@kozou/api 0.0.1 → 1.0.0

package/dist/schema-lookup.js

@@ -0,0 +1,61 @@
+// Resolve a request path segment (e.g. "books" or "public.books") to a
+// concrete table or view from the introspected SchemaContext. This map is
+// the allowlist: only resources that exist in the schema are addressable,
+// and only their declared columns can be filtered / sorted on.
+export function buildResourceLookup(schema) {
+    const resources = [];
+    for (const t of schema.tables) {
+        resources.push({
+            kind: 'table',
+            schema: t.schema,
+            name: t.name,
+            qualifiedName: t.qualifiedName,
+            columns: t.columns,
+            primaryKey: t.primaryKey,
+            relations: t.relations ?? [],
+        });
+    }
+    for (const v of schema.views) {
+        resources.push({
+            kind: 'view',
+            schema: v.schema,
+            name: v.name,
+            qualifiedName: v.qualifiedName,
+            columns: v.columns,
+            primaryKey: [],
+            relations: [],
+        });
+    }
+    const byKey = new Map();
+    const bareNameCounts = new Map();
+    for (const r of resources) {
+        byKey.set(r.qualifiedName, r);
+        bareNameCounts.set(r.name, (bareNameCounts.get(r.name) ?? 0) + 1);
+    }
+    // Register the bare name only when it is unique across schemas and does
+    // not collide with an existing qualified-name key.
+    for (const r of resources) {
+        if (bareNameCounts.get(r.name) === 1 && !byKey.has(r.name)) {
+            byKey.set(r.name, r);
+        }
+    }
+    const sortedNames = resources.map((r) => r.qualifiedName).sort();
+    // Reverse index: parent qualifiedName -> children that reference it.
+    const reverseIndex = new Map();
+    for (const r of resources) {
+        for (const rel of r.relations) {
+            const parentKey = `${rel.references.schema}.${rel.references.table}`;
+            const list = reverseIndex.get(parentKey);
+            if (list)
+                list.push({ child: r, relation: rel });
+            else
+                reverseIndex.set(parentKey, [{ child: r, relation: rel }]);
+        }
+    }
+    return {
+        resolve: (name) => byKey.get(name),
+        list: () => sortedNames,
+        reverse: (qualifiedName) => reverseIndex.get(qualifiedName) ?? [],
+    };
+}
+//# sourceMappingURL=schema-lookup.js.map

package/dist/schema-lookup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-lookup.js","sourceRoot":"","sources":["../src/schema-lookup.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,0EAA0E;AAC1E,0EAA0E;AAC1E,+DAA+D;AAmC/D,MAAM,UAAU,mBAAmB,CAAC,MAAqB;IACvD,MAAM,SAAS,GAAe,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC9B,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,wEAAwE;IACxE,mDAAmD;IACnD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3D,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;IAEjE,qEAAqE;IACrE,MAAM,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC1D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACrE,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,IAAI;gBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;;gBAC5C,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;QAClC,IAAI,EAAE,GAAG,EAAE,CAAC,WAAW;QACvB,OAAO,EAAE,CAAC,aAAa,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE;KAClE,CAAC;AACJ,CAAC"}

package/dist/startApiServer.d.ts

@@ -0,0 +1,53 @@
+import { type IncomingMessage, type ServerResponse } from 'node:http';
+import type { SchemaContext } from '@kozou/core';
+import { type ApiHandlerDeps, type Queryable } from './handler.js';
+import { type AuthConfig } from './auth.js';
+/** A pooled client: a Queryable that can be returned to its pool. A
+ *  node-postgres `PoolClient` satisfies this. */
+export type PoolClient = Queryable & {
+    release(err?: boolean | Error): void;
+};
+/** A connection pool able to hand out dedicated clients. A `pg.Pool` fits. */
+export type ConnectionPool = {
+    connect(): Promise<PoolClient>;
+};
+export type StartApiServerOptions = {
+    /** Introspected schema that drives routing + the identifier allowlist. */
+    schema: SchemaContext;
+    /** Open connection (a `pg.Pool` is the expected caller-owned value). */
+    db: Queryable;
+    /** Required when `auth` is set: source of dedicated clients for the
+     *  per-request transaction that carries the role + claims. A `pg.Pool` fits. */
+    pool?: ConnectionPool;
+    /** Opt-in JWT verification + RLS enforcement. Omit for zero-auth behavior. */
+    auth?: AuthConfig;
+    /** TCP port to listen on. Default: 3335 (3333 = UI, 3334 = MCP HTTP). */
+    port?: number;
+    /** Host/interface to bind. Default: 127.0.0.1 (loopback only). */
+    host?: string;
+    /** Version string advertised in `GET /`. */
+    version?: string;
+    /** Prefix used in stderr log lines. Default: '[@kozou/api]'. */
+    logPrefix?: string;
+};
+export type ApiServerHandle = {
+    /** The actual bound port (resolves an ephemeral `0` to the real port). */
+    port: number;
+    /** The host the server is bound to. */
+    host: string;
+    /** Stop accepting connections and resolve once the server has closed. */
+    close: () => Promise<void>;
+};
+export declare function isLoopbackHost(host: string): boolean;
+/**
+ * Build a node:http request listener over the framework-agnostic handler.
+ * Exposed separately so it can be mounted by an embedding server or driven
+ * directly in tests.
+ */
+export declare function createApiRequestListener(deps: ApiHandlerDeps): (req: IncomingMessage, res: ServerResponse) => void;
+/**
+ * Start the REST API over node:http, bound to the given schema + db.
+ * Resolves once the server is listening.
+ */
+export declare function startApiServer(opts: StartApiServerOptions): Promise<ApiServerHandle>;
+//# sourceMappingURL=startApiServer.d.ts.map

package/dist/startApiServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startApiServer.d.ts","sourceRoot":"","sources":["../src/startApiServer.ts"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,eAAe,EAEpB,KAAK,cAAc,EACpB,MAAM,WAAW,CAAC;AAGnB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,OAAO,EAEL,KAAK,cAAc,EAEnB,KAAK,SAAS,EACf,MAAM,cAAc,CAAC;AAItB,OAAO,EAAuB,KAAK,UAAU,EAAsB,MAAM,WAAW,CAAC;AAErF;iDACiD;AACjD,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG;IAAE,OAAO,CAAC,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,GAAG,IAAI,CAAA;CAAE,CAAC;AAE9E,8EAA8E;AAC9E,MAAM,MAAM,cAAc,GAAG;IAAE,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,CAAA;CAAE,CAAC;AAEhE,MAAM,MAAM,qBAAqB,GAAG;IAClC,0EAA0E;IAC1E,MAAM,EAAE,aAAa,CAAC;IACtB,wEAAwE;IACxE,EAAE,EAAE,SAAS,CAAC;IACd;oFACgF;IAChF,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,8EAA8E;IAC9E,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,yEAAyE;IACzE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kEAAkE;IAClE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,yEAAyE;IACzE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B,CAAC;AAOF,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEpD;AAkBD;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,cAAc,GACnB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,KAAK,IAAI,CAOrD;AAkHD;;;GAGG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,eAAe,CAAC,CAmD1F"}

