npm - @prisma-next/sql-runtime - Versions diffs - 0.3.0-pr.99.6 → 0.3.0 - Mend

@prisma-next/sql-runtime 0.3.0-pr.99.6 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/LICENSE +201 -0
package/README.md +141 -24
package/dist/exports-BO6Fl7yn.mjs +889 -0
package/dist/exports-BO6Fl7yn.mjs.map +1 -0
package/dist/index-n6z6trta.d.mts +186 -0
package/dist/index-n6z6trta.d.mts.map +1 -0
package/dist/index.d.mts +2 -0
package/dist/index.mjs +3 -0
package/dist/test/utils.d.mts +77 -0
package/dist/test/utils.d.mts.map +1 -0
package/dist/test/utils.mjs +221 -0
package/dist/test/utils.mjs.map +1 -0
package/package.json +26 -20
package/src/codecs/decoding.ts +84 -3
package/src/codecs/encoding.ts +5 -15
package/src/codecs/json-schema-validation.ts +61 -0
package/src/codecs/validation.ts +7 -6
package/src/exports/index.ts +20 -9
package/src/lower-sql-plan.ts +9 -9
package/src/middleware/budgets.ts +256 -0
package/src/middleware/lints.ts +192 -0
package/src/middleware/sql-middleware.ts +26 -0
package/src/sql-context.ts +357 -257
package/src/sql-family-adapter.ts +17 -23
package/src/sql-marker.ts +2 -2
package/src/sql-runtime.ts +136 -61
package/test/async-iterable-result.test.ts +42 -37
package/test/budgets.test.ts +431 -0
package/test/context.types.test-d.ts +18 -20
package/test/execution-stack.test.ts +164 -0
package/test/json-schema-validation.test.ts +571 -0
package/test/lints.test.ts +159 -0
package/test/mutation-default-generators.test.ts +254 -0
package/test/parameterized-types.test.ts +181 -205
package/test/sql-context.test.ts +301 -134
package/test/sql-family-adapter.test.ts +37 -20
package/test/sql-runtime.test.ts +261 -49
package/test/utils.ts +101 -67
package/dist/accelerate-EEKAFGN3-P6A6XJWJ.js +0 -137863
package/dist/accelerate-EEKAFGN3-P6A6XJWJ.js.map +0 -1
package/dist/amcheck-24VY6X5V.js +0 -13
package/dist/amcheck-24VY6X5V.js.map +0 -1
package/dist/bloom-VS74NLHT.js +0 -13
package/dist/bloom-VS74NLHT.js.map +0 -1
package/dist/btree_gin-WBC4EAAI.js +0 -13
package/dist/btree_gin-WBC4EAAI.js.map +0 -1
package/dist/btree_gist-UNC6QD3M.js +0 -13
package/dist/btree_gist-UNC6QD3M.js.map +0 -1
package/dist/chunk-3KTOEDFX.js +0 -49
package/dist/chunk-3KTOEDFX.js.map +0 -1
package/dist/chunk-47DZBRQC.js +0 -1280
package/dist/chunk-47DZBRQC.js.map +0 -1
package/dist/chunk-52N6AFZM.js +0 -133
package/dist/chunk-52N6AFZM.js.map +0 -1
package/dist/chunk-7D4SUZUM.js +0 -38
package/dist/chunk-7D4SUZUM.js.map +0 -1
package/dist/chunk-APA6GHYY.js +0 -537
package/dist/chunk-APA6GHYY.js.map +0 -1
package/dist/chunk-ECWIHLAT.js +0 -37
package/dist/chunk-ECWIHLAT.js.map +0 -1
package/dist/chunk-EI626SDC.js +0 -105
package/dist/chunk-EI626SDC.js.map +0 -1
