outlet-orm 10.0.0 → 11.1.0

package/src/AI/AIManager.js

@@ -90,66 +90,66 @@ class AIManager {
   /** @private */
   _buildProviderFromOptions(name, options) {
     switch (name) {
-      case 'openai': {
-        const api = options.api_key;
-        if (api) return new OpenAIProvider(api, options.chat_endpoint || 'https://api.openai.com/v1/chat/completions');
-        break;
-      }
-      case 'ollama': return new OllamaProvider(options.endpoint || 'http://localhost:11434');
-      case 'ollama_turbo': {
-        const api = options.api_key;
-        if (api) return new OllamaTurboProvider(api, options.endpoint || 'https://ollama.com');
-        break;
-      }
-      case 'onn': {
-        const api = options.api_key;
-        if (api) return new OnnProvider(api, options.endpoint || 'https://api.onn.ai/v1/chat');
-        break;
-      }
-      case 'gemini': {
-        const api = options.api_key;
-        if (api) return new GeminiProvider(api, options.endpoint);
-        break;
-      }
-      case 'grok': {
-        const api = options.api_key;
-        if (api) return new GrokProvider(api, options.endpoint);
-        break;
-      }
-      case 'claude': {
-        const api = options.api_key;
-        if (api) return new ClaudeProvider(api, options.endpoint);
-        break;
-      }
-      case 'mistral': {
-        const api = options.api_key;
-        if (api) return new MistralProvider(api, options.endpoint || 'https://api.mistral.ai/v1/chat/completions');
-        break;
-      }
-      case 'openai_custom': {
-        const api = options.api_key;
-        const base = options.base_url;
-        if (api && base) {
-          return new CustomOpenAIProvider(api, base, options.paths || {},
-            options.auth_header || 'Authorization', options.auth_prefix || BEARER_PREFIX,
-            options.extra_headers || {});
-        }
-        break;
+    case 'openai': {
+      const api = options.api_key;
+      if (api) return new OpenAIProvider(api, options.chat_endpoint || 'https://api.openai.com/v1/chat/completions');
+      break;
+    }
+    case 'ollama': return new OllamaProvider(options.endpoint || 'http://localhost:11434');
+    case 'ollama_turbo': {
+      const api = options.api_key;
+      if (api) return new OllamaTurboProvider(api, options.endpoint || 'https://ollama.com');
+      break;
+    }
+    case 'onn': {
+      const api = options.api_key;
+      if (api) return new OnnProvider(api, options.endpoint || 'https://api.onn.ai/v1/chat');
+      break;
+    }
+    case 'gemini': {
+      const api = options.api_key;
+      if (api) return new GeminiProvider(api, options.endpoint);
+      break;
+    }
+    case 'grok': {
+      const api = options.api_key;
+      if (api) return new GrokProvider(api, options.endpoint);
+      break;
+    }
+    case 'claude': {
+      const api = options.api_key;
+      if (api) return new ClaudeProvider(api, options.endpoint);
+      break;
+    }
+    case 'mistral': {
+      const api = options.api_key;
+      if (api) return new MistralProvider(api, options.endpoint || 'https://api.mistral.ai/v1/chat/completions');
+      break;
+    }
+    case 'openai_custom': {
+      const api = options.api_key;
+      const base = options.base_url;
+      if (api && base) {
+        return new CustomOpenAIProvider(api, base, options.paths || {},
+          options.auth_header || 'Authorization', options.auth_prefix || BEARER_PREFIX,
+          options.extra_headers || {});
       }
-      case 'openrouter': {
-        const api = options.api_key;
-        if (api) {
-          const base = options.base_url || 'https://openrouter.ai/api/v1';
-          const hdrs = {};
-          if (options.referer) hdrs['HTTP-Referer'] = options.referer;
-          if (options.title) hdrs['X-Title'] = options.title;
-          return new CustomOpenAIProvider(api, base,
-            { chat: '/chat/completions', embeddings: '/embeddings', image: '/images/generations', tts: '/audio/speech', stt: '/audio/transcriptions' },
-            'Authorization', BEARER_PREFIX, hdrs
-          );
-        }
-        break;
+      break;
+    }
+    case 'openrouter': {
+      const api = options.api_key;
+      if (api) {
+        const base = options.base_url || 'https://openrouter.ai/api/v1';
+        const hdrs = {};
+        if (options.referer) hdrs['HTTP-Referer'] = options.referer;
+        if (options.title) hdrs['X-Title'] = options.title;
+        return new CustomOpenAIProvider(api, base,
+          { chat: '/chat/completions', embeddings: '/embeddings', image: '/images/generations', tts: '/audio/speech', stt: '/audio/transcriptions' },
+          'Authorization', BEARER_PREFIX, hdrs
+        );
       }
+      break;
+    }
     }
     return null;
   }