package/dist/startApiServer.js

@@ -0,0 +1,210 @@
+// node:http wiring for the Kozou REST layer. Mirrors @kozou/mcp's
+// startHttpServer: a thin request listener over the framework-agnostic
+// handler, bound to loopback by default with a loud warning when bound to
+// a non-loopback host (Kozou v0.1 spec §18.5 — the v0.2 API has no auth).
+import { createServer, } from 'node:http';
+import { errorBody, KozouApiError } from './errors.js';
+import { handleApiRequest, } from './handler.js';
+import { buildResourceLookup } from './schema-lookup.js';
+import { buildOpenApiDocument } from './openapi.js';
+import { quoteIdent } from './ident.js';
+import { createAuthenticator } from './auth.js';
+const DEFAULT_PORT = 3335;
+const DEFAULT_HOST = '127.0.0.1';
+const LOOPBACK_HOSTS = new Set(['127.0.0.1', '::1', 'localhost', '::ffff:127.0.0.1']);
+export function isLoopbackHost(host) {
+    return LOOPBACK_HOSTS.has(host);
+}
+function nonLoopbackWarning(host, prefix, authed) {
+    if (authed) {
+        return (`${prefix} NOTE: REST API bound to non-loopback host "${host}".\n` +
+            `${prefix} JWT auth is enabled; terminate TLS in front of it so tokens\n` +
+            `${prefix} are never sent in clear text.\n`);
+    }
+    return (`${prefix} WARNING: REST API bound to non-loopback host "${host}".\n` +
+        `${prefix} This API has NO authentication configured (Kozou v0.1 spec §18.5).\n` +
+        `${prefix} Anyone who can reach ${host} can read and write this database.\n` +
+        `${prefix} Bind to 127.0.0.1 (the default) or configure JWT auth.\n`);
+}
+/**
+ * Build a node:http request listener over the framework-agnostic handler.
+ * Exposed separately so it can be mounted by an embedding server or driven
+ * directly in tests.
+ */
+export function createApiRequestListener(deps) {
+    return (req, res) => {
+        dispatch(deps, req, res).catch((err) => {
+            const message = err instanceof Error ? err.message : String(err);
+            respondJson(res, 500, errorBody('internal', message));
+        });
+    };
+}
+async function buildHttpRequest(req) {
+    const url = new URL(req.url ?? '/', 'http://localhost');
+    const segments = url.pathname
+        .split('/')
+        .filter((s) => s.length > 0)
+        .map((s) => safeDecode(s));
+    const body = await readJsonBody(req);
+    return {
+        method: req.method ?? 'GET',
+        segments,
+        query: url.searchParams,
+        body,
+        headers: req.headers,
+    };
+}
+async function dispatch(deps, req, res) {
+    const result = await handleApiRequest(deps, await buildHttpRequest(req));
+    respondJson(res, result.status, result.body);
+}
+/**
+ * Authenticated dispatch: verify the JWT, then run the request inside a
+ * transaction on a dedicated client under `SET LOCAL ROLE` with the claims
+ * published so the database's row-level-security policies apply.
+ */
+async function dispatchAuthed(base, authenticator, pool, req, res) {
+    let auth;
+    try {
+        auth = await authenticator.authenticate(singleHeader(req.headers, 'authorization'));
+    }
+    catch (err) {
+        // Reject before acquiring a connection (no leak on 401 / 403).
+        respondError(res, err);
+        return;
+    }
+    const httpReq = await buildHttpRequest(req);
+    const client = await pool.connect();
+    try {
+        await client.query('BEGIN');
+        try {
+            // Role is an identifier (no bound-parameter form); quote it. The role is
+            // additionally constrained by the auth allowlist.
+            await client.query(`SET LOCAL ROLE ${quoteIdent(auth.role)}`);
+        }
+        catch {
+            throw new Error('Could not assume the requested role.');
+        }
+        // Claims are a value: bound parameter, never interpolated into SQL.
+        await client.query('SELECT set_config($1, $2, true)', [
+            authenticator.claimsGuc,
+            JSON.stringify(auth.claims),
+        ]);
