@prisma-next/family-sql 0.12.0 → 0.13.0-dev.2

package/src/core/schema-verify/control-verify-emit.ts

@@ -0,0 +1,46 @@
+import type { ControlPolicy } from '@prisma-next/contract/types';
+import type {
+  SchemaIssue,
+  SchemaVerificationNode,
+  VerifierOutcome,
+} from '@prisma-next/framework-components/control';
+import { verifierDisposition } from './verifier-disposition';
+
+/**
+ * Grades `issue` under `controlPolicy` and, unless suppressed, pushes both the
+ * issue and a status-stamped verification node. Returns the resolved outcome so
+ * the caller never re-grades the same issue.
+ */
+export function emitIssueAndNodeUnderControlPolicy(
+  controlPolicy: ControlPolicy,
+  issue: SchemaIssue,
+  node: SchemaVerificationNode,
+  issues: SchemaIssue[],
+  nodes: SchemaVerificationNode[],
+): VerifierOutcome {
+  const disposition = verifierDisposition(controlPolicy, issue.kind);
+  if (disposition === 'suppress') {
+    return disposition;
+  }
+  issues.push(issue);
+  nodes.push({ ...node, status: disposition });
+  return disposition;
+}
+
+/**
+ * Grades `issue` under `controlPolicy` and, unless suppressed, pushes the issue
+ * (no verification node). Returns the resolved outcome so the caller maps it to
+ * a node status itself without re-grading.
+ */
+export function emitIssueUnderControlPolicy(
+  controlPolicy: ControlPolicy,
+  issue: SchemaIssue,
+  issues: SchemaIssue[],
+): VerifierOutcome {
+  const disposition = verifierDisposition(controlPolicy, issue.kind);
+  if (disposition === 'suppress') {
+    return disposition;
+  }
+  issues.push(issue);
+  return disposition;
+}

package/src/core/schema-verify/verifier-disposition.ts

@@ -0,0 +1,58 @@
+import type { ControlPolicy } from '@prisma-next/contract/types';
+import type {
+  SchemaIssue,
+  VerifierIssueCategory,
+  VerifierOutcome,
+} from '@prisma-next/framework-components/control';
+import { dispositionForCategory } from '@prisma-next/framework-components/control';
+
+/**
+ * Classifies the relational verifier issue kinds the SQL family emits (tables,
+ * columns, constraints, indexes, defaults, enum types) into the target-neutral
+ * categories the framework grades. The relational vocabulary lives here, in the
+ * SQL domain — the framework never switches over `extra_foreign_key` and friends.
+ */
+export function classifySqlVerifierIssueKind(kind: SchemaIssue['kind']): VerifierIssueCategory {
+  switch (kind) {
+    case 'extra_column':
+      return 'extraNestedElement';
+    case 'extra_primary_key':
+    case 'extra_foreign_key':
+    case 'extra_unique_constraint':
+    case 'extra_index':
+    case 'extra_validator':
+    case 'extra_default':
+      return 'extraAuxiliary';
+    case 'extra_table':
+      return 'extraTopLevelObject';
+    case 'missing_schema':
+    case 'missing_table':
+    case 'missing_column':
+    case 'type_missing':
+    case 'default_missing':
+      return 'declaredMissing';
+    case 'type_values_mismatch':
+    case 'enum_values_changed':
+    case 'check_mismatch':
+      return 'valueDrift';
+    case 'type_mismatch':
+    case 'nullability_mismatch':
+    case 'primary_key_mismatch':
+    case 'foreign_key_mismatch':
+    case 'unique_constraint_mismatch':
+    case 'index_mismatch':
+    case 'default_mismatch':
+      return 'declaredIncompatible';
+    case 'check_missing':
+      return 'declaredMissing';
+    case 'check_removed':
+      return 'extraAuxiliary';
+  }
+}
+
+export function verifierDisposition(
+  controlPolicy: ControlPolicy,
+  issueKind: SchemaIssue['kind'],
+): VerifierOutcome {
+  return dispositionForCategory(controlPolicy, classifySqlVerifierIssueKind(issueKind));
+}

package/src/core/schema-verify/verify-helpers.ts

@@ -3,6 +3,7 @@
  * These functions verify schema IR against contract requirements.
  */
 
