@axium/server 0.26.3 → 0.28.0

package/dist/database.js

@@ -55,10 +55,14 @@ import { plugins } from '@axium/core/plugins';
 import { Kysely, PostgresDialect, sql } from 'kysely';
 import { jsonObjectFrom } from 'kysely/helpers/postgres';
 import { randomBytes } from 'node:crypto';
-import { readFileSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path/posix';
+import { styleText } from 'node:util';
 import pg from 'pg';
+import * as z from 'zod';
 import config from './config.js';
-import { styleText } from 'node:util';
+import rawSchema from './db.json' with { type: 'json' };
+import { dirs, systemDir } from './io.js';
 const sym = Symbol.for('Axium:database');
 export let database;
 export function connect() {
@@ -93,6 +97,30 @@ export function userFromId(builder) {
         .$castTo()
         .as('user');
 }
+/**
+ * Used for `update ... set ... from`
+ */
+export function values(records, alias) {
+    if (!records?.length)
+        throw new Error('Can not create values() with empty records array');
+    // Assume there's at least one record and all records
+    // have the same keys.
+    const keys = Object.keys(records[0]);
+    // Transform the records into a list of lists such as
+    // ($1, $2, $3), ($4, $5, $6)
+    const values = sql.join(records.map(r => sql `(${sql.join(keys.map(k => r[k]))})`));
+    // Create the alias `v(id, v1, v2)` that specifies the table alias
+    // AND a name for each column.
+    const wrappedAlias = sql.ref(alias);
+    // eslint-disable-next-line @typescript-eslint/unbound-method
+    const wrappedColumns = sql.join(keys.map(sql.ref));
+    const aliasSql = sql `${wrappedAlias}(${wrappedColumns})`;
+    // Finally create a single `AliasedRawBuilder` instance of the
+    // whole thing. Note that we need to explicitly specify
+    // the alias type using `.as<A>` because we are using a
+    // raw sql snippet as the alias.
+    return sql `(values ${values})`.as(aliasSql);
+}
 export async function statText() {
     try {
         const stats = await count('users', 'passkeys', 'sessions');
@@ -133,26 +161,16 @@ export async function getHBA(opt) {
     };
     return [content, writeBack];
 }
-const pgHba = `
+/** @internal @hidden */
+export const _pgHba = `
 local axium axium md5
 host  axium axium 127.0.0.1/32 md5
 host  axium axium ::1/128 md5
 `;
-const _sql = (command, message) => io.run(message, `sudo -u postgres psql -c "${command}"`);
+/** @internal @hidden */
+export const _sql = (command, message) => io.run(message, `sudo -u postgres psql -c "${command}"`);
 /** Shortcut to output a warning if an error is thrown because relation already exists */
 export const warnExists = io.someWarnings([/\w+ "[\w.]+" already exists/, 'already exists.']);
-const throwUnlessRows = (text) => {
-    if (text.includes('(0 rows)'))
-        throw 'missing.';
-    return text;
-};
-export async function createIndex(table, column, mod) {
-    io.start(`Creating index for ${table}.${column}`);
-    let query = database.schema.createIndex(`${table}_${column}_index`).on(table).column(column);
-    if (mod)
-        query = mod(query);
-    await query.execute().then(io.done).catch(warnExists);
-}
 export async function init(opt) {
     const env_1 = { stack: [], error: void 0, hasError: false };
     try {
@@ -186,11 +204,11 @@ export async function init(opt) {
         await getHBA(opt)
             .then(([content, writeBack]) => {
             io.start('Checking for Axium HBA configuration');
-            if (content.includes(pgHba))
+            if (content.includes(_pgHba))
                 throw 'already exists.';
             io.done();
             io.start('Adding Axium HBA configuration');
-            const newContent = content.replace(/^local\s+all\s+all.*$/m, `$&\n${pgHba}`);
+            const newContent = content.replace(/^local\s+all\s+all.*$/m, `$&\n${_pgHba}`);
             io.done();
             writeBack(newContent);
         })
@@ -199,91 +217,8 @@ export async function init(opt) {
         io.start('Connecting to database');
         const _ = __addDisposableResource(env_1, connect(), true);
         io.done();
-        function maybeCheck(table) {
-            return (e) => {
-                warnExists(e);
-                if (opt.check)
-                    return checkTableTypes(table, expectedTypes[table], opt);
-            };
-        }
-        io.start('Creating table users');
-        await database.schema
-            .createTable('users')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('name', 'text')
-            .addColumn('email', 'text', col => col.unique().notNull())
-            .addColumn('emailVerified', 'timestamptz')
