@stratal/framework 0.0.13 → 0.0.15

package/dist/index-Dlg8mNjq.d.mts

@@ -0,0 +1,386 @@
+import { i as InferConnectionSchema, n as DefaultConnectionName, r as InferAnySchema, t as ConnectionName } from "./types-Gjk0d2qB.mjs";
+import { AsyncModuleOptions, DynamicModule, ModuleContext, OnInitialize, OnShutdown } from "stratal/module";
+import { ApplicationError, ErrorCode } from "stratal/errors";
+import { AggregateArgs, AllCrudOperations, AnyPlugin, ClientContract, ClientOptions, CountArgs, CreateArgs, CreateManyArgs, DeleteArgs, DeleteManyArgs, FindFirstArgs, FindManyArgs, FindUniqueArgs, GroupByArgs, ModelResult, RuntimePlugin, UpdateArgs, UpdateManyArgs, UpsertArgs } from "@zenstackhq/orm";
+import { SchemaDef } from "@zenstackhq/schema";
+import { Dialect } from "kysely";
+import { MessageKeys } from "stratal/i18n";
+import { SchemaDef as SchemaDef$1 } from "@zenstackhq/orm/schema";
+import { IEventRegistry } from "stratal/events";
+
+//#region src/database/database.service.d.ts
+/**
+ * DatabaseService type
+ *
+ * Each connection has its own schema. The service is typed to the connection's schema.
+ *
+ * @example
+ * ```typescript
+ * // Typed to default connection
+ * constructor(@inject(DI_TOKENS.Database) private db: DatabaseService) {}
+ *
+ * // Typed to a specific named connection
+ * constructor(@InjectDB('analytics') private analytics: DatabaseService<'analytics'>) {}
+ * ```
+ */
+type DatabaseService<K extends ConnectionName = DefaultConnectionName> = ClientContract<InferConnectionSchema<K>, ClientOptions<InferConnectionSchema<K>>>;
+//#endregion
+//#region src/database/database.module.d.ts
+interface DatabaseConnectionConfig<Schema extends SchemaDef = SchemaDef, Name extends ConnectionName = ConnectionName> {
+  name: Name;
+  schema: Schema;
+  dialect: () => Dialect;
+  plugins?: AnyPlugin[];
+}
+interface DatabaseModuleConfig {
+  default: DefaultConnectionName;
+  connections: DatabaseConnectionConfig[];
+}
+declare class DatabaseModule implements OnInitialize, OnShutdown {
+  static forRoot(config: DatabaseModuleConfig): DynamicModule;
+  static forRootAsync(options: AsyncModuleOptions<DatabaseModuleConfig>): DynamicModule;
+  onInitialize(context: ModuleContext): void;
+  onShutdown(context: ModuleContext): void;
+}
+//#endregion
+//#region src/database/database.tokens.d.ts
+declare const DATABASE_TOKENS: {
+  readonly Options: symbol;
+  readonly Services: symbol;
+};
+declare function connectionSymbol(name: ConnectionName): symbol;
+//#endregion
+//#region src/database/decorators/inject-db.decorator.d.ts
+declare function InjectDB(name: ConnectionName): ParameterDecorator;
+//#endregion
+//#region src/database/event-types.d.ts
+/**
+ * Event phase: before or after operation
+ */
+type EventPhase = 'before' | 'after';
+/**
+ * All database operations that can trigger events
+ */
+type DatabaseOperation = AllCrudOperations;
+/**
+ * Model names derived from the shared database schema.
+ * Falls back to `never` if no schema is registered.
+ */
+type ModelName = InferAnySchema extends {
+  models: infer M;
+} ? Extract<keyof M, string> : never;
+/**
+ * Database event names with all supported patterns.
+ */
+type DatabaseEventName = `${EventPhase}.${ModelName}.${DatabaseOperation}` | `${EventPhase}.${ModelName}` | `${EventPhase}.${DatabaseOperation}` | EventPhase;
+/**
+ * Map operation name to ZenStack Args type for a given schema and model
+ */
+type OperationArgsMap<S extends SchemaDef, M extends Extract<keyof S['models'], string>, O extends DatabaseOperation> = O extends 'create' ? CreateArgs<S, M> : O extends 'createMany' ? CreateManyArgs<S, M> : O extends 'update' ? UpdateArgs<S, M> : O extends 'updateMany' ? UpdateManyArgs<S, M> : O extends 'delete' ? DeleteArgs<S, M> : O extends 'deleteMany' ? DeleteManyArgs<S, M> : O extends 'findUnique' ? FindUniqueArgs<S, M> : O extends 'findFirst' ? FindFirstArgs<S, M> : O extends 'findMany' ? FindManyArgs<S, M> : O extends 'upsert' ? UpsertArgs<S, M> : O extends 'count' ? CountArgs<S, M> : O extends 'aggregate' ? AggregateArgs<S, M> : O extends 'groupBy' ? GroupByArgs<S, M> : never;
+/**
+ * Extract the data/where property from operation args.
