@rebasepro/server-postgresql 0.0.1-canary.dbf160a → 0.0.1-canary.e17585f

package/src/schema/introspect-db.ts

@@ -4,6 +4,7 @@ import path from "path";
 import pg from "pg";
 import arg from "arg";
 import * as dotenv from "dotenv";
+import readline from "readline";
 
 import {
     TableRow,
@@ -24,15 +25,24 @@ async function main() {
     const args = arg(
         {
             "--output": String,
+            "--collections": String,
             "--force": Boolean,
             "--schema": String,
+            "--data-inference": Boolean,
             "-o": "--output",
+            "-c": "--collections",
             "-f": "--force",
         },
         { permissive: true }
     );
 
-    const outDir = args["--output"] || path.resolve(process.cwd(), "config", "collections");
+    const cwd = process.cwd();
+    const isBackendDir = path.basename(cwd) === "backend";
+    const defaultOutDir = isBackendDir 
+        ? path.resolve(cwd, "..", "config", "collections") 
+        : path.resolve(cwd, "config", "collections");
+
+    const outDir = args["--output"] || args["--collections"] || defaultOutDir;
     const force = args["--force"] || false;
     const pgSchema = args["--schema"] || "public";
 
@@ -143,32 +153,65 @@ async function main() {
 
         console.log(chalk.blue(`Found ${tablesMap.size} tables (including ${joinTables.size} detected join tables).`));
 
+        let runDataInference = false;
+        if (args["--data-inference"] !== undefined) {
+            runDataInference = args["--data-inference"];
+        } else {
+            const rl = readline.createInterface({
+                input: process.stdin,
+                output: process.stdout
+            });
+            const answer = await new Promise<string>((resolve) => rl.question(chalk.yellow("? Do you want to run comprehensive data inference on sampled rows to auto-detect types, formats, constraints, and UI configurations? (y/N) "), resolve));
+            runDataInference = answer.trim().toLowerCase() === 'y';
+            rl.close();
+        }
+
+        if (runDataInference) {
+            console.log(chalk.gray(`Sampling database rows for data inference...`));
+        }
+
         // Generate Collections
         const generatedFiles: string[] = [];
         const skippedFiles: string[] = [];
 
-        for (const [tableName, meta] of tablesMap.entries()) {
-            if (joinTables.has(tableName)) continue; // We don't generate base collections for pure join tables
-
-            // ── File overwrite protection ──────────────────────────────
-            const filePath = path.join(outDir, `${tableName}.ts`);
-            if (fs.existsSync(filePath) && !force) {
-                skippedFiles.push(tableName);
-                continue;
-            }
-
-            const fileContent = generateCollectionFile(
-                tableName,
-                meta,
-                fks,
-                joinTables,
-                tablesMap,
-                enumMap,
-            );
-
-            fs.writeFileSync(filePath, fileContent, "utf-8");
-            generatedFiles.push(tableName);
-            console.log(chalk.green(`  ✓ ${filePath}`));
+        const tablesToProcess = Array.from(tablesMap.entries()).filter(([tableName]) => !joinTables.has(tableName));
+        
+        const BATCH_SIZE = 10;
+        for (let i = 0; i < tablesToProcess.length; i += BATCH_SIZE) {
+            const batch = tablesToProcess.slice(i, i + BATCH_SIZE);
+            
+            await Promise.all(batch.map(async ([tableName, meta]) => {
+                // ── File overwrite protection ──────────────────────────────
+                const filePath = path.join(outDir, `${tableName}.ts`);
+                if (fs.existsSync(filePath) && !force) {
+                    skippedFiles.push(tableName);
+                    return;
+                }
+
+                let sampleData: Record<string, unknown>[] | undefined = undefined;
+                if (runDataInference) {
+                    try {
+                        const { rows } = await client.query(`SELECT * FROM "${pgSchema}"."${tableName}" LIMIT 100`);
+                        sampleData = rows;
+                    } catch (err) {
+                        console.error(chalk.yellow(`⚠ Failed to sample data for table ${tableName}: ${err instanceof Error ? err.message : String(err)}`));
+                    }
+                }
+
+                const fileContent = generateCollectionFile(
+                    tableName,
+                    meta,
+                    fks,
+                    joinTables,
+                    tablesMap,
+                    enumMap,
+                    sampleData,
+                );
+
+                fs.writeFileSync(filePath, fileContent, "utf-8");
+                generatedFiles.push(tableName);
+                console.log(chalk.green(`  ✓ ${filePath}`));
+            }));
         }
 
