@apiagex/database 0.6.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aditya Gupta and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,25 @@
+# Database Package
+
+## English
+
+This package owns the database adapter contract for Apiagex. It currently exposes placeholder adapters for SQLite, PostgreSQL, and MySQL, plus a selector that chooses the right adapter from config.
+
+MVP note: the active SQLite repository now stores role metadata with `roleKind`. Admin roles are `owner`, `admin`, `schema-manager`, and `user-manager`; API roles are used for content API permissions. Admin permissions live in `admin_permissions`, content API permissions stay in `permissions`, content API tokens are stored hashed in `api_tokens`, and webhooks use `webhooks`, `webhook_events`, and `webhook_deliveries`.
+
+```ts
+import { selectDatabaseAdapter } from '@apiagex/database';
+
+const adapter = selectDatabaseAdapter({ client: 'sqlite', file: './data/apiagex.db' });
+```
+
+## Hindi
+
+Ye package Apiagex ke database adapter contract ka owner hai. Abhi isme SQLite, PostgreSQL, aur MySQL ke placeholder adapters aur config ke basis par adapter select karne wala helper hai.
+
+MVP note: active SQLite repository ab `roleKind` metadata store karta hai. Admin roles `owner`, `admin`, `schema-manager`, aur `user-manager` hain; API roles content API permissions ke liye use hote hain. Admin permissions `admin_permissions` me rehte hain, content API permissions `permissions` me alag rehte hain, content API tokens `api_tokens` me hashed form me store hote hain, aur webhooks `webhooks`, `webhook_events`, plus `webhook_deliveries` use karte hain.
+
+```ts
+import { selectDatabaseAdapter } from '@apiagex/database';
+
+const adapter = selectDatabaseAdapter({ client: 'sqlite', file: './data/apiagex.db' });
+```

package/dist/admin-permission-repository.d.ts

@@ -0,0 +1,7 @@
+import type { SqliteDatabase } from "./sqlite.js";
+import type { AdminPermissionAction, AdminPermissionRecord, SetAdminPermissionInput } from "./admin-permission-repository.type.js";
+export declare const adminPermissionActions: AdminPermissionAction[];
+export declare function setAdminPermission(db: SqliteDatabase, input: SetAdminPermissionInput): AdminPermissionRecord;
+export declare function listAdminRolePermissions(db: SqliteDatabase, roleId: string): AdminPermissionRecord[];
+export declare function canAdminRoleAccess(db: SqliteDatabase, roleId: string, action: AdminPermissionAction): boolean;
+//# sourceMappingURL=admin-permission-repository.d.ts.map

package/dist/admin-permission-repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-permission-repository.d.ts","sourceRoot":"","sources":["../src/admin-permission-repository.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EACV,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACxB,MAAM,uCAAuC,CAAC;AAI/C,eAAO,MAAM,sBAAsB,EAAE,qBAAqB,EAMzD,CAAC;AAEF,wBAAgB,kBAAkB,CAChC,EAAE,EAAE,cAAc,EAClB,KAAK,EAAE,uBAAuB,GAC7B,qBAAqB,CAevB;AAED,wBAAgB,wBAAwB,CACtC,EAAE,EAAE,cAAc,EAClB,MAAM,EAAE,MAAM,GACb,qBAAqB,EAAE,CAOzB;AAED,wBAAgB,kBAAkB,CAChC,EAAE,EAAE,cAAc,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAKT"}

