Skip to content

MLE-28335 added fragment option in fromSearch#1077

Open
RitaChen609 wants to merge 4 commits into
developfrom
MLE-28335-fromSearch-fragment-option
Open

MLE-28335 added fragment option in fromSearch#1077
RitaChen609 wants to merge 4 commits into
developfrom
MLE-28335-fromSearch-fragment-option

Conversation

@RitaChen609
Copy link
Copy Markdown

@RitaChen609 RitaChen609 commented May 13, 2026
edited
Loading

Summary

What changed and why:
Added support for the new fragment option in fromSearch(), introduced in MLS 12.1 (MLE-27802). This option controls which document fragment type is searched by the Optic API.

Valid values: 'document' (default), 'properties', 'locks', 'any'

On servers earlier than MLS 12.1, the option is silently ignored and all fragment types are searched.

Files/paths touched:

File Change
lib/plan-builder-base.js Added fragment key validation to PlanSearchOption case in castArg switch
lib/plan-builder-generated.js Updated @param option JSDoc for fromSearch() to document fragment key and MLS 12.1 version note
test-basic/plan-search.js Added describe('fragment option tests for fromSearch') with TC0–TC5, gated on serverVersion >= 12.1
etc/test-setup-users.js Added xdmp-lock-acquire and xdmp-lock-release execute privileges to rest-evaluator role
test-app/src/main/ml-config/security/roles/rest-evaluator.json Same lock privileges added to the Gradle-deployed role definition (this is what Jenkins uses)

Evidence

Test command:

npx mocha test-basic/plan-search.js --grep "fragment option"

Output:

  search
    fragment option tests for fromSearch
      ✔ TC0: fromSearch without fragment option should search document content by default (282ms)
      ✔ TC0b: should throw error for invalid fragment value
      ✔ TC1: fromSearch with fragment:locks should find documents by lock token (187ms)
      ✔ TC2: fromSearch with fragment:properties should find doc by its properties (179ms)
      ✔ TC3: fromSearch with fragment:any should return results across fragment types (152ms)
      ✔ TC4: fromSearch with fragment:document should find documents by content word (149ms)
      ✔ TC5: explain() on a locks fragment plan should return a valid plan structure (143ms)
      ✔ TC6: fromSearchDocs with fragment:locks should find documents by lock token (136ms)


  8 passing (5s)

Coverage: 8 new integration tests covering all 4 valid fragment values, the default (no-option) behavior, client-side validation of invalid values, and explain() round-trip on a locks plan.

Risk & Rollback

  • Risk: Low — purely additive change. No existing behavior is modified; the fragment key is a new optional parameter. The default: return false in the PlanSearchOption switch already handles unknown keys.
  • Rollback: git revert d325837

Review Focus

  • lib/plan-builder-base.js (~line 139): The new fragment case in the PlanSearchOption switch — confirm the allowed values match the MLS 12.1 server-side contract.
  • lib/plan-builder-generated.js (~line 9015): JSDoc wording for the fragment key and the note about pre-12.1 behavior.
  • test-basic/plan-search.js: The before()/after() hooks use two sequential xqueryEval calls (release locks, then delete docs) — this is intentional to avoid XDMP-CONFLICTINGUPDATES.
  • rest-evaluator.json: The xdmp-lock-acquire/xdmp-lock-release privileges are required for non-admin users running the test before()/after() hooks via xqueryEval.

Verification steps:

# Run only the new fragment tests
npx mocha test-basic/plan-search.js --grep "fragment option"

# Run the full plan-search suite to check for regressions
npx mocha test-basic/plan-search.js

@RitaChen609
MLE-28335 added fragment option in fromSearch
d325837 
- Add 'fragment' option support to fromSearch() for MLS 12.1+
- Valid values: 'document' (default), 'properties', 'locks', 'any'
- Client-side validation in PlanSearchOption (plan-builder-base.js)
- Updated JSDoc for fromSearch() in plan-builder-generated.js
- Added xdmp-lock-acquire/release privileges to rest-evaluator role
  in both test-setup-users.js and rest-evaluator.json (Gradle config)
- Added fragment option integration tests to test-basic/plan-search.js
  (TC0-TC5, gated on serverVersion >= 12.1)
Copilot AI review requested due to automatic review settings May 13, 2026 18:57
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for the new fragment option in fromSearch() (introduced in MLS 12.1), along with client-side validation, JSDoc updates, and integration tests. Also grants the rest-evaluator role the xdmp-lock-acquire/xdmp-lock-release execute privileges required by the new lock-based test setup.

Changes:

  • Validate the new 'fragment' key (allowed values: 'document', 'properties', 'locks', 'any') in the PlanSearchOption branch of castArg, and document it in the fromSearch() JSDoc.
  • Add an integration test suite (TC0–TC5) covering default behavior, invalid-value validation, all four fragment values, and explain() round-trip — gated on serverVersion >= 12.1.
  • Add xdmp-lock-acquire/xdmp-lock-release execute privileges to the rest-evaluator role in both the Gradle config and the JS-based test setup.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
lib/plan-builder-base.js Adds fragment case to PlanSearchOption validation switch.
lib/plan-builder-generated.js Updates fromSearch() JSDoc to document the new fragment key and pre-12.1 behavior.
test-basic/plan-search.js Adds new describe block with TC0–TC5 tests, gated on server version, with lock setup/teardown.
etc/test-setup-users.js Adds lock-acquire/release privileges to the JS-created rest-evaluator role.
test-app/src/main/ml-config/security/roles/rest-evaluator.json Same lock privileges added to the Gradle-deployed role definition.

@RitaChen609
MLE-28335 update fromSearchDocs with fragment option
1cd61d4
@RitaChen609
MLE-28335 resolve npm audit vulnerabilities (0 remaining)
cd15594 
Security fixes:
- sanitize-html: 2.17.0 → ^2.17.4 (critical XSS via xmp passthrough, GHSA-rpr9-rxv7-x643)
- brace-expansion override: 2.0.2 → 5.0.6 (DoS via zero-step sequence, GHSA-f886-m6hf-6m8v)
- serialize-javascript override: 7.0.4 → 7.0.5 (CPU exhaustion DoS, GHSA-qj8w-gfj5-8c6v)
- diff override: added 9.0.0 (DoS in parsePatch/applyPatch for mocha 11.4+, GHSA-73rr-hh4g-fpgx)
- fast-uri, flatted, lodash, picomatch, postcss updated via npm audit fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@anu3990 anu3990 Awaiting requested review from anu3990 anu3990 is a code owner

@BillFarber BillFarber Awaiting requested review from BillFarber BillFarber is a code owner

@rjrudin rjrudin Awaiting requested review from rjrudin rjrudin is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

@jonmille jonmille Awaiting requested review from jonmille

@rjdew-progress rjdew-progress Awaiting requested review from rjdew-progress

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RitaChen609