merge dev to main (v3.0.0-alpha.22)

[ymc9]

Summary by CodeRabbit

• Bug Fixes

  • More reliable schema push: models are created in dependency order to prevent foreign-key and base-model issues.
  • Automatic base-model foreign key delegation with cascade on update/delete.
  • Consistent naming for primary key and unique constraints.

• Chores

  • Version bumped to 3.0.0-alpha.22 across packages.
  • Internal dependency and type updates in runtime; no public API changes.

[coderabbitai]

Walkthrough

This PR bumps versions across multiple package.json files, updates packages/runtime/package.json to add toposort and @types/toposort, and refactors packages/runtime/src/client/helpers/schema-db-pusher.ts to topologically sort model creation and adjust internal helper signatures and constraint naming.

Changes

Cohort / File(s)	Summary
Version bumps (manifests) package.json, packages/cli/package.json, packages/common-helpers/package.json, packages/create-zenstack/package.json, packages/dialects/sql.js/package.json, packages/eslint-config/package.json, packages/ide/vscode/package.json, packages/language/package.json, packages/sdk/package.json, packages/tanstack-query/package.json, packages/testtools/package.json, packages/typescript-config/package.json, packages/vitest-config/package.json, packages/zod/package.json, samples/blog/package.json, tests/e2e/package.json	Bump version from 3.0.0-alpha.21 to 3.0.0-alpha.22; no other changes.
Runtime manifest updates packages/runtime/package.json	Version bump; add dependency toposort ^2.0.2 and devDependency @types/toposort ^2.0.7; reorder dependency entry.
Runtime schema DB pusher refactor packages/runtime/src/client/helpers/schema-db-pusher.ts	Introduce topological sorting of ModelDef dependencies (base/foreign keys); adjust helper signatures to use ModelDef; update constraint naming; add base-model delegation FK; change field creation to use fieldDef.name.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I hop through graphs with toposort cheer,
Links in a line, dependencies clear.
Keys click-clack, constraints in a row,
Tables bloom where models should go.
Alpha dot twenty-two, carrots held high—
Ship it quick, let the migrations fly! 🥕✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Merge dev to main

I've completed a comprehensive review of this PR. Here are my findings:

Review Tasks:

• Analyze package.json version changes for consistency
• Review main code changes in schema-db-pusher.ts
• Check for code quality and best practices
• Identify potential bugs or issues
• Assess performance considerations
• Review security implications
• Evaluate test coverage needs

---

📋 Review Summary

✅ What's Good

Version Management:

• All 17 packages consistently updated to 3.0.0-alpha.22
• Proper addition of toposort dependency to runtime package

Code Quality - Delegate Model Implementation:

• Clean Architecture: The new delegate model support follows good separation of concerns
• Proper Dependency Management: Added toposort@^2.0.2 for topological sorting
• Type Safety: Good use of TypeScript with proper type annotations
• Error Handling: Uses invariant() for runtime assertions
• Pattern Matching: Elegant use of ts-pattern for cascade actions

⚠️ Areas of Concern

1. Performance Considerations:

• Medium Impact: The new sortModels() method runs on every push() call, building a graph and sorting it. For schemas with many models, this could become expensive
• Recommendation: Consider caching the sorted model list if schema doesn't change between pushes

2. Code Quality Issues:

• Minor: Some unused commented debug code was properly removed (good cleanup)
• API Change: Method signatures changed from accepting model names to ModelDef objects, which is actually an improvement for type safety

3. Potential Edge Cases:

// Lines 91-101: Delegate FK constraint creation
if (modelDef.baseModel) {
    table = table.addForeignKeyConstraint(
        `fk_${modelDef.baseModel}_delegate`,
        baseModelDef.idFields,
        modelDef.baseModel,
        baseModelDef.idFields,
        (cb) => cb.onDelete('cascade').onUpdate('cascade'),
    );
}

• Risk: No validation that baseModelDef.idFields and current model's ID fields are compatible
• Risk: Hardcoded cascade actions might not be appropriate for all use cases

4. Missing Error Handling:

// Line 71: Filter could potentially remove all models
.filter((m) => !!m);

• Risk: If toposort fails or returns unexpected results, this could silently filter out models

🔒 Security Assessment

Low Risk: No security vulnerabilities identified

• SQL injection protection maintained through Kysely's parameterized queries
• No user input directly used in SQL construction
• Proper use of invariant() for critical assumptions

🧪 Test Coverage Recommendations

The delegate model feature needs comprehensive testing:

1. Model Ordering Tests:

   // Test cases needed:
   - Models with no relationships
   - Circular foreign key references  
   - Deep inheritance hierarchies
   - Mixed delegate and regular models

2. Edge Case Tests:

   - Empty schema
   - Single model with base model
   - Multiple levels of inheritance
   - Base model with different ID field types

3. Database Integration Tests:

   • Verify FK constraints are properly created
   • Test cascade behavior on delete/update
   • Ensure inherited fields are handled correctly

---

🎯 Recommendations

High Priority:

1. Add performance optimization: Cache sorted models when schema is unchanged
2. Add validation: Verify ID field compatibility between base and concrete models
3. Comprehensive testing: The feature needs thorough test coverage for edge cases

Medium Priority:

1. Error handling: Add explicit error handling for toposort failures
2. Documentation: Consider adding JSDoc comments for the new delegate model features

Low Priority:

1. Logging: Consider adding debug logging for model creation order (dev environment only)

---

🏁 Overall Assessment

Verdict: ✅ Ready for merge with monitoring

This is a solid implementation of delegate model support that maintains code quality and follows established patterns. The main concerns are around performance optimization and test coverage, which should be addressed in follow-up work rather than blocking this release.

The version bump and package consistency are properly managed, making this a clean merge candidate for the alpha release.

---

[Copilot]

Pull Request Overview

This is a version bump PR that updates all packages from version 3.0.0-alpha.21 to 3.0.0-alpha.22 across the ZenStack monorepo. Additionally, it includes significant improvements to the database schema creation logic to handle model inheritance and foreign key dependencies through topological sorting.

• Version increment across all packages and samples from alpha.21 to alpha.22
• Enhanced schema database pusher with topological sorting for proper table creation order
• Added support for model inheritance in database table creation

Reviewed Changes

Copilot reviewed 18 out of 19 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Root package version bump
packages/*/package.json	Package version updates and dependency additions
samples/blog/package.json	Sample project version update
tests/e2e/package.json	E2E test package version update
packages/runtime/src/client/helpers/schema-db-pusher.ts	Major refactoring to support model inheritance and proper table creation ordering

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c10e48f and 8a99a4a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (18)

• package.json (1 hunks)
• packages/cli/package.json (1 hunks)
• packages/common-helpers/package.json (1 hunks)
• packages/create-zenstack/package.json (1 hunks)
• packages/dialects/sql.js/package.json (1 hunks)
• packages/eslint-config/package.json (1 hunks)
• packages/ide/vscode/package.json (1 hunks)
• packages/language/package.json (1 hunks)
• packages/runtime/package.json (3 hunks)
• packages/runtime/src/client/helpers/schema-db-pusher.ts (6 hunks)
• packages/sdk/package.json (1 hunks)
• packages/tanstack-query/package.json (1 hunks)
• packages/testtools/package.json (1 hunks)
• packages/typescript-config/package.json (1 hunks)
• packages/vitest-config/package.json (1 hunks)
• packages/zod/package.json (1 hunks)
• samples/blog/package.json (1 hunks)
• tests/e2e/package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

{packages,samples,tests}/**

📄 CodeRabbit Inference Engine (CLAUDE.md)

Packages are located in packages/, samples/, and tests/

Files:

• packages/testtools/package.json
• packages/zod/package.json
• packages/vitest-config/package.json
• packages/cli/package.json
• packages/eslint-config/package.json
• packages/tanstack-query/package.json
• packages/sdk/package.json
• samples/blog/package.json
• packages/language/package.json
• tests/e2e/package.json
• packages/dialects/sql.js/package.json
• packages/common-helpers/package.json
• packages/typescript-config/package.json
• packages/ide/vscode/package.json
• packages/create-zenstack/package.json
• packages/runtime/package.json
• packages/runtime/src/client/helpers/schema-db-pusher.ts

tests/e2e/**

📄 CodeRabbit Inference Engine (CLAUDE.md)

E2E tests are in tests/e2e/ directory

Files:

• tests/e2e/package.json

🧠 Learnings (1)

📚 Learning: 2025-08-04T08:43:33.161Z

Learnt from: CR
PR: zenstackhq/zenstack-v3#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-04T08:43:33.161Z
Learning: `zenstack generate` compiles ZModel to TypeScript schema (`schema.ts`)

Applied to files:

• packages/language/package.json

🧬 Code Graph Analysis (1)

packages/runtime/src/client/helpers/schema-db-pusher.ts (4)

packages/sdk/src/schema/schema.ts (2)

• ModelDef (20-36)
• FieldDef (59-74)

packages/runtime/src/client/query-utils.ts (1)

• requireModel (20-26)

packages/runtime/src/client/crud/operations/base.ts (1)

• requireModel (111-113)

packages/runtime/src/client/query-builder.ts (1)

• ToKysely (19-19)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: claude-review
• GitHub Check: build-test (20.x)

🔇 Additional comments (23)

tests/e2e/package.json (1)

3-3: Monorepo-wide version bump verified

All package.json files have been updated to 3.0.0-alpha.22 and no references to 3.0.0-alpha.21 remain. Ready to merge.

packages/common-helpers/package.json (1)

3-3: Monorepo version alignment confirmed.

Pure metadata bump; no API surface change. Safe to proceed.

packages/zod/package.json (1)

3-3: Version bump approved.

No functional or dependency changes besides metadata. Workspace dependency on runtime will resolve to the same release.

packages/language/package.json (1)

4-4: Version bump approved.

No code/config changes tied to the language package; safe metadata update.

packages/create-zenstack/package.json (1)

3-3: CLI package version bump approved.

No changes to bin/exports; publishing should be straightforward with this version.

packages/ide/vscode/package.json (1)

4-4: ✅ Monorepo versions are in sync at 3.0.0-alpha.22

All package.json files across the repository match the root version (3.0.0-alpha.22). No further changes needed before publishing.

packages/cli/package.json (1)

6-6: CLI package version updated correctly.

Metadata-only change; no API/behavioral impact.

packages/eslint-config/package.json (1)

3-3: ESLint config version bump is fine.

Private package; change is scoped to metadata only.

packages/vitest-config/package.json (1)

4-4: Vitest config version bump LGTM.

No functional changes; exports unchanged.

packages/testtools/package.json (1)

3-3: Testtools version bump approved.

No changes to dependencies/exports; safe metadata update.

package.json (2)

3-3: LGTM: root version bumped to 3.0.0-alpha.22

No functional or behavioral changes; the bump aligns with the PR intent.

---

3-3: All version bumps and runtime dependencies verified

• No leftover "3.0.0-alpha.21" references found across the monorepo.
• packages/runtime/package.json includes both "toposort": "^2.0.2" and "@types/toposort": "^2.0.7" as expected.

packages/tanstack-query/package.json (1)

3-3: LGTM: version bump only

Change is scoped to the version field; exports, deps, and scripts remain unchanged.

packages/dialects/sql.js/package.json (1)

3-3: LGTM: dialect package version bump

Only the version changed; no impact on exports or peer requirements.

samples/blog/package.json (1)

3-3: LGTM: sample app version bump

No behavioral changes; aligns with monorepo-wide version sync.

packages/typescript-config/package.json (1)

3-3: LGTM: config package version bump

No config changes; version aligns with the release train.

packages/sdk/package.json (1)

3-3: Version bump looks good.

The version update from 3.0.0-alpha.21 to 3.0.0-alpha.22 aligns with the repository-wide version synchronization across all packages.

packages/runtime/src/client/helpers/schema-db-pusher.ts (4)

3-3: Good addition of topological sorting for dependency management.

The addition of toposort is appropriate for handling model creation order based on foreign key and inheritance dependencies.

---

79-82: Correct logic for skipping inherited fields.

The condition correctly skips non-ID fields that are inherited from the base model, avoiding duplicate column creation.

---

91-101: Well-implemented base model delegation with proper cascade behavior.

The foreign key constraint for base model delegation is correctly configured with cascade on delete and update, ensuring referential integrity in inheritance relationships.

---

146-180: Simplified and consistent field creation logic.

The refactored createModelField method with the new signature (table, fieldDef, modelDef) is cleaner and more consistent, deriving the column name directly from fieldDef.name.

packages/runtime/package.json (2)

3-3: Version synchronized with other packages.

The version bump to 3.0.0-alpha.22 is consistent with the repository-wide update.

---

73-73: Appropriate addition of toposort dependency.

The addition of toposort as a runtime dependency and @types/toposort as a dev dependency properly supports the topological sorting functionality in the schema database pusher.

Also applies to: 95-95

[coderabbitai]

🛠️ Refactor suggestion

Consider handling circular dependencies in the model graph.

The topological sorting implementation correctly handles foreign key and base model dependencies. However, if there are circular dependencies in the model relationships, toposort will throw an error that isn't caught.

Consider adding error handling to provide a more helpful error message:

 private sortModels(models: Record<string, ModelDef>): ModelDef[] {
     const graph: [ModelDef, ModelDef | undefined][] = [];
 
     for (const model of Object.values(models)) {
         let added = false;
 
         if (model.baseModel) {
             // base model should be created before concrete model
             const baseDef = requireModel(this.schema, model.baseModel);
             // edge: concrete model -> base model
             graph.push([model, baseDef]);
             added = true;
         }
 
         for (const field of Object.values(model.fields)) {
             // relation order
             if (field.relation && field.relation.fields && field.relation.references) {
                 const targetModel = requireModel(this.schema, field.type);
                 // edge: fk side -> target model
                 graph.push([model, targetModel]);
                 added = true;
             }
         }
 
         if (!added) {
             // no relations, add self to graph to ensure it is included in the result
             graph.push([model, undefined]);
         }
     }
 
-    return toposort(graph)
-        .reverse()
-        .filter((m) => !!m);
+    try {
+        return toposort(graph)
+            .reverse()
+            .filter((m) => !!m);
+    } catch (error) {
+        if (error instanceof Error && error.message.includes('Cyclic dependency')) {
+            throw new Error(`Circular dependency detected in model relationships: ${error.message}`);
+        }
+        throw error;
+    }
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	private sortModels(models: Record<string, ModelDef>): ModelDef[] {
	const graph: [ModelDef, ModelDef | undefined][] = [];
	for (const model of Object.values(models)) {
	let added = false;
	if (model.baseModel) {
	// base model should be created before concrete model
	const baseDef = requireModel(this.schema, model.baseModel);
	// edge: concrete model -> base model
	graph.push([model, baseDef]);
	added = true;
	}
	for (const field of Object.values(model.fields)) {
	// relation order
	if (field.relation && field.relation.fields && field.relation.references) {
	const targetModel = requireModel(this.schema, field.type);
	// edge: fk side -> target model
	graph.push([model, targetModel]);
	added = true;
	}
	}
	if (!added) {
	// no relations, add self to graph to ensure it is included in the result
	graph.push([model, undefined]);
	}
	}
	return toposort(graph)
	.reverse()
	.filter((m) => !!m);
	}
	private sortModels(models: Record<string, ModelDef>): ModelDef[] {
	const graph: [ModelDef, ModelDef | undefined][] = [];
	for (const model of Object.values(models)) {
	let added = false;
	if (model.baseModel) {
	// base model should be created before concrete model
	const baseDef = requireModel(this.schema, model.baseModel);
	// edge: concrete model -> base model
	graph.push([model, baseDef]);
	added = true;
	}
	for (const field of Object.values(model.fields)) {
	// relation order
	if (field.relation && field.relation.fields && field.relation.references) {
	const targetModel = requireModel(this.schema, field.type);
	// edge: fk side -> target model
	graph.push([model, targetModel]);
	added = true;
	}
	}
	if (!added) {
	// no relations, add self to graph to ensure it is included in the result
	graph.push([model, undefined]);
	}
	}
	try {
	return toposort(graph)
	.reverse()
	.filter((m) => !!m);
	} catch (error) {
	if (error instanceof Error && error.message.includes('Cyclic dependency')) {
	throw new Error(`Circular dependency detected in model relationships: ${error.message}`);
	}
	throw error;
	}
	}

🤖 Prompt for AI Agents

In packages/runtime/src/client/helpers/schema-db-pusher.ts around lines 40 to
73, the call to toposort can throw on circular dependencies and is not handled;
wrap the toposort + reverse + filter sequence in a try/catch, catch the error,
build and throw a new Error with a clear message that a circular dependency was
detected (include contextual info such as the schema name or the list of model
names/edges from the graph for easier debugging), and rethrow or return a
controlled failure; ensure the function still returns the expected ModelDef[]
type when no error occurs.

[coderabbitai]

⚠️ Potential issue

Fix constraint naming: should use the concrete model name.

The foreign key constraint name uses modelDef.baseModel but it should use modelDef.name to maintain consistency with other constraint naming patterns and avoid potential naming conflicts.

             table = table.addForeignKeyConstraint(
-                `fk_${modelDef.baseModel}_delegate`,
+                `fk_${modelDef.name}_delegate`,
                 baseModelDef.idFields,
                 modelDef.baseModel,
                 baseModelDef.idFields,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	`fk_${modelDef.baseModel}_delegate`,
	table = table.addForeignKeyConstraint(
	- `fk_${modelDef.baseModel}_delegate`,
	+ `fk_${modelDef.name}_delegate`,
	baseModelDef.idFields,
	modelDef.baseModel,
	baseModelDef.idFields,
	);

🤖 Prompt for AI Agents

In packages/runtime/src/client/helpers/schema-db-pusher.ts around line 95, the
foreign-key constraint is currently named using modelDef.baseModel but should
use the concrete model name to match other constraint naming; replace use of
modelDef.baseModel with modelDef.name (e.g., build the constraint name as
fk_${modelDef.name}_delegate) so the constraint names are consistent and avoid
conflicts.