-            .addColumn('image', 'text')
-            .addColumn('isAdmin', 'boolean', col => col.notNull().defaultTo(false))
-            .addColumn('roles', sql `text[]`, col => col.notNull().defaultTo(sql `'{}'::text[]`))
-            .addColumn('tags', sql `text[]`, col => col.notNull().defaultTo(sql `'{}'::text[]`))
-            .addColumn('preferences', 'jsonb', col => col.notNull().defaultTo('{}'))
-            .addColumn('registeredAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('isSuspended', 'boolean', col => col.notNull().defaultTo(false))
-            .execute()
-            .then(io.done)
-            .catch(maybeCheck('users'));
-        io.start('Creating table sessions');
-        await database.schema
-            .createTable('sessions')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('userId', 'uuid', col => col.references('users.id').onDelete('cascade').notNull())
-            .addColumn('token', 'text', col => col.notNull().unique())
-            .addColumn('created', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('expires', 'timestamptz', col => col.notNull())
-            .addColumn('elevated', 'boolean', col => col.notNull())
-            .execute()
-            .then(io.done)
-            .catch(maybeCheck('sessions'));
-        await createIndex('sessions', 'id');
-        io.start('Creating table verifications');
-        await database.schema
-            .createTable('verifications')
-            .addColumn('userId', 'uuid', col => col.references('users.id').onDelete('cascade').notNull())
-            .addColumn('token', 'text', col => col.notNull().unique())
-            .addColumn('expires', 'timestamptz', col => col.notNull())
-            .addColumn('role', 'text', col => col.notNull())
-            .execute()
-            .then(io.done)
-            .catch(maybeCheck('verifications'));
-        io.start('Creating table passkeys');
-        await database.schema
-            .createTable('passkeys')
-            .addColumn('id', 'text', col => col.primaryKey().notNull())
-            .addColumn('name', 'text')
-            .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').notNull())
-            .addColumn('publicKey', 'bytea', col => col.notNull())
-            .addColumn('counter', 'integer', col => col.notNull())
-            .addColumn('deviceType', 'text', col => col.notNull())
-            .addColumn('backedUp', 'boolean', col => col.notNull())
-            .addColumn('transports', sql `text[]`)
-            .execute()
-            .then(io.done)
-            .catch(maybeCheck('passkeys'));
-        await createIndex('passkeys', 'userId');
-        io.start('Creating table audit_log');
-        await database.schema
-            .createTable('audit_log')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('timestamp', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('userId', 'uuid')
-            .addColumn('severity', 'integer', col => col.notNull())
-            .addColumn('name', 'text', col => col.notNull())
-            .addColumn('source', 'text', col => col.notNull())
-            .addColumn('tags', sql `text[]`, col => col.notNull().defaultTo(sql `'{}'::text[]`))
-            .addColumn('extra', 'jsonb', col => col.notNull().defaultTo('{}'))
-            .execute()
-            .then(io.done)
-            .catch(maybeCheck('audit_log'));
         io.start('Creating schema acl');
         await database.schema.createSchema('acl').execute().then(io.done).catch(warnExists);
-        for (const plugin of plugins.values()) {
-            if (!plugin._hooks?.db_init)
-                continue;
-            io.log(styleText('whiteBright', 'Running plugin: '), plugin.name);
-            await plugin._hooks?.db_init(opt);
-        }
     }
     catch (e_1) {
         env_1.error = e_1;
@@ -295,85 +230,535 @@ export async function init(opt) {
             await result_1;
     }
 }
-export const expectedTypes = {
-    users: {
-        email: { type: 'text', required: true },
-        emailVerified: { type: 'timestamptz' },
-        id: { type: 'uuid', required: true, hasDefault: true },
-        image: { type: 'text' },
-        isAdmin: { type: 'bool', required: true, hasDefault: true },
-        name: { type: 'text' },
-        preferences: { type: 'jsonb', required: true, hasDefault: true },
-        registeredAt: { type: 'timestamptz', required: true, hasDefault: true },
-        roles: { type: '_text', required: true, hasDefault: true },
-        tags: { type: '_text', required: true, hasDefault: true },
-        isSuspended: { type: 'bool', required: true, hasDefault: true },
-    },
-    verifications: {
-        userId: { type: 'uuid', required: true },