+ */
+type GetData<M extends ModelName, O extends DatabaseOperation> = M extends Extract<keyof InferAnySchema['models'], string> ? OperationArgsMap<InferAnySchema, M, O> extends {
+  data: infer D;
+} ? D : OperationArgsMap<InferAnySchema, M, O> extends {
+  where: infer W;
+} ? W : OperationArgsMap<InferAnySchema, M, O> : unknown;
+/**
+ * Extract result type for a model operation.
+ */
+type GetResult<M extends ModelName, O extends DatabaseOperation> = M extends Extract<keyof InferAnySchema['models'], string> ? O extends 'findMany' | 'createMany' | 'updateMany' | 'deleteMany' ? ModelResult<InferAnySchema, M>[] : O extends 'count' ? number : ModelResult<InferAnySchema, M> : unknown;
+/**
+ * Parse event string into structured type for discriminated unions
+ */
+type ParseEvent<E extends string> = E extends `${infer Phase extends EventPhase}.${infer Model extends ModelName}.${infer Op extends DatabaseOperation}` ? {
+  phase: Phase;
+  model: Model;
+  operation: Op;
+  type: 'exact';
+} : E extends `${infer Phase extends EventPhase}.${infer Second}` ? Second extends ModelName ? {
+  phase: Phase;
+  model: Second;
+  type: 'model-wildcard';
+} : Second extends DatabaseOperation ? {
+  phase: Phase;
+  operation: Second;
+  type: 'operation-wildcard';
+} : never : E extends EventPhase ? {
+  phase: E;
+  type: 'phase-wildcard';
+} : never;
+/** Base context fields present in all events */
+interface BaseEventContext {}
+/** Context for exact database events (e.g., "after.User.create") */
+interface ExactDatabaseEventContext<M extends ModelName, O extends DatabaseOperation, Phase extends EventPhase> extends BaseEventContext {
+  data: Phase extends 'before' ? GetData<M, O> : Readonly<GetData<M, O>>;
+  result: Phase extends 'after' ? GetResult<M, O> : undefined;
+}
+/** Context for model wildcard events (e.g., "after.User") */
+interface ModelWildcardEventContext<Phase extends EventPhase> extends BaseEventContext {
+  operation: DatabaseOperation;
+  data: Phase extends 'before' ? unknown : Readonly<unknown>;
+  result: Phase extends 'after' ? unknown : undefined;
+}
+/** Context for operation wildcard events (e.g., "after.create") */
+interface OperationWildcardEventContext<Phase extends EventPhase> extends BaseEventContext {
+  model: ModelName;
+  data: Phase extends 'before' ? unknown : Readonly<unknown>;
+  result: Phase extends 'after' ? unknown : undefined;
+}
+/** Context for phase wildcard events (e.g., "after" or "before") */
+interface PhaseWildcardEventContext<Phase extends EventPhase> extends BaseEventContext {
+  model: ModelName;
+  operation: DatabaseOperation;
+  data: Phase extends 'before' ? unknown : Readonly<unknown>;
+  result: Phase extends 'after' ? unknown : undefined;
+}
+/**
+ * Type-safe event context with discriminated unions.
+ */
+type DatabaseEventContext<E extends string> = ParseEvent<E> extends {
+  phase: infer P extends EventPhase;
+  model: infer M extends ModelName;
+  operation: infer O extends DatabaseOperation;
+  type: 'exact';
+} ? ExactDatabaseEventContext<M, O, P> : ParseEvent<E> extends {
+  phase: infer P extends EventPhase;
+  model: infer _M extends ModelName;
+  type: 'model-wildcard';
+} ? ModelWildcardEventContext<P> : ParseEvent<E> extends {
+  phase: infer P extends EventPhase;
+  operation: infer _O extends DatabaseOperation;
+  type: 'operation-wildcard';
+} ? OperationWildcardEventContext<P> : ParseEvent<E> extends {
+  phase: infer P extends EventPhase;
+  type: 'phase-wildcard';
+} ? PhaseWildcardEventContext<P> : BaseEventContext;
+/**
+ * Mapped type that produces all database event name to context pairs.
+ *
+ * Used to augment core's `CustomEventRegistry`:
+ *
+ * @example
+ * ```typescript
+ * declare module 'stratal/events' {
+ *   interface CustomEventRegistry extends DatabaseEvents {}
+ * }
+ * ```
+ */
+type DatabaseEvents = { [E in DatabaseEventName]: DatabaseEventContext<E> };
+declare module 'stratal/events' {
+  interface CustomEventRegistry extends DatabaseEvents {}
+}
+//#endregion
+//#region src/database/errors/database-error.d.ts
+/**
+ * DatabaseError
+ *
+ * Generic database error thrown when a database operation fails
+ * and doesn't fit into a more specific error category.
+ *
+ * This is the base class for all database-related errors.
+ */
+declare class DatabaseError extends ApplicationError {
+  constructor(messageKey?: MessageKeys, code?: ErrorCode, metadata?: Record<string, unknown>);
+}
+//#endregion
+//#region src/database/errors/database-config.error.d.ts
+declare class DatabaseConfigError extends DatabaseError {
+  constructor(details: string);
+}
+//#endregion
+//#region src/database/errors/foreign-key-constraint.error.d.ts
+/**
+ * ForeignKeyConstraintError
+ *
+ * Thrown when a database foreign key constraint is violated.
