@gencow/core 0.1.27 → 0.1.28

package/src/__tests__/crud.test.ts

@@ -1,930 +0,0 @@
-/**
- * packages/core/src/__tests__/crud.test.ts
- *
- * crud() v2 Zero-Boilerplate API Factory — 유닛 테스트
- *
- * 검증 항목:
- *   1. 팩토리가 query/mutation을 글로벌 레지스트리에 자동 등록하는지
- *   2. Secure by Default: 기본 auth 필수, public 옵션 동작
- *   3. 반환 객체 구조: { list, get, create, update, remove }
- *   4. 테이블명 기반 key 생성 (prefix 오버라이드)
- *   5. options 기본값 (defaultLimit, maxLimit, realtime)
- *   6. UUID id 자동 감지 (text PK → v.string())
- *   7. list 반환값: { data: T[], total: number }
- *   8. allowedFilters 화이트리스트 동작
- *
- * Run: bun test packages/core/src/__tests__/crud.test.ts
- */
-
-import { describe, it, expect, beforeAll } from "bun:test";
-import { getRegisteredQueries, getRegisteredMutations, getQueryDef } from "../reactive.js";
-
-// ─── Mock PgTable ────────────────────────────────────────────────────────────
-// 실제 Drizzle pgTable을 사용 — getTableName() 등 Drizzle 공식 API 호환 보장
-
-import { pgTable, serial, text, timestamp } from "drizzle-orm/pg-core";
-
-// ─── crud import ───────────────────────────────────────────────────────
-
-import { crud, parseFilterNode, applyFilterOp } from "../crud.js";
-
-// ─── 테스트 테이블 정의 ────────────────────────────────────────────────────
-
-const tasks = pgTable("tasks", {
-  id: serial("id").primaryKey(),
-  title: text("title").notNull(),
-  description: text("description"),
-  userId: text("user_id"),
-  createdAt: timestamp("created_at").defaultNow(),
-  updatedAt: timestamp("updated_at").defaultNow(),
-});
-
-const articles = pgTable("articles", {
-  id: serial("id").primaryKey(),
-  title: text("title"),
-  createdAt: timestamp("created_at").defaultNow(),
-});
-
-const items = pgTable("items", {
-  id: serial("id").primaryKey(),
-  name: text("name"),
-});
-
-// ─── Mock 유틸 ─────────────────────────────────────────────────────────
-
-/**
- * list handler가 parallel로 SELECT + COUNT를 실행하므로,
- * select()가 두 가지 호출 패턴을 지원해야 함:
- *   1. select()           → data query chain
- *   2. select({count: _}) → count query chain
- */
-function createListMockCtx(mockData: any[], opts?: { authCalled?: { value: boolean } }) {
-  // data select chain
-  const dataChain = {
-    from: () => dataChain,
-    where: () => dataChain,
-    orderBy: () => dataChain,
-    limit: () => dataChain,
-    offset: () => Promise.resolve(mockData),
-  };
-  // count select chain
-  const countChain = {
-    from: () => countChain,
-    where: () => Promise.resolve([{ count: mockData.length }]),
-  };
-
-  return {
-    auth: {
-      requireAuth: () => {
-        if (opts?.authCalled) opts.authCalled.value = true;
-        return { user: { id: "user-1" } };
-      },
-      getSession: () => null,
-    },
-    db: {
-      select: (selectArg?: any) => {
-        // select({count: ...}) — count query
-        if (selectArg && typeof selectArg === "object" && "count" in selectArg) {
-          return countChain;
-        }
-        // select() — data query
-        return dataChain;
-      },
-    },
-  };
-}
-
-/**
- * mutation handler 실행용 mock context.
- * insert/update/delete + realtime emit + fetchListWithTotal(select+count) 지원.
- */
-function createMutationMockCtx(opts: { listData?: any[]; insertResult?: any; authUser?: any }) {
-  const listData = opts.listData ?? [];
-  const insertResult = opts.insertResult;
-  const emitted: { key: string; data: any }[] = [];
-  let capturedValues: any = null;
-
-  // select chain: data + count 양쪽 지원
-  const selectDataChain = {
-    from: () => selectDataChain,
-    where: () => selectDataChain,
-    orderBy: () => Promise.resolve(listData),
-  };
-  const selectCountChain = {
-    from: () => selectCountChain,
-    where: () => Promise.resolve([{ count: listData.length }]),
-  };
-
-  const mockCtx = {
-    auth: {
-      requireAuth: () => opts.authUser ?? { id: "user-1", email: "test@example.com" },
-    },
-    db: {
-      select: (selectArg?: any) => {
-        if (selectArg && typeof selectArg === "object" && "count" in selectArg) {
-          return selectCountChain;
-        }
-        return selectDataChain;
-      },
-      insert: () => ({
-        values: (v: any) => {
-          capturedValues = v;
-          return { returning: () => Promise.resolve([insertResult]) };
-        },
-      }),
-      update: () => ({
-        set: () => ({ where: () => ({ returning: () => Promise.resolve([insertResult]) }) }),
-      }),
-      delete: () => ({
-        where: () => Promise.resolve(),
-      }),
-    },
-    realtime: {
-      emit: (key: string, data: any) => emitted.push({ key, data }),
-    },
-  };
-
-  return { mockCtx, emitted, getCapturedValues: () => capturedValues };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 1. 기본 동작: 팩토리 반환값 + 레지스트리 등록
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — 기본 동작", () => {
-  let result: ReturnType<typeof crud>;
-
-  beforeAll(() => {
-    result = crud(tasks);
-  });
-
-  it("{ list, get, create, update, remove } 5개 프로퍼티를 반환한다", () => {
-    expect(result).toHaveProperty("list");
-    expect(result).toHaveProperty("get");
-    expect(result).toHaveProperty("create");
-    expect(result).toHaveProperty("update");
-    expect(result).toHaveProperty("remove");
-    expect(Object.keys(result)).toHaveLength(5);
-  });
-
-  it("query/mutation 각각 레지스트리에 등록된다", () => {
-    const queries = getRegisteredQueries();
-    const mutations = getRegisteredMutations();
-
-    // query: tasks.list, tasks.get
-    expect(queries).toContain("tasks.list");
-    expect(queries).toContain("tasks.get");
-
-    // mutation: tasks.create, tasks.update, tasks.remove
-    const mutationNames = mutations.map((m: any) => m.name);
-    expect(mutationNames).toContain("tasks.create");
-    expect(mutationNames).toContain("tasks.update");
-    expect(mutationNames).toContain("tasks.remove");
-  });
-
-  it("등록된 query/mutation은 핸들러를 가지고 있다", () => {
-    const listDef = getQueryDef("tasks.list");
-    expect(listDef).toBeDefined();
-    expect(typeof listDef!.handler).toBe("function");
-
-    const getDef = getQueryDef("tasks.get");
-    expect(getDef).toBeDefined();
-    expect(typeof getDef!.handler).toBe("function");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 2. Secure by Default — 인증 기본 활성화
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — Secure by Default", () => {
-  it("기본 호출 시 모든 query/mutation이 isPublic === false (auth 필수)", () => {
-    const result = crud(articles);
-
-    const listDef = getQueryDef("articles.list");
-    const getDef = getQueryDef("articles.get");
-
-    expect(listDef!.isPublic).toBe(false);
-    expect(getDef!.isPublic).toBe(false);
-
-    const mutations = getRegisteredMutations();
-    const createDef = mutations.find((m: any) => m.name === "articles.create");
-    const updateDef = mutations.find((m: any) => m.name === "articles.update");
-    const removeDef = mutations.find((m: any) => m.name === "articles.remove");
-
-    expect(createDef!.isPublic).toBe(false);
-    expect(updateDef!.isPublic).toBe(false);
-    expect(removeDef!.isPublic).toBe(false);
-  });
-
-  it("{ public: true } 옵션 시 모든 엔드포인트가 isPublic === true", () => {
-    const result = crud(items, { public: true });
-
-    const listDef = getQueryDef("items.list");
-    const getDef = getQueryDef("items.get");
-
-    expect(listDef!.isPublic).toBe(true);
-    expect(getDef!.isPublic).toBe(true);
-
-    const mutations = getRegisteredMutations();
-    const createDef = mutations.find((m: any) => m.name === "items.create");
-    expect(createDef!.isPublic).toBe(true);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 3. prefix 오버라이드
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — prefix 오버라이드", () => {
-  it("prefix 옵션으로 키 네임스페이스를 변경할 수 있다", () => {
-    const customTable = pgTable("my_items", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-    });
-
-    crud(customTable, { prefix: "products", public: true });
-
-    const listDef = getQueryDef("products.list");
-    const getDef = getQueryDef("products.get");
-
-    expect(listDef).toBeDefined();
-    expect(getDef).toBeDefined();
-
-    const mutations = getRegisteredMutations();
-    expect(mutations.find((m: any) => m.name === "products.create")).toBeDefined();
-    expect(mutations.find((m: any) => m.name === "products.update")).toBeDefined();
-    expect(mutations.find((m: any) => m.name === "products.remove")).toBeDefined();
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 4. id 컬럼 필수 체크
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — 검증", () => {
-  it("id 컬럼이 없는 테이블은 에러를 던진다", () => {
-    // id 컬럼이 없는 실제 Drizzle 테이블
-    const badTable = pgTable("bad", {
-      name: text("name"),
-    });
-
-    expect(() => crud(badTable)).toThrow("[crud]");
-    expect(() => crud(badTable)).toThrow("must have an 'id' column");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 5. 핸들러 실행 — list ({ data, total } 반환 검증)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — list handler 실행", () => {
-  it("list handler가 { data: T[], total: number } 형태로 반환한다", async () => {
-    const testTable = pgTable("handler_test", {
-      id: serial("id").primaryKey(),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(testTable, { public: true });
-
-    const listDef = getQueryDef("handler_test.list");
-    expect(listDef).toBeDefined();
-
-    const mockData = [{ id: 1 }, { id: 2 }];
-    const mockCtx = createListMockCtx(mockData);
-
-    const result = await listDef!.handler(mockCtx, {});
-
-    // { data, total } 형태 검증
-    expect(result).toHaveProperty("data");
-    expect(result).toHaveProperty("total");
-    expect(result.data).toEqual(mockData);
-    expect(result.total).toBe(2);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 6. 핸들러 실행 — create (auth + userId 자동 주입 + realtime { data, total })
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — create handler 실행", () => {
-  it("인증된 사용자의 create가 userId 자동 주입 + { data, total } realtime emit", async () => {
-    const testTable = pgTable("create_test", {
-      id: serial("id").primaryKey(),
-      title: text("title"),
-      userId: text("user_id"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(testTable);
-
-    const mutations = getRegisteredMutations();
-    const createDef = mutations.find((m: any) => m.name === "create_test.create");
-    expect(createDef).toBeDefined();
-
-    const insertedData = { id: 42, title: "New Task", userId: "user-1" };
