s3db.js 18.0.11-next.1534f717 → 18.0.11-next.47047b5d

package/src/concerns/plugin-storage.ts

@@ -597,6 +597,150 @@ export class PluginStorage {
     return Promise.all(promises);
   }
 
+  /**
+   * Set data only if the key does not exist (conditional PUT).
+   * Uses ifNoneMatch: '*' to ensure atomicity.
+   * @returns The ETag (version) if set succeeded, null if key already exists.
+   */
+  async setIfNotExists(key: string, data: Record<string, unknown>, options: PluginStorageSetOptions = {}): Promise<string | null> {
+    const [ok, err, response] = await tryFn(() => this.set(key, data, { ...options, ifNoneMatch: '*' }));
+
+    if (!ok) {
+      const error = err as { name?: string; code?: string; statusCode?: number } | undefined;
+      // PreconditionFailed (412) or similar means key already exists
+      if (
+        error?.name === 'PreconditionFailed' ||
+        error?.code === 'PreconditionFailed' ||
+        error?.statusCode === 412
+      ) {
+        return null;
+      }
+      throw err;
+    }
+
+    return response?.ETag ?? null;
+  }
+
+  /**
+   * Get data along with its version (ETag) for conditional updates.
+   * @returns Object with data and version, or { data: null, version: null } if not found.
+   */
+  async getWithVersion(key: string): Promise<{ data: Record<string, unknown> | null; version: string | null }> {
+    const [ok, err, response] = await tryFn<GetObjectResponse>(() => this.client.getObject(key));
+
+    if (!ok || !response) {
+      const error = err as { name?: string; code?: string; Code?: string; statusCode?: number } | undefined;
+      if (
+        error?.name === 'NoSuchKey' ||
+        error?.code === 'NoSuchKey' ||
+        error?.Code === 'NoSuchKey' ||
+        error?.statusCode === 404
+      ) {
+        return { data: null, version: null };
+      }
+      throw new PluginStorageError(`Failed to retrieve plugin data with version`, {
+        pluginSlug: this.pluginSlug,
+        key,
+        operation: 'getWithVersion',
+        original: err,
+        suggestion: 'Check if the key exists and S3 permissions are correct'
+      });
+    }
+
+    const metadata = response.Metadata || {};
+    const parsedMetadata = this._parseMetadataValues(metadata);
+    let data: Record<string, unknown> = parsedMetadata;
+
+    if (response.Body) {
+      const [parseOk, parseErr, result] = await tryFn(async () => {
+        const bodyContent = await response.Body!.transformToString();
+        if (bodyContent && bodyContent.trim()) {
+          const body = JSON.parse(bodyContent);
+          return { ...parsedMetadata, ...body };
+        }
+        return parsedMetadata;
+      });
+
+      if (!parseOk || !result) {
+        throw new PluginStorageError(`Failed to parse JSON body`, {
+          pluginSlug: this.pluginSlug,
+          key,
+          operation: 'getWithVersion',
+          original: parseErr,
+          suggestion: 'Body content may be corrupted'
+        });
+      }
+
+      data = result;
+    }
+
+    // Check expiration
+    const expiresAt = (data._expiresat || data._expiresAt) as number | undefined;
+    if (expiresAt && Date.now() > expiresAt) {
+      await this.delete(key);
+      return { data: null, version: null };
+    }
+
+    // Clean up internal fields
+    delete data._expiresat;
+    delete data._expiresAt;
+
+    // Extract ETag from response - need to get it from headObject since getObject may not return it
+    const [headOk, , headResponse] = await tryFn<HeadObjectResponse & { ETag?: string }>(() =>
+      this.client.headObject(key)
+    );
+    const version = headOk && headResponse ? (headResponse as any).ETag ?? null : null;
+
+    return { data, version };
+  }
+
+  /**
+   * Set data only if the current version matches (conditional PUT).
+   * Uses ifMatch to ensure no concurrent modifications.
+   * @returns The new ETag (version) if set succeeded, null if version mismatch.
+   */
+  async setIfVersion(key: string, data: Record<string, unknown>, version: string, options: PluginStorageSetOptions = {}): Promise<string | null> {
+    const [ok, err, response] = await tryFn(() => this.set(key, data, { ...options, ifMatch: version }));
+
+    if (!ok) {
+      const error = err as { name?: string; code?: string; statusCode?: number } | undefined;
+      // PreconditionFailed (412) means version mismatch
+      if (
+        error?.name === 'PreconditionFailed' ||
+        error?.code === 'PreconditionFailed' ||
+        error?.statusCode === 412
+      ) {
+        return null;
+      }
+      throw err;
+    }
+
+    return response?.ETag ?? null;
+  }
+
+  /**
+   * Delete data only if the current version matches (conditional DELETE).
+   * @returns true if deleted, false if version mismatch or key not found.
+   */
+  async deleteIfVersion(key: string, version: string): Promise<boolean> {
+    // First verify the version matches
+    const [headOk, , headResponse] = await tryFn<HeadObjectResponse & { ETag?: string }>(() =>
+      this.client.headObject(key)
+    );
+
+    if (!headOk || !headResponse) {
+      return false;
+    }
+
+    const currentVersion = (headResponse as any).ETag;
+    if (currentVersion !== version) {
+      return false;
+    }
+
+    const [deleteOk] = await tryFn(() => this.client.deleteObject(key));
+    return deleteOk;
+  }
+
   async acquireLock(lockName: string, options: AcquireOptions = {}): Promise<LockHandle | null> {
     return this._lock.acquire(lockName, options);
   }

