fix(transactions): return NotFoundError or (new) TypeMismatchError instead of StorageTransactionInconsistent where appropriate (#1472)

* docs(runner): Add comprehensive storage transaction documentation

- Add transaction-explainer.md: High-level overview for newcomers
  - Explains core architecture (StorageTransaction, Journal, Chronicle)
  - Covers key design principles (write isolation, read consistency)
  - Documents transaction lifecycle and usage patterns

- Add transaction-implementation-guide.md: Detailed guide for maintainers
  - Documents state machines and transitions
  - Explains critical implementation patterns
  - Details error states and handling
  - Covers key algorithms (consistency checking, write merging)
  - Includes performance considerations and testing guidelines

* feat(runner): Improve transaction error handling with distinct error types

Align transaction implementation with transaction-shim.ts behavior by
returning appropriate errors for different failure scenarios.

Key change: StorageTransactionInconsistent errors now only occur when
the underlying state has changed, maintaining the invariant that retrying
after this error will see different data. This is the key indicator for
when to retry a transaction.

- Introduce TypeMismatchError for accessing properties on non-objects
  (e.g., reading string.property or null.field)
- Return NotFoundError when documents or paths don't exist, instead of
  inconsistency errors
- Fix bug where writes to nested paths of documents created in the same
  transaction would incorrectly fail with NotFoundError
- Update all tests to expect appropriate error types
- Update documentation to explain error type distinctions

* feat(runner): Update transaction shim to handle TypeMismatchError gracefully

The transaction shim's readOrThrow and writeOrThrow methods now treat
TypeMismatchError like NotFoundError, returning undefined instead of
throwing. This maintains backwards compatibility while leveraging the
new distinct error types.

Key changes:
- validateParentPath now returns TypeMismatchError for type mismatches
- readOrThrow returns undefined for both NotFoundError and TypeMismatchError
- writeOrThrow handles both error types when creating parent entries
- Updated tests to expect the correct error types

* fix(runner): update tests for new transaction system with TypeMismatchError handling

- Update storage.test.ts to work with new transaction system (shim=false)
  - Remove sync() calls and add explicit commits before querying
  - Add conditional sync() calls only when shim is true
  - Wait for storage processing with runtime.idle() after commits
  - Fix data structure expectations to match new format

- Update storage-transaction-shim.test.ts expectations
  - Change line 309 to expect TypeMismatchError instead of NotFoundError
  - This aligns with the shim behavior that distinguishes type mismatches

- Previously updated transaction-shim.ts to treat TypeMismatchError like NotFoundError
  - Both error types are now handled gracefully in readOrThrow and writeOrThrow

* control whether to use new transactions via env variable

* fix(runner): update tests for full document in subscription notifications

Updated test expectations to match the new subscription behavior where
'before' and 'after' fields now always contain the full document rather
than just the value at the specified path.

Changes:
- Fixed reactive-dependencies tests to pass full document structure
- Updated storage-subscription tests to expect full document with wrapper
- Modified storage-transaction-shim tests for consistent document structure
- Adjusted expectations for empty documents to use {} instead of undefined

* address PR feedback

* re-add fields to INotFoundError

* feat(runner): add array type checking to attestation.write() and tests

Update attestation.write() to properly handle array types:
- Explicitly check for arrays using Array.isArray()
- Only allow writing to arrays at:
  - Valid non-negative integer indices (0, 1, 2, etc.)
  - The 'length' property for array truncation
- Return TypeMismatchError for invalid array operations

Add comprehensive tests to validate the new behavior:
- Writing to valid positive integer indices (0, 1, 10)
- Writing to array 'length' property for truncation
- TypeMismatchError for negative indices (-1)
- TypeMismatchError for non-integer keys (1.5)
- TypeMismatchError for string keys other than 'length'
- Proper handling of sparse arrays

This ensures arrays are treated distinctly from objects and prevents
invalid array modifications while maintaining backwards compatibility.

