@sap/cds 9.6.4 → 9.7.0

package/CHANGELOG.md

@@ -4,6 +4,48 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 9.7.0 - 2026-02-02
+
+### Added
+
+- Support for express 5 (in addition to express 4)
+- New config option `cds.requires.db.data` to configure source folders for initial data and test data CSV files
+- Enterprise Messaging now caches access tokens to support high-throughput message processing from Event Mesh
+- Automatically add `@Common.DraftRoot.NewAction` for each draft-enabled entity during `compile.for.odata` via `cds.fiori.direct_crud=true`
+- Support for `null` value in `@odata.bind`
+- Validation of flow annotations at compile step
+
+### Changed
+
+- Colors are enabled by default in GitHub Actions workflows
+- `queue`: Manually update `lastAttemptTimestamp` of outbox messages (instead of relying on `@cds.on.update: $now`)
+- `express` is no longer a peer dependency of `@sap/cds` but a regular one. Applications that want to pin it or require it in their custom code, should declare the dependency on their own.
+- `hcql` response format: `{ data: [], errors: [] }`
+
+### Fixed
+
+- Correctly respond with status `404` when `@cds.api.ignore` annotated action is requested
+- Ensure plugin debug emitted with `DEBUG=all`
+- Prevent app crash when `JSON.parse` of operation parameters fails
+- Generate correct UI annotations for Status Transition Flows when building and compiling
+- Remote services: Prefer `cds.context.user?.authInfo?.token?.jwt` over JWT in HTTP header of incoming request
+- References to child elements in `@Common.Text` annotations will now be checked. The reference will not be included in `@cds.search`, in case ...
+  * ... the reference can not be found in the annotated entity's associations
+  * ... the referenced entity is annotated with `@cds.persistence.skip`
+  * ... the referenced field does not exist in the referenced entity
+  * References to children of children will be ignored.
+- OData parser: Ignore superfluous brackets
+- Prevent app crash in case of `req.reject()` during draft activate triggered via OData batch
+- `cds minify` no longer removes services if their actions are kept
+- Better error when subquery can't be resolved for the current service
+- Flows: Record transition to default value on `INSERT`/ `UPSERT`
+- Error response properties of OData batch subrequests are now formatted identically to properties in single OData error responses
+- Prevent `@Common.numericSeverity` from appearing in persistent draft messages (in addition to the correct property `numericSeverity`)
+
+### Removed
+
+- `@cds.on.update: $now` from `cds.outbox.Messages.lastAttemptTimestamp`
+
 ## Version 9.6.4 - 2026-01-20
 
 ### Fixed
@@ -499,6 +541,12 @@
 - Deprecated stripping of unnecessary topic prefix `topic:` in messaging
 - Deprecated messaging `Outbox` class. Please use config or `cds.outboxed(srv)` to outbox your service.
 
+## Version 8.9.8 - 2025-12-17
+
+### Fixed
+
+- `enterprise-messaging-shared`: preserve error listener during reconnect
+
 ## Version 8.9.7 - 2025-11-07
 
 ### Fixed

package/bin/serve.js

@@ -144,7 +144,6 @@ exports.help = `
 
 
 const cds = require('../lib'), { exists, isfile, local, redacted, path } = cds.utils
-const COLORS = process.stdout.isTTY && !process.env.NO_COLOR || process.env.FORCE_COLOR
 
 /* eslint-disable no-console */
 
@@ -185,7 +184,7 @@ async function serve (all=[], o={}) {
 
   // Load local server.js early in order to allow setting custom cds.log.Loggers
   const cds_server = await _local_server_js() || cds.server
-  if (!o.silent) _prepare_logging ()
+  if (!o.silent) _init_logging ()
 
