@palbase/backend 2.0.2 → 4.0.0

package/dist/index-DZW9CjiY.d.ts

@@ -0,0 +1,463 @@
+import { Tables, TableTypes } from './db/env.js';
+import { D as DBClient } from './endpoint-2d_DpASt.js';
+
+/** On delete action for foreign key references. */
+type OnDeleteAction = 'cascade' | 'set null' | 'restrict' | 'no action';
+/** Column type identifiers. */
+type ColumnType = 'uuid' | 'text' | 'integer' | 'boolean' | 'timestamp' | 'jsonb' | 'enum';
+/** Base column definition shared by all column types. */
+interface ColumnDef {
+    type: ColumnType;
+    nullable: boolean;
+    primaryKey: boolean;
+    defaultValue?: unknown;
+    defaultRandom?: boolean;
+    defaultNow?: boolean;
+    references?: {
+        table: string;
+        column: string;
+    };
+    onDeleteAction?: OnDeleteAction;
+    enumName?: string;
+    enumValues?: string[];
+}
+declare const __colKind: unique symbol;
+declare const __colNullable: unique symbol;
+declare const __colHasDefault: unique symbol;
+declare const __colEnumValues: unique symbol;
+/**
+ * Fluent column builder with phantom type params:
+ *  K — ColumnType literal (e.g. "text", "integer")
+ *  N — boolean: true when nullable() has been called last (false = NOT NULL)
+ *  D — boolean: true when a default has been set
+ *  E — enum value union (never for non-enum columns)
+ *
+ * All four params have defaults so bare `ColumnBuilder` (no args) still
+ * satisfies `Record<string, ColumnBuilder>` in schema.ts without modification.
+ *
+ * The four `declare readonly` brand fields carry the phantom types into the
+ * structural shape so that conditional types like ColValue<C> can discriminate
+ * on K without requiring runtime values on those fields.
+ */
+declare class ColumnBuilder<K extends ColumnType = ColumnType, N extends boolean = boolean, D extends boolean = boolean, E = unknown> {
+    readonly [__colKind]: K;
+    readonly [__colNullable]: N;
+    readonly [__colHasDefault]: D;
+    readonly [__colEnumValues]: E;
+    readonly _def: ColumnDef;
+    constructor(type: K, existingDef?: ColumnDef);
+    /** Mark this column as the primary key. */
+    primaryKey(): ColumnBuilder<K, N, D, E>;
+    /** Mark this column as NOT NULL (default). */
+    notNull(): ColumnBuilder<K, false, D, E>;
+    /** Allow NULL values. */
+    nullable(): ColumnBuilder<K, true, D, E>;
+    /** Set a default value. */
+    default(value: unknown): ColumnBuilder<K, N, true, E>;
+    /** UUID: generate a random default (gen_random_uuid()). */
+    defaultRandom(): ColumnBuilder<K, N, true, E>;
+    /** Timestamp: default to now(). */
+    defaultNow(): ColumnBuilder<K, N, true, E>;
+    /** Add a foreign key reference. */
+    references(table: string, column: string): ColumnBuilder<K, N, D, E>;
+    /** Set the ON DELETE action for a foreign key reference. */
+    onDelete(action: OnDeleteAction): ColumnBuilder<K, N, D, E>;
+}
+/**
+ * Extracts the TypeScript value type for a column, respecting nullability.
