odac 1.4.8 → 1.4.9

package/src/Database/Migration.js

@@ -148,7 +148,8 @@ class Migration {
       } else {
         const currentColumns = await this._introspectColumns(knex, tableName)
         const currentIndexes = await this._introspectIndexes(knex, tableName)
-        const diff = this._computeDiff(desired, currentColumns, currentIndexes)
+        const currentForeignKeys = await this._introspectForeignKeys(knex, tableName)
+        const diff = this._computeDiff(desired, currentColumns, currentIndexes, currentForeignKeys)
 
         if (diff.length > 0) {
           operations.push(...diff.map(d => ({...d, table: tableName})))
@@ -379,6 +380,91 @@ class Migration {
     return result
   }
 
+  // ---------------------------------------------------------------------------
+  // FOREIGN KEY INTROSPECTION
+  // ---------------------------------------------------------------------------
+
+  /**
+   * Introspects existing foreign key constraints for a given table.
+   * Why: The diff engine needs current FK state to detect when a schema adds, changes,
+   * or removes a `references` / `onDelete` / `onUpdate` definition on an existing column.
+   * @param {object} knex - Knex instance
+   * @param {string} tableName - Table to introspect
+   * @returns {Promise<Object>} Map of columnName -> {table, column, onDelete, onUpdate}
+   */
+  async _introspectForeignKeys(knex, tableName) {
+    const client = knex.client.config.client
+    const fks = {}
+
+    if (client === 'pg') {
+      const result = await knex.raw(
+        `SELECT
+           kcu.column_name,
+           ccu.table_name  AS foreign_table,
+           ccu.column_name AS foreign_column,
+           rc.delete_rule,
+           rc.update_rule,
+           tc.constraint_name
+         FROM information_schema.table_constraints tc
+         JOIN information_schema.key_column_usage kcu
+           ON tc.constraint_name = kcu.constraint_name AND tc.table_schema = kcu.table_schema
+         JOIN information_schema.constraint_column_usage ccu
+           ON tc.constraint_name = ccu.constraint_name AND tc.table_schema = ccu.table_schema
+         JOIN information_schema.referential_constraints rc
+           ON tc.constraint_name = rc.constraint_name AND tc.table_schema = rc.constraint_schema
+         WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = ?`,
+        [tableName]
+      )
+      for (const row of result.rows) {
+        fks[row.column_name] = {
+          table: row.foreign_table,
+          column: row.foreign_column,
+          onDelete: (row.delete_rule || 'NO ACTION').toUpperCase(),
+          onUpdate: (row.update_rule || 'NO ACTION').toUpperCase(),
+          constraintName: row.constraint_name
+        }
+      }
+    } else if (client === 'mysql2' || client === 'mysql') {
+      const [rows] = await knex.raw(
+        `SELECT
+           kcu.COLUMN_NAME          AS column_name,
+           kcu.REFERENCED_TABLE_NAME AS foreign_table,
+           kcu.REFERENCED_COLUMN_NAME AS foreign_column,
+           rc.DELETE_RULE            AS delete_rule,
+           rc.UPDATE_RULE            AS update_rule,
+           kcu.CONSTRAINT_NAME       AS constraint_name
+         FROM information_schema.KEY_COLUMN_USAGE kcu
+         JOIN information_schema.REFERENTIAL_CONSTRAINTS rc
+           ON kcu.CONSTRAINT_NAME = rc.CONSTRAINT_NAME AND kcu.TABLE_SCHEMA = rc.CONSTRAINT_SCHEMA
+         WHERE kcu.TABLE_SCHEMA = DATABASE() AND kcu.TABLE_NAME = ? AND kcu.REFERENCED_TABLE_NAME IS NOT NULL`,
+        [tableName]
+      )
+      for (const row of rows) {
+        fks[row.column_name] = {
+          table: row.foreign_table,
+          column: row.foreign_column,
+          onDelete: (row.delete_rule || 'NO ACTION').toUpperCase(),
+          onUpdate: (row.update_rule || 'NO ACTION').toUpperCase(),
+          constraintName: row.constraint_name
+        }
+      }
+    } else if (client === 'sqlite3') {
+      const result = await knex.raw(`PRAGMA foreign_key_list('${tableName}')`)
+      const rows = Array.isArray(result) ? result : []
+      for (const row of rows) {
+        fks[row.from] = {
+          table: row.table,
+          column: row.to,
+          onDelete: (row.on_delete || 'NO ACTION').toUpperCase(),
+          onUpdate: (row.on_update || 'NO ACTION').toUpperCase(),
+          constraintName: null
+        }
+      }
+    }
+
+    return fks
+  }
+
   // ---------------------------------------------------------------------------
   // DIFF ENGINE — Compute desired vs current delta
   // ---------------------------------------------------------------------------
@@ -391,7 +477,7 @@ class Migration {
    * @param {Array} currentIndexes - Introspected index list
    * @returns {Array} Ordered list of diff operations
    */
-  _computeDiff(desired, currentColumns, currentIndexes) {
+  _computeDiff(desired, currentColumns, currentIndexes, currentForeignKeys = {}) {
     const ops = []
     const desiredColumns = desired.columns || {}
     const desiredIndexes = desired.indexes || []
@@ -442,6 +528,34 @@ class Migration {
       }
     }
 
+    // --- Foreign key synchronization ---
+    for (const [colName, colDef] of Object.entries(desiredColumns)) {
+      if (colDef.type === 'timestamps') continue
+      if (!currentColumns[colName]) continue // New column — _addColumn handles FK
+
+      const desiredRef = colDef.references || null
+      const currentFK = currentForeignKeys[colName] || null
+      const desiredOnDelete = (colDef.onDelete || 'NO ACTION').toUpperCase()
+      const desiredOnUpdate = (colDef.onUpdate || 'NO ACTION').toUpperCase()
+
+      if (desiredRef && !currentFK) {
+        // FK added to existing column
+        ops.push({type: 'add_foreign_key', column: colName, definition: colDef})
+      } else if (!desiredRef && currentFK) {
+        // FK removed from schema
+        ops.push({type: 'drop_foreign_key', column: colName, constraintName: currentFK.constraintName})
+      } else if (desiredRef && currentFK) {
+        // FK exists — check if target table/column or actions changed
+        const targetChanged = desiredRef.table !== currentFK.table || desiredRef.column !== currentFK.column
+        const actionChanged = desiredOnDelete !== currentFK.onDelete || desiredOnUpdate !== currentFK.onUpdate
+
+        if (targetChanged || actionChanged) {
+          ops.push({type: 'drop_foreign_key', column: colName, constraintName: currentFK.constraintName})
+          ops.push({type: 'add_foreign_key', column: colName, definition: colDef})
+        }
+      }
+    }
+
     // --- Index synchronization ---
     const desiredIndexSignatures = new Set(desiredIndexes.map(idx => this._indexSignature(idx)))
     const currentIndexSignatures = new Set(currentIndexes.map(idx => this._indexSignature(idx)))
@@ -481,9 +595,41 @@ class Migration {
     // drivers (SQLite) return maxLength as a string, e.g. '100' vs 100.
     if (desired.length && current.maxLength && Number(desired.length) !== Number(current.maxLength)) return true
 
+    // Default value mismatch — normalize both sides before comparing because
+    // drivers return defaults as strings (e.g. "'active'" in PG, "active" in SQLite).
+    const desiredDefault = desired.default !== undefined ? this._normalizeDefaultValue(desired.default) : null
+    const currentDefault =
+      current.defaultValue !== undefined && current.defaultValue !== null ? this._normalizeDefaultValue(current.defaultValue) : null
+
+    if (desiredDefault !== currentDefault) return true
+
     return false
   }
 
+  /**
+   * Normalizes a column default value to a canonical string for cross-driver comparison.
+   * Why: Each DB driver serializes defaults differently — PG wraps strings in single quotes
+   * and appends type casts (e.g. `'active'::character varying`), SQLite returns raw values,
+   * MySQL returns unquoted strings. Stripping quotes and casts gives a stable comparison key.
+   * @param {*} value - Raw default value from schema definition or DB introspection
+   * @returns {string} Normalized string representation
+   */
+  _normalizeDefaultValue(value) {
+    if (value === null || value === undefined) return 'null'
+
+    let str = String(value)
+
+    // Strip PG type cast suffix: 'foo'::character varying → 'foo'
+    str = str.replace(/::[\w\s]+$/, '')
+
+    // Strip surrounding single quotes added by PG/MySQL: 'foo' → foo
+    if (str.startsWith("'") && str.endsWith("'")) {
+      str = str.slice(1, -1)
+    }
+
+    return str.trim().toLowerCase()
+  }
+
   /**
    * Generates a deterministic signature for an index to enable set comparison.
    * @param {object} idx - Index definition {columns, unique}
@@ -538,6 +684,7 @@ class Migration {
   async _applyDiff(knex, tableName, diff) {
     const columnOps = diff.filter(op => op.type === 'add_column' || op.type === 'drop_column' || op.type === 'alter_column')
     const indexOps = diff.filter(op => op.type === 'add_index' || op.type === 'drop_index')
+    const fkOps = diff.filter(op => op.type === 'add_foreign_key' || op.type === 'drop_foreign_key')
 