package/src/AI/AIQueryBuilder.js

@@ -153,12 +153,12 @@ class AIQueryBuilder {
       let tables = [];
       if (dialect === 'pg' || dialect === 'postgresql') {
         const res = await this._connection.raw(
-          "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' AND table_type = 'BASE TABLE'"
+          'SELECT table_name FROM information_schema.tables WHERE table_schema = \'public\' AND table_type = \'BASE TABLE\''
         );
         tables = (res.rows || res).map(r => r.table_name);
       } else if (dialect === 'sqlite' || dialect === 'sqlite3') {
         const res = await this._connection.raw(
-          "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%'"
+          'SELECT name FROM sqlite_master WHERE type=\'table\' AND name NOT LIKE \'sqlite_%\''
         );
         tables = (Array.isArray(res) ? res : (res.rows || [])).map(r => r.name);
       } else {

package/src/AI/AIQueryOptimizer.js

@@ -143,10 +143,10 @@ RULES:
       const dialect = this._connection.config?.client || 'mysql';
       let tables = [];
       if (dialect === 'pg' || dialect === 'postgresql') {
-        const res = await this._connection.raw("SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'");
+        const res = await this._connection.raw('SELECT table_name FROM information_schema.tables WHERE table_schema = \'public\'');
         tables = (res.rows || res).map(r => r.table_name);
       } else if (dialect === 'sqlite' || dialect === 'sqlite3') {
-        const res = await this._connection.raw("SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%'");
+        const res = await this._connection.raw('SELECT name FROM sqlite_master WHERE type=\'table\' AND name NOT LIKE \'sqlite_%\'');
         tables = (Array.isArray(res) ? res : []).map(r => r.name);
       } else {
         const res = await this._connection.raw('SHOW TABLES');

package/src/AI/Contracts/AudioProviderContract.js

@@ -11,7 +11,7 @@ class AudioProviderContract {
    * @param {Object} [options={}]
    * @returns {Promise<{audio: string, mime: string}>} audio is base64-encoded
    */
-  async textToSpeech(text, options = {}) {
+  async textToSpeech(text, _options = {}) {
     throw new Error('Not implemented: textToSpeech()');
   }
 
@@ -21,7 +21,7 @@ class AudioProviderContract {
    * @param {Object} [options={}]
    * @returns {Promise<{text: string, raw?: Object}>}
    */
-  async speechToText(filePath, options = {}) {
+  async speechToText(filePath, _options = {}) {
     throw new Error('Not implemented: speechToText()');
   }
 }

package/src/AI/Contracts/ChatProviderContract.js

@@ -12,7 +12,7 @@ class ChatProviderContract {
    * @param {Object} [options={}]
    * @returns {Promise<Object>}
    */
-  async chat(messages, options = {}) {
+  async chat(messages, _options = {}) {
     throw new Error('Not implemented: chat()');
   }
 
@@ -22,7 +22,8 @@ class ChatProviderContract {
    * @param {Object} [options={}]
    * @yields {string|Object}
    */
-  async *stream(messages, options = {}) {
+  // eslint-disable-next-line require-yield
+  async *stream(messages, _options = {}) {
     throw new Error('Not implemented: stream()');
   }
 

package/src/AI/Contracts/EmbeddingsProviderContract.js

@@ -11,7 +11,7 @@ class EmbeddingsProviderContract {
    * @param {Object} [options={}]
    * @returns {Promise<{embeddings: number[][], usage?: Object, raw?: Object}>}
    */
-  async embeddings(inputs, options = {}) {
+  async embeddings(inputs, _options = {}) {
     throw new Error('Not implemented: embeddings()');
   }
 }