+import type { ControlPolicy } from '@prisma-next/contract/types';
 import type {
   SchemaIssue,
   SchemaVerificationNode,
@@ -14,7 +15,16 @@ import type {
   PrimaryKey,
   UniqueConstraint,
 } from '@prisma-next/sql-contract/types';
-import type { SqlForeignKeyIR, SqlIndexIR, SqlUniqueIR } from '@prisma-next/sql-schema-ir/types';
+import type {
+  SqlCheckConstraintIR,
+  SqlForeignKeyIR,
+  SqlIndexIR,
+  SqlUniqueIR,
+} from '@prisma-next/sql-schema-ir/types';
+import {
+  emitIssueAndNodeUnderControlPolicy,
+  emitIssueUnderControlPolicy,
+} from './control-verify-emit';
 
 function indexOptionsLooselyEqual(
   a: Record<string, unknown> | undefined,
@@ -135,34 +145,34 @@ export function verifyPrimaryKey(
   schemaPK: PrimaryKey | undefined,
   tableName: string,
   namespaceId: string,
+  tableControlPolicy: ControlPolicy,
   issues: SchemaIssue[],
-): 'pass' | 'fail' {
+): 'pass' | 'warn' | 'fail' {
   if (!schemaPK) {
-    issues.push({
+    const issue: SchemaIssue = {
       kind: 'primary_key_mismatch',
       table: tableName,
       namespaceId,
       expected: contractPK.columns.join(', '),
       message: `Table "${tableName}" is missing primary key`,
-    });
-    return 'fail';
+    };
+    const outcome = emitIssueUnderControlPolicy(tableControlPolicy, issue, issues);
+    return outcome === 'suppress' ? 'pass' : outcome;
   }
 
   if (!arraysEqual(contractPK.columns, schemaPK.columns)) {
-    issues.push({
+    const issue: SchemaIssue = {
       kind: 'primary_key_mismatch',
       table: tableName,
       namespaceId,
       expected: contractPK.columns.join(', '),
       actual: schemaPK.columns.join(', '),
       message: `Table "${tableName}" has primary key mismatch: expected columns [${contractPK.columns.join(', ')}], got [${schemaPK.columns.join(', ')}]`,
-    });
-    return 'fail';
+    };
+    const outcome = emitIssueUnderControlPolicy(tableControlPolicy, issue, issues);
+    return outcome === 'suppress' ? 'pass' : outcome;
   }
 
-  // Name differences are ignored for semantic satisfaction.
-  // Names are persisted for deterministic DDL and diagnostics but are not identity.
-
   return 'pass';
 }
 
@@ -179,6 +189,7 @@ export function verifyForeignKeys(
   tableName: string,
   namespaceId: string,
   tablePath: string,
+  tableControlPolicy: ControlPolicy,
   issues: SchemaIssue[],
   strict: boolean,
 ): SchemaVerificationNode[] {
@@ -207,52 +218,62 @@ export function verifyForeignKeys(
     });
 
