@pikku/cli 0.12.26 → 0.12.28

package/dist/src/functions/commands/tests-coverage.js

@@ -111,8 +111,8 @@ export const pikkuTestsCoverage = pikkuSessionlessFunc({
             logger.error(`Verbose metadata not found at ${verboseMetaPath}. Run 'pikku all' first.`);
             process.exit(1);
         }
-        const coverageFinal = join(functionsDir, 'coverage', 'coverage-final.json');
-        const outDir = join(ftestDir, 'coverage');
+        const coverageFinal = join(functionsDir, '.coverage', 'coverage-final.json');
+        const outDir = join(ftestDir, '.coverage');
         const outFile = join(outDir, 'function-coverage.json');
         if (!noRun) {
             const findBin = (name, searchFrom) => {
@@ -153,6 +153,8 @@ export const pikkuTestsCoverage = pikkuSessionlessFunc({
                 'src',
                 '--include',
                 'src/**',
+                '--report-dir',
+                '.coverage',
                 '--reporter',
                 'json',
                 '--reporter',

package/dist/src/functions/db/annotation-parser.d.ts

@@ -1,5 +1,5 @@
 import type { ColumnKind } from './coercion-plugin.js';
-type Classification = 'public' | 'private' | 'secret';
+type Classification = 'public' | 'private' | 'pii' | 'secret';
 type AnonymizeStrategy = 'fake:email' | 'fake:name' | 'hash' | 'keep' | null;
 export interface ColAnnotation {
     kind?: ColumnKind;
@@ -19,13 +19,13 @@ export declare function annotationFromName(colName: string): {
     kind: ColumnKind;
 } | null;
 /**
- * Parse `-- @bool | @date | @json [TsType] | @public | @private[:strategy] | @secret[:strategy]`
+ * Parse `-- @bool | @date | @json [TsType] | @public | @private[:strategy] | @pii[:strategy] | @secret[:strategy]`
  * inline annotations from migration SQL files in `migrationsDir`.
- *
- * Multiple annotations on the same comment line are supported, e.g.:
- *   `deleted_at TIMESTAMP -- @date @private:keep`
- *
- * Covers both CREATE TABLE body lines and ALTER TABLE ... ADD [COLUMN] statements.
  */
 export declare function parseAnnotations(migrationsDir: string): AnnotationMap;
+/**
+ * Load annotations for a project. Tries `db/annotations.ts` sidecar first;
+ * falls back to SQL comment parsing from `migrationsDir` if not found.
+ */
+export declare function loadAnnotations(rootDir: string, migrationsDir?: string): AnnotationMap;
 export {};

