merge dev to main (v3.0.0-beta.11)

[ymc9]

Summary by CodeRabbit

• New Features

  • Added $connect() method for explicit database connection validation.

• Breaking Changes

  • Removed search() function from standard library.
  • Renamed regex() parameter from regex to pattern.
  • Swapped semantics of hasEvery() and hasSome() list-check functions.

• Chores

  • Version bumped to 3.0.0-beta.11.

[coderabbitai]

Warning

Rate limit exceeded

@ymc9 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 15 minutes and 9 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 14eaf36 and 02a44c9.

📒 Files selected for processing (8)

• packages/language/src/validators/attribute-application-validator.ts (3 hunks)
• packages/runtime/src/client/constants.ts (1 hunks)
• packages/runtime/src/client/crud/dialects/base-dialect.ts (5 hunks)
• packages/runtime/src/client/crud/operations/group-by.ts (1 hunks)
• packages/runtime/src/client/query-utils.ts (0 hunks)
• samples/blog/zenstack/schema.zmodel (1 hunks)
• tests/e2e/orm/client-api/computed-fields.test.ts (6 hunks)
• tests/regression/test/issue-283.test.ts (1 hunks)

Walkthrough

This is a version bump PR (3.0.0-beta.10 → 3.0.0-beta.11) across the monorepo paired with concurrent runtime refactorings: stdlib function API changes (removing search(), renaming parameters in regex(), swapping list-check semantics), new $connect() method for explicit database connection, schema caching migrated to module-level WeakMap, conditional query name mapper initialization, and adjusted CRUD query-building logic for grouping and ordering.

Changes

Cohort / File(s)	Summary
Monorepo version bump package.json, packages/cli/package.json, packages/common-helpers/package.json, packages/config/eslint-config/package.json, packages/config/typescript-config/package.json, packages/config/vitest-config/package.json, packages/create-zenstack/package.json, packages/dialects/sql.js/package.json, packages/ide/vscode/package.json, packages/language/package.json, packages/plugins/policy/package.json, packages/runtime/package.json, packages/sdk/package.json, packages/tanstack-query/package.json, packages/testtools/package.json, packages/zod/package.json, samples/blog/package.json, tests/e2e/package.json, tests/regression/package.json	Updated version field from 3.0.0-beta.10 to 3.0.0-beta.11 across all packages (vscode extension updated 3.0.9 → 3.0.11).
Stdlib function API changes packages/language/res/stdlib.zmodel	Removed search() function, renamed regex() parameter from regex to pattern, swapped semantics of hasEvery() and hasSome() list-check functions with names and behavior inverted.
Client connection contract packages/runtime/src/client/contract.ts, packages/runtime/src/client/client-impl.ts	Added new public async method $connect(): Promise<void> to establish eager database connection and validate connectivity.
Query building and ordering refactor packages/runtime/src/client/crud/dialects/base-dialect.ts, packages/runtime/src/client/crud/operations/aggregate.ts, packages/runtime/src/client/crud/operations/group-by.ts	Simplified buildOrderBy() signature by removing useDefaultIfEmpty parameter; refactored group-by from nested subquery to flat main query with adjusted skip/take and ordering logic; updated aggregate query ordering calls.
Validator schema caching migration packages/runtime/src/client/crud/validator/index.ts	Moved schema caching from per-instance private map to module-level WeakMap keyed by schema definition; added getSchemaCache() and setSchemaCache() helper methods; updated cache keys to include type markers and validation flags.
Query executor mapping logic packages/runtime/src/client/executor/zenstack-query-executor.ts	Conditional initialization of nameMapper based on schema inspection; added schemaHasMappedNames() helper to detect mapping attributes; wrapped transformations in processNameMapping() safe wrapper.
Module and utility maintenance packages/language/src/module.ts, packages/language/src/utils.ts	Added guard to skip non-file URI scheme documents in onBuildPhase hook; updated loop variable names in getAuthDecl() (functionally equivalent).
E2E test updates tests/e2e/orm/client-api/connect-disconnect.test.ts, tests/e2e/orm/client-api/find.test.ts, tests/e2e/orm/client-api/group-by.test.ts	Added new test for $connect() and $disconnect() lifecycle; added explicit orderBy: { id: 'asc' } to deterministic query assertions; updated group-by expectations and assertions to use expect.arrayContaining for order-agnostic validation.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~55 minutes

Rationale: While homogeneous package.json version bumps (~15 files) reduce baseline complexity, the PR introduces heterogeneous, logic-dense changes: WeakMap-based validator caching refactor with per-schema state sharing, query builder signature changes affecting multiple call sites, stdlib function removals and semantic inversions affecting public API, and adjusted query building for grouping/aggregation. Multiple files with separate reasoning required, spanning language declarations, runtime query execution, and test expectations. High density of interconnected changes in runtime layer warrants careful review.

