(e.payload)}::jsonb,
+      ${JSON.stringify(e.metadata)}::jsonb,
+      ${e.createdAt.toString()}::timestamptz,
+      ${e.createdBy}
+    )`;
+  });
+  try {
+    await runner.execute(sql`
+      INSERT INTO ${eventsTable} (
+        aggregate_id, aggregate_type, tenant_id, version,
+        type, event_version, payload, metadata, created_at, created_by
+      )
+      VALUES ${sql.join(rows, sql`, `)}
+    `);
+  } catch (e) {
+    if (isUniqueViolation(e)) {
+      // Pre-flight ran but lost a race against a concurrent writer. Rare for
+      // migration (single-runner) but possible; we can't name the exact row.
+      throw new VersionConflictError(firstEvent.aggregateId, firstEvent.expectedVersion);
+    }
+    throw e;
+  }
+}
+// Defense-in-depth against a buggy event-mapper: within one batch, for each
+// aggregate the expectedVersion sequence must be contiguous (no gaps). Without
+// this, [expectedVersion=0, expectedVersion=2] for the same aggregate would
+// write v=1 and v=3 with v=2 missing — UNIQUE won't catch it (no collision),
+// predecessor-EXISTS won't catch it (min is 0, check skipped), and the
+// orphan only surfaces at projection-rebuild time. Fail-loud here instead.
+function verifyContiguousWithinBatch(events: readonly RawEventToAppend[]): void {
+  const byAggregate = new Map<string, RawEventToAppend[]>();
+  for (const e of events) {
+    const key = `${e.tenantId}:${e.aggregateId}`;
+    const list = byAggregate.get(key) ?? [];
+    list.push(e);
+    byAggregate.set(key, list);
+  }
+  for (const list of byAggregate.values()) {
+    if (list.length < 2) continue;
+    const sorted = [...list].sort((a, b) => a.expectedVersion - b.expectedVersion);
+    const [first, ...rest] = sorted;
+    if (!first) continue;
+    let prev = first;
+    for (const curr of rest) {
+      if (curr.expectedVersion !== prev.expectedVersion + 1) {
+        throw new VersionConflictError(curr.aggregateId, curr.expectedVersion);
+      }
+      prev = curr;
+    }
+  }
+}
+// Per aggregate-group, check the predecessor (min(expectedVersion) > 0)
+// exists in the DB. For migration batches that are usually single-aggregate
+// or fresh-stream, this loops zero or one times.
+async function verifyPredecessors(
+  runner: DbRunner,
+  events: readonly RawEventToAppend[],
+): Promise<void> {
+  type GroupKey = { tenantId: TenantId; aggregateId: string; minExpected: number };
+  const groups = new Map<string, GroupKey>();
+  for (const e of events) {
+    const key = `${e.tenantId}:${e.aggregateId}`;
+    const existing = groups.get(key);
+    if (!existing || e.expectedVersion < existing.minExpected) {
+      groups.set(key, {
+        tenantId: e.tenantId,
+        aggregateId: e.aggregateId,
+        minExpected: e.expectedVersion,
+      });
+    }
+  }
+  for (const g of groups.values()) {
+    if (g.minExpected === 0) continue;
+    const rows = await runner.execute<{ present: boolean }>(sql`
+      SELECT EXISTS(
+        SELECT 1 FROM ${eventsTable}
+        WHERE aggregate_id = ${g.aggregateId}::uuid
+          AND tenant_id = ${g.tenantId}::uuid
+          AND version = ${g.minExpected}
+      ) AS present
+    `);
+    if (!rows[0]?.present) {
+      throw new VersionConflictError(g.aggregateId, g.minExpected);
+    }
+  }
+}
+// Single IN-query checks whether any (tenant, aggregate, newVersion) tuple
+// already exists. Returns the first collision, so the thrown error names
+// the real conflicting aggregate instead of the batch's first event.
+async function verifyNoDuplicates(
+  runner: DbRunner,
+  events: readonly RawEventToAppend[],
+): Promise<void> {
+  const triples = events.map(
+    (e) => sql`(${e.tenantId}::uuid, ${e.aggregateId}::uuid, ${e.expectedVersion + 1})`,
+  );
+  const rows = await runner.execute<{ aggregate_id: string; version: number }>(sql`
+    SELECT aggregate_id, version FROM ${eventsTable}
+    WHERE (tenant_id, aggregate_id, version) IN (${sql.join(triples, sql`, `)})
+    LIMIT 1
+  `);
+  const conflict = rows[0];
+  if (conflict) {
+    throw new VersionConflictError(conflict.aggregate_id, conflict.version - 1);
+  }
+}