package/dist/src/functions/db/annotation-parser.js

@@ -1,4 +1,4 @@
-import { readFileSync, readdirSync } from 'node:fs';
+import { readFileSync, readdirSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
 /**
  * Determine column kind from naming conventions:
@@ -12,11 +12,51 @@ export function annotationFromName(colName) {
         return { kind: 'bool' };
     return null;
 }
+// ── Load from db/annotations.gen.json sidecar ────────────────────────────────
+/**
+ * Try to load annotations from a `db/annotations.gen.json` sidecar generated
+ * by `yarn db:types`. Returns null if the file doesn't exist.
+ *
+ * The JSON file uses snake_case keys (raw DB names) so it can be read
+ * directly without any conversion. It is emitted by bin/db-classify.ts.
+ */
+function loadAnnotationsSidecar(rootDir) {
+    const jsonPath = join(rootDir, 'db', 'annotations.gen.json');
+    if (!existsSync(jsonPath))
+        return null;
+    try {
+        const raw = JSON.parse(readFileSync(jsonPath, 'utf8'));
+        const result = {};
+        for (const [table, cols] of Object.entries(raw)) {
+            result[table] = {};
+            for (const [col, ann] of Object.entries(cols)) {
+                if (!ann)
+                    continue;
+                const entry = {};
+                if (ann.kind === 'bool' || ann.kind === 'date' || ann.kind === 'json')
+                    entry.kind = ann.kind;
+                if (ann.tsType)
+                    entry.tsType = ann.tsType;
+                const vis = ann.visibility;
+                if (vis === 'public' || vis === 'private' || vis === 'secret')
+                    entry.classification = vis;
+                result[table][col] = entry;
+            }
+        }
+        return result;
+    }
+    catch {
+        return null;
+    }
+}
+// ── SQL comment parsing (fallback) ───────────────────────────────────────────
 function parseStrategy(s) {
     if (!s)
         return null;
     const valid = ['fake:email', 'fake:name', 'hash', 'keep'];
-    return valid.includes(s) ? s : null;
+    return valid.includes(s)
+        ? s
+        : null;
 }
 function parseComment(comment) {
     const ann = {};
@@ -34,26 +74,25 @@ function parseComment(comment) {
                 ann.tsType = jsonM[1].trim();
         }
     }
-    const classM = comment.match(/@(public|private|secret)(?::([^\s@]+))?/i);
+    const classM = comment.match(/@(public|private|pii|secret)(?::([^\s@]+))?/i);
     if (classM) {
         ann.classification = classM[1].toLowerCase();
-        ann.anonymize = parseStrategy(classM[2]);
+        const strategy = parseStrategy(classM[2]);
+        if (strategy !== null)
+            ann.anonymize = strategy;
     }
     return ann;
 }
 /**
- * Parse `-- @bool | @date | @json [TsType] | @public | @private[:strategy] | @secret[:strategy]`
+ * Parse `-- @bool | @date | @json [TsType] | @public | @private[:strategy] | @pii[:strategy] | @secret[:strategy]`
  * inline annotations from migration SQL files in `migrationsDir`.
- *
- * Multiple annotations on the same comment line are supported, e.g.:
- *   `deleted_at TIMESTAMP -- @date @private:keep`
- *
- * Covers both CREATE TABLE body lines and ALTER TABLE ... ADD [COLUMN] statements.
  */
 export function parseAnnotations(migrationsDir) {
     let files;
     try {
-        files = readdirSync(migrationsDir).filter((f) => f.endsWith('.sql')).sort();
+        files = readdirSync(migrationsDir)
+            .filter((f) => f.endsWith('.sql'))
+            .sort();
     }
     catch {
         return {};
@@ -91,3 +130,14 @@ export function parseAnnotations(migrationsDir) {
     }
     return result;
 }
+// ── Public entry point ────────────────────────────────────────────────────────
+/**
+ * Load annotations for a project. Tries `db/annotations.ts` sidecar first;
+ * falls back to SQL comment parsing from `migrationsDir` if not found.
+ */
+export function loadAnnotations(rootDir, migrationsDir) {
+    const sidecar = loadAnnotationsSidecar(rootDir);
+    if (sidecar)
+        return sidecar;
+    return migrationsDir ? parseAnnotations(migrationsDir) : {};
+}

package/dist/src/functions/db/db-codegen.d.ts

@@ -3,16 +3,20 @@ export interface CodegenOptions {
     outFile: string;
     coercionFile: string;
     manifestFile?: string;
+    classificationMapFile?: string;
     camelCase?: boolean;
+    rootDir?: string;
     migrationsDir?: string;
 }
 export interface CodegenResult {
     outFile: string;
     coercionFile: string;
     manifestFile?: string;
+    classificationMapFile?: string;
     written: boolean;
     coercionWritten: boolean;
     manifestWritten: boolean;
+    classificationMapWritten: boolean;
     tables: string[];
 }
 /**

package/dist/src/functions/db/db-codegen.js

@@ -1,6 +1,6 @@
 import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
 import { dirname } from 'node:path';
-import { parseAnnotations, annotationFromName, } from './annotation-parser.js';
+import { loadAnnotations, parseAnnotations, annotationFromName, } from './annotation-parser.js';
 // ─── Name helpers ─────────────────────────────────────────────────────────────
 function snakeToPascal(name) {
     return name
@@ -23,7 +23,9 @@ function mapType(sqlType) {
         return 'string';
     if (upper.includes('BLOB') || upper === 'BYTEA')
         return 'Buffer';
-    if (upper.includes('REAL') || upper.includes('FLOA') || upper.includes('DOUB'))
+    if (upper.includes('REAL') ||
+        upper.includes('FLOA') ||
+        upper.includes('DOUB'))
         return 'number';
     if (upper.includes('NUMERIC') || upper.includes('DECIMAL'))
         return 'number';
@@ -88,7 +90,11 @@ function columnTypeExpression(col, annotation, classification) {
             return `Generated<${base}${nullable ? ' | null' : ''}>`;
         return nullable ? `${base} | null` : base;
     }
-    const B = classification === 'secret' ? 'Secret' : 'Private';
+    const B = classification === 'secret'
+        ? 'Secret'
+        : classification === 'pii'
+            ? 'Pii'
+            : 'Private';
     const sBase = selectBase(annotation, col);
     const iBase = insertBase(annotation, col);
     const selectT = nullable ? `${B}<${sBase}> | null` : `${B}<${sBase}>`;
@@ -98,9 +104,14 @@ function columnTypeExpression(col, annotation, classification) {
     const updateT = nullable ? `${iBase} | null` : iBase;
     return `ColumnType<${selectT}, ${insertT}, ${updateT}>`;
 }
+/** Strip optional schema prefix (e.g. "app.user" → "user"). */
+function bareTableName(name) {
+    const dot = name.indexOf('.');
+    return dot >= 0 ? name.slice(dot + 1) : name;
+}
 function emitInterface(table, camelCase, explicitAnnotations) {
     const ifaceName = snakeToPascal(table.name);
-    const tableCols = explicitAnnotations[table.name] ?? {};
+    const tableCols = explicitAnnotations[bareTableName(table.name)] ?? {};
     const fields = table.columns
         .map((col) => {
         const fieldName = camelCase ? snakeToCamel(col.name) : col.name;
@@ -122,7 +133,7 @@ function emitInterface(table, camelCase, explicitAnnotations) {
 function emitManifest(tables, explicitAnnotations) {
     const tableEntries = tables
         .map((table) => {
-        const tableCols = explicitAnnotations[table.name] ?? {};
+        const tableCols = explicitAnnotations[bareTableName(table.name)] ?? {};
         const colEntries = table.columns
             .map((col) => {
             const ann = tableCols[col.name];
@@ -149,6 +160,63 @@ function emitManifest(tables, explicitAnnotations) {
         ``,
     ].join('\n');
 }
+// ─── Classification map type emitter ─────────────────────────────────────────
+/**
+ * Emits a `DbClassificationMap` type declaration that the developer's
+ * hand-authored `db/classifications.ts` must satisfy. Every table and column
+ * present in the current schema appears as a required key — TypeScript will
+ * flag added or removed columns.
+ */
+function emitClassificationMap(tables) {
+    const colEntry = `  security: 'public' | 'private' | 'pii' | 'secret' | 'encrypted'\n  classification?: 'fake:email' | 'fake:name' | 'hash' | 'keep'\n  description?: string`;
+    // Group tables by schema (for postgres schema.table names)
+    const schemaMap = new Map();
+    for (const table of tables) {
+        const dot = table.name.indexOf('.');
+        const schema = dot >= 0 ? table.name.slice(0, dot) : '';
+        const bare = dot >= 0 ? table.name.slice(dot + 1) : table.name;
+        if (!schemaMap.has(schema))
+            schemaMap.set(schema, new Map());
+        schemaMap.get(schema).set(bare, table.columns.map((c) => c.name));
+    }
+    const lines = [
+        `// Generated by @pikku/cli — do not edit by hand.`,
+        `// Run \`pikku db migrate\` to refresh.`,
+        `// Use this type in db/classifications.ts:`,
+        `//   import type { DbClassificationMap } from './.pikku/db/classification-map.gen.d.ts'`,
+        `//   export const classifications = { ... } satisfies DbClassificationMap`,
+        ``,
+        `export type ColumnEntry = {`,
+        `${colEntry}`,
+        `}`,
+        ``,
+        `export type DbClassificationMap = {`,
+    ];
+    for (const [schema, tables] of schemaMap) {
+        if (schema) {
+            lines.push(`  ${JSON.stringify(schema)}: {`);
+            for (const [table, cols] of tables) {
+                lines.push(`    ${JSON.stringify(table)}: {`);
+                for (const col of cols) {
+                    lines.push(`      ${JSON.stringify(col)}: ColumnEntry`);
+                }
+                lines.push(`    }`);
+            }
+            lines.push(`  }`);
+        }
+        else {
+            for (const [table, cols] of tables) {
+                lines.push(`  ${JSON.stringify(table)}: {`);
+                for (const col of cols) {
+                    lines.push(`    ${JSON.stringify(col)}: ColumnEntry`);
