@gencow/core 0.1.16 → 0.1.18

package/dist/scoped-db.js

@@ -0,0 +1,364 @@
+/**
+ * packages/core/src/scoped-db.ts
+ *
+ * Creates a scoped (Proxy-wrapped) Drizzle DB instance that auto-injects
+ * schema-level access control filters from gencowTable() metadata.
+ *
+ * Key behaviors:
+ *   - .select().from(gencowTable) → auto-inject filter into WHERE
+ *   - .insert(table) / .update(table) / .delete(table) → inject filter for writes
+ *   - .leftJoin(table) / .innerJoin(table) → detect and inject filter
+ *   - .execute() → blocked (throws Error)
+ *   - .query.tableName.findMany() → inject filter into relational queries
+ *
+ * Run tests: bun test packages/core/src/__tests__/scoped-db.test.ts
+ */
+import { and } from "drizzle-orm";
+import { getTableAccessMeta } from "./table";
+// ─── createScopedDb ─────────────────────────────────────
+/**
+ * Wrap a Drizzle DB instance with access control Proxy.
+ *
+ * @param db  - Raw Drizzle DB instance
+ * @param ctx - GencowCtx (provides auth for filter evaluation)
+ * @returns Proxy-wrapped DB with auto-filter injection
+ */
+export function createScopedDb(db, ctx) {
+    return new Proxy(db, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── Block dangerous methods ──────────────────
+            if (propStr === "execute") {
+                return () => {
+                    throw new Error("[gencow] ctx.db.execute() is not allowed. " +
+                        "Use ctx.db.select().from(table) for type-safe queries with automatic access control. " +
+                        "If you need raw SQL, use ctx.unsafeDb.execute().");
+                };
+            }
+            if (propStr === "$client" || propStr === "_") {
+                throw new Error(`[gencow] ctx.db.${propStr} is not allowed. ` +
+                    "Direct database client access bypasses access control. " +
+                    "Use ctx.unsafeDb if you need direct access.");
+            }
+            // ── Wrap select() ────────────────────────────
+            if (propStr === "select") {
+                return (...selectArgs) => {
+                    const selectResult = target.select(...selectArgs);
+                    return wrapSelectChain(selectResult, ctx);
+                };
+            }
+            // ── Wrap update() ────────────────────────────
+            if (propStr === "update") {
+                return (table) => {
+                    const updateResult = target.update(table);
+                    return wrapWriteChain(updateResult, table, ctx);
+                };
+            }
+            // ── Wrap delete() ────────────────────────────
+            if (propStr === "delete") {
+                return (table) => {
+                    const deleteResult = target.delete(table);
+                    return wrapWriteChain(deleteResult, table, ctx);
+                };
+            }
+            // ── Wrap query (relational API) ──────────────
+            if (propStr === "query") {
+                return wrapRelationalQuery(target.query, ctx);
+            }
+            // ── Pass through everything else ─────────────
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+// ─── Select chain: .from() + .join() → filter injection ─
+/**
+ * Wraps a Drizzle select() chain to intercept .from() and .join() calls.
+ * Each detected gencowTable gets its filter injected.
+ */
+function wrapSelectChain(selectResult, ctx) {
+    return new Proxy(selectResult, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── .from(table) → inject filter ────────────
+            if (propStr === "from") {
+                return (table, ...restArgs) => {
+                    const fromResult = target.from(table, ...restArgs);
+                    const meta = getTableAccessMeta(table);
+                    if (meta) {
+                        // Wrap the chain to inject filter and handle joins
+                        return wrapFromChain(fromResult, ctx, [{ table, meta }]);
+                    }
+                    // No gencowTable metadata — pass through but still wrap for join detection
+                    return wrapFromChain(fromResult, ctx, []);
+                };
+            }
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+/**
+ * Wraps the chain after .from() — handles .where(), .leftJoin(), .innerJoin(), etc.
+ * Accumulates filters from all detected tables and injects them at execution time.
+ */
+function wrapFromChain(chain, ctx, pendingFilters) {
+    return new Proxy(chain, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── Join methods → detect table, accumulate filter ──
+            if (["leftJoin", "rightJoin", "innerJoin", "fullJoin"].includes(propStr)) {
+                return (joinTable, ...joinArgs) => {
+                    const joinResult = target[propStr](joinTable, ...joinArgs);
+                    const joinMeta = getTableAccessMeta(joinTable);
+                    const newFilters = joinMeta
+                        ? [...pendingFilters, { table: joinTable, meta: joinMeta }]
+                        : pendingFilters;
