npm - @blamejs/blamejs-shop - Versions diffs - 0.4.30 → 0.4.32 - Mend

@blamejs/blamejs-shop 0.4.30 → 0.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (338) hide show

package/lib/vendor/blamejs/lib/safe-vcard.js CHANGED Viewed

@@ -63,6 +63,7 @@
 var C = require("./constants");
 var { defineClass } = require("./framework-error");
+var gateContract = require("./gate-contract");
 var SafeVcardError = defineClass("SafeVcardError", { alwaysPermanent: true });
@@ -90,12 +91,7 @@ var PROFILES = Object.freeze({
   }),
 });
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 // Property-name allowlist per RFC 6350 §6 (vCard 4.0 property
 // registry) + RFC 2426 §3 (legacy 3.0 properties retained for
@@ -217,24 +213,6 @@ function parse(text, opts) {
   return { vcards: vcards };
 }
-/**
- * @primitive b.safeVcard.compliancePosture
- * @signature b.safeVcard.compliancePosture(name)
- * @since     0.9.81
- * @status    stable
- * @related   b.safeVcard.parse
- *
- * Map a compliance-posture name to its profile. Returns the profile
- * string for a known posture, `null` for unknown names.
- *
- * @example
- *   b.safeVcard.compliancePosture("hipaa");   // -> "strict"
- *   b.safeVcard.compliancePosture("loose");   // -> null
- */
-function compliancePosture(name) {
-  return COMPLIANCE_POSTURES[name] || null;
-}
 // ---- Internal ----
 function _resolveCaps(opts) {
@@ -462,12 +440,19 @@ function _preview(s) {
   return s.length > 64 ? s.slice(0, 64) + "..." : s;                                                       // log-preview length cap
 }
-module.exports = {
-  parse:               parse,
-  compliancePosture:   compliancePosture,
-  PROFILES:            PROFILES,
-  COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
-  KNOWN_PROPERTIES:    KNOWN_PROPERTIES,
-  EMBED_PROPERTIES:    EMBED_PROPERTIES,
-  SafeVcardError:      SafeVcardError,
-};
+// compliancePosture is assembled by gateContract.defineParser below; its
+// wiki section renders from the single-sourced @abiTemplate (defineParser)
+// block in gate-contract.js, instantiated for this guard by the page
+// generator.
+module.exports = gateContract.defineParser({
+  name:       "vcard",
+  entry:      parse,
+  entryName:  "parse",
+  errorClass: SafeVcardError,
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  extra: {
+    KNOWN_PROPERTIES: KNOWN_PROPERTIES,
+    EMBED_PROPERTIES: EMBED_PROPERTIES,
+  },
+});

package/lib/vendor/blamejs/lib/scheduler.js CHANGED Viewed

@@ -43,6 +43,7 @@ var lazyRequire = require("./lazy-require");
 var audit  = lazyRequire(function () { return require("./audit"); });
 var log    = lazyRequire(function () { return require("./log").boot("scheduler"); });
 var clusterStorage = require("./cluster-storage");
+var sql = require("./sql");
 var validateOpts = require("./validate-opts");
 var C = require("./constants");
 var { SchedulerError } = require("./framework-error");
@@ -51,6 +52,18 @@ var DEFAULT_MAX_JOB_MS             = C.TIME.minutes(10);
 var DEFAULT_TICK_RETENTION_MS      = C.TIME.days(7);
 var DEFAULT_TICK_PRUNE_INTERVAL_MS = C.TIME.minutes(1);
+// b.sql opts for every _blamejs_scheduler_ticks statement: thread the ACTIVE
+// backend dialect (clusterStorage.dialect() — "sqlite" single-node,
+// "postgres" | "mysql" in cluster mode) so the emitted identifier quoting +
+// dialect idioms (ON CONFLICT DO NOTHING vs the MySQL no-op fold) match the
+// backend the SQL dispatches to. Defaulting to "sqlite" works on Postgres
+// only by accident (both double-quote identifiers) and emits the wrong
+// quoting on MySQL. clusterStorage.execute still rewrites the bare table name
+// + translates `?` placeholders at dispatch; this controls only the builder-
+// side quoting + idiom selection. The table name stays BARE (no quoteName)
+// so clusterStorage's prefix rewrite still fires.
