npm - @palbase/db - Versions diffs - 0.5.1 → 0.7.0 - Mend

@palbase/db 0.5.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/admin.cjs CHANGED Viewed

@@ -229,18 +229,27 @@ var AdminClient = class {
    * Always use parameterized queries to prevent SQL injection.
    * Never interpolate user input directly into the SQL string.
    *
+   * Pass `{ readOnly: true }` to wrap the query in
+   * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres
+   * rejects any write/DDL statement at the server — safe mode for
+   * Studio's SQL editor and other consumer-facing query surfaces.
+   *
    * @example
    * ```ts
    * // GOOD — parameterized
    * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
    *
+   * // Read-only — Postgres enforces the denial (errcode 25006).
+   * await admin.query('SELECT count(*) FROM users', [], { readOnly: true });
+   *
    * // BAD — string interpolation (SQL injection risk)
    * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
    * ```
    */
-  async query(sql, params) {
+  async query(sql, params, options) {
+    const wrappedQuery = options?.readOnly ? `BEGIN; SET TRANSACTION READ ONLY; ${stripTrailingSemicolon(sql)}; COMMIT;` : sql;
     const response = await this.httpClient.request("POST", "/v1/meta/query", {
-      body: { query: sql, params }
+      body: { query: wrappedQuery, params }
     });
     if (response.error) {
       throw response.error;
@@ -248,6 +257,9 @@ var AdminClient = class {
     return response.data ?? [];
   }
 };
+function stripTrailingSemicolon(sql) {
+  return sql.replace(/;\s*$/, "");
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AdminClient,

package/dist/admin.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/admin.ts","../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["export { AdminClient } from './admin-client.js';\nexport { ColumnsClient } from './admin-columns.js';\nexport { SchemasClient } from './admin-schemas.js';\nexport { TablesClient } from './admin-tables.js';\nexport type {\n Column,\n ColumnDef,\n CreateColumnDef,\n CreateTableDef,\n Schema,\n Table,\n TablePrimaryKey,\n TableRelationship,\n UpdateTableDef,\n} from './admin-types.js';\n","const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n if (!IDENTIFIER_RE.test(value)) {\n throw new Error(\n `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n );\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/\n Postgres-meta column admin client.\n \n Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n /\nexport class ColumnsClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n /\n Create a new column on the given table. Sends `POST /v1/meta/columns`.\n \n The column name is validated against the standard SQL identifier regex.\n * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n * restrict types to a known allowlist before calling this.\n /\n async create(def: CreateColumnDef): Promise<Column> {\n validateIdentifier(def.name, 'column name');\n\n const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n\n /\n Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n \n postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n * find a column id from a column name if needed.\n /\n async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n if (!/^\\d+\\.\\d+$/.test(columnId)) {\n throw new Error(\n `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n );\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/columns/${columnId}?${queryString}`\n : `/v1/meta/columns/${columnId}`;\n\n const response = await this.httpClient.request<Column>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(): Promise<Schema[]> {\n const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async create(name: string): Promise<Schema> {\n validateIdentifier(name, 'schema name');\n\n const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n body: { name },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Schema;\n }\n\n async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n validateIdentifier(name, 'schema name');\n\n // Resolve name to id first\n const schemas = await this.list();\n const schema = schemas.find((s) => s.name === name);\n if (!schema) {\n throw new Error(`Schema \"${name}\" not found`);\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/schemas/${schema.id}?${queryString}`\n : `/v1/meta/schemas/${schema.id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(options?: { schema?: string }): Promise<Table[]> {\n const params = new URLSearchParams();\n if (options?.schema) {\n validateIdentifier(options.schema, 'schema name');\n params.set('included_schemas', options.schema);\n }\n\n const queryString = params.toString();\n const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n const response = await this.httpClient.request<Table[]>('GET', path);\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async get(id: number): Promise<Table> {\n const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async create(def: CreateTableDef): Promise<Table> {\n validateIdentifier(def.name, 'table name');\n if (def.schema) {\n validateIdentifier(def.schema, 'schema name');\n }\n\n const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n /\n Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n * Sends `PATCH /v1/meta/tables/:id`.