@sap/cds 6.1.3 → 6.2.1

package/bin/mtx/in-cds.js

@@ -7,6 +7,7 @@ const _is_streamlined_mtx = ()=>{
 
 if (!cds.requires.multitenancy || _is_streamlined_mtx()) module.exports = undefined
 else try {
+  // eslint-disable-next-line cds/no-missing-dependencies
   const mtx = module.exports = require ('@sap/cds-mtx')()
   mtx.inject (cds)
   cds.on('served', () => cds.emit('mtx'))

package/bin/serve.js

@@ -129,6 +129,7 @@ const cds = require('../lib'), { exists, isfile, local, path } = cds.utils
 let log = console.log
 let debug = false
 
+
 /**
  * The main function which dispatches into the respective usage variants.
  * @param {string[]} all - project folder, model filenames, or service name
@@ -148,6 +149,9 @@ async function serve (all=[], o={}) { // NOSONAR
   // handle --watch and --project
   if (o.watch)  return _watch.call(this, o.project,o)   // cds serve --watch <project>
   if (o.project) _chdir_to (o.project)      // cds run --project <project>
+
+  // Load local server.js early in order to allow setting custom cds.log.Loggers
+  const cds_server = await _local_server_js() || cds.server
   if (!o.silent) _prepare_logging ()
 
   // The following things are meant for dev mode, which can be overruled by feature flagse...
@@ -185,30 +189,15 @@ async function serve (all=[], o={}) { // NOSONAR
   }
 
   // bootstrap server from project-local server.js or from @sap/cds/server.js
-  const cds_server = await _local_server_js() || cds.server
   const server = await cds_server(o)
 
   // return a promise which resolves to the created http server when listening
   return cds.server.listening = new Promise ((_resolve,_reject) => {
-    const _started = ()=>{
-      const url = cds.server.url = `http://localhost:${server.address().port}`
-      cds.emit ('listening', {server,url}) //> inform local listeners
-      _resolve (server)
-    }
+
     server.listening ? _started(server) : server.once('listening',_started)
     server.on ('error',_reject) // startup errors like EADDRINUSE
     server.on ('close', ()=> shutdown())  // in case of server.close() was called, like in cds.test
 
-    let shutdownCalled = false
-    const shutdown = async sig => {
-      if (shutdownCalled)  return
-      shutdownCalled = true
-      global.it || cds.watched || console.log()  // blank line makes the ^C look pretty in terminals
-      debug && debug(`${sig}, shutting down, calling ${cds.listeners('shutdown').length} listeners`)
-      await Promise.all(cds.listeners('shutdown').map((fn) => fn()))
-      if (process.env.NODE_ENV !== 'test' && !global.it)  process.exit()
-    }
-
     process.once('SIGTERM', shutdown)
     process.once('SIGINT', shutdown)
     process.once('SIGHUP', shutdown)
@@ -217,6 +206,21 @@ async function serve (all=[], o={}) { // NOSONAR
     process.on('message', (msg) => { if (msg.close||msg.exit) shutdown() })  // by `cds watch` on Windows
 
     return server
+
+    async function _started() {
+      _warn_if_cds_was_loaded_from_different_locations()
+      const url = cds.server.url = `http://localhost:${server.address().port}`
+      cds.emit ('listening', {server,url}) //> inform local listeners
+      _resolve (server)
+    }
+
+    async function shutdown (sig) {
+      if (shutdown.called) return; else shutdown.called = true // only do that once
+      global.it || cds.watched || console.log()  // blank line makes the ^C look pretty in terminals
+      debug && debug(`${sig}, shutting down, calling ${cds.listeners('shutdown').length} listeners`)
+      await Promise.all(cds.listeners('shutdown').map((fn) => fn()))
+      if (process.env.NODE_ENV !== 'test' && !global.it)  process.exit()
+    }
   })
 }
 
