@cosmicdrift/kumiko-framework 0.2.3 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,57 @@
 # @cosmicdrift/kumiko-framework
 
+## 0.3.0
+
+### Minor Changes
+
+- 0.3.0 bringt zwei neue Subsysteme (Step-Engine Tier-3 + Visual-Tree) plus
+  eine AST-Codemod-Pipeline als Vorarbeit für den L2-AI-Layer.
+
+  ### Breaking Changes
+
+  - `skipTransitionGuard` → `unsafeSkipTransitionGuard` (Rename in
+    feature-ast + engine). Der `unsafe`-Prefix macht die Tragweite des
+    Casts sichtbar und ist konsistent zur `unsafeProjectionUpsert`- und
+    `r.rawTable`-Konvention. Migration: 1:1-Ersetzung, keine Verhaltens-Änderung.
+
+  ### Features
+
+  - **Step-Engine M.4 — Tier-3 Workflow-Engine.** Neue Step-Vocabulary
+    `wait`, `waitForEvent`, `retry` ermöglicht persistierte Long-Running-Flows
+    über Job-Boundaries hinweg. Q7 Snapshot-at-Start hängt jedem Step-Run
+    einen SHA-256-Fingerprint des Aggregat-Zustands an, sodass Replays
+    deterministisch gegen den ursprünglichen Eingangszustand laufen.
+  - **Visual-Tree V.1.x — Tree-API + Editor-Panel.** Neue `VisualTree`-
+    Component plus TreeProvider-Pattern; erste TreeProviders für
+    `text-content` und `legal-pages` (CMS-light + Impressum/Privacy).
+    Fundament für den späteren No-Code-Designer (~3000 LOC, 98 Tests).
+  - **Codemod-Pipeline.** AST-basierte Patcher-Module für strukturelle
+    Feature-Edits — wird vom kommenden L2-AI-Layer als Tool-Surface
+    verwendet, ist aber eigenständig nutzbar für ts-morph-style Migrationen.
+  - **user-data-rights Sample-Recipe.** DSGVO Art. 15/17/18/20 vollständig
+    als Sample-Recipe (`samples/recipes/`) inklusive README — zeigt die
+    Export- und Forget-Pipeline gegen den `compliance-profiles`-Default
+    (`eu-dsgvo`).
+
+  ### Fixes
+
+  - `tier-engine`: auto-default-tier-Hook benutzt jetzt `ctx.db.raw` für
+    Event-Store-Operationen (#37, vorher: stiller Bug, 22 Tage live).
+  - `engine`: unsafe-projection-upsert nutzt `as never` statt `as any` —
+    schmaler Cast-Surface, weniger Compiler-Knebel.
+  - `visual-tree`: runtime-isolation marker für client-konsumierte Files,
+    damit der Multi-Entry-Build den richtigen Bundle-Split bekommt.
+  - `feature-ast`: vollständiger `unsafeSkipTransitionGuard`-Rename (war
+    in zwei Modulen noch der alte Name).
+  - `framework`: Error-Reasons + `noConsole`-Lint + No-Date-API-Guard
+    wieder push-ready.
+
+  ### Library-Updates
+
+  hono 4.12, jose 6.2, stripe 22.1, meilisearch 0.58, marked 18,
+  bun-types 1.3.13, lucide-react 1.14, bullmq 5.76, ioredis 5.10,
+  i18next 26.0, react + radix-ui-primitives auf aktuelle Minors.
+
 ## 0.2.3
 
 ## 0.2.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-framework",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "description": "Framework core — engine, pipeline, API, DB, and every other bit that makes Kumiko go.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -28,56 +28,141 @@
     "runtime": "runtime"
   },
   "exports": {
-    "./compliance": "./src/compliance/index.ts",
-    "./engine": "./src/engine/index.ts",
-    "./engine/types": "./src/engine/types/index.ts",
-    "./errors": "./src/errors/index.ts",
-    "./db": "./src/db/index.ts",
-    "./event-store": "./src/event-store/index.ts",
-    "./event-store/admin-api": "./src/event-store/admin-api.ts",
-    "./pipeline": "./src/pipeline/index.ts",
-    "./api": "./src/api/index.ts",
-    "./i18n": "./src/i18n/index.ts",
-    "./auth": "./src/auth/index.ts",
-    "./files": "./src/files/index.ts",
-    "./jobs": "./src/jobs/index.ts",
-    "./migrations": "./src/migrations/index.ts",
-    "./entrypoint": "./src/entrypoint/index.ts",
-    "./random": "./src/random/index.ts",
-    "./redis": "./src/redis/index.ts",
-    "./search": "./src/search/index.ts",
-    "./search/meilisearch": "./src/search/meilisearch-adapter.ts",
-    "./secrets": "./src/secrets/index.ts",
-    "./stack": "./src/stack/index.ts",
-    "./testing": "./src/testing/index.ts",
-    "./testing/handler-context": "./src/testing/handler-context.ts",
-    "./testing/e2e-generator": "./src/testing/e2e-generator.ts",
-    "./time": "./src/time/index.ts",
-    "./ui-types": "./src/ui-types/index.ts",
-    "./utils": "./src/utils/index.ts"
+    "./compliance": {
+      "types": "./src/compliance/index.ts",
+      "default": "./src/compliance/index.ts"
+    },
+    "./engine": {
+      "types": "./src/engine/index.ts",
+      "default": "./src/engine/index.ts"
+    },
+    "./engine/types": {
+      "types": "./src/engine/types/index.ts",
+      "default": "./src/engine/types/index.ts"
+    },
+    "./engine/codemod": {
+      "types": "./src/engine/codemod/index.ts",
+      "default": "./src/engine/codemod/index.ts"
+    },
+    "./errors": {
+      "types": "./src/errors/index.ts",
+      "default": "./src/errors/index.ts"
+    },
+    "./db": {
+      "types": "./src/db/index.ts",
+      "default": "./src/db/index.ts"
+    },
+    "./event-store": {
+      "types": "./src/event-store/index.ts",
+      "default": "./src/event-store/index.ts"
+    },
+    "./event-store/admin-api": {
+      "types": "./src/event-store/admin-api.ts",
+      "default": "./src/event-store/admin-api.ts"
+    },
+    "./pipeline": {
+      "types": "./src/pipeline/index.ts",
+      "default": "./src/pipeline/index.ts"
+    },
+    "./api": {
+      "types": "./src/api/index.ts",
+      "default": "./src/api/index.ts"
+    },
+    "./i18n": {
+      "types": "./src/i18n/index.ts",
+      "default": "./src/i18n/index.ts"
+    },
+    "./auth": {
+      "types": "./src/auth/index.ts",
+      "default": "./src/auth/index.ts"
+    },
+    "./files": {
+      "types": "./src/files/index.ts",
+      "default": "./src/files/index.ts"
+    },
+    "./jobs": {
+      "types": "./src/jobs/index.ts",
+      "default": "./src/jobs/index.ts"
+    },
+    "./migrations": {
+      "types": "./src/migrations/index.ts",
+      "default": "./src/migrations/index.ts"
+    },
+    "./entrypoint": {
+      "types": "./src/entrypoint/index.ts",
+      "default": "./src/entrypoint/index.ts"
+    },
+    "./random": {
+      "types": "./src/random/index.ts",
+      "default": "./src/random/index.ts"
+    },
+    "./redis": {
+      "types": "./src/redis/index.ts",
+      "default": "./src/redis/index.ts"
+    },
+    "./search": {
+      "types": "./src/search/index.ts",
+      "default": "./src/search/index.ts"
+    },
+    "./search/meilisearch": {
+      "types": "./src/search/meilisearch-adapter.ts",
+      "default": "./src/search/meilisearch-adapter.ts"
+    },
+    "./secrets": {
+      "types": "./src/secrets/index.ts",
+      "default": "./src/secrets/index.ts"
+    },
+    "./stack": {
+      "types": "./src/stack/index.ts",
+      "default": "./src/stack/index.ts"
+    },
+    "./testing": {
+      "types": "./src/testing/index.ts",
+      "default": "./src/testing/index.ts"
+    },
+    "./testing/handler-context": {
+      "types": "./src/testing/handler-context.ts",
+      "default": "./src/testing/handler-context.ts"
+    },
+    "./testing/e2e-generator": {
+      "types": "./src/testing/e2e-generator.ts",
+      "default": "./src/testing/e2e-generator.ts"
+    },
+    "./time": {
+      "types": "./src/time/index.ts",
+      "default": "./src/time/index.ts"
+    },
+    "./ui-types": {
+      "types": "./src/ui-types/index.ts",
+      "default": "./src/ui-types/index.ts"
+    },
+    "./utils": {
+      "types": "./src/utils/index.ts",
+      "default": "./src/utils/index.ts"
+    }
   },
   "dependencies": {
-    "bullmq": "^5.73.5",
-    "bun-types": "^1.3.12",
+    "bullmq": "^5.76.7",
+    "bun-types": "^1.3.13",
     "drizzle-kit": "^0.31.10",
     "drizzle-orm": "^0.45.2",
-    "hono": "^4.12.12",
-    "i18next": "^26.0.4",
-    "ioredis": "^5.6.0",
-    "jose": "^6.0.11",
-    "meilisearch": "^0.57.0",
+    "hono": "^4.12.18",
+    "i18next": "^26.1.0",
+    "ioredis": "^5.10.1",
+    "jose": "^6.2.3",
+    "meilisearch": "^0.58.0",
     "pino": "^10.3.1",
     "postgres": "^3.4.9",
     "temporal-polyfill": "^0.3.2",
     "ts-morph": "^28.0.0",
     "uuid": "^14.0.0",
-    "zod": "^4.3.6"
+    "zod": "^4.4.3"
   },
   "devDependencies": {
-    "@cosmicdrift/kumiko-dispatcher-live": "0.2.3",
+    "@cosmicdrift/kumiko-dispatcher-live": "0.3.0",
     "@types/uuid": "^11.0.0",
-    "bun-types": "^1.2.9",
-    "drizzle-kit": "^0.31.0",
+    "bun-types": "^1.3.13",
+    "drizzle-kit": "^0.31.10",
     "pino-pretty": "^13.1.3"
   },
   "publishConfig": {