-    const { mockCtx, emitted, getCapturedValues } = createMutationMockCtx({
-      listData: [insertedData],
-      insertResult: insertedData,
-    });
-
-    const result = await createDef!.handler(mockCtx, { title: "New Task" });
-    expect(result).toEqual(insertedData);
-
-    // userId 자동 주입 확인
-    expect(getCapturedValues().userId).toBe("user-1");
-
-    // realtime emit — { data, total } 형태 확인
-    expect(emitted.length).toBeGreaterThanOrEqual(1);
-    expect(emitted[0].key).toBe("create_test.list");
-    expect(emitted[0].data).toHaveProperty("data");
-    expect(emitted[0].data).toHaveProperty("total");
-    expect(emitted[0].data.total).toBe(1);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 7. 핸들러 실행 — remove (realtime { data, total })
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — remove handler 실행", () => {
-  it("remove가 ctx.db.delete().where() 호출 후 { data, total } realtime emit 한다", async () => {
-    const testTable = pgTable("remove_test", {
-      id: serial("id").primaryKey(),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(testTable);
-
-    const mutations = getRegisteredMutations();
-    const removeDef = mutations.find((m: any) => m.name === "remove_test.remove");
-    expect(removeDef).toBeDefined();
-
-    const { mockCtx, emitted } = createMutationMockCtx({
-      listData: [], // 삭제 후 빈 리스트
-    });
-
-    const result = await removeDef!.handler(mockCtx, { id: 99 });
-    expect(result).toEqual({ success: true });
-
-    // realtime emit — { data, total } 형태
-    expect(emitted.length).toBeGreaterThanOrEqual(1);
-    expect(emitted[0].key).toBe("remove_test.list");
-    expect(emitted[0].data).toHaveProperty("data");
-    expect(emitted[0].data).toHaveProperty("total");
-    expect(emitted[0].data.total).toBe(0);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 8. public: true — auth skip 확인
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — public 모드 auth skip", () => {
-  it("public: true 시 requireAuth를 호출하지 않는다", async () => {
-    const testTable = pgTable("pub_test", {
-      id: serial("id").primaryKey(),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(testTable, { public: true });
-
-    const listDef = getQueryDef("pub_test.list");
-    expect(listDef).toBeDefined();
-
-    const authCalled = { value: false };
-    const mockCtx = createListMockCtx([{ id: 1 }], { authCalled });
-
-    // public 모드에서는 requireAuth를 호출하면 안됨 → 별도 mock
-    mockCtx.auth.requireAuth = () => {
-      authCalled.value = true;
-      throw new Error("should not be called");
-    };
-
-    const result = await listDef!.handler(mockCtx, {});
-    expect(authCalled.value).toBe(false);
-    expect(result.data).toEqual([{ id: 1 }]);
-    expect(result.total).toBe(1);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 9. UUID id 자동 감지
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — UUID id 자동 감지", () => {
-  it("text PK 테이블에서 get args에 string id validator를 사용한다", () => {
-    const uuidTable = pgTable("uuid_test", {
-      id: text("id").primaryKey(), // UUID string PK
-      name: text("name"),
-    });
-
-    crud(uuidTable, { public: true });
-
-    const getDef = getQueryDef("uuid_test.get");
-    expect(getDef).toBeDefined();
-    // argsSchema에 id가 존재 (string 타입)
-    expect(getDef!.argsSchema).toBeDefined();
-    expect(getDef!.argsSchema).toHaveProperty("id");
-  });
-
-  it("serial PK 테이블에서 get args에 number id validator를 사용한다", () => {
-    const serialTable = pgTable("serial_test", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-    });
-
-    crud(serialTable, { public: true });
-
-    const getDef = getQueryDef("serial_test.get");