package/src/AI/Contracts/ImageProviderContract.js

@@ -11,7 +11,7 @@ class ImageProviderContract {
    * @param {Object} [options={}]
    * @returns {Promise<{images: Array, meta?: Object, raw?: Object}>}
    */
-  async generateImage(prompt, options = {}) {
+  async generateImage(prompt, _options = {}) {
     throw new Error('Not implemented: generateImage()');
   }
 }

package/src/AI/Contracts/ModelsProviderContract.js

@@ -18,7 +18,7 @@ class ModelsProviderContract {
    * @param {string} id
    * @returns {Promise<Object>}
    */
-  async getModel(id) {
+  async getModel(_id) {
     throw new Error('Not implemented: getModel()');
   }
 }

package/src/AI/Contracts/ToolContract.js

@@ -19,7 +19,7 @@ class ToolContract {
    * @param {Object} args
    * @returns {Promise<string>|string}
    */
-  execute(args) { throw new Error('Not implemented: execute()'); }
+  execute(_args) { throw new Error('Not implemented: execute()'); }
 }
 
 module.exports = ToolContract;

package/src/AI/MCPServer.js

@@ -442,7 +442,7 @@ class MCPServer extends EventEmitter {
 
   // ── migrate_reset ──────────────────────────────────────────────
 
-  async _toolMigrateReset(args) {
+  async _toolMigrateReset(_args) {
     // Consent already validated in _handleToolCall
     const conn = await this._getConnection();
     const { MigrationManager } = require('../../src');
@@ -517,9 +517,9 @@ class MCPServer extends EventEmitter {
       // Get all tables
       let query;
       if (driver === 'sqlite') {
-        query = "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' ORDER BY name";
+        query = 'SELECT name FROM sqlite_master WHERE type=\'table\' AND name NOT LIKE \'sqlite_%\' ORDER BY name';
       } else if (driver === 'postgres') {
-        query = "SELECT tablename AS name FROM pg_tables WHERE schemaname = 'public' ORDER BY tablename";
+        query = 'SELECT tablename AS name FROM pg_tables WHERE schemaname = \'public\' ORDER BY tablename';
       } else {
         query = 'SHOW TABLES';
       }

package/src/AI/Providers/CustomOpenAIProvider.js

@@ -1,7 +1,5 @@
 'use strict';
 
-const JsonSchemaValidator = require('../Support/JsonSchemaValidator');
-
 /**
  * CustomOpenAIProvider
  * Fully configurable OpenAI-compatible provider.

package/src/AI/Providers/GeminiProvider.js

@@ -18,7 +18,7 @@ class GeminiProvider {
   /** @private */
   _keyQuery() { return `?key=${this.apiKey}`; }
 
-  async chat(messages, options = {}) {
+  async chat(messages, _options = {}) {
     const userTexts = messages
       .filter(m => (m.role || '') !== 'system')
       .map(m => m.content);
@@ -46,7 +46,7 @@ class GeminiProvider {
 
   supportsStreaming() { return true; } // simulated
 
-  async embeddings(inputs, options = {}) {
+  async embeddings(inputs, _options = {}) {
     const vectors = [];
     for (const input of inputs) {
       const payload = {

package/src/AI/Providers/OpenAIProvider.js

@@ -1,10 +1,5 @@
 'use strict';
 
-const ChatProviderContract = require('../Contracts/ChatProviderContract');
-const EmbeddingsProviderContract = require('../Contracts/EmbeddingsProviderContract');
-const ImageProviderContract = require('../Contracts/ImageProviderContract');
-const AudioProviderContract = require('../Contracts/AudioProviderContract');
-const ModelsProviderContract = require('../Contracts/ModelsProviderContract');
 const JsonSchemaValidator = require('../Support/JsonSchemaValidator');
 const DocumentAttachmentMapper = require('../Support/DocumentAttachmentMapper');
 const fs = require('fs');