+function _ticksSqlOpts() { return { dialect: clusterStorage.dialect() }; }
 // ---- Cron parsing ----
 var CRON_SHORTHANDS = {
@@ -497,7 +510,7 @@ function create(opts) {
         task.nextRun = Date.now() + spec.every;
       }
       task.exprDesc = "every " + spec.every + "ms" +
-                      (spec.baseline ? " from " + spec.baseline : "") +
+                      (spec.baseline ? " anchored " + spec.baseline : "") +
                       (tz ? " " + tz : "");
     }
@@ -562,13 +575,23 @@ function create(opts) {
       var tickKey = task.name + ":" + nominalRun;
       var claimedBy = (typeof clusterInstance.currentNodeId === "function")
         ? clusterInstance.currentNodeId() : "unknown";
-      clusterStorage.execute(
-        "INSERT INTO _blamejs_scheduler_ticks " +
-        "(tickKey, name, scheduledAtUnix, claimedAtUnix, claimedBy) " +
-        "VALUES (?, ?, ?, ?, ?) " +
-        "ON CONFLICT (tickKey) DO NOTHING",
-        [tickKey, task.name, nominalRun, Date.now(), claimedBy]
-      ).then(function (result) {
+      // BARE logical table name — clusterStorage rewrites _blamejs_scheduler_ticks
+      // to the configured prefix and placeholderizes the ? markers. The
+      // PRIMARY KEY race on tickKey deduplicates the split-brain window; the
+      // loser's ON CONFLICT DO NOTHING reports zero rowCount and skips.
+      var claimBuilt = sql.upsert("_blamejs_scheduler_ticks", _ticksSqlOpts())   // allow:hand-rolled-sql — bare logical name for clusterStorage rewrite
+        .columns(["tickKey", "name", "scheduledAtUnix", "claimedAtUnix", "claimedBy"])
+        .values({
+          tickKey:         tickKey,
+          name:            task.name,
+          scheduledAtUnix: nominalRun,
+          claimedAtUnix:   Date.now(),
+          claimedBy:       claimedBy,
+        })
+        .onConflict(["tickKey"])
+        .doNothing()
+        .toSql();
+      clusterStorage.execute(claimBuilt.sql, claimBuilt.params).then(function (result) {
         var won = (result && result.rowCount > 0);
         if (won) {
           _runFire(task);
@@ -604,10 +627,10 @@ function create(opts) {
     var threshold = Date.now() - (
       typeof olderThanMs === "number" ? olderThanMs : tickRetentionMs
     );
-    var result = await clusterStorage.execute(
-      "DELETE FROM _blamejs_scheduler_ticks WHERE scheduledAtUnix < ?",
-      [threshold]
-    );
+    var pruneBuilt = sql.delete("_blamejs_scheduler_ticks", _ticksSqlOpts())   // allow:hand-rolled-sql — bare logical name for clusterStorage rewrite
+      .where("scheduledAtUnix", "<", threshold)
+      .toSql();
+    var result = await clusterStorage.execute(pruneBuilt.sql, pruneBuilt.params);
     var removed = (result && result.rowCount) || 0;
     if (removed > 0) {
       _emit("system.scheduler.tick.pruned", {

package/lib/vendor/blamejs/lib/seeders.js CHANGED Viewed

@@ -58,10 +58,13 @@ var nodePath = require("node:path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var dbSchema = require("./db-schema");
+var frameworkSchema = require("./framework-schema");
 var lazyRequire = require("./lazy-require");
 var { boot } = require("./log");
 var migrationFiles = require("./migration-files");
 var requestHelpers = require("./request-helpers");
+var safeSql = require("./safe-sql");
+var sql = require("./sql");
 var validateOpts = require("./validate-opts");
 var { SeederError } = require("./framework-error");
@@ -72,13 +75,29 @@ var observability = lazyRequire(function () { return require("./observability");
 var _err = SeederError.factory;
-var SEEDERS_TABLE = "_blamejs_seeders";
-var LOCK_TABLE    = "_blamejs_seeders_lock";
-// Pre-quoted forms used at every SQL interpolation site — defense in
-// depth so a future rename to a reserved-word or whitespace-bearing
-// table name doesn't silently break the query.
-var Q_SEEDERS_TABLE = '"' + SEEDERS_TABLE + '"';
-var Q_LOCK_TABLE    = '"' + LOCK_TABLE    + '"';
+// Logical framework-table names, resolved to the configured prefix via
+// frameworkSchema.tableName at every call site. These run against the
+// local node:sqlite handle directly (no clusterStorage rewrite in the
+// path), so b.sql is built with quoteName: true on the resolved name —
+// the `"name"` identifier form the single-node path always prepares.
+var SEEDERS_TABLE = "_blamejs_seeders";       // allow:hand-rolled-sql — logical name declaration; physical name + prefix resolve via frameworkSchema.tableName below
+var LOCK_TABLE    = "_blamejs_seeders_lock";  // allow:hand-rolled-sql — logical name declaration; physical name + prefix resolve via frameworkSchema.tableName below
+// b.sql opts for the local single-node handle: the resolved table name,
+// quoted by construction. tableName() applies the configurable prefix
+// (byte-identical to the literal under the default _blamejs_ prefix).
+function _seedersTable() { return frameworkSchema.tableName(SEEDERS_TABLE); }
+function _lockTable() { return frameworkSchema.tableName(LOCK_TABLE); }
+// b.sql opts resolved from the handle's dialect (sqlite by default; an
+// operator's own Postgres / MySQL handle declares `handle.dialect`).
+// quoteName forces the resolved framework name to quote. The
+// handle-dialect / opts / key-text-type resolution is shared with
+// db-schema's reconciler + migrations.js, so it is composed from db-schema
+// rather than re-derived here. The historical default (sqlite) is
+// byte-identical for every local-handle caller.
+var _handleDialect = dbSchema.handleDialect;
+var _sqlOpts = dbSchema.sqlOpts;
+var _keyTextType = dbSchema.keyTextType;
 // Filename grammar: leading numeric prefix (any width), '-', non-empty
 // body of [A-Za-z0-9_-], '.js'. Same shape as migrations to avoid
@@ -279,48 +298,63 @@ function _ensureTables(db) {
   // Both _blamejs_seeders + _blamejs_seeders_lock are part of
   // FRAMEWORK_SCHEMA so db.js creates them at boot. The CREATE IF NOT
   // EXISTS here is defensive for tests that hand-seed a fresh
-  // node:sqlite Database without going through b.db.
-  _runSql(db,
-    "CREATE TABLE IF NOT EXISTS " + Q_SEEDERS_TABLE + " (" +
-    "  env         TEXT NOT NULL," +
-    "  name        TEXT NOT NULL," +
-    "  description TEXT," +
-    "  appliedAt   TEXT NOT NULL," +
-    "  rerunnable  INTEGER NOT NULL DEFAULT 0," +
-    "  PRIMARY KEY (env, name)" +
-    ")"
-  );
-  _runSql(db,
-    "CREATE TABLE IF NOT EXISTS " + Q_LOCK_TABLE + " (" +
-    "  scope     TEXT PRIMARY KEY CHECK (scope = 'lock')," +
-    "  lockedAt  INTEGER NOT NULL," +
-    "  lockedBy  TEXT NOT NULL" +
-    ")"
-  );
+  // node:sqlite Database without going through b.db. Built through b.sql
+  // so the identifiers quote by construction (composite PK + the single-
+  // row CHECK fence on the lock table mirror db.js's FRAMEWORK_SCHEMA).
+  // env + name are the composite PRIMARY KEY, so both take the key-safe
+  // text type (VARCHAR on mysql, TEXT elsewhere). The lock's scope CHECK
+  // quotes the column under the handle dialect (backtick on mysql); lockedAt
+  // is ms-epoch (`int` → BIGINT on Postgres/MySQL, INTEGER on SQLite).
