@rebasepro/server-postgresql 0.1.2 → 0.2.1

package/dist/index.es.js

@@ -1,7 +1,7 @@
 import { Pool, Client } from "pg";
 import { drizzle } from "drizzle-orm/node-postgres";
 import { sql, inArray, eq, and, or, ilike, asc, desc, gt, lt, getTableName as getTableName$1, count, relations, isTable } from "drizzle-orm";
-import { pgSchema, timestamp, varchar, boolean, uuid, jsonb, primaryKey, unique } from "drizzle-orm/pg-core";
+import { PgVarchar, PgText, PgChar, pgSchema, pgTable, timestamp, jsonb, varchar, boolean, uuid, primaryKey, unique, getTableConfig } from "drizzle-orm/pg-core";
 import { createHash, randomUUID } from "crypto";
 import * as fs from "fs";
 import { promises } from "fs";
@@ -51,6 +51,12 @@ function createPostgresDatabaseConnection(connectionString, schema, poolConfig)
     connectionString
   };
 }
+class Vector {
+  value;
+  constructor(value) {
+    this.value = value;
+  }
+}
 function isPostgresCollection(collection) {
   return !collection.driver || collection.driver === "postgres";
 }
@@ -127,16 +133,25 @@ const DEFAULT_ONE_OF_VALUE = "value";
 const tokenizeRegex = /[A-Z]{2,}(?=[A-Z][a-z]|\b)|[A-Z]?[a-z]+|[0-9]+(?:[a-z](?![a-z]))?|[A-Z]/g;
 const snakeCaseRegex = tokenizeRegex;
 const toSnakeCase = (str) => {
+  if (!str || typeof str !== "string") return "";
   const regExpMatchArray = str.match(snakeCaseRegex);
   if (!regExpMatchArray) return "";
   return regExpMatchArray.map((x) => x.toLowerCase()).join("_");
 };
+function camelCase(str) {
+  if (!str) return "";
+  if (str.length === 1) return str.toLowerCase();
+  const parts = str.split(/[-_ ]+/).filter(Boolean);
+  if (parts.length === 0) return "";
+  return parts[0].toLowerCase() + // Transform remaining parts to have first letter uppercase
+  parts.slice(1).map((part) => part.charAt(0).toUpperCase() + part.substring(1).toLowerCase()).join("");
+}
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 function commonjsRequire(path2) {
   throw new Error('Could not dynamically require "' + path2 + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.');
 }
 var object_hash = { exports: {} };
-(function(module, exports$1) {
+(function(module, exports) {
   !function(e) {
     module.exports = e();
   }(function() {
@@ -1255,14 +1270,56 @@ const buildPropertyCallbacks = (properties) => {
   }
   return Object.keys(propertyCallbacks).length > 0 ? propertyCallbacks : void 0;
 };
-function sanitizeRelation(relation, sourceCollection) {
+function sanitizeRelation(relation, sourceCollection, resolveCollection) {
   if (!relation.target) {
     throw new Error("Relation is missing a `target` collection.");
   }
-  const targetCollection = relation.target();
+  const rawTarget = relation.target;
+  let targetCollection;
+  if (typeof rawTarget === "string") {
+    if (resolveCollection) {
+      targetCollection = resolveCollection(rawTarget);
+    }
+    if (!targetCollection) {
+      targetCollection = {
+        slug: rawTarget,
+        name: rawTarget
+      };
+    }
+  } else if (typeof rawTarget === "function") {
+    const evaluated = rawTarget();
+    if (typeof evaluated === "string") {
+      if (resolveCollection) {
+        targetCollection = resolveCollection(evaluated);
+      }
+      if (!targetCollection) {
+        targetCollection = {
+          slug: evaluated,
+          name: evaluated
+        };
+      }
+    } else {
+      targetCollection = evaluated;
+    }
+  }
+  if (!targetCollection) {
+    throw new Error("Relation is missing a valid `target` collection.");
+  }
   const newRelation = {
     ...relation
   };
+  newRelation.target = () => {
+    if (typeof rawTarget === "string") {
+      return resolveCollection && resolveCollection(rawTarget) || targetCollection;
+    } else if (typeof rawTarget === "function") {
+      const evaluated = rawTarget();
+      if (typeof evaluated === "string") {
+        return resolveCollection && resolveCollection(evaluated) || targetCollection;
