npm - @vertz/server - Versions diffs - 0.2.16 → 0.2.18 - Mend

@vertz/server 0.2.16 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -4,6 +4,46 @@ import { ModelEntry } from "@vertz/db";
 import { AuthError, Result } from "@vertz/errors";
 import { Infer, ObjectSchema, StringSchema } from "@vertz/schema";
 /**
+* InMemoryClosureStore — closure table for resource hierarchy.
+*
+* Stores ancestor/descendant relationships with depth tracking.
+* Self-reference rows (depth 0) are created for every resource.
+* Hierarchy depth is capped at 4 levels.
+*/
+interface ClosureRow {
+	ancestorType: string;
+	ancestorId: string;
+	descendantType: string;
+	descendantId: string;
+	depth: number;
+}
+interface ClosureEntry {
+	type: string;
+	id: string;
+	depth: number;
+}
+interface ParentRef {
+	parentType: string;
+	parentId: string;
+}
+interface ClosureStore {
+	addResource(type: string, id: string, parent?: ParentRef): Promise<void>;
+	removeResource(type: string, id: string): Promise<void>;
+	getAncestors(type: string, id: string): Promise<ClosureEntry[]>;
+	getDescendants(type: string, id: string): Promise<ClosureEntry[]>;
+	hasPath(ancestorType: string, ancestorId: string, descendantType: string, descendantId: string): Promise<boolean>;
+	dispose(): void;
+}
+declare class InMemoryClosureStore implements ClosureStore {
+	private rows;
+	addResource(type: string, id: string, parent?: ParentRef): Promise<void>;
+	removeResource(type: string, id: string): Promise<void>;
+	getAncestors(type: string, id: string): Promise<ClosureEntry[]>;
+	getDescendants(type: string, id: string): Promise<ClosureEntry[]>;
+	hasPath(ancestorType: string, ancestorId: string, descendantType: string, descendantId: string): Promise<boolean>;
+	dispose(): void;
+}
+/**
 * rules.* builders — declarative access rule data structures.
 *
 * These are pure data structures with no evaluation logic.
@@ -207,43 +247,102 @@ interface AccessDefinition {
 }
 declare function defineAccess(input: DefineAccessInput): AccessDefinition;
 /**
-* InMemoryClosureStore — closure table for resource hierarchy.
+* Feature Flag Store — per-tenant boolean feature flags.
 *
-* Stores ancestor/descendant relationships with depth tracking.
-* Self-reference rows (depth 0) are created for every resource.
-* Hierarchy depth is capped at 4 levels.
+* Pluggable interface with in-memory default.
+* Used by Layer 1 of access context to gate entitlements on feature flags.
 */
-interface ClosureRow {
-	ancestorType: string;
-	ancestorId: string;
-	descendantType: string;
-	descendantId: string;
-	depth: number;
+interface FlagStore {
+	setFlag(tenantId: string, flag: string, enabled: boolean): void;
+	getFlag(tenantId: string, flag: string): boolean;
+	getFlags(tenantId: string): Record<string, boolean>;
 }
-interface ClosureEntry {
-	type: string;
-	id: string;
-	depth: number;
+declare class InMemoryFlagStore implements FlagStore {
+	private flags;
+	setFlag(tenantId: string, flag: string, enabled: boolean): void;
+	getFlag(tenantId: string, flag: string): boolean;
+	getFlags(tenantId: string): Record<string, boolean>;
 }
-interface ParentRef {
-	parentType: string;
-	parentId: string;
+/** Limit override: add (additive) or max (hard cap) */
+interface LimitOverrideDef {
+	add?: number;
+	max?: number;
 }
-interface ClosureStore {
-	addResource(type: string, id: string, parent?: ParentRef): Promise<void>;
-	removeResource(type: string, id: string): Promise<void>;
-	getAncestors(type: string, id: string): Promise<ClosureEntry[]>;
-	getDescendants(type: string, id: string): Promise<ClosureEntry[]>;
-	hasPath(ancestorType: string, ancestorId: string, descendantType: string, descendantId: string): Promise<boolean>;
+/** Per-tenant overrides */
+interface TenantOverrides {
+	features?: string[];
+	limits?: Record<string, LimitOverrideDef>;
+}
+interface OverrideStore {
+	set(tenantId: string, overrides: TenantOverrides): Promise<void>;
+	remove(tenantId: string, keys: {
+		features?: string[];
+		limits?: string[];
+	}): Promise<void>;
+	get(tenantId: string): Promise<TenantOverrides | null>;
 	dispose(): void;
 }
-declare class InMemoryClosureStore implements ClosureStore {
-	private rows;
-	addResource(type: string, id: string, parent?: ParentRef): Promise<void>;
-	removeResource(type: string, id: string): Promise<void>;
-	getAncestors(type: string, id: string): Promise<ClosureEntry[]>;
-	getDescendants(type: string, id: string): Promise<ClosureEntry[]>;
-	hasPath(ancestorType: string, ancestorId: string, descendantType: string, descendantId: string): Promise<boolean>;
+declare class InMemoryOverrideStore implements OverrideStore {
+	private overrides;
+	set(tenantId: string, overrides: TenantOverrides): Promise<void>;
+	remove(tenantId: string, keys: {
+		features?: string[];
+		limits?: string[];
+	}): Promise<void>;
+	get(tenantId: string): Promise<TenantOverrides | null>;
+	dispose(): void;
+}
+/**
+* Validate tenant overrides against the access definition.
+* Throws on invalid limit keys, invalid feature names, or invalid max values.
+*/
+declare function validateOverrides(accessDef: AccessDefinition, overrides: TenantOverrides): void;
+/**
+* Plan Version Store — tracks versioned snapshots of plan configurations.
+*
+* When a plan's config changes (hash differs), a new version is created
+* with a snapshot of the plan's features, limits, and price at that point.
+*/
+interface PlanSnapshot {
+	features: readonly string[] | string[];
+	limits: Record<string, unknown>;
+	price: {
+		amount: number;
+		interval: string;
+	} | null;
+}
+interface PlanVersionInfo {
+	planId: string;
+	version: number;
+	hash: string;
+	snapshot: PlanSnapshot;
+	createdAt: Date;
+}
+interface PlanVersionStore {
+	/** Create a new version for a plan. Returns the version number. */
+	createVersion(planId: string, hash: string, snapshot: PlanSnapshot): Promise<number>;
+	/** Get the current (latest) version number for a plan. Returns null if no versions exist. */
+	getCurrentVersion(planId: string): Promise<number | null>;
+	/** Get a specific version's info. Returns null if not found. */
+	getVersion(planId: string, version: number): Promise<PlanVersionInfo | null>;
+	/** Get the version number a tenant is on for a given plan. Returns null if not set. */
+	getTenantVersion(tenantId: string, planId: string): Promise<number | null>;
+	/** Set the version number a tenant is on for a given plan. */
+	setTenantVersion(tenantId: string, planId: string, version: number): Promise<void>;
+	/** Get the hash of the current (latest) version for a plan. Returns null if no versions. */
+	getCurrentHash(planId: string): Promise<string | null>;
+	/** Clean up resources. */
+	dispose(): void;
+}
+declare class InMemoryPlanVersionStore implements PlanVersionStore {
+	private versions;
+	private tenantVersions;
+	createVersion(planId: string, hash: string, snapshot: PlanSnapshot): Promise<number>;
+	getCurrentVersion(planId: string): Promise<number | null>;
+	getVersion(planId: string, version: number): Promise<PlanVersionInfo | null>;
+	getTenantVersion(tenantId: string, planId: string): Promise<number | null>;
+	setTenantVersion(tenantId: string, planId: string, version: number): Promise<void>;
+	getCurrentHash(planId: string): Promise<string | null>;
 	dispose(): void;
 }
 interface RoleAssignment {
@@ -274,23 +373,6 @@ declare class InMemoryRoleAssignmentStore implements RoleAssignmentStore {
 	getEffectiveRole(userId: string, resourceType: string, resourceId: string, accessDef: AccessDefinition, closureStore: ClosureStore): Promise<string | null>;
 	dispose(): void;
 }
-/**
-* Feature Flag Store — per-tenant boolean feature flags.
