@geekmidas/testkit 1.0.1 → 1.0.3

package/dist/initScript.d.cts

@@ -0,0 +1,45 @@
+//#region src/initScript.d.ts
+/**
+ * Parse a shell init script (like docker/postgres/init.sh) and extract
+ * SQL blocks from heredoc sections (<<-EOSQL ... EOSQL).
+ *
+ * @param content - The shell script content
+ * @param env - Environment variables to substitute ($VAR_NAME references)
+ * @returns Array of SQL strings ready to execute
+ * @internal Exported for testing
+ */
+declare function parseInitScript(content: string, env: Record<string, string>): string[];
+/**
+ * Read a postgres init script, parse out the SQL blocks,
+ * substitute environment variables, and execute against a database.
+ *
+ * This is intended to run `docker/postgres/init.sh` against a test database
+ * so that per-app users and schemas are created (matching what Docker does
+ * on first volume initialization).
+ *
+ * Uses `CREATE ... IF NOT EXISTS` and `DO $$ ... END $$` wrappers where
+ * needed so the script is idempotent.
+ *
+ * @param scriptPath - Path to the init.sh file
+ * @param databaseUrl - PostgreSQL connection URL (should point to the test database)
+ *
+ * @example
+ * ```typescript
+ * // In your globalSetup.ts
+ * import { runInitScript } from '@geekmidas/testkit/postgres';
+ * import { Credentials } from '@geekmidas/envkit/credentials';
+ *
+ * const cleanup = await migrator.start();
+ *
+ * // Create per-app users in the test database
+ * await runInitScript('docker/postgres/init.sh', Credentials.DATABASE_URL, {
+ *   ...process.env,
+ *   ...Credentials,
+ * });
+ * ```
+ */
+declare function runInitScript(scriptPath: string, databaseUrl: string, env?: Record<string, string>): Promise<void>;
+//# sourceMappingURL=initScript.d.ts.map
+//#endregion
+export { parseInitScript, runInitScript };
+//# sourceMappingURL=initScript.d.cts.map

package/dist/initScript.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"initScript.d.cts","names":[],"sources":["../src/initScript.ts"],"sourcesContent":[],"mappings":";;AAcA;AA0EA;;;;AAIU;;;iBA9EM,eAAA,uBAEV;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAwEgB,aAAA,gDAGf,yBACJ"}

package/dist/initScript.d.mts

@@ -0,0 +1,45 @@
+//#region src/initScript.d.ts
+/**
+ * Parse a shell init script (like docker/postgres/init.sh) and extract
+ * SQL blocks from heredoc sections (<<-EOSQL ... EOSQL).
+ *
+ * @param content - The shell script content
+ * @param env - Environment variables to substitute ($VAR_NAME references)
+ * @returns Array of SQL strings ready to execute
+ * @internal Exported for testing
+ */
+declare function parseInitScript(content: string, env: Record<string, string>): string[];
+/**
+ * Read a postgres init script, parse out the SQL blocks,
+ * substitute environment variables, and execute against a database.
+ *
+ * This is intended to run `docker/postgres/init.sh` against a test database
+ * so that per-app users and schemas are created (matching what Docker does
+ * on first volume initialization).
+ *
+ * Uses `CREATE ... IF NOT EXISTS` and `DO $$ ... END $$` wrappers where
+ * needed so the script is idempotent.
+ *
+ * @param scriptPath - Path to the init.sh file
+ * @param databaseUrl - PostgreSQL connection URL (should point to the test database)
+ *
+ * @example
+ * ```typescript
+ * // In your globalSetup.ts
+ * import { runInitScript } from '@geekmidas/testkit/postgres';
+ * import { Credentials } from '@geekmidas/envkit/credentials';
+ *
+ * const cleanup = await migrator.start();
+ *
+ * // Create per-app users in the test database
+ * await runInitScript('docker/postgres/init.sh', Credentials.DATABASE_URL, {
+ *   ...process.env,
+ *   ...Credentials,
+ * });
+ * ```
+ */
+declare function runInitScript(scriptPath: string, databaseUrl: string, env?: Record<string, string>): Promise<void>;
+//# sourceMappingURL=initScript.d.ts.map
+//#endregion
+export { parseInitScript, runInitScript };
+//# sourceMappingURL=initScript.d.mts.map