@@ -224,7 +228,7 @@ async function _local_server_js() {
   const _local = file => isfile(file) || isfile (path.join(cds.env.folders.srv,file))
   let server_js = process.env.CDS_TYPESCRIPT && _local('server.ts') || _local('server.js')
   if (server_js) {
-    log ('Loading server from', { file: local(server_js) })
+    console.log ('[cds] - loading server from', { file: local(server_js) })
     let fn = await cds.utils._import(server_js)
     if (fn && fn.default)  fn = fn.default  // default ESM export
     return typeof fn === 'function' ? fn : cds.server
@@ -233,25 +237,21 @@ async function _local_server_js() {
 
 
 function _prepare_logging () { // NOSONAR
-  // change `log` function to cds.log
-  const LOG = cds.log('serve', { prefix:'cds' })
-  log = LOG._info && LOG.info
-  if (!log) return log = ()=>{}
-  debug = cds.debug('cli')
 
-  const _timer = `[cds] - launched at ${new Date().toLocaleString()}, in`
+  const LOG = cds.log('serve|server',{label:'cds'}); if (!LOG._info) return; else log = LOG.info
+  const _timer = `[cds] - launched at ${new Date().toLocaleString()}, version: ${cds.version}, in`
   console.time (_timer)
 
   // print information when model is loaded
   cds.on ('loaded', (model)=>{
-    log (`model loaded from ${model.$sources.length} file(s):\n\x1b[2m`)
+    LOG.info (`loaded model from ${model.$sources.length} file(s):\n\x1b[2m`)
     for (let each of model.$sources)  console.log (' ', local(each))
     console.log ('\x1b[0m')
   })
 
   // print information about each connected service
   cds.on ('connect', ({name,kind,options:{use,credentials,impl}})=>{
-    log (`connect to ${name} > ${use||kind||impl}`, credentials ? _redacted(credentials) : '')
+    LOG.info (`connect to ${name} > ${use||kind||impl}`, credentials ? _redacted(credentials) : '')
   })
 
   // print information about each provided service
@@ -260,17 +260,15 @@ function _prepare_logging () { // NOSONAR
     if (srv.path) details.path = srv.path
     if (srv._source && !srv._source.startsWith('@sap'))
       details.impl = local(srv._source)
-    log (`${srv.mocked ? 'mocking' : 'serving'} ${srv.name}`, details)
+      LOG.info (`${srv.mocked ? 'mocking' : 'serving'} ${srv.name}`, details)
   })
 
-  cds.on ('served', ()=> console.log())
-
   // print info when we are finally on air
   cds.once ('listening', ({url})=>{
     console.log()
-    log ('server listening on',{url})
+    LOG.info ('server listening on',{url})
     _timer && console.timeEnd (_timer)
-    if (process.stdin.isTTY) log (`[ terminate with ^C ]\n`)
+    if (process.stdin.isTTY) LOG.info (`[ terminate with ^C ]\n`)
   })
 }
 
@@ -336,4 +334,13 @@ function _redacted(cred) {
   return cred
 }
 
+
+const _warn_if_cds_was_loaded_from_different_locations = ()=> global.__cds_loaded_from?.size > 1 && console.warn(`
+-----------------------------------------------------------------------
+WARNING: Package '@sap/cds' was loaded from different installations:`,
+[ ...global.__cds_loaded_from ],
+`Rather ensure a single install only to avoid hard-to-resolve errors.
+-----------------------------------------------------------------------
+`)
+
 /* eslint no-console:off */

package/lib/auth/basic-auth.js

@@ -0,0 +1,33 @@
+module.exports = function basic_auth (options) {
+
+  const cds = require ('../index'), LOG = cds.log('auth'), { decodeURIComponent } = cds.utils
+  const users = require ('./mocked-users') (options)
+  const login_required = options.login === 'required' || process.env.NODE_ENV === 'production' && options.credentials || cds.requires.multitenancy
+
+  /** @type { import('express').Handler } express_handler */
+  return async function basic_auth (req, res, next) {
+    // allow subsequent code to request a user login
+    req.login = login
+    // get basic authorization header
+    let auth = req.headers.authorization
+    // enforce login if requested
+    if (!auth) return login_required ? req.login('Logged in user required!') : next()
+    // decode user credentials from autorization header
+    let [id,pwd] = Buffer.from(auth.slice(6),'base64').toString().split(':')
+    // verify user credentials and set req.user
+    let u = req.user = await users.verify (id, pwd)
+    // re-request login in case of wrong credentials
+    if (u.failed) return req.login (u)
+    // support for feature toggles via req.headers.features
+    if (req.headers.features) u = req.user = { ...u, features: req.headers.features } // NOTE: need to clone u
+    // done...
+    if (LOG._debug) LOG.debug('authenticated user:', u)
+    next()
+  }
+
+  function login (reason='') {
+    const req=this, res=req.res
+    res.set ('WWW-Authenticate', `Basic realm="Users"`) .sendStatus (401)
+    LOG.info (req.method, decodeURIComponent(req.path), '>', res.statusCode, res.statusMessage, ...(!reason ? [] : ['-', reason]))
+  }
+}