+      }
+      return evaluated;
+    }
+    return targetCollection;
+  };
   if (!newRelation.relationName) {
     newRelation.relationName = toSnakeCase(targetCollection.slug);
   }
@@ -1315,6 +1372,17 @@ function sanitizeRelation(relation, sourceCollection) {
               break;
             }
           }
+          if (!isManyToManyInverse && targetCollection.properties) {
+            for (const [propKey, prop] of Object.entries(targetCollection.properties)) {
+              if (prop.type !== "relation") continue;
+              const relProp = prop;
+              const relName = relProp.relationName || propKey;
+              if (relName === newRelation.inverseRelationName && relProp.cardinality === "many" && (relProp.direction === "owning" || !relProp.direction)) {
+                isManyToManyInverse = true;
+                break;
+              }
+            }
+          }
         } catch (e) {
         }
       }
@@ -1437,7 +1505,7 @@ function findRelation(resolvedRelations, key) {
   return void 0;
 }
 var logic = { exports: {} };
-(function(module, exports$1) {
+(function(module, exports) {
   (function(root, factory) {
     {
       module.exports = factory();
@@ -2194,7 +2262,7 @@ function createSupportedComparatorMap({ areArrayBuffersEqual: areArrayBuffersEqu
     "[object Uint32Array]": areTypedArraysEqual2
   };
 }
-const deepEqual = createCustomEqual();
+const deepEqual$1 = createCustomEqual();
 createCustomEqual({ strict: true });
 createCustomEqual({ circular: true });
 createCustomEqual({
@@ -2263,10 +2331,16 @@ class CollectionRegistry {
    */
   registerMultiple(collections) {
     const rawSnapshot = collections.map((c) => removeFunctions(c));
-    if (this.lastRawInputSnapshot && deepEqual(this.lastRawInputSnapshot, rawSnapshot)) {
+    if (this.lastRawInputSnapshot && deepEqual$1(this.lastRawInputSnapshot, rawSnapshot)) {
       return false;
     }
     this.reset();
+    collections.forEach((c) => {
+      if (c.slug) {
+        this.collectionsBySlug.set(c.slug, c);
+      }
+      this.collectionsByTableName.set(getTableName(c), c);
+    });
     const normalizedCollections = collections.map((c) => this.normalizeCollection({
       ...c
     }));
@@ -2345,7 +2419,7 @@ class CollectionRegistry {
     if (getDataSourceCapabilities(result.driver).supportsRelations) {
       mergedRelations = mergedRelationsRaw.map((r) => {
         try {
-          return sanitizeRelation(r, result);
+          return sanitizeRelation(r, result, (slug) => this.get(slug));
         } catch {
           return r;
         }
@@ -2784,8 +2858,14 @@ class DrizzleConditionBuilder {
   static buildSingleFilterCondition(column, op, value) {
     switch (op) {
       case "==":
+        if (value === null || value === void 0) {
+          return sql`${column} IS NULL`;
+        }
         return eq(column, value);
       case "!=":
+        if (value === null || value === void 0) {
+          return sql`${column} IS NOT NULL`;
+        }
         return sql`${column} != ${value}`;
       case ">":
         return sql`${column} > ${value}`;
@@ -3116,7 +3196,10 @@ class DrizzleConditionBuilder {
       if (p.type === "string" && !p.enum && p.isId !== "uuid") {
         const fieldColumn = table[key];
         if (fieldColumn) {
-          searchConditions.push(ilike(fieldColumn, `%${searchString}%`));
+          const supportsILike = fieldColumn instanceof PgVarchar || fieldColumn instanceof PgText || fieldColumn instanceof PgChar || fieldColumn && typeof fieldColumn === "object" && !("columnType" in fieldColumn);
+          if (supportsILike) {
+            searchConditions.push(ilike(fieldColumn, `%${searchString}%`));
+          }
         }
       }
     }
@@ -3589,6 +3672,31 @@ function serializePropertyToServer(value, property) {
         return result;
       }
       return value;
+    case "vector": {