-*
-* Pluggable interface with in-memory default.
-* Used by Layer 1 of access context to gate entitlements on feature flags.
-*/
-interface FlagStore {
-	setFlag(tenantId: string, flag: string, enabled: boolean): void;
-	getFlag(tenantId: string, flag: string): boolean;
-	getFlags(tenantId: string): Record<string, boolean>;
-}
-declare class InMemoryFlagStore implements FlagStore {
-	private flags;
-	setFlag(tenantId: string, flag: string, enabled: boolean): void;
-	getFlag(tenantId: string, flag: string): boolean;
-	getFlags(tenantId: string): Record<string, boolean>;
-}
 /** Per-tenant limit override. Only affects the cap, not the billing period. */
 interface LimitOverride {
 	max: number;
@@ -377,88 +459,6 @@ declare class InMemoryWalletStore implements WalletStore {
 	getConsumption(tenantId: string, entitlement: string, periodStart: Date, _periodEnd: Date): Promise<number>;
 	dispose(): void;
 }
-/** Limit override: add (additive) or max (hard cap) */
-interface LimitOverrideDef {
-	add?: number;
-	max?: number;
-}
-/** Per-tenant overrides */
-interface TenantOverrides {
-	features?: string[];
-	limits?: Record<string, LimitOverrideDef>;
-}
-interface OverrideStore {
-	set(tenantId: string, overrides: TenantOverrides): Promise<void>;
-	remove(tenantId: string, keys: {
-		features?: string[];
-		limits?: string[];
-	}): Promise<void>;
-	get(tenantId: string): Promise<TenantOverrides | null>;
-	dispose(): void;
-}
-declare class InMemoryOverrideStore implements OverrideStore {
-	private overrides;
-	set(tenantId: string, overrides: TenantOverrides): Promise<void>;
-	remove(tenantId: string, keys: {
-		features?: string[];
-		limits?: string[];
-	}): Promise<void>;
-	get(tenantId: string): Promise<TenantOverrides | null>;
-	dispose(): void;
-}
-/**
-* Validate tenant overrides against the access definition.
-* Throws on invalid limit keys, invalid feature names, or invalid max values.
-*/
-declare function validateOverrides(accessDef: AccessDefinition, overrides: TenantOverrides): void;
-/**
-* Plan Version Store — tracks versioned snapshots of plan configurations.
-*
-* When a plan's config changes (hash differs), a new version is created
-* with a snapshot of the plan's features, limits, and price at that point.
-*/
-interface PlanSnapshot {
-	features: readonly string[] | string[];
-	limits: Record<string, unknown>;
-	price: {
-		amount: number;
-		interval: string;
-	} | null;
-}
-interface PlanVersionInfo {
-	planId: string;
-	version: number;
-	hash: string;
-	snapshot: PlanSnapshot;
-	createdAt: Date;
-}
-interface PlanVersionStore {
-	/** Create a new version for a plan. Returns the version number. */
-	createVersion(planId: string, hash: string, snapshot: PlanSnapshot): Promise<number>;
-	/** Get the current (latest) version number for a plan. Returns null if no versions exist. */
-	getCurrentVersion(planId: string): Promise<number | null>;
-	/** Get a specific version's info. Returns null if not found. */
-	getVersion(planId: string, version: number): Promise<PlanVersionInfo | null>;
-	/** Get the version number a tenant is on for a given plan. Returns null if not set. */
-	getTenantVersion(tenantId: string, planId: string): Promise<number | null>;
-	/** Set the version number a tenant is on for a given plan. */
-	setTenantVersion(tenantId: string, planId: string, version: number): Promise<void>;
-	/** Get the hash of the current (latest) version for a plan. Returns null if no versions. */
-	getCurrentHash(planId: string): Promise<string | null>;
-	/** Clean up resources. */
-	dispose(): void;
-}
-declare class InMemoryPlanVersionStore implements PlanVersionStore {
-	private versions;
-	private tenantVersions;
-	createVersion(planId: string, hash: string, snapshot: PlanSnapshot): Promise<number>;
-	getCurrentVersion(planId: string): Promise<number | null>;
-	getVersion(planId: string, version: number): Promise<PlanVersionInfo | null>;
-	getTenantVersion(tenantId: string, planId: string): Promise<number | null>;
-	setTenantVersion(tenantId: string, planId: string, version: number): Promise<void>;
-	getCurrentHash(planId: string): Promise<string | null>;
-	dispose(): void;
-}
 interface ResourceRef {
 	type: string;
 	id: string;
@@ -963,11 +963,15 @@ interface AuthInstance {
 	*/
 	resolveSessionForSSR: (request: Request) => Promise<{
 		session: {
-			user: Record<string, unknown>;
+			user: {
+				id: string;
+				email: string;
+				role: string;
+				[key: string]: unknown;
+			};
 			expiresAt: number;
 		};
-		/** AccessSet | null at runtime; typed as unknown to avoid cross-package dependency on @vertz/ui */
-		accessSet?: unknown;
+		accessSet?: AccessSet | null;
 	} | null>;
 }
 interface AuthContext {
@@ -1809,6 +1813,43 @@ interface RelationConfigObject<TColumnKeys extends string = string> {
 	readonly maxLimit?: number;
 }
 type EntityRelationsConfig<TRelations extends Record<string, RelationDef2> = Record<string, RelationDef2>> = { [K in keyof TRelations]? : true | false | RelationConfigObject<RelationColumnKeys<TRelations[K]>> };
+/** Extract the target table type from a RelationDef. */
+type RelationTargetTable<R> = R extends RelationDef2<infer T> ? T : TableDef;
+/** Structured expose config for a relation. Controls field, filter, sort, and nested relation exposure. */
+interface RelationExposeConfig<R extends RelationDef2 = RelationDef2> {
+	/** Which fields of the related entity to expose. */
+	readonly select: { [K in PublicColumnKeys<RelationTargetTable<R>>]? : true | AccessRule };
+	/** Which fields clients can filter on via VertzQL `where`. */
+	readonly allowWhere?: { [K in PublicColumnKeys<RelationTargetTable<R>>]? : true | AccessRule };
+	/** Which fields clients can sort on via VertzQL `orderBy`. */
+	readonly allowOrderBy?: { [K in PublicColumnKeys<RelationTargetTable<R>>]? : true | AccessRule };
+	/** Max items returned per parent row. Defaults to DEFAULT_RELATION_LIMIT. */
+	readonly maxLimit?: number;
+	/** Nested relation exposure (loosely typed — target model relations not available from RelationDef). */
+	readonly include?: Record<string, true | false | RelationExposeConfig>;
+}
+/** Controls which fields, filters, sorts, and relations are exposed through the entity API. */
+interface ExposeConfig<
+	TTable extends TableDef = TableDef,
+	TModel extends ModelDef4 = ModelDef4
+> {