   // The following things are meant for dev mode, which can be overruled by feature flags...
   const {features} = cds.env
@@ -218,7 +217,7 @@ async function serve (all=[], o={}) {
     // server.on ('close', _shutdown)  // IMPORTANT: Don't do that as that would be a very strange loop
     // process.on ('exit', _shutdown)  // IMPORTANT: Don't do that as that would be a very strange loop
     async function _started() {
-      _assert_no_multi_installs()
+      _check_setup()
       const url = cds.server.url = `http://localhost:${server.address().port}`
       cds.emit ('listening', {server,url}) //> inform local listeners
       _resolve ({ server, url })
@@ -275,20 +274,22 @@ async function _local_server_js() {
 }
 
 
-function _prepare_logging () { // NOSONAR
+function _init_logging () {
 
   const LOG = cds.log('cds.serve|server',{label:'cds'}); if (!LOG._info) return; else log = LOG.info
+  const { DIMMED, RESET, enabled:colors } = cds.utils.colors
+  const { inspect } = require('util')
 
   // print information when model is loaded
   cds.on ('loaded', ({$sources:srcs})=>{
-    LOG.info (`loaded model from ${srcs.length} file(s):\n${COLORS ? '\x1b[2m' : ''}`)
+    LOG.info (`loaded model from ${srcs.length} file(s):\n ${DIMMED}`)
     const limit = 30, shown = srcs.length === limit + 1 ? limit + 1 : limit // REVISIT: configurable limit?
     for (let each of srcs.slice(0, shown))  console.log (' ', local(each))
     if (srcs.length > shown) {
       if (LOG._debug) for (let each of srcs.slice(shown))  console.log (' ', local(each))
       else console.log (`  ...${srcs.length-shown} more. Run with DEBUG=serve to show all files.`)
     }
-    COLORS && console.log ('\x1b[0m')
+    console.log (RESET)
   })
 
   // print information about each connected service
@@ -297,12 +298,14 @@ function _prepare_logging () { // NOSONAR
   })
 
   // print information about each provided service
+  const builtin = RegExp(`^(@sap/cds|${path.join(cds.home,'lib')}|${path.join(cds.home,'srv')})`)
+  const is_custom_impl = impl => !impl?.match(builtin)
   cds.on ('serving', (srv) => {
-    const details = {}, loc = srv.definition?.$location, src = srv._source
+    const details = {}, loc = srv.definition?.$location, impl = srv._source
     if (srv.endpoints.length) details.at = srv.endpoints.map(ep => ep.path)
     if (loc?.file) details.decl = local(loc.file)+':'+loc.line
-    if (src && !src.startsWith('@sap')) details.impl = local(src)
-    LOG.info (srv.mocked ? 'mocking' : 'serving', srv.name, details)
+    if (is_custom_impl(impl)) details.impl = local (impl)
+    LOG.info (srv.mocked ? 'mocking' : 'serving', srv.name, inspect (details, {colors,compact:1}))
   })
 
   // print info when we are finally on air
@@ -313,13 +316,6 @@ function _prepare_logging () { // NOSONAR
   })
 }
 
-/** handles --watch option */
-function _watch (project,o) {
-  o.args = process.argv.slice(2) .filter (a => a !== '--watch' && a !== '-w')
-  return this.load('watch')([project],o)
-}
-
-
 /** handles --project option */
 function _chdir_to (project) {
   // try using the given project as dirname, e.g. './bookshop'
@@ -331,6 +327,11 @@ function _chdir_to (project) {
   catch { cds.error `No such folder or package: '${process.cwd()}' -> '${project}'` }
 }
 
+/** handles --watch option */
+function _watch (project,o) {
+  o.args = process.argv.slice(2) .filter (a => a !== '--watch' && a !== '-w')
+  return this.load('watch')([project],o)
+}
 
 /** handles --in-memory[?] option */
 function _in_memory (o) {
@@ -349,7 +350,6 @@ function _in_memory (o) {
   }
 }
 
-
 /** handles --with-mocks option */
 function _with_mocks (o) {
   if (o.mocked || (o.mocked = o['with-mocks'])) {
@@ -363,17 +363,27 @@ function _with_mocks (o) {
   }
 }
 
