@edge-base/server 0.2.1 → 0.2.3

package/src/routes/admin.ts

@@ -119,10 +119,16 @@ function quoteSqlIdentifier(identifier: string): string {
   return `"${identifier}"`;
 }
 
+// Browser bootstrap is opt-in and only enabled by the local dev workflow.
+function isPublicAdminSetupEnabled(env: Env): boolean {
+  return env.EDGEBASE_ALLOW_PUBLIC_ADMIN_SETUP === '1'
+    || env.EDGEBASE_ALLOW_PUBLIC_ADMIN_SETUP === 'true';
+}
+
 function isPublicAdminSetupAllowed(env: Env): boolean {
   try {
     const config = parseConfig(env);
-    return config.release !== true;
+    return config.release !== true && isPublicAdminSetupEnabled(env);
   } catch {
     return false;
   }

package/src/routes/auth.ts

@@ -54,6 +54,7 @@ import {
   buildFunctionPushProxy,
   buildAdminAuthContext,
   buildAdminDbProxy,
+  executeSqlProviderAware,
   getWorkerUrl,
 } from '../lib/functions.js';
 import * as authService from '../lib/auth-d1-service.js';
@@ -659,18 +660,16 @@ export async function executeAuthHook(
           db: adminDb,
           table: (name: string) => adminDb('shared').table(name),
           auth: authAdmin,
-          async sql(namespace: string, id: string | undefined, query: string, params?: unknown[]) {
-            if (options.workerUrl && serviceKey) {
-              const res = await fetch(`${options.workerUrl}/api/sql`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json', 'X-EdgeBase-Service-Key': serviceKey },
-                body: JSON.stringify({ namespace, id, sql: query, params: params ?? [] }),
-              });
-              if (!res.ok) throw new Error(`admin.sql() failed: ${res.status}`);
-              return res.json();
-            }
-            throw new Error('admin.sql() requires workerUrl in auth hook context.');
-          },
+          sqlProviderAware: (namespace: string, id: string | undefined, query: string, params?: unknown[]) =>
+            executeSqlProviderAware(
+              { env, config, databaseNamespace: env.DATABASE, workerUrl: options.workerUrl, serviceKey },
+              namespace, id, query, params,
+            ),
+          sqlWithDirectD1Access: (namespace: string, id: string | undefined, query: string, params?: unknown[]) =>
+            executeSqlProviderAware(
+              { env, config, databaseNamespace: env.DATABASE, workerUrl: options.workerUrl, serviceKey },
+              namespace, id, query, params,
+            ),
           async broadcast(channel: string, event: string, payload?: Record<string, unknown>) {
             if (options.workerUrl && serviceKey) {
               await fetch(`${options.workerUrl}/api/db/broadcast`, {

package/src/routes/sql.ts

@@ -1,7 +1,7 @@
 /**
  * SQL endpoint — POST /api/sql
  *
- * Allows server SDK (with Service Key) to execute raw SQL on any DatabaseDO.
+ * Allows server SDK (with Service Key) to execute provider-aware raw SQL.
  * NOT available to client SDK (no sql() method on ClientEdgeBase).
  *
  * §11: URL stays /api/sql, but request body now uses
@@ -13,7 +13,7 @@
  * - id, if provided, must not contain ':' (§2)
  * - Parameterized queries enforced (sql + params separate)
  *
- * Flow: Server SDK → POST /api/sql → Worker → DatabaseDO → sqlExec() → JSON
+ * Flow: Server SDK → POST /api/sql → Worker → provider-aware executor → JSON
  *
  *  Request body:
  *    { namespace: string, id?: string, sql: string, params?: unknown[] }
@@ -23,19 +23,15 @@
  *    { namespace: 'workspace', id: 'ws-456', sql: 'SELECT * FROM documents', params: [] }
  */
 import { OpenAPIHono, createRoute, type HonoEnv } from '../lib/hono.js';
-import { parseConfig, getD1BindingName, shouldRouteToD1 } from '../lib/do-router.js';
-import { executeD1Sql } from '../lib/d1-sql.js';
+import { parseConfig } from '../lib/do-router.js';
 import { validateKey, buildConstraintCtx } from '../lib/service-key.js';
-import { zodDefaultHook, sqlBodySchema, jsonResponseSchema, errorResponseSchema } from '../lib/schemas.js';
 import {
-  ensureLocalDevPostgresSchema,
-  getLocalDevPostgresExecOptions,
-  getProviderBindingName,
-  withPostgresConnection,
-} from '../lib/postgres-executor.js';
-import { ensurePgSchema } from '../lib/postgres-schema-init.js';
-import { executeDoSql } from '../lib/do-sql.js';
-
+  zodDefaultHook,
+  sqlBodySchema,
+  jsonResponseSchema,
+  errorResponseSchema,
+} from '../lib/schemas.js';
+import { executeProviderAwareSql } from '../lib/provider-aware-sql.js';
 
 export const sqlRoute = new OpenAPIHono<HonoEnv>({ defaultHook: zodDefaultHook });
 