package/lib/auth/dummy-auth.js

@@ -0,0 +1,7 @@
+const { User: { privileged }} = require ('../index')
+module.exports = function dummy_auth() {
+  return function dummy_auth (req, res, next) {
+    req.user = privileged
+    next()
+  }
+}

package/lib/auth/ias-auth.js

@@ -0,0 +1,2 @@
+module.exports = require('../../libx/_runtime/auth/strategies/ias-auth')
+// TODO: could move that implementation over here and link from libx/_runtime

package/lib/auth/index.js

@@ -0,0 +1,31 @@
+
+function auth_factory (options) {
+  const cds = require ('../index'), { path, local } = cds.utils
+  const o = { ...options, ...cds.requires.auth }
+  let kind = o.kind || o.strategy
+  let middleware = cds.auth[kind]
+  if (middleware) {
+    cds.log().info ('using auth strategy:', { kind }, '\n')
+  } else {
+    let impl = o.impl || path.resolve (__dirname, kind)
+    try { impl = require.resolve (impl) }  catch {
+      throw cds.error `Cannot find auth impl: ${impl}`
+    }
+    cds.log().info ('using auth strategy:', { kind, impl: local(impl) }, '\n')
+    middleware = require(impl)
+  }
+  return middleware(o)
+}
+
+const { lazified } = require('../lazy')
+const _require = require; require = lazified (module) // eslint-disable-line no-global-assign
+
+module.exports = lazified (Object.assign (auth_factory, {
+  mocked: require('./basic-auth'),
+  basic:  require('./basic-auth'),
+  dummy:  require('./dummy-auth'),
+  ias:    require('./ias-auth'),
+  xsuaa:  require('./xsuaa-auth'),
+}))
+
+require = _require // eslint-disable-line no-global-assign

package/lib/auth/jwt-auth.js

@@ -0,0 +1,3 @@
+// TODO...
+console.trace ('JWT auth is not yet implemented')
+module.exports = ()=> (req,res,next)=> next()

