feat(testkit): add PGlite in-memory Postgres adapter and concurrent tx detection

- Add `createInMemoryPostgres` / `closeInMemoryPostgres` to testkit using
  PGlite so tests can run without a real Postgres instance
- Export from testkit index; add `@electric-sql/pglite` and `drizzle-orm`
  as deps to testkit
- Add `vitest.config.ts` to `apps/web` wiring up the vitest preset
- Harden `SqlClientLive`: track `txOpening` flag so concurrent `transaction()`
  calls on the same instance fail fast via `Effect.die` instead of silently
  corrupting connections; add tests for both the error and the sequential-OK path

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: geclos

apps/web/package.json

@@ -47,6 +47,7 @@
     "zod": "catalog:"
   },
   "devDependencies": {
+    "@repo/vitest-config": "workspace:*",
     "@tailwindcss/postcss": "^4.0.0",
     "@tailwindcss/vite": "^4.0.0",
     "@types/papaparse": "^5.5.2",

apps/web/vitest.config.ts

@@ -0,0 +1,12 @@
+import sharedConfig from "@repo/vitest-config"
+import { defineConfig, mergeConfig } from "vitest/config"
+
+export default mergeConfig(
+  sharedConfig,
+  defineConfig({
+    test: {
+      globals: true,
+      environment: "node",
+    },
+  }),
+)

packages/platform/db-postgres/src/sql-client.test.ts

@@ -252,6 +252,46 @@ describe("SqlClientLive", () => {
     })
   })
 
+  describe("concurrent transaction detection", () => {
+    it("dies when two transaction() calls are started concurrently on the same SqlClient", async () => {
+      const client = createMockPostgresClient(state)
+      const orgId = OrganizationId("org-concurrent")
+
+      // Run two transaction() calls with concurrency: 2 on the same SqlClient.
+      // The second fiber sees txOpening === true and should die.
+      const layer = SqlClientLive(client, orgId)
+      const effect = Effect.gen(function* () {
+        const sqlClient = yield* SqlClient
+        const shape = sqlClient as import("@domain/shared").SqlClientShape<Operator>
+        return yield* Effect.all([shape.transaction(Effect.succeed("a")), shape.transaction(Effect.succeed("b"))], {
+          concurrency: 2,
+        })
+      }).pipe(Effect.provide(layer))
+
+      await expect(Effect.runPromise(effect)).rejects.toThrow("concurrent transaction() calls detected")
+    })
+
+    it("allows sequential transaction() calls on the same SqlClient after one completes", async () => {
+      const client = createMockPostgresClient(state)
+      const orgId = OrganizationId("org-sequential")
+
+      // Run two transactions sequentially — this is fine; txOpening is cleared
+      // after each transaction completes.
+      const layer = SqlClientLive(client, orgId)
+      const effect = Effect.gen(function* () {
+        const sqlClient = yield* SqlClient
+        const shape = sqlClient as import("@domain/shared").SqlClientShape<Operator>
+        const a = yield* shape.transaction(Effect.succeed(1))
+        const b = yield* shape.transaction(Effect.succeed(2))
+        return a + b
+      }).pipe(Effect.provide(layer))
+
+      const result = await Effect.runPromise(effect)
+      expect(result).toBe(3)
+      expect(state.transactionCallCount).toBe(2)
+    })
+  })
+
   describe("failure and rollback", () => {
     it("propagates failure from inner effect and does not commit", async () => {
       const client = createMockPostgresClient(state)

packages/platform/db-postgres/src/sql-client.ts

@@ -21,6 +21,7 @@ import type { Operator, PostgresClient } from "./client.ts"
  * concurrency > 1). `activeTx` has no fiber identity, so concurrent
  * transactions will overwrite each other's operator and corrupt both
  * connections. Use separate `SqlClientLive` layer instances instead.
+ * A concurrent call is detected at runtime and killed with Effect.die.
  */
 const setRlsContext = (tx: Operator, organizationId: OrganizationId) => {
   if (organizationId === "system") return Promise.resolve()
@@ -32,15 +33,24 @@ export const SqlClientLive = (client: PostgresClient, organizationId: Organizati
     SqlClient,
     Effect.gen(function* () {
       let activeTx: Operator | null = null
+      let txOpening = false
 
       return {
         organizationId,
 
         transaction: <A, E, R>(effect: Effect.Effect<A, E, R>) => {
-          if (activeTx) {
-            return effect
+          if (activeTx) return effect
+          if (txOpening) {
+            return Effect.die(
+              new Error(
+                "SqlClient: concurrent transaction() calls detected on the same instance. " +
+                  "Use separate SqlClientLive layer instances for parallel transactions.",
+              ),
+            )
           }
 
+          txOpening = true
+
           return Effect.gen(function* () {
             let resolveTxReady!: (tx: Operator) => void
             let resolveEffectDone!: (result: { ok: true; value: A } | { ok: false; error: unknown }) => void
@@ -62,10 +72,17 @@ export const SqlClientLive = (client: PostgresClient, organizationId: Organizati
 
             const tx = yield* Effect.tryPromise({
               try: () => txReady,
-              catch: (e) => toRepositoryError(e, "transaction"),
+              catch: (e) => {
+                txOpening = false
+                return toRepositoryError(e, "transaction")
+              },
             })
 
