npm - @qwickapps/server - Versions diffs - 1.3.0 → 1.4.0 - Mend

@qwickapps/server 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/README.md +311 -0
package/dist/core/control-panel.d.ts.map +1 -1
package/dist/core/control-panel.js +144 -2
package/dist/core/control-panel.js.map +1 -1
package/dist/core/plugin-registry.d.ts +36 -0
package/dist/core/plugin-registry.d.ts.map +1 -1
package/dist/core/plugin-registry.js +26 -0
package/dist/core/plugin-registry.js.map +1 -1
package/dist/core/types.d.ts +19 -0
package/dist/core/types.d.ts.map +1 -1
package/dist/index.d.ts +2 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -2
package/dist/index.js.map +1 -1
package/dist/plugins/auth/adapter-wrapper.d.ts +47 -0
package/dist/plugins/auth/adapter-wrapper.d.ts.map +1 -0
package/dist/plugins/auth/adapter-wrapper.js +166 -0
package/dist/plugins/auth/adapter-wrapper.js.map +1 -0
package/dist/plugins/auth/adapter-wrapper.test.d.ts +7 -0
package/dist/plugins/auth/adapter-wrapper.test.d.ts.map +1 -0
package/dist/plugins/auth/adapter-wrapper.test.js +303 -0
package/dist/plugins/auth/adapter-wrapper.test.js.map +1 -0
package/dist/plugins/auth/adapters/index.d.ts +1 -0
package/dist/plugins/auth/adapters/index.d.ts.map +1 -1
package/dist/plugins/auth/adapters/index.js +1 -0
package/dist/plugins/auth/adapters/index.js.map +1 -1
package/dist/plugins/auth/adapters/supabase-adapter.d.ts.map +1 -1
package/dist/plugins/auth/adapters/supabase-adapter.js.map +1 -1
package/dist/plugins/auth/adapters/supertokens-adapter.d.ts +18 -0
package/dist/plugins/auth/adapters/supertokens-adapter.d.ts.map +1 -0
package/dist/plugins/auth/adapters/supertokens-adapter.js +267 -0
package/dist/plugins/auth/adapters/supertokens-adapter.js.map +1 -0
package/dist/plugins/auth/config-store.d.ts +11 -0
package/dist/plugins/auth/config-store.d.ts.map +1 -0
package/dist/plugins/auth/config-store.js +232 -0
package/dist/plugins/auth/config-store.js.map +1 -0
package/dist/plugins/auth/config-store.test.d.ts +7 -0
package/dist/plugins/auth/config-store.test.d.ts.map +1 -0
package/dist/plugins/auth/config-store.test.js +299 -0
package/dist/plugins/auth/config-store.test.js.map +1 -0
package/dist/plugins/auth/env-config.d.ts +138 -0
package/dist/plugins/auth/env-config.d.ts.map +1 -0
package/dist/plugins/auth/env-config.js +1122 -0
package/dist/plugins/auth/env-config.js.map +1 -0
package/dist/plugins/auth/index.d.ts +7 -1
package/dist/plugins/auth/index.d.ts.map +1 -1
package/dist/plugins/auth/index.js +7 -0
package/dist/plugins/auth/index.js.map +1 -1
package/dist/plugins/auth/supertokens-adapter.test.d.ts +10 -0
package/dist/plugins/auth/supertokens-adapter.test.d.ts.map +1 -0
package/dist/plugins/auth/supertokens-adapter.test.js +486 -0
package/dist/plugins/auth/supertokens-adapter.test.js.map +1 -0
package/dist/plugins/auth/types.d.ts +176 -0
package/dist/plugins/auth/types.d.ts.map +1 -1
package/dist/plugins/auth/types.js.map +1 -1
package/dist/plugins/cache-plugin.test.js +3 -0
package/dist/plugins/cache-plugin.test.js.map +1 -1
package/dist/plugins/index.d.ts +6 -2
