@mesob/ai-hono 0.5.0

package/dist/index.js

@@ -0,0 +1,834 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/db/index.ts
+import { drizzle } from "drizzle-orm/node-postgres";
+import { Pool } from "pg";
+
+// src/db/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  accountChangesInIam: () => accountChangesInIam,
+  accountsInIam: () => accountsInIam,
+  ai: () => ai,
+  cvInAi: () => cvInAi,
+  domainsInIam: () => domainsInIam,
+  iam: () => iam,
+  permissionsInIam: () => permissionsInIam,
+  promptInAi: () => promptInAi,
+  promptSystemInAi: () => promptSystemInAi,
+  rolePermissionsInIam: () => rolePermissionsInIam,
+  rolesInIam: () => rolesInIam,
+  sessionsInIam: () => sessionsInIam,
+  tenantsInIam: () => tenantsInIam,
+  userRolesInIam: () => userRolesInIam,
+  usersInIam: () => usersInIam,
+  verificationsInIam: () => verificationsInIam
+});
+import { pgSchema, index, foreignKey, pgPolicy, check, uuid, varchar, timestamp, text, smallint, unique, inet, jsonb, boolean, uniqueIndex, vector } from "drizzle-orm/pg-core";
+import { sql } from "drizzle-orm";
+var iam = pgSchema("iam");
+var ai = pgSchema("ai");
+var verificationsInIam = iam.table("verifications", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  userId: uuid("user_id").notNull(),
+  code: text().notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  type: text(),
+  attempt: smallint().default(0),
+  to: text()
+}, (table) => [
+  index("verifications_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("verifications_lookup_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("text_ops"), table.type.asc().nullsLast().op("uuid_ops"), table.to.asc().nullsLast().op("text_ops"), table.code.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "verifications_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "verifications_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("verifications_attempt_nonnegative_check", sql`attempt >= 0`),
+  check("verifications_expires_after_created_check", sql`expires_at > created_at`)
+]);
+var sessionsInIam = iam.table("sessions", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  userId: uuid("user_id").notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  userAgent: text("user_agent"),
+  ip: inet(),
+  meta: jsonb(),
+  token: text().notNull(),
+  rotatedAt: timestamp("rotated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`)
+}, (table) => [
+  index("sessions_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("sessions_tenant_user_idx").using("btree", table.tenantId.asc().nullsLast().op("uuid_ops"), table.userId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "sessions_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "sessions_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("sessions_token_key").on(table.token),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("sessions_expires_after_created_check", sql`expires_at > created_at`)
+]);
+var accountChangesInIam = iam.table("account_changes", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  changeType: text("change_type").notNull(),
+  oldEmail: varchar("old_email"),
+  newEmail: varchar("new_email"),
+  oldPhone: text("old_phone"),
+  newPhone: text("new_phone"),
+  status: varchar().notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  confirmedAt: timestamp("confirmed_at", { withTimezone: true, mode: "string" }),
+  cancelledAt: timestamp("cancelled_at", { withTimezone: true, mode: "string" }),
+  reason: text()
+}, (table) => [
+  index("account_changes_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("account_changes_tenant_user_status_idx").using("btree", table.tenantId.asc().nullsLast().op("uuid_ops"), table.userId.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("uuid_ops")),
+  index("idx_account_changes_expired").using("btree", table.expiresAt.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")).where(sql`((status)::text = 'pending'::text)`),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "account_changes_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "account_changes_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("account_changes_expires_after_created_check", sql`expires_at > created_at`),
+  check("account_changes_change_type_check", sql`((change_type = 'EMAIL'::text) AND (old_email IS NOT NULL) AND (new_email IS NOT NULL) AND (old_phone IS NULL) AND (new_phone IS NULL)) OR ((change_type = 'PHONE'::text) AND (old_phone IS NOT NULL) AND (new_phone IS NOT NULL) AND (old_email IS NULL) AND (new_email IS NULL))`),
+  check("account_changes_status_check", sql`(status)::text = ANY (ARRAY[('PENDING'::character varying)::text, ('APPLIED'::character varying)::text, ('CANCELLED'::character varying)::text, ('EXPIRED'::character varying)::text])`)
+]);
+var tenantsInIam = iam.table("tenants", {
+  id: varchar({ length: 30 }).primaryKey().notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  name: jsonb().notNull(),
+  description: jsonb(),
+  theme: jsonb(),
+  supportedLanguages: jsonb("supported_languages"),
+  defaultLanguage: text("default_language"),
+  supportedCurrency: jsonb("supported_currency"),
+  defaultCurrency: text("default_currency"),
+  timezone: text(),
+  isActive: boolean("is_active").default(true).notNull(),
+  locale: jsonb(),
+  settings: jsonb(),
+  seo: jsonb()
+}, (table) => [
+  index("tenants_is_active_idx").using("btree", table.isActive.asc().nullsLast().op("bool_ops"))
+]);
+var rolePermissionsInIam = iam.table("role_permissions", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  permissionId: text("permission_id").notNull(),
+  roleId: uuid("role_id").notNull()
+}, (table) => [
+  index("idx_role_permissions_permission_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.permissionId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "role_permissions_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.permissionId],
+    foreignColumns: [permissionsInIam.id],
+    name: "role_permissions_permission_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.tenantId, table.roleId],
+    foreignColumns: [rolesInIam.tenantId, rolesInIam.id],
+    name: "role_permissions_tenant_role_fkey"
+  }).onDelete("cascade"),
+  unique("role_permissions_tenant_role_permission_unique").on(table.tenantId, table.permissionId, table.roleId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var permissionsInIam = iam.table("permissions", {
+  id: text().primaryKey().notNull(),
+  description: jsonb().notNull(),
+  activity: text().notNull(),
+  application: text().notNull(),
+  feature: text().notNull()
+}, (table) => [
+  unique("permissions_activity_application_feature_key").on(table.activity, table.application, table.feature)
+]);
+var accountsInIam = iam.table("accounts", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  provider: text().notNull(),
+  providerAccountId: text("provider_account_id").notNull(),
+  password: text(),
+  passwordLastChangedAt: timestamp("password_last_changed_at", { withTimezone: true, mode: "string" }),
+  idToken: text("id_token"),
+  accessToken: text("access_token"),
+  accessTokenExpiresAt: timestamp("access_token_expires_at", { withTimezone: true, mode: "string" }),
+  refreshToken: text("refresh_token"),
+  refreshTokenExpiresAt: timestamp("refresh_token_expires_at", { withTimezone: true, mode: "string" }),
+  scope: text(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }),
+  meta: jsonb()
+}, (table) => [
+  index("idx_accounts_provider_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.provider.asc().nullsLast().op("text_ops"), table.providerAccountId.asc().nullsLast().op("text_ops")),
+  index("idx_accounts_user_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "accounts_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "accounts_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("accounts_tenant_provider_account_unique").on(table.tenantId, table.provider, table.providerAccountId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var usersInIam = iam.table("users", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  fullName: text("full_name").notNull(),
+  image: text(),
+  phone: text(),
+  email: text(),
+  handle: text().notNull(),
+  emailVerified: boolean("email_verified").default(false).notNull(),
+  phoneVerified: boolean("phone_verified").default(false).notNull(),
+  bannedUntil: timestamp("banned_until", { withTimezone: true, mode: "string" }),
+  lastSignInAt: timestamp("last_sign_in_at", { withTimezone: true, mode: "string" }),
+  loginAttempt: smallint("login_attempt").default(0).notNull(),
+  userType: text("user_type").array().default(["RAY"]).notNull()
+}, (table) => [
+  index("idx_users_auth_lookup").using("btree", table.tenantId.asc().nullsLast().op("bool_ops"), table.email.asc().nullsLast().op("bool_ops"), table.id.asc().nullsLast().op("timestamptz_ops"), table.emailVerified.asc().nullsLast().op("timestamptz_ops"), table.bannedUntil.asc().nullsLast().op("uuid_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_email_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.email.asc().nullsLast().op("text_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_handle_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.handle.asc().nullsLast().op("text_ops")),
