gencow 0.1.120 → 0.1.121

package/core/index.js

@@ -1928,7 +1928,7 @@ function ownerRls(userIdColumn, options) {
       "[ownerRls] userIdColumn must have a .name property. Ensure you pass a valid Drizzle column reference (e.g. t.userId)."
     );
   }
-  const isOwner = sql`${userIdColumn} = current_setting('app.current_user_id')`;
+  const isOwner = sql`${userIdColumn} = current_setting('app.current_user_id', true)`;
   const meta = {
     columnName: colName,
     readPublic: options?.read === "public"
@@ -1966,6 +1966,10 @@ function createRlsDb(db, userId) {
 // ../core/src/crud.ts
 import { eq, ne, gt, gte, lt, lte, desc, asc, like, ilike, inArray, notInArray, or, and, count as drizzleCount, getTableName, getTableColumns } from "drizzle-orm";
 import { getTableConfig } from "drizzle-orm/pg-core";
+var _ownerRlsTables = [];
+function getOwnerRlsTables() {
+  return _ownerRlsTables;
+}
 function detectIdType(column) {
   const colType = column.dataType;
   if (colType === "string") return v.string();
@@ -2001,6 +2005,10 @@ function detectOwnerMeta(table) {
         registerOwnerRls(table, { columnName: colName, readPublic: false });
         return { column: userIdCol, columnName: colName, propertyName: propName, readPublic: false };
       }
+      const tblName = getTableName(table);
+      console.warn(
+        `[crud] \u26A0\uFE0F Table "${tblName}" has ${config.policies.length} pgPolicy but no userId/user_id column found. ownerRls auto-isolation will NOT be applied. If you used ownerRls(), ensure the column is named 'userId' (JS) / 'user_id' (DB).`
+      );
     }
   } catch {
   }
@@ -2088,6 +2096,13 @@ function crud(table, options) {
   const defaultOrderCol = createdAtCol || pk;
   const userIdCol = anyTable["userId"];
   const ownerMeta = detectOwnerMeta(table);
+  if (ownerMeta && !_ownerRlsTables.some((t) => t.tableName === tableName)) {
+    _ownerRlsTables.push({
+      tableName,
+      columnName: ownerMeta.columnName,
+      readPublic: ownerMeta.readPublic
+    });
+  }
   if (ownerMeta && isPublic && !ownerMeta.readPublic) {
     console.warn(
       `[crud] \u26A0\uFE0F Table "${tableName}": ownerRls detected but public=true. CUD operations will still enforce ownerRls (auth required). Consider removing { public: true } or using ownerRls(col, { read: "public" }).`
@@ -2116,15 +2131,23 @@ function crud(table, options) {
     }
     return conditions.length > 0 ? and(...conditions) : void 0;
   }
+  async function inRlsOrPlainTx(db, fn) {
+    if (typeof db?.transaction === "function") {
+      return await db.transaction(fn);
+    }
+    return await fn(db);
+  }
   async function fetchListWithTotal(db, whereClause, userId) {
     let effectiveWhere = whereClause;
     if (ownerMeta && userId && !ownerMeta.readPublic) {
       const ownerFilter = eq(ownerMeta.column, userId);
       effectiveWhere = effectiveWhere ? and(effectiveWhere, ownerFilter) : ownerFilter;
     }
-    const data = await db.select().from(anyTable).where(effectiveWhere).orderBy(desc(defaultOrderCol));
-    const countResult = await db.select({ count: drizzleCount() }).from(anyTable).where(effectiveWhere);
-    return { data, total: Number(countResult[0]?.count ?? 0) };
+    return await inRlsOrPlainTx(db, async (tx) => {