package/src/AI/Support/DocumentAttachmentMapper.js

@@ -26,46 +26,46 @@ class DocumentAttachmentMapper {
     for (const att of attachments) {
       if (att instanceof Document) {
         switch (att.kind) {
-          case 'text':
-            if (att.text != null) inlineTexts.push(att.text);
-            break;
-          case 'local':
-            if (att.path && sec.validateFile(att.path)) {
-              const mime = att.mime || 'application/octet-stream';
-              const b64 = fs.readFileSync(att.path).toString('base64');
-              if (mime.startsWith(IMAGE_PREFIX)) {
-                images.push(b64);
-              } else {
-                files.push({ name: path.basename(att.path), type: mime, content: b64 });
-              }
+        case 'text':
+          if (att.text != null) inlineTexts.push(att.text);
+          break;
+        case 'local':
+          if (att.path && sec.validateFile(att.path)) {
+            const mime = att.mime || 'application/octet-stream';
+            const b64 = fs.readFileSync(att.path).toString('base64');
+            if (mime.startsWith(IMAGE_PREFIX)) {
+              images.push(b64);
+            } else {
+              files.push({ name: path.basename(att.path), type: mime, content: b64 });
             }
-            break;
-          case 'base64':
-            if (att.base64 && att.mime) {
-              if (att.mime.startsWith(IMAGE_PREFIX)) {
-                images.push(att.base64);
-              } else {
-                files.push({ name: att.title || 'document', type: att.mime, content: att.base64 });
-              }
+          }
+          break;
+        case 'base64':
+          if (att.base64 && att.mime) {
+            if (att.mime.startsWith(IMAGE_PREFIX)) {
+              images.push(att.base64);
+            } else {
+              files.push({ name: att.title || 'document', type: att.mime, content: att.base64 });
             }
-            break;
-          case 'raw':
-            if (att.raw && att.mime) {
-              const b64 = Buffer.from(att.raw).toString('base64');
-              if (att.mime.startsWith(IMAGE_PREFIX)) {
-                images.push(b64);
-              } else {
-                files.push({ name: att.title || 'document', type: att.mime, content: b64 });
-              }
+          }
+          break;
+        case 'raw':
+          if (att.raw && att.mime) {
+            const b64 = Buffer.from(att.raw).toString('base64');
+            if (att.mime.startsWith(IMAGE_PREFIX)) {
+              images.push(b64);
+            } else {
+              files.push({ name: att.title || 'document', type: att.mime, content: b64 });
             }
-            break;
-          case 'chunks':
-            for (const c of att.chunks) inlineTexts.push(String(c));
-            break;
-          case 'url':
-          case 'file_id':
-          default:
-            break;
+          }
+          break;
+        case 'chunks':
+          for (const c of att.chunks) inlineTexts.push(String(c));
+          break;
+        case 'url':
+        case 'file_id':
+        default:
+          break;
         }
       } else if (typeof att === 'string' && sec.validateFile(att)) {
         const b64 = fs.readFileSync(att).toString('base64');

package/src/AI/Support/FileSecurity.js

@@ -31,7 +31,7 @@ class FileSecurity {
    * @param {boolean} [image=false]
    * @returns {boolean}
    */
-  validateFile(filePath, image = false) {
+  validateFile(filePath, _image = false) {
     try {
       if (!fs.existsSync(filePath)) return false;
       const stats = fs.statSync(filePath);

package/src/Backup/BackupManager.js

@@ -40,7 +40,7 @@ function quoteValue(val) {
   if (val === null || val === undefined) return 'NULL';
   if (typeof val === 'number' || typeof val === 'boolean') return String(val);
   // Escape single quotes
-  return `'${String(val).replace(/'/g, "''")}'`;
+  return `'${String(val).replace(/'/g, '\'\'')}'`;
 }
 
 /**
@@ -244,7 +244,7 @@ class BackupManager {
 
     for (const table of tables) {
       lines.push(`\n-- Table: ${table}`);
-      lines.push(`-- -----------------------------------------------------------`);
+      lines.push('-- -----------------------------------------------------------');
 
       // Schema
       const createSql = await this._getCreateTable(table);
@@ -302,13 +302,13 @@ class BackupManager {
     case 'postgres':
     case 'postgresql':
       rows = await this.connection.executeRawQuery(
-        "SELECT tablename AS name FROM pg_tables WHERE schemaname = 'public' ORDER BY tablename"
+        'SELECT tablename AS name FROM pg_tables WHERE schemaname = \'public\' ORDER BY tablename'
       );
       return rows.map((r) => r.name);
 
     case 'sqlite':
       rows = await this.connection.executeRawQuery(
-        "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' ORDER BY name"
+        'SELECT name FROM sqlite_master WHERE type=\'table\' AND name NOT LIKE \'sqlite_%\' ORDER BY name'
       );
       return rows.map((r) => r.name);
 
