npm - @prisma-next/extension-supabase - Versions diffs - 0.13.0-dev.2 → 0.13.0-dev.20 - Mend

@prisma-next/extension-supabase 0.13.0-dev.2 → 0.13.0-dev.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/pack.mjs +11 -13
package/dist/pack.mjs.map +1 -1
package/dist/package-4XSdICyq.mjs +6 -0
package/dist/package-4XSdICyq.mjs.map +1 -0
package/dist/runtime.d.mts +110 -3
package/dist/runtime.d.mts.map +1 -1
package/dist/runtime.mjs +278 -3
package/dist/runtime.mjs.map +1 -1
package/dist/test/utils.d.mts +7 -6
package/dist/test/utils.d.mts.map +1 -1
package/dist/test/utils.mjs +19 -6
package/dist/test/utils.mjs.map +1 -1
package/package.json +28 -25
package/src/contract/contract.d.ts +22 -22
package/src/contract/contract.json +10 -10
package/src/exports/runtime.ts +17 -29
package/src/runtime/descriptor.ts +26 -0
package/src/runtime/supabase-runtime.ts +171 -0
package/src/runtime/supabase.ts +323 -0

package/dist/pack.mjs CHANGED Viewed

@@ -1,7 +1,5 @@
+import { t as version } from "./package-4XSdICyq.mjs";
 import { blindCast } from "@prisma-next/utils/casts";
-//#region package.json
-var version = "0.13.0-dev.2";
-//#endregion
 //#region src/contract/contract.json
 var contract_default = {
 	schemaVersion: "1",
@@ -40,7 +38,7 @@ var contract_default = {
 					"id": {
 						"nullable": false,
 						"type": {
-							"codecId": "pg/text@1",
+							"codecId": "pg/uuid@1",
 							"kind": "scalar"
 						}
 					},
@@ -61,7 +59,7 @@ var contract_default = {
 					"user_id": {
 						"nullable": false,
 						"type": {
-							"codecId": "pg/text@1",
+							"codecId": "pg/uuid@1",
 							"kind": "scalar"
 						}
 					}
@@ -98,7 +96,7 @@ var contract_default = {
 					"id": {
 						"nullable": false,
 						"type": {
-							"codecId": "pg/text@1",
+							"codecId": "pg/uuid@1",
 							"kind": "scalar"
 						}
 					},
@@ -186,7 +184,7 @@ var contract_default = {
 					"id": {
 						"nullable": false,
 						"type": {
-							"codecId": "pg/text@1",
+							"codecId": "pg/uuid@1",
 							"kind": "scalar"
 						}
 					},
@@ -238,7 +236,7 @@ var contract_default = {
 								"typeRef": "Timestamptz"
 							},
 							"id": {
-								"codecId": "pg/text@1",
+								"codecId": "pg/uuid@1",
 								"nativeType": "uuid",
 								"nullable": false,
 								"typeRef": "Uuid"
@@ -255,7 +253,7 @@ var contract_default = {
 								"typeRef": "Timestamptz"
 							},
 							"user_id": {
-								"codecId": "pg/text@1",
+								"codecId": "pg/uuid@1",
 								"nativeType": "uuid",
 								"nullable": false,
 								"typeRef": "Uuid"
@@ -280,7 +278,7 @@ var contract_default = {
 								"nullable": false
 							},
 							"id": {
-								"codecId": "pg/text@1",
+								"codecId": "pg/uuid@1",
 								"nativeType": "uuid",
 								"nullable": false,
 								"typeRef": "Uuid"
@@ -352,7 +350,7 @@ var contract_default = {
 								"typeRef": "Timestamptz"
 							},
 							"id": {
-								"codecId": "pg/text@1",
+								"codecId": "pg/uuid@1",
 								"nativeType": "uuid",
 								"nullable": false,
 								"typeRef": "Uuid"
@@ -379,7 +377,7 @@ var contract_default = {
 				"kind": "postgres-schema"
 			}
 		},
-		"storageHash": "sha256:a92ac18f82eb73f747fa9512351caec3e42df1a1a897bce787966af84371638c",
+		"storageHash": "sha256:27dcfcb121eec1827ff7464f6262582a413af76d4d86627d93db97bb2108410a",
 		"types": {
 			"Timestamptz": {
 				"codecId": "pg/timestamptz@1",
@@ -387,7 +385,7 @@ var contract_default = {
 				"nativeType": "timestamptz"
 			},
 			"Uuid": {
-				"codecId": "pg/text@1",
+				"codecId": "pg/uuid@1",
 				"kind": "codec-instance",
 				"nativeType": "uuid"
 			}

package/dist/pack.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"pack.mjs","names":["contractJson","packageJson.version"],"sources":["../~~package.json","../~~src/contract/contract.json","../src/pack/index.ts"],"sourcesContent":["","~~","~~import type { SqlControlExtensionDescriptor } from '@prisma-next/family-sql/control';\nimport { blindCast } from '@prisma-next/utils/casts';\nimport packageJson from '../../package.json' with { type: 'json' };\nimport type { Contract } from '../contract/contract.d';\nimport contractJson from '../contract/contract.json' with { type: 'json' };\n\nconst SUPABASE_SPACE_ID = 'supabase' as const;\n\nfunction buildContractSpace(contractOverride?: unknown) {\n const contract = blindCast<\n Contract,\n 'JSON import narrowed to emitted Contract type; assertDescriptorSelfConsistency verifies the storageHash at load time'\n >(contractOverride ?? contractJson);\n return {\n contractJson: contract,\n migrations: [] as const,\n headRef: { hash: contract.storage.storageHash, invariants: [] as const },\n };\n}\n\nconst supabaseContractSpace = buildContractSpace();\n\nconst supabasePackBase = {\n kind: 'extension' as const,\n id: SUPABASE_SPACE_ID,\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n version: packageJson.version,\n contractSpace: supabaseContractSpace,\n create: () => ({\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n }),\n} satisfies SqlControlExtensionDescriptor<'postgres'>;\n\nexport const supabasePack: SqlControlExtensionDescriptor<'postgres'> = supabasePackBase;\n\n/*\n Returns a pack using `contractOverride` in place of the shipped\n * `contract.json` when provided, otherwise returns the default pack.\n \n Intended for tests that need to drive the framework with a synthetic\n * contract while still exercising the full descriptor wiring.\n */\nexport function supabasePackWith(options?: {\n contractOverride?: unknown;\n}): SqlControlExtensionDescriptor<'postgres'> {\n if (options?.contractOverride === undefined) return supabasePack;\n return {\n ...supabasePackBase,\n contractSpace: buildContractSpace(options.contractOverride),\n };\n}\n\nexport default supabasePack;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEMA,MAAM,oBAAoB;AAE1B,SAAS,mBAAmB,kBAA4B;CACtD,MAAM,WAAW,UAGf,oBAAoBA,gBAAY;CAClC,OAAO;EACL,cAAc;EACd,YAAY,CAAC;EACb,SAAS;GAAE,MAAM,SAAS,QAAQ;GAAa,YAAY,CAAC;EAAW;CACzE;AACF;AAIA,MAAM,mBAAmB;CACvB,MAAM;CACN,IAAI;CACJ,UAAU;CACV,UAAU;CACDC;CACT,eAR4B,mBAQb;CACf,eAAe;EACb,UAAU;EACV,UAAU;CACZ;AACF;AAEA,MAAa,eAA0D;;;;;;;;AASvE,SAAgB,iBAAiB,SAEa;CAC5C,IAAI,SAAS,qBAAqB,KAAA,GAAW,OAAO;CACpD,OAAO;EACL,GAAG;EACH,eAAe,mBAAmB,QAAQ,gBAAgB;CAC5D;AACF"}
1	+ {"version":3,"file":"pack.mjs","names":["contractJson","packageJson.version"],"sources":["../src/contract/contract.json","../src/pack/index.ts"],"sourcesContent":["","import type { SqlControlExtensionDescriptor } from '@prisma-next/family-sql/control';\nimport { blindCast } from '@prisma-next/utils/casts';\nimport packageJson from '../../package.json' with { type: 'json' };\nimport type { Contract } from '../contract/contract.d';\nimport contractJson from '../contract/contract.json' with { type: 'json' };\n\nconst SUPABASE_SPACE_ID = 'supabase' as const;\n\nfunction buildContractSpace(contractOverride?: unknown) {\n const contract = blindCast<\n Contract,\n 'JSON import narrowed to emitted Contract type; assertDescriptorSelfConsistency verifies the storageHash at load time'\n >(contractOverride ?? contractJson);\n return {\n contractJson: contract,\n migrations: [] as const,\n headRef: { hash: contract.storage.storageHash, invariants: [] as const },\n };\n}\n\nconst supabaseContractSpace = buildContractSpace();\n\nconst supabasePackBase = {\n kind: 'extension' as const,\n id: SUPABASE_SPACE_ID,\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n version: packageJson.version,\n contractSpace: supabaseContractSpace,\n create: () => ({\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n }),\n} satisfies SqlControlExtensionDescriptor<'postgres'>;\n\nexport const supabasePack: SqlControlExtensionDescriptor<'postgres'> = supabasePackBase;\n\n/*\n Returns a pack using `contractOverride` in place of the shipped\n * `contract.json` when provided, otherwise returns the default pack.\n \n Intended for tests that need to drive the framework with a synthetic\n * contract while still exercising the full descriptor wiring.\n */\nexport function supabasePackWith(options?: {\n contractOverride?: unknown;\n}): SqlControlExtensionDescriptor<'postgres'> {\n if (options?.contractOverride === undefined) return supabasePack;\n return {\n ...supabasePackBase,\n contractSpace: buildContractSpace(options.contractOverride),\n };\n}\n\nexport default supabasePack;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACMA,MAAM,oBAAoB;AAE1B,SAAS,mBAAmB,kBAA4B;CACtD,MAAM,WAAW,UAGf,oBAAoBA,gBAAY;CAClC,OAAO;EACL,cAAc;EACd,YAAY,CAAC;EACb,SAAS;GAAE,MAAM,SAAS,QAAQ;GAAa,YAAY,CAAC;EAAW;CACzE;AACF;AAIA,MAAM,mBAAmB;CACvB,MAAM;CACN,IAAI;CACJ,UAAU;CACV,UAAU;CACDC;CACT,eAR4B,mBAQb;CACf,eAAe;EACb,UAAU;EACV,UAAU;CACZ;AACF;AAEA,MAAa,eAA0D;;;;;;;;AASvE,SAAgB,iBAAiB,SAEa;CAC5C,IAAI,SAAS,qBAAqB,KAAA,GAAW,OAAO;CACpD,OAAO;EACL,GAAG;EACH,eAAe,mBAAmB,QAAQ,gBAAgB;CAC5D;AACF"}

