@sap/cds 9.7.1 → 9.8.1

package/CHANGELOG.md

@@ -4,6 +4,54 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 9.8.1 - 2026-03-09
+
+### Fixed
+
+- OData batch parallel processing: Preserve request sequence for OData v2
+- In inbound messaging, only load the extended model if there is a tenant
+- Ensure `cds.fiori.direct_crud` is considered during `cds build`
+
+## Version 9.8.0 - 2026-03-06
+
+### Added
+
+- Calculated elements are now properly calculated in draft state. So far, the elements have been treated as regular elements ignoring the calculation.
+  + In case this causes issues, you can opt-out with `cds.fiori.calc_elements = false` until cds10
+- $compute supports decimal constants
+- Support `/$metadata` requests in OData batch
+- Support for `@odata.bind` parameters in collection bound actions
+- Support for renaming of foreign keys of managed associations while resolving views
+- Support for `Prefer: return=minimal` header in generic draft actions
+- OData batch: Parallel processing of atomicity groups via `cds.odata.max_batch_parallelization=<number>` (default: `1`)
+  - Only applicable if `$batch` request exclusively contains `GET` requests
+  - Note: Parallel processing of atomicity groups is in conflict with OData specification for `multipart/mixed`!
+  - Additional experimental feature: Bundle independent `GET` requests into single transaction via `cds.odata.group_parallel_gets=true`
+- `hcql`: request raw stream via http header `Accept: application/octet-stream`
+
+### Changed
+
+- Destination caching is no longer modified at runtime. Caching configuration is now managed by the Cloud SDK.
+- `cds.env` now supports for credentials lookup Kubernetes secrets with a structure like `${SERVICE_BINDING_ROOT}/${SERVICE}/${INSTANCE}/${BINDING}`. Previously only one level between the root and the binding was possible.
+- Allow using ESlint 10 by opening version range `^9 || ^10` for `@eslint/js`
+- Outbound `hcql` requests always via `POST`
+
+### Fixed
+
+- OData JSON batch:
+  + Response value formatting and escaping for non `application/json` responses
+  + Setting correct `content-type` header value for all content types
+- `content-length` is now set for OData multipart/mixed batch subrequest responses
+- Connection issues when a Kafka cluster has been created with public endpoints
+- Fix duplicated columns in case of `$expand=*`
+- Unhandled promise rejection in `cds.spawn` if extended model could not be loaded
+- Set `msg.tenant` & `msg.event` of messages received from Kafka, based on the stringified header values
+- `$expand=*` expands only the exposed associations
+- Broken `odata-v2` formatting for values used in `beween- and`, `in` and `lambda` type expressions
+- Appending `/$value` to an entity that is not a media entity returns `400 Bad Request`
+- In Jest test runs in ESM projects, files are now loaded properly
+- Correctly resolve dependencies in workspace setups where the CAP project is not at the root
+
 ## Version 9.7.1 - 2026-02-06
 
 ### Fixed

package/_i18n/i18n_en_US_saptrc.properties

@@ -1,113 +1,58 @@
-#Text Types
-#
-#XACT: Text with explicit importance for accessibility.
-#XBUT: Button
-#XCKL: Checkbox
-#XFLD: Field label
-#XLNK: Hyperlink
-#XMIT: Menu item (Menu item, either top-level like "File" or lower-level like "Save as...")
-#XMSG: Message
-#XRBL: Radio button
-#XSEL: Selection (Values in a drop-down list, or a status. For example: "In Process", "Shipped" or "Open".)
-#XTIT: Title (or heading) of a non-actionable user interface element like a column, wizard, or screen area.
-#XTOL: Explanatory text for an UI element, such as a tooltip, input help.
-#YINS: Instruction for a user, for example, a permanent text on a screen that introduces a group of fields.
-#----------------------------------------------------------------------------------------------------------------------
-#For text elements that are not supposed to be translated, use the text type NOTR
-#----------------------------------------------------------------------------------------------------------------------
-#Recommended pattern
-#
-#<TextType>:<AdditionalContextInformation>
-#If there is a maximum length restriction, please indicate as shown below.
-#<TextType>,<MaximumLength>:<AdditionalContextInformation>
-#----------------------------------------------------------------------------------------------------------------------
-# This is the resource bundle for foundation
-# __ldi.translation.uuid=dd6c5800-b108-11e8-be90-bd1cf6ac87fb
-#----------------------------------------------------------------------------------------------------------------------
-
-#XTIT: Created By (Answer to: "Which user has created a certain entity?")
+
 CreatedBy=Bx7yxWg0AHyeOti1YDOOXw_Created By
 
-#XTIT: Created On (Answer to: "When has a certain entity been created?")
 CreatedAt=CJxeZDpLHdREwzDQeluRuA_Created On
 
-#XTIT: Changed By (Answer to: "Which user has changed a certain entity?")
 ChangedBy=y0d7F56RLGVZiTV7YHU7Iw_Changed By
 
-#XTIT: Changed On (Answer to: "When has a certain entity been changed?")
 ChangedAt=8v5EfaWMYC2dmCGnaCSSUA_Changed On
 
-#XTIT: Currency
 Currency=bNSEwGmQtXNxy/Qh310iSQ_Currency
 
-#XTIT: Currency Code
 CurrencyCode=3cKgP4qz+IsDHtETO3InVQ_Currency Code
 
-#XTIT: Currency Code Description
 CurrencyCode.Description=pPQIrs2UIayPnWseWvdbuA_Currency code as specified by ISO 4217
 
-#XTIT: Currency Symbol
 CurrencySymbol=ICns/nlRq2+/URxMXV+T8g_Currency Symbol
 
-#XTIT: Currency Minor Unit Fractions (Answer to: "How many fractions has a currency's minor unit?", e.g. "0" or "2")
 CurrencyMinorUnit=0S6MF8n74OoGrKEYI1LO+Q_Currency Minor Unit Fractions
 
-#XTIT: Country/Region
 Country=AbsSu8Y0n1nvBQMk+UaLfw_Country/Region
 
-#XTIT: Country/Region Code
 CountryCode=IgAotY/RI8UnAUTEtFNGkw_Country/Region Code
 
-#XTIT: Country/Region Code Description
 CountryCode.Description=uSGs3P7TwJlYCpDq83TJNg_Country/region code as specified by ISO 3166-1
 
-#XTIT: Language
 Language=gFWTYTeLWksYL6uD/TAgFA_Language
 
-#XTIT: Language Code
 LanguageCode=NhI8Yd8pNFS7omWQsk5aJw_Language Code
 
-#XTIT: Language Code Description
 LanguageCode.Description=ajmXdjo3lK0nfaMLCpvPMw_Language code as specified by ISO 639-1
 
-#XTIT Time zone code
 TimeZoneCode=Y0KTpmsmzoysYLT6jDQEkQ_Time Zone Code
 
-#XTIT: User Identifier
 UserID=cjI0FCsEZ2aD8ERc6G/xZw_User ID
 
-#XTIT: Any kind of name
 Name=xOqOj8rcOinN3ZBO0WdWjA_Name
 
-#XTIT: Any kind of description
 Description=VGpOoz5siT25o1W0WDiHGw_Description
 
-#XTOL: A user's unique Indentifier
 UserID.Description=yOjW1w1qaIvgZeYb0qAsig_User's unique ID
 
-#XTIT: Admin data for a draft document
 Draft_DraftAdministrativeData=LsxY+0o1fWbFeMrxNNIRvg_Draft Administrative Data
 
-#XTIT: Technical ID of a draft document
 Draft_DraftUUID=Y5OedvjtpZGSeRwWXI4alQ_Draft (Technical ID)
 
