@nightowlsdev/storage-supabase 0.3.0 → 1.0.0

package/dist/index.js

@@ -112,6 +112,19 @@ function makeEventStore(ctx) {
       const rows = await many(ctx.pool, "select run_id, seq, payload from events where org_id=$1 and run_id=$2 and seq>$3 order by seq", [tenantId, runId, sinceSeq]);
       return rows.map(fromRow);
     },
+    // The full ordered log for a CONTAINER: join events → runs and match the container (the root thread_id, OR a
+    // lane sub-thread `<container>:<slug>`). `seq` is GENERATED ALWAYS (global, monotonic across all runs), so a
+    // plain `order by seq` interleaves every run correctly. Org-scoped (service connection bypasses RLS, so we
+    // enforce tenancy here). split_part is injection-safe; a container id never contains ':'.
+    async listForContainer(tenantId, container) {
+      const rows = await many(
+        ctx.pool,
+        `select e.run_id, e.seq, e.payload, r.thread_id from events e join runs r on r.id = e.run_id
+           where e.org_id = $1 and split_part(r.thread_id, ':', 1) = $2 order by e.seq`,
+        [tenantId, container]
+      );
+      return rows.map((r) => ({ ...fromRow(r), threadId: r.thread_id }));
+    },
     subscribe: makeSubscribe(ctx)
   };
 }
@@ -258,6 +271,22 @@ function makeScratchpadStore(ctx) {
   };
 }
 
+// src/agents.ts
+import { assertActorMayMutateDefinition } from "@nightowlsdev/core";
+
+// src/versioning.ts
+async function appendVersion(client, entity, headId, tenantId, insertVersionRow, action, actor, auditAfter) {
+  await client.query("select pg_advisory_xact_lock(hashtext($1), hashtext($2))", [entity.versionTable, headId]);
+  const nextV = (await client.query(`select coalesce(max(version),0)+1 v from ${entity.versionTable} where ${entity.fkColumn}=$1`, [headId])).rows[0].v;
+  const versionRowId = await insertVersionRow(nextV);
+  await client.query(`update ${entity.headTable} set current_version_id=$2 where id=$1`, [headId, versionRowId]);
+  await client.query(
+    "insert into audit_log(org_id, actor, action, entity, entity_id, after) values($1,$2,$3,$4,$5,$6)",
+    [tenantId, actor, action, entity.kind, headId, JSON.stringify({ version: nextV, ...auditAfter })]
+  );
+  return nextV;
+}
+
 // src/subscribe-invalidations.ts
 var INVALIDATE_CHANNEL = "nightowls_agent_invalidate";
 async function listenForInvalidations(ctx, onInvalidate) {
@@ -269,7 +298,7 @@ async function listenForInvalidations(ctx, onInvalidate) {
   client.on("error", (e) => {
     client.removeListener("notification", onNotification);
     console.warn(
-      "[nightowls] agent-cache invalidation LISTEN connection errored \u2014 cross-process eviction paused until restart; the 30s cache TTL still bounds staleness:",
+      "[@nightowlsdev/storage-supabase] agent-cache invalidation LISTEN connection errored \u2014 cross-process eviction paused until restart; the 30s cache TTL still bounds staleness:",
       e instanceof Error ? e.message : e
     );
   });
@@ -293,6 +322,7 @@ async function listenForInvalidations(ctx, onInvalidate) {
 }
 
 // src/agents.ts
+var AGENT_ENTITY = { kind: "agent", versionTable: "agent_versions", headTable: "agents", fkColumn: "agent_id" };
 function rowToVersion(r) {
   return {
     slug: r.slug,
@@ -305,6 +335,18 @@ function rowToVersion(r) {
     modelId: r.model_id
   };
 }
+function auditActor(actor) {
+  switch (actor.type) {
+    case "human":
+      return `user:${actor.userId}`;
+    case "service":
+      return `service:${actor.serviceId}`;
+    case "system":
+      return `system:${actor.reason}`;
+    case "agent":
+      return `agent:${actor.agentSlug}`;
+  }
+}
 function makeAgentRepo(ctx) {
   return {
     async head(tenantId, slug) {
@@ -333,19 +375,32 @@ function makeAgentRepo(ctx) {
     }
   };
 }
+function makeVersionedRepo(ctx) {
+  const read = makeAgentRepo(ctx);