package/dist/initScript.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"initScript.d.mts","names":[],"sources":["../src/initScript.ts"],"sourcesContent":[],"mappings":";;AAcA;AA0EA;;;;AAIU;;;iBA9EM,eAAA,uBAEV;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAwEgB,aAAA,gDAGf,yBACJ"}

package/dist/initScript.mjs

@@ -0,0 +1,93 @@
+import pg from "pg";
+import { readFileSync } from "node:fs";
+
+//#region src/initScript.ts
+const { Client } = pg;
+/**
+* Parse a shell init script (like docker/postgres/init.sh) and extract
+* SQL blocks from heredoc sections (<<-EOSQL ... EOSQL).
+*
+* @param content - The shell script content
+* @param env - Environment variables to substitute ($VAR_NAME references)
+* @returns Array of SQL strings ready to execute
+* @internal Exported for testing
+*/
+function parseInitScript(content, env) {
+	const blocks = [];
+	const lines = content.split("\n");
+	let inHeredoc = false;
+	let currentBlock = [];
+	for (const line of lines) if (inHeredoc) if (/^\s*EOSQL\s*$/.test(line)) {
+		const sql = substituteEnvVars(currentBlock.join("\n"), env);
+		blocks.push(sql);
+		currentBlock = [];
+		inHeredoc = false;
+	} else currentBlock.push(line);
+	else if (line.includes("<<-EOSQL") || line.includes("<< EOSQL") || line.includes("<<EOSQL")) {
+		inHeredoc = true;
+		currentBlock = [];
+	}
+	return blocks;
+}
+/**
+* Replace shell variable references ($VAR_NAME and ${VAR_NAME})
+* with values from the provided env object.
+*/
+function substituteEnvVars(sql, env) {
+	let result = sql.replace(/\$\{(\w+)\}/g, (_, name) => env[name] ?? "");
+	result = result.replace(/\$(\w+)/g, (_, name) => env[name] ?? "");
+	return result;
+}
+/**
+* Read a postgres init script, parse out the SQL blocks,
+* substitute environment variables, and execute against a database.
+*
+* This is intended to run `docker/postgres/init.sh` against a test database
+* so that per-app users and schemas are created (matching what Docker does
+* on first volume initialization).
+*
+* Uses `CREATE ... IF NOT EXISTS` and `DO $$ ... END $$` wrappers where
+* needed so the script is idempotent.
+*
+* @param scriptPath - Path to the init.sh file
+* @param databaseUrl - PostgreSQL connection URL (should point to the test database)
+*
+* @example
+* ```typescript
+* // In your globalSetup.ts
+* import { runInitScript } from '@geekmidas/testkit/postgres';
+* import { Credentials } from '@geekmidas/envkit/credentials';
+*
+* const cleanup = await migrator.start();
+*
+* // Create per-app users in the test database
+* await runInitScript('docker/postgres/init.sh', Credentials.DATABASE_URL, {
+*   ...process.env,
+*   ...Credentials,
+* });
+* ```
+*/
+async function runInitScript(scriptPath, databaseUrl, env) {
+	const content = readFileSync(scriptPath, "utf-8");
+	const resolvedEnv = env ?? { ...process.env };
+	const blocks = parseInitScript(content, resolvedEnv);
+	if (blocks.length === 0) return;
+	const url = new URL(databaseUrl);
+	const client = new Client({
+		user: url.username,
+		password: decodeURIComponent(url.password),
+		host: url.hostname,
+		port: parseInt(url.port, 10),
+		database: url.pathname.slice(1)
+	});
+	try {
+		await client.connect();
+		for (const sql of blocks) await client.query(sql);
+	} finally {
+		await client.end();
+	}
+}
+
+//#endregion
+export { parseInitScript, runInitScript };
+//# sourceMappingURL=initScript.mjs.map

