npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.2.2 → 0.3.0 - Mend

@cosmicdrift/kumiko-framework 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/CHANGELOG.md +54 -0
package/package.json +124 -38
package/src/__tests__/full-stack.integration.ts +2 -2
package/src/api/auth-routes.ts +5 -5
package/src/api/jwt.ts +2 -2
package/src/api/route-registrars.ts +1 -1
package/src/api/routes.ts +3 -3
package/src/api/server.ts +6 -7
package/src/auth/__tests__/roles.test.ts +24 -0
package/src/auth/index.ts +7 -0
package/src/auth/roles.ts +42 -0
package/src/compliance/__tests__/duration-spec.test.ts +72 -0
package/src/compliance/__tests__/profiles.test.ts +308 -0
package/src/compliance/__tests__/sub-processors.test.ts +139 -0
package/src/compliance/duration-spec.ts +44 -0
package/src/compliance/index.ts +31 -0
package/src/compliance/override-schema.ts +136 -0
package/src/compliance/profiles.ts +427 -0
package/src/compliance/sub-processors.ts +152 -0
package/src/db/__tests__/big-int-field.test.ts +131 -0
package/src/db/assert-exists-in.ts +2 -2
package/src/db/cursor.ts +3 -3
package/src/db/event-store-executor.ts +19 -13
package/src/db/located-timestamp.ts +1 -1
package/src/db/money.ts +12 -2
package/src/db/pg-error.ts +1 -1
package/src/db/row-helpers.ts +1 -1
package/src/db/table-builder.ts +20 -5
package/src/db/tenant-db.ts +9 -9
package/src/engine/__tests__/_pipeline-test-utils.ts +23 -0
package/src/engine/__tests__/boot-validator-api-exposure.test.ts +142 -0
package/src/engine/__tests__/boot-validator-pii-retention.test.ts +570 -0
package/src/engine/__tests__/boot-validator-s0-integration.test.ts +160 -0
package/src/engine/__tests__/build-target.test.ts +135 -0
package/src/engine/__tests__/codemod-pipeline.test.ts +551 -0
package/src/engine/__tests__/entity-handlers.test.ts +3 -3
package/src/engine/__tests__/event-helpers.test.ts +4 -4
package/src/engine/__tests__/pipeline-engine.test.ts +215 -0
package/src/engine/__tests__/pipeline-handler.integration.ts +894 -0
package/src/engine/__tests__/pipeline-observability.integration.ts +142 -0
package/src/engine/__tests__/pipeline-performance.integration.ts +152 -0
package/src/engine/__tests__/pipeline-sub-pipelines.test.ts +288 -0
package/src/engine/__tests__/raw-table.test.ts +2 -2
package/src/engine/__tests__/steps-aggregate-append-event.test.ts +115 -0
package/src/engine/__tests__/steps-aggregate-create.test.ts +92 -0
package/src/engine/__tests__/steps-aggregate-update.test.ts +127 -0
package/src/engine/__tests__/steps-call-feature.test.ts +123 -0
package/src/engine/__tests__/steps-mail-send.test.ts +136 -0
package/src/engine/__tests__/steps-read.test.ts +142 -0
package/src/engine/__tests__/steps-resolver-utils.test.ts +50 -0
package/src/engine/__tests__/steps-unsafe-projection-delete.test.ts +69 -0
package/src/engine/__tests__/steps-unsafe-projection-upsert.test.ts +117 -0
package/src/engine/__tests__/steps-webhook-send.test.ts +135 -0
package/src/engine/__tests__/steps-workflow.test.ts +198 -0
package/src/engine/__tests__/validate-projection-allowlist.test.ts +491 -0
package/src/engine/__tests__/visual-tree-patterns.test.ts +251 -0
package/src/engine/boot-validator/api-ext.ts +77 -0
package/src/engine/boot-validator/config-deps.ts +163 -0
package/src/engine/boot-validator/entity-handler.ts +466 -0
package/src/engine/boot-validator/index.ts +159 -0
