@pikku/kysely 0.12.2 → 0.12.3

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 ## 0.12.0
 
+## 0.12.3
+
+### Patch Changes
+
+- 32ed003: Add envelope encryption utilities and database-backed secret services with KEK rotation support
+- 387b2ee: Add error_message column to agent run storage and queries
+- b2b0af9: Migrate all consumers from @pikku/pg to @pikku/kysely and remove the @pikku/pg package
+- c7ff141: Add WorkflowVersionStatus type with draft→active lifecycle for AI-generated workflows, type all DB status fields with proper unions instead of plain strings
+- Updated dependencies [387b2ee]
+- Updated dependencies [32ed003]
+- Updated dependencies [7d369f3]
+- Updated dependencies [508a796]
+- Updated dependencies [ffe83af]
+- Updated dependencies [c7ff141]
+  - @pikku/core@0.12.3
+
 ## 0.12.2
 
 ### Patch Changes

package/dist/src/index.d.ts

@@ -1,4 +1,3 @@
-export { PikkuKysely } from './pikku-kysely.js';
 export { KyselyChannelStore } from './kysely-channel-store.js';
 export { KyselyEventHubStore } from './kysely-eventhub-store.js';
 export { KyselyWorkflowService } from './kysely-workflow-service.js';
@@ -6,6 +5,8 @@ export { KyselyWorkflowRunService } from './kysely-workflow-run-service.js';
 export { KyselyDeploymentService } from './kysely-deployment-service.js';
 export { KyselyAIStorageService } from './kysely-ai-storage-service.js';
 export { KyselyAgentRunService } from './kysely-agent-run-service.js';
+export { KyselySecretService } from './kysely-secret-service.js';
+export type { KyselySecretServiceConfig } from './kysely-secret-service.js';
 export type { KyselyPikkuDB } from './kysely-tables.js';
 export type { WorkflowRunService } from '@pikku/core/workflow';
 export type { AgentRunService, AgentRunRow } from '@pikku/core/ai-agent';

package/dist/src/index.js

@@ -1,4 +1,3 @@
-export { PikkuKysely } from './pikku-kysely.js';
 export { KyselyChannelStore } from './kysely-channel-store.js';
 export { KyselyEventHubStore } from './kysely-eventhub-store.js';
 export { KyselyWorkflowService } from './kysely-workflow-service.js';
@@ -6,3 +5,4 @@ export { KyselyWorkflowRunService } from './kysely-workflow-run-service.js';
 export { KyselyDeploymentService } from './kysely-deployment-service.js';
 export { KyselyAIStorageService } from './kysely-ai-storage-service.js';
 export { KyselyAgentRunService } from './kysely-agent-run-service.js';
+export { KyselySecretService } from './kysely-secret-service.js';

package/dist/src/kysely-agent-run-service.js

@@ -113,6 +113,7 @@ export class KyselyAgentRunService {
             'thread_id',
             'resource_id',
             'status',
+            'error_message',
             'suspend_reason',
             'missing_rpcs',
             'usage_input_tokens',
@@ -159,6 +160,7 @@ export class KyselyAgentRunService {
             threadId: row.thread_id,
             resourceId: row.resource_id,
             status: row.status,
+            errorMessage: row.error_message ?? undefined,
             suspendReason: row.suspend_reason ?? undefined,
             missingRpcs: parseJson(row.missing_rpcs),
             usageInputTokens: Number(row.usage_input_tokens),

