@cosmicdrift/kumiko-framework 0.23.1 → 0.24.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-framework",
-  "version": "0.23.1",
+  "version": "0.24.0",
   "description": "Framework core — engine, pipeline, API, DB, and every other bit that makes Kumiko go.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",

package/src/files/__tests__/storage-tracking.integration.test.ts

@@ -9,13 +9,17 @@
 //      Drizzle's mode:"number", so arithmetic in assertions Just Works).
 
 import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { createEventStoreExecutor } from "../../db/event-store-executor";
 import { asRawClient, selectMany } from "../../db/query";
+import { createTenantDb } from "../../db/tenant-db";
 import type { SessionUser } from "../../engine";
 import { createTestUser, setupTestStack, type TestStack, TestUsers } from "../../stack";
 import { buildMultipartBody, patchFileInstanceofForBunTest } from "../../testing";
 import {
   createFilesFeature,
   createInMemoryFileProvider,
+  fileRefEntity,
+  fileRefsTable,
   filesStorageTrackingFeature,
   type InMemoryFileProvider,
   tenantStorageUsageTable,
@@ -63,7 +67,7 @@ beforeEach(async () => {
   await stack.eventDispatcher?.ensureRegistered();
 });
 
-async function upload(user: SessionUser, name: string, content: Uint8Array): Promise<void> {
+async function upload(user: SessionUser, name: string, content: Uint8Array): Promise<string> {
   const token = await stack.jwt.sign(user);
   const formData = new FormData();
   formData.append("file", new File([Buffer.from(content)], name, { type: "image/png" }));
@@ -74,6 +78,28 @@ async function upload(user: SessionUser, name: string, content: Uint8Array): Pro
     body: multipartBody,
   });
   expect(res.status).toBe(201);
+  const body = (await res.json()) as { id: string };
+  return body.id;
+}
+
+async function deleteFile(user: SessionUser, id: string): Promise<void> {
+  const token = await stack.jwt.sign(user);
+  const res = await stack.app.request(`/api/files/${id}`, {
+    method: "DELETE",
+    headers: { Authorization: `Bearer ${token}` },
+  });
+  expect(res.status).toBe(200);
+}
+
+async function restoreFile(user: SessionUser, id: string): Promise<void> {
+  // No HTTP route for restore — drive the entity executor directly, which is
+  // the same path file-routes uses for create/delete. Emits fileRef.restored
+  // with { previous } that the MSP re-increments on.
+  const executor = createEventStoreExecutor(fileRefsTable, fileRefEntity, {
+    entityName: "fileRef",
+  });
+  const result = await executor.restore({ id }, user, createTenantDb(stack.db, user.tenantId));
+  if (!result.isSuccess) throw new Error(`restore failed: ${JSON.stringify(result)}`);
 }
 
 async function usageFor(tenantId: string): Promise<{ totalBytes: number; fileCount: number }> {
@@ -121,6 +147,32 @@ describe("tenant-storage-usage MSP", () => {
     expect(otherUsage).toEqual({ totalBytes: LARGE.length, fileCount: 1 });
   });
 
+  test("delete decrements totalBytes and fileCount by the deleted file's size", async () => {
+    const idSmall = await upload(admin, "a.png", SMALL);
+    await upload(admin, "b.png", LARGE);
+    await stack.eventDispatcher?.runOnce();
+
+    await deleteFile(admin, idSmall);
+    await stack.eventDispatcher?.runOnce();
+
+    const usage = await usageFor(admin.tenantId);
+    expect(usage).toEqual({ totalBytes: LARGE.length, fileCount: 1 });
+  });
+
+  test("restore re-increments after delete — round-trip leaves usage unchanged", async () => {
+    const id = await upload(admin, "a.png", SMALL);
+    await stack.eventDispatcher?.runOnce();
+    expect(await usageFor(admin.tenantId)).toEqual({ totalBytes: SMALL.length, fileCount: 1 });
+
+    await deleteFile(admin, id);
+    await stack.eventDispatcher?.runOnce();
+    expect(await usageFor(admin.tenantId)).toEqual({ totalBytes: 0, fileCount: 0 });
+
+    await restoreFile(admin, id);
+    await stack.eventDispatcher?.runOnce();
+    expect(await usageFor(admin.tenantId)).toEqual({ totalBytes: SMALL.length, fileCount: 1 });
+  });
+
   test("lastUpdatedAt is set and advances on subsequent uploads", async () => {
     await upload(admin, "a.png", SMALL);
     await stack.eventDispatcher?.runOnce();

package/src/files/file-ref-entity.ts

@@ -1,4 +1,4 @@
-import { createEntity, createNumberField, createTextField, createTimestampField } from "../engine";
+import { createEntity, createNumberField, createTextField } from "../engine";
 