+      if (value instanceof Vector) {
+        return value.value;
+      }
+      if (value && typeof value === "object" && "value" in value && Array.isArray(value.value)) {
+        return value.value.map(Number);
+      }
+      if (Array.isArray(value)) {
+        return value.map(Number);
+      }
+      return value;
+    }
+    case "binary":
+      if (typeof value === "string") {
+        if (value.startsWith("data:application/octet-stream;base64,")) {
+          const base64Data = value.split(",")[1];
+          if (base64Data) {
+            return Buffer.from(base64Data, "base64");
+          }
+        }
+      }
+      if (Buffer.isBuffer(value)) {
+        return value;
+      }
+      return value;
     case "string":
       if (typeof value === "string") {
         if (value.startsWith("data:application/octet-stream;base64,")) {
@@ -3733,6 +3841,21 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
     return value;
   }
   switch (property.type) {
+    case "binary": {
+      let buf = null;
+      if (Buffer.isBuffer(value)) {
+        buf = value;
+      } else if (typeof value === "object" && value !== null) {
+        const rawVal = value;
+        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+          buf = Buffer.from(rawVal.data);
+        }
+      }
+      if (buf) {
+        return `data:application/octet-stream;base64,${buf.toString("base64")}`;
+      }
+      return value;
+    }
     case "string": {
       if (typeof value === "string") return value;
       let isBuffer = false;
@@ -3740,9 +3863,12 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
       if (Buffer.isBuffer(value)) {
         isBuffer = true;
         buf = value;
-      } else if (typeof value === "object" && value !== null && value.type === "Buffer" && Array.isArray(value.data)) {
-        isBuffer = true;
-        buf = Buffer.from(value.data);
+      } else if (typeof value === "object" && value !== null) {
+        const rawVal = value;
+        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+          isBuffer = true;
+          buf = Buffer.from(rawVal.data);
+        }
       }
       if (isBuffer && buf) {
         let isPrintable = true;
@@ -3829,6 +3955,25 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
         return isNaN(parsed) ? null : parsed;
       }
       return value;
+    case "vector": {
+      let nums = [];
+      if (typeof value === "string") {
+        nums = value.slice(1, -1).split(",").map(Number);
+      } else if (Array.isArray(value)) {
+        nums = value.map(Number);
+      } else if (value instanceof Vector) {
+        nums = value.value;
+      } else if (typeof value === "object" && value !== null && "value" in value) {
+        const valObj = value;
+        if (Array.isArray(valObj.value)) {
+          nums = valObj.value.map(Number);
+        }
+      }
+      return {
+        __type: "Vector",
+        value: nums
+      };
+    }
     case "date": {
       let date;
       if (value instanceof Date) {
@@ -3853,9 +3998,12 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
       if (Buffer.isBuffer(value)) {
         isBuffer = true;
         buf = value;
-      } else if (typeof value === "object" && value !== null && value.type === "Buffer" && Array.isArray(value.data)) {
-        isBuffer = true;
-        buf = Buffer.from(value.data);
+      } else if (typeof value === "object" && value !== null) {
+        const rawVal = value;
+        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+          isBuffer = true;
+          buf = Buffer.from(rawVal.data);
+        }
       }
       if (isBuffer && buf) {
         let isPrintable = true;
@@ -4645,7 +4793,7 @@ class RelationService {
         if (parentFKValue !== null && parentFKValue !== void 0) {
           await tx.update(targetTable).set({
             [targetFKColName]: null
-          }).where(eq(targetFKCol, parentFKValue));
