@sap/cds 6.1.0 → 6.1.1

package/CHANGELOG.md

@@ -4,6 +4,37 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 6.1.1 - 2022-08-24
+
+### Added
+- The configuration schema now includes `cds.extends` and `new-fields` (in `cds.xt.ExtensibilityService`)
+
+- `srv.run(fn)` now accepts a function as first argument, which will be run in an active outer transaction, if any, or in a newly created one. This is in contrast to `srv.tx(fn)` which always creates a new tx.
+  ```js
+  cds.run (tx => { // nested operations are guaranteed to run in a tx
+    await INSERT.into (Foo, ...)
+    await INSERT.into (Bar, ...)
+  })
+  ```
+
+### Fixed
+
+- Erroneous checks for `join` in `SELECT.from(SELECT.from('xxx'))`
+- Virtual fields with default values in draft context
+- View resolving without model information doesn't crash
+- Unable to upload large attachments. Uploading a large attachment (base64 encoded) caused a runtime exception.
+- `cds.Query.then()` is using `AsyncResource.runInAsyncScope` from now on. → this avoids callstacks being cut off, e.g. in debuggers.
+- `cds.tx()` and `cds.context` have been fixed to avoid accidential fallbacks to auto-commit mode.
+- HDI configuration data (e.g. `./cfg`, `.hdiignore`) is now included in the `resources.tgz` file which is required for Streamlined MTX.
+- `cds deploy` accepts in addition to `VCAP_SERVICES` also `TARGET_CONTAINER` and `SERVICE_REPLACEMENTS` from vcap file when using `--vcap-file` parameter.
+- `cds build` doesn't duplicate CSV files that are contained in `db/src/**`.
+- Typescript issues in `apis/log.d.ts`
+- `cds build` adds OS agnostic base model path to generated feature CSN.
+- Unhandled promise rejection in `expand` handling
+- `cds.context.model` middleware is not mounted for not extensible services
+- `cds.context` continuation was sometimes not reset in REST adapter
+- Requests don't fail with `RangeError: Unable to get service from service map due to error: Invalid time value` anymore
+
 ## Version 6.1.0 - 2022-08-10
 
 ### Added

package/apis/log.d.ts

@@ -24,7 +24,7 @@ declare class cds {
     log(name: string, options?: string | number | { level: number, prefix: string }): Logger
 }
 
-class Logger {
+declare class Logger {
     /**
      * Formats a log outputs by returning an array of arguments which are passed to
      * console.log() et al.
@@ -41,8 +41,6 @@ class Logger {
     error(message?: any, ...optionalParams: any[]): void
 }
 
-declare const levels = {
-    SILENT: 0, ERROR: 1, WARN: 2, INFO: 3, DEBUG: 4, TRACE: 5, SILLY: 5, VERBOSE: 5
+declare enum levels {
+    SILENT = 0, ERROR = 1, WARN = 2, INFO = 3, DEBUG = 4, TRACE = 5, SILLY = 5, VERBOSE = 5
 }
-
-declare const { ERROR, WARN, INFO, DEBUG, TRACE } = levels

package/bin/build/provider/buildTaskHandlerFeatureToggles.js

@@ -100,17 +100,16 @@ class FeatureToggleBuilder extends BuildTaskHandlerInternal {
         }
         const features = {}
         const options = { ...this.options(), flavor: 'parsed' }
-        const srvFolder = path.relative(destFts, destBase)
 
         // create feature models
         for (const ftName in ftsPaths) {
             const ftCsn = await this.cds.load(ftsPaths[ftName], options)
+            const ftPath = path.join(destFts, this.ftsName, ftName)
 
             // replace require paths by base model path to ensure precedence of feature annos
             // see https://pages.github.tools.sap/cap/docs/cds/compiler-messages#anno-duplicate-unrelated-layer
-            ftCsn.requires = [path.join('../..', srvFolder, DEFAULT_CSN_FILE_NAME)]
+            ftCsn.requires = [path.join(path.relative(ftPath, destBase), DEFAULT_CSN_FILE_NAME).replace(/\\/g,'/')]
 
-            const ftPath = path.join(destFts, this.ftsName, ftName)
             await this.compileToJson(ftCsn, path.join(ftPath, DEFAULT_CSN_FILE_NAME))
             await this._validateFeature(ftPath)
             features[ftName] = ftCsn

package/bin/build/provider/hana/index.js

@@ -106,8 +106,11 @@ class HanaModuleBuilder extends BuildTaskHandlerInternal {
 
         // 1. copy csv files into 'src/gen/data' or 'src/gen/csv' subfolder
         const promises = []
+        const dbSrc = path.join(src, 'src')
+
         resources.forEach(res => {
-            if (res && /\.csv$/.test(res)) {
+            // do not duplicate resources that are already contained in db/src/**
+            if (res && /\.csv$/.test(res) && !res.startsWith(dbSrc)) {
                 promises.push(this.copy(res).to(path.join(this.task.options.compileDest, csvFolder, path.basename(res))))
             }
         })
@@ -118,7 +121,6 @@ class HanaModuleBuilder extends BuildTaskHandlerInternal {
         blockList += this.hasBuildOption(CONTENT_ENV, false) ? "|\\.env($|\\..*$)" : ""
         blockList += this.hasBuildOption(CONTENT_DEFAULT_ENV_JSON, false) ? "|default-env\\.json$" : ""
         blockList = new RegExp(blockList)
-        const dbSrc = path.join(src, 'src')
 
         await this.copyNativeContent(src, dest, (entry) => {
             if (entry.startsWith(dbSrc)) {

package/bin/build/provider/mtx/resourcesTarBuilder.js

@@ -47,20 +47,16 @@ class ResourcesTarBuilder {
      * Reads all resources for HANA deployment - 'db/src/**' and 'db/undeploy.json'.
      * - CSV files, native HANA artefacts, generated HANA artefacts, undeploy.json
      * See '../../../../lib.deploy'
-     * 
+     * Note: the hana build task has already been executed
      * @param {string} root 
      * @returns an array containing all resources
      */
     _getHanaResources(root) {
-        const hanaSrcFolder = path.join(root, 'src')
-        const undeployJson = path.join(root, 'undeploy.json')
+        const hanaNativeFolders = [path.join(root, 'src'), path.join(root, 'cfg')]
+        const hanaNativeFiles = [path.join(root, 'undeploy.json'), path.join(root, '.hdiignore')]
 