         // Generate index.ts (sorted alphabetically for deterministic output)

package/src/services/EntityFetchService.ts

@@ -617,6 +617,10 @@ export class EntityFetchService {
 
                 return entity;
             } catch (e) {
+                if (e instanceof Error && e.message.includes("not enough information to infer relation")) {
+                    console.error(`[EntityFetchService] Relation inference error for collection '${collectionPath}': ${e.message}`);
+                    console.error(`Hint: This usually means a relation in your drizzle schema is missing a reciprocal 'one()' or 'many()' definition. Run 'rebase schema generate' to fix this.`);
+                }
                 console.warn(`[EntityFetchService] db.query.findFirst failed for ${collectionPath}, falling back to db.select:`, e);
             }
         }
@@ -733,6 +737,10 @@ export class EntityFetchService {
 
                 return entities;
             } catch (e) {
+                if (e instanceof Error && e.message.includes("not enough information to infer relation")) {
+                    console.error(`[EntityFetchService] Relation inference error for collection '${collectionPath}': ${e.message}`);
+                    console.error(`Hint: This usually means a relation in your drizzle schema is missing a reciprocal 'one()' or 'many()' definition. Run 'rebase schema generate' to fix this.`);
+                }
                 console.warn(`[EntityFetchService] db.query.findMany failed for ${collectionPath}, falling back to db.select:`, e);
             }
         }
@@ -1195,6 +1203,10 @@ export class EntityFetchService {
 
                 return restRows;
             } catch (e) {
+                if (e instanceof Error && e.message.includes("not enough information to infer relation")) {
+                    console.error(`[EntityFetchService] Relation inference error for collection '${collectionPath}': ${e.message}`);
+                    console.error(`Hint: This usually means a relation in your drizzle schema is missing a reciprocal 'one()' or 'many()' definition. Run 'rebase schema generate' to fix this.`);
+                }
                 console.warn(`[fetchCollectionForRest] db.query.findMany failed for ${collectionPath}, falling back:`, e);
             }
         }
@@ -1305,6 +1317,10 @@ export class EntityFetchService {
 
                 return restRow;
             } catch (e) {
+                if (e instanceof Error && e.message.includes("not enough information to infer relation")) {
+                    console.error(`[EntityFetchService] Relation inference error for collection '${collectionPath}': ${e.message}`);
+                    console.error(`Hint: This usually means a relation in your drizzle schema is missing a reciprocal 'one()' or 'many()' definition. Run 'rebase schema generate' to fix this.`);
+                }
                 console.warn(`[fetchEntityForRest] db.query.findFirst failed for ${collectionPath}, falling back:`, e);
             }
         }

package/src/services/EntityPersistService.ts

@@ -111,7 +111,7 @@ export class EntityPersistService {
                             targetColumnName = relation.localKey;
                         } else if (relation.foreignKeyOnTarget) {
                             targetColumnName = relation.foreignKeyOnTarget;
-                        } else if (relation.joinPath && relation.joinPath.length > 0) {
+                        } else if (relation.joinPath && relation.joinPath.length === 1) {
                             const targetTableName = getTableName(targetCollection);
                             const relevantJoinStep = relation.joinPath.find(joinStep => joinStep.table === targetTableName);
 
@@ -123,6 +123,12 @@ export class EntityPersistService {
                                 const targetColumnNames = DrizzleConditionBuilder.getColumnNamesFromColumns(relation.joinPath[0].on.to);
                                 targetColumnName = targetColumnNames[0];
                             }
+                        } else if (relation.joinPath && relation.joinPath.length > 1) {
+                            // For multi-hop relations (like many-to-many through a junction table),
+                            // there is no direct foreign key on the target table pointing to the parent.
+                            // The relationship is managed via the junction table.
+                            // We shouldn't inject the parent ID directly into the target entity payload.
+                            break;
                         } else {
                             throw new Error(`Relation '${relationKey}' lacks configuration for path-based saving.`);
                         }
@@ -292,51 +298,127 @@ export class EntityPersistService {
 