+ * - "uuid" | "text" | "timestamp" → string (or string | null when N = true)
+ * - "integer" → number
+ * - "boolean" → boolean
+ * - "jsonb" → unknown (opaque JSON)
+ * - "enum" → E (the union of literal values)
+ */
+type ColValue<C> = C extends ColumnBuilder<'uuid' | 'text' | 'timestamp', infer N, infer _D, infer _E> ? N extends true ? string | null : string : C extends ColumnBuilder<'integer', infer N, infer _D, infer _E> ? N extends true ? number | null : number : C extends ColumnBuilder<'boolean', infer N, infer _D, infer _E> ? N extends true ? boolean | null : boolean : C extends ColumnBuilder<'jsonb', infer _N, infer _D, infer _E> ? unknown : C extends ColumnBuilder<'enum', infer N, infer _D, infer E> ? N extends true ? E | null : E : never;
+/**
+ * True when a column is optional on INSERT:
+ *  - nullable columns (N = true) — the DB allows NULL so the field may be omitted
+ *  - columns with a default (D = true) — the DB fills in the value when absent
+ */
+type ColIsOptionalOnInsert<C> = C extends ColumnBuilder<infer _K, true, infer _D, infer _E> ? true : C extends ColumnBuilder<infer _K, infer _N, true, infer _E> ? true : false;
+/** Create a UUID column. */
+declare function uuid(): ColumnBuilder<'uuid', false, false, never>;
+/** Create a TEXT column. */
+declare function text(): ColumnBuilder<'text', false, false, never>;
+/** Create an INTEGER column. */
+declare function integer(): ColumnBuilder<'integer', false, false, never>;
+/** Create a BOOLEAN column. */
+declare function boolean(): ColumnBuilder<'boolean', false, false, never>;
+/** Create a TIMESTAMP column. */
+declare function timestamp(): ColumnBuilder<'timestamp', false, false, never>;
+/** Create a JSONB column. */
+declare function jsonb(): ColumnBuilder<'jsonb', false, false, never>;
+/**
+ * Create an ENUM column.
+ * @param name   The PostgreSQL enum type name (used in DDL).
+ * @param values A readonly tuple of valid string values — kept `const` so the
+ *               union `V[number]` is as narrow as possible.
+ */
+declare function enumType<const V extends readonly string[]>(name: string, values: V): ColumnBuilder<'enum', false, false, V[number]>;
+
+/**
+ * policy.ts — the RLS policy authoring DSL.
+ *
+ * `policy(name)` returns a fluent builder that mirrors the `ColumnBuilder`
+ * style in columns.ts: each chainable method mutates the underlying
+ * definition and returns the builder so calls compose. The terminal value is
+ * a plain {@link PolicyDef} — the exact JSON shape the runtime's
+ * `schema_extract.js` reads off the bundled module and the Go side parses into
+ * `PolicyJSON` (CONTRACT-POLICY).
+ *
+ * @example
+ * import { policy } from "@palbase/backend";
+ *
+ * policy("owner_select")
+ *   .for("select")
+ *   .to("authenticated")
+ *   .using("owner = (select auth.uid())");
+ */
+/** The SQL command a policy applies to. `"all"` covers SELECT/INSERT/UPDATE/DELETE. */
+type PolicyCommand = "all" | "select" | "insert" | "update" | "delete";
+/** Whether a policy is permissive (OR-combined, the default) or restrictive
+ * (AND-combined). Mirrors Postgres `CREATE POLICY ... AS PERMISSIVE|RESTRICTIVE`. */
+type PolicyMode = "permissive" | "restrictive";
+/**
+ * The compiled, serializable policy definition — the EXACT shape consumed by
+ * `schema_extract.js` → Go `PolicyJSON` (CONTRACT-POLICY).
+ *
+ * - `roles`: the DB roles this policy applies to (`TO` clause). An empty array
+ *   means the policy applies to PUBLIC (all roles) — the Postgres default.
+ * - `using`: the `USING (...)` row-visibility expression, or `null` when none.
+ * - `withCheck`: the `WITH CHECK (...)` write-validation expression, or `null`.
+ * - `permissive`: `true` for `AS PERMISSIVE` (default), `false` for restrictive.
+ */
+interface PolicyDef {
+    name: string;
+    command: PolicyCommand;
+    roles: string[];
+    using: string | null;
+    withCheck: string | null;
+    permissive: boolean;
+}
+/**
+ * Fluent RLS policy builder.
+ *
+ * Defaults (documented, applied at construction):
+ *  - `command`: `"all"` — applies to every SQL command unless `.for(...)` narrows it.
+ *  - `roles`: `["authenticated"]` — the common case is "rule applies to signed-in
+ *    users". Call `.to(...)` to override; pass `.to()` with no roles (or never
+ *    call it after a reset) to target PUBLIC.
+ *  - `using` / `withCheck`: `null` — no row filter / write check until set.