-        // hana build task has already been executed
         return BuildTaskHandlerInternal._find(root, (res) => {
-            if (res === undeployJson) {
-                return true
-            }
-            if (res.startsWith(hanaSrcFolder)) {
+            if (hanaNativeFolders.some(folder => res.startsWith(folder)) || hanaNativeFiles.some(file => res === file)) {
                 return true
             }
             return false

package/bin/deploy/to-hana/hana.js

@@ -35,7 +35,7 @@ class HanaDeployer {
     this.logger = logger;
 
     this.logger.log(`${bold('Starting deploy to SAP HANA ...')}`);
-    if (vcapFile)  {
+    if (vcapFile) {
       this.logger.log();
       this.logger.log(`Using VCAP_SERVICES from file ${vcapFile} (beta feature).`);
       bindCallback = null // credentials are given - no cds bind then
@@ -49,9 +49,9 @@ class HanaDeployer {
 
     const { buildResults } = await this._build(buildTaskOptions, model);
 
-    let vcapServices;
+    let vcapFileEnv;
     if (vcapFile) {
-      vcapServices = await this._loadVCAPServices(vcapFile);
+      vcapFileEnv = await this._loadDefaultEnv(vcapFile);
     }
 
     for (const buildResult of buildResults) {
@@ -71,7 +71,7 @@ class HanaDeployer {
         serviceKeyName = cfServiceInstanceKeyName;
         serviceName = serviceName || cfServiceInstanceName;
 
-        vcapServices = this._getVCAPServicesEntry(cfServiceInstanceName, serviceKey);
+        vcapFileEnv = this._getVCAPServicesEntry(cfServiceInstanceName, serviceKey);
 
         if (!noSave && !bindCallback) {
           await this._addInstanceToDefaultEnvJson([currentModelFolder, projectPath], cfServiceInstanceName, serviceKey);
@@ -95,7 +95,7 @@ class HanaDeployer {
         });
       }
 
-      await hdiDeployUtil.deploy(currentModelFolder, vcapServices, hdiOptions);
+      await hdiDeployUtil.deploy(currentModelFolder, vcapFileEnv, hdiOptions);
 
       if (bindCallback) {
         const args = [path.relative(projectPath, buildResult.task.src)];
@@ -204,16 +204,12 @@ class HanaDeployer {
   }
 
 
-  async _loadVCAPServices(vcapFile) {
+  async _loadDefaultEnv(defaultEnvFile) {
     try {
-      const content = JSON.parse(await fs.readFile(vcapFile));
-      if (!content.VCAP_SERVICES) {
-        throw new Error(`The vcap file ${vcapFile} does not contain a VCAP_SERVICES entry.`);
-      }
-
-      return content.VCAP_SERVICES;
+      const content = await fs.readFile(defaultEnvFile);
+      return JSON.parse(content);
     } catch (err) {
-      throw new Error(`Error reading vcap file: ${err.message}`);
+      throw new Error(`Error reading default env file: ${err.message}`);
     }
   }
 
@@ -237,13 +233,10 @@ class HanaDeployer {
       }
 
       const hanaEntry = this._getVCAPServicesEntry(serviceInstanceName, serviceKey)
-      defaultEnvJson.VCAP_SERVICES = {
-        ...defaultEnvJson.VCAP_SERVICES,
-        ...hanaEntry
-      }
+      Object.assign(defaultEnvJson, hanaEntry);
 
       this.logger.log(`Writing ${defaultEnvJsonPath}`);
-      await fs.mkdir(path.dirname(defaultEnvJsonPath), {recursive: true})
+      await fs.mkdir(path.dirname(defaultEnvJsonPath), { recursive: true })
       await fs.writeFile(defaultEnvJsonPath, JSON.stringify(defaultEnvJson, null, 2));
     }
   }
@@ -251,13 +244,15 @@ class HanaDeployer {
 
   _getVCAPServicesEntry(serviceInstanceName, serviceKey) {
     return {
-      hana: [
-        {
-          name: serviceInstanceName,
-          tags: ['hana'],
-          credentials: serviceKey
-        }
-      ]
+      VCAP_SERVICES: {
+        hana: [
+          {
+            name: serviceInstanceName,
+            tags: ['hana'],
+            credentials: serviceKey
+          }
+        ]
+      }
     };
   }
 

package/bin/deploy/to-hana/hdiDeployUtil.js

@@ -20,7 +20,10 @@ class HdiDeployUtil {
         await this._executeDeploy(dbDir, env, logger);
     }
 
-    async deploy(dbDir, vcapServices, options = {}) {
+    async deploy(dbDir, vcapEnv, options) {
+        vcapEnv = vcapEnv || {}; // handles null and undefined
+        options = options || {};
+
         LOG.log();
         LOG.log(`Deploying to HANA from ${dbDir}`);
 
@@ -34,7 +37,15 @@ class HdiDeployUtil {
             deployerEnv = hdiDeployLib.clean_env(deployerEnv);
         }
 
-        deployerEnv.VCAP_SERVICES = JSON.stringify(vcapServices);
+        if (vcapEnv.VCAP_SERVICES) {
+            deployerEnv.VCAP_SERVICES = JSON.stringify(vcapEnv.VCAP_SERVICES);
+        }
+        if (vcapEnv.SERVICE_REPLACEMENTS) {
+            deployerEnv.SERVICE_REPLACEMENTS = JSON.stringify(vcapEnv.SERVICE_REPLACEMENTS);
+        }
+        if (vcapEnv.TARGET_CONTAINER) {
+            deployerEnv.TARGET_CONTAINER = vcapEnv.TARGET_CONTAINER;
+        }
 
         if (options.autoUndeploy) {
             LOG.log(`Hdi deployer automatically undeploys deleted resources using --auto-undeploy.`);

package/lib/dbs/cds-deploy.js

@@ -111,7 +111,7 @@ exports.create = async function (db, csn=db.model, o) {
       console.log(); for (let each of drops) console.log(each)
       console.log(); for (let each of creates) console.log(each,'\n')
       return
-    } else return db.tx (async tx => {
+    } else return db.run (async tx => {
       await tx.run(drops)
       await tx.run(creates)
       return true
@@ -120,7 +120,7 @@ exports.create = async function (db, csn=db.model, o) {
 }
 
