@palbase/modules-db 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024-present Palbase
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/admin.cjs

@@ -0,0 +1,258 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/admin.ts
+var admin_exports = {};
+__export(admin_exports, {
+  AdminClient: () => AdminClient,
+  ColumnsClient: () => ColumnsClient,
+  SchemasClient: () => SchemasClient,
+  TablesClient: () => TablesClient
+});
+module.exports = __toCommonJS(admin_exports);
+
+// src/admin-validation.ts
+var IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;
+function validateIdentifier(value, label) {
+  if (!IDENTIFIER_RE.test(value)) {
+    throw new Error(
+      `Invalid ${label}: "${value}". Identifiers must match ${IDENTIFIER_RE.source}`
+    );
+  }
+}
+
+// src/admin-columns.ts
+var ColumnsClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  /**
+   * Create a new column on the given table. Sends `POST /v1/meta/columns`.
+   *
+   * The column name is validated against the standard SQL identifier regex.
+   * The `type` field is forwarded as-is to postgres-meta — callers SHOULD
+   * restrict types to a known allowlist before calling this.
+   */
+  async create(def) {
+    validateIdentifier(def.name, "column name");
+    const response = await this.httpClient.request("POST", "/v1/meta/columns", {
+      body: def
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  /**
+   * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.
+   *
+   * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the
+   * column's 1-based attnum within its table). Use `TablesClient.get(id)` to
+   * find a column id from a column name if needed.
+   */
+  async drop(columnId, options) {
+    if (!/^\d+\.\d+$/.test(columnId)) {
+      throw new Error(
+        `Invalid column id: "${columnId}". Expected format "{tableId}.{ordinalPosition}"`
+      );
+    }
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/columns/${columnId}?${queryString}` : `/v1/meta/columns/${columnId}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+};
+
+// src/admin-schemas.ts
+var SchemasClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  async list() {
+    const response = await this.httpClient.request("GET", "/v1/meta/schemas");
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+  async create(name) {
+    validateIdentifier(name, "schema name");
+    const response = await this.httpClient.request("POST", "/v1/meta/schemas", {
+      body: { name }
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async drop(name, options) {
+    validateIdentifier(name, "schema name");
+    const schemas = await this.list();
+    const schema = schemas.find((s) => s.name === name);
+    if (!schema) {
+      throw new Error(`Schema "${name}" not found`);
+    }
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/schemas/${schema.id}?${queryString}` : `/v1/meta/schemas/${schema.id}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+  }
+};
+
+// src/admin-tables.ts
+var TablesClient = class {
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  async list(options) {
+    const params = new URLSearchParams();
+    if (options?.schema) {
+      validateIdentifier(options.schema, "schema name");
+      params.set("included_schemas", options.schema);
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/tables?${queryString}` : "/v1/meta/tables";
+    const response = await this.httpClient.request("GET", path);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+  async get(id) {
+    const response = await this.httpClient.request("GET", `/v1/meta/tables/${id}`);
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async create(def) {
+    validateIdentifier(def.name, "table name");
+    if (def.schema) {
+      validateIdentifier(def.schema, "schema name");
+    }
+    const response = await this.httpClient.request("POST", "/v1/meta/tables", {
+      body: def
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  /**
+   * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).
+   * Sends `PATCH /v1/meta/tables/:id`.
+   *
+   * Note: this does NOT add or drop columns. For column changes, use
+   * `ColumnsClient.create()` / `ColumnsClient.drop()`.
+   */
+  async update(id, patch) {
+    if (patch.name !== void 0) {
+      validateIdentifier(patch.name, "table name");
+    }
+    if (patch.schema !== void 0) {
+      validateIdentifier(patch.schema, "schema name");
+    }
+    if (patch.primary_keys) {
+      for (const pk of patch.primary_keys) {
+        validateIdentifier(pk.name, "primary key column name");
+      }
+    }
+    const response = await this.httpClient.request("PATCH", `/v1/meta/tables/${id}`, {
+      body: patch
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data;
+  }
+  async drop(id, options) {
+    const params = new URLSearchParams();
+    if (options?.cascade) {
+      params.set("cascade", "true");
+    }
+    const queryString = params.toString();
+    const path = queryString ? `/v1/meta/tables/${id}?${queryString}` : `/v1/meta/tables/${id}`;
+    const response = await this.httpClient.request("DELETE", path);
+    if (response.error) {
+      throw response.error;
+    }
+  }
+};
+
+// src/admin-client.ts
+var AdminClient = class {
+  schemas;
+  tables;
+  columns;
+  httpClient;
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+    this.schemas = new SchemasClient(httpClient);
+    this.tables = new TablesClient(httpClient);
+    this.columns = new ColumnsClient(httpClient);
+  }
+  /**
+   * Execute a raw SQL query with full privileges (service role).