+ *  - `permissive`: `true` — `AS PERMISSIVE` (policies OR together).
+ *
+ * Each method mutates `_def` in place and returns `this`, so the chain is a
+ * single builder instance (no per-call allocation, like a tagged-template
+ * compile target). The terminal `PolicyDef` is read directly off `_def` by
+ * `schema_extract.js`.
+ */
+declare class PolicyBuilder {
+    readonly _def: PolicyDef;
+    constructor(name: string);
+    /** Restrict the policy to a single SQL command (default `"all"`). */
+    for(command: PolicyCommand): this;
+    /**
+     * Set the DB roles the policy applies to (the `TO` clause), replacing any
+     * previously-set roles. Call with no arguments to target PUBLIC (all roles).
+     *
+     * @example
+     * policy("p").to("authenticated")
+     * policy("p").to("authenticated", "service_role")
+     * policy("p").to() // PUBLIC
+     */
+    to(...roles: string[]): this;
+    /** Set the `USING (...)` row-visibility expression (raw SQL). */
+    using(sqlExpr: string): this;
+    /** Set the `WITH CHECK (...)` write-validation expression (raw SQL). */
+    withCheck(sqlExpr: string): this;
+    /** Set the policy mode: `"permissive"` (default, OR-combined) or
+     * `"restrictive"` (AND-combined). */
+    as(mode: PolicyMode): this;
+}
+/**
+ * Start authoring an RLS policy. Returns a {@link PolicyBuilder}; the resulting
+ * `PolicyBuilder` is accepted directly in a table's `policies: [...]` array
+ * (its `_def` is read at schema-extract time).
+ *
+ * @param name The policy name. Palbase reconciliation keys policies by
+ *             `(table, name)`, so names must be unique per table.
+ */
+declare function policy(name: string): PolicyBuilder;
+
+/**
+ * Postgres extensions a Palbase project can enable from its schema.
+ *
+ * Extensions are config-as-code: declare them in `defineSchema({ extensions })`
+ * and the deploy installs them (CREATE EXTENSION … SCHEMA extensions) using the
+ * deploy path's privileged connection. They are NOT toggled live from Studio —
+ * CREATE EXTENSION requires a superuser role that only the deploy path holds.
+ *
+ * The list is an allowlist (a string-literal union) so editors autocomplete the
+ * supported names and a typo fails typecheck. It is intentionally extensible:
+ * add a name here (+ confirm the base image ships it) to support more.
+ */
+declare const PALBASE_EXTENSIONS: readonly ["vector", "pg_trgm", "unaccent", "citext", "postgis", "cube", "earthdistance", "hstore", "ltree", "pg_cron", "pgcrypto", "uuid-ossp"];
+/** A Postgres extension supported by Palbase (allowlist union). */
+type PalbaseExtension = (typeof PALBASE_EXTENSIONS)[number];
+/**
+ * Extensions that depend on another extension. The deploy installs
+ * dependencies first; declaring `earthdistance` without `cube` still works
+ * because the deploy resolves the order, but listing both is clearer.
+ */
+declare const EXTENSION_DEPENDENCIES: Partial<Record<PalbaseExtension, PalbaseExtension[]>>;
+/** Runtime guard: is `name` a supported Palbase extension? */
+declare function isPalbaseExtension(name: string): name is PalbaseExtension;
+
+/**
+ * A map of column builders keyed by column name — the value you write under
+ * the `columns` key of `defineSchema({ tables: { <name>: { columns } } })`.
+ *
+ * The default `Record<string, ColumnBuilder>` keeps bare references compiling
+ * without a type argument.
+ */
+type ColumnMap = Record<string, ColumnBuilder>;
+/**
+ * The author-facing value written under each table key:
+ * `{ columns, rls?, policies? }`.
+ *
+ * - `columns`: the column map (required).
+ * - `rls`: enable + FORCE row-level security on this table. Implied when
+ *   `policies` is non-empty; set it explicitly to enable RLS with no policies
+ *   yet (deny-all — useful only as an intermediate step).
+ * - `policies`: the RLS policies for this table, authored with `policy(name)`.