+                }
+                lines.push(`  }`);
+            }
+        }
+    }
+    lines.push(`}`, ``);
+    return lines.join('\n');
+}
 /**
  * Introspect `introspector` and emit:
  *   - `schema.d.ts`            Kysely DB type with classification brands
@@ -162,9 +230,11 @@ export async function generateSchemaTypes(introspector, options) {
         name,
         columns: await introspector.getColumns(name),
     })));
-    const explicitAnnotations = options.migrationsDir
-        ? parseAnnotations(options.migrationsDir)
-        : {};
+    const explicitAnnotations = options.rootDir
+        ? loadAnnotations(options.rootDir, options.migrationsDir)
+        : options.migrationsDir
+            ? parseAnnotations(options.migrationsDir)
+            : {};
     // ── schema.d.ts ─────────────────────────────────────────────────────────────
     const interfaces = tables
         .map((t) => emitInterface(t, camelCase, explicitAnnotations))
@@ -188,8 +258,9 @@ export async function generateSchemaTypes(introspector, options) {
         `  ? ColumnType<S, I | undefined, U>`,
         `  : ColumnType<T, T | undefined, T>`,
         ``,
-        `export type Private<T> = T & { readonly __pii__: 'private' }`,
-        `export type Secret<T> = T & { readonly __pii__: 'secret' }`,
+        `export type Private<T> = T & { readonly __classification__: 'private' }`,
+        `export type Pii<T> = T & { readonly __classification__: 'pii' }`,
+        `export type Secret<T> = T & { readonly __classification__: 'secret' }`,
         ``,
         interfaces,
         ``,
@@ -201,7 +272,7 @@ export async function generateSchemaTypes(introspector, options) {
     // ── coercion.gen.ts ──────────────────────────────────────────────────────────
     const coercionMap = {};
     for (const table of tables) {
-        const tableCols = explicitAnnotations[table.name] ?? {};
+        const tableCols = explicitAnnotations[bareTableName(table.name)] ?? {};
         for (const col of table.columns) {
             const sqlAnn = tableCols[col.name];
             const kind = sqlAnn?.kind ?? annotationFromName(col.name)?.kind;
@@ -230,28 +301,51 @@ export async function generateSchemaTypes(introspector, options) {
         ``,
     ].join('\n');
     // ── classification.gen.ts ───────────────────────────────────────────────────
-    const manifestBody = options.manifestFile ? emitManifest(tables, explicitAnnotations) : null;
+    const manifestBody = options.manifestFile
+        ? emitManifest(tables, explicitAnnotations)
+        : null;
+    // ── classification-map.gen.d.ts ──────────────────────────────────────────────
+    const classificationMapBody = options.classificationMapFile
+        ? emitClassificationMap(tables)
+        : null;
     // ── write files ───────────────────────────────────────────────────────────────
     let existingSchema = null;
     let existingCoercion = null;
     let existingManifest = null;
+    let existingClassificationMap = null;
     try {
         existingSchema = readFileSync(options.outFile, 'utf8');
     }
-    catch { /* ok */ }
+    catch {
+        /* ok */
+    }
     try {
         existingCoercion = readFileSync(options.coercionFile, 'utf8');
     }
-    catch { /* ok */ }
+    catch {
+        /* ok */
+    }
     if (options.manifestFile) {
         try {
             existingManifest = readFileSync(options.manifestFile, 'utf8');
         }
-        catch { /* ok */ }
+        catch {
+            /* ok */
+        }
+    }
+    if (options.classificationMapFile) {
+        try {
+            existingClassificationMap = readFileSync(options.classificationMapFile, 'utf8');
+        }
+        catch {
+            /* ok */
+        }
     }
     const schemaChanged = existingSchema !== schemaBody;
     const coercionChanged = existingCoercion !== coercionBody;
     const manifestChanged = manifestBody !== null && existingManifest !== manifestBody;
+    const classificationMapChanged = classificationMapBody !== null &&
+        existingClassificationMap !== classificationMapBody;
     if (schemaChanged) {
         mkdirSync(dirname(options.outFile), { recursive: true });
         writeFileSync(options.outFile, schemaBody, 'utf8');
@@ -264,13 +358,21 @@ export async function generateSchemaTypes(introspector, options) {
         mkdirSync(dirname(options.manifestFile), { recursive: true });
         writeFileSync(options.manifestFile, manifestBody, 'utf8');
     }
+    if (classificationMapChanged &&
+        options.classificationMapFile &&
+        classificationMapBody) {
+        mkdirSync(dirname(options.classificationMapFile), { recursive: true });
+        writeFileSync(options.classificationMapFile, classificationMapBody, 'utf8');
+    }
     return {
         outFile: options.outFile,
         coercionFile: options.coercionFile,
         manifestFile: options.manifestFile,
+        classificationMapFile: options.classificationMapFile,
         written: schemaChanged,
         coercionWritten: coercionChanged,
         manifestWritten: manifestChanged,
+        classificationMapWritten: classificationMapChanged,
         tables: tables.map((t) => t.name),
     };
 }