+  return {
+    ...read,
+    async publish(tenantId, slug, content, actor) {
+      const { version } = await publishAgentVersion(ctx, { tenantId, ...content, slug, actor });
+      return { version };
+    },
+    async rollback(tenantId, slug, toVersion, actor) {
+      return rollbackAgentVersion(ctx, { tenantId, slug, toVersion, actor });
+    },
+    async listVersions(tenantId, slug, actor) {
+      assertActorMayMutateDefinition(actor);
+      return listAgentVersions(ctx, tenantId, slug);
+    }
+  };
+}
 async function commitVersion(client, agentId, tenantId, content, action, actor, auditAfter) {
-  const nextV = (await client.query("select coalesce(max(version),0)+1 v from agent_versions where agent_id=$1", [agentId])).rows[0].v;
-  const ver = (await client.query(
-    `insert into agent_versions(agent_id, org_id, version, role, personality, capabilities, skill_names, delegate_slugs, model_id, status)
-     values($1,$2,$3,$4,$5,$6,$7,$8,$9,'published') returning id`,
-    [agentId, tenantId, nextV, content.role, content.personality, JSON.stringify(content.capabilities), JSON.stringify(content.skillNames), JSON.stringify(content.delegateSlugs), content.modelId]
-  )).rows[0];
-  await client.query("update agents set current_version_id=$2 where id=$1", [agentId, ver.id]);
-  await client.query(
-    "insert into audit_log(org_id, actor, action, entity, entity_id, after) values($1,$2,$3,'agent',$4,$5)",
-    [tenantId, actor, action, agentId, JSON.stringify({ version: nextV, ...auditAfter })]
-  );
-  return nextV;
+  return appendVersion(client, AGENT_ENTITY, agentId, tenantId, async (version) => {
+    const ver = (await client.query(
+      `insert into agent_versions(agent_id, org_id, version, role, personality, capabilities, skill_names, delegate_slugs, model_id, status)
+       values($1,$2,$3,$4,$5,$6,$7,$8,$9,'published') returning id`,
+      [agentId, tenantId, version, content.role, content.personality, JSON.stringify(content.capabilities), JSON.stringify(content.skillNames), JSON.stringify(content.delegateSlugs), content.modelId]
+    )).rows[0];
+    return ver.id;
+  }, action, actor, auditAfter);
 }
 async function notifyInvalidate(client, tenantId, slug) {
   try {
@@ -353,7 +408,10 @@ async function notifyInvalidate(client, tenantId, slug) {
   } catch {
   }
 }
+var SEED_ACTOR = { type: "system", reason: "seed" };
 async function publishAgentVersion(ctx, def) {
+  const actor = def.actor ?? SEED_ACTOR;
+  assertActorMayMutateDefinition(actor);
   const client = await ctx.pool.connect();
   try {
     await client.query("begin");
@@ -362,9 +420,10 @@ async function publishAgentVersion(ctx, def) {
        on conflict (org_id, project_id, slug) do update set slug=excluded.slug returning id`,
       [def.tenantId, def.slug, def.role === "orchestrator"]
     )).rows[0];
-    await commitVersion(client, agent.id, def.tenantId, def, "publish", def.actor ?? "seed", { slug: def.slug });
+    const version = await commitVersion(client, agent.id, def.tenantId, def, "publish", auditActor(actor), { slug: def.slug });
     await client.query("commit");
     await notifyInvalidate(client, def.tenantId, def.slug);
+    return { version };
   } catch (e) {
     await client.query("rollback");
     throw e;
@@ -383,6 +442,8 @@ async function listAgentVersions(ctx, tenantId, slug) {
   return rows.map((r) => ({ version: Number(r.version), role: r.role, modelId: r.model_id, status: r.status, isCurrent: r.is_current }));
 }
 async function rollbackAgentVersion(ctx, args) {
+  const actor = args.actor ?? { type: "system", reason: "rollback" };
+  assertActorMayMutateDefinition(actor);
   const client = await ctx.pool.connect();
   try {
     await client.query("begin");
@@ -401,7 +462,7 @@ async function rollbackAgentVersion(ctx, args) {
       delegateSlugs: target.delegate_slugs ?? [],
       modelId: target.model_id
     };
-    const version = await commitVersion(client, target.agent_id, args.tenantId, content, "rollback", args.actor ?? "rollback", {
+    const version = await commitVersion(client, target.agent_id, args.tenantId, content, "rollback", auditActor(actor), {
       slug: args.slug,
       restoredFrom: args.toVersion
     });
@@ -416,6 +477,114 @@ async function rollbackAgentVersion(ctx, args) {
   }
 }
 
+// src/bundles.ts
+import { assertActorMayMutateDefinition as assertActorMayMutateDefinition2 } from "@nightowlsdev/core";
+var BUNDLE_ENTITY = { kind: "bundle", versionTable: "bundle_versions", headTable: "bundles", fkColumn: "bundle_id" };
+function auditActor2(actor) {
+  switch (actor.type) {
+    case "human":
+      return `user:${actor.userId}`;
+    case "service":
+      return `service:${actor.serviceId}`;
+    case "system":
+      return `system:${actor.reason}`;
+    case "agent":
+      return `agent:${actor.agentSlug}`;
+  }
+}
+function rowToBundleVersion(r) {
+  return { version: Number(r.version), ...r.content };
+}
+function makeBundleRepo(ctx) {
+  return {
+    async head(tenantId, slug) {
+      const r = await one(
+        ctx.pool,
+        `select v.version, v.content from bundles b join bundle_versions v on v.id = b.current_version_id
+         where b.org_id=$1 and b.slug=$2`,
+        [tenantId, slug]
+      );
+      return r ? rowToBundleVersion(r) : null;
+    },
+    async getVersion(tenantId, slug, version) {
+      const r = await one(
+        ctx.pool,
+        `select v.version, v.content from bundles b join bundle_versions v on v.bundle_id = b.id
+         where b.org_id=$1 and b.slug=$2 and v.version=$3`,
+        [tenantId, slug, version]
+      );
+      return r ? rowToBundleVersion(r) : null;
+    },
+    async listSlugs(tenantId) {
+      const rows = await many(ctx.pool, "select slug from bundles where org_id=$1", [tenantId]);
+      return rows.map((r) => r.slug);
+    }
+  };
+}
+async function commitBundle(ctx, tenantId, slug, content, action, actor, auditAfter) {
+  const client = await ctx.pool.connect();
+  try {
+    await client.query("begin");
+    const bundle = (await client.query(
+      `insert into bundles(org_id, slug) values($1,$2)
+       on conflict (org_id, project_id, slug) do update set slug=excluded.slug returning id`,
+      [tenantId, slug]
+    )).rows[0];
+    const version = await appendVersion(client, BUNDLE_ENTITY, bundle.id, tenantId, async (v) => {
+      const row = (await client.query(
+        `insert into bundle_versions(bundle_id, org_id, version, content, status) values($1,$2,$3,$4,'published') returning id`,
+        [bundle.id, tenantId, v, JSON.stringify(content)]
+      )).rows[0];
+      return row.id;
+    }, action, auditActor2(actor), auditAfter);
+    await client.query("commit");
+    return { version };
+  } catch (e) {
+    await client.query("rollback");
+    throw e;
+  } finally {
+    client.release();
+  }
+}
+async function listBundleVersions(ctx, tenantId, slug) {
+  const rows = await many(
+    ctx.pool,
+    `select v.version, v.content, v.status, (v.id = b.current_version_id) as is_current
+     from bundles b join bundle_versions v on v.bundle_id = b.id
+     where b.org_id=$1 and b.slug=$2 order by v.version`,
+    [tenantId, slug]
+  );
+  return rows.map((r) => ({
+    version: Number(r.version),
+    title: r.content?.title ?? "",
+    status: r.status,
+    isCurrent: r.is_current,
+    memberCount: Array.isArray(r.content?.agents) ? r.content.agents.length : 0
+  }));
+}
+function makeBundleWritableRepo(ctx) {
+  const read = makeBundleRepo(ctx);
+  return {
+    ...read,
+    async publish(tenantId, slug, content, actor) {
+      assertActorMayMutateDefinition2(actor);
+      return commitBundle(ctx, tenantId, slug, content, "publish", actor, { slug });
+    },
+    async rollback(tenantId, slug, toVersion, actor) {
+      assertActorMayMutateDefinition2(actor);
+      const target = await read.getVersion(tenantId, slug, toVersion);
+      if (!target) throw new Error(`cannot roll back bundle ${slug} to v${toVersion}: no such version for this tenant`);
+      const { version: _v, ...content } = target;
+      const { version } = await commitBundle(ctx, tenantId, slug, content, "rollback", actor, { slug, restoredFrom: toVersion });
+      return { version, restoredFrom: toVersion };
+    },
+    async listVersions(tenantId, slug, actor) {
+      assertActorMayMutateDefinition2(actor);
+      return listBundleVersions(ctx, tenantId, slug);
+    }
+  };
+}
+
 // src/mastra-store.ts
 import { PostgresStore, PgVector } from "@mastra/pg";
 function createMastraPgStore(opts) {
@@ -1553,12 +1722,171 @@ begin
     execute format('alter index nightowls.%I rename to %I', r.indexname, 'nightowls_' || substring(r.indexname from 8));
   end loop;
 end $$;
+
+-- Repoint any function BODY in the (now) nightowls schema that still hardcodes the old 'corale.' schema \u2014
+-- ALTER SCHEMA RENAME does not rewrite dollar-quoted bodies (see the header note). Recreate each via its own
+-- definition with 'corale.' \u2192 'nightowls.'. Generic + idempotent: once rewritten, prosrc no longer matches.
+do $$
+declare r record;
+begin
+  for r in
+    select p.oid
+    from pg_proc p
+    join pg_namespace n on n.oid = p.pronamespace
+    where n.nspname = 'nightowls' and p.prosrc like '%corale.%'
+  loop
+    execute replace(pg_get_functiondef(r.oid), 'corale.', 'nightowls.');
+  end loop;
+end $$;
+`
+  )
+};
+
+// src/migrations/0014_agent_versions_immutable.ts
+var M0014_AGENT_VERSIONS_IMMUTABLE = {
+  version: "0014_agent_versions_immutable",
+  name: "agent_versions: published rows are append-only (no content UPDATE, no DELETE)",
+  sql: (
+    /* sql */
+    `
+-- Guard function: reject any mutation that would rewrite or remove a PUBLISHED agent_versions row.
+create or replace function nightowls.agent_versions_enforce_immutable()
+  returns trigger language plpgsql as $$
+begin
+  if (tg_op = 'DELETE') then
+    if (old.status = 'published') then
+      raise exception 'agent_versions: published version v% of agent % is immutable (DELETE forbidden \u2014 append-only)',
+        old.version, old.agent_id
+        using errcode = 'restrict_violation';
+    end if;
+    return old;
+  end if;
+
+  -- UPDATE: a published row's CONTENT is frozen. Allow the lifecycle status to advance (e.g. archive), but
+  -- forbid changing any identifying/behavior column once published.
+  if (old.status = 'published') then
+    if ( new.agent_id      is distinct from old.agent_id
+      or new.org_id        is distinct from old.org_id
+      or new.version       is distinct from old.version
+      or new.role          is distinct from old.role
+      or new.personality   is distinct from old.personality
+      or new.capabilities  is distinct from old.capabilities
+      or new.skill_names   is distinct from old.skill_names
+      or new.delegate_slugs is distinct from old.delegate_slugs
+      or new.model_id      is distinct from old.model_id
+      or new.model_settings is distinct from old.model_settings
+      or new.guardrails_override is distinct from old.guardrails_override
+      or new.created_at    is distinct from old.created_at ) then
+      raise exception 'agent_versions: published version v% of agent % is immutable (content UPDATE forbidden \u2014 append-only; republish a new version instead)',
+        old.version, old.agent_id
+        using errcode = 'restrict_violation';
+    end if;
+  end if;
+  return new;
+end; $$;
+
+-- Fire BEFORE every UPDATE/DELETE on agent_versions. (No INSERT trigger \u2014 appends are the whole point.)