 
-exports.init = (db, csn=db.model, log=()=>{}) => db.tx (async tx => {
+exports.init = (db, csn=db.model, log=()=>{}) => db.run (async tx => {
   const resources = await exports.resources(csn, {testdata: cds.env.features.test_data})
   const inits=[]
   for (let [file,e] of Object.entries(resources)) {

package/lib/env/schemas/cds-rc.json

@@ -126,6 +126,10 @@
         }
       }
     },
+    "extends": {
+      "description": "Name of the application that shall be extended",
+      "type": "string"
+    },
     "requires": {
       "type": "object",
       "description": "CDS Dependencies to databases and services can be configured by listing them within a requires section.",
@@ -567,7 +571,7 @@
           "uniqueItems": true,
           "items": {
             "type": "object",
-            "additionalProperties": true,
+            "additionalProperties": false,
             "properties": {
               "for": {
                 "type": "array",
@@ -595,6 +599,11 @@
                 "type": "integer",
                 "description": "Number of fields to be added at most",
                 "minimum": 1
+              },
+              "new-entities": {
+                "type": "integer",
+                "description": "Number of entities to be added at most",
+                "minimum": 1
               }
             }
           }

package/lib/ql/Query.js

@@ -1,7 +1,8 @@
+const { AsyncResource } = require('async_hooks')
 const { inspect } = require('util')
 const cds = require('../index')
 
-module.exports = class Query {
+class Query {
 
   constructor(_={}) { this[this.cmd] = _ }
 
@@ -16,8 +17,10 @@ module.exports = class Query {
   }
 
   /** Turns all queries into Thenables which execute with primary db by default */
-  then (r,e) {
-    return (this._srv || cds.db) .run (this) .then (r,e)
+  get then() {
+    const srv = this._srv || cds.db || cds.error `Can't execute query as no primary database is connected.`
+    const q = new AsyncResource('await cds.query')
+    return (r,e) => q.runInAsyncScope (srv.run, srv, this) .then (r,e)
   }
 
   /** Beautifies output in REPL */
@@ -87,3 +90,6 @@ const _target4 = (target, arg2) =>  target && (
 )
 
 const _name = cds.env.sql.names === 'quoted' ? n =>`"${n}"` : n => n.replace(/[.:]/g,'_')
+
+
+module.exports = Query

package/lib/ql/SELECT.js

@@ -94,7 +94,7 @@ module.exports = class SELECT extends Whereable {
     return Object.defineProperty(this, '_where_or_having', { value: 'on', configurable: true })
   }
   on (...args) {
-    if (!this.SELECT.from || !this.SELECT.from.join)
+    if (!this.SELECT.from || !this.SELECT.from.join || !this.SELECT.from.args) // `join` can also be a function, e.g. in SELECT.from(SELECT.from('foo'))
       throw new Error(`Invalid call of "SELECT.on()" without prior call of "SELECT.join()"`)
     return this._where (args,'and','on')
   }

package/lib/ql/cds-ql.js

@@ -22,15 +22,6 @@ function _deprecated_srv_ql() { // eslint-disable-next-line no-console
   return module.exports
 }
 
-if (cds.env.features.cls && cds.env.features.debug_queries) {
-  const Query = require('./Query'), { then } = Query.prototype
-  const { AsyncResource } = require('async_hooks')
-  Object.defineProperty (Query.prototype,'then',{ get(){
-    const q = new AsyncResource('cds.Query')
-    return (r,e) => q.runInAsyncScope (then,this,r,e)
-  }})
-}
-
 module.exports._reset = ()=>{ // for strange tests only
   const _name = cds.env.sql.names === 'quoted' ? n =>`"${n}"` : n => n.replace(/[.:]/g,'_')
   Object.defineProperty (require('./Query').prototype,'valueOf',{ configurable:1, value: function(cmd=this.cmd) {

package/lib/req/context.js

@@ -12,11 +12,15 @@ const { EventEmitter } = require('events')
 class EventContext {
 
   /** Creates a new instance that inherits from cds.context */
-  static for (_) {
+  static for (_,_as_root) {
     const ctx = new this (_)
-    if (features.cds_tx_inheritance) {
-      const base = cds.context
-      if (base) ctx._set('_propagated', base)
+    const base = cds.context
+    if (base) {
+      ctx._set('_propagated', base) // we inherit from former cds.currents
+      if (!_as_root) {
+        if (!ctx.context) ctx._set('context', base.context) // all transaction handling works with root contexts
+        if (!ctx.tx && base.tx) ctx.tx = base.tx
+      }
     }
     return ctx
   }
@@ -38,7 +42,7 @@ class EventContext {
   //
 
   get emitter() {
-    return this.context._emitter || (this.context._emitter = new EventEmitter)
+    return this.context._emitter || this.context._set('_emitter', new EventEmitter)
   }
 
   async emit (event,...args) {
@@ -115,7 +119,8 @@ class EventContext {
   }
 
   get model() {
-    return super.model = this._propagated.model || this.http?.req.__model // IMPORTANT: Never use that anywhere else
+    const m = this._propagated.model || this.http?.req.__model // IMPORTANT: Never use that anywhere else
+    return this._set('model',m)
   }
   set model(m) {
     super.model = m
@@ -156,12 +161,11 @@ class EventContext {
    */
   set tx (tx) {
     Object.defineProperty (this,'tx',{value:tx}) //> allowed only once!
-    const ctx = tx.context
-    if (ctx && ctx !== this) {
-      if (!this.hasOwnProperty('context')) this.context = ctx // eslint-disable-line no-prototype-builtins
-
+    const root = tx.context?.context
+    if (root && root !== this) {
+      if (!this.hasOwnProperty('context')) this.context = root // eslint-disable-line no-prototype-builtins
       if (features.assert_integrity && features.assert_integrity_type == 'RT') {
-        const reqs = ctx._children || ctx._set('_children', {})
+        const reqs = root._children || root._set('_children', {})
         const all = reqs[tx.name] || (reqs[tx.name] = [])
         all.push(this)
       }

package/lib/srv/srv-api.js

@@ -56,6 +56,14 @@ class Service extends require('./srv-handlers') {
    * Querying API to send synchronous requests...
    */
   run (query, data) {
+    if (typeof query === 'function') {
+      const ctx = cds.context, fn = query
+      if (ctx?.tx && !ctx.tx._done) {
+        return fn (this.tx(ctx)) // with nested tx
+      } else {
+        return this.tx (fn) // with root tx
+      }
+    }
     const req = new Request ({ query, data })
     return this.dispatch (req)
   }

package/lib/srv/srv-dispatch.js

@@ -13,18 +13,23 @@ exports.dispatch = async function dispatch (req) { //NOSONAR
 
   // Ensure we are in a proper transaction
   if (!this.context) {
-    const gc = cds.context
-    if (gc && gc.tx && !gc.tx._done) return this.tx(gc).dispatch(req) // with nested tx
-    else return this.tx(tx => tx.dispatch(req)) // as root tx
+    const ctx = cds.context
+    if (ctx?.tx && !ctx.tx._done) {
+      return this.tx (ctx) .dispatch(req)      // with nested tx
+    } else {
+      return this.tx (tx => tx.dispatch(req))  // with root tx
+    }
   }
   if (!req.tx) req.tx = this // `this` is a tx from now on...
 
