@memberjunction/server 5.11.0 → 5.13.0

package/src/generic/ResolverBase.ts

@@ -1061,7 +1061,7 @@ export class ResolverBase {
       if (await entityObject.Save()) {
         // save worked, fire the AfterCreate event and then return all the data
         await this.AfterCreate(provider, input); // fire event
-        this.PublishCacheInvalidation(entityObject, 'save', userPayload);
+        // Cache invalidation is now handled globally by the MJGlobal listener in index.ts
         const contextUser = this.GetUserFromPayload(userPayload);
         // MapFieldNamesToCodeNames now handles encryption filtering as well
         return await this.MapFieldNamesToCodeNames(entityName, entityObject.GetAll(), contextUser);
@@ -1145,7 +1145,7 @@ export class ResolverBase {
       if (await entityObject.Save()) {
         // save worked, fire afterevent and return all the data
         await this.AfterUpdate(provider, input); // fire event
-        this.PublishCacheInvalidation(entityObject, 'save', userPayload);
+        // Cache invalidation is now handled globally by the MJGlobal listener in index.ts
 
         // MapFieldNamesToCodeNames now handles encryption filtering as well
         return await this.MapFieldNamesToCodeNames(entityName, entityObject.GetAll(), userInfo);
@@ -1372,7 +1372,7 @@ export class ResolverBase {
       
       if (await entityObject.Delete(options)) {
         await this.AfterDelete(provider, key); // fire event
-        this.PublishCacheInvalidation(entityObject, 'delete', userPayload);
+        // Cache invalidation is now handled globally by the MJGlobal listener in index.ts
         return returnValue;
       } else {
         throw new GraphQLError(entityObject.LatestResult?.Message ?? 'Unknown error', {

package/src/index.ts

@@ -4,8 +4,8 @@ dotenv.config({ quiet: true });
 
 import { expressMiddleware } from '@as-integrations/express5';
 import { mergeSchemas } from '@graphql-tools/schema';
-import { Metadata, DatabasePlatform, SetProvider, StartupManager as StartupManagerImport } from '@memberjunction/core';
-import { MJGlobal, UUIDsEqual } from '@memberjunction/global';
+import { Metadata, DatabasePlatform, SetProvider, StartupManager as StartupManagerImport, BaseEntity, BaseEntityEvent } from '@memberjunction/core';
+import { MJGlobal, MJEventType, UUIDsEqual } from '@memberjunction/global';
 import { setupSQLServerClient, SQLServerDataProvider, SQLServerProviderConfigData, UserCache } from '@memberjunction/sqlserver-dataprovider';
 import { extendConnectionPoolWithQuery } from './util.js';
 import { default as BodyParser } from 'body-parser';
@@ -126,32 +126,16 @@ export * from './resolvers/CurrentUserContextResolver.js';
 export { GetReadOnlyDataSource, GetReadWriteDataSource, GetReadWriteProvider, GetReadOnlyProvider } from './util.js';
 
 export * from './generated/generated.js';
-export * from './hooks.js';
 export * from './multiTenancy/index.js';
+export * from './middleware/index.js';
 
-import type { ServerExtensibilityOptions, HookWithOptions } from './hooks.js';
-import { HookRegistry } from '@memberjunction/core';
-import type { HookRegistrationOptions } from '@memberjunction/core';
+import { RegisterDataHook } from '@memberjunction/core';
+import type { RequestHandler, ErrorRequestHandler } from 'express';
 import type { ApolloServerPlugin } from '@apollo/server';
-import { createTenantMiddleware, createTenantPreRunViewHook, createTenantPreSaveHook } from './multiTenancy/index.js';
+import type { GraphQLSchema } from 'graphql';
+import { BaseServerMiddleware } from './middleware/BaseServerMiddleware.js';
 
-/**
- * Register a hook that may be a plain function or a `{ hook, Priority, Namespace }` object.
- * Dynamic packages (e.g., BCSaaS) return hooks in object form to declare registration metadata.
- */
-function registerHookEntry<T>(hookName: string, entry: T | HookWithOptions<T>): void {
-  if (typeof entry === 'function') {
-    HookRegistry.Register(hookName, entry);
-  } else if (entry && typeof entry === 'object' && 'hook' in entry) {
-    const { hook, Priority, Namespace } = entry as HookWithOptions<T>;
-    const options: HookRegistrationOptions = {};
-    if (Priority != null) options.Priority = Priority;
-    if (Namespace != null) options.Namespace = Namespace;
-    HookRegistry.Register(hookName, hook, options);
-  }
-}
-
-export type MJServerOptions = ServerExtensibilityOptions & {
+export type MJServerOptions = {
   onBeforeServe?: () => void | Promise<void>;
   restApiOptions?: Partial<RESTApiOptions>; // Options for REST API configuration
 };
@@ -417,6 +401,91 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     Object.values(module).filter((value) => typeof value === 'function')
   ) as BuildSchemaOptions['resolvers'];
 
