@naisys/supervisor-database 3.0.0-beta.10

package/dist/dbConfig.js

@@ -0,0 +1,9 @@
+import { join } from "path";
+export function supervisorDbPath() {
+    return join(process.env.NAISYS_FOLDER || "", "database", "supervisor.db");
+}
+export function supervisorDbUrl() {
+    return "file:" + supervisorDbPath();
+}
+/** We run migration scripts if this is greater than what's in the schema_version table */
+export const SUPERVISOR_DB_VERSION = 8;

package/dist/generated/prisma/browser.js

@@ -0,0 +1,17 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file should be your main import to use Prisma-related types and utilities in a browser.
+ * Use it to get access to models, enums, and input types.
+ *
+ * This file does not contain a `PrismaClient` class, nor several other helpers that are intended as server-side only.
+ * See `client.ts` for the standard, server-side entry point.
+ *
+ * 🟢 You can import this file directly.
+ */
+import * as Prisma from './internal/prismaNamespaceBrowser.js';
+export { Prisma };
+export * as $Enums from './enums.js';
+export * from './enums.js';

package/dist/generated/prisma/client.js

@@ -0,0 +1,34 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file should be your main import to use Prisma. Through it you get access to all the models, enums, and input types.
+ * If you're looking for something you can import in the client-side of your application, please refer to the `browser.ts` file instead.
+ *
+ * 🟢 You can import this file directly.
+ */
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+globalThis['__dirname'] = path.dirname(fileURLToPath(import.meta.url));
+import * as $Class from "./internal/class.js";
+import * as Prisma from "./internal/prismaNamespace.js";
+export * as $Enums from './enums.js';
+export * from "./enums.js";
+/**
+ * ## Prisma Client
+ *
+ * Type-safe database client for TypeScript
+ * @example
+ * ```
+ * const prisma = new PrismaClient({
+ *   adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL })
+ * })
+ * // Fetch zero or more Users
+ * const users = await prisma.user.findMany()
+ * ```
+ *
+ * Read more in our [docs](https://pris.ly/d/client).
+ */
+export const PrismaClient = $Class.getPrismaClientClass();
+export { Prisma };

package/dist/generated/prisma/commonInputTypes.js

@@ -0,0 +1,10 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file exports various common sort, input & filter types that are not directly linked to a particular model.
+ *
+ * 🟢 You can import this file directly.
+ */
+export {};

package/dist/generated/prisma/enums.js

@@ -0,0 +1,18 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+* This file exports all enum related types from the schema.
+*
+* 🟢 You can import this file directly.
+*/
+export const Permission = {
+    supervisor_admin: 'supervisor_admin',
+    manage_agents: 'manage_agents',
+    manage_hosts: 'manage_hosts',
+    agent_communication: 'agent_communication',
+    manage_models: 'manage_models',
+    manage_variables: 'manage_variables',
+    view_run_logs: 'view_run_logs'
+};

package/dist/generated/prisma/internal/class.js

@@ -0,0 +1,49 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * WARNING: This is an internal file that is subject to change!
+ *
+ * 🛑 Under no circumstances should you import this file directly! 🛑
+ *
+ * Please import the `PrismaClient` class from the `client.ts` file instead.
+ */
+import * as runtime from "@prisma/client/runtime/client";
+const config = {
+    "previewFeatures": [],
+    "clientVersion": "7.6.0",
+    "engineVersion": "75cbdc1eb7150937890ad5465d861175c6624711",
+    "activeProvider": "sqlite",
+    "inlineSchema": "datasource db {\n  provider = \"sqlite\"\n}\n\ngenerator client {\n  provider = \"prisma-client\"\n  output   = \"../src/generated/prisma\"\n}\n\nenum Permission {\n  supervisor_admin\n  manage_agents\n  manage_hosts\n  agent_communication\n  manage_models\n  manage_variables\n  view_run_logs\n}\n\nmodel User {\n  id                 Int              @id @default(autoincrement())\n  username           String           @unique\n  uuid               String           @default(\"\")\n  isAgent            Boolean          @default(false) @map(\"is_agent\")\n  passwordHash       String           @default(\"\") @map(\"password_hash\")\n  createdAt          DateTime         @default(now()) @map(\"created_at\")\n  apiKey             String?          @unique @map(\"api_key\")\n  updatedAt          DateTime         @updatedAt @map(\"updated_at\")\n  permissions        UserPermission[] @relation(\"UserPermissions\")\n  grantedPermissions UserPermission[] @relation(\"GrantedByPermissions\")\n  sessions           Session[]\n\n  @@map(\"users\")\n}\n\nmodel Session {\n  id        Int      @id @default(autoincrement())\n  userId    Int      @map(\"user_id\")\n  tokenHash String   @unique @map(\"token_hash\")\n  expiresAt DateTime @map(\"expires_at\")\n  createdAt DateTime @default(now()) @map(\"created_at\")\n  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)\n\n  @@map(\"sessions\")\n}\n\nmodel UserPermission {\n  id            Int        @id @default(autoincrement())\n  userId        Int        @map(\"user_id\")\n  permission    Permission\n  grantedAt     DateTime   @default(now()) @map(\"granted_at\")\n  grantedBy     Int?       @map(\"granted_by\")\n  user          User       @relation(\"UserPermissions\", fields: [userId], references: [id], onDelete: Cascade)\n  grantedByUser User?      @relation(\"GrantedByPermissions\", fields: [grantedBy], references: [id])\n\n  @@unique([userId, permission])\n  @@map(\"user_permissions\")\n}\n\nmodel SchemaVersion {\n  id      Int    @id @default(1)\n  version Int\n  updated String\n\n  @@map(\"schema_version\")\n}\n",
+    "runtimeDataModel": {
+        "models": {},
+        "enums": {},
+        "types": {}
+    },
+    "parameterizationSchema": {
+        "strings": [],
+        "graph": ""
+    }
+};
+config.runtimeDataModel = JSON.parse("{\"models\":{\"User\":{\"fields\":[{\"name\":\"id\",\"kind\":\"scalar\",\"type\":\"Int\"},{\"name\":\"username\",\"kind\":\"scalar\",\"type\":\"String\"},{\"name\":\"uuid\",\"kind\":\"scalar\",\"type\":\"String\"},{\"name\":\"isAgent\",\"kind\":\"scalar\",\"type\":\"Boolean\",\"dbName\":\"is_agent\"},{\"name\":\"passwordHash\",\"kind\":\"scalar\",\"type\":\"String\",\"dbName\":\"password_hash\"},{\"name\":\"createdAt\",\"kind\":\"scalar\",\"type\":\"DateTime\",\"dbName\":\"created_at\"},{\"name\":\"apiKey\",\"kind\":\"scalar\",\"type\":\"String\",\"dbName\":\"api_key\"},{\"name\":\"updatedAt\",\"kind\":\"scalar\",\"type\":\"DateTime\",\"dbName\":\"updated_at\"},{\"name\":\"permissions\",\"kind\":\"object\",\"type\":\"UserPermission\",\"relationName\":\"UserPermissions\"},{\"name\":\"grantedPermissions\",\"kind\":\"object\",\"type\":\"UserPermission\",\"relationName\":\"GrantedByPermissions\"},{\"name\":\"sessions\",\"kind\":\"object\",\"type\":\"Session\",\"relationName\":\"SessionToUser\"}],\"dbName\":\"users\"},\"Session\":{\"fields\":[{\"name\":\"id\",\"kind\":\"scalar\",\"type\":\"Int\"},{\"name\":\"userId\",\"kind\":\"scalar\",\"type\":\"Int\",\"dbName\":\"user_id\"},{\"name\":\"tokenHash\",\"kind\":\"scalar\",\"type\":\"String\",\"dbName\":\"token_hash\"},{\"name\":\"expiresAt\",\"kind\":\"scalar\",\"type\":\"DateTime\",\"dbName\":\"expires_at\"},{\"name\":\"createdAt\",\"kind\":\"scalar\",\"type\":\"DateTime\",\"dbName\":\"created_at\"},{\"name\":\"user\",\"kind\":\"object\",\"type\":\"User\",\"relationName\":\"SessionToUser\"}],\"dbName\":\"sessions\"},\"UserPermission\":{\"fields\":[{\"name\":\"id\",\"kind\":\"scalar\",\"type\":\"Int\"},{\"name\":\"userId\",\"kind\":\"scalar\",\"type\":\"Int\",\"dbName\":\"user_id\"},{\"name\":\"permission\",\"kind\":\"enum\",\"type\":\"Permission\"},{\"name\":\"grantedAt\",\"kind\":\"scalar\",\"type\":\"DateTime\",\"dbName\":\"granted_at\"},{\"name\":\"grantedBy\",\"kind\":\"scalar\",\"type\":\"Int\",\"dbName\":\"granted_by\"},{\"name\":\"user\",\"kind\":\"object\",\"type\":\"User\",\"relationName\":\"UserPermissions\"},{\"name\":\"grantedByUser\",\"kind\":\"object\",\"type\":\"User\",\"relationName\":\"GrantedByPermissions\"}],\"dbName\":\"user_permissions\"},\"SchemaVersion\":{\"fields\":[{\"name\":\"id\",\"kind\":\"scalar\",\"type\":\"Int\"},{\"name\":\"version\",\"kind\":\"scalar\",\"type\":\"Int\"},{\"name\":\"updated\",\"kind\":\"scalar\",\"type\":\"String\"}],\"dbName\":\"schema_version\"}},\"enums\":{},\"types\":{}}");
+config.parameterizationSchema = {
+    strings: JSON.parse("[\"where\",\"orderBy\",\"cursor\",\"user\",\"grantedByUser\",\"permissions\",\"grantedPermissions\",\"sessions\",\"_count\",\"User.findUnique\",\"User.findUniqueOrThrow\",\"User.findFirst\",\"User.findFirstOrThrow\",\"User.findMany\",\"data\",\"User.createOne\",\"User.createMany\",\"User.createManyAndReturn\",\"User.updateOne\",\"User.updateMany\",\"User.updateManyAndReturn\",\"create\",\"update\",\"User.upsertOne\",\"User.deleteOne\",\"User.deleteMany\",\"having\",\"_avg\",\"_sum\",\"_min\",\"_max\",\"User.groupBy\",\"User.aggregate\",\"Session.findUnique\",\"Session.findUniqueOrThrow\",\"Session.findFirst\",\"Session.findFirstOrThrow\",\"Session.findMany\",\"Session.createOne\",\"Session.createMany\",\"Session.createManyAndReturn\",\"Session.updateOne\",\"Session.updateMany\",\"Session.updateManyAndReturn\",\"Session.upsertOne\",\"Session.deleteOne\",\"Session.deleteMany\",\"Session.groupBy\",\"Session.aggregate\",\"UserPermission.findUnique\",\"UserPermission.findUniqueOrThrow\",\"UserPermission.findFirst\",\"UserPermission.findFirstOrThrow\",\"UserPermission.findMany\",\"UserPermission.createOne\",\"UserPermission.createMany\",\"UserPermission.createManyAndReturn\",\"UserPermission.updateOne\",\"UserPermission.updateMany\",\"UserPermission.updateManyAndReturn\",\"UserPermission.upsertOne\",\"UserPermission.deleteOne\",\"UserPermission.deleteMany\",\"UserPermission.groupBy\",\"UserPermission.aggregate\",\"SchemaVersion.findUnique\",\"SchemaVersion.findUniqueOrThrow\",\"SchemaVersion.findFirst\",\"SchemaVersion.findFirstOrThrow\",\"SchemaVersion.findMany\",\"SchemaVersion.createOne\",\"SchemaVersion.createMany\",\"SchemaVersion.createManyAndReturn\",\"SchemaVersion.updateOne\",\"SchemaVersion.updateMany\",\"SchemaVersion.updateManyAndReturn\",\"SchemaVersion.upsertOne\",\"SchemaVersion.deleteOne\",\"SchemaVersion.deleteMany\",\"SchemaVersion.groupBy\",\"SchemaVersion.aggregate\",\"AND\",\"OR\",\"NOT\",\"id\",\"version\",\"updated\",\"equals\",\"in\",\"notIn\",\"lt\",\"lte\",\"gt\",\"gte\",\"contains\",\"startsWith\",\"endsWith\",\"not\",\"userId\",\"Permission\",\"permission\",\"grantedAt\",\"grantedBy\",\"tokenHash\",\"expiresAt\",\"createdAt\",\"username\",\"uuid\",\"isAgent\",\"passwordHash\",\"apiKey\",\"updatedAt\",\"every\",\"some\",\"none\",\"userId_permission\",\"is\",\"isNot\",\"connectOrCreate\",\"upsert\",\"createMany\",\"set\",\"disconnect\",\"delete\",\"connect\",\"updateMany\",\"deleteMany\",\"increment\",\"decrement\",\"multiply\",\"divide\"]"),
+    graph: "9gEqQA4FAACSAQAgBgAAkgEAIAcAAJMBACBRAACPAQAwUgAABwAQUwAAjwEAMFQCAAAAAWlAAI0BACFqAQAAAAFrAQB4ACFsIACQAQAhbQEAeAAhbgEAAAABb0AAjQEAIQEAAAABACAKAwAAjgEAIAQAAJgBACBRAACVAQAwUgAAAwAQUwAAlQEAMFQCAHcAIWICAHcAIWQAAJYBZCJlQACNAQAhZgIAlwEAIQMDAADkAQAgBAAA5AEAIGYAAKABACALAwAAjgEAIAQAAJgBACBRAACVAQAwUgAAAwAQUwAAlQEAMFQCAAAAAWICAHcAIWQAAJYBZCJlQACNAQAhZgIAlwEAIXMAAJQBACADAAAAAwAgAQAABAAwAgAABQAgDgUAAJIBACAGAACSAQAgBwAAkwEAIFEAAI8BADBSAAAHABBTAACPAQAwVAIAdwAhaUAAjQEAIWoBAHgAIWsBAHgAIWwgAJABACFtAQB4ACFuAQCRAQAhb0AAjQEAIQEAAAAHACADAAAAAwAgAQAABAAwAgAABQAgCQMAAI4BACBRAACMAQAwUgAACgAQUwAAjAEAMFQCAHcAIWICAHcAIWcBAHgAIWhAAI0BACFpQACNAQAhAQMAAOQBACAJAwAAjgEAIFEAAIwBADBSAAAKABBTAACMAQAwVAIAAAABYgIAdwAhZwEAAAABaEAAjQEAIWlAAI0BACEDAAAACgAgAQAACwAwAgAADAAgAQAAAAMAIAEAAAADACABAAAACgAgAQAAAAEAIAQFAADiAQAgBgAA4gEAIAcAAOMBACBuAACgAQAgAwAAAAcAIAEAABIAMAIAAAEAIAMAAAAHACABAAASADACAAABACADAAAABwAgAQAAEgAwAgAAAQAgCwUAAN8BACAGAADgAQAgBwAA4QEAIFQCAAAAAWlAAAAAAWoBAAAAAWsBAAAAAWwgAAAAAW0BAAAAAW4BAAAAAW9AAAAAAQEOAAAWACAIVAIAAAABaUAAAAABagEAAAABawEAAAABbCAAAAABbQEAAAABbgEAAAABb0AAAAABAQ4AABgAMAEOAAAYADALBQAAuwEAIAYAALwBACAHAAC9AQAgVAIAngEAIWlAAKcBACFqAQCfAQAhawEAnwEAIWwgALkBACFtAQCfAQAhbgEAugEAIW9AAKcBACECAAAAAQAgDgAAGwAgCFQCAJ4BACFpQACnAQAhagEAnwEAIWsBAJ8BACFsIAC5AQAhbQEAnwEAIW4BALoBACFvQACnAQAhAgAAAAcAIA4AAB0AIAIAAAAHACAOAAAdACADAAAAAQAgFQAAFgAgFgAAGwAgAQAAAAEAIAEAAAAHACAGCAAAtAEAIBsAALUBACAcAAC4AQAgHQAAtwEAIB4AALYBACBuAACgAQAgC1EAAIUBADBSAAAkABBTAACFAQAwVAIAbwAhaUAAewAhagEAcAAhawEAcAAhbCAAhgEAIW0BAHAAIW4BAIcBACFvQAB7ACEDAAAABwAgAQAAIwAwGgAAJAAgAwAAAAcAIAEAABIAMAIAAAEAIAEAAAAMACABAAAADAAgAwAAAAoAIAEAAAsAMAIAAAwAIAMAAAAKACABAAALADACAAAMACADAAAACgAgAQAACwAwAgAADAAgBgMAALMBACBUAgAAAAFiAgAAAAFnAQAAAAFoQAAAAAFpQAAAAAEBDgAALAAgBVQCAAAAAWICAAAAAWcBAAAAAWhAAAAAAWlAAAAAAQEOAAAuADABDgAALgAwBgMAALIBACBUAgCeAQAhYgIAngEAIWcBAJ8BACFoQACnAQAhaUAApwEAIQIAAAAMACAOAAAxACAFVAIAngEAIWICAJ4BACFnAQCfAQAhaEAApwEAIWlAAKcBACECAAAACgAgDgAAMwAgAgAAAAoAIA4AADMAIAMAAAAMACAVAAAsACAWAAAxACABAAAADAAgAQAAAAoAIAUIAACtAQAgGwAArgEAIBwAALEBACAdAACwAQAgHgAArwEAIAhRAACEAQAwUgAAOgAQUwAAhAEAMFQCAG8AIWICAG8AIWcBAHAAIWhAAHsAIWlAAHsAIQMAAAAKACABAAA5ADAaAAA6ACADAAAACgAgAQAACwAwAgAADAAgAQAAAAUAIAEAAAAFACADAAAAAwAgAQAABAAwAgAABQAgAwAAAAMAIAEAAAQAMAIAAAUAIAMAAAADACABAAAEADACAAAFACAHAwAAqwEAIAQAAKwBACBUAgAAAAFiAgAAAAFkAAAAZAJlQAAAAAFmAgAAAAEBDgAAQgAgBVQCAAAAAWICAAAAAWQAAABkAmVAAAAAAWYCAAAAAQEOAABEADABDgAARAAwAQAAAAcAIAcDAACpAQAgBAAAqgEAIFQCAJ4BACFiAgCeAQAhZAAApgFkImVAAKcBACFmAgCoAQAhAgAAAAUAIA4AAEgAIAVUAgCeAQAhYgIAngEAIWQAAKYBZCJlQACnAQAhZgIAqAEAIQIAAAADACAOAABKACACAAAAAwAgDgAASgAgAQAAAAcAIAMAAAAFACAVAABCACAWAABIACABAAAABQAgAQAAAAMAIAYIAAChAQAgGwAAogEAIBwAAKUBACAdAACkAQAgHgAAowEAIGYAAKABACAIUQAAeQAwUgAAUgAQUwAAeQAwVAIAbwAhYgIAbwAhZAAAemQiZUAAewAhZgIAfAAhAwAAAAMAIAEAAFEAMBoAAFIAIAMAAAADACABAAAEADACAAAFACAGUQAAdgAwUgAAWAAQUwAAdgAwVAIAAAABVQIAdwAhVgEAeAAhAQAAAFUAIAEAAABVACAGUQAAdgAwUgAAWAAQUwAAdgAwVAIAdwAhVQIAdwAhVgEAeAAhAAMAAABYACABAABZADACAABVACADAAAAWAAgAQAAWQAwAgAAVQAgAwAAAFgAIAEAAFkAMAIAAFUAIANUAgAAAAFVAgAAAAFWAQAAAAEBDgAAXQAgA1QCAAAAAVUCAAAAAVYBAAAAAQEOAABfADABDgAAXwAwA1QCAJ4BACFVAgCeAQAhVgEAnwEAIQIAAABVACAOAABiACADVAIAngEAIVUCAJ4BACFWAQCfAQAhAgAAAFgAIA4AAGQAIAIAAABYACAOAABkACADAAAAVQAgFQAAXQAgFgAAYgAgAQAAAFUAIAEAAABYACAFCAAAmQEAIBsAAJoBACAcAACdAQAgHQAAnAEAIB4AAJsBACAGUQAAbgAwUgAAawAQUwAAbgAwVAIAbwAhVQIAbwAhVgEAcAAhAwAAAFgAIAEAAGoAMBoAAGsAIAMAAABYACABAABZADACAABVACAGUQAAbgAwUgAAawAQUwAAbgAwVAIAbwAhVQIAbwAhVgEAcAAhDQgAAHIAIBsAAHUAIBwAAHIAIB0AAHIAIB4AAHIAIFcCAAAAAVgCAAAABFkCAAAABFoCAAAAAVsCAAAAAVwCAAAAAV0CAAAAAWECAHQAIQ4IAAByACAdAABzACAeAABzACBXAQAAAAFYAQAAAARZAQAAAARaAQAAAAFbAQAAAAFcAQAAAAFdAQAAAAFeAQAAAAFfAQAAAAFgAQAAAAFhAQBxACEOCAAAcgAgHQAAcwAgHgAAcwAgVwEAAAABWAEAAAAEWQEAAAAEWgEAAAABWwEAAAABXAEAAAABXQEAAAABXgEAAAABXwEAAAABYAEAAAABYQEAcQAhCFcCAAAAAVgCAAAABFkCAAAABFoCAAAAAVsCAAAAAVwCAAAAAV0CAAAAAWECAHIAIQtXAQAAAAFYAQAAAARZAQAAAARaAQAAAAFbAQAAAAFcAQAAAAFdAQAAAAFeAQAAAAFfAQAAAAFgAQAAAAFhAQBzACENCAAAcgAgGwAAdQAgHAAAcgAgHQAAcgAgHgAAcgAgVwIAAAABWAIAAAAEWQIAAAAEWgIAAAABWwIAAAABXAIAAAABXQIAAAABYQIAdAAhCFcIAAAAAVgIAAAABFkIAAAABFoIAAAAAVsIAAAAAVwIAAAAAV0IAAAAAWEIAHUAIQZRAAB2ADBSAABYABBTAAB2ADBUAgB3ACFVAgB3ACFWAQB4ACEIVwIAAAABWAIAAAAEWQIAAAAEWgIAAAABWwIAAAABXAIAAAABXQIAAAABYQIAcgAhC1cBAAAAAVgBAAAABFkBAAAABFoBAAAAAVsBAAAAAVwBAAAAAV0BAAAAAV4BAAAAAV8BAAAAAWABAAAAAWEBAHMAIQhRAAB5ADBSAABSABBTAAB5ADBUAgBvACFiAgBvACFkAAB6ZCJlQAB7ACFmAgB8ACEHCAAAcgAgHQAAgwEAIB4AAIMBACBXAAAAZAJYAAAAZAhZAAAAZAhhAACCAWQiCwgAAHIAIB0AAIEBACAeAACBAQAgV0AAAAABWEAAAAAEWUAAAAAEWkAAAAABW0AAAAABXEAAAAABXUAAAAABYUAAgAEAIQ0IAAB-ACAbAAB_ACAcAAB-ACAdAAB-ACAeAAB-ACBXAgAAAAFYAgAAAAVZAgAAAAVaAgAAAAFbAgAAAAFcAgAAAAFdAgAAAAFhAgB9ACENCAAAfgAgGwAAfwAgHAAAfgAgHQAAfgAgHgAAfgAgVwIAAAABWAIAAAAFWQIAAAAFWgIAAAABWwIAAAABXAIAAAABXQIAAAABYQIAfQAhCFcCAAAAAVgCAAAABVkCAAAABVoCAAAAAVsCAAAAAVwCAAAAAV0CAAAAAWECAH4AIQhXCAAAAAFYCAAAAAVZCAAAAAVaCAAAAAFbCAAAAAFcCAAAAAFdCAAAAAFhCAB_ACELCAAAcgAgHQAAgQEAIB4AAIEBACBXQAAAAAFYQAAAAARZQAAAAARaQAAAAAFbQAAAAAFcQAAAAAFdQAAAAAFhQACAAQAhCFdAAAAAAVhAAAAABFlAAAAABFpAAAAAAVtAAAAAAVxAAAAAAV1AAAAAAWFAAIEBACEHCAAAcgAgHQAAgwEAIB4AAIMBACBXAAAAZAJYAAAAZAhZAAAAZAhhAACCAWQiBFcAAABkAlgAAABkCFkAAABkCGEAAIMBZCIIUQAAhAEAMFIAADoAEFMAAIQBADBUAgBvACFiAgBvACFnAQBwACFoQAB7ACFpQAB7ACELUQAAhQEAMFIAACQAEFMAAIUBADBUAgBvACFpQAB7ACFqAQBwACFrAQBwACFsIACGAQAhbQEAcAAhbgEAhwEAIW9AAHsAIQUIAAByACAdAACLAQAgHgAAiwEAIFcgAAAAAWEgAIoBACEOCAAAfgAgHQAAiQEAIB4AAIkBACBXAQAAAAFYAQAAAAVZAQAAAAVaAQAAAAFbAQAAAAFcAQAAAAFdAQAAAAFeAQAAAAFfAQAAAAFgAQAAAAFhAQCIAQAhDggAAH4AIB0AAIkBACAeAACJAQAgVwEAAAABWAEAAAAFWQEAAAAFWgEAAAABWwEAAAABXAEAAAABXQEAAAABXgEAAAABXwEAAAABYAEAAAABYQEAiAEAIQtXAQAAAAFYAQAAAAVZAQAAAAVaAQAAAAFbAQAAAAFcAQAAAAFdAQAAAAFeAQAAAAFfAQAAAAFgAQAAAAFhAQCJAQAhBQgAAHIAIB0AAIsBACAeAACLAQAgVyAAAAABYSAAigEAIQJXIAAAAAFhIACLAQAhCQMAAI4BACBRAACMAQAwUgAACgAQUwAAjAEAMFQCAHcAIWICAHcAIWcBAHgAIWhAAI0BACFpQACNAQAhCFdAAAAAAVhAAAAABFlAAAAABFpAAAAAAVtAAAAAAVxAAAAAAV1AAAAAAWFAAIEBACEQBQAAkgEAIAYAAJIBACAHAACTAQAgUQAAjwEAMFIAAAcAEFMAAI8BADBUAgB3ACFpQACNAQAhagEAeAAhawEAeAAhbCAAkAEAIW0BAHgAIW4BAJEBACFvQACNAQAhdAAABwAgdQAABwAgDgUAAJIBACAGAACSAQAgBwAAkwEAIFEAAI8BADBSAAAHABBTAACPAQAwVAIAdwAhaUAAjQEAIWoBAHgAIWsBAHgAIWwgAJABACFtAQB4ACFuAQCRAQAhb0AAjQEAIQJXIAAAAAFhIACLAQAhC1cBAAAAAVgBAAAABVkBAAAABVoBAAAAAVsBAAAAAVwBAAAAAV0BAAAAAV4BAAAAAV8BAAAAAWABAAAAAWEBAIkBACEDcAAAAwAgcQAAAwAgcgAAAwAgA3AAAAoAIHEAAAoAIHIAAAoAIAJiAgAAAAFkAAAAZAIKAwAAjgEAIAQAAJgBACBRAACVAQAwUgAAAwAQUwAAlQEAMFQCAHcAIWICAHcAIWQAAJYBZCJlQACNAQAhZgIAlwEAIQRXAAAAZAJYAAAAZAhZAAAAZAhhAACDAWQiCFcCAAAAAVgCAAAABVkCAAAABVoCAAAAAVsCAAAAAVwCAAAAAV0CAAAAAWECAH4AIRAFAACSAQAgBgAAkgEAIAcAAJMBACBRAACPAQAwUgAABwAQUwAAjwEAMFQCAHcAIWlAAI0BACFqAQB4ACFrAQB4ACFsIACQAQAhbQEAeAAhbgEAkQEAIW9AAI0BACF0AAAHACB1AAAHACAAAAAAAAV5AgAAAAF_AgAAAAGAAQIAAAABgQECAAAAAYIBAgAAAAEBeQEAAAABAAAAAAAAAXkAAABkAgF5QAAAAAEFeQIAAAABfwIAAAABgAECAAAAAYEBAgAAAAGCAQIAAAABBRUAAO8BACAWAAD1AQAgdgAA8AEAIHcAAPQBACB8AAABACAHFQAA7QEAIBYAAPIBACB2AADuAQAgdwAA8QEAIHoAAAcAIHsAAAcAIHwAAAEAIAMVAADvAQAgdgAA8AEAIHwAAAEAIAMVAADtAQAgdgAA7gEAIHwAAAEAIAAAAAAABRUAAOgBACAWAADrAQAgdgAA6QEAIHcAAOoBACB8AAABACADFQAA6AEAIHYAAOkBACB8AAABACAAAAAAAAF5IAAAAAEBeQEAAAABCxUAANYBADAWAADaAQAwdgAA1wEAMHcAANgBADB4AADZAQAgeQAAzgEAMHoAAM4BADB7AADOAQAwfAAAzgEAMH0AANsBADB-AADRAQAwCxUAAMoBADAWAADPAQAwdgAAywEAMHcAAMwBADB4AADNAQAgeQAAzgEAMHoAAM4BADB7AADOAQAwfAAAzgEAMH0AANABADB-AADRAQAwCxUAAL4BADAWAADDAQAwdgAAvwEAMHcAAMABADB4AADBAQAgeQAAwgEAMHoAAMIBADB7AADCAQAwfAAAwgEAMH0AAMQBADB-AADFAQAwBFQCAAAAAWcBAAAAAWhAAAAAAWlAAAAAAQIAAAAMACAVAADJAQAgAwAAAAwAIBUAAMkBACAWAADIAQAgAQ4AAOcBADAJAwAAjgEAIFEAAIwBADBSAAAKABBTAACMAQAwVAIAAAABYgIAdwAhZwEAAAABaEAAjQEAIWlAAI0BACECAAAADAAgDgAAyAEAIAIAAADGAQAgDgAAxwEAIAhRAADFAQAwUgAAxgEAEFMAAMUBADBUAgB3ACFiAgB3ACFnAQB4ACFoQACNAQAhaUAAjQEAIQhRAADFAQAwUgAAxgEAEFMAAMUBADBUAgB3ACFiAgB3ACFnAQB4ACFoQACNAQAhaUAAjQEAIQRUAgCeAQAhZwEAnwEAIWhAAKcBACFpQACnAQAhBFQCAJ4BACFnAQCfAQAhaEAApwEAIWlAAKcBACEEVAIAAAABZwEAAAABaEAAAAABaUAAAAABBQMAAKsBACBUAgAAAAFiAgAAAAFkAAAAZAJlQAAAAAECAAAABQAgFQAA1QEAIAMAAAAFACAVAADVAQAgFgAA1AEAIAEOAADmAQAwCwMAAI4BACAEAACYAQAgUQAAlQEAMFIAAAMAEFMAAJUBADBUAgAAAAFiAgB3ACFkAACWAWQiZUAAjQEAIWYCAJcBACFzAACUAQAgAgAAAAUAIA4AANQBACACAAAA0gEAIA4AANMBACAIUQAA0QEAMFIAANIBABBTAADRAQAwVAIAdwAhYgIAdwAhZAAAlgFkImVAAI0BACFmAgCXAQAhCFEAANEBADBSAADSAQAQUwAA0QEAMFQCAHcAIWICAHcAIWQAAJYBZCJlQACNAQAhZgIAlwEAIQRUAgCeAQAhYgIAngEAIWQAAKYBZCJlQACnAQAhBQMAAKkBACBUAgCeAQAhYgIAngEAIWQAAKYBZCJlQACnAQAhBQMAAKsBACBUAgAAAAFiAgAAAAFkAAAAZAJlQAAAAAEFBAAArAEAIFQCAAAAAWQAAABkAmVAAAAAAWYCAAAAAQIAAAAFACAVAADeAQAgAwAAAAUAIBUAAN4BACAWAADdAQAgAQ4AAOUBADACAAAABQAgDgAA3QEAIAIAAADSAQAgDgAA3AEAIARUAgCeAQAhZAAApgFkImVAAKcBACFmAgCoAQAhBQQAAKoBACBUAgCeAQAhZAAApgFkImVAAKcBACFmAgCoAQAhBQQAAKwBACBUAgAAAAFkAAAAZAJlQAAAAAFmAgAAAAEEFQAA1gEAMHYAANcBADB4AADZAQAgfAAAzgEAMAQVAADKAQAwdgAAywEAMHgAAM0BACB8AADOAQAwBBUAAL4BADB2AAC_AQAweAAAwQEAIHwAAMIBADAAAAQFAADiAQAgBgAA4gEAIAcAAOMBACBuAACgAQAgBFQCAAAAAWQAAABkAmVAAAAAAWYCAAAAAQRUAgAAAAFiAgAAAAFkAAAAZAJlQAAAAAEEVAIAAAABZwEAAAABaEAAAAABaUAAAAABCgUAAN8BACAGAADgAQAgVAIAAAABaUAAAAABagEAAAABawEAAAABbCAAAAABbQEAAAABbgEAAAABb0AAAAABAgAAAAEAIBUAAOgBACADAAAABwAgFQAA6AEAIBYAAOwBACAMAAAABwAgBQAAuwEAIAYAALwBACAOAADsAQAgVAIAngEAIWlAAKcBACFqAQCfAQAhawEAnwEAIWwgALkBACFtAQCfAQAhbgEAugEAIW9AAKcBACEKBQAAuwEAIAYAALwBACBUAgCeAQAhaUAApwEAIWoBAJ8BACFrAQCfAQAhbCAAuQEAIW0BAJ8BACFuAQC6AQAhb0AApwEAIQoFAADfAQAgBwAA4QEAIFQCAAAAAWlAAAAAAWoBAAAAAWsBAAAAAWwgAAAAAW0BAAAAAW4BAAAAAW9AAAAAAQIAAAABACAVAADtAQAgCgYAAOABACAHAADhAQAgVAIAAAABaUAAAAABagEAAAABawEAAAABbCAAAAABbQEAAAABbgEAAAABb0AAAAABAgAAAAEAIBUAAO8BACADAAAABwAgFQAA7QEAIBYAAPMBACAMAAAABwAgBQAAuwEAIAcAAL0BACAOAADzAQAgVAIAngEAIWlAAKcBACFqAQCfAQAhawEAnwEAIWwgALkBACFtAQCfAQAhbgEAugEAIW9AAKcBACEKBQAAuwEAIAcAAL0BACBUAgCeAQAhaUAApwEAIWoBAJ8BACFrAQCfAQAhbCAAuQEAIW0BAJ8BACFuAQC6AQAhb0AApwEAIQMAAAAHACAVAADvAQAgFgAA9gEAIAwAAAAHACAGAAC8AQAgBwAAvQEAIA4AAPYBACBUAgCeAQAhaUAApwEAIWoBAJ8BACFrAQCfAQAhbCAAuQEAIW0BAJ8BACFuAQC6AQAhb0AApwEAIQoGAAC8AQAgBwAAvQEAIFQCAJ4BACFpQACnAQAhagEAnwEAIWsBAJ8BACFsIAC5AQAhbQEAnwEAIW4BALoBACFvQACnAQAhBAUGAgYJAgcNAwgABAIDAAEECAEBAwABAwUOAAYPAAcQAAAAAAUIAAkbAAocAAsdAAweAA0AAAAAAAUIAAkbAAocAAsdAAweAA0BAwABAQMAAQUIABIbABMcABQdABUeABYAAAAAAAUIABIbABMcABQdABUeABYCAwABBEcBAgMAAQRNAQUIABsbABwcAB0dAB4eAB8AAAAAAAUIABsbABwcAB0dAB4eAB8AAAAFCAAlGwAmHAAnHQAoHgApAAAAAAAFCAAlGwAmHAAnHQAoHgApCQIBChEBCxMBDBQBDRUBDxcBEBkFERoGEhwBEx4FFB8HFyABGCEBGSIFHyUIICYOIScDIigDIykDJCoDJSsDJi0DJy8FKDAPKTIDKjQFKzUQLDYDLTcDLjgFLzsRMDwXMT0CMj4CMz8CNEACNUECNkMCN0UFOEYYOUkCOksFO0wZPE4CPU8CPlAFP1MaQFQgQVYhQlchQ1ohRFshRVwhRl4hR2AFSGEiSWMhSmUFS2YjTGchTWghTmkFT2wkUG0q"
+};
+async function decodeBase64AsWasm(wasmBase64) {
+    const { Buffer } = await import('node:buffer');
+    const wasmArray = Buffer.from(wasmBase64, 'base64');
+    return new WebAssembly.Module(wasmArray);
+}
+config.compilerWasm = {
+    getRuntime: async () => await import("@prisma/client/runtime/query_compiler_fast_bg.sqlite.mjs"),
+    getQueryCompilerWasmModule: async () => {
+        const { wasm } = await import("@prisma/client/runtime/query_compiler_fast_bg.sqlite.wasm-base64.mjs");
+        return await decodeBase64AsWasm(wasm);
+    },
+    importName: "./query_compiler_fast_bg.js"
+};
+export function getPrismaClientClass() {
+    return runtime.getPrismaClient(config);
+}

package/dist/generated/prisma/internal/prismaNamespace.js

@@ -0,0 +1,118 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * WARNING: This is an internal file that is subject to change!
+ *
+ * 🛑 Under no circumstances should you import this file directly! 🛑
+ *
+ * All exports from this file are wrapped under a `Prisma` namespace object in the client.ts file.
+ * While this enables partial backward compatibility, it is not part of the stable public API.
+ *
+ * If you are looking for your Models, Enums, and Input Types, please import them from the respective
+ * model files in the `model` directory!
+ */
+import * as runtime from "@prisma/client/runtime/client";
+/**
+ * Prisma Errors
+ */
+export const PrismaClientKnownRequestError = runtime.PrismaClientKnownRequestError;
+export const PrismaClientUnknownRequestError = runtime.PrismaClientUnknownRequestError;
+export const PrismaClientRustPanicError = runtime.PrismaClientRustPanicError;
+export const PrismaClientInitializationError = runtime.PrismaClientInitializationError;
+export const PrismaClientValidationError = runtime.PrismaClientValidationError;
+/**
+ * Re-export of sql-template-tag
+ */
+export const sql = runtime.sqltag;
+export const empty = runtime.empty;
+export const join = runtime.join;
+export const raw = runtime.raw;
+export const Sql = runtime.Sql;
+/**
+ * Decimal.js
+ */
+export const Decimal = runtime.Decimal;
+export const getExtensionContext = runtime.Extensions.getExtensionContext;
+/**
+ * Prisma Client JS version: 7.6.0
+ * Query Engine version: 75cbdc1eb7150937890ad5465d861175c6624711
+ */
+export const prismaVersion = {
+    client: "7.6.0",
+    engine: "75cbdc1eb7150937890ad5465d861175c6624711"
+};
+export const NullTypes = {
+    DbNull: runtime.NullTypes.DbNull,
+    JsonNull: runtime.NullTypes.JsonNull,
+    AnyNull: runtime.NullTypes.AnyNull,
+};
+/**
+ * Helper for filtering JSON entries that have `null` on the database (empty on the db)
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const DbNull = runtime.DbNull;
+/**
+ * Helper for filtering JSON entries that have JSON `null` values (not empty on the db)
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const JsonNull = runtime.JsonNull;
+/**
+ * Helper for filtering JSON entries that are `Prisma.DbNull` or `Prisma.JsonNull`
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const AnyNull = runtime.AnyNull;
+export const ModelName = {
+    User: 'User',
+    Session: 'Session',
+    UserPermission: 'UserPermission',
+    SchemaVersion: 'SchemaVersion'
+};
+/**
+ * Enums
+ */
+export const TransactionIsolationLevel = runtime.makeStrictEnum({
+    Serializable: 'Serializable'
+});
+export const UserScalarFieldEnum = {
+    id: 'id',
+    username: 'username',
+    uuid: 'uuid',
+    isAgent: 'isAgent',
+    passwordHash: 'passwordHash',
+    createdAt: 'createdAt',
+    apiKey: 'apiKey',
+    updatedAt: 'updatedAt'
+};
+export const SessionScalarFieldEnum = {
+    id: 'id',
+    userId: 'userId',
+    tokenHash: 'tokenHash',
+    expiresAt: 'expiresAt',
+    createdAt: 'createdAt'
+};
+export const UserPermissionScalarFieldEnum = {
+    id: 'id',
+    userId: 'userId',
+    permission: 'permission',
+    grantedAt: 'grantedAt',
+    grantedBy: 'grantedBy'
+};
+export const SchemaVersionScalarFieldEnum = {
+    id: 'id',
+    version: 'version',
+    updated: 'updated'
+};
+export const SortOrder = {
+    asc: 'asc',
+    desc: 'desc'
+};
+export const NullsOrder = {
+    first: 'first',
+    last: 'last'
+};
+export const defineExtension = runtime.Extensions.defineExtension;

package/dist/generated/prisma/internal/prismaNamespaceBrowser.js

@@ -0,0 +1,89 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * WARNING: This is an internal file that is subject to change!
+ *
+ * 🛑 Under no circumstances should you import this file directly! 🛑
+ *
+ * All exports from this file are wrapped under a `Prisma` namespace object in the browser.ts file.
+ * While this enables partial backward compatibility, it is not part of the stable public API.
+ *
+ * If you are looking for your Models, Enums, and Input Types, please import them from the respective
+ * model files in the `model` directory!
+ */
+import * as runtime from "@prisma/client/runtime/index-browser";
+export const Decimal = runtime.Decimal;
+export const NullTypes = {
+    DbNull: runtime.NullTypes.DbNull,
+    JsonNull: runtime.NullTypes.JsonNull,
+    AnyNull: runtime.NullTypes.AnyNull,
+};
+/**
+ * Helper for filtering JSON entries that have `null` on the database (empty on the db)
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const DbNull = runtime.DbNull;
+/**
+ * Helper for filtering JSON entries that have JSON `null` values (not empty on the db)
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const JsonNull = runtime.JsonNull;
+/**
+ * Helper for filtering JSON entries that are `Prisma.DbNull` or `Prisma.JsonNull`
+ *
+ * @see https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filtering-on-a-json-field
+ */
+export const AnyNull = runtime.AnyNull;
+export const ModelName = {
+    User: 'User',
+    Session: 'Session',
+    UserPermission: 'UserPermission',
+    SchemaVersion: 'SchemaVersion'
+};
+/*
+ * Enums
+ */
+export const TransactionIsolationLevel = runtime.makeStrictEnum({
+    Serializable: 'Serializable'
+});
+export const UserScalarFieldEnum = {
+    id: 'id',
+    username: 'username',
+    uuid: 'uuid',
+    isAgent: 'isAgent',
+    passwordHash: 'passwordHash',
+    createdAt: 'createdAt',
+    apiKey: 'apiKey',
+    updatedAt: 'updatedAt'
+};
+export const SessionScalarFieldEnum = {
+    id: 'id',
+    userId: 'userId',
+    tokenHash: 'tokenHash',
+    expiresAt: 'expiresAt',
+    createdAt: 'createdAt'
+};
+export const UserPermissionScalarFieldEnum = {
+    id: 'id',
+    userId: 'userId',
+    permission: 'permission',
+    grantedAt: 'grantedAt',
+    grantedBy: 'grantedBy'
+};
+export const SchemaVersionScalarFieldEnum = {
+    id: 'id',
+    version: 'version',
+    updated: 'updated'
+};
+export const SortOrder = {
+    asc: 'asc',
+    desc: 'desc'
+};
+export const NullsOrder = {
+    first: 'first',
+    last: 'last'
+};

package/dist/generated/prisma/models/SchemaVersion.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/prisma/models/Session.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/prisma/models/User.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/prisma/models/UserPermission.js

@@ -0,0 +1 @@
+export {};

package/dist/generated/prisma/models.js

@@ -0,0 +1 @@
+export {};

package/dist/index.js

@@ -0,0 +1,10 @@
+// Re-export Database Config
+export { SUPERVISOR_DB_VERSION, supervisorDbPath, supervisorDbUrl, } from "./dbConfig.js";
+// Re-export Prisma client factory
+export { createPrismaClient } from "./prismaClient.js";
+// Re-export Migration Helper
+export { deploySupervisorMigrations } from "./migrationHelper.js";
+export { authenticateAndCreateSession, createSupervisorDatabaseClient, deleteSession, ensureSuperAdmin, findSession, findUserByApiKey, handleResetPassword, lookupUsername, resetPassword, updateUserPassword, } from "./sessionService.js";
+// Re-export Prisma Client and all generated types
+export * from "./generated/prisma/client.js";
+export { PrismaClient } from "./generated/prisma/client.js";

package/dist/migrationHelper.js

@@ -0,0 +1,13 @@
+import { deployPrismaMigrations } from "@naisys/common-node";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+import { SUPERVISOR_DB_VERSION, supervisorDbPath } from "./dbConfig.js";
+const __filename = fileURLToPath(import.meta.url);
+const packageDir = join(dirname(__filename), "..");
+export async function deploySupervisorMigrations() {
+    await deployPrismaMigrations({
+        packageDir,
+        databasePath: supervisorDbPath(),
+        expectedVersion: SUPERVISOR_DB_VERSION,
+    });
+}

package/dist/prismaClient.js

@@ -0,0 +1,21 @@
+import { PrismaBetterSqlite3 } from "@prisma/adapter-better-sqlite3";
+import { PrismaClient } from "./generated/prisma/client.js";
+/**
+ * Create a Prisma client with a dynamic database path
+ * @param databasePath - Absolute path to the SQLite database file
+ * @returns Configured PrismaClient instance
+ */
+export async function createPrismaClient(databasePath) {
+    const adapter = new PrismaBetterSqlite3({
+        url: `file:${databasePath}`,
+        timeout: 10_000, // Wait up to 10s for SQLite lock to be released
+    });
+    const prisma = new PrismaClient({ adapter });
+    // Enable WAL mode for better concurrent read/write performance
+    await prisma.$executeRawUnsafe("PRAGMA journal_mode=WAL");
+    // NORMAL is safe with WAL and avoids an extra fsync per commit
+    await prisma.$executeRawUnsafe("PRAGMA synchronous=NORMAL");
+    // SQLite doesn't enforce foreign keys by default — must be enabled per connection
+    await prisma.$executeRawUnsafe("PRAGMA foreign_keys=ON");
+    return prisma;
+}

package/dist/sessionService.js

@@ -0,0 +1,208 @@
+import { SUPER_ADMIN_USERNAME } from "@naisys/common";
+import { hashToken } from "@naisys/common-node";
+import bcrypt from "bcryptjs";
+import { randomBytes, randomUUID } from "crypto";
+import { existsSync } from "fs";
+import readline from "readline/promises";
+import { supervisorDbPath } from "./dbConfig.js";
+import { createPrismaClient } from "./prismaClient.js";
+const SESSION_DURATION_MS = 30 * 24 * 60 * 60 * 1000; // 30 days
+let supervisorDb = null;
+/**
+ * Initialize supervisor sessions by connecting to supervisor.db.
+ * Idempotent — returns early if already initialized.
+ * No-ops gracefully if NAISYS_FOLDER is unset or the database doesn't exist.
+ */
+export async function createSupervisorDatabaseClient() {
+    if (supervisorDb)
+        return true;
+    const dbPath = supervisorDbPath();
+    if (!existsSync(dbPath))
+        return false;
+    supervisorDb = await createPrismaClient(dbPath);
+    return true;
+}
+/**
+ * Find a session user by session token hash. Returns null if not found or expired.
+ */
+export async function findSession(tokenHash) {
+    if (!supervisorDb)
+        return null;
+    const session = await supervisorDb.session.findUnique({
+        where: {
+            tokenHash,
+            expiresAt: { gt: new Date() },
+        },
+        include: { user: true },
+    });
+    if (!session)
+        return null;
+    return {
+        userId: session.user.id,
+        username: session.user.username,
+        passwordHash: session.user.passwordHash,
+        uuid: session.user.uuid,
+    };
+}
+/**
+ * Look up a session user by username.
+ */
+export async function lookupUsername(username) {
+    if (!supervisorDb)
+        return null;
+    const user = await supervisorDb.user.findUnique({
+        where: { username },
+    });
+    if (!user)
+        return null;
+    return {
+        userId: user.id,
+        username: user.username,
+        passwordHash: user.passwordHash,
+        uuid: user.uuid,
+    };
+}
+/**
+ * Find a supervisor user by API key. Returns null if not found or DB not initialized.
+ */
+export async function findUserByApiKey(apiKey) {
+    if (!supervisorDb)
+        return null;
+    const user = await supervisorDb.user.findUnique({
+        where: { apiKey },
+        select: { uuid: true, username: true },
+    });
+    return user;
+}
+/**
+ * Authenticate a user by username/password and create a session.
+ * Returns null if credentials are invalid or DB is not initialized.
+ */
+export async function authenticateAndCreateSession(username, password) {
+    const user = await lookupUsername(username);
+    if (!user)
+        return null;
+    const valid = await bcrypt.compare(password, user.passwordHash);
+    if (!valid)
+        return null;
+    const token = randomUUID();
+    const tokenHash = hashToken(token);
+    const expiresAt = new Date(Date.now() + SESSION_DURATION_MS);
+    const dbUser = await supervisorDb.user.findUnique({
+        where: { username },
+    });
+    await supervisorDb.session.create({
+        data: {
+            userId: dbUser.id,
+            tokenHash,
+            expiresAt,
+        },
+    });
+    return { token, user, expiresAt };
+}
+/**
+ * Update a user's password hash. No-op if not initialized.
+ */
+export async function updateUserPassword(username, passwordHash) {
+    if (!supervisorDb)
+        return;
+    await supervisorDb.user.update({
+        where: { username },
+        data: { passwordHash },
+    });
+}
+/**
+ * Delete a session by token hash.
+ */
+export async function deleteSession(tokenHash) {
+    if (!supervisorDb)
+        return;
+    await supervisorDb.session.deleteMany({
+        where: { tokenHash },
+    });
+}
+/**
+ * Ensure a "superadmin" user exists in the supervisor database.
+ * If already exists, returns it as-is. Otherwise creates with generated credentials.
+ */
+export async function ensureSuperAdmin() {
+    if (!supervisorDb)
+        throw new Error("Supervisor DB not initialized");
+    const existing = await supervisorDb.user.findUnique({
+        where: { username: SUPER_ADMIN_USERNAME },
+    });
+    if (existing) {
+        return {
+            created: false,
+            user: {
+                uuid: existing.uuid,
+                username: existing.username,
+                passwordHash: existing.passwordHash,
+                apiKey: existing.apiKey,
+            },
+        };
+    }
+    const uuid = randomUUID();
+    const password = randomUUID().slice(0, 8);
+    const passwordHash = await bcrypt.hash(password, 10);
+    const apiKey = randomBytes(32).toString("hex");
+    const user = await supervisorDb.user.create({
+        data: { uuid, username: SUPER_ADMIN_USERNAME, passwordHash, apiKey },
+    });
+    await supervisorDb.userPermission.create({
+        data: { userId: user.id, permission: "supervisor_admin" },
+    });
+    return {
+        created: true,
+        generatedPassword: password,
+        user: { uuid, username: SUPER_ADMIN_USERNAME, passwordHash, apiKey },
+    };
+}
+/**
+ * CLI entry point for --reset-password. Initializes supervisor sessions,
+ * then runs the interactive password reset.
+ */
+export async function handleResetPassword(options) {
+    console.log(`NAISYS_FOLDER: ${process.env.NAISYS_FOLDER}`);
+    await createSupervisorDatabaseClient();
+    await resetPassword(options.findLocalUser, options.updateLocalPassword, options.username, options.password);
+}
+/**
+ * CLI to reset a user's password. Updates both local DB (via callbacks) and
+ * the supervisor DB. If username/password are provided, skips interactive
+ * prompts.
+ */
+export async function resetPassword(findLocalUser, updateLocalPassword, usernameArg, passwordArg) {
+    let username;
+    let password;
+    if (usernameArg && passwordArg) {
+        username = usernameArg;
+        password = passwordArg;
+    }
+    else {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        try {
+            username = usernameArg || (await rl.question("Username: "));
+            password = passwordArg || (await rl.question("New password: "));
+        }
+        finally {
+            rl.close();
+        }
+    }
+    const user = await findLocalUser(username);
+    if (!user) {
+        console.error(`User '${username}' not found.`);
+        process.exit(1);
+    }
+    if (password.length < 6) {
+        console.error("Password must be at least 6 characters.");
+        process.exit(1);
+    }
+    const hash = await bcrypt.hash(password, 10);
+    await updateLocalPassword(user.id, hash);
+    await updateUserPassword(username, hash);
+    console.log(`Password reset for '${username}'.`);
+}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@naisys/supervisor-database",
+  "version": "3.0.0-beta.10",
+  "type": "module",
+  "description": "[internal] Supervisor database schema and Prisma client for NAISYS",
+  "files": [
+    "dist",
+    "prisma.config.ts",
+    "prisma/schema.prisma",
+    "prisma/migrations",
+    "!dist/**/*.map",
+    "!dist/**/*.d.ts",
+    "!dist/**/*.d.ts.map"
+  ],
+  "scripts": {
+    "clean": "rimraf dist",
+    "prisma:migrate": "prisma migrate dev --create-only",
+    "prisma:generate": "prisma generate",
+    "prisma:studio": "prisma studio",
+    "build": "npm run prisma:generate && tsc",
+    "npm:publish:dryrun": "npm publish --dry-run",
+    "npm:publish": "npm publish --access public"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "typescript": "^5.9.3"
+  },
+  "dependencies": {
+    "@naisys/common": "3.0.0-beta.10",
+    "@naisys/common-node": "3.0.0-beta.10",
+    "bcryptjs": "^3.0.2",
+    "@prisma/adapter-better-sqlite3": "^7.5.0",
+    "@prisma/client": "^7.5.0",
+    "better-sqlite3": "^12.6.2",
+    "prisma": "^7.5.0"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  }
+}

package/prisma/migrations/20260219193117_init/migration.sql

@@ -0,0 +1,36 @@
+-- CreateTable
+CREATE TABLE "users" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "username" TEXT NOT NULL,
+    "uuid" TEXT NOT NULL DEFAULT '',
+    "is_agent" BOOLEAN NOT NULL DEFAULT false,
+    "password_hash" TEXT NOT NULL DEFAULT '',
+    "session_token_hash" TEXT,
+    "session_expires_at" DATETIME,
+    "created_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" DATETIME NOT NULL
+);
+
+-- CreateTable
+CREATE TABLE "user_permissions" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "user_id" INTEGER NOT NULL,
+    "permission" TEXT NOT NULL,
+    "granted_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "granted_by" INTEGER,
+    CONSTRAINT "user_permissions_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "user_permissions_granted_by_fkey" FOREIGN KEY ("granted_by") REFERENCES "users" ("id") ON DELETE SET NULL ON UPDATE CASCADE
+);
+
+-- CreateTable
+CREATE TABLE "schema_version" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT DEFAULT 1,
+    "version" INTEGER NOT NULL,
+    "updated" TEXT NOT NULL
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_username_key" ON "users"("username");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "user_permissions_user_id_permission_key" ON "user_permissions"("user_id", "permission");

package/prisma/migrations/20260225045447_add_manage_hosts_permission/migration.sql

@@ -0,0 +1 @@
+-- This is an empty migration.

package/prisma/migrations/20260308000000_multi_session/migration.sql

@@ -0,0 +1,22 @@
+-- CreateTable
+CREATE TABLE "sessions" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "user_id" INTEGER NOT NULL,
+    "token_hash" TEXT NOT NULL,
+    "expires_at" DATETIME NOT NULL,
+    "created_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    CONSTRAINT "sessions_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "sessions_token_hash_key" ON "sessions"("token_hash");
+
+-- Migrate existing sessions
+INSERT INTO "sessions" ("user_id", "token_hash", "expires_at", "created_at")
+SELECT "id", "session_token_hash", "session_expires_at", CURRENT_TIMESTAMP
+FROM "users"
+WHERE "session_token_hash" IS NOT NULL AND "session_expires_at" IS NOT NULL;
+
+-- DropColumns
+ALTER TABLE "users" DROP COLUMN "session_token_hash";
+ALTER TABLE "users" DROP COLUMN "session_expires_at";

package/prisma/migrations/20260309000000_add_user_api_key/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "users" ADD COLUMN "api_key" TEXT;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_api_key_key" ON "users"("api_key");

package/prisma/migrations/migration_lock.toml

@@ -0,0 +1,3 @@
+# Please do not edit this file manually
+# It should be added in your version-control system (e.g., Git)
+provider = "sqlite"

package/prisma/schema.prisma

@@ -0,0 +1,66 @@
+datasource db {
+  provider = "sqlite"
+}
+
+generator client {
+  provider = "prisma-client"
+  output   = "../src/generated/prisma"
+}
+
+enum Permission {
+  supervisor_admin
+  manage_agents
+  manage_hosts
+  agent_communication
+  manage_models
+  manage_variables
+  view_run_logs
+}
+
+model User {
+  id               Int              @id @default(autoincrement())
+  username         String           @unique
+  uuid             String           @default("")
+  isAgent          Boolean          @default(false) @map("is_agent")
+  passwordHash     String           @default("") @map("password_hash")
+  createdAt        DateTime         @default(now()) @map("created_at")
+  apiKey           String?          @unique @map("api_key")
+  updatedAt        DateTime         @updatedAt @map("updated_at")
+  permissions      UserPermission[] @relation("UserPermissions")
+  grantedPermissions UserPermission[] @relation("GrantedByPermissions")
+  sessions         Session[]
+
+  @@map("users")
+}
+
+model Session {
+  id        Int      @id @default(autoincrement())
+  userId    Int      @map("user_id")
+  tokenHash String   @unique @map("token_hash")
+  expiresAt DateTime @map("expires_at")
+  createdAt DateTime @default(now()) @map("created_at")
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@map("sessions")
+}
+
+model UserPermission {
+  id         Int        @id @default(autoincrement())
+  userId     Int        @map("user_id")
+  permission Permission
+  grantedAt  DateTime   @default(now()) @map("granted_at")
+  grantedBy  Int?       @map("granted_by")
+  user       User       @relation("UserPermissions", fields: [userId], references: [id], onDelete: Cascade)
+  grantedByUser User?   @relation("GrantedByPermissions", fields: [grantedBy], references: [id])
+
+  @@unique([userId, permission])
+  @@map("user_permissions")
+}
+
+model SchemaVersion {
+  id      Int    @id @default(1)
+  version Int
+  updated String
+
+  @@map("schema_version")
+}

package/prisma.config.ts

@@ -0,0 +1,18 @@
+import "dotenv/config";
+import { join } from "path";
+import { defineConfig } from "prisma/config";
+
+// Use placeholder during generation, actual path provided at runtime
+const naisysFolder = process.env.NAISYS_FOLDER || "";
+
+export default defineConfig({
+  schema: "prisma/schema.prisma",
+  migrations: {
+    path: "prisma/migrations",
+  },
+  datasource: {
+    // Used in dev when we run migrate manually to generate migration scripts
+    // Used in prod when self-migrating an existing database
+    url: `file:` + join(naisysFolder, "database", `supervisor.db`),
+  },
+});