+      const data = await tx.select().from(anyTable).where(effectiveWhere).orderBy(desc(defaultOrderCol));
+      const countResult = await tx.select({ count: drizzleCount() }).from(anyTable).where(effectiveWhere);
+      return { data, total: Number(countResult[0]?.count ?? 0) };
+    });
   }
   const enabledMethods = new Set(options?.methods ?? ["list", "get", "create", "update", "remove"]);
   const listDef = !enabledMethods.has("list") ? void 0 : query(`${prefix}.list`, {
@@ -2155,12 +2178,14 @@ function crud(table, options) {
       } else {
         orderByClause = desc(defaultOrderCol);
       }
-      const results = await ctx.db.select().from(anyTable).where(whereClause).orderBy(orderByClause).limit(limit).offset(offset);
-      const countResult = await ctx.db.select({ count: drizzleCount() }).from(anyTable).where(whereClause);
-      return {
-        data: results,
-        total: Number(countResult[0]?.count ?? 0)
-      };
+      return await inRlsOrPlainTx(ctx.db, async (tx) => {
+        const results = await tx.select().from(anyTable).where(whereClause).orderBy(orderByClause).limit(limit).offset(offset);
+        const countResult = await tx.select({ count: drizzleCount() }).from(anyTable).where(whereClause);
+        return {
+          data: results,
+          total: Number(countResult[0]?.count ?? 0)
+        };
+      });
     }
   });
   const getDef = !enabledMethods.has("get") ? void 0 : query(`${prefix}.get`, {
@@ -2177,8 +2202,10 @@ function crud(table, options) {
         const sdField = anyTable[options.softDelete.field];
         whereCond = and(whereCond, eq(sdField, null));
       }
-      const [result] = await ctx.db.select().from(anyTable).where(whereCond).limit(1);
-      return result ?? null;
+      return await inRlsOrPlainTx(ctx.db, async (tx) => {
+        const [result] = await tx.select().from(anyTable).where(whereCond).limit(1);
+        return result ?? null;
+      });
     }
   });
   const createDef = !enabledMethods.has("create") ? void 0 : mutation(`${prefix}.create`, {
@@ -2186,6 +2213,12 @@ function crud(table, options) {
     handler: async (ctx, args) => {
       const user = ownerMeta || !isPublic ? ctx.auth.requireAuth() : null;
       let insertData = { ...args };
+      if (ownerMeta && user) {
+        const requestedOwner = insertData[ownerMeta.propertyName] ?? insertData[ownerMeta.columnName] ?? insertData.userId;
+        if (requestedOwner != null && requestedOwner !== user.id) {
+          throw new Error("Forbidden: cannot create resource for another user");
+        }
+      }
       if (ownerMeta && user) {
         insertData[ownerMeta.propertyName] = user.id;
       } else if (userIdCol && user && !insertData.userId) {
@@ -2194,7 +2227,10 @@ function crud(table, options) {
       if (options?.hooks?.beforeCreate) {
         insertData = await options.hooks.beforeCreate(insertData);
       }
-      const [result] = await ctx.db.insert(anyTable).values(insertData).returning();
+      const [result] = await inRlsOrPlainTx(
+        ctx.db,
+        async (tx) => tx.insert(anyTable).values(insertData).returning()
+      );
       if (useRealtime && enabledMethods.has("list")) {
         const currentUserId = user?.id;
         const listResult = await fetchListWithTotal(ctx.db, void 0, currentUserId);
@@ -2223,7 +2259,10 @@ function crud(table, options) {
       if (options?.hooks?.beforeUpdate) {
         updateData = await options.hooks.beforeUpdate(updateData);
       }
-      const [result] = await ctx.db.update(anyTable).set(updateData).where(updateWhere).returning();
+      const [result] = await inRlsOrPlainTx(
+        ctx.db,
+        async (tx) => tx.update(anyTable).set(updateData).where(updateWhere).returning()
+      );
       if (useRealtime) {
         const currentUserId = ownerMeta ? user?.id : void 0;
         if (enabledMethods.has("list")) {
@@ -2245,12 +2284,14 @@ function crud(table, options) {
       if (ownerMeta && user) {
         deleteWhere = and(eq(pk, args.id), eq(ownerMeta.column, user.id));
       }
-      if (options?.softDelete) {
-        const sdField = options.softDelete.field;
-        await ctx.db.update(anyTable).set({ [sdField]: /* @__PURE__ */ new Date() }).where(deleteWhere);
-      } else {
-        await ctx.db.delete(anyTable).where(deleteWhere);
-      }
+      await inRlsOrPlainTx(ctx.db, async (tx) => {
+        if (options?.softDelete) {
+          const sdField = options.softDelete.field;
+          await tx.update(anyTable).set({ [sdField]: /* @__PURE__ */ new Date() }).where(deleteWhere);
+        } else {
+          await tx.delete(anyTable).where(deleteWhere);
+        }
+      });
       if (useRealtime && enabledMethods.has("list")) {
         const currentUserId = ownerMeta ? user?.id : void 0;
         const listResult = await fetchListWithTotal(ctx.db, void 0, currentUserId);
@@ -2279,6 +2320,7 @@ export {
   deregisterClient,
   crud as gencowCrud,
   getOwnerRlsMeta,
+  getOwnerRlsTables,
   getQueryDef,
   getQueryHandler,
   getRegisteredHttpActions,

package/package.json

@@ -1,33 +1,32 @@
 {
-    "name": "gencow",
-    "version": "0.1.120",
-    "description": "Gencow — AI Backend Engine",
-    "type": "module",
-    "bin": {
-        "gencow": "./bin/gencow.mjs"
-    },
-    "files": [
-        "bin/",
-        "lib/",
-        "templates/",
-        "server/",
-        "core/",
-        "scripts/",
-        "dashboard/"
-    ],
-    "scripts": {
-        "build": "node scripts/bundle-server.mjs",
-        "prepublishOnly": "npm run build && node scripts/pre-publish-check.mjs"
-    },
-    "dependencies": {
-        "@modelcontextprotocol/sdk": "^1.27.1",
-        "open": "^10.1.0",
-        "tar": "^7",
-        "ws": "^8.19.0",
-        "zod": "^4.3.6"
-    },
-    "devDependencies": {
-        "@types/node": "^25",
-        "esbuild": "^0.27.3"
-    }
-}
+  "name": "gencow",
+  "version": "0.1.121",
+  "description": "Gencow — AI Backend Engine",
+  "type": "module",
+  "bin": {
+    "gencow": "./bin/gencow.mjs"
+  },
+  "files": [
+    "bin/",
+    "lib/",
+    "templates/",
+    "server/",
+    "core/",
+    "scripts/",
+    "dashboard/"
+  ],
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.27.1",
+    "open": "^10.1.0",
+    "tar": "^7",
+    "ws": "^8.19.0",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "^25",
+    "esbuild": "^0.27.3"
+  },
+  "scripts": {
+    "build": "node scripts/bundle-server.mjs"
+  }
+}

package/server/index.js

@@ -1968,7 +1968,7 @@ function ownerRls(userIdColumn, options) {
       "[ownerRls] userIdColumn must have a .name property. Ensure you pass a valid Drizzle column reference (e.g. t.userId)."
     );
   }
-  const isOwner = sql`${userIdColumn} = current_setting('app.current_user_id')`;
+  const isOwner = sql`${userIdColumn} = current_setting('app.current_user_id', true)`;
   const meta3 = {
     columnName: colName,
     readPublic: options?.read === "public"
@@ -2018,6 +2018,9 @@ var init_rls_db = __esm({
 // ../core/src/crud.ts
 import { eq, ne, gt, gte, lt, lte, desc, asc, like, ilike, inArray, notInArray, or, and, count as drizzleCount, getTableName, getTableColumns } from "drizzle-orm";
 import { getTableConfig } from "drizzle-orm/pg-core";
+function getOwnerRlsTables() {
+  return _ownerRlsTables;
+}
 function detectIdType(column) {
   const colType = column.dataType;
   if (colType === "string") return v.string();
@@ -2053,6 +2056,10 @@ function detectOwnerMeta(table) {
         registerOwnerRls(table, { columnName: colName, readPublic: false });
         return { column: userIdCol, columnName: colName, propertyName: propName, readPublic: false };
       }
+      const tblName = getTableName(table);
+      console.warn(
+        `[crud] \u26A0\uFE0F Table "${tblName}" has ${config2.policies.length} pgPolicy but no userId/user_id column found. ownerRls auto-isolation will NOT be applied. If you used ownerRls(), ensure the column is named 'userId' (JS) / 'user_id' (DB).`
+      );
     }
   } catch {
   }
@@ -2138,6 +2145,13 @@ function crud(table, options) {
   const defaultOrderCol = createdAtCol || pk;
   const userIdCol = anyTable["userId"];
   const ownerMeta = detectOwnerMeta(table);
+  if (ownerMeta && !_ownerRlsTables.some((t) => t.tableName === tableName)) {
+    _ownerRlsTables.push({
+      tableName,
+      columnName: ownerMeta.columnName,
+      readPublic: ownerMeta.readPublic
+    });
+  }
   if (ownerMeta && isPublic && !ownerMeta.readPublic) {
     console.warn(
       `[crud] \u26A0\uFE0F Table "${tableName}": ownerRls detected but public=true. CUD operations will still enforce ownerRls (auth required). Consider removing { public: true } or using ownerRls(col, { read: "public" }).`
@@ -2166,15 +2180,23 @@ function crud(table, options) {
     }
     return conditions.length > 0 ? and(...conditions) : void 0;
   }
+  async function inRlsOrPlainTx(db, fn) {
+    if (typeof db?.transaction === "function") {
+      return await db.transaction(fn);
+    }
+    return await fn(db);
+  }
   async function fetchListWithTotal(db, whereClause, userId) {
     let effectiveWhere = whereClause;
     if (ownerMeta && userId && !ownerMeta.readPublic) {
       const ownerFilter = eq(ownerMeta.column, userId);
       effectiveWhere = effectiveWhere ? and(effectiveWhere, ownerFilter) : ownerFilter;
     }
-    const data = await db.select().from(anyTable).where(effectiveWhere).orderBy(desc(defaultOrderCol));
-    const countResult = await db.select({ count: drizzleCount() }).from(anyTable).where(effectiveWhere);
-    return { data, total: Number(countResult[0]?.count ?? 0) };
+    return await inRlsOrPlainTx(db, async (tx) => {
+      const data = await tx.select().from(anyTable).where(effectiveWhere).orderBy(desc(defaultOrderCol));
+      const countResult = await tx.select({ count: drizzleCount() }).from(anyTable).where(effectiveWhere);
+      return { data, total: Number(countResult[0]?.count ?? 0) };
+    });
   }
   const enabledMethods = new Set(options?.methods ?? ["list", "get", "create", "update", "remove"]);
   const listDef = !enabledMethods.has("list") ? void 0 : query(`${prefix}.list`, {
@@ -2205,12 +2227,14 @@ function crud(table, options) {
       } else {
         orderByClause = desc(defaultOrderCol);
       }