+ *   Each entry may be a {@link PolicyBuilder} (the normal `policy(...)` chain)
+ *   or a raw {@link PolicyDef} object.
+ *
+ * The `C` type parameter preserves the precise per-column phantom types so the
+ * typed `Database.tables.*` surface keeps inferring insert/row shapes.
+ */
+interface TableInput<C extends ColumnMap = ColumnMap> {
+    columns: C;
+    rls?: boolean;
+    policies?: (PolicyBuilder | PolicyDef)[];
+}
+/**
+ * A table definition — the runtime value the Go runtime's `schema_extract.js`
+ * reads. It keys tables by `tableDef.name`, reads `tableDef.columns` for the
+ * column DDL, and `tableDef.rls` + `tableDef.policies` for RLS.
+ *
+ * `defineSchema` derives `name` from the object key, so authors never repeat
+ * the table name. `rls`/`policies` are always present after normalization
+ * (defaulted to `false`/`[]`).
+ *
+ * The `C` type parameter preserves the precise per-column phantom types so that
+ * downstream mapped types (InsertShape, RowShape) can discriminate on them.
+ */
+interface TableDef<C extends ColumnMap = ColumnMap> {
+    name: string;
+    columns: C;
+    rls: boolean;
+    policies: PolicyDef[];
+}
+/**
+ * A schema definition containing multiple tables, keyed by table name.
+ *
+ * The `T` type parameter preserves the exact `TableDef<...>` type for each
+ * table so that `SchemaDef["tables"]["rooms"]` resolves to the precise
+ * `TableDef<{ id: ColumnBuilder<'uuid', false, true, never>; ... }>`.
+ */
+interface SchemaDef<T extends Record<string, TableDef> = Record<string, TableDef>> {
+    tables: T;
+    /** Postgres extensions to install on deploy. Normalized to `[]` when absent. */
+    extensions: PalbaseExtension[];
+}
+/** The author-facing input to `defineSchema` — a `tables` map whose keys are
+ * the table names and whose values are `{ columns, rls?, policies? }`, plus an
+ * optional `extensions` allowlist. */
+interface SchemaInput<T extends Record<string, TableInput> = Record<string, TableInput>> {
+    tables: T;
+    /**
+     * Postgres extensions to enable for this project, e.g. `["vector"]`.
+     * Config-as-code: installed by the deploy (CREATE EXTENSION … SCHEMA
+     * extensions) with the privileged deploy connection. The type is an
+     * allowlist union, so unsupported names fail typecheck.
+     */
+    extensions?: PalbaseExtension[];
+}
+/** Map the author's `{ tables: { <name>: { columns } } }` input to the
+ * `{ tables: { <name>: TableDef<columns> } }` runtime/type shape, threading the
+ * per-table column map `T[K]["columns"]` so column-level inference survives. */
+type TablesFromInput<T extends Record<string, TableInput>> = {
+    [K in keyof T]: TableDef<T[K]["columns"]>;
+};
+/**
+ * Define a schema. The table NAME comes from the object key. Each table value
+ * is `{ columns, rls?, policies? }`:
+ *
+ *   export default defineSchema({
+ *     tables: {
+ *       todos: {
+ *         columns: {
+ *           id:    uuid().primaryKey().defaultRandom(),
+ *           owner: text().notNull(),
+ *           title: text().notNull(),
+ *         },
+ *         rls: true,
+ *         policies: [
+ *           policy("owner_all").for("all").to("authenticated")
+ *             .using("owner = (select auth.uid())")
+ *             .withCheck("owner = (select auth.uid())"),
+ *         ],
+ *       },
+ *     },
+ *   });
+ *
+ * The returned value is
+ * `{ tables: { todos: { name, columns, rls, policies } } }` — the exact shape
+ * the runtime schema extractor parses. Per-column phantom types are preserved
+ * so `Database.tables.todos.insert({...})` stays typed.
+ *
+ * RLS normalization: `rls` defaults to `false`, `policies` to `[]`. When
+ * `policies` is non-empty, `rls` is forced on (ENABLE + FORCE) regardless of
+ * the declared `rls` flag — a table with policies must have RLS enabled or the
+ * policies would be inert.