package/dist/admin-permission-repository.js

@@ -0,0 +1,74 @@
+import { randomUUID } from "node:crypto";
+import { getRoleById } from "./role-repository.js";
+export const adminPermissionActions = [
+    "schemas",
+    "entries",
+    "apiRoles",
+    "apiUsers",
+    "settings",
+];
+export function setAdminPermission(db, input) {
+    validateAdminPermissionInput(db, input);
+    const existing = findAdminPermission(db, input.roleId, input.action);
+    if (existing) {
+        db.prepare("UPDATE admin_permissions SET allowed = ? WHERE id = ?").run(input.allowed ? 1 : 0, existing.id);
+        return requireAdminPermission(db, existing.id);
+    }
+    const id = randomUUID();
+    db.prepare("INSERT INTO admin_permissions (id, role_id, action, allowed) VALUES (?, ?, ?, ?)").run(id, input.roleId, input.action, input.allowed ? 1 : 0);
+    return requireAdminPermission(db, id);
+}
+export function listAdminRolePermissions(db, roleId) {
+    const role = getRoleById(db, roleId);
+    if (role?.isOwner)
+        return ownerPermissions(roleId);
+    const rows = db
+        .prepare(adminPermissionSelectSql("WHERE role_id = ? ORDER BY action ASC"))
+        .all(roleId);
+    return rows.map(rowToAdminPermission);
+}
+export function canAdminRoleAccess(db, roleId, action) {
+    const role = getRoleById(db, roleId);
+    if (!role || role.roleKind !== "admin")
+        return false;
+    if (role.isOwner)
+        return true;
+    return Boolean(findAdminPermission(db, roleId, action)?.allowed);
+}
+function validateAdminPermissionInput(db, input) {
+    if (!adminPermissionActions.includes(input.action))
+        throw new Error("ADMIN_PERMISSION_ACTION_INVALID");
+    const role = getRoleById(db, input.roleId);
+    if (!role)
+        throw new Error("ROLE_NOT_FOUND");
+    if (role.roleKind !== "admin")
+        throw new Error("ROLE_ADMIN_REQUIRED");
+    if (role.isOwner)
+        throw new Error("ROLE_OWNER_LOCKED");
+}
+function findAdminPermission(db, roleId, action) {
+    const row = db
+        .prepare(adminPermissionSelectSql("WHERE role_id = ? AND action = ?"))
+        .get(roleId, action);
+    return row ? rowToAdminPermission(row) : undefined;
+}
+function requireAdminPermission(db, id) {
+    const row = db.prepare(adminPermissionSelectSql("WHERE id = ?")).get(id);
+    if (!row)
+        throw new Error("ADMIN_PERMISSION_NOT_FOUND");
+    return rowToAdminPermission(row);
+}
+function ownerPermissions(roleId) {
+    return adminPermissionActions.map((action) => ({
+        id: `${roleId}:${action}`,
+        roleId,
+        action,
+        allowed: true,
+    }));
+}
+function rowToAdminPermission(row) {
+    return { id: row.id, roleId: row.roleId, action: row.action, allowed: Boolean(row.allowed) };
+}
+function adminPermissionSelectSql(suffix) {
+    return `SELECT id, role_id as roleId, action, allowed FROM admin_permissions ${suffix}`;
+}

package/dist/admin-permission-repository.type.d.ts

@@ -0,0 +1,10 @@
+export type AdminPermissionAction = "schemas" | "entries" | "apiRoles" | "apiUsers" | "settings";
+export type SetAdminPermissionInput = {
+    roleId: string;
+    action: AdminPermissionAction;
+    allowed: boolean;
+};
+export type AdminPermissionRecord = SetAdminPermissionInput & {
+    id: string;
+};
+//# sourceMappingURL=admin-permission-repository.type.d.ts.map

package/dist/admin-permission-repository.type.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-permission-repository.type.d.ts","sourceRoot":"","sources":["../src/admin-permission-repository.type.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,qBAAqB,GAC7B,SAAS,GACT,SAAS,GACT,UAAU,GACV,UAAU,GACV,UAAU,CAAC;AAEf,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG,uBAAuB,GAAG;IAC5D,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC"}

package/dist/admin-permission-repository.type.js

@@ -0,0 +1 @@
+export {};

package/dist/api-token-repository.d.ts

@@ -0,0 +1,7 @@
+import type { SqliteDatabase } from "./sqlite.js";
+import type { ApiTokenRecord, CreatedApiToken, CreateApiTokenInput } from "./api-token-repository.type.js";
+export declare function createApiToken(db: SqliteDatabase, input: CreateApiTokenInput): CreatedApiToken;
+export declare function listApiTokens(db: SqliteDatabase, roleId: string): ApiTokenRecord[];
+export declare function revokeApiToken(db: SqliteDatabase, roleId: string, tokenId: string): ApiTokenRecord | undefined;
+export declare function resolveApiToken(db: SqliteDatabase, token: string): ApiTokenRecord | undefined;
+//# sourceMappingURL=api-token-repository.d.ts.map

package/dist/api-token-repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-token-repository.d.ts","sourceRoot":"","sources":["../src/api-token-repository.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EACf,mBAAmB,EACpB,MAAM,gCAAgC,CAAC;AAaxC,wBAAgB,cAAc,CAAC,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,mBAAmB,GAAG,eAAe,CAW9F;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,GAAG,cAAc,EAAE,CAMlF;AAED,wBAAgB,cAAc,CAC5B,EAAE,EAAE,cAAc,EAClB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,cAAc,GAAG,SAAS,CAM5B;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAQ7F"}