+  var dialect = _handleDialect(db);
+  var kt = _keyTextType(db);
+  var scopeCheck = "CHECK (" + safeSql.quoteIdentifier("scope", dialect, { allowReserved: true }) + " = 'lock')";
+  var seedersDdl = sql.createTable(_seedersTable(), [
+    { name: "env",         type: kt,     notNull: true },
+    { name: "name",        type: kt,     notNull: true },
+    { name: "description", type: "text" },
+    { name: "appliedAt",   type: "text", notNull: true },
+    { name: "rerunnable",  type: "int",  notNull: true, default: 0 },
+  ], { quoteName: true, primaryKey: ["env", "name"], dialect: dialect });
+  _runSql(db, seedersDdl.sql);
+  var lockDdl = sql.createTable(_lockTable(), [
+    { name: "scope",    type: kt,     primaryKey: true, constraints: scopeCheck },
+    { name: "lockedAt", type: "int",  notNull: true },
+    { name: "lockedBy", type: "text", notNull: true },
+  ], { quoteName: true, dialect: dialect });
+  _runSql(db, lockDdl.sql);
 }
 function _lockHolderId() {
   return String(process.pid) + "@" + (require("node:os").hostname() || "unknown");
 }
+// b.sql-built statements for the single advisory-lock row. Each binds
+// every value as a placeholder (the constant scope "lock" included) and
+// quotes the resolved table name by construction.
+function _lockInsertSql(db, nowMs, holder) {
+  return sql.insert(_lockTable(), _sqlOpts(db))
+    .values({ scope: "lock", lockedAt: nowMs, lockedBy: holder }).toSql();
+}
 function _acquireLock(db, lockStaleAfterMs, clock) {
   var holder = _lockHolderId();
   var nowMs = clock();
   try {
-    db.prepare(
-      "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-    ).run(nowMs, holder);
+    var ins = _lockInsertSql(db, nowMs, holder);
+    var insStmt = db.prepare(ins.sql);
+    insStmt.run.apply(insStmt, ins.params);
     return holder;
   } catch (_e) {
-    var existing = db.prepare(
-      "SELECT lockedAt, lockedBy FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock'"
-    ).get();
+    var selBuilt = sql.select(_lockTable(), _sqlOpts(db))
+      .columns(["lockedAt", "lockedBy"]).where("scope", "lock").toSql();
+    var selStmt = db.prepare(selBuilt.sql);
+    var existing = selStmt.get.apply(selStmt, selBuilt.params);
     if (!existing) {
       // Race window between INSERT failure and SELECT — try once more.
       try {
-        db.prepare(
-          "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-        ).run(nowMs, holder);
+        var ins2 = _lockInsertSql(db, nowMs, holder);
+        var ins2Stmt = db.prepare(ins2.sql);
+        ins2Stmt.run.apply(ins2Stmt, ins2.params);
         return holder;
       } catch (e2) {
         throw _err("LOCK_BUSY",
@@ -329,23 +363,32 @@ function _acquireLock(db, lockStaleAfterMs, clock) {
     }
     var ageMs = nowMs - Number(existing.lockedAt);
     if (lockStaleAfterMs > 0 && ageMs > lockStaleAfterMs) {
-      _runSql(db, "BEGIN IMMEDIATE");
+      // Force-replace the stale lock atomically. The transaction boundary
+      // is dialect-aware: only SQLite has the `BEGIN IMMEDIATE`
+      // write-lock-up-front form — Postgres + MySQL reject the `IMMEDIATE`
+      // keyword, so the shared runInTransaction helper emits a plain
+      // portable `BEGIN`/`COMMIT`/`ROLLBACK` there.
+      var lockMode = _handleDialect(db) === "sqlite" ? "IMMEDIATE" : null;
       try {
-        db.prepare("DELETE FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock' AND lockedAt = ?")
-          .run(existing.lockedAt);
-        db.prepare(
-          "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-        ).run(nowMs, holder);
-        _runSql(db, "COMMIT");
-        return holder;
+        return dbSchema.runInTransaction(db, function () {
+          var delBuilt = sql.delete(_lockTable(), _sqlOpts(db))
+            .where("scope", "lock").where("lockedAt", existing.lockedAt).toSql();
+          var delStmt = db.prepare(delBuilt.sql);
+          delStmt.run.apply(delStmt, delBuilt.params);
+          var insForce = _lockInsertSql(db, nowMs, holder);
+          var insForceStmt = db.prepare(insForce.sql);
+          insForceStmt.run.apply(insForceStmt, insForce.params);
+          return holder;
+        }, {
+          lockMode: lockMode,
+          onRollbackFail: function (rollbackErr) {
+            log.debug("rollback-failed", {
+              op: "lock-stale-replace",
+              error: rollbackErr && rollbackErr.message,
+            });
+          },
+        });
       } catch (forceErr) {
-        try { _runSql(db, "ROLLBACK"); }
-        catch (rollbackErr) {
-          log.debug("rollback-failed", {
-            op: "lock-stale-replace",
-            error: rollbackErr && rollbackErr.message,
-          });
-        }
         throw _err("LOCK_STALE_REPLACE_FAILED",
           "seeders: could not replace stale lock: " +
           ((forceErr && forceErr.message) || String(forceErr)));
@@ -359,9 +402,10 @@ function _acquireLock(db, lockStaleAfterMs, clock) {
 function _releaseLock(db, holder) {
   try {
-    db.prepare(
-      "DELETE FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock' AND lockedBy = ?"