   // Inform potential listeners // REVISIT: -> this should move into protocol adapters
-  if (_is_root(req)) req._.req.emit ('dispatch',req)
+  let _is_root = req.constructor.name in { ODataRequest:1, RestRequest:2 }
+  if (_is_root) req._.req.emit ('dispatch',req)
 
   // Handle batches of queries
-  if (_is_array(req.query))
-    return Promise.all (req.query.map (q => this.dispatch ({query:q,__proto__:req,context:req.context})))
+  if (_is_array(req.query)) return Promise.all (req.query.map (
+    q => this.dispatch ({ query:q, context: req.context, __proto__:req })
+  ))
 
   // Ensure target and fqns
   if (!req.target) _ensure_target (this,req)
@@ -88,7 +93,6 @@ exports.handle = async function handle (req) {
 }
 
 
-const _is_root = (req) => /OData|REST/i.test(req.constructor.name)
 const _is_array = Array.isArray
 const _dummy = ()=>{} // REVISIT: required for some messaging tests which obviously still expect and call next()
 

package/lib/srv/srv-models.js

@@ -22,13 +22,13 @@ class ExtendedModels {
    */
   static middleware4 (srv) {
     if (!(srv instanceof cds.ApplicationService)) return [] //> no middleware to add // REVISIT: move to `srv.isExtensible`
-    if (srv.name?.startsWith('cds.xt.'))          return [] //> no middleware to add // REVISIT: move to `srv.isExtensible`
-    else return async (req,res,next) => {
+    if (!srv.isExtensible) return [] //> no middleware to add
+    else return async function cds_context_model (req,res,next) {
       if (!req.user?.tenant) return next()
       const ctx = cds.context = cds.EventContext.for({ http: { req, res } })
       ctx.user = req.user // REVISIT: should move to auth middleware?
       try {
-        ctx.model = req.__model = await this.model4 (ctx.tenant, ctx.features)
+        ctx.model = req.__model = await ExtendedModels.model4 (ctx.tenant, ctx.features)
       } catch (e) {
         LOG.error (Object.assign(e, { message: 'Unable to get service from service map due to error: ' + e.message }))
 
@@ -99,6 +99,7 @@ class ExtendedModels {
     if (model.then) return model //> promised model to avoid race conditions
 
     const {_cached} = model, interval = ExtendedModels.checkInterval
+    if (!_cached.touched)  return model
     if (Date.now() - _cached.touched < interval) return model //> checked recently
 
     else return this[key] = (async()=>{ // temporarily replace cache entry by promise to avoid race conditions...

package/lib/srv/srv-tx.js

@@ -1,6 +1,18 @@
 const cds = require('../index'), { cds_tx_protection } = cds.env.features
 const EventContext = require('../req/context')
-class RootContext extends EventContext {}
+class RootContext extends EventContext {
+  static for(_) {
+    if (_ instanceof EventContext) return _
+    else return super.for(_,'as root')
+  }
+}
+class NestedContext extends EventContext {
+  static for(_) {
+    if (_ instanceof EventContext) return _
+    else return super.for(_)
+  }
+}
+
 
 /**
  * This is the implementation of the `srv.tx(req)` method. It constructs
@@ -8,35 +20,28 @@ class RootContext extends EventContext {}
  * @returns { Transaction & import('./srv-api') }
  * @param { EventContext } ctx
  */
-module.exports = function tx (ctx,fn) { const srv = this
+function srv_tx (ctx,fn) { const srv = this
 
   if (srv.context) return srv // srv.tx().tx() -> idempotent
+  if (!ctx) return RootTransaction.for (srv)
+
+  // Creating root or nested txes for existing contexts
+  if (ctx instanceof EventContext) {
+    if (ctx.tx) return NestedTransaction.for (srv, ctx)
+    else return RootTransaction.for (srv, ctx)
+  }
 
   // Last arg may be a function -> srv.tx (tx => { ... })
   if (typeof ctx === 'function') [ ctx, fn ] = [ undefined, ctx ]
   if (typeof fn === 'function') {
-    const tx = srv.tx(ctx), fx = ()=> Promise.resolve(fn(tx)).then(tx.commit,tx.rollback)
-    const gc = cds.context, _has_tx = gc && gc.tx && !gc.tx._done
-    return _has_tx ? fx() : cds._context.run(tx,fx)
+    const tx = RootTransaction.for (srv, ctx)
+    return cds._context.run (tx, ()=> Promise.resolve(fn(tx)) .then (tx.commit, tx.rollback))
   }
 
-  if (ctx) {
-    if (ctx.context) ctx = ctx.context
-
-    // REVISIT: This is for compatibility with former srv.tx(req) usages
-    if (ctx instanceof EventContext) {
-      if (ctx.tx) return NestedTransaction.for (srv, ctx)
-      else return RootTransaction.for (srv, ctx)
-    }
-
-    // REVISIT: This is for compatibility with AFC only
-    if (ctx._txed_before) return NestedTransaction.for (srv, ctx._txed_before)
-    else Object.defineProperty(ctx, '_txed_before', { value: ctx = RootContext.for(ctx) })
-    return RootTransaction.for (srv, ctx)
-  }
-
-  // `ctx` is a plain context object or undefined
-  return RootTransaction.for (srv, RootContext.for(ctx))
+  // REVISIT: following is for compatibility with AFC only -> we should get rid of that
+  if (ctx._txed_before) return NestedTransaction.for (srv, ctx._txed_before)
+  else Object.defineProperty (ctx, '_txed_before', { value: ctx = RootContext.for(ctx) })
+  return RootTransaction.for (srv, ctx)
 }
 
