feat(server): add CRUD-aware interceptor system for Rust server (#116)

ds1sqe · ds1sqe · commit 4f4bd8d17951 · 2026-03-03T10:47:05.000+09:00
Enrich the server interceptor pipeline with CRUD context so
interceptors can distinguish entity insert from relation delete from
raw query — enabling rate limiting, tenant filtering, and CRUD-aware
audit logging at the HTTP layer.

- CrudInfo struct with operation/type_name/type_kind/attribute_names/iid
- CrudInterceptor convenience trait + CrudInterceptorAdapter bridge
- RequestContext and QueryInput carry crud_info through the pipeline
- All 8 CRUD handlers populate CrudInfo; non-CRUD uses Default
- PipelineBuilder::with_skip_validation() for tests needing schema without validation
- 100% MC/DC coverage on all changed files (regions/functions/lines)
  - crud_interceptor.rs branches at 87.5% (1 missed: generic monomorphization artifact)
- 295 tests total (25 new)
diff --git a/.gitignore b/.gitignore
@@ -36,4 +36,6 @@ site/
 
 # Reference repos
 typeql-ref/
-type-bridge-core/target/
+type-bridge-core/**/target/
+*.profraw
+*.profdata
diff --git a/type-bridge-core/crates/server/src/interceptor/crud_interceptor.rs b/type-bridge-core/crates/server/src/interceptor/crud_interceptor.rs
@@ -258,7 +258,7 @@ mod tests {
     }
 
     #[tokio::test]
-    async fn adapter_should_intercept_false_skips_crud() {
+    async fn adapter_should_intercept_false_skips_crud_request() {
         let count = Arc::new(AtomicUsize::new(0));
         let adapter = CrudInterceptorAdapter(DeleteOnlyInterceptor { count: count.clone() });
 
@@ -268,6 +268,38 @@ mod tests {
         assert_eq!(count.load(Ordering::SeqCst), 0);
     }
 
+    #[tokio::test]
+    async fn adapter_should_intercept_false_skips_crud_response() {
+        let adapter = CrudInterceptorAdapter(DeleteOnlyInterceptor {
+            count: Arc::new(AtomicUsize::new(0)),
+        });
+
+        // "insert" operation — should_intercept returns false for on_response too
+        let ctx = make_crud_ctx();
+        adapter.on_response(&serde_json::json!({}), &ctx).await.unwrap();
+    }
+
+    #[tokio::test]
+    async fn adapter_counting_non_crud_response_passthrough() {
+        let inner = CountingCrudInterceptor::new();
+        let resp_count = inner.response_count.clone();
+        let adapter = CrudInterceptorAdapter(inner);
+
+        let ctx = make_ctx(); // non-CRUD — is_crud() == false
+        adapter.on_response(&serde_json::json!({}), &ctx).await.unwrap();
+        assert_eq!(resp_count.load(Ordering::SeqCst), 0);
+    }
+
+    #[tokio::test]
+    async fn adapter_delete_only_non_crud_response_passthrough() {
+        let adapter = CrudInterceptorAdapter(DeleteOnlyInterceptor {
+            count: Arc::new(AtomicUsize::new(0)),
+        });
+
+        let ctx = make_ctx(); // non-CRUD — is_crud() == false
+        adapter.on_response(&serde_json::json!({}), &ctx).await.unwrap();
+    }
+
     #[tokio::test]
     async fn adapter_should_intercept_true_runs_crud() {
         let count = Arc::new(AtomicUsize::new(0));
@@ -279,6 +311,18 @@ mod tests {
         assert_eq!(count.load(Ordering::SeqCst), 1);
     }
 
+    #[tokio::test]
+    async fn adapter_should_intercept_true_runs_crud_response() {
+        let adapter = CrudInterceptorAdapter(DeleteOnlyInterceptor {
+            count: Arc::new(AtomicUsize::new(0)),
+        });
+
+        let mut ctx = make_crud_ctx();
+        ctx.crud_info.operation = Some("delete".to_string());
+        // DeleteOnlyInterceptor doesn't override on_crud_response → default no-op
+        adapter.on_response(&serde_json::json!({}), &ctx).await.unwrap();
+    }
+
     #[tokio::test]
     async fn adapter_name_delegates() {
         let adapter = CrudInterceptorAdapter(CountingCrudInterceptor::new());
@@ -290,9 +334,15 @@ mod tests {
         let adapter = CrudInterceptorAdapter(RejectingCrudInterceptor);
         assert_eq!(adapter.name(), "rejecting-crud");
 