* fix comment to reflect new names

---------

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: seefeldb

packages/runner/src/cell.ts

@@ -44,6 +44,7 @@ import type {
   IReadOptions,
 } from "./storage/interface.ts";
 import { fromURI } from "./uri-utils.ts";
+import { getEntityId } from "./doc-map.ts";
 
 /**
  * This is the regular Cell interface, generated by DocImpl.asCell().
@@ -661,10 +662,18 @@ export class RegularCell<T> implements Cell<T> {
     >
     | undefined;
   getSourceCell(schema?: JSONSchema): Cell<any> | undefined {
-    const sourceCellId =
+    let sourceCellId =
       (this.tx?.status().status === "ready" ? this.tx : this.runtime.edit())
-        .readOrThrow({ ...this.link, path: ["source"] });
-    if (!sourceCellId) return undefined;
+        .readOrThrow({ ...this.link, path: ["source"] }) as string | undefined;
+    if (!sourceCellId || typeof sourceCellId !== "string") {
+      return undefined;
+    }
+    if (sourceCellId.startsWith('{"/":')) {
+      sourceCellId = toURI(JSON.parse(sourceCellId));
+    }
+    if (!sourceCellId.startsWith("of:")) {
+      throw new Error("Source cell ID must start with 'of:'");
+    }
     return createCell(this.runtime, {
       space: this.link.space,
       path: [],
@@ -680,7 +689,10 @@ export class RegularCell<T> implements Cell<T> {
     if (sourceLink.path.length > 0) {
       throw new Error("Source cell must have empty path for now");
     }
-    this.tx.writeOrThrow({ ...this.link, path: ["source"] }, sourceLink.id);
+    this.tx.writeOrThrow(
+      { ...this.link, path: ["source"] },
+      JSON.stringify(getEntityId(sourceLink.id)),
+    );
   }
 
   freeze(reason: string): void {

packages/runner/src/doc.ts

@@ -339,14 +339,21 @@ export function createDoc<T>(
 
         // Send notification if shim storage manager is available
         if (runtime.storage.shim) {
+          let before = previousValue;
+          let after = newValue;
+          for (const key of ["value", ...path.map(String)].reverse()) {
+            before = { [key]: before };
+            after = { [key]: after };
+          }
+
           const change: IMemoryChange = {
             address: {
               id: toURI(entityId),
               type: "application/json",
               path: ["value", ...path.map(String)],
             },
-            before: previousValue,
-            after: newValue,
+            before: before,
+            after: after,
           };
 
           const notification: ICommitNotification = {
@@ -413,8 +420,8 @@ export function createDoc<T>(
             type: "application/json",
             path: ["source"],
           },
-          before: JSON.stringify(sourceCell?.entityId),
-          after: JSON.stringify(cell?.entityId),
+          before: { source: JSON.stringify(sourceCell?.entityId) },
+          after: { source: JSON.stringify(cell?.entityId) },
         };
 
         const notification: ICommitNotification = {

packages/runner/src/reactive-dependencies.ts

@@ -110,17 +110,11 @@ export function determineTriggeredActions(
 
   if (startPath.length > 0) {
     // If we're starting from a specific path, filter the subscribers to only
-    // include those that start with that path.
+    // include those that can be affected by that path.
     subscribers = subscribers.map(({ action, paths }) => ({
       action,
       paths: paths.filter((path) => arraysOverlap(path, startPath)),
     })).filter(({ paths }) => paths.length > 0);
-
-    // And prepend path to data, so we don't have to special case this.
-    for (const key of startPath.toReversed()) {
-      before = { [key]: before } as JSONValue;
-      after = { [key]: after } as JSONValue;
-    }
   }
 
   // Sort subscribers by last/longest path first.

packages/runner/src/runtime.ts

@@ -1,3 +1,4 @@
+import { isDeno } from "@commontools/utils/env";
 import type {
   JSONSchema,
   Module,
@@ -45,7 +46,9 @@ import { Runner } from "./runner.ts";
 import { registerBuiltins } from "./builtins/index.ts";
 import { StaticCache } from "@commontools/static";
 
-const DEFAULT_USE_REAL_TRANSACTIONS = false;
+const DEFAULT_USE_REAL_TRANSACTIONS = isDeno()
+  ? ["1", "true", "on", "yes"].includes(Deno.env.get("USE_REAL_TRANSACTIONS")!)
+  : false;
 
 export type { IExtendedStorageTransaction, IStorageProvider, MemorySpace };
 

