@pgpmjs/core 3.0.0

package/files/sql/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./writer"), exports);

package/files/sql/writer.d.ts

@@ -0,0 +1,12 @@
+import { SqitchRow } from '../types';
+export interface SqlWriteOptions {
+    outdir: string;
+    name: string;
+    replacer: (str: string) => string;
+    author?: string;
+    useTx?: boolean;
+}
+/**
+ * Write SQL files for Sqitch migrations (deploy, revert, verify)
+ */
+export declare const writeSqitchFiles: (rows: SqitchRow[], opts: SqlWriteOptions) => void;

package/files/sql/writer.js

@@ -0,0 +1,114 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeSqitchFiles = void 0;
+const env_1 = require("@pgpmjs/env");
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+/**
+ * Write SQL files for Sqitch migrations (deploy, revert, verify)
+ */
+const writeSqitchFiles = (rows, opts) => {
+    rows.forEach((row) => writeVerify(row, opts));
+    rows.forEach((row) => writeRevert(row, opts));
+    rows.forEach((row) => writeDeploy(row, opts));
+};
+exports.writeSqitchFiles = writeSqitchFiles;
+/**
+ * Sort dependencies in a consistent order
+ */
+const ordered = (arr) => {
+    if (!arr)
+        return [];
+    return arr.sort((a, b) => a.length - b.length || a.localeCompare(b));
+};
+/**
+ * Write a deploy SQL file for a Sqitch change
+ */
+const writeDeploy = (row, opts) => {
+    const globalOpts = (0, env_1.getEnvOptions)({
+        migrations: {
+            codegen: {
+                useTx: opts.useTx
+            }
+        }
+    });
+    const useTx = globalOpts.migrations.codegen.useTx;
+    const deploy = opts.replacer(row.deploy);
+    const dir = path_1.default.dirname(deploy);
+    const prefix = path_1.default.join(opts.outdir, opts.name, 'deploy');
+    const actualDir = path_1.default.resolve(prefix, dir);
+    const actualFile = path_1.default.resolve(prefix, `${deploy}.sql`);
+    fs_1.default.mkdirSync(actualDir, { recursive: true });
+    const sqlContent = opts.replacer(row.content);
+    const content = `-- Deploy: ${deploy}
+-- made with <3 @ constructive.io
+
+${opts.replacer(ordered(row?.deps)
+        .map((dep) => `-- requires: ${dep}`)
+        .join('\n') || '')}
+
+${useTx ? 'BEGIN;' : ''}
+${sqlContent}
+${useTx ? 'COMMIT;' : ''}
+`;
+    fs_1.default.writeFileSync(actualFile, content);
+};
+/**
+ * Write a verify SQL file for a Sqitch change
+ */
+const writeVerify = (row, opts) => {
+    const globalOpts = (0, env_1.getEnvOptions)({
+        migrations: {
+            codegen: {
+                useTx: opts.useTx
+            }
+        }
+    });
+    const useTx = globalOpts.migrations.codegen.useTx;
+    const deploy = opts.replacer(row.deploy);
+    const dir = path_1.default.dirname(deploy);
+    const prefix = path_1.default.join(opts.outdir, opts.name, 'verify');
+    const actualDir = path_1.default.resolve(prefix, dir);
+    const actualFile = path_1.default.resolve(prefix, `${deploy}.sql`);
+    fs_1.default.mkdirSync(actualDir, { recursive: true });
+    const sqlContent = opts.replacer(row.verify);
+    const content = opts.replacer(`-- Verify: ${deploy}
+
+${useTx ? 'BEGIN;' : ''}
+${sqlContent}
+${useTx ? 'COMMIT;' : ''}
+
+`);
+    fs_1.default.writeFileSync(actualFile, content);
+};
+/**
+ * Write a revert SQL file for a Sqitch change
+ */
+const writeRevert = (row, opts) => {
+    const globalOpts = (0, env_1.getEnvOptions)({
+        migrations: {
+            codegen: {
+                useTx: opts.useTx
+            }
+        }
+    });
+    const useTx = globalOpts.migrations.codegen.useTx;
+    const deploy = opts.replacer(row.deploy);
+    const dir = path_1.default.dirname(deploy);
+    const prefix = path_1.default.join(opts.outdir, opts.name, 'revert');
+    const actualDir = path_1.default.resolve(prefix, dir);
+    const actualFile = path_1.default.resolve(prefix, `${deploy}.sql`);
+    fs_1.default.mkdirSync(actualDir, { recursive: true });
+    const sqlContent = opts.replacer(row.revert);
+    const content = `-- Revert: ${deploy}
+
+${useTx ? 'BEGIN;' : ''}
+${sqlContent}
+${useTx ? 'COMMIT;' : ''}
+
+`;
+    fs_1.default.writeFileSync(actualFile, content);
+};