         if (pgError) {
             const detail = pgError.detail as string | undefined;
+            const hint = pgError.hint as string | undefined;
             const constraint = pgError.constraint as string | undefined;
             const column = pgError.column as string | undefined;
             const table = pgError.table as string | undefined;
+            const dataType = pgError.dataType as string | undefined;
+            const pgMessage = pgError.message || "Unknown database error";
+
+            const suffix = hint ? ` Hint: ${hint}` : "";
+            const tableRef = table ?? collectionSlug;
 
             switch (pgError.code) {
                 case "23503": // foreign_key_violation
                     return new Error(
                         detail
-                            ? `Foreign key constraint violated: ${detail}`
-                            : `Cannot save: a foreign key constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".`
+                            ? `Foreign key constraint violated: ${detail}${suffix}`
+                            : `Cannot save: a foreign key constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".${suffix}`
                     );
                 case "23505": // unique_violation
                     return new Error(
                         detail
-                            ? `Duplicate value: ${detail}`
-                            : `Cannot save: a unique constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".`
+                            ? `Duplicate value: ${detail}${suffix}`
+                            : `Cannot save: a unique constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".${suffix}`
                     );
                 case "23502": // not_null_violation
                     return new Error(
-                        `Missing required field: "${column ?? "unknown"}" in "${table ?? collectionSlug}" cannot be empty.`
+                        `Missing required field: "${column ?? "unknown"}" in "${tableRef}" cannot be empty.${suffix}`
                     );
                 case "23514": // check_violation
                     return new Error(
-                        `Validation failed: a check constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".`
+                        `Validation failed: a check constraint${constraint ? ` (${constraint})` : ""} was violated in "${collectionSlug}".${suffix}`
+                    );
+                case "22P02": // invalid_text_representation (e.g. invalid UUID, wrong enum value)
+                    return new Error(
+                        `Invalid data format in "${collectionSlug}": ${pgMessage}${suffix}`
+                    );
+                case "22001": // string_data_right_truncation (value too long)
+                    return new Error(
+                        `Value too long for column "${column ?? "unknown"}" in "${tableRef}": ${pgMessage}${suffix}`
+                    );
+                case "22003": // numeric_value_out_of_range
+                    return new Error(
+                        `Numeric value out of range for column "${column ?? "unknown"}" in "${tableRef}": ${pgMessage}${suffix}`
                     );
+                case "42703": // undefined_column
+                    return new Error(
+                        `Unknown column in "${tableRef}": ${pgMessage}. Check if your schema is up to date (run migrations).${suffix}`
+                    );
+                case "42P01": // undefined_table
+                    return new Error(
+                        `Table not found for "${collectionSlug}": ${pgMessage}. Check if your schema is up to date (run migrations).${suffix}`
+                    );
+                default: {
+                    // Unhandled PG code — still surface the actual database message
+                    const parts = [`Database error in "${collectionSlug}" [${pgError.code}]: ${pgMessage}`];
+                    if (detail) parts.push(`Detail: ${detail}`);
+                    if (column) parts.push(`Column: ${column}`);
+                    if (dataType) parts.push(`Data type: ${dataType}`);
+                    if (constraint) parts.push(`Constraint: ${constraint}`);
+                    if (hint) parts.push(`Hint: ${hint}`);
+                    return new Error(parts.join(". "));
+                }
             }
         }
 
-        // Fall through: re-throw original
-        if (error instanceof Error) return error;
-        return new Error(String(error));
+        // No PG error found — try to extract a useful message from the
+        // Drizzle wrapper instead of leaking the raw SQL query + params.
+        const causeMessage = this.extractCauseMessage(error);
+        if (causeMessage) {
+            return new Error(`Database error in "${collectionSlug}": ${causeMessage}`);
+        }
+
+        // Last resort: use the original error message but strip the SQL query
+        if (error instanceof Error) {
+            const cleaned = this.stripSqlFromMessage(error.message, collectionSlug);
+            return new Error(cleaned);
+        }
+        return new Error(`Database error in "${collectionSlug}": ${String(error)}`);
+    }
+
+    /**
+     * Walk the error cause chain and return the deepest meaningful message.
+     */
+    private extractCauseMessage(error: unknown): string | null {
+        if (!error || typeof error !== "object") return null;
+        const err = error as Error & { cause?: unknown };
+
+        if (err.cause && typeof err.cause === "object") {
+            const deeper = this.extractCauseMessage(err.cause);
+            if (deeper) return deeper;
+            // The cause itself has a message
+            if (err.cause instanceof Error && err.cause.message) {
+                return err.cause.message;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Strip the raw SQL query from a Drizzle "Failed query: ..." message,
+     * keeping only the error description.
+     */
+    private stripSqlFromMessage(message: string, collectionSlug: string): string {
+        // Drizzle format: "Failed query: <SQL>\nparams: <params>"
+        if (message.startsWith("Failed query:")) {
+            return `Failed to save entity in "${collectionSlug}". Check server logs for details.`;
+        }
+        return message;
     }
 