-const _assert_no_multi_installs = ()=> { if (global.__cds_loaded_from?.size > 1) {
-  console.error(`
------------------------------------------------------------------------
-ERROR: Package '@sap/cds' was loaded from different installations:`,
-[ ...global.__cds_loaded_from ],
-`\nEnsure a single install to avoid hard-to-resolve errors.
------------------------------------------------------------------------
-`);
+function _check_setup() {
+  if (global.__cds_loaded_from?.size <= 1) return // all good
+  const home = require('os').homedir().toLowerCase()
+  const { BRIGHT, RED, DIMMED, RESET } = cds.utils.colors
+  console.error (`
+    -----------------------------------------------------------------------
+    ${BRIGHT+RED}ERROR:${RESET} @sap/cds was loaded from different locations:
+    ${DIMMED} ${[...global.__cds_loaded_from].map( 
+      path => '\n  ' + path.replace(home,'~') ).join('')} 
+    ${RESET}
+    Ensure a single install to avoid hard-to-resolve errors.
+    -----------------------------------------------------------------------
+  `.replace(/^ {4}/gm,''))
   if (cds.env.server.exit_on_multi_install)  process.exit(1)
-}}
+}
 
+
+/**
+ * Allows programmatic usage of 'cds serve' command.
+ * @param  {...string} argv command line arguments
+ */
 exports.exec = function cds_serve (...argv) {
   try {
     const [ args, options ] = require('./args') (serve, argv)
@@ -383,4 +393,6 @@ exports.exec = function cds_serve (...argv) {
     process.exitCode = 1
   }
 }
+
+// If called directly, e.g. 'node bin/serve.js', we execute the command
 if (!module.parent) exports.exec (...process.argv.slice(2))

package/lib/compile/for/flows.js

@@ -17,7 +17,7 @@ function addOperationAvailableToActions(actions, statusEnum, statusElementName)
     const fromList = getFrom(action)
     const conditions = []
     for (const from of fromList) {
-      const value = from['#'] ? statusEnum[from['#']]?.val ?? from['#'] : from
+      const value = from['#'] ? (statusEnum[from['#']]?.val ?? from['#']) : from
       if (typeof value !== 'string') {
         const msg = `Error while constructing @Core.OperationAvailable for action "${action.name}" of "${action.parent.name}". Value of @from must either be an enum symbol or a raw string.`
         cds.log('cds|edmx').warn(msg)
@@ -37,10 +37,8 @@ function addOperationAvailableToActions(actions, statusEnum, statusElementName)
 function addSideEffectToActions(actions, statusElementName) {
   for (const action of Object.values(actions)) {
     const properties = []
-    if (statusElementName.endsWith('.code')) {
-      const baseName = statusElementName.slice(0, -5)
-      properties.push(`in/${statusElementName}`)
-      properties.push(`in/${baseName}/*`)
+    if (statusElementName.endsWith('.code') || statusElementName.endsWith('_code')) {
+      const baseName = statusElementName.substring(0, statusElementName.length - 5)
       properties.push(`in/${baseName}_code`)
     } else {
       properties.push(`in/${statusElementName}`)
@@ -129,8 +127,9 @@ function enhanceCSNwithFlowAnnotations4FE(csn) {
           const codeElem = targetDef.elements.code
           const statusEnum = resolveStatusEnum(csn, codeElem)
           if (statusEnum) {
-            // REVISIT: is there no way to know from the CSN?
-            const statusElementName = csn._4java ? elemName + '.code' : elemName + '_code'
+            const hasElemNameCode =
+              entity.elements && Object.prototype.hasOwnProperty.call(entity.elements, `${elemName}_code`)
+            const statusElementName = hasElemNameCode ? `${elemName}_code` : `${elemName}.code`
             addSideEffectToActions(toActions, statusElementName)
             addOperationAvailableToActions(fromActions, statusEnum, statusElementName)
           }
@@ -153,21 +152,21 @@ module.exports = function cds_compile_for_flows(csn) {
   const _requires_history = !history_for_flows
     ? () => false
     : history_for_flows === 'all'
-    ? def => {
-        for (const each in def.elements) {
-          if (def.elements[each]['@flow.status']) {
-            return true
+      ? def => {
+          for (const each in def.elements) {
+            if (def.elements[each]['@flow.status']) {
+              return true
+            }
           }
         }
-      }
-    : def => {
-        for (const each in def.actions) {
-          const action = def.actions[each]
-          if (action && action[TO]?.['='] === FLOW_PREVIOUS) {
-            return true
+      : def => {
+          for (const each in def.actions) {
+            const action = def.actions[each]
+            if (action && action[TO]?.['='] === FLOW_PREVIOUS) {
+              return true
+            }
           }
         }
-      }
 