     if (!matchingFK) {
-      issues.push({
+      const issue: SchemaIssue = {
         kind: 'foreign_key_mismatch',
         table: tableName,
         namespaceId,
         expected: `${contractFK.source.columns.join(', ')} -> ${contractFK.target.tableName}(${contractFK.target.columns.join(', ')})`,
         message: `Table "${tableName}" is missing foreign key: ${contractFK.source.columns.join(', ')} -> ${contractFK.target.tableName}(${contractFK.target.columns.join(', ')})`,
-      });
-      nodes.push({
-        status: 'fail',
-        kind: 'foreignKey',
-        name: `foreignKey(${contractFK.source.columns.join(', ')})`,
-        contractPath: fkPath,
-        code: 'foreign_key_mismatch',
-        message: 'Foreign key missing',
-        expected: contractFK,
-        actual: undefined,
-        children: [],
-      });
+      };
+      emitIssueAndNodeUnderControlPolicy(
+        tableControlPolicy,
+        issue,
+        {
+          status: 'fail',
+          kind: 'foreignKey',
+          name: `foreignKey(${contractFK.source.columns.join(', ')})`,
+          contractPath: fkPath,
+          code: 'foreign_key_mismatch',
+          message: 'Foreign key missing',
+          expected: contractFK,
+          actual: undefined,
+          children: [],
+        },
+        issues,
+        nodes,
+      );
     } else {
       const actionMismatches = getReferentialActionMismatches(contractFK, matchingFK);
       if (actionMismatches.length > 0) {
         const combinedMessage = actionMismatches.map((m) => m.message).join('; ');
         const combinedExpected = actionMismatches.map((m) => m.expected).join(', ');
         const combinedActual = actionMismatches.map((m) => m.actual).join(', ');
-        issues.push({
+        const issue: SchemaIssue = {
           kind: 'foreign_key_mismatch',
           table: tableName,
           namespaceId,
-          // Set indexOrConstraint so the planner classifies this as a non-additive
-          // conflict (existing FK with wrong actions cannot be fixed additively).
           indexOrConstraint: matchingFK.name ?? `fk(${contractFK.source.columns.join(',')})`,
           expected: combinedExpected,
           actual: combinedActual,
           message: `Table "${tableName}" foreign key ${contractFK.source.columns.join(', ')} -> ${contractFK.target.tableName}: ${combinedMessage}`,
-        });
-        nodes.push({
-          status: 'fail',
-          kind: 'foreignKey',
-          name: `foreignKey(${contractFK.source.columns.join(', ')})`,
-          contractPath: fkPath,
-          code: 'foreign_key_mismatch',
-          message: combinedMessage,
-          expected: contractFK,
-          actual: matchingFK,
-          children: [],
-        });
+        };
+        emitIssueAndNodeUnderControlPolicy(
+          tableControlPolicy,
+          issue,
+          {
+            status: 'fail',
+            kind: 'foreignKey',
+            name: `foreignKey(${contractFK.source.columns.join(', ')})`,
+            contractPath: fkPath,
+            code: 'foreign_key_mismatch',
+            message: combinedMessage,
+            expected: contractFK,
+            actual: matchingFK,
+            children: [],
+          },
+          issues,
+          nodes,
+        );
       } else {
         nodes.push({
           status: 'pass',
@@ -286,24 +307,30 @@ export function verifyForeignKeys(
       });
 
       if (!matchingFK) {
-        issues.push({
+        const issue: SchemaIssue = {
           kind: 'extra_foreign_key',
           table: tableName,
           namespaceId,
           indexOrConstraint: schemaFK.name ?? `fk(${schemaFK.columns.join(',')})`,
           message: `Extra foreign key found in database (not in contract): ${schemaFK.columns.join(', ')} -> ${schemaFK.referencedTable}(${schemaFK.referencedColumns.join(', ')})`,
-        });
-        nodes.push({
-          status: 'fail',
-          kind: 'foreignKey',
-          name: `foreignKey(${schemaFK.columns.join(', ')})`,
-          contractPath: `${tablePath}.foreignKeys[${schemaFK.columns.join(',')}]`,
-          code: 'extra_foreign_key',
-          message: 'Extra foreign key found',
-          expected: undefined,
-          actual: schemaFK,
-          children: [],
-        });
+        };
+        emitIssueAndNodeUnderControlPolicy(
+          tableControlPolicy,
+          issue,
+          {
+            status: 'fail',
+            kind: 'foreignKey',
+            name: `foreignKey(${schemaFK.columns.join(', ')})`,
+            contractPath: `${tablePath}.foreignKeys[${schemaFK.columns.join(',')}]`,
+            code: 'extra_foreign_key',
+            message: 'Extra foreign key found',
+            expected: undefined,
+            actual: schemaFK,
+            children: [],
+          },
+          issues,
+          nodes,
+        );
       }
     }
   }
@@ -329,6 +356,7 @@ export function verifyUniqueConstraints(
   tableName: string,
   namespaceId: string,
   tablePath: string,
+  tableControlPolicy: ControlPolicy,
   issues: SchemaIssue[],
   strict: boolean,
 ): SchemaVerificationNode[] {
@@ -349,27 +377,31 @@ export function verifyUniqueConstraints(
       schemaIndexes.find((idx) => idx.unique && arraysEqual(idx.columns, contractUnique.columns));
 