+  index("idx_users_phone_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.phone.asc().nullsLast().op("text_ops")).where(sql`(phone IS NOT NULL)`),
+  index("idx_users_tenant_email_unique").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.email.asc().nullsLast().op("text_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_tenant_is_admin").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['admin'::text])`),
+  index("idx_users_tenant_is_candidate").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['candidate'::text])`),
+  index("idx_users_tenant_is_employee").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['employee'::text])`),
+  index("idx_users_user_types_gin").using("gin", table.userType.asc().nullsLast().op("array_ops")),
+  uniqueIndex("users_tenant_lower_email_idx").using("btree", sql`tenant_id`, sql`lower(email)`),
+  uniqueIndex("users_tenant_lower_handle_idx").using("btree", sql`tenant_id`, sql`lower(handle)`),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "users_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("users_tenant_phone_key").on(table.tenantId, table.phone),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("users_login_attempt_nonnegative_check", sql`login_attempt >= 0`),
+  check("users_contact_required_check", sql`(email IS NOT NULL) OR (phone IS NOT NULL)`),
+  check("users_user_type_check", sql`user_type <@ ARRAY['candidate'::text, 'employee'::text, 'admin'::text]`)
+]);
+var rolesInIam = iam.table("roles", {
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  name: jsonb().notNull(),
+  description: jsonb().notNull(),
+  code: text().notNull(),
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  isSystem: boolean("is_system").default(false).notNull(),
+  isEditable: boolean("is_editable").default(true).notNull(),
+  isDeletable: boolean("is_deletable").default(true).notNull()
+}, (table) => [
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "roles_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("roles_tenant_code_unique").on(table.tenantId, table.code),
+  unique("roles_tenant_id_unique").on(table.tenantId, table.id),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var promptInAi = ai.table("prompt", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  meta: jsonb(),
+  code: text().notNull(),
+  name: jsonb().notNull(),
+  instruction: text()
+}, (table) => [
+  index("ix_ai_prompt_tenant_created").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.createdAt.desc().nullsFirst().op("timestamptz_ops")),
+  index("ix_ai_prompt_tenant_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "fk_ai_prompt_tenant"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("uq_ai_prompt_tenant_code").on(table.tenantId, table.code),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var promptSystemInAi = ai.table("prompt_system", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  meta: jsonb(),
+  code: text().notNull(),
+  name: jsonb().notNull(),
+  instruction: text()
+}, (table) => [
+  index("ix_ai_prompt_system_code").using("btree", table.code.asc().nullsLast().op("text_ops")),
+  unique("uq_ai_prompt_system_code").on(table.code)
+]);
+var cvInAi = ai.table("cv", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  meta: jsonb(),
+  userId: uuid("user_id").notNull(),
+  model: text(),
+  content: text(),
+  embedding: vector({ dimensions: 1536 }),
+  metadata: jsonb()
+}, (table) => [
+  index("ix_ai_cv_embedding_cosine").using("hnsw", table.embedding.asc().nullsLast().op("vector_cosine_ops")).with({ m: "16", ef_construction: "64" }),
+  index("ix_ai_cv_tenant_created").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.createdAt.desc().nullsFirst().op("timestamptz_ops")),
+  index("ix_ai_cv_tenant_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops")),
+  index("ix_ai_cv_tenant_user").using("btree", table.tenantId.asc().nullsLast().op("uuid_ops"), table.userId.asc().nullsLast().op("uuid_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "fk_ai_cv_tenant"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "fk_ai_cv_user"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var userRolesInIam = iam.table("user_roles", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  roleId: uuid("role_id").notNull()
+}, (table) => [
+  index("idx_user_roles_tenant_user").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("uuid_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "user_roles_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "user_roles_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.tenantId, table.roleId],
+    foreignColumns: [rolesInIam.tenantId, rolesInIam.id],
+    name: "user_roles_tenant_role_fkey"
+  }).onDelete("cascade"),
+  unique("user_roles_tenant_user_role_unique").on(table.tenantId, table.userId, table.roleId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var domainsInIam = iam.table("domains", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  domain: text().notNull(),
+  status: text().default("pending").notNull(),
+  meta: jsonb(),
+  isPrimary: boolean("is_primary").default(false).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  app: text()
+}, (table) => [
+  uniqueIndex("domains_domain_unique_idx").using("btree", sql`lower(domain)`),
+  uniqueIndex("domains_primary_per_tenant_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(is_primary = true)`),
+  index("domains_tenant_status_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")),
+  index("idx_domains_tenant_domain_status").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.domain.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "domains_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("domains_domain_format_check", sql`domain ~ '^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)+$'::text`),
+  check("domains_status_check", sql`status = ANY (ARRAY['PENDING'::text, 'ACTIVE'::text, 'DISABLED'::text, 'DELETED'::text])`)
+]);
+
+// src/db/index.ts
+var schemaConfig = { schema: { ...schema_exports } };
+var createDatabase = (connectionString) => {
+  const pool = new Pool({ connectionString });
+  return drizzle({ client: pool, ...schemaConfig });
+};
+
+// src/handler.ts
+import { OpenAPIHono as OpenAPIHono3 } from "@hono/zod-openapi";
+
+// src/routes/index.ts
+import { OpenAPIHono as OpenAPIHono2 } from "@hono/zod-openapi";
+
+// src/routes/ai-form/ai-form.route.ts
+import { createRoute, OpenAPIHono } from "@hono/zod-openapi";
+
+// src/routes/ai.schema.ts
+import { z } from "zod";
+var messageSchema = z.object({
+  message: z.string()
+});
+var aiErrorResponseSchema = z.object({
+  ok: z.literal(false),
+  error: z.object({
+    code: z.enum([
+      "INVALID_JSON",
+      "INVALID_REQUEST",
+      "INVALID_SCHEMA",
+      "INSUFFICIENT_INPUT",
+      "MODEL_NOT_CONFIGURED",
+      "GENERATION_FAILED"
+    ]),
+    message: z.string()
+  })
+});
+var jsonSchemaObjectSchema = z.object({
+  type: z.literal("object")
+}).passthrough();
+var aiFormRequestSchema = z.object({
+  prompt: z.string().min(1),
+  code: z.string().min(1),
+  /** App-supplied facts (user, locale, prior state); optional. */
+  context: z.string().max(1e5).optional(),
+  count: z.number().int().min(1).max(100).optional(),
+  schema: jsonSchemaObjectSchema
+});
+var aiFormRequestOpenApiSchema = z.object({
+  prompt: z.string().min(1),
+  code: z.string().min(1),
+  context: z.string().max(1e5).optional(),
+  count: z.number().int().min(1).max(100).optional(),
+  schema: z.object({
+    type: z.literal("object"),
+    description: z.string().optional(),
+    additionalProperties: z.boolean().optional()
+  }).passthrough()
+});
+var aiFormSuccessSchema = z.object({
+  ok: z.literal(true),
+  data: z.unknown()
+});
+var aiFormResponseSchema = z.union([
+  aiFormSuccessSchema,
+  aiErrorResponseSchema
+]);
+
+// src/routes/ai-form/handler/ai-form.ts
+import { generateText, jsonSchema, Output } from "ai";
+
+// src/utils/detect-refusal-in-data.ts
+var REFUSAL_PHRASES = [
+  "does not provide enough information",
+  "does not contain enough",
+  "insufficient data",
+  "insufficient information",
+  "nonsensical",
+  "not enough information",
+  "placeholder",
+  "unable to extract",
+  "no meaningful",
+  "no profile information"
+];
+var PLACEHOLDER_EXACT = /* @__PURE__ */ new Set([
+  "unknown",
+  "n/a",
+  "na",
+  "tbd",
+  "none",
+  "null",
+  "undefined",
+  "not applicable",
+  "not available",
+  "unspecified"
+]);
+function stringLooksLikeRefusalOrPlaceholder(s) {
+  const low = s.toLowerCase();
+  if (REFUSAL_PHRASES.some((p) => low.includes(p))) {
+    return true;
+  }
+  const t = s.trim().toLowerCase();
+  return PLACEHOLDER_EXACT.has(t);
+}
+function refusalPhrasesInValues(data) {
+  const walk = (v) => {
+    if (typeof v === "string") {
+      return stringLooksLikeRefusalOrPlaceholder(v);
+    }
+    if (Array.isArray(v)) {
+      return v.some(walk);
+    }
+    if (v && typeof v === "object") {
+      return Object.values(v).some(walk);
+    }
+    return false;
+  };
+  return walk(data);
+}
+
+// src/utils/openai-model.ts
+import { createOpenAI } from "@ai-sdk/openai";
+var DEFAULT_OPENAI_MODEL = "gpt-5.4-mini";
+function resolveOpenAiModel(args) {
+  const apiKey = args.apiKey?.trim();
+  if (!apiKey) {
+    return {
+      success: false,
+      message: "OpenAI API key is not configured."