package/dist/api-token-repository.js

@@ -0,0 +1,80 @@
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+import { getRoleById } from "./role-repository.js";
+export function createApiToken(db, input) {
+    requireApiRole(db, input.roleId);
+    const token = `agx_${randomBytes(32).toString("base64url")}`;
+    const id = randomUUID();
+    const now = new Date().toISOString();
+    db.prepare(`INSERT INTO api_tokens
+      (id, role_id, name, token_hash, token_prefix, created_at, last_used_at, revoked_at)
+     VALUES (?, ?, ?, ?, ?, ?, NULL, NULL)`).run(id, input.roleId, normalizeTokenName(input.name), hashToken(token), token.slice(0, 12), now);
+    return { token, tokenRecord: requireApiToken(db, id) };
+}
+export function listApiTokens(db, roleId) {
+    requireApiRole(db, roleId);
+    const rows = db
+        .prepare(tokenSelectSql("WHERE api_tokens.role_id = ? ORDER BY api_tokens.created_at DESC"))
+        .all(roleId);
+    return rows.map(rowToApiToken);
+}
+export function revokeApiToken(db, roleId, tokenId) {
+    requireApiRole(db, roleId);
+    const now = new Date().toISOString();
+    db.prepare("UPDATE api_tokens SET revoked_at = COALESCE(revoked_at, ?) WHERE id = ? AND role_id = ?")
+        .run(now, tokenId, roleId);
+    return getApiTokenById(db, tokenId, roleId);
+}
+export function resolveApiToken(db, token) {
+    const row = db
+        .prepare(tokenSelectSql("WHERE api_tokens.token_hash = ? AND api_tokens.revoked_at IS NULL AND roles.role_kind = 'api'"))
+        .get(hashToken(token));
+    if (!row)
+        return undefined;
+    db.prepare("UPDATE api_tokens SET last_used_at = ? WHERE id = ?")
+        .run(new Date().toISOString(), row.id);
+    return getApiTokenById(db, row.id);
+}
+function getApiTokenById(db, tokenId, roleId) {
+    const suffix = roleId ? "WHERE api_tokens.id = ? AND api_tokens.role_id = ?" : "WHERE api_tokens.id = ?";
+    const params = roleId ? [tokenId, roleId] : [tokenId];
+    const row = db.prepare(tokenSelectSql(suffix)).get(...params);
+    return row ? rowToApiToken(row) : undefined;
+}
+function requireApiToken(db, tokenId) {
+    const token = getApiTokenById(db, tokenId);
+    if (!token)
+        throw new Error("API_TOKEN_NOT_FOUND");
+    return token;
+}
+function requireApiRole(db, roleId) {
+    const role = getRoleById(db, roleId);
+    if (!role)
+        throw new Error("ROLE_NOT_FOUND");
+    if (role.roleKind !== "api")
+        throw new Error("ROLE_API_REQUIRED");
+}
+function normalizeTokenName(name) {
+    const normalized = name?.trim() || "API token";
+    if (normalized.length > 80)
+        throw new Error("API_TOKEN_NAME_TOO_LONG");
+    return normalized;
+}
+function hashToken(token) {
+    return createHash("sha256").update(token).digest("hex");
+}
+function rowToApiToken(row) {
+    return row;
+}
+function tokenSelectSql(suffix) {
+    return `SELECT api_tokens.id,
+    api_tokens.role_id as roleId,
+    roles.name as roleName,
+    api_tokens.name,
+    api_tokens.token_prefix as tokenPrefix,
+    api_tokens.created_at as createdAt,
+    api_tokens.last_used_at as lastUsedAt,
+    api_tokens.revoked_at as revokedAt
+    FROM api_tokens
+    JOIN roles ON roles.id = api_tokens.role_id
+    ${suffix}`;
+}

package/dist/api-token-repository.type.d.ts

@@ -0,0 +1,19 @@
+export type ApiTokenRecord = {
+    id: string;
+    roleId: string;
+    roleName: string;
+    name: string;
+    tokenPrefix: string;
+    createdAt: string;
+    lastUsedAt: string | null;
+    revokedAt: string | null;
+};
+export type CreateApiTokenInput = {
+    roleId: string;
+    name?: string | undefined;
+};
+export type CreatedApiToken = {
+    token: string;
+    tokenRecord: ApiTokenRecord;
+};
+//# sourceMappingURL=api-token-repository.type.d.ts.map

package/dist/api-token-repository.type.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-token-repository.type.d.ts","sourceRoot":"","sources":["../src/api-token-repository.type.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,cAAc,CAAC;CAC7B,CAAC"}