+        // The client is a Queryable; routing runs every query on it, inside this
+        // transaction, so the role + claims apply.
+        const deps = { ...base, db: client };
+        const result = await handleApiRequest(deps, httpReq);
+        await client.query('COMMIT');
+        respondJson(res, result.status, result.body);
+    }
+    catch (err) {
+        try {
+            await client.query('ROLLBACK');
+        }
+        catch {
+            // The connection may already be in a failed state; nothing to do.
+        }
+        respondError(res, err);
+    }
+    finally {
+        client.release();
+    }
+}
+function singleHeader(headers, name) {
+    const value = headers[name];
+    return Array.isArray(value) ? value[0] : value;
+}
+function respondError(res, err) {
+    if (err instanceof KozouApiError) {
+        respondJson(res, err.status, errorBody(err.code, err.message));
+        return;
+    }
+    // Never expose internal error detail (which can carry stack or database
+    // information) to the client: log it server-side, return a generic message.
+    const detail = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`[@kozou/api] request failed: ${detail}\n`);
+    respondJson(res, 500, errorBody('internal', 'Internal server error.'));
+}
+async function readJsonBody(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(chunk);
+    }
+    if (chunks.length === 0)
+        return undefined;
+    const raw = Buffer.concat(chunks).toString('utf8');
+    if (raw.length === 0)
+        return undefined;
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Start the REST API over node:http, bound to the given schema + db.
+ * Resolves once the server is listening.
+ */
+export async function startApiServer(opts) {
+    const prefix = opts.logPrefix ?? '[@kozou/api]';
+    const host = opts.host ?? DEFAULT_HOST;
+    const port = opts.port ?? DEFAULT_PORT;
+    const authenticator = opts.auth ? createAuthenticator(opts.auth) : undefined;
+    if (authenticator !== undefined && opts.pool === undefined) {
+        throw new Error(`${prefix} auth requires a "pool" (e.g. a pg.Pool) to run each request under SET LOCAL ROLE.`);
+    }
+    if (!isLoopbackHost(host)) {
+        process.stderr.write(nonLoopbackWarning(host, prefix, authenticator !== undefined));
+    }
+    const base = {
+        db: opts.db,
+        lookup: buildResourceLookup(opts.schema),
+        version: opts.version,
+        openapi: buildOpenApiDocument(opts.schema, { version: opts.version }),
+    };
+    const pool = opts.pool;
+    const listener = authenticator !== undefined && pool !== undefined
+        ? (req, res) => {
+            dispatchAuthed(base, authenticator, pool, req, res).catch((err) => respondError(res, err));
+        }
+        : createApiRequestListener(base);
+    const httpServer = createServer(listener);
+    await new Promise((resolve, reject) => {
+        const onError = (err) => reject(err);
+        httpServer.once('error', onError);
+        httpServer.listen(port, host, () => {
+            httpServer.removeListener('error', onError);
+            resolve();
+        });
+    });
+    const boundPort = httpServer.address().port;
+    process.stderr.write(`${prefix} REST API listening on http://${host}:${boundPort}\n`);
+    return {
+        port: boundPort,
+        host,
+        close: () => closeServer(httpServer),
+    };
+}
+function safeDecode(segment) {
+    try {
+        return decodeURIComponent(segment);
+    }
+    catch {
+        return segment;
+    }
+}
+function respondJson(res, status, body) {
+    if (res.headersSent) {
+        res.end();
+        return;
+    }
+    res.writeHead(status, { 'content-type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function closeServer(httpServer) {
+    return new Promise((resolve, reject) => {
+        httpServer.close((err) => (err ? reject(err) : resolve()));
+    });
+}
+//# sourceMappingURL=startApiServer.js.map