+          }).where(eq(targetFKCol, String(parentFKValue)));
         }
         continue;
       }
@@ -4654,7 +4802,7 @@ class RelationService {
       if (parentFKValue !== null && parentFKValue !== void 0) {
         await tx.update(targetTable).set({
           [targetFKColName]: null
-        }).where(eq(targetFKCol, parentFKValue));
+        }).where(eq(targetFKCol, String(parentFKValue)));
       } else {
         console.warn(`Cannot set joinPath relation '${relation.relationName}' because parent FK value is null/undefined`);
         continue;
@@ -6731,23 +6879,33 @@ class PostgresBackendDriver {
       client: this.client
     };
     if (callbacks?.beforeDelete || propertyCallbacks?.beforeDelete) {
+      let preventDefault = false;
       if (callbacks?.beforeDelete) {
-        await callbacks.beforeDelete({
+        const result = await callbacks.beforeDelete({
           collection: resolvedCollection,
           path: entity.path,
           entityId: entity.id,
           entity,
           context: contextForCallback
         });
+        if (result === false) {
+          preventDefault = true;
+        }
       }
       if (propertyCallbacks?.beforeDelete) {
-        await propertyCallbacks.beforeDelete({
+        const result = await propertyCallbacks.beforeDelete({
           collection: resolvedCollection,
           path: entity.path,
           entityId: entity.id,
           entity,
           context: contextForCallback
         });
+        if (result === false) {
+          preventDefault = true;
+        }
+      }
+      if (preventDefault) {
+        return;
       }
     }
     await this.entityService.deleteEntity(entity.path, entity.id, entity.databaseId || resolvedCollection?.databaseId);
@@ -6820,7 +6978,17 @@ class PostgresBackendDriver {
     }
     const targetDb = this.getTargetDb(options?.database);
     try {
-      if (options?.role) {
+      let needsRoleSwitch = false;
+      if (options?.role && process.env.DISABLE_DB_ROLE_SWITCHING !== "true") {
+        try {
+          const currentRoleResult = await targetDb.execute(sql.raw("SELECT current_user AS role"));
+          const currentRole = currentRoleResult.rows?.[0]?.role;
+          needsRoleSwitch = !!currentRole && currentRole !== options.role;
+        } catch {
+          needsRoleSwitch = true;
+        }
+      }
+      if (needsRoleSwitch && options?.role) {
         const safeRole = options.role.replace(/"/g, '""');
         return await targetDb.transaction(async (tx) => {
           await tx.execute(sql.raw(`SET LOCAL ROLE "${safeRole}"`));
@@ -6858,7 +7026,7 @@ class PostgresBackendDriver {
     return databases;
   }
   async fetchAvailableRoles() {
-    const result = await this.executeSql("SELECT rolname FROM pg_roles;");
+    const result = await this.executeSql("SELECT rolname FROM pg_roles WHERE pg_has_role(current_user, rolname, 'member') ORDER BY rolname;");
     return result.map((r) => r.rolname);
   }
   async fetchCurrentDatabase() {
@@ -7027,6 +7195,21 @@ class AuthenticatedPostgresBackendDriver {
    * Typed admin capabilities — delegates to the base driver.
    */
   admin;
+  get restFetchService() {
+    if (!this.delegate.restFetchService) return void 0;
+    return {
+      fetchCollectionForRest: async (collectionPath, options, include) => {
+        return this.withTransaction(async (delegate) => {
+          return delegate.restFetchService.fetchCollectionForRest(collectionPath, options, include);
+        });
+      },
+      fetchEntityForRest: async (collectionPath, entityId, include, databaseId) => {
+        return this.withTransaction(async (delegate) => {
+          return delegate.restFetchService.fetchEntityForRest(collectionPath, entityId, include, databaseId);
+        });
+      }
+    };
+  }
   async withTransaction(operation) {
     const pendingNotifications = [];