@@ -48,15 +44,27 @@ const executeSql = createRoute({
   method: 'post',
   path: '/',
   tags: ['admin'],
-  summary: 'Execute SQL via DatabaseDO',
+  summary: 'Execute provider-aware raw SQL',
   request: {
     body: { content: { 'application/json': { schema: sqlBodySchema } }, required: true },
   },
   responses: {
-    200: { description: 'Query results', content: { 'application/json': { schema: jsonResponseSchema } } },
-    400: { description: 'Bad request', content: { 'application/json': { schema: errorResponseSchema } } },
-    401: { description: 'Unauthorized', content: { 'application/json': { schema: errorResponseSchema } } },
-    403: { description: 'Forbidden', content: { 'application/json': { schema: errorResponseSchema } } },
+    200: {
+      description: 'Query results',
+      content: { 'application/json': { schema: jsonResponseSchema } },
+    },
+    400: {
+      description: 'Bad request',
+      content: { 'application/json': { schema: errorResponseSchema } },
+    },
+    401: {
+      description: 'Unauthorized',
+      content: { 'application/json': { schema: errorResponseSchema } },
+    },
+    403: {
+      description: 'Forbidden',
+      content: { 'application/json': { schema: errorResponseSchema } },
+    },
   },
 });
 
@@ -77,7 +85,7 @@ sqlRoute.openapi(executeSql, async (c) => {
     return c.json({ code: 400, message: 'id must be a string' }, 400);
   }
   if (id && id.includes(':')) {
-    return c.json({ code: 400, message: 'id must not contain \':\' (§2)' }, 400);
+    return c.json({ code: 400, message: "id must not contain ':' (§2)" }, 400);
   }
   if (!sql || typeof sql !== 'string') {
     return c.json({ code: 400, message: 'sql is required' }, 400);
@@ -89,9 +97,16 @@ sqlRoute.openapi(executeSql, async (c) => {
   if (!dbBlock) {
     return c.json({ code: 404, message: `Namespace '${namespace}' not found in config` }, 404);
   }
-  const isDynamicNamespace = !!(dbBlock.instance || dbBlock.access?.canCreate || dbBlock.access?.access);
+  const isDynamicNamespace = !!(
+    dbBlock.instance ||
+    dbBlock.access?.canCreate ||
+    dbBlock.access?.access
+  );
   if (isDynamicNamespace && !id) {
-    return c.json({ code: 400, message: `id is required for dynamic namespace '${namespace}'` }, 400);
+    return c.json(
+      { code: 400, message: `id is required for dynamic namespace '${namespace}'` },
+      400,
+    );
   }
 
   // Service Key required AND validated
@@ -110,65 +125,25 @@ sqlRoute.openapi(executeSql, async (c) => {
     return c.json({ code: 401, message: 'Unauthorized. Invalid Service Key.' }, 401);
   }
 