   /*
    * 1. propagate flows for well-known actions from extensions to definitions
@@ -255,6 +254,81 @@ module.exports = function cds_compile_for_flows(csn) {
     csn = dsn
   }
 
+  // validate flow in CSN
+  const messages = []
+  const validate = (status, enumVals, action, fromTo) => {
+    if (status === null) return true    
+    if (enumVals) {
+      let val = status['#']
+      if (
+        !(typeof val === 'string' && Object.entries(enumVals).some(([key]) => key === val)) &&
+        !(fromTo === TO && typeof status === 'object' && status['='] === FLOW_PREVIOUS)
+      ) {
+        messages.push(`Invalid ${fromTo} value(s) in action ${action}`);
+        return false;
+      }
+    } else {
+      if (typeof status !== 'string' && !(fromTo === TO && typeof status === 'object' && status['='] === FLOW_PREVIOUS)) {
+        messages.push(`Invalid ${fromTo} value(s) in action ${action}`)
+        return false
+      }
+    }
+
+    return true
+  }
+  
+  for (const name in csn.definitions) {
+    const def = csn.definitions[name]
+    if (!def.kind || def.kind !== 'entity' || !def.actions || !def.elements) continue
+   
+    const statusElements = Object.values(def.elements).filter(e => e['@flow.status'])
+    if (statusElements.length === 0) continue
+    if (statusElements.length > 1) {
+      messages.push(`Entity ${name} has multiple status elements. Only one @flow.status element is allowed per entity`)
+      continue
+    }    
+    const status = statusElements[0]
+  
+    let enumVals
+    if (status.type === 'cds.Association') {
+      const target = csn.definitions[status.target]
+      if (!status.keys || status.keys.length !== 1) {
+        messages.push(`Status element in entity ${name} must have exactly one key when used as association`)
+        continue
+      } 
+      const code = target.elements[status.keys[0].ref[0]]
+      enumVals = code.enum || csn.definitions[code.type]?.enum
+    } else if (status.enum) {
+      enumVals = status.enum  
+    } else if (csn.definitions[status.type]?.enum) {
+      enumVals = csn.definitions[status.type].enum
+    }
+
+    for (const each in def.actions) {
+      const action = def.actions[each]
+      let froms = action[FROM]
+      if (froms !== undefined) {        
+        froms = Array.isArray(froms) ? froms : [froms]
+        for (let from of froms) if (!validate(from, enumVals, each, FROM)) break
+      }
+      let tos = action[TO]
+      if (tos !== undefined) {
+        if (Array.isArray(tos)) {
+          messages.push(`${TO} must not be an array in action ${each}`)
+          continue
+        }
+        validate(tos, enumVals, each, TO)
+      }
+    }
+  }
+  if (messages.length) {
+    if (messages.length === 1) cds.error(messages[0])
+    else {
+     const errors = messages.map(message => ({ message }))
+     cds.error ('MULTIPLE_ERRORS', { details: errors })    
+    }    
+  }
+
   // REVISIT: annotate all X.transitions_ with @odata.draft.enabled: false
   for (const name in csn.definitions)
     if (name.endsWith('.transitions_')) csn.definitions[name]['@odata.draft.enabled'] = false
@@ -313,4 +387,3 @@ const FlowHistory = `{
 }`
 
