dzql 0.5.33 → 0.6.0

package/tests/namespace.test.ts

@@ -0,0 +1,395 @@
+/**
+ * Tests for TzqlNamespace - invokej integration
+ *
+ * These tests verify the namespace works correctly with the manifest
+ * and can execute CRUD operations against a real database.
+ */
+
+import { describe, test, expect, beforeAll, afterAll, beforeEach, spyOn } from "bun:test";
+import { V2TestDatabase } from "./integration/setup.js";
+import { generateCoreSQL, generateEntitySQL, generateSchemaSQL } from "../src/cli/codegen/sql.js";
+import { generateManifest } from "../src/cli/codegen/manifest.js";
+import { generateIR } from "../src/cli/compiler/ir.js";
+import { entities } from "../examples/blog.js";
+import { writeFileSync, mkdirSync, rmSync } from "fs";
+import { join } from "path";
+
+const blogDomain = { entities, subscribables: {} };
+
+describe("TzqlNamespace", () => {
+  let db: V2TestDatabase;
+  let sql: any;
+  let testManifestPath: string;
+  let originalEnv: string | undefined;
+  let consoleOutput: string[] = [];
+  let consoleErrorOutput: string[] = [];
+
+  beforeAll(async () => {
+    // Setup test database
+    db = new V2TestDatabase();
+    sql = await db.setup();
+
+    // Generate and apply SQL
+    const ir = generateIR(blogDomain);
+    const coreSQL = generateCoreSQL();
+    const postsSchema = generateSchemaSQL("posts", ir.entities.posts);
+    const commentsSchema = generateSchemaSQL("comments", ir.entities.comments);
+    const postsSQL = generateEntitySQL("posts", ir.entities.posts);
+    const commentsSQL = generateEntitySQL("comments", ir.entities.comments);
+
+    await db.applySQL(coreSQL);
+    await db.applySQL(postsSchema);
+    await db.applySQL(commentsSchema);
+    await db.applySQL(postsSQL);
+    await db.applySQL(commentsSQL);
+
+    // Create users table for auth functions
+    await db.applySQL(`
+      CREATE TABLE IF NOT EXISTS users (
+        id serial PRIMARY KEY,
+        email text UNIQUE NOT NULL,
+        password_hash text NOT NULL,
+        name text
+      )
+    `);
+
+    // Generate manifest and write to temp location
+    const manifest = generateManifest(ir);
+    testManifestPath = join(process.cwd(), "dist/runtime");
+    mkdirSync(testManifestPath, { recursive: true });
+    writeFileSync(
+      join(testManifestPath, "manifest.json"),
+      JSON.stringify(manifest, null, 2)
+    );
+
+    // Set DATABASE_URL to test database
+    originalEnv = process.env.DATABASE_URL;
+    const testDbUrl = db.baseUrl.replace(/\/[^/]*$/, `/${db.dbName}`);
+    process.env.DATABASE_URL = testDbUrl;
+  });
+
+  afterAll(async () => {
+    // Restore environment
+    if (originalEnv !== undefined) {
+      process.env.DATABASE_URL = originalEnv;
+    } else {
+      delete process.env.DATABASE_URL;
+    }
+
+    // Cleanup manifest
+    try {
+      rmSync(join(testManifestPath, "manifest.json"));
+    } catch {}
+
+    await db.teardown();
+  });
+
+  beforeEach(() => {
+    consoleOutput = [];
+    consoleErrorOutput = [];
+  });
+
+  // Helper to capture console output and prevent process.exit
+  function setupMocks() {
+    const logSpy = spyOn(console, "log").mockImplementation((...args) => {
+      consoleOutput.push(args.map(String).join(" "));
+    });
+
+    const errorSpy = spyOn(console, "error").mockImplementation((...args) => {
+      consoleErrorOutput.push(args.map(String).join(" "));
+    });
+
+    const exitSpy = spyOn(process, "exit").mockImplementation((() => {
+      // Don't actually exit - just throw to stop execution
+      throw new Error("EXIT");
+    }) as any);
+
+    return () => {
+      logSpy.mockRestore();
+      errorSpy.mockRestore();
+      exitSpy.mockRestore();
+    };
+  }
+
+  // Helper to parse JSON output - find the first valid JSON object
+  function parseOutput(): any {
+    for (const line of consoleOutput) {
+      try {
+        const parsed = JSON.parse(line);
+        if (parsed && typeof parsed === 'object' && 'success' in parsed) {
+          return parsed;
+        }
+      } catch {
+        continue;
+      }
+    }
+    return null;
+  }
+
+  function parseErrorOutput(): any {
+    if (consoleErrorOutput.length === 0) return null;
+    // Find JSON in error output
+    for (const line of consoleErrorOutput) {
+      try {
+        return JSON.parse(line);
+      } catch {
+        continue;
+      }
+    }
+    return null;
+  }
+
+  test("entities() lists available entities", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace();
+
+    const restore = setupMocks();
+
+    try {
+      await ns.entities();
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.entities).toBeDefined();
+    expect(result.entities.posts).toBeDefined();
+    expect(result.entities.comments).toBeDefined();
+  });
+
+  test("functions() lists available functions", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace();