+  // ─── Discover all server middleware via ClassFactory ─────────────────────
+  const allRegistrations = MJGlobal.Instance.ClassFactory.GetAllRegistrations(BaseServerMiddleware);
+
+  // Deduplicate by key (same key -> highest priority wins).
+  // This is the replacement mechanism: if BCSaaS registers with the same
+  // key as MJ's built-in tenant filter, ClassFactory's priority system
+  // ensures only the higher-priority one is used.
+  const uniqueKeys = new Set(
+      allRegistrations.map(r => r.Key?.trim().toLowerCase()).filter((k): k is string => k != null)
+  );
+
+  const winnerRegistrations: typeof allRegistrations = [];
+  for (const key of uniqueKeys) {
+      const winner = MJGlobal.Instance.ClassFactory.GetRegistration(BaseServerMiddleware, key);
+      if (winner) winnerRegistrations.push(winner);
+  }
+
+  // Instantiate and filter by Enabled
+  const middlewares: BaseServerMiddleware[] = [];
+  for (const reg of winnerRegistrations) {
+      const MwClass = reg.SubClass as new () => BaseServerMiddleware;
+      const mw = new MwClass();
+      if (mw.Enabled) {
+          middlewares.push(mw);
+      }
+  }
+
+  // Initialize all middleware
+  for (const mw of middlewares) {
+      await mw.Initialize();
+      console.log(`  [Middleware] ${mw.Label}`);
+  }
+
+  // Collect middleware contributions for each pipeline stage
+  const mwPreAuth: RequestHandler[] = [];
+  const mwPostAuth: RequestHandler[] = [];
+  const mwPostRoute: (RequestHandler | ErrorRequestHandler)[] = [];
+  const mwApolloPlugins: ApolloServerPlugin[] = [];
+  const mwSchemaTransformers: ((schema: GraphQLSchema) => GraphQLSchema)[] = [];
+  const mwResolverPaths: string[] = [];
+
+  for (const mw of middlewares) {
+      mwPreAuth.push(...mw.GetPreAuthMiddleware());
+      mwPostAuth.push(...mw.GetPostAuthMiddleware());
+      mwPostRoute.push(...mw.GetPostRouteMiddleware());
+      mwApolloPlugins.push(...mw.GetApolloPlugins());
+      mwSchemaTransformers.push(...mw.GetSchemaTransformers());
+      mwResolverPaths.push(...mw.GetResolverPaths());
+
+      // Express app configuration escape hatch
+      if (mw.ConfigureExpressApp) {
+          await mw.ConfigureExpressApp(app);
+      }
+
+      // Extract hook methods and register in the global hook store
+      // (ProviderBase/BaseEntity will read these via GetDataHooks())
+      RegisterDataHook('PreRunView', mw.PreRunView.bind(mw));
+      RegisterDataHook('PostRunView', mw.PostRunView.bind(mw));
+      RegisterDataHook('PreSave', mw.PreSave.bind(mw));
+  }
+
+  // ─── Resolve middleware-contributed resolver paths and merge into resolvers ───
+  let allResolvers = resolvers;
+  if (mwResolverPaths.length > 0) {
+      const mwGlobs = mwResolverPaths.flatMap((p) => (isWindows ? p.replace(/\\/g, '/') : p));
+      const mwResolverFiles = fg.globSync(mwGlobs);
+      if (mwResolverFiles.length > 0) {
+          const mwModules = await Promise.all(
+              mwResolverFiles.map((modulePath) => {
+                  try {
+                      return import(isWindows ? `file://${modulePath}` : modulePath);
+                  } catch (e) {
+                      console.error(`Error loading middleware resolver at '${modulePath}'`, e);
+                      throw e;
+                  }
+              })
+          );
+          const mwResolvers = mwModules.flatMap((module) =>
+              Object.values(module).filter((value) => typeof value === 'function')
+          );
+          allResolvers = [...resolvers, ...mwResolvers] as BuildSchemaOptions['resolvers'];
+          console.log(`  [Middleware Resolvers] Loaded ${mwResolverFiles.length} resolver file(s) from middleware`);
+      }
+  }
+
   // Create an explicit PubSub instance so we can reference it outside of resolvers
   // graphql-subscriptions v3 renamed asyncIterator→asyncIterableIterator, but
   // type-graphql still calls asyncIterator. Shim for compatibility.
@@ -426,10 +495,32 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   }
   PubSubManager.Instance.SetPubSubEngine(pubSub as unknown as PubSubEngine);
 
