@objectql/core 1.7.1 → 1.7.3

package/src/index.ts

@@ -6,5 +6,4 @@ export * from './hook';
 export * from './object';
 export * from './validator';
 export * from './util';
-
-export * from './util';
+export * from './ai-agent';

package/src/repository.ts

@@ -1,11 +1,16 @@
-import { ObjectQLContext, IObjectQL, ObjectConfig, Driver, UnifiedQuery, HookContext, ActionContext, HookAPI, RetrievalHookContext, MutationHookContext, UpdateHookContext } from '@objectql/types';
+import { ObjectQLContext, IObjectQL, ObjectConfig, Driver, UnifiedQuery, ActionContext, HookAPI, RetrievalHookContext, MutationHookContext, UpdateHookContext, ValidationContext, ValidationError, ValidationRuleResult } from '@objectql/types';
+import { Validator } from './validator';
 
 export class ObjectRepository {
+    private validator: Validator;
+
     constructor(
         private objectName: string,
         private context: ObjectQLContext,
         private app: IObjectQL
-    ) {}
+    ) {
+        this.validator = new Validator();
+    }
 
     private getDriver(): Driver {
         const obj = this.getSchema();
@@ -52,6 +57,79 @@ export class ObjectRepository {
         };
     }
 
+    /**
+     * Validates a record against field-level and object-level validation rules.
+     * For updates, only fields present in the update payload are validated at the field level,
+     * while object-level rules use the merged record (previousRecord + updates).
+     */
+    private async validateRecord(
+        operation: 'create' | 'update',
+        record: any,
+        previousRecord?: any
+    ): Promise<void> {
+        const schema = this.getSchema();
+        const allResults: ValidationRuleResult[] = [];
+
+        // 1. Validate field-level rules
+        // For updates, only validate fields that are present in the update payload
+        for (const [fieldName, fieldConfig] of Object.entries(schema.fields)) {
+            // Skip field validation for updates if the field is not in the update payload
+            if (operation === 'update' && !(fieldName in record)) {
+                continue;
+            }
+            
+            const value = record[fieldName];
+            const fieldResults = await this.validator.validateField(
+                fieldName,
+                fieldConfig,
+                value,
+                {
+                    record,
+                    previousRecord,
+                    operation,
+                    user: this.getUserFromContext(),
+                    api: this.getHookAPI(),
+                }
+            );
+            allResults.push(...fieldResults);
+        }
+
+        // 2. Validate object-level validation rules
+        if (schema.validation?.rules && schema.validation.rules.length > 0) {
+            // For updates, merge the update data with previous record to get the complete final state
+            const mergedRecord = operation === 'update' && previousRecord
+                ? { ...previousRecord, ...record }
+                : record;
+
+            // Track which fields changed (using shallow comparison for performance)
+            // IMPORTANT: Shallow comparison does not detect changes in nested objects/arrays.
+            // If your validation rules rely on detecting changes in complex nested structures,
+            // you may need to implement custom change tracking in hooks.
+            const changedFields = previousRecord 
+                ? Object.keys(record).filter(key => record[key] !== previousRecord[key])
+                : undefined;
+
+            const validationContext: ValidationContext = {
+                record: mergedRecord,
+                previousRecord,
+                operation,
+                user: this.getUserFromContext(),
+                api: this.getHookAPI(),
+                changedFields,
+            };
+
+            const result = await this.validator.validate(schema.validation.rules, validationContext);
+            allResults.push(...result.results);
+        }
+
+        // 3. Collect errors and throw if any
+        const errors = allResults.filter(r => !r.valid && r.severity === 'error');
+        if (errors.length > 0) {
+            const errorMessage = errors.map(e => e.message).join('; ');
+            throw new ValidationError(errorMessage, errors);
+        }
+    }
+
     async find(query: UnifiedQuery = {}): Promise<any[]> {
         const hookCtx: RetrievalHookContext = {
             ...this.context,
@@ -129,10 +207,12 @@ export class ObjectRepository {
         await this.app.triggerHook('beforeCreate', this.objectName, hookCtx);
         const finalDoc = hookCtx.data || doc;
 