 
@@ -45,17 +50,16 @@ class Transaction {
   /**
    * Returns an already started tx for given srv, or creates a new instance
    */
-  static for (srv,root) {
-    let txs = root.transactions
-    if (!txs) Object.defineProperty(root, 'transactions', {value: txs = new Map})
-    if (srv._real_srv) srv = srv._real_srv // REVISIT: srv._real_srv is a qirty hack for current Okra Adapters
+  static for (srv, ctx) {
+    const txs = ctx.context.transactions || ctx.context._set ('transactions', new Map)
+    if (srv._real_srv) srv = srv._real_srv // REVISIT: srv._real_srv is a dirty hack for current Okra Adapters
     let tx = txs.get (srv)
-    if (!tx) txs.set (srv, tx = new this (srv,root))
+    if (!tx) txs.set (srv, tx = new this (srv,ctx))
     return tx
   }
 
-  constructor (srv,root) {
-    const tx = { __proto__:srv, context:root }
+  constructor (srv, ctx) {
+    const tx = { __proto__:srv, _kind: new.target.name, context: ctx }
     const proto = new.target.prototype
     tx.commit   = proto.commit.bind(tx)
     tx.rollback = proto.rollback.bind(tx)
@@ -107,11 +111,12 @@ class Transaction {
 class RootTransaction extends Transaction {
 
   /**
-   * Register the new transaction with the root context.
-   * @param {EventContext} root
+   * Register the new transaction with the given context.
+   * @param {EventContext} ctx
    */
-  static for (srv,root) {
-    return root.tx = super.for (srv,root)
+  static for (srv, ctx) {
+    ctx = RootContext.for (ctx?.tx?._done ? {} : ctx)
+    return ctx.tx = super.for (srv, ctx)
   }
 
   /**
@@ -153,16 +158,21 @@ class RootTransaction extends Transaction {
 
 class NestedTransaction extends Transaction {
 
+  static for (srv,ctx) {
+    ctx = NestedContext.for (ctx)
+    return super.for (srv, ctx)
+  }
+
   /**
-   * Registers event listeners with the root context, to commit or rollback
+   * Registers event listeners with the given context, to commit or rollback
    * when the root tx is about to commit or rollback.
-   * @param {import ('../req/context')} root
+   * @param {EventContext} ctx
    */
-  constructor (srv,root) {
-    super (srv,root)
-    root.before ('succeeded', ()=> this.commit())
-    root.before ('failed', ()=> this.rollback())
-    if ('end' in srv) root.once ('done', ()=> srv.end())
+  constructor (srv,ctx) {
+    super (srv,ctx)
+    ctx.before ('succeeded', ()=> this.commit())
+    ctx.before ('failed', ()=> this.rollback())
+    if ('end' in srv) ctx.once ('done', ()=> srv.end())
   }
 
 }
@@ -193,3 +203,5 @@ const _begin = async function (req) {
   delete this.dispatch
   return this.dispatch (req)
 }
+
+module.exports = srv_tx

package/lib/utils/cds-utils.js

@@ -70,17 +70,17 @@ exports.mkdirp = async function (...path) {
 
 exports.rmdir = (...path) => {
   const d = resolve (cds.root,...path)
-  return (fs.promises.rm || fs.promises.rmdir) (d, {recursive:true})
+  return fs.promises.rm (d, {recursive:true})
 }
 
 exports.rimraf = (...path) => {
   const d = resolve (cds.root,...path)
-  return (fs.promises.rm || fs.promises.rmdir) (d, {recursive:true,force:true})
+  return fs.promises.rm (d, {recursive:true,force:true})
 }
 
 exports.rm = async function rm (x) {
   const y = resolve (cds.root,x)
-  return (fs.promises.rm || fs.promises.unlink)(y)
+  return fs.promises.rm(y)
 }
 
 exports.copy = async function copy (x,y) {

package/lib/utils/resources/index.js

@@ -8,22 +8,22 @@ const TEMP_DIR = fs.realpathSync(require('os').tmpdir())
 
 const packTarArchive = async (files, root, flat = false) => {
   if (typeof files === 'string') return await packArchiveCLI(files)
-  
+
   let tgzBuffer, temp
   try {
-    temp = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}tar-`)    
+    temp = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}tar-`)
     for (const file of files) {
       const fname = flat ? path.basename(file) : path.relative(root, file)
       const destination = path.join(temp, fname)
       const dirname = path.dirname(destination)
       if (!await exists(dirname)) await fs.promises.mkdir(dirname, { recursive: true })
-      await fs.promises.copyFile(file, destination)      
+      await fs.promises.copyFile(file, destination)
     }
 
     tgzBuffer = await packArchiveCLI(temp)
   } finally {
     if (await exists(temp)) {
-      await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+      await fs.promises.rm(temp, { recursive: true, force: true })
     }
   }
 
@@ -38,7 +38,7 @@ const unpackTarArchive = async (buffer, folder) => {
   try {
     await unpackArchiveCLI(tgz, folder)
   } finally {
-    if (await exists(temp)) await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+    if (await exists(temp)) await fs.promises.rm(temp, { recursive: true, force: true })
   }
 }
 

package/lib/utils/resources/tar.js

@@ -27,7 +27,7 @@ const packArchiveCLI = async (root) => {
   }
   finally {
     if (await exists(temp)) {
-      await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+      await fs.promises.rm(temp, { recursive: true, force: true })
     }
   }
 }

package/libx/_runtime/auth/index.js

@@ -183,7 +183,7 @@ module.exports = (srv, options = srv.options) => {
     (process.env.NODE_ENV === 'production' && config.credentials && config.restrict_all_services)
   ) {
     if (!logged) LOG._debug && LOG.debug(`Enforcing authenticated users for all services`)
-    app.use(_enforce_authenticated_user)
+    app.use(cap_enforce_login)
   }
 
   // so we don't log the same stuff multiple times
@@ -199,7 +199,7 @@ const _strategy4 = config => {
   throw new Error(`Authentication kind "${config.kind}" is not supported`)
 }
 
-const _enforce_authenticated_user = (req, res, next) => {
+const cap_enforce_login = (req, res, next) => {
   if (req.user && req.user.is('authenticated-user')) return next() // pass if user is authenticated
   if (!req.user || req.user._is_anonymous) {
     if (req.user && req.user._challenges) res.set('WWW-Authenticate', req.user._challenges.join(';'))