+ * This typically occurs when:
+ * - Trying to insert a record with a foreign key that doesn't exist
+ * - Trying to delete a record that is referenced by other records
+ * - Trying to update a foreign key to a non-existent value
+ */
+declare class ForeignKeyConstraintError extends DatabaseError {
+  constructor(field?: string);
+}
+//#endregion
+//#region src/database/errors/invalid-error-code-range.error.d.ts
+/**
+ * InvalidErrorCodeRangeError
+ *
+ * Thrown when a DatabaseError subclass is constructed with an error code
+ * outside the valid database error range (2000-2999).
+ * This is a developer-facing error to enforce error code conventions.
+ */
+declare class InvalidErrorCodeRangeError extends ApplicationError {
+  constructor(code: number, expectedRange: string);
+}
+//#endregion
+//#region src/database/errors/record-not-found.error.d.ts
+/**
+ * RecordNotFoundError
+ *
+ * Generic error thrown when a database record is not found.
+ * This is typically thrown when a findUnique or findFirst operation
+ * returns null, or when a required record doesn't exist.
+ *
+ * Services should catch this and optionally refine it to a more specific
+ * domain error (e.g., NoteNotFoundError, UserNotFoundError).
+ */
+declare class RecordNotFoundError extends DatabaseError {
+  constructor(details?: string);
+}
+//#endregion
+//#region src/database/errors/unique-constraint.error.d.ts
+/**
+ * UniqueConstraintError
+ *
+ * Thrown when a database unique constraint is violated.
+ * This typically occurs when trying to insert or update a record
+ * with a value that already exists in a unique column.
+ *
+ * Services should catch this and optionally refine it to a more specific
+ * domain error (e.g., UserEmailAlreadyExistsError).
+ */
+declare class UniqueConstraintError extends DatabaseError {
+  constructor(fields?: string[]);
+}
+//#endregion
+//#region src/database/errors/from-zenstack-error.d.ts
+/**
+ * Transform ZenStack ORM errors into ApplicationError instances
+ *
+ * This function maps ORMError codes to generic database error classes.
+ * Services can catch these generic errors and optionally refine them to
+ * more specific domain errors if needed.
+ *
+ * @param error - The error thrown by ZenStack ORM
+ * @returns An ApplicationError instance
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await db.user.create({ data: { email: 'existing@example.com' } })
+ * } catch (error) {
+ *   throw fromZenStackError(error) // Becomes UniqueConstraintError or other
+ * }
+ * ```
+ */
+declare function fromZenStackError(error: unknown): DatabaseError;
+//#endregion
+//#region src/database/plugins/error-handler.plugin.d.ts
+/**
+ * ZenStack runtime plugin that transforms ORM errors into ApplicationError instances.
+ *
+ * @example
+ * ```typescript
+ * super(schema, {
+ *   dialect: new PostgresDialect({ pool }),
+ *   plugins: [new ErrorHandlerPlugin()]
+ * })
+ * ```
+ */
+declare class ErrorHandlerPlugin implements RuntimePlugin<SchemaDef$1, Record<string, unknown>, Record<string, unknown>> {
+  readonly id = "error-handler";
+  onQuery: ({
+    args,
+    proceed
+  }: {
+    args: Record<string, unknown> | undefined;
+    proceed: (args: Record<string, unknown> | undefined) => Promise<unknown>;
+  }) => Promise<unknown>;
+}
+//#endregion
+//#region src/database/plugins/event-emitter.plugin.d.ts
+interface EventEmitterPluginOptions {
+  eventRegistry: IEventRegistry;
+}
+/**
+ * ZenStack runtime plugin that emits before/after events for database operations.
+ *
+ * Emits events in the format:
+ * - `before.{Model}.{operation}` - Before the database operation
+ * - `after.{Model}.{operation}` - After the database operation
+ *
+ * @example
+ * ```typescript
+ * super(schema, {
+ *   dialect: new PostgresDialect({ pool }),
+ *   plugins: [
+ *     new EventEmitterPlugin({
+ *       eventRegistry,
+ *     })
+ *   ]
+ * })
+ * ```
+ */
+declare class EventEmitterPlugin implements RuntimePlugin<SchemaDef$1, Record<string, unknown>, Record<string, unknown>> {
+  private options;
+  readonly id = "event-emitter";
+  constructor(options: EventEmitterPluginOptions);
+  onQuery: ({
+    model,
+    operation,
+    args,
+    proceed
+  }: {
+    model: string;
+    operation: string;
+    args: Record<string, unknown> | undefined;
+    proceed: (args: Record<string, unknown> | undefined) => Promise<unknown>;
+  }) => Promise<unknown>;
+}
+//#endregion
+//#region src/database/plugins/schema-switcher.plugin.d.ts
+interface SchemaSwitcherPluginOptions {
+  schemaName: string;
+}
+/**
+ * ZenStack runtime plugin that sets PostgreSQL search_path before each query.
+ * Used for tenant isolation in multi-tenant applications.
+ *
+ * @example
+ * ```typescript
+ * super(schema, {
+ *   dialect: new PostgresDialect({ pool }),
+ *   plugins: [
+ *     new SchemaSwitcherPlugin({ schemaName: `tenant_${tenantId}` })
+ *   ]
+ * })
+ * ```
+ */
+declare class SchemaSwitcherPlugin implements RuntimePlugin<SchemaDef$1, Record<string, unknown>, Record<string, unknown>> {
+  private options;
+  readonly id = "schema-switcher";
+  constructor(options: SchemaSwitcherPluginOptions);
+  onQuery: ({
+    args,
+    proceed,
+    client
+  }: {
+    args: Record<string, unknown> | undefined;
+    proceed: (args: Record<string, unknown> | undefined) => Promise<unknown>;
+    client: {
+      $executeRawUnsafe: (sql: string) => Promise<unknown>;
+    };
+  }) => Promise<unknown>;
+}
+//#endregion
+//#region src/database/i18n/en.d.ts
+declare const databaseI18n: {
+  readonly database: {
+    readonly connectionNameRequired: "Connection name is required";
+    readonly defaultConnectionRequired: "Default connection name is required";
+    readonly connectionRequired: "At least one connection is required";
+    readonly duplicateConnections: "Duplicate connection names found";
+    readonly defaultConnectionNotFound: "Default connection not found in connections";
+  };
+};
+declare module 'stratal/i18n' {
+  interface AppMessages {
+    database: typeof databaseI18n['database'];
+  }
+} //# sourceMappingURL=en.d.ts.map
+//#endregion
+export { DATABASE_TOKENS as C, DatabaseModuleConfig as D, DatabaseModule as E, DatabaseService as O, InjectDB as S, DatabaseConnectionConfig as T, EventPhase as _, EventEmitterPluginOptions as a, ModelName as b, UniqueConstraintError as c, ForeignKeyConstraintError as d, DatabaseConfigError as f, DatabaseOperation as g, DatabaseEvents as h, EventEmitterPlugin as i, RecordNotFoundError as l, DatabaseEventName as m, SchemaSwitcherPlugin as n, ErrorHandlerPlugin as o, DatabaseError as p, SchemaSwitcherPluginOptions as r, fromZenStackError as s, databaseI18n as t, InvalidErrorCodeRangeError as u, GetData as v, connectionSymbol as w, ParseEvent as x, GetResult as y };
+//# sourceMappingURL=index-Dlg8mNjq.d.mts.map

package/dist/index-Dlg8mNjq.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-Dlg8mNjq.d.mts","names":[],"sources":["../src/database/database.service.ts","../src/database/database.module.ts","../src/database/database.tokens.ts","../src/database/decorators/inject-db.decorator.ts","../src/database/event-types.ts","../src/database/errors/database-error.ts","../src/database/errors/database-config.error.ts","../src/database/errors/foreign-key-constraint.error.ts","../src/database/errors/invalid-error-code-range.error.ts","../src/database/errors/record-not-found.error.ts","../src/database/errors/unique-constraint.error.ts","../src/database/errors/from-zenstack-error.ts","../src/database/plugins/error-handler.plugin.ts","../src/database/plugins/event-emitter.plugin.ts","../src/database/plugins/schema-switcher.plugin.ts","../src/database/i18n/en.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;AAiBA;;;;;KAAY,eAAA,WACA,cAAA,GAAiB,qBAAA,IACzB,cAAA,CACF,qBAAA,CAAsB,CAAA,GACtB,aAAA,CAAc,qBAAA,CAAsB,CAAA;;;UCHrB,wBAAA,gBACA,SAAA,GAAY,SAAA,eACd,cAAA,GAAiB,cAAA;EAE9B,IAAA,EAAM,IAAA;EACN,MAAA,EAAQ,MAAA;EACR,OAAA,QAAe,OAAA;EACf,OAAA,GAAU,SAAA;AAAA;AAAA,UAGK,oBAAA;EACf,OAAA,EAAS,qBAAA;EACT,WAAA,EAAa,wBAAA;AAAA;AAAA,cAIF,cAAA,YAA0B,YAAA,EAAc,UAAA;EAAA,OAC5C,OAAA,CAAQ,MAAA,EAAQ,oBAAA,GAAuB,aAAA;EAAA,OASvC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,oBAAA,IAAwB,aAAA;EAaxE,YAAA,CAAa,OAAA,EAAS,aAAA;EAmBtB,UAAA,CAAW,OAAA,EAAS,aAAA;AAAA;;;cC5ET,eAAA;EAAA,SAGH,OAAA;EAAA,SAAA,QAAA;AAAA;AAAA,iBAIM,gBAAA,CAAiB,IAAA,EAAM,cAAA;;;iBCHvB,QAAA,CAAS,IAAA,EAAM,cAAA,GAAiB,kBAAA;;;;;;KCmCpC,UAAA;;;;KAKA,iBAAA,GAAoB,iBAAA;;;;;KAMpB,SAAA,GACV,cAAA;EAAyB,MAAA;AAAA,IACvB,OAAA,OAAc,CAAA;;;;KAUN,iBAAA,MACL,UAAA,IAAc,SAAA,IAAa,iBAAA,QAC3B,UAAA,IAAc,SAAA,QACd,UAAA,IAAc,iBAAA,KACjB,UAAA;;;;KASC,gBAAA,WACO,SAAA,YACA,OAAA,OAAc,CAAA,+BACd,iBAAA,IAEV,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,sBAAuB,YAAA,CAAa,CAAA,EAAG,CAAA,IACvC,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,mBAAoB,SAAA,CAAU,CAAA,EAAG,CAAA,IACjC,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,qBAAsB,WAAA,CAAY,CAAA,EAAG,CAAA;;AH1EvC;;KGgFY,OAAA,WAAkB,SAAA,YAAqB,iBAAA,IACjD,CAAA,SAAU,OAAA,OAAc,cAAA,sBACtB,gBAAA,CAAiB,cAAA,EAAgB,CAAA,EAAG,CAAA;EAAa,IAAA;AAAA,IACjD,CAAA,GACA,gBAAA,CAAiB,cAAA,EAAgB,CAAA,EAAG,CAAA;EAAa,KAAA;AAAA,IACjD,CAAA,GACA,gBAAA,CAAiB,cAAA,EAAgB,CAAA,EAAG,CAAA;;;;KAM5B,SAAA,WAAoB,SAAA,YAAqB,iBAAA,IACnD,CAAA,SAAU,OAAA,OAAc,cAAA,sBACtB,CAAA,mEACA,WAAA,CAAY,cAAA,EAAgB,CAAA,MAC5B,CAAA,4BAEA,WAAA,CAAY,cAAA,EAAgB,CAAA;;;;KAUpB,UAAA,qBACV,CAAA,gCAAiC,UAAA,wBAAkC,SAAA,qBAA8B,iBAAA;EAC7F,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,EAAA;EAAI,IAAA;AAAA,IAC7C,CAAA,gCAAiC,UAAA,qBACjC,MAAA,SAAe,SAAA;EACb,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,MAAA;EAAQ,IAAA;AAAA,IAC/B,MAAA,SAAe,iBAAA;EACb,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,MAAA;EAAQ,IAAA;AAAA,YAEnC,CAAA,SAAU,UAAA;EACR,KAAA,EAAO,CAAA;EAAG,IAAA;AAAA;;UAQN,gBAAA;;UAIA,yBAAA,WACE,SAAA,YACA,iBAAA,gBACI,UAAA,UACN,gBAAA;EACR,IAAA,EAAM,KAAA,oBAAyB,OAAA,CAAQ,CAAA,EAAG,CAAA,IAAK,QAAA,CAAS,OAAA,CAAQ,CAAA,EAAG,CAAA;EACnE,MAAA,EAAQ,KAAA,mBAAwB,SAAA,CAAU,CAAA,EAAG,CAAA;AAAA;AHzH/C;AAAA,UG6HU,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,6BAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;;;KAUL,oBAAA,qBACH,UAAA,CAAW,CAAA;EACT,KAAA,kBAAuB,UAAA;EACvB,KAAA,kBAAuB,SAAA;EACvB,SAAA,kBAA2B,iBAAA;EAC3B,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,EAAG,CAAA,EAAG,CAAA,IAChC,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,KAAA,mBAAwB,SAAA;EACxB,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,IAC1B,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,SAAA,mBAA4B,iBAAA;EAC5B,IAAA;AAAA,IAEA,6BAAA,CAA8B,CAAA,IAC9B,UAAA,CAAW,CAAA;EAAa,KAAA,kBAAuB,UAAA;EAAY,IAAA;AAAA,IAC3D,yBAAA,CAA0B,CAAA,IAC1B,gBAAA;;;AF/MJ;;;;;;;;ACHA;;KCoOY,cAAA,WACJ,iBAAA,GAAoB,oBAAA,CAAqB,CAAA;AAAA;EAAA,UAQrC,mBAAA,SAA4B,cAAA;AAAA;;;;;;;;;;;cCrO3B,aAAA,SAAsB,gBAAA;cAE/B,UAAA,GAAY,WAAA,EACZ,IAAA,GAAM,SAAA,EACN,QAAA,GAAW,MAAA;AAAA;;;cCbF,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;cCQD,yBAAA,SAAkC,aAAA;cACjC,KAAA;AAAA;;;;;;;;;;cCJD,0BAAA,SAAmC,gBAAA;cAClC,IAAA,UAAc,aAAA;AAAA;;;;;;;;;;;;;cCGf,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;;cCDD,qBAAA,SAA8B,aAAA;cAC7B,MAAA;AAAA;;;;;;;;;;;;;AVGd;;;;;;;;;iBWSgB,iBAAA,CAAkB,KAAA,YAAiB,aAAA;;;;;;;;;;;;AXTnD;;cYFa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,SAClF,EAAA;EAET,OAAA;IAAiB,IAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UCjBW,yBAAA;EACf,aAAA,EAAe,cAAA;AAAA;;;;;;AbYjB;;;;;;;;;;;;;;caUa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGvE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,yBAAA;EAE7B,OAAA;IAAiB,KAAA;IAAA,SAAA;IAAA,IAAA;IAAA;EAAA;IACf,KAAA;IACA,SAAA;IACA,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UClCW,2BAAA;EACf,UAAA;AAAA;;;;;;;AdaF;;;;;;;;ccIa,oBAAA,YAAgC,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGzE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,2BAAA;EAE7B,OAAA;IAAiB,IAAA;IAAA,OAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;IACxD,MAAA;MAAU,iBAAA,GAAoB,GAAA,aAAgB,OAAA;IAAA;EAAA,MAC5C,OAAA;AAAA;;;cC9BO,YAAA;EAAA;;;;;;;;;YAWD,WAAA;IACR,QAAA,SAAiB,YAAA;EAAA;AAAA"}

package/dist/index.d.mts

@@ -0,0 +1,3 @@
+import { i as InferConnectionSchema, n as DefaultConnectionName, o as StratalDatabase, r as InferAnySchema, t as ConnectionName } from "./types-Gjk0d2qB.mjs";
+import { CustomEventRegistry, EventName } from "stratal/events";