     const result = await this.delegate.db.transaction(async (tx) => {
@@ -7181,113 +7364,140 @@ class DatabasePoolManager {
     this.pools.clear();
   }
 }
-const rebaseSchema = pgSchema("rebase");
-const users = rebaseSchema.table("users", {
-  id: uuid("id").defaultRandom().primaryKey(),
-  email: varchar("email", {
-    length: 255
-  }).notNull().unique(),
-  passwordHash: varchar("password_hash", {
-    length: 255
-  }),
-  // NULL for OAuth-only users
-  displayName: varchar("display_name", {
-    length: 255
-  }),
-  photoUrl: varchar("photo_url", {
-    length: 500
-  }),
-  emailVerified: boolean("email_verified").default(false).notNull(),
-  emailVerificationToken: varchar("email_verification_token", {
-    length: 255
-  }),
-  emailVerificationSentAt: timestamp("email_verification_sent_at"),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").defaultNow().notNull()
-});
-const roles = rebaseSchema.table("roles", {
-  id: varchar("id", {
-    length: 50
-  }).primaryKey(),
-  // 'admin', 'editor', 'viewer'
-  name: varchar("name", {
-    length: 100
-  }).notNull(),
-  isAdmin: boolean("is_admin").default(false).notNull(),
-  defaultPermissions: jsonb("default_permissions").$type(),
-  collectionPermissions: jsonb("collection_permissions").$type(),
-  config: jsonb("config").$type()
-});
-const userRoles = rebaseSchema.table("user_roles", {
-  userId: uuid("user_id").notNull().references(() => users.id, {
-    onDelete: "cascade"
-  }),
-  roleId: varchar("role_id", {
-    length: 50
-  }).notNull().references(() => roles.id, {
-    onDelete: "cascade"
-  })
-}, (table) => ({
-  pk: primaryKey({
-    columns: [table.userId, table.roleId]
-  })
-}));
-const refreshTokens = rebaseSchema.table("refresh_tokens", {
-  id: uuid("id").defaultRandom().primaryKey(),
-  userId: uuid("user_id").notNull().references(() => users.id, {
-    onDelete: "cascade"
-  }),
-  tokenHash: varchar("token_hash", {
-    length: 255
-  }).notNull().unique(),
-  expiresAt: timestamp("expires_at").notNull(),
-  userAgent: varchar("user_agent", {
-    length: 500
-  }),
-  ipAddress: varchar("ip_address", {
-    length: 45
-  }),
-  createdAt: timestamp("created_at").defaultNow().notNull()
-}, (table) => ({
-  uniqueDeviceSession: unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
-}));
-const passwordResetTokens = rebaseSchema.table("password_reset_tokens", {
-  id: uuid("id").defaultRandom().primaryKey(),
-  userId: uuid("user_id").notNull().references(() => users.id, {
-    onDelete: "cascade"
-  }),
-  tokenHash: varchar("token_hash", {
-    length: 255
-  }).notNull().unique(),
-  expiresAt: timestamp("expires_at").notNull(),
-  usedAt: timestamp("used_at"),
-  createdAt: timestamp("created_at").defaultNow().notNull()
-});
-const appConfig = rebaseSchema.table("app_config", {
-  key: varchar("key", {
-    length: 100
-  }).primaryKey(),
-  value: jsonb("value").notNull(),
-  updatedAt: timestamp("updated_at").defaultNow().notNull()
-});
-const userIdentities = rebaseSchema.table("user_identities", {
-  id: uuid("id").defaultRandom().primaryKey(),
-  userId: uuid("user_id").notNull().references(() => users.id, {
-    onDelete: "cascade"
-  }),
-  provider: varchar("provider", {
-    length: 50
-  }).notNull(),
-  // e.g. 'google', 'linkedin'
-  providerId: varchar("provider_id", {
-    length: 255
-  }).notNull(),
-  profileData: jsonb("profile_data"),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").defaultNow().notNull()
-}, (table) => ({
-  uniqueProviderId: unique("unique_provider_id").on(table.provider, table.providerId)
-}));
+function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase") {
+  const rolesSchema = rolesSchemaName === "public" ? null : pgSchema(rolesSchemaName);
+  const usersSchema2 = usersSchemaName === "public" ? null : pgSchema(usersSchemaName);
+  const rolesTableCreator = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable;