package/dist/chunk-UKKOYUGL.js +0 -578
package/dist/chunk-UKKOYUGL.js.map +0 -1
package/dist/chunk-XPLNMXQV.js +0 -1537
package/dist/chunk-XPLNMXQV.js.map +0 -1
package/dist/citext-T7MXGUY7.js +0 -13
package/dist/citext-T7MXGUY7.js.map +0 -1
package/dist/client-5FENX6AW.js +0 -299
package/dist/client-5FENX6AW.js.map +0 -1
package/dist/cube-TFDQBZCI.js +0 -13
package/dist/cube-TFDQBZCI.js.map +0 -1
package/dist/dict_int-AEUOPGWP.js +0 -13
package/dist/dict_int-AEUOPGWP.js.map +0 -1
package/dist/dict_xsyn-DAAYX3FL.js +0 -13
package/dist/dict_xsyn-DAAYX3FL.js.map +0 -1
package/dist/dist-AQ3LWXOX.js +0 -570
package/dist/dist-AQ3LWXOX.js.map +0 -1
package/dist/dist-LBVX6BJW.js +0 -189
package/dist/dist-LBVX6BJW.js.map +0 -1
package/dist/dist-WLKUVDN2.js +0 -5127
package/dist/dist-WLKUVDN2.js.map +0 -1
package/dist/earthdistance-KIGTF4LE.js +0 -13
package/dist/earthdistance-KIGTF4LE.js.map +0 -1
package/dist/file_fdw-5N55UP6I.js +0 -13
package/dist/file_fdw-5N55UP6I.js.map +0 -1
package/dist/fuzzystrmatch-KN3YWBFP.js +0 -13
package/dist/fuzzystrmatch-KN3YWBFP.js.map +0 -1
package/dist/hstore-YX726NKN.js +0 -13
package/dist/hstore-YX726NKN.js.map +0 -1
package/dist/http-exception-FZY2H4OF.js +0 -8
package/dist/http-exception-FZY2H4OF.js.map +0 -1
package/dist/index.js +0 -30
package/dist/index.js.map +0 -1
package/dist/intarray-NKVXNO2D.js +0 -13
package/dist/intarray-NKVXNO2D.js.map +0 -1
package/dist/isn-FTEMJGEV.js +0 -13
package/dist/isn-FTEMJGEV.js.map +0 -1
package/dist/lo-DB7L4NGI.js +0 -13
package/dist/lo-DB7L4NGI.js.map +0 -1
package/dist/logger-WQ7SHNDD.js +0 -68
package/dist/logger-WQ7SHNDD.js.map +0 -1
package/dist/ltree-Z32TZT6W.js +0 -13
package/dist/ltree-Z32TZT6W.js.map +0 -1
package/dist/nodefs-NM46ACH7.js +0 -31
package/dist/nodefs-NM46ACH7.js.map +0 -1
package/dist/opfs-ahp-NJO33LVZ.js +0 -332
package/dist/opfs-ahp-NJO33LVZ.js.map +0 -1
package/dist/pageinspect-YP3IZR4X.js +0 -13
package/dist/pageinspect-YP3IZR4X.js.map +0 -1
package/dist/pg_buffercache-7TD5J2FB.js +0 -13
package/dist/pg_buffercache-7TD5J2FB.js.map +0 -1
package/dist/pg_dump-SG4KYBUB.js +0 -2492
package/dist/pg_dump-SG4KYBUB.js.map +0 -1
package/dist/pg_freespacemap-DZDNCPZK.js +0 -13
package/dist/pg_freespacemap-DZDNCPZK.js.map +0 -1
package/dist/pg_surgery-J2MUEWEP.js +0 -13
package/dist/pg_surgery-J2MUEWEP.js.map +0 -1
package/dist/pg_trgm-7VNQOYS6.js +0 -13
package/dist/pg_trgm-7VNQOYS6.js.map +0 -1
package/dist/pg_visibility-TTSIPHFL.js +0 -13
package/dist/pg_visibility-TTSIPHFL.js.map +0 -1
package/dist/pg_walinspect-KPFHSHRJ.js +0 -13
package/dist/pg_walinspect-KPFHSHRJ.js.map +0 -1
package/dist/proxy-signals-GUDAMDHV.js +0 -39
package/dist/proxy-signals-GUDAMDHV.js.map +0 -1