+                    return wrapFromChain(joinResult, ctx, newFilters);
+                };
+            }
+            // ── .where() → combine with accumulated filters ──
+            if (propStr === "where") {
+                return (...whereArgs) => {
+                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
+                    if (combinedFilter) {
+                        // Combine user's where with our filters
+                        const userWhere = whereArgs[0];
+                        const merged = userWhere ? and(userWhere, combinedFilter) : combinedFilter;
+                        const result = target.where(merged);
+                        // After .where(), no more filter injection needed — continue with clean proxy
+                        return wrapFromChain(result, ctx, []);
+                    }
+                    return wrapFromChain(target.where(...whereArgs), ctx, []);
+                };
+            }
+            // ── Terminal methods (then, execute, etc.) → inject pending filters ──
+            if (propStr === "then" || propStr === "execute") {
+                // If there are pending filters that haven't been injected via .where(),
+                // inject them now by calling .where() before execution
+                if (pendingFilters.length > 0) {
+                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
+                    if (combinedFilter) {
+                        const filtered = target.where(combinedFilter);
+                        return filtered[prop].bind(filtered);
+                    }
+                }
+                const value = target[prop];
+                return typeof value === "function" ? value.bind(target) : value;
+            }
+            // ── Other chainable methods (.orderBy, .limit, .offset, etc.) ──
+            const value = target[prop];
+            if (typeof value === "function") {
+                return (...args) => {
+                    const result = value.apply(target, args);
+                    // If the result is thenable (query builder), keep wrapping
+                    if (result && typeof result === "object" && typeof result.then === "function") {
+                        return wrapFromChain(result, ctx, pendingFilters);
+                    }
+                    if (result && typeof result === "object" && "where" in result) {
+                        return wrapFromChain(result, ctx, pendingFilters);
+                    }
+                    return result;
+                };
+            }
+            return value;
+        },
+    });
+}
+// ─── Write chain: update()/delete() filter injection ────
+/**
+ * Wraps update(table) or delete(table) chains.
+ * Injects the table's filter into .where() so users can only modify their own rows.
+ */
+function wrapWriteChain(chain, table, ctx) {
+    const meta = getTableAccessMeta(table);
+    if (!meta) {
+        return chain; // No gencowTable metadata — pass through
+    }
+    return new Proxy(chain, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            if (propStr === "where") {
+                return (...whereArgs) => {
+                    const filterResult = evaluateFilterSync(meta, ctx);
+                    if (typeof filterResult === "boolean") {
+                        if (!filterResult) {
+                            // false → block all writes — add impossible condition
+                            return target.where(whereArgs[0]); // Let it through but will match nothing
+                        }
+                        // true → no additional filter
+                        return target.where(...whereArgs);
+                    }
+                    // SQL condition — combine with user's where
+                    const userWhere = whereArgs[0];
+                    const merged = userWhere ? and(userWhere, filterResult) : filterResult;
+                    return target.where(merged);
+                };
+            }
+            // Terminal methods — inject filter if .where() wasn't called
+            if (propStr === "then" || propStr === "execute" || propStr === "returning") {
+                const filterResult = evaluateFilterSync(meta, ctx);
+                if (filterResult && typeof filterResult !== "boolean") {
+                    const filtered = target.where(filterResult);
+                    const value = filtered[prop];
+                    return typeof value === "function" ? value.bind(filtered) : value;
+                }
+                const value = target[prop];
+                return typeof value === "function" ? value.bind(target) : value;
+            }
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+// ─── Relational query wrapping ──────────────────────────
+/**
+ * Wraps db.query to intercept relational queries (findMany, findFirst).
+ */
+function wrapRelationalQuery(queryObj, ctx) {
+    if (!queryObj)
+        return queryObj;
+    return new Proxy(queryObj, {
+        get(target, tableName) {
+            const tableProxy = target[tableName];
+            if (!tableProxy || typeof tableProxy !== "object")
+                return tableProxy;
+            return new Proxy(tableProxy, {
+                get(tableTarget, method) {
+                    const methodStr = typeof method === "string" ? method : "";
+                    if (methodStr === "findMany" || methodStr === "findFirst") {
+                        return (args = {}) => {
+                            // Try to find the gencowTable by table name
+                            // (relational queries use the table name string)
+                            // We need to look up from registry by tableName
+                            const meta = findMetaByTableName(String(tableName));
+                            if (meta) {
+                                const filterResult = evaluateFilterSync(meta, ctx);
+                                if (filterResult && typeof filterResult !== "boolean") {
+                                    args.where = args.where ? and(args.where, filterResult) : filterResult;
+                                }
+                                else if (filterResult === false) {
+                                    // Deny all — return empty
+                                    args.where = args.where; // Keep existing, but won't match
+                                }
+                            }
+                            return tableTarget[method](args);
+                        };
+                    }
+                    const value = tableTarget[method];
+                    if (typeof value === "function") {
+                        return value.bind(tableTarget);
+                    }
+                    return value;
+                },
+            });
+        },
+    });
+}
+// ─── Filter helpers ─────────────────────────────────────
+/**
+ * Build a combined SQL filter from multiple table filters.
+ * Returns null if no filters to apply.
+ */
+function buildCombinedFilter(pendingFilters, ctx) {
+    const sqlConditions = [];
+    for (const { meta } of pendingFilters) {
+        const result = evaluateFilterSync(meta, ctx);
+        if (result === false) {
+            // Any false → deny all (AND with false = false)
+            // We'd need an always-false SQL expression
+            // For now, we create a `1 = 0` condition
+            const { sql: sqlTag } = require("drizzle-orm");
+            return sqlTag `1 = 0`;
+        }
+        if (result === true) {
+            continue; // Allow all — no condition needed
+        }
+        if (result) {
+            sqlConditions.push(result);
+        }
+    }
+    if (sqlConditions.length === 0)
+        return null;
+    if (sqlConditions.length === 1)
+        return sqlConditions[0];
+    return and(...sqlConditions) ?? null;
+}
+/**
+ * Evaluate a filter synchronously. If the filter is async, this will throw.
+ * For async filters, callers should use evaluateFilterAsync.
+ */
+function evaluateFilterSync(meta, ctx) {
+    const result = meta.filter(ctx);
+    if (result instanceof Promise) {
+        throw new Error(`[gencow] Async filter on table "${meta.tableName}" is not supported in synchronous context. ` +
+            "Use synchronous filters for schema-level access control.");
+    }
+    return result;
+}
+/**
+ * Find table access metadata by table name string.
+ * Used by relational query proxy where we only have the table name.
+ */
+function findMetaByTableName(name) {
+    for (const [, meta] of globalThis.__gencow_tableAccessRegistry || []) {
+        if (meta.tableName === name)
+            return meta;
+    }
+    return undefined;
+}
+// ─── fieldAccess post-processing ────────────────────────
+/**
+ * Apply field-level access control to query results.
+ * Nullifies fields that the current user is not authorized to read.
+ *
+ * @param result - Query result (array or single object)
+ * @param table  - The gencowTable used in the query
+ * @param ctx    - GencowCtx for auth checks
+ * @returns Filtered result with unauthorized fields set to null
+ */
+export function applyFieldAccess(result, table, ctx) {
+    const meta = getTableAccessMeta(table);
+    if (!meta?.fieldAccess)
+        return result;
+    const fieldAccess = meta.fieldAccess;
+    // Determine which fields to mask
+    const maskedFields = [];
+    for (const [field, rule] of Object.entries(fieldAccess)) {
+        try {
+            if (!rule.read(ctx)) {
+                maskedFields.push(field);
+            }
+        }
+        catch {
+            // If read check throws (e.g., requireAuth on anonymous), mask the field
+            maskedFields.push(field);
+        }
+    }
+    if (maskedFields.length === 0)
+        return result;
+    const maskRow = (row) => {
+        if (!row || typeof row !== "object")
+            return row;
+        const masked = { ...row };
+        for (const field of maskedFields) {
+            if (field in masked) {
+                masked[field] = null;
+            }
+        }
+        return masked;
+    };
+    if (Array.isArray(result)) {
+        return result.map(maskRow);
+    }
+    return maskRow(result);
+}