-  if (!id && (dbBlock?.provider === 'neon' || dbBlock?.provider === 'postgres')) {
-    const bindingName = getProviderBindingName(namespace);
-    const envRecord = c.env as unknown as Record<string, unknown>;
-    const hyperdrive = envRecord[bindingName] as { connectionString?: string } | undefined;
-    const envKey = dbBlock.connectionString ?? `${bindingName}_URL`;
-    const connStr = hyperdrive?.connectionString ?? (envRecord[envKey] as string | undefined);
-    if (!connStr) {
-      return c.json({ code: 500, message: `PostgreSQL connection '${envKey}' not found.` }, 500);
-    }
-
-    try {
-      const localDevOptions = getLocalDevPostgresExecOptions(c.env as unknown as Record<string, unknown>, namespace);
-      if (localDevOptions) {
-        await ensureLocalDevPostgresSchema(localDevOptions);
-      }
-      const result = await withPostgresConnection(connStr, async (query) => {
-        if (!localDevOptions) {
-          await ensurePgSchema(connStr, namespace, dbBlock.tables ?? {}, query);
-        }
-        return query(sql, params ?? []);
-      }, localDevOptions);
-      const rows = result.rows ?? [];
-      return c.json({ rows, items: rows, results: rows, columns: result.columns, rowCount: result.rowCount });
-    } catch (err) {
-      const message = err instanceof Error ? err.message : 'SQL execution failed';
-      return c.json({ code: 500, message }, 500);
-    }
-  }
-
-  if (!id && shouldRouteToD1(namespace, config)) {
-    const bindingName = getD1BindingName(namespace);
-    const d1 = (c.env as unknown as Record<string, unknown>)[bindingName] as D1Database | undefined;
-    if (!d1) {
-      return c.json({ code: 500, message: `D1 binding '${bindingName}' not found.` }, 500);
-    }
-
-    try {
-      const result = await executeD1Sql(d1, sql, params ?? []);
-      return c.json({
-        rows: result.rows,
-        items: result.rows,
-        results: result.rows,
-        rowCount: result.rowCount,
-      });
-    } catch (err) {
-      const message = err instanceof Error ? err.message : 'SQL execution failed';
-      return c.json({ code: 500, message }, 500);
-    }
-  }
-
   try {
-    const rows = await executeDoSql({
-      databaseNamespace: c.env.DATABASE,
+    const result = await executeProviderAwareSql(
+      {
+        env: c.env,
+        config,
+        databaseNamespace: c.env.DATABASE,
+      },
       namespace,
       id,
-      query: sql,
-      params: params ?? [],
+      sql,
+      params ?? [],
+    );
+    return c.json({
+      rows: result.rows,
+      items: result.rows,
+      results: result.rows,
+      columns: result.columns,
+      rowCount: result.rowCount,
     });
-    return c.json({ rows, items: rows, results: rows });
   } catch (err) {
     const message = err instanceof Error ? err.message : 'SQL execution failed';
     return c.json({ code: 500, message }, 500);

package/src/routes/storage.ts

@@ -44,6 +44,7 @@ import {
   buildFunctionPushProxy,
   buildAdminAuthContext,
   buildAdminDbProxy,
+  executeSqlProviderAware,
   getWorkerUrl,
 } from '../lib/functions.js';
 
@@ -165,18 +166,16 @@ function buildStorageHookAdminContext(
     db: adminDb,
     table: (name: string) => adminDb('shared').table(name),
     auth: buildAdminAuthContext({ d1Database: env.AUTH_DB, serviceKey, workerUrl }),
-    async sql(namespace: string, id: string | undefined, query: string, params?: unknown[]) {
-      if (workerUrl && serviceKey) {
-        const res = await fetch(`${workerUrl}/api/sql`, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json', 'X-EdgeBase-Service-Key': serviceKey },
-          body: JSON.stringify({ namespace, id, sql: query, params: params ?? [] }),
-        });
-        if (!res.ok) throw new Error(`admin.sql() failed: ${res.status}`);
-        return res.json();
-      }
-      throw new Error('admin.sql() requires workerUrl in storage hook context.');
-    },
+    sqlProviderAware: (namespace: string, id: string | undefined, query: string, params?: unknown[]) =>
+      executeSqlProviderAware(
+        { env, config, databaseNamespace: env.DATABASE, workerUrl, serviceKey },
+        namespace, id, query, params,
+      ),
+    sqlWithDirectD1Access: (namespace: string, id: string | undefined, query: string, params?: unknown[]) =>
+      executeSqlProviderAware(
+        { env, config, databaseNamespace: env.DATABASE, workerUrl, serviceKey },
+        namespace, id, query, params,
+      ),
     async broadcast(channel: string, event: string, payload?: Record<string, unknown>) {
       if (workerUrl && serviceKey) {
         await fetch(`${workerUrl}/api/db/broadcast`, {

package/src/types.ts

@@ -100,6 +100,8 @@ export interface Env {
   EDGEBASE_USE_TEST_CONFIG?: string;
 
   // ─── Dev Mode ───
+  /** Enables browser-based first-admin setup for the local dev server. */
+  EDGEBASE_ALLOW_PUBLIC_ADMIN_SETUP?: string;
   /** Schema Editor sidecar port — set by CLI dev command via --var */
   EDGEBASE_DEV_SIDECAR_PORT?: string;
 }

package/admin-build/_app/immutable/entry/start.zXCirpgY.js

@@ -1 +0,0 @@
-import{a as r}from"../chunks/m9QZTyVV.js";import{w as t}from"../chunks/D755Tqat.js";export{t as load_css,r as start};

package/admin-build/_app/immutable/nodes/21.DoPabrY_.js

@@ -1 +0,0 @@
-import{_ as m}from"../chunks/B0QyxC2M.js";export{m as component};