package/src/concerns/s3-errors.ts

@@ -0,0 +1,97 @@
+/**
+ * S3 Error Classification Utilities
+ *
+ * Provides consistent error classification across all S3 operations.
+ * Handles differences between AWS SDK v3, MinIO, and other S3-compatible clients.
+ */
+
+interface S3ErrorLike {
+  name?: string;
+  code?: string;
+  Code?: string;
+  statusCode?: number;
+  $metadata?: {
+    httpStatusCode?: number;
+  };
+  message?: string;
+}
+
+/**
+ * Checks if an error indicates the object/resource was not found.
+ * Handles various S3 client error formats (AWS SDK v3, MinIO, etc.)
+ */
+export function isNotFoundError(error: unknown): boolean {
+  if (!error) return false;
+
+  const err = error as S3ErrorLike;
+
+  return (
+    err.name === 'NoSuchKey' ||
+    err.name === 'NotFound' ||
+    err.code === 'NoSuchKey' ||
+    err.code === 'NotFound' ||
+    err.Code === 'NoSuchKey' ||
+    err.Code === 'NotFound' ||
+    err.statusCode === 404 ||
+    err.$metadata?.httpStatusCode === 404 ||
+    (typeof err.message === 'string' && err.message.includes('NoSuchKey'))
+  );
+}
+
+/**
+ * Checks if an error indicates access was denied.
+ */
+export function isAccessDeniedError(error: unknown): boolean {
+  if (!error) return false;
+
+  const err = error as S3ErrorLike;
+
+  return (
+    err.name === 'AccessDenied' ||
+    err.code === 'AccessDenied' ||
+    err.Code === 'AccessDenied' ||
+    err.statusCode === 403 ||
+    err.$metadata?.httpStatusCode === 403
+  );
+}
+
+/**
+ * Checks if an error is a transient/retriable error (network, timeout, etc.)
+ */
+export function isTransientError(error: unknown): boolean {
+  if (!error) return false;
+
+  const err = error as S3ErrorLike;
+  const statusCode = err.statusCode || err.$metadata?.httpStatusCode;
+
+  if (statusCode && statusCode >= 500 && statusCode < 600) {
+    return true;
+  }
+
+  if (statusCode === 429) {
+    return true;
+  }
+
+  const retriableNames = [
+    'TimeoutError',
+    'RequestTimeout',
+    'NetworkError',
+    'ECONNRESET',
+    'ETIMEDOUT',
+    'ENOTFOUND',
+    'SocketError',
+    'ServiceUnavailable',
+    'SlowDown',
+    'ThrottlingException',
+  ];
+
+  if (err.name && retriableNames.includes(err.name)) {
+    return true;
+  }
+
+  if (err.code && retriableNames.includes(err.code)) {
+    return true;
+  }
+
+  return false;
+}