+   *
+   * Always use parameterized queries to prevent SQL injection.
+   * Never interpolate user input directly into the SQL string.
+   *
+   * @example
+   * ```ts
+   * // GOOD — parameterized
+   * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
+   *
+   * // BAD — string interpolation (SQL injection risk)
+   * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
+   * ```
+   */
+  async query(sql, params) {
+    const response = await this.httpClient.request("POST", "/v1/meta/query", {
+      body: { query: sql, params }
+    });
+    if (response.error) {
+      throw response.error;
+    }
+    return response.data ?? [];
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AdminClient,
+  ColumnsClient,
+  SchemasClient,
+  TablesClient
+});
+//# sourceMappingURL=admin.cjs.map

package/dist/admin.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/admin.ts","../src/admin-validation.ts","../src/admin-columns.ts","../src/admin-schemas.ts","../src/admin-tables.ts","../src/admin-client.ts"],"sourcesContent":["export { AdminClient } from './admin-client.js';\nexport { ColumnsClient } from './admin-columns.js';\nexport { SchemasClient } from './admin-schemas.js';\nexport { TablesClient } from './admin-tables.js';\nexport type {\n  Column,\n  ColumnDef,\n  CreateColumnDef,\n  CreateTableDef,\n  Schema,\n  Table,\n  UpdateTableDef,\n} from './admin-types.js';\n","const IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_.]*$/;\n\nexport function validateIdentifier(value: string, label: string): void {\n  if (!IDENTIFIER_RE.test(value)) {\n    throw new Error(\n      `Invalid ${label}: \"${value}\". Identifiers must match ${IDENTIFIER_RE.source}`,\n    );\n  }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Column, CreateColumnDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\n/**\n * Postgres-meta column admin client.\n *\n * Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.\n * Use this to add or drop columns on an existing table — `TablesClient.update()`\n * does not handle column structure changes.\n */\nexport class ColumnsClient {\n  private readonly httpClient: HttpClient;\n\n  constructor(httpClient: HttpClient) {\n    this.httpClient = httpClient;\n  }\n\n  /**\n   * Create a new column on the given table. Sends `POST /v1/meta/columns`.\n   *\n   * The column name is validated against the standard SQL identifier regex.\n   * The `type` field is forwarded as-is to postgres-meta — callers SHOULD\n   * restrict types to a known allowlist before calling this.\n   */\n  async create(def: CreateColumnDef): Promise<Column> {\n    validateIdentifier(def.name, 'column name');\n\n    const response = await this.httpClient.request<Column>('POST', '/v1/meta/columns', {\n      body: def,\n    });\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Column;\n  }\n\n  /**\n   * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.\n   *\n   * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the\n   * column's 1-based attnum within its table). Use `TablesClient.get(id)` to\n   * find a column id from a column name if needed.\n   */\n  async drop(columnId: string, options?: { cascade?: boolean }): Promise<Column> {\n    if (!/^\\d+\\.\\d+$/.test(columnId)) {\n      throw new Error(\n        `Invalid column id: \"${columnId}\". Expected format \"{tableId}.{ordinalPosition}\"`,\n      );\n    }\n\n    const params = new URLSearchParams();\n    if (options?.cascade) {\n      params.set('cascade', 'true');\n    }\n\n    const queryString = params.toString();\n    const path = queryString\n      ? `/v1/meta/columns/${columnId}?