-        token: { type: 'text', required: true },
-        expires: { type: 'timestamptz', required: true },
-        role: { type: 'text', required: true },
-    },
-    passkeys: {
-        id: { type: 'text', required: true },
-        name: { type: 'text' },
-        createdAt: { type: 'timestamptz', required: true, hasDefault: true },
-        userId: { type: 'uuid', required: true },
-        publicKey: { type: 'bytea', required: true },
-        counter: { type: 'int4', required: true },
-        deviceType: { type: 'text', required: true },
-        backedUp: { type: 'bool', required: true },
-        transports: { type: '_text' },
-    },
-    sessions: {
-        id: { type: 'uuid', required: true, hasDefault: true },
-        userId: { type: 'uuid', required: true },
-        created: { type: 'timestamptz', required: true, hasDefault: true },
-        token: { type: 'text', required: true },
-        expires: { type: 'timestamptz', required: true },
-        elevated: { type: 'bool', required: true },
-    },
-    audit_log: {
-        userId: { type: 'uuid' },
-        timestamp: { type: 'timestamptz', required: true, hasDefault: true },
-        id: { type: 'uuid', required: true, hasDefault: true },
-        severity: { type: 'int4', required: true },
-        name: { type: 'text', required: true },
-        source: { type: 'text', required: true },
-        tags: { type: '_text', required: true, hasDefault: true },
-        extra: { type: 'jsonb', required: true, hasDefault: true },
-    },
+export const Column = z.strictObject({
+    type: z.string(),
+    required: z.boolean().default(false),
+    unique: z.boolean().default(false),
+    primary: z.boolean().default(false),
+    references: z.string().optional(),
+    onDelete: z.enum(['cascade', 'restrict', 'no action', 'set null', 'set default']).optional(),
+    default: z.any().optional(),
+    check: z.string().optional(),
+});
+export const Constraint = z.discriminatedUnion('type', [
+    z.strictObject({
+        type: z.literal('primary_key'),
+        on: z.string().array(),
+    }),
+    z.strictObject({
+        type: z.literal('foreign_key'),
+        on: z.string().array(),
+        target: z.string(),
+        references: z.string().array(),
+    }),
+    z.strictObject({
+        type: z.literal('unique'),
+        on: z.string().array(),
+        nulls_not_distinct: z.boolean().optional(),
+    }),
+    z.strictObject({
+        type: z.literal('check'),
+        check: z.string(),
+    }),
+]);
+export const Table = z.strictObject({
+    columns: z.record(z.string(), Column),
+    constraints: z.record(z.string(), Constraint).optional().default({}),
+});
+export const IndexString = z.templateLiteral([z.string(), ':', z.string()]);
+export function parseIndex(value) {
+    const [table, column] = value.split(':');
+    return { table, column };
+}
+export const SchemaDecl = z.strictObject({
+    tables: z.record(z.string(), Table),
+    indexes: IndexString.array().optional().default([]),
+});
+export const ColumnDelta = z.strictObject({
+    type: z.string().optional(),
+    default: z.string().optional(),
+    ops: z.literal(['drop_default', 'set_required', 'drop_required']).array().optional(),
+});
+export const TableDelta = z.strictObject({
+    add_columns: z.record(z.string(), Column).optional().default({}),
+    drop_columns: z.string().array().optional().default([]),
+    alter_columns: z.record(z.string(), ColumnDelta).optional().default({}),
+    add_constraints: z.record(z.string(), Constraint).optional().default({}),
+    drop_constraints: z.string().array().optional().default([]),
+});
+export const VersionDelta = z.strictObject({
+    delta: z.literal(true),
+    add_tables: z.record(z.string(), Table).optional().default({}),
+    drop_tables: z.string().array().optional().default([]),
+    alter_tables: z.record(z.string(), TableDelta).optional().default({}),
+    add_indexes: IndexString.array().optional().default([]),
+    drop_indexes: IndexString.array().optional().default([]),
+});
+export const SchemaFile = z.object({
+    format: z.literal(0),
+    versions: z.discriminatedUnion('delta', [SchemaDecl.extend({ delta: z.literal(false) }), VersionDelta]).array(),
+    /** List of tables to wipe */
+    wipe: z.string().array().optional().default([]),
+    /** Set the latest version, defaults to the last one */
+    latest: z.number().nonnegative().optional(),
+    /** Maps tables to their ACL tables, e.g. `"storage": "acl.storage"` */
+    acl_tables: z.record(z.string(), z.string()).optional().default({}),
+});
+const { data, error } = SchemaFile.safeParse(rawSchema);
+if (error)