package/dist/api-token-repository.type.js

@@ -0,0 +1 @@
+export {};

package/dist/entry-query.d.ts

@@ -0,0 +1,4 @@
+import type { SqliteDatabase } from "./sqlite.js";
+import type { EntryListOptions, EntryListResult } from "./entry-repository.type.js";
+export declare function queryEntries(db: SqliteDatabase, schemaId: string, options?: EntryListOptions): EntryListResult;
+//# sourceMappingURL=entry-query.d.ts.map

package/dist/entry-query.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entry-query.d.ts","sourceRoot":"","sources":["../src/entry-query.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAEV,gBAAgB,EAChB,eAAe,EAEhB,MAAM,4BAA4B,CAAC;AAWpC,wBAAgB,YAAY,CAC1B,EAAE,EAAE,cAAc,EAClB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,gBAAqB,GAC7B,eAAe,CAoBjB"}

package/dist/entry-query.js

@@ -0,0 +1,61 @@
+import { getSchemaById } from "./schema-repository.js";
+export function queryEntries(db, schemaId, options = {}) {
+    const schema = requireSchema(db, schemaId);
+    const limit = clampListLimit(options.limit);
+    const offset = Math.max(0, Math.floor(options.offset ?? 0));
+    const search = options.search?.trim() ?? "";
+    const selectedFields = validateSelectedFields(schema, options.fields);
+    const where = search ? "WHERE schema_id = ? AND (data_json LIKE ? OR id LIKE ?)" : "WHERE schema_id = ?";
+    const params = search ? [schemaId, `%${search}%`, `%${search}%`] : [schemaId];
+    const totalRow = db.prepare(`SELECT COUNT(*) as total FROM entries ${where}`).get(...params);
+    const rows = db.prepare(`${entrySelectSql(where)} ORDER BY created_at DESC LIMIT ? OFFSET ?`).all(...params, limit, offset);
+    return {
+        entries: rows.map((row) => projectEntry(rowToEntry(row), selectedFields)),
+        limit,
+        offset,
+        total: totalRow.total,
+    };
+}
+function clampListLimit(value) {
+    if (value === undefined || !Number.isFinite(value))
+        return 50;
+    return Math.min(100, Math.max(1, Math.floor(value)));
+}
+function validateSelectedFields(schema, fields) {
+    const selected = fields?.map((field) => field.trim()).filter(Boolean);
+    if (!selected || selected.length === 0)
+        return undefined;
+    const allowed = new Set(schema.fields.map((field) => field.slug));
+    for (const field of selected) {
+        if (!allowed.has(field))
+            throw new Error("ENTRY_FIELD_UNKNOWN");
+    }
+    return [...new Set(selected)];
+}
+function projectEntry(entry, fields) {
+    if (!fields)
+        return entry;
+    const data = {};
+    for (const field of fields) {
+        data[field] = entry.data[field];
+    }
+    return { ...entry, data };
+}
+function requireSchema(db, schemaId) {
+    const schema = getSchemaById(db, schemaId);
+    if (!schema)
+        throw new Error("SCHEMA_NOT_FOUND");
+    return schema;
+}
+function rowToEntry(row) {
+    return {
+        id: row.id,
+        schemaId: row.schemaId,
+        data: JSON.parse(row.dataJson),
+        createdAt: row.createdAt,
+        updatedAt: row.updatedAt,
+    };
+}
+function entrySelectSql(where) {
+    return `SELECT id, schema_id as schemaId, data_json as dataJson, created_at as createdAt, updated_at as updatedAt FROM entries ${where}`;
+}

package/dist/entry-repository.d.ts

@@ -0,0 +1,8 @@
+import type { SqliteDatabase } from "./sqlite.js";
+import type { CreateEntryInput, EntryRecord, UpdateEntryInput } from "./entry-repository.type.js";
+export declare function createEntry(db: SqliteDatabase, input: CreateEntryInput): EntryRecord;
+export declare function listEntries(db: SqliteDatabase, schemaId: string): EntryRecord[];
+export declare function getEntryById(db: SqliteDatabase, id: string): EntryRecord | undefined;
+export declare function updateEntry(db: SqliteDatabase, id: string, input: UpdateEntryInput): EntryRecord;
+export declare function deleteEntry(db: SqliteDatabase, id: string): void;
+//# sourceMappingURL=entry-repository.d.ts.map

