@rebasepro/sdk-generator 0.2.4 → 0.2.5

package/dist/common/src/collections/default-collections.d.ts

@@ -1,12 +1,9 @@
-import { PostgresCollection } from "@rebasepro/types";
+import type { PostgresCollection } from "@rebasepro/types";
 /**
- * Default users collection definition.
+ * Default users collection.
  *
- * Shared between the admin UI (for navigation/display) and the backend
- * (for schema generation). Both consumers prepend this to the developer's
- * collections array and rely on generic slug-based deduplication
- * (Map keyed by slug, last-write-wins) so that developer-defined
- * collections with the same slug override this default — no hardcoded
- * string checks required.
+ * Prepended to the developer's collections array by the admin and server.
+ * Slug-based dedup (Map keyed by slug, last-write-wins) lets developers
+ * override by defining their own collection with `slug: "users"`.
  */
 export declare const defaultUsersCollection: PostgresCollection;

package/dist/types/src/controllers/auth.d.ts

@@ -1,4 +1,4 @@
-import { Role, User } from "../users";
+import type { User } from "../users";
 /**
  * Capabilities advertised by an auth provider.
  * UI components use this to show/hide features dynamically
@@ -62,7 +62,7 @@ export type AuthController<USER extends User = User, ExtraData = unknown> = {
     extra: ExtraData;
     setExtra: (extra: ExtraData) => void;
     setUser?(user: USER | null): void;
-    setUserRoles?(roles: Role[]): void;
+    setUserRoles?(roles: string[]): void;
     /**
      * Capabilities advertised by the auth provider.
      * UI components use this to feature-detect what the backend supports.

package/dist/types/src/controllers/client.d.ts

@@ -1,6 +1,6 @@
-import { User } from "../users";
-import { RebaseData } from "./data";
-import { EmailService } from "./email";
+import type { User } from "../users";
+import type { RebaseData } from "./data";
+import type { EmailService } from "./email";
 /**
  * Event type for authentication state changes
  */
@@ -14,7 +14,7 @@ export interface RebaseSession {
     expiresAt: number;
     user: User;
 }
-import { StorageSource } from "./storage";
+import type { StorageSource } from "./storage";
 /**
  * Unified Authentication Client Interface
  * Pure functional SDK interface, decoupled from UI and React hooks
@@ -56,19 +56,9 @@ export interface AdminUser {
     createdAt: string;
     updatedAt: string;
 }
-/**
- * Role record as returned by the Admin API.
- * @group Admin
- */
-export interface AdminRole {
-    id: string;
-    name: string;
-    isAdmin: boolean;
-    defaultPermissions: Record<string, unknown> | null;
-}
 /**
  * Client-side Admin API interface.
- * Provides user and role management operations.
+ * Provides user management operations.
  * @group Admin
  */
 export interface AdminAPI {
@@ -111,30 +101,6 @@ export interface AdminAPI {
     deleteUser(userId: string): Promise<{
         success: boolean;
     }>;
-    listRoles(): Promise<{
-        roles: AdminRole[];
-    }>;
-    getRole(roleId: string): Promise<{
-        role: AdminRole;
-    }>;
-    createRole(data: {
-        id: string;
-        name: string;
-        isAdmin?: boolean;
-        defaultPermissions?: Record<string, unknown>;
-    }): Promise<{
-        role: AdminRole;
-    }>;
-    updateRole(roleId: string, data: {
-        name?: string;
-        isAdmin?: boolean;
-        defaultPermissions?: Record<string, unknown>;
-    }): Promise<{
-        role: AdminRole;
-    }>;
-    deleteRole(roleId: string): Promise<{
-        success: boolean;
-    }>;
     bootstrap(): Promise<{
         success: boolean;
         message: string;
@@ -165,7 +131,7 @@ export interface RebaseClient<DB = unknown> {
      * > The client-side SDK does not include an email service.
      */
     email?: EmailService;
-    /** Admin API for user and role management */
+    /** Admin API for user management */
     admin?: AdminAPI;
     /**
      * The base HTTP URL of the backend server.
@@ -180,4 +146,23 @@ export interface RebaseClient<DB = unknown> {
      * detection (e.g. `typeof ws.executeSql === "function"`).
      */
     ws?: unknown;
+    /**
+     * Execute raw SQL against the database.
+     *
+     * Only available server-side when the backend uses a SQL database
+     * (PostgreSQL, MySQL, etc.). `undefined` for document databases
+     * (MongoDB, Firestore) and on the client-side SDK.
+     *
+     * @example
+     * ```typescript
+     * // In a cron job or custom function:
+     * if (ctx.client.sql) {
+     *     const rows = await ctx.client.sql("SELECT count(*) FROM orders");
+     * }
+     * ```
+     */
+    sql?(query: string, options?: {
+        database?: string;
+        role?: string;
+    }): Promise<Record<string, unknown>[]>;
 }

