@xh/hoist 77.0.0-SNAPSHOT.1761257771095 → 77.0.0-SNAPSHOT.1761672695220

package/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 ## 77.0.0-SNAPSHOT - unreleased
 
+### 💥 Breaking Changes
+
+* The `disableXssProtection` flag supported by `AppSpec` and `FieldSpec` has been removed and
+  replaced with its opposite, `enableXssProtection`, now an opt-in feature.
+    * While store-based XSS protection via DomPurify is still available to apps that can display
+      untrusted or potentially malicious data, this is an uncommon use case for Hoist apps and was
+      deemed to not provide enough benefit relative to potential performance pitfalls for most
+      applications. In addition, the core change to React-based AG Grid rendering has reduced the
+      attack surface for such exploits relative to when this system was first implemented.
+    * Apps that were previously opting-out via `disableXssProtection` should simply remove that
+      flag. Apps for which this protection remains important should enable at either the app level
+      or for selected Fields and/or Stores.
+      
+## 76.2.0 - 2025-10-22
+
+### ⚙️ Technical
+
+* Performance improvements to Store for large data sets.
+* New property `cubeRowType` on `ViewRowData` supports identifying bucketed rows.
+* `waitFor` can accept a null value for a timeout.
+
 ## 76.1.0 - 2025-10-17
 
 ### 🎁 New Features

package/admin/jsonsearch/impl/JsonSearchImplModel.ts

@@ -73,7 +73,7 @@ export class JsonSearchImplModel extends HoistModel {
     override onLinked() {
         this.gridModel = new GridModel({
             ...this.gridModelConfig,
-            emptyText: 'No matches found...',
+            emptyText: 'No matches found.',
             selModel: 'single'
         });
 

package/admin/tabs/activity/tracking/ActivityTrackingModel.ts

@@ -395,7 +395,7 @@ export class ActivityTrackingModel extends HoistModel implements ActivityDetailP
             treeStyle: TreeStyle.HIGHLIGHTS_AND_BORDERS,
             autosizeOptions: {mode: 'managed', includeCollapsedChildren: true},
             exportOptions: {filename: exportFilename('activity-summary')},
-            emptyText: 'No activity reported...',
+            emptyText: 'No activity reported.',
             sortBy: ['cubeLabel'],
             expandLevel: 1,
             levelLabels: () => ['Total', ...this.groupingChooserModel.valueDisplayNames],

package/admin/tabs/cluster/instances/logs/LogDisplayModel.ts

@@ -136,7 +136,7 @@ export class LogDisplayModel extends HoistModel {
             hideHeaders: true,
             rowBorders: false,
             sizingMode: 'tiny',
-            emptyText: 'No log entries found...',
+            emptyText: 'No log entries found.',
             sortBy: 'rowNum|asc',
             autosizeOptions: {mode: 'disabled'},
             store: {

package/admin/tabs/cluster/instances/logs/levels/LogLevelDialogModel.ts

@@ -51,7 +51,7 @@ export class LogLevelDialogModel extends HoistModel {
             showRefreshButton: true,
             store: {
                 url: 'rest/logLevelAdmin',
-                fieldDefaults: {disableXssProtection: true},
+                fieldDefaults: {enableXssProtection: false},
                 fields: [
                     {
                         name: 'name',

package/admin/tabs/general/config/ConfigPanelModel.ts

@@ -57,7 +57,7 @@ export class ConfigPanelModel extends HoistModel {
             store: new RestStore({
                 url: 'rest/configAdmin',
                 reloadLookupsOnLoad: true,
-                fieldDefaults: {disableXssProtection: true},
+                fieldDefaults: {enableXssProtection: false},
                 fields: [
                     {...(Col.name.field as FieldSpec), required},
                     {

package/admin/tabs/monitor/editor/MonitorEditorDialog.ts

@@ -51,7 +51,7 @@ const modelSpec: RestGridConfig = {
     showRefreshButton: true,
     store: {
         url: 'rest/monitorAdmin',
-        fieldDefaults: {disableXssProtection: true},
+        fieldDefaults: {enableXssProtection: false},
         fields: [
             {...(MCol.code.field as FieldSpec), required},
             MCol.metricUnit.field,