 module.exports.enhanceCSNwithFlowAnnotations4FE = enhanceCSNwithFlowAnnotations4FE
-module.exports.getFrom = getFrom

package/lib/compile/for/lean_drafts.js

@@ -68,51 +68,6 @@ function DraftEntity4(active, name = active.name + '.drafts') {
   return draft
 }
 
-function addNewActionAnnotation(def) {
-  // Skip if a new action was defined manually
-  if (def.own('@Common.DraftRoot.NewAction')) return
-
-  // Skip for non draft roots
-  if (!def.own('@Common.DraftRoot.ActivationAction')) return
-
-  // TODO: This is perhaps THE ugliest way to automatically add a 'draftNew' action:
-  // TODO: > Instead, this should happen in cds-compiler/lib/transfrom/draft/odata.js
-  // TODO: > Within generateDrafts -> generateDraftForOData
-  // TODO: > Unfortunately, the 'createAction' utility does not currently allow creating collection bound actions
-  
-  def['@Common.DraftRoot.NewAction'] = `${def._service.name}.draftNew`
-
-  // TODO: Find a better way than this: 
-  // TODO: > By rewriting `draftNew` into a `NEW` req in draftHandle, action input validation is skipped
-  // TODO: > This causes issues if the action has parameters derived from key fields that should be mandatory
-  // TODO: > This will bubble up a NOT NULL CONSTRAINT error instead of raising a proper client error
-  // TODO: > This behavior also occurs for regular custom actions
-
-  // Format a list of cds action parameters, based on the entities key fields
-  // > E.g.: [ 'dayKey: Integer', 'nameKey: String', ...]
-  // > UUID keys are skipped as they are generated 
-  const idParameters = Object.values(def.keys)
-    .filter(el => el.key && !el.virtual && el._type !== 'cds.UUID') // TODO: Ignore @UI.Hidden keys?
-    .map(el => `${el.name}: ${el._type}`)
-
-  // Use cds.linked to create a valid action definition 
-  const { draftNew } = cds.linked(`
-    service Service {
-      entity ActiveEntity { } actions {
-        action draftNew(in: many $self, ${idParameters.join(', ')}) returns ActiveEntity;
-      }
-    }
-  `).definitions['Service.ActiveEntity'].actions
-  
-  draftNew.name = 'draftNew'
-  draftNew.returns = Object.create(def)
-  draftNew.returns.type = def.name
-  draftNew.parent = { name: def.name}
-  delete draftNew['$location']
-
-  def.actions['draftNew'] = draftNew  
-}
-
 module.exports = function cds_compile_for_lean_drafts(csn) {
   function _redirect(assoc, target) {
     assoc.target = target.name
@@ -263,7 +218,5 @@ module.exports = function cds_compile_for_lean_drafts(csn) {
 
     // will insert drafts entities, so that others can use `.drafts` even without incoming draft requests
     addDraftEntity(def, csn)
-
-    if (cds.env.fiori.direct_crud) addNewActionAnnotation(def)
   }
 }

package/lib/compile/for/nodejs.js

@@ -18,23 +18,56 @@ function _compile_for_nodejs (csn, o) {
     // if any @cds.search.* === true, @Common.Text should be ignored
     for (const key in def) if (key.startsWith('@cds.search') && def[key]) continue text_to_search
 