+  // Global listener: broadcast CACHE_INVALIDATION to all browser clients whenever
+  // ANY BaseEntity save/delete occurs on this server — regardless of whether it
+  // originated from a GraphQL mutation or internal server-side code (agents, actions,
+  // task orchestrator, etc.).  This closes the gap where server-internal saves were
+  // invisible to browser BaseEngine caches.
+  MJGlobal.Instance.GetEventListener(false).subscribe((event) => {
+    if (event.event === MJEventType.ComponentEvent && event.eventCode === BaseEntity.BaseEventCode) {
+      const beEvent = event.args as BaseEntityEvent;
+      if (beEvent.type === 'save' || beEvent.type === 'delete') {
+        PubSubManager.Instance.Publish(CACHE_INVALIDATION_TOPIC, {
+          entityName: beEvent.baseEntity.EntityInfo.Name,
+          primaryKeyValues: JSON.stringify(beEvent.baseEntity.PrimaryKey.KeyValuePairs),
+          action: beEvent.type,
+          sourceServerId: MJGlobal.Instance.ProcessUUID,
+          timestamp: new Date(),
+          originSessionId: null,
+          recordData: beEvent.type === 'save' ? JSON.stringify(beEvent.baseEntity.GetAll()) : undefined,
+        });
+      }
+    }
+  });
+
   let schema = mergeSchemas({
     schemas: [
       buildSchemaSync({
-        resolvers,
+        resolvers: allResolvers,
         validate: false,
         scalarsMap: [{ type: Date, scalar: GraphQLTimestamp }],
         emitSchemaFile: websiteRunFromPackage !== 1,
@@ -441,11 +532,9 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   schema = requireSystemUserDirective.transformer(schema);
   schema = publicDirective.transformer(schema);
 
-  // Apply user-provided schema transformers (after built-in directive transformers)
-  if (options?.SchemaTransformers) {
-    for (const transformer of options.SchemaTransformers) {
-      schema = transformer(schema);
-    }
+  // Apply middleware-contributed schema transformers (after built-in directive transformers)
+  for (const transformer of mwSchemaTransformers) {
+    schema = transformer(schema);
   }
 
   const httpServer = createServer(app);
@@ -480,7 +569,7 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   const apolloServer = buildApolloServer(
     { schema },
     { httpServer, serverCleanup },
-    options?.ApolloPlugins
+    mwApolloPlugins.length > 0 ? mwApolloPlugins : undefined
   );
   await apolloServer.start();
   
@@ -505,16 +594,16 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     level: 6
   }));
 
-  // Apply user-provided Express middleware (after compression, before routes)
-  if (options?.ExpressMiddlewareBefore) {
-    for (const mw of options.ExpressMiddlewareBefore) {
-      app.use(mw);
-    }
-  }
+  // Health check endpoint - registered before auth middleware so cloud
+  // platform probes (Azure App Service, AWS ALB, k8s, etc.) don't
+  // generate noisy auth errors in the logs.
+  app.get('/healthcheck', (_req, res) => {
+    res.status(200).json({ status: 'ok' });
+  });
 
-  // Escape hatch for advanced Express app configuration
-  if (options?.ConfigureExpressApp) {
-    await Promise.resolve(options.ConfigureExpressApp(app));
+  // Apply middleware-contributed pre-auth handlers (after compression, before routes)
+  for (const mw of mwPreAuth) {
+    app.use(mw);
   }
 
   // ─── OAuth callback routes (unauthenticated, registered BEFORE auth) ─────
@@ -546,20 +635,12 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   // ─── Unified auth middleware (replaces both REST authMiddleware and contextFunction auth) ─────
   app.use(createUnifiedAuthMiddleware(dataSources));
 