     // Phase 1: Column operations — atomic batch
     if (columnOps.length > 0) {
@@ -558,7 +705,19 @@ class Migration {
       })
     }
 
-    // Phase 2: Index operations — each applied individually for idempotent safety
+    // Phase 2: Foreign key operations — drop before add to handle replacements
+    for (const op of fkOps) {
+      if (op.type === 'drop_foreign_key') {
+        await this._applyForeignKeyOp(knex, tableName, op)
+      }
+    }
+    for (const op of fkOps) {
+      if (op.type === 'add_foreign_key') {
+        await this._applyForeignKeyOp(knex, tableName, op)
+      }
+    }
+
+    // Phase 3: Index operations — each applied individually for idempotent safety
     for (const op of indexOps) {
       await this._applyIndexOp(knex, tableName, op)
     }
@@ -606,6 +765,63 @@ class Migration {
     }
   }
 
+  /**
+   * Applies a single foreign key add/drop operation with idempotent error handling.
+   * Why: Knex's col.alter() cannot manage FK constraints — they require table-level
+   * alterTable calls (add .foreign() / drop .dropForeign()) which are separate from column ops.
+   * @param {object} knex - Knex instance
+   * @param {string} tableName - Target table
+   * @param {object} op - FK operation {type, column, definition?, constraintName?}
+   */
+  async _applyForeignKeyOp(knex, tableName, op) {
+    try {
+      if (op.type === 'add_foreign_key') {
+        const ref = op.definition.references
+
+        // Clean orphan rows before adding constraint — existing data may reference
+        // rows that no longer exist in the parent table, which would cause PG error 23503.
+        // Nullable columns get SET NULL safely. Non-nullable columns are NOT deleted —
+        // instead the constraint is skipped with a warning to prevent silent data loss.
+        const orphanCondition = knex(tableName).whereNotIn(op.column, knex(ref.table).select(ref.column)).whereNotNull(op.column)
+
+        if (op.definition.nullable !== false) {
+          await orphanCondition.update({[op.column]: null})
+        } else {
+          const [{count: orphanCount}] = await orphanCondition.clone().count('* as count')
+
+          if (Number(orphanCount) > 0) {
+            console.error(
+              `\x1b[31m[ODAC Migration]\x1b[0m Skipping foreign key on "${tableName}.${op.column}" → ` +
+                `"${ref.table}.${ref.column}": ${orphanCount} orphan row(s) found. ` +
+                `Column is NOT NULL so rows cannot be nullified. ` +
+                `Clean the data manually and restart, or make the column nullable.`
+            )
+            return
+          }
+        }
+
+        await knex.schema.alterTable(tableName, table => {
+          const fk = table.foreign(op.column).references(ref.column).inTable(ref.table)
+          if (op.definition.onDelete) fk.onDelete(op.definition.onDelete)
+          if (op.definition.onUpdate) fk.onUpdate(op.definition.onUpdate)
+        })
+      } else if (op.type === 'drop_foreign_key') {
+        await knex.schema.alterTable(tableName, table => {
+          table.dropForeign(op.column)
+        })
+      }
+    } catch (e) {
+      const isDuplicate = e.message && (e.message.includes('already exists') || e.code === '42710')
+      const isNotFound = e.message && (e.message.includes('does not exist') || e.code === '42704')
+
+      if ((op.type === 'add_foreign_key' && isDuplicate) || (op.type === 'drop_foreign_key' && isNotFound)) {
+        return
+      }
+
+      throw e
+    }
+  }
+
   /**
    * Translates schema column definitions into Knex schema builder calls.
    * Supports all common column types with their modifiers.

package/src/Database/ReadCache.js

@@ -0,0 +1,174 @@
+'use strict'
+const nodeCrypto = require('node:crypto')
+
+/**
+ * Read-Through Cache for ODAC Database layer.
+ *
+ * Why: Frequently-read, rarely-changed data (blog posts, settings, categories)
+ * generates redundant DB queries across workers. This module caches SELECT results
+ * via the Ipc layer, providing O(1) reads after the first query.
+ *
+ * Architecture: Fully delegated to Odac.Ipc for state management (same as WriteBuffer).
+ * - Memory driver: Primary process holds cached data in Maps via cluster IPC.
+ * - Redis driver: All state lives in Redis — works across horizontal load balancers.
+ * - Both drivers: TTL-based expiration + automatic invalidation on write operations.
+ *
+ * Key namespaces in Ipc:
+ *   rc:{connection}:{table}:{queryHash}   — cached query result (Ipc.set/get with TTL)
+ *   rc:idx:{connection}:{table}           — set of active cache keys for bulk invalidation
+ *
+ * API (exposed via Database.js proxy):
+ *   Odac.DB.posts.cache(60).where({active: true}).select('id', 'title')  — TTL cache
+ *   Odac.DB.posts.cache().where({id: 5}).first()                         — default TTL
+ *   Odac.DB.posts.cache.clear()                                          — table invalidation
+ *   Odac.DB.posts.cache.clear({id: 5})                                   — targeted invalidation
+ *
+ * Automatic invalidation:
+ *   insert/update/delete on a table → all cached queries for that table are purged.
+ */
+
+const DEFAULT_CONFIG = {
+  ttl: 300,
+  maxKeys: 10000
+}
+
+class ReadCache {
+  constructor() {
+    this._config = {}
+  }
+
+  /**
+   * Why: Merges user config with sensible defaults. Called from Database.init().
+   * No timers or background processes — cache is purely reactive (read-through + TTL).
+   */
+  init() {
+    this._config = {...DEFAULT_CONFIG, ...Odac.Config.cache}
+  }
+
+  /**
+   * Why: Generates a deterministic cache key from the Knex query builder's compiled SQL + bindings.
+   * SHA-256 ensures fixed-length keys regardless of query complexity.
+   * Sorting bindings is unnecessary — Knex preserves parameter order deterministically.
+   *
+   * @param {string} connection - Connection key (e.g., 'default', 'analytics')
+   * @param {string} table - Table name
+   * @param {object} queryBuilder - Knex query builder instance
+   * @returns {string} Cache key in format rc:{connection}:{table}:{hash}
+   */
+  buildKey(connection, table, queryBuilder) {
+    const {sql, bindings} = queryBuilder.toSQL()
+    const hash = nodeCrypto
+      .createHash('sha256')
+      .update(`${sql}:${JSON.stringify(bindings)}`)
+      .digest('hex')
+    return `rc:${connection}:${table}:${hash}`
+  }
+
+  /**
+   * Why: Core read-through logic. Returns cached result on HIT, executes query on MISS.
+   * TTL ensures eventual consistency even without explicit invalidation.
+   *
+   * @param {string} connection - Connection key
+   * @param {string} table - Table name
+   * @param {object} queryBuilder - Knex query builder (used for key generation via .toSQL())
+   * @param {function} executeFn - Callback that executes the original DB query (avoids .then() recursion)
+   * @param {number} ttl - Time-to-live in seconds
+   * @returns {Promise<*>} Query result (from cache or DB)
+   */
+  async get(connection, table, queryBuilder, executeFn, ttl) {
+    const effectiveTtl = ttl || this._config.ttl
+    const cacheKey = this.buildKey(connection, table, queryBuilder)
+
+    // O(1) cache lookup via Ipc — sentinel envelope {__v} distinguishes "cached null" from MISS
+    const cached = await Odac.Ipc.get(cacheKey)
+    if (cached !== null && typeof cached === 'object' && '__v' in cached) return cached.__v
+
+    // MISS — execute the actual DB query via the original (unwrapped) .then()
+    const result = await executeFn()
+
+    // Guard against exceeding maxKeys to prevent unbounded memory growth
+    const indexKey = `rc:idx:${connection}:${table}`
+    const currentKeys = await Odac.Ipc.smembers(indexKey)
+
+    if (currentKeys.length < this._config.maxKeys) {
+      await Odac.Ipc.set(cacheKey, {__v: result}, effectiveTtl)
+      await Odac.Ipc.sadd(indexKey, cacheKey)
+
+      // Cross-table invalidation: register cache key in joined tables' indexes too.
+      // Why: A query like posts.join('users').cache().select() must be invalidated
+      // when EITHER posts OR users is written to. Without this, a users.insert()
+      // would leave stale joined data in the posts cache.
+      const joinedTables = this._extractJoinedTables(queryBuilder)
+      for (const joinedTable of joinedTables) {
+        await Odac.Ipc.sadd(`rc:idx:${connection}:${joinedTable}`, cacheKey)
+      }
+    }
+
+    return result
+  }
+
+  /**
+   * Why: Purges all cached queries for a specific table. Called automatically on
+   * insert/update/delete via Database.js proxy intercept.
+   * Table-level granularity is intentional — row-level invalidation would require
+   * parsing WHERE clauses of cached queries, which is O(n) and error-prone.
+   *
+   * @param {string} connection - Connection key
+   * @param {string} table - Table name
+   * @returns {Promise<void>}
+   */
+  async invalidate(connection, table) {
+    if (!global.Odac?.Ipc) return
+
+    const indexKey = `rc:idx:${connection}:${table}`
+    const keys = await Odac.Ipc.smembers(indexKey)
+
+    if (keys.length === 0) return
+
+    // Delete all cached entries in parallel
+    await Promise.all(keys.map(key => Odac.Ipc.del(key)))
+    await Odac.Ipc.del(indexKey)
+  }
+
+  /**
+   * Why: Extracts table names from JOIN clauses in a Knex query builder.
+   * Used to register cache keys in joined tables' indexes for cross-table invalidation.
+   * Parses Knex's internal _statements array — entries with a joinType property
+   * contain the joined table name. Handles aliased tables (e.g., 'users as u' → 'users').
+   *
+   * @param {object} queryBuilder - Knex query builder instance
+   * @returns {string[]} Array of joined table names (deduplicated)
+   */
+  _extractJoinedTables(queryBuilder) {
+    const statements = queryBuilder._statements
+    if (!statements || !Array.isArray(statements)) return []
+
+    const tables = new Set()
+    for (const stmt of statements) {
+      if (!stmt.joinType || !stmt.table) continue
+      // Handle aliased tables: 'users as u' → 'users'
+      const tableName = String(stmt.table)
+        .split(/\s+as\s+/i)[0]
+        .trim()
+      if (tableName) tables.add(tableName)
+    }
+    return [...tables]
+  }
+
+  /**
+   * Why: Targeted invalidation — clears cache entries whose query hash matches
+   * a specific WHERE condition. Falls back to full table invalidation since
+   * precise row-level matching against arbitrary cached SQL is not feasible.
+   * Exposed as Odac.DB.posts.cache.clear({id: 5}) for semantic clarity,
+   * but internally equivalent to table-level purge.
+   *
+   * @param {string} connection - Connection key
+   * @param {string} table - Table name
+   * @returns {Promise<void>}
+   */
+  async clear(connection, table) {
+    return this.invalidate(connection, table)
+  }
+}
+
+module.exports = new ReadCache()