package/dist/table.d.ts

@@ -0,0 +1,67 @@
+/**
+ * packages/core/src/table.ts
+ *
+ * gencowTable() — Drizzle pgTable wrapper with schema-level access control.
+ * Inspired by KeystoneJS's declarative filter pattern.
+ *
+ * Run tests: bun test packages/core/src/__tests__/table.test.ts
+ */
+import { pgTable } from "drizzle-orm/pg-core";
+import type { GencowCtx } from "./reactive";
+import type { SQL } from "drizzle-orm";
+/**
+ * Access control filter function.
+ * Returns a Drizzle SQL condition, `true` (allow all), or `false` (deny all).
+ * Can be async (e.g., for team membership lookups).
+ */
+export type AccessFilter = (ctx: GencowCtx) => SQL | boolean | Promise<SQL | boolean>;
+/** Field-level access control: per-field read permission. */
+export interface FieldAccessRule {
+    read: (ctx: GencowCtx) => boolean;
+}
+/** Options for gencowTable — access control metadata. */
+export interface GencowTableOptions {
+    /** Row-level filter — auto-injected into all queries on this table */
+    filter: AccessFilter;
+    /** Field-level access — unauthorized fields are nullified in results */
+    fieldAccess?: Record<string, FieldAccessRule>;
+}
+/** Stored metadata for a gencowTable. */
+export interface TableAccessMeta {
+    filter: AccessFilter;
+    fieldAccess?: Record<string, FieldAccessRule>;
+    tableName: string;
+}
+declare global {
+    var __gencow_tableAccessRegistry: Map<any, TableAccessMeta>;
+}
+/**
+ * Drizzle pgTable wrapper with schema-level access control.
+ *
+ * Creates a standard Drizzle pgTable (100% compatible) and registers
+ * filter + fieldAccess metadata that ctx.db Proxy uses to auto-inject
+ * WHERE clauses.
+ *
+ * @param name    - PostgreSQL table name
+ * @param columns - Drizzle column definitions (same as pgTable)
+ * @param options - Access control (filter required, fieldAccess optional)
+ */
+export declare function gencowTable<T extends Record<string, any>>(name: string, columns: T, options: GencowTableOptions): ReturnType<typeof pgTable<string, T>>;
+/**
+ * Convenience helper for userId-based isolation.
+ *
+ * Usage:
+ *   export const tasks = gencowTable("tasks", { ... }, ownerFilter("userId"));
+ *   export const files = gencowTable("files", { ... }, ownerFilter("ownerId"));
+ *
+ * @param columnName - Name of the user ID column (default: "userId")
+ */
+export declare function ownerFilter(columnName?: string): GencowTableOptions;
+/** Get access control metadata for a table. Returns undefined for plain pgTable. */
+export declare function getTableAccessMeta(table: any): TableAccessMeta | undefined;
+/** Check if a table has gencowTable metadata registered. */
+export declare function isGencowTable(table: any): boolean;
+/** Get all registered gencowTables (for audit/boot-time checks). */
+export declare function getAllGencowTables(): Map<any, TableAccessMeta>;
+/** Reset registry (for testing only). */
+export declare function _resetTableRegistry(): void;