\n \n Note: this does NOT add or drop columns. For column changes, use\n * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n /\n async update(id: number, patch: UpdateTableDef): Promise<Table> {\n if (patch.name !== undefined) {\n validateIdentifier(patch.name, 'table name');\n }\n if (patch.schema !== undefined) {\n validateIdentifier(patch.schema, 'schema name');\n }\n if (patch.primary_keys) {\n for (const pk of patch.primary_keys) {\n validateIdentifier(pk.name, 'primary key column name');\n }\n }\n\n const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n body: patch,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/tables/${id}?${queryString}`\n : `/v1/meta/tables/${id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n readonly schemas: SchemasClient;\n readonly tables: TablesClient;\n readonly columns: ColumnsClient;\n\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n this.schemas = new SchemasClient(httpClient);\n this.tables = new TablesClient(httpClient);\n this.columns = new ColumnsClient(httpClient);\n }\n\n /\n Execute a raw SQL query with full privileges (service role).\n \n Always use parameterized queries to prevent SQL injection.\n * Never interpolate user input directly into the SQL string.\n \n @example\n * ```ts\n * // GOOD — parameterized\n * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n \n // BAD — string interpolation (SQL injection risk)\n * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n * ```\n */\n async query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]> {\n const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n body: { query: sql, params },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAmC,KAAa,QAAkC;AACtF,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,KAAK,OAAO;AAAA,IAC7B,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/admin.ts","../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["export { AdminClient } from './admin-client.js';\nexport type { QueryOptions } from './admin-client.js';\nexport { ColumnsClient } from './admin-columns.js';\nexport { SchemasClient } from './admin-schemas.js';\nexport { TablesClient } from './admin-tables.js';\nexport type {\n Column,\n ColumnDef,\n CreateColumnDef,\n CreateTableDef,\n Schema,\n Table,\n TablePrimaryKey,\n TableRelationship,\n UpdateTableDef,\n} from './admin-types.js';\n","const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n if (!IDENTIFIER_RE.test(value)) {\n throw new Error(\n `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n );\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/\n Postgres-meta column admin client.\n \n Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n /\nexport class ColumnsClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n /\n Create a new column on the given table. Sends `POST /v1/meta/columns`.\n \n The column name is validated against the standard SQL identifier regex.\n * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n * restrict types to a known allowlist before calling this.\n /\n async create(def: CreateColumnDef): Promise<Column> {\n validateIdentifier(def.name, 'column name');\n\n const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n\n /\n Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n \n postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n * find a column id from a column name if needed.\n /\n async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n if (!/^\\d+\\.\\d+$/.test(columnId)) {\n throw new Error(\n `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n );\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/columns/${columnId}?${queryString}`\n : `/v1/meta/columns/${columnId}`;\n\n const response = await this.httpClient.request<Column>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(): Promise<Schema[]> {\n const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async create(name: string): Promise<Schema> {\n validateIdentifier(name, 'schema name');\n\n const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n body: { name },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Schema;\n }\n\n async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n validateIdentifier(name, 'schema name');\n\n // Resolve name to id first\n const schemas = await this.list();\n const schema = schemas.find((s) => s.name === name);\n if (!schema) {\n throw new Error(`Schema \"${name}\" not found`);\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/schemas/${schema.id}?${queryString}`\n : `/v1/meta/schemas/${schema.id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(options?: { schema?: string }): Promise<Table[]> {\n const params = new URLSearchParams();\n if (options?.schema) {\n validateIdentifier(options.schema, 'schema name');\n params.set('included_schemas', options.schema);\n }\n\n const queryString = params.toString();\n const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n const response = await this.httpClient.request<Table[]>('GET', path);\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async get(id: number): Promise<Table> {\n const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async create(def: CreateTableDef): Promise<Table> {\n validateIdentifier(def.name, 'table name');\n if (def.schema) {\n validateIdentifier(def.schema, 'schema name');\n }\n\n const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n /\n Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n * Sends `PATCH /v1/meta/tables/:id`.