package/src/concerns/s3-key.ts

@@ -0,0 +1,62 @@
+/**
+ * S3 Key Utilities
+ *
+ * S3 keys always use POSIX-style forward slashes regardless of the operating system.
+ * These utilities ensure consistent key construction across all platforms.
+ */
+
+import { ValidationError } from '../errors.js';
+
+/**
+ * Join path segments for S3 keys using forward slashes.
+ * Unlike path.join(), this always uses '/' as separator.
+ * Also normalizes any backslashes within segments to forward slashes.
+ */
+export function joinS3Key(...segments: string[]): string {
+  return segments
+    .filter(s => s && s.length > 0)
+    .join('/')
+    .replace(/\\/g, '/')
+    .replace(/\/+/g, '/');
+}
+
+/**
+ * Normalize an S3 key by replacing backslashes with forward slashes.
+ * Useful when migrating keys that may have been incorrectly constructed.
+ */
+export function normalizeS3Key(key: string): string {
+  return key.replace(/\\/g, '/').replace(/\/+/g, '/');
+}
+
+const UNSAFE_KEY_CHARS = /[\\\/=%]/;
+
+/**
+ * Validates that a value is safe for use in S3 keys.
+ * IDs and partition values must be URL-friendly (no /, \, =, or %).
+ * Returns true if valid, false if contains unsafe characters.
+ */
+export function isValidS3KeySegment(value: string): boolean {
+  return !UNSAFE_KEY_CHARS.test(value);
+}
+
+/**
+ * Validates a value for S3 key usage, throwing ValidationError if invalid.
+ * Use this for IDs and partition values.
+ * Accepts any value type - coerces to string for validation.
+ */
+export function validateS3KeySegment(value: unknown, context: string): void {
+  const strValue = String(value);
+  if (UNSAFE_KEY_CHARS.test(strValue)) {
+    const invalidChars = strValue.match(UNSAFE_KEY_CHARS);
+    throw new ValidationError(
+      `Invalid ${context}: contains unsafe character '${invalidChars?.[0]}'`,
+      {
+        field: context,
+        value: strValue,
+        constraint: 'url-safe',
+        statusCode: 400,
+        suggestion: 'IDs and partition values must be URL-friendly (no /, \\, =, or %). Use alphanumeric characters, hyphens, or underscores.'
+      }
+    );
+  }
+}

package/src/concerns/safe-merge.ts

@@ -0,0 +1,60 @@
+/**
+ * Safe Merge Utilities
+ *
+ * Provides functions to sanitize object keys before merging,
+ * preventing prototype pollution attacks via __proto__, constructor, or prototype keys.
+ */
+
+const DANGEROUS_KEYS = ['__proto__', 'constructor', 'prototype'] as const;
+
+/**
+ * Check if a key is dangerous for object property assignment.
+ * Handles both simple keys and dot-notation paths.
+ */
+export function isDangerousKey(key: string): boolean {
+  if (DANGEROUS_KEYS.includes(key as typeof DANGEROUS_KEYS[number])) {
+    return true;
+  }
+
+  if (key.includes('.')) {
+    return key.split('.').some(part =>
+      DANGEROUS_KEYS.includes(part as typeof DANGEROUS_KEYS[number])
+    );
+  }
+
+  return false;
+}
+
+/**
+ * Filter out dangerous keys from an object.
+ * Returns a new object with only safe keys.
+ */
+export function sanitizeKeys<T extends Record<string, unknown>>(obj: T): T {
+  return Object.fromEntries(
+    Object.entries(obj).filter(([key]) => !isDangerousKey(key))
+  ) as T;
+}
+
+/**
+ * Recursively sanitize an object, removing dangerous keys at all levels.
+ * Use this for deep merge operations.
+ */
+export function sanitizeDeep<T>(obj: T): T {
+  if (obj === null || typeof obj !== 'object') {
+    return obj;
+  }
+
+  if (Array.isArray(obj)) {
+    return obj.map(item => sanitizeDeep(item)) as T;
+  }
+
+  const result: Record<string, unknown> = {};
+
+  for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {
+    if (!isDangerousKey(key)) {
+      result[key] = sanitizeDeep(value);
+    }
+  }
+
+  return result as T;
+}

package/src/core/resource-config-validator.ts

@@ -1,4 +1,5 @@
 import type { StringRecord } from '../types/common.types.js';
+import { isValidS3KeySegment } from '../concerns/s3-key.js';
 