package/src/__tests__/full-stack.integration.ts

@@ -46,11 +46,11 @@ let USER_CREATED_EVENT: string;
 const domainEventSubscriberCalls: Array<{ type: string; payload: unknown }> = [];
 
 async function emitUserCreated(
-  ctx: Pick<HandlerContext, "appendEventUnsafe">,
+  ctx: Pick<HandlerContext, "unsafeAppendEvent">,
   id: EntityId,
   email: string,
 ): Promise<void> {
-  await ctx.appendEventUnsafe({
+  await ctx.unsafeAppendEvent({
     aggregateId: String(id),
     aggregateType: "user",
     type: USER_CREATED_EVENT,

package/src/api/auth-routes.ts

@@ -650,7 +650,7 @@ export function createAuthRoutes(
       }
       const result = await dispatcher.write(inv.acceptWithLoginHandler, parsed.data, GUEST_USER);
       if (!result.isSuccess) {
-        const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500;
+        const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500; // @cast-boundary engine-payload
         return c.json({ isSuccess: false, error: result.error }, status);
       }
       const data = result.data as {
@@ -658,7 +658,7 @@ export function createAuthRoutes(
         session: SessionUser;
         tenantId: TenantId;
         role: string;
-      };
+      }; // @cast-boundary engine-payload
       let sessionForJwt: SessionUser = data.session;
       if (config.sessionCreator) {
         const sid = await config.sessionCreator(data.session, requestMeta(c));
@@ -690,7 +690,7 @@ export function createAuthRoutes(
       }
       const result = await dispatcher.write(inv.signupCompleteHandler, parsed.data, GUEST_USER);
       if (!result.isSuccess) {
-        const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500;
+        const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500; // @cast-boundary engine-payload
         return c.json({ isSuccess: false, error: result.error }, status);
       }
       const data = result.data as {
@@ -698,7 +698,7 @@ export function createAuthRoutes(
         session: SessionUser;
         tenantId: TenantId;
         role: string;
-      };
+      }; // @cast-boundary engine-payload
       let sessionForJwt: SessionUser = data.session;
       if (config.sessionCreator) {
         const sid = await config.sessionCreator(data.session, requestMeta(c));
@@ -967,7 +967,7 @@ function registerTokenConfirmRoute(opts: {
     }
     const result = await opts.dispatcher.write(opts.confirmHandler, parsed.data, GUEST_USER);
     if (!result.isSuccess) {
-      const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500;
+      const status = result.error.httpStatus as 400 | 401 | 403 | 422 | 500; // @cast-boundary engine-payload
       return c.json({ isSuccess: false, error: result.error }, status);
     }
     return c.json({ isSuccess: true });