package/lib/auth/mocked-users.js

@@ -0,0 +1,72 @@
+const cds = require ('../index'), { User } = cds
+const LOG = cds.log('auth')
+
+class MockedUsers {
+
+  constructor (options) {
+    const tenants = this.tenants = options.tenants || {}
+    const users = this.users = options.users || {}
+    for (let [k,v] of Object.entries(users)) {
+      if (typeof v === 'boolean') continue
+      if (typeof v === 'string') v = { password:v }
+      let id = _configured(v).id || k
+      let u = users[id] = new User ({ id, ...v })
+      let fts = tenants[u.tenant]?.features
+      if (fts && !u.features) u.features = fts
+    }
+  }
+
+  /**
+   * Verifies a username / password combination against configured users.
+   * @returns { {id:string} | {failed:string} }
+   * - `{id,...}` → a user object for successfully authenticated users
+   * - `{failed}` → for failed authentication, i.e., invalid credentials
+   */
+  verify (id, pwd) {
+    let u = this.users[id]
+    if (!u) return id && this.users['*'] ? { id } : { failed: `User '${id}' not found` }
+    if (u.password && pwd !== u.password) return { failed: `Wrong password for user '${id}'` }
+    return u
+  }
+}
+
+const _configured = (u,x) => {
+  if ((x = _deprecated (u.ID, 'ID','id'))) {
+    u.id = x
+  }
+  if ((x = _deprecated (u.userAttributes, 'userAttributes','attr'))) {
+    u.attr = { ...u.attr, ...x }
+  }
+  if (u.jwt) {
+    if ((x = _deprecated (u.jwt.zid, 'jwt.zid','tenant'))) {
+      u.tenant = u.jwt.zid
+    }
+    if ((x = _deprecated (u.jwt.attributes, 'jwt.attributes','attr'))) {
+      u.attr = { ...u.attr, ...x }
+    }
+    if ((x = _deprecated (u.jwt.userInfo, 'jwt.attributes','attr'))) {
+      u.attr = { ...u.attr, ...x }
+    }
+    if ((x = _deprecated (u.jwt.scope || u.jwt.scopes, 'jwt.scopes','roles'))) {
+      const {aud} = u.jwt; if (aud) x = x.map (s => {
+        for (const each of aud) s = s.replace(`${each}.`, '')
+        return s
+      })
+      u.roles = [ ...u.roles||[], ...x ]
+    }
+  }
+  return u
+}
+
+const _deprecated = (v,x,y) => {
+  if (!v || x in _deprecated) return v
+  else LOG.warn(`WARNING: \n
+    Usage of '${x}' in user configurations is deprecated and won't be
+    supported in future releases. → Please use property '${y}' instead.
+  `)
+  return _deprecated[x] = v
+}
+
+
+// allows calling with or without new
+module.exports = function(o) { return new MockedUsers(o) }

package/lib/auth/passport-basic.js

@@ -0,0 +1,12 @@
+/* eslint-disable cds/no-missing-dependencies */
+module.exports = function passport_basic_auth (options) {
+  // const session = require('express-session')({ secret:'secret', resave:false, saveUninitialized:true, })
+  const { BasicStrategy } = require('passport-http')
+  const users = require ('./mocked-users') (options)
+  const passport = require('passport') .use (new BasicStrategy ((id, pwd, done) => {
+    let user = users.verify (id,pwd)
+    if (user.failed) return done (null, false, { message: user.failed })
+    else return done (null, user)
+  }))
+  return passport.authenticate('basic', {session:false})
+}

package/lib/auth/passport-digest.js

@@ -0,0 +1,14 @@
+/* eslint-disable cds/no-missing-dependencies */
+module.exports = function passport_digest_auth (options) {
+  // const session = require('express-session')({ secret:'secret', resave:false, saveUninitialized:true, })
+  const { users } = require ('./mocked-users') (options)
+  const { DigestStrategy } = require('passport-http')
+  const passport = require('passport') .use (new DigestStrategy ((id, done) => {
+    // REVISIT: this is never called -> no clue why
+    console.trace (id)
+    const u = users[id]
+    if (!u) return done (null, false)
+    else return done (null, u, u.password)
+  }))
+  return passport.authenticate('digest', {session:false})
+}

package/lib/auth/xsuaa-auth.js

@@ -0,0 +1,3 @@
+// TODO...
+console.trace ('XSUAA auth is not yet implemented')
+module.exports = ()=> (req,res,next)=> next()

package/lib/compile/cds-compile.js

@@ -51,8 +51,8 @@ function cds_compile (model, options, _flavor) {
   if (!model) throw cds.error (`Argument 'model' must be specified`)
   if (_is_csn(model) && _assert_flavor(model,_flavor,options)) return _fluent(model)   //> already parsed csn
   const o = _options4 (options,_flavor)
-  const files = _is_files (model)
   const cwd = o.cwd || cds.root
+  const files = _is_files (model,cwd)
   if (files) {
     if (o.sync) return _fluent (_finalize (cdsc.compileSync(files,cwd,o)))  //> compile files synchroneously
     else return _fluent (cdsc.compile(files,cwd,o) .then (_finalize))       //> compile files asynchroneously
@@ -75,9 +75,9 @@ function cds_compile (model, options, _flavor) {
 
