fix(core): apply field defaultValue before create validation (#615) by borisno2 · Pull Request #620 · OpenSaasAU/stack

borisno2 · 2026-06-28T04:30:25Z

Implements #615.

Problem

A field's defaultValue was only realised as a Prisma @default(...) applied by the DB at write time — after the write pipeline's validation phase. Because validation never consulted defaultValue, a create that omitted a required-with-default field (e.g. select({ validation: { isRequired: true }, defaultValue: 'STANDARD' })) failed isRequired validation instead of resolving to its default. This diverges from Keystone 6's resolve-then-validate ordering and affected every field type that supports defaultValue, not just select.

Fix (resolve-then-validate, Keystone parity)

A single shared helper applyCreateDefaults() (packages/core/src/context/apply-defaults.ts) fills omitted fields with their declared defaultValue during the resolve phase — after resolveInput hooks, before validation:

Top-level create: wired into the Hook Pipeline (hook-pipeline.ts) between field resolveInput and list validate.
Nested-relation create: wired into the nested create path (nested-operations.ts) at the same point.

Guard rails

Create only — update never injects defaults for omitted fields (helper invoked only when operation === 'create').
Explicit values preserved — only keys whose value is undefined (omitted) are filled; an explicitly-provided value, including explicit null, is left untouched.
Skips virtual, system (id/createdAt/updatedAt) and relationship fields.
Timestamp { kind: 'now' } sentinel is not injected (it is a DB-level @default(now()) request, not a literal); a concrete Date default is injected.
Prisma @default(...) generation is unchanged.

Tests

New tests/default-value-create.test.ts: Hook-Pipeline unit coverage (omitted select/text/integer/checkbox resolve to defaults; explicit value and explicit null preserved; update does not inject; required-without-default still throws) plus full context.db create through a tx-aware mock for top-level and nested-relation creates.
Updated two tests/sudo.test.ts assertions to reflect the now-correct injection of a field's defaultValue: 0 into the create payload.
Changeset added (patch, @opensaas/stack-core).

All 714 core tests pass; build + lint clean.

🤖 Generated with Claude Code

https://claude.ai/code/session_01SigyUcdxbBsdeLVWiFbYtS

Generated by Claude Code

@default

A field's defaultValue was only realised as a Prisma @default(...) at DB write time — after the write pipeline's validation phase. That ordering made a required-with-default field (e.g. select({ validation: { isRequired: true }, defaultValue: 'STANDARD' })) fail isRequired validation when the field was omitted on create, diverging from Keystone 6's resolve-then- validate ordering. Introduce a single shared applyCreateDefaults() helper that fills omitted fields with their declared defaultValue during the resolve phase (after resolveInput hooks, before validation), wired into both the top-level Hook Pipeline and the nested-relation create path. Create-only; explicit values (including explicit null) are preserved; the timestamp { kind: 'now' } sentinel is left to the DB-level @default(now()). Prisma @default(...) generation is unchanged. Implements #615 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SigyUcdxbBsdeLVWiFbYtS

changeset-bot · 2026-06-28T04:30:29Z

🦋 Changeset detected

Latest commit: 37bf2e5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@opensaas/stack-core	Patch
@opensaas/stack-auth	Patch
@opensaas/stack-cli	Patch
@opensaas/stack-rag	Patch
@opensaas/stack-storage	Patch
@opensaas/stack-tiptap	Patch
@opensaas/stack-ui	Patch
@opensaas/stack-storage-s3	Patch
@opensaas/stack-storage-vercel	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel · 2026-06-28T04:30:30Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-docs	Ready	Preview, Comment	Jun 28, 2026 4:42am

borisno2

Review — `/review` (verdict: APPROVE)

I reviewed this strictly from the PR diff and the code it touches (no prior context). The fix is well-scoped, correctly placed in the resolve-then-validate span, and the guard rails hold up under scrutiny. Verdict: APPROVE. (Posting as a Comment review rather than a formal Approve since the change originates from the integration identity; the verdict is an explicit approve.)

What it does

Adds a single shared helper applyCreateDefaults() that fills omitted (undefined) fields with their declared defaultValue during the resolve phase — after resolveInput, before validation — wired into both the top-level Hook Pipeline (Phase 1.75) and the nested-relation create path (processNestedCreate step 3.5). This fixes #615 (a required-with-default field failing isRequired on an omitted create input), matching Keystone's ordering.

Risk-area verification (all pass)

Placement / create-only. Injection runs after field resolveInput and before list/field validate and validateFieldRules, in both paths. Top-level is gated by if (operation === 'create'); the nested helper lives inside processNestedCreate, which only ever runs with 'create'. Update never injects. Confirmed validateFieldRules validates resolvedData, so injected defaults satisfy isRequired. ✓
Explicit-value preservation incl. null. if (resolvedData[fieldKey] !== undefined) continue skips any present key, so an explicit null is preserved and not overwritten. Falsy literals (false, 0, '') are correctly injected since the guard tests undefined, not falsiness. ✓
Nested create covered. Wired and tested (profile: { create: {} } resolves the nested kind default). ✓
Timestamp { kind: 'now' } sentinel. isNowSentinel matches { kind: 'now' } exactly the shape timestamp() emits and skips it (left to Prisma @default(now())); a concrete Date default is still injected, which is a valid Prisma create value. ✓
Field skips. Virtual fields are reliably skipped — virtual() sets virtual: true (required on VirtualField), so if (fieldConfig.virtual) matches. System (id/createdAt/updatedAt) and relationship fields are skipped. ✓
Prisma @default(...) generation unchanged. No generator files are touched by this PR. ✓
House rules. No any and no type casting introduced in the new helper; defaultValue is read via 'defaultValue' in fieldConfig against the typed config and the lone unknown narrowing (isNowSentinel) is internal. Changeset present (patch, @opensaas/stack-core). ✓
All field-type defaults safe. Audited every field type: text/select/calendarDay = string, decimal = string (Prisma coerces), integer = number, checkbox = boolean, json = literal, timestamp = the only object sentinel and it's guarded. No raw-object corruption path exists. ✓

Test coverage

Exercises both the Hook-Pipeline unit surface and full context.db creates: omitted select/text/integer/checkbox resolve to defaults; explicit value and explicit null are preserved; update does not inject; required-without-default still throws; and both top-level and nested-relation creates store the default through the full pipeline. The two sudo.test.ts assertion updates correctly reflect the now-injected views: 0. Good coverage of every flagged case.

Minor observation (non-blocking, no change required)

Injecting a default into resolvedData means a field that was omitted but has a default now appears in resolvedData, so its create-side field-level beforeOperation/afterOperation hooks (gated by fieldKey in resolvedData) will now fire where previously they would not. This is the correct Keystone-aligned behavior (the field genuinely has a resolved value now), but it is a subtle behavioral change for anyone relying on those hooks only firing for explicitly-provided fields. Worth a mention in the changeset/notes, not a code change.

No correctness, regression, or convention issues found.

Generated by Claude Code

…k-firing in changeset Adds a dedicated unit test for the real `applyCreateDefaults` exercising the previously-uncovered guard rails (virtual/system/relationship skips, no-default skip, explicit-value and explicit-null preservation, the timestamp { kind: 'now' } sentinel skip, and concrete Date injection). This lifts statement coverage for src/context/apply-defaults.ts from 82.35% to 100%, clearing the 85% per-directory threshold for src/context/** that failed CI. No runtime behavior changed. Also appends a note to the changeset documenting that defaulted fields now have their create-side field-level beforeOperation/afterOperation hooks fire (since the default is filled into resolvedData before validation). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SigyUcdxbBsdeLVWiFbYtS

github-actions · 2026-06-28T04:47:04Z