refactor: improve type safety with named interfaces per code review

Copilot · hotlong · Copilot · commit 4bad1928acb9 · 2026-02-10T00:40:25.000Z
Co-authored-by: hotlong &lt;50353452+hotlong@users.noreply.github.com&gt;
diff --git a/packages/foundation/plugin-security/src/storage-database.ts b/packages/foundation/plugin-security/src/storage-database.ts
@@ -22,6 +22,17 @@ import type { IPermissionStorage, SecurityPluginConfig } from './types';
 /** Default table name for storing permission metadata */
 const DEFAULT_TABLE = 'objectql_permissions';
 
+/**
+ * Interface for permission storage row structure
+ */
+interface PermissionRow {
+  _id?: string | number;
+  id?: string | number;
+  object_name: string;
+  config: string;
+  updated_at?: string;
+}
+
 /**
  * Resolver function that locates a Driver instance by datasource name.
  * Typically wired from the ObjectQL application layer.
@@ -118,9 +129,9 @@ export class DatabasePermissionStorage implements IPermissionStorage {
         filters: [['object_name', '=', objectName]],
         top: 1,
       });
-      const row = Array.isArray(rows) ? rows[0] : undefined;
+      const row = Array.isArray(rows) ? rows[0] as unknown as PermissionRow | undefined : undefined;
       if (!row) return undefined;
-      return JSON.parse((row as Record<string, unknown>).config as string) as PermissionConfig;
+      return JSON.parse(row.config) as PermissionConfig;
     } catch {
       return undefined;
     }
@@ -131,12 +142,11 @@ export class DatabasePermissionStorage implements IPermissionStorage {
     const result = new Map<string, PermissionConfig>();
     try {
       const rows = await driver.find(this.tableName, {});
-      const items = Array.isArray(rows) ? rows : [];
+      const items = Array.isArray(rows) ? rows as unknown as PermissionRow[] : [];
       for (const row of items) {
         try {
-          const rowData = row as Record<string, unknown>;
-          const config = JSON.parse(rowData.config as string) as PermissionConfig;
-          result.set(rowData.object_name as string, config);
+          const config = JSON.parse(row.config) as PermissionConfig;
+          result.set(row.object_name, config);
         } catch {
           // Skip rows with corrupt JSON
         }
@@ -153,11 +163,11 @@ export class DatabasePermissionStorage implements IPermissionStorage {
     try {
       const rows = await driver.find(this.tableName, {});
       // Create a shallow copy to avoid issues when deleting during iteration
-      const items = Array.isArray(rows) ? [...rows] : [];
+      const items = Array.isArray(rows) ? rows as unknown as PermissionRow[] : [];
       for (const row of items) {
-        const rowData = row as Record<string, unknown>;
-        if (rowData._id || rowData.id || rowData.object_name) {
-          await driver.delete(this.tableName, (rowData._id ?? rowData.id ?? rowData.object_name) as string | number, {});
+        const id = row._id ?? row.id ?? row.object_name;
+        if (id !== undefined) {
+          await driver.delete(this.tableName, id, {});
         }
       }
     } catch {
@@ -187,14 +197,15 @@ export class DatabasePermissionStorage implements IPermissionStorage {
         filters: [['object_name', '=', config.object]],
         top: 1,
       });
-      const row = Array.isArray(rows) ? rows[0] : undefined;
+      const row = Array.isArray(rows) ? rows[0] as unknown as PermissionRow | undefined : undefined;
       if (row) {
-        const rowData = row as Record<string, unknown>;
-        const id = rowData._id ?? rowData.id ?? rowData.object_name;
-        await driver.update(this.tableName, id as string | number, {
+        const id = row._id ?? row.id ?? row.object_name;
+        if (id !== undefined) {
+          await driver.update(this.tableName, id, {
           config: JSON.stringify(config),
           updated_at: new Date().toISOString(),
         }, {});
+        }
       }
     } else {
       await driver.create(this.tableName, {
@@ -215,11 +226,12 @@ export class DatabasePermissionStorage implements IPermissionStorage {
         filters: [['object_name', '=', objectName]],
         top: 1,
       });
-      const row = Array.isArray(rows) ? rows[0] : undefined;
+      const row = Array.isArray(rows) ? rows[0] as unknown as PermissionRow | undefined : undefined;
       if (row) {
-        const rowData = row as Record<string, unknown>;
-        const id = rowData._id ?? rowData.id ?? rowData.object_name;
-        await driver.delete(this.tableName, id as string | number, {});
+        const id = row._id ?? row.id ?? row.object_name;
+        if (id !== undefined) {
+          await driver.delete(this.tableName, id, {});
+        }
       }
     } catch {
       // Row may not exist
diff --git a/packages/foundation/plugin-validator/src/validator.ts b/packages/foundation/plugin-validator/src/validator.ts
@@ -27,6 +27,13 @@ import {
     ValidationOperator,
 } from '@objectql/types';
 
+/**
+ * Minimal API interface expected by validation context
+ */
+interface ValidationApi {
+    count(objectName: string, filters: Record<string, unknown>): Promise<number>;
+}
+
 /**
  * Configuration options for the Validator.
  */
@@ -480,7 +487,7 @@ export class Validator {
 
         try {
             // Query database to count existing records with same field values
-            const count = await (context.api as { count: (obj: string, filters: Record<string, unknown>) => Promise<number> }).count(objectName, filters);
+            const count = await (context.api as ValidationApi).count(objectName, filters);
 
             const valid = count === 0;
 