+        // CRUD context → rejected
         let mut ctx = make_crud_ctx();
         let result = adapter.on_request(vec![], &mut ctx).await;
         assert!(result.is_err());
+
+        // Non-CRUD context → passthrough
+        let mut ctx = make_ctx();
+        let result = adapter.on_request(vec![], &mut ctx).await;
+        assert!(result.is_ok());
     }
 
     #[tokio::test]
@@ -312,8 +362,15 @@ mod tests {
         }
 
         let adapter = CrudInterceptorAdapter(MinimalCrud);
+
+        // CRUD context → default on_crud_response (no-op)
         let ctx = make_crud_ctx();
         let result = adapter.on_response(&serde_json::json!({}), &ctx).await;
         assert!(result.is_ok());
+
+        // Non-CRUD context → passthrough
+        let ctx = make_ctx();
+        let result = adapter.on_response(&serde_json::json!({}), &ctx).await;
+        assert!(result.is_ok());
     }
 }
diff --git a/type-bridge-core/crates/server/src/pipeline.rs b/type-bridge-core/crates/server/src/pipeline.rs
@@ -88,6 +88,7 @@ pub struct QueryPipeline {
     interceptor_chain: InterceptorChain,
     default_database: String,
     executor: Box<dyn QueryExecutor>,
+    skip_validation: bool,
 }
 
 impl QueryPipeline {
@@ -110,7 +111,9 @@ impl QueryPipeline {
         };
 
         // Validate against schema
-        if let Some(schema) = &self.schema {
+        if !self.skip_validation
+            && let Some(schema) = &self.schema
+        {
             let result = self.validation_engine.validate_query(&input.clauses, schema);
             if !result.is_valid {
                 return Err(PipelineError::Validation(format!(
@@ -238,6 +241,7 @@ pub struct PipelineBuilder {
     schema_source: Option<Box<dyn SchemaSource>>,
     interceptors: Vec<Box<dyn Interceptor>>,
     default_database: String,
+    skip_validation: bool,
 }
 
 impl PipelineBuilder {
@@ -248,6 +252,7 @@ impl PipelineBuilder {
             schema_source: None,
             interceptors: Vec::new(),
             default_database: String::new(),
+            skip_validation: false,
         }
     }
 
@@ -269,6 +274,15 @@ impl PipelineBuilder {
         self
     }
 
+    /// Skip schema validation during query execution.
+    ///
+    /// The schema is still loaded (and accessible via [`QueryPipeline::schema`]),
+    /// but queries are not validated against it before execution.
+    pub fn with_skip_validation(mut self) -> Self {
+        self.skip_validation = true;
+        self
+    }
+
     /// Build the pipeline, loading the schema if a source was provided.
     pub fn build(self) -> Result<QueryPipeline, PipelineError> {
         let schema = match self.schema_source {
@@ -282,6 +296,7 @@ impl PipelineBuilder {
             interceptor_chain: InterceptorChain::new(self.interceptors),
             default_database: self.default_database,
             executor: self.executor,
+            skip_validation: self.skip_validation,
         })
     }
 }
diff --git a/type-bridge-core/crates/server/src/test_helpers.rs b/type-bridge-core/crates/server/src/test_helpers.rs
@@ -121,3 +121,16 @@ pub fn make_pipeline(executor: MockExecutor, with_schema: bool) -> QueryPipeline
 
     builder.build().expect("Failed to build test pipeline")
 }
+
+/// Build a pipeline with schema loaded but validation disabled.
+///
+/// Useful for testing CRUD handlers that need schema access but produce
+/// clauses that the validation engine cannot verify (e.g. relation inserts).
+pub fn make_pipeline_no_validation(executor: MockExecutor) -> QueryPipeline {
+    PipelineBuilder::new(executor)
+        .with_default_database("test_db")
+        .with_schema_source(InMemorySchemaSource::new(SIMPLE_SCHEMA))
+        .with_skip_validation()
+        .build()
+        .expect("Failed to build test pipeline")
+}
diff --git a/type-bridge-core/crates/server/src/transport/http.rs b/type-bridge-core/crates/server/src/transport/http.rs