     /**
      * Extract the underlying PostgreSQL error from a Drizzle wrapper.
      * Drizzle wraps PG errors in a `cause` property.
      */
-    private extractPgError(error: unknown): (Error & { code?: string; detail?: unknown; constraint?: unknown; column?: unknown; table?: unknown }) | null {
+    private extractPgError(error: unknown): (Error & { code?: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown }) | null {
         if (!error || typeof error !== "object") return null;
 
         const err = error as Error & { code?: string; cause?: unknown; detail?: unknown };
 
         // Check if the error itself has a PG error code
-        if (err.code && /^[0-9]{5}$/.test(err.code)) {
-            return err as Error & { code: string; detail?: unknown; constraint?: unknown; column?: unknown; table?: unknown };
+        if (err.code && /^[0-9A-Z]{5}$/.test(err.code)) {
+            return err as Error & { code: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown };
         }
 
         // Check the cause chain (Drizzle wraps PG errors)

package/src/services/realtimeService.ts

@@ -865,6 +865,41 @@ roles: authContext.roles },
 
         return parentPaths;
     }
+    // =============================================================================
+    // Lifecycle / Cleanup
+    // =============================================================================
+
+    /**
+     * Gracefully tear down all realtime resources.
+     *
+     * This MUST be called during process shutdown, **before** `pool.end()`.
+     * It ensures:
+     *  1. All debounced refetch timers are cancelled (prevents queries after pool closes).
+     *  2. All subscription state and callbacks are cleared.
+     *  3. The dedicated LISTEN client (outside the pool) is disconnected.
+     *  4. All WebSocket clients are removed (but not forcefully closed — the
+     *     HTTP server close will handle that).
+     */
+    async destroy(): Promise<void> {
+        // 1. Cancel every pending debounced refetch timer
+        for (const [key, timer] of this.refetchTimers) {
+            clearTimeout(timer);
+            this.refetchTimers.delete(key);
+        }
+
+        // 2. Clear subscriptions and callbacks
+        this._subscriptions.clear();
+        this.subscriptionCallbacks.clear();
+
+        // 3. Disconnect the dedicated LISTEN client
+        await this.stopListening();
+
+        // 4. Drop client references (don't close — server.close drains them)
+        this.clients.clear();
+
+        this.debugLog("🧹 [RealtimeService] destroy() complete — all resources released.");
+    }
+
     // =============================================================================
     // Cross-Instance LISTEN/NOTIFY
     // =============================================================================

package/src/utils/drizzle-conditions.ts

@@ -64,8 +64,14 @@ export class DrizzleConditionBuilder {
     ): SQL | null {
         switch (op) {
             case "==":
+                if (value === null || value === undefined) {
+                    return sql`${column} IS NULL`;
+                }
                 return eq(column, value);
             case "!=":
+                if (value === null || value === undefined) {
+                    return sql`${column} IS NOT NULL`;
+                }
                 return sql`${column} != ${value}`;
             case ">":
                 return sql`${column} > ${value}`;

package/src/websocket.ts

@@ -1,6 +1,6 @@
 import { RealtimeService } from "./services/realtimeService";
 import { PostgresBackendDriver } from "./PostgresBackendDriver";
-import { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, isSQLAdmin, isSchemaAdmin } from "@rebasepro/types";
+import { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, isSQLAdmin, isSchemaAdmin, AuthAdapter } from "@rebasepro/types";
 import { WebSocketServer, WebSocket } from "ws";
 import { Server } from "http";
 import { inspect } from "util";
@@ -9,9 +9,18 @@ import { extractUserFromToken, AccessTokenPayload } from "@rebasepro/server-core
 // @ts-ignore
 import { AuthConfig } from "@rebasepro/server-core";
 