package/dist/seg-IYVDLE4O.js +0 -13
package/dist/seg-IYVDLE4O.js.map +0 -1
package/dist/src/codecs/decoding.d.ts +0 -4
package/dist/src/codecs/decoding.d.ts.map +0 -1
package/dist/src/codecs/encoding.d.ts +0 -5
package/dist/src/codecs/encoding.d.ts.map +0 -1
package/dist/src/codecs/validation.d.ts +0 -6
package/dist/src/codecs/validation.d.ts.map +0 -1
package/dist/src/exports/index.d.ts +0 -11
package/dist/src/exports/index.d.ts.map +0 -1
package/dist/src/index.d.ts +0 -2
package/dist/src/index.d.ts.map +0 -1
package/dist/src/lower-sql-plan.d.ts +0 -15
package/dist/src/lower-sql-plan.d.ts.map +0 -1
package/dist/src/sql-context.d.ts +0 -130
package/dist/src/sql-context.d.ts.map +0 -1
package/dist/src/sql-family-adapter.d.ts +0 -10
package/dist/src/sql-family-adapter.d.ts.map +0 -1
package/dist/src/sql-marker.d.ts +0 -22
package/dist/src/sql-marker.d.ts.map +0 -1
package/dist/src/sql-runtime.d.ts +0 -25
package/dist/src/sql-runtime.d.ts.map +0 -1
package/dist/tablefunc-EF4RCS7S.js +0 -13
package/dist/tablefunc-EF4RCS7S.js.map +0 -1
package/dist/tcn-3VT5BQYW.js +0 -13
package/dist/tcn-3VT5BQYW.js.map +0 -1
package/dist/test/utils.d.ts +0 -60
package/dist/test/utils.d.ts.map +0 -1
package/dist/test/utils.js +0 -24635
package/dist/test/utils.js.map +0 -1
package/dist/tiny-CW6F4GX6.js +0 -10
package/dist/tiny-CW6F4GX6.js.map +0 -1
package/dist/tsm_system_rows-ES7KNUQH.js +0 -13
package/dist/tsm_system_rows-ES7KNUQH.js.map +0 -1
package/dist/tsm_system_time-76WEIMBG.js +0 -13
package/dist/tsm_system_time-76WEIMBG.js.map +0 -1
package/dist/unaccent-7RYF3R64.js +0 -13
package/dist/unaccent-7RYF3R64.js.map +0 -1
package/dist/utility-Q5A254LJ-J4HTKZPT.js +0 -347
package/dist/utility-Q5A254LJ-J4HTKZPT.js.map +0 -1
package/dist/uuid_ossp-4ETE4FPE.js +0 -13
package/dist/uuid_ossp-4ETE4FPE.js.map +0 -1
package/dist/vector-74GPNV7V.js +0 -13
package/dist/vector-74GPNV7V.js.map +0 -1
package/src/index.ts +0 -1

package/src/lower-sql-plan.ts CHANGED Viewed

@@ -1,23 +1,23 @@
-import type { ExecutionPlan } from '@prisma-next/contract/types';
+import type { Contract, ExecutionPlan } from '@prisma-next/contract/types';
+import type { SqlStorage } from '@prisma-next/sql-contract/types';
+import type { Adapter, AnyQueryAst, LoweredStatement } from '@prisma-next/sql-relational-core/ast';
 import type { SqlQueryPlan } from '@prisma-next/sql-relational-core/plan';
-import type { RuntimeContext } from './sql-context';
 /**
  * Lowers a SQL query plan to an executable Plan by calling the adapter's lower method.
  *
- * This function is responsible for converting a lane-produced SqlQueryPlan (which contains
- * AST and params but no SQL) into a fully executable Plan (which includes SQL string).
- *
- * @param context - Runtime context containing the adapter
+ * @param adapter - Adapter to lower AST to SQL
+ * @param contract - Contract for lowering context
  * @param queryPlan - SQL query plan from a lane (contains AST, params, meta, but no SQL)
  * @returns Fully executable Plan with SQL string
  */
 export function lowerSqlPlan<Row>(
-  context: RuntimeContext,
+  adapter: Adapter<AnyQueryAst, Contract<SqlStorage>, LoweredStatement>,
+  contract: Contract<SqlStorage>,
   queryPlan: SqlQueryPlan<Row>,
 ): ExecutionPlan<Row> {
-  const lowered = context.adapter.lower(queryPlan.ast, {
-    contract: context.contract,
+  const lowered = adapter.lower(queryPlan.ast, {
+    contract,
     params: queryPlan.params,
   });

package/src/middleware/budgets.ts ADDED Viewed

@@ -0,0 +1,256 @@
+import type { ExecutionPlan } from '@prisma-next/contract/types';
+import { type RuntimeErrorEnvelope, runtimeError } from '@prisma-next/framework-components/runtime';
+import type {
+  AfterExecuteResult,
+  Middleware,
+  MiddlewareContext,
+} from '@prisma-next/runtime-executor';
+import { isQueryAst, type SelectAst } from '@prisma-next/sql-relational-core/ast';
+export interface BudgetsOptions {
+  readonly maxRows?: number;
+  readonly defaultTableRows?: number;
+  readonly tableRows?: Record<string, number>;
+  readonly maxLatencyMs?: number;
+  readonly severities?: {
+    readonly rowCount?: 'warn' | 'error';
+    readonly latency?: 'warn' | 'error';
+  };
+}
+function hasAggregateWithoutGroupBy(ast: SelectAst): boolean {
+  if (ast.groupBy !== undefined) {
+    return false;
+  }
+  return ast.projection.some((item) => item.expr.kind === 'aggregate');
+}
+function estimateRowsFromAst(
+  ast: SelectAst,
+  tableRows: Record<string, number>,
+  defaultTableRows: number,
+  refs: { tables?: readonly string[] } | undefined,
+  hasAggregateWithoutGroup: boolean,
+): number | null {
+  if (hasAggregateWithoutGroup) {
+    return 1;
+  }
+  const table = refs?.tables?.[0];
+  if (!table) {
+    return null;
+  }
+  const tableEstimate = tableRows[table] ?? defaultTableRows;
+  if (ast.limit !== undefined) {
+    return Math.min(ast.limit, tableEstimate);
+  }
+  return tableEstimate;
+}
+function estimateRowsFromHeuristics(
+  plan: ExecutionPlan,
+  tableRows: Record<string, number>,
+  defaultTableRows: number,
+): number | null {
+  const table = plan.meta.refs?.tables?.[0];
+  if (!table) {
+    return null;
+  }
+  const tableEstimate = tableRows[table] ?? defaultTableRows;
+  const limit = plan.meta.annotations?.['limit'];
+  if (typeof limit === 'number') {
+    return Math.min(limit, tableEstimate);
+  }
+  return tableEstimate;
+}
+function hasDetectableLimitFromHeuristics(plan: ExecutionPlan): boolean {
+  return typeof plan.meta.annotations?.['limit'] === 'number';
+}
+function emitBudgetViolation(
+  error: RuntimeErrorEnvelope,
+  shouldBlock: boolean,
+  ctx: MiddlewareContext<unknown>,
+): void {
+  if (shouldBlock) {
+    throw error;
+  }
+  ctx.log.warn({
+    code: error.code,
+    message: error.message,
+    details: error.details,
+  });
+}
+export function budgets<TContract = unknown>(options?: BudgetsOptions): Middleware<TContract> {
+  const maxRows = options?.maxRows ?? 10_000;
+  const defaultTableRows = options?.defaultTableRows ?? 10_000;
+  const tableRows = options?.tableRows ?? {};
+  const maxLatencyMs = options?.maxLatencyMs ?? 1_000;
+  const rowSeverity = options?.severities?.rowCount ?? 'error';
+  const observedRowsByPlan = new WeakMap<ExecutionPlan, { count: number }>();
+  return Object.freeze({
+    name: 'budgets',
+    familyId: 'sql' as const,
+    async beforeExecute(plan: ExecutionPlan, ctx: MiddlewareContext<TContract>) {
+      observedRowsByPlan.set(plan, { count: 0 });
+      if (isQueryAst(plan.ast)) {
+        if (plan.ast.kind === 'select') {
+          return evaluateSelectAst(plan, plan.ast, ctx);
+        }
+        return;
+      }
+      return evaluateWithHeuristics(plan, ctx);
+    },
+    async onRow(
+      _row: Record<string, unknown>,
+      plan: ExecutionPlan,
+      _ctx: MiddlewareContext<TContract>,
+    ) {