-  // ─── Built-in post-auth middleware (multi-tenancy) ─────
-  // Config-driven multi-tenancy middleware runs after auth so it can read req.userPayload.
-  if (configInfo.multiTenancy?.enabled) {
-    const tenantMiddleware = createTenantMiddleware(configInfo.multiTenancy);
-    app.use(tenantMiddleware);
-  }
-
-  // ─── Post-auth middleware from plugins ─────
+  // ─── Post-auth middleware from BaseServerMiddleware plugins ─────
   // Middleware here has access to the authenticated user via req.userPayload.
-  // Use this for tenant context resolution, org membership loading, etc.
-  if (options?.ExpressMiddlewarePostAuth) {
-    for (const mw of options.ExpressMiddlewarePostAuth) {
-      app.use(mw);
-    }
+  // Contributions come from @RegisterClass(BaseServerMiddleware, key) classes
+  // (e.g., MJTenantFilterMiddleware for multi-tenancy, BCSaaSMiddleware for org context).
+  for (const mw of mwPostAuth) {
+    app.use(mw);
   }
 
   // ─── OAuth authenticated routes (auth already handled by unified middleware) ─────
@@ -616,10 +697,8 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   );
 
   // ─── Post-route middleware (error handlers, catch-alls) ─────
-  if (options?.ExpressMiddlewareAfter) {
-    for (const mw of options.ExpressMiddlewareAfter) {
-      app.use(mw);
-    }
+  for (const mw of mwPostRoute) {
+    app.use(mw);
   }
 
   // Initialize and start scheduled jobs service if enabled
@@ -635,45 +714,9 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     }
   }
 
-  // Register provider-level hooks with the global HookRegistry.
-  // Each entry can be a plain function or a { hook, Priority, Namespace } object.
-  if (options?.PreRunViewHooks) {
-    for (const entry of options.PreRunViewHooks) {
-      registerHookEntry('PreRunView', entry);
-    }
-  }
-  if (options?.PostRunViewHooks) {
-    for (const entry of options.PostRunViewHooks) {
-      registerHookEntry('PostRunView', entry);
-    }
-  }
-  if (options?.PreSaveHooks) {
-    for (const entry of options.PreSaveHooks) {
-      registerHookEntry('PreSave', entry);
-    }
-  }
-
-  // Auto-register multi-tenancy hooks when enabled in config
-  // (The tenant Express middleware was already registered above in the post-auth slot)
-  if (configInfo.multiTenancy?.enabled) {
-    console.log('[MultiTenancy] Enabled — registering tenant isolation hooks');
-    const tenantConfig = configInfo.multiTenancy;
-
-    // Register tenant PreRunView hook (injects WHERE clauses)
-    // Priority 50 + namespace allows middle layers to replace with their own implementation
-    HookRegistry.Register('PreRunView', createTenantPreRunViewHook(tenantConfig), {
-      Priority: 50,
-      Namespace: 'mj:tenantFilter',
-    });
-
-    // Register tenant PreSave hook (validates tenant column on writes)
-    HookRegistry.Register('PreSave', createTenantPreSaveHook(tenantConfig), {
-      Priority: 50,
-      Namespace: 'mj:tenantSave',
-    });
-
-    console.log(`[MultiTenancy] Context source: ${tenantConfig.contextSource}, scoping: ${tenantConfig.scopingStrategy}, write protection: ${tenantConfig.writeProtection}`);
-  }
+  // Data hooks are now registered via BaseServerMiddleware classes above
+  // (e.g., MJTenantFilterMiddleware registers PreRunView and PreSave hooks).
+  // No config-bag hook registration needed.
 
   if (options?.onBeforeServe) {
     await Promise.resolve(options.onBeforeServe());