package/dist/entry-repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entry-repository.d.ts","sourceRoot":"","sources":["../src/entry-repository.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAAE,gBAAgB,EAAa,WAAW,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAK7G,wBAAgB,WAAW,CAAC,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,gBAAgB,GAAG,WAAW,CAUpF;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,EAAE,CAQ/E;AAED,wBAAgB,YAAY,CAAC,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAGpF;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,GAAG,WAAW,CAYhG;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,GAAG,IAAI,CAIhE"}

package/dist/entry-repository.js

@@ -0,0 +1,181 @@
+import { randomUUID } from "node:crypto";
+import { relationEntryReferenced, relationOneToOneConflict, relationTargetEntryInvalid, relationValueShapeInvalid, } from "./relation-errors.js";
+import { entryDataReferences, listEntryDataRows, parseEntryData, relationTypeOf, } from "./relation-helpers.js";
+import { getSchemaById } from "./schema-repository.js";
+export function createEntry(db, input) {
+    const schema = requireSchema(db, input.schemaId);
+    validateEntryData(db, schema, input.data);
+    const normalizedData = normalizeEntryData(schema, input.data);
+    const id = randomUUID();
+    const now = new Date().toISOString();
+    db.prepare("INSERT INTO entries (id, schema_id, data_json, created_at, updated_at) VALUES (?, ?, ?, ?, ?)").run(id, input.schemaId, JSON.stringify(normalizedData), now, now);
+    return requireEntry(db, id);
+}
+export function listEntries(db, schemaId) {
+    requireSchema(db, schemaId);
+    const rows = db
+        .prepare("SELECT id, schema_id as schemaId, data_json as dataJson, created_at as createdAt, updated_at as updatedAt FROM entries WHERE schema_id = ? ORDER BY created_at ASC")
+        .all(schemaId);
+    return rows.map(rowToEntry);
+}
+export function getEntryById(db, id) {
+    const row = db.prepare(entrySelectSql("WHERE id = ?")).get(id);
+    return row ? rowToEntry(row) : undefined;
+}
+export function updateEntry(db, id, input) {
+    const current = requireEntry(db, id);
+    const schema = requireSchema(db, current.schemaId);
+    validateEntryData(db, schema, input.data, id);
+    const normalizedData = normalizeEntryData(schema, input.data);
+    const now = new Date().toISOString();
+    db.prepare("UPDATE entries SET data_json = ?, updated_at = ? WHERE id = ?").run(JSON.stringify(normalizedData), now, id);
+    return requireEntry(db, id);
+}
+export function deleteEntry(db, id) {
+    assertEntryNotReferenced(db, id);
+    const result = db.prepare("DELETE FROM entries WHERE id = ?").run(id);
+    if (result.changes === 0)
+        throw new Error("ENTRY_NOT_FOUND");
+}
+function assertEntryNotReferenced(db, entryId) {
+    const rows = listEntryDataRows(db);
+    for (const row of rows) {
+        if (row.id === entryId)
+            continue;
+        if (entryDataReferences(parseEntryData(row.dataJson), entryId)) {
+            throw new Error(relationEntryReferenced(entryId));
+        }
+    }
+}
+function validateEntryData(db, schema, data, currentEntryId) {
+    if (!isRecord(data))
+        throw new Error("ENTRY_DATA_INVALID");
+    const fieldSlugs = new Set(schema.fields.map((field) => field.slug));
+    for (const key of Object.keys(data)) {
+        if (!fieldSlugs.has(key))
+            throw new Error("ENTRY_FIELD_UNKNOWN");
+    }
+    for (const field of schema.fields) {
+        const value = data[field.slug];
+        if (field.required && isMissing(value)) {
+            throw new Error(`ENTRY_FIELD_REQUIRED:${field.slug}`);
+        }
+        if (!isMissing(value)) {
+            validateFieldValue(db, schema, field, value, currentEntryId);
+        }
+    }
+}
+function validateFieldValue(db, schema, field, value, currentEntryId) {
+    if (field.type === "text" || field.type === "longText" || field.type === "media") {
+        assertType(field, typeof value === "string");
+    }
+    else if (field.type === "number") {
+        assertType(field, typeof value === "number" && Number.isFinite(value));
+    }
+    else if (field.type === "boolean") {
+        assertType(field, typeof value === "boolean");
+    }
+    else if (field.type === "date") {
+        assertType(field, typeof value === "string" && !Number.isNaN(Date.parse(value)));
+    }
+    else if (field.type === "relation") {
+        assertRelation(db, schema, field, value, currentEntryId);
+    }
+}
+function assertRelation(db, schema, field, value, currentEntryId) {
+    const relationType = relationTypeOf(field);
+    if (relationType === "oneToMany" || relationType === "manyToMany") {
+        assertMultiRelation(db, field, value);
+        return;
+    }
+    if (typeof value !== "string") {
+        throw new Error(relationValueShapeInvalid(field.slug));
+    }
+    const target = getEntryById(db, String(value));
+    if (!target || target.schemaId !== field.relationSchemaId) {
+        throw new Error(relationTargetEntryInvalid(field.slug));
+    }
+    if (relationType === "oneToOne") {
+        assertOneToOneAvailable(db, schema, field, value, currentEntryId);
+    }
+}
+function assertMultiRelation(db, field, value) {
+    if (!Array.isArray(value)) {
+        throw new Error(relationValueShapeInvalid(field.slug));
+    }
+    if (field.required && value.length === 0) {
+        throw new Error(`ENTRY_FIELD_REQUIRED:${field.slug}`);
+    }
+    const seen = new Set();
+    for (const targetEntryId of value) {
+        if (typeof targetEntryId !== "string") {
+            throw new Error(relationValueShapeInvalid(field.slug));
+        }
+        if (seen.has(targetEntryId))
+            continue;
+        seen.add(targetEntryId);
+        const target = getEntryById(db, targetEntryId);
+        if (!target || target.schemaId !== field.relationSchemaId) {
+            throw new Error(relationTargetEntryInvalid(field.slug));
+        }
+    }
+}
+function normalizeEntryData(schema, data) {
+    const normalized = { ...data };
+    for (const field of schema.fields) {
+        if (field.type !== "relation")
+            continue;
+        const value = normalized[field.slug];
+        if (isMissing(value))
+            continue;
+        const relationType = relationTypeOf(field);
+        if (relationType === "oneToMany" || relationType === "manyToMany") {
+            normalized[field.slug] = Array.isArray(value) ? [...new Set(value)] : value;
+        }
+    }
+    return normalized;
+}
+function assertOneToOneAvailable(db, schema, field, targetEntryId, currentEntryId) {
+    const rows = listEntryDataRows(db, "WHERE schema_id = ?", [schema.id]);
+    for (const row of rows) {
+        if (row.id === currentEntryId)
+            continue;
+        const data = parseEntryData(row.dataJson);
+        if (data[field.slug] === targetEntryId)
+            throw new Error(relationOneToOneConflict(field.slug));
+    }
+}
+function assertType(field, valid) {
+    if (!valid)
+        throw new Error(`ENTRY_FIELD_TYPE_INVALID:${field.slug}`);
+}
+function isMissing(value) {
+    return value === undefined || value === null || value === "";
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function requireSchema(db, schemaId) {
+    const schema = getSchemaById(db, schemaId);
+    if (!schema)
+        throw new Error("SCHEMA_NOT_FOUND");
+    return schema;
+}
+function requireEntry(db, id) {
+    const entry = getEntryById(db, id);
+    if (!entry)
+        throw new Error("ENTRY_NOT_FOUND");
+    return entry;
+}
+function rowToEntry(row) {
+    return {
+        id: row.id,
+        schemaId: row.schemaId,
+        data: JSON.parse(row.dataJson),
+        createdAt: row.createdAt,
+        updatedAt: row.updatedAt,
+    };
+}
+function entrySelectSql(where) {
+    return `SELECT id, schema_id as schemaId, data_json as dataJson, created_at as createdAt, updated_at as updatedAt FROM entries ${where}`;
+}

