fix: detect policy plugin by stable id

[Albatrosso]

Summary

Fixes #2662

This updates ZenStack ORM policy plugin detection so it no longer relies on constructor.name, which can be changed or removed by production bundling/minification.

Policy mode is now detected through the stable runtime plugin id (policy). This keeps ORM mutation behavior consistent when PolicyPlugin is active, including policy-safe delete behavior that avoids DELETE ... RETURNING * followed by failed post-delete read-back.

This problem can break deletes in Next.js/Turbopack production bundles with:

result is not allowed to be read back

Validation

pnpm --filter @zenstackhq/orm build
TEST_DB_PROVIDER=sqlite pnpm --dir tests/regression exec vitest run test/policy-plugin-detection.test.ts

PostgreSQL validation was attempted but blocked by local default credential auth:
password authentication failed for user "postgres"

Summary by CodeRabbit

• Bug Fixes

  • Improved policy enforcement detection to work reliably across different code optimization levels.

• Tests

  • Added regression test suite for policy enforcement functionality.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b962a27e-e12e-4a32-bb86-99798665ebbe

📥 Commits

Reviewing files that changed from the base of the PR and between ce50d3b and 47687bd.

📒 Files selected for processing (2)

• packages/orm/src/client/crud/operations/base.ts
• tests/regression/test/policy-plugin-detection.test.ts

---

📝 Walkthrough

Walkthrough

This PR fixes PolicyPlugin detection to use the stable id property instead of the unreliable constructor.name. Under bundling/minification (Next.js/Turbopack), class names are not preserved, causing policy enforcement to silently fail. The fix adds regression test coverage to prevent future breakage.

Changes

PolicyPlugin Detection Stability Fix

Layer / File(s)	Summary
Core Detection Method packages/orm/src/client/crud/operations/base.ts	BaseOperationHandler.hasPolicyEnabled now checks plugin.id === 'policy' instead of plugin.constructor.name === 'PolicyPlugin'.
Regression Test tests/regression/test/policy-plugin-detection.test.ts	New test suite verifies minified PolicyPlugin subclass retains its stable id and correctly enforces authorization on delete operations.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A plugin's name may fade to mist,
When bundlers twist and minify,
But id stays true—no need to resist—
Policy enforcement won't pass by!
~CodeRabbit

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: detect policy plugin by stable id' accurately and concisely summarizes the main change: replacing constructor.name detection with stable plugin id detection.
Linked Issues check	✅ Passed	The pull request successfully addresses issue #2662 by replacing plugin.constructor.name detection with stable plugin.id === 'policy' check, preventing bundling-related failures. The regression test validates the fix works with minified class names.
Out of Scope Changes check	✅ Passed	All changes are scoped to policy plugin detection: updating the detection mechanism in base.ts and adding a regression test. No unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}