package/dist/package-4XSdICyq.mjs ADDED Viewed

@@ -0,0 +1,6 @@
+//#region package.json
+var version = "0.13.0-dev.20";
+//#endregion
+export { version as t };
+//# sourceMappingURL=package-4XSdICyq.mjs.map

package/dist/package-4XSdICyq.mjs.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"package-4XSdICyq.mjs","names":[],"sources":["../package.json"],"sourcesContent":[""],"mappings":""}

package/dist/runtime.d.mts CHANGED Viewed

@@ -1,7 +1,114 @@
-import { SqlRuntimeExtensionDescriptor } from "@prisma-next/sql-runtime";
+import { orm } from "@prisma-next/sql-orm-client";
+import { RawSqlTag } from "@prisma-next/sql-relational-core/expression";
+import { ExecutionContext, RuntimeConnection, SqlExecutionStackWithDriver, SqlMiddleware, SqlRuntimeExtensionDescriptor, TransactionContext, VerifyMarkerOption } from "@prisma-next/sql-runtime";
+import { Client, Pool } from "pg";
+import { AsyncIterableResult, RuntimeExecuteOptions } from "@prisma-next/framework-components/runtime";
+import { PostgresRuntime, PostgresRuntimeImpl } from "@prisma-next/postgres/runtime";
+import { Contract } from "@prisma-next/contract/types";
+import { Db } from "@prisma-next/sql-builder/types";
+import { SqlStorage } from "@prisma-next/sql-contract/types";
+import { SqlExecutionPlan, SqlQueryPlan } from "@prisma-next/sql-relational-core/plan";
-//#region src/exports/runtime.d.ts
+//#region src/runtime/descriptor.d.ts
+/**
+ * Tells the runtime that the Supabase pack's runtime component is available.
+ *
+ * When a contract declares the Supabase pack, the runtime checks that a
+ * matching descriptor has been registered. Without this, loading a Supabase
+ * contract errors with "pack runtime component missing". The `supabase()`
+ * factory registers this descriptor automatically — app code never needs to
+ * reference it directly.
+ */
 declare const supabaseRuntimeDescriptor: SqlRuntimeExtensionDescriptor<'postgres'>;
 //#endregion
-export { supabaseRuntimeDescriptor as default };
+//#region src/runtime/supabase.d.ts
+type SupabaseTargetId = 'postgres';
+type OrmClient<TContract extends Contract<SqlStorage>> = ReturnType<typeof orm<TContract>>;
+declare class SupabaseConfigError extends Error {
+  readonly name = "SupabaseConfigError";
+  constructor(message: string);
+}
+declare class InvalidJwtError extends Error {
+  readonly name = "InvalidJwtError";
+  readonly reason: string;
+  constructor(reason: string);
+}
+interface RoleBoundDb<TContract extends Contract<SqlStorage>> {
+  readonly sql: Db<TContract>;
+  readonly orm: OrmClient<TContract>;
+  readonly raw: RawSqlTag;
+  execute<Row>(plan: (SqlExecutionPlan<Row> | SqlQueryPlan<Row>) & {
+    readonly _row?: Row;
+  }, options?: RuntimeExecuteOptions): AsyncIterableResult<Row>;
+  transaction<R>(fn: (tx: TransactionContext) => PromiseLike<R>): Promise<R>;
+}
+interface SupabaseDb<TContract extends Contract<SqlStorage>> {
+  readonly context: ExecutionContext<TContract>;
+  readonly stack: SqlExecutionStackWithDriver<SupabaseTargetId>;
+  asUser(jwt: string): Promise<RoleBoundDb<TContract>>;
+  asAnon(): RoleBoundDb<TContract>;
+  asServiceRole(): RoleBoundDb<TContract>;
+  close(): Promise<void>;
+  [Symbol.asyncDispose](): Promise<void>;
+}
+interface SupabaseOptionsBase {
+  readonly extensions?: readonly SqlRuntimeExtensionDescriptor<SupabaseTargetId>[];
+  readonly middleware?: readonly SqlMiddleware[];
+  readonly verifyMarker?: VerifyMarkerOption;
+  readonly poolOptions?: {
+    readonly connectionTimeoutMillis?: number;
+    readonly idleTimeoutMillis?: number;
+  };
+}
+interface SupabaseBindingOptions {
+  readonly url?: string;
+  readonly pg?: Pool | Client;
+}
+type JwtSecretOption = {
+  readonly jwtSecret: string;
+  readonly jwksUrl?: never;
+};
+type JwksUrlOption = {
+  readonly jwksUrl: string;
+  readonly jwtSecret?: never;
+};
+type SupabaseOptionsWithContract<TContract extends Contract<SqlStorage>> = SupabaseBindingOptions & SupabaseOptionsBase & (JwtSecretOption | JwksUrlOption) & {
+  readonly contract: TContract;
+  readonly contractJson?: never;
+};
+type SupabaseOptionsWithContractJson<TContract extends Contract<SqlStorage>> = SupabaseBindingOptions & SupabaseOptionsBase & (JwtSecretOption | JwksUrlOption) & {
+  readonly contractJson: unknown;
+  readonly contract?: never;
+  readonly _contract?: TContract;
+};
+type SupabaseOptions<TContract extends Contract<SqlStorage>> = SupabaseOptionsWithContract<TContract> | SupabaseOptionsWithContractJson<TContract>;
+declare function supabase<TContract extends Contract<SqlStorage>>(options: SupabaseOptionsWithContract<TContract>): Promise<SupabaseDb<TContract>>;
+declare function supabase<TContract extends Contract<SqlStorage>>(options: SupabaseOptionsWithContractJson<TContract>): Promise<SupabaseDb<TContract>>;
+//#endregion
+//#region src/runtime/supabase-runtime.d.ts
+interface SupabaseRuntime extends PostgresRuntime {}
+interface SupabaseRoleBinding {
+  readonly role: 'anon' | 'authenticated' | 'service_role';
+  readonly claims?: Record<string, unknown>;
+}
+/**
+ * A connection with a Supabase role already bound via session-scoped set_config.
+ * Implements `RuntimeConnection` so it plugs into ORM scope machinery and `withTransaction`.
+ */
+interface RoleSession extends RuntimeConnection {}
+declare class SupabaseRuntimeImpl<TContract extends Contract<SqlStorage> = Contract<SqlStorage>> extends PostgresRuntimeImpl<TContract> {
+  /**
+   * Opens a raw connection and applies role + JWT claims via session-scoped set_config.
+   * On bind failure, destroys the connection before rethrowing — no leaked connections.
+   * Not on the `SupabaseRuntime` interface; consumed by the facade, not by app code.
+   */
+  openRoleSession(binding: SupabaseRoleBinding): Promise<RoleSession>;
+  /**
+   * Opens a role session, executes the plan, then releases after the stream drains.
+   * On mid-stream error, destroys the session instead of releasing.
+   */
+  executeWithRole<Row>(plan: SqlExecutionPlan<Row> | SqlQueryPlan<Row>, binding: SupabaseRoleBinding, options?: RuntimeExecuteOptions): AsyncIterableResult<Row>;
+}
+//#endregion
+export { InvalidJwtError, type RoleBoundDb, type RoleSession, SupabaseConfigError, type SupabaseDb, type SupabaseOptions, type SupabaseOptionsWithContract, type SupabaseOptionsWithContractJson, type SupabaseRoleBinding, type SupabaseRuntime, SupabaseRuntimeImpl, type SupabaseTargetId, supabaseRuntimeDescriptor as default, supabase };
 //# sourceMappingURL=runtime.d.mts.map