@@ -382,12 +382,12 @@ class BackupManager {
    */
   _sqlHeader(type) {
     return [
-      `-- outlet-orm backup`,
+      '-- outlet-orm backup',
       `-- type      : ${type}`,
       `-- driver    : ${this.connection.driver}`,
       `-- database  : ${this.connection.config?.database || '(unknown)'}`,
       `-- generated : ${new Date().toISOString()}`,
-      `-- ---------------------------------------------------------------`,
+      '-- ---------------------------------------------------------------',
     ].join('\n');
   }
 

package/src/Backup/BackupScheduler.js

@@ -74,7 +74,7 @@ class BackupScheduler {
       throw new Error('BackupScheduler: intervalMs must be >= 1000 (1 second)');
     }
     if (type === 'partial' && (!Array.isArray(config.tables) || config.tables.length === 0)) {
-      throw new Error("BackupScheduler: 'tables' array is required for partial backups");
+      throw new Error('BackupScheduler: \'tables\' array is required for partial backups');
     }
 
     const name = config.name || `${type}_${Date.now()}`;

package/src/Backup/BackupSocketServer.js

@@ -271,7 +271,7 @@ class BackupSocketServer extends events.EventEmitter {
         filePath = await runManager.full(options);
       } else if (type === 'partial') {
         if (!Array.isArray(tables) || tables.length === 0) {
-          throw new Error("'tables' array is required for partial backup");
+          throw new Error('\'tables\' array is required for partial backup');
         }
         filePath = await runManager.partial(tables, options);
       } else if (type === 'journal') {
@@ -284,7 +284,7 @@ class BackupSocketServer extends events.EventEmitter {
 
     case 'restore': {
       if (!msg.filePath) {
-        throw new Error("'filePath' is required for restore");
+        throw new Error('\'filePath\' is required for restore');
       }
       // Build a restore-capable manager (needs encryptionPassword if file is encrypted)
       const restoreOpts = Object.assign({}, this._managerOptions, {

package/src/DatabaseConnection.js

@@ -750,6 +750,57 @@ class DatabaseConnection {
     return result;
   }
 
+  /**
+   * Execute an aggregate function (SUM, AVG, MIN, MAX) on a column
+   * @param {string} table
+   * @param {string} fn - Aggregate function name (SUM, AVG, MIN, MAX)
+   * @param {string} column
+   * @param {Object} query
+   * @returns {Promise<number>}
+   */
+  async aggregate(table, fn, column, query) {
+    await this.connect();
+    const allowedFns = ['SUM', 'AVG', 'MIN', 'MAX'];
+    const safeFn = fn.toUpperCase();
+    if (!allowedFns.includes(safeFn)) {
+      throw new Error(`Invalid aggregate function: ${fn}`);
+    }
+    const safeTable = sanitizeIdentifier(table);
+    const safeColumn = sanitizeIdentifier(column);
+
+    const { whereClause, params } = this.buildWhereClause(query?.wheres || []);
+    const sql = `SELECT ${safeFn}(${safeColumn}) as result FROM ${safeTable}${whereClause}`;
+    const start = Date.now();
+
+    let result;
+    switch (this.driver) {
+    case 'mysql': {
+      const conn = this._getConnection();
+      const [rows] = await conn.execute(this.convertToDriverPlaceholder(sql), params);
+      result = rows[0].result;
+      break;
+    }
+    case 'postgres':
+    case 'postgresql': {
+      const conn = this._getConnection();
+      const pgResult = await conn.query(this.convertToDriverPlaceholder(sql, 'postgres'), params);
+      result = parseFloat(pgResult.rows[0].result);
+      break;
+    }
+    case 'sqlite':
+      result = await new Promise((resolve, reject) => {
+        this.connection.get(sql, params, (err, row) => {
+          if (err) reject(new Error(err.message || String(err)));
+          else resolve(row.result);
+        });
+      });
+      break;
+    }
+
+    logQuery(sql, params, Date.now() - start);
+    return result != null ? Number(result) : 0;
+  }
+
   /**
    * Execute a raw query and return normalized results.
    * ⚠️  SECURITY WARNING: The `sql` parameter is passed to the database driver without