+export { type ConnectionName, type CustomEventRegistry, type DefaultConnectionName, type EventName, type InferAnySchema, type InferConnectionSchema, type StratalDatabase };

package/dist/index.mjs

@@ -0,0 +1 @@
+export {};

package/dist/rbac/index.d.mts

@@ -0,0 +1,206 @@
+import { t as AuthContext } from "../auth-context-BD2ApWg1.mjs";
+import { AsyncModuleOptions, DynamicModule } from "stratal/module";
+import { ApplicationError } from "stratal/errors";
+import { Adapter, Enforcer, Model } from "casbin";
+
+//#region src/rbac/constants.d.ts
+/**
+ * RBAC Constants
+ */
+declare const RBAC_CONTEXT_KEYS: {
+  /** Key for storing required authorization scopes (permissions) in context */readonly AUTH_SCOPES: symbol;
+};
+//#endregion
+//#region src/rbac/errors/insufficient-permissions.error.d.ts
+/**
+ * InsufficientPermissionsError
+ *
+ * Thrown when a user attempts to perform an action without the required permissions.
+ * This error is used by the auth guard after authorization check fails.
+ *
+ * HTTP Status: 403 Forbidden
+ * Error Code: 3102 (AUTHZ.INSUFFICIENT_PERMISSIONS)
+ */
+declare class InsufficientPermissionsError extends ApplicationError {
+  constructor(requiredScopes: string[], userId?: string);
+}
+//#endregion
+//#region src/rbac/adapters/custom-zenstack-adapter.d.ts
+/**
+ * Minimal interface for the database client used by the adapter.
+ * The actual DatabaseService extends ZenStackClient which provides these methods
+ * when the schema includes a `casbinRule` model.
+ */
+interface CasbinDbClient {
+  casbinRule: {
+    findMany(args?: {
+      where?: Record<string, unknown>;
+    }): Promise<unknown[]>;
+    create(args: {
+      data: CasbinRuleCreateInput;
+    }): Promise<unknown>;
+    createMany(args: {
+      data: CasbinRuleCreateInput[];
+    }): Promise<unknown>;
+    deleteMany(args: {
+      where: CasbinRuleCreateInput;
+    }): Promise<{
+      count: number;
+    }>;
+  };
+  $executeRawUnsafe(query: string, ...values: unknown[]): Promise<unknown>;
+}
+interface CasbinRuleCreateInput {
+  ptype: string;
+  v0?: string | null;
+  v1?: string | null;
+  v2?: string | null;
+  v3?: string | null;
+  v4?: string | null;
+  v5?: string | null;
+}
+/**
+ * Custom ZenStack adapter for Casbin that works with Cloudflare Workers.
+ *
+ * Based on the original casbin-prisma-adapter but modified to:
+ * - Work with ZenStack v3 ORM clients
+ * - Avoid bundling errors in Cloudflare Workers
+ * - Accept pre-connected ZenStack clients (request-scoped)
+ */
+declare class CustomZenStackAdapter implements Adapter {
+  #private;
+  filtered: boolean;
+  isFiltered(): boolean;
+  enableFiltered(enabled: boolean): void;
+  constructor(db: CasbinDbClient);
+  loadPolicy(model: Model): Promise<void>;
+  loadFilteredPolicy(model: Model, filter: Record<string, string[][]>): Promise<void>;
+  savePolicy(model: Model): Promise<boolean>;
+  addPolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
+  addPolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
+  removePolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
+  removePolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
+  removeFilteredPolicy(_sec: string, ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<void>;
+  close(): Promise<void>;
+  static newAdapter(db: CasbinDbClient): CustomZenStackAdapter;
+}
+//#endregion
+//#region src/rbac/types.d.ts
+/**
+ * Configuration options for the RBAC module
+ */
+interface RbacModuleOptions {
+  /** Casbin PERM model string */
+  model: string;
+  /** Default policies: [role, resource, action][] */
+  defaultPolicies?: readonly (readonly [string, string, string])[];
+  /** Role hierarchy: [childRole, parentRole][] */
+  roleHierarchy?: readonly (readonly [string, string])[];
+}
+//#endregion
+//#region src/rbac/services/casbin-enforcer.service.d.ts
+/**
+ * CasbinEnforcerService
+ *
+ * Manages the Casbin enforcer instance for authorization.
+ * Model, default policies, and role hierarchy are provided via DI options.
+ */
+declare class CasbinEnforcerService {
+  protected readonly db: CasbinDbClient;
+  protected readonly options: RbacModuleOptions;
+  protected enforcer: Enforcer | null;
+  constructor(db: CasbinDbClient, options: RbacModuleOptions);
+  /**
+   * Get or create the enforcer instance
+   */
+  getEnforcer(): Promise<Enforcer>;
+  /**
+   * Create a new enforcer instance.
+   * Can be overridden by subclasses to customize enforcer creation.
+   */
+  protected createEnforcer(): Promise<Enforcer>;
+  /**
+   * Seed default policies into database
+   */
+  seedPolicies(): Promise<void>;
+  /**
+   * Clear cached enforcer instance
+   */
+  clearCache(): void;
+  /**
+   * Seed role hierarchy into database
+   */
+  seedRoleHierarchy(): Promise<void>;
+}
+//#endregion
+//#region src/rbac/services/casbin.service.d.ts
+/**
+ * CasbinService
+ *
+ * Request-scoped service that provides the full Casbin RBAC API.
+ * Uses AuthContext to get the current user.
+ */
+declare class CasbinService {
+  protected readonly context: AuthContext;
+  protected readonly enforcerService: CasbinEnforcerService;
+  constructor(context: AuthContext, enforcerService: CasbinEnforcerService);
+  protected getEnforcer(): Promise<Enforcer>;
+  addRoleForUser(userId: string, role: string): Promise<boolean>;
+  deleteRoleForUser(userId: string, role: string): Promise<boolean>;
+  deleteRolesForUser(userId: string): Promise<boolean>;
+  getRolesForUser(userId: string): Promise<string[]>;
+  getImplicitRolesForUser(userId: string): Promise<string[]>;
+  getUsersForRole(role: string): Promise<string[]>;
+  getImplicitUsersForRole(role: string): Promise<string[]>;
+  hasRoleForUser(userId: string, role: string): Promise<boolean>;
+  addRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
+  deleteRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
+  deleteUser(userId: string): Promise<boolean>;
+  deleteRole(role: string): Promise<boolean>;
+  getCurrentUserRoles(): Promise<string[]>;
+  currentUserHasRole(role: string): Promise<boolean>;
+  setRolesForUser(userId: string, roles: string[]): Promise<void>;
+  hasPermission(userId: string, scope: string, action: string): Promise<boolean>;
+  currentUserHasPermission(scope: string, action: string): Promise<boolean>;
+  hasAnyPermission(userId: string, scopes: string[], action: string): Promise<boolean>;
+  currentUserHasAnyPermission(scopes: string[], action: string): Promise<boolean>;
+  getPermissionsForUserAsCasbinJs(userId: string): Promise<Record<string, string[]>>;
+  getCurrentUserPermissionsAsCasbinJs(): Promise<Record<string, string[]>>;
+}
+//#endregion
+//#region src/rbac/rbac.module.d.ts
+/**
+ * RBAC Module
+ *
+ * Provides role-based access control using Casbin.
+ * Fully configurable — no hardcoded roles, policies, or model.
+ *
+ * @example
+ * ```typescript
+ * @Module({
+ *   imports: [
+ *     RbacModule.forRoot({
+ *       model: MY_RBAC_MODEL,
+ *       defaultPolicies: [['admin', 'users:*', '.*']],
+ *       roleHierarchy: [['super_admin', 'admin']],
+ *     })
+ *   ]
+ * })
+ * ```
+ */
+declare class RbacModule {
+  static forRoot(options: RbacModuleOptions): DynamicModule;
+  static forRootAsync(options: AsyncModuleOptions<RbacModuleOptions>): DynamicModule;
+}
+//#endregion
+//#region src/rbac/tokens.d.ts
+/**
+ * RBAC DI Tokens
+ */
+declare const RBAC_TOKENS: {
+  /** Request-scoped Casbin service with auto context resolution */readonly CasbinService: symbol; /** RBAC module options (model, policies, hierarchy) */
+  readonly Options: symbol;
+};
+//#endregion
+export { CasbinEnforcerService, CasbinService, CustomZenStackAdapter, InsufficientPermissionsError, RBAC_CONTEXT_KEYS, RBAC_TOKENS, RbacModule, type RbacModuleOptions };
+//# sourceMappingURL=index.d.mts.map

package/dist/rbac/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/rbac/constants.ts","../../src/rbac/errors/insufficient-permissions.error.ts","../../src/rbac/adapters/custom-zenstack-adapter.ts","../../src/rbac/types.ts","../../src/rbac/services/casbin-enforcer.service.ts","../../src/rbac/services/casbin.service.ts","../../src/rbac/rbac.module.ts","../../src/rbac/tokens.ts"],"mappings":";;;;;;;;;cAGa,iBAAA;wFAGH,WAAA;AAAA;;;;;;;;AAHV;;;;cCQa,4BAAA,SAAqC,gBAAA;cACpC,cAAA,YAA0B,MAAA;AAAA;;;;;;;;UCHvB,cAAA;EACf,UAAA;IACE,QAAA,CAAS,IAAA;MAAS,KAAA,GAAQ,MAAA;IAAA,IAA4B,OAAA;IACtD,MAAA,CAAO,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA0B,OAAA;IAC/C,UAAA,CAAW,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA4B,OAAA;IACrD,UAAA,CAAW,IAAA;MAAQ,KAAA,EAAO,qBAAA;IAAA,IAA0B,OAAA;MAAU,KAAA;IAAA;EAAA;EAEhE,iBAAA,CAAkB,KAAA,aAAkB,MAAA,cAAoB,OAAA;AAAA;AAAA,UAGhD,qBAAA;EACR,KAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;AAAA;;;;;;;;;cAsBW,qBAAA,YAAiC,OAAA;EAAA;EAG5C,QAAA;EAEO,UAAA,CAAA;EAIA,cAAA,CAAe,OAAA;cAIV,EAAA,EAAI,cAAA;EAIV,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAQ1B,kBAAA,CACJ,KAAA,EAAO,KAAA,EACP,MAAA,EAAQ,MAAA,uBACP,OAAA;EA0BG,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAyB1B,SAAA,CAAU,IAAA,UAAc,KAAA,UAAe,IAAA,aAAiB,OAAA;EAKxD,WAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,YAAA,CACJ,IAAA,UACA,KAAA,UACA,IAAA,aACC,OAAA;EAKG,cAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,oBAAA,CACJ,IAAA,UACA,KAAA,UACA,UAAA,aACG,WAAA,aACF,OAAA;EA0BG,KAAA,CAAA,GAAS,OAAA;EAAA,OAIR,UAAA,CAAW,EAAA,EAAI,cAAA,GAAiB,qBAAA;AAAA;;;;;;UC3MxB,iBAAA;;EAEf,KAAA;EHFW;EGIX,eAAA;;EAEA,aAAA;AAAA;;;;;;AHNF;;;cIWa,qBAAA;EAAA,mBAKU,EAAA,EAAI,cAAA;EAAA,mBAEJ,OAAA,EAAS,iBAAA;EAAA,UANpB,QAAA,EAAU,QAAA;cAIC,EAAA,EAAI,cAAA,EAEJ,OAAA,EAAS,iBAAA;EHVnB;;;EGgBL,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EHhBmB;;;;EAAA,UGyBhC,cAAA,CAAA,GAAkB,OAAA,CAAQ,QAAA;EHxBW;;;EGoC/C,YAAA,CAAA,GAAgB,OAAA;EFvCP;;;EEqDf,UAAA,CAAA;EFnDwD;;;EE0DlD,iBAAA,CAAA,GAAqB,OAAA;AAAA;;;;;;AJlE7B;;;cKWa,aAAA;EAAA,mBAGU,OAAA,EAAS,WAAA;EAAA,mBAET,eAAA,EAAiB,qBAAA;cAFjB,OAAA,EAAS,WAAA,EAET,eAAA,EAAiB,qBAAA;EAAA,UAGtB,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EAMjC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,iBAAA,CAAkB,MAAA,UAAgB,IAAA,WAAe,OAAA;EAOjD,kBAAA,CAAmB,MAAA,WAAiB,OAAA;EAOpC,eAAA,CAAgB,MAAA,WAAiB,OAAA;EAKjC,uBAAA,CAAwB,MAAA,WAAiB,OAAA;EAKzC,eAAA,CAAgB,IAAA,WAAe,OAAA;EAK/B,uBAAA,CAAwB,IAAA,WAAe,OAAA;EAKvC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,kBAAA,CAAmB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAO3D,qBAAA,CAAsB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAS9D,UAAA,CAAW,MAAA,WAAiB,OAAA;EAO5B,UAAA,CAAW,IAAA,WAAe,OAAA;EAS1B,mBAAA,CAAA,GAAuB,OAAA;EAMvB,kBAAA,CAAmB,IAAA,WAAe,OAAA;EAKlC,eAAA,CAAgB,MAAA,UAAgB,KAAA,aAAkB,OAAA;EAWlD,aAAA,CAAc,MAAA,UAAgB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAK9D,wBAAA,CAAyB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAMzD,gBAAA,CAAiB,MAAA,UAAgB,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAOpE,2BAAA,CAA4B,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAQ/D,+BAAA,CAAgC,MAAA,WAAiB,OAAA,CAAQ,MAAA;EAezD,mCAAA,CAAA,GAAuC,OAAA,CAAQ,MAAA;AAAA;;;;;;;ALxKvD;;;;;;;;ACQA;;;;;;;cKqBa,UAAA;EAAA,OACJ,OAAA,CAAQ,OAAA,EAAS,iBAAA,GAAoB,aAAA;EAAA,OASrC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,iBAAA,IAAqB,aAAA;AAAA;;;;;;cCvC1D,WAAA;4EAKH,aAAA,UPLG;EAAA,SOKH,OAAA;AAAA"}