package/src/middleware/BaseServerMiddleware.ts

@@ -0,0 +1,141 @@
+/**
+ * Base class for server middleware that intercepts the MJServer request pipeline.
+ *
+ * Subclasses register via @RegisterClass(BaseServerMiddleware, key) and are
+ * discovered by serve() via ClassFactory.GetAllRegistrations().
+ *
+ * Key-based deduplication: If two middleware classes register with the same key,
+ * ClassFactory returns the highest-priority one -- the other is replaced.
+ * This is how BCSaaS replaces MJ's built-in tenant filtering.
+ *
+ * For adding new routes/endpoints (webhooks, bot endpoints), see
+ * ServerExtensionsCore and BaseServerExtension (PR #2037).
+ * BaseServerMiddleware is for intercepting the existing pipeline, not adding to it.
+ */
+
+import type { RequestHandler, ErrorRequestHandler, Application } from 'express';
+import type { ApolloServerPlugin } from '@apollo/server';
+import type { GraphQLSchema } from 'graphql';
+import type { RunViewParams, UserInfo, BaseEntity, RunViewResult } from '@memberjunction/core';
+
+export abstract class BaseServerMiddleware {
+    // --- Identity ---
+
+    /**
+     * Human-readable label for logging (e.g., 'mj:tenantFilter', 'bcsaas').
+     */
+    abstract get Label(): string;
+
+    /**
+     * Whether this middleware is active. Override to check config, env vars, etc.
+     * Disabled middleware classes are never instantiated or activated by serve().
+     * Default: true.
+     */
+    get Enabled(): boolean { return true; }
+
+    // --- Lifecycle ---
+
+    /**
+     * Optional async initialization (read config, warm caches, etc.).
+     * Called by serve() after instantiation, before middleware/hooks are extracted.
+     */
+    async Initialize(): Promise<void> { /* no-op by default */ }
+
+    // --- Express Middleware ---
+    // Each method corresponds to a named slot in the request pipeline.
+    // Override to contribute middleware at that stage.
+    // Default implementations return empty arrays (no-op).
+
+    /**
+     * Express middleware applied BEFORE authentication.
+     * Runs after compression but before OAuth/REST/GraphQL routes.
+     * Use for: rate limiting, request logging, custom headers.
+     */
+    GetPreAuthMiddleware(): RequestHandler[] { return []; }
+
+    /**
+     * Express middleware that runs AFTER authentication has resolved UserInfo.
+     * The authenticated user payload is available at req.userPayload.
+     * Use for: tenant context resolution, org membership loading.
+     */
+    GetPostAuthMiddleware(): RequestHandler[] { return []; }
+
+    /**
+     * Express middleware/error handlers applied AFTER all routes.
+     * Use for: catch-all error handlers, response logging.
+     */
+    GetPostRouteMiddleware(): (RequestHandler | ErrorRequestHandler)[] { return []; }
+
+    // --- Express App Configuration ---
+
+    /**
+     * Optional escape hatch for advanced Express app configuration.
+     * Called once during server setup with the Express app instance.
+     * Use for: trust proxy settings, custom CORS, body parser config.
+     * Return undefined to skip (default).
+     */
+    ConfigureExpressApp?(app: Application): void | Promise<void>;
+
+    // --- Apollo / GraphQL Extensions ---
+
+    /**
+     * Additional Apollo Server plugins merged with built-in plugins.
+     * Use for: query tracing, caching, custom error formatting.
+     */
+    GetApolloPlugins(): ApolloServerPlugin[] { return []; }
+
+    /**
+     * Schema transformers applied after built-in directive transformers.
+     * Use for: custom directives, schema stitching, field-level auth.
+     */
+    GetSchemaTransformers(): ((schema: GraphQLSchema) => GraphQLSchema)[] { return []; }
+
+    // --- Resolver Discovery ---
+
+    /**
+     * Additional TypeGraphQL resolver glob paths to include in the Apollo schema.
+     * serve() collects these from all active middleware and adds them to the
+     * resolvers array passed to buildSchema().
+     *
+     * Return absolute glob paths (use `path.join(__dirname, ...)` or equivalent).
+     *
+     * Use for: Open App resolvers, domain-specific GraphQL queries/mutations
+     * that live outside MJServer's built-in resolver set.
+     *
+     * @example
+     * ```typescript
+     * GetResolverPaths(): string[] {
+     *     return [path.join(__dirname, 'resolvers', '*Resolver.{js,ts}')];
+     * }
+     * ```
+     */
+    GetResolverPaths(): string[] { return []; }
+
+    // --- Data Hooks ---
+    // Override any of these to intercept data operations.
+    // Default implementations are pass-through (no-op).
+
+    /**
+     * Hook that runs before a RunView operation. Can modify the RunViewParams
+     * (e.g., injecting tenant filters) before execution.
+     */
+    PreRunView(params: RunViewParams, contextUser: UserInfo | undefined): RunViewParams | Promise<RunViewParams> {
+        return params;
+    }
+
+    /**
+     * Hook that runs after a RunView operation completes. Can modify the result
+     * (e.g., filtering or augmenting data) before it is returned to the caller.
+     */
+    PostRunView(params: RunViewParams, results: RunViewResult, contextUser: UserInfo | undefined): RunViewResult | Promise<RunViewResult> {
+        return results;
+    }
+
+    /**
+     * Hook that runs before a Save operation on a BaseEntity.
+     * Return true to allow, false to reject silently, or a string to reject with that error message.
+     */
+    PreSave(entity: BaseEntity, contextUser: UserInfo | undefined): boolean | string | Promise<boolean | string> {
+        return true;
+    }
+}