${queryString}`\n      : `/v1/meta/columns/${columnId}`;\n\n    const response = await this.httpClient.request<Column>('DELETE', path);\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Column;\n  }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { Schema } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class SchemasClient {\n  private readonly httpClient: HttpClient;\n\n  constructor(httpClient: HttpClient) {\n    this.httpClient = httpClient;\n  }\n\n  async list(): Promise<Schema[]> {\n    const response = await this.httpClient.request<Schema[]>('GET', '/v1/meta/schemas');\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data ?? [];\n  }\n\n  async create(name: string): Promise<Schema> {\n    validateIdentifier(name, 'schema name');\n\n    const response = await this.httpClient.request<Schema>('POST', '/v1/meta/schemas', {\n      body: { name },\n    });\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Schema;\n  }\n\n  async drop(name: string, options?: { cascade?: boolean }): Promise<void> {\n    validateIdentifier(name, 'schema name');\n\n    // Resolve name to id first\n    const schemas = await this.list();\n    const schema = schemas.find((s) => s.name === name);\n    if (!schema) {\n      throw new Error(`Schema \"${name}\" not found`);\n    }\n\n    const params = new URLSearchParams();\n    if (options?.cascade) {\n      params.set('cascade', 'true');\n    }\n\n    const queryString = params.toString();\n    const path = queryString\n      ? `/v1/meta/schemas/${schema.id}?${queryString}`\n      : `/v1/meta/schemas/${schema.id}`;\n\n    const response = await this.httpClient.request<void>('DELETE', path);\n    if (response.error) {\n      throw response.error;\n    }\n  }\n}\n","import type { HttpClient } from '@palbase/core';\nimport type { CreateTableDef, Table, UpdateTableDef } from './admin-types.js';\nimport { validateIdentifier } from './admin-validation.js';\n\nexport class TablesClient {\n  private readonly httpClient: HttpClient;\n\n  constructor(httpClient: HttpClient) {\n    this.httpClient = httpClient;\n  }\n\n  async list(options?: { schema?: string }): Promise<Table[]> {\n    const params = new URLSearchParams();\n    if (options?.schema) {\n      validateIdentifier(options.schema, 'schema name');\n      params.set('included_schemas', options.schema);\n    }\n\n    const queryString = params.toString();\n    const path = queryString ? `/v1/meta/tables?${queryString}` : '/v1/meta/tables';\n\n    const response = await this.httpClient.request<Table[]>('GET', path);\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data ?? [];\n  }\n\n  async get(id: number): Promise<Table> {\n    const response = await this.httpClient.request<Table>('GET', `/v1/meta/tables/${id}`);\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Table;\n  }\n\n  async create(def: CreateTableDef): Promise<Table> {\n    validateIdentifier(def.name, 'table name');\n    if (def.schema) {\n      validateIdentifier(def.schema, 'schema name');\n    }\n\n    const response = await this.httpClient.request<Table>('POST', '/v1/meta/tables', {\n      body: def,\n    });\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Table;\n  }\n\n  /**\n   * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).\n   * Sends `PATCH /v1/meta/tables/:id`.\n   *\n   * Note: this does NOT add or drop columns. For column changes, use\n   * `ColumnsClient.create()` / `ColumnsClient.drop()`.\n   */\n  async update(id: number, patch: UpdateTableDef): Promise<Table> {\n    if (patch.name !== undefined) {\n      validateIdentifier(patch.name, 'table name');\n    }\n    if (patch.schema !== undefined) {\n      validateIdentifier(patch.schema, 'schema name');\n    }\n    if (patch.primary_keys) {\n      for (const pk of patch.primary_keys) {\n        validateIdentifier(pk.name, 'primary key column name');\n      }\n    }\n\n    const response = await this.httpClient.request<Table>('PATCH', `/v1/meta/tables/${id}`, {\n      body: patch,\n    });\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data as Table;\n  }\n\n  async drop(id: number, options?: { cascade?: boolean }): Promise<void> {\n    const params = new URLSearchParams();\n    if (options?.cascade) {\n      params.set('cascade', 'true');\n    }\n\n    const queryString = params.toString();\n    const path = queryString\n      ? `/v1/meta/tables/${id}?