@veloxts/orm 0.7.0 → 0.7.2

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @veloxts/orm
 
+## 0.7.2
+
+### Patch Changes
+
+- chore(auth,core,create,cli,client,orm,mcp,router,validation,web): simplify code for clarity and maintainability
+- Updated dependencies
+  - @veloxts/core@0.7.2
+
+## 0.7.1
+
+### Patch Changes
+
+- security audit, bumps dependency packages
+- Updated dependencies
+  - @veloxts/core@0.7.1
+
 ## 0.7.0
 
 ### Minor Changes

package/dist/client.js

@@ -126,16 +126,15 @@ export function createDatabase(config) {
         updateCachedStatus();
         try {
             await config.client.$disconnect();
-            state.connectionState = 'disconnected';
-            state.connectedAt = undefined;
-            updateCachedStatus();
         }
         catch (error) {
+            throw new VeloxError(`Failed to disconnect from database: ${error instanceof Error ? error.message : String(error)}`, 500, 'DATABASE_DISCONNECTION_ERROR');
+        }
+        finally {
             // Even if disconnect fails, mark as disconnected
             state.connectionState = 'disconnected';
             state.connectedAt = undefined;
             updateCachedStatus();
-            throw new VeloxError(`Failed to disconnect from database: ${error instanceof Error ? error.message : String(error)}`, 500, 'DATABASE_DISCONNECTION_ERROR');
         }
     }
     // Return the database wrapper object with proper getters for reactive properties

package/dist/index.d.ts

@@ -34,80 +34,8 @@
  */
 /** ORM package version */
 export declare const ORM_VERSION: string;
-export type { 
-/**
- * Connection state enum values
- */
-ConnectionState, 
-/**
- * Connection status information
- */
-ConnectionStatus, 
-/**
- * Base interface for Prisma clients
- */
-DatabaseClient, 
-/**
- * Configuration for database wrapper
- */
-DatabaseWrapperConfig, 
-/**
- * Infer client type from config
- */
-InferClientType, 
-/**
- * Infer database client type
- */
-InferDatabaseClient, 
-/**
- * Plugin configuration options
- */
-OrmPluginConfig, } from './types.js';
+export type { ConnectionState, ConnectionStatus, DatabaseClient, DatabaseWrapperConfig, InferClientType, InferDatabaseClient, OrmPluginConfig, } from './types.js';
 export { isDatabaseClient } from './types.js';
-export type { 
-/**
- * Database wrapper interface with lifecycle management
- */
-Database, } from './client.js';
-export { 
-/**
- * Create a database wrapper with connection lifecycle management
- *
- * Use this for manual connection management. For automatic lifecycle
- * management with VeloxApp, use `databasePlugin` instead.
- *
- * @example
- * ```typescript
- * const db = createDatabase({ client: new PrismaClient() });
- * await db.connect();
- *
- * const users = await db.client.user.findMany();
- *
- * await db.disconnect();
- * ```
- */
-createDatabase, } from './client.js';
-export { 
-/**
- * Create a database plugin for VeloxApp integration
- *
- * This is the recommended way to integrate Prisma with VeloxTS.
- * The plugin automatically:
- * - Connects to the database when the app starts
- * - Disconnects during graceful shutdown
- * - Adds `ctx.db` to procedure handlers
- *
- * @example
- * ```typescript
- * import { veloxApp } from '@veloxts/core';
- * import { PrismaClient } from '@prisma/client';
- * import { databasePlugin } from '@veloxts/orm';
- *
- * const prisma = new PrismaClient();
- * const app = await veloxApp({ port: 3030 });
- *
- * await app.register(databasePlugin({ client: prisma }));
- * await app.start();
- * ```
- */
-databasePlugin, } from './plugin.js';
+export type { Database } from './client.js';
+export { createDatabase } from './client.js';
+export { databasePlugin } from './plugin.js';

package/dist/index.js

@@ -42,48 +42,8 @@ const packageJson = require('../package.json');
 /** ORM package version */
 export const ORM_VERSION = packageJson.version ?? '0.0.0-unknown';
 export { isDatabaseClient } from './types.js';
-export { 
-/**
- * Create a database wrapper with connection lifecycle management
- *
- * Use this for manual connection management. For automatic lifecycle
- * management with VeloxApp, use `databasePlugin` instead.
- *
- * @example
- * ```typescript
- * const db = createDatabase({ client: new PrismaClient() });
- * await db.connect();
- *
- * const users = await db.client.user.findMany();
- *
- * await db.disconnect();
- * ```
- */
-createDatabase, } from './client.js';
+export { createDatabase } from './client.js';
 // ============================================================================
 // Plugin
 // ============================================================================
-export { 
-/**
- * Create a database plugin for VeloxApp integration
- *
- * This is the recommended way to integrate Prisma with VeloxTS.
- * The plugin automatically:
- * - Connects to the database when the app starts
- * - Disconnects during graceful shutdown
- * - Adds `ctx.db` to procedure handlers
- *
- * @example
- * ```typescript
- * import { veloxApp } from '@veloxts/core';
- * import { PrismaClient } from '@prisma/client';
- * import { databasePlugin } from '@veloxts/orm';
- *
- * const prisma = new PrismaClient();
- * const app = await veloxApp({ port: 3030 });
- *
- * await app.register(databasePlugin({ client: prisma }));
- * await app.start();
- * ```
- */
-databasePlugin, } from './plugin.js';
+export { databasePlugin } from './plugin.js';

package/dist/plugin.js

@@ -131,18 +131,13 @@ export function databasePlugin(config) {
             'Ensure you are passing a valid Prisma client instance.');
     }
     const pluginName = config.name ?? DEFAULT_PLUGIN_NAME;
-    // Plugin state - holds the database wrapper
-    const state = {
-        database: null,
-    };
+    let database = null;
     return definePlugin({
         name: pluginName,
         version: ORM_PLUGIN_VERSION,
         async register(server) {
-            // Create database wrapper
-            state.database = createDatabase({ client: config.client });
-            // Connect to the database
-            await state.database.connect();
+            database = createDatabase({ client: config.client });
+            await database.connect();
             // Add database client to request context via onRequest hook
             server.addHook('onRequest', async (request) => {
                 // The context should be created by @veloxts/core's onRequest hook
@@ -158,12 +153,10 @@ export function databasePlugin(config) {
                     });
                 }
             });
-            // Register shutdown hook using Fastify's onClose hook
-            // This ensures the database disconnects during graceful shutdown
             server.addHook('onClose', async () => {
-                if (state.database?.isConnected) {
+                if (database?.isConnected) {
                     try {
-                        await state.database.disconnect();
+                        await database.disconnect();
                         server.log.info('Database disconnected successfully during shutdown');
                     }
                     catch (error) {

package/dist/tenant/client-pool.d.ts

@@ -32,7 +32,3 @@ import type { TenantClientPool as ITenantClientPool, TenantClientPoolConfig } fr
  * ```
  */
 export declare function createTenantClientPool<TClient extends DatabaseClient>(config: TenantClientPoolConfig<TClient>): ITenantClientPool<TClient>;
-/**
- * Type alias for the client pool
- */
-export type { ITenantClientPool as TenantClientPool };

package/dist/tenant/index.js

@@ -53,23 +53,7 @@
 // ============================================================================
 // Errors
 // ============================================================================
-export { ClientCreateError, ClientDisconnectError, 
-// Client pool errors
-ClientPoolExhaustedError, DeprovisionError, getTenantStatusError, 
-// Validation errors
-InvalidSlugError, 
-// Utilities
-isTenantError, 
-// Provisioning errors
-ProvisionError, SchemaAlreadyExistsError, 
-// Schema errors
-SchemaCreateError, SchemaDeleteError, SchemaListError, SchemaMigrateError, SchemaNotFoundError, 
-// Authorization error
-TenantAccessDeniedError, 
-// Base error
-TenantError, TenantIdMissingError, TenantMigratingError, 
-// Tenant errors
-TenantNotFoundError, TenantPendingError, TenantSuspendedError, } from './errors.js';
+export { ClientCreateError, ClientDisconnectError, ClientPoolExhaustedError, DeprovisionError, getTenantStatusError, InvalidSlugError, isTenantError, ProvisionError, SchemaAlreadyExistsError, SchemaCreateError, SchemaDeleteError, SchemaListError, SchemaMigrateError, SchemaNotFoundError, TenantAccessDeniedError, TenantError, TenantIdMissingError, TenantMigratingError, TenantNotFoundError, TenantPendingError, TenantSuspendedError, } from './errors.js';
 // ============================================================================
 // Client Pool
 // ============================================================================

package/dist/tenant/middleware.js

@@ -64,13 +64,14 @@ export function createTenantMiddleware(config) {
         }
         // Get tenant-scoped database client
         const db = await clientPool.getClient(tenant.schemaName);
-        // Build extended context
         const extendedCtx = {
             ...ctx,
             tenant,
             db,
-            ...(publicClient ? { publicDb: publicClient } : {}),
         };
+        if (publicClient) {
+            extendedCtx.publicDb = publicClient;
+        }
         try {
             // Continue to next middleware/handler
             return await next({ ctx: extendedCtx });

package/dist/tenant/schema/manager.js

@@ -44,25 +44,34 @@ const RESERVED_SCHEMAS = new Set([
     'pg_temp',
     'information_schema',
 ]);
+/**
+ * Patterns that indicate dangerous input (SQL injection, shell injection, path traversal)
+ */
+const DANGEROUS_PATTERNS = [
+    /[;|&$`<>]/, // Shell metacharacters
+    /['"`]/, // SQL quotes
+    /\0/, // Null bytes
+    /\.\./, // Path traversal
+    /[\\/]/, // Path separators
+];
 /**
  * Validate database URL format and check for injection patterns
  */
 function validateDatabaseUrl(url) {
+    let parsed;
     try {
-        const parsed = new URL(url);
-        // Only allow postgresql:// protocol
-        if (parsed.protocol !== 'postgresql:' && parsed.protocol !== 'postgres:') {
-            throw new Error('Invalid database protocol');
-        }
-        // Check for shell metacharacters
-        const DANGEROUS_CHARS = /[;|&$`<>(){}[\]!]/;
-        if (DANGEROUS_CHARS.test(url)) {
-            throw new Error('Database URL contains dangerous characters');
-        }
+        parsed = new URL(url);
     }
     catch {
         throw new Error('Invalid database URL format');
     }
+    if (parsed.protocol !== 'postgresql:' && parsed.protocol !== 'postgres:') {
+        throw new Error('Invalid database protocol');
+    }
+    const DANGEROUS_CHARS = /[;|&$`<>(){}[\]!]/;
+    if (DANGEROUS_CHARS.test(url)) {
+        throw new Error('Database URL contains dangerous characters');
+    }
 }
 /**
  * Validate Prisma schema path to prevent path traversal
@@ -168,14 +177,6 @@ export function createTenantSchemaManager(config) {
         if (!VALID_SLUG_REGEX.test(slug)) {
             throw new InvalidSlugError(slug, 'slug must contain only lowercase letters, numbers, and hyphens');
         }
-        // Check for dangerous patterns
-        const DANGEROUS_PATTERNS = [
-            /[;|&$`<>]/, // Shell metacharacters
-            /['"`]/, // SQL quotes
-            /\0/, // Null bytes
-            /\.\./, // Path traversal
-            /[\\/]/, // Path separators
-        ];
         for (const pattern of DANGEROUS_PATTERNS) {
             if (pattern.test(slug)) {
                 throw new InvalidSlugError(slug, 'slug contains forbidden characters');
@@ -205,8 +206,6 @@ export function createTenantSchemaManager(config) {
         if (RESERVED_SCHEMAS.has(schemaName.toLowerCase())) {
             throw new Error(`Cannot use reserved schema name: ${schemaName}`);
         }
-        // Additional security checks
-        const DANGEROUS_PATTERNS = [/[;|&$`<>]/, /['"`]/, /\0/, /\.\./, /[\\/]/];
         for (const pattern of DANGEROUS_PATTERNS) {
             if (pattern.test(schemaName)) {
                 throw new Error(`Schema name contains forbidden characters: ${schemaName}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/orm",
-  "version": "0.7.0",
+  "version": "0.7.2",
   "description": "Prisma wrapper with enhanced DX for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -19,7 +19,7 @@
     "fastify": "5.7.4",
     "pg": "8.18.0",
     "pg-format": "1.0.4",
-    "@veloxts/core": "0.7.0"
+    "@veloxts/core": "0.7.2"
   },
   "devDependencies": {
     "@types/pg": "8.16.0",