-    ).run(holder);
+    var built = sql.delete(_lockTable(), _sqlOpts(db))
+      .where("scope", "lock").where("lockedBy", holder).toSql();
+    var stmt = db.prepare(built.sql);
+    stmt.run.apply(stmt, built.params);
   } catch (_e) { /* best-effort */ }
 }
@@ -406,10 +450,13 @@ function create(opts) {
   }
   function _appliedRows(db, env) {
-    return db.prepare(
-      "SELECT name, description, appliedAt, rerunnable FROM " + Q_SEEDERS_TABLE +
-      " WHERE env = ? ORDER BY appliedAt ASC, name ASC"
-    ).all(env);
+    var built = sql.select(_seedersTable(), _sqlOpts(db))
+      .columns(["name", "description", "appliedAt", "rerunnable"])
+      .where("env", env)
+      .orderBy("appliedAt", "asc").orderBy("name", "asc")
+      .toSql();
+    var stmt = db.prepare(built.sql);
+    return stmt.all.apply(stmt, built.params);
   }
   function status(callerOpts) {
@@ -469,8 +516,11 @@ function create(opts) {
     var holder = _acquireLock(db, lockStaleAfterMs, clock);
     try {
+      var appliedSelBuilt = sql.select(_seedersTable(), _sqlOpts(db))
+        .columns(["name"]).where("env", env).toSql();
+      var appliedSelStmt = db.prepare(appliedSelBuilt.sql);
       var appliedSet = new Set(
-        db.prepare("SELECT name FROM " + Q_SEEDERS_TABLE + " WHERE env = ?").all(env)
+        appliedSelStmt.all.apply(appliedSelStmt, appliedSelBuilt.params)
           .map(function (r) { return r.name; })
       );
@@ -503,27 +553,25 @@ function create(opts) {
             _runSql(db, "BEGIN");
             try {
               await mod.run(db, ctx);
+              var nowIso = new Date(clock()).toISOString();
+              var writeBuilt;
               if (alreadyApplied && mod.rerunnable) {
-                db.prepare(
-                  "UPDATE " + Q_SEEDERS_TABLE +
-                  " SET appliedAt = ?, description = ?, rerunnable = ?" +
-                  " WHERE env = ? AND name = ?"
-                ).run(new Date(clock()).toISOString(), mod.description || "",
-                      mod.rerunnable ? 1 : 0, env, name);
+                writeBuilt = sql.update(_seedersTable(), _sqlOpts(db))
+                  .set({ appliedAt: nowIso, description: mod.description || "",
+                         rerunnable: mod.rerunnable ? 1 : 0 })
+                  .where("env", env).where("name", name).toSql();
               } else if (alreadyApplied && force) {
-                db.prepare(
-                  "UPDATE " + Q_SEEDERS_TABLE +
-                  " SET appliedAt = ?, description = ?" +
-                  " WHERE env = ? AND name = ?"
-                ).run(new Date(clock()).toISOString(), mod.description || "",
-                      env, name);
+                writeBuilt = sql.update(_seedersTable(), _sqlOpts(db))
+                  .set({ appliedAt: nowIso, description: mod.description || "" })
+                  .where("env", env).where("name", name).toSql();
               } else {
-                db.prepare(
-                  "INSERT INTO " + Q_SEEDERS_TABLE +
-                  " (env, name, description, appliedAt, rerunnable) VALUES (?, ?, ?, ?, ?)"