package/src/api/jwt.ts

@@ -50,8 +50,8 @@ export function createJwtHelper(secret: string, issuer = "kumiko"): JwtHelper {
       const { payload } = await jose.jwtVerify(token, encodedSecret, { issuer });
       const result: JwtPayload = {
         sub: String(payload.sub),
-        tenantId: payload["tenantId"] as string,
-        roles: payload["roles"] as string[],
+        tenantId: payload["tenantId"] as string, // @cast-boundary dynamic-key
+        roles: payload["roles"] as string[], // @cast-boundary dynamic-key
       };
       const claims = payload["claims"];
       if (claims && typeof claims === "object") {

package/src/api/route-registrars.ts

@@ -68,7 +68,7 @@ function constantTimeEqual(a: string, b: string): boolean {
 // Prometheus-compatible meter (future OTLP bridge) works without an
 // explicit union — if it exposes `snapshot()` it's serialisable.
 function isPrometheusMeter(m: Meter): m is PrometheusMeter {
-  return typeof (m as { snapshot?: unknown }).snapshot === "function";
+  return typeof (m as { snapshot?: unknown }).snapshot === "function"; // @cast-boundary schema-walk
 }
 
 // Mount `/metrics` (or the caller-supplied path). Takes just the Meter —

package/src/api/routes.ts

@@ -73,7 +73,7 @@ export function createApiRoutes(dispatcher: Dispatcher) {
             failedIndex: result.failedIndex,
             results: result.results,
           },
-          err.httpStatus as ContentfulStatusCode,
+          err.httpStatus as ContentfulStatusCode, // @cast-boundary engine-payload
         );
       }
       return c.json(result);
@@ -121,7 +121,7 @@ function toKumiko(e: unknown): KumikoError {
 function writeErrorResponse(c: Context, err: KumikoError, statusOverride?: number) {
   const requestId = requestContext.get()?.requestId;
   const { error } = serializeError(err, requestId);
-  const status = (statusOverride ?? err.httpStatus) as ContentfulStatusCode;
+  const status = (statusOverride ?? err.httpStatus) as ContentfulStatusCode; // @cast-boundary engine-payload
   return c.json({ isSuccess: false, error }, status);
 }
 
@@ -130,6 +130,6 @@ function writeErrorResponse(c: Context, err: KumikoError, statusOverride?: numbe
 function queryErrorResponse(c: Context, err: KumikoError, statusOverride?: number) {
   const requestId = requestContext.get()?.requestId;
   const body = serializeError(err, requestId);
-  const status = (statusOverride ?? err.httpStatus) as ContentfulStatusCode;
+  const status = (statusOverride ?? err.httpStatus) as ContentfulStatusCode; // @cast-boundary engine-payload
   return c.json(body, status);
 }

package/src/api/server.ts

@@ -42,7 +42,7 @@ import {
   globalIpRateLimit,
 } from "../rate-limit";
 import type { SearchAdapter } from "../search/types";
-import { generateId } from "../utils";
+import { assertUnreachable, generateId } from "../utils";
 import { PUBLIC_API_PATHS } from "./api-constants";
 import { type AnonymousAccessConfig, authMiddleware } from "./auth-middleware";
 import { type AuthRoutesConfig, createAuthRoutes } from "./auth-routes";
@@ -383,7 +383,7 @@ export function buildServer(options: ServerOptions): KumikoServer {
     // can pause this consumer when the feature is globally disabled. Events
     // queue up in the store and replay cleanly from the same cursor on resume.
     ...(options.registry.getMultiStreamProjectionFeature(msp.name) && {
-      featureName: options.registry.getMultiStreamProjectionFeature(msp.name) as string,
+      featureName: options.registry.getMultiStreamProjectionFeature(msp.name) as string, // @cast-boundary engine-bridge
     }),
     // Copy the continuous-lifecycle error policy straight onto the consumer.
     // Rebuild uses its own policy (rebuildProjection reads msp.errorMode.rebuild
@@ -409,10 +409,7 @@ export function buildServer(options: ServerOptions): KumikoServer {
       // Hand the raw DbRunner to apply(): MSPs write to their projection
       // table directly, they don't go through the TenantDb wrapper.
       const rawRunner =
-        event.tenantId === SYSTEM_TENANT_ID
-          ? baseDb
-          : // @cast-boundary engine-bridge — TenantDb exposes its raw DbRunner via .raw
-            (scopedDb as { raw: typeof baseDb }).raw;
+        event.tenantId === SYSTEM_TENANT_ID ? baseDb : (scopedDb as { raw: typeof baseDb }).raw; // @cast-boundary engine-bridge
       // Saga/process-manager ctx: apply can call ctx.appendEvent to cascade
       // a follow-up event onto another aggregate. Uses the triggering event's
       // tenantId + userId so the causal chain stays tenant-consistent.
@@ -563,7 +560,7 @@ export function buildServer(options: ServerOptions): KumikoServer {
   app.route("/api", createSseRoute(sseBroker));
 