packages/runner/src/storage/interface.ts

@@ -559,13 +559,13 @@ export interface ITransactionReader {
    *  })
    *  assert(w.ok)
    *
-   *  assert(tx.read({ type, id, path:: ['author'] }).ok === undefined)
-   *  assert(tx.read({ type, id, path:: ['author', 'address'] }).error.name === 'NotFoundError')
+   *  assert(tx.read({ type, id, path: ['author'] }).ok === undefined)
+   *  assert(tx.read({ type, id, path: ['author', 'address'] }).error.name === 'NotFoundError')
    *  // JS specific getters are not supported
-   *  assert(tx.read({ the, of, at: ['content', 'length'] }).ok.is === undefined)
-   *  assert(tx.read({ the, of, at: ['title'] }).ok.is === "Hello world")
+   *  assert(tx.read({ type, id, path: ['content', 'length'] }).ok?.value === undefined)
+   *  assert(tx.read({ type, id, path: ['title'] }).ok?.value === "Hello world")
    *  // Referencing non-existing facts produces errors
-   *  assert(tx.read({ the: 'bad/mime' , of, at: ['author'] }).error.name === 'NotFoundError')
+   *  assert(tx.read({ type: 'bad/mime', id, path: ['author'] }).error.name === 'NotFoundError')
    * ```
    *
    * @param address - Memory address to read from
@@ -656,7 +656,10 @@ export type CommitError =
 
 export interface INotFoundError extends Error {
   name: "NotFoundError";
+  source: IAttestation;
+  address: IMemoryAddress;
   path?: MemoryAddressPathComponent[];
+  from(space: MemorySpace): INotFoundError;
 }
 
 /**
@@ -682,13 +685,15 @@ export type ReadError =
   | INotFoundError
   | InactiveTransactionError
   | IInvalidDataURIError
-  | IUnsupportedMediaTypeError;
+  | IUnsupportedMediaTypeError
+  | ITypeMismatchError;
 
 export type WriteError =
   | INotFoundError
   | IUnsupportedMediaTypeError
   | InactiveTransactionError
-  | IReadOnlyAddressError;
+  | IReadOnlyAddressError
+  | ITypeMismatchError;
 
 export type ReaderError = InactiveTransactionError;
 
@@ -700,19 +705,6 @@ export type WriterError =
 export interface IStorageTransactionComplete extends Error {
   name: "StorageTransactionCompleteError";
 }
-export interface INotFoundError extends Error {
-  name: "NotFoundError";
-
-  /**
-   * Source in which address could not be resolved.
-   */
-  source: IAttestation;
-
-  /**
-   * Address that we could not resolve.
-   */
-  address: IMemoryAddress;
-}
 
 /**
  * Represents adddress within the memory space which is like pointer inside the
@@ -859,6 +851,28 @@ export interface IReadOnlyAddressError extends Error {
   from(space: MemorySpace): IReadOnlyAddressError;
 }
 
+/**
+ * Error returned when attempting to access a property on a non-object value.
+ * This is different from NotFound (document doesn't exist) and Inconsistency
+ * (state changed). This error indicates a type mismatch that would persist
+ * even if the transaction were retried.
+ */
+export interface ITypeMismatchError extends Error {
+  name: "TypeMismatchError";
+
+  /**
+   * The address being accessed.
+   */
+  address: IMemoryAddress;
+
+  /**
+   * The actual type encountered.
+   */
+  actualType: string;
+
+  from(space: MemorySpace): ITypeMismatchError;
+}
+
 /**
  * Describes either observed or desired state of the memory at a specific
  * address.

packages/runner/src/storage/transaction-explainer.md

@@ -0,0 +1,172 @@
+# Storage Transaction Abstraction Explainer
+
+The storage transaction system provides ACID-like guarantees for reading and
+writing data across memory spaces. Think of it as a database transaction but for
+a distributed, content-addressed memory system.
+
+## Core Architecture
+
+The transaction system is built in three layers:
+
+1. **StorageTransaction**
+   (`packages/runner/src/storage/transaction.ts:63-107`) - The main API surface
+   that manages transaction lifecycle
+2. **Journal** (`packages/runner/src/storage/transaction/journal.ts:52-100`) -
+   Tracks all reads/writes and enforces consistency
+3. **Chronicle**
+   (`packages/runner/src/storage/transaction/chronicle.ts:51-223`) - Manages
+   changes per memory space with conflict detection
+
+## How It Works
+
+### Transaction Lifecycle
+
+A transaction moves through three states:
+
+1. **Ready** - Active and accepting reads/writes
+2. **Pending** - Commit initiated, waiting for storage confirmation
+3. **Done** - Completed (successfully or with error)
+
+```typescript
+// Create a new transaction
+const transaction = create(storageManager);
+
+// Read and write operations
+const readResult = transaction.read({
+  space: "user",
+  id: "123",
+  type: "application/json",
+  path: ["name"],
+});
+const writeResult = transaction.write({
+  space: "user",
+  id: "123",
+  type: "application/json",
+  path: ["age"],
+}, 25);
+
+// Commit changes
+const commitResult = await transaction.commit();
+```
+
+### Key Design Principles
+
+**1. Write Isolation**: A transaction can only write to one memory space. This
+prevents distributed consistency issues:
+
+```typescript
+// First write locks the transaction to "user" space
+transaction.write({ space: "user", ... }, data);  
+
+// This will fail with WriteIsolationError
+transaction.write({ space: "project", ... }, data);
+```
+
+**2. Read Consistency**: All reads capture "invariants" - assumptions about the
+state when read. If any invariant is violated before commit, the transaction
+fails:
+
+```typescript
+// Transaction reads age = 30
+const age = transaction.read({ ...address, path: ["age"] });
+
+// Another client changes age to 31
+
+// This transaction's commit will fail due to inconsistency
+```
+
+**3. Optimistic Updates**: Writes within a transaction see their own changes
+immediately:
+
+```typescript
+transaction.write({ ...address, path: ["name"] }, "Alice");
+const name = transaction.read({ ...address, path: ["name"] }); // Returns "Alice"
+```
+
+## Internal Mechanics
+
+### Journal (`packages/runner/src/storage/transaction/journal.ts`)
+
+The Journal manages transaction state and coordinates between readers/writers:
+
+- Maintains separate Chronicle instances per memory space
+- Tracks all read/write activity for debugging and replay
+- Enforces single-writer constraint
+- Handles transaction abort/close lifecycle
+
+### Chronicle (`packages/runner/src/storage/transaction/chronicle.ts`)
+
+Each Chronicle manages changes for one memory space:
+
+- **History**: Tracks all read invariants to detect conflicts
+- **Novelty**: Stores pending writes not yet committed
+- **Rebase**: Merges overlapping writes intelligently
+
+Key operations:
+
+1. **Read** - Checks novelty first (uncommitted writes), then replica, captures
+   invariant
+2. **Write** - Validates against current state, stores in novelty
+3. **Commit** - Verifies all invariants still hold, builds final transaction
+
+### Attestation System
+
+All reads and writes produce "attestations" - immutable records of observed or
+desired state:
+
+```typescript
+interface IAttestation {
+  address: IMemoryAddress; // What was read/written
+  value?: JSONValue; // The value (undefined = deleted)
+}
+```
+
+## Error Handling
+
+The system uses Result types extensively with specific errors:
+
+- **TransactionCompleteError** - Operation on finished transaction
+- **WriteIsolationError** - Attempting to write to second space
+- **StorageTransactionInconsistent** - Read invariant violated (underlying state
+  changed)
+- **NotFoundError** - Document or path doesn't exist
+- **TypeMismatchError** - Accessing properties on non-objects (e.g., trying to
+  read `string.property`)
+- **ReadOnlyAddressError** - Writing to data: URIs
+
+The distinction between these errors is important:
+
+- **NotFoundError** is transient - the operation would succeed if the
+  document/path existed
+- **TypeMismatchError** is persistent - the operation will always fail unless
+  the data type changes
+- **StorageTransactionInconsistent** indicates retry is needed - the underlying
+  data changed
+
+## Advanced Features
+
+**1. Data URIs**: Read-only inline data using `data:` URLs
+
+**2. Path-based Access**: Read/write nested JSON paths:
+
+```typescript
+transaction.read({ ...address, path: ["user", "profile", "name"] });
+```
+
+**3. Activity Tracking**: All operations recorded for debugging:
+
+```typescript
+for (const activity of transaction.journal.activity()) {
+  // Log reads and writes
+}
+```
+
+**4. Consistency Validation**: Chronicle's commit method
+(`packages/runner/src/storage/transaction/chronicle.ts:176-222`) carefully
+validates that all read invariants still hold before building the final
+transaction.
+
+This architecture ensures strong consistency guarantees while allowing
+optimistic updates within a transaction boundary, making it suitable for
+collaborative editing scenarios where multiple clients may be modifying data
+concurrently.