-        const obj = this.getSchema();
         if (this.context.userId) finalDoc.created_by = this.context.userId;
         if (this.context.spaceId) finalDoc.space_id = this.context.spaceId;
         
+        // Validate the record before creating
+        await this.validateRecord('create', finalDoc);
+        
         const result = await this.getDriver().create(this.objectName, finalDoc, this.getOptions());
         
         hookCtx.result = result;
@@ -156,6 +236,9 @@ export class ObjectRepository {
         };
         await this.app.triggerHook('beforeUpdate', this.objectName, hookCtx);
 
+        // Validate the update
+        await this.validateRecord('update', hookCtx.data, previousData);
+
         const result = await this.getDriver().update(this.objectName, id, hookCtx.data, this.getOptions(options));
 
         hookCtx.result = result;

package/src/validator.ts

@@ -376,34 +376,217 @@ export class Validator {
     }
 
     /**
-     * Validate uniqueness (stub - requires database access).
+     * Validate uniqueness by checking database for existing values.
      */
     private async validateUniqueness(
         rule: UniquenessValidationRule,
         context: ValidationContext
     ): Promise<ValidationRuleResult> {
-        // TODO: Implement database query for uniqueness check
-        // This requires access to the data layer (driver/repository)
-        // Stub: Pass silently until implementation is complete
-        return {
-            rule: rule.name,
-            valid: true,
-        };
+        // Check if API is available for database access
+        if (!context.api) {
+            // If no API provided, we can't validate - pass by default
+            return {
+                rule: rule.name,
+                valid: true,
+            };
+        }
+
+        // Get object name from context metadata
+        if (!context.metadata?.objectName) {
+            return {
+                rule: rule.name,
+                valid: false,
+                message: 'Object name not provided in validation context',
+                severity: rule.severity || 'error',
+            };
+        }
+
+        const objectName = context.metadata.objectName;
+
+        // Determine fields to check for uniqueness
+        const fieldsToCheck: string[] = rule.fields || (rule.field ? [rule.field] : []);
+        
+        if (fieldsToCheck.length === 0) {
+            return {
+                rule: rule.name,
+                valid: false,
+                message: 'No fields specified for uniqueness validation',
+                severity: rule.severity || 'error',
+            };
+        }
+
+        // Build query filter
+        const filters: Record<string, any> = {};
+
+        // Add field conditions
+        for (const field of fieldsToCheck) {
+            const fieldValue = context.record[field];
+            
+            // Skip validation if field value is null/undefined (no value to check uniqueness for)
+            if (fieldValue === null || fieldValue === undefined) {
+                return {
+                    rule: rule.name,
+                    valid: true,
+                };
+            }
+
+            // Handle case sensitivity for string values
+            if (typeof fieldValue === 'string' && rule.case_sensitive === false) {
+                // NOTE: Case-insensitive comparison requires driver-specific implementation
+                // Some drivers support regex (MongoDB), others use LOWER() function (SQL)
+                // For now, we use exact match - driver adapters should implement case-insensitive logic
+                filters[field] = fieldValue;
+            } else {
+                filters[field] = fieldValue;
+            }
+        }
+
+        // Apply scope conditions if specified
+        if (rule.scope) {
+            // Evaluate scope condition and add to filters
+            const scopeFields = this.extractFieldsFromCondition(rule.scope);
+            for (const field of scopeFields) {
+                if (context.record[field] !== undefined) {
+                    filters[field] = context.record[field];
+                }
+            }
+        }
+
+        // Exclude current record for update operations
+        if (context.operation === 'update' && context.previousRecord?._id) {
+            filters._id = { $ne: context.previousRecord._id };
+        }
+
+        try {
+            // Query database to count existing records with same field values
+            const count = await context.api.count(objectName, filters);
+
+            const valid = count === 0;
+
+            return {
+                rule: rule.name,
+                valid,
+                message: valid ? undefined : this.formatMessage(rule.message, context.record),
+                error_code: rule.error_code,
+                severity: rule.severity || 'error',
+                fields: fieldsToCheck,
+            };
+        } catch (error) {
+            // If query fails, treat as validation error
+            return {
+                rule: rule.name,
+                valid: false,
+                message: `Uniqueness check failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                severity: rule.severity || 'error',
+                fields: fieldsToCheck,
+            };
+        }
     }
 