package/dist/entry-repository.type.d.ts

@@ -0,0 +1,32 @@
+export type SingleRelationEntryValue = string | null;
+export type MultiRelationEntryValue = string[];
+export type RelationEntryValue = SingleRelationEntryValue | MultiRelationEntryValue;
+export type EntryFieldValue = boolean | number | string | null | Record<string, unknown> | unknown[] | RelationEntryValue;
+export type EntryData = Record<string, EntryFieldValue | undefined>;
+export type CreateEntryInput = {
+    schemaId: string;
+    data: EntryData;
+};
+export type UpdateEntryInput = {
+    data: EntryData;
+};
+export type EntryListOptions = {
+    fields?: string[];
+    limit?: number;
+    offset?: number;
+    search?: string;
+};
+export type EntryListResult = {
+    entries: EntryRecord[];
+    limit: number;
+    offset: number;
+    total: number;
+};
+export type EntryRecord = {
+    id: string;
+    schemaId: string;
+    data: EntryData;
+    createdAt: string;
+    updatedAt: string;
+};
+//# sourceMappingURL=entry-repository.type.d.ts.map

package/dist/entry-repository.type.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entry-repository.type.d.ts","sourceRoot":"","sources":["../src/entry-repository.type.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,wBAAwB,GAAG,MAAM,GAAG,IAAI,CAAC;AAErD,MAAM,MAAM,uBAAuB,GAAG,MAAM,EAAE,CAAC;AAE/C,MAAM,MAAM,kBAAkB,GAAG,wBAAwB,GAAG,uBAAuB,CAAC;AAEpF,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,MAAM,GACN,MAAM,GACN,IAAI,GACJ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,OAAO,EAAE,GACT,kBAAkB,CAAC;AAEvB,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,GAAG,SAAS,CAAC,CAAC;AAEpE,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,SAAS,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/entry-repository.type.js

@@ -0,0 +1 @@
+export {};

package/dist/index.d.ts

@@ -0,0 +1,29 @@
+export { MVP_FOUNDATION_SQL, MVP_MIGRATION_ID, MVP_TABLES, } from "./migrations.js";
+export { listMvpTables, migrateMvpDatabase, openSqliteDatabase, } from "./sqlite.js";
+export { createEntry, deleteEntry, getEntryById, listEntries, updateEntry, } from "./entry-repository.js";
+export { queryEntries } from "./entry-query.js";
+export { createAdminRole, createRole, getRoleById, listAdminRoles, listRoles, } from "./role-repository.js";
+export { createApiToken, listApiTokens, resolveApiToken, revokeApiToken, } from "./api-token-repository.js";
+export { consumeRealtimeSession, createRealtimeSession, } from "./realtime-session-repository.js";
+export { countWebhookDeliveryAttempts, createWebhook, deleteWebhook, enqueueWebhookEvent, hasSuccessfulWebhookDelivery, listMatchingWebhooks, listPendingWebhookEvents, listWebhookDeliveries, listWebhooks, recordWebhookDelivery, updateWebhook, updateWebhookEventStatus, } from "./webhook-repository.js";
+export { getRealtimeConfig, isRealtimeEventEnabled, listRealtimeEventsAfter, listRealtimeConfigs, listRealtimeSettings, listRecentRealtimeEvents, pruneRealtimeEvents, recordRealtimeEvent, setRealtimeConfig, } from "./realtime-repository.js";
+export { adminPermissionActions, canAdminRoleAccess, listAdminRolePermissions, setAdminPermission, } from "./admin-permission-repository.js";
+export { canRoleAccess, listRolePermissions, setPermission, } from "./permission-repository.js";
+export { createUser, getUserById, getUserPasswordHashByEmail, listUsers, } from "./user-repository.js";
+export { createSchema, deleteSchema, getSchemaById, getSchemaBySlug, listSchemas, updateSchema, } from "./schema-repository.js";
+export { relationEntryReferenced, relationFieldUpdateUnsafe, relationOneToOneConflict, relationSchemaReferenced, relationErrors, relationTargetEntryInvalid, relationValueShapeInvalid, } from "./relation-errors.js";
+export { entryDataReferences, listEntryDataRows, parseEntryData, relationTypeOf, schemaEntriesUseField, } from "./relation-helpers.js";
+export type { MvpTableName, MigrationRecord, TableInfoRow } from "./schema.type.js";
+export type { CreateEntryInput, EntryData, EntryFieldValue, EntryListOptions, EntryListResult, EntryRecord, MultiRelationEntryValue, RelationEntryValue, SingleRelationEntryValue, UpdateEntryInput, } from "./entry-repository.type.js";
+export type { CreateRoleInput, RoleKind, RoleRecord } from "./role-repository.type.js";
+export type { ApiTokenRecord, CreatedApiToken, CreateApiTokenInput, } from "./api-token-repository.type.js";
+export type { CreatedRealtimeSession, CreateRealtimeSessionInput, RealtimeSessionRecord, } from "./realtime-session-repository.type.js";
+export type { EnqueueWebhookEventInput, RecordWebhookDeliveryInput, WebhookDeliveryRecord, WebhookDeliveryStatus, WebhookDraft, WebhookEventRecord, WebhookEventStatus, WebhookEventType, WebhookPayload, WebhookRecord, WebhookSecretRecord, } from "./webhook-repository.type.js";
+export type { RealtimeConfigRecord, RealtimeEventRecord, RealtimeEventType, RecordRealtimeEventInput, SetRealtimeConfigInput, } from "./realtime-repository.type.js";
+export type { AdminPermissionAction, AdminPermissionRecord, SetAdminPermissionInput, } from "./admin-permission-repository.type.js";
+export type { PermissionAction, PermissionRecord, SetPermissionInput, } from "./permission-repository.type.js";
+export type { CreateUserInput, UserRecord } from "./user-repository.type.js";
+export type { CreateFieldInput, CreateSchemaInput, FieldRecord, FieldType, MultiRelationValue, RelationFieldContract, RelationType, RelationValue, SchemaRecord, SingleRelationValue, UpdateSchemaInput, } from "./schema-repository.type.js";
+export type { RelationErrorCode } from "./relation-errors.js";
+export type { SqliteDatabase } from "./sqlite.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,GACX,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EACX,WAAW,EACX,YAAY,EACZ,WAAW,EACX,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EACL,eAAe,EACf,UAAU,EACV,WAAW,EACX,cAAc,EACd,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,EACd,aAAa,EACb,eAAe,EACf,cAAc,GACf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,4BAA4B,EAC5B,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,4BAA4B,EAC5B,oBAAoB,EACpB,wBAAwB,EACxB,qBAAqB,EACrB,YAAY,EACZ,qBAAqB,EACrB,aAAa,EACb,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,sBAAsB,EACtB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,aAAa,GACd,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,UAAU,EACV,WAAW,EACX,0BAA0B,EAC1B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,eAAe,EACf,WAAW,EACX,YAAY,GACb,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,wBAAwB,EACxB,wBAAwB,EACxB,cAAc,EACd,0BAA0B,EAC1B,yBAAyB,GAC1B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACpF,YAAY,EACV,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,uBAAuB,EACvB,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AACpC,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvF,YAAY,EACV,cAAc,EACd,eAAe,EACf,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AACxC,YAAY,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uCAAuC,CAAC;AAC/C,YAAY,EACV,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,qBAAqB,EACrB,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,mBAAmB,GACpB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,EACjB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,uCAAuC,CAAC;AAC/C,YAAY,EACV,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,iCAAiC,CAAC;AACzC,YAAY,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC7E,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,kBAAkB,EAClB,qBAAqB,EACrB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+export { MVP_FOUNDATION_SQL, MVP_MIGRATION_ID, MVP_TABLES, } from "./migrations.js";
+export { listMvpTables, migrateMvpDatabase, openSqliteDatabase, } from "./sqlite.js";
+export { createEntry, deleteEntry, getEntryById, listEntries, updateEntry, } from "./entry-repository.js";
+export { queryEntries } from "./entry-query.js";
+export { createAdminRole, createRole, getRoleById, listAdminRoles, listRoles, } from "./role-repository.js";
+export { createApiToken, listApiTokens, resolveApiToken, revokeApiToken, } from "./api-token-repository.js";
+export { consumeRealtimeSession, createRealtimeSession, } from "./realtime-session-repository.js";
+export { countWebhookDeliveryAttempts, createWebhook, deleteWebhook, enqueueWebhookEvent, hasSuccessfulWebhookDelivery, listMatchingWebhooks, listPendingWebhookEvents, listWebhookDeliveries, listWebhooks, recordWebhookDelivery, updateWebhook, updateWebhookEventStatus, } from "./webhook-repository.js";
+export { getRealtimeConfig, isRealtimeEventEnabled, listRealtimeEventsAfter, listRealtimeConfigs, listRealtimeSettings, listRecentRealtimeEvents, pruneRealtimeEvents, recordRealtimeEvent, setRealtimeConfig, } from "./realtime-repository.js";
+export { adminPermissionActions, canAdminRoleAccess, listAdminRolePermissions, setAdminPermission, } from "./admin-permission-repository.js";
+export { canRoleAccess, listRolePermissions, setPermission, } from "./permission-repository.js";
+export { createUser, getUserById, getUserPasswordHashByEmail, listUsers, } from "./user-repository.js";
+export { createSchema, deleteSchema, getSchemaById, getSchemaBySlug, listSchemas, updateSchema, } from "./schema-repository.js";
+export { relationEntryReferenced, relationFieldUpdateUnsafe, relationOneToOneConflict, relationSchemaReferenced, relationErrors, relationTargetEntryInvalid, relationValueShapeInvalid, } from "./relation-errors.js";
+export { entryDataReferences, listEntryDataRows, parseEntryData, relationTypeOf, schemaEntriesUseField, } from "./relation-helpers.js";