+    io.error('Invalid base database schema:\n' + z.prettifyError(error));
+const schema = data;
+export function* getSchemaFiles() {
+    yield ['@axium/server', schema];
+    for (const [name, plugin] of plugins) {
+        if (!plugin._db)
+            continue;
+        try {
+            yield [name, SchemaFile.parse(plugin._db)];
+        }
+        catch (e) {
+            const text = e instanceof z.core.$ZodError ? z.prettifyError(e) : e instanceof Error ? e.message : String(e);
+            throw `Invalid database configuration for plugin "${name}":\n${text}`;
+        }
+    }
+}
+/**
+ * Get the active schema
+ */
+export function getFullSchema(opt = {}) {
+    const fullSchema = { tables: {}, indexes: [] };
+    for (const [pluginName, file] of getSchemaFiles()) {
+        if (opt.exclude?.includes(pluginName))
+            continue;
+        let currentSchema = { tables: {}, indexes: [] };
+        for (const [version, schema] of file.versions.entries()) {
+            if (schema.delta)
+                applyDeltaToSchema(currentSchema, schema);
+            else
+                currentSchema = schema;
+            if (version === file.latest)
+                break;
+        }
+        for (const name of Object.keys(currentSchema.tables)) {
+            if (name in fullSchema.tables)
+                throw 'Duplicate table name in database schema: ' + name;
+            fullSchema.tables[name] = currentSchema.tables[name];
+        }
+        for (const index of currentSchema.indexes) {
+            if (fullSchema.indexes.includes(index))
+                throw 'Duplicate index in database schema: ' + index;
+            fullSchema.indexes.push(index);
+        }
+    }
+    return fullSchema;
+}
+const schemaToIntrospected = {
+    boolean: 'bool',
+    integer: 'int4',
+    'text[]': '_text',
+};
+const VersionMap = z.record(z.string(), z.int().nonnegative());
+export const UpgradesInfo = z.object({
+    current: VersionMap.default({}),
+    upgrades: z.object({ timestamp: z.coerce.date(), from: VersionMap, to: VersionMap }).array().default([]),
+});
+const upgradesFilePath = process.getuid?.() == 0 ? join(systemDir, 'db_upgrades.json') : join(dirs.at(-1), 'db_upgrades.json');
+export function getUpgradeInfo() {
+    if (!existsSync(upgradesFilePath))
+        io.writeJSON(upgradesFilePath, { current: {}, upgrades: [] });
+    return io.readJSON(upgradesFilePath, UpgradesInfo);
+}
+export function setUpgradeInfo(info) {
+    io.writeJSON(upgradesFilePath, info);
+}
+export function applyTableDeltaToSchema(table, delta) {
+    for (const column of delta.drop_columns) {
+        if (column in table)
+            delete table.columns[column];
+        else
+            throw `Can't drop column ${column} because it does not exist`;
+    }
+    for (const [name, column] of Object.entries(delta.add_columns)) {
+        if (name in table)
+            throw `Can't add column ${name} because it already exists`;
+        table.columns[name] = column;
+    }
+    for (const [name, columnDelta] of Object.entries(delta.alter_columns)) {
+        const column = table.columns[name];
+        if (!column)
+            throw `Can't modify column ${name} because it does not exist`;
+        if (columnDelta.type)
+            column.type = columnDelta.type;
+        if (columnDelta.default)
+            column.default = columnDelta.default;
+        for (const op of columnDelta.ops || []) {
+            switch (op) {
+                case 'drop_default':
+                    delete column.default;
+                    break;
+                case 'set_required':
+                    column.required = true;
+                    break;
+                case 'drop_required':
+                    column.required = false;
+                    break;
+            }
+        }
+    }
+    for (const name of delta.drop_constraints) {
+        if (table.constraints[name])
+            delete table.constraints[name];
+        else
+            throw `Can't drop constraint ${name} because it does not exist`;
+    }
+    for (const [name, constraint] of Object.entries(delta.add_constraints)) {
+        if (table.constraints[name])
+            throw `Can't add constraint ${name} because it already exists`;
+        table.constraints[name] = constraint;
+    }
+}
+export function applyDeltaToSchema(schema, delta) {
+    for (const tableName of delta.drop_tables) {
+        if (tableName in schema.tables)
+            delete schema.tables[tableName];
+        else
+            throw `Can't drop table ${tableName} because it does not exist`;
+    }
+    for (const [tableName, table] of Object.entries(delta.add_tables)) {
+        if (tableName in schema.tables)