package/dist/src/functions/db/local-db.d.ts

@@ -5,10 +5,14 @@ import { type ZodCodegenResult } from './zod-codegen.js';
 import { type SeedResult } from './sqlite/seed.js';
 import type { UserConfigShape } from '../commands/db-shared.js';
 interface ResolvedDbBase {
+    rootDir: string;
     migrationsDir: string;
     schemaFile: string;
     coercionFile: string;
     manifestFile: string;
+    classificationMapFile: string;
+    classificationsFile: string;
+    classificationsGenJsonFile: string;
     zodFile: string;
     camelCase: boolean;
 }
@@ -34,6 +38,8 @@ export interface MigrateAndCodegenOutcome {
     migrate: MigrateResult;
     codegen: CodegenResult;
     zod: ZodCodegenResult;
+    classificationsScaffolded: boolean;
+    classificationsJsonWritten: boolean;
 }
 export declare function migrateAndCodegen(resolved: ResolvedDb): Promise<MigrateAndCodegenOutcome>;
 export declare function seed(resolved: ResolvedSqliteDb): Promise<SeedResult>;

package/dist/src/functions/db/local-db.js

@@ -1,5 +1,8 @@
-import { existsSync, mkdirSync, rmSync } from 'node:fs';
+import { existsSync, mkdirSync, rmSync, writeFileSync, readFileSync, } from 'node:fs';
 import { resolve, isAbsolute, relative, dirname, join } from 'node:path';
+import { execSync } from 'node:child_process';
+import { createRequire } from 'node:module';
+import { fileURLToPath } from 'node:url';
 import { migrate } from './db-migrator.js';
 import { generateSchemaTypes } from './db-codegen.js';
 import { generateZodTypes } from './zod-codegen.js';
@@ -18,10 +21,14 @@ import { PostgresIntrospector } from './postgres/postgres-introspector.js';
  */
 export function resolveDb(userConfig, rootDir, outDir, runtimeDir) {
     const base = (sub) => ({
+        rootDir,
         migrationsDir: resolveAgainst(rootDir, sub),
         schemaFile: join(outDir, 'db', 'schema.d.ts'),
         coercionFile: join(outDir, 'db', 'coercion.gen.ts'),
         manifestFile: join(outDir, 'db', 'classification.gen.ts'),
+        classificationMapFile: join(outDir, 'db', 'classification-map.gen.d.ts'),
+        classificationsFile: join(rootDir, 'db', 'annotations.ts'),
+        classificationsGenJsonFile: join(outDir, 'db', 'annotations.gen.json'),
         zodFile: join(outDir, 'db', 'zod.gen.ts'),
         camelCase: true,
     });
@@ -43,7 +50,7 @@ export function resolveDb(userConfig, rootDir, outDir, runtimeDir) {
             dialect: 'sqlite',
             dbFile: resolveAgainst(rootDir, userConfig.sqliteDb),
             runtimeDir: resolvedRuntimeDir,
-            seedFile: resolveAgainst(rootDir, 'db/seed.sql'),
+            seedFile: resolveAgainst(rootDir, 'db/sqlite-seed.sql'),
             ...base('db/sqlite'),
         };
     }
@@ -60,61 +67,71 @@ function resolveAgainst(root, p) {
     return isAbsolute(p) ? p : resolve(root, p);
 }
 export async function migrateAndCodegen(resolved) {
+    let migrateResult;
+    let codegenResult;
     if (resolved.dialect === 'sqlite') {
         mkdirSync(dirname(resolved.dbFile), { recursive: true });
         const runtime = await loadSqliteRuntime();
         const db = runtime.open(resolved.dbFile);
         try {
             const executor = new SqliteMigrationExecutor(db);
-            const migrateResult = await migrate(executor, resolved.migrationsDir);
+            migrateResult = await migrate(executor, resolved.migrationsDir);
             const introspector = new SqliteIntrospector(db);
-            const codegenResult = await generateSchemaTypes(introspector, {
+            codegenResult = await generateSchemaTypes(introspector, {
                 outFile: resolved.schemaFile,
                 coercionFile: resolved.coercionFile,