+drop trigger if exists agent_versions_immutable on nightowls.agent_versions;
+create trigger agent_versions_immutable
+  before update or delete on nightowls.agent_versions
+  for each row execute function nightowls.agent_versions_enforce_immutable();
+`
+  )
+};
+
+// src/migrations/0015_drop_saas_tables.ts
+var M0015_DROP_SAAS_TABLES = {
+  version: "0015_drop_saas_tables",
+  name: "drop SaaS-only tenant_policies + eval_runs (host-owned, not engine schema)",
+  sql: (
+    /* sql */
+    `
+drop table if exists nightowls.tenant_policies cascade;
+drop table if exists nightowls.eval_runs cascade;
+`
+  )
+};
+
+// src/migrations/0016_bundle_versions.ts
+var M0016_BUNDLE_VERSIONS = {
+  version: "0016_bundle_versions",
+  name: "bundles + bundle_versions (append-only bundle definition versioning) + immutability trigger",
+  sql: (
+    /* sql */
+    `
+-- Head pointer (mirrors nightowls.agents). NULLS NOT DISTINCT so the common project_id = NULL case still
+-- collides on (org, slug) \u2014 required for the publish upsert's ON CONFLICT to fire.
+create table nightowls.bundles (
+  id uuid primary key default gen_random_uuid(),
+  org_id uuid not null references nightowls.orgs(id) on delete cascade,
+  project_id uuid, slug text not null, current_version_id uuid,
+  created_at timestamptz not null default now(),
+  unique nulls not distinct (org_id, project_id, slug)
+);
+
+-- Append-only versions (mirrors nightowls.agent_versions; the whole bundle content is a single jsonb snapshot).
+create table nightowls.bundle_versions (
+  id uuid primary key default gen_random_uuid(),
+  bundle_id uuid not null references nightowls.bundles(id) on delete cascade,
+  org_id uuid not null references nightowls.orgs(id) on delete cascade,
+  version integer not null,
+  content jsonb not null,
+  status text not null default 'draft' check (status in ('draft','published','archived')),
+  created_by uuid, created_at timestamptz not null default now(),
+  unique (bundle_id, version)
+);
+alter table nightowls.bundles add constraint bundles_current_version_fk
+  foreign key (current_version_id) references nightowls.bundle_versions(id);
+
+-- RLS + org indexes (mirrors 0001's per-table pattern for the new tables). The adapter uses the service role
+-- (RLS-exempt), so this is defense-in-depth for any future direct authenticated-client read: enable RLS, add an
+-- org-scoped SELECT policy (writes stay service-role-only, like every other definition table), and index org_id.
+alter table nightowls.bundles enable row level security;
+alter table nightowls.bundle_versions enable row level security;
+create policy org_read_bundles on nightowls.bundles
+  for select to authenticated using ((select nightowls.is_org_member(org_id)));
+create policy org_read_bundle_versions on nightowls.bundle_versions
+  for select to authenticated using ((select nightowls.is_org_member(org_id)));
+create index bundles_org_idx on nightowls.bundles (org_id);
+create index bundle_versions_org_idx on nightowls.bundle_versions (org_id);
+
+-- Published-row immutability (mirrors 0014): once status='published', the content + identity columns are frozen
+-- and the row may not be DELETEd. The lifecycle status may still advance (e.g. \u2192 'archived'), which doesn't
+-- rewrite history. No INSERT trigger \u2014 appends are the whole point.
+create or replace function nightowls.bundle_versions_enforce_immutable()
+  returns trigger language plpgsql as $$
+begin
+  if (tg_op = 'DELETE') then
+    if (old.status = 'published') then
+      raise exception 'bundle_versions: published version v% of bundle % is immutable (DELETE forbidden \u2014 append-only)',
+        old.version, old.bundle_id using errcode = 'restrict_violation';
+    end if;
+    return old;
+  end if;
+
+  -- UPDATE: a published row's content + identity is frozen; allow only the lifecycle status to advance.
+  if (old.status = 'published') then
+    if ( new.bundle_id  is distinct from old.bundle_id
+      or new.org_id     is distinct from old.org_id
+      or new.version    is distinct from old.version
+      or new.content    is distinct from old.content
+      or new.created_at is distinct from old.created_at ) then
+      raise exception 'bundle_versions: published version v% of bundle % is immutable (content UPDATE forbidden \u2014 append-only; republish a new version instead)',
+        old.version, old.bundle_id using errcode = 'restrict_violation';
+    end if;
+  end if;
+  return new;
+end; $$;
+
+drop trigger if exists bundle_versions_immutable on nightowls.bundle_versions;
+create trigger bundle_versions_immutable before update or delete on nightowls.bundle_versions
+  for each row execute function nightowls.bundle_versions_enforce_immutable();
 `
   )
 };
 
 // src/migrations/index.ts
-var MIGRATIONS = [M0001_CORE, M0002_MASTRA, M0003_FOLLOWUPS, M0004_MEMORY_VECTOR, M0005_THREAD_TEXT_IDS, M0006_SCRATCHPAD, M0007_SCRATCHPAD_ENTRIES, M0008_FLOOR, M0009_SCRATCHPAD_REALTIME, M0010_PRESENCE_REALTIME, M0011_BROADCAST_ALLOWLIST, M0012_THREAD_SCOPED_RESOURCE, M0013_RENAME_SCHEMA];
+var MIGRATIONS = [M0001_CORE, M0002_MASTRA, M0003_FOLLOWUPS, M0004_MEMORY_VECTOR, M0005_THREAD_TEXT_IDS, M0006_SCRATCHPAD, M0007_SCRATCHPAD_ENTRIES, M0008_FLOOR, M0009_SCRATCHPAD_REALTIME, M0010_PRESENCE_REALTIME, M0011_BROADCAST_ALLOWLIST, M0012_THREAD_SCOPED_RESOURCE, M0013_RENAME_SCHEMA, M0014_AGENT_VERSIONS_IMMUTABLE, M0015_DROP_SAAS_TABLES, M0016_BUNDLE_VERSIONS];
 
 // src/plugin.ts
 var nightOwlsPlugin = {
@@ -1710,8 +2038,13 @@ function createPostgresFloor(pool, opts = {}) {
 function createSupabaseStorage(opts) {
   const ctx = makeCtx(opts);
   let invalidationSub = null;
+  const versionedAgents = makeVersionedRepo(ctx);
+  const writableBundles = makeBundleWritableRepo(ctx);
   return {
-    agents: makeAgentRepo(ctx),
+    agents: versionedAgents,
+    agentsWritable: versionedAgents,
+    bundles: writableBundles,
+    bundlesWritable: writableBundles,
     runs: makeRunStore(ctx),
     events: makeEventStore(ctx),
     messages: makeMessageStore(ctx),
@@ -1732,10 +2065,11 @@ function createSupabaseStorage(opts) {
     // Mark a followup answered so `findSuspended` (which filters `answered_at is null`) stops returning
     // it — closes the replay window once a resume begins. Tenant-scoped + idempotent.
     markFollowupAnswered: async (followupId, tenantId) => {
-      await ctx.pool.query("update followups set answered_at = now() where id=$1 and org_id=$2 and answered_at is null", [
+      const r = await ctx.pool.query("update followups set answered_at = now() where id=$1 and org_id=$2 and answered_at is null", [
         followupId,
         tenantId
       ]);
+      return (r.rowCount ?? 0) > 0;
     },
     // R12: cross-process cache invalidation via Postgres LISTEN. The engine wires this to
     // `rowCache.invalidate`; a `publishAgentVersion` elsewhere NOTIFYs the key and every instance evicts
@@ -1784,6 +2118,9 @@ export {
   createPostgresFloor,
   createSupabaseStorage,
   listAgentVersions,
+  makeBundleRepo,
+  makeBundleWritableRepo,
+  makeVersionedRepo,
   nightOwlsPlugin,
   publishAgentVersion,
   rollbackAgentVersion

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nightowlsdev/storage-supabase",
-  "version": "0.3.0",
+  "version": "1.0.0",
   "type": "module",
   "license": "MIT",
   "publishConfig": {
@@ -33,7 +33,7 @@
   "peerDependencies": {
     "@mastra/core": "^1.38.0",
     "@mastra/pg": "^1.12.0",
-    "@nightowlsdev/core": "0.3.0"
+    "@nightowlsdev/core": "0.4.0"
   },
   "devDependencies": {
     "@mastra/core": "^1.38.0",
@@ -47,7 +47,7 @@
     "vitest": "^3.2.0",
     "zod": "^4.0.0",
     "@nightowlsdev/tsconfig": "0.0.0",
-    "@nightowlsdev/core": "0.3.0",
+    "@nightowlsdev/core": "0.4.0",
     "@nightowlsdev/eslint-config": "0.0.0"
   },
   "scripts": {