   if (options.files) {
-    const fileDb = options.files.db ?? (options.context.db as FileRoutesOptions["db"]);
+    const fileDb = options.files.db ?? (options.context.db as FileRoutesOptions["db"]); // @cast-boundary engine-bridge
     if (!fileDb) throw new Error("files option requires db in context or files.db");
     app.route(
       "/api",
@@ -605,6 +602,8 @@ export function buildServer(options: ServerOptions): KumikoServer {
           // Hono-on() für die Methoden ohne Convenience-Method.
           app.on(route.method, route.path, honoHandler);
           break;
+        default:
+          assertUnreachable(route.method, "http method");
       }
     }
   }

package/src/compliance/profiles.ts

@@ -243,7 +243,7 @@ const RAW_PROFILES: Readonly<Record<ComplianceProfileKey, ComplianceProfileRaw>>
     },
     tenantDestroyGracePeriod: { days: 30 },
   },
-};
+} satisfies Readonly<Record<ComplianceProfileKey, ComplianceProfileRaw>>;
 
 // Raw-Profile (vor extends-Resolution) — `extends`-Profile dürfen
 // Required-Felder weglassen, sie kommen vom Base-Profile dazu.
@@ -262,11 +262,11 @@ type ComplianceProfileRaw = Partial<Omit<ComplianceProfile, "key" | "region" | "
  * Default-Fallback fuer "noch keine Wahl getroffen", mit sichtbarer
  * Warning. Production-Tenants sollen ein echtes Profile waehlen.
  */
-export const SELECTABLE_PROFILE_KEYS: readonly ComplianceProfileKey[] = [
+export const SELECTABLE_PROFILE_KEYS = [
   "eu-dsgvo",
   "swiss-dsg",
   "de-hr-dsgvo-hgb",
-];
+] as const satisfies readonly ComplianceProfileKey[];
 
 /**
  * Top-Level-Properties des `ComplianceProfile`-Type, die ein Tenant-
@@ -339,7 +339,7 @@ function deepMerge<T extends Record<string, unknown>>(
       out[k] = v;
     }
   }
-  return out as T;
+  return out as T; // @cast-boundary generic-record
 }
 
 /**
@@ -355,7 +355,7 @@ function deepMerge<T extends Record<string, unknown>>(
 function resolveExtends(key: ComplianceProfileKey): ComplianceProfile {
   const raw = RAW_PROFILES[key];
   if (!raw.extends) {
-    return raw as ComplianceProfile;
+    return raw as ComplianceProfile; // @cast-boundary schema-walk
   }
 
   const base = RAW_PROFILES[raw.extends];
@@ -366,7 +366,7 @@ function resolveExtends(key: ComplianceProfileKey): ComplianceProfile {
   }
 
   return deepMerge(
-    base as Record<string, unknown>,
+    base as Record<string, unknown>, // @cast-boundary generic-record
     raw as unknown as Record<string, unknown>,
   ) as unknown as ComplianceProfile;
 }
@@ -379,7 +379,7 @@ function resolveExtends(key: ComplianceProfileKey): ComplianceProfile {
 export const COMPLIANCE_PROFILES: Readonly<Record<ComplianceProfileKey, ComplianceProfile>> =
   Object.fromEntries(
     (Object.keys(RAW_PROFILES) as ComplianceProfileKey[]).map((k) => [k, resolveExtends(k)]),
-  ) as Readonly<Record<ComplianceProfileKey, ComplianceProfile>>;
+  ) as Readonly<Record<ComplianceProfileKey, ComplianceProfile>>; // @cast-boundary dynamic-key
 
