fix(policy): support in operator against enum list with native enums

[ymc9]

Problem

When an in policy expression compares a native enum column against a list of enum literals, e.g.:

enum State { IN_PROGRESS DONE REVIEWED }

model Post {
    state State
    @@deny('delete', !(state in [DONE, REVIEWED]))
}

the generated SQL is "state" = any(cast(ARRAY[$1,$2] as text[])). The right-hand array is built with enum elements reduced to text, but the left-hand enum column kept its native enum type, so PostgreSQL rejected the comparison:

42883 — operator does not exist: "State" = text

The == operator was unaffected because it routes through buildComparison, which already reconciles enum type compatibility. (Workaround in the issue was rewriting in [DONE, REVIEWED] as state == DONE || state == REVIEWED.)

Fix

In the in/array-contains branch of the expression transformer, cast the left operand to text via dialect.castText when it is a native enum column, so it matches the text[] array. Non-enum fields and databases without native enum types (SQLite/MySQL) are unaffected.

Tests

Added tests/regression/test/issue-2718.test.ts:

• PostgreSQL — reproduces the exact failure with a @@deny('delete', ...) rule (fails before the fix, passes after).
• SQLite — @@allow('read', state in [DONE, REVIEWED]) to guard the non-native-enum path.

Existing policy e2e tests (incl. supports in with field, collection-predicate, isempty-function-pg) pass, and tsc --noEmit on the policy package is clean.

Fixes #2718

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Improved in operator handling when comparing enum fields against inline lists, ensuring consistent policy behavior across supported database engines.

• Tests

  • Added regression coverage for the in + enum inline-list scenario, verifying expected allow/deny and null-read behavior on both PostgreSQL and SQLite.
  • Refreshed an existing regression test to simplify execution setup while keeping the original assertions intact.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3d936c6d-5d82-4458-8061-77fe716a62d7

📥 Commits

Reviewing files that changed from the base of the PR and between d437d88 and 01cc215.

📒 Files selected for processing (1)

• tests/regression/test/issue-2669.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/regression/test/issue-2669.test.ts

---

📝 Walkthrough

Walkthrough

The fix updates the policy expression transformer's in operator handling to cast enum fields to text before constructing the = any(right) SQL comparison, addressing PostgreSQL native enum type compatibility. A regression test suite is added covering delete policy behavior on PostgreSQL and read filtering on SQLite using enum fields with in expressions. The GitHub Actions workflow for Claude code review is updated to version v1 with the new prompt input format, and an existing test structure for issue 2669 is refactored.

Changes

Enum cast fix for in operator in policy expressions

Layer / File(s)	Summary
Enum-to-text cast in in operator transformer packages/plugins/policy/src/expression-transformer.ts	In the non-ValueListNode branch of the in operator, the transformer now resolves the left field definition and conditionally wraps the left expression in a text cast when the field is an enum, then uses that comparand in the BinaryOperationNode.
Regression tests for PostgreSQL and SQLite tests/regression/test/issue-2718.test.ts	Two test cases seed enum-backed Post records and assert correct authorization behavior for state in [DONE, REVIEWED]—delete policy denial/allowance on PostgreSQL, and read filtering on SQLite.

CI workflow update and test refactoring

Layer / File(s)	Summary
Claude code review action version and input format .github/workflows/claude-code-review.yml	The Claude review action version is updated from @beta to @v1, and the workflow input parameter is changed from direct_prompt to prompt with multiline content.
Test structure refactoring for issue 2669 tests/regression/test/issue-2669.test.ts	The test harness is refactored from provider-parameterized describe.each to a single describe block with inline schema definition; createTestClient invocation is simplified while assertion logic remains unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hop, hop, the enum tried,
To slip through in without a cast applied.
But now we peek at the field's true type,
And wrap it in text — the SQL is right!
No more "operator does not exist" despair,
Just smooth enum queries dancing through the air. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix: supporting the in operator with enum lists when using PostgreSQL native enums.
Linked Issues check	✅ Passed	The PR fully addresses issue #2718 by adding enum type casting in the expression transformer and includes comprehensive regression tests for both PostgreSQL and SQLite.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the in operator with native enums: the core fix in expression-transformer.ts, related regression test, and a minor GitHub Actions workflow update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-2718-enum-in-operator

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/regression/test/issue-2718.test.ts`:
- Around line 41-59: The createPolicyTestClient function call is missing an
explicit provider parameter, which causes it to default to getTestDbProvider()
that may return a non-SQLite provider and skip the intended SQLite code path for
this regression test. Add an explicit provider parameter to the
createPolicyTestClient call to pin it to SQLite, ensuring the test exercises the
specific SQLite behavior that this regression case is designed to validate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 401905ee-ba64-4f7b-b40f-61613a03a726

📥 Commits

Reviewing files that changed from the base of the PR and between 405c9ee and 4db483a.

📒 Files selected for processing (2)

• packages/plugins/policy/src/expression-transformer.ts
• tests/regression/test/issue-2718.test.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/claude-code-review.yml:
- Line 32: Replace the mutable version tag `@v1` in the
anthropics/claude-code-action reference with a specific commit SHA to prevent
potential security risks from upstream repository compromises. Add a comment on
the line above the uses statement indicating the version that the commit SHA
corresponds to for maintainability and future reference when updating.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 72fe6428-04dc-4ca0-99fc-d939ca9cebd9

📥 Commits

Reviewing files that changed from the base of the PR and between 4db483a and ae30002.

📒 Files selected for processing (1)

• .github/workflows/claude-code-review.yml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/regression/test/issue-2669.test.ts`:
- Line 5: The describe function in the test suite has a misleading title that
includes the ($provider) placeholder, which is no longer relevant since the test
suite no longer parameterizes providers. Remove the ($provider)` text from the
describe function title string to make the test reporting clearer and more
accurate. Keep the rest of the title "Regression for issue 2669" but remove the
stale placeholder to reflect that this is now a concrete test suite, not a
parameterized one.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c7b9cb8e-c578-4d8b-a102-6f9df09e8b02

📥 Commits

Reviewing files that changed from the base of the PR and between ae30002 and d437d88.

📒 Files selected for processing (1)

• tests/regression/test/issue-2669.test.ts