-    let searched = false
+    let isSearchAddedProgrammatically = false
+
+    // Add elements referenced in common.text annotations to search-relevant elements
     for (const name in def.associations) {
       const assoc = def.associations[name]
-      if (assoc['@Common.Text']?.['='] && def[`@cds.search.${assoc['@Common.Text']['=']}`] !== false) {
-        def[`@cds.search.${assoc['@Common.Text']['=']}`] = true
-        if (!searched) {
-          // add all string elements to @cds.search, if not annotated with @cds.search = false
-          for (const el in def.elements) {
-            const search_el = def.elements[el]
-            if (search_el._type === 'cds.String' && def[`@cds.search.${search_el.name}`] !== false) {
-              def[`@cds.search.${search_el.name}`] = true
-            }
-          }
-          searched = true
-        }
-      } 
+
+      // Extract the reference value from the @Common.Text annotation
+      let annotationValue = assoc['@Common.Text']
+      if (!annotationValue) continue
+
+      // Extract the relevant label reference
+      let commonTextRef = annotationValue.ref
+      if (!commonTextRef) commonTextRef = annotationValue['='].split('.')
+
+      // Ignore empty references & those with more than two segments
+      if (commonTextRef.length < 1 || commonTextRef.length > 2) continue
+      
+      // Make sure the reference is not explicitly excluded from search
+      const commonTextValue = commonTextRef.join('.')
+      if (def[`@cds.search.${commonTextValue}`] === false) continue
+
+      if (commonTextRef.length === 1) {
+        const element = def.elements[commonTextRef[0]]
+        if (!element || element.target || element.items) continue
+      }
+
+      if (commonTextRef.length === 2) {
+        const association = def.associations[commonTextRef[0]]
+        if (!association) continue
+        
+        const associationTarget = dsn.definitions[association.target]
+        if (!associationTarget) continue
+        if (associationTarget['@cds.persistence.skip']) continue
+
+        const element = associationTarget.elements[commonTextRef[1]]
+        if (!element || element.target || element.items) continue
+      }
+
+      def[`@cds.search.${commonTextValue}`] = true
+      isSearchAddedProgrammatically = true
     }
+
+    // add all string elements to @cds.search, if not annotated with @cds.search = false
+    if (isSearchAddedProgrammatically)
+      for (const el in def.elements) {
+        const search_el = def.elements[el]
+        if (search_el._type === 'cds.String' && def[`@cds.search.${search_el.name}`] !== false) {
+          def[`@cds.search.${search_el.name}`] = true
+        }
+      }
   }
 
   Object.defineProperty(csn, '_4nodejs', { value: dsn })

package/lib/compile/for/odata.js

@@ -8,6 +8,26 @@ module.exports = function cds_compile_for_odata (csn,_o) {
   let o = compile._options.for.odata(_o) //> required to inspect .sql_mapping below
   let dsn = compile.for.odata (csn,o)
   if (o.sql_mapping) dsn['@sql_mapping'] = o.sql_mapping //> compat4 old Java stack
+
+  if (cds.env.fiori.direct_crud) {
+    const DRAFT_NEW = 'draftNew'
+    for (const each in dsn.definitions) {
+      const def = dsn.definitions[each]
+      if (!def['@Common.DraftRoot.NewAction'] && def['@Common.DraftRoot.ActivationAction']) {
+        const srvName = Object.keys(dsn.definitions)
+          .filter(k => dsn.definitions[k].kind === 'service')
+          .find(k => each.startsWith(`${k}.`))
+        def['@Common.DraftRoot.NewAction'] = `${srvName}.${DRAFT_NEW}`
+        const params = { in: { items: { type: '$self' } } }
+        // for UI pop-up asking for values for non-UUID keys
+        Object.keys(def.elements)
+          .filter(k => k !== 'IsActiveEntity' && def.elements[k].key && def.elements[k].type !== 'cds.UUID')
+          .forEach(k => (params[k] = { type: def.elements[k].type }))
+        def.actions[DRAFT_NEW] = { kind: 'action', params, returns: { type: each } }
+      }
+    }
+  }
+
   Object.defineProperty (csn, '_4odata', {value:dsn})
   Object.defineProperty (dsn, '_4odata', {value:dsn})
   TRACE?.timeEnd('cds.compile 4odata'.padEnd(22))