package/dist/plugins/index.d.ts.map +1 -1
package/dist/plugins/index.js +5 -1
package/dist/plugins/index.js.map +1 -1
package/dist/plugins/postgres-plugin.test.js +3 -0
package/dist/plugins/postgres-plugin.test.js.map +1 -1
package/dist/plugins/preferences/__tests__/deep-merge.test.d.ts +7 -0
package/dist/plugins/preferences/__tests__/deep-merge.test.d.ts.map +1 -0
package/dist/plugins/preferences/__tests__/deep-merge.test.js +215 -0
package/dist/plugins/preferences/__tests__/deep-merge.test.js.map +1 -0
package/dist/plugins/preferences/__tests__/preferences-plugin.test.d.ts +7 -0
package/dist/plugins/preferences/__tests__/preferences-plugin.test.d.ts.map +1 -0
package/dist/plugins/preferences/__tests__/preferences-plugin.test.js +265 -0
package/dist/plugins/preferences/__tests__/preferences-plugin.test.js.map +1 -0
package/dist/plugins/preferences/index.d.ts +12 -0
package/dist/plugins/preferences/index.d.ts.map +1 -0
package/dist/plugins/preferences/index.js +13 -0
package/dist/plugins/preferences/index.js.map +1 -0
package/dist/plugins/preferences/preferences-plugin.d.ts +39 -0
package/dist/plugins/preferences/preferences-plugin.d.ts.map +1 -0
package/dist/plugins/preferences/preferences-plugin.js +226 -0
package/dist/plugins/preferences/preferences-plugin.js.map +1 -0
package/dist/plugins/preferences/stores/index.d.ts +9 -0
package/dist/plugins/preferences/stores/index.d.ts.map +1 -0
package/dist/plugins/preferences/stores/index.js +9 -0
package/dist/plugins/preferences/stores/index.js.map +1 -0
package/dist/plugins/preferences/stores/postgres-store.d.ts +41 -0
package/dist/plugins/preferences/stores/postgres-store.d.ts.map +1 -0
package/dist/plugins/preferences/stores/postgres-store.js +181 -0
package/dist/plugins/preferences/stores/postgres-store.js.map +1 -0
package/dist/plugins/preferences/types.d.ts +91 -0
package/dist/plugins/preferences/types.d.ts.map +1 -0
package/dist/plugins/preferences/types.js +10 -0
package/dist/plugins/preferences/types.js.map +1 -0
package/dist/plugins/rate-limit/__tests__/rate-limit-plugin.test.d.ts +7 -0
package/dist/plugins/rate-limit/__tests__/rate-limit-plugin.test.d.ts.map +1 -0
package/dist/plugins/rate-limit/__tests__/rate-limit-plugin.test.js +220 -0
package/dist/plugins/rate-limit/__tests__/rate-limit-plugin.test.js.map +1 -0
package/dist/plugins/rate-limit/cleanup.d.ts +40 -0
package/dist/plugins/rate-limit/cleanup.d.ts.map +1 -0
package/dist/plugins/rate-limit/cleanup.js +72 -0
package/dist/plugins/rate-limit/cleanup.js.map +1 -0
package/dist/plugins/rate-limit/env-config.d.ts +91 -0
package/dist/plugins/rate-limit/env-config.d.ts.map +1 -0
package/dist/plugins/rate-limit/env-config.js +318 -0
package/dist/plugins/rate-limit/env-config.js.map +1 -0
package/dist/plugins/rate-limit/index.d.ts +76 -0
package/dist/plugins/rate-limit/index.d.ts.map +1 -0
package/dist/plugins/rate-limit/index.js +79 -0
package/dist/plugins/rate-limit/index.js.map +1 -0
package/dist/plugins/rate-limit/middleware.d.ts +40 -0
package/dist/plugins/rate-limit/middleware.d.ts.map +1 -0
package/dist/plugins/rate-limit/middleware.js +169 -0