package/dist/runtime.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime.d.mts","names":[],"sources":["../src/~~exports~~/runtime.ts"],"mappings":"~~;;;cAeM~~,yBAAA,EAA2B,6BAA6B"}
1	+ {"version":3,"file":"runtime.d.mts","names":[],"sources":["../src/runtime/descriptor.ts","../src/runtime/supabase.ts","../src/runtime/supabase-runtime.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;cAYa,yBAAA,EAA2B,6BAA6B;;;KC0BzD,gBAAA;AAAA,KAEP,SAAA,mBAA4B,QAAA,CAAS,UAAA,KAAe,UAAA,QAAkB,GAAA,CAAI,SAAA;AAAA,cAElE,mBAAA,SAA4B,KAAK;EAAA,SAC1B,IAAA;cACN,OAAA;AAAA;AAAA,cAKD,eAAA,SAAwB,KAAK;EAAA,SACtB,IAAA;EAAA,SACT,MAAA;cACG,MAAA;AAAA;AAAA,UAUG,WAAA,mBAA8B,QAAA,CAAS,UAAA;EAAA,SAC7C,GAAA,EAAK,EAAA,CAAG,SAAA;EAAA,SACR,GAAA,EAAK,SAAA,CAAU,SAAA;EAAA,SACf,GAAA,EAAK,SAAA;EACd,OAAA,MACE,IAAA,GAAO,gBAAA,CAAiB,GAAA,IAAO,YAAA,CAAa,GAAA;IAAA,SAAmB,IAAA,GAAO,GAAA;EAAA,GACtE,OAAA,GAAU,qBAAA,GACT,mBAAA,CAAoB,GAAA;EACvB,WAAA,IAAe,EAAA,GAAK,EAAA,EAAI,kBAAA,KAAuB,WAAA,CAAY,CAAA,IAAK,OAAA,CAAQ,CAAA;AAAA;AAAA,UAGzD,UAAA,mBAA6B,QAAA,CAAS,UAAA;EAAA,SAC5C,OAAA,EAAS,gBAAA,CAAiB,SAAA;EAAA,SAC1B,KAAA,EAAO,2BAAA,CAA4B,gBAAA;EAC5C,MAAA,CAAO,GAAA,WAAc,OAAA,CAAQ,WAAA,CAAY,SAAA;EACzC,MAAA,IAAU,WAAA,CAAY,SAAA;EACtB,aAAA,IAAiB,WAAA,CAAY,SAAA;EAC7B,KAAA,IAAS,OAAA;EAAA,CACR,MAAA,CAAO,YAAA,KAAiB,OAAA;AAAA;AAAA,UAGV,mBAAA;EAAA,SACN,UAAA,YAAsB,6BAAA,CAA8B,gBAAA;EAAA,SACpD,UAAA,YAAsB,aAAA;EAAA,SACtB,YAAA,GAAe,kBAAA;EAAA,SACf,WAAA;IAAA,SACE,uBAAA;IAAA,SACA,iBAAA;EAAA;AAAA;AAAA,UAII,sBAAA;EAAA,SACN,GAAA;EAAA,SACA,EAAA,GAAK,IAAA,GAAO,MAAM;AAAA;AAAA,KAGxB,eAAA;EAAA,SACM,SAAA;EAAA,SACA,OAAO;AAAA;AAAA,KAGb,aAAA;EAAA,SACM,OAAA;EAAA,SACA,SAAS;AAAA;AAAA,KAGR,2BAAA,mBAA8C,QAAA,CAAS,UAAA,KACjE,sBAAA,GACE,mBAAA,IACC,eAAA,GAAkB,aAAA;EAAA,SACR,QAAA,EAAU,SAAA;EAAA,SACV,YAAA;AAAA;AAAA,KAGH,+BAAA,mBAAkD,QAAA,CAAS,UAAA,KACrE,sBAAA,GACE,mBAAA,IACC,eAAA,GAAkB,aAAA;EAAA,SACR,YAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA,GAAY,SAAA;AAAA;AAAA,KAGf,eAAA,mBAAkC,QAAA,CAAS,UAAA,KACnD,2BAAA,CAA4B,SAAA,IAC5B,+BAAA,CAAgC,SAAA;AAAA,iBAwEN,QAAA,mBAA2B,QAAA,CAAS,UAAA,GAChE,OAAA,EAAS,2BAAA,CAA4B,SAAA,IACpC,OAAA,CAAQ,UAAA,CAAW,SAAA;AAAA,iBACQ,QAAA,mBAA2B,QAAA,CAAS,UAAA,GAChE,OAAA,EAAS,+BAAA,CAAgC,SAAA,IACxC,OAAA,CAAQ,UAAA,CAAW,SAAA;;;UC9LL,eAAA,SAAwB,eAAe;AAAA,UAEvC,mBAAA;EAAA,SAEN,IAAA;EAAA,SACA,MAAA,GAAS,MAAM;AAAA;;;;AFP2C;UEcpD,WAAA,SAAoB,iBAAiB;AAAA,cAEzC,mBAAA,mBACO,QAAA,CAAS,UAAA,IAAc,QAAA,CAAS,UAAA,WAC1C,mBAAA,CAAoB,SAAA;EDQlB;;;;AAAgB;ECFpB,eAAA,CAAgB,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,WAAA;EDIjD;;;;ECuGZ,eAAA,MACE,IAAA,EAAM,gBAAA,CAAiB,GAAA,IAAO,YAAA,CAAa,GAAA,GAC3C,OAAA,EAAS,mBAAA,EACT,OAAA,GAAU,qBAAA,GACT,mBAAA,CAAoB,GAAA;AAAA"}

package/dist/runtime.mjs CHANGED Viewed

@@ -1,8 +1,32 @@
-//#region src/exports/runtime.ts
+import { t as version } from "./package-4XSdICyq.mjs";
+import { blindCast } from "@prisma-next/utils/casts";
+import postgresAdapter from "@prisma-next/adapter-postgres/runtime";
+import postgresDriver from "@prisma-next/driver-postgres/runtime";
+import { instantiateExecutionStack } from "@prisma-next/framework-components/execution";
+import { sql } from "@prisma-next/sql-builder/runtime";
+import { orm } from "@prisma-next/sql-orm-client";
+import { createRawSql } from "@prisma-next/sql-relational-core/expression";
+import { createExecutionContext, createSqlExecutionStack, withTransaction } from "@prisma-next/sql-runtime";
+import postgresTarget, { PostgresContractSerializer } from "@prisma-next/target-postgres/runtime";
+import { ifDefined } from "@prisma-next/utils/defined";
+import { createRemoteJWKSet, jwtVerify } from "jose";
+import { Pool } from "pg";
+import { AsyncIterableResult } from "@prisma-next/framework-components/runtime";
+import { PostgresRuntimeImpl } from "@prisma-next/postgres/runtime";
+//#region src/runtime/descriptor.ts
+/**
+* Tells the runtime that the Supabase pack's runtime component is available.
+*
+* When a contract declares the Supabase pack, the runtime checks that a
+* matching descriptor has been registered. Without this, loading a Supabase
+* contract errors with "pack runtime component missing". The `supabase()`
+* factory registers this descriptor automatically — app code never needs to
+* reference it directly.
+*/
 const supabaseRuntimeDescriptor = {
 	kind: "extension",
 	id: "supabase",
-	version: "0.12.0",
+	version,
 	familyId: "sql",
 	targetId: "postgres",
 	codecs: () => [],
@@ -14,6 +38,257 @@ const supabaseRuntimeDescriptor = {
 	}
 };
 //#endregion
-export { supabaseRuntimeDescriptor as default };
+//#region src/runtime/supabase-runtime.ts
+var SupabaseRuntimeImpl = class extends PostgresRuntimeImpl {
+	/**
+	* Opens a raw connection and applies role + JWT claims via session-scoped set_config.
+	* On bind failure, destroys the connection before rethrowing — no leaked connections.
+	* Not on the `SupabaseRuntime` interface; consumed by the facade, not by app code.
+	*/
+	async openRoleSession(binding) {
+		const conn = await this.acquireRawConnection();
+		try {
+			await conn.query("SELECT set_config($1, $2, false)", ["role", binding.role]);
+			await conn.query("SELECT set_config($1, $2, false)", ["request.jwt.claims", JSON.stringify(binding.claims ?? {})]);
+		} catch (err) {
+			await conn.destroy(err).catch(() => void 0);
+			throw err;
+		}
+		const self = this;
+		return {
+			execute(plan, options) {
+				return self.executeAgainstQueryable(plan, conn, {
+					...options,
+					scope: "connection"
+				});
+			},
+			executePrepared(ps, params, options) {
+				return self.executePreparedAgainstQueryable(blindCast(ps), blindCast(params), conn, {
+					...options,
+					scope: "connection"
+				});
+			},
+			async transaction() {
+				const tx = await conn.beginTransaction();
+				return {
+					async commit() {
+						await tx.commit();
+					},
+					async rollback() {
+						await tx.rollback();
+					},
+					execute(plan, options) {
+						return self.executeAgainstQueryable(plan, tx, {
+							...options,
+							scope: "transaction"
+						});
+					},
+					executePrepared(ps, params, options) {
+						return self.executePreparedAgainstQueryable(blindCast(ps), blindCast(params), tx, {
+							...options,
+							scope: "transaction"
+						});
+					}
+				};
+			},
+			/**
+			* Resets all session-local config then releases the connection back to the pool.
+			* If RESET ALL fails, destroys the connection instead — pool-poisoning guarantee.
+			*/
+			async release() {
+				try {
+					await conn.query("RESET ALL");
+					await conn.release();
+				} catch (resetError) {
+					await conn.destroy(resetError).catch(() => void 0);
+				}
+			},
+			async destroy(reason) {
+				await conn.destroy(reason);
+			}
+		};
+	}
+	/**
+	* Opens a role session, executes the plan, then releases after the stream drains.
+	* On mid-stream error, destroys the session instead of releasing.
+	*/
+	executeWithRole(plan, binding, options) {
+		const self = this;
+		const generator = async function* () {
+			const session = await self.openRoleSession(binding);
+			let errored = false;
+			try {
+				for await (const row of session.execute(plan, options)) yield row;
+			} catch (err) {
+				errored = true;
+				await session.destroy(err).catch(() => void 0);
+				throw err;
+			} finally {
+				if (!errored) await session.release();
+			}
+		};
+		return new AsyncIterableResult(generator());
+	}
+};
+//#endregion
+//#region src/runtime/supabase.ts
+var SupabaseConfigError = class extends Error {
+	name = "SupabaseConfigError";
+	constructor(message) {
+		super(message);
+	}
+};
+var InvalidJwtError = class extends Error {
+	name = "InvalidJwtError";
+	reason;
+	constructor(reason) {
+		super(`Invalid JWT: ${reason}`);
+		this.reason = reason;
+	}
+};
+function hasContractJson(options) {
+	return "contractJson" in options;
+}
+const contractSerializer = new PostgresContractSerializer();
+function resolveContract(options) {
+	const contractInput = hasContractJson(options) ? options.contractJson : options.contract;
+	return blindCast(contractSerializer.deserializeContract(contractInput));
+}
+function resolveKeyMaterial(options) {
+	const jwtSecret = "jwtSecret" in options ? options.jwtSecret : void 0;
+	const jwksUrl = "jwksUrl" in options ? options.jwksUrl : void 0;
+	if (jwtSecret !== void 0 && jwksUrl !== void 0) throw new SupabaseConfigError("Provide either jwtSecret or jwksUrl, not both");
+	if (jwtSecret === void 0 && jwksUrl === void 0) throw new SupabaseConfigError("Either jwtSecret or jwksUrl is required");
+	if (jwtSecret !== void 0) return {
+		kind: "secret",
+		key: new TextEncoder().encode(jwtSecret)
+	};
+	if (jwksUrl !== void 0) return {
+		kind: "jwks",
+		keyset: createRemoteJWKSet(new URL(jwksUrl))
+	};
+	throw new SupabaseConfigError("Either jwtSecret or jwksUrl is required");
+}
+function toPool(options) {
+	if (options.pg instanceof Pool) return {
+		pool: options.pg,
+		owned: false
+	};
+	if (typeof options.url === "string") return {
+		pool: new Pool({
+			connectionString: options.url,
+			connectionTimeoutMillis: options.poolOptions?.connectionTimeoutMillis ?? 2e4,
+			idleTimeoutMillis: options.poolOptions?.idleTimeoutMillis ?? 3e4
+		}),
+		owned: true
+	};
+}
+function withSupabaseDescriptor(extensions) {
+	const packs = extensions ?? [];
+	return packs.some((pack) => pack.id === supabaseRuntimeDescriptor.id) ? packs : [...packs, supabaseRuntimeDescriptor];
+}
+async function supabase(options) {
+	const keyMaterial = resolveKeyMaterial(options);
+	const contract = resolveContract(options);
+	const stack = createSqlExecutionStack({
+		target: postgresTarget,
+		adapter: postgresAdapter,
+		driver: postgresDriver,
+		extensionPacks: withSupabaseDescriptor(options.extensions)
+	});
+	const context = createExecutionContext({
+		contract,
+		stack
+	});
+	const rawCodecInferer = stack.adapter.rawCodecInferer;
+	const rawSqlTag = createRawSql(rawCodecInferer);
+	const poolEntry = toPool(options);
+	let closed = false;
+	const stackInstance = instantiateExecutionStack(stack);
+	const driverDescriptor = stack.driver;
+	if (!driverDescriptor) throw new Error("Driver descriptor missing from execution stack");
+	const driver = driverDescriptor.create({ cursor: { disabled: true } });
+	if (poolEntry) await driver.connect({
+		kind: "pgPool",
+		pool: poolEntry.pool
+	});
+	const runtime = new SupabaseRuntimeImpl({
+		context,
+		adapter: stackInstance.adapter,
+		driver,
+		...ifDefined("verifyMarker", options.verifyMarker),
+		...ifDefined("middleware", options.middleware)
+	});
+	async function verifyJwt(jwt) {
+		try {
+			if (keyMaterial.kind === "secret") return await jwtVerify(jwt, keyMaterial.key);
+			return await jwtVerify(jwt, keyMaterial.keyset);
+		} catch (err) {
+			throw new InvalidJwtError(err instanceof Error ? err.message : String(err));
+		}
+	}
+	function buildRoleBoundDb(binding) {
+		return {
+			sql: sql({
+				context,
+				rawCodecInferer
+			}),
+			orm: orm({
+				runtime: {
+					execute(plan) {
+						return runtime.executeWithRole(plan, binding);
+					},
+					connection: () => runtime.openRoleSession(binding)
+				},
+				context
+			}),
+			raw: rawSqlTag,
+			execute(plan, execOptions) {
+				return runtime.executeWithRole(plan, binding, execOptions);
+			},
+			transaction(fn) {
+				return withTransaction({ connection: () => runtime.openRoleSession(binding) }, fn);
+			}
+		};
+	}
+	async function closeDb() {
+		if (closed) return;
+		closed = true;
+		await runtime.close();
+		if (poolEntry?.owned) await poolEntry.pool.end().catch(() => void 0);
+	}
+	return {
+		context,
+		stack,
+		async asUser(jwt) {
+			const { payload } = await verifyJwt(jwt);
+			const rawRole = payload["role"];
+			const roleStr = typeof rawRole === "string" ? rawRole : "authenticated";
+			return buildRoleBoundDb({
+				role: roleStr === "anon" || roleStr === "authenticated" || roleStr === "service_role" ? roleStr : "authenticated",
+				claims: payload
+			});
+		},
+		asAnon() {
+			return buildRoleBoundDb({
+				role: "anon",
+				claims: {}
+			});
+		},
+		asServiceRole() {
+			return buildRoleBoundDb({
+				role: "service_role",
+				claims: {}
+			});
+		},
+		close: closeDb,
+		[Symbol.asyncDispose]: closeDb
+	};
+}
+//#endregion
+//#region src/exports/runtime.ts
+var runtime_default = supabaseRuntimeDescriptor;
+//#endregion
+export { InvalidJwtError, SupabaseConfigError, SupabaseRuntimeImpl, runtime_default as default, supabase };
 //# sourceMappingURL=runtime.mjs.map

package/dist/runtime.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime.mjs","names":[],"sources":["../src/exports/runtime.ts"],"sourcesContent":["/*\n Minimal M1 runtime descriptor for the Supabase extension.\n \n The Supabase pack contributes no runtime codec types or query operations in\n * M1 — `auth.`/`storage.` are external tables accessed via the stock\n * postgres runtime, not through a custom codec or operation surface. This\n * descriptor exists so the postgres runtime's contract-requirements check\n * (which verifies every `extensionPacks` entry in the emitted `contract.json`\n * has a matching runtime component) passes.\n \n TODO(M2): Replace with the real SupabaseRuntime that adds\n * `asUser()`/`asAnon()` role-binding and the Supabase auth surface.\n */\nimport type { SqlRuntimeExtensionDescriptor } from '@prisma-next/sql-runtime';\n\nconst supabaseRuntimeDescriptor: SqlRuntimeExtensionDescriptor<'postgres'> = {\n kind: 'extension' as const,\n id: 'supabase',\n version: '0.12.0',\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n codecs: () => [],\n create() {\n return {\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n };\n },\n};\n\nexport default supabaseRuntimeDescriptor;\n"],"mappings":";AAeA,MAAM,4BAAuE;CAC3E,MAAM;CACN,IAAI;CACJ,SAAS;CACT,UAAU;CACV,UAAU;CACV,cAAc,CAAC;CACf,SAAS;EACP,OAAO;GACL,UAAU;GACV,UAAU;EACZ;CACF;AACF"}
1	+ {"version":3,"file":"runtime.mjs","names":["packageJson.version"],"sources":["../src/runtime/descriptor.ts","../src/runtime/supabase-runtime.ts","../src/runtime/supabase.ts","../src/exports/runtime.ts"],"sourcesContent":["import type { SqlRuntimeExtensionDescriptor } from '@prisma-next/sql-runtime';\nimport packageJson from '../../package.json' with { type: 'json' };\n\n/*\n Tells the runtime that the Supabase pack's runtime component is available.\n \n When a contract declares the Supabase pack, the runtime checks that a\n * matching descriptor has been registered. Without this, loading a Supabase\n * contract errors with \"pack runtime component missing\". The `supabase()`\n * factory registers this descriptor automatically — app code never needs to\n * reference it directly.\n /\nexport const supabaseRuntimeDescriptor: SqlRuntimeExtensionDescriptor<'postgres'> = {\n kind: 'extension' as const,\n id: 'supabase',\n version: packageJson.version,\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n codecs: () => [],\n create() {\n return {\n familyId: 'sql' as const,\n targetId: 'postgres' as const,\n };\n },\n};\n","import type { Contract } from '@prisma-next/contract/types';\nimport type { RuntimeExecuteOptions } from '@prisma-next/framework-components/runtime';\nimport { AsyncIterableResult } from '@prisma-next/framework-components/runtime';\nimport { type PostgresRuntime, PostgresRuntimeImpl } from '@prisma-next/postgres/runtime';\nimport type { SqlStorage } from '@prisma-next/sql-contract/types';\nimport type { SqlExecutionPlan, SqlQueryPlan } from '@prisma-next/sql-relational-core/plan';\nimport type {\n PreparedStatement,\n PreparedStatementImpl,\n RuntimeConnection,\n RuntimeTransaction,\n} from '@prisma-next/sql-runtime';\nimport { blindCast } from '@prisma-next/utils/casts';\n\nexport interface SupabaseRuntime extends PostgresRuntime {}\n\nexport interface SupabaseRoleBinding {\n // TODO(TML-2501): role names move to the Supabase extension contract (roles as first-class IR) when postgres-rls lands.\n readonly role: 'anon' \| 'authenticated' \| 'service_role';\n readonly claims?: Record<string, unknown>;\n}\n\n/\n A connection with a Supabase role already bound via session-scoped set_config.\n * Implements `RuntimeConnection` so it plugs into ORM scope machinery and `withTransaction`.\n /\nexport interface RoleSession extends RuntimeConnection {}\n\nexport class SupabaseRuntimeImpl<\n TContract extends Contract<SqlStorage> = Contract<SqlStorage>,\n> extends PostgresRuntimeImpl<TContract> {\n /\n Opens a raw connection and applies role + JWT claims via session-scoped set_config.\n * On bind failure, destroys the connection before rethrowing — no leaked connections.\n * Not on the `SupabaseRuntime` interface; consumed by the facade, not by app code.\n /\n async openRoleSession(binding: SupabaseRoleBinding): Promise<RoleSession> {\n const conn = await this.acquireRawConnection();\n\n try {\n await conn.query('SELECT set_config($1, $2, false)', ['role', binding.role]);\n await conn.query('SELECT set_config($1, $2, false)', [\n 'request.jwt.claims',\n JSON.stringify(binding.claims ?? {}),\n ]);\n } catch (err) {\n await conn.destroy(err).catch(() => undefined);\n throw err;\n }\n\n const self = this;\n\n const session: RoleSession = {\n execute<Row>(\n plan: (SqlExecutionPlan<unknown> \| SqlQueryPlan<unknown>) & { readonly _row?: Row },\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n return self.executeAgainstQueryable<Row>(plan, conn, { ...options, scope: 'connection' });\n },\n\n executePrepared<Params, Row>(\n ps: PreparedStatement<Params, Row>,\n params: Params,\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n return self.executePreparedAgainstQueryable(\n blindCast<\n PreparedStatementImpl<Params, Row>,\n 'PreparedStatement is PreparedStatementImpl; the impl class is the only concrete form'\n >(ps),\n blindCast<\n Record<string, unknown>,\n 'params are structurally Record<string, unknown> at runtime'\n >(params),\n conn,\n { ...options, scope: 'connection' },\n );\n },\n\n async transaction(): Promise<RuntimeTransaction> {\n const tx = await conn.beginTransaction();\n return {\n async commit(): Promise<void> {\n await tx.commit();\n },\n async rollback(): Promise<void> {\n await tx.rollback();\n },\n execute<Row>(\n plan: (SqlExecutionPlan<unknown> \| SqlQueryPlan<unknown>) & { readonly _row?: Row },\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n return self.executeAgainstQueryable<Row>(plan, tx, {\n ...options,\n scope: 'transaction',\n });\n },\n executePrepared<Params, Row>(\n ps: PreparedStatement<Params, Row>,\n params: Params,\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n return self.executePreparedAgainstQueryable(\n blindCast<\n PreparedStatementImpl<Params, Row>,\n 'PreparedStatement is PreparedStatementImpl; the impl class is the only concrete form'\n >(ps),\n blindCast<\n Record<string, unknown>,\n 'params are structurally Record<string, unknown> at runtime'\n >(params),\n tx,\n { ...options, scope: 'transaction' },\n );\n },\n };\n },\n\n /\n Resets all session-local config then releases the connection back to the pool.\n * If RESET ALL fails, destroys the connection instead — pool-poisoning guarantee.\n /\n async release(): Promise<void> {\n try {\n await conn.query('RESET ALL');\n await conn.release();\n } catch (resetError) {\n await conn.destroy(resetError).catch(() => undefined);\n }\n },\n\n async destroy(reason?: unknown): Promise<void> {\n await conn.destroy(reason);\n },\n };\n\n return session;\n }\n\n /\n Opens a role session, executes the plan, then releases after the stream drains.\n * On mid-stream error, destroys the session instead of releasing.\n /\n executeWithRole<Row>(\n plan: SqlExecutionPlan<Row> \| SqlQueryPlan<Row>,\n binding: SupabaseRoleBinding,\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n const self = this;\n\n const generator = async function (): AsyncGenerator<Row, void, unknown> {\n const session = await self.openRoleSession(binding);\n let errored = false;\n try {\n for await (const row of session.execute(plan, options)) {\n yield row;\n }\n } catch (err) {\n errored = true;\n await session.destroy(err).catch(() => undefined);\n throw err;\n } finally {\n if (!errored) {\n await session.release();\n }\n }\n };\n\n return new AsyncIterableResult(generator());\n }\n}\n","import postgresAdapter from '@prisma-next/adapter-postgres/runtime';\nimport type { Contract } from '@prisma-next/contract/types';\nimport postgresDriver from '@prisma-next/driver-postgres/runtime';\nimport { instantiateExecutionStack } from '@prisma-next/framework-components/execution';\nimport type {\n AsyncIterableResult,\n RuntimeExecuteOptions,\n} from '@prisma-next/framework-components/runtime';\nimport { sql } from '@prisma-next/sql-builder/runtime';\nimport type { Db } from '@prisma-next/sql-builder/types';\nimport type { SqlStorage } from '@prisma-next/sql-contract/types';\nimport { orm } from '@prisma-next/sql-orm-client';\nimport type { RawSqlTag } from '@prisma-next/sql-relational-core/expression';\nimport { createRawSql } from '@prisma-next/sql-relational-core/expression';\nimport type { SqlExecutionPlan, SqlQueryPlan } from '@prisma-next/sql-relational-core/plan';\nimport type {\n ExecutionContext,\n SqlExecutionStackWithDriver,\n SqlMiddleware,\n SqlRuntimeExtensionDescriptor,\n TransactionContext,\n VerifyMarkerOption,\n} from '@prisma-next/sql-runtime';\nimport {\n createExecutionContext,\n createSqlExecutionStack,\n withTransaction,\n} from '@prisma-next/sql-runtime';\nimport postgresTarget, { PostgresContractSerializer } from '@prisma-next/target-postgres/runtime';\nimport { blindCast } from '@prisma-next/utils/casts';\nimport { ifDefined } from '@prisma-next/utils/defined';\nimport { createRemoteJWKSet, type JWTVerifyResult, jwtVerify } from 'jose';\nimport type { Client } from 'pg';\nimport { Pool } from 'pg';\nimport { supabaseRuntimeDescriptor } from './descriptor';\nimport type { SupabaseRoleBinding, SupabaseRuntime } from './supabase-runtime';\nimport { SupabaseRuntimeImpl } from './supabase-runtime';\n\nexport type SupabaseTargetId = 'postgres';\n\ntype OrmClient<TContract extends Contract<SqlStorage>> = ReturnType<typeof orm<TContract>>;\n\nexport class SupabaseConfigError extends Error {\n override readonly name = 'SupabaseConfigError';\n constructor(message: string) {\n super(message);\n }\n}\n\nexport class InvalidJwtError extends Error {\n override readonly name = 'InvalidJwtError';\n readonly reason: string;\n constructor(reason: string) {\n super(`Invalid JWT: ${reason}`);\n this.reason = reason;\n }\n}\n\ntype KeyMaterial =\n \| { readonly kind: 'secret'; readonly key: Uint8Array }\n \| { readonly kind: 'jwks'; readonly keyset: ReturnType<typeof createRemoteJWKSet> };\n\nexport interface RoleBoundDb<TContract extends Contract<SqlStorage>> {\n readonly sql: Db<TContract>;\n readonly orm: OrmClient<TContract>;\n readonly raw: RawSqlTag;\n execute<Row>(\n plan: (SqlExecutionPlan<Row> \| SqlQueryPlan<Row>) & { readonly _row?: Row },\n options?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row>;\n transaction<R>(fn: (tx: TransactionContext) => PromiseLike<R>): Promise<R>;\n}\n\nexport interface SupabaseDb<TContract extends Contract<SqlStorage>> {\n readonly context: ExecutionContext<TContract>;\n readonly stack: SqlExecutionStackWithDriver<SupabaseTargetId>;\n asUser(jwt: string): Promise<RoleBoundDb<TContract>>;\n asAnon(): RoleBoundDb<TContract>;\n asServiceRole(): RoleBoundDb<TContract>;\n close(): Promise<void>;\n [Symbol.asyncDispose](): Promise<void>;\n}\n\nexport interface SupabaseOptionsBase {\n readonly extensions?: readonly SqlRuntimeExtensionDescriptor<SupabaseTargetId>[];\n readonly middleware?: readonly SqlMiddleware[];\n readonly verifyMarker?: VerifyMarkerOption;\n readonly poolOptions?: {\n readonly connectionTimeoutMillis?: number;\n readonly idleTimeoutMillis?: number;\n };\n}\n\nexport interface SupabaseBindingOptions {\n readonly url?: string;\n readonly pg?: Pool \| Client;\n}\n\ntype JwtSecretOption = {\n readonly jwtSecret: string;\n readonly jwksUrl?: never;\n};\n\ntype JwksUrlOption = {\n readonly jwksUrl: string;\n readonly jwtSecret?: never;\n};\n\nexport type SupabaseOptionsWithContract<TContract extends Contract<SqlStorage>> =\n SupabaseBindingOptions &\n SupabaseOptionsBase &\n (JwtSecretOption \| JwksUrlOption) & {\n readonly contract: TContract;\n readonly contractJson?: never;\n };\n\nexport type SupabaseOptionsWithContractJson<TContract extends Contract<SqlStorage>> =\n SupabaseBindingOptions &\n SupabaseOptionsBase &\n (JwtSecretOption \| JwksUrlOption) & {\n readonly contractJson: unknown;\n readonly contract?: never;\n readonly _contract?: TContract;\n };\n\nexport type SupabaseOptions<TContract extends Contract<SqlStorage>> =\n \| SupabaseOptionsWithContract<TContract>\n \| SupabaseOptionsWithContractJson<TContract>;\n\nfunction hasContractJson<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptions<TContract>,\n): options is SupabaseOptionsWithContractJson<TContract> {\n return 'contractJson' in options;\n}\n\nconst contractSerializer = new PostgresContractSerializer();\n\nfunction resolveContract<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptions<TContract>,\n): TContract {\n const contractInput = hasContractJson(options) ? options.contractJson : options.contract;\n return blindCast<\n TContract,\n 'contractSerializer.deserializeContract returns a validated TContract'\n >(contractSerializer.deserializeContract(contractInput));\n}\n\nfunction resolveKeyMaterial<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptions<TContract>,\n): KeyMaterial {\n const jwtSecret = 'jwtSecret' in options ? options.jwtSecret : undefined;\n const jwksUrl = 'jwksUrl' in options ? options.jwksUrl : undefined;\n\n if (jwtSecret !== undefined && jwksUrl !== undefined) {\n throw new SupabaseConfigError('Provide either jwtSecret or jwksUrl, not both');\n }\n if (jwtSecret === undefined && jwksUrl === undefined) {\n throw new SupabaseConfigError('Either jwtSecret or jwksUrl is required');\n }\n\n if (jwtSecret !== undefined) {\n return { kind: 'secret', key: new TextEncoder().encode(jwtSecret) };\n }\n\n if (jwksUrl !== undefined) {\n return { kind: 'jwks', keyset: createRemoteJWKSet(new URL(jwksUrl)) };\n }\n\n throw new SupabaseConfigError('Either jwtSecret or jwksUrl is required');\n}\n\nfunction toPool<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptions<TContract>,\n): { pool: Pool; owned: boolean } \| undefined {\n if (options.pg instanceof Pool) {\n return { pool: options.pg, owned: false };\n }\n if (typeof options.url === 'string') {\n return {\n pool: new Pool({\n connectionString: options.url,\n connectionTimeoutMillis: options.poolOptions?.connectionTimeoutMillis ?? 20_000,\n idleTimeoutMillis: options.poolOptions?.idleTimeoutMillis ?? 30_000,\n }),\n owned: true,\n };\n }\n return undefined;\n}\n\nfunction withSupabaseDescriptor(\n extensions: readonly SqlRuntimeExtensionDescriptor<SupabaseTargetId>[] \| undefined,\n): readonly SqlRuntimeExtensionDescriptor<SupabaseTargetId>[] {\n const packs = extensions ?? [];\n return packs.some((pack) => pack.id === supabaseRuntimeDescriptor.id)\n ? packs\n : [...packs, supabaseRuntimeDescriptor];\n}\n\nexport default async function supabase<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptionsWithContract<TContract>,\n): Promise<SupabaseDb<TContract>>;\nexport default async function supabase<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptionsWithContractJson<TContract>,\n): Promise<SupabaseDb<TContract>>;\nexport default async function supabase<TContract extends Contract<SqlStorage>>(\n options: SupabaseOptions<TContract>,\n): Promise<SupabaseDb<TContract>> {\n const keyMaterial = resolveKeyMaterial(options);\n const contract = resolveContract(options);\n\n const stack = createSqlExecutionStack({\n target: postgresTarget,\n adapter: postgresAdapter,\n driver: postgresDriver,\n extensionPacks: withSupabaseDescriptor(options.extensions),\n });\n\n const context = createExecutionContext({ contract, stack });\n const rawCodecInferer = stack.adapter.rawCodecInferer;\n const rawSqlTag: RawSqlTag = createRawSql(rawCodecInferer);\n\n const poolEntry = toPool(options);\n let closed = false;\n\n const stackInstance = instantiateExecutionStack(stack);\n const driverDescriptor = stack.driver;\n if (!driverDescriptor) {\n throw new Error('Driver descriptor missing from execution stack');\n }\n const driver = driverDescriptor.create({ cursor: { disabled: true } });\n\n if (poolEntry) {\n await driver.connect({ kind: 'pgPool', pool: poolEntry.pool });\n }\n\n const runtime: SupabaseRuntime & SupabaseRuntimeImpl<TContract> = new SupabaseRuntimeImpl({\n context,\n adapter: stackInstance.adapter,\n driver,\n ...ifDefined('verifyMarker', options.verifyMarker),\n ...ifDefined('middleware', options.middleware),\n });\n\n async function verifyJwt(jwt: string): Promise<JWTVerifyResult> {\n try {\n if (keyMaterial.kind === 'secret') {\n return await jwtVerify(jwt, keyMaterial.key);\n }\n return await jwtVerify(jwt, keyMaterial.keyset);\n } catch (err) {\n const reason = err instanceof Error ? err.message : String(err);\n throw new InvalidJwtError(reason);\n }\n }\n\n function buildRoleBoundDb(binding: SupabaseRoleBinding): RoleBoundDb<TContract> {\n const roleSql: Db<TContract> = sql<TContract>({ context, rawCodecInferer });\n const roleOrm: OrmClient<TContract> = orm({\n runtime: {\n execute(plan) {\n return runtime.executeWithRole(plan, binding);\n },\n // connection() returns a role session; this is the enforcement path for ORM scope\n // operations (mutations, includes) — every statement runs role-bound.\n connection: () => runtime.openRoleSession(binding),\n },\n context,\n });\n\n return {\n sql: roleSql,\n orm: roleOrm,\n raw: rawSqlTag,\n execute<Row>(\n plan: (SqlExecutionPlan<Row> \| SqlQueryPlan<Row>) & { readonly _row?: Row },\n execOptions?: RuntimeExecuteOptions,\n ): AsyncIterableResult<Row> {\n return runtime.executeWithRole<Row>(plan, binding, execOptions);\n },\n transaction<R>(fn: (tx: TransactionContext) => PromiseLike<R>): Promise<R> {\n return withTransaction({ connection: () => runtime.openRoleSession(binding) }, fn);\n },\n };\n }\n\n async function closeDb(): Promise<void> {\n if (closed) return;\n closed = true;\n await runtime.close();\n if (poolEntry?.owned) {\n await poolEntry.pool.end().catch(() => undefined);\n }\n }\n\n return {\n context,\n stack,\n\n async asUser(jwt: string): Promise<RoleBoundDb<TContract>> {\n const { payload } = await verifyJwt(jwt);\n const rawRole = payload['role'];\n const roleStr = typeof rawRole === 'string' ? rawRole : 'authenticated';\n const role: SupabaseRoleBinding['role'] =\n roleStr === 'anon' \|\| roleStr === 'authenticated' \|\| roleStr === 'service_role'\n ? roleStr\n : 'authenticated';\n const binding: SupabaseRoleBinding = { role, claims: payload };\n return buildRoleBoundDb(binding);\n },\n\n asAnon(): RoleBoundDb<TContract> {\n return buildRoleBoundDb({ role: 'anon', claims: {} });\n },\n\n asServiceRole(): RoleBoundDb<TContract> {\n return buildRoleBoundDb({ role: 'service_role', claims: {} });\n },\n\n close: closeDb,\n [Symbol.asyncDispose]: closeDb,\n };\n}\n","import { supabaseRuntimeDescriptor } from '../runtime/descriptor';\n\nexport default supabaseRuntimeDescriptor;\n\nexport type {\n RoleBoundDb,\n SupabaseDb,\n SupabaseOptions,\n SupabaseOptionsWithContract,\n SupabaseOptionsWithContractJson,\n SupabaseTargetId,\n} from '../runtime/supabase';\nexport { default as supabase, InvalidJwtError, SupabaseConfigError } from '../runtime/supabase';\nexport type {\n RoleSession,\n SupabaseRoleBinding,\n SupabaseRuntime,\n} from '../runtime/supabase-runtime';\nexport { SupabaseRuntimeImpl } from '../runtime/supabase-runtime';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAa,4BAAuE;CAClF,MAAM;CACN,IAAI;CACKA;CACT,UAAU;CACV,UAAU;CACV,cAAc,CAAC;CACf,SAAS;EACP,OAAO;GACL,UAAU;GACV,UAAU;EACZ;CACF;AACF;;;ACGA,IAAa,sBAAb,cAEU,oBAA+B;;;;;;CAMvC,MAAM,gBAAgB,SAAoD;EACxE,MAAM,OAAO,MAAM,KAAK,qBAAqB;EAE7C,IAAI;GACF,MAAM,KAAK,MAAM,oCAAoC,CAAC,QAAQ,QAAQ,IAAI,CAAC;GAC3E,MAAM,KAAK,MAAM,oCAAoC,CACnD,sBACA,KAAK,UAAU,QAAQ,UAAU,CAAC,CAAC,CACrC,CAAC;EACH,SAAS,KAAK;GACZ,MAAM,KAAK,QAAQ,GAAG,CAAC,CAAC,YAAY,KAAA,CAAS;GAC7C,MAAM;EACR;EAEA,MAAM,OAAO;EAsFb,OAAO;GAnFL,QACE,MACA,SAC0B;IAC1B,OAAO,KAAK,wBAA6B,MAAM,MAAM;KAAE,GAAG;KAAS,OAAO;IAAa,CAAC;GAC1F;GAEA,gBACE,IACA,QACA,SAC0B;IAC1B,OAAO,KAAK,gCACV,UAGE,EAAE,GACJ,UAGE,MAAM,GACR,MACA;KAAE,GAAG;KAAS,OAAO;IAAa,CACpC;GACF;GAEA,MAAM,cAA2C;IAC/C,MAAM,KAAK,MAAM,KAAK,iBAAiB;IACvC,OAAO;KACL,MAAM,SAAwB;MAC5B,MAAM,GAAG,OAAO;KAClB;KACA,MAAM,WAA0B;MAC9B,MAAM,GAAG,SAAS;KACpB;KACA,QACE,MACA,SAC0B;MAC1B,OAAO,KAAK,wBAA6B,MAAM,IAAI;OACjD,GAAG;OACH,OAAO;MACT,CAAC;KACH;KACA,gBACE,IACA,QACA,SAC0B;MAC1B,OAAO,KAAK,gCACV,UAGE,EAAE,GACJ,UAGE,MAAM,GACR,IACA;OAAE,GAAG;OAAS,OAAO;MAAc,CACrC;KACF;IACF;GACF;;;;;GAMA,MAAM,UAAyB;IAC7B,IAAI;KACF,MAAM,KAAK,MAAM,WAAW;KAC5B,MAAM,KAAK,QAAQ;IACrB,SAAS,YAAY;KACnB,MAAM,KAAK,QAAQ,UAAU,CAAC,CAAC,YAAY,KAAA,CAAS;IACtD;GACF;GAEA,MAAM,QAAQ,QAAiC;IAC7C,MAAM,KAAK,QAAQ,MAAM;GAC3B;EAGW;CACf;;;;;CAMA,gBACE,MACA,SACA,SAC0B;EAC1B,MAAM,OAAO;EAEb,MAAM,YAAY,mBAAuD;GACvE,MAAM,UAAU,MAAM,KAAK,gBAAgB,OAAO;GAClD,IAAI,UAAU;GACd,IAAI;IACF,WAAW,MAAM,OAAO,QAAQ,QAAQ,MAAM,OAAO,GACnD,MAAM;GAEV,SAAS,KAAK;IACZ,UAAU;IACV,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC,YAAY,KAAA,CAAS;IAChD,MAAM;GACR,UAAU;IACR,IAAI,CAAC,SACH,MAAM,QAAQ,QAAQ;GAE1B;EACF;EAEA,OAAO,IAAI,oBAAoB,UAAU,CAAC;CAC5C;AACF;;;AChIA,IAAa,sBAAb,cAAyC,MAAM;CAC7C,OAAyB;CACzB,YAAY,SAAiB;EAC3B,MAAM,OAAO;CACf;AACF;AAEA,IAAa,kBAAb,cAAqC,MAAM;CACzC,OAAyB;CACzB;CACA,YAAY,QAAgB;EAC1B,MAAM,gBAAgB,QAAQ;EAC9B,KAAK,SAAS;CAChB;AACF;AAyEA,SAAS,gBACP,SACuD;CACvD,OAAO,kBAAkB;AAC3B;AAEA,MAAM,qBAAqB,IAAI,2BAA2B;AAE1D,SAAS,gBACP,SACW;CACX,MAAM,gBAAgB,gBAAgB,OAAO,IAAI,QAAQ,eAAe,QAAQ;CAChF,OAAO,UAGL,mBAAmB,oBAAoB,aAAa,CAAC;AACzD;AAEA,SAAS,mBACP,SACa;CACb,MAAM,YAAY,eAAe,UAAU,QAAQ,YAAY,KAAA;CAC/D,MAAM,UAAU,aAAa,UAAU,QAAQ,UAAU,KAAA;CAEzD,IAAI,cAAc,KAAA,KAAa,YAAY,KAAA,GACzC,MAAM,IAAI,oBAAoB,+CAA+C;CAE/E,IAAI,cAAc,KAAA,KAAa,YAAY,KAAA,GACzC,MAAM,IAAI,oBAAoB,yCAAyC;CAGzE,IAAI,cAAc,KAAA,GAChB,OAAO;EAAE,MAAM;EAAU,KAAK,IAAI,YAAY,CAAC,CAAC,OAAO,SAAS;CAAE;CAGpE,IAAI,YAAY,KAAA,GACd,OAAO;EAAE,MAAM;EAAQ,QAAQ,mBAAmB,IAAI,IAAI,OAAO,CAAC;CAAE;CAGtE,MAAM,IAAI,oBAAoB,yCAAyC;AACzE;AAEA,SAAS,OACP,SAC4C;CAC5C,IAAI,QAAQ,cAAc,MACxB,OAAO;EAAE,MAAM,QAAQ;EAAI,OAAO;CAAM;CAE1C,IAAI,OAAO,QAAQ,QAAQ,UACzB,OAAO;EACL,MAAM,IAAI,KAAK;GACb,kBAAkB,QAAQ;GAC1B,yBAAyB,QAAQ,aAAa,2BAA2B;GACzE,mBAAmB,QAAQ,aAAa,qBAAqB;EAC/D,CAAC;EACD,OAAO;CACT;AAGJ;AAEA,SAAS,uBACP,YAC4D;CAC5D,MAAM,QAAQ,cAAc,CAAC;CAC7B,OAAO,MAAM,MAAM,SAAS,KAAK,OAAO,0BAA0B,EAAE,IAChE,QACA,CAAC,GAAG,OAAO,yBAAyB;AAC1C;AAQA,eAA8B,SAC5B,SACgC;CAChC,MAAM,cAAc,mBAAmB,OAAO;CAC9C,MAAM,WAAW,gBAAgB,OAAO;CAExC,MAAM,QAAQ,wBAAwB;EACpC,QAAQ;EACR,SAAS;EACT,QAAQ;EACR,gBAAgB,uBAAuB,QAAQ,UAAU;CAC3D,CAAC;CAED,MAAM,UAAU,uBAAuB;EAAE;EAAU;CAAM,CAAC;CAC1D,MAAM,kBAAkB,MAAM,QAAQ;CACtC,MAAM,YAAuB,aAAa,eAAe;CAEzD,MAAM,YAAY,OAAO,OAAO;CAChC,IAAI,SAAS;CAEb,MAAM,gBAAgB,0BAA0B,KAAK;CACrD,MAAM,mBAAmB,MAAM;CAC/B,IAAI,CAAC,kBACH,MAAM,IAAI,MAAM,gDAAgD;CAElE,MAAM,SAAS,iBAAiB,OAAO,EAAE,QAAQ,EAAE,UAAU,KAAK,EAAE,CAAC;CAErE,IAAI,WACF,MAAM,OAAO,QAAQ;EAAE,MAAM;EAAU,MAAM,UAAU;CAAK,CAAC;CAG/D,MAAM,UAA4D,IAAI,oBAAoB;EACxF;EACA,SAAS,cAAc;EACvB;EACA,GAAG,UAAU,gBAAgB,QAAQ,YAAY;EACjD,GAAG,UAAU,cAAc,QAAQ,UAAU;CAC/C,CAAC;CAED,eAAe,UAAU,KAAuC;EAC9D,IAAI;GACF,IAAI,YAAY,SAAS,UACvB,OAAO,MAAM,UAAU,KAAK,YAAY,GAAG;GAE7C,OAAO,MAAM,UAAU,KAAK,YAAY,MAAM;EAChD,SAAS,KAAK;GAEZ,MAAM,IAAI,gBADK,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAC9B;EAClC;CACF;CAEA,SAAS,iBAAiB,SAAsD;EAc9E,OAAO;GACL,KAd6B,IAAe;IAAE;IAAS;GAAgB,CAc5D;GACX,KAdoC,IAAI;IACxC,SAAS;KACP,QAAQ,MAAM;MACZ,OAAO,QAAQ,gBAAgB,MAAM,OAAO;KAC9C;KAGA,kBAAkB,QAAQ,gBAAgB,OAAO;IACnD;IACA;GACF,CAIa;GACX,KAAK;GACL,QACE,MACA,aAC0B;IAC1B,OAAO,QAAQ,gBAAqB,MAAM,SAAS,WAAW;GAChE;GACA,YAAe,IAA4D;IACzE,OAAO,gBAAgB,EAAE,kBAAkB,QAAQ,gBAAgB,OAAO,EAAE,GAAG,EAAE;GACnF;EACF;CACF;CAEA,eAAe,UAAyB;EACtC,IAAI,QAAQ;EACZ,SAAS;EACT,MAAM,QAAQ,MAAM;EACpB,IAAI,WAAW,OACb,MAAM,UAAU,KAAK,IAAI,CAAC,CAAC,YAAY,KAAA,CAAS;CAEpD;CAEA,OAAO;EACL;EACA;EAEA,MAAM,OAAO,KAA8C;GACzD,MAAM,EAAE,YAAY,MAAM,UAAU,GAAG;GACvC,MAAM,UAAU,QAAQ;GACxB,MAAM,UAAU,OAAO,YAAY,WAAW,UAAU;GAMxD,OAAO,iBAAiB;IADe,MAHrC,YAAY,UAAU,YAAY,mBAAmB,YAAY,iBAC7D,UACA;IACuC,QAAQ;GACvB,CAAC;EACjC;EAEA,SAAiC;GAC/B,OAAO,iBAAiB;IAAE,MAAM;IAAQ,QAAQ,CAAC;GAAE,CAAC;EACtD;EAEA,gBAAwC;GACtC,OAAO,iBAAiB;IAAE,MAAM;IAAgB,QAAQ,CAAC;GAAE,CAAC;EAC9D;EAEA,OAAO;GACN,OAAO,eAAe;CACzB;AACF;;;AChUA,IAAA,kBAAe"}

package/dist/test/utils.d.mts CHANGED Viewed

@@ -2,10 +2,9 @@ import { Client } from "pg";
 //#region test/supabase-bootstrap.d.ts
 /**
- * Seeds the database with the external Supabase schemas and tables. The
- * caller passes an already-connected `pg.Client` — this function does not
- * open or close connections, so the same client can be reused across the
- * test's other setup steps.
+ * Seeds the database with the external Supabase schemas, tables, roles, and grants.
+ * The caller passes an already-connected `pg.Client` — this function does not
+ * open or close connections.
  *
  * Creates two schemas (`auth`, `storage`) and four tables whose columns
  * exactly match the `@prisma-next/extension-supabase` contract:
@@ -15,8 +14,10 @@ import { Client } from "pg";
  * - `storage.buckets` — id text PK, name text, created_at timestamptz, updated_at timestamptz
  * - `storage.objects` — id uuid PK, bucket_id text, name text, created_at timestamptz, updated_at timestamptz
  *
- * Does NOT create Postgres roles or `auth.*` functions — those are added by
- * the `postgres-rls` constituent.
+ * Creates the three Postgres roles and grants that mirror a real Supabase database.
+ * `ALTER DEFAULT PRIVILEGES` covers tables created after the shim runs (e.g. via `dbInit`).
+ * WAL grants are guarded by a schema-existence check — a PGlite single-connection
+ * accommodation so role-bound sessions can interleave with the WAL drain query.
  */
 declare function bootstrapSupabaseShim(client: Client): Promise<void>;
 //#endregion

package/dist/test/utils.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"utils.d.mts","names":[],"sources":["../../test/supabase-bootstrap.ts"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;iBAoDsB~~,qBAAA,CAAsB,MAAA,EAAQ,MAAA,GAAS,OAAO"}
1	+ {"version":3,"file":"utils.d.mts","names":[],"sources":["../../test/supabase-bootstrap.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;iBAiDsB,qBAAA,CAAsB,MAAA,EAAQ,MAAA,GAAS,OAAO"}