package/dist/initScript.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"initScript.mjs","names":["content: string","env: Record<string, string>","blocks: string[]","currentBlock: string[]","sql: string","scriptPath: string","databaseUrl: string","env?: Record<string, string>"],"sources":["../src/initScript.ts"],"sourcesContent":["import { readFileSync } from 'node:fs';\nimport pg from 'pg';\n\nconst { Client } = pg;\n\n/**\n * Parse a shell init script (like docker/postgres/init.sh) and extract\n * SQL blocks from heredoc sections (<<-EOSQL ... EOSQL).\n *\n * @param content - The shell script content\n * @param env - Environment variables to substitute ($VAR_NAME references)\n * @returns Array of SQL strings ready to execute\n * @internal Exported for testing\n */\nexport function parseInitScript(\n\tcontent: string,\n\tenv: Record<string, string>,\n): string[] {\n\tconst blocks: string[] = [];\n\tconst lines = content.split('\\n');\n\tlet inHeredoc = false;\n\tlet currentBlock: string[] = [];\n\n\tfor (const line of lines) {\n\t\tif (inHeredoc) {\n\t\t\t// Check for heredoc terminator (EOSQL at start of line, with optional leading whitespace)\n\t\t\tif (/^\\s*EOSQL\\s*$/.test(line)) {\n\t\t\t\tconst sql = substituteEnvVars(currentBlock.join('\\n'), env);\n\t\t\t\tblocks.push(sql);\n\t\t\t\tcurrentBlock = [];\n\t\t\t\tinHeredoc = false;\n\t\t\t} else {\n\t\t\t\tcurrentBlock.push(line);\n\t\t\t}\n\t\t} else if (\n\t\t\tline.includes('<<-EOSQL') ||\n\t\t\tline.includes('<< EOSQL') ||\n\t\t\tline.includes('<<EOSQL')\n\t\t) {\n\t\t\tinHeredoc = true;\n\t\t\tcurrentBlock = [];\n\t\t}\n\t}\n\n\treturn blocks;\n}\n\n/**\n * Replace shell variable references ($VAR_NAME and ${VAR_NAME})\n * with values from the provided env object.\n */\nfunction substituteEnvVars(sql: string, env: Record<string, string>): string {\n\t// Replace ${VAR_NAME} syntax\n\tlet result = sql.replace(/\\$\\{(\\w+)\\}/g, (_, name) => env[name] ?? '');\n\t// Replace $VAR_NAME syntax (word boundary after)\n\tresult = result.replace(/\\$(\\w+)/g, (_, name) => env[name] ?? '');\n\treturn result;\n}\n\n/**\n * Read a postgres init script, parse out the SQL blocks,\n * substitute environment variables, and execute against a database.\n *\n * This is intended to run `docker/postgres/init.sh` against a test database\n * so that per-app users and schemas are created (matching what Docker does\n * on first volume initialization).\n *\n * Uses `CREATE ... IF NOT EXISTS` and `DO $$ ... END $$` wrappers where\n * needed so the script is idempotent.\n *\n * @param scriptPath - Path to the init.sh file\n * @param databaseUrl - PostgreSQL connection URL (should point to the test database)\n *\n * @example\n * ```typescript\n * // In your globalSetup.ts\n * import { runInitScript } from '@geekmidas/testkit/postgres';\n * import { Credentials } from '@geekmidas/envkit/credentials';\n *\n * const cleanup = await migrator.start();\n *\n * // Create per-app users in the test database\n * await runInitScript('docker/postgres/init.sh', Credentials.DATABASE_URL, {\n *   ...process.env,\n *   ...Credentials,\n * });\n * ```\n */\nexport async function runInitScript(\n\tscriptPath: string,\n\tdatabaseUrl: string,\n\tenv?: Record<string, string>,\n): Promise<void> {\n\tconst content = readFileSync(scriptPath, 'utf-8');\n\tconst resolvedEnv = env ?? ({ ...process.env } as Record<string, string>);\n\tconst blocks = parseInitScript(content, resolvedEnv);\n\n\tif (blocks.length === 0) {\n\t\treturn;\n\t}\n\n\tconst url = new URL(databaseUrl);\n\tconst client = new Client({\n\t\tuser: url.username,\n\t\tpassword: decodeURIComponent(url.password),\n\t\thost: url.hostname,\n\t\tport: parseInt(url.port, 10),\n\t\tdatabase: url.pathname.slice(1),\n\t});\n\n\ttry {\n\t\tawait client.connect();\n\t\tfor (const sql of blocks) {\n\t\t\tawait client.query(sql);\n\t\t}\n\t} finally {\n\t\tawait client.end();\n\t}\n}\n"],"mappings":";;;;AAGA,MAAM,EAAE,QAAQ,GAAG;;;;;;;;;;AAWnB,SAAgB,gBACfA,SACAC,KACW;CACX,MAAMC,SAAmB,CAAE;CAC3B,MAAM,QAAQ,QAAQ,MAAM,KAAK;CACjC,IAAI,YAAY;CAChB,IAAIC,eAAyB,CAAE;AAE/B,MAAK,MAAM,QAAQ,MAClB,KAAI,UAEH,KAAI,gBAAgB,KAAK,KAAK,EAAE;EAC/B,MAAM,MAAM,kBAAkB,aAAa,KAAK,KAAK,EAAE,IAAI;AAC3D,SAAO,KAAK,IAAI;AAChB,iBAAe,CAAE;AACjB,cAAY;CACZ,MACA,cAAa,KAAK,KAAK;UAGxB,KAAK,SAAS,WAAW,IACzB,KAAK,SAAS,WAAW,IACzB,KAAK,SAAS,UAAU,EACvB;AACD,cAAY;AACZ,iBAAe,CAAE;CACjB;AAGF,QAAO;AACP;;;;;AAMD,SAAS,kBAAkBC,KAAaH,KAAqC;CAE5E,IAAI,SAAS,IAAI,QAAQ,gBAAgB,CAAC,GAAG,SAAS,IAAI,SAAS,GAAG;AAEtE,UAAS,OAAO,QAAQ,YAAY,CAAC,GAAG,SAAS,IAAI,SAAS,GAAG;AACjE,QAAO;AACP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BD,eAAsB,cACrBI,YACAC,aACAC,KACgB;CAChB,MAAM,UAAU,aAAa,YAAY,QAAQ;CACjD,MAAM,cAAc,OAAQ,EAAE,GAAG,QAAQ,IAAK;CAC9C,MAAM,SAAS,gBAAgB,SAAS,YAAY;AAEpD,KAAI,OAAO,WAAW,EACrB;CAGD,MAAM,MAAM,IAAI,IAAI;CACpB,MAAM,SAAS,IAAI,OAAO;EACzB,MAAM,IAAI;EACV,UAAU,mBAAmB,IAAI,SAAS;EAC1C,MAAM,IAAI;EACV,MAAM,SAAS,IAAI,MAAM,GAAG;EAC5B,UAAU,IAAI,SAAS,MAAM,EAAE;CAC/B;AAED,KAAI;AACH,QAAM,OAAO,SAAS;AACtB,OAAK,MAAM,OAAO,OACjB,OAAM,OAAO,MAAM,IAAI;CAExB,UAAS;AACT,QAAM,OAAO,KAAK;CAClB;AACD"}