+
+    const restore = setupMocks();
+
+    try {
+      await ns.functions();
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.functions).toBeDefined();
+    expect(result.functions.save_posts).toBeDefined();
+    expect(result.functions.get_posts).toBeDefined();
+    expect(result.functions.search_posts).toBeDefined();
+    expect(result.functions.delete_posts).toBeDefined();
+    expect(result.functions.login_user).toBeDefined();
+    expect(result.functions.register_user).toBeDefined();
+  });
+
+  test("save() creates a new entity", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1); // userId = 1
+
+    const restore = setupMocks();
+
+    try {
+      await ns.save(
+        null,
+        "posts",
+        JSON.stringify({ title: "Test Post", content: "Hello", author_id: 1 })
+      );
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.result).toBeDefined();
+    expect(result.result.id).toBeDefined();
+    expect(result.result.title).toBe("Test Post");
+  });
+
+  test("get() retrieves an entity by ID", async () => {
+    // First create a post directly in DB
+    const created = await sql`
+      INSERT INTO posts (title, content, author_id)
+      VALUES ('Get Test', 'Content', 1)
+      RETURNING id
+    `;
+    const postId = created[0].id;
+
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.get(null, "posts", JSON.stringify({ id: postId }));
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.result).toBeDefined();
+    expect(result.result.id).toBe(postId);
+    expect(result.result.title).toBe("Get Test");
+  });
+
+  test("search() finds entities", async () => {
+    // Create some posts
+    await sql`
+      INSERT INTO posts (title, content, author_id)
+      VALUES ('Search Post 1', 'Content', 1), ('Search Post 2', 'More', 1)
+    `;
+
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.search(null, "posts", JSON.stringify({ limit: 10 }));
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.result).toBeArray();
+    expect(result.result.length).toBeGreaterThan(0);
+  });
+
+  test("delete() removes an entity", async () => {
+    // Create a post to delete - author_id must match userId for permission
+    const created = await sql`
+      INSERT INTO posts (title, content, author_id)
+      VALUES ('To Delete', 'Content', 1)
+      RETURNING id
+    `;
+    const postId = created[0].id;
+
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1); // userId must match author_id
+
+    const restore = setupMocks();
+
+    try {
+      await ns.delete(null, "posts", JSON.stringify({ id: postId }));
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    const errorResult = parseErrorOutput();
+
+    if (!result && errorResult) {
+      console.log("Delete failed with:", errorResult);
+    }
+
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+
+    // Verify it's gone
+    const check = await sql`SELECT * FROM posts WHERE id = ${postId}`;
+    expect(check.length).toBe(0);
+  });
+
+  test("call() executes arbitrary manifest function", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.call(
+        null,
+        "save_posts",
+        JSON.stringify({ title: "Call Test", content: "Via call()", author_id: 1 })
+      );
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    const result = parseOutput();
+    const errorResult = parseErrorOutput();
+
+    if (!result && errorResult) {
+      console.log("Call failed with:", errorResult);
+    }
+
+    expect(result).not.toBeNull();
+    expect(result.success).toBe(true);
+    expect(result.result.title).toBe("Call Test");
+  });
+
+  test("call() with unknown function returns error", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.call(null, "nonexistent_function", "{}");
+    } catch (e: any) {
+      if (e.message !== "EXIT") {
+        throw e;
+      }
+    } finally {
+      restore();
+    }
+
+    const errorResult = parseErrorOutput();
+    expect(errorResult).not.toBeNull();
+    expect(errorResult.success).toBe(false);
+    expect(errorResult.error).toContain("not found in manifest");
+  });
+
+  test("search() without entity shows usage", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.search(null, undefined, "{}");
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    expect(consoleErrorOutput.some((msg) => msg.includes("entity name required"))).toBe(true);
+  });
+
+  test("save() with invalid JSON shows error", async () => {
+    const { TzqlNamespace } = await import("../src/runtime/namespace.js");
+    const ns = new TzqlNamespace(1);
+
+    const restore = setupMocks();
+
+    try {
+      await ns.save(null, "posts", "not valid json");
+    } catch (e: any) {
+      if (e.message !== "EXIT") throw e;
+    } finally {
+      restore();
+    }
+
+    expect(consoleErrorOutput.some((msg) => msg.includes("valid JSON"))).toBe(true);
+  });
+});

package/tests/permissions.test.ts

@@ -0,0 +1,55 @@
+import { describe, test, expect } from "bun:test";
+import { compilePermission } from "../src/cli/compiler/permissions.js";
+
+// Mock IR context for resolving relationships
+const mockContext = {
+  entities: {
+    posts: {
+      table: 'posts',
+      primaryKey: ['id'],
+      columns: [{name: 'id', type: 'int'}, {name: 'org_id', type: 'int'}]
+    },
+    organisations: {
+      table: 'organisations',
+      primaryKey: ['id'],
+      columns: [{name: 'id', type: 'int'}]
+    },
+    acts_for: {
+      table: 'acts_for',
+      primaryKey: ['user_id', 'org_id'],
+      columns: [{name: 'user_id', type: 'int'}, {name: 'org_id', type: 'int'}, {name: 'role', type: 'text'}]
+    }
+  }
+};
+
+describe("Permission Compiler", () => {
+  
+  test("should compile simple owner check", () => {
+    // Rule: @author_id == @user_id
+    // Context: posts table
+    const sql = compilePermission('posts', '@author_id', mockContext);
+    
+    // Should generate: (p_data->>'author_id')::int = p_user_id
+    expect(sql).toContain("(p_data->>'author_id')::int = p_user_id");
+  });
+
+  test("should compile graph traversal", () => {
+    // Rule: @org_id->acts_for[org_id=$].user_id
+    // Meaning: Join via org_id from p_data, check if user_id matches
+
+    const sql = compilePermission('posts', '@org_id->acts_for[org_id=$].user_id', mockContext);
+
+    expect(sql).toContain("EXISTS");
+    expect(sql).toContain("FROM acts_for");
+    expect(sql).toContain("acts_for.org_id = (p_data->>'org_id')::int"); // Join via jsonb param
+    expect(sql).toContain("acts_for.user_id = p_user_id");   // Match
+  });
+
+  test("should compile condition", () => {
+    // Rule: @org_id->acts_for[org_id=$]{role='admin'}.user_id
+    const sql = compilePermission('posts', "@org_id->acts_for[org_id=$]{role='admin'}.user_id", mockContext);
+    
+    expect(sql).toContain("acts_for.role='admin'");
+  });
+
+});