package/dist/src/kysely-ai-storage-service.js

@@ -11,9 +11,14 @@ export class KyselyAIStorageService {
             await builder.execute();
         }
         catch (e) {
-            // Ignore "index already exists" errors (MySQL doesn't support IF NOT EXISTS for indexes)
+            // Ignore "index already exists" errors across databases
+            // MySQL: ER_DUP_KEYNAME, Postgres: 42P07, SQLite: "already exists"
             if (e?.code === 'ER_DUP_KEYNAME' || e?.errno === 1061)
                 return;
+            if (e?.code === '42P07')
+                return;
+            if (e?.message?.includes('already exists'))
+                return;
             throw e;
         }
     }
@@ -90,6 +95,7 @@ export class KyselyAIStorageService {
             .addColumn('thread_id', 'varchar(36)', (col) => col.notNull().references('ai_threads.id').onDelete('cascade'))
             .addColumn('resource_id', 'varchar(255)', (col) => col.notNull())
             .addColumn('status', 'varchar(50)', (col) => col.notNull().defaultTo('running'))
+            .addColumn('error_message', 'text')
             .addColumn('suspend_reason', 'text')
             .addColumn('missing_rpcs', 'text')
             .addColumn('usage_input_tokens', 'integer', (col) => col.notNull().defaultTo(0))
@@ -352,6 +358,7 @@ export class KyselyAIStorageService {
             thread_id: run.threadId,
             resource_id: run.resourceId,
             status: run.status,
+            error_message: run.errorMessage ?? null,
             suspend_reason: run.suspendReason ?? null,
             missing_rpcs: run.missingRpcs ? JSON.stringify(run.missingRpcs) : null,
             usage_input_tokens: run.usage.inputTokens,
@@ -371,6 +378,9 @@ export class KyselyAIStorageService {
         if (updates.status !== undefined) {
             setValues.status = updates.status;
         }
+        if (updates.errorMessage !== undefined) {
+            setValues.error_message = updates.errorMessage;
+        }
         if (updates.suspendReason !== undefined) {
             setValues.suspend_reason = updates.suspendReason;
         }
@@ -415,6 +425,7 @@ export class KyselyAIStorageService {
             'thread_id',
             'resource_id',
             'status',
+            'error_message',
             'suspend_reason',
             'missing_rpcs',
             'usage_input_tokens',
@@ -452,6 +463,7 @@ export class KyselyAIStorageService {
             'thread_id',
             'resource_id',
             'status',
+            'error_message',
             'suspend_reason',
             'missing_rpcs',
             'usage_input_tokens',
@@ -539,6 +551,7 @@ export class KyselyAIStorageService {
             threadId: row.thread_id,
             resourceId: row.resource_id,
             status: row.status,
+            errorMessage: row.error_message ?? undefined,
             suspendReason: row.suspend_reason,
             missingRpcs: parseJson(row.missing_rpcs),
             pendingApprovals,

package/dist/src/kysely-deployment-service.d.ts

@@ -2,7 +2,7 @@ import type { DeploymentService, DeploymentServiceConfig, DeploymentConfig, Depl
 import type { Kysely } from 'kysely';
 import type { KyselyPikkuDB } from './kysely-tables.js';
 export declare class KyselyDeploymentService implements DeploymentService {
-    private db;
+    protected db: Kysely<KyselyPikkuDB>;
     private initialized;
     private heartbeatTimer?;
     private deploymentConfig?;
@@ -13,5 +13,6 @@ export declare class KyselyDeploymentService implements DeploymentService {
     start(config: DeploymentConfig): Promise<void>;
     stop(): Promise<void>;
     findFunction(name: string): Promise<DeploymentInfo[]>;
+    private createIndexSafe;
     private sendHeartbeat;
 }

package/dist/src/kysely-deployment-service.js

@@ -37,18 +37,16 @@ export class KyselyDeploymentService {
             'function_name',
         ])
             .execute();
-        await this.db.schema
+        await this.createIndexSafe(this.db.schema
             .createIndex('idx_pikku_deployments_heartbeat')
             .ifNotExists()
             .on('pikku_deployments')
-            .column('last_heartbeat')
-            .execute();
-        await this.db.schema
+            .column('last_heartbeat'));
+        await this.createIndexSafe(this.db.schema
             .createIndex('idx_pikku_deployment_functions_name')
             .ifNotExists()
             .on('pikku_deployment_functions')
-            .column('function_name')
-            .execute();
+            .column('function_name'));
         this.initialized = true;
     }
     async start(config) {
@@ -111,6 +109,20 @@ export class KyselyDeploymentService {
             endpoint: row.endpoint,
         }));
     }
+    async createIndexSafe(builder) {
+        try {
+            await builder.execute();
+        }
+        catch (e) {
+            if (e?.code === 'ER_DUP_KEYNAME' || e?.errno === 1061)
+                return;
+            if (e?.code === '42P07')
+                return;
+            if (e?.message?.includes('already exists'))
+                return;
+            throw e;
+        }
+    }
     async sendHeartbeat() {
         if (!this.deploymentConfig)
             return;