+  const usersTableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgTable;
+  const users2 = usersTableCreator("users", {
+    id: uuid("id").defaultRandom().primaryKey(),
+    email: varchar("email", {
+      length: 255
+    }).notNull().unique(),
+    passwordHash: varchar("password_hash", {
+      length: 255
+    }),
+    // NULL for OAuth-only users
+    displayName: varchar("display_name", {
+      length: 255
+    }),
+    photoUrl: varchar("photo_url", {
+      length: 500
+    }),
+    emailVerified: boolean("email_verified").default(false).notNull(),
+    emailVerificationToken: varchar("email_verification_token", {
+      length: 255
+    }),
+    emailVerificationSentAt: timestamp("email_verification_sent_at"),
+    metadata: jsonb("metadata").$type().default({}).notNull(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull()
+  });
+  const roles2 = rolesTableCreator("roles", {
+    id: varchar("id", {
+      length: 50
+    }).primaryKey(),
+    // 'admin', 'editor', 'viewer'
+    name: varchar("name", {
+      length: 100
+    }).notNull(),
+    isAdmin: boolean("is_admin").default(false).notNull(),
+    defaultPermissions: jsonb("default_permissions").$type(),
+    collectionPermissions: jsonb("collection_permissions").$type(),
+    config: jsonb("config").$type()
+  });
+  const userRoles2 = rolesTableCreator("user_roles", {
+    userId: uuid("user_id").notNull().references(() => users2.id, {
+      onDelete: "cascade"
+    }),
+    roleId: varchar("role_id", {
+      length: 50
+    }).notNull().references(() => roles2.id, {
+      onDelete: "cascade"
+    })
+  }, (table) => ({
+    pk: primaryKey({
+      columns: [table.userId, table.roleId]
+    })
+  }));
+  const refreshTokens2 = rolesTableCreator("refresh_tokens", {
+    id: uuid("id").defaultRandom().primaryKey(),
+    userId: uuid("user_id").notNull().references(() => users2.id, {
+      onDelete: "cascade"
+    }),
+    tokenHash: varchar("token_hash", {
+      length: 255
+    }).notNull().unique(),
+    expiresAt: timestamp("expires_at").notNull(),
+    userAgent: varchar("user_agent", {
+      length: 500
+    }),
+    ipAddress: varchar("ip_address", {
+      length: 45
+    }),
+    createdAt: timestamp("created_at").defaultNow().notNull()
+  }, (table) => ({
+    uniqueDeviceSession: unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
+  }));
+  const passwordResetTokens2 = rolesTableCreator("password_reset_tokens", {
+    id: uuid("id").defaultRandom().primaryKey(),
+    userId: uuid("user_id").notNull().references(() => users2.id, {
+      onDelete: "cascade"
+    }),
+    tokenHash: varchar("token_hash", {
+      length: 255
+    }).notNull().unique(),
+    expiresAt: timestamp("expires_at").notNull(),
+    usedAt: timestamp("used_at"),
+    createdAt: timestamp("created_at").defaultNow().notNull()
+  });
+  const appConfig2 = rolesTableCreator("app_config", {
+    key: varchar("key", {
+      length: 100
+    }).primaryKey(),
+    value: jsonb("value").notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull()
+  });
+  const userIdentities2 = rolesTableCreator("user_identities", {
+    id: uuid("id").defaultRandom().primaryKey(),
+    userId: uuid("user_id").notNull().references(() => users2.id, {
+      onDelete: "cascade"
+    }),
+    provider: varchar("provider", {
+      length: 50
+    }).notNull(),
+    // e.g. 'google', 'linkedin'
+    providerId: varchar("provider_id", {
+      length: 255
+    }).notNull(),
+    profileData: jsonb("profile_data"),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull()
+  }, (table) => ({
+    uniqueProviderId: unique("unique_provider_id").on(table.provider, table.providerId)
+  }));
+  return {
+    rolesSchema,
+    usersSchema: usersSchema2,
+    users: users2,
+    roles: roles2,
+    userRoles: userRoles2,
+    refreshTokens: refreshTokens2,
+    passwordResetTokens: passwordResetTokens2,
+    appConfig: appConfig2,