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/utils/PrimitiveValueDecoder.js

@@ -68,8 +68,6 @@ const MULTI_LINE_STRING_VALIDATION = new RegExp('^' + SRID + 'MultiLineString\\(
 const MULTI_POLYGON_VALIDATION = new RegExp('^' + SRID + 'MultiPolygon\\((' + MULTI_POLYGON + ')\\)$', 'i')
 const COLLECTION_VALIDATION = new RegExp('^' + SRID + 'Collection\\((' + MULTI_GEO_LITERAL + ')\\)$', 'i')
 
-const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}={2})$/
-
 function _getBase64(val) {
   if (isInvalidBase64string(val)) return
   // convert url-safe to standard base64

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-server/deserializer/DeserializerFactory.js

@@ -40,8 +40,10 @@ class DeserializerFactory {
         let additionalInformation = { hasDelta: false }
         const deserializer = new ResourceJsonDeserializer(edm, jsonContentTypeInfo)
         return (edmObject, value) => {
+          const body = deserializer[name](edmObject, value, expand, additionalInformation)
+
           return {
-            body: deserializer[name](edmObject, value, expand, additionalInformation),
+            body,
             expand,
             additionalInformation
           }

package/libx/_runtime/common/utils/binary.js

@@ -1,8 +1,6 @@
 const getTemplate = require('./template')
 const templateProcessor = require('./templateProcessor')
 
-const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}={0,1}|[A-Za-z0-9+/]{2}={0,2})$/
-
 // convert the standard base64 encoding to the URL-safe variant
 const toBase64url = value =>
   (Buffer.isBuffer(value) ? value.toString('base64') : value).replace(/\//g, '_').replace(/\+/g, '-')
@@ -17,12 +15,13 @@ const isInvalidBase64string = value => {
   if (Buffer.isBuffer(value)) return // ok
 
   // convert to standard base64 string; let it crash if typeof value !== 'string'
-  const base64 = value.replace(/_/g, '/').replace(/-/g, '+')
+  const base64value = value.replace(/_/g, '/').replace(/-/g, '+')
   const normalized = normalizeBase64string(value)
 
   // example of invalid base64 string --> 'WTGTdDsD/k21LnFRb+uNcAi=' <-- '...i=' must be '...g='
   // see https://datatracker.ietf.org/doc/html/rfc4648#section-4
-  return !base64.match(BASE64) || base64.replace(/=/g, '') !== normalized.replace(/=/g, '')
+  if (base64value.replace(/=/g, '') !== normalized.replace(/=/g, '')) return true
+  return base64value.length > normalized.length
 }
 
 const _picker = element => {

package/libx/_runtime/common/utils/resolveView.js

@@ -612,7 +612,7 @@ const _newQuery = (query, event, model, service) => {
   }[event]
   const newQuery = Object.create(query)
   const transitions = _entityTransitionsForTarget(query[event][_prop], model, service)
-  newQuery[event] = (transitions[0] && _func(newQuery, transitions, service)) || { ...query[event] }
+  newQuery[event] = (transitions?.[0] && _func(newQuery, transitions, service)) || { ...query[event] }
   return newQuery
 }
 

package/libx/_runtime/db/expand/rawToExpanded.js

@@ -30,9 +30,13 @@ class RawToExpanded {
       if (each._conversionMapper) for (const [k, v] of [...each._conversionMapper]) conversionMapper.set(k, v)
     }
 
-    for (let i = 0, length = this._queries.length; i < length; i++) {
+    const queryResults = await Promise.all(this._queries)
+    // NOTE: this doesn't work:
+    // for (let each of this._queries) await each
+
+    for (let i = 0, length = queryResults.length; i < length; i++) {
       const { _toManyTree: toManyTree = [] } = queries[i]
-      const result = await this._queries[i]
+      const result = queryResults[i]
       if (toManyTree.length === 0) {
         this._parseMainResult(result, mappings, conversionMapper, toManyTree)
       } else {
@@ -249,10 +253,7 @@ class RawToExpanded {
  * @returns {Promise<Array>} The complete expanded result set.
  */
 const rawToExpanded = (configs, queries, one, rootEntity) => {
-  return new RawToExpanded(configs, queries, one, rootEntity).toExpanded().catch(err => {
-    Promise.all(queries).catch(() => {})
-    throw err
-  })
+  return new RawToExpanded(configs, queries, one, rootEntity).toExpanded()
 }
 
 module.exports = rawToExpanded

package/libx/_runtime/db/generic/input.js

@@ -176,7 +176,10 @@ const _pickDraft = element => {
   // collect actions to apply
   const categories = []
 
-  if (element.virtual) categories.push('virtual')
+  if (_isVirtualOrCalculated(element)) {
+    categories.push('virtual')
+    return { categories } // > no need to continue
+  }
 
   if (element.default && !DRAFT_COLUMNS_MAP[element.name]) {
     categories.push({ category: 'default', args: element })

package/libx/_runtime/extensibility/add.js

@@ -1,4 +1,5 @@
 const cds = require('../cds')
+const LOG = cds.log('mtx')
 
 const { validateExtension } = require('./validation')
 const handleDefaults = require('./defaults')
@@ -16,6 +17,7 @@ const add = async function (req) {
   const extCsn = _isCSN(extension) ? JSON.parse(extension) : cds.parse.cdl(extension)
   if (extCsn.requires) delete extCsn.requires
 
+  LOG.info(`validating extension '${tag}' ...`)
   const { 'cds.xt.ModelProviderService': mps } = cds.services
   const csn = await mps.getCsn(tenant, ['*'])
   validateExtension(extCsn, csn, req)
@@ -26,6 +28,7 @@ const add = async function (req) {
     INSERT.into('cds.xt.Extensions').entries([{ ID, tag, csn: JSON.stringify(extCsn), activated: activate }])
   )
   const njCsn = cds.compile.for.nodejs(csn)
+  LOG.info(`activating extension to '${activate}' ...`)
   if (activate === 'propertyBag' && extCsn.extensions)
     extCsn.extensions.forEach(async ext => await handleDefaults(ext, njCsn))
   if (activate === 'database') await activateExt(ID, tag, tenant, njCsn)

package/libx/_runtime/extensibility/handler/transformREAD.js

@@ -42,23 +42,25 @@ const _removeExtendedFields = (columns, extFields, alias) => {
 