package/dist/src/kysely-secret-service.d.ts

@@ -0,0 +1,29 @@
+import type { SecretService } from '@pikku/core/services';
+import type { Kysely } from 'kysely';
+import type { KyselyPikkuDB } from './kysely-tables.js';
+export interface KyselySecretServiceConfig {
+    key: string;
+    keyVersion?: number;
+    previousKey?: string;
+    audit?: boolean;
+    auditReads?: boolean;
+}
+export declare class KyselySecretService implements SecretService {
+    private db;
+    private initialized;
+    private key;
+    private keyVersion;
+    private previousKey?;
+    private audit;
+    private auditReads;
+    constructor(db: Kysely<KyselyPikkuDB>, config: KyselySecretServiceConfig);
+    init(): Promise<void>;
+    private logAudit;
+    private getKEK;
+    getSecret(key: string): Promise<string>;
+    getSecretJSON<R = {}>(key: string): Promise<R>;
+    hasSecret(key: string): Promise<boolean>;
+    setSecretJSON(key: string, value: unknown): Promise<void>;
+    deleteSecret(key: string): Promise<void>;
+    rotateKEK(): Promise<number>;
+}

package/dist/src/kysely-secret-service.js

@@ -0,0 +1,142 @@
+import { sql } from 'kysely';
+import { envelopeEncrypt, envelopeDecrypt, envelopeRewrap, } from '@pikku/core/crypto-utils';
+export class KyselySecretService {
+    db;
+    initialized = false;
+    key;
+    keyVersion;
+    previousKey;
+    audit;
+    auditReads;
+    constructor(db, config) {
+        this.db = db;
+        this.key = config.key;
+        this.keyVersion = config.keyVersion ?? 1;
+        this.previousKey = config.previousKey;
+        this.audit = config.audit ?? false;
+        this.auditReads = config.auditReads ?? false;
+    }
+    async init() {
+        if (this.initialized)
+            return;
+        await this.db.schema
+            .createTable('secrets')
+            .ifNotExists()
+            .addColumn('key', 'varchar(255)', (col) => col.primaryKey())
+            .addColumn('ciphertext', 'text', (col) => col.notNull())
+            .addColumn('wrapped_dek', 'text', (col) => col.notNull())
+            .addColumn('key_version', 'integer', (col) => col.notNull())
+            .addColumn('created_at', 'timestamp', (col) => col.defaultTo(sql `CURRENT_TIMESTAMP`).notNull())
+            .addColumn('updated_at', 'timestamp', (col) => col.defaultTo(sql `CURRENT_TIMESTAMP`).notNull())
+            .execute();
+        if (this.audit) {
+            await this.db.schema
+                .createTable('secrets_audit')
+                .ifNotExists()
+                .addColumn('id', 'varchar(36)', (col) => col.primaryKey())
+                .addColumn('secret_key', 'varchar(255)', (col) => col.notNull())
+                .addColumn('action', 'varchar(20)', (col) => col.notNull())
+                .addColumn('performed_at', 'timestamp', (col) => col.defaultTo(sql `CURRENT_TIMESTAMP`).notNull())
+                .execute();
+        }
+        this.initialized = true;
+    }
+    async logAudit(secretKey, action) {
+        if (!this.audit)
+            return;
+        if (action === 'read' && !this.auditReads)
+            return;
+        await this.db
+            .insertInto('secrets_audit')