package/admin/tabs/userData/jsonblob/JsonBlobModel.ts

@@ -51,7 +51,7 @@ export class JsonBlobModel extends HoistModel {
             store: {
                 url: 'rest/jsonBlobAdmin',
                 reloadLookupsOnLoad: true,
-                fieldDefaults: {disableXssProtection: true},
+                fieldDefaults: {enableXssProtection: false},
                 fields: [
                     {...(JBCol.token.field as FieldSpec), editable: false},
                     JBCol.owner.field,

package/admin/tabs/userData/prefs/UserPreferenceModel.ts

@@ -34,7 +34,7 @@ export class UserPreferenceModel extends HoistModel {
             store: {
                 url: 'rest/userPreferenceAdmin',
                 reloadLookupsOnLoad: true,
-                fieldDefaults: {disableXssProtection: true},
+                fieldDefaults: {enableXssProtection: false},
                 fields: [
                     {
                         ...(Col.name.field as FieldSpec),

package/admin/tabs/userData/prefs/editor/PrefEditorModel.ts

@@ -47,7 +47,7 @@ export class PrefEditorModel extends HoistModel {
             store: {
                 url: 'rest/preferenceAdmin',
                 reloadLookupsOnLoad: true,
-                fieldDefaults: {disableXssProtection: true},
+                fieldDefaults: {enableXssProtection: false},
                 fields: [
                     {...(Col.name.field as FieldSpec), required},
                     {

package/admin/tabs/userData/users/UserModel.ts

@@ -25,6 +25,7 @@ export class UserModel extends HoistModel {
         makeObservable(this);
 
         this.gridModel = new GridModel({
+            emptyText: 'No users found.',
             persistWith: this.persistWith,
             colChooserModel: true,
             enableExport: true,

package/build/types/core/AppSpec.d.ts

@@ -58,12 +58,19 @@ export declare class AppSpec<T extends HoistAppModel = HoistAppModel> {
      */
     disableWebSockets?: boolean;
     /**
-     * True to disable Field-level XSS protection by default across all Stores/Fields in the app.
-     * For use with secure, internal apps that do not display arbitrary/external user input and
-     * have tight performance tolerances and/or load very large record sets.
-     * @see FieldSpec.disableXssProtection
+     * True to enable Field-level XSS protection by default across all Stores/Fields in the app.
+     * Available as an extra precaution for use with apps that might display arbitrary input from
+     * untrusted or external users. This feature does exact a minor performance penalty during data
+     * parsing, which can be significant in aggregate for very large stores containing records with
+     * many `string` fields.
+     *
+     * Note: this flag and its default behavior was changed as of Hoist v77 to be `false`, i.e.
+     * Store-level XSS protection *disabled* by default, in keeping with Hoist's primary use-case:
+     * building secured internal apps with large datasets and tight performance tolerances.
+     *
+     * @see FieldSpec.enableXssProtection
      */
-    disableXssProtection?: boolean;
+    enableXssProtection?: boolean;
     /**
      * True to show a login form on initialization when not authenticated. Default is `false` as
      * most Hoist applications are expected to use OAuth or SSO for authn.
@@ -111,7 +118,7 @@ export declare class AppSpec<T extends HoistAppModel = HoistAppModel> {
     trackAppLoad?: boolean;
     /** @deprecated - use {@link AppSpec.disableWebSockets} instead. */
     webSocketsEnabled?: boolean;
-    constructor({ authModelClass, checkAccess, clientAppCode, clientAppName, componentClass, containerClass, disableWebSockets, disableXssProtection, enableLoginForm, enableLogout, idlePanel, isMobileApp, lockoutMessage, lockoutPanel, loginMessage, modelClass, showBrowserContextMenu, trackAppLoad, webSocketsEnabled }: {
+    constructor({ authModelClass, checkAccess, clientAppCode, clientAppName, componentClass, containerClass, disableWebSockets, enableXssProtection, enableLoginForm, enableLogout, idlePanel, isMobileApp, lockoutMessage, lockoutPanel, loginMessage, modelClass, showBrowserContextMenu, trackAppLoad, webSocketsEnabled }: {
         authModelClass?: typeof HoistAuthModel;
         checkAccess: any;
         clientAppCode?: string;
@@ -119,7 +126,7 @@ export declare class AppSpec<T extends HoistAppModel = HoistAppModel> {
         componentClass: any;
         containerClass: any;
         disableWebSockets?: boolean;
-        disableXssProtection?: boolean;
+        enableXssProtection?: boolean;
         enableLoginForm?: boolean;
         enableLogout?: boolean;
         idlePanel?: any;

