@authhero/kysely-adapter 11.7.0 → 11.8.1

package/dist/kysely-adapter.cjs

@@ -181,4 +181,4 @@ Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{val
       UPDATE clients
       SET client_metadata = json_remove(client_metadata, '$.disable_sign_ups')
       WHERE json_extract(client_metadata, '$.disable_sign_ups') IS NOT NULL
-    `.execute(e))}async function _h(e){await e.schema.alterTable(`clients`).dropColumn(`hide_sign_up_disabled_error`).execute(),await e.schema.alterTable(`clients`).dropColumn(`disable_sign_ups`).execute()}var vh=t({down:()=>xh,up:()=>bh});async function yh(e){try{return await i.sql`SELECT VERSION()`.execute(e),`mysql`}catch{return`sqlite`}}async function bh(e){await yh(e);let t=await e.selectFrom(`clients`).select([`tenant_id`,`connections`]).where(`disable_sign_ups`,`=`,1).execute(),n=new Map;for(let e of t){let t=[];try{t=JSON.parse(e.connections||`[]`)}catch{t=[]}if(!Array.isArray(t)||t.length===0)continue;let r=n.get(e.tenant_id);r||(r=new Set,n.set(e.tenant_id,r));for(let e of t)r.add(e)}for(let[t,r]of n){let n=await e.selectFrom(`connections`).select([`id`,`options`]).where(`tenant_id`,`=`,t).where(`id`,`in`,[...r]).execute();for(let r of n){let n={};try{n=r.options?JSON.parse(r.options):{}}catch{n={}}n.disable_signup!==!0&&(n.disable_signup=!0,await e.updateTable(`connections`).set({options:JSON.stringify(n)}).where(`tenant_id`,`=`,t).where(`id`,`=`,r.id).execute())}}await e.schema.alterTable(`clients`).dropColumn(`disable_sign_ups`).execute()}async function xh(e){await e.schema.alterTable(`clients`).addColumn(`disable_sign_ups`,`integer`,e=>e.notNull().defaultTo(0)).execute()}var Sh=t({down:()=>wh,up:()=>Ch});async function Ch(e){await e.schema.alterTable(`actions`).addColumn(`is_system`,`integer`,e=>e.notNull().defaultTo(0)).execute(),await e.schema.alterTable(`actions`).addColumn(`inherit`,`integer`,e=>e.notNull().defaultTo(0)).execute()}async function wh(e){await e.schema.alterTable(`actions`).dropColumn(`inherit`).execute(),await e.schema.alterTable(`actions`).dropColumn(`is_system`).execute()}var Th=t({down:()=>kh,up:()=>Oh}),Eh=[`token_endpoint`,`userinfo_endpoint`,`client_id`,`client_secret`];function Dh(e){if(!e)return{};try{let t=JSON.parse(e);return t&&typeof t==`object`?t:{}}catch{return{}}}async function Oh(e){let t=await e.selectFrom(`connections`).select([`id`,`tenant_id`,`options`]).where(`strategy`,`=`,`auth0`).execute(),n=new Map;for(let e of t){let t=n.get(e.tenant_id)??[];t.push(e),n.set(e.tenant_id,t)}let r=[...n.entries()].filter(([,e])=>e.length!==1);if(r.length>0){let e=r.map(([e,t])=>`${e} (${t.length} rows: ${t.map(e=>e.id).join(`, `)})`).join(`; `);throw Error(`[collapse_auth0_source] cannot proceed: the following tenants have more than one strategy="auth0" connection — resolve manually before re-running the migration: ${e}`)}for(let[t,r]of n){let n=r[0],i=await e.selectFrom(`connections`).select([`id`,`name`,`options`]).where(`tenant_id`,`=`,t).where(`strategy`,`=`,`Username-Password-Authentication`).execute();if(i.length===0){console.warn(`[collapse_auth0_source] tenant=${t}: auth0 connection ${n.id} has no DB connection to merge into; deleting it`),await e.deleteFrom(`connections`).where(`tenant_id`,`=`,t).where(`id`,`=`,n.id).execute();continue}if(i.length>1){console.warn(`[collapse_auth0_source] tenant=${t}: ${i.length} DB connections found; skipping merge — resolve manually before next deploy`);continue}let a=Dh(n.options),o={};for(let e of Eh)typeof a[e]==`string`&&(o[e]=a[e]);let s=i[0],c=Dh(s.options);c.configuration={...c.configuration&&typeof c.configuration==`object`?c.configuration:{},...o},await e.updateTable(`connections`).set({options:JSON.stringify(c)}).where(`tenant_id`,`=`,t).where(`id`,`=`,s.id).execute(),await e.deleteFrom(`connections`).where(`tenant_id`,`=`,t).where(`id`,`=`,n.id).execute()}}async function kh(){}var Ah=t({down:()=>Mh,up:()=>jh});async function jh(e){await e.schema.createTable(`migration_sources`).addColumn(`id`,`varchar(64)`,e=>e.primaryKey()).addColumn(`tenant_id`,`varchar(191)`,e=>e.notNull()).addColumn(`name`,`varchar(255)`,e=>e.notNull()).addColumn(`provider`,`varchar(32)`,e=>e.notNull()).addColumn(`connection`,`varchar(255)`,e=>e.notNull()).addColumn(`enabled`,`boolean`,e=>e.notNull()).addColumn(`credentials`,`text`,e=>e.notNull()).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`idx_migration_sources_tenant_id`).on(`migration_sources`).columns([`tenant_id`]).execute()}async function Mh(e){await e.schema.dropTable(`migration_sources`).execute()}var Nh=t({down:()=>Fh,up:()=>Ph});async function Ph(e){await e.schema.createTable(`proxy_routes`).addColumn(`id`,`varchar(64)`,e=>e.notNull().primaryKey()).addColumn(`tenant_id`,`varchar(255)`,e=>e.notNull()).addColumn(`custom_domain_id`,`varchar(256)`,e=>e.notNull()).addColumn(`priority`,`integer`,e=>e.notNull().defaultTo(100)).addColumn(`path_pattern`,`varchar(512)`,e=>e.notNull()).addColumn(`upstream_type`,`varchar(32)`,e=>e.notNull()).addColumn(`upstream_url`,`varchar(2048)`,e=>e.notNull()).addColumn(`preserve_host`,`integer`,e=>e.notNull().defaultTo(0)).addColumn(`middleware`,`varchar(8192)`,e=>e.notNull().defaultTo(`[]`)).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`proxy_routes_tenant_id_idx`).on(`proxy_routes`).column(`tenant_id`).execute(),await e.schema.createIndex(`proxy_routes_custom_domain_id_idx`).on(`proxy_routes`).column(`custom_domain_id`).execute()}async function Fh(e){await e.schema.dropTable(`proxy_routes`).execute()}var Ih=t({down:()=>Bh,up:()=>zh});function Lh(e){if(!e)return[];try{let t=JSON.parse(e);return Array.isArray(t)?t.map(e=>{let{type:t,...n}=e;return{type:t,options:n}}):[]}catch{return[]}}function Rh(e){let t=Lh(e.middleware),n={type:e.upstream_type===`authhero`?