-#XTIT: Creation time of a draft
 Draft_CreationDateTime=Y2ttcgWpNQmB69F6w8jYmw_Draft Created On
 
-#XTIT: User created the draft
 Draft_CreatedByUser=fVPXdEA4PQ/ruI+1ZC6lzg_Draft Created By
 
-#XTIT: The current user (me) created the draft
 Draft_DraftIsCreatedByMe=Oi4B0zRRBAKoN6wuBWyQPA_Draft Created By Me
 
-#XTIT: Time a draft was last changed on
 Draft_LastChangeDateTime=3ZVPB34hJDc38V1GIGr6cw_Draft Last Changed On
 
-#XTIT: User that changed the draft last
 Draft_LastChangedByUser=X7I4n0+rc50bDozET507FA_Draft Last Changed By
 
-#XTIT: User that is working on the draft
 Draft_InProcessByUser=/MEKNHLAPlLRsGiFC1PeOA_Draft In Process By
 
-#XTIT: The current user (me) is working on the draft
 Draft_DraftIsProcessedByMe=zZGCPf/2uR37cfpgf1znGA_Draft In Process By Me

package/_i18n/messages_en_US_saptrc.properties

@@ -1,194 +1,103 @@
-# Input Validation
 
-#XMSG: Enter a value between 0 and 100. // Implementation still provides 3 values
 ASSERT_RANGE=UsaDWZPG4eILDj9gBv9dQQ_Enter a value between {1} and {2}.
-#XMSG: Enter a valuematching the pattern /^abc/.
 ASSERT_FORMAT=lXdUpDxTyQee5ifT6kBnEg_Enter a value matching the pattern {1}.
-#XMSG: Enter one of the allowed values: High,Medium,Low. // Implementation still provides 2 values
 ASSERT_ENUM=vik7PhkgJHJK7qIQQ8YvPw_Enter one of the allowed values: {1}.
-#XMSG: Provide the missing value. // Error text displayed on a field, in case a mandatory value is not set.
 ASSERT_MANDATORY=fetcw29Zp30ja46xX6Y/Lw_Provide the missing value.
-#XMSG: Target with this key doesn't exist.
 ASSERT_TARGET=QJmMamMnIKhch4NMNFG+1A_Target with this key doesn''t exist.
 
-# Aggregating Error
 
-#XMSG
 MULTIPLE_ERRORS=G/CGK3r2VN2zrerNELfXsg_Multiple errors occurred, see details below.
 
-# Input format
 
-#NOTR
 ASSERT_VALID_ELEMENT=Element is not valid
-#NOTR
 ASSERT_DATA_TYPE=Value {0} is not a valid {1}
-#NOTR
 ASSERT_ARRAY=Value must be an array
 
-# Status Codes
 
-#NOTR
 400=Bad Request
-#NOTR
 401=Unauthorized
-#NOTR
 403=Forbidden
-#NOTR
 404=Not Found
-#NOTR
 405=Method Not Allowed
-#NOTR
 406=Not Acceptable
-#NOTR
 407=Proxy Authentication Required
-#NOTR
 408=Request Timeout
-#NOTR
 409=Conflict
-#NOTR
 410=Gone
-#NOTR
 411=Length Required
-#NOTR
 412=Precondition Failed
-#NOTR
 413=Payload Too Large
-#NOTR
 414=URI Too Long
-#NOTR
 415=Unsupported Media Type
-#NOTR
 416=Range Not Satisfiable
-#NOTR
 417=Expectation Failed
-#NOTR
 422=Unprocessable Content
-#NOTR
 424=Failed Dependency
-#NOTR
 428=Precondition Required
-#NOTR
 429=Too Many Requests
-#NOTR
 431=Request Header Fields Too Large
-#NOTR
 451=Unavailable For Legal Reasons
-#NOTR
 500=Internal Server Error
-#NOTR
 501=The server does not support the functionality required to fulfill the request
-#NOTR
 502=Bad Gateway
-#NOTR
 503=Service Unavailable
-#NOTR
 504=Gateway Timeout
 
-# fragments
 
-#NOTR
 ENTITY=entity
-#NOTR
 TYPE=type
-#NOTR
 FUNCTION=function
-#NOTR
 ACTION=action
 
-# db
 
-#NOTR
 NO_DATABASE_CONNECTION=No database connection
-#NOTR
 ENTITY_ALREADY_EXISTS=Entity already exists
-#NOTR
 ENTITY_LOCKED=Entity locked
-#NOTR
 UNIQUE_CONSTRAINT_VIOLATION=Unique constraint violation
-#NOTR
 FK_CONSTRAINT_VIOLATION=Foreign key constraint violation
 
-# remote
 
-#NOTR
 INVALID_CONTENT_TYPE_ONLY_JSON=Invalid content type. Only "application/json" is supported.
 
-# access control
 
-#NOTR
 INSERTABLE=insertable
-#NOTR
 READABLE=readable
-#NOTR
 UPDATABLE=updatable
-#NOTR
 DELETABLE=deletable
-#NOTR
 ENTITY_IS_INSERT_ONLY=Entity "{0}" is insert-only
-#NOTR
 ENTITY_IS_READ_ONLY=Entity "{0}" is read-only
-#NOTR
 ENTITY_IS_NOT_CRUD=Entity "{0}" is not {1}
-#NOTR
 ENTITY_IS_NOT_CRUD_VIA_NAVIGATION=Entity "{0}" is not {1} via navigation "{2}"
-#NOTR
 ENTITY_IS_AUTOEXPOSED=Entity "{0}" is not explicitly exposed as part of the service
-#NOTR
 ENTITY_IS_AUTOEXPOSE_READONLY=Entity "{0}" is explicitly exposed as readonly
-#NOTR
 EXPAND_IS_RESTRICTED=Navigation property "{0}" is not allowed for expand operation
 
-# rest protocol adapter
 
-#NOTR
 INVALID_RESOURCE="{0}" is not a valid resource
-#NOTR
 INVALID_PARAMETER="{0}" is not a valid parameter
-#NOTR
 INVALID_PARAMETER_VALUE_TYPE=Parameter value for "{0}" must be of type "{1}"
-#NOTR
 INVALID_OPERATION_FOR_ENTITY=Entity "{0}" has no {1} "{2}"
-#NOTR
 NO_MATCHING_RESOURCE=The server has not found a resource matching the requested URI
-#NOTR
 INVALID_POST=POST is only allowed on resource collections and actions
-#NOTR
 INVALID_PUT=PUT is only allowed on a specific resource
-#NOTR
 INVALID_PATCH=PATCH is only allowed on a specific resource
-#NOTR
 INVALID_DELETE=DELETE is only supported on a specific resource
-#NOTR
 CRUD_VIA_NAVIGATION_NOT_SUPPORTED=CRUD via navigations is not yet supported
 
-# OData protocol adapter
 
-#NOTR
 BATCH_TOO_MANY_REQ=Batch request contains too many requests
 
-# draft
 
-#NOTR
 DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by user "{0}"
-#NOTR
 DRAFT_ALREADY_EXISTS=A draft for this entity already exists
-#NOTR
 DRAFT_NOT_EXISTING=No draft for this entity exists
-#NOTR
 DRAFT_MODIFICATION_ONLY_VIA_ROOT=A draft-enabled entity can only be modified via its root entity
-#NOTR
 ACTIVE_MODIFICATION_VIA_DRAFT=Active entities cannot be modified via draft request
-#NOTR
 DRAFT_ACTIVE_DELETE_FORBIDDEN_DRAFT_EXISTS=Entity cannot be deleted because a draft exists
 
-# singleton
 
-#NOTR
 SINGLETON_NOT_NULLABLE=The singleton entity is not nullable
 
-# flows
 
-#XMSG: Action "acceptTravel" requires "travelStatus" to be "Open".
 INVALID_FLOW_TRANSITION_SINGLE=35OYYAR7qBeFqZojBKMD7w_Action "{0}" requires "{1}" to be "{2}".
-#XMSG: Action "cancelTravel" requires "travelStatus" to be one of the following values: Open,Accepted.
-INVALID_FLOW_TRANSITION_MULTI=mqoLKfqWIZ4EX7lQDYHTzw_Action "{0}" requires "{1}" to be one of the following values: {2}.
+INVALID_FLOW_TRANSITION_MULTI=mqoLKfqWIZ4EX7lQDYHTzw_Action "{0}" requires "{1}" to be one of the following values: {2}.

package/eslint.config.mjs

@@ -14,6 +14,9 @@ export const defaults = {
   rules: {
     'no-unused-vars': 'warn',
     'no-console': 'warn',
+    'preserve-caught-error': 'off',
+    'no-useless-assignment': 'off',
+    'no-unassigned-vars': 'off'
   },
 
   languageOptions: {
@@ -75,7 +78,7 @@ export const defaults = {
  * ESLint config for jest and mocha test.
  */
 export const tests = {
-  files: [ '**/test/**/*.js', '**/test?/**/*.js', '**/*.test.js', '**/*-test.js' ],
+  files: [ '**/+(test|tests)/**/*.+(js|cjs|mjs)', '**/*.test.+(js|cjs|mjs)', '**/*-test.+(js|cjs|mjs)' ],
   languageOptions: {
     globals: {
       mocha: 'readonly',

package/lib/compile/cds-compile.js

@@ -6,6 +6,7 @@ const compile = module.exports = Object.assign (cds_compile, {
   for: new class {
     get java(){ return super.java = require('./for/java') }
     get nodejs() { return super.nodejs = require('./for/nodejs') }
+    get direct_crud() { return super.direct_crud = require('./for/direct_crud') }
     get lean_drafts() { return super.lean_drafts = require('./for/lean_drafts') }
     get flows() { return super.flows = require('./for/flows') }
     get assert() { return super.assert = require('./for/assert') }

package/lib/compile/for/direct_crud.js

@@ -0,0 +1,23 @@
+const $compiled_for_direct_crud = Symbol('compiled_for_direct_crud')
+const DRAFT_NEW = 'draftNew'
+
+module.exports = function cds_compile_for_direct_crud(csn) {
+  if (csn[$compiled_for_direct_crud]) return csn
+  csn[$compiled_for_direct_crud] = true
+
+  for (const each in csn.definitions) {
+    const def = csn.definitions[each]
+    if (!def['@Common.DraftRoot.NewAction'] && def['@odata.draft.enabled']) {
+      const srvName = Object.keys(csn.definitions)
+        .filter(k => csn.definitions[k].kind === 'service')
+        .find(k => each.startsWith(`${k}.`))
+      def['@Common.DraftRoot.NewAction'] = `${srvName}.${DRAFT_NEW}`
+      const params = { in: { items: { type: '$self' } } }
+      // for UI pop-up asking for values for non-UUID keys
+      Object.keys(def.elements)
+        .filter(k => k !== 'IsActiveEntity' && def.elements[k].key && def.elements[k].type !== 'cds.UUID')
+        .forEach(k => (params[k] = { type: def.elements[k].type }))
+      def.actions[DRAFT_NEW] = { kind: 'action', params, returns: { type: each } }
+    }
+  }
+}

package/lib/compile/for/lean_drafts.js

@@ -65,6 +65,18 @@ function DraftEntity4(active, name = active.name + '.drafts') {
   const _pname = active['@cds.persistence.name']
   if (_pname) draft['@cds.persistence.name'] = _pname + '_drafts'
 
+  if (cds.env.fiori.calc_elements !== false) {
+    for (const each in draft.elements) {
+      const element = draft.elements[each]
+      // $calc = true indicates that the compiler cannot determine the calculated expression
+      if (element.$calc && element.$calc !== true) {
+        const e = { __proto__: element }
+        e.value = element.$calc
+        draft.elements[each] = e
+      }
+    }
+  }
+
   return draft
 }
 

package/lib/compile/for/odata.js

@@ -9,24 +9,7 @@ module.exports = function cds_compile_for_odata (csn,_o) {
   let dsn = compile.for.odata (csn,o)
   if (o.sql_mapping) dsn['@sql_mapping'] = o.sql_mapping //> compat4 old Java stack
 
-  if (cds.env.fiori.direct_crud) {
-    const DRAFT_NEW = 'draftNew'
-    for (const each in dsn.definitions) {
-      const def = dsn.definitions[each]
-      if (!def['@Common.DraftRoot.NewAction'] && def['@Common.DraftRoot.ActivationAction']) {
-        const srvName = Object.keys(dsn.definitions)
-          .filter(k => dsn.definitions[k].kind === 'service')
-          .find(k => each.startsWith(`${k}.`))
-        def['@Common.DraftRoot.NewAction'] = `${srvName}.${DRAFT_NEW}`
-        const params = { in: { items: { type: '$self' } } }
-        // for UI pop-up asking for values for non-UUID keys
-        Object.keys(def.elements)
-          .filter(k => k !== 'IsActiveEntity' && def.elements[k].key && def.elements[k].type !== 'cds.UUID')
-          .forEach(k => (params[k] = { type: def.elements[k].type }))
-        def.actions[DRAFT_NEW] = { kind: 'action', params, returns: { type: each } }
-      }
-    }
-  }
+  if (cds.env.fiori.direct_crud) cds.compile.for.direct_crud(dsn)
 
   Object.defineProperty (csn, '_4odata', {value:dsn})
   Object.defineProperty (dsn, '_4odata', {value:dsn})

package/lib/compile/to/edm.js

@@ -42,6 +42,7 @@ function cds_compile_to_edmx (csn,_o) {
     const next = () => {
       if (!result) {
         if (cds.env.features.annotate_for_flows) enhanceCSNwithFlowAnnotations4FE(csn)
+        if (cds.env.fiori.direct_crud) cds.compile.for.direct_crud(csn)
         result = o.service === 'all' ? _many('.xml', cdsc.to.edmx.all(csn, o)) : cdsc.to.edmx(csn, o)
       }
       return result

package/lib/compile/to/json.js

@@ -18,13 +18,15 @@ module.exports = (csn,o={}) => {
     } catch {/* ignored */}
 
     else if (v.kind === "service" && !v['@source'] && v.$location?.file) {
+      let fileLocation = v.$location.file
+
       // Preserve original sources for services so we can use them for finding
       // sibling implementation files when reloaded from csn.json.
-      let file = relative(v.$location.file)
+      let file = relative(fileLocation)
         .replace(/\\/g,'/')
         .replace(relative_cds_home,'@sap/cds/')
       for (const mld of moduleLookupDirectories) { // node_modules/ usually, more for Java
-        file = file.replace(mld, '')
+        file = file.replace(new RegExp('.*'+mld), '') // also remove relative `../` paths, needed for workspace setups
       }
 
       // If there is still a relative path pointing outside of cwd, convert it to a module path

package/lib/env/defaults.js

@@ -166,6 +166,7 @@ module.exports = {
     containment: undefined,
     context_with_columns: false,
     max_batch_header_size: '64KiB', // instead of node's 16KiB
+    max_batch_parallelization: 1,
   },
 