package/build/types/data/Field.d.ts

@@ -17,15 +17,24 @@ export interface FieldSpec {
     /** Rules to apply to this field. */
     rules?: RuleLike[];
     /**
-     * True to disable built-in XSS (cross-site scripting) protection, applied by default to all
-     * incoming String values using {@link https://github.com/cure53/DOMPurify | DOMPurify}.
+     * True to enable built-in XSS (cross-site scripting) protection to all incoming String values
+     * using {@link https://github.com/cure53/DOMPurify | DOMPurify}.
      *
      * DOMPurify provides fast escaping of dangerous HTML, scripting, and other content that can be
      * used to execute XSS attacks, while allowing common and expected HTML and style tags.
      *
-     * Please contact XH if you find yourself needing to disable this protection!
+     * This feature does exact a minor performance penalty during data parsing, which can be
+     * significant in aggregate for very large stores containing records with many `string` fields.
+     *
+     * For extra safety, apps which are open to potentially-untrusted users or display other
+     * potentially dangerous string content can opt into this setting app-wide via
+     * {@link AppSpec.enableXssProtection}. Field-level setting will override any app-level default.
+     *
+     * Note: this flag and its default behavior was changed as of Hoist v77 to be `false`, i.e.
+     * Store-level XSS protection *disabled* by default, in keeping with Hoist's primary use-case:
+     * building secured internal apps with large datasets and tight performance tolerances.
      */
-    disableXssProtection?: boolean;
+    enableXssProtection?: boolean;
 }
 /** Metadata for an individual data field within a {@link StoreRecord}. */
 export declare class Field {
@@ -35,8 +44,8 @@ export declare class Field {
     readonly displayName: string;
     readonly defaultValue: any;
     readonly rules: Rule[];
-    readonly disableXssProtection: boolean;
-    constructor({ name, type, displayName, defaultValue, rules, disableXssProtection }: FieldSpec);
+    readonly enableXssProtection: boolean;
+    constructor({ name, type, displayName, defaultValue, rules, enableXssProtection }: FieldSpec);
     parseVal(val: any): any;
     isEqual(val1: any, val2: any): boolean;
     private processRuleSpecs;
@@ -46,11 +55,11 @@ export declare class Field {
  * @param val - raw value to parse.
  * @param type - data type of the field to use for possible conversion.
  * @param defaultValue - typed value to return if `val` undefined or null.
- * @param disableXssProtection - true to disable XSS (cross-site scripting) protection.
- *      @see {@link FieldConfig} docs for additional details.
+ * @param enableXssProtection - true to enable XSS (cross-site scripting) protection.
+ *      See {@link FieldSpec.enableXssProtection} for additional details.
  * @returns resulting value, potentially parsed or cast as per type.
  */
-export declare function parseFieldValue(val: any, type: FieldType, defaultValue?: any, disableXssProtection?: boolean): any;
+export declare function parseFieldValue(val: any, type: FieldType, defaultValue?: any, enableXssProtection?: boolean): any;
 /** Data types for Fields used within Hoist Store Records and Cubes. */
 export declare const FieldType: Readonly<{
     TAGS: "tags";

package/build/types/data/Store.d.ts

@@ -12,7 +12,7 @@ export interface StoreConfig {
      * Default configs applied to `Field` instances constructed internally by this Store.
      * @see FieldSpec
      */
-    fieldDefaults?: any;
+    fieldDefaults?: Omit<FieldSpec, 'name'>;
     /**
      * Specification for producing an immutable unique id for each record. May be provided as
      * either a string property name (default is 'id') or a function that receives the raw data
@@ -401,6 +401,7 @@ export declare class Store extends HoistBase {
     private rebuildFiltered;
     private createRecord;
     private createRecords;
+    private get summaryRecordIds();
     private parseRaw;
     private parseUpdate;
     private createDataDefaults;