`http`:e.upstream_type,options:{upstream_url:e.upstream_url,preserve_host:e.preserve_host!==0}};return[...t,n]}async function zh(e){await e.schema.alterTable(`proxy_routes`).addColumn(`match`,`varchar(2048)`,e=>e.notNull().defaultTo(`{"path":"/*"}`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`handlers`,`text`,e=>e.notNull().defaultTo(`[]`)).execute();let t=await e.selectFrom(`proxy_routes`).select([`id`,`path_pattern`,`upstream_type`,`upstream_url`,`preserve_host`,`middleware`]).execute();for(let n of t){let t={path:n.path_pattern||`/*`},r=Rh(n);await e.updateTable(`proxy_routes`).set({match:JSON.stringify(t),handlers:JSON.stringify(r)}).where(`id`,`=`,n.id).execute()}await e.schema.alterTable(`proxy_routes`).dropColumn(`path_pattern`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`upstream_type`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`upstream_url`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`preserve_host`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`middleware`).execute()}async function Bh(e){await e.schema.alterTable(`proxy_routes`).addColumn(`path_pattern`,`varchar(512)`,e=>e.notNull().defaultTo(`/*`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`upstream_type`,`varchar(32)`,e=>e.notNull().defaultTo(`http`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`upstream_url`,`varchar(2048)`,e=>e.notNull().defaultTo(``)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`preserve_host`,`integer`,e=>e.notNull().defaultTo(0)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`middleware`,`varchar(8192)`,e=>e.notNull().defaultTo(`[]`)).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`match`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`handlers`).execute()}var Vh=t({down:()=>Wh,up:()=>Uh});async function Hh(e){try{return await i.sql`SELECT VERSION()`.execute(e),`mysql`}catch{return`sqlite`}}async function Uh(e){await Hh(e)===`mysql`&&(q(`Widening user_permissions.resource_server_identifier from varchar(21) to varchar(100)...`),await e.schema.alterTable(`user_permissions`).modifyColumn(`resource_server_identifier`,`varchar(100)`,e=>e.notNull()).execute())}async function Wh(e){await Hh(e)===`mysql`&&await e.schema.alterTable(`user_permissions`).modifyColumn(`resource_server_identifier`,`varchar(21)`,e=>e.notNull()).execute()}var Gh=t({down:()=>qh,up:()=>Kh});async function Kh(e){await e.schema.createTable(`grants`).addColumn(`id`,`varchar(21)`,e=>e.primaryKey()).addColumn(`tenant_id`,`varchar(255)`,e=>e.references(`tenants.id`).onDelete(`cascade`).notNull()).addColumn(`user_id`,`varchar(255)`,e=>e.notNull()).addForeignKeyConstraint(`grants_user_id_constraint`,[`user_id`,`tenant_id`],`users`,[`user_id`,`tenant_id`],e=>e.onDelete(`cascade`)).addColumn(`client_id`,`varchar(100)`,e=>e.notNull()).addColumn(`audience`,`varchar(100)`,e=>e.notNull().defaultTo(``)).addColumn(`scope`,`text`,e=>e.notNull().defaultTo(`[]`)).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`grants_natural_key_idx`).on(`grants`).columns([`tenant_id`,`user_id`,`client_id`,`audience`]).unique().execute(),await e.schema.createIndex(`grants_tenant_user_idx`).on(`grants`).columns([`tenant_id`,`user_id`]).execute()}async function qh(e){await e.schema.dropTable(`grants`).execute()}var Jh=t({down:()=>Xh,up:()=>Yh});async function Yh(e){await i.sql`UPDATE clients SET is_first_party = 1 WHERE is_first_party = 0`.execute(e)}async function Xh(e){}var Zh={m1_init:Aa,m2_magicLink:Na,m3_updateAt:Ia,m4_logTable:za,m5_userProfile:Ha,m6_sessions:Ga,m7_passwords:Ja,m8_logsTableNewFields:Za,m9_passwordTableNewField:eo,n01_codesTable:ro,n11_universalLoginSession:oo,n12_userFields:lo,n13_userEmailIndex:po,n14_profileDataField:go,n15_userEmailIndex:yo,n16_userLocale:So,n17_signingKeys:To,n18_logsFields:Oo,n19_connectionsUserinfo:jo,n20_missingFields:Po,n21_sessionDeletedAt:Lo,n22_dropLogsFields:Bo,n23_dropUsersFields:Uo,n24_logsIndexes:Ko,n25_logDescMaxLength:Yo,n26_logsTableExtraFields:Qo,n27_usersTableNameIndex:ts,n28_usersEmailConstrain:is,n29_increaseOtpStateLength:ss,n30_increaseTicketStateLength:us,n31_branding:ps,n32_indexesAndNotNull:gs,n33_vendorIdInUniversalLoginSession:ys,n34_auth0ClientInUniversalLoginSession:Ss,n35_increaseUniversalSessionStateLength:Ts,n36_authenticationCodes:Os,n37_disableSignUps:js,n38_otpIpAddress:Ps,n39_increaseUserAgentLength:Ls,n40_userId:Bs,n41_hooks:Us,n42_userIdIndexes:Ks,n43_userIdIndexes:Ys,n44_codes:Qs,n45_hookProperties:tc,n46_loginAuth0Client:ic,n47_loginAuth0Client:sc,n48_saml:uc,n49_removeFields:pc,n50_authParamsNonce:gc,n51_connectionid:yc,n52_cert:Sc,n53_codes_primary_key:Tc,n54_cleanup_tables:Oc,n55_logs_index:jc,n56_application_fields:Pc,n57_prompt_settings:Lc,n58_connection_client_id:Bc,n59_connection_options:Uc,n60_users_metadata:Kc,n61_userLocales:Yc,n62_prompt:Qc,n63_connection_cleanup:tl,n64_act_as:il,n65_code_verifier:sl,n66_email_providers:ul,n67_drop_tickets:pl,n68_login_useragents:gl,n70_refresh_tokens:yl,n71_session_new_fields:Sl,n72_session_primary_key:Tl,n73_drop_sessions:Ol,n74_custom_domains:jl,n75_organizations:Pl,n76_authorization_url_length:Ll,n77_drop_sessions:Bl,n78_login_sessions:Ul,n79_drop_sessions_2:Kl,n80_recreate_custom_domains:Yl,n81_phone:Ql,n82_forms:tu,n83_addFormsIdToHooks:iu,n84_login_completed:su,n85_add_login_session_id_to_sessions:uu,n86_index_sessions_login_session_id:pu,n87_code_challenge:gu,n88_add_redirect_uri_to_codes:yu,n89_add_nonce_and_state_to_codes:Su,n90_themes:Tu,n91_resource_servers_rules_permissions:Ou,n92_role_permissions:ju,n93_add_permissions_to_roles:Pu,n94_keys_connection_and_extend_columns:Lu,n95_create_organizations_table:Bu,n96_create_user_organizations_table:Uu,n97_add_organization_to_user_permissions_and_roles:Ku,n98_clients:Yu,n99_update_client_foreign_keys:ed,o001_client_grants:cd,o002_drop_applications:dd,o003_phone_number_index:md,o004_login_sessions_id_index:_d,o005_connections_tenant_index:bd,o006_remove_redundant_user_organizations_tenant_index:Cd,o007_tenant_settings:Ed,o008_merge_tenant_settings_into_tenants:kd,o009_create_invites_table:Md,o010_add_log_id_to_logs:Fd,o011_add_location_info_to_logs:Rd,o012_add_password_history:Vd,o013_connection_display_name:Wd,o014_client_connections:qd,o015_flows:Xd,o016_add_is_system_column:$d,o017_connections_composite_key:nf,o018_login_session_state:of,o019_roles_resource_servers_metadata:lf,o020_session_add_timestamp_columns:ff,o021_session_cleanup_and_ulid:gf,o022_oidc_profile_claims:bf,o023_preferred_username:Cf,o024_user_address:Ef,o025_authparams_max_age:kf,o026_auth0_conformant:Mf,o027_universal_login_templates:Ff,o028_custom_text:Rf,o029_guardian_mfa:Vf,o030_add_template_id_to_hooks:Wf,o031_hooks_cleanup:Xf,o032_unique_username_provider:tp,o033_add_login_id_to_refresh_tokens:ip,o034_refresh_tokens_replace_session_id_with_login_id:sp,o035_idle_expires_at_ts_indexes:dp,o036_add_connection_to_login_sessions:mp,o037_mfa_enrollments:_p,o038_add_otp_to_codes:bp,o039_rename_mfa_enrollments_to_authentication_methods:Cp,o040_create_outbox_events:Ep,o041_add_outbox_claim_columns:kp,o042_add_outbox_claim_index:Mp,o043_add_code_hooks:Fp,o044_create_actions:Rp,o045_outbox_dead_letter:Vp,o046_user_registration_completed_at:Wp,o047_outbox_dead_lettered_tenant_index:qp,o048_add_auth_strategy_to_login_sessions:Xp,o049_login_sessions_auth_params:$p,o050_login_sessions_auth_params_backfill:rm,o051_relax_login_sessions_authparams:lm,o052_drop_login_sessions_hoisted_authparams:hm,o053_refresh_tokens_revoked_at:Cm,o054_client_registration_tokens:Em,o055_planetscale_redundant_indexes_cleanup:km,o056_client_user_linking_mode:Fm,o057_hooks_metadata:Rm,o058_refresh_tokens_rotation:Vm,o059_organization_connections:Wm,o060_log_streams:qm,o061_tenants_attack_protection:Xm,o062_tenants_default_client_id:$m,o063_email_templates:nh,o064_create_action_versions:ah,o065_branding_dark_mode:ch,o066_create_action_executions:dh,o067_client_disable_sign_ups:mh,o068_move_disable_signup_to_connection:vh,o069_actions_is_system_inherit:Sh,o070_collapse_auth0_source_into_db_connection:Th,o071_migration_sources:Ah,o072_proxy_routes:Nh,o073_proxy_routes_v2:Ih,o074_widen_user_permissions_resource_server_identifier:Vh,o075_create_grants:Gh,o076_default_first_party_true:Jh};async function Qh(e,t=!1){$u(t),t&&console.log(`migrating...`);let{error:n,results:r}=await new Oa({db:e,provider:new ka(Zh)}).migrateToLatest();if(r?.forEach(e=>{e.status===`Success`?t&&console.log(`migration "${e.migrationName}" was executed successfully`):e.status===`Error`&&console.error(`failed to execute migration "${e.migrationName}"`)}),n)throw console.error(`failed to migrate`),console.error(n),n}async function $h(e,t=!1){$u(t),t&&console.log(`migrating...`);let{error:n,results:r}=await new Oa({db:e,provider:new ka(Zh)}).migrateDown();if(r?.forEach(e=>{e.status===`Success`?t&&console.log(`migration "${e.migrationName}" was reverted successfully`):e.status===`Error`&&console.error(`failed to execute migration "${e.migrationName}"`)}),n)throw console.error(`failed to migrate`),console.error(n),n}function eg(e,t={useTransactions:!0}){let n={actions:oe(e),actionExecutions:ue(e),actionVersions:pe(e),branding:mn(e),clients:kt(e),clientConnections:Ft(e),clientGrants:Vt(e),clientRegistrationTokens:$t(e),codes:mt(e),connections:St(e),emailProviders:tr(e),emailTemplates:cr(e),customDomains:dn(e),flows:Me(e),forms:Tr(e),hookCode:kn(e),hooks:wn(e),invites:Ci(e),keys:rn(e),loginSessions:Kn(e),logs:Xe(e),logStreams:aa(e),migrationSources:oa(e),authenticationMethods:qi(e),passwords:st(e),promptSettings:Xn(e),proxyRoutes:z(e),refreshTokens:_r(e),resourceServers:jr(e),rolePermissions:Vr(e),grants:qr(e),userPermissions:Qr(e),userRoles:ri(e),roles:Lr(e),sessions:nt(e),sessionCleanup:yr(e),tenants:He(e),themes:Pn(e),universalLoginTemplates:vn(e),customText:Bi(e),users:we(e),organizations:li(e),organizationConnections:ui(e),userOrganizations:_i(e),stats:Oi(e),analytics:zi(e),outbox:ia(e),async transaction(r){return t.useTransactions===!1?r(n):e.transaction().execute(async e=>r(eg(e,{...t,useTransactions:!1})))}};return n}exports.createProxyDataAdapter=ua,exports.createProxyRoutesAdapter=z,exports.default=eg,exports.migrateDown=$h,exports.migrateToLatest=Qh;
+    `.execute(e))}async function _h(e){await e.schema.alterTable(`clients`).dropColumn(`hide_sign_up_disabled_error`).execute(),await e.schema.alterTable(`clients`).dropColumn(`disable_sign_ups`).execute()}var vh=t({down:()=>xh,up:()=>bh});async function yh(e){try{return await i.sql`SELECT VERSION()`.execute(e),`mysql`}catch{return`sqlite`}}async function bh(e){await yh(e);let t=await e.selectFrom(`clients`).select([`tenant_id`,`connections`]).where(`disable_sign_ups`,`=`,1).execute(),n=new Map;for(let e of t){let t=[];try{t=JSON.parse(e.connections||`[]`)}catch{t=[]}if(!Array.isArray(t)||t.length===0)continue;let r=n.get(e.tenant_id);r||(r=new Set,n.set(e.tenant_id,r));for(let e of t)r.add(e)}for(let[t,r]of n){let n=await e.selectFrom(`connections`).select([`id`,`options`]).where(`tenant_id`,`=`,t).where(`id`,`in`,[...r]).execute();for(let r of n){let n={};try{n=r.options?JSON.parse(r.options):{}}catch{n={}}n.disable_signup!==!0&&(n.disable_signup=!0,await e.updateTable(`connections`).set({options:JSON.stringify(n)}).where(`tenant_id`,`=`,t).where(`id`,`=`,r.id).execute())}}await e.schema.alterTable(`clients`).dropColumn(`disable_sign_ups`).execute()}async function xh(e){await e.schema.alterTable(`clients`).addColumn(`disable_sign_ups`,`integer`,e=>e.notNull().defaultTo(0)).execute()}var Sh=t({down:()=>wh,up:()=>Ch});async function Ch(e){await e.schema.alterTable(`actions`).addColumn(`is_system`,`integer`,e=>e.notNull().defaultTo(0)).execute(),await e.schema.alterTable(`actions`).addColumn(`inherit`,`integer`,e=>e.notNull().defaultTo(0)).execute()}async function wh(e){await e.schema.alterTable(`actions`).dropColumn(`inherit`).execute(),await e.schema.alterTable(`actions`).dropColumn(`is_system`).execute()}var Th=t({down:()=>kh,up:()=>Oh}),Eh=[`token_endpoint`,`userinfo_endpoint`,`client_id`,`client_secret`];function Dh(e){if(!e)return{};try{let t=JSON.parse(e);return t&&typeof t==`object`?t:{}}catch{return{}}}async function Oh(e){let t=await e.selectFrom(`connections`).select([`id`,`tenant_id`,`options`]).where(`strategy`,`=`,`auth0`).execute(),n=new Map;for(let e of t){let t=n.get(e.tenant_id)??[];t.push(e),n.set(e.tenant_id,t)}let r=[...n.entries()].filter(([,e])=>e.length!==1);if(r.length>0){let e=r.map(([e,t])=>`${e} (${t.length} rows: ${t.map(e=>e.id).join(`, `)})`).join(`; `);throw Error(`[collapse_auth0_source] cannot proceed: the following tenants have more than one strategy="auth0" connection — resolve manually before re-running the migration: ${e}`)}for(let[t,r]of n){let n=r[0],i=await e.selectFrom(`connections`).select([`id`,`name`,`options`]).where(`tenant_id`,`=`,t).where(`strategy`,`=`,`Username-Password-Authentication`).execute();if(i.length===0){console.warn(`[collapse_auth0_source] tenant=${t}: auth0 connection ${n.id} has no DB connection to merge into; deleting it`),await e.deleteFrom(`connections`).where(`tenant_id`,`=`,t).where(`id`,`=`,n.id).execute();continue}if(i.length>1){console.warn(`[collapse_auth0_source] tenant=${t}: ${i.length} DB connections found; skipping merge — resolve manually before next deploy`);continue}let a=Dh(n.options),o={};for(let e of Eh)typeof a[e]==`string`&&(o[e]=a[e]);let s=i[0],c=Dh(s.options);c.configuration={...c.configuration&&typeof c.configuration==`object`?c.configuration:{},...o},await e.updateTable(`connections`).set({options:JSON.stringify(c)}).where(`tenant_id`,`=`,t).where(`id`,`=`,s.id).execute(),await e.deleteFrom(`connections`).where(`tenant_id`,`=`,t).where(`id`,`=`,n.id).execute()}}async function kh(){}var Ah=t({down:()=>Mh,up:()=>jh});async function jh(e){await e.schema.createTable(`migration_sources`).addColumn(`id`,`varchar(64)`,e=>e.primaryKey()).addColumn(`tenant_id`,`varchar(191)`,e=>e.notNull()).addColumn(`name`,`varchar(255)`,e=>e.notNull()).addColumn(`provider`,`varchar(32)`,e=>e.notNull()).addColumn(`connection`,`varchar(255)`,e=>e.notNull()).addColumn(`enabled`,`boolean`,e=>e.notNull()).addColumn(`credentials`,`text`,e=>e.notNull()).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`idx_migration_sources_tenant_id`).on(`migration_sources`).columns([`tenant_id`]).execute()}async function Mh(e){await e.schema.dropTable(`migration_sources`).execute()}var Nh=t({down:()=>Fh,up:()=>Ph});async function Ph(e){await e.schema.createTable(`proxy_routes`).addColumn(`id`,`varchar(64)`,e=>e.notNull().primaryKey()).addColumn(`tenant_id`,`varchar(255)`,e=>e.notNull()).addColumn(`custom_domain_id`,`varchar(256)`,e=>e.notNull()).addColumn(`priority`,`integer`,e=>e.notNull().defaultTo(100)).addColumn(`path_pattern`,`varchar(512)`,e=>e.notNull()).addColumn(`upstream_type`,`varchar(32)`,e=>e.notNull()).addColumn(`upstream_url`,`varchar(2048)`,e=>e.notNull()).addColumn(`preserve_host`,`integer`,e=>e.notNull().defaultTo(0)).addColumn(`middleware`,`varchar(8192)`,e=>e.notNull().defaultTo(`[]`)).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`proxy_routes_tenant_id_idx`).on(`proxy_routes`).column(`tenant_id`).execute(),await e.schema.createIndex(`proxy_routes_custom_domain_id_idx`).on(`proxy_routes`).column(`custom_domain_id`).execute()}async function Fh(e){await e.schema.dropTable(`proxy_routes`).execute()}var Ih=t({down:()=>Bh,up:()=>zh});function Lh(e){if(!e)return[];try{let t=JSON.parse(e);return Array.isArray(t)?t.map(e=>{let{type:t,...n}=e;return{type:t,options:n}}):[]}catch{return[]}}function Rh(e){let t=Lh(e.middleware),n={type:e.upstream_type===`authhero`?`http`:e.upstream_type,options:{upstream_url:e.upstream_url,preserve_host:e.preserve_host!==0}};return[...t,n]}async function zh(e){await e.schema.alterTable(`proxy_routes`).addColumn(`match`,`varchar(2048)`,e=>e.notNull().defaultTo(`{"path":"/*"}`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`handlers`,`text`,e=>e.notNull().defaultTo(`[]`)).execute();let t=await e.selectFrom(`proxy_routes`).select([`id`,`path_pattern`,`upstream_type`,`upstream_url`,`preserve_host`,`middleware`]).execute();for(let n of t){let t={path:n.path_pattern||`/*`},r=Rh(n);await e.updateTable(`proxy_routes`).set({match:JSON.stringify(t),handlers:JSON.stringify(r)}).where(`id`,`=`,n.id).execute()}await e.schema.alterTable(`proxy_routes`).dropColumn(`path_pattern`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`upstream_type`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`upstream_url`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`preserve_host`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`middleware`).execute()}async function Bh(e){await e.schema.alterTable(`proxy_routes`).addColumn(`path_pattern`,`varchar(512)`,e=>e.notNull().defaultTo(`/*`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`upstream_type`,`varchar(32)`,e=>e.notNull().defaultTo(`http`)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`upstream_url`,`varchar(2048)`,e=>e.notNull().defaultTo(``)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`preserve_host`,`integer`,e=>e.notNull().defaultTo(0)).execute(),await e.schema.alterTable(`proxy_routes`).addColumn(`middleware`,`varchar(8192)`,e=>e.notNull().defaultTo(`[]`)).