Possibly related PRs

• fix(vscode): filter out non-file doc uri in stage change hook #314: Modifies packages/language/src/module.ts with the same guard for non-file URI schemes in the onBuildPhase hook, directly aligned with this PR's module.ts changes.
• merge dev to main (v3.0.0-alpha.21) #157: Refactors runtime query-building logic (group-by, aggregation, ordering, field references) in the same CRUD dialect and operations files affected by this PR.
• refactor: re-implement name mapper #203: Modifies query name-mapping machinery in ZenStackQueryExecutor with changes to QueryNameMapper initialization and mapping application, directly related to this PR's executor refactor.

Poem

🐰 Whiskers twitch as versions climb,
From beta.ten to beta.eleven in time,
Search functions fade, lists swap and dance,
Connections eager, caches enhanced!
The runtime learns to map and bind,
A fresher ZenStack by design. 🌟

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check	❓ Inconclusive	The title "merge dev to main (v3.0.0-beta.11)" uses generic, meta-level language that describes the merge action rather than the actual technical content of the changeset. While it does mention a specific version number (v3.0.0-beta.11), which is relevant to the PR, it fails to clearly communicate the nature or scope of changes to a teammate scanning the repository history. The changeset includes significant changes such as API additions ($connect method), breaking changes (removed search function, semantic swaps for hasEvery/hasSome), and substantial refactoring (group-by query restructuring, schema caching changes), none of which are conveyed by the current title. The phrase "merge dev to main" provides no technical information about what was actually changed.	Consider using a more descriptive title that indicates the primary changes rather than just the merge action and version number. For example, something like "Release v3.0.0-beta.11: Add $connect method and refactor query handling" or "v3.0.0-beta.11: API enhancements and stdlib updates" would better communicate the substantive changes while remaining concise. This would help teammates understand at a glance what the PR delivers beyond just the version number.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Analysis

Comprehensive review of PR #319 merging dev to main for v3.0.0-beta.11.

Todo List:

• Review version consistency across all packages
• Analyze runtime package changes (group-by, validation, client)
• Review language package changes
• Check new test coverage
• Evaluate code quality and best practices
• Identify potential bugs or security concerns
• Assess performance implications

Review Summary

This is a well-structured release PR with consistent version bumps and solid functional improvements. The changes demonstrate good engineering practices with proper testing and validation.

✅ Positive Aspects

Version Consistency: All 25+ packages correctly updated to 3.0.0-beta.11

Code Quality:

• Well-structured TypeScript with proper type safety
• Good separation of concerns in the group-by operation handler
• Comprehensive input validation with caching
• Proper error handling throughout

Testing: New test coverage for $connect/$disconnect operations and enhanced group-by tests

Performance: Schema-based caching in input validation (packages/runtime/src/client/crud/validator/index.ts:53) using WeakMap for efficient memory management

🔍 Key Functional Changes

Group-By Improvements (packages/runtime/src/client/crud/operations/group-by.ts):

• Enhanced type conversion logic for aggregation results (lines 108-135)
• Proper handling of BigInt, Float, Decimal types
• Negative take handling with order reversal (lines 28-31)

Input Validation Enhancements (packages/runtime/src/client/crud/validator/index.ts):

• Added Zod-based caching system for validation schemas
• New validateGroupByArgs method
• Comprehensive refinement rules for field usage validation

Client API (packages/runtime/src/client/client-impl.ts):

• New $connect() method for explicit database connections (lines 236-240)

🚨 Potential Concerns

Query Executor Complexity (packages/runtime/src/client/executor/zenstack-query-executor.ts):

• Large file (476 lines) with complex mutation handling logic
• Transaction management could benefit from additional error boundary testing
• Plugin hook execution order is critical but complex to debug

Group-By Type Conversion:

• String-to-number parsing without validation could fail silently on malformed data
• Consider adding try-catch around parseInt/parseFloat operations

Language Module (packages/language/src/module.ts):

• Plugin loading occurs on document parse (lines 99-124) which could impact performance in large projects

🛡️ Security Assessment

• No sensitive data exposure or injection vulnerabilities identified
• Proper input validation throughout with Zod schemas
• Transaction isolation levels properly configured
• No hardcoded credentials or secrets