+            .values({
+            id: crypto.randomUUID(),
+            secret_key: secretKey,
+            action,
+            performed_at: new Date().toISOString(),
+        })
+            .execute();
+    }
+    getKEK(version) {
+        if (version === this.keyVersion)
+            return this.key;
+        if (this.previousKey)
+            return this.previousKey;
+        throw new Error(`No KEK available for key_version ${version}`);
+    }
+    async getSecret(key) {
+        const row = await this.db
+            .selectFrom('secrets')
+            .select(['ciphertext', 'wrapped_dek', 'key_version'])
+            .where('key', '=', key)
+            .executeTakeFirst();
+        if (!row)
+            throw new Error(`Secret not found: ${key}`);
+        const kek = this.getKEK(row.key_version);
+        const result = await envelopeDecrypt(kek, row.ciphertext, row.wrapped_dek);
+        await this.logAudit(key, 'read');
+        return result;
+    }
+    async getSecretJSON(key) {
+        const raw = await this.getSecret(key);
+        return JSON.parse(raw);
+    }
+    async hasSecret(key) {
+        const row = await this.db
+            .selectFrom('secrets')
+            .select('key')
+            .where('key', '=', key)
+            .executeTakeFirst();
+        return !!row;
+    }
+    async setSecretJSON(key, value) {
+        const plaintext = JSON.stringify(value);
+        const { ciphertext, wrappedDEK } = await envelopeEncrypt(this.key, plaintext);
+        const now = new Date().toISOString();
+        await this.db
+            .insertInto('secrets')
+            .values({
+            key,
+            ciphertext,
+            wrapped_dek: wrappedDEK,
+            key_version: this.keyVersion,
+            created_at: now,
+            updated_at: now,
+        })
+            .onConflict((oc) => oc.column('key').doUpdateSet({
+            ciphertext,
+            wrapped_dek: wrappedDEK,
+            key_version: this.keyVersion,
+            updated_at: now,
+        }))
+            .execute();
+        await this.logAudit(key, 'write');
+    }
+    async deleteSecret(key) {
+        await this.db.deleteFrom('secrets').where('key', '=', key).execute();
+        await this.logAudit(key, 'delete');
+    }
+    async rotateKEK() {
+        if (!this.previousKey) {
+            throw new Error('No previousKey configured — nothing to rotate from');
+        }
+        const rows = await this.db
+            .selectFrom('secrets')
+            .select(['key', 'wrapped_dek'])
+            .where('key_version', '<', this.keyVersion)
+            .execute();
+        for (const row of rows) {
+            const newWrappedDEK = await envelopeRewrap(this.previousKey, this.key, row.wrapped_dek);
+            await this.db
+                .updateTable('secrets')
+                .set({
+                wrapped_dek: newWrappedDEK,
+                key_version: this.keyVersion,
+                updated_at: new Date().toISOString(),
+            })
+                .where('key', '=', row.key)
+                .execute();
+            await this.logAudit(row.key, 'rotate');
+        }
+        return rows.length;
+    }
+}