package/dist/table.js

@@ -0,0 +1,98 @@
+/**
+ * packages/core/src/table.ts
+ *
+ * gencowTable() — Drizzle pgTable wrapper with schema-level access control.
+ * Inspired by KeystoneJS's declarative filter pattern.
+ *
+ * Run tests: bun test packages/core/src/__tests__/table.test.ts
+ */
+import { pgTable } from "drizzle-orm/pg-core";
+import { eq } from "drizzle-orm";
+function isOwnerFilter(opts) {
+    return "_ownerColumn" in opts;
+}
+if (!globalThis.__gencow_tableAccessRegistry) {
+    globalThis.__gencow_tableAccessRegistry = new Map();
+}
+const tableAccessRegistry = globalThis.__gencow_tableAccessRegistry;
+// ─── gencowTable() ──────────────────────────────────────
+/**
+ * Drizzle pgTable wrapper with schema-level access control.
+ *
+ * Creates a standard Drizzle pgTable (100% compatible) and registers
+ * filter + fieldAccess metadata that ctx.db Proxy uses to auto-inject
+ * WHERE clauses.
+ *
+ * @param name    - PostgreSQL table name
+ * @param columns - Drizzle column definitions (same as pgTable)
+ * @param options - Access control (filter required, fieldAccess optional)
+ */
+export function gencowTable(name, columns, options) {
+    if (!options || (typeof options.filter !== "function" && !isOwnerFilter(options))) {
+        throw new Error(`[gencow] gencowTable("${name}") requires a filter option. ` +
+            `Use ownerFilter("userId") for simple user isolation, ` +
+            `or { filter: () => true } for public tables.`);
+    }
+    // Create standard Drizzle pgTable — fully compatible
+    const table = pgTable(name, columns);
+    // Resolve ownerFilter to a concrete filter bound to this table
+    let filter;
+    if (isOwnerFilter(options)) {
+        const columnName = options._ownerColumn;
+        const col = table[columnName];
+        if (!col) {
+            throw new Error(`[gencow] ownerFilter("${columnName}"): column "${columnName}" not found on table "${name}". ` +
+                `Available columns: ${Object.keys(table).filter(k => !k.startsWith("_") && !k.startsWith("$")).join(", ")}`);
+        }
+        filter = (ctx) => {
+            const user = ctx.auth.requireAuth();
+            return eq(col, user.id);
+        };
+    }
+    else {
+        filter = options.filter;
+    }
+    // Store access control metadata keyed by the table object reference
+    tableAccessRegistry.set(table, {
+        filter,
+        fieldAccess: options.fieldAccess,
+        tableName: name,
+    });
+    return table;
+}
+// ─── ownerFilter() helper ───────────────────────────────
+/**
+ * Convenience helper for userId-based isolation.
+ *
+ * Usage:
+ *   export const tasks = gencowTable("tasks", { ... }, ownerFilter("userId"));
+ *   export const files = gencowTable("files", { ... }, ownerFilter("ownerId"));
+ *
+ * @param columnName - Name of the user ID column (default: "userId")
+ */
+export function ownerFilter(columnName = "userId") {
+    // Return a marker object — gencowTable() resolves this to a concrete filter
+    // by binding to the actual table column at registration time.
+    return {
+        _ownerColumn: columnName,
+        // Placeholder filter — replaced by gencowTable()
+        filter: () => { throw new Error("[gencow] ownerFilter placeholder should not be called directly"); },
+    };
+}
+// ─── Lookup ─────────────────────────────────────────────
+/** Get access control metadata for a table. Returns undefined for plain pgTable. */
+export function getTableAccessMeta(table) {
+    return tableAccessRegistry.get(table);
+}
+/** Check if a table has gencowTable metadata registered. */
+export function isGencowTable(table) {
+    return tableAccessRegistry.has(table);
+}
+/** Get all registered gencowTables (for audit/boot-time checks). */
+export function getAllGencowTables() {
+    return new Map(tableAccessRegistry);
+}
+/** Reset registry (for testing only). */
+export function _resetTableRegistry() {
+    tableAccessRegistry.clear();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@gencow/core",
-    "version": "0.1.16",
+    "version": "0.1.18",
     "description": "Gencow core library — defineQuery, defineMutation, reactive subscriptions",
     "type": "module",
     "main": "dist/index.js",

package/src/__tests__/crud-codegen-integration.test.ts

@@ -131,7 +131,6 @@ describe("crud() + 수동 query/mutation 혼용", () => {
         });
 
         mutation("cg_digests.generate", {
-            invalidates: ["cg_digests.list"],
             public: true,
             handler: async (ctx) => {
                 return { success: true };

package/src/__tests__/load.test.ts

@@ -9,7 +9,6 @@
 import { describe, it, expect } from "bun:test";
 import {
     buildRealtimeCtx,
-    invalidateQueries,
     subscribe,
     registerClient,
     deregisterClient,
@@ -320,44 +319,40 @@ describe("[Load] 대용량 페이로드 emit 성능", () => {
     });
 });
 
-// ─── 6. invalidateQueries broadcast 확장성 ──────────────────────────────────
+// ─── 6. emit broadcast 확장성 (컨넥튰드 클라이언트 기반) ─────────────────────────
 