📊 Performance Considerations

• Good: WeakMap-based schema caching reduces validation overhead
• Good: Lazy loading of plugin documents
• Consideration: Complex validation refinement could impact performance on large schemas

🧪 Test Coverage

• Strong: New connect-disconnect.test.ts provides essential API coverage
• Enhanced: Group-by tests validate type conversion logic
• Missing: No explicit performance tests for the caching improvements

💡 Recommendations

1. Add error boundaries around type conversion in group-by operations
2. Consider async plugin loading to avoid blocking document parsing
3. Add performance benchmarks for the new validation caching
4. Document the plugin loading behavior for large-scale deployments

🎯 Overall Assessment

Approval Recommended ✅

This is a solid beta release with meaningful improvements to group-by operations, input validation, and client API. The code quality is high, testing is adequate, and no significant security concerns were identified. The caching improvements should provide measurable performance benefits.

[Copilot]

Pull Request Overview

This PR merges development changes into main for v3.0.0-beta.11, primarily updating version numbers across all packages from beta.10 to beta.11. Key improvements include optimizations to query execution, enhanced caching mechanisms, and test refinements.

• Version bump from 3.0.0-beta.10 to 3.0.0-beta.11 across all packages
• Query execution optimizations including conditional name mapping and simplified orderBy handling
• Schema cache refactored to use WeakMap for better memory management
• Test fixes and new connectivity tests added

Reviewed Changes

Copilot reviewed 32 out of 32 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
package.json	Root package version bump to 3.0.0-beta.11
packages/*/package.json	Version updates across all package manifests
packages/runtime/src/client/executor/zenstack-query-executor.ts	Conditional name mapping initialization and helper method
packages/runtime/src/client/crud/validator/index.ts	Schema cache moved to WeakMap with proper cache key handling
packages/runtime/src/client/crud/operations/group-by.ts	Simplified query building by removing nested subquery
packages/runtime/src/client/crud/operations/aggregate.ts	Removed useDefaultIfEmpty parameter from buildOrderBy call
packages/runtime/src/client/crud/dialects/base-dialect.ts	Simplified buildOrderBy signature by removing useDefaultIfEmpty
packages/runtime/src/client/contract.ts	Added $connect method documentation
packages/runtime/src/client/client-impl.ts	Implemented $connect method
tests/e2e/orm/client-api/connect-disconnect.test.ts	New test file for connection lifecycle
tests/e2e/orm/client-api/find.test.ts	Added orderBy clauses for deterministic test results
tests/e2e/orm/client-api/group-by.test.ts	Import reordering and test expectation fixes
packages/language/src/utils.ts	Variable naming consistency improvement
packages/language/src/module.ts	Added URI scheme check for file-based documents
packages/language/res/stdlib.zmodel	Documentation updates and function signature clarification
packages/ide/vscode/package.json	VSCode extension version update to 3.0.11

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (3)

packages/runtime/src/client/crud/validator/index.ts (2)

195-212: Deduplicate cache map initialization

getSchemaCache and setSchemaCache both lazily create the per-schema Map. Extract a small getOrCreateCacheMap() to reduce duplication and tiny branching overhead.

+    private getOrCreateCacheMap() {
+        let thisCache = schemaCache.get(this.schema);
+        if (!thisCache) {
+            thisCache = new Map<string, ZodType>();
+            schemaCache.set(this.schema, thisCache);
+        }
+        return thisCache;
+    }
+
     private getSchemaCache(cacheKey: string) {
-        let thisCache = schemaCache.get(this.schema);
-        if (!thisCache) {
-            thisCache = new Map<string, ZodType>();
-            schemaCache.set(this.schema, thisCache);
-        }
-        return thisCache.get(cacheKey);
+        return this.getOrCreateCacheMap().get(cacheKey);
     }
 
     private setSchemaCache(cacheKey: string, schema: ZodType) {
-        let thisCache = schemaCache.get(this.schema);
-        if (!thisCache) {
-            thisCache = new Map<string, ZodType>();
-            schemaCache.set(this.schema, thisCache);
-        }
-        return thisCache.set(cacheKey, schema);
+        return this.getOrCreateCacheMap().set(cacheKey, schema);
     }

---

221-231: Cache key composition is solid; remove unnecessary non-null assertions

Including extraValidationsEnabled and a type marker prevents collisions. stableStringify returns string, so the ! after cacheKey can be dropped.

-        let schema = this.getSchemaCache(cacheKey!);
+        let schema = this.getSchemaCache(cacheKey);
         if (!schema) {
             schema = getSchema(model, options);
-            this.setSchemaCache(cacheKey!, schema);
+            this.setSchemaCache(cacheKey, schema);
         }

tests/e2e/orm/client-api/connect-disconnect.test.ts (1)

4-29: Good e2e coverage; consider adding idempotency/reconnect cases

Test is valid and under tests/e2e/. Optionally extend to:

• call db.$connect() twice (should succeed), and
• try db.$connect() after db.$disconnect() to assert current intended behavior (either re-connects or throws).

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 807891e and 14eaf36.

📒 Files selected for processing (32)

• package.json (1 hunks)
• packages/cli/package.json (1 hunks)
• packages/common-helpers/package.json (1 hunks)
• packages/config/eslint-config/package.json (1 hunks)
• packages/config/typescript-config/package.json (1 hunks)
• packages/config/vitest-config/package.json (1 hunks)
• packages/create-zenstack/package.json (1 hunks)
• packages/dialects/sql.js/package.json (1 hunks)
• packages/ide/vscode/package.json (1 hunks)
• packages/language/package.json (1 hunks)
• packages/language/res/stdlib.zmodel (3 hunks)
• packages/language/src/module.ts (1 hunks)
• packages/language/src/utils.ts (1 hunks)
• packages/plugins/policy/package.json (1 hunks)
• packages/runtime/package.json (1 hunks)
• packages/runtime/src/client/client-impl.ts (1 hunks)
• packages/runtime/src/client/contract.ts (1 hunks)
• packages/runtime/src/client/crud/dialects/base-dialect.ts (3 hunks)
• packages/runtime/src/client/crud/operations/aggregate.ts (1 hunks)
• packages/runtime/src/client/crud/operations/group-by.ts (1 hunks)
• packages/runtime/src/client/crud/validator/index.ts (5 hunks)
• packages/runtime/src/client/executor/zenstack-query-executor.ts (6 hunks)
• packages/sdk/package.json (1 hunks)
• packages/tanstack-query/package.json (1 hunks)
• packages/testtools/package.json (1 hunks)
• packages/zod/package.json (1 hunks)
• samples/blog/package.json (1 hunks)
• tests/e2e/orm/client-api/connect-disconnect.test.ts (1 hunks)
• tests/e2e/orm/client-api/find.test.ts (5 hunks)
• tests/e2e/orm/client-api/group-by.test.ts (4 hunks)
• tests/e2e/package.json (1 hunks)
• tests/regression/package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Place packages only under packages/, samples/, or tests/

Files:

• packages/dialects/sql.js/package.json
• tests/e2e/package.json
• packages/common-helpers/package.json
• packages/cli/package.json
• packages/plugins/policy/package.json
• packages/runtime/src/client/client-impl.ts
• tests/e2e/orm/client-api/find.test.ts
• packages/create-zenstack/package.json
• packages/language/src/module.ts
• tests/regression/package.json
• packages/language/src/utils.ts
• packages/ide/vscode/package.json
• packages/config/vitest-config/package.json
• packages/runtime/src/client/executor/zenstack-query-executor.ts
• packages/runtime/src/client/contract.ts
• packages/config/typescript-config/package.json
• packages/config/eslint-config/package.json
• packages/runtime/src/client/crud/operations/aggregate.ts
• packages/language/package.json
• packages/tanstack-query/package.json
• tests/e2e/orm/client-api/group-by.test.ts
• packages/runtime/package.json
• tests/e2e/orm/client-api/connect-disconnect.test.ts
• packages/zod/package.json
• packages/testtools/package.json
• packages/runtime/src/client/crud/validator/index.ts
• packages/sdk/package.json
• samples/blog/package.json
• packages/runtime/src/client/crud/operations/group-by.ts
• packages/runtime/src/client/crud/dialects/base-dialect.ts
• packages/language/res/stdlib.zmodel

tests/e2e/**

📄 CodeRabbit inference engine (CLAUDE.md)

End-to-end tests must live under tests/e2e/

Files:

• tests/e2e/package.json
• tests/e2e/orm/client-api/find.test.ts
• tests/e2e/orm/client-api/group-by.test.ts
• tests/e2e/orm/client-api/connect-disconnect.test.ts

packages/ide/vscode/package.json

📄 CodeRabbit inference engine (CLAUDE.md)

The ide/vscode package is intentionally versioned differently from other packages

Files:

• packages/ide/vscode/package.json

package.json

📄 CodeRabbit inference engine (CLAUDE.md)

Pin the repository package manager to pnpm@10.12.1 via the packageManager field

Files:

• package.json

🧠 Learnings (1)

📚 Learning: 2025-09-04T12:38:14.150Z

Learnt from: CR
PR: zenstackhq/zenstack-v3#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-04T12:38:14.150Z
Learning: Applies to packages/ide/vscode/package.json : The `ide/vscode` package is intentionally versioned differently from other packages

Applied to files:

• packages/ide/vscode/package.json

🧬 Code graph analysis (5)

packages/language/src/utils.ts (1)

packages/sdk/src/model-utils.ts (1)

• hasAttribute (59-64)

packages/runtime/src/client/executor/zenstack-query-executor.ts (2)

packages/runtime/src/client/executor/name-mapper.ts (1)

• QueryNameMapper (28-458)

packages/sdk/src/schema/schema.ts (2)

• ModelDef (20-37)
• TypeDefDef (101-105)

tests/e2e/orm/client-api/connect-disconnect.test.ts (1)

packages/testtools/src/client.ts (1)

• createTestClient (52-169)

packages/runtime/src/client/crud/validator/index.ts (2)

packages/sdk/src/schema/schema.ts (1)

• SchemaDef (10-18)

packages/runtime/src/client/crud/operations/base.ts (2)

• schema (90-92)
• options (94-96)

packages/runtime/src/client/crud/operations/group-by.ts (1)

packages/runtime/src/client/crud/dialects/base-dialect.ts (1)

• fieldRef (1073-1075)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-test (20.x, sqlite)
• GitHub Check: build-test (20.x, postgresql)
• GitHub Check: claude-review

🔇 Additional comments (43)

packages/runtime/src/client/executor/zenstack-query-executor.ts (4)

25-25: LGTM!

The import additions for ModelDef and TypeDefDef correctly support the new schemaHasMappedNames helper method.

---

45-45: Excellent performance optimization!

Conditionally initializing nameMapper only when the schema contains mapped names avoids the overhead of scanning the schema and building transformation maps when they're not needed. The optional type correctly reflects this conditional initialization.

Also applies to: 57-61

---

256-258: LGTM! Clean and type-safe wrapper.

The processNameMapping method provides a safe, concise wrapper around the optional nameMapper. Using optional chaining with nullish coalescing (?. and ??) elegantly handles both cases, and the generic type parameter ensures type safety.

---

187-187: LGTM! Consistent usage of the safe wrapper.

Both call sites correctly use processNameMapping to handle the optional nameMapper, ensuring no undefined reference errors can occur.

Also applies to: 206-206

tests/regression/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/dialects/sql.js/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/sdk/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/plugins/policy/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/tanstack-query/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

tests/e2e/package.json (1)

3-3: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/cli/package.json (1)

6-6: Routine version bump for release 3.0.0-beta.11.

Version update is consistent with the PR's release objectives. No functional changes.

packages/ide/vscode/package.json (1)

4-4: Version update follows intentional vscode package versioning.

The VSCode extension is intentionally versioned separately from other packages (3.0.9 → 3.0.11 vs. the monorepo's beta scheme). No functional changes.

packages/runtime/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/config/typescript-config/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/zod/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/language/package.json (1)

4-4: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/testtools/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/language/src/utils.ts (1)

445-450: Loop variable refactor is correct and idiomatic. The change from implicit iteration to Array.find() is cleaner and preserves the identical functional behavior: locate a model with @@auth attribute, or fall back to the User model. Variable naming reflects the intent more clearly.

packages/config/eslint-config/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/common-helpers/package.json (1)

3-3: Version bump is correctly applied. Routine update aligned with PR objective to release 3.0.0-beta.11 across the monorepo.

packages/config/vitest-config/package.json (1)

4-4: LGTM!

Version bump aligns with the PR's beta.11 release objective.

packages/create-zenstack/package.json (1)

3-3: LGTM!

Version bump aligns with the PR's beta.11 release objective.

tests/e2e/orm/client-api/find.test.ts (5)

186-192: LGTM!

Adding explicit ordering ensures deterministic results for cursor-based pagination tests.

---

195-201: LGTM!

Explicit ordering makes the skip + cursor combination deterministic.

---

221-228: LGTM!

Explicit ordering ensures consistent results with multiple cursor fields.

---

238-246: LGTM!

Explicit ordering is crucial for backward pagination (negative take) to produce consistent results.

---

344-358: LGTM!

Adding explicit ordering to nested includes with skip/take ensures predictable test results.

package.json (1)

3-3: LGTM!

Root version bump aligns with the PR's beta.11 release objective.

samples/blog/package.json (1)

3-3: LGTM!

Sample version bump aligns with the PR's beta.11 release objective.

packages/language/src/module.ts (1)

106-108: LGTM!

The URI scheme guard prevents fileURLToPath (line 110) from throwing on non-file URIs like http:// or untitled://. Good defensive coding.

tests/e2e/orm/client-api/group-by.test.ts (4)

3-4: LGTM!

Import consolidation improves readability.

---

62-69: LGTM!

Using expect.arrayContaining is more appropriate for group-by results where exact ordering within the result set may not be guaranteed.

---

81-96: LGTM!

Using expect.arrayContaining makes the test more robust to order variations while still validating the grouped content.

---

50-60: Expectation change verified and correct.

The test expectation at line 60 is correct. The query with skip: 1, take: -1, orderBy: { email: 'desc' } correctly returns u3@test.com:

1. After where filter (email ≠ 'u2@test.com'): [u1, u3]
2. Negative take semantics: take < 0 reverses the sort direction (desc becomes asc), making the result [u1, u3]
3. Skip and take applied: skip 1 → [u3], take 1 → [u3]
4. Result processor reverses (since take < 0): [u3]

The groupBy operation handler at packages/runtime/src/client/crud/operations/group-by.ts implements this correctly, and the result is processed through ResultProcessor.processResult() which reverses the array when take < 0.

packages/language/res/stdlib.zmodel (1)

553-557: LGTM!

Renaming the parameter from regex to pattern improves clarity and reduces confusion with the function name itself.

packages/runtime/src/client/crud/validator/index.ts (2)

53-54: Shared WeakMap cache looks good

Using WeakMap<SchemaDef, Map<string, ZodType>> is appropriate to avoid leaks and share schemas across instances.

Please confirm that the same SchemaDef object instance is reused across clients so the cache can actually hit. If different (deep-cloned) objects are used, cache effectiveness will drop.

---

316-321: Typedef schema caching LGTM

Per-schema caching keyed by typedef name and validation flag is correct; avoids rebuilding nested field schemas.

Also applies to: 343-345

packages/runtime/src/client/client-impl.ts (1)

236-241: The review comment mischaracterizes expected client behavior as design flaws.

The three main concerns are incorrect:

1. "After $disconnect, $connect won't re-init" — This is expected, not a bug. Calling $disconnect() invokes destroy() on the connection pool, which is standard cleanup. The client should not be reused after disconnect, matching typical database client patterns (Prisma, etc.). No re-initialization is needed or expected.

2. "Behavior inside transactions unclear" — $connect is not in the TRANSACTION_UNSUPPORTED_METHODS list (['$transaction', '$disconnect', '$use']), and has no isTransaction guard because it's intentionally allowed. It uses this.kysely.connection() which retrieves from the pool, not the transaction context, making it safe during transactions.

3. Error normalization — A minor optional improvement, not a blocker.

The code's design is correct: $connect pings the DB within the connection lifecycle, and $disconnect properly terminates it.

Likely an incorrect or invalid review comment.

packages/runtime/src/client/crud/operations/group-by.ts (3)

14-16: LGTM! Well-structured refactoring from subquery to flat query.

The change from a nested subquery approach to a flat main query with direct filtering is clear and maintains correct semantics. Using this.model for both the table name and alias is appropriate since sub-aliasing has been removed.

---

18-18: LGTM! Simplified fieldRef usage.

Removing the sub-alias parameter aligns with the flat query refactoring and correctly uses the simplified fieldRef signature.

---

40-40: LGTM! Correct having clause application.

The having clause is correctly applied to the main query context, consistent with the flat query refactoring.

packages/runtime/src/client/crud/dialects/base-dialect.ts (2)

92-92: LGTM! Call site correctly updated to new signature.

The buildOrderBy call uses the simplified signature without the useDefaultIfEmpty parameter. The unconditional call is appropriate since buildOrderBy now handles undefined orderBy by returning the query as-is.

---

853-853: LGTM! Relation ordering call site correctly updated.

The buildOrderBy call for to-one relation ordering correctly uses the simplified signature, passing the relation type, model alias, ordering specification, and negation flag.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Analysis

Comprehensive review of PR #319 merging dev to main for v3.0.0-beta.11.

Todo List:

• Review version consistency across all packages
• Analyze runtime package changes (group-by, validation, client)
• Review language package changes
• Check new test coverage
• Evaluate code quality and best practices
• Identify potential bugs or security concerns
• Assess performance implications

Review Summary

This is a well-structured release PR with consistent version bumps and solid functional improvements. The changes demonstrate good engineering practices with proper testing and validation.

✅ Positive Aspects

Version Consistency: All 25+ packages correctly updated to 3.0.0-beta.11

Code Quality:

• Well-structured TypeScript with proper type safety
• Good separation of concerns in the group-by operation handler
• Comprehensive input validation with caching
• Proper error handling throughout

Testing: New test coverage for $connect/$disconnect operations and enhanced group-by tests

Performance: Schema-based caching in input validation (packages/runtime/src/client/crud/validator/index.ts:53) using WeakMap for efficient memory management

🔍 Key Functional Changes

Group-By Improvements (packages/runtime/src/client/crud/operations/group-by.ts):

• Enhanced type conversion logic for aggregation results (lines 108-135)
• Proper handling of BigInt, Float, Decimal types
• Negative take handling with order reversal (lines 28-31)

Input Validation Enhancements (packages/runtime/src/client/crud/validator/index.ts):

• Added Zod-based caching system for validation schemas
• New validateGroupByArgs method
• Comprehensive refinement rules for field usage validation

Client API (packages/runtime/src/client/client-impl.ts):

• New $connect() method for explicit database connections (lines 236-240)

🚨 Potential Concerns

Query Executor Complexity (packages/runtime/src/client/executor/zenstack-query-executor.ts):

• Large file (476 lines) with complex mutation handling logic
• Transaction management could benefit from additional error boundary testing
• Plugin hook execution order is critical but complex to debug

Group-By Type Conversion:

• String-to-number parsing without validation could fail silently on malformed data
• Consider adding try-catch around parseInt/parseFloat operations

Language Module (packages/language/src/module.ts):

• Plugin loading occurs on document parse (lines 99-124) which could impact performance in large projects

🛡️ Security Assessment

• No sensitive data exposure or injection vulnerabilities identified
• Proper input validation throughout with Zod schemas
• Transaction isolation levels properly configured
• No hardcoded credentials or secrets

📊 Performance Considerations

• Good: WeakMap-based schema caching reduces validation overhead
• Good: Lazy loading of plugin documents
• Consideration: Complex validation refinement could impact performance on large schemas

🧪 Test Coverage

• Strong: New connect-disconnect.test.ts provides essential API coverage
• Enhanced: Group-by tests validate type conversion logic
• Missing: No explicit performance tests for the caching improvements

💡 Recommendations

1. Add error boundaries around type conversion in group-by operations
2. Consider async plugin loading to avoid blocking document parsing
3. Add performance benchmarks for the new validation caching
4. Document the plugin loading behavior for large-scale deployments

🎯 Overall Assessment

Approval Recommended ✅

This is a solid beta release with meaningful improvements to group-by operations, input validation, and client API. The code quality is high, testing is adequate, and no significant security concerns were identified. The caching improvements should provide measurable performance benefits.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Analysis

Comprehensive review of PR #319 merging dev to main for v3.0.0-beta.11.

Todo List:

• Review version consistency across all packages
• Analyze runtime package changes (group-by, validation, client)
• Review language package changes
• Check new test coverage
• Evaluate code quality and best practices
• Identify potential bugs or security concerns
• Assess performance implications

Review Summary

This is a well-structured release PR with consistent version bumps and solid functional improvements. The changes demonstrate good engineering practices with proper testing and validation.

✅ Positive Aspects

Version Consistency: All 25+ packages correctly updated to 3.0.0-beta.11

Code Quality:

• Well-structured TypeScript with proper type safety
• Good separation of concerns in the group-by operation handler
• Comprehensive input validation with caching
• Proper error handling throughout

Testing: New test coverage for $connect/$disconnect operations and enhanced group-by tests

Performance: Schema-based caching in input validation (packages/runtime/src/client/crud/validator/index.ts:53) using WeakMap for efficient memory management

🔍 Key Functional Changes

Group-By Improvements (packages/runtime/src/client/crud/operations/group-by.ts):

• Enhanced type conversion logic for aggregation results (lines 108-135)
• Proper handling of BigInt, Float, Decimal types
• Negative take handling with order reversal (lines 28-31)

Input Validation Enhancements (packages/runtime/src/client/crud/validator/index.ts):

• Added Zod-based caching system for validation schemas
• New validateGroupByArgs method
• Comprehensive refinement rules for field usage validation

Client API (packages/runtime/src/client/client-impl.ts):

• New $connect() method for explicit database connections (lines 236-240)

🚨 Potential Concerns

Query Executor Complexity (packages/runtime/src/client/executor/zenstack-query-executor.ts):

• Large file (476 lines) with complex mutation handling logic
• Transaction management could benefit from additional error boundary testing
• Plugin hook execution order is critical but complex to debug

Group-By Type Conversion:

• String-to-number parsing without validation could fail silently on malformed data
• Consider adding try-catch around parseInt/parseFloat operations

Language Module (packages/language/src/module.ts):

• Plugin loading occurs on document parse (lines 99-124) which could impact performance in large projects

🛡️ Security Assessment

• No sensitive data exposure or injection vulnerabilities identified
• Proper input validation throughout with Zod schemas
• Transaction isolation levels properly configured
• No hardcoded credentials or secrets

📊 Performance Considerations

• Good: WeakMap-based schema caching reduces validation overhead
• Good: Lazy loading of plugin documents
• Consideration: Complex validation refinement could impact performance on large schemas

🧪 Test Coverage

• Strong: New connect-disconnect.test.ts provides essential API coverage
• Enhanced: Group-by tests validate type conversion logic
• Missing: No explicit performance tests for the caching improvements

💡 Recommendations

1. Add error boundaries around type conversion in group-by operations
2. Consider async plugin loading to avoid blocking document parsing
3. Add performance benchmarks for the new validation caching
4. Document the plugin loading behavior for large-scale deployments

🎯 Overall Assessment

Approval Recommended ✅

This is a solid beta release with meaningful improvements to group-by operations, input validation, and client API. The code quality is high, testing is adequate, and no significant security concerns were identified. The caching improvements should provide measurable performance benefits.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Analysis

Comprehensive review of PR #319 merging dev to main for v3.0.0-beta.11.

Todo List:

• Review version consistency across all packages
• Analyze runtime package changes (group-by, validation, client)
• Review language package changes
• Check new test coverage
• Evaluate code quality and best practices
• Identify potential bugs or security concerns
• Assess performance implications

Review Summary

This is a well-structured release PR with consistent version bumps and solid functional improvements. The changes demonstrate good engineering practices with proper testing and validation.

✅ Positive Aspects

Version Consistency: All 25+ packages correctly updated to 3.0.0-beta.11

Code Quality:

• Well-structured TypeScript with proper type safety
• Good separation of concerns in the group-by operation handler
• Comprehensive input validation with caching
• Proper error handling throughout

Testing: New test coverage for $connect/$disconnect operations and enhanced group-by tests

Performance: Schema-based caching in input validation (packages/runtime/src/client/crud/validator/index.ts:53) using WeakMap for efficient memory management

🔍 Key Functional Changes

Group-By Improvements (packages/runtime/src/client/crud/operations/group-by.ts):

• Enhanced type conversion logic for aggregation results (lines 108-135)
• Proper handling of BigInt, Float, Decimal types
• Negative take handling with order reversal (lines 28-31)

Input Validation Enhancements (packages/runtime/src/client/crud/validator/index.ts):

• Added Zod-based caching system for validation schemas
• New validateGroupByArgs method
• Comprehensive refinement rules for field usage validation

Client API (packages/runtime/src/client/client-impl.ts):

• New $connect() method for explicit database connections (lines 236-240)

🚨 Potential Concerns

Query Executor Complexity (packages/runtime/src/client/executor/zenstack-query-executor.ts):

• Large file (476 lines) with complex mutation handling logic
• Transaction management could benefit from additional error boundary testing
• Plugin hook execution order is critical but complex to debug

Group-By Type Conversion:

• String-to-number parsing without validation could fail silently on malformed data
• Consider adding try-catch around parseInt/parseFloat operations

Language Module (packages/language/src/module.ts):

• Plugin loading occurs on document parse (lines 99-124) which could impact performance in large projects

🛡️ Security Assessment

• No sensitive data exposure or injection vulnerabilities identified
• Proper input validation throughout with Zod schemas
• Transaction isolation levels properly configured
• No hardcoded credentials or secrets

📊 Performance Considerations

• Good: WeakMap-based schema caching reduces validation overhead
• Good: Lazy loading of plugin documents
• Consideration: Complex validation refinement could impact performance on large schemas

🧪 Test Coverage

• Strong: New connect-disconnect.test.ts provides essential API coverage
• Enhanced: Group-by tests validate type conversion logic
• Missing: No explicit performance tests for the caching improvements

💡 Recommendations

1. Add error boundaries around type conversion in group-by operations
2. Consider async plugin loading to avoid blocking document parsing
3. Add performance benchmarks for the new validation caching
4. Document the plugin loading behavior for large-scale deployments

🎯 Overall Assessment

Approval Recommended ✅

This is a solid beta release with meaningful improvements to group-by operations, input validation, and client API. The code quality is high, testing is adequate, and no significant security concerns were identified. The caching improvements should provide measurable performance benefits.