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`match`).execute(),await e.schema.alterTable(`proxy_routes`).dropColumn(`handlers`).execute()}var Vh=t({down:()=>Wh,up:()=>Uh});async function Hh(e){try{return await i.sql`SELECT VERSION()`.execute(e),`mysql`}catch{return`sqlite`}}async function Uh(e){await Hh(e)===`mysql`&&(q(`Widening user_permissions.resource_server_identifier from varchar(21) to varchar(100)...`),await e.schema.alterTable(`user_permissions`).modifyColumn(`resource_server_identifier`,`varchar(100)`,e=>e.notNull()).execute())}async function Wh(e){await Hh(e)===`mysql`&&await e.schema.alterTable(`user_permissions`).modifyColumn(`resource_server_identifier`,`varchar(21)`,e=>e.notNull()).execute()}var Gh=t({down:()=>qh,up:()=>Kh});async function Kh(e){await e.schema.createTable(`grants`).addColumn(`id`,`varchar(21)`,e=>e.primaryKey()).addColumn(`tenant_id`,`varchar(255)`,e=>e.references(`tenants.id`).onDelete(`cascade`).notNull()).addColumn(`user_id`,`varchar(255)`,e=>e.notNull()).addForeignKeyConstraint(`grants_user_id_constraint`,[`user_id`,`tenant_id`],`users`,[`user_id`,`tenant_id`],e=>e.onDelete(`cascade`)).addColumn(`client_id`,`varchar(100)`,e=>e.notNull()).addColumn(`audience`,`varchar(100)`,e=>e.notNull().defaultTo(``)).addColumn(`scope`,`text`,e=>e.notNull().defaultTo(`[]`)).addColumn(`created_at`,`varchar(35)`,e=>e.notNull()).addColumn(`updated_at`,`varchar(35)`,e=>e.notNull()).execute(),await e.schema.createIndex(`grants_natural_key_idx`).on(`grants`).columns([`tenant_id`,`user_id`,`client_id`,`audience`]).unique().execute(),await e.schema.createIndex(`grants_tenant_user_idx`).on(`grants`).columns([`tenant_id`,`user_id`]).execute()}async function qh(e){await e.schema.dropTable(`grants`).execute()}var Jh=t({down:()=>Xh,up:()=>Yh});async function Yh(e){await i.sql`UPDATE clients SET is_first_party = 1 WHERE is_first_party = 0`.execute(e)}async function Xh(e){}var Zh=t({down:()=>$h,up:()=>Qh});async function Qh(e){await e.schema.alterTable(`tenants`).addColumn(`deployment_type`,`varchar(16)`,e=>e.notNull().defaultTo(`shared`)).execute(),await e.schema.alterTable(`tenants`).addColumn(`provisioning_state`,`varchar(16)`,e=>e.notNull().defaultTo(`ready`)).execute(),await e.schema.alterTable(`tenants`).addColumn(`provisioning_error`,`varchar(2048)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`provisioning_state_changed_at`,`varchar(35)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`bundle_configuration`,`varchar(64)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`worker_version`,`varchar(64)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`worker_script_name`,`varchar(255)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`storage_kind`,`varchar(32)`).execute(),await e.schema.alterTable(`tenants`).addColumn(`d1_database_id`,`varchar(64)`).execute()}async function $h(e){await e.schema.alterTable(`tenants`).dropColumn(`d1_database_id`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`storage_kind`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`worker_script_name`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`worker_version`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`bundle_configuration`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`provisioning_state_changed_at`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`provisioning_error`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`provisioning_state`).execute(),await e.schema.alterTable(`tenants`).dropColumn(`deployment_type`).execute()}var eg={m1_init:Aa,m2_magicLink:Na,m3_updateAt:Ia,m4_logTable:za,m5_userProfile:Ha,m6_sessions:Ga,m7_passwords:Ja,m8_logsTableNewFields:Za,m9_passwordTableNewField:eo,n01_codesTable:ro,n11_universalLoginSession:oo,n12_userFields:lo,n13_userEmailIndex:po,n14_profileDataField:go,n15_userEmailIndex:yo,n16_userLocale:So,n17_signingKeys:To,n18_logsFields:Oo,n19_connectionsUserinfo:jo,n20_missingFields:Po,n21_sessionDeletedAt:Lo,n22_dropLogsFields:Bo,n23_dropUsersFields:Uo,n24_logsIndexes:Ko,n25_logDescMaxLength:Yo,n26_logsTableExtraFields:Qo,n27_usersTableNameIndex:ts,n28_usersEmailConstrain:is,n29_increaseOtpStateLength:ss,n30_increaseTicketStateLength:us,n31_branding:ps,n32_indexesAndNotNull:gs,n33_vendorIdInUniversalLoginSession:ys,n34_auth0ClientInUniversalLoginSession:Ss,n35_increaseUniversalSessionStateLength:Ts,n36_authenticationCodes:Os,n37_disableSignUps:js,n38_otpIpAddress:Ps,n39_increaseUserAgentLength:Ls,n40_userId:Bs,n41_hooks:Us,n42_userIdIndexes:Ks,n43_userIdIndexes:Ys,n44_codes:Qs,n45_hookProperties:tc,n46_loginAuth0Client:ic,n47_loginAuth0Client:sc,n48_saml:uc,n49_removeFields:pc,n50_authParamsNonce:gc,n51_connectionid:yc,n52_cert:Sc,n53_codes_primary_key:Tc,n54_cleanup_tables:Oc,n55_logs_index:jc,n56_application_fields:Pc,n57_prompt_settings:Lc,n58_connection_client_id:Bc,n59_connection_options:Uc,n60_users_metadata:Kc,n61_userLocales:Yc,n62_prompt:Qc,n63_connection_cleanup:tl,n64_act_as:il,n65_code_verifier:sl,n66_email_providers:ul,n67_drop_tickets:pl,n68_login_useragents:gl,n70_refresh_tokens:yl,n71_session_new_fields:Sl,n72_session_primary_key:Tl,n73_drop_sessions:Ol,n74_custom_domains:jl,n75_organizations:Pl,n76_authorization_url_length:Ll,n77_drop_sessions:Bl,n78_login_sessions:Ul,n79_drop_sessions_2:Kl,n80_recreate_custom_domains:Yl,n81_phone:Ql,n82_forms:tu,n83_addFormsIdToHooks:iu,n84_login_completed:su,n85_add_login_session_id_to_sessions:uu,n86_index_sessions_login_session_id:pu,n87_code_challenge:gu,n88_add_redirect_uri_to_codes:yu,n89_add_nonce_and_state_to_codes:Su,n90_themes:Tu,n91_resource_servers_rules_permissions:Ou,n92_role_permissions:ju,n93_add_permissions_to_roles:Pu,n94_keys_connection_and_extend_columns:Lu,n95_create_organizations_table:Bu,n96_create_user_organizations_table:Uu,n97_add_organization_to_user_permissions_and_roles:Ku,n98_clients:Yu