-      const results = await ctx.db.select().from(anyTable).where(whereClause).orderBy(orderByClause).limit(limit).offset(offset);
-      const countResult = await ctx.db.select({ count: drizzleCount() }).from(anyTable).where(whereClause);
-      return {
-        data: results,
-        total: Number(countResult[0]?.count ?? 0)
-      };
+      return await inRlsOrPlainTx(ctx.db, async (tx) => {
+        const results = await tx.select().from(anyTable).where(whereClause).orderBy(orderByClause).limit(limit).offset(offset);
+        const countResult = await tx.select({ count: drizzleCount() }).from(anyTable).where(whereClause);
+        return {
+          data: results,
+          total: Number(countResult[0]?.count ?? 0)
+        };
+      });
     }
   });
   const getDef = !enabledMethods.has("get") ? void 0 : query(`${prefix}.get`, {
@@ -2227,8 +2251,10 @@ function crud(table, options) {
         const sdField = anyTable[options.softDelete.field];
         whereCond = and(whereCond, eq(sdField, null));
       }
-      const [result] = await ctx.db.select().from(anyTable).where(whereCond).limit(1);
-      return result ?? null;
+      return await inRlsOrPlainTx(ctx.db, async (tx) => {
+        const [result] = await tx.select().from(anyTable).where(whereCond).limit(1);
+        return result ?? null;
+      });
     }
   });
   const createDef = !enabledMethods.has("create") ? void 0 : mutation(`${prefix}.create`, {
@@ -2236,6 +2262,12 @@ function crud(table, options) {
     handler: async (ctx, args) => {
       const user2 = ownerMeta || !isPublic ? ctx.auth.requireAuth() : null;
       let insertData = { ...args };
+      if (ownerMeta && user2) {
+        const requestedOwner = insertData[ownerMeta.propertyName] ?? insertData[ownerMeta.columnName] ?? insertData.userId;
+        if (requestedOwner != null && requestedOwner !== user2.id) {
+          throw new Error("Forbidden: cannot create resource for another user");
+        }
+      }
       if (ownerMeta && user2) {
         insertData[ownerMeta.propertyName] = user2.id;
       } else if (userIdCol && user2 && !insertData.userId) {
@@ -2244,7 +2276,10 @@ function crud(table, options) {
       if (options?.hooks?.beforeCreate) {
         insertData = await options.hooks.beforeCreate(insertData);
       }
-      const [result] = await ctx.db.insert(anyTable).values(insertData).returning();
+      const [result] = await inRlsOrPlainTx(
+        ctx.db,
+        async (tx) => tx.insert(anyTable).values(insertData).returning()
+      );
       if (useRealtime && enabledMethods.has("list")) {
         const currentUserId = user2?.id;
         const listResult = await fetchListWithTotal(ctx.db, void 0, currentUserId);
@@ -2273,7 +2308,10 @@ function crud(table, options) {
       if (options?.hooks?.beforeUpdate) {
         updateData = await options.hooks.beforeUpdate(updateData);
       }
-      const [result] = await ctx.db.update(anyTable).set(updateData).where(updateWhere).returning();
+      const [result] = await inRlsOrPlainTx(
+        ctx.db,
+        async (tx) => tx.update(anyTable).set(updateData).where(updateWhere).returning()
+      );
       if (useRealtime) {
         const currentUserId = ownerMeta ? user2?.id : void 0;
         if (enabledMethods.has("list")) {
@@ -2295,12 +2333,14 @@ function crud(table, options) {
       if (ownerMeta && user2) {
         deleteWhere = and(eq(pk, args.id), eq(ownerMeta.column, user2.id));
       }
-      if (options?.softDelete) {
-        const sdField = options.softDelete.field;
-        await ctx.db.update(anyTable).set({ [sdField]: /* @__PURE__ */ new Date() }).where(deleteWhere);
-      } else {
-        await ctx.db.delete(anyTable).where(deleteWhere);