package/tests/pinia.test.ts

@@ -0,0 +1,48 @@
+import { describe, test, expect } from "bun:test";
+import { generatePiniaStore } from "../src/cli/codegen/pinia.js";
+import { generateManifest } from "../src/cli/codegen/manifest.js";
+import { generateIR } from "../src/cli/compiler/ir.js";
+
+// Use domain config format (with schema), not IR format
+const mockDomainConfig = {
+    entities: {
+        posts: {
+            schema: {
+                id: "serial primary key",
+                title: "text"
+            },
+            permissions: { create: [], view: [], update: [], delete: [] }
+        }
+    },
+    subscribables: {}
+};
+
+const mockManifest = generateManifest(generateIR(mockDomainConfig));
+
+describe("Pinia Store Generation", () => {
+  test("should generate a Pinia store with basic CRUD and table_changed", () => {
+    const piniaCode = generatePiniaStore(mockManifest, "posts");
+
+    // Check TypeScript imports
+    expect(piniaCode).toContain("import { defineStore } from 'pinia'");
+    expect(piniaCode).toContain("import { ref, type Ref } from 'vue'");
+    expect(piniaCode).toContain("import { ws } from '../../client.js';");
+
+    // Check type definitions
+    expect(piniaCode).toContain("export interface Posts {");
+    expect(piniaCode).toContain("export interface TableChangedPayload {");
+
+    // Check store definition
+    expect(piniaCode).toContain("export const usePostsStore = defineStore('posts-store', () => {");
+
+    // Check typed CRUD methods
+    expect(piniaCode).toContain("async function get(id: number): Promise<Posts | null>");
+    expect(piniaCode).toContain("async function save(data: Partial<Posts>): Promise<Posts>");
+    expect(piniaCode).toContain("async function remove(id: number): Promise<Posts>");
+    expect(piniaCode).toContain("async function search(query:");
+
+    // Check table_changed handler
+    expect(piniaCode).toContain("function table_changed(payload: TableChangedPayload): void");
+    expect(piniaCode).toContain("if (payload.table === 'posts')");
+  });
+});

package/tests/realtime.test.ts

@@ -0,0 +1,22 @@
+import { describe, test, expect } from "bun:test";
+import { generateAffectedKeysFunction } from "../src/cli/codegen/realtime.js";
+
+const mockSubscribable = {
+  name: "post_detail",
+  params: { post_id: "int" },
+  root: { entity: "posts", key: "post_id" },
+  scopeTables: ["posts", "comments"]
+};
+
+describe("Realtime Logic Generation", () => {
+  test("should generate affected keys function", () => {
+    const sql = generateAffectedKeysFunction("post_detail", mockSubscribable);
+    
+    expect(sql).toContain("CREATE OR REPLACE FUNCTION dzql_v2.post_detail_affected_keys");
+    expect(sql).toContain("RETURNS text[]");
+    
+    // Logic check: should return array of keys
+    expect(sql).toContain("WHEN 'posts' THEN");
+    expect(sql).toContain("RETURN ARRAY['post_detail:' || COALESCE(p_new->>'id', p_old->>'id')]"); 
+  });
+});

package/tests/runtime.test.ts

@@ -0,0 +1,80 @@
+import { describe, test, expect, beforeAll } from "bun:test";
+import { loadManifest } from "../src/runtime/manifest_loader.js";
+import { handleRequest } from "../src/runtime/server.js";
+import { ErrorCode } from "../src/runtime/errors.js";
+
+// Mock Manifest
+const mockManifest = {
+  version: "2.0.0",
+  functions: {
+    "save_posts": {
+      schema: "dzql_v2",
+      name: "save_posts",
+      args: ["p_user_id", "p_data"],
+      returnType: "jsonb"
+    }
+  },
+  entities: {},
+  subscribables: {}
+};
+
+// Mock DB
+const mockDB = {
+  query: async (text: string, params: any[]) => {
+    // Simulate Success
+    if (params[1].title === "Hello") {
+        return [{ result: { id: 1, ...params[1] } }];
+    }
+    // Simulate Permission Error
+    if (params[1].title === "Hacked") {
+        const e: any = new Error("permission_denied");
+        e.code = "P0001";
+        throw e;
+    }
+    // Simulate Unique Violation
+    if (params[1].title === "Duplicate") {
+        const e: any = new Error("duplicate key value");
+        e.code = "23505";
+        throw e;
+    }
+    return [];
+  }
+};
+
+describe("Runtime Security", () => {
+  beforeAll(() => {
+    loadManifest(mockManifest);
+  });
+
+  test("should execute allowlisted function", async () => {
+    const result = await handleRequest(mockDB, "save_posts", { title: "Hello" }, 1);
+    expect(result.id).toBe(1);
+  });
+
+  test("should reject unknown function (Injection Attempt)", async () => {
+    try {
+      await handleRequest(mockDB, "pg_sleep", {}, 1);
+      expect(true).toBe(false); 
+    } catch (e: any) {
+      expect(e.message).toContain("not found in manifest");
+    }
+  });
+
+  test("should return PERMISSION_DENIED", async () => {
+    try {
+      await handleRequest(mockDB, "save_posts", { title: "Hacked" }, 1);
+      expect(true).toBe(false); 
+    } catch (e: any) {
+      expect(e.code).toBe(ErrorCode.PERMISSION_DENIED);
+    }
+  });
+
+  test("should return CONFLICT", async () => {
+    try {
+      await handleRequest(mockDB, "save_posts", { title: "Duplicate" }, 1);
+      expect(true).toBe(false); 
+    } catch (e: any) {
+      expect(e.code).toBe(ErrorCode.CONFLICT);
+    }
+  });
+});