package/dist/kysely.cjs

@@ -1,8 +1,8 @@
 require('./Factory-BhjUOBWN.cjs');
 const require_faker = require('./faker-B14IEMIN.cjs');
 const require_KyselyFactory = require('./KyselyFactory-BFqVIn_0.cjs');
-require('./PostgresMigrator-D6dQn0x2.cjs');
-const require_PostgresKyselyMigrator = require('./PostgresKyselyMigrator-D6IbPq8t.cjs');
+require('./PostgresMigrator-CHiBYEg_.cjs');
+const require_PostgresKyselyMigrator = require('./PostgresKyselyMigrator-C7ljZYvq.cjs');
 const require_VitestTransactionIsolator = require('./VitestTransactionIsolator-CMfJXZP8.cjs');
 const require_VitestKyselyTransactionIsolator = require('./VitestKyselyTransactionIsolator-D7RRXOBa.cjs');
 

package/dist/kysely.d.mts

@@ -1,6 +1,6 @@
-import { FakerFactory, faker } from "./faker-BcjUfHxx.mjs";
-import { ExtractSeedAttrs, FactorySeed } from "./Factory-ClyZLRsO.mjs";
-import { KyselyFactory } from "./KyselyFactory-CTZmiGI9.mjs";
+import { FakerFactory, faker } from "./faker-DsYCplsG.mjs";
+import { ExtractSeedAttrs, FactorySeed } from "./Factory-CVR3GdkW.mjs";
+import { KyselyFactory } from "./KyselyFactory-DRlMv-WT.mjs";
 import "./PostgresMigrator-S-YYosAC.mjs";
 import { PostgresKyselyMigrator } from "./PostgresKyselyMigrator-DrVWncqd.mjs";
 import { DatabaseConnection, DatabaseFixtures, ExtendedDatabaseFixtures, FixtureCreators, IsolationLevel, TestWithExtendedFixtures, TransactionWrapperOptions } from "./VitestTransactionIsolator-BNWJqh9f.mjs";