package/src/engine/boot-validator/ownership.ts +198 -0
package/src/engine/boot-validator/pii-retention.ts +155 -0
package/src/engine/boot-validator/screens-nav.ts +624 -0
package/src/engine/boot-validator.ts +1 -1528
package/src/engine/build-app-schema.ts +1 -1
package/src/engine/build-target.ts +99 -0
package/src/engine/codemod/index.ts +15 -0
package/src/engine/codemod/pipeline-codemod.ts +641 -0
package/src/engine/config-helpers.ts +9 -19
package/src/engine/constants.ts +1 -1
package/src/engine/define-feature.ts +127 -9
package/src/engine/define-handler.ts +89 -3
package/src/engine/define-roles.ts +2 -2
package/src/engine/define-step.ts +28 -0
package/src/engine/define-workflow.ts +110 -0
package/src/engine/entity-handlers.ts +10 -9
package/src/engine/event-helpers.ts +4 -4
package/src/engine/extension-names.ts +105 -0
package/src/engine/extensions/user-data.ts +106 -0
package/src/engine/factories.ts +26 -16
package/src/engine/feature-ast/__tests__/visual-tree-parse.test.ts +184 -0
package/src/engine/feature-ast/extractors/index.ts +74 -0
package/src/engine/feature-ast/extractors/round1.ts +110 -0
package/src/engine/feature-ast/extractors/round2.ts +253 -0
package/src/engine/feature-ast/extractors/round3.ts +471 -0
package/src/engine/feature-ast/extractors/round4.ts +1365 -0
package/src/engine/feature-ast/extractors/round5.ts +72 -0
package/src/engine/feature-ast/extractors/round6.ts +66 -0
package/src/engine/feature-ast/extractors/shared.ts +177 -0
package/src/engine/feature-ast/parse.ts +13 -0
package/src/engine/feature-ast/patch.ts +9 -1
package/src/engine/feature-ast/patcher.ts +10 -3
package/src/engine/feature-ast/patterns.ts +71 -1
package/src/engine/feature-ast/render.ts +31 -1
package/src/engine/index.ts +66 -2
package/src/engine/pattern-library/__tests__/library.test.ts +11 -0
package/src/engine/pattern-library/library.ts +78 -2
package/src/engine/pipeline.ts +88 -0
package/src/engine/projection-helpers.ts +1 -1
package/src/engine/read-claim.ts +1 -1
package/src/engine/registry.ts +30 -2
package/src/engine/resolve-config-or-param.ts +4 -0
package/src/engine/run-pipeline.ts +162 -0
package/src/engine/schema-builder.ts +10 -4
package/src/engine/state-machine.ts +1 -1
package/src/engine/steps/_drizzle-boundary.ts +19 -0
package/src/engine/steps/_duration-utils.ts +33 -0
package/src/engine/steps/_no-return-guard.ts +21 -0
package/src/engine/steps/_resolver-utils.ts +42 -0
package/src/engine/steps/_step-dispatch-constants.ts +38 -0
package/src/engine/steps/aggregate-append-event.ts +56 -0
package/src/engine/steps/aggregate-create.ts +56 -0
package/src/engine/steps/aggregate-update.ts +68 -0
package/src/engine/steps/branch.ts +84 -0
package/src/engine/steps/call-feature.ts +49 -0
package/src/engine/steps/compute.ts +41 -0
package/src/engine/steps/for-each.ts +111 -0
package/src/engine/steps/mail-send.ts +44 -0
package/src/engine/steps/read-find-many.ts +51 -0
package/src/engine/steps/read-find-one.ts +58 -0
package/src/engine/steps/retry.ts +87 -0
package/src/engine/steps/return.ts +34 -0
package/src/engine/steps/unsafe-projection-delete.ts +46 -0
package/src/engine/steps/unsafe-projection-upsert.ts +69 -0
package/src/engine/steps/wait-for-event.ts +71 -0
package/src/engine/steps/wait.ts +69 -0
package/src/engine/steps/webhook-send.ts +71 -0
package/src/engine/system-user.ts +1 -1
package/src/engine/types/feature.ts +143 -1