\n \n Note: this does NOT add or drop columns. For column changes, use\n * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n /\n async update(id: number, patch: UpdateTableDef): Promise<Table> {\n if (patch.name !== undefined) {\n validateIdentifier(patch.name, 'table name');\n }\n if (patch.schema !== undefined) {\n validateIdentifier(patch.schema, 'schema name');\n }\n if (patch.primary_keys) {\n for (const pk of patch.primary_keys) {\n validateIdentifier(pk.name, 'primary key column name');\n }\n }\n\n const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n body: patch,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/tables/${id}?${queryString}`\n : `/v1/meta/tables/${id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n readonly schemas: SchemasClient;\n readonly tables: TablesClient;\n readonly columns: ColumnsClient;\n\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n this.schemas = new SchemasClient(httpClient);\n this.tables = new TablesClient(httpClient);\n this.columns = new ColumnsClient(httpClient);\n }\n\n /\n Execute a raw SQL query with full privileges (service role).\n \n Always use parameterized queries to prevent SQL injection.\n * Never interpolate user input directly into the SQL string.\n \n Pass `{ readOnly: true }` to wrap the query in\n * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres\n * rejects any write/DDL statement at the server — safe mode for\n * Studio's SQL editor and other consumer-facing query surfaces.\n \n @example\n * ```ts\n * // GOOD — parameterized\n * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n \n // Read-only — Postgres enforces the denial (errcode 25006).\n * await admin.query('SELECT count() FROM users', [], { readOnly: true });\n \n * // BAD — string interpolation (SQL injection risk)\n * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n * ```\n /\n async query<T = Record<string, unknown>>(\n sql: string,\n params?: unknown[],\n options?: QueryOptions,\n ): Promise<T[]> {\n const wrappedQuery = options?.readOnly\n ? `BEGIN; SET TRANSACTION READ ONLY; ${stripTrailingSemicolon(sql)}; COMMIT;`\n : sql;\n const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n body: { query: wrappedQuery, params },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n}\n\nexport interface QueryOptions {\n /\n Run the query in a read-only Postgres transaction. Any INSERT /\n * UPDATE / DELETE / DDL statement inside the wrapped block is\n * rejected by the server with SQLSTATE 25006 — the SDK isn't the\n * guard, Postgres is. Useful for UI surfaces (SQL editor, data\n * explorer) that must not mutate.\n /\n readOnly?: boolean;\n}\n\n/* Trim the final `;` so our BEGIN/COMMIT wrapper doesn't close twice. /\nfunction stripTrailingSemicolon(sql: string): string {\n return sql.replace(/;\\s$/, '');\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,MAAM,MACJ,KACA,QACA,SACc;AACd,UAAM,eAAe,SAAS,WAC1B,qCAAqC,uBAAuB,GAAG,CAAC,cAChE;AACJ,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,cAAc,OAAO;AAAA,IACtC,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;AAcA,SAAS,uBAAuB,KAAqB;AACnD,SAAO,IAAI,QAAQ,SAAS,EAAE;AAChC;","names":[]}

package/dist/admin.d.cts CHANGED Viewed

@@ -193,16 +193,34 @@ declare class AdminClient {
      * Always use parameterized queries to prevent SQL injection.
      * Never interpolate user input directly into the SQL string.
      *
+     * Pass `{ readOnly: true }` to wrap the query in
+     * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres
+     * rejects any write/DDL statement at the server — safe mode for
+     * Studio's SQL editor and other consumer-facing query surfaces.
+     *
      * @example
      * ```ts
      * // GOOD — parameterized
      * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
      *
+     * // Read-only — Postgres enforces the denial (errcode 25006).
+     * await admin.query('SELECT count(*) FROM users', [], { readOnly: true });
+     *
      * // BAD — string interpolation (SQL injection risk)
      * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
      * ```
      */
-    query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]>;
+    query<T = Record<string, unknown>>(sql: string, params?: unknown[], options?: QueryOptions): Promise<T[]>;
+}
+interface QueryOptions {
+    /**
+     * Run the query in a read-only Postgres transaction. Any INSERT /
+     * UPDATE / DELETE / DDL statement inside the wrapped block is
+     * rejected by the server with SQLSTATE 25006 — the SDK isn't the
+     * guard, Postgres is. Useful for UI surfaces (SQL editor, data
+     * explorer) that must not mutate.
+     */
+    readOnly?: boolean;
 }
-export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type Schema, SchemasClient, type Table, type TablePrimaryKey, type TableRelationship, TablesClient, type UpdateTableDef };
+export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type QueryOptions, type Schema, SchemasClient, type Table, type TablePrimaryKey, type TableRelationship, TablesClient, type UpdateTableDef };

package/dist/admin.d.ts CHANGED Viewed

@@ -193,16 +193,34 @@ declare class AdminClient {
      * Always use parameterized queries to prevent SQL injection.