 export interface PartitionFieldsDef {
   [fieldName: string]: string;
@@ -62,6 +63,8 @@ export function validateResourceConfig(config: ResourceConfigInput): ValidationR
     errors.push("Resource 'name' must be a string");
   } else if (config.name.trim() === '') {
     errors.push("Resource 'name' cannot be empty");
+  } else if (!isValidS3KeySegment(config.name)) {
+    errors.push(`Resource 'name' must be URL-friendly (no /, \\, =, or %). Got: '${config.name}'`);
   }
 
   if (!config.client) {
@@ -128,7 +131,9 @@ export function validateResourceConfig(config: ResourceConfigInput): ValidationR
       errors.push("Resource 'partitions' must be an object");
     } else {
       for (const [partitionName, partitionDef] of Object.entries(config.partitions)) {
-        if (typeof partitionDef !== 'object' || Array.isArray(partitionDef)) {
+        if (!isValidS3KeySegment(partitionName)) {
+          errors.push(`Partition name '${partitionName}' must be URL-friendly (no /, \\, =, or %)`);
+        } else if (typeof partitionDef !== 'object' || Array.isArray(partitionDef)) {
           errors.push(`Partition '${partitionName}' must be an object`);
         } else if (!partitionDef.fields) {
           errors.push(`Partition '${partitionName}' must have a 'fields' property`);
@@ -136,7 +141,9 @@ export function validateResourceConfig(config: ResourceConfigInput): ValidationR
           errors.push(`Partition '${partitionName}.fields' must be an object`);
         } else {
           for (const [fieldName, fieldType] of Object.entries(partitionDef.fields)) {
-            if (typeof fieldType !== 'string') {
+            if (!isValidS3KeySegment(fieldName)) {
+              errors.push(`Partition field '${fieldName}' must be URL-friendly (no /, \\, =, or %)`);
+            } else if (typeof fieldType !== 'string') {
               errors.push(`Partition '${partitionName}.fields.${fieldName}' must be a string`);
             }
           }

package/src/core/resource-partitions.class.ts

@@ -1,5 +1,6 @@
 import { join } from 'path';
 import { tryFn } from '../concerns/try-fn.js';
+import { validateS3KeySegment } from '../concerns/s3-key.js';
 import { PartitionError, ResourceError } from '../errors.js';
 import type { StringRecord } from '../types/common.types.js';
 
@@ -361,7 +362,11 @@ export class ResourcePartitions {
   }
 
   extractValuesFromKey(id: string, keys: string[], sortedFields: Array<[string, string]>): StringRecord {
-    const keyForId = keys.find(key => key.includes(`id=${id}`));
+    const idSegment = `id=${id}`;
+    const keyForId = keys.find(key => {
+      const segments = key.split('/');
+      return segments.some(segment => segment === idSegment);
+    });
     if (!keyForId) {
       throw new PartitionError(`Partition key not found for ID ${id}`, {
         resourceName: this.resource.name,
@@ -547,6 +552,14 @@ export class ResourcePartitions {
   }
 
   async getFromPartition({ id, partitionName, partitionValues = {} }: GetFromPartitionParams): Promise<ResourceData> {
+    validateS3KeySegment(id, 'id');
+
+    for (const [fieldName, value] of Object.entries(partitionValues)) {
+      if (value !== undefined && value !== null) {
+        validateS3KeySegment(value, `partitionValues.${fieldName}`);
+      }
+    }
+
     const partitions = this.getPartitions();
     if (!partitions || !partitions[partitionName]) {
       throw new PartitionError(`Partition '${partitionName}' not found`, {

package/src/core/resource-persistence.class.ts

@@ -1,6 +1,8 @@
 import { tryFn } from '../concerns/try-fn.js';
 import { isEmpty, isObject } from 'lodash-es';
 import { getBehavior } from '../behaviors/index.js';
+import { isNotFoundError } from '../concerns/s3-errors.js';
+import { sanitizeDeep } from '../concerns/safe-merge.js';
 import { calculateTotalSize, calculateEffectiveLimit } from '../concerns/calculator.js';
 import { mapAwsError, InvalidResourceItem, ResourceError, ValidationError } from '../errors.js';
 import { streamToString } from '../stream/index.js';
@@ -240,11 +242,11 @@ export class ResourcePersistence {
     }
 
     const attributesWithDefaults = this.validator.applyDefaults(attributes);
-    const completeData: ResourceData = id !== undefined
+    const completeData: ResourceData = sanitizeDeep(id !== undefined
       ? { id, ...attributesWithDefaults }
-      : { ...attributesWithDefaults };
+      : { ...attributesWithDefaults }) as ResourceData;
 