${queryString}`\n      : `/v1/meta/tables/${id}`;\n\n    const response = await this.httpClient.request<void>('DELETE', path);\n    if (response.error) {\n      throw response.error;\n    }\n  }\n}\n","import type { HttpClient } from '@palbase/core';\nimport { ColumnsClient } from './admin-columns.js';\nimport { SchemasClient } from './admin-schemas.js';\nimport { TablesClient } from './admin-tables.js';\n\nexport class AdminClient {\n  readonly schemas: SchemasClient;\n  readonly tables: TablesClient;\n  readonly columns: ColumnsClient;\n\n  private readonly httpClient: HttpClient;\n\n  constructor(httpClient: HttpClient) {\n    this.httpClient = httpClient;\n    this.schemas = new SchemasClient(httpClient);\n    this.tables = new TablesClient(httpClient);\n    this.columns = new ColumnsClient(httpClient);\n  }\n\n  /**\n   * Execute a raw SQL query with full privileges (service role).\n   *\n   * Always use parameterized queries to prevent SQL injection.\n   * Never interpolate user input directly into the SQL string.\n   *\n   * @example\n   * ```ts\n   * // GOOD — parameterized\n   * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);\n   *\n   * // BAD — string interpolation (SQL injection risk)\n   * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);\n   * ```\n   */\n  async query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]> {\n    const response = await this.httpClient.request<T[]>('POST', '/v1/meta/query', {\n      body: { query: sql, params },\n    });\n    if (response.error) {\n      throw response.error;\n    }\n    return response.data ?? [];\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAM,gBAAgB;AAEf,SAAS,mBAAmB,OAAe,OAAqB;AACrE,MAAI,CAAC,cAAc,KAAK,KAAK,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,WAAW,KAAK,MAAM,KAAK,6BAA6B,cAAc,MAAM;AAAA,IAC9E;AAAA,EACF;AACF;;;ACGO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,KAAuC;AAClD,uBAAmB,IAAI,MAAM,aAAa;AAE1C,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,KAAK,UAAkB,SAAkD;AAC7E,QAAI,CAAC,aAAa,KAAK,QAAQ,GAAG;AAChC,YAAM,IAAI;AAAA,QACR,uBAAuB,QAAQ;AAAA,MACjC;AAAA,IACF;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,QAAQ,IAAI,WAAW,KAC3C,oBAAoB,QAAQ;AAEhC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,UAAU,IAAI;AACrE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;;;AC/DO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,OAA0B;AAC9B,UAAM,WAAW,MAAM,KAAK,WAAW,QAAkB,OAAO,kBAAkB;AAClF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,OAAO,MAA+B;AAC1C,uBAAmB,MAAM,aAAa;AAEtC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAgB,QAAQ,oBAAoB;AAAA,MACjF,MAAM,EAAE,KAAK;AAAA,IACf,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,MAAc,SAAgD;AACvE,uBAAmB,MAAM,aAAa;AAGtC,UAAM,UAAU,MAAM,KAAK,KAAK;AAChC,UAAM,SAAS,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAClD,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAAA,IAC9C;AAEA,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,oBAAoB,OAAO,EAAE,IAAI,WAAW,KAC5C,oBAAoB,OAAO,EAAE;AAEjC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;ACpDO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,SAAiD;AAC1D,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,QAAQ;AACnB,yBAAmB,QAAQ,QAAQ,aAAa;AAChD,aAAO,IAAI,oBAAoB,QAAQ,MAAM;AAAA,IAC/C;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cAAc,mBAAmB,WAAW,KAAK;AAE9D,UAAM,WAAW,MAAM,KAAK,WAAW,QAAiB,OAAO,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AAAA,EAEA,MAAM,IAAI,IAA4B;AACpC,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,OAAO,mBAAmB,EAAE,EAAE;AACpF,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,KAAqC;AAChD,uBAAmB,IAAI,MAAM,YAAY;AACzC,QAAI,IAAI,QAAQ;AACd,yBAAmB,IAAI,QAAQ,aAAa;AAAA,IAC9C;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,QAAQ,mBAAmB;AAAA,MAC/E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,IAAY,OAAuC;AAC9D,QAAI,MAAM,SAAS,QAAW;AAC5B,yBAAmB,MAAM,MAAM,YAAY;AAAA,IAC7C;AACA,QAAI,MAAM,WAAW,QAAW;AAC9B,yBAAmB,MAAM,QAAQ,aAAa;AAAA,IAChD;AACA,QAAI,MAAM,cAAc;AACtB,iBAAW,MAAM,MAAM,cAAc;AACnC,2BAAmB,GAAG,MAAM,yBAAyB;AAAA,MACvD;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,WAAW,QAAe,SAAS,mBAAmB,EAAE,IAAI;AAAA,MACtF,MAAM;AAAA,IACR,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,MAAM,KAAK,IAAY,SAAgD;AACrE,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,SAAS,SAAS;AACpB,aAAO,IAAI,WAAW,MAAM;AAAA,IAC9B;AAEA,UAAM,cAAc,OAAO,SAAS;AACpC,UAAM,OAAO,cACT,mBAAmB,EAAE,IAAI,WAAW,KACpC,mBAAmB,EAAE;AAEzB,UAAM,WAAW,MAAM,KAAK,WAAW,QAAc,UAAU,IAAI;AACnE,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AAAA,EACF;AACF;;;AC3FO,IAAM,cAAN,MAAkB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,YAAwB;AAClC,SAAK,aAAa;AAClB,SAAK,UAAU,IAAI,cAAc,UAAU;AAC3C,SAAK,SAAS,IAAI,aAAa,UAAU;AACzC,SAAK,UAAU,IAAI,cAAc,UAAU;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAmC,KAAa,QAAkC;AACtF,UAAM,WAAW,MAAM,KAAK,WAAW,QAAa,QAAQ,kBAAkB;AAAA,MAC5E,MAAM,EAAE,OAAO,KAAK,OAAO;AAAA,IAC7B,CAAC;AACD,QAAI,SAAS,OAAO;AAClB,YAAM,SAAS;AAAA,IACjB;AACA,WAAO,SAAS,QAAQ,CAAC;AAAA,EAC3B;AACF;","names":[]}

package/dist/admin.d.cts

@@ -0,0 +1,178 @@
+import { HttpClient } from '@palbase/core';
+
+interface Schema {
+    id: number;
+    name: string;
+    owner: string;
+}
+interface Column {
+    table_id: number;
+    name: string;
+    schema: string;
+    table: string;
+    data_type: string;
+    format: string;
+    is_identity: boolean;
+    identity_generation: string | null;
+    is_nullable: boolean;
+    is_unique: boolean;
+    is_updatable: boolean;
+    default_value: string | null;
+    enums: string[];
+    comment: string | null;
+}
+interface Table {
+    id: number;
+    schema: string;
+    name: string;
+    rls_enabled: boolean;
+    rls_forced: boolean;
+    replica_identity: string;
+    bytes: number;
+    size: string;
+    live_rows_estimate: number;
+    dead_rows_estimate: number;
+    comment: string | null;
+    columns: Column[];
+}
+interface ColumnDef {
+    name: string;
+    type: string;
+    default_value?: string;
+    is_identity?: boolean;
+    identity_generation?: 'BY DEFAULT' | 'ALWAYS';
+    is_nullable?: boolean;
+    is_unique?: boolean;
+    is_primary_key?: boolean;
+    comment?: string;
+}
+interface CreateTableDef {
+    name: string;
+    schema?: string;
+    columns: ColumnDef[];
+    comment?: string;
+}
+/**
+ * Patch for `TablesClient.update()`. Mirrors postgres-meta's
+ * `PATCH /v1/meta/tables/:id` body — table-level fields only.
+ *
+ * Column add/drop is NOT done here; use `ColumnsClient.create()` /
+ * `ColumnsClient.drop()` for that.
+ */
+interface UpdateTableDef {
+    name?: string;
+    schema?: string;
+    rls_enabled?: boolean;
+    rls_forced?: boolean;
+    replica_identity?: 'DEFAULT' | 'INDEX' | 'FULL' | 'NOTHING';
+    replica_identity_index?: string;
+    primary_keys?: {
+        name: string;
+    }[];
+    comment?: string;
+}
+/**
+ * New column definition for `ColumnsClient.create()`. Mirrors postgres-meta's
+ * `POST /v1/meta/columns` body.
+ */
+interface CreateColumnDef {
+    table_id: number;
+    name: string;
+    type: string;
+    default_value?: unknown;
+    default_value_format?: 'expression' | 'literal';
+    is_identity?: boolean;
+    identity_generation?: 'BY DEFAULT' | 'ALWAYS';
+    is_nullable?: boolean;
+    is_primary_key?: boolean;
+    is_unique?: boolean;
+    comment?: string;
+    check?: string;
+}
+
+/**
+ * Postgres-meta column admin client.
+ *
+ * Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.