 // fileRef — das File-Metadata-Entity. Ganz normales ES-Entity: Upload/Delete
 // laufen über den Standard-Executor (file-routes.ts), die Tabelle `file_refs`
@@ -8,11 +8,16 @@ import { createEntity, createNumberField, createTextField, createTimestampField
 // Ein Delete markiert `isDeleted=true` (wiederherstellbar, kein "sofort weg");
 // echtes Erasure (Art. 17) läuft über den Forget-Hook + Retention-Cleanup.
 //
+// `insertedAt`/`insertedById` sind framework-managed base columns (siehe
+// buildBaseColumns in table-builder.ts) und dürfen NICHT als Entity-Fields
+// dupliziert werden — fieldColumns gewinnen beim Merge, und die Field-Variante
+// ohne `.default(now()).notNull()` macht inserted_at still nullable.
+//
 // PII-Annotations:
 //   - fileName → pii: true (Originalname enthält oft Personen-Bezug:
 //     "Marc-Lebenslauf.pdf", "Krankheitsattest-Mai.pdf"). Andere Felder
-//     (storageKey, mimeType, size, entityType, entityId, fieldName,
-//     insertedById, insertedAt) treffen die PII-Heuristik nicht.
+//     (storageKey, mimeType, size, entityType, entityId, fieldName) treffen
+//     die PII-Heuristik nicht.
 export const fileRefEntity = createEntity({
   table: "file_refs",
   softDelete: true,
@@ -24,7 +29,5 @@ export const fileRefEntity = createEntity({
     entityType: createTextField(),
     entityId: createTextField(),
     fieldName: createTextField(),
-    insertedAt: createTimestampField({ sortable: true, filterable: true }),
-    insertedById: createTextField(),
   },
 });

package/src/files/file-routes.ts

@@ -236,7 +236,14 @@ export function createFileRoutes(options: FileRoutesOptions): Hono {
     // entity, not a files-specific path.
     const result = await executor.delete({ id }, user, createTenantDb(db, user.tenantId));
     if (!result.isSuccess) {
-      return c.json({ error: "not_found" }, 404);
+      // NotFound (race between guard and executor) reuses the 404-masking
+      // pattern from the access-deny path above. Everything else (version
+      // conflict 409, ownership 403, validation 422, internal 500) gets the
+      // real status off the error so callers can distinguish recoverable
+      // from terminal — pauschales 404 hier hat genau das verschleiert.
+      const status = result.error.httpStatus as 400 | 403 | 404 | 409 | 422 | 500;
+      const code = status === 404 ? "not_found" : result.error.code;
+      return c.json({ error: code }, status);
     }
     return c.json({ ok: true });
   });

package/src/files/storage-tracking.ts

@@ -17,15 +17,24 @@ import { defineFeature } from "../engine";
 
 // fileRef is a standard ES entity, so usage tracking subscribes to its
 // auto-verb events. `fileRef.created` payload carries the entity fields
-// (incl. size); `fileRef.deleted` carries `{ previous }` (the pre-delete
-// row), so the byte count to reverse lives at previous.size.
+// (incl. size); `fileRef.deleted` / `fileRef.restored` carry `{ previous }`
+// (the pre-event row), so the byte count to apply lives at previous.size.
 const FILE_REF_CREATED = entityEventName("fileRef", "created");
 const FILE_REF_DELETED = entityEventName("fileRef", "deleted");
+const FILE_REF_RESTORED = entityEventName("fileRef", "restored");
 
 function readNumber(value: unknown): number {
   return typeof value === "number" ? value : 0;
 }
 
+function sizeFromPrevious(payload: Record<string, unknown>): number {
+  const previous = payload["previous"];
+  if (previous && typeof previous === "object" && !Array.isArray(previous)) {
+    return readNumber((previous as Record<string, unknown>)["size"]); // @cast-boundary engine-payload
+  }
+  return 0;
+}
+
 // bigint in `mode: "number"` returns a JS number (safe up to 2^53 ≈ 9e15
 // bytes ≈ 8 petabytes per tenant — large enough for any practical storage
 // quota). Default "bigint" mode would hand back a bigint value, which
@@ -59,12 +68,7 @@ export const filesStorageTrackingFeature = defineFeature("files-storage-tracking
         );
       },
       [FILE_REF_DELETED]: async (event, tx) => {
-        // Delete events carry the pre-delete row under `previous`.
-        const previous = event.payload["previous"];
-        const size =
-          previous && typeof previous === "object" && !Array.isArray(previous)
-            ? readNumber((previous as Record<string, unknown>)["size"]) // @cast-boundary engine-payload
-            : 0;
+        const size = sizeFromPrevious(event.payload);
         // Decrement on delete. INSERT values are 0/0 so a delete that somehow
         // precedes any upload can't create negative usage; the on-conflict
         // path applies the real negative delta. Async (dispatcher) —
@@ -77,6 +81,19 @@ export const filesStorageTrackingFeature = defineFeature("files-storage-tracking
           { set: { lastUpdatedAt: sql`now()` } },
         );
       },
+      [FILE_REF_RESTORED]: async (event, tx) => {
+        // Restore re-increments by the soft-deleted row's size — symmetric
+        // to delete. Without this handler totalBytes/fileCount drift low
+        // after every delete→restore round-trip.
+        const size = sizeFromPrevious(event.payload);
+        await incrementCounter(
+          tx,
+          tenantStorageUsageTable,
+          { tenantId: event.tenantId, totalBytes: size, fileCount: 1 },
+          { totalBytes: size, fileCount: 1 },
+          { set: { lastUpdatedAt: sql`now()` } },
+        );
+      },
     },
   });
 });