package/src/middleware/MJTenantFilterMiddleware.ts

@@ -0,0 +1,39 @@
+/**
+ * MJ's built-in multi-tenancy middleware.
+ *
+ * Registers with key 'mj:tenantFilter' so that downstream layers (e.g., BCSaaS)
+ * can replace it by registering with the same key at higher ClassFactory priority.
+ *
+ * Conditionally enabled via configInfo.multiTenancy?.enabled.
+ */
+
+import { RegisterClass } from '@memberjunction/global';
+import { BaseServerMiddleware } from './BaseServerMiddleware.js';
+import { configInfo } from '../config.js';
+import { createTenantMiddleware, createTenantPreRunViewHook, createTenantPreSaveHook } from '../multiTenancy/index.js';
+import type { RequestHandler } from 'express';
+import type { RunViewParams, UserInfo, BaseEntity } from '@memberjunction/core';
+
+@RegisterClass(BaseServerMiddleware, 'mj:tenantFilter')
+export class MJTenantFilterMiddleware extends BaseServerMiddleware {
+    get Label(): string { return 'mj:tenantFilter'; }
+
+    /**
+     * Only active when multiTenancy is enabled in config.
+     */
+    get Enabled(): boolean {
+        return configInfo.multiTenancy?.enabled ?? false;
+    }
+
+    GetPostAuthMiddleware(): RequestHandler[] {
+        return [createTenantMiddleware(configInfo.multiTenancy!)];
+    }
+
+    PreRunView(params: RunViewParams, contextUser: UserInfo | undefined): RunViewParams | Promise<RunViewParams> {
+        return createTenantPreRunViewHook(configInfo.multiTenancy!)(params, contextUser);
+    }
+
+    PreSave(entity: BaseEntity, contextUser: UserInfo | undefined): boolean | string | Promise<boolean | string> {
+        return createTenantPreSaveHook(configInfo.multiTenancy!)(entity, contextUser);
+    }
+}

package/src/middleware/index.ts

@@ -0,0 +1,2 @@
+export * from './BaseServerMiddleware.js';
+export * from './MJTenantFilterMiddleware.js';

package/src/resolvers/AdhocQueryResolver.ts

@@ -76,6 +76,8 @@ export class AdhocQueryResolver extends ResolverBase {
                 Results: JSON.stringify(result.recordset ?? []),
                 RowCount: result.recordset?.length ?? 0,
                 TotalRowCount: result.recordset?.length ?? 0,
+                PageNumber: undefined,
+                PageSize: undefined,
                 ExecutionTime: executionTimeMs,
                 ErrorMessage: ''
             };
@@ -92,6 +94,8 @@ export class AdhocQueryResolver extends ResolverBase {
                     Results: '[]',
                     RowCount: 0,
                     TotalRowCount: 0,
+                    PageNumber: undefined,
+                    PageSize: undefined,
                     ExecutionTime: executionTimeMs,
                     ErrorMessage: `Query execution exceeded ${input.TimeoutSeconds ?? 30} second timeout`
                 };
@@ -105,6 +109,8 @@ export class AdhocQueryResolver extends ResolverBase {
                 Results: '[]',
                 RowCount: 0,
                 TotalRowCount: 0,
+                PageNumber: undefined,
+                PageSize: undefined,
                 ExecutionTime: executionTimeMs,
                 ErrorMessage: `Query execution failed: ${errorMessage}`
             };
@@ -119,6 +125,8 @@ export class AdhocQueryResolver extends ResolverBase {
             Results: '[]',
             RowCount: 0,
             TotalRowCount: 0,
+            PageNumber: undefined,
+            PageSize: undefined,
             ExecutionTime: 0,
             ErrorMessage: errorMessage
         };

package/src/resolvers/CreateQueryResolver.ts

@@ -293,6 +293,9 @@ export class CreateQueryResultType {
     @Field(() => String, { nullable: true })
     EmbeddingModelName?: string;
 