+      const state = observedRowsByPlan.get(plan);
+      if (!state) return;
+      state.count += 1;
+      if (state.count > maxRows) {
+        throw runtimeError('BUDGET.ROWS_EXCEEDED', 'Observed row count exceeds budget', {
+          source: 'observed',
+          observedRows: state.count,
+          maxRows,
+        });
+      }
+    },
+    async afterExecute(
+      _plan: ExecutionPlan,
+      result: AfterExecuteResult,
+      ctx: MiddlewareContext<TContract>,
+    ) {
+      const latencyMs = result.latencyMs;
+      if (latencyMs > maxLatencyMs) {
+        const shouldBlock = ctx.mode === 'strict';
+        emitBudgetViolation(
+          runtimeError('BUDGET.TIME_EXCEEDED', 'Query latency exceeds budget', {
+            latencyMs,
+            maxLatencyMs,
+          }),
+          shouldBlock,
+          ctx as MiddlewareContext<unknown>,
+        );
+      }
+    },
+  });
+  function evaluateSelectAst(
+    plan: ExecutionPlan,
+    ast: SelectAst,
+    ctx: MiddlewareContext<TContract>,
+  ) {
+    const hasAggNoGroup = hasAggregateWithoutGroupBy(ast);
+    const estimated = estimateRowsFromAst(
+      ast,
+      tableRows,
+      defaultTableRows,
+      plan.meta.refs,
+      hasAggNoGroup,
+    );
+    const isUnbounded = ast.limit === undefined && !hasAggNoGroup;
+    const shouldBlock = rowSeverity === 'error' || ctx.mode === 'strict';
+    if (isUnbounded) {
+      if (estimated !== null && estimated >= maxRows) {
+        emitBudgetViolation(
+          runtimeError('BUDGET.ROWS_EXCEEDED', 'Unbounded SELECT query exceeds budget', {
+            source: 'ast',
+            estimatedRows: estimated,
+            maxRows,
+          }),
+          shouldBlock,
+          ctx as MiddlewareContext<unknown>,
+        );
+        return;
+      }
+      emitBudgetViolation(
+        runtimeError('BUDGET.ROWS_EXCEEDED', 'Unbounded SELECT query exceeds budget', {
+          source: 'ast',
+          maxRows,
+        }),
+        shouldBlock,
+        ctx as MiddlewareContext<unknown>,
+      );
+      return;
+    }
+    if (estimated !== null && estimated > maxRows) {
+      emitBudgetViolation(
+        runtimeError('BUDGET.ROWS_EXCEEDED', 'Estimated row count exceeds budget', {
+          source: 'ast',
+          estimatedRows: estimated,
+          maxRows,
+        }),
+        shouldBlock,
+        ctx as MiddlewareContext<unknown>,
+      );
+    }
+  }
+  async function evaluateWithHeuristics(plan: ExecutionPlan, ctx: MiddlewareContext<TContract>) {
+    const estimated = estimateRowsFromHeuristics(plan, tableRows, defaultTableRows);
+    const isUnbounded = !hasDetectableLimitFromHeuristics(plan);
+    const sqlUpper = plan.sql.trimStart().toUpperCase();
+    const isSelect = sqlUpper.startsWith('SELECT');
+    const shouldBlock = rowSeverity === 'error' || ctx.mode === 'strict';
+    if (isSelect && isUnbounded) {
+      if (estimated !== null && estimated >= maxRows) {
+        emitBudgetViolation(
+          runtimeError('BUDGET.ROWS_EXCEEDED', 'Unbounded SELECT query exceeds budget', {
+            source: 'heuristic',
+            estimatedRows: estimated,
+            maxRows,
+          }),
+          shouldBlock,
+          ctx as MiddlewareContext<unknown>,
+        );
+        return;
+      }
+      emitBudgetViolation(
+        runtimeError('BUDGET.ROWS_EXCEEDED', 'Unbounded SELECT query exceeds budget', {
+          source: 'heuristic',
+          maxRows,
+        }),
+        shouldBlock,
+        ctx as MiddlewareContext<unknown>,
+      );
+      return;
+    }
+    if (estimated !== null) {
+      if (estimated > maxRows) {
+        emitBudgetViolation(
+          runtimeError('BUDGET.ROWS_EXCEEDED', 'Estimated row count exceeds budget', {
+            source: 'heuristic',
+            estimatedRows: estimated,
+            maxRows,
+          }),
+          shouldBlock,
+          ctx as MiddlewareContext<unknown>,
+        );
+      }
+      return;
+    }
+  }
+}

package/src/middleware/lints.ts ADDED Viewed

@@ -0,0 +1,192 @@
+import type { ExecutionPlan } from '@prisma-next/contract/types';
+import { runtimeError } from '@prisma-next/framework-components/runtime';
+import type { Middleware, MiddlewareContext } from '@prisma-next/runtime-executor';
+import { evaluateRawGuardrails } from '@prisma-next/runtime-executor';
+import {
+  type AnyFromSource,
+  type AnyQueryAst,
+  isQueryAst,
+} from '@prisma-next/sql-relational-core/ast';
+import { ifDefined } from '@prisma-next/utils/defined';
+export interface LintsOptions {
+  readonly severities?: {
+    readonly selectStar?: 'warn' | 'error';
+    readonly noLimit?: 'warn' | 'error';
+    readonly deleteWithoutWhere?: 'warn' | 'error';
+    readonly updateWithoutWhere?: 'warn' | 'error';
+    readonly readOnlyMutation?: 'warn' | 'error';
+    readonly unindexedPredicate?: 'warn' | 'error';
+  };
+  readonly fallbackWhenAstMissing?: 'raw' | 'skip';
+}
+export interface LintFinding {
+  readonly code: `LINT.${string}`;
+  readonly severity: 'error' | 'warn';
+  readonly message: string;
+  readonly details?: Record<string, unknown>;
+}
+function getFromSourceTableDetail(source: AnyFromSource): string | undefined {
+  switch (source.kind) {
+    case 'table-source':
+      return source.name;
+    case 'derived-table-source':
+      return source.alias;
+    // v8 ignore next 4
+    default:
+      throw new Error(
+        `Unsupported source kind: ${(source satisfies never as { kind: string }).kind}`,
+      );
+  }
+}
+function evaluateAstLints(ast: AnyQueryAst): LintFinding[] {
+  const findings: LintFinding[] = [];
+  switch (ast.kind) {
+    case 'delete':
+      if (ast.where === undefined) {
+        findings.push({
+          code: 'LINT.DELETE_WITHOUT_WHERE',
+          severity: 'error',
+          message:
+            'DELETE without WHERE clause blocks execution to prevent accidental full-table deletion',
+          details: { table: ast.table.name },
+        });
+      }
+      break;
+    case 'update':
+      if (ast.where === undefined) {
+        findings.push({
+          code: 'LINT.UPDATE_WITHOUT_WHERE',
+          severity: 'error',
+          message:
+            'UPDATE without WHERE clause blocks execution to prevent accidental full-table update',
+          details: { table: ast.table.name },
+        });
+      }
+      break;
+    case 'select':
+      if (ast.limit === undefined) {
+        const table = getFromSourceTableDetail(ast.from);
+        findings.push({
+          code: 'LINT.NO_LIMIT',
+          severity: 'warn',
+          message: 'Unbounded SELECT may return large result sets',
+          ...ifDefined('details', table !== undefined ? { table } : undefined),
+        });
+      }
+      if (ast.selectAllIntent !== undefined) {
+        const table = ast.selectAllIntent.table;
+        findings.push({
+          code: 'LINT.SELECT_STAR',
+          severity: 'warn',
+          message: 'Query selects all columns via selectAll intent',
+          ...ifDefined('details', table !== undefined ? { table } : undefined),
+        });
+      }
+      break;
+    case 'insert':
+      break;
+    // v8 ignore next 2
+    default:
+      throw new Error(`Unsupported AST kind: ${(ast satisfies never as { kind: string }).kind}`);
+  }
+  return findings;
+}
+function getConfiguredSeverity(code: string, options?: LintsOptions): 'warn' | 'error' | undefined {
+  const severities = options?.severities;
+  if (!severities) return undefined;
+  switch (code) {
+    case 'LINT.SELECT_STAR':
+      return severities.selectStar;
+    case 'LINT.NO_LIMIT':
+      return severities.noLimit;
+    case 'LINT.DELETE_WITHOUT_WHERE':
+      return severities.deleteWithoutWhere;
+    case 'LINT.UPDATE_WITHOUT_WHERE':
+      return severities.updateWithoutWhere;
+    case 'LINT.READ_ONLY_MUTATION':
+      return severities.readOnlyMutation;
+    case 'LINT.UNINDEXED_PREDICATE':
+      return severities.unindexedPredicate;
+    default:
+      return undefined;
+  }
+}
+/**
+ * AST-first lint middleware for SQL plans. When `plan.ast` is a SQL QueryAst, inspects
+ * the AST structurally. When `plan.ast` is missing, falls back to raw heuristic
+ * guardrails or skips linting depending on `fallbackWhenAstMissing`.
+ *
+ * Rules (AST-based):
+ * - DELETE without WHERE: blocks execution (configurable severity, default error)
+ * - UPDATE without WHERE: blocks execution (configurable severity, default error)
+ * - Unbounded SELECT: warn/error (severity from noLimit)
+ * - SELECT * intent: warn/error (severity from selectStar)
+ *
+ * Fallback: When ast is missing, `fallbackWhenAstMissing: 'raw'` uses heuristic
+ * SQL parsing; `'skip'` skips all lints. Default is `'raw'`.
+ */
+export function lints<TContract = unknown>(options?: LintsOptions): Middleware<TContract> {
+  const fallback = options?.fallbackWhenAstMissing ?? 'raw';
+  return Object.freeze({
+    name: 'lints',
+    familyId: 'sql' as const,
+    async beforeExecute(plan: ExecutionPlan, ctx: MiddlewareContext<TContract>) {
+      if (isQueryAst(plan.ast)) {
+        const findings = evaluateAstLints(plan.ast);
+        for (const lint of findings) {
+          const configuredSeverity = getConfiguredSeverity(lint.code, options);
+          const effectiveSeverity = configuredSeverity ?? lint.severity;
+          if (effectiveSeverity === 'error') {
+            throw runtimeError(lint.code, lint.message, lint.details);
+          }
+          if (effectiveSeverity === 'warn') {
+            ctx.log.warn({
+              code: lint.code,
+              message: lint.message,
+              details: lint.details,
+            });
+          }
+        }
+        return;
+      }
+      if (fallback === 'skip') {
+        return;
+      }
+      const evaluation = evaluateRawGuardrails(plan);
+      for (const lint of evaluation.lints) {
+        const configuredSeverity = getConfiguredSeverity(lint.code, options);
+        const effectiveSeverity = configuredSeverity ?? lint.severity;
+        if (effectiveSeverity === 'error') {
+          throw runtimeError(lint.code, lint.message, lint.details);
+        }
+        if (effectiveSeverity === 'warn') {
+          ctx.log.warn({
+            code: lint.code,
+            message: lint.message,
+            details: lint.details,
+          });
+        }
+      }
+    },
+  });
+}

package/src/middleware/sql-middleware.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { Contract, ExecutionPlan } from '@prisma-next/contract/types';
+import type {
+  AfterExecuteResult,
+  RuntimeMiddleware,
+  RuntimeMiddlewareContext,
+} from '@prisma-next/framework-components/runtime';
+import type { SqlStorage } from '@prisma-next/sql-contract/types';
+export interface SqlMiddlewareContext extends RuntimeMiddlewareContext {
+  readonly contract: Contract<SqlStorage>;
+}
+export interface SqlMiddleware extends RuntimeMiddleware {
+  readonly familyId: 'sql';
+  beforeExecute?(plan: ExecutionPlan, ctx: SqlMiddlewareContext): Promise<void>;
+  onRow?(
+    row: Record<string, unknown>,
+    plan: ExecutionPlan,
+    ctx: SqlMiddlewareContext,
+  ): Promise<void>;
+  afterExecute?(
+    plan: ExecutionPlan,
+    result: AfterExecuteResult,
+    ctx: SqlMiddlewareContext,
+  ): Promise<void>;
+}