      * Never interpolate user input directly into the SQL string.
      *
+     * Pass `{ readOnly: true }` to wrap the query in
+     * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres
+     * rejects any write/DDL statement at the server — safe mode for
+     * Studio's SQL editor and other consumer-facing query surfaces.
+     *
      * @example
      * ```ts
      * // GOOD — parameterized
      * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
      *
+     * // Read-only — Postgres enforces the denial (errcode 25006).
+     * await admin.query('SELECT count(*) FROM users', [], { readOnly: true });
+     *
      * // BAD — string interpolation (SQL injection risk)
      * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
      * ```
      */
-    query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]>;
+    query<T = Record<string, unknown>>(sql: string, params?: unknown[], options?: QueryOptions): Promise<T[]>;
+}
+interface QueryOptions {
+    /**
+     * Run the query in a read-only Postgres transaction. Any INSERT /
+     * UPDATE / DELETE / DDL statement inside the wrapped block is
+     * rejected by the server with SQLSTATE 25006 — the SDK isn't the
+     * guard, Postgres is. Useful for UI surfaces (SQL editor, data
+     * explorer) that must not mutate.
+     */
+    readOnly?: boolean;
 }
-export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type Schema, SchemasClient, type Table, type TablePrimaryKey, type TableRelationship, TablesClient, type UpdateTableDef };
+export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type QueryOptions, type Schema, SchemasClient, type Table, type TablePrimaryKey, type TableRelationship, TablesClient, type UpdateTableDef };

package/dist/admin.js CHANGED Viewed

@@ -200,18 +200,27 @@ var AdminClient = class {
    * Always use parameterized queries to prevent SQL injection.
    * Never interpolate user input directly into the SQL string.
    *
+   * Pass `{ readOnly: true }` to wrap the query in
+   * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres
+   * rejects any write/DDL statement at the server — safe mode for
+   * Studio's SQL editor and other consumer-facing query surfaces.
+   *
    * @example
    * ```ts
    * // GOOD — parameterized
    * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
    *
+   * // Read-only — Postgres enforces the denial (errcode 25006).
+   * await admin.query('SELECT count(*) FROM users', [], { readOnly: true });
+   *
    * // BAD — string interpolation (SQL injection risk)
    * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
    * ```
    */
-  async query(sql, params) {
+  async query(sql, params, options) {
+    const wrappedQuery = options?.readOnly ? `BEGIN; SET TRANSACTION READ ONLY; ${stripTrailingSemicolon(sql)}; COMMIT;` : sql;
     const response = await this.httpClient.request("POST", "/v1/meta/query", {
-      body: { query: sql, params }
+      body: { query: wrappedQuery, params }
     });
     if (response.error) {
       throw response.error;
@@ -219,6 +228,9 @@ var AdminClient = class {
     return response.data ?? [];
   }
 };
+function stripTrailingSemicolon(sql) {
+  return sql.replace(/;\s*$/, "");
+}
 export {
   AdminClient,
   ColumnsClient,

package/dist/admin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n if (!IDENTIFIER_RE.test(value)) {\n throw new Error(\n `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n );\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/\n Postgres-meta column admin client.\n \n Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n /\nexport class ColumnsClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n /\n Create a new column on the given table. Sends `POST /v1/meta/columns`.\n \n The column name is validated against the standard SQL identifier regex.\n * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n * restrict types to a known allowlist before calling this.\n /\n async create(def: CreateColumnDef): Promise<Column> {\n validateIdentifier(def.name, 'column name');\n\n const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n\n /\n Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n \n postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n * find a column id from a column name if needed.\n /\n async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n if (!/^\\d+\\.\\d+$/.test(columnId)) {\n throw new Error(\n `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n );\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/columns/${columnId}?${queryString}`\n : `/v1/meta/columns/${columnId}`;\n\n const response = await this.httpClient.request<Column>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(): Promise<Schema[]> {\n const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async create(name: string): Promise<Schema> {\n validateIdentifier(name, 'schema name');\n\n const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n body: { name },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Schema;\n }\n\n async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n validateIdentifier(name, 'schema name');\n\n // Resolve name to id first\n const schemas = await this.list();\n const schema = schemas.find((s) => s.name === name);\n if (!schema) {\n throw new Error(`Schema \"${name}\" not found`);\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/schemas/${schema.id}?