,n99_update_client_foreign_keys:ed,o001_client_grants:cd,o002_drop_applications:dd,o003_phone_number_index:md,o004_login_sessions_id_index:_d,o005_connections_tenant_index:bd,o006_remove_redundant_user_organizations_tenant_index:Cd,o007_tenant_settings:Ed,o008_merge_tenant_settings_into_tenants:kd,o009_create_invites_table:Md,o010_add_log_id_to_logs:Fd,o011_add_location_info_to_logs:Rd,o012_add_password_history:Vd,o013_connection_display_name:Wd,o014_client_connections:qd,o015_flows:Xd,o016_add_is_system_column:$d,o017_connections_composite_key:nf,o018_login_session_state:of,o019_roles_resource_servers_metadata:lf,o020_session_add_timestamp_columns:ff,o021_session_cleanup_and_ulid:gf,o022_oidc_profile_claims:bf,o023_preferred_username:Cf,o024_user_address:Ef,o025_authparams_max_age:kf,o026_auth0_conformant:Mf,o027_universal_login_templates:Ff,o028_custom_text:Rf,o029_guardian_mfa:Vf,o030_add_template_id_to_hooks:Wf,o031_hooks_cleanup:Xf,o032_unique_username_provider:tp,o033_add_login_id_to_refresh_tokens:ip,o034_refresh_tokens_replace_session_id_with_login_id:sp,o035_idle_expires_at_ts_indexes:dp,o036_add_connection_to_login_sessions:mp,o037_mfa_enrollments:_p,o038_add_otp_to_codes:bp,o039_rename_mfa_enrollments_to_authentication_methods:Cp,o040_create_outbox_events:Ep,o041_add_outbox_claim_columns:kp,o042_add_outbox_claim_index:Mp,o043_add_code_hooks:Fp,o044_create_actions:Rp,o045_outbox_dead_letter:Vp,o046_user_registration_completed_at:Wp,o047_outbox_dead_lettered_tenant_index:qp,o048_add_auth_strategy_to_login_sessions:Xp,o049_login_sessions_auth_params:$p,o050_login_sessions_auth_params_backfill:rm,o051_relax_login_sessions_authparams:lm,o052_drop_login_sessions_hoisted_authparams:hm,o053_refresh_tokens_revoked_at:Cm,o054_client_registration_tokens:Em,o055_planetscale_redundant_indexes_cleanup:km,o056_client_user_linking_mode:Fm,o057_hooks_metadata:Rm,o058_refresh_tokens_rotation:Vm,o059_organization_connections:Wm,o060_log_streams:qm,o061_tenants_attack_protection:Xm,o062_tenants_default_client_id:$m,o063_email_templates:nh,o064_create_action_versions:ah,o065_branding_dark_mode:ch,o066_create_action_executions:dh,o067_client_disable_sign_ups:mh,o068_move_disable_signup_to_connection:vh,o069_actions_is_system_inherit:Sh,o070_collapse_auth0_source_into_db_connection:Th,o071_migration_sources:Ah,o072_proxy_routes:Nh,o073_proxy_routes_v2:Ih,o074_widen_user_permissions_resource_server_identifier:Vh,o075_create_grants:Gh,o076_default_first_party_true:Jh,o077_tenant_deployment_fields:Zh};async function tg(e,t=!1){$u(t),t&&console.log(`migrating...`);let{error:n,results:r}=await new Oa({db:e,provider:new ka(eg)}).migrateToLatest();if(r?.forEach(e=>{e.status===`Success`?t&&console.log(`migration "${e.migrationName}" was executed successfully`):e.status===`Error`&&console.error(`failed to execute migration "${e.migrationName}"`)}),n)throw console.error(`failed to migrate`),console.error(n),n}async function ng(e,t=!1){$u(t),t&&console.log(`migrating...`);let{error:n,results:r}=await new Oa({db:e,provider:new ka(eg)}).migrateDown();if(r?.forEach(e=>{e.status===`Success`?t&&console.log(`migration "${e.migrationName}" was reverted successfully`):e.status===`Error`&&console.error(`failed to execute migration "${e.migrationName}"`)}),n)throw console.error(`failed to migrate`),console.error(n),n}function rg(e,t={useTransactions:!0}){let n={actions:oe(e),actionExecutions:ue(e),actionVersions:pe(e),branding:mn(e),clients:kt(e),clientConnections:Ft(e),clientGrants:Vt(e),clientRegistrationTokens:$t(e),codes:mt(e),connections:St(e),emailProviders:tr(e),emailTemplates:cr(e),customDomains:dn(e),flows:Me(e),forms:Tr(e),hookCode:kn(e),hooks:wn(e),invites:Ci(e),keys:rn(e),loginSessions:Kn(e),logs:Xe(e),logStreams:aa(e),migrationSources:oa(e),authenticationMethods:qi(e),passwords:st(e),promptSettings:Xn(e),proxyRoutes:z(e),refreshTokens:_r(e),resourceServers:jr(e),rolePermissions:Vr(e),grants:qr(e),userPermissions:Qr(e),userRoles:ri(e),roles:Lr(e),sessions:nt(e),sessionCleanup:yr(e),tenants:He(e),themes:Pn(e),universalLoginTemplates:vn(e),customText:Bi(e),users:we(e),organizations:li(e),organizationConnections:ui(e),userOrganizations:_i(e),stats:Oi(e),analytics:zi(e),outbox:ia(e),async transaction(r){return t.useTransactions===!1?r(n):e.transaction().execute(async e=>r(rg(e,{...t,useTransactions:!1})))}};return n}exports.createProxyDataAdapter=ua,exports.createProxyRoutesAdapter=z,exports.default=rg,exports.migrateDown=ng,exports.migrateToLatest=tg;

package/dist/kysely-adapter.d.ts

@@ -402,13 +402,13 @@ declare const sqlRoleSchema: z.ZodObject<{
 declare const sqlTenantSchema: z.ZodObject<{
     created_at: z.ZodPipe<z.ZodNullable<z.ZodString>, z.ZodTransform<string, string | null>>;
     updated_at: z.ZodPipe<z.ZodNullable<z.ZodString>, z.ZodTransform<string, string | null>>;
-    audience: z.ZodString;
+    audience: z.ZodOptional<z.ZodString>;
     friendly_name: z.ZodString;
     picture_url: z.ZodOptional<z.ZodString>;
     support_email: z.ZodOptional<z.ZodString>;
     support_url: z.ZodOptional<z.ZodString>;
-    sender_email: z.ZodString;
-    sender_name: z.ZodString;
+    sender_email: z.ZodOptional<z.ZodString>;
+    sender_name: z.ZodOptional<z.ZodString>;
     session_lifetime: z.ZodOptional<z.ZodNumber>;
     idle_session_lifetime: z.ZodOptional<z.ZodNumber>;
     ephemeral_session_lifetime: z.ZodOptional<z.ZodNumber>;
@@ -511,6 +511,26 @@ declare const sqlTenantSchema: z.ZodObject<{
     }, z.core.$strip>>>;
     pushed_authorization_requests_supported: z.ZodOptional<z.ZodBoolean>;
     authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
+    deployment_type: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+        shared: "shared";
+        wfp: "wfp";
+    }>>>;