package/lib/compile/load.js

@@ -1,4 +1,10 @@
-const cds = require('..')
+module.exports = exports = load
+exports.parsed = get
+
+const cds = require ('../index.js')
+const outbox_cds = cds.env.requires.queue?.model
+const [ outbox ] = cds.resolve (outbox_cds) || []
+
 const TRACE = cds.debug('trace')
 if (TRACE) {
   TRACE?.time('require cds.compiler'.padEnd(22))
@@ -6,31 +12,19 @@ if (TRACE) {
   TRACE?.timeEnd('require cds.compiler'.padEnd(22))
 }
 
-module.exports = exports = function load (files, options) {
-  let any = cds.resolve(files,options)
-
-  // REVISIT: we need to find a better way to handle this -> doing that in cds.load is by far too central
-  // REVISIT: bandaid for grow as you go scenario with task queues enabled by default
-  let locations
-  if (cds.watched) {
-    const _is_outbox = p => cds.utils.path.posix.normalize(p).match(/((\/cds\/srv\/outbox)|(\\cds\\srv\\outbox))(\.cds)?$/)
-    const _outbox_only = any?.length === 1 && _is_outbox(any[0]) && (!Array.isArray(files) || !files.some(_is_outbox))
-    if (_outbox_only) {
-      any = undefined
-      locations = cds.resolve(files, false).filter(f => !_is_outbox(f))
-    }
-  }
 
-  if (!any) return Promise.reject (new cds.error ({
-    message: `Couldn't find a CDS model for '${files}' in ${cds.root}`,
+function load (models, options) {
+  const files = cds.resolve (models, options)
+  if (!files || cds.watched && files == outbox) return Promise.reject (new cds.error ({
+    message: `Couldn't find a CDS model for '${models}' in ${cds.root}`,
+    files: cds.resolve(models,false)?.filter (f => f !== outbox_cds),
     code: 'MODEL_NOT_FOUND',
-    files, locations
   }))
-  return this.get (any,options,'inferred')
+  return get (files, options, 'inferred') 
 }
 
 
-exports.parsed = function cds_get (files, options, _flavor) {
+function get (files, options, _flavor) {
   const o = typeof options === 'string' ? { flavor:options } : options || {}
   if (!files) files = ['*']; else if (!Array.isArray(files)) files = [files]
   if (o.files || o.flavor === 'files') return cds.resolve(files,o)
@@ -44,19 +38,22 @@ exports.parsed = function cds_get (files, options, _flavor) {
     o.flavor || _flavor || 'parsed'
   )
   return csn.then?.(_finalize) || _finalize(csn)
+
   function _finalize (csn) {
+    if (outbox) csn.$sources = csn.$sources.filter (f => f !== outbox)
     if (!o.silent) cds.emit ('loaded', csn)
     if (!o.silent) TRACE?.timeEnd('cds.compile *.cds'.padEnd(22))
     return csn
   }
-}
 
-const _sources4 = async (files) => {
-  const {path:{relative},fs:{promises:{readFile}}} = cds.utils, cwd = cds.root
-  const sources = await Promise.all (files.map (f => readFile(f,'utf-8')))
-  return files.reduce ((all,f,i) => { all[relative(cwd,f)] = sources[i]; return all },{})
+  async function _sources4 (files) {
+    const {relative} = cds.utils.path, {readFile} = cds.utils.fs.promises
+    const all = await Promise.all (files.map (f => readFile(f,'utf-8')))
+    return files.reduce ((d,f,i) => (d[relative(cds.root,f)] = all[i], d),{})
+  }
 }
 
+
 exports.properties = (...args) => (exports.properties = require('./etc/properties').read) (...args)
 exports.yaml = (file) => (exports.yaml = require('./etc/yaml').read) (file)
 exports.csv = (file) => (exports.csv = require('./etc/csv').read) (file)