   sql: {

package/lib/env/serviceBindings.js

@@ -112,11 +112,21 @@ function readServiceBindingsServicesFromPath(serviceBindingRoot) {
   for (const bindingEntry of fs.readdirSync(serviceBindingRoot, { withFileTypes: true })) {
     if (bindingEntry.isDirectory()) {
       const bindingPath = path.join(serviceBindingRoot, bindingEntry.name)
-      const binding = readBinding(bindingPath, bindingEntry.name)
-      if (!binding) continue
-      const type = binding.type
-      const bindings = bindingsForService[type] || (bindingsForService[type] = [])
-      bindings.push(binding)
+      let binding = readBinding(bindingPath, bindingEntry.name)
+      if (!binding) {
+        // If binding is undefined, check if its not nested bindings
+        for (const dirEntry of fs.readdirSync(bindingPath, { withFileTypes: true })) {
+          if (!dirEntry.isDirectory() || !dirEntry.name) continue
+          const instancePath = path.join(bindingPath, dirEntry.name)
+          binding = readBinding(instancePath, dirEntry.name)
+          if (!binding) continue;
+          bindingsForService[binding.type] ??= []
+          bindingsForService[binding.type].push(binding)
+        }
+        continue
+      }
+      bindingsForService[binding.type] ??= []
+      bindingsForService[binding.type].push(binding)
     }
   }
   return Object.keys(bindingsForService).length > 0 ? bindingsForService : undefined

package/lib/index.js

@@ -1,4 +1,4 @@
-if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require('./utils/version').check()
+if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require('./utils/version').checkNodeVersion()
 
 const { AsyncLocalStorage } = require ('async_hooks')
 const context = new AsyncLocalStorage

package/lib/log/cds-error.js

@@ -5,33 +5,46 @@ const { format, inspect } = require('../utils/cds-utils')
  * Constructs and optionally throws an Error object.
  * Usage variants:
  *
- *       cds.error (404, 'Not Found', { code, ... })
- *       cds.error ('Not Found', { code, ... })
- *       cds.error ({ code, message, ... })
+ *       cds.error (404, 'code', 'message', { ... details })
+ *       cds.error (404, { ... details })
+ *       cds.error ({ ... any details })
+ *       cds.error ('code', 'message', { ... details })
+ *       cds.error ('message', { ... details })
  *       cds.error `template string usage variant`
+ *       cds.error (new Error, { ... any details })
  *
  * When called with `new` the newly created Error is returned.
  * When called without `new` the error is thrown immediately.
  * The latter is useful for usages like that:
  *
- *       let x = y || cds.error `'y' must be truthy, got: ${y}`
+ *       let x = y || cds.error `expected y to be defined`
  *
  * @param {number} [status] - HTTP status code
- * @param {string} [message] - Error message
+ * @param {string} [code] - Stable error code, which clients can rely on
+ * @param {string} [message] - Human-readable error message
  * @param {object} [details] - Additional error details
- * @param {Function} [caller] - The function calling this
+ * @param {Function} [caller] - The function calling us => stack trace cut off here
+ * @returns {Error} The constructed Error (only when called with `new`)
  */
-const error = exports = module.exports = function error ( status, message, details, caller ) {
-  if (typeof status !== 'number') [ status, message, details, caller ] = status.raw ? [ undefined, error.message(...arguments) ] : [ undefined, status, message, details ]
-  if (typeof message === 'object') [ message, details, caller ] = [ undefined, message, details ]
-  let err = details && 'stack' in details ? details : Object.assign (new Error (message, details), details)
-  if (caller) Error.captureStackTrace (err, caller); else Error.captureStackTrace (err, error)
-  if (status) Object.defineProperty (err, 'status', {value:status})
-  if (new.target) return err
-  else throw err
+const error = exports = module.exports = function error ( status, code, msg, details, caller ) {
+  let e = details
+  if (status?.raw) [ msg, status, code, e, caller ] = [ error.message(...arguments) ]
+  if (typeof status !== 'number') [ status, code, msg, e, caller ] = [ undefined, status, code, msg, e, caller ]
+  if (typeof code === 'object') [ code, msg, e, caller ] = [ undefined, undefined, code, msg ]
+  if (typeof msg === 'object') [ code, msg, e, caller ] = [ undefined, code, msg, e ]
+  if (typeof e === 'string') [ status, msg, e, caller ] = [ msg, e, caller, error ]
+  if (code && !msg) [ code, msg ] = [ undefined, code ]
+  if (e instanceof Error || typeof e === 'object' && 'stack' in e) { // is error?
+    e = Object.assign (e, caller) //> yes -> just decorate it
+  } else {
+    e = Object.assign (new Error (msg, e), e)
+    Error.captureStackTrace (e, caller || error)
+  }
+  if (status) e.status = status
+  if (code) e.code = code
+  if (new.target) return e; else throw e
 }
 
-
 /**
  * Constructs a message from a tagged template string. In contrast to usual
  * template strings embedded values are formatted using `util.format`
@@ -56,14 +69,14 @@ exports.message = (strings,...values) => {
  *     typeof x === 'string' || cds.error.expected `${{x}} to be a string`
  *     //> Error: Expected argument 'x' to be a string, but got: { foo: 'bar' }
  */
-exports.expected = ([,type], arg) => {
-  const [ name, value ] = Object.entries(arg)[0]
-  return error (`Expected argument '${name}'${type}, but got: ${inspect(value)}`, undefined, error.expected)
+exports.expected = function expected ([,_to_be_expected], arg) {
+  const [name] = Object.keys(arg), value = arg[name]
+  return error (`Expected argument ${inspect(name)}${_to_be_expected}, but got: ${inspect(value)}`, undefined, expected)
 }
 
 exports.isSystemError = err => {
-  // all errors thrown by the peggy parser should not crash the app
-  if (err.name === 'SyntaxError' && err.constructor?.name === 'peg$SyntaxError') return false
+  // all errors thrown by the peggy parser or body-parser (used by express.json) should not crash the app
+  if (err.name === 'SyntaxError' && (err.constructor?.name === 'peg$SyntaxError' || err.type === 'entity.parse.failed')) return false
   return err.name in {
     TypeError:1,
     ReferenceError:1,

package/lib/req/spawn.js

@@ -21,9 +21,9 @@ module.exports = function spawn (o, fn, /** @type {import('../index')} */ cds=th
         return tx.rollback(e)
       })
       .then (res => Promise.all(em.listeners('succeeded').map(each => each(res))))
-      .catch (err => Promise.all(em.listeners('failed').map(each => each(err))))
-      .finally (() => Promise.all(em.listeners('done').map(each => each())))
     })
+    .catch (err => Promise.all(em.listeners('failed').map(each => each(err))))
+    .finally (() => Promise.all(em.listeners('done').map(each => each())))
   }
   const em = new EventEmitter
   em.timer = (

package/lib/srv/bindings.js

@@ -29,23 +29,16 @@ class Bindings {
       const kind = [ required?.kind, 'hcql', 'rest', 'odata' ].find (k => k in binding.endpoints)
       const path = binding.endpoints [kind]
       
-      // in case of cds.requires.Foo = { ... }
-      if (typeof required === 'object') required.credentials = {
-        ...required.credentials,
-        ...binding.credentials,
-        url: server.url + path
-      }
-      
-      // in case of cds.requires.Foo = true
-      else required = cds.requires[service] = cds.env.requires[service] = {
-        ...cds.requires.kinds [binding.kind],
+      if (typeof required !== 'object') required = {}
+      cds.env.requires[service] = required = { 
+        kind, ...cds.requires.kinds [kind], ...required,
         credentials: {
+          ...required.credentials,
           ...binding.credentials,
           url: server.url + path
-        }
+        },
       }
-
-      required.kind = kind
+      required.kind = kind // override kind from binding
 
       // REVISIT: temporary fix to inherit kind as well for mocked odata services
       // otherwise mocking with two services does not work for kind:odata-v2