-      }
+      await inRlsOrPlainTx(ctx.db, async (tx) => {
+        if (options?.softDelete) {
+          const sdField = options.softDelete.field;
+          await tx.update(anyTable).set({ [sdField]: /* @__PURE__ */ new Date() }).where(deleteWhere);
+        } else {
+          await tx.delete(anyTable).where(deleteWhere);
+        }
+      });
       if (useRealtime && enabledMethods.has("list")) {
         const currentUserId = ownerMeta ? user2?.id : void 0;
         const listResult = await fetchListWithTotal(ctx.db, void 0, currentUserId);
@@ -2317,13 +2357,14 @@ function crud(table, options) {
     remove: removeDef
   };
 }
-var MAX_FILTER_DEPTH, FILTER_OPS;
+var _ownerRlsTables, MAX_FILTER_DEPTH, FILTER_OPS;
 var init_crud = __esm({
   "../core/src/crud.ts"() {
     "use strict";
     init_reactive();
     init_v();
     init_rls();
+    _ownerRlsTables = [];
     MAX_FILTER_DEPTH = 5;
     FILTER_OPS = ["eq", "ne", "gt", "gte", "lt", "lte", "in", "nin", "like", "ilike"];
   }
@@ -2343,6 +2384,7 @@ __export(src_exports, {
   deregisterClient: () => deregisterClient,
   gencowCrud: () => crud,
   getOwnerRlsMeta: () => getOwnerRlsMeta,
+  getOwnerRlsTables: () => getOwnerRlsTables,
   getQueryDef: () => getQueryDef,
   getQueryHandler: () => getQueryHandler,
   getRegisteredHttpActions: () => getRegisteredHttpActions,
@@ -61278,9 +61320,7 @@ var ALLOWED_NODE_MODULES = /* @__PURE__ */ new Set([
   "node:timers",
   "node:timers/promises",
   "node:zlib",
-  // 서드파티 패키지 호환을 위해 허용 (nsjail이 보안 담당)
-  "node:fs",
-  "node:fs/promises",
+  // 서드파티 패키지 호환을 위해 허용 (cowbox Landlock TCP가 보안 담당)
   "node:http",
   "node:https",
   "node:http2",
@@ -61300,8 +61340,6 @@ var ALLOWED_NODE_MODULES = /* @__PURE__ */ new Set([
   "string_decoder",
   "timers",
   "zlib",
-  "fs",
-  "fs/promises",
   "http",
   "https",
   "http2",
@@ -62531,7 +62569,13 @@ async function main() {
       printFrontendAntiPatternReport(frontendResult);
     }
     _t("pre-import");
-    appModule = await import(functionsPath);
+    let importPath = functionsPath;
+    if (existsSync4(resolve6(functionsPath, "index.js"))) {
+      importPath = resolve6(functionsPath, "index.js");
+    } else if (existsSync4(resolve6(functionsPath, "index.ts"))) {
+      importPath = resolve6(functionsPath, "index.ts");
+    }
+    appModule = await import(importPath);
     _t("post-import");
     const regQ = getRegisteredQueries().length;
     const regM = getRegisteredMutations().length;
@@ -63959,6 +64003,17 @@ async function main() {
     console.log(`[gencow]   \u2192 \u{1F4C4} gencow/SECURITY.md \uCC38\uACE0`);
   }
   console.log(`[gencow] \u{1F512} Secure by Default: ${protectedQueryCount} queries + ${protectedMutationCount} mutations require auth`);
+  const rlsTables = getOwnerRlsTables();
+  if (rlsTables.length > 0) {
+    console.log(``);
+    console.log(`[gencow] \u{1F6E1}\uFE0F  ownerRls \u2014 2-Layer Data Isolation:`);
+    for (const t of rlsTables) {
+      const mode = t.readPublic ? "read: public, CUD: owner" : "full owner isolation";
+      console.log(`[gencow]   \u2713 ${t.tableName} (${t.columnName}) \u2014 ${mode}`);
+    }
+    console.log(`[gencow]   Layer 1: crud() auto-filters all queries by userId`);
+    console.log(`[gencow]   Layer 2: PostgreSQL RLS policies (set_config in transactions)`);
+  }
   const _aiKey = process.env.OPENAI_API_KEY;
   if (_aiKey && (_aiKey.length < 20 || /^sk-\.{2,}$/.test(_aiKey) || _aiKey.includes("your-key") || _aiKey.includes("YOUR_KEY"))) {
     console.warn(`[gencow] \u26A0\uFE0F  OPENAI_API_KEY\uAC00 \uD50C\uB808\uC774\uC2A4\uD640\uB354\uC785\uB2C8\uB2E4.`);