• Implement object-based select projection for MongoDB find methods
• Convert nested select objects to dot-path MongoDB projections
• Add comprehensive test suite with proper field assertions
• Move tests from github-issues to functional test directory

Implement object-based select projection conversion

• Implement recursive flatten function to convert nested select objects to dot-path projections
• Handle object-based select syntax previously marked as todo
• Support nested field selection like { profile: { name: true } } → { "profile.name": 1 }

src/entity-manager/MongoEntityManager.ts

Add MongoDB select projection test suite

• Add new comprehensive test suite for MongoDB select projection functionality
• Test find, findAndCount, find with where, and findOne methods
• Verify selected fields are present and non-selected fields are undefined
• Cover multiple scenarios with proper assertions

test/functional/mongodb/basic/select-projection/mongodb-select-projection.test.ts

Update import path for new location

• Update import path to reflect new test directory structure
• Adjust relative path from ../../../../src to ../../../../../../src

test/functional/mongodb/basic/select-projection/entity/Product.ts

Description

convertFindOptionsSelectToProjectCriteria uses entity property names verbatim in the projection
(e.g. id: 1) even though MongoDB ObjectId columns are stored under _id, so the generated
projection does not explicitly request the actual identifier field used by the Mongo transformer.

Code

src/entity-manager/MongoEntityManager.ts[R1184-1201]

+        const projection: ObjectLiteral = {}
+        const flatten = (obj: ObjectLiteral, prefix: string) => {
+            for (const key of Object.keys(obj)) {
+                const value = obj[key]
+                const path = prefix ? `${prefix}.${key}` : key
+                if (value === true) {
+                    projection[path] = 1
+                } else if (
+                    value &&
+                    typeof value === "object" &&
+                    !Array.isArray(value)
+                ) {
+                    flatten(value, path)
+                }
+            }
+        }
+        flatten(selects, "")
+        return projection

Evidence

Mongo ObjectId columns default their database field name to _id, and the Mongo document→entity
transformer primarily hydrates the entity id from the document’s _id field. The new projection
builder, however, emits projection keys based on the select object’s property names without any
mapping for ObjectIdColumn, so selecting id produces a projection key that doesn’t match the
stored field name.

src/entity-manager/MongoEntityManager.ts[1174-1201]
src/decorator/columns/ObjectIdColumn.ts[10-16]
src/query-builder/transformer/DocumentToEntityTransformer.ts[30-48]
src/persistence/SubjectExecutor.ts[1035-1048]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
MongoDB entities store the ObjectIdColumn under the database field name `_id`, but `convertFindOptionsSelectToProjectCriteria` emits projection keys directly from the `select` object (e.g. `id: 1`). This projection does not explicitly include the underlying `_id` field that `DocumentToEntityTransformer` uses to hydrate the entity’s id.

### Issue Context
- `@ObjectIdColumn()` defaults `options.name` to `_id`.
- `DocumentToEntityTransformer` hydrates ids from `document[databaseNameWithoutPrefixes]` (typically `_id`).

### Fix Focus Areas
- src/entity-manager/MongoEntityManager.ts[1174-1201]

### Suggested approach
- Pass `EntityMetadata` into `convertFindOptionsSelectToProjectCriteria` (or handle just before calling `cursor.project`).
- If `metadata.objectIdColumn` exists:
 - When the select includes `objectIdColumn.propertyName` (commonly `id`) or the DB name (`_id`), ensure the resulting projection includes `_id: 1`.
 - Avoid emitting a redundant projection entry for the property-name key if it doesn’t exist in the stored document.
- Add/extend a MongoDB functional test that asserts `select: { id: true }` returns entities with `id` populated.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Description

The new projection flattener performs no runtime validation on select, so non-object values (e.g.
a string passed via as any) can be accepted and produce an empty projection, effectively disabling
projection instead of erroring like the SQL find-options path does.

Code

src/entity-manager/MongoEntityManager.ts[R1184-1201]

+        const projection: ObjectLiteral = {}
+        const flatten = (obj: ObjectLiteral, prefix: string) => {
+            for (const key of Object.keys(obj)) {
+                const value = obj[key]
+                const path = prefix ? `${prefix}.${key}` : key
+                if (value === true) {
+                    projection[path] = 1
+                } else if (
+                    value &&
+                    typeof value === "object" &&
+                    !Array.isArray(value)
+                ) {
+                    flatten(value, path)
+                }
+            }
+        }
+        flatten(selects, "")
+        return projection

Evidence

SQL find-options selection validates selected paths and throws EntityPropertyNotFoundError for
invalid selections; there’s also an explicit regression test ensuring malicious/invalid select
inputs are rejected. In the Mongo path, the new implementation iterates Object.keys(selects) and
only adds entries when leaf values are true, with no type checks or metadata validation—so invalid
shapes can silently result in {} (no projection) rather than an error.

src/entity-manager/MongoEntityManager.ts[1184-1201]
src/query-builder/SelectQueryBuilder.ts[3915-3932]
test/other-issues/preventing-injection/preventing-injection.test.ts[22-41]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
MongoDB `select` projection currently accepts invalid runtime values and unknown field paths without error, which can silently disable projection (returning all fields) or return partially-empty entities. This diverges from the validated SQL behavior and from the existing injection-prevention test expectations.

### Issue Context
- `SelectQueryBuilder.buildSelect` validates select paths and throws on unknown properties.
- There is an explicit test asserting invalid `select` input is rejected.
- Mongo implementation currently assumes `selects` is an object/array and does not validate keys against metadata.

### Fix Focus Areas
- src/entity-manager/MongoEntityManager.ts[1184-1201]

### Suggested approach
1. Add runtime guarding:
  - If `selects` is neither an array nor a plain object, throw an error (consistent with rejecting invalid select input).
2. Add metadata-based validation for object syntax:
  - Validate each flattened path against `EntityMetadata` (columns + embeddeds) similarly to how SQL does, and throw `EntityPropertyNotFoundError` on unknown paths.
3. Extend MongoDB functional tests:
  - Add a test that `select: "(WHERE LIMIT 1)" as any` (or similar invalid type) rejects for MongoDB as it does elsewhere.
  - Add a test that a typo in a selected field name throws, rather than silently returning undefined.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools