npm - @palbase/db - Versions diffs - 0.3.0 → 0.4.0 - Mend

@palbase/db 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/admin.js +221 -6
package/dist/admin.js.map +1 -1
package/dist/index.cjs +19 -230
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +49 -6
package/dist/index.d.ts +49 -6
package/dist/index.js +19 -12
package/dist/index.js.map +1 -1
package/package.json +2 -2
package/dist/chunk-AQ6ZQNXC.js +0 -229
package/dist/chunk-AQ6ZQNXC.js.map +0 -1

package/dist/admin.js CHANGED Viewed

@@ -1,9 +1,224 @@
-import {
-  AdminClient,
-  ColumnsClient,
-  SchemasClient,
-  TablesClient
-} from "./chunk-AQ6ZQNXC.js";
+// src/admin-validation.ts
+var IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;
+function validateIdentifier(value, label) {
+  if (!IDENTIFIER_RE.test(value)) {
+    throw new Error(
+      `Invalid ${label}: "${value}". Identifiers must match ${IDENTIFIER_RE.source}`
+    );
+  }
+}
+// src/admin-columns.ts
+var ColumnsClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  /**
+   * Create a new column on the given table. Sends `POST /v1/meta/columns`.
+   *
+   * The column name is validated against the standard SQL identifier regex.
+   * The `type` field is forwarded as-is to postgres-meta — callers SHOULD
+   * restrict types to a known allowlist before calling this.
+   */
+  async create(def) {
+    validateIdentifier(def.name, "column name");
+    const response = await this.httpClient.request("POST", "/v1/meta/columns", {
+      body: def
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  /**
+   * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.
+   *
+   * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the
+   * column's 1-based attnum within its table). Use `TablesClient.get(id)` to
+   * find a column id from a column name if needed.
+   */
+  async drop(columnId, options) {
+    if (!/^\d+\.\d+$/.test(columnId)) {
+      throw new Error(
+        `Invalid column id: "${columnId}". Expected format "{tableId}.{ordinalPosition}"`
+      );
+    }
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/columns/${columnId}?${queryString}` : `/v1/meta/columns/${columnId}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+};
+// src/admin-schemas.ts
+var SchemasClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  async list() {
+    const response = await this.httpClient.request("GET", "/v1/meta/schemas");
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+  async create(name) {
+    validateIdentifier(name, "schema name");
+    const response = await this.httpClient.request("POST", "/v1/meta/schemas", {
+      body: { name }
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async drop(name, options) {
+    validateIdentifier(name, "schema name");
+    const schemas = await this.list();
+    const schema = schemas.find((s) => s.name === name);
+    if (!schema) {
+      throw new Error(`Schema "${name}" not found`);
+    }
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/schemas/${schema.id}?${queryString}` : `/v1/meta/schemas/${schema.id}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+  }
+};
+// src/admin-tables.ts
+var TablesClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  async list(options) {
+    const params = new URLSearchParams();
+    if (options?.schema) {
+      validateIdentifier(options.schema, "schema name");
+      params.set("included_schemas", options.schema);
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/tables?${queryString}` : "/v1/meta/tables";
+    const response = await this.httpClient.request("GET", path);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+  async get(id) {
+    const response = await this.httpClient.request("GET", `/v1/meta/tables/${id}`);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async create(def) {
+    validateIdentifier(def.name, "table name");
+    if (def.schema) {
+      validateIdentifier(def.schema, "schema name");
+    }
+    const response = await this.httpClient.request("POST", "/v1/meta/tables", {
+      body: def
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  /**
+   * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).
+   * Sends `PATCH /v1/meta/tables/:id`.
+   *
+   * Note: this does NOT add or drop columns. For column changes, use
+   * `ColumnsClient.create()` / `ColumnsClient.drop()`.
+   */
+  async update(id, patch) {
+    if (patch.name !== void 0) {
+      validateIdentifier(patch.name, "table name");
+    }
+    if (patch.schema !== void 0) {
+      validateIdentifier(patch.schema, "schema name");
+    }
+    if (patch.primary_keys) {
+      for (const pk of patch.primary_keys) {
+        validateIdentifier(pk.name, "primary key column name");
+      }
+    }
+    const response = await this.httpClient.request("PATCH", `/v1/meta/tables/${id}`, {
+      body: patch
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async drop(id, options) {
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/tables/${id}?${queryString}` : `/v1/meta/tables/${id}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+  }
+};
+// src/admin-client.ts
+var AdminClient = class {
+  schemas;
+  tables;
+  columns;
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+    this.schemas = new SchemasClient(httpClient);
+    this.tables = new TablesClient(httpClient);
+    this.columns = new ColumnsClient(httpClient);
+  }
+  /**
+   * Execute a raw SQL query with full privileges (service role).
+   *
+   * Always use parameterized queries to prevent SQL injection.
+   * Never interpolate user input directly into the SQL string.
+   *
+   * @example
+   * ```ts
+   * // GOOD — parameterized
+   * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
+   *
+   * // BAD — string interpolation (SQL injection risk)
+   * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
+   * ```
+   */
+  async query(sql, params) {
+    const response = await this.httpClient.request("POST", "/v1/meta/query", {
+      body: { query: sql, params }
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+};
 export {
   AdminClient,
   ColumnsClient,

package/dist/admin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
1	+ {"version":3,"sources":["../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n if (!IDENTIFIER_RE.test(value)) {\n throw new Error(\n `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n );\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/\n Postgres-meta column admin client.\n \n Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n /\nexport class ColumnsClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n /\n Create a new column on the given table. Sends `POST /v1/meta/columns`.\n \n The column name is validated against the standard SQL identifier regex.\n * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n * restrict types to a known allowlist before calling this.\n /\n async create(def: CreateColumnDef): Promise<Column> {\n validateIdentifier(def.name, 'column name');\n\n const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n\n /\n Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n \n postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n * find a column id from a column name if needed.\n /\n async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n if (!/^\\d+\\.\\d+$/.test(columnId)) {\n throw new Error(\n `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n );\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/columns/${columnId}?${queryString}`\n : `/v1/meta/columns/${columnId}`;\n\n const response = await this.httpClient.request<Column>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(): Promise<Schema[]> {\n const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async create(name: string): Promise<Schema> {\n validateIdentifier(name, 'schema name');\n\n const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n body: { name },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Schema;\n }\n\n async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n validateIdentifier(name, 'schema name');\n\n // Resolve name to id first\n const schemas = await this.list();\n const schema = schemas.find((s) => s.name === name);\n if (!schema) {\n throw new Error(`Schema \"${name}\" not found`);\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/schemas/${schema.id}?${queryString}`\n : `/v1/meta/schemas/${schema.id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(options?: { schema?: string }): Promise<Table[]> {\n const params = new URLSearchParams();\n if (options?.schema) {\n validateIdentifier(options.schema, 'schema name');\n params.set('included_schemas', options.schema);\n }\n\n const queryString = params.toString();\n const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n const response = await this.httpClient.request<Table[]>('GET', path);\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async get(id: number): Promise<Table> {\n const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async create(def: CreateTableDef): Promise<Table> {\n validateIdentifier(def.name, 'table name');\n if (def.schema) {\n validateIdentifier(def.schema, 'schema name');\n }\n\n const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n /\n Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n * Sends `PATCH /v1/meta/tables/:id`.\n \n Note: this does NOT add or drop columns. For column changes, use\n * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n /\n async update(id: number, patch: UpdateTableDef): Promise<Table> {\n if (patch.name !== undefined) {\n validateIdentifier(patch.name, 'table name');\n }\n if (patch.schema !== undefined) {\n validateIdentifier(patch.schema, 'schema name');\n }\n if (patch.primary_keys) {\n for (const pk of patch.primary_keys) {\n validateIdentifier(pk.name, 'primary key column name');\n }\n }\n\n const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n body: patch,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/tables/${id}?${queryString}`\n : `/v1/meta/tables/${id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n readonly schemas: SchemasClient;\n readonly tables: TablesClient;\n readonly columns: ColumnsClient;\n\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n this.schemas = new SchemasClient(httpClient);\n this.tables = new TablesClient(httpClient);\n this.columns = new ColumnsClient(httpClient);\n }\n\n /\n Execute a raw SQL query with full privileges (service role).\n \n Always use parameterized queries to prevent SQL injection.\n * Never interpolate user input directly into the SQL string.\n \n @example\n * ```ts\n * // GOOD — parameterized\n * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n \n // BAD — string interpolation (SQL injection risk)\n * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n * ```\n */\n async query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]> {\n const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n body: { query: sql, params },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n}\n"],"mappings":";AAAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAmC,KAAa,QAAkC;AACtF,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,KAAK,OAAO;AAAA,IAC7B,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;","names":[]}

package/dist/index.cjs CHANGED Viewed

@@ -29,228 +29,6 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
-// src/admin-validation.ts
-var IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;
-function validateIdentifier(value, label) {
-  if (!IDENTIFIER_RE.test(value)) {
-    throw new Error(
-      `Invalid ${label}: "${value}". Identifiers must match ${IDENTIFIER_RE.source}`
-    );
-  }
-}
-// src/admin-columns.ts
-var ColumnsClient = class {
-  httpClient;
-  constructor(httpClient) {
-    this.httpClient = httpClient;
-  }
-  /**
-   * Create a new column on the given table. Sends `POST /v1/meta/columns`.