+ */
+declare function defineSchema<T extends Record<string, TableInput>>(input: SchemaInput<T>): SchemaDef<TablesFromInput<T>>;
+
+/**
+ * typed-db.ts — Task 2: TypedDB schema-derived insert/row shapes.
+ *
+ * Derives INSERT and full-row TypeScript types from a `defineSchema()` result
+ * and wraps the untyped runtime `DBClient` with a typed facade.
+ *
+ * No value-any. No `as unknown as X`. The two narrow `as` casts in
+ * `makeTypedTable` are safe because:
+ *  - `data as Record<string, unknown>`: InsertShape<T> maps string keys to
+ *    typed values; all value types are subsets of `unknown`, so the cast is
+ *    structurally sound.
+ *  - `result as RowShape<T>`: The runtime DBClient returns `Record<string,
+ *    unknown>` which is the erased form of the typed row; we're narrowing back
+ *    to the precise shape that the schema declared.
+ * Both casts are narrowing only (not widening) and correctness is guaranteed
+ * by the schema the caller provides.
+ */
+
+/** Keys of C whose columns are required on INSERT (not nullable, no default). */
+type RequiredKeys<C> = {
+    [K in keyof C]: ColIsOptionalOnInsert<C[K]> extends true ? never : K;
+}[keyof C];
+/** Keys of C whose columns are optional on INSERT (nullable or has a default). */
+type OptionalKeys<C> = {
+    [K in keyof C]: ColIsOptionalOnInsert<C[K]> extends true ? K : never;
+}[keyof C];
+/**
+ * The TypeScript type for an INSERT payload for table `T`.
+ * - Required: columns that are NOT NULL and have no DB-level default.
+ * - Optional: columns that are nullable or carry a default.
+ *
+ * When all columns are optional, `RequiredKeys<C>` resolves to `never` and
+ * the first part becomes `{}`, which is a neutral element for `&`.
+ */
+type InsertShape<T extends TableDef> = {
+    [K in RequiredKeys<T["columns"]>]: ColValue<T["columns"][K]>;
+} & {
+    [K in OptionalKeys<T["columns"]>]?: ColValue<T["columns"][K]>;
+};
+/**
+ * The TypeScript type for a full row returned by the DB for table `T`.
+ * Every column is present; nullable columns resolve to `T | null`.
+ */
+type RowShape<T extends TableDef> = {
+    [K in keyof T["columns"]]: ColValue<T["columns"][K]>;
+};
+/** A typed table accessor that mirrors the runtime DBClient surface. */
+interface TypedTable<T extends TableDef> {
+    insert(data: InsertShape<T>): Promise<RowShape<T>>;
+    update(id: string, data: Partial<InsertShape<T>>): Promise<RowShape<T>>;
+    delete(id: string): Promise<void>;
+    findById(id: string): Promise<RowShape<T> | null>;
+    findMany(query?: Partial<RowShape<T>>): Promise<RowShape<T>[]>;
+}
+/** A typed DB facade covering all tables declared in schema `S`. */
+interface TypedDB<S extends SchemaDef> {
+    tables: {
+        [K in keyof S["tables"]]: TypedTable<S["tables"][K]>;
+    };
+    transaction<T>(fn: (tx: TypedTx<S>) => Promise<T>): Promise<T>;
+}
+/** Transaction-scoped typed facade: same typed tables, no nested transaction. */
+interface TypedTx<S extends SchemaDef> {
+    tables: {
+        [K in keyof S["tables"]]: TypedTable<S["tables"][K]>;
+    };
+}
+/**
+ * Wraps a raw `DBClient` with the type-safe `TypedDB<S>` facade derived from
+ * the provided schema. No behavior change — all calls delegate to `raw` with
+ * the table name as a plain string.
+ *
+ * `buildTables` is the reusable factory that wraps any op-bearing client
+ * (`TxClient` — the surface shared by `DBClient` and the transaction-scoped
+ * client) into the typed tables map. It is used both for the top-level db
+ * (wrapping `raw`) and inside `transaction`, where it wraps the raw `TxClient`
+ * the runtime yields so the callback sees the same typed `.tables` API.