+    provisioning_state: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+        pending: "pending";
+        ready: "ready";
+        failed: "failed";
+    }>>>;
+    provisioning_error: z.ZodOptional<z.ZodString>;
+    provisioning_state_changed_at: z.ZodOptional<z.ZodString>;
+    bundle_configuration: z.ZodOptional<z.ZodString>;
+    worker_version: z.ZodOptional<z.ZodString>;
+    worker_script_name: z.ZodOptional<z.ZodString>;
+    storage_kind: z.ZodOptional<z.ZodEnum<{
+        own_d1: "own_d1";
+        existing_d1: "existing_d1";
+        shared_planetscale: "shared_planetscale";
+    }>>;
+    d1_database_id: z.ZodOptional<z.ZodString>;
     attack_protection: z.ZodOptional<z.ZodObject<{
         breached_password_detection: z.ZodOptional<z.ZodObject<{
             enabled: z.ZodOptional<z.ZodBoolean>;

package/dist/kysely-adapter.mjs

@@ -9327,8 +9327,20 @@ async function cg(e) {
 }
 async function lg(e) {}
 //#endregion
+//#region migrate/migrations/2026-06-06T12:00:00_tenant_deployment_fields.ts
+var ug = /* @__PURE__ */ _({
+	down: () => fg,
+	up: () => dg
+});
+async function dg(e) {
+	await e.schema.alterTable("tenants").addColumn("deployment_type", "varchar(16)", (e) => e.notNull().defaultTo("shared")).execute(), await e.schema.alterTable("tenants").addColumn("provisioning_state", "varchar(16)", (e) => e.notNull().defaultTo("ready")).execute(), await e.schema.alterTable("tenants").addColumn("provisioning_error", "varchar(2048)").execute(), await e.schema.alterTable("tenants").addColumn("provisioning_state_changed_at", "varchar(35)").execute(), await e.schema.alterTable("tenants").addColumn("bundle_configuration", "varchar(64)").execute(), await e.schema.alterTable("tenants").addColumn("worker_version", "varchar(64)").execute(), await e.schema.alterTable("tenants").addColumn("worker_script_name", "varchar(255)").execute(), await e.schema.alterTable("tenants").addColumn("storage_kind", "varchar(32)").execute(), await e.schema.alterTable("tenants").addColumn("d1_database_id", "varchar(64)").execute();
+}
+async function fg(e) {
+	await e.schema.alterTable("tenants").dropColumn("d1_database_id").execute(), await e.schema.alterTable("tenants").dropColumn("storage_kind").execute(), await e.schema.alterTable("tenants").dropColumn("worker_script_name").execute(), await e.schema.alterTable("tenants").dropColumn("worker_version").execute(), await e.schema.alterTable("tenants").dropColumn("bundle_configuration").execute(), await e.schema.alterTable("tenants").dropColumn("provisioning_state_changed_at").execute(), await e.schema.alterTable("tenants").dropColumn("provisioning_error").execute(), await e.schema.alterTable("tenants").dropColumn("provisioning_state").execute(), await e.schema.alterTable("tenants").dropColumn("deployment_type").execute();
+}
+//#endregion
 //#region migrate/migrations/index.ts
-var ug = {
+var pg = {
 	m1_init: Wa,
 	m2_magicLink: qa,
 	m3_updateAt: Xa,
@@ -9502,25 +9514,26 @@ var ug = {
 	o073_proxy_routes_v2: Yh,
 	o074_widen_user_permissions_resource_server_identifier: eg,
 	o075_create_grants: ig,
-	o076_default_first_party_true: sg
+	o076_default_first_party_true: sg,
+	o077_tenant_deployment_fields: ug
 };
 //#endregion
 //#region migrate/migrate.ts
-async function dg(e, t = !1) {
+async function mg(e, t = !1) {
 	pd(t), t && console.log("migrating...");
 	let { error: n, results: r } = await new Va({
 		db: e,
-		provider: new Ua(ug)
+		provider: new Ua(pg)
 	}).migrateToLatest();
 	if (r?.forEach((e) => {
 		e.status === "Success" ? t && console.log(`migration "${e.migrationName}" was executed successfully`) : e.status === "Error" && console.error(`failed to execute migration "${e.migrationName}"`);
 	}), n) throw console.error("failed to migrate"), console.error(n), n;
 }
-async function fg(e, t = !1) {
+async function hg(e, t = !1) {
 	pd(t), t && console.log("migrating...");
 	let { error: n, results: r } = await new Va({
 		db: e,
-		provider: new Ua(ug)
+		provider: new Ua(pg)
 	}).migrateDown();
 	if (r?.forEach((e) => {
 		e.status === "Success" ? t && console.log(`migration "${e.migrationName}" was reverted successfully`) : e.status === "Error" && console.error(`failed to execute migration "${e.migrationName}"`);
@@ -9528,7 +9541,7 @@ async function fg(e, t = !1) {
 }
 //#endregion
 //#region src/index.ts
-function pg(e, t = { useTransactions: !0 }) {
+function gg(e, t = { useTransactions: !0 }) {
 	let n = {
 		actions: ve(e),
 		actionExecutions: Se(e),
@@ -9578,7 +9591,7 @@ function pg(e, t = { useTransactions: !0 }) {
 		analytics: Ji(e),
 		outbox: pa(e),
 		async transaction(r) {
-			return t.useTransactions === !1 ? r(n) : e.transaction().execute(async (e) => r(pg(e, {
+			return t.useTransactions === !1 ? r(n) : e.transaction().execute(async (e) => r(gg(e, {
 				...t,
 				useTransactions: !1
 			})));
@@ -9587,4 +9600,4 @@ function pg(e, t = { useTransactions: !0 }) {
 	return n;
 }
 //#endregion
-export { ba as createProxyDataAdapter, va as createProxyRoutesAdapter, pg as default, fg as migrateDown, dg as migrateToLatest };
+export { ba as createProxyDataAdapter, va as createProxyRoutesAdapter, gg as default, hg as migrateDown, mg as migrateToLatest };

package/dist/types/migrate/migrations/2026-06-06T12:00:00_tenant_deployment_fields.d.ts

@@ -0,0 +1,11 @@
+import { Kysely } from "kysely";
+import { Database } from "../../src/db";
+/**
+ * Adds tenant-level provisioning / deployment metadata so a tenant row can
+ * describe whether it runs on the shared authhero deployment or as its own
+ * worker in a Cloudflare dispatch namespace, and what bundle / storage
+ * backing it uses. `deployment_type` and `provisioning_state` get DB
+ * defaults so existing rows land as `shared` / `ready` with no app change.