+    userIdentities: userIdentities2
+  };
+}
+const defaultAuthSchema = createAuthSchema("rebase", "rebase");
+const rebaseSchema = defaultAuthSchema.rolesSchema;
+const usersSchema = defaultAuthSchema.usersSchema;
+const users = defaultAuthSchema.users;
+const roles = defaultAuthSchema.roles;
+const userRoles = defaultAuthSchema.userRoles;
+const refreshTokens = defaultAuthSchema.refreshTokens;
+const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
+const appConfig = defaultAuthSchema.appConfig;
+const userIdentities = defaultAuthSchema.userIdentities;
 const usersRelations = relations(users, ({
   many
 }) => ({
@@ -7470,6 +7680,15 @@ const getDrizzleColumn = (propName, prop, collection, collections) => {
       }
       break;
     }
+    case "vector": {
+      const vp = prop;
+      columnDefinition = `vector("${colName}", { dimensions: ${vp.dimensions} })`;
+      break;
+    }
+    case "binary": {
+      columnDefinition = `customType({ dataType() { return 'bytea'; } })("${colName}")`;
+      break;
+    }
     case "relation": {
       const refProp = prop;
       const resolvedRelations = resolveCollectionRelations(collection);
@@ -7536,7 +7755,7 @@ const getDrizzleColumn = (propName, prop, collection, collections) => {
   return `    ${propName}: ${columnDefinition}`;
 };
 const resolveRawSql = (expression) => {
-  const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => `\${table.${col}}`);
+  const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => col);
   return `sql\`${resolved}\``;
 };
 const wrapWithRoleCheck = (clause, roles2) => {
@@ -7548,7 +7767,7 @@ const unwrapSql = (sqlExpr) => {
   const match = sqlExpr.match(/^sql`(.*)`$/s);
   return match ? match[1] : sqlExpr;
 };
-const buildUsingClause = (rule) => {
+const buildUsingClause = (rule, collection) => {
   if (rule.using) {
     return resolveRawSql(rule.using);
   }
@@ -7556,15 +7775,17 @@ const buildUsingClause = (rule) => {
     return "sql`true`";
   }
   if (rule.ownerField) {
-    return `sql\`\${table.${rule.ownerField}} = auth.uid()\``;
+    const prop = collection.properties?.[rule.ownerField];
+    const colName = resolveColumnName(rule.ownerField, prop);
+    return `sql\`${colName} = auth.uid()\``;
   }
   return null;
 };
-const buildWithCheckClause = (rule) => {
+const buildWithCheckClause = (rule, collection) => {
   if (rule.withCheck) {
     return resolveRawSql(rule.withCheck);
   }
-  return buildUsingClause(rule);
+  return buildUsingClause(rule, collection);
 };
 const getPolicyNameHash = (rule) => {
   const data = JSON.stringify({
@@ -7580,21 +7801,22 @@ const getPolicyNameHash = (rule) => {
   });
   return createHash("sha1").update(data).digest("hex").substring(0, 7);
 };
-const generatePolicyCode = (tableName, rule, index) => {
+const generatePolicyCode = (collection, rule, index) => {
+  const tableName = getTableName(collection);
   const ops = rule.operations && rule.operations.length > 0 ? rule.operations : [rule.operation ?? "all"];
   const ruleHash = getPolicyNameHash(rule);
   return ops.map((op, opIdx) => {
     const policyName = rule.name ? ops.length > 1 ? `${rule.name}_${op}` : rule.name : `${tableName}_${op}_${ruleHash}${ops.length > 1 ? `_${opIdx}` : ""}`;
-    return generateSinglePolicyCode(tableName, rule, op, policyName);
+    return generateSinglePolicyCode(collection, rule, op, policyName);
   }).join("");
 };
-const generateSinglePolicyCode = (tableName, rule, operation, policyName) => {
+const generateSinglePolicyCode = (collection, rule, operation, policyName) => {
   const mode = rule.mode ?? "permissive";
   const roles2 = rule.roles ? [...rule.roles].sort() : void 0;
   const needsUsing = operation !== "insert";
   const needsWithCheck = operation !== "select" && operation !== "delete";
-  let usingClause = needsUsing ? buildUsingClause(rule) : null;
-  let withCheckClause = needsWithCheck ? buildWithCheckClause(rule) : null;