+ *
+ * `transaction` delegates straight to `raw.transaction`; the two narrow
+ * `as TypedTx<S>` / `as TypedDB<S>` casts are single structural narrowings
+ * from the dynamically-built tables object to the precise mapped type (TS
+ * cannot infer through `Object.keys` iteration) — see module-level doc comment.
+ */
+declare function makeTypedDB<S extends SchemaDef>(schema: S, raw: DBClient): TypedDB<S>;
+/** A typed table accessor derived from one env `Tables` entry's flat shapes. */
+interface EnvTypedTable<T extends TableTypes> {
+    insert(data: T["insert"]): Promise<T["row"]>;
+    update(id: string, data: Partial<T["insert"]>): Promise<T["row"]>;
+    delete(id: string): Promise<void>;
+    findById(id: string): Promise<T["row"] | null>;
+    findMany(query?: Partial<T["row"]>): Promise<T["row"][]>;
+}
+/** The `tables` map exposed on `Database`/`tx`, keyed by the env `Tables`
+ * interface. When no schema is declared `Tables` is empty, so `tables` is an
+ * empty object — accessing `.tables.foo` is then a compile error (no member). */
+type EnvTables = {
+    [K in keyof Tables]: EnvTypedTable<Tables[K]>;
+};
+/** Transaction-scoped typed facade for the env-augmented surface: same typed
+ * tables, no nested transaction. */
+interface EnvTypedTx {
+    tables: EnvTables;
+}
+/**
+ * The RLS-bypass sibling returned by `Database.asService()`. Same typed surface
+ * as {@link EnvTypedDatabase} — `tables`, the raw string ops, and a typed
+ * `transaction` — but it does NOT re-expose `asService` (no double-bypass).
+ * Every op it performs runs as the `service_role` (BYPASSRLS).
+ */
+interface EnvServiceDatabase extends Omit<DBClient, "transaction" | "asService"> {
+    tables: EnvTables;
+    transaction<T>(fn: (tx: EnvTypedTx) => Promise<T>): Promise<T>;
+}
+/**
+ * The typed-by-default Database surface: the raw string-keyed `DBClient` ops
+ * PLUS a `tables` map typed against the project's generated `palbase-env.d.ts`,
+ * a `transaction` whose callback receives the typed tables, and `asService()`
+ * for the explicit RLS-bypass sibling.
+ *
+ * `transaction` is declared here (overriding `DBClient["transaction"]`) so the
+ * `tx` the callback receives carries the typed `.tables` API. `asService` is
+ * re-typed to return the typed {@link EnvServiceDatabase} sibling.
+ */
+interface EnvTypedDatabase extends Omit<DBClient, "transaction" | "asService"> {
+    tables: EnvTables;
+    transaction<T>(fn: (tx: EnvTypedTx) => Promise<T>): Promise<T>;
+    /**
+     * Return a sibling that bypasses RLS by running as the `service_role`. Use
+     * sparingly and explicitly — the default `Database.*` path is RLS-enforced.
+     *
+     * @example
+     * const all = await Database.asService().tables.todos.findMany({});
+     * const rows = await Database.asService().query("SELECT * FROM todos");
+     */
+    asService(): EnvServiceDatabase;
+}
+
+export { text as A, timestamp as B, ColumnBuilder as C, uuid as D, type EnvTypedDatabase as E, type InsertShape as I, type OnDeleteAction as O, PALBASE_EXTENSIONS as P, type RowShape as R, type SchemaDef as S, type TableDef as T, type ColumnDef as a, type ColumnMap as b, type ColumnType as c, EXTENSION_DEPENDENCIES as d, type EnvServiceDatabase as e, type EnvTables as f, type EnvTypedTable as g, type EnvTypedTx as h, type PalbaseExtension as i, PolicyBuilder as j, type PolicyCommand as k, type PolicyDef as l, type PolicyMode as m, type SchemaInput as n, type TableInput as o, type TypedDB as p, type TypedTable as q, type TypedTx as r, boolean as s, defineSchema as t, enumType as u, integer as v, isPalbaseExtension as w, jsonb as x, makeTypedDB as y, policy as z };