package/src/Database.js

@@ -1,6 +1,7 @@
 'use strict'
 const {buildConnections} = require('./Database/ConnectionFactory')
 const nanoid = require('./Database/nanoid')
+const readCache = require('./Database/ReadCache')
 const writeBuffer = require('./Database/WriteBuffer')
 
 class DatabaseManager {
@@ -33,6 +34,9 @@ class DatabaseManager {
     // Runs on ALL processes (primary + workers) since every process may insert data.
     this._loadNanoidMeta()
 
+    // Initialize Read-Through Cache (all processes — every worker may read cached data)
+    readCache.init()
+
     // Initialize Write-Behind Cache (Primary holds state, Workers communicate via IPC)
     await writeBuffer.init(this.connections)
   }
@@ -200,6 +204,54 @@ const tableProxyHandler = {
       flush: () => writeBuffer.flush(connectionKey, prop)
     }
 
+    // Read-Through Cache: Odac.DB.posts.cache(60).where({active: true}).select('id', 'title')
+    //                     Odac.DB.posts.cache().where({id: 5}).first()
+    //                     Odac.DB.posts.cache.clear()
+    // Why: Returns a Proxy that intercepts .then() to inject cache lookup before DB execution.
+    // The ttl parameter on cache() sets per-query TTL; omit for config default.
+    const cacheFactory = ttl => {
+      const cachedQb = knexInstance(prop)
+      cachedQb._odacCacheTtl = ttl || 0
+
+      // Capture the ORIGINAL .then() before overriding — prevents infinite recursion
+      // when ReadCache.get() needs to execute the actual DB query on cache MISS.
+      const originalCacheThen = cachedQb.then.bind(cachedQb)
+      cachedQb.then = function (resolve, reject) {
+        const executeFn = () => new Promise((res, rej) => originalCacheThen(res, rej))
+        return readCache.get(connectionKey, prop, this, executeFn, this._odacCacheTtl).then(resolve, reject)
+      }
+
+      return cachedQb
+    }
+
+    qb.cache = Object.assign(cacheFactory, {
+      clear: () => readCache.clear(connectionKey, prop)
+    })
+
+    // Automatic cache invalidation on write operations (insert/update/delete/truncate).
+    // Why: Prevents stale reads — any mutation on a table purges all cached SELECT results.
+    // Write methods are terminal (no further chaining after await), so wrapping the return
+    // as a simple thenable is safe and avoids .then() override conflicts with count/other wraps.
+    const wrapWithInvalidation = original =>
+      function (...args) {
+        const qbResult = original.apply(this, args)
+        const thenable = {
+          then: (resolve, reject) =>
+            qbResult.then(res => readCache.invalidate(connectionKey, prop).then(() => res), reject).then(resolve, reject),
+          catch: fn => thenable.then(undefined, fn)
+        }
+        return thenable
+      }
+
+    const originalUpdate = qb.update
+    const originalDelete = qb.delete
+    const originalDel = qb.del
+    const originalTruncate = qb.truncate
+    qb.update = wrapWithInvalidation(originalUpdate)
+    qb.delete = wrapWithInvalidation(originalDelete)
+    qb.del = wrapWithInvalidation(originalDel)
+    qb.truncate = wrapWithInvalidation(originalTruncate)
+
     // Odac DX Improvement: Wrap count() to return a clean number
     const originalCount = qb.count
     qb.count = function (...args) {
@@ -228,6 +280,10 @@ const tableProxyHandler = {
       }
     }
 
+    // Cache invalidation for insert — applied AFTER nanoid wrap so both paths are covered.
+    const currentInsert = qb.insert
+    qb.insert = wrapWithInvalidation(currentInsert)
+
     const originalThen = qb.then
     qb.then = function (resolve, reject) {
       if (this._odacIsCount) {
@@ -288,6 +344,13 @@ const rootProxy = new Proxy(manager, {
       }
     }
 
+    // Global ReadCache: Odac.DB.cache.clear(connection, table)
+    if (prop === 'cache') {
+      return {
+        clear: (connection, table) => readCache.clear(connection, table)
+      }
+    }
+
     // Access to specific database connection: Odac.DB.analytics
     if (target.connections[prop]) {
       return new Proxy(target.connections[prop], tableProxyHandler)

package/src/Validator.js

@@ -224,7 +224,7 @@ class Validator {
                     error = value && value !== '' && !this.#odac.Var(value).is('url')
                     break
                   case 'username':
-                    error = value && value !== '' && !/^[a-zA-Z0-9]+$/.test(value)
+                    error = value && value !== '' && !this.#odac.Var(value).is('username')
                     break
                   case 'xss':
                     error = value && value !== '' && /<[^>]*>/g.test(value)

package/src/Var.js

@@ -139,6 +139,7 @@ class Var {
           /([0-9#][\u20E3])|[\u00ae\u00a9\u203C\u2047\u2048\u2049\u3030\u303D\u2139\u2122\u3297\u3299][\uFE00-\uFEFF]?|[\u2190-\u21FF][\uFE00-\uFEFF]?|[\u2300-\u23FF][\uFE00-\uFEFF]?|[\u2460-\u24FF][\uFE00-\uFEFF]?|[\u25A0-\u25FF][\uFE00-\uFEFF]?|[\u2600-\u27BF][\uFE00-\uFEFF]?|[\u2900-\u297F][\uFE00-\uFEFF]?|[\u2B00-\u2BF0][\uFE00-\uFEFF]?|[\u1F000-\u1F6FF][\uFE00-\uFEFF]?/u.test(
             this.#value
           ))
+    if (args.includes('username')) result = (result || any) && ((any && result) || /^[a-zA-Z0-9]+$/.test(this.#value))
     if (args.includes('xss')) result = (result || any) && ((any && result) || this.#value == this.#value.replace(/<[^>]*>/g, ''))
     return result
   }