package/dist/types/src/controllers/data.d.ts

@@ -125,6 +125,10 @@ export interface CollectionAccessor<M extends Record<string, unknown> = Record<s
      * Delete a record by ID.
      */
     delete(id: string | number): Promise<void>;
+    /**
+     * Delete all records in this collection.
+     */
+    deleteAll?(): Promise<void>;
     /**
      * Subscribe to a collection for real-time updates.
      * Optional method, may not be supported by all implementations (like stateless HTTP clients).

package/dist/types/src/controllers/data_driver.d.ts

@@ -129,6 +129,11 @@ export interface DataDriver {
      * @return was the whole deletion flow successful
      */
     deleteEntity<M extends Record<string, unknown> = Record<string, unknown>>(props: DeleteEntityProps<M>): Promise<void>;
+    /**
+     * Delete all entities from a collection.
+     * @param path Collection path
+     */
+    deleteAll?(path: string): Promise<void>;
     /**
      * Check if the given property is unique in the given collection
      * @param path Collection path

package/dist/types/src/types/auth_adapter.d.ts

@@ -148,38 +148,6 @@ export interface AuthCreateUserData {
     photoUrl?: string;
     metadata?: Record<string, unknown>;
 }
-/**
- * Role data exposed by the auth adapter.
- * @group Auth
- */
-export interface AuthRoleData {
-    id: string;
-    name: string;
-    isAdmin: boolean;
-    defaultPermissions?: {
-        read?: boolean;
-        create?: boolean;
-        edit?: boolean;
-        delete?: boolean;
-    } | null;
-    collectionPermissions?: Record<string, {
-        read?: boolean;
-        create?: boolean;
-        edit?: boolean;
-        delete?: boolean;
-    }> | null;
-}
-/**
- * Data for creating a role.
- * @group Auth
- */
-export interface AuthCreateRoleData {
-    id: string;
-    name: string;
-    isAdmin?: boolean;
-    defaultPermissions?: AuthRoleData["defaultPermissions"];
-    collectionPermissions?: AuthRoleData["collectionPermissions"];
-}
 /**
  * User management operations for the admin panel.
  *
@@ -193,23 +161,9 @@ export interface UserManagementAdapter {
     createUser(data: AuthCreateUserData): Promise<AuthUserData>;
     updateUser(id: string, data: Partial<AuthCreateUserData>): Promise<AuthUserData | null>;
     deleteUser(id: string): Promise<void>;
-    getUserRoles(userId: string): Promise<AuthRoleData[]>;
+    getUserRoles(userId: string): Promise<string[]>;
     setUserRoles(userId: string, roleIds: string[]): Promise<void>;
 }
-/**
- * Role management operations for the admin panel.
- *
- * Optional — if not provided by the adapter, role management is disabled.
- *
- * @group Auth
- */
-export interface RoleManagementAdapter {
-    listRoles(): Promise<AuthRoleData[]>;
-    getRoleById(id: string): Promise<AuthRoleData | null>;
-    createRole(data: AuthCreateRoleData): Promise<AuthRoleData>;
-    updateRole(id: string, data: Partial<AuthRoleData>): Promise<AuthRoleData | null>;
-    deleteRole(id: string): Promise<void>;
-}
 /**
  * Pluggable authentication adapter for Rebase.
  *
@@ -217,7 +171,7 @@ export interface RoleManagementAdapter {
  * database layer. Each auth adapter knows how to:
  *
  * 1. Verify incoming HTTP requests (`verifyRequest`)
- * 2. Optionally manage users and roles (for the admin panel)
+ * 2. Optionally manage users (for the admin panel)
  * 3. Optionally mount auth-specific routes (login, register, etc.)
  * 4. Advertise its capabilities so the frontend can adapt
  *
@@ -269,11 +223,6 @@ export interface AuthAdapter {
      * Optional — if not provided, user management UI is hidden.
      */
     userManagement?: UserManagementAdapter;
-    /**
-     * Role CRUD for the admin panel.
-     * Optional — if not provided, role management is disabled.
-     */
-    roleManagement?: RoleManagementAdapter;
     /**
      * Mount adapter-specific auth routes (login, register, refresh, etc.).
      *
@@ -289,7 +238,7 @@ export interface AuthAdapter {
      */
     createAuthRoutes?(): Hono<any, any, any> | undefined;
     /**
-     * Mount admin routes for user/role management.
+     * Mount admin routes for user management.
      *
      * Same typing rationale as `createAuthRoutes` — the sub-app env is
      * unconstrained to support arbitrary adapter implementations.
@@ -345,8 +294,6 @@ export interface CustomAuthAdapterOptions {
     verifyToken?: (token: string) => Promise<AuthenticatedUser | null>;
     /** Optional user management for the admin panel. */
     userManagement?: UserManagementAdapter;
-    /** Optional role management for the admin panel. */
-    roleManagement?: RoleManagementAdapter;
     /** Static service key for server-to-server auth. */
     serviceKey?: string;
     /** Override default capabilities. */