package/dist/src/kysely-tables.d.ts

@@ -1,4 +1,5 @@
 import type { Generated } from 'kysely';
+import type { WorkflowStatus, StepStatus, WorkflowVersionStatus } from '@pikku/core/workflow';
 export interface ChannelsTable {
     channel_id: string;
     channel_name: string;
@@ -14,7 +15,7 @@ export interface ChannelSubscriptionsTable {
 export interface WorkflowRunsTable {
     workflow_run_id: Generated<string>;
     workflow: string;
-    status: string;
+    status: WorkflowStatus;
     input: string;
     output: string | null;
     error: string | null;
@@ -31,7 +32,7 @@ export interface WorkflowStepTable {
     step_name: string;
     rpc_name: string | null;
     data: string | null;
-    status: Generated<string>;
+    status: Generated<StepStatus>;
     result: string | null;
     error: string | null;
     branch_taken: string | null;
@@ -43,7 +44,7 @@ export interface WorkflowStepTable {
 export interface WorkflowStepHistoryTable {
     history_id: Generated<string>;
     workflow_step_id: string;
-    status: string;
+    status: StepStatus;
     result: string | null;
     error: string | null;
     created_at: Generated<Date>;
@@ -57,6 +58,7 @@ export interface WorkflowVersionsTable {
     graph_hash: string;
     graph: string;
     source: string;
+    status: Generated<WorkflowVersionStatus>;
     created_at: Generated<Date>;
 }
 export interface AIThreadsTable {
@@ -70,7 +72,7 @@ export interface AIThreadsTable {
 export interface AIMessageTable {
     id: string;
     thread_id: string;
-    role: string;
+    role: 'system' | 'user' | 'assistant' | 'tool';
     content: string | null;
     created_at: Generated<Date>;
 }
@@ -82,8 +84,8 @@ export interface AIToolCallTable {
     tool_name: string;
     args: string;
     result: string | null;
-    approval_status: string | null;
-    approval_type: string | null;
+    approval_status: 'approved' | 'denied' | 'pending' | null;
+    approval_type: 'agent-call' | 'tool-call' | null;
     agent_run_id: string | null;
     display_tool_name: string | null;
     display_args: string | null;
@@ -100,8 +102,9 @@ export interface AIRunTable {
     agent_name: string;
     thread_id: string;
     resource_id: string;
-    status: Generated<string>;
-    suspend_reason: string | null;
+    status: Generated<'running' | 'suspended' | 'completed' | 'failed'>;
+    error_message: string | null;
+    suspend_reason: 'approval' | 'rpc-missing' | null;
     missing_rpcs: string | null;
     usage_input_tokens: Generated<number>;
     usage_output_tokens: Generated<number>;
@@ -119,6 +122,20 @@ export interface PikkuDeploymentFunctionsTable {
     deployment_id: string;
     function_name: string;
 }
+export interface SecretsTable {
+    key: string;
+    ciphertext: string;
+    wrapped_dek: string;
+    key_version: number;
+    created_at: Generated<Date>;
+    updated_at: Generated<Date>;
+}
+export interface SecretsAuditTable {
+    id: string;
+    secret_key: string;
+    action: string;
+    performed_at: Generated<Date>;
+}
 export interface KyselyPikkuDB {
     channels: ChannelsTable;
     channel_subscriptions: ChannelSubscriptionsTable;
@@ -133,4 +150,6 @@ export interface KyselyPikkuDB {
     ai_run: AIRunTable;
     pikku_deployments: PikkuDeploymentsTable;
     pikku_deployment_functions: PikkuDeploymentFunctionsTable;
+    secrets: SecretsTable;
+    secrets_audit: SecretsAuditTable;
 }

package/dist/src/kysely-workflow-run-service.d.ts

@@ -24,6 +24,11 @@ export declare class KyselyWorkflowRunService implements WorkflowRunService {
         graph: any;
         source: string;
     } | null>;
+    getAIGeneratedWorkflows(agentName?: string): Promise<Array<{
+        workflowName: string;
+        graphHash: string;
+        graph: any;
+    }>>;
     deleteRun(id: string): Promise<boolean>;
     private mapRunRow;
 }

package/dist/src/kysely-workflow-run-service.js

@@ -169,6 +169,22 @@ export class KyselyWorkflowRunService {
             source: row.source,
         };
     }
+    async getAIGeneratedWorkflows(agentName) {
+        let query = this.db
+            .selectFrom('workflow_versions')
+            .select(['workflow_name', 'graph_hash', 'graph'])
+            .where('source', '=', 'ai-agent')
+            .where('status', '=', 'active');
+        if (agentName) {
+            query = query.where('workflow_name', 'like', `ai:${agentName}:%`);
+        }
+        const rows = await query.execute();
+        return rows.map((row) => ({
+            workflowName: row.workflow_name,
+            graphHash: row.graph_hash,
+            graph: parseJson(row.graph),
+        }));
+    }
     async deleteRun(id) {
         const result = await this.db
             .deleteFrom('workflow_runs')

package/dist/src/kysely-workflow-service.d.ts

@@ -1,9 +1,9 @@
 import type { SerializedError } from '@pikku/core';
-import { PikkuWorkflowService, type WorkflowRun, type WorkflowRunWire, type StepState, type WorkflowStatus } from '@pikku/core/workflow';
+import { PikkuWorkflowService, type WorkflowRun, type WorkflowRunWire, type StepState, type WorkflowStatus, type WorkflowVersionStatus } from '@pikku/core/workflow';
 import type { Kysely } from 'kysely';
 import type { KyselyPikkuDB } from './kysely-tables.js';
 export declare class KyselyWorkflowService extends PikkuWorkflowService {
-    private db;
+    protected db: Kysely<KyselyPikkuDB>;
     private initialized;
     private runService;
     constructor(db: Kysely<KyselyPikkuDB>);
@@ -26,8 +26,8 @@ export declare class KyselyWorkflowService extends PikkuWorkflowService {
     setStepResult(stepId: string, result: any): Promise<void>;
     setStepError(stepId: string, error: Error): Promise<void>;
     createRetryAttempt(stepId: string, status: 'pending' | 'running'): Promise<StepState>;
-    withRunLock<T>(id: string, fn: () => Promise<T>): Promise<T>;
-    withStepLock<T>(runId: string, stepName: string, fn: () => Promise<T>): Promise<T>;
+    withRunLock<T>(_id: string, fn: () => Promise<T>): Promise<T>;
+    withStepLock<T>(_runId: string, _stepName: string, fn: () => Promise<T>): Promise<T>;
     getCompletedGraphState(runId: string): Promise<{
         completedNodeIds: string[];
         failedNodeIds: string[];
@@ -38,10 +38,16 @@ export declare class KyselyWorkflowService extends PikkuWorkflowService {
     setBranchTaken(stepId: string, branchKey: string): Promise<void>;
     updateRunState(runId: string, name: string, value: unknown): Promise<void>;
     getRunState(runId: string): Promise<Record<string, unknown>>;
-    upsertWorkflowVersion(name: string, graphHash: string, graph: any, source: string): Promise<void>;
+    upsertWorkflowVersion(name: string, graphHash: string, graph: any, source: string, status?: WorkflowVersionStatus): Promise<void>;
+    updateWorkflowVersionStatus(name: string, graphHash: string, status: WorkflowVersionStatus): Promise<void>;
     getWorkflowVersion(name: string, graphHash: string): Promise<{
         graph: any;
         source: string;
     } | null>;
+    getAIGeneratedWorkflows(agentName?: string): Promise<Array<{
+        workflowName: string;
+        graphHash: string;
+        graph: any;
+    }>>;
     close(): Promise<void>;
 }

package/dist/src/kysely-workflow-service.js

@@ -85,6 +85,7 @@ export class KyselyWorkflowService extends PikkuWorkflowService {
             .addColumn('graph_hash', 'text', (col) => col.notNull())
             .addColumn('graph', 'text', (col) => col.notNull())
             .addColumn('source', 'text', (col) => col.notNull())
+            .addColumn('status', 'text', (col) => col.notNull().defaultTo('active'))
             .addColumn('created_at', 'timestamp', (col) => col.defaultTo(sql `CURRENT_TIMESTAMP`).notNull())
             .addPrimaryKeyConstraint('workflow_versions_pk', [
             'workflow_name',
@@ -352,28 +353,11 @@ export class KyselyWorkflowService extends PikkuWorkflowService {
             updatedAt: new Date(row.updated_at),
         };
     }
-    async withRunLock(id, fn) {
-        return this.db.transaction().execute(async (trx) => {
-            await trx
-                .selectFrom('workflow_runs')
-                .select('workflow_run_id')
-                .where('workflow_run_id', '=', id)
-                .forUpdate()
-                .executeTakeFirst();
-            return fn();
-        });
+    async withRunLock(_id, fn) {
+        return fn();
     }
-    async withStepLock(runId, stepName, fn) {
-        return this.db.transaction().execute(async (trx) => {
-            await trx
-                .selectFrom('workflow_step')
-                .select('workflow_step_id')
-                .where('workflow_run_id', '=', runId)
-                .where('step_name', '=', stepName)
-                .forUpdate()
-                .executeTakeFirst();
-            return fn();
-        });
+    async withStepLock(_runId, _stepName, fn) {
+        return fn();
     }
     async getCompletedGraphState(runId) {
         const results = await this.db
@@ -466,7 +450,7 @@ export class KyselyWorkflowService extends PikkuWorkflowService {
             return {};
         return parseJson(row.state) ?? {};
     }
-    async upsertWorkflowVersion(name, graphHash, graph, source) {
+    async upsertWorkflowVersion(name, graphHash, graph, source, status) {
         await this.db
             .insertInto('workflow_versions')
             .values({
@@ -474,12 +458,24 @@ export class KyselyWorkflowService extends PikkuWorkflowService {
             graph_hash: graphHash,
             graph: JSON.stringify(graph),
             source,
+            status: status ?? 'active',
         })
             .onConflict((oc) => oc.columns(['workflow_name', 'graph_hash']).doNothing())
             .execute();
     }
+    async updateWorkflowVersionStatus(name, graphHash, status) {
+        await this.db
+            .updateTable('workflow_versions')
+            .set({ status })
+            .where('workflow_name', '=', name)
+            .where('graph_hash', '=', graphHash)
+            .execute();
+    }
     async getWorkflowVersion(name, graphHash) {
         return this.runService.getWorkflowVersion(name, graphHash);
     }
+    async getAIGeneratedWorkflows(agentName) {
+        return this.runService.getAIGeneratedWorkflows(agentName);
+    }
     async close() { }
 }

package/dist/tsconfig.tsbuildinfo

@@ -1 +1 @@
-{"root":["../src/index.ts","../src/kysely-agent-run-service.ts","../src/kysely-ai-storage-service.ts","../src/kysely-channel-store.ts","../src/kysely-deployment-service.ts","../src/kysely-eventhub-store.ts","../src/kysely-json.ts","../src/kysely-tables.ts","../src/kysely-workflow-run-service.ts","../src/kysely-workflow-service.ts","../src/pikku-kysely.ts","../bin/pikku-kysely-pure.ts"],"version":"5.9.3"}
+{"root":["../src/index.ts","../src/kysely-agent-run-service.ts","../src/kysely-ai-storage-service.ts","../src/kysely-channel-store.ts","../src/kysely-deployment-service.ts","../src/kysely-eventhub-store.ts","../src/kysely-json.ts","../src/kysely-secret-service.ts","../src/kysely-tables.ts","../src/kysely-workflow-run-service.ts","../src/kysely-workflow-service.ts","../bin/pikku-kysely-pure.ts"],"version":"5.9.3"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pikku/kysely",
-  "version": "0.12.2",
+  "version": "0.12.3",
   "author": "yasser.fadl@gmail.com",
   "license": "MIT",
   "module": "dist/src/index.js",
@@ -19,12 +19,10 @@
     "release": "npm run build && npm test"
   },
   "peerDependencies": {
-    "@pikku/core": "^0.12.2"
+    "@pikku/core": "^0.12.3"
   },
   "dependencies": {
-    "kysely": "^0.28.11",
-    "kysely-postgres-js": "^3.0.0",
-    "postgres": "^3.4.8"
+    "kysely": "^0.28.11"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",

package/src/index.ts

@@ -1,5 +1,3 @@
-export { PikkuKysely } from './pikku-kysely.js'
-
 export { KyselyChannelStore } from './kysely-channel-store.js'
 export { KyselyEventHubStore } from './kysely-eventhub-store.js'
 export { KyselyWorkflowService } from './kysely-workflow-service.js'
@@ -7,6 +5,8 @@ export { KyselyWorkflowRunService } from './kysely-workflow-run-service.js'
 export { KyselyDeploymentService } from './kysely-deployment-service.js'
 export { KyselyAIStorageService } from './kysely-ai-storage-service.js'
 export { KyselyAgentRunService } from './kysely-agent-run-service.js'
+export { KyselySecretService } from './kysely-secret-service.js'
+export type { KyselySecretServiceConfig } from './kysely-secret-service.js'
 
 export type { KyselyPikkuDB } from './kysely-tables.js'
 export type { WorkflowRunService } from '@pikku/core/workflow'