feat: include raw zod errors in response

packages/plugins/openapi/src/rest-generator.ts

@@ -596,6 +596,15 @@ export class RESTfulOpenAPIGenerator extends OpenAPIGeneratorBase {
                         },
                         title: { type: 'string', description: 'Error title' },
                         detail: { type: 'string', description: 'Error detail' },
+                        reason: {
+                            type: 'string',
+                            description: 'Detailed error reason',
+                        },
+                        zodErrors: {
+                            type: 'object',
+                            additionalProperties: true,
+                            description: 'Zod validation errors if the error is due to data validation failure',
+                        },
                     },
                 },
             },

packages/plugins/openapi/src/rpc-generator.ts

@@ -661,6 +661,11 @@ export class RPCOpenAPIGenerator extends OpenAPIGeneratorBase {
                             type: 'string',
                             description: 'Detailed error reason',
                         },
+                        zodErrors: {
+                            type: 'object',
+                            additionalProperties: true,
+                            description: 'Zod validation errors if the error is due to data validation failure',
+                        },
                     },
                     additionalProperties: true,
                 },

packages/plugins/openapi/tests/baseline/rest-type-coverage.baseline.yaml

@@ -564,6 +564,14 @@ components:
                     detail:
                         type: string
                         description: Error detail
+                    reason:
+                        type: string
+                        description: Detailed error reason
+                    zodErrors:
+                        type: object
+                        additionalProperties: true
+                        description: Zod validation errors if the error is due to data validation
+                            failure
         _errorResponse:
             type: object
             required:

packages/plugins/openapi/tests/baseline/rest.baseline.yaml

@@ -1395,6 +1395,14 @@ components:
                     detail:
                         type: string
                         description: Error detail
+                    reason:
+                        type: string
+                        description: Detailed error reason
+                    zodErrors:
+                        type: object
+                        additionalProperties: true
+                        description: Zod validation errors if the error is due to data validation
+                            failure
         _errorResponse:
             type: object
             required:

packages/plugins/openapi/tests/baseline/rpc-type-coverage.baseline.yaml

@@ -1873,6 +1873,11 @@ components:
                         reason:
                             type: string
                             description: Detailed error reason
+                        zodErrors:
+                            type: object
+                            additionalProperties: true
+                            description: Zod validation errors if the error is due to data validation
+                                failure
                     additionalProperties: true
         BatchPayload:
             type: object

packages/plugins/openapi/tests/baseline/rpc.baseline.yaml

@@ -2278,6 +2278,11 @@ components:
                         reason:
                             type: string
                             description: Detailed error reason
+                        zodErrors:
+                            type: object
+                            additionalProperties: true
+                            description: Zod validation errors if the error is due to data validation
+                                failure
                     additionalProperties: true
         BatchPayload:
             type: object

packages/runtime/src/constants.ts

@@ -8,7 +8,12 @@ export const DEFAULT_PASSWORD_SALT_LENGTH = 12;
  */
 export enum CrudFailureReason {
     /**
-     * CRUD suceeded but the result was not readable.
+     * CRUD failed because of access policy violation.
+     */
+    ACCESS_POLICY_VIOLATION = 'ACCESS_POLICY_VIOLATION',
+
+    /**
+     * CRUD succeeded but the result was not readable.
      */
     RESULT_NOT_READABLE = 'RESULT_NOT_READABLE',
 

packages/runtime/src/enhancements/policy/handler.ts

@@ -221,7 +221,7 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
         // static input policy check for top-level create data
         const inputCheck = this.utils.checkInputGuard(this.model, args.data, 'create');
         if (inputCheck === false) {
-            throw this.utils.deniedByPolicy(this.model, 'create');
+            throw this.utils.deniedByPolicy(this.model, 'create', undefined, CrudFailureReason.ACCESS_POLICY_VIOLATION);
         }
 
         const hasNestedCreateOrConnect = await this.hasNestedCreateOrConnect(args);
@@ -451,7 +451,8 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
                     model,
                     'create',
                     `input failed validation: ${fromZodError(parseResult.error)}`,
-                    CrudFailureReason.DATA_VALIDATION_VIOLATION
+                    CrudFailureReason.DATA_VALIDATION_VIOLATION,
+                    parseResult.error
                 );
             }
         }
@@ -474,7 +475,12 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
         for (const item of enumerate(args.data)) {
             const inputCheck = this.utils.checkInputGuard(this.model, item, 'create');
             if (inputCheck === false) {
-                throw this.utils.deniedByPolicy(this.model, 'create');
+                throw this.utils.deniedByPolicy(
+                    this.model,
+                    'create',
+                    undefined,
+                    CrudFailureReason.ACCESS_POLICY_VIOLATION
+                );
             } else if (inputCheck === true) {
                 this.validateCreateInputSchema(this.model, item);
             } else if (inputCheck === undefined) {