-                ).run(env, name, mod.description || "",
-                      new Date(clock()).toISOString(), mod.rerunnable ? 1 : 0);
+                writeBuilt = sql.insert(_seedersTable(), _sqlOpts(db))
+                  .values({ env: env, name: name, description: mod.description || "",
+                            appliedAt: nowIso, rerunnable: mod.rerunnable ? 1 : 0 })
+                  .toSql();
               }
+              var writeStmt = db.prepare(writeBuilt.sql);
+              writeStmt.run.apply(writeStmt, writeBuilt.params);
               _runSql(db, "COMMIT");
             } catch (e) {
               try { _runSql(db, "ROLLBACK"); }

package/lib/vendor/blamejs/lib/session-stores.js CHANGED Viewed

@@ -37,22 +37,50 @@
  *     b.session.useStore(sessionStore);
  */
+var frameworkSchema = require("./framework-schema");
 var localDbThin  = require("./local-db-thin");
+var sql          = require("./sql");
 var validateOpts = require("./validate-opts");
-var SESSION_SCHEMA_SQL = [
-  "CREATE TABLE IF NOT EXISTS _blamejs_sessions (",
-  '  "sidHash"      TEXT PRIMARY KEY,',
-  '  "userId"       TEXT,',
-  '  "userIdHash"   TEXT,',
-  '  "data"         TEXT,',
-  '  "createdAt"    INTEGER,',
-  '  "expiresAt"    INTEGER,',
-  '  "lastActivity" INTEGER',
-  ");",
-  'CREATE INDEX IF NOT EXISTS "_blamejs_sessions_userIdHash_idx" ON _blamejs_sessions ("userIdHash");',
-  'CREATE INDEX IF NOT EXISTS "_blamejs_sessions_expiresAt_idx"  ON _blamejs_sessions ("expiresAt");',
-].join("\n");
+// Logical session-table name — resolved through frameworkSchema.tableName
+// so a configured table prefix (b.frameworkSchema.setTablePrefix) is
+// honored. This isolated localDbThin file owns its own schema; the name
+// must agree with the main-DB / cluster-mode session table b.session
+// reads + the sealedFields registry key (db.js registers under the
+// logical name).
+var SESSION_LOGICAL = "_blamejs_sessions";   // allow:hand-rolled-sql — canonical logical table-name declaration
+// b.sql opts for this adapter's schema DDL + every statement b.session
+// builds against it. The localDbThin backend is a dedicated node:sqlite
+// file (always sqlite, independent of cluster mode — see local-db-thin.js),
+// so the dialect is the literal "sqlite": this store NEVER dispatches to an
+// external Postgres / MySQL backend. Making the dialect explicit (rather than
+// leaning on b.sql's "sqlite" default) keeps the quoting intent documented +
+// matches the cluster-routed data-layer files threading
+// clusterStorage.dialect() through the same opts seam.
+var SQL_OPTS = { dialect: "sqlite" };
+// CREATE TABLE + the two session-side indexes (userIdHash for
+// destroyAllForUser, expiresAt for purgeExpired), built through b.sql so
+// every identifier is quoted by construction and the table name resolves
+// through the configurable prefix. DDL binds no values, so each builder
+// returns { sql } only; the statements are joined for the adapter's
+// schemaSql.
+function _sessionSchemaSql() {
+  var table = frameworkSchema.tableName(SESSION_LOGICAL);
+  var create = sql.createTable(table, [
+    { name: "sidHash",      type: "text", primaryKey: true },
+    { name: "userId",       type: "text" },
+    { name: "userIdHash",   type: "text" },
+    { name: "data",         type: "text" },
+    { name: "createdAt",    type: "int" },
+    { name: "expiresAt",    type: "int" },
+    { name: "lastActivity", type: "int" },
+  ], SQL_OPTS).sql;
+  var idxUser = sql.createIndex(table + "_userIdHash_idx", table, ["userIdHash"], SQL_OPTS).sql;
+  var idxExp  = sql.createIndex(table + "_expiresAt_idx", table, ["expiresAt"], SQL_OPTS).sql;
+  return [create + ";", idxUser + ";", idxExp + ";"].join("\n");
+}
 /**
  * @primitive b.session.stores.localDbThin
@@ -99,7 +127,7 @@ function localDbThinStore(opts) {
   // logging out every user; operators wanting clear-on-corrupt opt in.
   var handle = localDbThin.thin({
     file:       opts.file,
-    schemaSql:  SESSION_SCHEMA_SQL,
+    schemaSql:  _sessionSchemaSql(),
     recovery:   opts.recovery || "refuse",
     pragmas:    opts.pragmas,
     audit:      opts.audit !== false,