-    expect(getDef).toBeDefined();
-    expect(getDef!.argsSchema).toBeDefined();
-    expect(getDef!.argsSchema).toHaveProperty("id");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 10. allowedFilters — 화이트리스트 동작
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("crud() — allowedFilters", () => {
-  it("allowedFilters에 명시된 필드의 필터가 적용된다", async () => {
-    const filterTable = pgTable("filter_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      category: text("category"),
-      userId: text("user_id"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(filterTable, {
-      public: true,
-      allowedFilters: ["status", "category"],
-    });
-
-    const listDef = getQueryDef("filter_test.list");
-    expect(listDef).toBeDefined();
-
-    // allowedFilters를 사용하면 handler가 에러 없이 실행됨
-    const mockCtx = createListMockCtx([{ id: 1, status: "active" }]);
-    const result = await listDef!.handler(mockCtx, {
-      filters: { status: "active" },
-    });
-
-    expect(result).toHaveProperty("data");
-    expect(result).toHaveProperty("total");
-  });
-
-  it("allowedFilters에 없는 필드의 필터는 무시된다 (보안)", async () => {
-    const filterTable2 = pgTable("filter_test2", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      userId: text("user_id"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(filterTable2, {
-      public: true,
-      allowedFilters: ["status"],
-    });
-
-    const listDef = getQueryDef("filter_test2.list");
-    expect(listDef).toBeDefined();
-
-    // userId는 allowedFilters에 없으므로 무시되어야 함
-    const mockCtx = createListMockCtx([{ id: 1 }]);
-    const result = await listDef!.handler(mockCtx, {
-      filters: { userId: "hacker-attempt" },
-    });
-
-    // 에러 없이 정상 실행 (필터가 무시됨)
-    expect(result).toHaveProperty("data");
-    expect(result).toHaveProperty("total");
-  });
-
-  it("filters가 비어있으면 에러 없이 동작한다", async () => {
-    const filterTable3 = pgTable("filter_test3", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(filterTable3, {
-      public: true,
-      allowedFilters: ["status"],
-    });
-
-    const listDef = getQueryDef("filter_test3.list");
-    const mockCtx = createListMockCtx([{ id: 1 }]);
-
-    // filters 미전달
-    const result1 = await listDef!.handler(mockCtx, {});
-    expect(result1).toHaveProperty("data");
-
-    // filters 빈 객체
-    const result2 = await listDef!.handler(mockCtx, { filters: {} });
-    expect(result2).toHaveProperty("data");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 11. v3 Filter Engine — parseFilterNode 직접 테스트 (spec TC1~5)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("v3 Filter Engine — parseFilterNode", () => {
-  // TC1: 하위 호환성 (Implicit eq)
-  it("TC1: 단순 key-value는 암묵적 eq로 파싱된다 (하위호환)", () => {
-    const table = pgTable("tc1_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-    });
-
-    const result = parseFilterNode({ status: "active" }, table);
-    expect(result).toBeDefined();
-  });
-
-  it("TC1: 여러 key-value 동시 사용 시 모두 AND 결합된다", () => {
-    const table = pgTable("tc1b_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      category: text("category"),
-    });
-
-    const result = parseFilterNode({ status: "active", category: "tech" }, table);
-    expect(result).toBeDefined();
-  });
-
-  // TC2: 다중 논리망 (Nested OR & AND)
-  it("TC2: AND + 중첩 OR 필터가 SQL 조건으로 빌드된다", () => {
-    const table = pgTable("tc2_test", {
-      id: serial("id").primaryKey(),
-      category: text("category"),
-      qty: serial("qty"),
-      flag: text("flag"),
-    });
-
-    const result = parseFilterNode(
-      {
-        AND: [{ category: "A" }, { OR: [{ qty: { op: "gte", value: 10 } }, { flag: true }] }],