     if (!matchingUnique && !matchingUniqueIndex) {
-      issues.push({
+      const issue: SchemaIssue = {
         kind: 'unique_constraint_mismatch',
         table: tableName,
         namespaceId,
         expected: contractUnique.columns.join(', '),
         message: `Table "${tableName}" is missing unique constraint: ${contractUnique.columns.join(', ')}`,
-      });
-      nodes.push({
-        status: 'fail',
-        kind: 'unique',
-        name: `unique(${contractUnique.columns.join(', ')})`,
-        contractPath: uniquePath,
-        code: 'unique_constraint_mismatch',
-        message: 'Unique constraint missing',
-        expected: contractUnique,
-        actual: undefined,
-        children: [],
-      });
+      };
+      emitIssueAndNodeUnderControlPolicy(
+        tableControlPolicy,
+        issue,
+        {
+          status: 'fail',
+          kind: 'unique',
+          name: `unique(${contractUnique.columns.join(', ')})`,
+          contractPath: uniquePath,
+          code: 'unique_constraint_mismatch',
+          message: 'Unique constraint missing',
+          expected: contractUnique,
+          actual: undefined,
+          children: [],
+        },
+        issues,
+        nodes,
+      );
     } else {
-      // Name differences are ignored for semantic satisfaction.
-      // Names are persisted for deterministic DDL and diagnostics but are not identity.
       nodes.push({
         status: 'pass',
         kind: 'unique',
@@ -384,7 +416,6 @@ export function verifyUniqueConstraints(
     }
   }
 
-  // Check for extra uniques in strict mode
   if (strict) {
     for (const schemaUnique of schemaUniques) {
       const matchingUnique = contractUniques.find((u) =>
@@ -392,24 +423,30 @@ export function verifyUniqueConstraints(
       );
 
       if (!matchingUnique) {
-        issues.push({
+        const issue: SchemaIssue = {
           kind: 'extra_unique_constraint',
           table: tableName,
           namespaceId,
           indexOrConstraint: schemaUnique.name ?? `unique(${schemaUnique.columns.join(',')})`,
           message: `Extra unique constraint found in database (not in contract): ${schemaUnique.columns.join(', ')}`,
-        });
-        nodes.push({
-          status: 'fail',
-          kind: 'unique',
-          name: `unique(${schemaUnique.columns.join(', ')})`,
-          contractPath: `${tablePath}.uniques[${schemaUnique.columns.join(',')}]`,
-          code: 'extra_unique_constraint',
-          message: 'Extra unique constraint found',
-          expected: undefined,
-          actual: schemaUnique,
-          children: [],
-        });
+        };
+        emitIssueAndNodeUnderControlPolicy(
+          tableControlPolicy,
+          issue,
+          {
+            status: 'fail',
+            kind: 'unique',
+            name: `unique(${schemaUnique.columns.join(', ')})`,
+            contractPath: `${tablePath}.uniques[${schemaUnique.columns.join(',')}]`,
+            code: 'extra_unique_constraint',
+            message: 'Extra unique constraint found',
+            expected: undefined,
+            actual: schemaUnique,
+            children: [],
+          },
+          issues,
+          nodes,
+        );
       }
     }
   }
@@ -435,6 +472,7 @@ export function verifyIndexes(
   tableName: string,
   namespaceId: string,
   tablePath: string,
+  tableControlPolicy: ControlPolicy,
   issues: SchemaIssue[],
   strict: boolean,
 ): SchemaVerificationNode[] {
@@ -461,27 +499,31 @@ export function verifyIndexes(
       schemaUniques.find((u) => arraysEqual(u.columns, contractIndex.columns));
 