package/dist/plugins/rate-limit/middleware.js.map +1 -0
package/dist/plugins/rate-limit/rate-limit-plugin.d.ts +44 -0
package/dist/plugins/rate-limit/rate-limit-plugin.d.ts.map +1 -0
package/dist/plugins/rate-limit/rate-limit-plugin.js +354 -0
package/dist/plugins/rate-limit/rate-limit-plugin.js.map +1 -0
package/dist/plugins/rate-limit/rate-limit-service.d.ts +110 -0
package/dist/plugins/rate-limit/rate-limit-service.d.ts.map +1 -0
package/dist/plugins/rate-limit/rate-limit-service.js +172 -0
package/dist/plugins/rate-limit/rate-limit-service.js.map +1 -0
package/dist/plugins/rate-limit/stores/cache-store.d.ts +33 -0
package/dist/plugins/rate-limit/stores/cache-store.d.ts.map +1 -0
package/dist/plugins/rate-limit/stores/cache-store.js +225 -0
package/dist/plugins/rate-limit/stores/cache-store.js.map +1 -0
package/dist/plugins/rate-limit/stores/index.d.ts +8 -0
package/dist/plugins/rate-limit/stores/index.d.ts.map +1 -0
package/dist/plugins/rate-limit/stores/index.js +8 -0
package/dist/plugins/rate-limit/stores/index.js.map +1 -0
package/dist/plugins/rate-limit/stores/postgres-store.d.ts +34 -0
package/dist/plugins/rate-limit/stores/postgres-store.d.ts.map +1 -0
package/dist/plugins/rate-limit/stores/postgres-store.js +320 -0
package/dist/plugins/rate-limit/stores/postgres-store.js.map +1 -0
package/dist/plugins/rate-limit/strategies/fixed-window.d.ts +21 -0
package/dist/plugins/rate-limit/strategies/fixed-window.d.ts.map +1 -0
package/dist/plugins/rate-limit/strategies/fixed-window.js +97 -0
package/dist/plugins/rate-limit/strategies/fixed-window.js.map +1 -0
package/dist/plugins/rate-limit/strategies/index.d.ts +14 -0
package/dist/plugins/rate-limit/strategies/index.d.ts.map +1 -0
package/dist/plugins/rate-limit/strategies/index.js +27 -0
package/dist/plugins/rate-limit/strategies/index.js.map +1 -0
package/dist/plugins/rate-limit/strategies/sliding-window.d.ts +22 -0
package/dist/plugins/rate-limit/strategies/sliding-window.d.ts.map +1 -0
package/dist/plugins/rate-limit/strategies/sliding-window.js +122 -0
package/dist/plugins/rate-limit/strategies/sliding-window.js.map +1 -0
package/dist/plugins/rate-limit/strategies/token-bucket.d.ts +28 -0
package/dist/plugins/rate-limit/strategies/token-bucket.d.ts.map +1 -0
package/dist/plugins/rate-limit/strategies/token-bucket.js +121 -0
package/dist/plugins/rate-limit/strategies/token-bucket.js.map +1 -0
package/dist/plugins/rate-limit/types.d.ts +265 -0
package/dist/plugins/rate-limit/types.d.ts.map +1 -0
package/dist/plugins/rate-limit/types.js +9 -0
package/dist/plugins/rate-limit/types.js.map +1 -0
package/dist/plugins/users/__tests__/users-plugin.test.d.ts +9 -0
package/dist/plugins/users/__tests__/users-plugin.test.d.ts.map +1 -0
package/dist/plugins/users/__tests__/users-plugin.test.js +546 -0
package/dist/plugins/users/__tests__/users-plugin.test.js.map +1 -0
package/dist/plugins/users/index.d.ts +2 -2
package/dist/plugins/users/index.d.ts.map +1 -1
package/dist/plugins/users/index.js +1 -1
package/dist/plugins/users/index.js.map +1 -1
package/dist/plugins/users/types.d.ts +36 -0
package/dist/plugins/users/types.d.ts.map +1 -1
package/dist/plugins/users/users-plugin.d.ts +8 -2
package/dist/plugins/users/users-plugin.d.ts.map +1 -1
package/dist/plugins/users/users-plugin.js +122 -5
package/dist/plugins/users/users-plugin.js.map +1 -1
package/dist-ui/assets/index-D7DoZ9rL.js +478 -0
package/dist-ui/assets/index-D7DoZ9rL.js.map +1 -0
package/dist-ui/index.html +1 -1
package/dist-ui-lib/api/controlPanelApi.d.ts +194 -7
package/dist-ui-lib/dashboard/WidgetComponentRegistry.d.ts +9 -5
package/dist-ui-lib/dashboard/builtInWidgets.d.ts +7 -1
package/dist-ui-lib/dashboard/widgets/AuthStatusWidget.d.ts +9 -0
package/dist-ui-lib/dashboard/widgets/IntegrationStatusWidget.d.ts +9 -0
package/dist-ui-lib/dashboard/widgets/index.d.ts +2 -0
package/dist-ui-lib/index.js +3665 -3945
package/dist-ui-lib/index.js.map +1 -1
package/dist-ui-lib/pages/AuthPage.d.ts +1 -0
package/dist-ui-lib/pages/IntegrationsPage.d.ts +1 -0
package/dist-ui-lib/pages/PluginsPage.d.ts +1 -0
package/dist-ui-lib/pages/RateLimitPage.d.ts +1 -0
package/package.json +7 -2
package/src/core/control-panel.ts +161 -2
package/src/core/plugin-registry.ts +63 -0
package/src/core/types.ts +17 -0
package/src/index.ts +45 -0
package/src/plugins/auth/adapter-wrapper.test.ts +395 -0
package/src/plugins/auth/adapter-wrapper.ts +205 -0
package/src/plugins/auth/adapters/index.ts +1 -0
package/src/plugins/auth/adapters/supabase-adapter.ts +22 -14
package/src/plugins/auth/adapters/supertokens-adapter.ts +326 -0
package/src/plugins/auth/config-store.test.ts +417 -0
package/src/plugins/auth/config-store.ts +305 -0
package/src/plugins/auth/env-config.ts +1279 -0
package/src/plugins/auth/index.ts +30 -0
package/src/plugins/auth/supertokens-adapter.test.ts +621 -0
package/src/plugins/auth/types.ts +218 -0
package/src/plugins/cache-plugin.test.ts +3 -0
package/src/plugins/index.ts +75 -0
package/src/plugins/postgres-plugin.test.ts +3 -0
package/src/plugins/preferences/__tests__/deep-merge.test.ts +242 -0
package/src/plugins/preferences/__tests__/preferences-plugin.test.ts +350 -0
package/src/plugins/preferences/index.ts +30 -0
package/src/plugins/preferences/preferences-plugin.ts +270 -0
package/src/plugins/preferences/stores/index.ts +9 -0
package/src/plugins/preferences/stores/postgres-store.ts +252 -0
package/src/plugins/preferences/types.ts +100 -0
package/src/plugins/rate-limit/__tests__/rate-limit-plugin.test.ts +259 -0
package/src/plugins/rate-limit/cleanup.ts +117 -0
package/src/plugins/rate-limit/env-config.ts +400 -0
package/src/plugins/rate-limit/index.ts +128 -0
package/src/plugins/rate-limit/middleware.ts +212 -0
package/src/plugins/rate-limit/rate-limit-plugin.ts +400 -0
package/src/plugins/rate-limit/rate-limit-service.ts +228 -0
package/src/plugins/rate-limit/stores/cache-store.ts +261 -0
package/src/plugins/rate-limit/stores/index.ts +8 -0
package/src/plugins/rate-limit/stores/postgres-store.ts +402 -0
package/src/plugins/rate-limit/strategies/fixed-window.ts +116 -0
package/src/plugins/rate-limit/strategies/index.ts +30 -0
package/src/plugins/rate-limit/strategies/sliding-window.ts +157 -0
package/src/plugins/rate-limit/strategies/token-bucket.ts +154 -0
package/src/plugins/rate-limit/types.ts +338 -0
package/src/plugins/users/__tests__/users-plugin.test.ts +690 -0
package/src/plugins/users/index.ts +3 -0
package/src/plugins/users/types.ts +38 -0
package/src/plugins/users/users-plugin.ts +142 -5
package/ui/src/App.tsx +35 -14
package/ui/src/api/controlPanelApi.ts +326 -1
package/ui/src/components/ControlPanelApp.tsx +3 -0
package/ui/src/dashboard/PluginWidgetRenderer.tsx +13 -10
package/ui/src/dashboard/WidgetComponentRegistry.tsx +13 -9
package/ui/src/dashboard/builtInWidgets.tsx +13 -3
package/ui/src/dashboard/widgets/AuthStatusWidget.tsx +143 -0
package/ui/src/dashboard/widgets/IntegrationStatusWidget.tsx +135 -0
package/ui/src/dashboard/widgets/index.ts +2 -0
package/ui/src/pages/AuthPage.tsx +1103 -0
package/ui/src/pages/IntegrationsPage.tsx +288 -0
package/ui/src/pages/PluginsPage.tsx +394 -0
package/ui/src/pages/RateLimitPage.tsx +292 -0
package/ui/vite.lib.config.ts +5 -0
package/dist-ui/assets/index-Bsp2ntcw.js +0 -465
package/dist-ui/assets/index-Bsp2ntcw.js.map +0 -1

package/src/plugins/auth/config-store.ts ADDED Viewed

@@ -0,0 +1,305 @@
+/**
+ * Auth Configuration Store
+ *
+ * PostgreSQL-based storage for runtime auth configuration.
+ * Supports pg_notify for cross-instance hot-reload in scaled deployments.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import type {
+  AuthConfigStore,
+  RuntimeAuthConfig,
+  PostgresAuthConfigStoreConfig,
+} from './types.js';
+// Pool interface (from pg package)
+interface PgPool {
+  query(text: string, values?: unknown[]): Promise<{ rows: unknown[]; rowCount: number | null }>;
+  connect(): Promise<PgPoolClient>;
+  on(event: string, callback: (err?: Error, client?: PgPoolClient) => void): void;
+}
+interface PgPoolClient {
+  query(text: string, values?: unknown[]): Promise<{ rows: unknown[]; rowCount: number | null }>;
+  on(event: string, callback: (msg: { channel: string; payload?: string }) => void): void;
+  release(destroy?: boolean): void;
+}
+/**
+ * Create a PostgreSQL-backed auth configuration store
+ *
+ * @param config Configuration including a pg Pool instance
+ * @returns AuthConfigStore implementation
+ *
+ * @example
+ * ```ts
+ * import { Pool } from 'pg';
+ * import { postgresAuthConfigStore } from '@qwickapps/server';
+ *
+ * const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+ * const store = postgresAuthConfigStore({ pool });
+ *
+ * // Or with lazy initialization:
+ * const store = postgresAuthConfigStore({ pool: () => getPostgres().getPool() });
+ * ```
+ */
+// Valid identifier pattern (alphanumeric + underscore, starting with letter or underscore)
+const VALID_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+/**
+ * Validate SQL identifier to prevent SQL injection
+ */
+function validateIdentifier(name: string, type: string): void {
+  if (!VALID_IDENTIFIER.test(name)) {
+    throw new Error(`Invalid ${type}: must be alphanumeric with underscores, starting with letter or underscore`);
+  }