package/dist/kysely.mjs

@@ -1,8 +1,8 @@
 import "./Factory-BFVnMMCC.mjs";
 import { faker } from "./faker-BGKYFoCT.mjs";
 import { KyselyFactory } from "./KyselyFactory-DMswpwji.mjs";
-import "./PostgresMigrator-BjjenqSd.mjs";
-import { PostgresKyselyMigrator } from "./PostgresKyselyMigrator-6sE1KOni.mjs";
+import "./PostgresMigrator-DcP1o-T6.mjs";
+import { PostgresKyselyMigrator } from "./PostgresKyselyMigrator-B4pScubb.mjs";
 import { IsolationLevel, extendWithFixtures } from "./VitestTransactionIsolator-DQ7tLqgV.mjs";
 import { VitestKyselyTransactionIsolator } from "./VitestKyselyTransactionIsolator-DceyIqr4.mjs";
 

package/dist/objection.cjs

@@ -1,8 +1,8 @@
 require('./Factory-BhjUOBWN.cjs');
 const require_faker = require('./faker-B14IEMIN.cjs');
 const require_ObjectionFactory = require('./ObjectionFactory-BeFBYcan.cjs');
-require('./PostgresMigrator-D6dQn0x2.cjs');
-const require_PostgresObjectionMigrator = require('./PostgresObjectionMigrator-DK8ODIHQ.cjs');
+require('./PostgresMigrator-CHiBYEg_.cjs');
+const require_PostgresObjectionMigrator = require('./PostgresObjectionMigrator-BXLAVVwm.cjs');
 const require_VitestTransactionIsolator = require('./VitestTransactionIsolator-CMfJXZP8.cjs');
 const require_VitestObjectionTransactionIsolator = require('./VitestObjectionTransactionIsolator-CdLRrzNf.cjs');
 

package/dist/objection.d.mts

@@ -1,6 +1,6 @@
-import { FakerFactory, faker } from "./faker-BcjUfHxx.mjs";
-import { ExtractSeedAttrs, FactorySeed } from "./Factory-ClyZLRsO.mjs";
-import { ObjectionFactory } from "./ObjectionFactory-DDrKwAoO.mjs";
+import { FakerFactory, faker } from "./faker-DsYCplsG.mjs";
+import { ExtractSeedAttrs, FactorySeed } from "./Factory-CVR3GdkW.mjs";
+import { ObjectionFactory } from "./ObjectionFactory-DkJUf-uM.mjs";
 import "./PostgresMigrator-S-YYosAC.mjs";
 import { PostgresObjectionMigrator } from "./PostgresObjectionMigrator-DVEqB5tp.mjs";
 import { DatabaseConnection, DatabaseFixtures, ExtendedDatabaseFixtures, FixtureCreators, IsolationLevel, TestWithExtendedFixtures, TransactionWrapperOptions } from "./VitestTransactionIsolator-BNWJqh9f.mjs";

package/dist/objection.mjs

@@ -1,8 +1,8 @@
 import "./Factory-BFVnMMCC.mjs";
 import { faker } from "./faker-BGKYFoCT.mjs";
 import { ObjectionFactory } from "./ObjectionFactory-QCJ7u0Ql.mjs";
-import "./PostgresMigrator-BjjenqSd.mjs";
-import { PostgresObjectionMigrator } from "./PostgresObjectionMigrator-D_QxXbIN.mjs";
+import "./PostgresMigrator-DcP1o-T6.mjs";
+import { PostgresObjectionMigrator } from "./PostgresObjectionMigrator-BJ5X48U8.mjs";
 import { IsolationLevel, extendWithFixtures } from "./VitestTransactionIsolator-DQ7tLqgV.mjs";
 import { VitestObjectionTransactionIsolator } from "./VitestObjectionTransactionIsolator-OF2osYY5.mjs";
 

package/dist/os/directory.d.cts

@@ -1,2 +1,2 @@
-import { DirectoryFixtures, itWithDir } from "../directory-DAnMWi50.cjs";
+import { DirectoryFixtures, itWithDir } from "../directory-DGOcVlKD.cjs";
 export { DirectoryFixtures, itWithDir };

package/dist/os/directory.d.mts

@@ -1,2 +1,2 @@
-import { DirectoryFixtures, itWithDir } from "../directory-CVrfTq1I.mjs";
+import { DirectoryFixtures, itWithDir } from "../directory-YzQUGC5g.mjs";
 export { DirectoryFixtures, itWithDir };