+/**
+ * Normalized user identity for WebSocket sessions.
+ */
+interface WsUserIdentity {
+    userId: string;
+    roles: string[];
+    isAdmin: boolean;
+}
+
 interface ClientSession {
     ws: WebSocket;
-    user?: AccessTokenPayload;
+    user?: WsUserIdentity;
     authenticated: boolean;
     /** Sliding window message counter for rate limiting */
     messageCount: number;
@@ -42,7 +51,10 @@ const ADMIN_ONLY_TYPES = new Set([
  * Check if the current session belongs to an admin user.
  */
 function isAdminSession(session: ClientSession | undefined): boolean {
-    if (!session?.user?.roles) return false;
+    if (!session?.user) return false;
+    // Fast path: new adapter-aware sessions set isAdmin directly
+    if (session.user.isAdmin) return true;
+    if (!session.user.roles) return false;
     return session.user.roles.some((r: unknown) => {
         if (typeof r === "string") return r === "admin";
         if (r && typeof r === "object" && "isAdmin" in r) return (r as { isAdmin: boolean }).isAdmin;
@@ -55,7 +67,8 @@ export function createPostgresWebSocket(
     server: Server,
     realtimeService: RealtimeService,
     driver: PostgresBackendDriver,
-    authConfig?: AuthConfig
+    authConfig?: AuthConfig,
+    authAdapter?: AuthAdapter
 ) {
     const isProduction = process.env.NODE_ENV === "production";
     /** Debug logger that is suppressed in production to prevent PII/data leaks */
@@ -74,7 +87,11 @@ export function createPostgresWebSocket(
         console.error("❌ [WebSocket Server] Error:", err);
     });
 
-    const requireAuth = authConfig?.requireAuth !== false && authConfig?.jwtSecret;
+    // Auth is required when either: an adapter is present (secure by default),
+    // OR the config has a jwtSecret and requireAuth !== false.
+    const requireAuth = authAdapter
+        ? true
+        : (authConfig?.requireAuth !== false && !!authConfig?.jwtSecret);
 
     wss.on("connection", (ws) => {
         const clientId = `client_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
@@ -123,21 +140,53 @@ code } }
                         return;
                     }
 
-                    const user = extractUserFromToken(token);
-                    if (user) {
+                    // Use the auth adapter when available (custom auth, Clerk, etc.)
+                    // Fall back to JWT extraction otherwise.
+                    let verifiedUser: WsUserIdentity | null = null;
+
+                    if (authAdapter) {
+                        try {
+                            const adapterUser = authAdapter.verifyToken
+                                ? await authAdapter.verifyToken(token)
+                                : await authAdapter.verifyRequest(new Request("http://localhost/_ws_auth", {
+                                    headers: { Authorization: `Bearer ${token}` },
+                                }));
+
+                            if (adapterUser) {
+                                verifiedUser = {
+                                    userId: adapterUser.uid,
+                                    roles: adapterUser.roles,
+                                    isAdmin: adapterUser.isAdmin,
+                                };
+                            }
+                        } catch {
+                            // Adapter threw — treat as invalid token
+                        }
+                    } else {
+                        // Standard JWT path
+                        const jwtPayload = extractUserFromToken(token);
+                        if (jwtPayload) {
+                            verifiedUser = {
+                                userId: jwtPayload.userId,
+                                roles: jwtPayload.roles ?? [],
+                                isAdmin: (jwtPayload.roles ?? []).some((r: string) => r === "admin"),
+                            };
+                        }
+                    }
+
+                    if (verifiedUser) {
                         const session = clientSessions.get(clientId);
                         if (session) {
-                            session.user = user;
+                            session.user = verifiedUser;
                             session.authenticated = true;
                         }
                         wsDebug(`[WS] replying AUTH_SUCCESS for requestId ${requestId}`);
                         ws.send(JSON.stringify({
                             type: "AUTH_SUCCESS",
                             requestId,
-                            payload: { userId: user.userId,
-roles: user.roles }
+                            payload: { userId: verifiedUser.userId, roles: verifiedUser.roles }
                         }));
-                        wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${user.userId}`);
+                        wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${verifiedUser.userId}`);
                     } else {
                         wsDebug(`[WS] replying AUTH_ERROR for requestId ${requestId} (invalid token)`);
                         sendError("AUTH_ERROR", "INVALID_TOKEN", "Invalid or expired token");