+    @Field(() => String, { nullable: true })
+    TechnicalDescription?: string;
+
     // Related collections
     @Field(() => [QueryFieldType], { nullable: true })
     Fields?: QueryFieldType[];
@@ -349,6 +352,9 @@ export class UpdateQueryResultType {
     @Field(() => String, { nullable: true })
     EmbeddingModelName?: string;
 
+    @Field(() => String, { nullable: true })
+    TechnicalDescription?: string;
+
     // Related collections
     @Field(() => [QueryFieldType], { nullable: true })
     Fields?: QueryFieldType[];
@@ -477,6 +483,7 @@ export class MJQueryResolverExtended extends MJQueryResolver {
                     EmbeddingVector: record.EmbeddingVector,
                     EmbeddingModelID: record.EmbeddingModelID,
                     EmbeddingModelName: record.EmbeddingModel,
+                    TechnicalDescription: record.TechnicalDescription,
                     Fields: record.QueryFields.map(f => ({
                         ID: f.ID,
                         QueryID: f.QueryID,
@@ -540,6 +547,7 @@ export class MJQueryResolverExtended extends MJQueryResolver {
                         EmbeddingVector: existingQuery.EmbeddingVector,
                         EmbeddingModelID: existingQuery.EmbeddingModelID,
                         EmbeddingModelName: existingQuery.EmbeddingModel,
+                        TechnicalDescription: existingQuery.TechnicalDescription,
                         Fields: existingQuery.Fields?.map((f: any) => ({
                             ID: f.ID,
                             QueryID: f.QueryID,
@@ -736,6 +744,7 @@ export class MJQueryResolverExtended extends MJQueryResolver {
                 EmbeddingVector: queryEntity.EmbeddingVector,
                 EmbeddingModelID: queryEntity.EmbeddingModelID,
                 EmbeddingModelName: queryEntity.EmbeddingModel,
+                TechnicalDescription: queryEntity.TechnicalDescription,
                 Fields: queryEntity.QueryFields.map(f => ({
                     ID: f.ID,
                     QueryID: f.QueryID,

package/src/resolvers/GetDataResolver.ts

@@ -1,9 +1,11 @@
 import { Arg, Ctx, Field, InputType, ObjectType, Query } from 'type-graphql';
 import { AppContext } from '../types.js';
-import { LogError, LogStatus, Metadata } from '@memberjunction/core';
+import { LogError, LogStatus, Metadata, QueryCompositionEngine } from '@memberjunction/core';
 import { RequireSystemUser } from '../directives/RequireSystemUser.js';
 import { v4 as uuidv4 } from 'uuid';
 import { GetReadOnlyDataSource, GetReadOnlyProvider } from '../util.js';
+import { getDbType } from '../index.js';
+import { getSystemUser } from '../auth/index.js';
 import sql from 'mssql';
  
 @InputType() 
@@ -128,13 +130,27 @@ export class GetDataResolver {
                 throw new Error('Read-only data source not found');
             }
 
+            // Resolve composition tokens in queries before execution.
+            // Queries may contain {{query:"CategoryPath/QueryName(params)"}} tokens that
+            // reference reusable queries. These must be resolved to CTEs before raw SQL execution.
+            const compositionEngine = new QueryCompositionEngine();
+            const platform = getDbType();
+            const systemUser = await getSystemUser();
+
             // Execute all queries in parallel, but execute each individual query in its own try catch block so that if one fails, the others can still be processed
             // and also so that we can capture the error message for each query and return it
             const results = await Promise.allSettled(
                 input.Queries.map(async (query) => {
                     try {
+                        // Resolve composition tokens if present
+                        let resolvedSQL = query;
+                        if (compositionEngine.HasCompositionTokens(query)) {
+                            const compositionResult = compositionEngine.ResolveComposition(query, platform, systemUser);
+                            resolvedSQL = compositionResult.ResolvedSQL;
+                        }
+
                         const request = new sql.Request(readOnlyDataSource);
-                        const result = await request.query(query);
+                        const result = await request.query(resolvedSQL);
                         return { result: result.recordset, error: null };
                     } catch (err) {
                         // Extract clean SQL error message