+  if (name.length > 63) {
+    throw new Error(`Invalid ${type}: must be 63 characters or less`);
+  }
+}
+export function postgresAuthConfigStore(config: PostgresAuthConfigStoreConfig): AuthConfigStore {
+  const {
+    pool: poolOrFn,
+    tableName = 'auth_config',
+    schema = 'public',
+    autoCreateTable = true,
+    enableNotify = true,
+    notifyChannel = 'auth_config_changed',
+  } = config;
+  // Validate identifiers to prevent SQL injection
+  validateIdentifier(tableName, 'table name');
+  validateIdentifier(schema, 'schema name');
+  validateIdentifier(notifyChannel, 'notify channel');
+  // Helper to get pool (supports lazy initialization via function)
+  const getPool = (): PgPool => {
+    const pool = typeof poolOrFn === 'function' ? poolOrFn() : poolOrFn;
+    if (!pool || typeof (pool as PgPool).query !== 'function') {
+      throw new Error('Invalid pool: must have query method');
+    }
+    return pool as PgPool;
+  };
+  const tableFullName = `"${schema}"."${tableName}"`;
+  // Listeners for config changes
+  const listeners: Set<(config: RuntimeAuthConfig | null) => void> = new Set();
+  // Client dedicated to listening for notifications
+  let listenerClient: PgPoolClient | null = null;
+  // Reconnection state for exponential backoff
+  let reconnectAttempt = 0;
+  const maxReconnectDelay = 60000; // Max 60 seconds
+  const baseReconnectDelay = 1000; // Start at 1 second
+  /**
+   * Calculate reconnect delay with exponential backoff
+   */
+  function getReconnectDelay(): number {
+    // Exponential backoff: 1s, 2s, 4s, 8s, 16s, 32s, 60s (capped)
+    const delay = Math.min(baseReconnectDelay * Math.pow(2, reconnectAttempt), maxReconnectDelay);
+    reconnectAttempt++;
+    return delay;
+  }
+  /**
+   * Reset reconnection state after successful connection
+   */
+  function resetReconnectState(): void {
+    reconnectAttempt = 0;
+  }
+  /**
+   * Start listening for pg_notify events
+   */
+  async function startListening(): Promise<void> {
+    if (!enableNotify || listenerClient) return;
+    try {
+      const pool = getPool();
+      listenerClient = await pool.connect();
+      // Subscribe to the notification channel
+      await listenerClient.query(`LISTEN ${notifyChannel}`);
+      // Reset backoff on successful connection
+      resetReconnectState();
+      // Handle notifications
+      listenerClient.on('notification', async (msg: { channel: string; payload?: string }) => {
+        if (msg.channel === notifyChannel) {
+          // Reload config from database and notify listeners
+          const newConfig = await loadFromDb();
+          for (const listener of listeners) {
+            try {
+              listener(newConfig);
+            } catch (err) {
+              console.error('[AuthConfigStore] Listener error:', err);
+            }
+          }
+        }
+      });
+      // Handle errors - try to reconnect with exponential backoff
+      // Note: pg client emits 'error' events with Error objects, but our interface
+      // only defines 'notification'. We cast to any to handle this.
+      (listenerClient as unknown as { on(event: 'error', cb: (err: Error) => void): void }).on(
+        'error',
+        (err: Error) => {
+          console.error('[AuthConfigStore] Listener connection error:', err);
+          listenerClient?.release(true);
+          listenerClient = null;
+          // Try to reconnect with exponential backoff
+          const delay = getReconnectDelay();
+          console.log(`[AuthConfigStore] Reconnecting in ${delay}ms (attempt ${reconnectAttempt})`);
+          setTimeout(() => startListening(), delay);
+        }
+      );
+    } catch (err) {
+      console.error('[AuthConfigStore] Failed to start listener:', err);
+      listenerClient = null;
+      // Also apply backoff on initial connection failure
+      const delay = getReconnectDelay();
+      console.log(`[AuthConfigStore] Retrying connection in ${delay}ms (attempt ${reconnectAttempt})`);
+      setTimeout(() => startListening(), delay);
+    }
+  }
+  /**
+   * Load config from database
+   */
+  async function loadFromDb(): Promise<RuntimeAuthConfig | null> {
+    const pool = getPool();
+    const result = await pool.query(
+      `SELECT adapter, config, settings, updated_at, updated_by
+       FROM ${tableFullName}
+       LIMIT 1`
+    );
+    if (result.rows.length === 0) {
+      return null;
+    }
+    const row = result.rows[0] as {
+      adapter: string | null;
+      config: Record<string, unknown>;
+      settings: Record<string, unknown>;
+      updated_at: Date;
+      updated_by: string | null;
+    };
+    return {
+      adapter: row.adapter as RuntimeAuthConfig['adapter'],
+      config: row.config as RuntimeAuthConfig['config'],
+      settings: row.settings as RuntimeAuthConfig['settings'],
+      updatedAt: row.updated_at.toISOString(),
+      updatedBy: row.updated_by || undefined,
+    };
+  }
+  return {
+    name: 'postgres',
+    async initialize(): Promise<void> {
+      if (!autoCreateTable) {
+        await startListening();
+        return;
+      }
+      const pool = getPool();
+      // Create table with singleton pattern (only one row allowed)
+      await pool.query(`
+        CREATE TABLE IF NOT EXISTS ${tableFullName} (
+          id SERIAL PRIMARY KEY,
+          adapter VARCHAR(50),
+          config JSONB NOT NULL DEFAULT '{}',
+          settings JSONB NOT NULL DEFAULT '{}',
+          created_at TIMESTAMPTZ DEFAULT NOW(),
+          updated_at TIMESTAMPTZ DEFAULT NOW(),
+          updated_by VARCHAR(255)
+        );
+        -- Ensure only one config row (singleton pattern)
+        CREATE UNIQUE INDEX IF NOT EXISTS idx_${tableName}_singleton
+        ON ${tableFullName} ((true));
+      `);
+      // Start listening for notifications
+      await startListening();
+    },
+    async load(): Promise<RuntimeAuthConfig | null> {
+      return loadFromDb();
+    },
+    async save(runtimeConfig: RuntimeAuthConfig): Promise<void> {
+      const pool = getPool();
+      // Upsert the configuration
+      await pool.query(
+        `INSERT INTO ${tableFullName} (adapter, config, settings, updated_at, updated_by)
+         VALUES ($1, $2, $3, NOW(), $4)
+         ON CONFLICT ((true)) DO UPDATE SET
+           adapter = $1,
+           config = $2,
+           settings = $3,
+           updated_at = NOW(),
+           updated_by = $4`,
+        [
+          runtimeConfig.adapter,
+          JSON.stringify(runtimeConfig.config),
+          JSON.stringify(runtimeConfig.settings),
+          runtimeConfig.updatedBy || null,
+        ]
+      );
+      // Notify other instances
+      if (enableNotify) {
+        await pool.query(`NOTIFY ${notifyChannel}`);
+      }
+    },
+    async delete(): Promise<boolean> {
+      const pool = getPool();
+      const result = await pool.query(`DELETE FROM ${tableFullName}`);
+      // Notify other instances
+      if (enableNotify) {
+        await pool.query(`NOTIFY ${notifyChannel}`);
+      }
+      return (result.rowCount ?? 0) > 0;
+    },
+    onChange(callback: (config: RuntimeAuthConfig | null) => void): () => void {
+      listeners.add(callback);
+      // Return unsubscribe function
+      return () => {
+        listeners.delete(callback);
+      };
+    },
+    async shutdown(): Promise<void> {
+      // Release the listener client
+      if (listenerClient) {
+        try {
+          await listenerClient.query(`UNLISTEN ${notifyChannel}`);
+        } catch {
+          // Ignore errors during shutdown
+        }
+        listenerClient.release(true);
+        listenerClient = null;
+      }
+      // Clear listeners
+      listeners.clear();
+    },
+  };
+}