package/src/engine/types/fields.ts +134 -10
package/src/engine/types/handlers.ts +18 -10
package/src/engine/types/identifiers.ts +1 -0
package/src/engine/types/index.ts +15 -1
package/src/engine/types/step.ts +334 -0
package/src/engine/types/target-ref.ts +21 -0
package/src/engine/types/tree-node.ts +130 -0
package/src/engine/types/workspace.ts +7 -0
package/src/engine/validate-projection-allowlist.ts +161 -0
package/src/event-store/snapshot.ts +1 -1
package/src/event-store/upcaster-dead-letter.ts +1 -1
package/src/event-store/upcaster.ts +1 -1
package/src/files/__tests__/read-stream.test.ts +105 -0
package/src/files/__tests__/write-stream.test.ts +233 -0
package/src/files/__tests__/zip-stream.test.ts +357 -0
package/src/files/file-routes.ts +1 -1
package/src/files/in-memory-provider.ts +38 -0
package/src/files/index.ts +3 -0
package/src/files/local-provider.ts +58 -1
package/src/files/types.ts +36 -8
package/src/files/zip-stream.ts +251 -0
package/src/jobs/job-runner.ts +10 -10
package/src/lifecycle/lifecycle.ts +0 -3
package/src/logging/index.ts +1 -0
package/src/logging/pino-logger.ts +11 -7
package/src/logging/utils.ts +24 -0
package/src/observability/prometheus-meter.ts +7 -5
package/src/pipeline/__tests__/archive-stream.integration.ts +1 -1
package/src/pipeline/__tests__/causation-chain.integration.ts +1 -1
package/src/pipeline/__tests__/domain-events-projections.integration.ts +3 -3
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +4 -4
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +1 -1
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +3 -3
package/src/pipeline/__tests__/msp-rebuild.integration.ts +3 -3
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +2 -2
package/src/pipeline/__tests__/query-projection.integration.ts +5 -5
package/src/pipeline/append-event-core.ts +22 -6
package/src/pipeline/dispatcher-utils.ts +188 -0
package/src/pipeline/dispatcher.ts +63 -283
package/src/pipeline/distributed-lock.ts +1 -1
package/src/pipeline/entity-cache.ts +2 -2
package/src/pipeline/event-consumer-state.ts +0 -13
package/src/pipeline/event-dispatcher.ts +4 -4
package/src/pipeline/index.ts +0 -2
package/src/pipeline/lifecycle-pipeline.ts +6 -12
package/src/pipeline/msp-rebuild.ts +5 -5
package/src/pipeline/multi-stream-apply-context.ts +6 -7
package/src/pipeline/projection-rebuild.ts +2 -2
package/src/pipeline/projection-state.ts +0 -12
package/src/rate-limit/__tests__/resolver.integration.ts +8 -4
package/src/rate-limit/resolver.ts +1 -1
package/src/search/in-memory-adapter.ts +1 -1
package/src/search/meilisearch-adapter.ts +3 -3
package/src/search/types.ts +1 -1
package/src/secrets/leak-guard.ts +2 -2
package/src/stack/request-helper.ts +9 -5
package/src/stack/test-stack.ts +1 -1
package/src/testing/handler-context.ts +4 -4
package/src/testing/http-cookies.ts +1 -1
package/src/time/tz-context.ts +1 -2
package/src/ui-types/index.ts +4 -0
package/src/engine/feature-ast/extractors.ts +0 -2562

package/src/engine/__tests__/visual-tree-patterns.test.ts ADDED Viewed

@@ -0,0 +1,251 @@
+import { describe, expect, test } from "vitest";
+import { buildTarget, createRegistry, defineFeature } from "../index";
+import type { TreeChildrenSubscribe, TreeNode } from "../types/tree-node";
+// Stub-Provider für Tests. Form: (ctx) => (emit) => unsubscribe.
+// Emittet einmal initial, kein Cleanup nötig (no-op unsubscribe).
+function makeStubProvider(nodes: readonly TreeNode[]): TreeChildrenSubscribe {
+  return () => (emit) => {
+    emit(nodes);
+    return () => {};
+  };
+}
+describe("r.treeActions — registrar slot", () => {
+  test("feature without r.treeActions leaves the slot undefined", () => {
+    const feature = defineFeature("empty", () => {});
+    expect(feature.treeActions).toBeUndefined();
+  });
+  test("single r.treeActions call stores the map on the FeatureDefinition", () => {
+    const feature = defineFeature("text-content", (r) => {
+      r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+    });
+    expect(feature.treeActions).toEqual({
+      edit: { args: { slug: "" } },
+      list: {},
+    });
+  });
+  test("returns a typed handle carrying id + literal-typed treeActions", () => {
+    const feature = defineFeature("text-content", (r) => {
+      const handle = r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+      return { handle };
+    });
+    expect(feature.exports.handle.id).toBe("text-content");
+    expect(feature.exports.handle.treeActions).toEqual({
+      edit: { args: { slug: "" } },
+      list: {},
+    });
+  });
+  test("second r.treeActions call throws — only-once-guard", () => {
+    expect(() =>
+      defineFeature("dupe", (r) => {
+        r.treeActions({ edit: { args: { slug: "" as string } } });
+        r.treeActions({ list: {} });
+      }),
+    ).toThrow(/r\.treeActions\(\) already called/);
+  });
+  test("returned handle is frozen — cannot mutate id or actions after creation", () => {
+    const feature = defineFeature("text-content", (r) => {
+      const handle = r.treeActions({ list: {} });
+      return { handle };
+    });
+    expect(Object.isFrozen(feature.exports.handle)).toBe(true);
+  });
+});
+describe("r.tree — registrar slot", () => {
+  test("feature without r.tree leaves the slot undefined", () => {
+    const feature = defineFeature("empty", () => {});
+    expect(feature.treeProvider).toBeUndefined();
+  });
+  test("single r.tree call stores the provider function on the FeatureDefinition", () => {
+    const provider = makeStubProvider([{ label: "Marketing" }]);
+    const feature = defineFeature("text-content", (r) => {
+      r.tree(provider);
+    });
+    expect(feature.treeProvider).toBe(provider);
+  });
+  test("second r.tree call throws — only-once-guard", () => {
+    expect(() =>
+      defineFeature("dupe", (r) => {
+        r.tree(makeStubProvider([]));
+        r.tree(makeStubProvider([]));
+      }),
+    ).toThrow(/r\.tree\(\) already called/);
+  });
+  test("treeActions and tree are independent slots — can declare one without the other", () => {
+    const onlyActions = defineFeature("a", (r) => {
+      r.treeActions({ list: {} });
+    });
+    expect(onlyActions.treeActions).toBeDefined();
+    expect(onlyActions.treeProvider).toBeUndefined();
+    const onlyProvider = defineFeature("b", (r) => {
+      r.tree(makeStubProvider([]));
+    });
+    expect(onlyProvider.treeActions).toBeUndefined();
+    expect(onlyProvider.treeProvider).toBeDefined();
+  });
+});
+describe("Registry.getTreeProviders + getTreeActions", () => {
+  test("empty registry returns empty providers map and undefined actions", () => {
+    const reg = createRegistry([]);
+    expect(reg.getTreeProviders().size).toBe(0);
+    expect(reg.getTreeActions("nonexistent")).toBeUndefined();
+  });
+  test("aggregates providers from multiple features keyed by feature name", () => {
+    const providerA = makeStubProvider([{ label: "A-root" }]);
+    const providerB = makeStubProvider([{ label: "B-root" }]);
+    const featureA = defineFeature("text-content", (r) => {
+      r.tree(providerA);
+    });
+    const featureB = defineFeature("legal-pages", (r) => {
+      r.tree(providerB);
+    });
+    const reg = createRegistry([featureA, featureB]);
+    const providers = reg.getTreeProviders();
+    expect(providers.size).toBe(2);
+    expect(providers.get("text-content")).toBe(providerA);
+    expect(providers.get("legal-pages")).toBe(providerB);
+  });
+  test("features without r.tree are absent from the providers map (Zero-Whitelist-Filter)", () => {
+    const featureWithProvider = defineFeature("text-content", (r) => {
+      r.tree(makeStubProvider([]));
+    });
+    const featureWithoutProvider = defineFeature("schema-editor", () => {});
+    const reg = createRegistry([featureWithProvider, featureWithoutProvider]);
+    const providers = reg.getTreeProviders();
+    expect(providers.has("text-content")).toBe(true);
+    expect(providers.has("schema-editor")).toBe(false);
+  });
+  test("getTreeActions returns the erased map for a feature that declared r.treeActions", () => {
+    const feature = defineFeature("text-content", (r) => {
+      r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+    });
+    const reg = createRegistry([feature]);
+    expect(reg.getTreeActions("text-content")).toEqual({
+      edit: { args: { slug: "" } },
+      list: {},
+    });
+  });
+  test("getTreeActions returns undefined for a feature without r.treeActions", () => {
+    const feature = defineFeature("no-actions", (r) => {
+      r.tree(makeStubProvider([]));
+    });
+    const reg = createRegistry([feature]);
+    expect(reg.getTreeActions("no-actions")).toBeUndefined();
+  });
+});
+// =============================================================================
+// Schicht-1↔Schicht-2-Bridge: typed handle survives module-boundary.
+//
+// Diese Tests sind die kritische Architektur-Verification: r.treeActions
+// returnt einen typed Handle, der via setup-export durch FeatureDefinition
+// fließt und compile-time-typisiert vom Schicht-1-buildTarget konsumiert
+// wird. Ohne diese Tests würde ein Type-Drift in einer der zwei Schichten
+// erst in V.1.1 sichtbar — siehe advisor-Verdict + Memory `[EventDef-
+// Exports-Pattern]`.
+// =============================================================================
+describe("Schicht-1↔Schicht-2 Bridge — buildTarget against real defineFeature handle", () => {
+  test("buildTarget compiles + runs against handle from feature.exports", () => {
+    const textContent = defineFeature("text-content", (r) => {
+      const handle = r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+      return { handle };
+    });
+    // Der Beweis: dieser Call typecheckt OHNE Casts/unknowns.
+    const ref = buildTarget({
+      target: textContent.exports.handle,
+      action: "edit",
+      args: { slug: "imprint" },
+    });
+    expect(ref.featureId).toBe("text-content");
+    expect(ref.action).toBe("edit");
+    expect(ref.args).toEqual({ slug: "imprint" });
+  });
+  test("NoArgs-Action durch den Bridge — list ohne args", () => {
+    const textContent = defineFeature("text-content", (r) => {
+      const handle = r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+      return { handle };
+    });
+    const ref = buildTarget({ target: textContent.exports.handle, action: "list" });
+    expect(ref).toEqual({ featureId: "text-content", action: "list" });
+  });
+  test("Compile-Time-Pinning — typed handle rejects falsche Calls (@ts-expect-error)", () => {
+    const textContent = defineFeature("text-content", (r) => {
+      const handle = r.treeActions({
+        edit: { args: { slug: "" as string } },
+        list: {},
+      });
+      return { handle };
+    });
+    // @ts-expect-error — "delet" ist keine Action im Handle
+    buildTarget({ target: textContent.exports.handle, action: "delet", args: { slug: "x" } });
+    // @ts-expect-error — slug muss string sein, nicht number
+    buildTarget({
+      target: textContent.exports.handle,
+      action: "edit",
+      args: { slug: 42 },
+    });
+    buildTarget({
+      target: textContent.exports.handle,
+      action: "list",
+      // @ts-expect-error — list hat keine args, args-Feld nicht erlaubt
+      args: { x: 1 },
+    });
+    // @ts-expect-error — edit braucht args, fehlt
+    buildTarget({ target: textContent.exports.handle, action: "edit" });
+    // Runtime-Coverage (Memory `[Keine Fake-Tests]`): der korrespondierende
+    // Happy-Path über denselben typed Handle liefert valid TargetRef.
+    // Beweist dass die Bridge nicht nur compile-time funktioniert sondern
+    // runtime den richtigen TargetRef konstruiert.
+    const validRef = buildTarget({
+      target: textContent.exports.handle,
+      action: "edit",
+      args: { slug: "imprint" },
+    });
+    expect(validRef.featureId).toBe("text-content");
+    expect(validRef.action).toBe("edit");
+    expect(validRef.args).toEqual({ slug: "imprint" });
+  });
+});

package/src/engine/boot-validator/api-ext.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import type { FeatureDefinition } from "../types";
+// --- Cross-feature API exposure / usage matching ---
+//
+// `r.exposesApi(name, impl)` registers a callable; `r.usesApi(name)`
+// declares a caller. Boot-Validator prüft drei Invarianten:
+//   1. Jeder usesApi(name) findet einen exposesApi(name) in irgendeinem
+//      Feature.
+//   2. Das exposing-Feature ist in requires/optionalRequires des callers
+//      gelisted (sonst klappt die Cross-Feature-Aufruf-Reihenfolge nicht).
+//   3. Self-exposure ist erlaubt (Feature ruft eigene API), wird aber
+//      mit Warning markiert weil es typisch ein Refactor-Restbestand ist.
+//
+// Globale Eindeutigkeit der apiNames (kein Dublicate über Features)
+// wird in validateBoot() vor dem Per-Feature-Walk geprüft.
+export function validateApiExposureMatching(
+  feature: FeatureDefinition,
+  allExposedApis: ReadonlyMap<string, string>,
+  featureMap: ReadonlyMap<string, FeatureDefinition>,
+): void {
+  for (const apiName of feature.usedApis) {
+    const providerFeature = allExposedApis.get(apiName);
+    if (!providerFeature) {
+      const known = [...allExposedApis.keys()].sort().join(", ") || "(none)";
+      throw new Error(
+        `[Feature ${feature.name}] r.usesApi("${apiName}") but no feature exposes that API. Known exposed APIs: ${known}`,
+      );
+    }
+    if (providerFeature === feature.name) {
+      // biome-ignore lint/suspicious/noConsole: boot-time dev hint, no logger available yet
+      console.warn(
+        `[kumiko:boot] [Feature ${feature.name}] r.usesApi("${apiName}") on its own r.exposesApi — typically a refactor leftover. Call the impl directly instead.`,
+      );
+      continue;
+    }
+    const allDeps = [...feature.requires, ...feature.optionalRequires];
+    if (!allDeps.includes(providerFeature)) {
+      throw new Error(
+        `[Feature ${feature.name}] r.usesApi("${apiName}") is exposed by "${providerFeature}" but feature is not in requires/optionalRequires. Add r.requires("${providerFeature}").`,
+      );
+    }
+    // Sanity: provider feature actually exists in this app's feature set.
+    // Should always be true if allExposedApis was built from `features`,
+    // aber defensiv für unklare Constructor-Pfade.
+    if (!featureMap.has(providerFeature)) {
+      throw new Error(
+        `[Feature ${feature.name}] internal: r.usesApi("${apiName}") points to provider "${providerFeature}" which is not in feature map`,
+      );
+    }
+  }
+}
+// --- Extension usage validation ---
+export function validateExtensionUsages(
+  feature: FeatureDefinition,
+  extensionProviders: ReadonlyMap<string, string>,
+): void {
+  for (const usage of feature.extensionUsages) {
+    const providerFeature = extensionProviders.get(usage.extensionName);
+    if (!providerFeature) {
+      throw new Error(
+        `Feature "${feature.name}" uses extension "${usage.extensionName}" on entity "${usage.entityName}" but no feature defines that extension`,
+      );
+    }
+    const allDeps = [...feature.requires, ...feature.optionalRequires];
+    if (!allDeps.includes(providerFeature)) {
+      throw new Error(
+        `Feature "${feature.name}" uses extension "${usage.extensionName}" but missing requires("${providerFeature}")`,
+      );
+    }
+  }
+}

package/src/engine/boot-validator/config-deps.ts ADDED Viewed

@@ -0,0 +1,163 @@
+import type { FeatureDefinition } from "../types";
+// --- Toggleable-dependency warnings ---
+//
+// When feature A declares r.requires("B") and B is toggleable with
+// default=false, A is effectively disabled out-of-the-box until someone
+// flips B on globally. That's usually an oversight — the dev either meant
+// optionalRequires, or forgot to ship B with default=true. We warn (not
+// fail) because the combination is legal: an app might intentionally
+// require an opt-in feature to make it explicit that B must be activated.
+export function warnOnToggleableDependencies(
+  features: readonly FeatureDefinition[],
+  featureMap: ReadonlyMap<string, FeatureDefinition>,
+): void {
+  for (const f of features) {
+    for (const dep of f.requires) {
+      const depFeature = featureMap.get(dep);
+      if (!depFeature) continue; // requires-target-missing is handled elsewhere
+      if (depFeature.toggleableDefault === false) {
+        // biome-ignore lint/suspicious/noConsole: boot-time dev hint, no logger available yet
+        console.warn(
+          `[kumiko:boot] Feature "${f.name}" requires "${dep}", which is toggleable(default=false). ` +
+            `"${f.name}" will be effectively disabled until "${dep}" is enabled globally via the feature-toggles feature. ` +
+            `If this is intentional, ignore this warning; otherwise consider r.optionalRequires() or default=true.`,
+        );
+      }
+    }
+  }
+}
+// --- Config key bounds consistency ---
+export function validateConfigKeyBounds(feature: FeatureDefinition): void {
+  for (const [keyName, keyDef] of Object.entries(feature.configKeys)) {
+    const bounds = keyDef.bounds;
+    // skip: no bounds declared, nothing to validate
+    if (!bounds) continue;
+    // Bounds on non-number keys are nonsensical — the call-site type-guard
+    // already rejects this, but catch it at boot as defence in depth (e.g.
+    // a hand-rolled key definition that bypasses createTenantConfig).
+    if (keyDef.type !== "number") {
+      throw new Error(
+        `[Feature ${feature.name}] Config key "${keyName}" has bounds but type is "${keyDef.type}" — bounds are only valid for type="number"`,
+      );
+    }
+    const { min, max } = bounds;
+    if (min !== undefined && max !== undefined && min > max) {
+      throw new Error(
+        `[Feature ${feature.name}] Config key "${keyName}" has bounds.min (${min}) > bounds.max (${max})`,
+      );
+    }
+    if (keyDef.default !== undefined) {
+      const defaultNum = keyDef.default as number; // @cast-boundary engine-payload
+      if (min !== undefined && defaultNum < min) {
+        throw new Error(
+          `[Feature ${feature.name}] Config key "${keyName}" default (${defaultNum}) is below bounds.min (${min})`,
+        );
+      }
+      if (max !== undefined && defaultNum > max) {
+        throw new Error(
+          `[Feature ${feature.name}] Config key "${keyName}" default (${defaultNum}) is above bounds.max (${max})`,
+        );
+      }
+    }
+  }
+}
+// --- Config key computed + encrypted exclusivity ---
+export function validateConfigKeyComputed(feature: FeatureDefinition): void {
+  for (const [keyName, keyDef] of Object.entries(feature.configKeys)) {
+    if (!keyDef.computed) continue;
+    // computed + encrypted mix two paradigms that shouldn't meet: computed
+    // returns a plain value, encrypted expects cipher-text in the row. The
+    // cascade doesn't know which one to prefer on write. Rejecting at boot
+    // is cheaper than surprising behaviour at runtime.
+    if (keyDef.encrypted) {
+      throw new Error(
+        `[Feature ${feature.name}] Config key "${keyName}" has both encrypted=true and a computed resolver — these are mutually exclusive paradigms`,
+      );
+    }
+  }
+}
+// --- Config key allowPerRequest compatibility ---
+export function validateConfigKeyAllowPerRequest(feature: FeatureDefinition): void {
+  for (const [keyName, keyDef] of Object.entries(feature.configKeys)) {
+    if (!keyDef.allowPerRequest) continue;
+    // text is hard-locked against per-request — the helper refuses
+    // anyway, but declaring allowPerRequest on a text key is a
+    // misconfiguration that should fail loudly at boot.
+    if (keyDef.type === "text") {
+      throw new Error(
+        `[Feature ${feature.name}] Config key "${keyName}" has allowPerRequest=true but type="text" — text keys are permanently ineligible for per-request overrides (XSS/injection risk)`,
+      );
+    }
+    // encrypted + per-request would expose a cipher-text interpretation
+    // to query-strings. The secret-value shouldn't be transported this
+    // way — reject as a paradigm-mismatch.
+    if (keyDef.encrypted) {
+      throw new Error(
+        `[Feature ${feature.name}] Config key "${keyName}" has allowPerRequest=true but encrypted=true — secret values may not be set via query-params`,
+      );
+    }
+  }
+}
+// --- Config key cross-feature reference validation ---
+export function validateConfigReads(
+  features: readonly FeatureDefinition[],
+  allConfigKeys: ReadonlySet<string>,
+): void {
+  for (const feature of features) {
+    for (const key of feature.configReads) {
+      if (!allConfigKeys.has(key)) {
+        throw new Error(
+          `Feature "${feature.name}" reads config "${key}" but no feature defines that key`,
+        );
+      }
+    }
+  }
+}
+// --- Circular dependency detection ---
+export function validateCircularDeps(
+  featureName: string,
+  featureMap: ReadonlyMap<string, FeatureDefinition>,
+): void {
+  const visited = new Set<string>();
+  const stack = new Set<string>();
+  function visit(name: string, path: string[]): void {
+    if (stack.has(name)) {
+      throw new Error(`Circular dependency: ${[...path, name].join(" → ")}`);
+    }
+    // skip: node already visited in DFS traversal
+    if (visited.has(name)) return;
+    visited.add(name);
+    stack.add(name);
+    const feature = featureMap.get(name);
+    if (feature) {
+      for (const dep of feature.requires) {
+        visit(dep, [...path, name]);
+      }
+    }
+    stack.delete(name);
+  }
+  visit(featureName, []);
+}