                 manifestFile: resolved.manifestFile,
+                classificationMapFile: resolved.classificationMapFile,
                 camelCase: resolved.camelCase,
+                rootDir: resolved.rootDir,
                 migrationsDir: resolved.migrationsDir,
             });
-            const zodResult = generateZodTypes({
-                schemaFile: resolved.schemaFile,
-                outFile: resolved.zodFile,
-            });
-            return { migrate: migrateResult, codegen: codegenResult, zod: zodResult };
         }
         finally {
             db.close();
         }
     }
-    // Postgres
-    const introspector = new PostgresIntrospector(resolved.connectionString);
-    await introspector.connect();
-    try {
-        const { Client } = await import('pg');
-        const client = new Client({ connectionString: resolved.connectionString });
-        await client.connect();
+    else {
+        // Postgres
+        const introspector = new PostgresIntrospector(resolved.connectionString);
+        await introspector.connect();
         try {
-            const executor = new PostgresMigrationExecutor(client);
-            const migrateResult = await migrate(executor, resolved.migrationsDir);
-            const codegenResult = await generateSchemaTypes(introspector, {
-                outFile: resolved.schemaFile,
-                coercionFile: resolved.coercionFile,
-                manifestFile: resolved.manifestFile,
-                camelCase: resolved.camelCase,
-                migrationsDir: resolved.migrationsDir,
-            });
-            const zodResult = generateZodTypes({
-                schemaFile: resolved.schemaFile,
-                outFile: resolved.zodFile,
-            });
-            return { migrate: migrateResult, codegen: codegenResult, zod: zodResult };
+            const { Client } = await import('pg');
+            const client = new Client({ connectionString: resolved.connectionString });
+            await client.connect();
+            try {
+                const executor = new PostgresMigrationExecutor(client);
+                migrateResult = await migrate(executor, resolved.migrationsDir);
+                codegenResult = await generateSchemaTypes(introspector, {
+                    outFile: resolved.schemaFile,
+                    coercionFile: resolved.coercionFile,
+                    manifestFile: resolved.manifestFile,
+                    classificationMapFile: resolved.classificationMapFile,
+                    camelCase: resolved.camelCase,
+                    migrationsDir: resolved.migrationsDir,
+                });
+            }
+            finally {
+                await client.end();
+            }
         }
         finally {
-            await client.end();
+            await introspector.close();
         }
     }
-    finally {
-        await introspector.close();
-    }
+    const zodResult = generateZodTypes({
+        schemaFile: resolved.schemaFile,
+        outFile: resolved.zodFile,
+    });
+    // ── Classifications step ──────────────────────────────────────────────────
+    const { scaffolded, jsonWritten } = syncClassifications(resolved.classificationsFile, resolved.classificationsGenJsonFile, codegenResult.tables);
+    return {
+        migrate: migrateResult,
+        codegen: codegenResult,
+        zod: zodResult,
+        classificationsScaffolded: scaffolded,
+        classificationsJsonWritten: jsonWritten,
+    };
 }
 // ─── SQLite-only operations ───────────────────────────────────────────────────
 export async function seed(resolved) {
@@ -139,6 +156,89 @@ export function reset(resolved, rootDir) {