+	/** Which fields of the entity to expose. Required when expose is present. */
+	readonly select: { [K in PublicColumnKeys<TTable>]? : true | AccessRule };
+	/** Which fields clients can filter on via VertzQL `where`. */
+	readonly allowWhere?: { [K in PublicColumnKeys<TTable>]? : true | AccessRule };
+	/** Which fields clients can sort on via VertzQL `orderBy`. */
+	readonly allowOrderBy?: { [K in PublicColumnKeys<TTable>]? : true | AccessRule };
+	/** Which relations to expose and how. */
+	readonly include?: { [K in keyof TModel["relations"]]? : true | false | RelationExposeConfig<TModel["relations"][K] extends RelationDef2 ? TModel["relations"][K] : RelationDef2> };
+}
+/** Extract non-hidden column keys from a table (public fields). */
+type PublicColumnKeys<TTable extends TableDef> = TTable extends TableDef<infer TCols> ? { [K in keyof TCols & string] : TCols[K] extends {
+	_meta: {
+		_annotations: {
+			hidden: true;
+		};
+	};
+} ? never : K }[keyof TCols & string] : string;
 interface EntityConfig<
 	TModel extends ModelDef4 = ModelDef4,
 	TActions extends Record<string, EntityActionDef<any, any, any, any>> = {},
@@ -1831,7 +1872,7 @@ interface EntityConfig<
 		readonly delete?: (row: TModel["table"]["$response"], ctx: EntityContext<TModel, TInject>) => void | Promise<void>;
 	};
 	readonly actions?: { readonly [K in keyof TActions] : TActions[K] };
-	readonly relations?: EntityRelationsConfig<TModel["relations"]>;
+	readonly expose?: ExposeConfig<TModel["table"], TModel>;
 }
 interface EntityDefinition<TModel extends ModelDef4 = ModelDef4> {
 	readonly kind: "entity";
@@ -1842,7 +1883,7 @@ interface EntityDefinition<TModel extends ModelDef4 = ModelDef4> {
 	readonly before: EntityBeforeHooks;
 	readonly after: EntityAfterHooks;
 	readonly actions: Record<string, EntityActionDef>;
-	readonly relations: EntityRelationsConfig<TModel["relations"]>;
+	readonly expose?: ExposeConfig<TModel["table"], TModel>;
 	/** DB table name (defaults to entity name). */
 	readonly table: string;
 	/** Whether CRUD auto-filters by tenantId. */
@@ -2042,4 +2083,4 @@ declare function service<
 	TInject extends Record<string, EntityDefinition> = {},
 	TActions extends Record<string, ServiceActionDef<any, any, any>> = Record<string, ServiceActionDef<any, any, any>>
 >(name: string, config: ServiceConfig<TActions, TInject>): ServiceDefinition;
-export { vertz, verifyPassword, validatePassword, validateOverrides, validateAuthModels, stripReadOnlyFields, stripHiddenFields, service, rules, resolveTenantChain, makeImmutable, isContentDescriptor, initializeAuthTables, hashPassword, google, github, getIncompatibleAddOns, generateEntityRoutes, entityErrorHandler, entity, enforceAccess, encodeAccessSet, discord, defineAccess, defaultAccess, deepFreeze, decodeAccessSet, createWebhookHandler, createStripeBillingAdapter, createServer, createPlanManager, createMiddleware, createImmutableProxy, createEnv, createEntityContext, createCrudHandlers, createBillingEventEmitter, createAuth, createAccessEventBroadcaster, createAccessContext, createAccess, content, computePlanHash, computeOverage, computeEntityAccess, computeAccessSet, checkFva, checkAddOnCompatibility, calculateBillingPeriod, authModels, WebhookHandlerConfig, WalletStore, WalletEntry, VertzException, ValidationException, UserTableEntry, UserStore, UnauthorizedException, TenantOverrides, TenantChainHop, TenantChain, SubscriptionStore, Subscription, StripeProduct, StripePrice, StripeClient, StripeBillingAdapterConfig, StoredSession, StoredPasswordReset, StoredEmailVerification, SignUpInput, SignInInput, SessionStrategy, SessionStore, SessionPayload, SessionInfo, SessionConfig, Session, ServiceUnavailableException, ServiceRequestInfo, ServiceDefinition, ServiceContext, ServiceConfig, ServiceActionDef, ServerInstance, ServerHandle, ServerConfig, ServerAdapter, RuleContext, RoleAssignmentTableEntry, RoleAssignmentStore, RoleAssignment, ResourceRef, Resource, RequestInfo, RawRequest, RateLimitStore, RateLimitResult, RateLimitConfig, PriceInterval, PlanVersionStore, PlanVersionInfo, PlanSnapshot, PlanPrice, PlanHashInput, PlanDef, Period, PasswordResetStore, PasswordResetConfig, PasswordRequirements, ParentRef, OverrideStore, OverageInput, OverageConfig, OnUserCreatedPayload, OAuthUserInfo, OAuthTokens, OAuthProviderConfig, OAuthProvider, OAuthAccountStore, NotFoundException, NamedMiddlewareDef, MiddlewareDef, MfaSetupData, MfaConfig, MfaChallengeData, MFAStore, ListenOptions, ListResult, ListOptions2 as ListOptions, LimitOverrideDef, LimitOverride, LimitDef, InternalServerErrorException, InferSchema, Infer2 as Infer, InMemoryWalletStore, InMemoryUserStore, InMemorySubscriptionStore, InMemorySessionStore, InMemoryRoleAssignmentStore, InMemoryRateLimitStore, InMemoryPlanVersionStore, InMemoryPasswordResetStore, InMemoryOverrideStore, InMemoryOAuthAccountStore, InMemoryMFAStore, InMemoryGrandfatheringStore, InMemoryFlagStore, InMemoryEmailVerificationStore, InMemoryClosureStore, HttpStatusCode, HttpMethod, HandlerCtx, GrandfatheringStore, GrandfatheringState, ForbiddenException, FlagStore, EnvConfig, EntityRouteOptions, EntityRelationsConfig, EntityRegistry, EntityOperations, EntityErrorResult, EntityDefinition, EntityDef, EntityDbAdapter2 as EntityDbAdapter, EntityContext, EntityConfig, EntityActionDef, EntitlementValue, EntitlementRegistry, EntitlementDefinition, EntitlementDef, Entitlement, EncodedAccessSet, EmailVerificationStore, EmailVerificationConfig, EmailPasswordConfig, Deps, DenialReason, DenialMeta, DefineAccessInput, DeepReadonly, DbUserStore, DbSubscriptionStore, DbSessionStore, DbRoleAssignmentStore, DbOAuthAccountStore, DbFlagStore, DbDialectName, DbClosureStore, Ctx, CrudResult, CrudHandlers, CorsConfig, CookieConfig, ContentDescriptor, ConsumeResult, ConflictException, ComputeAccessSetConfig, ClosureStore, ClosureRow, ClosureEntry, BillingPeriod, BillingEventType, BillingEventHandler, BillingEventEmitter, BillingEvent, BillingAdapter, BaseContext, BadRequestException, AuthorizationError, AuthUser, AuthTokens, AuthInstance, AuthEntityProxy, AuthDbClient, AuthContext, AuthConfig, AuthCallbackContext, AuthApi, AppConfig2 as AppConfig, AppBuilder2 as AppBuilder, AddOnRequires, AclClaim, AccumulateProvides, AccessWsData, AccessSet, AccessRule2 as AccessRule, AccessInstance, AccessEventBroadcasterConfig, AccessEventBroadcaster, AccessEvent, AccessDefinition, AccessContextConfig, AccessContext, AccessConfig, AccessCheckResult, AccessCheckData, AUTH_TABLE_NAMES };