package/files/sql-scripts/index.d.ts

@@ -0,0 +1 @@
+export * from './reader';

package/files/sql-scripts/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Re-export all sql-scripts functionality
+__exportStar(require("./reader"), exports);

package/files/sql-scripts/reader.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Read a SQL script file, return empty string if not found
+ */
+export declare function readScript(basePath: string, scriptType: string, changeName: string): string;
+/**
+ * Check if a script file exists
+ */
+export declare function scriptExists(basePath: string, scriptType: string, changeName: string): boolean;

package/files/sql-scripts/reader.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readScript = readScript;
+exports.scriptExists = scriptExists;
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Read a SQL script file, return empty string if not found
+ */
+function readScript(basePath, scriptType, changeName) {
+    const scriptPath = (0, path_1.join)(basePath, scriptType, `${changeName}.sql`);
+    if (!(0, fs_1.existsSync)(scriptPath)) {
+        return '';
+    }
+    return (0, fs_1.readFileSync)(scriptPath, 'utf-8');
+}
+/**
+ * Check if a script file exists
+ */
+function scriptExists(basePath, scriptType, changeName) {
+    const scriptPath = (0, path_1.join)(basePath, scriptType, `${changeName}.sql`);
+    return (0, fs_1.existsSync)(scriptPath);
+}

package/files/types/index.d.ts

@@ -0,0 +1,46 @@
+export * from './package';
+export interface Change {
+    name: string;
+    dependencies: string[];
+    timestamp?: string;
+    planner?: string;
+    email?: string;
+    comment?: string;
+}
+export interface PlanFile {
+    package: string;
+    uri?: string;
+    changes: Change[];
+}
+export interface Tag {
+    name: string;
+    change: string;
+    timestamp?: string;
+    planner?: string;
+    email?: string;
+    comment?: string;
+}
+export interface ExtendedPlanFile extends PlanFile {
+    tags: Tag[];
+}
+export interface ParseError {
+    line: number;
+    message: string;
+}
+export interface ParseResult<T> {
+    data?: T;
+    errors: ParseError[];
+}
+export interface ResolvedReference {
+    type: 'change' | 'tag' | 'sha1' | 'relative';
+    target: string;
+    resolved?: string;
+}
+export interface SqitchRow {
+    deploy: string;
+    revert?: string;
+    verify?: string;
+    content: string;
+    deps?: string[];
+    name?: string;
+}

package/files/types/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./package"), exports);

package/files/types/package.d.ts

@@ -0,0 +1,20 @@
+export interface PackageAnalysisIssue {
+    code: string;
+    message: string;
+    file?: string;
+    fixable?: boolean;
+}
+export interface PackageAnalysisResult {
+    ok: boolean;
+    name: string;
+    path: string;
+    issues: PackageAnalysisIssue[];
+}
+export interface RenameOptions {
+    dryRun?: boolean;
+    syncPackageJsonName?: boolean;
+}
+export interface RenameResult {
+    changed: string[];
+    warnings: string[];
+}

package/files/types/package.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/index.d.ts