     /**
-     * Validate business rule (stub - requires complex logic).
+     * Extract field names from a validation condition.
+     */
+    private extractFieldsFromCondition(condition: ValidationCondition): string[] {
+        const fields: string[] = [];
+        
+        if (condition.field) {
+            fields.push(condition.field);
+        }
+        
+        if (condition.all_of) {
+            for (const subcondition of condition.all_of) {
+                fields.push(...this.extractFieldsFromCondition(subcondition));
+            }
+        }
+        
+        if (condition.any_of) {
+            for (const subcondition of condition.any_of) {
+                fields.push(...this.extractFieldsFromCondition(subcondition));
+            }
+        }
+        
+        return fields;
+    }
+
+    /**
+     * Validate business rule by evaluating constraint conditions.
      */
     private async validateBusinessRule(
         rule: BusinessRuleValidationRule,
         context: ValidationContext
     ): Promise<ValidationRuleResult> {
-        // TODO: Implement business rule evaluation
-        // This requires expression parsing and relationship resolution
-        // Stub: Pass silently until implementation is complete
+        if (!rule.constraint) {
+            // No constraint specified, validation passes
+            return {
+                rule: rule.name,
+                valid: true,
+            };
+        }
+
+        const constraint = rule.constraint;
+        let valid = true;
+
+        // Evaluate all_of conditions (all must be true)
+        if (constraint.all_of && constraint.all_of.length > 0) {
+            valid = constraint.all_of.every(condition => this.evaluateCondition(condition, context.record));
+            
+            if (!valid) {
+                return {
+                    rule: rule.name,
+                    valid: false,
+                    message: this.formatMessage(rule.message, context.record),
+                    error_code: rule.error_code,
+                    severity: rule.severity || 'error',
+                };
+            }
+        }
+
+        // Evaluate any_of conditions (at least one must be true)
+        if (constraint.any_of && constraint.any_of.length > 0) {
+            valid = constraint.any_of.some(condition => this.evaluateCondition(condition, context.record));
+            
+            if (!valid) {
+                return {
+                    rule: rule.name,
+                    valid: false,
+                    message: this.formatMessage(rule.message, context.record),
+                    error_code: rule.error_code,
+                    severity: rule.severity || 'error',
+                };
+            }
+        }
+
+        // Evaluate expression if provided (basic implementation)
+        if (constraint.expression) {
+            // For now, we'll treat expression validation as a stub
+            // Full implementation would require safe expression evaluation
+            // This could be extended to use a safe expression evaluator in the future
+            valid = true;
+        }
+
+        // Evaluate then_require conditions (conditional required fields)
+        if (constraint.then_require && constraint.then_require.length > 0) {
+            for (const condition of constraint.then_require) {
+                const conditionMet = this.evaluateCondition(condition, context.record);
+                
+                if (!conditionMet) {
+                    return {
+                        rule: rule.name,
+                        valid: false,
+                        message: this.formatMessage(rule.message, context.record),
+                        error_code: rule.error_code,
+                        severity: rule.severity || 'error',
+                    };
+                }
+            }
+        }
+
         return {
             rule: rule.name,
-            valid: true,
+            valid,
+            message: valid ? undefined : this.formatMessage(rule.message, context.record),
+            error_code: rule.error_code,
+            severity: rule.severity || 'error',
         };
     }