+export { vertz, verifyPassword, validatePassword, validateOverrides, validateAuthModels, stripReadOnlyFields, stripHiddenFields, service, rules, resolveTenantChain, makeImmutable, isContentDescriptor, initializeAuthTables, hashPassword, google, github, getIncompatibleAddOns, generateEntityRoutes, entityErrorHandler, entity, enforceAccess, encodeAccessSet, discord, defineAccess, defaultAccess, deepFreeze, decodeAccessSet, createWebhookHandler, createStripeBillingAdapter, createServer, createPlanManager, createMiddleware, createImmutableProxy, createEnv, createEntityContext, createCrudHandlers, createBillingEventEmitter, createAuth, createAccessEventBroadcaster, createAccessContext, createAccess, content, computePlanHash, computeOverage, computeEntityAccess, computeAccessSet, checkFva, checkAddOnCompatibility, calculateBillingPeriod, authModels, WebhookHandlerConfig, WalletStore, WalletEntry, VertzException, ValidationException, UserTableEntry, UserStore, UnauthorizedException, TenantOverrides, TenantChainHop, TenantChain, SubscriptionStore, Subscription, StripeProduct, StripePrice, StripeClient, StripeBillingAdapterConfig, StoredSession, StoredPasswordReset, StoredEmailVerification, SignUpInput, SignInInput, SessionStrategy, SessionStore, SessionPayload, SessionInfo, SessionConfig, Session, ServiceUnavailableException, ServiceRequestInfo, ServiceDefinition, ServiceContext, ServiceConfig, ServiceActionDef, ServerInstance, ServerHandle, ServerConfig, ServerAdapter, RuleContext, RoleAssignmentTableEntry, RoleAssignmentStore, RoleAssignment, ResourceRef, Resource, RequestInfo, RelationExposeConfig, RawRequest, RateLimitStore, RateLimitResult, RateLimitConfig, PriceInterval, PlanVersionStore, PlanVersionInfo, PlanSnapshot, PlanPrice, PlanHashInput, PlanDef, Period, PasswordResetStore, PasswordResetConfig, PasswordRequirements, ParentRef, OverrideStore, OverageInput, OverageConfig, OnUserCreatedPayload, OAuthUserInfo, OAuthTokens, OAuthProviderConfig, OAuthProvider, OAuthAccountStore, NotFoundException, NamedMiddlewareDef, MiddlewareDef, MfaSetupData, MfaConfig, MfaChallengeData, MFAStore, ListenOptions, ListResult, ListOptions2 as ListOptions, LimitOverrideDef, LimitOverride, LimitDef, InternalServerErrorException, InferSchema, Infer2 as Infer, InMemoryWalletStore, InMemoryUserStore, InMemorySubscriptionStore, InMemorySessionStore, InMemoryRoleAssignmentStore, InMemoryRateLimitStore, InMemoryPlanVersionStore, InMemoryPasswordResetStore, InMemoryOverrideStore, InMemoryOAuthAccountStore, InMemoryMFAStore, InMemoryGrandfatheringStore, InMemoryFlagStore, InMemoryEmailVerificationStore, InMemoryClosureStore, HttpStatusCode, HttpMethod, HandlerCtx, GrandfatheringStore, GrandfatheringState, ForbiddenException, FlagStore, ExposeConfig, EnvConfig, EntityRouteOptions, EntityRelationsConfig, EntityRegistry, EntityOperations, EntityErrorResult, EntityDefinition, EntityDef, EntityDbAdapter2 as EntityDbAdapter, EntityContext, EntityConfig, EntityActionDef, EntitlementValue, EntitlementRegistry, EntitlementDefinition, EntitlementDef, Entitlement, EncodedAccessSet, EmailVerificationStore, EmailVerificationConfig, EmailPasswordConfig, Deps, DenialReason, DenialMeta, DefineAccessInput, DeepReadonly, DbUserStore, DbSubscriptionStore, DbSessionStore, DbRoleAssignmentStore, DbOAuthAccountStore, DbFlagStore, DbDialectName, DbClosureStore, Ctx, CrudResult, CrudHandlers, CorsConfig, CookieConfig, ContentDescriptor, ConsumeResult, ConflictException, ComputeAccessSetConfig, ClosureStore, ClosureRow, ClosureEntry, BillingPeriod, BillingEventType, BillingEventHandler, BillingEventEmitter, BillingEvent, BillingAdapter, BaseContext, BadRequestException, AuthorizationError, AuthUser, AuthTokens, AuthInstance, AuthEntityProxy, AuthDbClient, AuthContext, AuthConfig, AuthCallbackContext, AuthApi, AppConfig2 as AppConfig, AppBuilder2 as AppBuilder, AddOnRequires, AclClaim, AccumulateProvides, AccessWsData, AccessSet, AccessRule2 as AccessRule, AccessInstance, AccessEventBroadcasterConfig, AccessEventBroadcaster, AccessEvent, AccessDefinition, AccessContextConfig, AccessContext, AccessConfig, AccessCheckResult, AccessCheckData, AUTH_TABLE_NAMES };

package/dist/index.js CHANGED Viewed

@@ -5992,6 +5992,15 @@ function applySelect(select, data) {
   }
   return result;
 }
+function nullGuardedFields(nulledFields, data) {
+  if (nulledFields.size === 0)
+    return data;
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    result[key] = nulledFields.has(key) ? null : value;
+  }
+  return result;
+}
 function stripReadOnlyFields(table, data) {
   const excludedKeys = new Set;
   for (const key of Object.keys(table._columns)) {
@@ -6227,6 +6236,260 @@ import {
   err as err4,
   ok as ok4
 } from "@vertz/errors";
+// src/entity/vertzql-parser.ts
+function extractAllowKeys(allow) {
+  if (!allow)
+    return [];
+  if (Array.isArray(allow))
+    return allow;
+  return Object.keys(allow);
+}
+var MAX_CURSOR_LENGTH = 512;
+var MAX_LIMIT = 1000;
+var MAX_Q_BASE64_LENGTH = 10240;
+var ALLOWED_Q_KEYS = new Set(["select", "include", "where", "orderBy", "limit"]);
+function parseVertzQL(query) {
+  const result = {};
+  for (const [key, value] of Object.entries(query)) {
+    const whereMatch = key.match(/^where\[([^\]]+)\](?:\[([^\]]+)\])?$/);
+    if (whereMatch) {
+      if (!result.where)
+        result.where = {};
+      const field = whereMatch[1];
+      const op = whereMatch[2];
+      const existing = result.where[field];
+      if (op) {
+        const base = existing && typeof existing === "object" ? existing : existing !== undefined ? { eq: existing } : {};
+        result.where[field] = { ...base, [op]: value };
+      } else {
+        if (existing && typeof existing === "object") {
+          result.where[field] = { ...existing, eq: value };
+        } else {
+          result.where[field] = value;
+        }
+      }
+      continue;
+    }
+    if (key === "limit") {
+      const parsed = Number.parseInt(value, 10);
+      if (!Number.isNaN(parsed)) {
+        result.limit = Math.max(0, Math.min(parsed, MAX_LIMIT));
+      }
+      continue;
+    }
+    if (key === "after") {
+      if (value && value.length <= MAX_CURSOR_LENGTH) {
+        result.after = value;
+      }
+      continue;
+    }
+    if (key === "orderBy") {
+      const [field, dir] = value.split(":");
+      if (field) {
+        if (!result.orderBy)
+          result.orderBy = {};
+        result.orderBy[field] = dir === "desc" ? "desc" : "asc";
+      }
+      continue;
+    }
+    if (key === "q") {
+      try {
+        const urlDecoded = decodeURIComponent(value);
+        if (urlDecoded.length > MAX_Q_BASE64_LENGTH) {
+          result._qError = "q= parameter exceeds maximum allowed size";
+          continue;
+        }
+        const b64 = urlDecoded.replace(/-/g, "+").replace(/_/g, "/");
+        const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+        const decoded = JSON.parse(atob(padded));
+        for (const k of Object.keys(decoded)) {
+          if (!ALLOWED_Q_KEYS.has(k)) {
+            delete decoded[k];
+          }
+        }
+        if (decoded.select && typeof decoded.select === "object") {
+          result.select = decoded.select;
+        }
+        if (decoded.include && typeof decoded.include === "object") {
+          result.include = decoded.include;
+        }
+        if (decoded.where && typeof decoded.where === "object" && !Array.isArray(decoded.where)) {
+          result.where = { ...result.where, ...decoded.where };
+        }
+        if (decoded.orderBy && typeof decoded.orderBy === "object" && !Array.isArray(decoded.orderBy)) {
+          const orderByObj = decoded.orderBy;
+          const sanitized = {};
+          for (const [field, dir] of Object.entries(orderByObj)) {
+            sanitized[field] = dir === "desc" ? "desc" : "asc";
+          }
+          result.orderBy = { ...result.orderBy, ...sanitized };
+        }
+        if (decoded.limit !== undefined) {
+          const parsed = typeof decoded.limit === "number" ? decoded.limit : Number(decoded.limit);
+          if (!Number.isNaN(parsed)) {
+            result.limit = Math.max(0, Math.min(parsed, MAX_LIMIT));
+          }
+        }
+      } catch {
+        result._qError = "Invalid q= parameter: not valid base64 or JSON";
+      }
+    }
+  }
+  return result;
+}
+function getHiddenColumns(table) {
+  const hidden = new Set;
+  for (const key of Object.keys(table._columns)) {
+    const col = table._columns[key];
+    if (col?._meta._annotations.hidden) {
+      hidden.add(key);
+    }
+  }
+  return hidden;
+}
+function validateVertzQL(options, table, relationsConfig, exposeConfig, evaluatedExpose) {
+  if (options._qError) {
+    return { ok: false, error: options._qError };
+  }
+  const hiddenColumns = getHiddenColumns(table);
+  if (options.where) {
+    const allowWhereSet = evaluatedExpose ? evaluatedExpose.allowedWhereFields : null;
+    const allowWhereKeys = !evaluatedExpose && exposeConfig ? extractAllowKeys(exposeConfig.allowWhere) : null;
+    for (const field of Object.keys(options.where)) {
+      if (hiddenColumns.has(field)) {
+        return { ok: false, error: `Field "${field}" is not filterable` };
+      }
+      if (allowWhereSet !== null && !allowWhereSet.has(field)) {
+        return { ok: false, error: `Field "${field}" is not filterable` };
+      }
+      if (allowWhereKeys !== null && !allowWhereKeys.includes(field)) {
+        return { ok: false, error: `Field "${field}" is not filterable` };
+      }
+    }
+  }
+  if (options.orderBy) {
+    const allowOrderBySet = evaluatedExpose ? evaluatedExpose.allowedOrderByFields : null;
+    const allowOrderByKeys = !evaluatedExpose && exposeConfig ? extractAllowKeys(exposeConfig.allowOrderBy) : null;
+    for (const field of Object.keys(options.orderBy)) {
+      if (hiddenColumns.has(field)) {
+        return { ok: false, error: `Field "${field}" is not sortable` };
+      }
+      if (allowOrderBySet !== null && !allowOrderBySet.has(field)) {
+        return { ok: false, error: `Field "${field}" is not sortable` };
+      }
+      if (allowOrderByKeys !== null && !allowOrderByKeys.includes(field)) {
+        return { ok: false, error: `Field "${field}" is not sortable` };
+      }
+    }
+  }
+  if (options.select) {
+    const exposeSelectKeys = exposeConfig ? extractAllowKeys(exposeConfig.select) : null;
+    for (const field of Object.keys(options.select)) {
+      if (hiddenColumns.has(field)) {
+        return { ok: false, error: `Field "${field}" is not selectable` };
+      }
+      if (exposeSelectKeys !== null && exposeSelectKeys.length > 0 && !exposeSelectKeys.includes(field)) {
+        return { ok: false, error: `Field "${field}" is not selectable` };
+      }
+    }
+  }
+  if (options.include && relationsConfig) {
+    const includeResult = validateInclude(options.include, relationsConfig, "");
+    if (!includeResult.ok)
+      return includeResult;
+  }
+  return { ok: true };
+}
+function validateInclude(include, relationsConfig, pathPrefix) {
+  for (const [relation, requested] of Object.entries(include)) {
+    const entityConfig = relationsConfig[relation];
+    const relationPath = pathPrefix ? `${pathPrefix}.${relation}` : relation;
+    if (entityConfig === undefined || entityConfig === false) {
+      return { ok: false, error: `Relation "${relationPath}" is not exposed` };
+    }
+    if (requested === true)
+      continue;
+    const configObj = typeof entityConfig === "object" ? entityConfig : undefined;
+    if (requested.where) {
+      const allowWhereKeys = extractAllowKeys(configObj?.allowWhere);
+      if (!configObj || allowWhereKeys.length === 0) {
+        return {
+          ok: false,
+          error: `Filtering is not enabled on relation '${relationPath}'. ` + "Add 'allowWhere' to the entity relations config."
+        };
+      }
+      const allowedSet = new Set(allowWhereKeys);
+      for (const field of Object.keys(requested.where)) {
+        if (!allowedSet.has(field)) {
+          return {
+            ok: false,
+            error: `Field '${field}' is not filterable on relation '${relationPath}'. ` + `Allowed: ${allowWhereKeys.join(", ")}`
+          };
+        }
+      }
+    }
+    if (requested.orderBy) {
+      const allowOrderByKeys = extractAllowKeys(configObj?.allowOrderBy);
+      if (!configObj || allowOrderByKeys.length === 0) {
+        return {
+          ok: false,
+          error: `Sorting is not enabled on relation '${relationPath}'. ` + "Add 'allowOrderBy' to the entity relations config."
+        };
+      }
+      const allowedSet = new Set(allowOrderByKeys);
+      for (const [field, dir] of Object.entries(requested.orderBy)) {
+        if (!allowedSet.has(field)) {
+          return {
+            ok: false,
+            error: `Field '${field}' is not sortable on relation '${relationPath}'. ` + `Allowed: ${allowOrderByKeys.join(", ")}`
+          };
+        }
+        if (dir !== "asc" && dir !== "desc") {
+          return {
+            ok: false,
+            error: `Invalid orderBy direction '${String(dir)}' for field '${field}' on relation '${relationPath}'. Must be 'asc' or 'desc'.`
+          };
+        }
+      }
+    }
+    if (requested.limit !== undefined) {
+      if (typeof requested.limit !== "number" || !Number.isFinite(requested.limit)) {
+        return {
+          ok: false,
+          error: `Invalid limit on relation '${relationPath}': must be a finite number`
+        };
+      }
+      if (requested.limit < 0) {
+        requested.limit = 0;
+      }
+      if (configObj?.maxLimit !== undefined && requested.limit > configObj.maxLimit) {
+        requested.limit = configObj.maxLimit;
+      }
+    }
+    if (requested.select && configObj?.select) {
+      for (const field of Object.keys(requested.select)) {
+        if (!(field in configObj.select)) {
+          return {
+            ok: false,
+            error: `Field "${field}" is not exposed on relation "${relationPath}"`
+          };
+        }
+      }
+    }
+    if (requested.include) {
+      if (entityConfig === true) {
+        return {
+          ok: false,
+          error: `Nested includes are not supported on relation '${relationPath}' ` + "without a structured relations config."
+        };
+      }
+    }
+  }
+  return { ok: true };
+}
+// src/entity/crud-pipeline.ts
 function resolvePrimaryKeyColumn(table) {
   for (const key of Object.keys(table._columns)) {
     const col = table._columns[key];
@@ -6241,6 +6504,10 @@ function createCrudHandlers(def, db, options) {
   const tenantChain = options?.tenantChain ?? def.tenantChain ?? null;
   const isIndirectlyScoped = tenantChain !== null;
   const queryParentIds = options?.queryParentIds ?? null;
+  const exposeSelect = def.expose?.select ? {
+    ...def.expose.select,
+    ...Object.fromEntries(Object.entries(def.expose.include ?? {}).filter(([, v]) => v !== false).map(([k]) => [k, true]))
+  } : undefined;
   function notFound(id) {
     return err4(new EntityNotFoundError2(`${def.name} with id "${id}" not found`));
   }
@@ -6307,11 +6574,11 @@ function createCrudHandlers(def, db, options) {
       const indirectWhere = await resolveIndirectTenantWhere(ctx);
       const where = indirectWhere ? { ...directWhere, ...indirectWhere } : directWhere;
       const limit = Math.max(0, options2?.limit ?? 20);
-      const after = options2?.after && options2.after.length <= 512 ? options2.after : undefined;
+      const after = options2?.after && options2.after.length <= MAX_CURSOR_LENGTH ? options2.after : undefined;
       const orderBy = options2?.orderBy;
       const include = options2?.include;
       const { data: rows, total } = await db.list({ where, orderBy, limit, after, include });
-      const data = rows.map((row) => narrowRelationFields(def.relations, stripHiddenFields(table, row)));
+      const data = rows.map((row) => applySelect(exposeSelect, narrowRelationFields(def.expose?.include ?? {}, stripHiddenFields(table, row))));
       const pkColumn = resolvePrimaryKeyColumn(table);
       const lastRow = rows[rows.length - 1];
       const nextCursor = limit > 0 && rows.length === limit && lastRow ? String(lastRow[pkColumn]) : null;
@@ -6333,7 +6600,7 @@ function createCrudHandlers(def, db, options) {
         return err4(accessResult.error);
       return ok4({
         status: 200,
-        body: narrowRelationFields(def.relations, stripHiddenFields(table, row))
+        body: applySelect(exposeSelect, narrowRelationFields(def.expose?.include ?? {}, stripHiddenFields(table, row)))
       });
     },
     async create(ctx, data) {
@@ -6376,7 +6643,7 @@ function createCrudHandlers(def, db, options) {
       }
       return ok4({
         status: 201,
-        body: narrowRelationFields(def.relations, strippedResult)
+        body: applySelect(exposeSelect, narrowRelationFields(def.expose?.include ?? {}, strippedResult))
       });
     },
     async update(ctx, id, data) {
@@ -6405,7 +6672,7 @@ function createCrudHandlers(def, db, options) {
       }
       return ok4({
         status: 200,
-        body: narrowRelationFields(def.relations, strippedResult)
+        body: applySelect(exposeSelect, narrowRelationFields(def.expose?.include ?? {}, strippedResult))
       });
     },
     async delete(ctx, id) {
@@ -6493,209 +6760,91 @@ function entityErrorHandler(error) {
   };
 }
-// src/entity/vertzql-parser.ts
-var MAX_LIMIT = 1000;
-var MAX_Q_BASE64_LENGTH = 10240;
-var ALLOWED_Q_KEYS = new Set(["select", "include", "where", "orderBy", "limit", "offset"]);
-function parseVertzQL(query) {
-  const result = {};
-  for (const [key, value] of Object.entries(query)) {
-    const whereMatch = key.match(/^where\[([^\]]+)\](?:\[([^\]]+)\])?$/);
-    if (whereMatch) {
-      if (!result.where)
-        result.where = {};
-      const field = whereMatch[1];
-      const op = whereMatch[2];
-      const existing = result.where[field];
-      if (op) {
-        const base = existing && typeof existing === "object" ? existing : existing !== undefined ? { eq: existing } : {};
-        result.where[field] = { ...base, [op]: value };
-      } else {
-        if (existing && typeof existing === "object") {
-          result.where[field] = { ...existing, eq: value };
-        } else {
-          result.where[field] = value;
-        }
-      }
-      continue;
-    }
-    if (key === "limit") {
-      const parsed = Number.parseInt(value, 10);
-      if (!Number.isNaN(parsed)) {
-        result.limit = Math.max(0, Math.min(parsed, MAX_LIMIT));
-      }
-      continue;
-    }
-    if (key === "after") {
-      if (value) {
-        result.after = value;
-      }
-      continue;
+// src/entity/expose-evaluator.ts
+async function evaluateExposeRule(rule, ctx, options) {
+  switch (rule.type) {
+    case "public":
+      return true;
+    case "authenticated":
+      return ctx.authenticated();
+    case "role":
+      return ctx.role(...rule.roles);
+    case "entitlement": {
+      if (!options.can)
+        return false;
+      return options.can(rule.entitlement);
     }
-    if (key === "orderBy") {
-      const [field, dir] = value.split(":");
-      if (field) {
-        if (!result.orderBy)
-          result.orderBy = {};
-        result.orderBy[field] = dir === "desc" ? "desc" : "asc";
+    case "where":
+      return false;
+    case "all": {
+      for (const sub of rule.rules) {
+        if (!await evaluateExposeRule(sub, ctx, options))
+          return false;
       }
-      continue;
+      return true;
     }
-    if (key === "q") {
-      try {
-        const urlDecoded = decodeURIComponent(value);
-        if (urlDecoded.length > MAX_Q_BASE64_LENGTH) {
-          result._qError = "q= parameter exceeds maximum allowed size";
-          continue;
-        }
-        const b64 = urlDecoded.replace(/-/g, "+").replace(/_/g, "/");
-        const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
-        const decoded = JSON.parse(atob(padded));
-        for (const k of Object.keys(decoded)) {
-          if (!ALLOWED_Q_KEYS.has(k)) {
-            delete decoded[k];
-          }
-        }
-        if (decoded.select && typeof decoded.select === "object") {
-          result.select = decoded.select;
-        }
-        if (decoded.include && typeof decoded.include === "object") {
-          result.include = decoded.include;
-        }
-      } catch {
-        result._qError = "Invalid q= parameter: not valid base64 or JSON";
+    case "any": {
+      for (const sub of rule.rules) {
+        if (await evaluateExposeRule(sub, ctx, options))
+          return true;
       }
+      return false;
     }
-  }
-  return result;
-}
-function getHiddenColumns(table) {
-  const hidden = new Set;
-  for (const key of Object.keys(table._columns)) {
-    const col = table._columns[key];
-    if (col?._meta._annotations.hidden) {
-      hidden.add(key);
+    case "fva": {
+      if (options.fvaAge === undefined)
+        return false;
+      return options.fvaAge <= rule.maxAge;
     }
   }
-  return hidden;
 }
-function validateVertzQL(options, table, relationsConfig) {
-  if (options._qError) {
-    return { ok: false, error: options._qError };
-  }
-  const hiddenColumns = getHiddenColumns(table);
-  if (options.where) {
-    for (const field of Object.keys(options.where)) {
-      if (hiddenColumns.has(field)) {
-        return { ok: false, error: `Field "${field}" is not filterable` };
-      }
-    }
-  }
-  if (options.orderBy) {
-    for (const field of Object.keys(options.orderBy)) {
-      if (hiddenColumns.has(field)) {
-        return { ok: false, error: `Field "${field}" is not sortable` };
-      }
-    }
-  }
-  if (options.select) {
-    for (const field of Object.keys(options.select)) {
-      if (hiddenColumns.has(field)) {
-        return { ok: false, error: `Field "${field}" is not selectable` };
+async function evaluateExposeDescriptors(expose, ctx, options = {}) {
+  const allowedSelectFields = new Set;
+  const nulledFields = new Set;
+  const allowedWhereFields = new Set;
+  const allowedOrderByFields = new Set;
+  for (const [field, value] of Object.entries(expose.select)) {
+    if (value === true) {
+      allowedSelectFields.add(field);
+    } else {
+      const passed = await evaluateExposeRule(value, ctx, options);
+      if (passed) {
+        allowedSelectFields.add(field);
+      } else {
+        allowedSelectFields.add(field);
+        nulledFields.add(field);
       }
     }
   }
-  if (options.include && relationsConfig) {
-    const includeResult = validateInclude(options.include, relationsConfig, "");
-    if (!includeResult.ok)
-      return includeResult;
-  }
-  return { ok: true };
-}
-function validateInclude(include, relationsConfig, pathPrefix) {
-  for (const [relation, requested] of Object.entries(include)) {
-    const entityConfig = relationsConfig[relation];
-    const relationPath = pathPrefix ? `${pathPrefix}.${relation}` : relation;
-    if (entityConfig === undefined || entityConfig === false) {
-      return { ok: false, error: `Relation "${relationPath}" is not exposed` };
-    }
-    if (requested === true)
-      continue;
-    const configObj = typeof entityConfig === "object" ? entityConfig : undefined;
-    if (requested.where) {
-      if (!configObj || !configObj.allowWhere || configObj.allowWhere.length === 0) {
-        return {
-          ok: false,
-          error: `Filtering is not enabled on relation '${relationPath}'. ` + "Add 'allowWhere' to the entity relations config."
-        };
-      }
-      const allowedSet = new Set(configObj.allowWhere);
-      for (const field of Object.keys(requested.where)) {
-        if (!allowedSet.has(field)) {
-          return {
-            ok: false,
-            error: `Field '${field}' is not filterable on relation '${relationPath}'. ` + `Allowed: ${configObj.allowWhere.join(", ")}`
-          };
-        }
-      }
-    }
-    if (requested.orderBy) {
-      if (!configObj || !configObj.allowOrderBy || configObj.allowOrderBy.length === 0) {
-        return {
-          ok: false,
-          error: `Sorting is not enabled on relation '${relationPath}'. ` + "Add 'allowOrderBy' to the entity relations config."
-        };
-      }
-      const allowedSet = new Set(configObj.allowOrderBy);
-      for (const [field, dir] of Object.entries(requested.orderBy)) {
-        if (!allowedSet.has(field)) {
-          return {
-            ok: false,
-            error: `Field '${field}' is not sortable on relation '${relationPath}'. ` + `Allowed: ${configObj.allowOrderBy.join(", ")}`
-          };
-        }
-        if (dir !== "asc" && dir !== "desc") {
-          return {
-            ok: false,
-            error: `Invalid orderBy direction '${String(dir)}' for field '${field}' on relation '${relationPath}'. Must be 'asc' or 'desc'.`
-          };
+  if (expose.allowWhere) {
+    for (const [field, value] of Object.entries(expose.allowWhere)) {
+      if (value === true) {
+        allowedWhereFields.add(field);
+      } else {
+        const passed = await evaluateExposeRule(value, ctx, options);
+        if (passed) {
+          allowedWhereFields.add(field);
         }
       }
     }
-    if (requested.limit !== undefined) {
-      if (typeof requested.limit !== "number" || !Number.isFinite(requested.limit)) {
-        return {
-          ok: false,
-          error: `Invalid limit on relation '${relationPath}': must be a finite number`
-        };
-      }
-      if (requested.limit < 0) {
-        requested.limit = 0;
-      }
-      if (configObj?.maxLimit !== undefined && requested.limit > configObj.maxLimit) {
-        requested.limit = configObj.maxLimit;
-      }
-    }
-    if (requested.select && configObj?.select) {
-      for (const field of Object.keys(requested.select)) {
-        if (!(field in configObj.select)) {
-          return {
-            ok: false,
-            error: `Field "${field}" is not exposed on relation "${relationPath}"`
-          };
+  }
+  if (expose.allowOrderBy) {
+    for (const [field, value] of Object.entries(expose.allowOrderBy)) {
+      if (value === true) {
+        allowedOrderByFields.add(field);
+      } else {
+        const passed = await evaluateExposeRule(value, ctx, options);
+        if (passed) {
+          allowedOrderByFields.add(field);
         }
       }
     }
-    if (requested.include) {
-      if (entityConfig === true) {
-        return {
-          ok: false,
-          error: `Nested includes are not supported on relation '${relationPath}' ` + "without a structured relations config."