package/src/event-store/archive.ts ADDED Viewed

@@ -0,0 +1,106 @@
+import { and, eq, sql } from "drizzle-orm";
+import type { DbConnection, DbRunner } from "../db/connection";
+import { instant, table as pgTable, text, uniqueIndex, uuid } from "../db/dialect";
+import { tableExists } from "../db/schema-inspection";
+import type { TenantId } from "../engine/types";
+import { pushTables } from "../stack";
+// Marten-aligned stream archival. Archived streams become read-only: fresh
+// appendEvent on an archived aggregate throws, and loadAggregate returns
+// an empty slice unless the caller passes { includeArchived: true }.
+//
+// Storage: sparse table — only ARCHIVED streams have a row. Active streams
+// stay out of this table to keep the hot path free of extra writes. A
+// tenant-scoped PK guards against cross-tenant reuse of aggregate IDs.
+export const archivedStreamsTable = pgTable(
+  "kumiko_archived_streams",
+  {
+    tenantId: uuid("tenant_id").notNull(),
+    aggregateId: uuid("aggregate_id").notNull(),
+    aggregateType: text("aggregate_type").notNull(),
+    archivedAt: instant("archived_at", { precision: 3 }).notNull().default(sql`now()`),
+    archivedBy: text("archived_by").notNull(),
+    reason: text("reason"),
+  },
+  (t) => ({
+    pk: uniqueIndex("kumiko_archived_streams_pk").on(t.tenantId, t.aggregateId),
+  }),
+);
+export async function createArchivedStreamsTable(db: DbConnection): Promise<void> {
+  // skip: table already exists — idempotent boot + test-setup call
+  if (await tableExists(db, "public.kumiko_archived_streams")) return;
+  await pushTables(db, { kumikoArchivedStreams: archivedStreamsTable });
+}
+export type ArchiveStreamArgs = {
+  readonly tenantId: TenantId;
+  readonly aggregateId: string;
+  readonly aggregateType: string;
+  readonly archivedBy: string;
+  readonly reason?: string;
+};
+// Mark a stream as archived. Idempotent — re-archiving (same tenant +
+// aggregate) updates archivedAt/archivedBy to the latest call instead of
+// failing. That matches Marten's "archive is a state, not an event" model.
+export async function archiveStream(db: DbRunner, args: ArchiveStreamArgs): Promise<void> {
+  await db
+    .insert(archivedStreamsTable)
+    .values({
+      tenantId: args.tenantId,
+      aggregateId: args.aggregateId,
+      aggregateType: args.aggregateType,
+      archivedBy: args.archivedBy,
+      reason: args.reason ?? null,
+    })
+    .onConflictDoUpdate({
+      target: [archivedStreamsTable.tenantId, archivedStreamsTable.aggregateId],
+      set: {
+        archivedAt: sql`now()`,
+        archivedBy: args.archivedBy,
+        aggregateType: args.aggregateType,
+        reason: args.reason ?? null,
+      },
+    });
+}
+// Cheap existence probe — issued in the hot read path, so keep the query to
+// a single indexed lookup on the composite PK.
+export async function isStreamArchived(
+  db: DbRunner,
+  tenantId: TenantId,
+  aggregateId: string,
+): Promise<boolean> {
+  const rows = await db
+    .select({ one: sql`1` })
+    .from(archivedStreamsTable)
+    .where(
+      and(
+        eq(archivedStreamsTable.tenantId, tenantId),
+        eq(archivedStreamsTable.aggregateId, aggregateId),
+      ),
+    )
+    .limit(1);
+  return rows.length > 0;
+}
+// Undo an archive — restores the stream to writable state. Ops tool. The
+// historical archivedAt is lost; if auditing needs the archive-history,
+// use domain events on the aggregate (e.g. "stream.archived" / "stream.
+// restored") instead of relying on this row.
+export async function restoreStream(
+  db: DbRunner,
+  tenantId: TenantId,
+  aggregateId: string,
+): Promise<void> {
+  await db
+    .delete(archivedStreamsTable)
+    .where(
+      and(
+        eq(archivedStreamsTable.tenantId, tenantId),
+        eq(archivedStreamsTable.aggregateId, aggregateId),
+      ),
+    );
+}

package/src/event-store/errors.ts ADDED Viewed

@@ -0,0 +1,35 @@
+// Failure modes of the event-store's append() path. Surfaced as typed
+// errors so the executor layer can map them to the framework's
+// WriteResult error contract (version_conflict).
+export class VersionConflictError extends Error {
+  public readonly aggregateId: string;
+  public readonly expectedVersion: number;
+  constructor(aggregateId: string, expectedVersion: number) {
+    super(
+      `Version conflict on aggregate ${aggregateId}: expected predecessor version ${expectedVersion}`,
+    );
+    this.name = "VersionConflictError";
+    this.aggregateId = aggregateId;
+    this.expectedVersion = expectedVersion;
+  }
+}
+// Thrown when ctx.appendEvent targets an archived stream. Archived aggregates
+// are read-only — restoreStream() makes them writable again. The archive
+// state is not carried on the events themselves; it lives on the sparse
+// kumiko_archived_streams table. Handlers that need to branch on archive
+// state should call ctx.isStreamArchived(id) first.
+export class ArchivedStreamError extends Error {
+  public readonly tenantId: string;
+  public readonly aggregateId: string;
+  constructor(tenantId: string, aggregateId: string) {
+    super(
+      `Aggregate ${aggregateId} on tenant ${tenantId} is archived — appendEvent is blocked. ` +
+        `Call restoreStream() to re-open the stream before writing.`,
+    );
+    this.name = "ArchivedStreamError";
+    this.tenantId = tenantId;
+    this.aggregateId = aggregateId;
+  }
+}