${queryString}`\n : `/v1/meta/schemas/${schema.id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(options?: { schema?: string }): Promise<Table[]> {\n const params = new URLSearchParams();\n if (options?.schema) {\n validateIdentifier(options.schema, 'schema name');\n params.set('included_schemas', options.schema);\n }\n\n const queryString = params.toString();\n const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n const response = await this.httpClient.request<Table[]>('GET', path);\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async get(id: number): Promise<Table> {\n const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async create(def: CreateTableDef): Promise<Table> {\n validateIdentifier(def.name, 'table name');\n if (def.schema) {\n validateIdentifier(def.schema, 'schema name');\n }\n\n const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n /\n Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n * Sends `PATCH /v1/meta/tables/:id`.\n \n Note: this does NOT add or drop columns. For column changes, use\n * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n /\n async update(id: number, patch: UpdateTableDef): Promise<Table> {\n if (patch.name !== undefined) {\n validateIdentifier(patch.name, 'table name');\n }\n if (patch.schema !== undefined) {\n validateIdentifier(patch.schema, 'schema name');\n }\n if (patch.primary_keys) {\n for (const pk of patch.primary_keys) {\n validateIdentifier(pk.name, 'primary key column name');\n }\n }\n\n const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n body: patch,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/tables/${id}?${queryString}`\n : `/v1/meta/tables/${id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n readonly schemas: SchemasClient;\n readonly tables: TablesClient;\n readonly columns: ColumnsClient;\n\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n this.schemas = new SchemasClient(httpClient);\n this.tables = new TablesClient(httpClient);\n this.columns = new ColumnsClient(httpClient);\n }\n\n /\n Execute a raw SQL query with full privileges (service role).\n \n Always use parameterized queries to prevent SQL injection.\n * Never interpolate user input directly into the SQL string.\n \n @example\n * ```ts\n * // GOOD — parameterized\n * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n \n // BAD — string interpolation (SQL injection risk)\n * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n * ```\n */\n async query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]> {\n const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n body: { query: sql, params },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n}\n"],"mappings":";AAAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAmC,KAAa,QAAkC;AACtF,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,KAAK,OAAO;AAAA,IAC7B,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n if (!IDENTIFIER_RE.test(value)) {\n throw new Error(\n `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n );\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/\n Postgres-meta column admin client.\n \n Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n /\nexport class ColumnsClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n /\n Create a new column on the given table. Sends `POST /v1/meta/columns`.\n \n The column name is validated against the standard SQL identifier regex.\n * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n * restrict types to a known allowlist before calling this.\n /\n async create(def: CreateColumnDef): Promise<Column> {\n validateIdentifier(def.name, 'column name');\n\n const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n\n /\n Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n \n postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n * find a column id from a column name if needed.\n /\n async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n if (!/^\\d+\\.\\d+$/.test(columnId)) {\n throw new Error(\n `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n );\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/columns/${columnId}?${queryString}`\n : `/v1/meta/columns/${columnId}`;\n\n const response = await this.httpClient.request<Column>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n return response.data as Column;\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(): Promise<Schema[]> {\n const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async create(name: string): Promise<Schema> {\n validateIdentifier(name, 'schema name');\n\n const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n body: { name },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Schema;\n }\n\n async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n validateIdentifier(name, 'schema name');\n\n // Resolve name to id first\n const schemas = await this.list();\n const schema = schemas.find((s) => s.name === name);\n if (!schema) {\n throw new Error(`Schema \"${name}\" not found`);\n }\n\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/schemas/${schema.id}?${queryString}`\n : `/v1/meta/schemas/${schema.id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n }\n\n async list(options?: { schema?: string }): Promise<Table[]> {\n const params = new URLSearchParams();\n if (options?.schema) {\n validateIdentifier(options.schema, 'schema name');\n params.set('included_schemas', options.schema);\n }\n\n const queryString = params.toString();\n const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n const response = await this.httpClient.request<Table[]>('GET', path);\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n\n async get(id: number): Promise<Table> {\n const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async create(def: CreateTableDef): Promise<Table> {\n validateIdentifier(def.name, 'table name');\n if (def.schema) {\n validateIdentifier(def.schema, 'schema name');\n }\n\n const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n body: def,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n /\n Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n * Sends `PATCH /v1/meta/tables/:id`.\n \n Note: this does NOT add or drop columns. For column changes, use\n * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n /\n async update(id: number, patch: UpdateTableDef): Promise<Table> {\n if (patch.name !== undefined) {\n validateIdentifier(patch.name, 'table name');\n }\n if (patch.schema !== undefined) {\n validateIdentifier(patch.schema, 'schema name');\n }\n if (patch.primary_keys) {\n for (const pk of patch.primary_keys) {\n validateIdentifier(pk.name, 'primary key column name');\n }\n }\n\n const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n body: patch,\n });\n if (response.error) {\n throw response.error;\n }\n return response.data as Table;\n }\n\n async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n const params = new URLSearchParams();\n if (options?.cascade) {\n params.set('cascade', 'true');\n }\n\n const queryString = params.toString();\n const path = queryString\n ? `/v1/meta/tables/${id}?${queryString}`\n : `/v1/meta/tables/${id}`;\n\n const response = await this.httpClient.request<void>('DELETE', path);\n if (response.error) {\n throw response.error;\n }\n }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n readonly schemas: SchemasClient;\n readonly tables: TablesClient;\n readonly columns: ColumnsClient;\n\n private readonly httpClient: HttpClient;\n\n constructor(httpClient: HttpClient) {\n this.httpClient = httpClient;\n this.schemas = new SchemasClient(httpClient);\n this.tables = new TablesClient(httpClient);\n this.columns = new ColumnsClient(httpClient);\n }\n\n /\n Execute a raw SQL query with full privileges (service role).\n \n Always use parameterized queries to prevent SQL injection.\n * Never interpolate user input directly into the SQL string.\n \n Pass `{ readOnly: true }` to wrap the query in\n * `BEGIN; SET TRANSACTION READ ONLY; <query>; COMMIT;` so Postgres\n * rejects any write/DDL statement at the server — safe mode for\n * Studio's SQL editor and other consumer-facing query surfaces.\n \n @example\n * ```ts\n * // GOOD — parameterized\n * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n \n // Read-only — Postgres enforces the denial (errcode 25006).\n * await admin.query('SELECT count() FROM users', [], { readOnly: true });\n \n * // BAD — string interpolation (SQL injection risk)\n * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n * ```\n /\n async query<T = Record<string, unknown>>(\n sql: string,\n params?: unknown[],\n options?: QueryOptions,\n ): Promise<T[]> {\n const wrappedQuery = options?.readOnly\n ? `BEGIN; SET TRANSACTION READ ONLY; ${stripTrailingSemicolon(sql)}; COMMIT;`\n : sql;\n const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n body: { query: wrappedQuery, params },\n });\n if (response.error) {\n throw response.error;\n }\n return response.data ?? [];\n }\n}\n\nexport interface QueryOptions {\n /\n Run the query in a read-only Postgres transaction. Any INSERT /\n * UPDATE / DELETE / DDL statement inside the wrapped block is\n * rejected by the server with SQLSTATE 25006 — the SDK isn't the\n * guard, Postgres is. Useful for UI surfaces (SQL editor, data\n * explorer) that must not mutate.\n /\n readOnly?: boolean;\n}\n\n/* Trim the final `;` so our BEGIN/COMMIT wrapper doesn't close twice. /\nfunction stripTrailingSemicolon(sql: string): string {\n return sql.replace(/;\\s$/, '');\n}\n"],"mappings":";AAAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,MAAM,MACJ,KACA,QACA,SACc;AACd,UAAM,eAAe,SAAS,WAC1B,qCAAqC,uBAAuB,GAAG,CAAC,cAChE;AACJ,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,cAAc,OAAO;AAAA,IACtC,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;AAcA,SAAS,uBAAuB,KAAqB;AACnD,SAAO,IAAI,QAAQ,SAAS,EAAE;AAChC;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@palbase/db",
-  "version": "0.5.1",
+  "version": "0.7.0",
   "private": false,
   "type": "module",
   "exports": {
@@ -32,7 +32,7 @@
     "dist"
   ],
   "dependencies": {
-    "@palbase/core": "0.5.0"
+    "@palbase/core": "^0.7.0"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.0.0",