+            throw `Can't add table ${tableName} because it already exists`;
+        else
+            schema.tables[tableName] = table;
+    }
+    for (const [tableName, tableDelta] of Object.entries(delta.alter_tables)) {
+        if (tableName in schema.tables)
+            applyTableDeltaToSchema(schema.tables[tableName], tableDelta);
+        else
+            throw `Can't modify table ${tableName} because it does not exist`;
+    }
+}
+export function validateDelta(delta) {
+    const tableNames = [...Object.keys(delta.add_tables), ...Object.keys(delta.alter_tables), delta.drop_tables];
+    const uniqueTables = new Set(tableNames);
+    for (const table of uniqueTables) {
+        tableNames.splice(tableNames.indexOf(table), 1);
+    }
+    if (tableNames.length) {
+        throw `Duplicate table name(s): ${tableNames.join(', ')}`;
+    }
+    for (const [tableName, table] of Object.entries(delta.alter_tables)) {
+        const columnNames = [...Object.keys(table.add_columns), ...table.drop_columns];
+        const uniqueColumns = new Set(columnNames);
+        for (const column of uniqueColumns) {
+            columnNames.splice(columnNames.indexOf(column), 1);
+        }
+        if (columnNames.length) {
+            throw `Duplicate column name(s) in table ${tableName}: ${columnNames.join(', ')}`;
+        }
+    }
+}
+export function computeDelta(from, to) {
+    const fromTables = new Set(Object.keys(from.tables));
+    const toTables = new Set(Object.keys(to.tables));
+    const fromIndexes = new Set(from.indexes);
+    const toIndexes = new Set(to.indexes);
+    const add_tables = Object.fromEntries(toTables
+        .difference(fromTables)
+        .keys()
+        .map(name => [name, to.tables[name]]));
+    const alter_tables = {};
+    for (const name of fromTables.intersection(toTables)) {
+        const fromTable = from.tables[name], toTable = to.tables[name];
+        const fromColumns = new Set(Object.keys(fromTable));
+        const toColumns = new Set(Object.keys(toTable));
+        const drop_columns = fromColumns.difference(toColumns);
+        const add_columns = Object.fromEntries(toColumns
+            .difference(fromColumns)
+            .keys()
+            .map(colName => [colName, toTable.columns[colName]]));
+        const alter_columns = Object.fromEntries(toColumns
+            .intersection(fromColumns)
+            .keys()
+            .map(name => {
+            const fromCol = fromTable.columns[name], toCol = toTable.columns[name];
+            const alter = { ops: [] };
+            if ('default' in fromCol && !('default' in toCol))
+                alter.ops.push('drop_default');
+            else if (fromCol.default !== toCol.default)
+                alter.default = toCol.default;
+            if (fromCol.type != toCol.type)
+                alter.type = toCol.type;
+            if (fromCol.required != toCol.required)
+                alter.ops.push(toCol.required ? 'set_required' : 'drop_required');
+            return [name, alter];
+        }));
+        const fromConstraints = new Set(Object.keys(fromTable.constraints || {}));
+        const toConstraints = new Set(Object.keys(toTable.constraints || {}));
+        const drop_constraints = fromConstraints.difference(toConstraints);
+        const add_constraints = Object.fromEntries(toConstraints
+            .difference(fromConstraints)
+            .keys()
+            .map(constName => [constName, toTable.constraints[constName]]));
+        alter_tables[name] = {
+            add_columns,
+            drop_columns: Array.from(drop_columns),
+            alter_columns,
+            add_constraints,
+            drop_constraints: Array.from(drop_constraints),
+        };
+    }
+    return {
+        delta: true,
+        add_tables,
+        drop_tables: Array.from(fromTables.difference(toTables)),
+        alter_tables,
+        drop_indexes: Array.from(fromIndexes.difference(toIndexes)),
+        add_indexes: Array.from(toIndexes.difference(fromIndexes)),
+    };
+}
+export function collapseDeltas(deltas) {
+    const add_tables = {}, drop_tables = [], alter_tables = {}, add_indexes = [], drop_indexes = [];
+    for (const delta of deltas) {
+        validateDelta(delta);
+        for (const [name, table] of Object.entries(delta.alter_tables)) {
+            if (name in add_tables) {
+                applyTableDeltaToSchema(add_tables[name], table);
+            }
+            else if (name in alter_tables) {
+                const existing = alter_tables[name];
+                for (const [colName, column] of Object.entries(table.add_columns)) {
+                    existing.add_columns[colName] = column;
+                }
+                for (const colName of table.drop_columns) {
+                    if (colName in existing.add_columns)
+                        delete existing.add_columns[colName];
+                    else
+                        existing.drop_columns.push(colName);
+                }
+            }
+            else
+                alter_tables[name] = table;
+        }
+        for (const table of delta.drop_tables) {
+            if (table in add_tables)
+                delete add_tables[table];
+            else
+                drop_tables.push(table);
+        }
+        for (const [name, table] of Object.entries(delta.add_tables)) {
+            if (drop_tables.includes(name))
+                throw `Can't add and drop table "${name}" in the same change`;
+            if (name in alter_tables)
+                throw `Can't add and modify table "${name}" in the same change`;
+            add_tables[name] = table;
+        }
+        for (const index of delta.add_indexes) {
+            if (drop_indexes.includes(index))
+                throw `Can't add and drop index "${index}" in the same change`;
+            add_indexes.push(index);
+        }
+        for (const index of delta.drop_indexes) {
+            if (add_indexes.includes(index))
+                throw `Can't add and drop index "${index}" in the same change`;
+            drop_indexes.push(index);
+        }
+    }
+    return { delta: true, add_tables, drop_tables, alter_tables, add_indexes, drop_indexes };
+}
+export function deltaIsEmpty(delta) {
+    return (!Object.keys(delta.add_tables).length &&
+        !delta.drop_tables.length &&
+        !Object.keys(delta.alter_tables).length &&
+        !delta.add_indexes.length &&
+        !delta.drop_indexes.length);
+}
+const deltaColors = {
+    '+': 'green',
+    '-': 'red',
+    '*': 'white',
 };
+export function* displayDelta(delta) {
+    const tables = [
+        ...Object.keys(delta.add_tables).map(name => ({ op: '+', name })),
+        ...Object.entries(delta.alter_tables).map(([name, changes]) => ({ op: '*', name, changes })),
+        ...delta.drop_tables.map(name => ({ op: '-', name })),
+    ];
+    tables.sort((a, b) => a.name.localeCompare(b.name));
+    for (const table of tables) {
+        yield styleText(deltaColors[table.op], `${table.op} table ${table.name}`);
+        if (table.op != '*')
+            continue;
+        const columns = [
+            ...Object.keys(table.changes.add_columns).map(name => ({ op: '+', name })),
+            ...table.changes.drop_columns.map(name => ({ op: '-', name })),
+            ...Object.entries(table.changes.alter_columns).map(([name, changes]) => ({ op: '*', name, ...changes })),
+        ];
+        columns.sort((a, b) => a.name.localeCompare(b.name));
+        for (const column of columns) {
+            const columnChanges = column.op == '*'
+                ? [...(column.ops ?? []), 'default' in column && 'set_default', 'type' in column && 'set_type']
+                    .filter((e) => !!e)
+                    .map(e => e.replaceAll('_', ' '))
+                    .join(', ')
+                : null;
+            yield '\t' +
+                styleText(deltaColors[column.op], `${column.op} column ${column.name}${column.op != '*' ? '' : ': ' + columnChanges}`);
+        }
+        const constraints = [
+            ...Object.keys(table.changes.add_constraints).map(name => ({ op: '+', name })),
+            ...table.changes.drop_constraints.map(name => ({ op: '-', name })),
+        ];
+        for (const con of constraints) {
+            yield '\t' + styleText(deltaColors[con.op], `${con.op} constraint ${con.name}`);
+        }
+    }
+    const indexes = [
+        ...delta.add_indexes.map(raw => ({ op: '+', ...parseIndex(raw) })),
+        ...delta.drop_indexes.map(raw => ({ op: '-', ...parseIndex(raw) })),
+    ];
+    indexes.sort((a, b) => a.table.localeCompare(b.table) || a.column.localeCompare(b.column));
+    for (const index of indexes) {
+        yield styleText(deltaColors[index.op], `${index.op} index on ${index.table}.${index.column}`);
+    }
+}
+function columnFromSchema(column, allowPK) {
+    return function _addColumn(col) {
+        if (column.primary && allowPK)
+            col = col.primaryKey();
+        if (column.unique)
+            col = col.unique();
+        if (column.required)
+            col = col.notNull();
+        else if (column.unique)
+            col = col.nullsNotDistinct();
+        if (column.references)
+            col = col.references(column.references);
+        if (column.onDelete)
+            col = col.onDelete(column.onDelete);
+        if ('default' in column)
+            col = col.defaultTo(sql.raw(column.default));
+        if (column.check)
+            col = col.check(sql.raw(column.check));
+        return col;
+    };
+}
+export async function applyDelta(delta, forceAbort = false) {
+    const tx = await database.startTransaction().execute();
+    try {
+        for (const [tableName, table] of Object.entries(delta.add_tables)) {
+            io.start('Adding table ' + tableName);
+            let query = tx.schema.createTable(tableName);
+            const columns = Object.entries(table.columns);
+            const pkColumns = columns.filter(([, column]) => column.primary).map(([name, column]) => ({ name, ...column }));
+            const needsSpecialConstraint = pkColumns.length > 1 || pkColumns.some(col => !col.required);
+            for (const [colName, column] of columns) {
+                query = query.addColumn(colName, sql.raw(column.type), columnFromSchema(column, !needsSpecialConstraint));
+            }
+            if (needsSpecialConstraint) {
+                query = query.addPrimaryKeyConstraint('PK_' + tableName.replaceAll('.', '_'), pkColumns.map(col => col.name));
+            }
+            await query.execute();
+            io.done();
+        }
+        for (const tableName of delta.drop_tables) {
+            io.start('Dropping table ' + tableName);
+            await tx.schema.dropTable(tableName).execute();
+            io.done();
+        }
+        for (const [tableName, tableDelta] of Object.entries(delta.alter_tables)) {
+            io.start(`Modifying table ${tableName}`);
+            const query = tx.schema.alterTable(tableName);
+            for (const constraint of tableDelta.drop_constraints) {
+                await query.dropConstraint(constraint).execute();
+            }
+            for (const colName of tableDelta.drop_columns) {
+                await query.dropColumn(colName).execute();
+            }
+            for (const [colName, column] of Object.entries(tableDelta.add_columns)) {
+                await query.addColumn(colName, sql.raw(column.type), columnFromSchema(column, false)).execute();
+            }
+            for (const [colName, column] of Object.entries(tableDelta.alter_columns)) {
+                if (column.default)
+                    await query.alterColumn(colName, col => col.setDefault(sql.raw(column.default))).execute();
+                if (column.type)
+                    await query.alterColumn(colName, col => col.setDataType(sql.raw(column.type))).execute();
+                for (const op of column.ops ?? []) {
+                    switch (op) {
+                        case 'drop_default':
+                            if (column.default)
+                                throw 'Cannot set and drop default at the same time';
+                            await query.alterColumn(colName, col => col.dropDefault()).execute();
+                            break;
+                        case 'set_required':
+                            await query.alterColumn(colName, col => col.setNotNull()).execute();
+                            break;
+                        case 'drop_required':
+                            await query.alterColumn(colName, col => col.dropNotNull()).execute();
+                            break;
+                    }
+                }
+            }
+            for (const [name, con] of Object.entries(tableDelta.add_constraints)) {
+                switch (con.type) {
+                    case 'unique':
+                        await query.addUniqueConstraint(name, con.on, b => (con.nulls_not_distinct ? b.nullsNotDistinct() : b)).execute();
+                        break;
+                    case 'check':
+                        await query.addCheckConstraint(name, sql.raw(con.check)).execute();
+                        break;
+                    case 'foreign_key':
+                        await query.addForeignKeyConstraint(name, con.on, con.target, con.references, b => b).execute();
+                        break;
+                    case 'primary_key':
+                        await query.addPrimaryKeyConstraint(name, con.on).execute();
+                        break;
+                }
+            }
+            io.done();
+        }
+        if (forceAbort)
+            throw 'Rolling back due to --abort';
+        io.start('Committing');
+        await tx.commit().execute();
+        io.done();
+    }
+    catch (e) {
+        await tx.rollback().execute();
+        if (e instanceof SuppressedError)
+            io.error(e.suppressed);
+        throw e;
+    }
+}
 /**
  * Checks that a table has the expected column types, nullability, and default values.
  */
 export async function checkTableTypes(tableName, types, opt) {
-    io.start(`Checking for table ${tableName}`);
+    io.start(`Checking table ${tableName}`);
     const dbTables = opt._metadata || (await database.introspection.getTables());
     const table = dbTables.find(t => (t.schema == 'public' ? t.name : `${t.schema}.${t.name}`) === tableName);
     if (!table)
         throw 'missing.';
-    io.done();
     const columns = Object.fromEntries(table.columns.map(c => [c.name, c]));
-    for (const [key, { type, required = false, hasDefault = false }] of Object.entries(types)) {
-        io.start(`Checking column ${tableName}.${key}`);
+    const _types = Object.entries(types.columns);
+    for (const [i, [key, { type, required = false, default: _default }]] of _types.entries()) {
+        io.progress(i, _types.length, key);
         const col = columns[key];
-        if (!col)
-            throw 'missing.';
+        const actualType = type in schemaToIntrospected ? schemaToIntrospected[type] : type;
+        const hasDefault = _default !== undefined;
         try {
-            if (col.dataType != type)
-                throw `incorrect type "${col.dataType}", expected ${type}`;
+            if (!col)
+                throw 'missing.';
+            if (col.dataType != actualType)
+                throw `incorrect type "${col.dataType}", expected ${actualType} (${type})`;
             if (col.isNullable != !required)
                 throw required ? 'nullable' : 'not nullable';
             if (col.hasDefaultValue != hasDefault)
                 throw hasDefault ? 'missing default' : 'has default';
-            io.done();
         }
         catch (e) {
             if (opt.strict)
-                throw e;
-            io.warn(e);
+                throw `${tableName}.${key}: ${e}`;
+            io.warn(`${tableName}.${key}: ${e}`);
         }
         delete columns[key];
     }
@@ -390,43 +775,6 @@ export async function checkTableTypes(tableName, types, opt) {
     else
         io.warn(unchecked);
 }
-export async function check(opt) {
-    const env_2 = { stack: [], error: void 0, hasError: false };
-    try {
-        await io.run('Checking for sudo', 'which sudo');
-        await io.run('Checking for psql', 'which psql');
-        await _sql(`SELECT 1 FROM pg_database WHERE datname = 'axium'`, 'Checking for database').then(throwUnlessRows);
-        await _sql(`SELECT 1 FROM pg_roles WHERE rolname = 'axium'`, 'Checking for user').then(throwUnlessRows);
-        io.start('Connecting to database');
-        const _ = __addDisposableResource(env_2, connect(), true);
-        io.done();
-        io.start('Getting table metadata');
-        opt._metadata = await database.introspection.getTables();
-        const tables = Object.fromEntries(opt._metadata.map(t => [t.name, t]));
-        io.done();
-        for (const table of Object.keys(expectedTypes)) {
-            await checkTableTypes(table, expectedTypes[table], opt);
-            delete tables[table];
-        }
-        io.start('Checking for extra tables');
-        const unchecked = Object.keys(tables).join(', ');
-        if (!unchecked.length)
-            io.done();
-        else if (opt.strict)
-            throw unchecked;
-        else
-            io.warn(unchecked);
-    }
-    catch (e_2) {
-        env_2.error = e_2;
-        env_2.hasError = true;
-    }
-    finally {
-        const result_2 = __disposeResources(env_2);
-        if (result_2)
-            await result_2;
-    }
-}
 export async function clean(opt) {
     const now = new Date();
     io.start('Removing expired sessions');
@@ -440,55 +788,6 @@ export async function clean(opt) {
         await plugin._hooks?.clean(opt);
     }
 }
-/**
- * Completely remove Axium from the database.
- */
-export async function uninstall(opt) {
-    for (const plugin of plugins.values()) {
-        if (!plugin._hooks?.remove)
-            continue;
-        io.log(styleText('whiteBright', 'Running plugin: '), plugin.name);
-        await plugin._hooks?.remove(opt);
-    }
-    await _sql('DROP DATABASE axium', 'Dropping database');
-    await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
-    await _sql('DROP USER axium', 'Dropping user');
-    await getHBA(opt)
-        .then(([content, writeBack]) => {
-        io.start('Checking for Axium HBA configuration');
-        if (!content.includes(pgHba))
-            throw 'missing.';
-        io.done();
-        io.start('Removing Axium HBA configuration');
-        const newContent = content.replace(pgHba, '');
-        io.done();
-        writeBack(newContent);
-    })
-        .catch(io.warn);
-}
-/**
- * Removes all data from tables.
- */
-export async function wipe(opt) {
-    for (const plugin of plugins.values()) {
-        if (!plugin._hooks?.db_wipe)
-            continue;
-        io.log(styleText('whiteBright', 'Running plugin: '), plugin.name);
-        await plugin._hooks?.db_wipe(opt);
-    }
-    for (const table of ['users', 'passkeys', 'sessions', 'verifications']) {
-        io.start(`Wiping ${table}`);
-        await database.deleteFrom(table).execute();
-        io.done();
-    }
-    for (const table of await database.introspection.getTables()) {
-        if (!table.name.startsWith('acl.'))
-            continue;
-        const name = table.name;
-        io.debug(`Wiping ${name}`);
-        await database.deleteFrom(name).execute();
-    }
-}
 export async function rotatePassword() {
     io.start('Generating new password');
     const password = randomBytes(32).toString('base64');