package/dist/types/src/types/backend.d.ts

@@ -527,8 +527,8 @@ export interface InitializedDriver {
 export interface BootstrappedAuth {
     /** User management service. */
     userService: unknown;
-    /** Role management service. */
-    roleService: unknown;
+    /** Role management service (optional, roles are now simple strings). */
+    roleService?: unknown;
     /** Email service (optional). */
     emailService?: unknown;
     /** Combined Auth Repository for unified token and user management. */

package/dist/types/src/types/backend_hooks.d.ts

@@ -1,4 +1,4 @@
-import type { AdminUser, AdminRole } from "../controllers/client";
+import type { AdminUser } from "../controllers/client";
 /**
  * Context passed to every backend hook.
  * Provides information about the request that triggered the hook.
@@ -64,19 +64,6 @@ export interface UserHooks {
      */
     afterDelete?(userId: string, context: BackendHookContext): void | Promise<void>;
 }
-/**
- * Hooks for intercepting Admin Role data at the API boundary.
- * @group Backend Hooks
- */
-export interface RoleHooks {
-    /**
-     * Transform a role record after it's read from the database,
-     * before it's returned to the client.
-     *
-     * Return the modified role, or `null` to filter it out entirely.
-     */
-    afterRead?(role: AdminRole, context: BackendHookContext): AdminRole | null | Promise<AdminRole | null>;
-}
 /**
  * Hooks for intercepting collection entity data at the REST API boundary.
  *
@@ -146,7 +133,7 @@ export interface DataHooks {
  * These hooks run server-side after database operations complete and before
  * API responses are sent.
  *
- * - `users` / `roles` — intercept admin user and role management endpoints
+ * - `users` — intercept admin user management endpoints
  * - `data` — intercept ALL collection entity data flowing through the REST API
  *
  * `data` hooks complement per-collection `EntityCallbacks`. Entity callbacks
@@ -180,8 +167,6 @@ export interface DataHooks {
 export interface BackendHooks {
     /** Hooks for intercepting user management data */
     users?: UserHooks;
-    /** Hooks for intercepting role management data */
-    roles?: RoleHooks;
     /** Hooks for intercepting ALL collection entity data via the REST API */
     data?: DataHooks;
 }

package/dist/types/src/types/properties.d.ts

@@ -1,6 +1,6 @@
 import type { ComponentRef } from "./component_ref";
-import type { EntityReference, EntityRelation, EntityValues, GeoPoint, Entity, Vector } from "./entities";
-import type { Relation, JoinStep, OnAction } from "./relations";
+import type { Entity, EntityReference, EntityRelation, EntityValues, GeoPoint, Vector } from "./entities";
+import type { JoinStep, OnAction, Relation } from "./relations";
 import type { EntityCollection, FilterValues } from "./collections";
 import type { ColorKey, ColorScheme } from "./chips";
 import type { AuthController } from "../controllers/auth";
@@ -185,7 +185,7 @@ export interface StringProperty extends BaseProperty {
      * Optional database column type. If not set, it defaults to `varchar` or `uuid` depending on `isId` configuration.
      * Use `text` for strings with unbound length, `char` for fixed-length strings, or `varchar` for variable-length strings with a limit.
      */
-    columnType?: "varchar" | "text" | "char";
+    columnType?: "varchar" | "text" | "char" | "uuid";
     /**
      * Rules for validating this property
      */
@@ -541,9 +541,11 @@ export interface ArrayProperty extends BaseProperty {
     ui?: ArrayUIConfig;
     type: "array";
     /**
-     * Optional database column type. Defaults to `jsonb`.
+     * Optional database column type. By default, maps to a native Postgres array
+     * (e.g. `text[]`, `integer[]`/`numeric[]`, `boolean[]`) if the element type
+     * is a primitive, otherwise defaults to `jsonb`.
      */
-    columnType?: "json" | "jsonb";
+    columnType?: "json" | "jsonb" | "text[]" | "integer[]" | "boolean[]" | "numeric[]";
     /**
      * The property of this array.
      * You can specify any property (except another Array property)

package/dist/types/src/types/user_management_delegate.d.ts

@@ -1,4 +1,4 @@
-import { Role, User } from "../users";
+import type { User } from "../users";
 /**
  * Result of creating a new user via admin flow.
  * Contains the created user plus information about how credentials were delivered.
@@ -15,56 +15,46 @@ export interface UserCreationResult<USER extends User = User> {
     temporaryPassword?: string;
 }
 /**
- * Delegate to manage users, roles, and their permissions.
- * This interface allows the CMS to be completely agnostic of the underlying
- * authentication provider or backend.
+ * Delegate to manage auth-specific user operations.
+ *
+ * This interface allows the CMS to be agnostic of the underlying
+ * authentication provider or backend. User/role CRUD is now handled
+ * by the collection system; this delegate only exposes auth-specific
+ * operations (password hashing, invitations, bootstrap).
  *
  * @group Models
  */
 export interface UserManagementDelegate<USER extends User = User> {
     /**
-     * Are the users and roles currently being fetched?
+     * Are auth-related operations currently loading?
      */
     loading: boolean;
     /**
-     * List of users managed by the CMS.
+     * In-memory list of users (used for client-side filtering fallback).
      */
-    users: USER[];
+    users?: USER[];
     /**
-     * Optional error if users failed to load.
+     * Error from fetching the users list, if any.
      */
     usersError?: Error;
     /**
-     * Function to get a user by its uid. This is used to show
-     * user information when assigning ownership of an entity.
-     * @param uid
+     * Look up a single user by UID from the in-memory cache.
      */
-    getUser: (uid: string) => USER | null;
+    getUser?: (uid: string) => USER | null;
     /**
-     * Search users with server-side pagination.
-     * When provided, the CMS will use this for the users table
-     * instead of loading all users into memory.
+     * Server-side user search with pagination.
      */
-    searchUsers?: (options: {
+    searchUsers?: (params: {
         search?: string;
         limit?: number;
         offset?: number;
-        orderBy?: string;
-        orderDir?: "asc" | "desc";
-        roleId?: string;
     }) => Promise<{
         users: USER[];
         total: number;
     }>;
-    /**
-     * Save a user (create or update)
-     * @param user
-     */
-    saveUser?: (user: USER) => Promise<USER>;
     /**
      * Create a new user with invitation/password generation support.
      * Returns additional info about how the credentials were delivered.
-     * Falls back to saveUser if not provided.
      */
     createUser?: (user: USER) => Promise<UserCreationResult<USER>>;
     /**
@@ -73,42 +63,15 @@ export interface UserManagementDelegate<USER extends User = User> {
      * or a flag indicating an email invitation was sent.
      */
     resetPassword?: (user: USER) => Promise<UserCreationResult<USER>>;
-    /**
-     * Delete a user
-     * @param user
-     */
-    deleteUser?: (user: USER) => Promise<void>;
-    /**
-     * List of roles defined in the CMS.
-     */
-    roles?: Role[];
-    /**
-     * Optional error if roles failed to load.
-     */
-    rolesError?: Error;
-    /**
-     * Save a role (create or update)
-     * @param role
-     */
-    saveRole?: (role: Role) => Promise<void>;
-    /**
-     * Delete a role
-     * @param role
-     */
-    deleteRole?: (role: Role) => Promise<void>;
     /**
      * Is the currently logged in user an admin?
      */
     isAdmin?: boolean;
-    /**
-     * If true, the UI will allow the user to create the default roles (admin, editor, viewer).
-     */
-    allowDefaultRolesCreation?: boolean;
     /**
      * Optionally define roles for a given user. This is useful when the roles
      * are coming from a separate provider than the one issuing the tokens.
      */
-    defineRolesFor?: (user: USER) => Promise<Role[] | undefined> | Role[] | undefined;
+    defineRolesFor?: (user: USER) => Promise<string[] | undefined> | string[] | undefined;
     /**
      * Whether any admin users exist. Used by the bootstrap banner to decide
      * whether to prompt.  Populated via a lightweight check (e.g. `limit=1`