         rmSync(resolved.dbFile);
     }
 }
+// ── Classification sync ───────────────────────────────────────────────────────
+/**
+ * Loads `db/classifications.ts` via tsx, serialises it to
+ * `.pikku/db/classifications.gen.json` for runtime consumption (console, etc.).
+ *
+ * If `db/classifications.ts` doesn't exist yet, writes a scaffold with every
+ * table defaulting to `private` so the developer has a starting point.
+ */
+function syncClassifications(classificationsFile, genJsonFile, tableNames) {
+    let scaffolded = false;
+    if (!existsSync(classificationsFile)) {
+        const relMap = join(dirname(classificationsFile), '..', '.pikku', 'db', 'classification-map.gen.d.ts');
+        const relMapPosix = relMap.replace(/\\/g, '/');
+        const groups = new Map();
+        for (const name of tableNames) {
+            const dot = name.indexOf('.');
+            const schema = dot >= 0 ? name.slice(0, dot) : '';
+            const table = dot >= 0 ? name.slice(dot + 1) : name;
+            if (!groups.has(schema))
+                groups.set(schema, []);
+            groups.get(schema).push(table);
+        }
+        const bodyLines = [
+            `import type { DbClassificationMap } from '${relMapPosix}'`,
+            ``,
+            `export const classifications = {`,
+        ];
+        for (const [schema, tables] of groups) {
+            if (schema)
+                bodyLines.push(`  ${JSON.stringify(schema)}: {`);
+            for (const table of tables) {
+                bodyLines.push(schema
+                    ? `    ${JSON.stringify(table)}: {`
+                    : `  ${JSON.stringify(table)}: {`);
+                bodyLines.push(schema ? `    },` : `  },`);
+            }
+            if (schema)
+                bodyLines.push(`  },`);
+        }
+        bodyLines.push(`} satisfies DbClassificationMap`, ``);
+        mkdirSync(dirname(classificationsFile), { recursive: true });
+        writeFileSync(classificationsFile, bodyLines.join('\n'), 'utf8');
+        scaffolded = true;
+    }
+    // Resolve tsx from the CLI package's own node_modules so it works regardless
+    // of whether the user's project has tsx installed.
+    const _require = createRequire(fileURLToPath(import.meta.url));
+    let tsxEsmPath = null;
+    try {
+        tsxEsmPath = _require.resolve('tsx/esm');
+    }
+    catch {
+        // tsx not bundled with this CLI install — skip JSON emit
+    }
+    const script = [
+        `import * as mod from ${JSON.stringify(classificationsFile)}`,
+        `const val = Object.values(mod)[0]`,
+        `process.stdout.write(JSON.stringify(val))`,
+    ].join('\n');
+    let jsonWritten = false;
+    if (tsxEsmPath) {
+        try {
+            const json = execSync(`node --import ${JSON.stringify(tsxEsmPath)} --input-type=module`, {
+                input: script,
+                encoding: 'utf8',
+                stdio: ['pipe', 'pipe', 'pipe'],
+            });
+            const existing = existsSync(genJsonFile)
+                ? readFileSync(genJsonFile, 'utf8')
+                : null;
+            const next = JSON.stringify(JSON.parse(json), null, 2) + '\n';
+            if (existing !== next) {
+                mkdirSync(dirname(genJsonFile), { recursive: true });
+                writeFileSync(genJsonFile, next, 'utf8');
+                jsonWritten = true;
+            }
+        }
+        catch {
+            // annotations file has syntax errors — skip JSON emit
+        }
+    }
+    return { scaffolded, jsonWritten };
+}
 export async function createKysely(resolved) {
     mkdirSync(dirname(resolved.dbFile), { recursive: true });
     const runtime = await loadSqliteRuntime();