@@ -0,0 +1,21 @@
+export * from './core/class/pgpm';
+export * from './export/export-meta';
+export * from './export/export-migrations';
+export * from './extensions/extensions';
+export * from './modules/modules';
+export * from './packaging/package';
+export * from './packaging/transform';
+export * from './resolution/deps';
+export * from './resolution/resolve';
+export * from './workspace/paths';
+export * from './workspace/utils';
+export * from './core/template-scaffold';
+export * from './core/boilerplate-types';
+export * from './core/boilerplate-scanner';
+export * from './files';
+export { cleanSql } from './migrate/clean';
+export { PgpmMigrate } from './migrate/client';
+export { PgpmInit } from './init/client';
+export { DeployOptions, DeployResult, MigrateChange, MigratePlanFile, RevertOptions, RevertResult, StatusResult, VerifyOptions, VerifyResult } from './migrate/types';
+export { hashFile, hashString } from './migrate/utils/hash';
+export { executeQuery, TransactionContext, TransactionOptions, withTransaction } from './migrate/utils/transaction';

package/index.js

@@ -0,0 +1,45 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withTransaction = exports.executeQuery = exports.hashString = exports.hashFile = exports.PgpmInit = exports.PgpmMigrate = exports.cleanSql = void 0;
+__exportStar(require("./core/class/pgpm"), exports);
+__exportStar(require("./export/export-meta"), exports);
+__exportStar(require("./export/export-migrations"), exports);
+__exportStar(require("./extensions/extensions"), exports);
+__exportStar(require("./modules/modules"), exports);
+__exportStar(require("./packaging/package"), exports);
+__exportStar(require("./packaging/transform"), exports);
+__exportStar(require("./resolution/deps"), exports);
+__exportStar(require("./resolution/resolve"), exports);
+__exportStar(require("./workspace/paths"), exports);
+__exportStar(require("./workspace/utils"), exports);
+__exportStar(require("./core/template-scaffold"), exports);
+__exportStar(require("./core/boilerplate-types"), exports);
+__exportStar(require("./core/boilerplate-scanner"), exports);
+// Export package-files functionality (now integrated into core)
+__exportStar(require("./files"), exports);
+var clean_1 = require("./migrate/clean");
+Object.defineProperty(exports, "cleanSql", { enumerable: true, get: function () { return clean_1.cleanSql; } });
+var client_1 = require("./migrate/client");
+Object.defineProperty(exports, "PgpmMigrate", { enumerable: true, get: function () { return client_1.PgpmMigrate; } });
+var client_2 = require("./init/client");
+Object.defineProperty(exports, "PgpmInit", { enumerable: true, get: function () { return client_2.PgpmInit; } });
+var hash_1 = require("./migrate/utils/hash");
+Object.defineProperty(exports, "hashFile", { enumerable: true, get: function () { return hash_1.hashFile; } });
+Object.defineProperty(exports, "hashString", { enumerable: true, get: function () { return hash_1.hashString; } });
+var transaction_1 = require("./migrate/utils/transaction");
+Object.defineProperty(exports, "executeQuery", { enumerable: true, get: function () { return transaction_1.executeQuery; } });
+Object.defineProperty(exports, "withTransaction", { enumerable: true, get: function () { return transaction_1.withTransaction; } });

package/init/client.d.ts

@@ -0,0 +1,26 @@
+import { PgConfig } from 'pg-env';
+export declare class PgpmInit {
+    private pool;
+    private pgConfig;
+    constructor(config: PgConfig);
+    /**
+     * Bootstrap standard roles (anonymous, authenticated, administrator)
+     */
+    bootstrapRoles(): Promise<void>;
+    /**
+     * Bootstrap test roles (roles only, no users)
+     */
+    bootstrapTestRoles(): Promise<void>;
+    /**
+     * Bootstrap database roles with custom username and password
+     */
+    bootstrapDbRoles(username: string, password: string): Promise<void>;
+    /**
+     * Remove database roles and revoke grants
+     */
+    removeDbRoles(username: string): Promise<void>;
+    /**
+     * Close the database connection
+     */
+    close(): Promise<void>;
+}