-   *
-   * The column name is validated against the standard SQL identifier regex.
-   * The `type` field is forwarded as-is to postgres-meta — callers SHOULD
-   * restrict types to a known allowlist before calling this.
-   */
-  async create(def) {
-    validateIdentifier(def.name, "column name");
-    const response = await this.httpClient.request("POST", "/v1/meta/columns", {
-      body: def
-    });
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-  /**
-   * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.
-   *
-   * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the
-   * column's 1-based attnum within its table). Use `TablesClient.get(id)` to
-   * find a column id from a column name if needed.
-   */
-  async drop(columnId, options) {
-    if (!/^\d+\.\d+$/.test(columnId)) {
-      throw new Error(
-        `Invalid column id: "${columnId}". Expected format "{tableId}.{ordinalPosition}"`
-      );
-    }
-    const params = new URLSearchParams();
-    if (options?.cascade) {
-      params.set("cascade", "true");
-    }
-    const queryString = params.toString();
-    const path = queryString ? `/v1/meta/columns/${columnId}?${queryString}` : `/v1/meta/columns/${columnId}`;
-    const response = await this.httpClient.request("DELETE", path);
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-};
-// src/admin-schemas.ts
-var SchemasClient = class {
-  httpClient;
-  constructor(httpClient) {
-    this.httpClient = httpClient;
-  }
-  async list() {
-    const response = await this.httpClient.request("GET", "/v1/meta/schemas");
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data ?? [];
-  }
-  async create(name) {
-    validateIdentifier(name, "schema name");
-    const response = await this.httpClient.request("POST", "/v1/meta/schemas", {
-      body: { name }
-    });
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-  async drop(name, options) {
-    validateIdentifier(name, "schema name");
-    const schemas = await this.list();
-    const schema = schemas.find((s) => s.name === name);
-    if (!schema) {
-      throw new Error(`Schema "${name}" not found`);
-    }
-    const params = new URLSearchParams();
-    if (options?.cascade) {
-      params.set("cascade", "true");
-    }
-    const queryString = params.toString();
-    const path = queryString ? `/v1/meta/schemas/${schema.id}?${queryString}` : `/v1/meta/schemas/${schema.id}`;
-    const response = await this.httpClient.request("DELETE", path);
-    if (response.error) {
-      throw response.error;
-    }
-  }
-};
-// src/admin-tables.ts
-var TablesClient = class {
-  httpClient;
-  constructor(httpClient) {
-    this.httpClient = httpClient;
-  }
-  async list(options) {
-    const params = new URLSearchParams();
-    if (options?.schema) {
-      validateIdentifier(options.schema, "schema name");
-      params.set("included_schemas", options.schema);
-    }
-    const queryString = params.toString();
-    const path = queryString ? `/v1/meta/tables?${queryString}` : "/v1/meta/tables";
-    const response = await this.httpClient.request("GET", path);
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data ?? [];
-  }
-  async get(id) {
-    const response = await this.httpClient.request("GET", `/v1/meta/tables/${id}`);
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-  async create(def) {
-    validateIdentifier(def.name, "table name");
-    if (def.schema) {
-      validateIdentifier(def.schema, "schema name");
-    }
-    const response = await this.httpClient.request("POST", "/v1/meta/tables", {
-      body: def
-    });
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-  /**
-   * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).
-   * Sends `PATCH /v1/meta/tables/:id`.
-   *
-   * Note: this does NOT add or drop columns. For column changes, use
-   * `ColumnsClient.create()` / `ColumnsClient.drop()`.
-   */
-  async update(id, patch) {
-    if (patch.name !== void 0) {
-      validateIdentifier(patch.name, "table name");
-    }
-    if (patch.schema !== void 0) {
-      validateIdentifier(patch.schema, "schema name");
-    }
-    if (patch.primary_keys) {
-      for (const pk of patch.primary_keys) {
-        validateIdentifier(pk.name, "primary key column name");
-      }
-    }
-    const response = await this.httpClient.request("PATCH", `/v1/meta/tables/${id}`, {
-      body: patch
-    });
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data;
-  }
-  async drop(id, options) {
-    const params = new URLSearchParams();
-    if (options?.cascade) {
-      params.set("cascade", "true");
-    }
-    const queryString = params.toString();
-    const path = queryString ? `/v1/meta/tables/${id}?${queryString}` : `/v1/meta/tables/${id}`;
-    const response = await this.httpClient.request("DELETE", path);
-    if (response.error) {
-      throw response.error;
-    }
-  }
-};
-// src/admin-client.ts
-var AdminClient = class {
-  schemas;
-  tables;
-  columns;
-  httpClient;
-  constructor(httpClient) {
-    this.httpClient = httpClient;
-    this.schemas = new SchemasClient(httpClient);
-    this.tables = new TablesClient(httpClient);
-    this.columns = new ColumnsClient(httpClient);
-  }
-  /**
-   * Execute a raw SQL query with full privileges (service role).
-   *
-   * Always use parameterized queries to prevent SQL injection.
-   * Never interpolate user input directly into the SQL string.
-   *
-   * @example
-   * ```ts
-   * // GOOD — parameterized
-   * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
-   *
-   * // BAD — string interpolation (SQL injection risk)
-   * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
-   * ```
-   */
-  async query(sql, params) {
-    const response = await this.httpClient.request("POST", "/v1/meta/query", {
-      body: { query: sql, params }
-    });
-    if (response.error) {
-      throw response.error;
-    }
-    return response.data ?? [];
-  }
-};
 // src/query-builder.ts
 var TABLE_NAME_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;
 var COLUMN_NAME_RE = /^[a-zA-Z_][a-zA-Z0-9_.:\->#]*$/;
@@ -307,17 +85,32 @@ var QueryBuilder = class {
       filters: [],
       params: {},
       isSingle: false,
-      isMaybeSingle: false
+      isMaybeSingle: false,
+      isHead: false
     };
   }
   // --- Operation methods ---
-  select(columns) {
+  select(columns, options) {
+    const nextHeaders = { ...this.state.headers };
+    const prefers = [];
+    if (this.state.headers.Prefer) {
+      prefers.push(this.state.headers.Prefer);
+    }
+    if (options?.count) {
+      prefers.push(`count=${options.count}`);
+    }
+    if (prefers.length > 0) {
+      nextHeaders.Prefer = prefers.join(",");
+    }
+    const isHead = options?.head === true;
     this.state = {
       ...this.state,
       // Only set GET if no mutation method (POST/PATCH/DELETE) is already set
       // insert().select() should stay POST with Prefer: return=representation
-      method: this.state.body !== void 0 ? this.state.method : "GET",
-      params: { ...this.state.params, select: columns ?? "*" }
+      method: isHead ? "HEAD" : this.state.body !== void 0 ? this.state.method : "GET",
+      params: { ...this.state.params, select: columns ?? "*" },
+      headers: nextHeaders,
+      isHead
     };
     return this;
   }
@@ -628,13 +421,9 @@ var FN_NAME_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;
 var DatabaseClient = class {
   httpClient;
   pathPrefix;
-  admin;
   constructor(httpClient, options) {
     this.httpClient = httpClient;
     this.pathPrefix = options?.pathPrefix ?? "/v1/db";
-    if (options?.enableAdmin) {
-      this.admin = new AdminClient(httpClient);
-    }
   }
   from(table) {
     return new QueryBuilder(this.httpClient, table, {