 const _transformUnion = (req, model) => {
   // second element is active entity
-  const name = req.target.name.SET ? req.target.name.SET.args[1]._target.name : req.target.name
-  const extFields = getExtendedFields(name, model)
-  _addBackPack(req.query.SELECT.columns, extFields)
-  _removeExtendedFields(req.query.SELECT.columns, extFields)
-
-  _addBackPack(
-    req.query.SELECT.from.SET.args[0].SELECT.columns,
-    extFields,
-    req.query.SELECT.from.SET.args[0].SELECT.from.args[0].as
-  )
-  _addBackPack(req.query.SELECT.from.SET.args[1].SELECT.columns, extFields)
-  _removeExtendedFields(
-    req.query.SELECT.from.SET.args[0].SELECT.columns,
-    extFields,
-    req.query.SELECT.from.SET.args[0].SELECT.from.args[0].as
-  )
-  _removeExtendedFields(req.query.SELECT.from.SET.args[1].SELECT.columns, extFields)
+  if (req.target) {
+    const name = req.target.name.SET ? req.target.name.SET.args[1]._target.name : req.target.name
+    const extFields = getExtendedFields(name, model)
+    _addBackPack(req.query.SELECT.columns, extFields)
+    _removeExtendedFields(req.query.SELECT.columns, extFields)
+
+    _addBackPack(
+      req.query.SELECT.from.SET.args[0].SELECT.columns,
+      extFields,
+      req.query.SELECT.from.SET.args[0].SELECT.from.args[0].as
+    )
+    _addBackPack(req.query.SELECT.from.SET.args[1].SELECT.columns, extFields)
+    _removeExtendedFields(
+      req.query.SELECT.from.SET.args[0].SELECT.columns,
+      extFields,
+      req.query.SELECT.from.SET.args[0].SELECT.from.args[0].as
+    )
+    _removeExtendedFields(req.query.SELECT.from.SET.args[1].SELECT.columns, extFields)
+  }
 }
 
 const _getAliasedEntitiesForJoin = (args, model) => {
@@ -111,7 +113,7 @@ function transformExtendedFieldsREAD(req) {
   _transformColumns(req.query.SELECT.columns, target.name, this.model)
 
   if (req.query.SELECT.from.SET) return _transformUnion(req, this.model) // union
-  if (req.query.SELECT.from.join) return _transformJoin(req, this.model) // join
+  if (req.query.SELECT.from.join && req.query.SELECT.from.args) return _transformJoin(req, this.model) // join
 }
 
 module.exports = {

package/libx/_runtime/extensibility/push.js

@@ -22,7 +22,7 @@ const _compileProject = async function (extension, req) {
     if (err.messages) req.reject(400, getCompilerError(err.messages))
     else throw err
   } finally {
-    ;(fs.promises.rm || fs.promises.rmdir)(root, { recursive: true, force: true }).catch(() => {})
+    fs.promises.rm(root, { recursive: true, force: true }).catch(() => {})
   }
 
   return { csn, files }
@@ -68,7 +68,7 @@ const pull = async function (req) {
     // for (const file of i18nFiles) await _copyFile(file, temp)
     tgz = await packTarArchive(temp)
   } finally {
-    ;(fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true }).catch(() => {})
+    fs.promises.rm(temp, { recursive: true, force: true }).catch(() => {})
   }
 
   return tgz
@@ -85,31 +85,31 @@ const push = async function (req) {
   if (tenant) cds.context = { tenant }
 
   // remove current extension with tag
-  let currentExt
   if (tag) {
-    currentExt = await cds.db.run(SELECT.from('cds.xt.Extensions').where({ tag }))
-    if (currentExt.length) await cds.db.run(DELETE.from('cds.xt.Extensions').where({ tag }))
+    await DELETE.from('cds.xt.Extensions').where({ tag })
   }
 
   LOG.info(`validating extension '${tag}' ...`)
   // validation
   const { 'cds.xt.ModelProviderService': mps } = cds.services
+  // REVISIT: Isn't that also done during activate?
   const csn = await mps.getCsn(tenant, Object.keys(cds.context.features || {}))
   try {
     cds.extend(csn).with(extCsn)
   } catch (err) {
-    if (currentExt && currentExt.length) {
-      await cds.db.run(INSERT.into('cds.xt.Extensions').entries(currentExt)) // REVISIT: why did we eagerly delete that at all above?
-    }
     return req.reject(400, getCompilerError(err.messages))
   }
   await linter(extCsn, csn, files, req)
 
   // insert and activate extension
   const ID = cds.utils.uuid()
-  await cds.db.run(
-    INSERT.into('cds.xt.Extensions').entries([{ ID, csn: JSON.stringify(extCsn), sources, activated: 'database', tag }])
-  )
+  await INSERT.into('cds.xt.Extensions').entries({
+    ID,
+    csn: JSON.stringify(extCsn),
+    sources,
+    activated: 'database',
+    tag
+  })
 
   LOG.info(`activating extension '${tag}' ...`)
   await activate(ID, null, tenant)

package/libx/_runtime/extensibility/utils.js

@@ -8,7 +8,7 @@ const EXT_BACK_PACK = 'extensions__'
 
 const getTargetRead = req => {
   let name = ''
-  if (req.query.SELECT.from.join) {
+  if (req.query.SELECT.from.join && req.query.SELECT.from.args) {
     // join
     name = req.query.SELECT.from.args.find(arg => arg.ref && arg.ref[0] !== 'DRAFT.DraftAdministativeData').ref[0]
   } else if (req.target.name.SET) {
@@ -63,15 +63,17 @@ const hasExtendedEntity = (req, model) => {
     return true
   }
 
-  if (req.query.SELECT.from.join) {
+  if (req.query.SELECT.from.join && req.query.SELECT.from.args) {
     return _hasExtendedEntityArgs(req.query.SELECT.from.args, model)
   }
 
-  if (req.target.name.SET) {
-    return isExtendedEntity(req.target.name.SET.args[0]._target.name, model)
-  }
+  if (req.target) {
+    if (req.target.name.SET) {
+      return isExtendedEntity(req.target.name.SET.args[0]._target.name, model)
+    }
 
-  return isExtendedEntity(req.target.name, model)
+    return isExtendedEntity(req.target.name, model)
+  }
 }
 
 const getExtendedFields = (entityName, model) => {

package/libx/_runtime/sqlite/Service.js

@@ -187,11 +187,13 @@ module.exports = class SQLiteDatabase extends DatabaseService {
       return
     }
 