package/build/types/data/cube/Query.d.ts

@@ -81,7 +81,7 @@ export interface QueryConfig {
      *
      * This can be used to break selected aggregations into sub-groups dynamically, without having
      * to define another dimension in the Cube and have it apply to all aggregations. See the
-     * {@link BucketSpec} interface for additional information.
+     * {@link BucketSpecFn} type and {@link BucketSpec} interface for additional information.
      *
      * Defaults to {@link Cube.bucketSpecFn}.
      */

package/build/types/data/cube/ViewRowData.d.ts

@@ -7,6 +7,8 @@ export declare class ViewRowData {
     constructor(id: string);
     /** Unique id. */
     id: string;
+    /** Denotes a type for the row */
+    cubeRowType: 'leaf' | 'aggregate' | 'bucket';
     /**
      * Label of the row. The dimension value or, for leaf rows. the underlying cubeId.
      * Suitable for display, although apps will typically wish to customize leaf row rendering.

package/cmp/chart/impl/copyToClipboard.ts

@@ -24,14 +24,14 @@ export function installCopyToClipboard(Highcharts) {
             try {
                 const blobPromise = convertChartToPngAsync(this),
                     clipboardItemInput = new window.ClipboardItem({
-                        // Safari requires an unresolved promise. See https://bugs.webkit.org/show_bug.cgi?id=222262 for discussion
+                        // Safari requires an unresolved promise.  See https://bugs.webkit.org/show_bug.cgi?id=222262 for discussion
                         'image/png': Highcharts.isSafari ? blobPromise : await blobPromise
                     });
                 await window.navigator.clipboard.write([clipboardItemInput]);
                 XH.successToast('Chart copied to clipboard');
             } catch (e) {
                 XH.handleException(e, {showAlert: false, logOnServer: true});
-                XH.dangerToast('Error: Chart could not be copied. This error has been logged.');
+                XH.dangerToast('Error: Chart could not be copied.  This error has been logged.');
             }
         }
     });
@@ -41,8 +41,14 @@ export function installCopyToClipboard(Highcharts) {
 // Implementation
 //------------------
 async function convertChartToPngAsync(chart) {
-    // v12 replacement for getSVGForLocalExport
-    const svg = chart.getSVG(),
+    const svg = await new Promise((resolve, reject) =>
+            chart.getSVGForLocalExport(
+                chart.options.exporting,
+                {},
+                () => reject('Cannot fallback to export server'),
+                svg => resolve(svg)
+            )
+        ),
         svgUrl = svgToDataUrl(svg),
         pngDataUrl = await svgUrlToPngDataUrlAsync(svgUrl),
         ret = await loadBlob(pngDataUrl);
@@ -59,7 +65,7 @@ function memoryCleanup(svgUrl) {
 }
 
 /**
- * Convert dataUri to blob
+ * Convert dataUri converted to blob
  */
 async function loadBlob(dataUrl) {
     const fetched = await fetch(dataUrl);
@@ -78,7 +84,7 @@ function svgToDataUrl(svg) {
     try {
         // Safari requires data URI since it doesn't allow navigation to blob
         // URLs.
-        // foreignObjects don't work well in Blobs in Chrome (#14780).
+        // foreignObjects dont work well in Blobs in Chrome (#14780).
         if (!isWebKitButNotChrome && svg.indexOf('<foreignObject') === -1) {
             return domurl.createObjectURL(
                 new window.Blob([svg], {
@@ -88,12 +94,12 @@ function svgToDataUrl(svg) {
         }
     } catch (e) {}
 
-    // Safari, Firefox, or SVGs with foreignObject fallback
+    // safari, firefox, or svgs with foreignObect returns this
     return 'data:image/svg+xml;charset=UTF-8,' + encodeURIComponent(svg);
 }
 
 /**
- * Get PNG data:URL from image URL.
+ * Get PNG data:URL from image URL. Pass in callbacks to handle results.
  */
 async function svgUrlToPngDataUrlAsync(imageURL, scale = 1) {
     const img = new window.Image(),

package/cmp/treemap/TreeMap.ts

@@ -172,6 +172,8 @@ class TreeMapLocalModel extends HoistModel {
             this.prevConfig = cloneDeep(chartCfg);
             this.createChart(config);
         }
+
+        this.updateLabelVisibility();
     }
 
     createChart(config) {
@@ -193,25 +195,13 @@ class TreeMapLocalModel extends HoistModel {
 
         assign(config.chart, parentDims, {renderTo: chartElem});
         this.withDebug(['Creating new TreeMap', `${newData.length} records`], () => {
-            this.chart = Highcharts.chart(config, () => {
-                this.updateLabelVisibility();
-            });
+            this.chart = Highcharts.chart(config);
         });
     }
 