 // --- Effective-Profile-Resolver ---
 
@@ -421,7 +421,7 @@ export function resolveComplianceProfile(args: {
 
   const merged = deepMerge(
     base as unknown as Record<string, unknown>,
-    args.override as Record<string, unknown>,
+    args.override as Record<string, unknown>, // @cast-boundary engine-payload
   ) as unknown as ComplianceProfile;
   return { profile: merged };
 }

package/src/db/assert-exists-in.ts

@@ -1,5 +1,5 @@
-import type { TenantId } from "@cosmicdrift/kumiko-framework/engine";
 import { and, eq, type SQL } from "drizzle-orm";
+import type { TenantId } from "../engine/types/identifiers";
 import { NotFoundError } from "../errors";
 import type { DbConnection } from "./connection";
 import type { TenantDb } from "./tenant-db";
@@ -43,7 +43,7 @@ export async function assertExistsIn(
   const [row] = await db
     .select()
     .from(entity)
-    .where(and(...conditions) as SQL);
+    .where(and(...conditions) as SQL); // @cast-boundary db-operator
 
   if (!row) {
     const entityName = options.entityName ?? String(options.field).replace(/Id$/, "");

package/src/db/cursor.ts

@@ -1,5 +1,5 @@
-import type { EntityId, TenantId } from "@cosmicdrift/kumiko-framework/engine";
 import { and, asc, desc, eq, gt, inArray, type SQL, sql } from "drizzle-orm";
+import type { EntityId, TenantId } from "../engine/types/identifiers";
 import type { SelectQuery as PgSelect } from "./dialect";
 
 export type CursorQueryOptions = {
@@ -61,7 +61,7 @@ export function applyCursorQuery<T extends PgSelect>(
       // werfen.
       conditions.push(sql`false`);
     } else {
-      conditions.push(inArray(table.id, options.filterIds as readonly string[]));
+      conditions.push(inArray(table.id, options.filterIds as readonly string[])); // @cast-boundary db-operator
     }
   }
 
@@ -79,5 +79,5 @@ export function applyCursorQuery<T extends PgSelect>(
       options.sortDirection === "desc" ? result.orderBy(desc(column)) : result.orderBy(asc(column));
   }
 
-  return result as T;
+  return result as T; // @cast-boundary engine-bridge
 }

package/src/db/event-store-executor.ts

@@ -1,4 +1,5 @@
 import { and, asc, desc, eq, gt, inArray, lt, ne, type SQL, sql } from "drizzle-orm";
+import type { AnyPgColumn } from "drizzle-orm/pg-core";
 import { requestContext } from "../api/request-context";
 import { checkWriteFieldOwnership } from "../engine/field-access";
 import {
@@ -32,7 +33,7 @@ import {
 } from "../event-store";
 import type { EntityCache } from "../pipeline/entity-cache";
 import type { SearchAdapter } from "../search/types";
-import { generateId } from "../utils";
+import { assertUnreachable, generateId } from "../utils";
 import { applyEntityEvent } from "./apply-entity-event";
 import { flattenCompoundTypes, rehydrateCompoundTypes } from "./compound-types";
 import type { DbRow } from "./connection";
@@ -54,8 +55,11 @@ type Table = TableColumns<any>;
 // vs-Type-Compat ohnehin Kontrolle was reinkommt.
 //
 // Empty-array IN ist explizit "no match" (SQL false), nicht "match all".
-// biome-ignore lint/suspicious/noExplicitAny: Drizzle-Column ist generic; siehe oben.
-function buildFilterCondition(col: any, op: "eq" | "ne" | "lt" | "gt" | "in", value: unknown): SQL {
+function buildFilterCondition(
+  col: AnyPgColumn,
+  op: "eq" | "ne" | "lt" | "gt" | "in",
+  value: unknown,
+): SQL {
   switch (op) {
     case "eq":
       return eq(col, value as never); // @cast-boundary db-operator
@@ -70,6 +74,8 @@ function buildFilterCondition(col: any, op: "eq" | "ne" | "lt" | "gt" | "in", va
         return inArray(col, value as never); // @cast-boundary db-operator
       }
       return sql`false`;
+    default:
+      assertUnreachable(op, "filter op");
   }
 }
 