+            // activeTx is set — nested transaction() calls now use pass-through.
+            // Release txOpening so that sequential (non-concurrent) calls after
+            // this transaction completes can open their own transactions.
             activeTx = tx
+            txOpening = false
             const exit = yield* Effect.exit(effect)
             activeTx = null
 

packages/platform/testkit/package.json

@@ -15,9 +15,11 @@
   },
   "dependencies": {
     "@domain/shared": "workspace:*",
+    "@electric-sql/pglite": "0.3.15",
     "@platform/db-postgres": "workspace:*",
     "@platform/cache-redis": "workspace:*",
     "@repo/utils": "workspace:*",
+    "drizzle-orm": "catalog:",
     "effect": "catalog:",
     "hono": "catalog:",
     "ioredis": "catalog:"

packages/platform/testkit/src/database/pglite.ts

@@ -0,0 +1,79 @@
+import { fileURLToPath } from "node:url"
+import { PGlite } from "@electric-sql/pglite"
+import { type PostgresClient, type PostgresDb, postgresSchema } from "@platform/db-postgres"
+import { sql } from "drizzle-orm"
+import { drizzle } from "drizzle-orm/pglite"
+import { migrate } from "drizzle-orm/pglite/migrator"
+
+const MIGRATIONS_FOLDER = fileURLToPath(new URL("../../../db-postgres/drizzle", import.meta.url))
+
+const unsafeCast = <T>(value: unknown): T => value as T
+
+export interface InMemoryPostgres {
+  readonly client: PGlite
+  readonly db: ReturnType<typeof drizzle>
+  readonly postgresDb: PostgresDb
+  /** Admin client — runs as the table owner (superuser). RLS is bypassed. */
+  readonly adminPostgresClient: PostgresClient
+  /**
+   * App-role client whose transactions run under the `latitude_app` role so
+   * that Postgres RLS policies are enforced. The role switch is injected via
+   * drizzle's `tx.execute()` (transaction-scoped) before each query batch.
+   */
+  readonly appPostgresClient: PostgresClient
+}
+
+const createPostgresClientFromDb = (postgresDb: PostgresDb): PostgresClient => {
+  const transaction = <T>(fn: (txDb: PostgresDb) => Promise<T>): Promise<T> =>
+    (postgresDb as unknown as { transaction: (fn: (tx: unknown) => Promise<T>) => Promise<T> }).transaction(
+      async (tx) => fn(tx as PostgresDb),
+    )
+  return unsafeCast<PostgresClient>({ db: postgresDb, transaction })
+}
+
+/**
+ * Create an app-role client that switches to `latitude_app` for each
+ * transaction so that RLS policies are enforced.
+ *
+ * The role switch uses `SET LOCAL ROLE` executed through drizzle's transaction
+ * `tx` handle (not via a raw `pglite.exec` call) to avoid interleaving raw
+ * PGlite I/O with drizzle's serialized connection queue, which would deadlock
+ * on the single-connection PGlite instance.
+ */
+const createAppRoleClient = (postgresDb: PostgresDb): PostgresClient => {
+  const transaction = <T>(fn: (txDb: PostgresDb) => Promise<T>): Promise<T> =>
+    (postgresDb as unknown as { transaction: (fn: (tx: unknown) => Promise<T>) => Promise<T> }).transaction(
+      async (tx) => {
+        // Switch to the runtime role so RLS policies apply.
+        // SET LOCAL is transaction-scoped and reverts automatically on
+        // commit/rollback — no cleanup needed.
+        await (tx as PostgresDb).execute(sql`SET LOCAL ROLE latitude_app`)
+        return fn(tx as PostgresDb)
+      },
+    )
+  return unsafeCast<PostgresClient>({ db: postgresDb, transaction })
+}
+
+export const createInMemoryPostgres = async (): Promise<InMemoryPostgres> => {
+  const client = new PGlite()
+
+  // Create the runtime role before migrations so the grant migration finds it.
+  await client.exec("CREATE ROLE latitude_app NOLOGIN")
+
+  const db = drizzle({ client, schema: postgresSchema })
+  await migrate(db, { migrationsFolder: MIGRATIONS_FOLDER })
+
+  const postgresDb = unsafeCast<PostgresDb>(db)
+
+  return {
+    client,
+    db,
+    postgresDb,
+    adminPostgresClient: createPostgresClientFromDb(postgresDb),
+    appPostgresClient: createAppRoleClient(postgresDb),
+  }
+}
+
+export const closeInMemoryPostgres = async (database: InMemoryPostgres): Promise<void> => {
+  await database.client.close()
+}

packages/platform/testkit/src/index.ts

@@ -1,3 +1,10 @@
+// In-memory PGlite exports
+export {
+  closeInMemoryPostgres,
+  createInMemoryPostgres,
+  type InMemoryPostgres,
+} from "./database/pglite.ts"
+
 // Database exports
 export {
   closeTestDatabase,