-        };
-      }
-    }
   }
-  return { ok: true };
+  return {
+    allowedSelectFields,
+    nulledFields,
+    allowedWhereFields,
+    allowedOrderByFields
+  };
 }
 // src/entity/route-generator.ts
@@ -6718,10 +6867,27 @@ function extractRequestInfo(ctx) {
 function getParams(ctx) {
   return ctx.params ?? {};
 }
+function hasDescriptorValues(record) {
+  if (!record)
+    return false;
+  return Object.values(record).some((v) => v !== true);
+}
+function hasDescriptors(expose) {
+  return hasDescriptorValues(expose.select) || hasDescriptorValues(expose.allowWhere) || hasDescriptorValues(expose.allowOrderBy);
+}
+function applyNulling(data, nulledFields) {
+  return nullGuardedFields(nulledFields, data);
+}
 function generateEntityRoutes(def, registry, db, options) {
   const prefix = options?.apiPrefix ?? "/api";
   const basePath = `${prefix}/${def.name}`;
   const tenantChain = options?.tenantChain ?? null;
+  const exposeValidation = def.expose ? {
+    select: def.expose.select,
+    allowWhere: def.expose.allowWhere,
+    allowOrderBy: def.expose.allowOrderBy
+  } : undefined;
+  const exposeEvalConfig = def.expose ? hasDescriptors(def.expose) ? def.expose : null : null;
   const crudHandlers = createCrudHandlers(def, db, {
     tenantChain,
     queryParentIds: options?.queryParentIds
@@ -6755,8 +6921,9 @@ function generateEntityRoutes(def, registry, db, options) {
             const entityCtx = makeEntityCtx(ctx);
             const query = ctx.query ?? {};
             const parsed = parseVertzQL(query);
-            const relationsConfig = def.relations;
-            const validation = validateVertzQL(parsed, def.model.table, relationsConfig);
+            const evaluated = exposeEvalConfig ? await evaluateExposeDescriptors(exposeEvalConfig, entityCtx) : null;
+            const relationsConfig = def.expose?.include ?? {};
+            const validation = validateVertzQL(parsed, def.model.table, relationsConfig, exposeValidation, evaluated ?? undefined);
             if (!validation.ok) {
               return jsonResponse({ error: { code: "BadRequest", message: validation.error } }, 400);
             }
@@ -6772,6 +6939,9 @@ function generateEntityRoutes(def, registry, db, options) {
               const { status, body } = entityErrorHandler(result.error);
               return jsonResponse(body, status);
             }
+            if (evaluated && evaluated.nulledFields.size > 0 && result.data.body.items) {
+              result.data.body.items = result.data.body.items.map((row) => applyNulling(row, evaluated.nulledFields));
+            }
             if (parsed.select && result.data.body.items) {
               result.data.body.items = result.data.body.items.map((row) => applySelect(parsed.select, row));
             }
@@ -6790,6 +6960,19 @@ function generateEntityRoutes(def, registry, db, options) {
         try {
           const entityCtx = makeEntityCtx(ctx);
           const body = ctx.body ?? {};
+          if (body.after !== undefined) {
+            if (typeof body.after !== "string") {
+              return jsonResponse({ error: { code: "BadRequest", message: "cursor must be a string" } }, 400);
+            }
+            if (body.after.length > MAX_CURSOR_LENGTH) {
+              return jsonResponse({
+                error: {
+                  code: "BadRequest",
+                  message: `cursor exceeds maximum length of ${MAX_CURSOR_LENGTH}`
+                }
+              }, 400);
+            }
+          }
           const parsed = {
             where: body.where,
             orderBy: body.orderBy,
@@ -6798,8 +6981,9 @@ function generateEntityRoutes(def, registry, db, options) {
             select: body.select,
             include: body.include
           };
-          const relationsConfig = def.relations;
-          const validation = validateVertzQL(parsed, def.model.table, relationsConfig);
+          const evaluated = exposeEvalConfig ? await evaluateExposeDescriptors(exposeEvalConfig, entityCtx) : null;
+          const relationsConfig = def.expose?.include ?? {};
+          const validation = validateVertzQL(parsed, def.model.table, relationsConfig, exposeValidation, evaluated ?? undefined);
           if (!validation.ok) {
             return jsonResponse({ error: { code: "BadRequest", message: validation.error } }, 400);
           }
@@ -6815,6 +6999,9 @@ function generateEntityRoutes(def, registry, db, options) {
             const { status, body: errBody } = entityErrorHandler(result.error);
             return jsonResponse(errBody, status);
           }
+          if (evaluated && evaluated.nulledFields.size > 0 && result.data.body.items) {
+            result.data.body.items = result.data.body.items.map((row) => applyNulling(row, evaluated.nulledFields));
+          }
           if (parsed.select && result.data.body.items) {
             result.data.body.items = result.data.body.items.map((row) => applySelect(parsed.select, row));
           }
@@ -6848,8 +7035,9 @@ function generateEntityRoutes(def, registry, db, options) {
             const id = getParams(ctx).id;
             const query = ctx.query ?? {};
             const parsed = parseVertzQL(query);
-            const relationsConfig = def.relations;
-            const validation = validateVertzQL(parsed, def.model.table, relationsConfig);
+            const evaluated = exposeEvalConfig ? await evaluateExposeDescriptors(exposeEvalConfig, entityCtx) : null;
+            const relationsConfig = def.expose?.include ?? {};
+            const validation = validateVertzQL(parsed, def.model.table, relationsConfig, exposeValidation, evaluated ?? undefined);
             if (!validation.ok) {
               return jsonResponse({ error: { code: "BadRequest", message: validation.error } }, 400);
             }
@@ -6859,7 +7047,11 @@ function generateEntityRoutes(def, registry, db, options) {
               const { status, body: body2 } = entityErrorHandler(result.error);
               return jsonResponse(body2, status);
             }
-            const body = parsed.select ? applySelect(parsed.select, result.data.body) : result.data.body;
+            let responseBody = result.data.body;
+            if (evaluated && evaluated.nulledFields.size > 0) {
+              responseBody = applyNulling(responseBody, evaluated.nulledFields);
+            }
+            const body = parsed.select ? applySelect(parsed.select, responseBody) : responseBody;
             return jsonResponse(body, result.data.status);
           } catch (error) {
             const { status, body } = entityErrorHandler(error);
@@ -6894,7 +7086,14 @@ function generateEntityRoutes(def, registry, db, options) {
               const { status, body } = entityErrorHandler(result.error);
               return jsonResponse(body, status);
             }
-            return jsonResponse(result.data.body, result.data.status);
+            let responseBody = result.data.body;
+            if (exposeEvalConfig) {
+              const evaluated = await evaluateExposeDescriptors(exposeEvalConfig, entityCtx);
+              if (evaluated.nulledFields.size > 0) {
+                responseBody = applyNulling(responseBody, evaluated.nulledFields);
+              }
+            }
+            return jsonResponse(responseBody, result.data.status);
           } catch (error) {
             const { status, body } = entityErrorHandler(error);
             return jsonResponse(body, status);
@@ -6929,7 +7128,14 @@ function generateEntityRoutes(def, registry, db, options) {
               const { status, body } = entityErrorHandler(result.error);
               return jsonResponse(body, status);
             }
-            return jsonResponse(result.data.body, result.data.status);
+            let responseBody = result.data.body;
+            if (exposeEvalConfig) {
+              const evaluated = await evaluateExposeDescriptors(exposeEvalConfig, entityCtx);
+              if (evaluated.nulledFields.size > 0) {
+                responseBody = applyNulling(responseBody, evaluated.nulledFields);
+              }
+            }
+            return jsonResponse(responseBody, result.data.status);
           } catch (error) {
             const { status, body } = entityErrorHandler(error);
             return jsonResponse(body, status);
@@ -7447,7 +7653,7 @@ function entity(name, config) {
     before: config.before ?? {},
     after: config.after ?? {},
     actions: config.actions ?? {},
-    relations: config.relations ?? {},
+    expose: config.expose,
     table: config.table ?? name,
     tenantScoped,
     tenantChain: null

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vertz/server",
-  "version": "0.2.16",
+  "version": "0.2.18",
   "type": "module",
   "license": "MIT",
   "description": "Vertz server runtime — modules, routing, and auth",
@@ -31,10 +31,10 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@vertz/core": "^0.2.15",
-    "@vertz/db": "^0.2.15",
-    "@vertz/errors": "^0.2.15",
-    "@vertz/schema": "^0.2.15",
+    "@vertz/core": "^0.2.17",
+    "@vertz/db": "^0.2.17",
+    "@vertz/errors": "^0.2.17",
+    "@vertz/schema": "^0.2.17",
     "bcryptjs": "^3.0.3",
     "jose": "^6.0.11"
   },