     @logWithDebug
     reloadSeriesData(newData) {
-        if (!this.chart) return;
-
-        this.chart.series[0].setData(newData, true, false);
-
-        // Use an event handler to trigger label updates
-        // This approach was required when `cluster` series option is enabled
-        const onRedraw = () => {
-            this.updateLabelVisibility();
-            Highcharts.removeEvent(this.chart, 'redraw', onRedraw);
-        };
-        Highcharts.addEvent(this.chart, 'redraw', onRedraw);
+        this.chart?.series[0].setData(newData, true, false);
     }
 
     startResize = ({width, height}) => {

package/cmp/treemap/TreeMapModel.ts

@@ -465,7 +465,7 @@ export class TreeMapModel extends HoistModel {
     //----------------------
     defaultOnClick = (record, e) => {
         const {gridModel} = this;
-        if (!gridModel || !record) return;
+        if (!gridModel) return;
 
         // Select nodes in grid
         const {selModel} = gridModel;
@@ -477,7 +477,7 @@ export class TreeMapModel extends HoistModel {
     };
 
     defaultOnDoubleClick = record => {
-        if (!this.gridModel?.treeMode || isEmpty(record?.children)) return;
+        if (!this.gridModel?.treeMode || isEmpty(record.children)) return;
         this.toggleNodeExpanded(record.treePath);
     };
 }

package/core/AppSpec.ts

@@ -71,12 +71,19 @@ export class AppSpec<T extends HoistAppModel = HoistAppModel> {
     disableWebSockets?: boolean;
 
     /**
-     * True to disable Field-level XSS protection by default across all Stores/Fields in the app.
-     * For use with secure, internal apps that do not display arbitrary/external user input and
-     * have tight performance tolerances and/or load very large record sets.
-     * @see FieldSpec.disableXssProtection
+     * True to enable Field-level XSS protection by default across all Stores/Fields in the app.
+     * Available as an extra precaution for use with apps that might display arbitrary input from
+     * untrusted or external users. This feature does exact a minor performance penalty during data
+     * parsing, which can be significant in aggregate for very large stores containing records with
+     * many `string` fields.
+     *
+     * Note: this flag and its default behavior was changed as of Hoist v77 to be `false`, i.e.
+     * Store-level XSS protection *disabled* by default, in keeping with Hoist's primary use-case:
+     * building secured internal apps with large datasets and tight performance tolerances.
+     *
+     * @see FieldSpec.enableXssProtection
      */
-    disableXssProtection?: boolean;
+    enableXssProtection?: boolean;
 
     /**
      * True to show a login form on initialization when not authenticated. Default is `false` as
@@ -144,7 +151,7 @@ export class AppSpec<T extends HoistAppModel = HoistAppModel> {
         componentClass,
         containerClass,
         disableWebSockets = false,
-        disableXssProtection = false,
+        enableXssProtection = false,
         enableLoginForm = false,
         enableLogout = false,
         idlePanel = null,
@@ -191,7 +198,7 @@ export class AppSpec<T extends HoistAppModel = HoistAppModel> {
         this.componentClass = componentClass;
         this.containerClass = containerClass;
         this.disableWebSockets = disableWebSockets;
-        this.disableXssProtection = disableXssProtection;
+        this.enableXssProtection = enableXssProtection;
         this.enableLoginForm = enableLoginForm;
         this.enableLogout = enableLogout;
         this.idlePanel = idlePanel;

package/data/Field.ts

@@ -36,15 +36,24 @@ export interface FieldSpec {
     rules?: RuleLike[];
 