package/dist/types/src/users/index.d.ts

@@ -1,2 +1 @@
 export * from "./user";
-export * from "./roles";

package/dist/types/src/users/user.d.ts

@@ -35,7 +35,6 @@ export type User = {
     readonly isAnonymous: boolean;
     /**
      * Role IDs assigned to this user (e.g. ["admin", "editor"]).
-     * These are plain string IDs — use the UserManagementDelegate to look up full Role objects.
      */
     roles?: string[];
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rebasepro/sdk-generator",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Generate a typed JS SDK from Rebase collection definitions",
   "main": "./dist/index.cjs",
   "module": "./dist/index.es.js",
@@ -19,8 +19,8 @@
   "author": "rebase.pro",
   "license": "MIT",
   "peerDependencies": {
-    "@rebasepro/common": "0.2.4",
-    "@rebasepro/types": "0.2.4"
+    "@rebasepro/common": "0.2.5",
+    "@rebasepro/types": "0.2.5"
   },
   "devDependencies": {
     "@jest/globals": "^29.7.0",
@@ -30,8 +30,8 @@
     "ts-jest": "^29.4.10",
     "typescript": "^5.9.3",
     "vite": "^7.3.3",
-    "@rebasepro/common": "0.2.4",
-    "@rebasepro/types": "0.2.4"
+    "@rebasepro/common": "0.2.5",
+    "@rebasepro/types": "0.2.5"
   },
   "exports": {
     ".": {
@@ -42,7 +42,7 @@
   },
   "gitHead": "d935eefa5aa8d1009a2398cfac2c1e4ee9aeb6b6",
   "dependencies": {
-    "@rebasepro/client": "0.2.4"
+    "@rebasepro/client": "0.2.5"
   },
   "repository": {
     "type": "git",

package/dist/types/src/users/roles.d.ts

@@ -1,14 +0,0 @@
-export type Role = {
-    /**
-     * ID of the role
-     */
-    id: string;
-    /**
-     * Name of the role
-     */
-    name: string;
-    /**
-     * If this flag is true, the user can perform any action
-     */
-    isAdmin?: boolean;
-};