package/init/client.js

@@ -0,0 +1,148 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PgpmInit = void 0;
+const logger_1 = require("@pgpmjs/logger");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const pg_cache_1 = require("pg-cache");
+const log = new logger_1.Logger('init');
+class PgpmInit {
+    pool;
+    pgConfig;
+    constructor(config) {
+        this.pgConfig = config;
+        this.pool = (0, pg_cache_1.getPgPool)(this.pgConfig);
+    }
+    /**
+     * Bootstrap standard roles (anonymous, authenticated, administrator)
+     */
+    async bootstrapRoles() {
+        try {
+            log.info('Bootstrapping PGPM roles...');
+            const sqlPath = (0, path_1.join)(__dirname, 'sql', 'bootstrap-roles.sql');
+            const sql = (0, fs_1.readFileSync)(sqlPath, 'utf-8');
+            await this.pool.query(sql);
+            log.success('Successfully bootstrapped PGPM roles');
+        }
+        catch (error) {
+            log.error('Failed to bootstrap roles:', error);
+            throw error;
+        }
+    }
+    /**
+     * Bootstrap test roles (roles only, no users)
+     */
+    async bootstrapTestRoles() {
+        try {
+            log.warn('WARNING: This command creates test roles and should NEVER be run on a production database!');
+            log.info('Bootstrapping PGPM test roles...');
+            const sqlPath = (0, path_1.join)(__dirname, 'sql', 'bootstrap-test-roles.sql');
+            const sql = (0, fs_1.readFileSync)(sqlPath, 'utf-8');
+            await this.pool.query(sql);
+            log.success('Successfully bootstrapped PGPM test roles');
+        }
+        catch (error) {
+            log.error('Failed to bootstrap test roles:', error);
+            throw error;
+        }
+    }
+    /**
+     * Bootstrap database roles with custom username and password
+     */
+    async bootstrapDbRoles(username, password) {
+        try {
+            log.info(`Bootstrapping PGPM database roles for user: ${username}...`);
+            const sql = `
+BEGIN;
+DO $do$
+DECLARE
+  v_username TEXT := '${username.replace(/'/g, "''")}';
+  v_password TEXT := '${password.replace(/'/g, "''")}';
+BEGIN
+  BEGIN
+    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', v_username, v_password);
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+END
+$do$;
+
+-- Robust GRANTs under concurrency: GRANT can race on pg_auth_members unique index.
+-- Catch unique_violation (23505) and continue so CI/CD concurrent jobs don't fail.
+DO $do$
+DECLARE
+  v_username TEXT := '${username.replace(/'/g, "''")}';
+BEGIN
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'anonymous', v_username);
+  EXCEPTION
+    WHEN unique_violation THEN
+      -- Membership was granted concurrently; ignore.
+      NULL;
+    WHEN undefined_object THEN
+      -- One of the roles doesn't exist yet; order operations as needed.
+      RAISE NOTICE 'Missing role when granting % to %', 'anonymous', v_username;
+  END;
+
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'authenticated', v_username);
+  EXCEPTION
+    WHEN unique_violation THEN
+      -- Membership was granted concurrently; ignore.
+      NULL;
+    WHEN undefined_object THEN
+      RAISE NOTICE 'Missing role when granting % to %', 'authenticated', v_username;
+  END;
+END
+$do$;
+COMMIT;
+      `;
+            await this.pool.query(sql);
+            log.success(`Successfully bootstrapped PGPM database roles for user: ${username}`);
+        }
+        catch (error) {
+            log.error(`Failed to bootstrap database roles for user ${username}:`, error);
+            throw error;
+        }
+    }
+    /**
+     * Remove database roles and revoke grants
+     */
+    async removeDbRoles(username) {
+        try {
+            log.info(`Removing PGPM database roles for user: ${username}...`);
+            const sql = `
+BEGIN;
+DO $do$
+BEGIN
+    IF EXISTS (
+        SELECT 1
+        FROM
+            pg_catalog.pg_roles
+        WHERE
+            rolname = '${username}') THEN
+    REVOKE anonymous FROM ${username};
+    REVOKE authenticated FROM ${username};
+    DROP ROLE ${username};
+END IF;
+END
+$do$;
+COMMIT;
+      `;
+            await this.pool.query(sql);
+            log.success(`Successfully removed PGPM database roles for user: ${username}`);
+        }
+        catch (error) {
+            log.error(`Failed to remove database roles for user ${username}:`, error);
+            throw error;
+        }
+    }
+    /**
+     * Close the database connection
+     */
+    async close() {
+    }
+}
+exports.PgpmInit = PgpmInit;