+    };
+  }
+  const modelId = args.model?.trim() || DEFAULT_OPENAI_MODEL;
+  const openai = createOpenAI({ apiKey });
+  return {
+    success: true,
+    model: openai(modelId)
+  };
+}
+
+// src/utils/status-code.ts
+var HTTP_STATUS_CODE = {
+  OK: 200,
+  BAD_REQUEST: 400,
+  UNPROCESSABLE_ENTITY: 422,
+  INTERNAL_SERVER_ERROR: 500
+};
+
+// src/utils/wrap-ai-form-output-schema.ts
+function wrapAiFormOutputSchema(userSchema, count) {
+  const { $schema: _schema, $id: _id, ...itemSchema } = userSchema;
+  const dataSchema = typeof count === "number" ? {
+    type: "array",
+    minItems: count,
+    maxItems: count,
+    items: itemSchema
+  } : itemSchema;
+  return {
+    type: "object",
+    additionalProperties: false,
+    properties: {
+      ok: { type: "boolean" },
+      data: {
+        anyOf: [dataSchema, { type: "null" }]
+      },
+      reason: { type: "string" }
+    },
+    required: ["ok", "data", "reason"]
+  };
+}
+
+// src/db/orm/prompt.ts
+import { eq } from "drizzle-orm";
+var fetchSystemPromptByCode = async ({
+  database,
+  code
+}) => {
+  const [prompt] = await database.select({
+    id: promptSystemInAi.id,
+    code: promptSystemInAi.code,
+    instruction: promptSystemInAi.instruction
+  }).from(promptSystemInAi).where(eq(promptSystemInAi.code, code)).limit(1);
+  return prompt || null;
+};
+
+// src/routes/ai-form/handler/load-system-prompt.ts
+async function loadSystemPrompt(args) {
+  if (!args.database) {
+    return {
+      systemPrompt: ""
+    };
+  }
+  try {
+    const prompt = await fetchSystemPromptByCode({
+      database: args.database,
+      code: args.code
+    });
+    return {
+      systemPrompt: prompt?.instruction?.trim() || ""
+    };
+  } catch (_error) {
+    return {
+      systemPrompt: ""
+    };
+  }
+}
+
+// src/routes/ai-form/handler/ai-form.ts
+function isWrappedFailure(out) {
+  return typeof out === "object" && out !== null && out.ok === false && typeof out.reason === "string";
+}
+function isWrappedSuccess(out) {
+  return typeof out === "object" && out !== null && out.ok === true && "data" in out;
+}
+var aiFormHandler = async (c) => {
+  let requestBody;
+  try {
+    requestBody = await c.req.json();
+  } catch {
+    return c.json(
+      {
+        ok: false,
+        error: {
+          code: "INVALID_JSON",
+          message: "Invalid JSON body."
+        }
+      },
+      HTTP_STATUS_CODE.BAD_REQUEST
+    );
+  }
+  const parsedBody = aiFormRequestSchema.safeParse(requestBody);
+  if (!parsedBody.success) {
+    return c.json(
+      {
+        ok: false,
+        error: {
+          code: "INVALID_REQUEST",
+          message: "prompt, code, and schema are required."
+        }
+      },
+      HTTP_STATUS_CODE.BAD_REQUEST
+    );
+  }
+  const body = parsedBody.data;
+  const config = c.get("config");
+  const database = c.get("database");
+  const modelResult = resolveOpenAiModel({
+    apiKey: config.apiKey,
+    model: config.model ?? DEFAULT_OPENAI_MODEL
+  });
+  if (!modelResult.success) {
+    return c.json(
+      {
+        ok: false,
+        error: {
+          code: "MODEL_NOT_CONFIGURED",
+          message: modelResult.message
+        }
+      },
+      HTTP_STATUS_CODE.INTERNAL_SERVER_ERROR
+    );
+  }
+  const outputSchema = jsonSchema(
+    wrapAiFormOutputSchema(body.schema, body.count)
+  );
+  const { systemPrompt } = await loadSystemPrompt({
+    database,
+    code: body.code
+  });
+  const ctx = body.context?.trim();
+  const prompt = [
+    systemPrompt ? `<SystemPrompt>
+${systemPrompt}
+</SystemPrompt>` : void 0,
+    ctx ? `<Context>
+${ctx}
+</Context>` : void 0,
+    "User request:<UserRequest>",
+    body.prompt.trim(),
+    "</UserRequest>",
+    [
+      "Respond with a JSON object matching the wrapper schema.",
+      "Always include ok, data, and reason keys.",
+      "If ok is true, set reason to empty string and set data to the generated value.",
+      typeof body.count === "number" ? `Generate exactly ${body.count} items in data array.` : void 0,
+      "If the user or context or system prompt text does not contain enough concrete facts to fill required fields with real values taken from their words, set ok to false, explain in reason, and set data to null.",
+      "Never use Unknown, N/A, placeholder strings, or fabricated values to satisfy the inner data schema."