package/dist/os/index.d.cts

@@ -1,2 +1,2 @@
-import { itWithDir } from "../directory-DAnMWi50.cjs";
+import { itWithDir } from "../directory-DGOcVlKD.cjs";
 export { itWithDir };

package/dist/os/index.d.mts

@@ -1,2 +1,2 @@
-import { itWithDir } from "../directory-CVrfTq1I.mjs";
+import { itWithDir } from "../directory-YzQUGC5g.mjs";
 export { itWithDir };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/testkit",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "private": false,
   "type": "module",
   "exports": {
@@ -48,6 +48,11 @@
       "types": "./dist/benchmark.d.ts",
       "import": "./dist/benchmark.mjs",
       "require": "./dist/benchmark.cjs"
+    },
+    "./postgres": {
+      "types": "./dist/initScript.d.ts",
+      "import": "./dist/initScript.mjs",
+      "require": "./dist/initScript.cjs"
     }
   },
   "dependencies": {
@@ -55,7 +60,7 @@
   },
   "devDependencies": {
     "@types/pg": "~8.15.4",
-    "@geekmidas/envkit": "^1.0.0",
+    "@geekmidas/envkit": "^1.0.3",
     "@geekmidas/logger": "^1.0.0"
   },
   "repository": {
@@ -75,8 +80,8 @@
     "vitest": "~3.2.4",
     "@types/aws-lambda": ">=8.10.92",
     "better-auth": ">=1.3.34",
-    "@geekmidas/envkit": "^1.0.0",
-    "@geekmidas/logger": "^1.0.0"
+    "@geekmidas/logger": "^1.0.0",
+    "@geekmidas/envkit": "^1.0.3"
   },
   "peerDependenciesMeta": {
     "@geekmidas/envkit": {

package/src/PostgresMigrator.ts

@@ -98,7 +98,15 @@ export abstract class PostgresMigrator {
 			);
 
 			if (result.rowCount === 0) {
-				await db.query(`CREATE DATABASE "${database}"`);
+				try {
+					await db.query(`CREATE DATABASE "${database}"`);
+				} catch (error: any) {
+					// 42P04 = duplicate_database — another process created it between our check and create
+					if (error?.code === '42P04') {
+						return { alreadyExisted: true };
+					}
+					throw error;
+				}
 			}
 
 			return {

package/src/__tests__/initScript.spec.ts

@@ -0,0 +1,308 @@
+import { writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import pg from 'pg';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+import { parseInitScript, runInitScript } from '../initScript';
+
+describe('parseInitScript', () => {
+	it('should extract SQL from EOSQL heredoc blocks', () => {
+		const script = `#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER api WITH PASSWORD '$API_DB_PASSWORD';
+    GRANT ALL ON SCHEMA public TO api;
+EOSQL
+`;
+
+		const blocks = parseInitScript(script, {
+			POSTGRES_USER: 'app',
+			POSTGRES_DB: 'mydb',
+			API_DB_PASSWORD: 'secret123',
+		});
+
+		expect(blocks).toHaveLength(1);
+		expect(blocks[0]).toContain("CREATE USER api WITH PASSWORD 'secret123'");
+		expect(blocks[0]).toContain('GRANT ALL ON SCHEMA public TO api');
+	});
+
+	it('should extract multiple heredoc blocks', () => {
+		const script = `#!/bin/bash
+set -e
+
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER api WITH PASSWORD '$API_DB_PASSWORD';
+EOSQL
+
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER auth WITH PASSWORD '$AUTH_DB_PASSWORD';
+    CREATE SCHEMA auth AUTHORIZATION auth;
+EOSQL
+
+echo "Done!"
+`;
+
+		const blocks = parseInitScript(script, {
+			POSTGRES_USER: 'app',
+			POSTGRES_DB: 'mydb',
+			API_DB_PASSWORD: 'apipass',
+			AUTH_DB_PASSWORD: 'authpass',
+		});
+
+		expect(blocks).toHaveLength(2);
+		expect(blocks[0]).toContain("CREATE USER api WITH PASSWORD 'apipass'");
+		expect(blocks[1]).toContain("CREATE USER auth WITH PASSWORD 'authpass'");
+		expect(blocks[1]).toContain('CREATE SCHEMA auth AUTHORIZATION auth');
+	});
+
+	it('should substitute $VAR_NAME syntax', () => {
+		const script = `psql <<-EOSQL
+    CREATE USER $APP_USER WITH PASSWORD '$APP_PASSWORD';
+EOSQL`;
+
+		const blocks = parseInitScript(script, {
+			APP_USER: 'myuser',
+			APP_PASSWORD: 'mypass',
+		});
+
+		expect(blocks[0]).toContain("CREATE USER myuser WITH PASSWORD 'mypass'");
+	});
+
+	it('should substitute ${VAR_NAME} syntax', () => {
+		const script = `psql <<-EOSQL
+    CREATE USER \${APP_USER} WITH PASSWORD '\${APP_PASSWORD}';
+EOSQL`;
+
+		const blocks = parseInitScript(script, {
+			APP_USER: 'myuser',
+			APP_PASSWORD: 'mypass',
+		});
+
+		expect(blocks[0]).toContain("CREATE USER myuser WITH PASSWORD 'mypass'");
+	});
+
+	it('should replace missing vars with empty string', () => {
+		const script = `psql <<-EOSQL
+    CREATE USER api WITH PASSWORD '$MISSING_VAR';
+EOSQL`;
+
+		const blocks = parseInitScript(script, {});
+
+		expect(blocks[0]).toContain("CREATE USER api WITH PASSWORD ''");
+	});
+
+	it('should return empty array for script with no heredocs', () => {
+		const script = `#!/bin/bash
+echo "Hello world"
+`;
+
+		const blocks = parseInitScript(script, {});
+
+		expect(blocks).toEqual([]);
+	});
+
+	it('should handle the full generated init.sh format', () => {
+		const script = `#!/bin/bash
+set -e
+
+# Auto-generated PostgreSQL init script
+# Creates per-app users with separate schemas in a single database
+# - api: uses public schema
+# - auth: uses auth schema (search_path=auth)
+
+# Create api user (uses public schema)
+echo "Creating user api..."
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER api WITH PASSWORD '$API_DB_PASSWORD';
+    GRANT ALL ON SCHEMA public TO api;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO api;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO api;
+EOSQL
+
+
+# Create auth user with dedicated schema
+echo "Creating user auth with schema auth..."
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER auth WITH PASSWORD '$AUTH_DB_PASSWORD';
+    CREATE SCHEMA auth AUTHORIZATION auth;
+    ALTER USER auth SET search_path TO auth;
+    GRANT USAGE ON SCHEMA auth TO auth;
+    GRANT ALL ON ALL TABLES IN SCHEMA auth TO auth;
+    GRANT ALL ON ALL SEQUENCES IN SCHEMA auth TO auth;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA auth GRANT ALL ON TABLES TO auth;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA auth GRANT ALL ON SEQUENCES TO auth;
+EOSQL
+
+echo "Database initialization complete!"
+`;
+
+		const blocks = parseInitScript(script, {
+			POSTGRES_USER: 'app',
+			POSTGRES_DB: 'residentman_dev_test',
+			API_DB_PASSWORD: 'apipass123',
+			AUTH_DB_PASSWORD: 'authpass456',
+		});
+
+		expect(blocks).toHaveLength(2);
+
+		// API block
+		expect(blocks[0]).toContain("CREATE USER api WITH PASSWORD 'apipass123'");
+		expect(blocks[0]).toContain('GRANT ALL ON SCHEMA public TO api');
+		expect(blocks[0]).toContain('ALTER DEFAULT PRIVILEGES IN SCHEMA public');
+
+		// Auth block
+		expect(blocks[1]).toContain("CREATE USER auth WITH PASSWORD 'authpass456'");
+		expect(blocks[1]).toContain('CREATE SCHEMA auth AUTHORIZATION auth');
+		expect(blocks[1]).toContain('ALTER USER auth SET search_path TO auth');
+	});
+});
+
+const PG_CONFIG = {
+	host: 'localhost',
+	port: 5432,
+	user: 'geekmidas',
+	password: 'geekmidas',
+};
+
+/**
+ * Helper to run queries against the postgres admin database.
+ */
+async function adminQuery(...queries: string[]): Promise<void> {
+	const client = new pg.Client({ ...PG_CONFIG, database: 'postgres' });
+	try {
+		await client.connect();
+		for (const sql of queries) {
+			await client.query(sql);
+		}
+	} finally {
+		await client.end();
+	}
+}
+
+/**
+ * Force-drop a role by reassigning owned objects and revoking privileges first.
+ */
+async function forceDropRole(role: string): Promise<void> {
+	// Find all databases where this role might own objects
+	const client = new pg.Client({ ...PG_CONFIG, database: 'postgres' });
+	try {
+		await client.connect();
+		const result = await client.query(
+			"SELECT datname FROM pg_database WHERE datistemplate = false AND datname != 'postgres'",
+		);
+		for (const row of result.rows) {
+			const dbClient = new pg.Client({
+				...PG_CONFIG,
+				database: row.datname,
+			});
+			try {
+				await dbClient.connect();
+				await dbClient.query(`REASSIGN OWNED BY ${role} TO ${PG_CONFIG.user}`);
+				await dbClient.query(`DROP OWNED BY ${role}`);
+			} catch {
+				// Role might not exist in this database, ignore
+			} finally {
+				await dbClient.end();
+			}
+		}
+		await client.query(`DROP ROLE IF EXISTS ${role}`);
+	} finally {
+		await client.end();
+	}
+}
+
+describe('runInitScript', () => {
+	const dbName = `test_init_script_${Date.now()}`;
+	const dbUrl = `postgresql://${PG_CONFIG.user}:${PG_CONFIG.password}@${PG_CONFIG.host}:${PG_CONFIG.port}/${dbName}`;
+
+	beforeAll(async () => {
+		// Clean up stale state from previous failed runs
+		await forceDropRole('test_api');
+		await forceDropRole('test_auth');
+		await adminQuery(
+			`DROP DATABASE IF EXISTS "${dbName}"`,
+			`CREATE DATABASE "${dbName}"`,
+		);
+	});
+
+	afterAll(async () => {
+		// Drop the database first (removes object dependencies), then roles
+		await adminQuery(`DROP DATABASE IF EXISTS "${dbName}"`);
+		await forceDropRole('test_api');
+		await forceDropRole('test_auth');
+	});
+
+	it('should create users and schemas from init script', async () => {
+		// Write a test init script to a temp file
+		const scriptPath = join(tmpdir(), `init-${Date.now()}.sh`);
+		writeFileSync(
+			scriptPath,
+			`#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER test_api WITH PASSWORD '$API_DB_PASSWORD';
+    GRANT ALL ON SCHEMA public TO test_api;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO test_api;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO test_api;
+EOSQL
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER test_auth WITH PASSWORD '$AUTH_DB_PASSWORD';
+    CREATE SCHEMA IF NOT EXISTS test_auth AUTHORIZATION test_auth;
+    ALTER USER test_auth SET search_path TO test_auth;
+    GRANT USAGE ON SCHEMA test_auth TO test_auth;
+    GRANT ALL ON ALL TABLES IN SCHEMA test_auth TO test_auth;
+    GRANT ALL ON ALL SEQUENCES IN SCHEMA test_auth TO test_auth;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA test_auth GRANT ALL ON TABLES TO test_auth;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA test_auth GRANT ALL ON SEQUENCES TO test_auth;
+EOSQL
+
+echo "Done!"
+`,
+		);
+
+		// Run the init script against the test database
+		await runInitScript(scriptPath, dbUrl, {
+			POSTGRES_USER: PG_CONFIG.user,
+			POSTGRES_DB: dbName,
+			API_DB_PASSWORD: 'apipass',
+			AUTH_DB_PASSWORD: 'authpass',
+		});
+
+		// Verify: connect as test_api and check access to public schema
+		const apiClient = new pg.Client({
+			...PG_CONFIG,
+			user: 'test_api',
+			password: 'apipass',
+			database: dbName,
+		});
+		await apiClient.connect();
+		await apiClient.query(
+			'CREATE TABLE IF NOT EXISTS api_test_table (id serial PRIMARY KEY)',
+		);
+		const apiResult = await apiClient.query(
+			"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' AND table_name = 'api_test_table'",
+		);
+		expect(apiResult.rowCount).toBe(1);
+		await apiClient.end();
+
+		// Verify: connect as test_auth and check dedicated schema
+		const authClient = new pg.Client({
+			...PG_CONFIG,
+			user: 'test_auth',
+			password: 'authpass',
+			database: dbName,
+		});
+		await authClient.connect();
+		const schemaResult = await authClient.query(
+			"SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'test_auth'",
+		);
+		expect(schemaResult.rowCount).toBe(1);
+		await authClient.query(
+			'CREATE TABLE IF NOT EXISTS test_auth.auth_test_table (id serial PRIMARY KEY)',
+		);
+		await authClient.end();
+	});
+});