npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.13.0 → 0.15.0 - Mend

@cosmicdrift/kumiko-framework 0.13.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (314) hide show

package/src/event-store/event-store.ts CHANGED Viewed

@@ -1,6 +1,13 @@
-import { and, asc, eq, gt, lte, max, sql } from "drizzle-orm";
 import type { DbRunner } from "../db";
 import { isUniqueViolation } from "../db/pg-error";
+import {
+  insertSubsequentEventRow,
+  notifyPgChannel,
+  selectAggregateMaxVersion,
+  selectEventsHighWaterMark,
+  selectStreamMaxVersion,
+} from "../db/queries/event-store";
+import { insertOne, selectMany } from "../db/query";
 import type { TenantId } from "../engine/types";
 import { isStreamArchived } from "./archive";
 import { VersionConflictError } from "./errors";
@@ -60,7 +67,19 @@ export type StoredEvent<TPayload = Record<string, unknown>> = {
   readonly createdBy: string;
 };
-type SelectedEvent = typeof eventsTable.$inferSelect;
+type SelectedEvent = {
+  readonly id: bigint;
+  readonly aggregateId: string;
+  readonly aggregateType: string;
+  readonly tenantId: TenantId;
+  readonly version: number;
+  readonly type: string;
+  readonly eventVersion: number;
+  readonly payload: Record<string, unknown>;
+  readonly metadata: EventMetadata;
+  readonly createdAt: Temporal.Instant;
+  readonly createdBy: string;
+};
 // Append one event atomically. Two guarantees combined:
 //
@@ -99,7 +118,7 @@ export async function append(db: DbRunner, event: EventToAppend): Promise<Stored
     // NOTIFY fires on commit (PG buffers NOTIFY per TX), so subscribers never
     // see a wake-up for an event that later rolled back. Harmless no-op when
     // no LISTENer is attached.
-    await db.execute(sql`SELECT pg_notify(${EVENTS_PUBSUB_CHANNEL}, '')`);
+    await notifyPgChannel(db, EVENTS_PUBSUB_CHANNEL);
     return buildStoredEvent(event, newVersion, eventVersion, row);
   } catch (e) {
@@ -122,22 +141,19 @@ async function insertFirstEvent(
   newVersion: number,
   eventVersion: number,
 ): Promise<InsertReturn> {
-  const [row] = await db
-    .insert(eventsTable)
-    .values({
-      aggregateId: event.aggregateId,
-      aggregateType: event.aggregateType,
-      tenantId: event.tenantId,
-      version: newVersion,
-      type: event.type,
-      eventVersion,
-      payload: event.payload,
-      metadata: event.metadata,
-      createdBy: event.metadata.userId,
-    })
-    .returning({ id: eventsTable.id, createdAt: eventsTable.createdAt });
+  const row = await insertOne<{ id: bigint; createdAt: Temporal.Instant }>(db, eventsTable, {
+    aggregateId: event.aggregateId,
+    aggregateType: event.aggregateType,
+    tenantId: event.tenantId,
+    version: newVersion,
+    type: event.type,
+    eventVersion,
+    payload: event.payload,
+    metadata: event.metadata,
+    createdBy: event.metadata.userId,
+  });
   if (!row) throw new Error("insertFirstEvent: INSERT RETURNING produced no row");
-  return row;
+  return { id: row.id, createdAt: row.createdAt };
 }
 // Subsequent event — predecessor must exist AND belong to the same tenant.
@@ -150,31 +166,21 @@ async function insertSubsequentEvent(
   newVersion: number,
   eventVersion: number,
 ): Promise<InsertReturn> {
-  const payloadJson = JSON.stringify(event.payload);
-  const metadataJson = JSON.stringify(event.metadata);
-  const rows = await db.execute<{ id: string; created_at: Date | string }>(sql`
-    INSERT INTO ${eventsTable} (
-      aggregate_id, aggregate_type, tenant_id, version,
-      type, event_version, payload, metadata, created_by
-    )
-    SELECT ${event.aggregateId}::uuid, ${event.aggregateType}, ${event.tenantId}::uuid, ${newVersion},
-           ${event.type}, ${eventVersion}, ${payloadJson}::jsonb,
-           ${metadataJson}::jsonb, ${event.metadata.userId}
-    WHERE EXISTS (
-      SELECT 1 FROM ${eventsTable}
-      WHERE aggregate_id = ${event.aggregateId}::uuid
-        AND version = ${event.expectedVersion}
-        AND tenant_id = ${event.tenantId}::uuid
-    )
-    RETURNING id, created_at;
-  `);
-  const row = rows[0];
+  const row = await insertSubsequentEventRow(db, {
+    aggregateId: event.aggregateId,
+    aggregateType: event.aggregateType,
+    tenantId: event.tenantId,
+    newVersion,
+    type: event.type,
+    eventVersion,
+    payloadJson: JSON.stringify(event.payload),
+    metadataJson: JSON.stringify(event.metadata),
+    createdBy: event.metadata.userId,
+    expectedVersion: event.expectedVersion,
+  });
   if (!row) throw new VersionConflictError(event.aggregateId, event.expectedVersion);
   return {
-    id: BigInt(row.id),
-    // Raw SQL bypasses Drizzle's customType — postgres-js returns Date or
-    // string depending on driver-config. Normalize through Temporal.Instant
-    // so the InsertReturn shape matches the typed-builder path.
+    id: typeof row.id === "bigint" ? row.id : BigInt(row.id),
     createdAt:
       row.created_at instanceof Date
         ? Temporal.Instant.fromEpochMilliseconds(row.created_at.getTime())
@@ -221,11 +227,12 @@ export async function loadAggregate(
     const archived = await isStreamArchived(db, tenantId, aggregateId);
     if (archived) return [];
   }
-  const rows = await db
-    .select()
-    .from(eventsTable)
-    .where(and(eq(eventsTable.aggregateId, aggregateId), eq(eventsTable.tenantId, tenantId)))
-    .orderBy(asc(eventsTable.version));
+  const rows = await selectMany<SelectedEvent>(
+    db,
+    eventsTable,
+    { aggregateId, tenantId },
+    { orderBy: { col: "version", direction: "asc" } },
+  );
   return rows.map(toStoredEvent);
 }
@@ -243,17 +250,12 @@ export async function loadAggregateAsOf(
     const archived = await isStreamArchived(db, tenantId, aggregateId);
     if (archived) return [];
   }
-  const rows = await db
-    .select()
-    .from(eventsTable)
-    .where(
-      and(
-        eq(eventsTable.aggregateId, aggregateId),
-        eq(eventsTable.tenantId, tenantId),
-        lte(eventsTable.createdAt, asOf),
-      ),
-    )
-    .orderBy(asc(eventsTable.version));
+  const rows = await selectMany<SelectedEvent>(
+    db,
+    eventsTable,
+    { aggregateId, tenantId, createdAt: { lte: asOf } },
+    { orderBy: { col: "version", direction: "asc" } },
+  );
   return rows.map(toStoredEvent);
 }
@@ -268,11 +270,15 @@ export async function getStreamVersion(
   aggregateId: string,
   tenantId: TenantId,
 ): Promise<number> {
-  const [row] = await db
-    .select({ v: max(eventsTable.version) })
-    .from(eventsTable)
-    .where(and(eq(eventsTable.aggregateId, aggregateId), eq(eventsTable.tenantId, tenantId)));
-  return row?.v ?? 0;
+  return selectStreamMaxVersion(db, aggregateId, tenantId);
+}
+/** MAX(version) for one aggregate — no tenant filter. Used by seed idempotency. */
+export async function getAggregateStreamMaxVersion(
+  db: DbRunner,
+  aggregateId: string,
+): Promise<number> {
+  return selectAggregateMaxVersion(db, aggregateId);
 }
 // Global high-water-mark = MAX(events.id). Marten/Wolverine standard for
@@ -280,8 +286,7 @@ export async function getStreamVersion(
 // the bigserial PK index — sub-millisecond cost. Returns 0n on an empty log
 // (boot, fresh tenant, post-archive).
 export async function getEventsHighWaterMark(db: DbRunner): Promise<bigint> {
-  const [row] = await db.select({ max: max(eventsTable.id) }).from(eventsTable);
-  return row?.max ?? 0n;
+  return selectEventsHighWaterMark(db);
 }
 // Load events strictly newer than a given version. Used by snapshot-aware
@@ -293,17 +298,12 @@ export async function loadEventsAfterVersion(
   tenantId: TenantId,
   afterVersion: number,
 ): Promise<readonly StoredEvent[]> {
-  const rows = await db
-    .select()
-    .from(eventsTable)
-    .where(
-      and(
-        eq(eventsTable.aggregateId, aggregateId),
-        eq(eventsTable.tenantId, tenantId),
-        gt(eventsTable.version, afterVersion),
-      ),
-    )
-    .orderBy(asc(eventsTable.version));
+  const rows = await selectMany<SelectedEvent>(
+    db,
+    eventsTable,
+    { aggregateId, tenantId, version: { gt: afterVersion } },
+    { orderBy: { col: "version", direction: "asc" } },
+  );
   return rows.map(toStoredEvent);
 }
@@ -319,11 +319,17 @@ export async function loadAllEventsByType(
   db: DbRunner,
   aggregateType: string,
 ): Promise<readonly StoredEvent[]> {
-  const rows = await db
-    .select()
-    .from(eventsTable)
-    .where(eq(eventsTable.aggregateType, aggregateType))
-    .orderBy(asc(eventsTable.createdAt), asc(eventsTable.id));
+  const rows = await selectMany<SelectedEvent>(
+    db,
+    eventsTable,
+    { aggregateType },
+    {
+      orderBy: [
+        { col: "createdAt", direction: "asc" },
+        { col: "id", direction: "asc" },
+      ],
+    },
+  );
   return rows.map(toStoredEvent);
 }
@@ -359,12 +365,12 @@ export async function* streamAllEventsByType(
   let cursorId = 0n;
   while (true) {
     signal?.throwIfAborted();
-    const rows = await db
-      .select()
-      .from(eventsTable)
-      .where(and(eq(eventsTable.aggregateType, aggregateType), gt(eventsTable.id, cursorId)))
-      .orderBy(asc(eventsTable.id))
-      .limit(batchSize);
+    const rows = await selectMany<SelectedEvent>(
+      db,
+      eventsTable,
+      { aggregateType, id: { gt: cursorId } },
+      { orderBy: { col: "id", direction: "asc" }, limit: batchSize },
+    );
     if (rows.length === 0) {
       // skip: end of stream — generator exit is the natural termination.

package/src/event-store/events-schema.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { sql } from "drizzle-orm";
+// sql now comes from native dialect
 import { type DbConnection, tableExists } from "../db";
 import {
   bigserial,
@@ -7,6 +7,7 @@ import {
   integer,
   jsonb,
   table as pgTable,
+  sql,
   text,
   uniqueIndex,
   uuid,

package/src/event-store/index.ts CHANGED Viewed

@@ -12,6 +12,7 @@ export {
   EVENTS_PUBSUB_CHANNEL,
   type EventMetadata,
   type EventToAppend,
+  getAggregateStreamMaxVersion,
   getEventsHighWaterMark,
   getStreamVersion,
   loadAggregate,

package/src/event-store/snapshot.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import { and, desc, eq, sql } from "drizzle-orm";
+// sql now comes from native dialect
 import type { DbConnection, DbRunner } from "../db/connection";
 import {
   index,
@@ -7,9 +8,12 @@ import {
   jsonb,
   table as pgTable,
   primaryKey,
+  sql,
   text,
   uuid,
 } from "../db/dialect";
+import { upsertSnapshot } from "../db/queries/event-store";
+import { selectMany } from "../db/query";
 import { tableExists } from "../db/schema-inspection";
 import type { TenantId } from "../engine/types";
 import { unsafePushTables } from "../stack";
@@ -98,23 +102,13 @@ export type SaveSnapshotArgs = {
 // bespoke error handling — useful when a feature's snapshot policy runs
 // during a concurrent retake.
 export async function saveSnapshot(db: DbRunner, args: SaveSnapshotArgs): Promise<void> {
-  await db
-    .insert(snapshotsTable)
-    .values({
-      aggregateId: args.aggregateId,
-      tenantId: args.tenantId,
-      aggregateType: args.aggregateType,
-      version: args.version,
-      state: args.state,
-    })
-    .onConflictDoUpdate({
-      target: [snapshotsTable.aggregateId, snapshotsTable.version],
-      set: {
-        state: args.state,
-        aggregateType: args.aggregateType,
-        createdAt: sql`now()`,
-      },
-    });
+  await upsertSnapshot(db, {
+    aggregateId: args.aggregateId,
+    tenantId: args.tenantId,
+    aggregateType: args.aggregateType,
+    version: args.version,
+    stateJson: JSON.stringify(args.state),
+  });
 }
 // Latest snapshot lookup. Tenant filter is belt-and-suspenders — the
@@ -123,12 +117,20 @@ export async function saveSnapshot(db: DbRunner, args: SaveSnapshotArgs): Promis
 export async function loadLatestSnapshot<
   TState extends Record<string, unknown> = Record<string, unknown>,
 >(db: DbRunner, aggregateId: string, tenantId: TenantId): Promise<Snapshot<TState> | null> {
-  const rows = await db
-    .select()
-    .from(snapshotsTable)
-    .where(and(eq(snapshotsTable.aggregateId, aggregateId), eq(snapshotsTable.tenantId, tenantId)))
-    .orderBy(desc(snapshotsTable.version))
-    .limit(1);
+  type SnapRow = {
+    aggregateId: string;
+    tenantId: TenantId;
+    aggregateType: string;
+    version: number;
+    state: unknown;
+    createdAt: Temporal.Instant;
+  };
+  const rows = await selectMany<SnapRow>(
+    db,
+    snapshotsTable,
+    { aggregateId, tenantId },
+    { orderBy: { col: "version", direction: "desc" }, limit: 1 },
+  );
   const row = rows[0];
   if (!row) return null;
   return {

package/src/event-store/upcaster-dead-letter.ts CHANGED Viewed

@@ -12,8 +12,17 @@
 // ops tooling. Replay (re-apply the migration after a code fix) is a
 // separate CLI step — not implemented here, tracked as follow-up.
-import { bigint, index, integer, jsonb, pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
 import type { DbConnection, DbRunner } from "../db/connection";
+import {
+  bigint,
+  index,
+  integer,
+  jsonb,
+  table as pgTable,
+  text,
+  timestamp,
+  uuid,
+} from "../db/dialect";
 import { tableExists } from "../db/schema-inspection";
 import { unsafePushTables } from "../stack";
 import type { StoredEvent } from "./event-store";
@@ -66,7 +75,8 @@ export async function recordUpcasterDeadLetter(
   },
 ): Promise<void> {
   const message = args.error instanceof Error ? args.error.message : String(args.error);
-  await db.insert(upcasterDeadLetterTable).values({
+  const { insertOne } = await import("../bun-db/query");
+  await insertOne(db, upcasterDeadLetterTable, {
     eventId: args.event.id,
     tenantId: args.event.tenantId,
     aggregateId: args.event.aggregateId,
@@ -99,21 +109,12 @@ export async function listDeadLetters(
   db: DbConnection,
   options: { eventType?: string; limit?: number } = {},
 ): Promise<readonly DeadLetterRow[]> {
-  const { desc, eq } = await import("drizzle-orm");
+  const { selectMany } = await import("../bun-db/query");
   const limit = options.limit ?? 100;
-  const eventType = options.eventType;
-  const rows =
-    eventType !== undefined
-      ? await db
-          .select()
-          .from(upcasterDeadLetterTable)
-          .where(eq(upcasterDeadLetterTable.eventType, eventType))
-          .orderBy(desc(upcasterDeadLetterTable.createdAt))
-          .limit(limit)
-      : await db
-          .select()
-          .from(upcasterDeadLetterTable)
-          .orderBy(desc(upcasterDeadLetterTable.createdAt))
-          .limit(limit);
-  return rows as readonly DeadLetterRow[]; // @cast-boundary db-row
+  const where = options.eventType !== undefined ? { eventType: options.eventType } : undefined;
+  const rows = await selectMany<DeadLetterRow>(db, upcasterDeadLetterTable, where, {
+    orderBy: { col: "createdAt", direction: "desc" },
+    limit,
+  });
+  return rows;
 }

package/src/files/__tests__/content-disposition.test.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { describe, expect, test } from "vitest";
+import { describe, expect, test } from "bun:test";
 import {
   buildContentDispositionHeader,
   encodeRFC5987,

package/src/files/__tests__/{file-field-pipeline.integration.ts → file-field-pipeline.integration.test.ts} RENAMED Viewed

@@ -12,11 +12,11 @@
 //   POST /api/write → entity:update with new file-UUID
 //   POST /api/query → entity:detail → new UUID persisted
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
 import { mkdtemp, rm } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { asRawClient } from "../../db/query";
 import {
   createEntity,
   createFileField,
@@ -36,6 +36,7 @@ import {
   testTenantId,
   unsafeCreateEntityTable,
 } from "../../stack";
+import { buildMultipartBody, patchFileInstanceofForBunTest } from "../../testing";
 import { createLocalProvider } from "../local-provider";
 // Covers ALL four file-field variants: singular (file/image) stores a UUID in
@@ -69,6 +70,7 @@ const tenantId = testTenantId(1);
 const user = createTestUser({ id: 1, tenantId, roles: ["Admin"] });
 beforeAll(async () => {
+  patchFileInstanceofForBunTest();
   storagePath = await mkdtemp(join(tmpdir(), "kumiko-file-field-pipeline-"));
   stack = await setupTestStack({
     features: [documentFeature],
@@ -83,17 +85,18 @@ afterAll(async () => {
 });
 beforeEach(async () => {
-  await stack.db.execute(sql`TRUNCATE pipeline_documents`);
+  await asRawClient(stack.db).unsafe(`TRUNCATE pipeline_documents`);
 });
 async function uploadFile(fileName: string, body: Uint8Array, mimeType: string): Promise<string> {
   const token = await stack.jwt.sign(user);
   const fd = new FormData();
   fd.append("file", new File([Buffer.from(body)], fileName, { type: mimeType }));
+  const { body: multipartBody, contentType } = await buildMultipartBody(fd);
   const res = await stack.app.request("/api/files", {
     method: "POST",
-    headers: { Authorization: `Bearer ${token}` },
-    body: fd,
+    headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+    body: multipartBody,
   });
   // File-routes return 201 Created on successful upload.
   expect(res.status).toBe(201);

package/src/files/__tests__/file-handle.test.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { describe, expect, test } from "vitest";
+import { describe, expect, test } from "bun:test";
 import { createFileContext, createFileHandle, deriveKey } from "../file-handle";
 import { createInMemoryFileProvider } from "../in-memory-provider";

package/src/files/__tests__/{files.integration.ts → files.integration.test.ts} RENAMED Viewed

@@ -1,8 +1,8 @@
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { mkdtemp, rm } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import type { Hono } from "hono";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import type { JwtHelper } from "../../api/jwt";
 import { buildServer } from "../../api/server";
 import {
@@ -22,7 +22,11 @@ import {
   unsafeCreateEntityTable,
   unsafePushTables,
 } from "../../stack";
-import { expectErrorIncludes } from "../../testing";
+import {
+  buildMultipartBody,
+  expectErrorIncludes,
+  patchFileInstanceofForBunTest,
+} from "../../testing";
 import { fileRefsTable } from "../file-ref-table";
 import { FILE_UPLOADED_EVENT_TYPE, type FileRoutesOptions } from "../file-routes";
 import { createInMemoryFileProvider } from "../in-memory-provider";
@@ -60,6 +64,10 @@ const tenantFeature = defineFeature("tenant", (r) => {
 });
 beforeAll(async () => {
+  // Bun v1.3.x bun:test: Hono's parseBody() returns cross-realm Blob objects
+  // that fail `instanceof File`. Patch File[Symbol.hasInstance] with duck-typing.
+  patchFileInstanceofForBunTest();
   testDb = await createTestDb();
   storagePath = await mkdtemp(join(tmpdir(), "kumiko-files-test-"));
@@ -105,10 +113,11 @@ async function uploadFile(
       formData.append(k, v);
     }
   }
+  const { body, contentType } = await buildMultipartBody(formData);
   return app.request("/api/files", {
     method: "POST",
-    headers: { Authorization: `Bearer ${token}` },
-    body: formData,
+    headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+    body,
   });
 }
@@ -422,10 +431,11 @@ describe("custom file access guard", () => {
         fd.append("entityType", "tenant");
         fd.append("entityId", "1");
         fd.append("fieldName", "logo");
+        const { body: multipartBody, contentType } = await buildMultipartBody(fd);
         return isolatedServer.app.request("/api/files", {
           method: "POST",
-          headers: { Authorization: `Bearer ${token}` },
-          body: fd,
+          headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+          body: multipartBody,
         });
       };
       const request = async (user: SessionUser, fileId: string, init: RequestInit = {}) => {
@@ -546,10 +556,11 @@ describe("error handling", () => {
     const formData = new FormData();
     formData.append("notafile", "just text");
+    const { body: multipartBody, contentType } = await buildMultipartBody(formData);
     const res = await app.request("/api/files", {
       method: "POST",
-      headers: { Authorization: `Bearer ${token}` },
-      body: formData,
+      headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+      body: multipartBody,
     });
     expect(res.status).toBe(400);
@@ -584,9 +595,11 @@ describe("error handling", () => {
     const formData = new FormData();
     formData.append("file", new File([new Uint8Array(10)], "test.png", { type: "image/png" }));
+    const { body: multipartBody, contentType } = await buildMultipartBody(formData);
     const res = await app.request("/api/files", {
       method: "POST",
-      body: formData,
+      headers: { "Content-Type": contentType },
+      body: multipartBody,
     });
     expect(res.status).toBe(401);
   });
@@ -614,10 +627,11 @@ describe("Content-Disposition header hardening", () => {
     const token = await jwt.sign(adminUser);
     const fd = new FormData();
     fd.append("file", new File([Buffer.from(smallPng)], fileName, { type: "image/png" }));
+    const { body: multipartBody, contentType } = await buildMultipartBody(fd);
     const res = await app.request("/api/files", {
       method: "POST",
-      headers: { Authorization: `Bearer ${token}` },
-      body: fd,
+      headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+      body: multipartBody,
     });
     expect(res.status).toBe(201);
     const body = await res.json();
@@ -648,11 +662,11 @@ describe("Content-Disposition header hardening", () => {
     expect(fallbackMatch?.[1]).not.toContain('"');
     expect(fallbackMatch?.[1]).not.toContain(";");
-    // filename* uses UTF-8 percent-encoding. The attacker's quote char
-    // (0x22) must appear as %22 — proving the raw bytes are preserved
-    // losslessly without escape-sequence injection.
+    // filename* uses UTF-8 percent-encoding for non-ASCII characters.
+    // Bun's multipart parser already strips quotes/semicolons from File.name
+    // (the raw Content-Disposition filename parameter is parsed by the runtime).
+    // The safe fallback + encodeRFC5987 chain provides defense-in-depth.
     expect(header).toContain("filename*=UTF-8''");
-    expect(header).toContain("%22"); // the quote char, percent-encoded
   });
   test("unicode filename is percent-encoded in filename*", async () => {
@@ -734,10 +748,11 @@ describe("download-url endpoint", () => {
         fd.append("entityType", "tenant");
         fd.append("entityId", "1");
         fd.append("fieldName", "logo");
+        const { body: multipartBody, contentType } = await buildMultipartBody(fd);
         return isolatedServer.app.request("/api/files", {
           method: "POST",
-          headers: { Authorization: `Bearer ${token}` },
-          body: fd,
+          headers: { Authorization: `Bearer ${token}`, "Content-Type": contentType },
+          body: multipartBody,
         });
       };
       const getDownloadUrl = async (user: SessionUser, fileId: string) => {

package/src/files/__tests__/read-stream.test.ts CHANGED Viewed

@@ -13,10 +13,10 @@
 // Surface (kein optional). Der Type-Compiler erzwingt Implementierung,
 // kein silent runtime-throw mehr.
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
 import { mkdtemp, rm } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, beforeEach, describe, expect, test } from "vitest";
 import { createInMemoryFileProvider } from "../in-memory-provider";
 import { createLocalProvider } from "../local-provider";