+ * Use this to add or drop columns on an existing table — `TablesClient.update()`
+ * does not handle column structure changes.
+ */
+declare class ColumnsClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    /**
+     * Create a new column on the given table. Sends `POST /v1/meta/columns`.
+     *
+     * The column name is validated against the standard SQL identifier regex.
+     * The `type` field is forwarded as-is to postgres-meta — callers SHOULD
+     * restrict types to a known allowlist before calling this.
+     */
+    create(def: CreateColumnDef): Promise<Column>;
+    /**
+     * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.
+     *
+     * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the
+     * column's 1-based attnum within its table). Use `TablesClient.get(id)` to
+     * find a column id from a column name if needed.
+     */
+    drop(columnId: string, options?: {
+        cascade?: boolean;
+    }): Promise<Column>;
+}
+
+declare class SchemasClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    list(): Promise<Schema[]>;
+    create(name: string): Promise<Schema>;
+    drop(name: string, options?: {
+        cascade?: boolean;
+    }): Promise<void>;
+}
+
+declare class TablesClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    list(options?: {
+        schema?: string;
+    }): Promise<Table[]>;
+    get(id: number): Promise<Table>;
+    create(def: CreateTableDef): Promise<Table>;
+    /**
+     * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).
+     * Sends `PATCH /v1/meta/tables/:id`.
+     *
+     * Note: this does NOT add or drop columns. For column changes, use
+     * `ColumnsClient.create()` / `ColumnsClient.drop()`.
+     */
+    update(id: number, patch: UpdateTableDef): Promise<Table>;
+    drop(id: number, options?: {
+        cascade?: boolean;
+    }): Promise<void>;
+}
+
+declare class AdminClient {
+    readonly schemas: SchemasClient;
+    readonly tables: TablesClient;
+    readonly columns: ColumnsClient;
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    /**
+     * Execute a raw SQL query with full privileges (service role).
+     *
+     * Always use parameterized queries to prevent SQL injection.
+     * Never interpolate user input directly into the SQL string.
+     *
+     * @example
+     * ```ts
+     * // GOOD — parameterized
+     * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
+     *
+     * // BAD — string interpolation (SQL injection risk)
+     * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
+     * ```
+     */
+    query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]>;
+}
+
+export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type Schema, SchemasClient, type Table, TablesClient, type UpdateTableDef };

package/dist/admin.d.ts

@@ -0,0 +1,178 @@
+import { HttpClient } from '@palbase/core';
+
+interface Schema {
+    id: number;
+    name: string;
+    owner: string;
+}
+interface Column {
+    table_id: number;
+    name: string;
+    schema: string;
+    table: string;
+    data_type: string;
+    format: string;
+    is_identity: boolean;
+    identity_generation: string | null;
+    is_nullable: boolean;
+    is_unique: boolean;
+    is_updatable: boolean;
+    default_value: string | null;
+    enums: string[];
+    comment: string | null;
+}
+interface Table {
+    id: number;
+    schema: string;
+    name: string;
+    rls_enabled: boolean;
+    rls_forced: boolean;
+    replica_identity: string;
+    bytes: number;
+    size: string;
+    live_rows_estimate: number;
+    dead_rows_estimate: number;
+    comment: string | null;
+    columns: Column[];
+}
+interface ColumnDef {
+    name: string;
+    type: string;
+    default_value?: string;
+    is_identity?: boolean;
+    identity_generation?: 'BY DEFAULT' | 'ALWAYS';
+    is_nullable?: boolean;
+    is_unique?: boolean;
+    is_primary_key?: boolean;
+    comment?: string;
+}
+interface CreateTableDef {
+    name: string;
+    schema?: string;
+    columns: ColumnDef[];
+    comment?: string;
+}
+/**
+ * Patch for `TablesClient.update()`. Mirrors postgres-meta's
+ * `PATCH /v1/meta/tables/:id` body — table-level fields only.
+ *
+ * Column add/drop is NOT done here; use `ColumnsClient.create()` /
+ * `ColumnsClient.drop()` for that.
+ */
+interface UpdateTableDef {
+    name?: string;
+    schema?: string;
+    rls_enabled?: boolean;
+    rls_forced?: boolean;
+    replica_identity?: 'DEFAULT' | 'INDEX' | 'FULL' | 'NOTHING';
+    replica_identity_index?: string;
+    primary_keys?: {
+        name: string;
+    }[];
+    comment?: string;
+}
+/**
+ * New column definition for `ColumnsClient.create()`. Mirrors postgres-meta's
+ * `POST /v1/meta/columns` body.