-describe("[Load] invalidateQueries broadcast 확장성", () => {
-    it("1,000개 connectedClients에 broadcast를 50ms 이내에 완료한다", async () => {
+describe("[Load] emit broadcast 확장성", () => {
+    it("1,000개 구독자에게 emit이 50ms 이내에 완료된다", async () => {
         const N = 1_000;
+        const key = makeUniqueKey("broadcast1k");
         const clients = Array.from({ length: N }, (_, i) => makeMockWs(i));
-        clients.forEach(ws => registerClient(ws));
+        clients.forEach(ws => subscribe(key, ws));
 
-        const mockCtx = {} as GencowCtx;
         const start = performance.now();
-        await invalidateQueries(["tasks.list", "tasks.get"], mockCtx);
+        buildRealtimeCtx().emit(key, [{ id: 1 }, { id: 2 }]);
+        await wait(60);
         const elapsed = performance.now() - start;
 
-        console.log(`[broadcast] 1,000 connectedClients → ${elapsed.toFixed(1)}ms`);
+        console.log(`[broadcast] 1,000 subscribers → ${elapsed.toFixed(1)}ms`);
 
         const received = clients.filter(ws => ws.sendCount === 1).length;
         expect(received).toBe(N);
-        expect(elapsed).toBeLessThan(50);
+        expect(elapsed).toBeLessThan(100); // emit has 50ms debounce
 
         clients.forEach(ws => deregisterClient(ws));
     });
 });
 
-// ─── 7. push vs legacy 비교 ─────────────────────────────────────────────────
+// ─── 7. Push emit 포맷 검증 ───────────────────────────────────────────────
 
-describe("[Load] Push 방식 vs Legacy invalidateQueries 비교", () => {
-    it("emit(push)는 query:updated+data를, legacy는 invalidate 신호만 전달한다", async () => {
+describe("[Load] Push emit 포맷 검증", () => {
+    it("emit(push)은 query:updated+data를 실제 페이로드와 함께 전달한다", async () => {
         const N_SUBS = 500;
         const keyPush = makeUniqueKey("compare.push");
-        const keyLegacy = makeUniqueKey("compare.legacy");
 
         // push: 구독 클라이언트 (query:updated 수신 예상)
         const pushClients = Array.from({ length: N_SUBS }, (_, i) => makeTrackedWs(i));
-        // legacy: connectedClients 전용 (invalidate broadcast 수신 예상)
-        const legacyClients = Array.from({ length: N_SUBS }, (_, i) => makeTrackedWs(i + N_SUBS));
-
         pushClients.forEach(ws => subscribe(keyPush, ws));
-        legacyClients.forEach(ws => registerClient(ws)); // subscribe 안 함 → invalidate만 수신
 
         const data = Array.from({ length: 100 }, (_, i) => ({ id: i, title: `T${i}` }));
 
@@ -367,28 +362,15 @@ describe("[Load] Push 방식 vs Legacy invalidateQueries 비교", () => {
         await wait(80);
         const pushElapsed = performance.now() - pushStart;
 
-        // Legacy path: invalidate broadcast 즉시 전송
-        const legacyStart = performance.now();
-        await invalidateQueries([keyLegacy], {} as GencowCtx);
-        const legacyElapsed = performance.now() - legacyStart;
-
         const pushWithData = pushClients.filter(ws =>
             ws.received.some((m: any) => m.type === "query:updated" && m.hasData)
         ).length;
 
-        const legacyWithSignal = legacyClients.filter(ws =>
-            ws.received.some((m: any) => m.type === "invalidate")
-        ).length;
-
-        console.log(`[compare] Push  : ${pushElapsed.toFixed(1)}ms → ${pushWithData}/${N_SUBS} with data (query:updated)`);
-        console.log(`[compare] Legacy: ${legacyElapsed.toFixed(1)}ms → ${legacyWithSignal}/${N_SUBS} signal only (invalidate)`);
+        console.log(`[push] ${pushElapsed.toFixed(1)}ms → ${pushWithData}/${N_SUBS} with data (query:updated)`);
 
         // 핵심 검증
         expect(pushWithData).toBe(N_SUBS);       // 500/500이 data 포함 메시지 수신
-        expect(legacyWithSignal).toBe(N_SUBS);   // 500/500이 신호 수신
-        expect(legacyElapsed).toBeLessThan(pushElapsed); // legacy가 더 즉각적 (debounce 없음)
 
         pushClients.forEach(ws => deregisterClient(ws));
-        legacyClients.forEach(ws => deregisterClient(ws));
     });
 });