-    const preProcessedData = await this.resource.executeHooks('beforeInsert', completeData) as ResourceData;
+    const preProcessedData = sanitizeDeep(await this.resource.executeHooks('beforeInsert', completeData)) as ResourceData;
 
     const extraProps = Object.keys(preProcessedData).filter(
       k => !(k in completeData) || preProcessedData[k] !== completeData[k]
@@ -501,7 +503,7 @@ export class ResourcePersistence {
   async getOrNull(id: string): Promise<ResourceData | null> {
     const [ok, err, data] = await tryFn<ResourceData>(() => this.get(id));
 
-    if (!ok && err && ((err as Error & { name?: string }).name === 'NoSuchKey' || (err as Error).message?.includes('NoSuchKey'))) {
+    if (!ok && err && isNotFoundError(err)) {
       return null;
     }
 
@@ -512,7 +514,7 @@ export class ResourcePersistence {
   async getOrThrow(id: string): Promise<ResourceData> {
     const [ok, err, data] = await tryFn<ResourceData>(() => this.get(id));
 
-    if (!ok && err && ((err as Error & { name?: string }).name === 'NoSuchKey' || (err as Error).message?.includes('NoSuchKey'))) {
+    if (!ok && err && isNotFoundError(err)) {
       throw new ResourceError(`Resource '${this.name}' with id '${id}' not found`, {
         resourceName: this.name,
         operation: 'getOrThrow',
@@ -529,7 +531,13 @@ export class ResourcePersistence {
     await this.resource.executeHooks('beforeExists', { id });
 
     const key = this.resource.getResourceKey(id);
-    const [ok] = await tryFn(() => this.client.headObject(key));
+    const [ok, err] = await tryFn(() => this.client.headObject(key));
+
+    if (!ok && err) {
+      if (!isNotFoundError(err)) {
+        throw err;
+      }
+    }
 
     await this.resource.executeHooks('afterExists', { id, exists: ok });
     return ok;
@@ -728,7 +736,9 @@ export class ResourcePersistence {
       (mergedData.metadata as StringRecord).updatedAt = now;
     }
 
-    const preProcessedData = await this.resource.executeHooks('beforeUpdate', mergedData) as ResourceData;
+    mergedData = sanitizeDeep(mergedData) as ResourceData;
+
+    const preProcessedData = sanitizeDeep(await this.resource.executeHooks('beforeUpdate', mergedData)) as ResourceData;
     const completeData = { ...originalData, ...preProcessedData, id };
 
     const { isValid, errors, data } = await this.resource.validate(completeData, { includeId: true });
@@ -794,10 +804,6 @@ export class ResourcePersistence {
       if (okParse) finalContentType = 'application/json';
     }
 
-    if (this.versioningEnabled && originalData._v !== this.version) {
-      await this.resource.createHistoricalVersion(id, originalData);
-    }
-
     const [ok, err] = await tryFn(() => this.client.putObject({
       key,
       body: finalBody,
@@ -843,6 +849,18 @@ export class ResourcePersistence {
       });
     }
 
+    if (this.versioningEnabled && originalData._v !== this.version) {
+      const [okHistory, errHistory] = await tryFn(() => this.resource.createHistoricalVersion(id, originalData));
+      if (!okHistory) {
+        this.resource.emit('historyError', {
+          operation: 'update',
+          id,
+          error: errHistory,
+          message: (errHistory as Error).message
+        });
+      }
+    }
+
     const updatedData = await this.resource.composeFullObjectFromWrite({
       id,
       metadata: finalMetadata,
@@ -985,6 +1003,8 @@ export class ResourcePersistence {
       mergedData.updatedAt = new Date().toISOString();
     }
 
+    mergedData = sanitizeDeep(mergedData) as ResourceData;
+
     const { isValid, errors } = await this.validator.validate(mergedData);
     if (!isValid) {
       throw new ValidationError('Validation failed during patch', {
@@ -1057,7 +1077,7 @@ export class ResourcePersistence {
       attributesWithDefaults.updatedAt = new Date().toISOString();
     }
 
-    const completeData: ResourceData = { id, ...attributesWithDefaults };
+    const completeData: ResourceData = sanitizeDeep({ id, ...attributesWithDefaults }) as ResourceData;
 
     const {
       errors,
@@ -1230,7 +1250,9 @@ export class ResourcePersistence {
       (mergedData.metadata as StringRecord).updatedAt = now;
     }
 
-    const preProcessedData = await this.resource.executeHooks('beforeUpdate', mergedData) as ResourceData;
+    mergedData = sanitizeDeep(mergedData) as ResourceData;
+
+    const preProcessedData = sanitizeDeep(await this.resource.executeHooks('beforeUpdate', mergedData)) as ResourceData;
     const completeData = { ...originalData, ...preProcessedData, id };
 
     const { isValid, errors, data } = await this.resource.validate(completeData, { includeId: true });
@@ -1301,6 +1323,18 @@ export class ResourcePersistence {
       };
     }
 
+    if (this.versioningEnabled && originalData._v !== this.version) {
+      const [okHistory, errHistory] = await tryFn(() => this.resource.createHistoricalVersion(id, originalData));
+      if (!okHistory) {
+        this.resource.emit('historyError', {
+          operation: 'updateConditional',
+          id,
+          error: errHistory,
+          message: (errHistory as Error).message
+        });
+      }
+    }
+
     const updatedData = await this.resource.composeFullObjectFromWrite({
       id,
       metadata: processedMetadata,

package/src/core/resource-query.class.ts

@@ -400,60 +400,35 @@ export class ResourceQuery {
   }
 
   async page({ offset = 0, size = 100, partition = null, partitionValues = {}, skipCount = false }: PageParams = {}): Promise<PageResult> {
-    const [ok, err, result] = await tryFn<PageResult>(async () => {
-      let totalItems: number | null = null;
-      let totalPages: number | null = null;
-      if (!skipCount) {
-        const [okCount, , count] = await tryFn<number>(() => this.count({ partition, partitionValues }));
-        if (okCount && count !== undefined) {
-          totalItems = count;
-          totalPages = Math.ceil(totalItems / size);
-        }
-      }
+    const effectiveSize = size > 0 ? size : 100;
 
-      const page = Math.floor(offset / size);
-      let items: ResourceData[] = [];
-      if (size > 0) {
-        const [okList, , listResult] = await tryFn<ResourceData[]>(() => this.list({ partition, partitionValues, limit: size, offset }));
-        items = okList && listResult ? listResult : [];
-      }
+    let totalItems: number | null = null;
+    let totalPages: number | null = null;
+    if (!skipCount) {
+      totalItems = await this.count({ partition, partitionValues });
+      totalPages = Math.ceil(totalItems / effectiveSize);
+    }
 
-      const pageResult: PageResult = {
-        items,
-        totalItems,
-        page,
-        pageSize: size,
-        totalPages,
-        hasMore: items.length === size && (offset + size) < (totalItems || Infinity),
-        _debug: {
-          requestedSize: size,
-          requestedOffset: offset,
-          actualItemsReturned: items.length,
-          skipCount,
-          hasTotalItems: totalItems !== null
-        }
-      };
-      this.resource._emitStandardized('paginated', pageResult);
-      return pageResult;
-    });
+    const page = Math.floor(offset / effectiveSize);
+    const items = await this.list({ partition, partitionValues, limit: effectiveSize, offset });
 
-    if (ok && result) return result;
-    return {
-      items: [],
-      totalItems: null,
-      page: Math.floor(offset / size),
-      pageSize: size,
-      totalPages: null,
-      hasMore: false,
+    const pageResult: PageResult = {
+      items,
+      totalItems,
+      page,
+      pageSize: effectiveSize,
+      totalPages,
+      hasMore: items.length === effectiveSize && (offset + effectiveSize) < (totalItems || Infinity),
       _debug: {
         requestedSize: size,
         requestedOffset: offset,
-        actualItemsReturned: 0,
-        skipCount: skipCount,
-        hasTotalItems: false,
-        error: (err as Error).message
+        actualItemsReturned: items.length,
+        skipCount,
+        hasTotalItems: totalItems !== null
       }
     };
+    this.resource._emitStandardized('paginated', pageResult);
+    return pageResult;
   }
 
   async query(filter: StringRecord = {}, { limit = 100, offset = 0, partition = null, partitionValues = {} }: QueryOptions = {}): Promise<ResourceData[]> {