+    ].join(" ")
+  ].filter(Boolean).join("\n\n");
+  try {
+    const result = await generateText({
+      model: modelResult.model,
+      prompt,
+      output: Output.object({
+        schema: outputSchema
+      })
+    });
+    const out = result.output;
+    if (isWrappedFailure(out)) {
+      return c.json(
+        {
+          ok: false,
+          error: {
+            code: "INSUFFICIENT_INPUT",
+            message: out.reason
+          }
+        },
+        HTTP_STATUS_CODE.UNPROCESSABLE_ENTITY
+      );
+    }
+    if (!isWrappedSuccess(out)) {
+      return c.json(
+        {
+          ok: false,
+          error: {
+            code: "GENERATION_FAILED",
+            message: "Unexpected model output shape."
+          }
+        },
+        HTTP_STATUS_CODE.INTERNAL_SERVER_ERROR
+      );
+    }
+    if (refusalPhrasesInValues(out.data)) {
+      return c.json(
+        {
+          ok: false,
+          error: {
+            code: "INSUFFICIENT_INPUT",
+            message: "Model output describes missing or nonsensical input instead of extracted data."
+          }
+        },
+        HTTP_STATUS_CODE.UNPROCESSABLE_ENTITY
+      );
+    }
+    return c.json(
+      {
+        ok: true,
+        data: out.data
+      },
+      HTTP_STATUS_CODE.OK
+    );
+  } catch (error) {
+    return c.json(
+      {
+        ok: false,
+        error: {
+          code: "GENERATION_FAILED",
+          message: error instanceof Error ? error.message : "Object generation failed."
+        }
+      },
+      HTTP_STATUS_CODE.INTERNAL_SERVER_ERROR
+    );
+  }
+};
+
+// src/routes/ai-form/ai-form.route.ts
+var aiFormRoute = createRoute({
+  method: "post",
+  path: "/ai-form",
+  tags: ["AI"],
+  summary: "Generate structured object from prompt and JSON schema",
+  request: {
+    body: {
+      content: {
+        "application/json": {
+          schema: aiFormRequestOpenApiSchema
+        }
+      }
+    }
+  },
+  responses: {
+    200: {
+      description: "Generated object",
+      content: {
+        "application/json": {
+          schema: aiFormResponseSchema
+        }
+      }
+    },
+    400: {
+      description: "Invalid request",
+      content: {
+        "application/json": {
+          schema: aiErrorResponseSchema
+        }
+      }
+    },
+    422: {
+      description: "Prompt does not yield extractable structured data",
+      content: {
+        "application/json": {
+          schema: aiErrorResponseSchema
+        }
+      }
+    },
+    500: {
+      description: "Generation failed",
+      content: {
+        "application/json": {
+          schema: aiErrorResponseSchema
+        }
+      }
+    }
+  }
+});
+var aiFormRoutes = new OpenAPIHono().openapi(
+  aiFormRoute,
+  aiFormHandler
+);
+var ai_form_route_default = aiFormRoutes;
+
+// src/routes/index.ts
+var routes = new OpenAPIHono2().route("/", ai_form_route_default);
+var routes_default = routes;
+
+// src/handler.ts
+var createAiMiddleware = ({ config, database }) => {
+  return async (c, next) => {
+    c.set("config", config);
+    c.set("database", database);
+    await next();
+  };
+};
+var createAiRoutes = (opts) => {
+  const app = new OpenAPIHono3();
+  app.use("*", createAiMiddleware(opts));
+  app.route("/", routes_default);
+  app.doc("/openapi.json", {
+    openapi: "3.0.0",
+    info: {
+      title: "Mesob AI API",
+      version: "0.4.7"
+    }
+  });
+  return app;
+};
+
+// src/index.ts
+var defaultConfig = {
+  model: "gpt-5.4-mini",
+  basePath: "/api/ai"
+};
+var createMesobAi = (config = {}) => {
+  const merged = { ...defaultConfig, ...config };
+  const database = merged.connectionString ? createDatabase(merged.connectionString) : void 0;
+  const routes2 = createAiRoutes({
+    config: merged,
+    database
+  });
+  return { routes: routes2, database };
+};
+export {
+  createDatabase,
+  createMesobAi
+};
+//# sourceMappingURL=index.js.map