-      },
-      table,
-    );
-
-    expect(result).toBeDefined();
-  });
-
-  it("TC2: 단순 OR 배열도 파싱된다", () => {
-    const table = pgTable("tc2b_test", {
-      id: serial("id").primaryKey(),
-      title: text("title"),
-      description: text("description"),
-    });
-
-    const result = parseFilterNode(
-      {
-        OR: [{ title: { op: "ilike", value: "%AI%" } }, { description: { op: "ilike", value: "%데이터%" } }],
-      },
-      table,
-    );
-
-    expect(result).toBeDefined();
-  });
-
-  // TC3: 보안 방어 — allowedFilters 위반
-  it("TC3: allowedFilters에 없는 필드는 완전 묵살 (직접 접근)", () => {
-    const table = pgTable("tc3_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      title: text("title"),
-      passwordHash: text("password_hash"),
-    });
-
-    // password_hash 직접 접근 → 묵살
-    const r1 = parseFilterNode({ passwordHash: { op: "eq", value: "xxx" } }, table, ["status", "title"]);
-    expect(r1).toBeUndefined(); // 모든 조건 제거됨
-  });
-
-  it("TC3: OR 틈새 우회 시도 시 미허용 필드만 묵살, 허용 필드는 유지", () => {
-    const table = pgTable("tc3b_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      isAdmin: text("is_admin"),
-    });
-
-    const r = parseFilterNode({ OR: [{ status: "public" }, { isAdmin: true }] }, table, ["status"]);
-    // status는 허용 → OR 조건 살아있음
-    expect(r).toBeDefined();
-  });
-
-  it("TC3: 모든 필드가 미허용이면 undefined 반환", () => {
-    const table = pgTable("tc3c_test", {
-      id: serial("id").primaryKey(),
-      secret: text("secret"),
-    });
-
-    const r = parseFilterNode({ OR: [{ secret: "hi" }] }, table, ["status"]);
-    expect(r).toBeUndefined();
-  });
-
-  // TC4: 악의적 페이로드 구조 방어
-  it("TC4: OR에 비배열 전달 시 무시, 크래시 없음", () => {
-    const table = pgTable("tc4_test", {
-      id: serial("id").primaryKey(),
-      age: serial("age"),
-    });
-
-    expect(parseFilterNode({ OR: "not-an-array" as any }, table)).toBeUndefined();
-  });
-
-  it("TC4: 미지원 op 키워드(DROP TABLE 등) 묵살, 크래시 없음", () => {
-    const table = pgTable("tc4b_test", {
-      id: serial("id").primaryKey(),
-      age: serial("age"),
-    });
-
-    expect(parseFilterNode({ age: { op: "DROP TABLE", value: 1 } }, table)).toBeUndefined();
-  });
-
-  it("TC4: AND에 null/string/number 등 비객체 원소 묵살", () => {
-    const table = pgTable("tc4c_test", {
-      id: serial("id").primaryKey(),
-    });
-
-    expect(parseFilterNode({ AND: [null, "string", 42] as any }, table)).toBeUndefined();
-    expect(parseFilterNode({ AND: null as any }, table)).toBeUndefined();
-  });
-
-  it("TC4: 존재하지 않는 컬럼명 필터는 묵살", () => {
-    const table = pgTable("tc4d_test", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-    });
-
-    const r = parseFilterNode({ nonExistentCol: "value" }, table);
-    expect(r).toBeUndefined();
-  });
-
-  // TC5: IN / NIN 연산자 배열값 처리
-  it("TC5: in 연산자 — 정상 배열은 SQL 생성", () => {
-    const table = pgTable("tc5_test", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-    });
-
-    const r = parseFilterNode({ id: { op: "in", value: [1, 2, 3] } }, table);
-    expect(r).toBeDefined();
-  });
-
-  it("TC5: in 연산자 — 비배열은 묵살", () => {
-    const table = pgTable("tc5b_test", {
-      id: serial("id").primaryKey(),
-    });
-
-    const r = parseFilterNode({ id: { op: "in", value: "1" } }, table);
-    expect(r).toBeUndefined();
-  });
-
-  it("TC5: in 연산자 — 빈 배열은 묵살", () => {
-    const table = pgTable("tc5c_test", {
-      id: serial("id").primaryKey(),
-    });
-
-    const r = parseFilterNode({ id: { op: "in", value: [] } }, table);
-    expect(r).toBeUndefined();
-  });
-
-  it("TC5: nin 연산자 — 정상 배열은 SQL 생성", () => {
-    const table = pgTable("tc5d_test", {
-      id: serial("id").primaryKey(),
-    });
-
-    const r = parseFilterNode({ id: { op: "nin", value: [10, 20] } }, table);
-    expect(r).toBeDefined();
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 12. v3 Filter Engine — applyFilterOp 직접 테스트
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("v3 Filter Engine — applyFilterOp", () => {
-  const table = pgTable("op_test", {
-    id: serial("id").primaryKey(),
-    name: text("name"),
-    age: serial("age"),
-  });
-
-  it("eq 연산자가 SQL 조건을 반환한다", () => {
-    expect(applyFilterOp(table.name, "eq", "test")).toBeDefined();
-  });
-
-  it("ne 연산자가 SQL 조건을 반환한다", () => {
-    expect(applyFilterOp(table.name, "ne", "test")).toBeDefined();
-  });
-
-  it("gt/gte/lt/lte 비교 연산자가 SQL 조건을 반환한다", () => {
-    expect(applyFilterOp(table.age, "gt", 10)).toBeDefined();
-    expect(applyFilterOp(table.age, "gte", 18)).toBeDefined();
-    expect(applyFilterOp(table.age, "lt", 100)).toBeDefined();
-    expect(applyFilterOp(table.age, "lte", 65)).toBeDefined();
-  });
-
-  it("like/ilike 패턴 연산자가 SQL 조건을 반환한다", () => {
-    expect(applyFilterOp(table.name, "like", "%test%")).toBeDefined();
-    expect(applyFilterOp(table.name, "ilike", "%TEST%")).toBeDefined();
-  });
-
-  it("in 연산자 — 정상 배열은 SQL 반환", () => {
-    expect(applyFilterOp(table.id, "in", [1, 2, 3])).toBeDefined();
-  });
-
-  it("nin 연산자 — 빈 배열은 undefined 반환", () => {
-    expect(applyFilterOp(table.id, "nin", [])).toBeUndefined();
-  });
-
-  it("미지원 연산자는 undefined 반환", () => {
-    expect(applyFilterOp(table.id, "INVALID" as any, 1)).toBeUndefined();
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 13. v3 crud() handler 통합 테스트 — Advanced Filters
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("v3 crud() — advanced filters through handler", () => {
-  it("allowedFilters 미설정 시 필터가 무시된다 (Secure by Default)", async () => {
-    const openTable = pgTable("v3_open_filter", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    // allowedFilters 미설정 → 필터 전체 무시 (v2 호환, Secure by Default)
-    crud(openTable, { public: true });
-
-    const listDef = getQueryDef("v3_open_filter.list");
-    expect(listDef).toBeDefined();
-
-    const mockCtx = createListMockCtx([{ id: 1, status: "active" }]);
-    const result = await listDef!.handler(mockCtx, {
-      filters: { status: { op: "eq", value: "active" } },
-    });
-
-    // 필터가 무시되어도 에러 없이 정상 동작
-    expect(result).toHaveProperty("data");
-    expect(result).toHaveProperty("total");
-  });
-
-  it("allowedFilters 설정 시 v3 고급 필터가 동작한다", async () => {
-    const advTable = pgTable("v3_adv_filter", {
-      id: serial("id").primaryKey(),
-      status: text("status"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(advTable, { public: true, allowedFilters: ["status"] });
-
-    const listDef = getQueryDef("v3_adv_filter.list");
-    const mockCtx = createListMockCtx([{ id: 1, status: "active" }]);
-    const result = await listDef!.handler(mockCtx, {
-      filters: { status: { op: "eq", value: "active" } },
-    });
-
-    expect(result).toHaveProperty("data");
-    expect(result).toHaveProperty("total");
-  });
-
-  it("복합 OR/AND 필터가 handler에서 에러 없이 실행된다", async () => {
-    const complexTable = pgTable("v3_complex", {
-      id: serial("id").primaryKey(),
-      title: text("title"),
-      status: text("status"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(complexTable, { public: true, allowedFilters: ["title", "status"] });
-
-    const listDef = getQueryDef("v3_complex.list");
-    const mockCtx = createListMockCtx([]);
-
-    const result = await listDef!.handler(mockCtx, {
-      filters: {
-        OR: [
-          { title: { op: "ilike", value: "%AI%" } },
-          { status: { op: "in", value: ["active", "archived"] } },
-        ],
-      },
-    });
-
-    expect(result).toHaveProperty("data");
-    expect(result.total).toBe(0);
-  });
-
-  it("악성 페이로드가 handler를 크래시시키지 않는다", async () => {
-    const safeTable = pgTable("v3_safe", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-      createdAt: timestamp("created_at").defaultNow(),
-    });
-
-    crud(safeTable, { public: true });
-
-    const listDef = getQueryDef("v3_safe.list");
-    const mockCtx = createListMockCtx([{ id: 1 }]);
-
-    // 다양한 악성 페이로드 — 모두 에러 없이 실행
-    const payloads = [
-      { filters: { OR: "not-array" } },
-      { filters: { AND: null } },
-      { filters: { name: { op: "EVIL_OP", value: 1 } } },
-      { filters: { OR: [null, undefined, 42, "bad"] } },
-      { filters: {} },
-    ];
-
-    for (const payload of payloads) {
-      const result = await listDef!.handler(mockCtx, payload);
-      expect(result).toHaveProperty("data");
-      expect(result).toHaveProperty("total");
-    }
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 14. v3 보안 강화 — 재귀 깊이 제한 + like/ilike 타입 검증
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("v3 보안 강화 — 재귀 깊이 제한", () => {
-  it("MAX_FILTER_DEPTH(5) 초과 시 조건 묵살", () => {
-    const table = pgTable("depth_test", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-    });
-
-    // 깊이 6단계 중첩 — MAX_FILTER_DEPTH=5 초과
-    const deepFilter = {
-      OR: [{ AND: [{ OR: [{ AND: [{ OR: [{ AND: [{ name: "deep" }] }] }] }] }] }],
-    };
-
-    const result = parseFilterNode(deepFilter, table);
-    // 깊이 초과된 부분이 묵살되어 결과가 undefined이거나 부분 조건만 남음
-    // 중요한 것은 스택 오버플로 없이 정상 반환
-    expect(() => parseFilterNode(deepFilter, table)).not.toThrow();
-  });
-
-  it("MAX_FILTER_DEPTH 이내의 중첩은 정상 동작", () => {
-    const table = pgTable("depth_ok_test", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-      status: text("status"),
-    });
-
-    // 깊이 3단계 — 정상 범위
-    const normalFilter = {
-      OR: [{ AND: [{ OR: [{ name: "test" }] }] }, { status: "active" }],
-    };
-
-    const result = parseFilterNode(normalFilter, table);
-    expect(result).toBeDefined();
-  });
-
-  it("극단적 깊이(100단계)에서도 크래시 없음", () => {
-    const table = pgTable("depth_extreme_test", {
-      id: serial("id").primaryKey(),
-      name: text("name"),
-    });
-
-    // 100단계 중첩 생성
-    let filter: any = { name: "leaf" };
-    for (let i = 0; i < 100; i++) {
-      filter = i % 2 === 0 ? { OR: [filter] } : { AND: [filter] };
-    }
-
-    expect(() => parseFilterNode(filter, table)).not.toThrow();
-    // 깊이 초과로 조건 묵살 → undefined
-    const result = parseFilterNode(filter, table);
-    expect(result).toBeUndefined();
-  });
-});
-
-describe("v3 보안 강화 — like/ilike 타입 검증", () => {
-  const table = pgTable("like_type_test", {
-    id: serial("id").primaryKey(),
-    name: text("name"),
-  });
-
-  it("like에 문자열이 아닌 값 전달 시 undefined 반환", () => {
-    expect(applyFilterOp(table.name, "like", 12345)).toBeUndefined();
-    expect(applyFilterOp(table.name, "like", null)).toBeUndefined();
-    expect(applyFilterOp(table.name, "like", { evil: true })).toBeUndefined();
-  });
-
-  it("ilike에 문자열이 아닌 값 전달 시 undefined 반환", () => {
-    expect(applyFilterOp(table.name, "ilike", 99)).toBeUndefined();
-    expect(applyFilterOp(table.name, "ilike", ["array"])).toBeUndefined();
-  });
-
-  it("like/ilike에 정상 문자열 전달 시 SQL 반환", () => {
-    expect(applyFilterOp(table.name, "like", "%test%")).toBeDefined();
-    expect(applyFilterOp(table.name, "ilike", "%TEST%")).toBeDefined();
-  });
-});