package/init/sql/bootstrap-roles.sql

@@ -0,0 +1,55 @@
+BEGIN;
+DO $do$
+BEGIN
+  -- anonymous
+  BEGIN
+    EXECUTE format('CREATE ROLE %I', 'anonymous');
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+  
+  -- authenticated
+  BEGIN
+    EXECUTE format('CREATE ROLE %I', 'authenticated');
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+  
+  -- administrator
+  BEGIN
+    EXECUTE format('CREATE ROLE %I', 'administrator');
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+END
+$do$;
+
+-- Set role attributes (safe to run even if role already exists)
+ALTER USER anonymous WITH NOCREATEDB;
+ALTER USER anonymous WITH NOSUPERUSER;
+ALTER USER anonymous WITH NOCREATEROLE;
+ALTER USER anonymous WITH NOLOGIN;
+ALTER USER anonymous WITH NOREPLICATION;
+ALTER USER anonymous WITH NOBYPASSRLS;
+
+ALTER USER authenticated WITH NOCREATEDB;
+ALTER USER authenticated WITH NOSUPERUSER;
+ALTER USER authenticated WITH NOCREATEROLE;
+ALTER USER authenticated WITH NOLOGIN;
+ALTER USER authenticated WITH NOREPLICATION;
+ALTER USER authenticated WITH NOBYPASSRLS;
+
+ALTER USER administrator WITH NOCREATEDB;
+ALTER USER administrator WITH NOSUPERUSER;
+ALTER USER administrator WITH NOCREATEROLE;
+ALTER USER administrator WITH NOLOGIN;
+ALTER USER administrator WITH NOREPLICATION;
+-- they CAN bypass RLS
+ALTER USER administrator WITH BYPASSRLS;
+COMMIT;

package/init/sql/bootstrap-test-roles.sql

@@ -0,0 +1,72 @@
+BEGIN;
+DO $do$
+BEGIN
+  BEGIN
+    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', 'app_user', 'app_password');
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+  
+  BEGIN
+    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', 'app_admin', 'admin_password');
+  EXCEPTION
+    WHEN duplicate_object THEN
+      -- Role already exists; optionally sync attributes here with ALTER ROLE
+      NULL;
+  END;
+END
+$do$;
+
+DO $do$
+BEGIN
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'anonymous', 'app_user');
+  EXCEPTION
+    WHEN unique_violation THEN
+      -- Membership was granted concurrently; ignore.
+      NULL;
+    WHEN undefined_object THEN
+      -- One of the roles doesn't exist yet; order operations as needed.
+      RAISE NOTICE 'Missing role when granting % to %', 'anonymous', 'app_user';
+  END;
+
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'authenticated', 'app_user');
+  EXCEPTION
+    WHEN unique_violation THEN
+      NULL;
+    WHEN undefined_object THEN
+      RAISE NOTICE 'Missing role when granting % to %', 'authenticated', 'app_user';
+  END;
+
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'anonymous', 'administrator');
+  EXCEPTION
+    WHEN unique_violation THEN
+      NULL;
+    WHEN undefined_object THEN
+      RAISE NOTICE 'Missing role when granting % to %', 'anonymous', 'administrator';
+  END;
+
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'authenticated', 'administrator');
+  EXCEPTION
+    WHEN unique_violation THEN
+      NULL;
+    WHEN undefined_object THEN
+      RAISE NOTICE 'Missing role when granting % to %', 'authenticated', 'administrator';
+  END;
+
+  BEGIN
+    EXECUTE format('GRANT %I TO %I', 'administrator', 'app_admin');
+  EXCEPTION
+    WHEN unique_violation THEN
+      NULL;
+    WHEN undefined_object THEN
+      RAISE NOTICE 'Missing role when granting % to %', 'administrator', 'app_admin';
+  END;
+END
+$do$;
+COMMIT;

package/migrate/clean.d.ts

@@ -0,0 +1 @@
+export declare const cleanSql: (sql: string, pretty: boolean, functionDelimiter: string) => Promise<string>;