+ */
+interface CreateColumnDef {
+    table_id: number;
+    name: string;
+    type: string;
+    default_value?: unknown;
+    default_value_format?: 'expression' | 'literal';
+    is_identity?: boolean;
+    identity_generation?: 'BY DEFAULT' | 'ALWAYS';
+    is_nullable?: boolean;
+    is_primary_key?: boolean;
+    is_unique?: boolean;
+    comment?: string;
+    check?: string;
+}
+
+/**
+ * Postgres-meta column admin client.
+ *
+ * Wraps the `/v1/meta/columns` endpoints exposed by postgres-meta.
+ * Use this to add or drop columns on an existing table — `TablesClient.update()`
+ * does not handle column structure changes.
+ */
+declare class ColumnsClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    /**
+     * Create a new column on the given table. Sends `POST /v1/meta/columns`.
+     *
+     * The column name is validated against the standard SQL identifier regex.
+     * The `type` field is forwarded as-is to postgres-meta — callers SHOULD
+     * restrict types to a known allowlist before calling this.
+     */
+    create(def: CreateColumnDef): Promise<Column>;
+    /**
+     * Drop a column. Sends `DELETE /v1/meta/columns/:tableId.:ordinalPosition`.
+     *
+     * postgres-meta identifies columns by `{tableId}.{ordinalPosition}` (the
+     * column's 1-based attnum within its table). Use `TablesClient.get(id)` to
+     * find a column id from a column name if needed.
+     */
+    drop(columnId: string, options?: {
+        cascade?: boolean;
+    }): Promise<Column>;
+}
+
+declare class SchemasClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    list(): Promise<Schema[]>;
+    create(name: string): Promise<Schema>;
+    drop(name: string, options?: {
+        cascade?: boolean;
+    }): Promise<void>;
+}
+
+declare class TablesClient {
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    list(options?: {
+        schema?: string;
+    }): Promise<Table[]>;
+    get(id: number): Promise<Table>;
+    create(def: CreateTableDef): Promise<Table>;
+    /**
+     * Apply table-level updates (rename, schema move, RLS toggle, comment, etc).
+     * Sends `PATCH /v1/meta/tables/:id`.
+     *
+     * Note: this does NOT add or drop columns. For column changes, use
+     * `ColumnsClient.create()` / `ColumnsClient.drop()`.
+     */
+    update(id: number, patch: UpdateTableDef): Promise<Table>;
+    drop(id: number, options?: {
+        cascade?: boolean;
+    }): Promise<void>;
+}
+
+declare class AdminClient {
+    readonly schemas: SchemasClient;
+    readonly tables: TablesClient;
+    readonly columns: ColumnsClient;
+    private readonly httpClient;
+    constructor(httpClient: HttpClient);
+    /**
+     * Execute a raw SQL query with full privileges (service role).
+     *
+     * Always use parameterized queries to prevent SQL injection.
+     * Never interpolate user input directly into the SQL string.
+     *
+     * @example
+     * ```ts
+     * // GOOD — parameterized
+     * await admin.query('SELECT * FROM users WHERE id = $1', [userId]);
+     *
+     * // BAD — string interpolation (SQL injection risk)
+     * await admin.query(`SELECT * FROM users WHERE id = '${userId}'`);
+     * ```
+     */
+    query<T = Record<string, unknown>>(sql: string, params?: unknown[]): Promise<T[]>;
+}
+
+export { AdminClient, type Column, type ColumnDef, ColumnsClient, type CreateColumnDef, type CreateTableDef, type Schema, SchemasClient, type Table, TablesClient, type UpdateTableDef };

package/dist/admin.js

@@ -0,0 +1,13 @@
+import {
+  AdminClient,
+  ColumnsClient,
+  SchemasClient,
+  TablesClient
+} from "./chunk-AQ6ZQNXC.js";
+export {
+  AdminClient,
+  ColumnsClient,
+  SchemasClient,
+  TablesClient
+};
+//# sourceMappingURL=admin.js.map

package/dist/admin.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}