@@ -281,7 +287,7 @@ export function createEventStoreExecutor(
     }
     // Drizzle's variadic `and()` is typed `SQL | undefined`; conditions is
     // guaranteed non-empty above (we pushed at least one).
-    return and(...conditions) as SQL;
+    return and(...conditions) as SQL; // @cast-boundary db-operator
   }
 
   async function loadById(id: EntityId, db: TenantDb): Promise<Record<string, unknown> | null> {
@@ -295,7 +301,7 @@ export function createEventStoreExecutor(
       // Respect an explicit id in the payload (seed pattern, SCIM import). Without
       // one the framework mints a fresh UUIDv7 via generateId. Strip it out of the
       // event payload so defaults + downstream consumers don't see a redundant id field.
-      const explicitId = typeof payload["id"] === "string" ? (payload["id"] as string) : undefined;
+      const explicitId = typeof payload["id"] === "string" ? (payload["id"] as string) : undefined; // @cast-boundary engine-payload
       const aggregateId = explicitId ?? generateId();
       const { id: _id, ...payloadWithoutId } = payload;
       const data = applyDefaults(payloadWithoutId);
@@ -561,7 +567,7 @@ export function createEventStoreExecutor(
           isSuccess: true,
           data: {
             kind: "save",
-            id: data["id"] as EntityId,
+            id: data["id"] as EntityId, // @cast-boundary engine-payload
             data,
             changes: payload.changes,
             previous,
@@ -793,7 +799,7 @@ export function createEventStoreExecutor(
         }
       }
 
-      const whereClause = conditions.length > 0 ? (and(...conditions) as SQL) : undefined;
+      const whereClause = conditions.length > 0 ? (and(...conditions) as SQL) : undefined; // @cast-boundary db-operator
       let query = whereClause
         ? db.select().from(table).where(whereClause)
         : db.select().from(table);
@@ -822,13 +828,13 @@ export function createEventStoreExecutor(
         await entityCache.mset(
           user.tenantId,
           entityName,
-          rows.map((r) => ({ id: r["id"] as EntityId, data: r })),
+          rows.map((r) => ({ id: r["id"] as EntityId, data: r })), // @cast-boundary engine-payload
         );
       }
 
       const lastRow = rows[rows.length - 1];
       const nextCursor =
-        rows.length === limit && lastRow ? encodeCursor(lastRow["id"] as string) : null;
+        rows.length === limit && lastRow ? encodeCursor(lastRow["id"] as string) : null; // @cast-boundary engine-payload
 
       // total: extra COUNT(*) — nur wenn explizit angefordert (Pager-UI).
       // Postgres-Cost ist O(table-scan) ohne Filter, mit Filter so teuer
@@ -842,7 +848,7 @@ export function createEventStoreExecutor(
           const countQuery = whereClause
             ? db.select({ count: sql<number>`count(*)::int` }).from(table).where(whereClause)
             : db.select({ count: sql<number>`count(*)::int` }).from(table);
-          const countRow = (await countQuery) as Array<{ count: number }>;
+          const countRow = (await countQuery) as Array<{ count: number }>; // @cast-boundary db-row
           total = countRow[0]?.count ?? 0;
         }
       }
@@ -872,7 +878,7 @@ export function createEventStoreExecutor(
             const checked = await db
               .select()
               .from(table)
-              .where(and(idFilter(payload.id), ownership.sql) as SQL)
+              .where(and(idFilter(payload.id), ownership.sql) as SQL) // @cast-boundary db-operator
               .limit(1);
             if (checked.length === 0) return null;
           }
@@ -887,11 +893,11 @@ export function createEventStoreExecutor(
       // thread the ownership clause.
       const baseFilter = idFilter(payload.id);
       const whereClause =
-        ownership.kind === "sql" ? (and(baseFilter, ownership.sql) as SQL) : baseFilter;
+        ownership.kind === "sql" ? (and(baseFilter, ownership.sql) as SQL) : baseFilter; // @cast-boundary db-operator
       const rows = (await db.select().from(table).where(whereClause).limit(1)) as Record<
         string,
         unknown
-      >[];
+      >[]; // @cast-boundary db-row
       const raw = rows[0];
       if (!raw) return null;
       const row = rehydrateCompoundTypes(raw, entity);

package/src/db/located-timestamp.ts

@@ -51,7 +51,7 @@ export function flattenLocatedTimestamp(
         `flattenLocatedTimestamp: field "${name}" expects { at, tz } or { utc, tz } object, got ${typeof raw}`,
       );
     }
-    const pair = raw as { at?: string; tz?: string; utc?: string };
+    const pair = raw as { at?: string; tz?: string; utc?: string }; // @cast-boundary schema-walk
 
     delete result[name];