-    const tx = this.transaction()
-    await tx.run(dropViews)
-    await tx.run(dropTables)
-    await tx.run(createEntities)
-    await tx.commit()
+    await this.run(async tx => {
+      // This starts a new transaction if called from CLI, while joining
+      // existing root tx, e.g. when called from DeploymenrService
+      await tx.run(dropViews)
+      await tx.run(dropTables)
+      await tx.run(createEntities)
+    })
 
     return true
   }

package/libx/_runtime/sqlite/execute.js

@@ -19,31 +19,47 @@ const SANITIZE_VALUES = process.env.NODE_ENV === 'production' && cds.env.log.san
  * -> only if DEBUG (which should not be used in production)
  */
 const DEBUG = cds.debug('sqlite')
-const _captureStack = DEBUG
-  ? () => {
-      const o = {}
-      Error.captureStackTrace(o, _captureStack)
-      return o
+const _exec = DEBUG
+  ? (dbc, op, ...args) => {
+      const callback = args[args.length - 1]
+      const captured = {}
+      Error.captureStackTrace(captured, _exec)
+      args[args.length - 1] = function (err) {
+        if (err) {
+          err.message += ' in: \n' + args[0]
+          err.query = args[0]
+          if (args.length > 2) err.values = SANITIZE_VALUES ? ['***'] : args[1]
+          err.stack =
+            err.message +
+            captured.stack
+              .slice(5)
+              .replace(/at( _exec)? /, 'at SQLite.' + op + ' ')
+              .replace(/\s+at new Promise .*\n.*/, '')
+        }
+        callback.apply(this, arguments)
+      }
+      return dbc[op](...args)
+    }
+  : (dbc, op, ...args) => {
+      const callback = args[args.length - 1]
+      args[args.length - 1] = function (err) {
+        if (err) {
+          err.message += ' in: \n' + args[0]
+          err.query = args[0]
+          if (args.length > 2) err.values = SANITIZE_VALUES ? ['***'] : args[1]
+        }
+        callback.apply(this, arguments)
+      }
+      return dbc[op](...args)
     }
-  : () => undefined
-
-const _augmented = (err, sql, values, o) => {
-  err.query = sql
-  if (values) err.values = SANITIZE_VALUES ? ['***'] : values
-  err.message += ' in: \n' + sql
-  if (o) err.stack = err.message + o.stack.slice(5)
-  return err
-}
 
 function _executeSimpleSQL(dbc, sql, values) {
   LOG._debug &&
     LOG.debug(coloredTxCommands[sql] || sql, Array.isArray(values) ? (SANITIZE_VALUES ? ['***'] : values) : '')
 
   return new Promise((resolve, reject) => {
-    const o = _captureStack()
-    dbc.run(sql, values, function (err) {
-      if (err) return reject(_augmented(err, sql, values, o))
-
+    _exec(dbc, 'run', sql, values, function (err) {
+      if (err) return reject(err)
       resolve(this.changes)
     })
   })
@@ -53,9 +69,8 @@ function executeSelectSQL(dbc, sql, values, isOne, postMapper) {
   LOG._debug && LOG.debug(sql, SANITIZE_VALUES ? ['***'] : values)
 
   return new Promise((resolve, reject) => {
-    const o = _captureStack()
-    dbc[isOne ? 'get' : 'all'](sql, values, (err, result) => {
-      if (err) return reject(_augmented(err, sql, values, o))
+    _exec(dbc, isOne ? 'get' : 'all', sql, values, (err, result) => {
+      if (err) return reject(err)
 
       // REVISIT
       // .get returns undefined if nothing in db
@@ -140,9 +155,8 @@ const _executeBulkInsertSQL = (dbc, sql, values) =>
     }
 
     LOG._debug && LOG.debug(sql, SANITIZE_VALUES ? ['***'] : values)
-    const o = _captureStack()
-    const stmt = dbc.prepare(sql, err => {
-      if (err) return reject(_augmented(err, sql, values, o))
+    const stmt = _exec(dbc, 'prepare', sql, err => {
+      if (err) return reject(err)
 
       if (!Array.isArray(values[0])) values = [values]
 
@@ -159,7 +173,7 @@ const _executeBulkInsertSQL = (dbc, sql, values) =>
             if (!isFinalized) {
               isFinalized = true
               stmt.finalize()
-              return reject(_augmented(err, sql, each, o))
+              return reject(err)
             }
           }
 
@@ -212,9 +226,8 @@ function executeInsertSQL(dbc, sql, values, query) {
   LOG._debug && LOG.debug(sql, SANITIZE_VALUES ? ['***'] : values)
 
   return new Promise((resolve, reject) => {
-    const o = _captureStack()
-    dbc.run(sql, values, function (err) {
-      if (err) return reject(_augmented(err, sql, values, o))
+    _exec(dbc, 'run', sql, values, function (err) {
+      if (err) return reject(err)
 
       // InsertResult needs an object per row with its values
       if (query && values.length > 0) {

package/libx/rest/RestAdapter.js

@@ -117,8 +117,7 @@ const RestAdapter = function(srv) {
   // begin tx
   router.use((req, res, next) => { // REVISIT: -> move to actual handler(s)
     // create tx and set as cds.context
-    // REVISIT: req._tx should not be used like that!
-    req.tx = cds.context = srv.tx({ user: req.user, req, res })
+    cds.context = srv.tx(new cds.EventContext({ user: req.user, req, res }))
     next()
   })
 
@@ -148,8 +147,7 @@ const RestAdapter = function(srv) {
 
     // unfortunately, express doesn't catch async errors -> try catch needed
     try {
-      // REVISIT: req._tx should not be used like that!
-      await req.tx.commit(result)
+      await cds.context?.tx?.commit(result)
     } catch (e) {
       return next(e)
     }
@@ -179,8 +177,7 @@ const RestAdapter = function(srv) {
     // request may fail during processing or during commit -> both caught here
 
     // REVISIT: rollback needed if error occured before commit attempted -> how to distinguish?
-    // REVISIT: req._tx should not be used like that!
-    if (req.tx) req.tx.rollback(err).catch(() => {}) // REVISIT: silently ?!?
+    cds.context?.tx?.rollback(err).catch(() => {}) // REVISIT: silently ?!?
 
     next(err)
   })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "6.1.0",
+  "version": "6.1.1",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [