merge dev to main

[ymc9]

Summary by CodeRabbit

• New Features

  • Added support for executing raw SQL queries through new client methods, enabling both safe (prepared) and unsafe (direct string) raw query execution.
  • Introduced a new configuration file for enhanced automation and review settings.

• Bug Fixes

  • Improved handling of raw query parameters to ensure correct execution in all scenarios.

• Tests

  • Added comprehensive tests for raw SQL query methods to ensure reliability across multiple database providers.

• Documentation

  • Added an npm package badge to the README for easier access to the latest CLI version.

• Chores

  • Updated package versions to 3.0.0-alpha.8 across all packages.
  • Enhanced build and workflow configurations for improved automation and version management.
  • Minor log message update for consistency.

[coderabbitai]

Walkthrough

This update introduces raw SQL query support to the client API, adds comprehensive tests for these features, and updates version numbers across multiple packages to 3.0.0-alpha.8. It also revises the version bumping workflow to use GitHub Actions, enhances configuration files, and updates documentation with a new npm badge.

Changes

Files/Paths	Change Summary
packages/runtime/src/client/client-impl.ts, contract.ts, executor/zenstack-query-executor.ts	Added raw SQL query and execution methods to the client API, updated contract interface, and modified query executor to handle raw parameters.
packages/runtime/test/client-api/raw-query.test.ts	Added a new test suite for verifying raw query methods on the client API.
packages/runtime/test/client-api/client-specs.ts	Generalized the providers parameter type in the test utility function.
package.json, .github/workflows/bump-version.yml	Updated version bumping workflow to use GitHub Actions; revised related scripts and commands.
README.md	Added an npm badge for the @zenstackhq/cli "next" version.
turbo.json	Specified explicit build task inputs for Turbo configuration.
.coderabbit.yaml	Introduced a new configuration file for CodeRabbit.
packages/*/package.json, samples/blog/package.json, tests/e2e/package.json	Bumped package versions from 3.0.0-alpha.7 to 3.0.0-alpha.8.
packages/testtools/src/schema.ts	Minor log message wording change.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ClientImpl
    participant QueryExecutor
    participant Kysely

    User->>ClientImpl: $executeRaw / $queryRaw (template or unsafe)
    ClientImpl->>QueryExecutor: executeQuery(compiledQuery, parameters)
    QueryExecutor->>Kysely: proceedQueryWithKyselyInterceptors(queryNode, parameters)
    Kysely-->>QueryExecutor: Query result / affected rows
    QueryExecutor-->>ClientImpl: Result
    ClientImpl-->>User: Promise<Result>

Loading

Possibly related PRs

• zenstackhq/zenstack-v3#69: Adds the same raw query execution methods to the client API and modifies the query executor, directly overlapping with this PR.
• zenstackhq/zenstack-v3#42: Introduces the original TypeScript bump-version script and npm script, which this PR updates to use GitHub Actions.
• zenstackhq/zenstack-v3#44: Adds the .github/workflows/bump-version.yml workflow, which is further modified in this PR for version bumping automation.

Poem

In the garden of code, a new trick we sow,
Raw queries now bloom where SQL winds blow.
With badges and bumps, the versions ascend,
Workflows are streamlined, on bots we depend.
The rabbit hops on, with a SQL delight—
Alpha dot eight, and the future is bright!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/runtime/src/client/contract.ts

Oops! Something went wrong! :(

ESLint: 9.29.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

packages/runtime/src/client/client-impl.ts

Oops! Something went wrong! :(

ESLint: 9.29.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

packages/runtime/src/client/executor/zenstack-query-executor.ts

Oops! Something went wrong! :(

ESLint: 9.29.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

• 3 others

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

Merge branch dev into main, bumping package versions to 3.0.0-alpha.8, introducing raw SQL query support, and updating version bump tooling.

• Bumped version numbers across all packages and samples from 3.0.0-alpha.7 to 3.0.0-alpha.8.
• Added $executeRaw, $executeRawUnsafe, $queryRaw, and $queryRawUnsafe methods in the client implementation and defined corresponding types in the contract, along with end-to-end tests.
• Adjusted the bump-version workflow to use npx tsx and added an npm badge to README.md; configured turbo.json inputs for incremental builds.

Reviewed Changes

Copilot reviewed 25 out of 25 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
turbo.json	Added inputs to the build task
package.json files across multiple packages	Bumped versions
packages/testtools/src/schema.ts	Tweaked log message
packages/runtime/src/client/contract.ts	Declared raw query methods in client contract
packages/runtime/src/client/client-impl.ts	Implemented raw query methods and query compiler
packages/runtime/src/client/executor/zenstack-query-executor.ts	Passed raw query parameters through interceptors
packages/runtime/test/client-api/raw-query.test.ts	New tests for raw query methods
packages/runtime/test/client-api/client-specs.ts	Changed createClientSpecs signature
package.json	Updated scripts for merge-main and bump-version
.github/workflows/bump-version.yml	Switched bump step to npx tsx scripts/bump-version.ts
README.md	Added npm version badge
.coderabbit.yaml	Added auto-review configuration

Comments suppressed due to low confidence (3)

packages/runtime/src/client/client-impl.ts:216

• The function createDeferredPromise is used here but not imported; add import { createDeferredPromise } from '@zenstackhq/common-helpers'; (or the correct module) to avoid a runtime error.

        return createDeferredPromise(async () => {

packages/runtime/test/client-api/client-specs.ts:6

• The providers parameter is typed as string[], which allows any string; consider using a union type like Array<'sqlite'|'postgresql'> to retain compile-time checks.

export function createClientSpecs(dbName: string, logQueries = false, providers: string[] = ['sqlite', 'postgresql']) {

packages/testtools/src/schema.ts:38

• [nitpick] The log message uses Work directory: which is less common than Working directory:; consider reverting for clarity and consistency.

    console.log(`Work directory: ${workDir}`);

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/testtools/src/schema.ts (1)

38-38: Minor wording regression – consider reverting to “Working directory”

“Working directory” is the commonplace phrasing in build / CLI output; “Work directory” reads a bit off-beat and may confuse grep-based tooling looking for the old token.
Unless there’s a deliberate reason, consider restoring the original copy.

README.md (1)

9-11: Fix missing alt text for accessibility compliance.

The npm badge image is missing alt text, which impacts accessibility for screen readers.

Apply this diff to add appropriate alt text:

-    <a href="https://www.npmjs.com/package/@zenstackhq/cli?activeTab=versions">
-        <img src="https://img.shields.io/npm/v/%40zenstackhq%2Fcli/next">
-    </a>
+    <a href="https://www.npmjs.com/package/@zenstackhq/cli?activeTab=versions">
+        <img src="https://img.shields.io/npm/v/%40zenstackhq%2Fcli/next" alt="npm version">
+    </a>

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f638291 and fd8e944.

📒 Files selected for processing (25)

• .coderabbit.yaml (1 hunks)
• .github/workflows/bump-version.yml (1 hunks)
• README.md (1 hunks)
• package.json (2 hunks)
• packages/cli/package.json (1 hunks)
• packages/common-helpers/package.json (1 hunks)
• packages/create-zenstack/package.json (1 hunks)
• packages/eslint-config/package.json (1 hunks)
• packages/ide/vscode/package.json (1 hunks)
• packages/language/package.json (1 hunks)
• packages/runtime/package.json (1 hunks)
• packages/runtime/src/client/client-impl.ts (2 hunks)
• packages/runtime/src/client/contract.ts (1 hunks)
• packages/runtime/src/client/executor/zenstack-query-executor.ts (3 hunks)
• packages/runtime/test/client-api/client-specs.ts (1 hunks)
• packages/runtime/test/client-api/raw-query.test.ts (1 hunks)
• packages/sdk/package.json (1 hunks)
• packages/tanstack-query/package.json (1 hunks)
• packages/testtools/package.json (1 hunks)
• packages/testtools/src/schema.ts (1 hunks)
• packages/typescript-config/package.json (1 hunks)
• packages/zod/package.json (1 hunks)
• samples/blog/package.json (1 hunks)
• tests/e2e/package.json (1 hunks)
• turbo.json (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

packages/runtime/test/client-api/raw-query.test.ts (2)

packages/runtime/test/client-api/client-specs.ts (1)

• createClientSpecs (6-42)

packages/runtime/src/client/contract.ts (1)

• ClientContract (35-133)

🪛 markdownlint-cli2 (0.17.2)

README.md

10-10: Images should have alternate text (alt text)

(MD045, no-alt-text)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-test (20.x)

🔇 Additional comments (33)

tests/e2e/package.json (1)

3-3: Version bump aligns with the monorepo release cadence – looks good.

packages/common-helpers/package.json (1)

3-3: Consistent version update; no issues detected.

packages/typescript-config/package.json (1)

3-3: Version increment is correct and consistent.

packages/sdk/package.json (1)

3-3: Version bump matches other workspace packages – looks good.

samples/blog/package.json (1)

3-3: Sample project version updated correctly.

packages/tanstack-query/package.json (1)

3-3: Version bump LGTM
3.0.0-alpha.8 is consistent with the monorepo update and nothing else changed.

packages/cli/package.json (1)

6-6: Version bump LGTM
CLI package follows the same 3.0.0-alpha.8 bump as the rest of the workspace.

packages/eslint-config/package.json (1)

3-3: Version bump LGTM
No other metadata touched; keeps workspace versions in sync.

packages/create-zenstack/package.json (1)

3-3: Version bump LGTM
Aligned with other package versions, no additional changes.

packages/zod/package.json (1)

3-3: Version bump LGTM
@zenstackhq/zod correctly updated to 3.0.0-alpha.8; dependencies remain untouched.

packages/testtools/package.json (1)

3-3: Confirm ancillary release artefacts reflect 3.0.0-alpha.8

Version bump looks good.
Please verify that:
• CHANGELOG / release notes include an entry for α.8
• Any publish / tag automation scripts pick up the new version.

packages/ide/vscode/package.json (1)

4-4: VS Code marketplace alignment check

Marketplace requires each prerelease version to be unique. Ensure the extension wasn’t already published with this exact semver; otherwise vsce publish will fail.