package/tests/subscribable_gen.test.ts

@@ -0,0 +1,72 @@
+import { describe, test, expect } from "bun:test";
+import { generateSubscribableStore } from "../src/cli/codegen/subscribable_store.js";
+import { generateSubscribableSQL } from "../src/cli/codegen/subscribable_sql.js";
+import { generateManifest } from "../src/cli/codegen/manifest.js";
+import { generateIR } from "../src/cli/compiler/ir.js";
+import { entities, subscribables } from "../examples/venues.js";
+
+const venuesDomain = { entities, subscribables };
+
+describe("Subscribable Store Generation", () => {
+  test("should generate venue_detail store with deep graph patching", () => {
+    const ir = generateIR(venuesDomain);
+    const manifest = generateManifest(ir);
+
+    // Generate the store for the 'venue_detail' subscribable
+    const code = generateSubscribableStore(manifest, "venue_detail");
+
+    console.log("--- GENERATED VENUE DETAIL STORE ---");
+    console.log(code);
+    console.log("------------------------------------");
+
+    expect(code).toContain("useVenueDetailStore");
+    // Check for TypeScript interface
+    expect(code).toContain("export interface VenueDetailParams");
+    // Check for nested table handling
+    expect(code).toContain("case 'sites':");
+    expect(code).toContain("case 'allocations':");
+    // Check for parent lookup logic with type annotation
+    expect(code).toContain("const parent = doc.sites?.find");
+  });
+
+  test("should generate async bind function that awaits first data", () => {
+    const ir = generateIR(venuesDomain);
+    const manifest = generateManifest(ir);
+
+    const code = generateSubscribableStore(manifest, "venue_detail");
+
+    // Check that bind is async with typed params
+    expect(code).toContain("async function bind(params: VenueDetailParams)");
+    // Check for Promise-based ready signal
+    expect(code).toContain("const ready = new Promise<void>");
+    expect(code).toContain("resolveReady()");
+    // Check that bind awaits ready
+    expect(code).toContain("await ready");
+    // Check that plain object with empty data is stored (preserves reactivity on merge)
+    expect(code).toContain("{ data: {}, loading: true, ready }");
+    // Check initial data is merged via Object.assign to preserve reactivity
+    expect(code).toContain("Object.assign(documents.value[key].data, eventData");
+    // Check existing subscription handling waits for ready
+    expect(code).toContain("await existing.ready");
+    // Check unbind function exists with typed params
+    expect(code).toContain("function unbind(params: VenueDetailParams)");
+  });
+
+  test("should generate flat SQL structure for nested includes", () => {
+    const ir = generateIR(venuesDomain);
+    const sub = ir.subscribables.venue_detail;
+
+    const sql = generateSubscribableSQL("venue_detail", sub, ir.entities);
+
+    console.log("--- GENERATED SQL ---");
+    console.log(sql);
+    console.log("---------------------");
+
+    // Check that nested includes use jsonb concatenation (||) for flat structure
+    // This merges entity fields with nested arrays into one flat object
+    // Uses to_jsonb() (not row_to_json) for type compatibility with || operator
+    expect(sql).toContain("to_jsonb(rel.*) || jsonb_build_object(");
+    // The allocations are nested inside the flat sites object
+    expect(sql).toContain("'allocations', COALESCE((");
+  });
+});