packages/runtime/src/enhancements/policy/policy-utils.ts

@@ -3,6 +3,7 @@
 import deepcopy from 'deepcopy';
 import { lowerCaseFirst } from 'lower-case-first';
 import { upperCaseFirst } from 'upper-case-first';
+import { ZodError } from 'zod';
 import { fromZodError } from 'zod-validation-error';
 import {
     CrudFailureReason,
@@ -630,7 +631,12 @@ export class PolicyUtil {
     ) {
         let guard = this.getAuthGuard(db, model, operation, preValue);
         if (this.isFalse(guard)) {
-            throw this.deniedByPolicy(model, operation, `entity ${formatObject(uniqueFilter)} failed policy check`);
+            throw this.deniedByPolicy(
+                model,
+                operation,
+                `entity ${formatObject(uniqueFilter)} failed policy check`,
+                CrudFailureReason.ACCESS_POLICY_VIOLATION
+            );
         }
 
         if (operation === 'update' && args) {
@@ -643,7 +649,8 @@ export class PolicyUtil {
                     'update',
                     `entity ${formatObject(uniqueFilter)} failed update policy check for field "${
                         fieldUpdateGuard.rejectedByField
-                    }"`
+                    }"`,
+                    CrudFailureReason.ACCESS_POLICY_VIOLATION
                 );
             } else if (fieldUpdateGuard.guard) {
                 // merge
@@ -678,7 +685,12 @@ export class PolicyUtil {
         }
         const result = await db[model].findFirst(query);
         if (!result) {
-            throw this.deniedByPolicy(model, operation, `entity ${formatObject(uniqueFilter)} failed policy check`);
+            throw this.deniedByPolicy(
+                model,
+                operation,
+                `entity ${formatObject(uniqueFilter)} failed policy check`,
+                CrudFailureReason.ACCESS_POLICY_VIOLATION
+            );
         }
 
         if (schema) {
@@ -693,7 +705,8 @@ export class PolicyUtil {
                     model,
                     operation,
                     `entities ${JSON.stringify(uniqueFilter)} failed validation: [${error}]`,
-                    CrudFailureReason.DATA_VALIDATION_VIOLATION
+                    CrudFailureReason.DATA_VALIDATION_VIOLATION,
+                    parseResult.error
                 );
             }
         }
@@ -720,7 +733,7 @@ export class PolicyUtil {
     tryReject(db: Record<string, DbOperations>, model: string, operation: PolicyOperationKind) {
         const guard = this.getAuthGuard(db, model, operation);
         if (this.isFalse(guard)) {
-            throw this.deniedByPolicy(model, operation);
+            throw this.deniedByPolicy(model, operation, undefined, CrudFailureReason.ACCESS_POLICY_VIOLATION);
         }
     }
 
@@ -874,11 +887,26 @@ export class PolicyUtil {
 
     //#region Errors
 
-    deniedByPolicy(model: string, operation: PolicyOperationKind, extra?: string, reason?: CrudFailureReason) {
+    deniedByPolicy(
+        model: string,
+        operation: PolicyOperationKind,
+        extra?: string,
+        reason?: CrudFailureReason,
+        zodErrors?: ZodError
+    ) {
+        const args: any = { clientVersion: getVersion(), code: PrismaErrorCode.CONSTRAINED_FAILED, meta: {} };
+        if (reason) {
+            args.meta.reason = reason;
+        }
+
+        if (zodErrors) {
+            args.meta.zodErrors = zodErrors;
+        }
+
         return prismaClientKnownRequestError(
             this.db,
             `denied by policy: ${model} entities failed '${operation}' check${extra ? ', ' + extra : ''}`,
-            { clientVersion: getVersion(), code: PrismaErrorCode.CONSTRAINED_FAILED, meta: { reason } }
+            args
         );
     }
 
@@ -890,9 +918,7 @@ export class PolicyUtil {
     }
 
     validationError(message: string) {
-        return prismaClientValidationError(this.db, message, {
-            clientVersion: getVersion(),
-        });
+        return prismaClientValidationError(this.db, message);
     }
 
     unknownError(message: string) {

packages/runtime/src/enhancements/utils.ts

@@ -119,12 +119,12 @@ function loadPrismaModule(prisma: any) {
     }
 }
 
-export function prismaClientValidationError(prisma: DbClientContract, ...args: unknown[]) {
+export function prismaClientValidationError(prisma: DbClientContract, message: string) {
     if (!_PrismaClientValidationError) {
         const _prisma = loadPrismaModule(prisma);
         _PrismaClientValidationError = _prisma.PrismaClientValidationError;
     }
-    throw new _PrismaClientValidationError(...args);
+    throw new _PrismaClientValidationError(message, { clientVersion: prisma._clientVersion });
 }
 
 export function prismaClientKnownRequestError(prisma: DbClientContract, ...args: unknown[]) {

packages/server/package.json

@@ -18,7 +18,11 @@
         "linkDirectory": true
     },
     "keywords": [
-        "fastify", "express", "nextjs", "sveltekit", "nuxtjs"
+        "fastify",
+        "express",
+        "nextjs",
+        "sveltekit",
+        "nuxtjs"
     ],
     "author": "",
     "license": "MIT",
@@ -40,6 +44,7 @@
         "@types/body-parser": "^1.19.2",
         "@types/express": "^4.17.17",
         "@types/jest": "^29.5.0",
+        "@types/node": "^18.0.0",
         "@types/supertest": "^2.0.12",
         "@zenstackhq/testtools": "workspace:*",
         "body-parser": "^1.20.2",