+ */
+export declare function up(db: Kysely<Database>): Promise<void>;
+export declare function down(db: Kysely<Database>): Promise<void>;

package/dist/types/migrate/migrations/index.d.ts

@@ -172,6 +172,7 @@ import * as o073_proxy_routes_v2 from "./2026-05-28T00:00:00_proxy_routes_v2";
 import * as o074_widen_user_permissions_resource_server_identifier from "./2026-06-04T10:00:00_widen_user_permissions_resource_server_identifier";
 import * as o075_create_grants from "./2026-06-04T11:00:00_create_grants";
 import * as o076_default_first_party_true from "./2026-06-04T11:01:00_default_first_party_true";
+import * as o077_tenant_deployment_fields from "./2026-06-06T12:00:00_tenant_deployment_fields";
 declare const _default: {
     m1_init: typeof m1_init;
     m2_magicLink: typeof m2_magicLink;
@@ -347,5 +348,6 @@ declare const _default: {
     o074_widen_user_permissions_resource_server_identifier: typeof o074_widen_user_permissions_resource_server_identifier;
     o075_create_grants: typeof o075_create_grants;
     o076_default_first_party_true: typeof o076_default_first_party_true;
+    o077_tenant_deployment_fields: typeof o077_tenant_deployment_fields;
 };
 export default _default;

package/dist/types/src/db.d.ts

@@ -402,13 +402,13 @@ export declare const sqlRoleSchema: z.ZodObject<{
 export declare const sqlTenantSchema: z.ZodObject<{
     created_at: z.ZodPipe<z.ZodNullable<z.ZodString>, z.ZodTransform<string, string | null>>;
     updated_at: z.ZodPipe<z.ZodNullable<z.ZodString>, z.ZodTransform<string, string | null>>;
-    audience: z.ZodString;
+    audience: z.ZodOptional<z.ZodString>;
     friendly_name: z.ZodString;
     picture_url: z.ZodOptional<z.ZodString>;
     support_email: z.ZodOptional<z.ZodString>;
     support_url: z.ZodOptional<z.ZodString>;
-    sender_email: z.ZodString;
-    sender_name: z.ZodString;
+    sender_email: z.ZodOptional<z.ZodString>;
+    sender_name: z.ZodOptional<z.ZodString>;
     session_lifetime: z.ZodOptional<z.ZodNumber>;
     idle_session_lifetime: z.ZodOptional<z.ZodNumber>;
     ephemeral_session_lifetime: z.ZodOptional<z.ZodNumber>;
@@ -511,6 +511,26 @@ export declare const sqlTenantSchema: z.ZodObject<{
     }, z.core.$strip>>>;
     pushed_authorization_requests_supported: z.ZodOptional<z.ZodBoolean>;
     authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
+    deployment_type: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+        shared: "shared";
+        wfp: "wfp";
+    }>>>;
+    provisioning_state: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+        pending: "pending";
+        ready: "ready";
+        failed: "failed";
+    }>>>;
+    provisioning_error: z.ZodOptional<z.ZodString>;
+    provisioning_state_changed_at: z.ZodOptional<z.ZodString>;
+    bundle_configuration: z.ZodOptional<z.ZodString>;
+    worker_version: z.ZodOptional<z.ZodString>;
+    worker_script_name: z.ZodOptional<z.ZodString>;
+    storage_kind: z.ZodOptional<z.ZodEnum<{
+        own_d1: "own_d1";
+        existing_d1: "existing_d1";
+        shared_planetscale: "shared_planetscale";
+    }>>;
+    d1_database_id: z.ZodOptional<z.ZodString>;
     attack_protection: z.ZodOptional<z.ZodObject<{
         breached_password_detection: z.ZodOptional<z.ZodObject<{
             enabled: z.ZodOptional<z.ZodBoolean>;

package/dist/types/src/tenants/list.d.ts

@@ -5,14 +5,14 @@ export declare function list(db: Kysely<Database>): (params?: ListParams) => Pro
     tenants: {
         created_at: string;
         updated_at: string;
-        audience: string;
         friendly_name: string;
-        sender_email: string;
-        sender_name: string;
         id: string;
+        audience?: string | undefined;
         picture_url?: string | undefined;
         support_email?: string | undefined;
         support_url?: string | undefined;
+        sender_email?: string | undefined;
+        sender_name?: string | undefined;
         session_lifetime?: number | undefined;
         idle_session_lifetime?: number | undefined;
         ephemeral_session_lifetime?: number | undefined;
@@ -109,6 +109,15 @@ export declare function list(db: Kysely<Database>): (params?: ListParams) => Pro
         } | null | undefined;
         pushed_authorization_requests_supported?: boolean | undefined;
         authorization_response_iss_parameter_supported?: boolean | undefined;
+        deployment_type?: "shared" | "wfp" | undefined;
+        provisioning_state?: "pending" | "ready" | "failed" | undefined;
+        provisioning_error?: string | undefined;
+        provisioning_state_changed_at?: string | undefined;
+        bundle_configuration?: string | undefined;
+        worker_version?: string | undefined;
+        worker_script_name?: string | undefined;
+        storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
+        d1_database_id?: string | undefined;
         attack_protection?: {
             breached_password_detection?: {
                 enabled?: boolean | undefined;
@@ -181,14 +190,14 @@ export declare function list(db: Kysely<Database>): (params?: ListParams) => Pro
     tenants: {
         created_at: string;
         updated_at: string;
-        audience: string;
         friendly_name: string;
-        sender_email: string;
-        sender_name: string;
         id: string;
+        audience?: string | undefined;
         picture_url?: string | undefined;
         support_email?: string | undefined;
         support_url?: string | undefined;
+        sender_email?: string | undefined;
+        sender_name?: string | undefined;
         session_lifetime?: number | undefined;
         idle_session_lifetime?: number | undefined;
         ephemeral_session_lifetime?: number | undefined;
@@ -285,6 +294,15 @@ export declare function list(db: Kysely<Database>): (params?: ListParams) => Pro
         } | null | undefined;
         pushed_authorization_requests_supported?: boolean | undefined;
         authorization_response_iss_parameter_supported?: boolean | undefined;
+        deployment_type?: "shared" | "wfp" | undefined;
+        provisioning_state?: "pending" | "ready" | "failed" | undefined;
+        provisioning_error?: string | undefined;
+        provisioning_state_changed_at?: string | undefined;
+        bundle_configuration?: string | undefined;
+        worker_version?: string | undefined;
+        worker_script_name?: string | undefined;
+        storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
+        d1_database_id?: string | undefined;
         attack_protection?: {
             breached_password_detection?: {
                 enabled?: boolean | undefined;