 
 const _is_csn = (x) => (x.definitions || x.extensions) && !x.$builtins
-const _is_files = m => {
+const _is_files = (m,root) => {
   if (Array.isArray(m) || /^file:/.test(m) && (m = m.slice(5)))
-    return cds.resolve(m) || cds.error ( `Couldn't find a CDS model for '${m}' in ${cds.root}`,{ code:'MODEL_NOT_FOUND', model: m })
+    return cds.resolve(m,{root}) || cds.error ( `Couldn't find a CDS model for '${m}' in ${root||cds.root}`,{ code:'MODEL_NOT_FOUND', model: m })
 }
 const _assert_flavor = (m,_flavor,options) => {
   if (!m.meta) return true; const f = _flavor || _flavor4 (options)

package/lib/compile/to/cdl.js

@@ -1,4 +1,5 @@
 const cdsc = require ('../cdsc')
+const keywords = require("@sap/cds-compiler").to.cdl.keywords
 
 function cds_compile_to_cdl (csn,o) {
   const results = cdsc.to.cdl (csn,o)
@@ -15,4 +16,7 @@ function* _many(all) {
 }
 
 const _cdl = cdl => cdl.replace(/^\/\/ generated.+\n/,'')
-module.exports = cds_compile_to_cdl
+module.exports = Object.assign(
+  cds_compile_to_cdl,
+  { keywords }
+)

package/lib/compile/to/edm.js

@@ -1,6 +1,14 @@
 const cdsc = require ('../cdsc')
 const cds = require ('../../index')
 
+if (cds.env.features.precompile_edms !== false) {
+  const _precompiled = new WeakMap
+  cdsc.to.edm = Object.assign ((csn,o)=>{
+    if (!_precompiled.has(csn)) _precompiled.set (csn, cdsc.to.edm.all (csn,o))
+    return _precompiled.get(csn) [o.service]
+  }, { all: cdsc.to.edm.all })
+}
+
 function cds_compile_to_edm (csn,_o) {
   const o = cdsc._options.for.edm(_o) //> used twice below...
   csn = _4odata(csn,o)

package/lib/compile/to/gql.js

@@ -1,4 +1,5 @@
 const cds = require ('../..')
+// eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
 const { SchemaGenerator } = require('@sap/cds-graphql/lib/schema')
 
 function cds_compile_to_gql (csn) {

package/lib/compile/to/json.js

@@ -4,6 +4,7 @@ const path = require('path')
 module.exports = (csn,o={}) => {
   const relative = filename => (o.src !== o.cwd) ? path.relative(o.src, path.join(o.cwd, filename)) : filename
   const relative_cds_home = RegExp ('^' + path.relative (o.src || o.cwd || cds.root, cds.home) + '/')
+
   const resolver = (_,v) => {
 
     if (!v) return v
@@ -18,10 +19,15 @@ module.exports = (csn,o={}) => {
     else if (v.kind === "service" && !v['@source'] && v.$location?.file) {
       // Preserve original sources for services so we can use them for finding
       // sibling implementation files when reloaded from csn.json.
-      const file = relative(v.$location.file)
-      .replace(relative_cds_home,'@sap/cds/')
-      .replace('node_modules/','')
-      .replace(/\\/g,'/')
+      let file = relative(v.$location.file)
+        .replace(relative_cds_home,'@sap/cds/')
+        .replace('node_modules/','')
+        .replace(/\\/g,'/')
+      // If there is still a relative path pointing outside of cwd, convert it to a module path
+      // e.g. ../bookshop/srv/cat-service.cds -> @capire/bookshop/srv/cat-service.cds
+      if (file.startsWith('../')) {
+        file = to_module_path(file, o.cwd)
+      }
       return { '@source': file, ...v }
     }
 
@@ -29,4 +35,23 @@ module.exports = (csn,o={}) => {
 
   }
   return JSON.stringify (csn, resolver, o && o.indents || 2)
-}
+}
+
+// go upwards, find a package.json and try resolving with this module name
+function to_module_path (file, cwd=cds.root) {
+  let dir = path.dirname(file)
+  while (dir && dir.length > 1) {
+    try {
+      const pkg = require(path.join(cwd, dir, 'package.json'))
+      const module_path = file.replace(dir, pkg.name)
+      require.resolve(module_path, { paths:[cwd] })  // check if result is resovable, note that this assumes NPM install
+      return module_path
+    } catch (err) {
+      if (err.code !== 'MODULE_NOT_FOUND')  throw err
+      dir = path.dirname(dir)
+    }
+  }
+  return file
+}
+
+// module.exports.to_module_path = to_module_path

package/lib/compile/to/sql.js

@@ -1,6 +1,6 @@
 const cds = require ('../..')
 const cdsc = require ('../cdsc')
-
+const keywords = require("@sap/cds-compiler").to.sql.sqlite.keywords
 
 function cds_compile_to_sql (csn,_o) {
   csn = _extended(cds.minify(csn))
@@ -38,10 +38,12 @@ function* _2many (all,_file=f=>f) {
 module.exports = Object.assign (cds_compile_to_sql, {
   hdbcds: cds_compile_to_hdbcds,
   hdbtable: cds_compile_to_hdbtable,
+  sqlite: { keywords }
 })
 
 
 
+
 /////////////////////////////////////////////////////////////////////////////
 // UI Flex - read extensions__ to views, when ext fields are read
 const _extended = (csn) => {

package/lib/core/index.js

@@ -52,6 +52,10 @@ const types = _common ({ __proto__: roots,
 	UUID: {type:'string',length:36,isUUID:true},
 	Boolean: {type:'boolean'},
 	Integer: {type:'number'},
+		UInt8: {type:'Integer'},
+		Int16: {type:'Integer'},
+		Int32: {type:'Integer'},
+		Int64: {type:'Integer'},
 		Integer16: {type:'Integer'},
 		Integer32: {type:'Integer'},
 		Integer64: {type:'Integer'},
@@ -66,7 +70,7 @@ const types = _common ({ __proto__: roots,
 	String: {type:'string'},
 	Binary: {type:'string'},
 	LargeString: {type:'string'},
-	LargeBinary: {type:'string'},
+	LargeBinary: {type:'string'}
 })
 
 /**

package/lib/dbs/cds-deploy.js

@@ -1,6 +1,12 @@
 const cds = require('../index'), { local, inspect } = cds.utils
 const DEBUG = cds.debug('deploy')
-/* eslint-disable no-console */
+
+const colors = !!process.stdout.isTTY && !!process.stderr.isTTY
+const term = {
+  x1b2: colors ? '\x1b[2m' : '',
+  x1b0: colors ? '\x1b[0m' : '',
+  info: colors ? (s => term.x1b2 + s + term.x1b0) : (s => s)
+}
 
 /**
  * Implementation of `cds.deploy` common to all databases.
@@ -18,10 +24,10 @@ exports = module.exports = function cds_deploy (model,options) { return {
     if (model && !model.definitions) {
       model = await cds.load (model) .then (cds.minify)
       if (DEBUG) try {
-        DEBUG (`model loaded from ${model.$sources.length} file(s):\n\x1b[2m`)
+        DEBUG (`loaded model from ${model.$sources.length} file(s):\n${term.x1b2}`)
         for (let each of model.$sources)  console.log (' ', local(each))
       } finally {
-        console.log ('\x1b[0m')
+        console.log (term.x1b0)
       }
     }
 
@@ -38,11 +44,11 @@ exports = module.exports = function cds_deploy (model,options) { return {
 
     // fill in initial data...
     await exports.init (db,model, file => LOG(
-      `\x1b[2m > init from ${local(file)} \x1b[0m`
+      term.info(` > init from ${local(file)}`)
     ))
 
     // done
-    const {credentials:c} = db.options, file = c && (c.database || c.url)
+    const file = db.getDbUrl(cds.context?.tenant)
     if (file !== ':memory:') LOG (`/> successfully deployed to ./${file}\n`)
     else LOG (`/> successfully deployed to sqlite in-memory db\n`)
     return db
@@ -116,7 +122,8 @@ exports.create = async function (db, csn=db.model, o) {
       await tx.run(creates)
       return true
     })
-  } else return db.deploy (csn,o)
+  }
+  else return db.deploy (csn,o)
 }
 