package/dist/startApiServer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"startApiServer.js","sourceRoot":"","sources":["../src/startApiServer.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,uEAAuE;AACvE,0EAA0E;AAC1E,0EAA0E;AAE1E,OAAO,EACL,YAAY,GAIb,MAAM,WAAW,CAAC;AAKnB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EACL,gBAAgB,GAIjB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAuC,MAAM,WAAW,CAAC;AAsCrF,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,YAAY,GAAG,WAAW,CAAC;AAEjC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAEtF,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,MAAc,EAAE,MAAe;IACvE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CACL,GAAG,MAAM,+CAA+C,IAAI,MAAM;YAClE,GAAG,MAAM,gEAAgE;YACzE,GAAG,MAAM,kCAAkC,CAC5C,CAAC;IACJ,CAAC;IACD,OAAO,CACL,GAAG,MAAM,kDAAkD,IAAI,MAAM;QACrE,GAAG,MAAM,uEAAuE;QAChF,GAAG,MAAM,yBAAyB,IAAI,sCAAsC;QAC5E,GAAG,MAAM,2DAA2D,CACrE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAoB;IAEpB,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAClB,QAAQ,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YAC9C,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,GAAoB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ;SAC1B,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;SAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,KAAK;QAC3B,QAAQ;QACR,KAAK,EAAE,GAAG,CAAC,YAAY;QACvB,IAAI;QACJ,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,IAAoB,EACpB,GAAoB,EACpB,GAAmB;IAEnB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IACzE,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,cAAc,CAC3B,IAAoB,EACpB,aAA4B,EAC5B,IAAoB,EACpB,GAAoB,EACpB,GAAmB;IAEnB,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;IACtF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,+DAA+D;QAC/D,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACvB,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,CAAC;YACH,yEAAyE;YACzE,kDAAkD;YAClD,MAAM,MAAM,CAAC,KAAK,CAAC,kBAAkB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,oEAAoE;QACpE,MAAM,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE;YACpD,aAAa,CAAC,SAAS;YACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;SAC5B,CAAC,CAAC;QACH,yEAAyE;QACzE,2CAA2C;QAC3C,MAAM,IAAI,GAAmB,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC7B,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;QACD,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,OAAmC,EAAE,IAAY;IACrE,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACjD,CAAC;AAED,SAAS,YAAY,CAAC,GAAmB,EAAE,GAAY;IACrD,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IACD,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,MAAM,IAAI,CAAC,CAAC;IACjE,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,GAAoB;IAC9C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAA2B;IAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC;IAChD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IAEvC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7E,IAAI,aAAa,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,oFAAoF,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,IAAI,GAAmB;QAC3B,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC;QACxC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;KACtE,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACvB,MAAM,QAAQ,GACZ,aAAa,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS;QAC/C,CAAC,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAQ,EAAE;YAClD,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CACzE,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CACvB,CAAC;QACJ,CAAC;QACH,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE1C,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,OAAO,GAAG,CAAC,GAAU,EAAQ,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YACjC,UAAU,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAI,UAAU,CAAC,OAAO,EAAkB,CAAC,IAAI,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,iCAAiC,IAAI,IAAI,SAAS,IAAI,CAAC,CAAC;IAEtF,OAAO;QACL,IAAI,EAAE,SAAS;QACf,IAAI;QACJ,KAAK,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IACrE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QACpB,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,UAAsB;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -1,7 +1,47 @@
 {
   "name": "@kozou/api",
-  "version": "0.0.1",
-  "description": "Placeholder; the experimental 0.2.1 release lands via CI shortly.",
+  "version": "1.0.0",
+  "description": "Kozou's own REST layer: serves table CRUD / VIEW reads / OpenAPI from a SchemaContext.",
   "license": "Apache-2.0",
-  "publishConfig": { "access": "public" }
-}
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kozou-dev/kozou.git",
+    "directory": "packages/api"
+  },
+  "homepage": "https://kozou.org",
+  "bugs": {
+    "url": "https://github.com/kozou-dev/kozou/issues"
+  },
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "dependencies": {
+    "jose": "^6.2.3",
+    "pg": "^8.13.0",
+    "@kozou/core": "1.0.0"
+  },
+  "devDependencies": {
+    "@types/pg": "^8.11.0",
+    "@kozou/test-utils": "0.0.0",
+    "@kozou/introspect": "1.0.0"
+  },
+  "scripts": {
+    "typecheck": "tsc -p tsconfig.test.json",
+    "build": "tsc",
+    "test": "vitest run --coverage"
+  }
+}