.coderabbit.yaml (1)

1-8: Config validates against v2 schema – LGTM

YAML matches the provided schema: language enum, early_access flag, nested reviews.auto_review.enabled, and chat.auto_reply are all valid. No action needed.

packages/language/package.json (1)

4-4: Package version bump acknowledged

No other changes detected; version consistency maintained across workspace packages.

packages/runtime/package.json (1)

3-3: LGTM! Version bump looks correct.

The alpha version increment follows semantic versioning conventions and aligns with the coordinated release across the monorepo.

turbo.json (1)

6-6: Good addition for build optimization.

Adding the inputs field helps Turbo understand what files should trigger a rebuild, improving build caching efficiency.

packages/runtime/test/client-api/client-specs.ts (1)

6-6: Good improvement to function flexibility.

Changing from a tuple literal type to a string array with default value makes the function more flexible while maintaining backward compatibility. This supports testing with different database provider combinations.

.github/workflows/bump-version.yml (1)

37-37: Good refactoring to direct script execution.

Changing from pnpm run bump-version to direct npx tsx scripts/bump-version.ts execution removes unnecessary indirection and makes the workflow more straightforward.

package.json (2)

3-3: LGTM: Version bump is consistent with alpha release cycle.

The version increment from 3.0.0-alpha.7 to 3.0.0-alpha.8 follows semantic versioning for alpha releases.

---

13-14: LGTM: Workflow automation improvements.

The addition of the merge-main script and the change to use GitHub Actions for version bumping improves automation and consistency across environments.

packages/runtime/src/client/executor/zenstack-query-executor.ts (3)

84-86: LGTM: Correct raw query parameter detection and handling.

The detection of raw queries using the $raw flag and parameter extraction is implemented correctly. The type assertion is necessary since $raw is a custom property added to CompiledQuery for raw query identification.

---

101-106: LGTM: Method signature updates properly thread parameters.

The addition of the parameters argument to both interceptor and execution methods ensures raw query parameters are preserved throughout the execution pipeline.

---

137-141: LGTM: Parameter merging preserves raw query parameters.

The conditional parameter merging ensures that raw query parameters override any compiled parameters, which is the correct behavior for raw queries.

packages/runtime/test/client-api/raw-query.test.ts (4)

8-8: LGTM: Excellent test parameterization for multi-provider support.

Using createClientSpecs to test across multiple database providers ensures the raw query functionality works consistently across different databases.

---

19-31: LGTM: Comprehensive test coverage for safe raw execution.

The test correctly verifies the $executeRaw method using tagged template literals, checks the affected row count, and validates the data was actually updated.

---

41-47: LGTM: Proper handling of provider-specific SQL syntax.

The conditional SQL generation based on provider type correctly handles parameter placeholder differences between PostgreSQL ($1, $2) and SQLite (?) syntax.

---

57-62: LGTM: Complete test coverage for raw query operations.

The tests for $queryRaw and $queryRawUnsafe provide comprehensive coverage, testing both safe tagged templates and unsafe string queries with proper type assertions.

packages/runtime/src/client/contract.ts (2)

43-61: LGTM: Well-designed API with clear security distinctions.

The interface properly distinguishes between safe (prepared) and unsafe (direct string) variants. The security warnings in the documentation for unsafe methods are essential and well-placed.

---

62-80: LGTM: Consistent API design with proper typing.

The query methods follow the same safe/unsafe pattern as the execute methods, with appropriate generic typing for flexible result handling. The documentation examples are clear and helpful.

packages/runtime/src/client/client-impl.ts (4)

4-4: LGTM: Appropriate imports for raw query functionality.

The addition of CompiledQuery and sql imports from Kysely provides the necessary building blocks for both safe and unsafe raw query implementations.

Also applies to: 10-10

---

215-220: LGTM: Safe raw execution using Kysely's tagged template.

The implementation correctly uses Kysely's sql tagged template literal which provides built-in protection against SQL injection. The numeric conversion of numAffectedRows ensures consistent return types.

---

222-228: LGTM: Unsafe raw execution with proper query compilation.

The unsafe method correctly uses the helper to create a compiled raw query. The implementation maintains consistency with the safe variant while allowing direct SQL execution.

---

245-248: LGTM: Correct raw query compilation with identification flag.

The helper method properly creates a CompiledQuery from raw SQL and adds the $raw flag that the executor uses to identify and handle raw queries correctly.