 
@@ -133,6 +140,7 @@ exports.init = (db, csn=db.model, log=()=>{}) => db.run (async tx => {
       const INSERT_into = _from_csv_or_json [path.extname(file)]
       const src = await read(file,'utf8'); if (!src) continue
       const q = INSERT_into (e,src); if (!q) continue
+      if (db.kind === 'better-sqlite') _add_missing_pks2(q)
       log (file,e)
       inits.push (tx.run(q) .catch (e => {
         Error.captureStackTrace(e)
@@ -141,6 +149,19 @@ exports.init = (db, csn=db.model, log=()=>{}) => db.run (async tx => {
     }
   }
   await Promise.all (inits)
+
+  function _add_missing_pks2 (q) {
+    const {columns,rows} = q.INSERT // REVISIT: .entries are covered by current runtime. Should eventually also be handled here, as we likely don't do so in new db services
+    if (columns) {
+      const entity = csn.definitions[q._target.name], {uuid} = cds.utils
+      for (let k in entity.keys) if (!columns.includes(k)) {
+        columns.push(k)
+        const t = entity.keys[k]._type, pk = t === 'cds.UUID' ? uuid : index => index+1
+        rows.forEach ((row,index) => row.push(pk(index)))
+      }
+    }
+  }
+
 })
 
 
@@ -165,6 +186,13 @@ exports.resources = async function (csn, opts) {
             DEBUG && DEBUG (`ignoring '${fx}' in favor of translated ones`); continue
           }
           const e = _entity4(f,csn); if (_skip(e)) continue
+          if (cds.env.features.deploy_data_onconflict === 'replace' && !/[._]texts_/.test(f)) {
+            const seenBefore = Object.entries(found).find(([_, entity]) => entity === e.name )
+            if (seenBefore) {
+              DEBUG && DEBUG(`Conflict for '${e.name}': replacing '${local(seenBefore[0])}' with '${local(path.join(subdir,fx))}'`)
+              continue
+            }
+          }
           found[path.join(subdir,fx)] = e.name
         }
       }
@@ -213,3 +241,5 @@ const INSERT_from_json = (entity, json) => {
 
 const _from_csv_or_json = { '.json': INSERT_from_json, '.csv': INSERT_from_csv, }
 const _skip = e => !e || e['@cds.persistence.skip'] === true
+
+/* eslint-disable no-console */

package/lib/env/cds-env.js

@@ -106,7 +106,11 @@ class Config {
     let sources = [
       { name: 'USER_HOME', path: user_home, file: '.cdsrc.json' },
       { name: 'PROJECT', path: home, file: '.cdsrc.json' },
-      { name: 'PACKAGE', path: home, file: 'package.json', mapper: p => p[context] },
+      { name: 'PACKAGE', path: home, file: 'package.json', mapper: p => {
+        const obj = p[context] || {}
+        obj.extends = obj.extends || p.extends // fill cds.extends from .extends
+        return obj
+      }},
       { name: 'PRIVATE', path: home, file: '.cdsrc-private.json' }
     ]
 
@@ -429,9 +433,11 @@ function _merge (dst, src, _profiles, _cloned, _profiles_only = false) {
     }
 
     if (_profiles && p[0] === '[') {
-      if (_profiles._defined)  _profiles._defined.add (p.slice(1,-1))
-      if (_profiles.has(p.slice(1,-1)))
-        profiled.push (()=> _merge (dst, src[p], _profiles, _cloned, false))
+      const profile = p.slice(1,-1)
+      if (_profiles._defined)  _profiles._defined.add (profile)
+      if (_profiles.has(profile)) {
+        profiled.push ({ profile, merge: () => _merge (dst, src[p], _profiles, _cloned, false)})
+      }
       continue
     }
 
@@ -445,7 +451,11 @@ function _merge (dst, src, _profiles, _cloned, _profiles_only = false) {
 
     if (!_profiles_only && v !== undefined) dst[p] = v
   }
-  for (let each of profiled) each()
+  if (profiled.length > 0 && !_profiles.has('production')) {
+    const profiles = Array.from(_profiles)
+    profiled.sort((a,b) => profiles.indexOf(b.profile) - profiles.indexOf(a.profile))
+  }
+  for (let each of profiled) each.merge()
   return dst
 }