     if (!matchingIndex && !matchingUniqueConstraint) {
-      issues.push({
+      const issue: SchemaIssue = {
         kind: 'index_mismatch',
         table: tableName,
         namespaceId,
         expected: contractIndex.columns.join(', '),
         message: `Table "${tableName}" is missing index: ${contractIndex.columns.join(', ')}`,
-      });
-      nodes.push({
-        status: 'fail',
-        kind: 'index',
-        name: `index(${contractIndex.columns.join(', ')})`,
-        contractPath: indexPath,
-        code: 'index_mismatch',
-        message: 'Index missing',
-        expected: contractIndex,
-        actual: undefined,
-        children: [],
-      });
+      };
+      emitIssueAndNodeUnderControlPolicy(
+        tableControlPolicy,
+        issue,
+        {
+          status: 'fail',
+          kind: 'index',
+          name: `index(${contractIndex.columns.join(', ')})`,
+          contractPath: indexPath,
+          code: 'index_mismatch',
+          message: 'Index missing',
+          expected: contractIndex,
+          actual: undefined,
+          children: [],
+        },
+        issues,
+        nodes,
+      );
     } else {
-      // Name differences are ignored for semantic satisfaction.
-      // Names are persisted for deterministic DDL and diagnostics but are not identity.
       nodes.push({
         status: 'pass',
         kind: 'index',
@@ -496,10 +538,8 @@ export function verifyIndexes(
     }
   }
 
-  // Check for extra indexes in strict mode
   if (strict) {
     for (const schemaIndex of schemaIndexes) {
-      // Skip unique indexes (they're handled as unique constraints)
       if (schemaIndex.unique) {
         continue;
       }
@@ -510,24 +550,30 @@ export function verifyIndexes(
       );
 
       if (!matchingIndex) {
-        issues.push({
+        const issue: SchemaIssue = {
           kind: 'extra_index',
           table: tableName,
           namespaceId,
           indexOrConstraint: schemaIndex.name ?? `idx(${schemaIndex.columns.join(',')})`,
           message: `Extra index found in database (not in contract): ${schemaIndex.columns.join(', ')}`,
-        });
-        nodes.push({
-          status: 'fail',
-          kind: 'index',
-          name: `index(${schemaIndex.columns.join(', ')})`,
-          contractPath: `${tablePath}.indexes[${schemaIndex.columns.join(',')}]`,
-          code: 'extra_index',
-          message: 'Extra index found',
-          expected: undefined,
-          actual: schemaIndex,
-          children: [],
-        });
+        };
+        emitIssueAndNodeUnderControlPolicy(
+          tableControlPolicy,
+          issue,
+          {
+            status: 'fail',
+            kind: 'index',
+            name: `index(${schemaIndex.columns.join(', ')})`,
+            contractPath: `${tablePath}.indexes[${schemaIndex.columns.join(',')}]`,
+            code: 'extra_index',
+            message: 'Extra index found',
+            expected: undefined,
+            actual: schemaIndex,
+            children: [],
+          },
+          issues,
+          nodes,
+        );
       }
     }
   }
@@ -619,3 +665,156 @@ function getReferentialActionMismatches(
 function normalizeReferentialAction(action: string | undefined): string | undefined {
   return action === 'noAction' ? undefined : action;
 }
+
+/**
+ * Compares two value arrays as unordered sets.
+ * Returns true when both sides contain exactly the same values.
+ */
+function valueSetsEqual(a: readonly string[], b: readonly string[]): boolean {
+  const aSet = new Set(a);
+  const bSet = new Set(b);
+  if (aSet.size !== bSet.size) return false;
+  return [...aSet].every((v) => bSet.has(v));
+}
+
+/**
+ * Verifies check constraints match between contract-projected checks and
+ * introspected live checks.
+ *
+ * Comparison is value-set-based, not SQL-string-based. Postgres rewrites
+ * `col IN ('a','b')` as `col = ANY (ARRAY['a','b'])` in
+ * `pg_get_constraintdef`, so comparing the extracted value sets (after
+ * the introspection adapter parses the predicate) avoids false mismatches
+ * from the `IN`-vs-`= ANY (ARRAY…)` rendering difference.
+ *
+ * Issues emitted:
+ * - `check_missing` — check expected by contract but absent from live DB
+ * - `check_removed` — check present in live DB but not in contract
+ * - `check_mismatch` — check present on both sides but permitted values differ
+ *
+ * `check_removed` is emitted only when `strict` is true so non-strict
+ * verification (the normal path) does not complain about extra constraints.
+ */
+export function verifyCheckConstraints(
+  contractChecks: ReadonlyArray<{
+    readonly name: string;
+    readonly column: string;
+    readonly permittedValues: readonly string[];
+  }>,
+  schemaChecks: ReadonlyArray<SqlCheckConstraintIR>,
+  tableName: string,
+  namespaceId: string,
+  tablePath: string,
+  tableControlPolicy: ControlPolicy,
+  issues: SchemaIssue[],
+  strict: boolean,
+): SchemaVerificationNode[] {
+  const nodes: SchemaVerificationNode[] = [];
+
+  for (const contractCheck of contractChecks) {
+    const checkPath = `${tablePath}.checks[${contractCheck.name}]`;
+    const liveCheck = schemaChecks.find((c) => c.name === contractCheck.name);
+
+    if (!liveCheck) {
+      const issue: SchemaIssue = {
+        kind: 'check_missing',
+        table: tableName,
+        namespaceId,
+        indexOrConstraint: contractCheck.name,
+        expected: contractCheck.permittedValues.join(', '),
+        message: `Table "${tableName}" is missing check constraint "${contractCheck.name}" (column "${contractCheck.column}" IN (${contractCheck.permittedValues.join(', ')}))`,
+      };
+      emitIssueAndNodeUnderControlPolicy(
+        tableControlPolicy,
+        issue,
+        {
+          status: 'fail',
+          kind: 'checkConstraint',
+          name: `check(${contractCheck.name})`,
+          contractPath: checkPath,
+          code: 'check_missing',
+          message: `Check constraint "${contractCheck.name}" missing`,
+          expected: contractCheck,
+          actual: undefined,
+          children: [],
+        },
+        issues,
+        nodes,
+      );
+    } else if (!valueSetsEqual(contractCheck.permittedValues, liveCheck.permittedValues)) {
+      const issue: SchemaIssue = {
+        kind: 'check_mismatch',
+        table: tableName,
+        namespaceId,
+        indexOrConstraint: contractCheck.name,
+        expected: contractCheck.permittedValues.join(', '),
+        actual: liveCheck.permittedValues.join(', '),
+        message: `Table "${tableName}" check constraint "${contractCheck.name}" has different permitted values: expected [${contractCheck.permittedValues.join(', ')}], got [${liveCheck.permittedValues.join(', ')}]`,
+      };
+      emitIssueAndNodeUnderControlPolicy(
+        tableControlPolicy,
+        issue,
+        {
+          status: 'fail',
+          kind: 'checkConstraint',
+          name: `check(${contractCheck.name})`,
+          contractPath: checkPath,
+          code: 'check_mismatch',
+          message: `Check constraint "${contractCheck.name}" values mismatch`,
+          expected: contractCheck,
+          actual: liveCheck,
+          children: [],
+        },
+        issues,
+        nodes,
+      );
+    } else {
+      nodes.push({
+        status: 'pass',
+        kind: 'checkConstraint',
+        name: `check(${contractCheck.name})`,
+        contractPath: checkPath,
+        code: '',
+        message: '',
+        expected: undefined,
+        actual: undefined,
+        children: [],
+      });
+    }
+  }
+
+  if (strict) {
+    for (const liveCheck of schemaChecks) {
+      const matchingContract = contractChecks.find((c) => c.name === liveCheck.name);
+      if (!matchingContract) {
+        const issue: SchemaIssue = {
+          kind: 'check_removed',
+          table: tableName,
+          namespaceId,
+          indexOrConstraint: liveCheck.name,
+          actual: liveCheck.permittedValues.join(', '),
+          message: `Table "${tableName}" has extra check constraint "${liveCheck.name}" in database (not in contract)`,
+        };
+        emitIssueAndNodeUnderControlPolicy(
+          tableControlPolicy,
+          issue,
+          {
+            status: 'fail',
+            kind: 'checkConstraint',
+            name: `check(${liveCheck.name})`,
+            contractPath: `${tablePath}.checks[${liveCheck.name}]`,
+            code: 'check_removed',
+            message: `Extra check constraint "${liveCheck.name}" found`,
+            expected: undefined,
+            actual: liveCheck,
+            children: [],
+          },
+          issues,
+          nodes,
+        );
+      }
+    }
+  }
+
+  return nodes;
+}