Slice 3 (final) of the SQL ORM: Many-to-Many End to End project (Linear project). Nested connect/disconnect/create through the junction + the required-payload safety rail.

⚠ DRAFT — not ready to merge. Runtime-complete, but the type-level .create disable (your non-negotiable, in-slice requirement) is deferred pending your decision — it needs a contract-.d.ts change. See Open decision below + wip/unattended-decisions.md #8. I did not make that contract-surface change unilaterally.

Stacked PR. Base tml-2786 (#680) → tml-2785 (#679) → tml-2784 (#678) → tml-2597 (#673) → tml-2729 (#667) → main. Review/merge bottom-up.

Overview

db.orm.User.update/create({ tags: (t) => t.connect/disconnect/create(...) }) now routes to the UserTag junction (INSERT / DELETE / target-insert+link), under both create() and update(). The N:M not supported yet guard is gone. Junctions with a required non-FK payload column cant be written through the sugar, so create and connect on them are disabled with a clear error (disconnect stays).

Changes (5 commits)

• 74a778816 — runtime junction write path: partitionByOwnership gains a junctionOwned bucket (keyed on through presence); connect→INSERT, disconnect→DELETE, create→target-insert+link, both flows, composite-key AND-ed; the rejection unit test flipped positive. (getRelationDefinitions now carries through.)
• 926bdc849 — required-payload fixture: User ↔ Role via UserRole(user_id, role_id, level NOT NULL) (canonical CLI emit).
• 3bccd80b3 — runtime guard: nested create on a required-payload junction throws.
• e6c641811 — design correction (decision Remove SQL -> Runtime dependency #9): extended the guard to connect too (connect also INSERTs a junction row it cant complete → DB NOT-NULL violation), flipped the unit test, finished the 10 write integration tests.

Integration tests (per the project standard)

mn-nested-write.test.ts — 10 tests, no skips: connect/create on the pure User.tags junction with whole-row readback via include(tags), both create()+update() flows; disconnect; connect AND create on User.roles throw the guard; disconnect on User.roles works. Whole-row toEqual, explicit .select in most, ≥1 implicit/default selection.

AC status

• ✅ AC-1 — connect/disconnect/create route to junction DML, both flows, guard removed, rejection test flipped (unit + integration).
• ✅ AC-3 — write integration tests per the standard.
• ⚠ AC-2 — partial. Runtime disable of create+connect on required-payload junctions: ✅ done + tested. Type-level disable: deferred — see below.

⚠ Open decision (blocks marking this slice done)

The type-level .create disable cant be built as specified: the generated contract.d.ts relation type carries only to/cardinality/on, not through — so a conditional type cant see which model is the junction or that it has a required column. requiredPayloadColumns exists only at runtime. Honouring the type-level disable needs the contract .d.ts type emitter to carry through (a contract-surface change reaching into slice-0 territory). Options (full detail in wip/unattended-decisions.md #8):

• (a) extend the .d.ts emitter to emit through, then a follow-up adds the conditional-type disable + negative type test;
• (b) emit a narrower requiredPayloadColumns/hasRequiredPayload marker into the typed relation;
• (c) accept runtime-only (contradicts the in-slice non-negotiable).

I shipped the runtime guard and left this for you. Once you pick (a)/(b), a small follow-up dispatch completes the type-level disable.

Notes

connect-disabled-on-required-payload was a mid-flight spec correction (the original spec wrongly assumed connect was FK-pair-only safe). The reverse Tag.users/Role.users directions are deferred (one-directional fixture, decision #3). Refs: TML-2787.