     /**
-     * True to disable built-in XSS (cross-site scripting) protection, applied by default to all
-     * incoming String values using {@link https://github.com/cure53/DOMPurify | DOMPurify}.
+     * True to enable built-in XSS (cross-site scripting) protection to all incoming String values
+     * using {@link https://github.com/cure53/DOMPurify | DOMPurify}.
      *
      * DOMPurify provides fast escaping of dangerous HTML, scripting, and other content that can be
      * used to execute XSS attacks, while allowing common and expected HTML and style tags.
      *
-     * Please contact XH if you find yourself needing to disable this protection!
+     * This feature does exact a minor performance penalty during data parsing, which can be
+     * significant in aggregate for very large stores containing records with many `string` fields.
+     *
+     * For extra safety, apps which are open to potentially-untrusted users or display other
+     * potentially dangerous string content can opt into this setting app-wide via
+     * {@link AppSpec.enableXssProtection}. Field-level setting will override any app-level default.
+     *
+     * Note: this flag and its default behavior was changed as of Hoist v77 to be `false`, i.e.
+     * Store-level XSS protection *disabled* by default, in keeping with Hoist's primary use-case:
+     * building secured internal apps with large datasets and tight performance tolerances.
      */
-    disableXssProtection?: boolean;
+    enableXssProtection?: boolean;
 }
 
 /** Metadata for an individual data field within a {@link StoreRecord}. */
@@ -58,7 +67,7 @@ export class Field {
     readonly displayName: string;
     readonly defaultValue: any;
     readonly rules: Rule[];
-    readonly disableXssProtection: boolean;
+    readonly enableXssProtection: boolean;
 
     constructor({
         name,
@@ -66,19 +75,19 @@ export class Field {
         displayName,
         defaultValue = null,
         rules = [],
-        disableXssProtection = XH.appSpec.disableXssProtection
+        enableXssProtection = XH.appSpec.enableXssProtection
     }: FieldSpec) {
         this.name = name;
         this.type = type;
         this.displayName = withDefault(displayName, genDisplayName(name));
         this.defaultValue = defaultValue;
         this.rules = this.processRuleSpecs(rules);
-        this.disableXssProtection = disableXssProtection;
+        this.enableXssProtection = enableXssProtection;
     }
 
     parseVal(val: any): any {
-        const {type, defaultValue, disableXssProtection} = this;
-        return parseFieldValue(val, type, defaultValue, disableXssProtection);
+        const {type, defaultValue, enableXssProtection} = this;
+        return parseFieldValue(val, type, defaultValue, enableXssProtection);
     }
 
     isEqual(val1: any, val2: any): boolean {
@@ -102,35 +111,30 @@ export class Field {
  * @param val - raw value to parse.
  * @param type - data type of the field to use for possible conversion.
  * @param defaultValue - typed value to return if `val` undefined or null.
- * @param disableXssProtection - true to disable XSS (cross-site scripting) protection.
- *      @see {@link FieldConfig} docs for additional details.
+ * @param enableXssProtection - true to enable XSS (cross-site scripting) protection.
+ *      See {@link FieldSpec.enableXssProtection} for additional details.
  * @returns resulting value, potentially parsed or cast as per type.
  */
 export function parseFieldValue(
     val: any,
     type: FieldType,
     defaultValue: any = null,
-    disableXssProtection = XH.appSpec.disableXssProtection
+    enableXssProtection: boolean = XH.appSpec.enableXssProtection
 ): any {
     if (val === undefined || val === null) val = defaultValue;
     if (val === null) return val;
 
-    const sanitizeValue = v => {
-        if (disableXssProtection || !isString(v)) return v;
-        return DOMPurify.sanitize(v);
-    };
-
     switch (type) {
         case 'tags':
             val = castArray(val);
             val = val.map(v => {
-                v = sanitizeValue(v);
+                v = !enableXssProtection || !isString(v) ? v : DOMPurify.sanitize(v);
                 return v.toString();
             });
             return val;
         case 'auto':
         case 'json':
-            return sanitizeValue(val);
+            return !enableXssProtection || !isString(val) ? val : DOMPurify.sanitize(val);
         case 'int':
             val = toNumber(val);
             return isFinite(val) ? Math.trunc(val) : null;
@@ -140,7 +144,7 @@ export function parseFieldValue(
             return !!val;
         case 'pwd':
         case 'string':
-            val = sanitizeValue(val);
+            val = !enableXssProtection || !isString(val) ? val : DOMPurify.sanitize(val);
             return val.toString();
         case 'date':
             return isDate(val) ? val : new Date(val);

package/data/Store.ts

@@ -44,7 +44,7 @@ export interface StoreConfig {
      * Default configs applied to `Field` instances constructed internally by this Store.
      * @see FieldSpec
      */
-    fieldDefaults?: any;
+    fieldDefaults?: Omit<FieldSpec, 'name'>;
 
     /**
      * Specification for producing an immutable unique id for each record. May be provided as
@@ -978,17 +978,20 @@ export class Store extends HoistBase {
         this.summaryRecords = null;
     }
 
-    private parseFields(fields: any[], defaults: any): Field[] {
+    private parseFields(
+        fields: Array<string | FieldSpec | Field>,
+        defaults: Omit<FieldSpec, 'name'>
+    ): Field[] {
         const ret = fields.map(f => {
             if (f instanceof Field) return f;
 
-            if (isString(f)) f = {name: f};
+            let fieldSpec: FieldSpec = isString(f) ? {name: f} : f;
 
             if (!isEmpty(defaults)) {
-                f = defaultsDeep({}, f, defaults);
+                fieldSpec = defaultsDeep({}, fieldSpec, defaults);
             }
 
-            return new this.defaultFieldClass(f);
+            return new this.defaultFieldClass(fieldSpec);
         });
 
         throwIf(
@@ -1041,26 +1044,36 @@ export class Store extends HoistBase {
         return ret;
     }
 
-    private createRecords(rawData: PlainObject[], parent: StoreRecord, recordMap = new Map()) {
+    private createRecords(
+        rawData: PlainObject[],
+        parent: StoreRecord,
+        recordMap: Map<StoreRecordId, StoreRecord> = new Map(),
+        summaryRecordIds: Set<StoreRecordId> = this.summaryRecordIds
+    ) {
         const {loadTreeData, loadTreeDataFrom} = this;
+
         rawData.forEach(raw => {
             const rec = this.createRecord(raw, parent),
                 {id} = rec;
 
             throwIf(
-                recordMap.has(id) || this.summaryRecords?.some(it => it.id === id),
+                recordMap.has(id) || summaryRecordIds.has(id),
                 `ID ${id} is not unique. Use the 'Store.idSpec' config to resolve a unique ID for each record.`
             );
 
             recordMap.set(id, rec);
 
             if (loadTreeData && raw[loadTreeDataFrom]) {
-                this.createRecords(raw[loadTreeDataFrom], rec, recordMap);
+                this.createRecords(raw[loadTreeDataFrom], rec, recordMap, summaryRecordIds);
             }
         });
         return recordMap;
     }
 
+    private get summaryRecordIds(): Set<StoreRecordId> {
+        return new Set(this.summaryRecords?.map(it => it.id) ?? []);
+    }
+
     private parseRaw(data: PlainObject): PlainObject {
         // a) create/prepare the data object
         const ret = Object.create(this._dataDefaults);

package/data/cube/Query.ts

@@ -109,7 +109,7 @@ export interface QueryConfig {
      *
      * This can be used to break selected aggregations into sub-groups dynamically, without having
      * to define another dimension in the Cube and have it apply to all aggregations. See the
-     * {@link BucketSpec} interface for additional information.
+     * {@link BucketSpecFn} type and {@link BucketSpec} interface for additional information.
      *
      * Defaults to {@link Cube.bucketSpecFn}.
      */

package/data/cube/ViewRowData.ts

@@ -19,6 +19,9 @@ export class ViewRowData {
     /** Unique id. */
     id: string;
 
+    /** Denotes a type for the row */
+    cubeRowType: 'leaf' | 'aggregate' | 'bucket';
+
     /**
      * Label of the row. The dimension value or, for leaf rows. the underlying cubeId.
      * Suitable for display, although apps will typically wish to customize leaf row rendering.

package/data/cube/row/AggregateRow.ts

@@ -38,6 +38,7 @@ export class AggregateRow extends BaseRow {
 
         this.dim = dim;
         this.dimName = dimName;
+        this.data.cubeRowType = 'aggregate';
         this.data.cubeLabel = strVal;
         this.data.cubeDimension = dimName;