+  let usingClause = needsUsing ? buildUsingClause(rule, collection) : null;
+  let withCheckClause = needsWithCheck ? buildWithCheckClause(rule, collection) : null;
   if (roles2 && roles2.length > 0) {
     if (usingClause) {
       usingClause = wrapWithRoleCheck(usingClause, roles2);
@@ -7663,12 +7885,26 @@ const computeSharedRelationName = (rel, sourceCollection, _collections) => {
 const generateSchema = async (collections, stripPolicies = false) => {
   let schemaContent = "// This file is auto-generated by the Rebase Drizzle generator. Do not edit manually.\n\n";
   const hasUuid = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "string" && (p.autoValue === "uuid" || p.isId === "uuid")));
-  collections.some((c) => c.properties && Object.values(c.properties).some((p) => (p.type === "map" || p.type === "array") && p.columnType === "json"));
+  const hasVector = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "vector"));
+  const hasBinary = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "binary"));
   const pgCoreImports = ["primaryKey", "pgTable", "integer", "varchar", "text", "char", "boolean", "timestamp", "date", "time", "jsonb", "json", "pgEnum", "numeric", "real", "doublePrecision", "bigint", "serial", "bigserial", "pgPolicy"];
   if (hasUuid) pgCoreImports.push("uuid");
+  if (hasVector) pgCoreImports.push("vector");
+  if (hasBinary) pgCoreImports.push("customType");
+  const uniqueSchemas = Array.from(new Set(collections.map((c) => isPostgresCollection(c) ? c.schema : void 0).filter(Boolean)));
+  if (uniqueSchemas.length > 0) {
+    pgCoreImports.push("pgSchema");
+  }
   schemaContent += `import { ${pgCoreImports.join(", ")} } from 'drizzle-orm/pg-core';
 `;
   schemaContent += "import { relations as drizzleRelations, sql } from 'drizzle-orm';\n\n";
+  uniqueSchemas.forEach((schema) => {
+    schemaContent += `export const ${schema}Schema = pgSchema("${schema}");
+`;
+  });
+  if (uniqueSchemas.length > 0) {
+    schemaContent += "\n";
+  }
   const exportedTableVars = [];
   const exportedEnumVars = [];
   const exportedRelationVars = [];
@@ -7723,6 +7959,9 @@ const generateSchema = async (collections, stripPolicies = false) => {
     const tableVarName = getTableVarName(tableName);
     if (isJunction && relation && sourceCollection && relation.through) {
       const targetCollection = relation.target();
+      const schema = (isPostgresCollection(targetCollection) ? targetCollection.schema : void 0) || (isPostgresCollection(sourceCollection) ? sourceCollection.schema : void 0);
+      const tableCreator = schema ? `${schema}Schema.table` : "pgTable";
+      const baseTableName = tableName.includes(".") ? tableName.split(".").pop() : tableName;
       const {
         sourceColumn,
         targetColumn
@@ -7733,7 +7972,7 @@ const generateSchema = async (collections, stripPolicies = false) => {
       const targetColType = isNumericId(targetCollection) ? "integer" : getPrimaryKeyProp(targetCollection).isUuid ? "uuid" : "varchar";
       const sourceId = getPrimaryKeyName(sourceCollection);
       const targetId = getPrimaryKeyName(targetCollection);
-      schemaContent += `export const ${tableVarName} = pgTable("${tableName}", {
+      schemaContent += `export const ${tableVarName} = ${tableCreator}("${baseTableName}", {
 `;
       schemaContent += `    ${sourceColumn}: ${sourceColType}("${sourceColumn}").notNull().references(() => ${getTableVarName(getTableName(sourceCollection))}.${sourceId}, ${refOptions}),
 `;
@@ -7744,7 +7983,10 @@ const generateSchema = async (collections, stripPolicies = false) => {
 `;
       schemaContent += "}));\n\n";
     } else if (!isJunction) {
-      schemaContent += `export const ${tableVarName} = pgTable("${tableName}", {
+      const schema = isPostgresCollection(collection) ? collection.schema : void 0;
+      const tableCreator = schema ? `${schema}Schema.table` : "pgTable";
+      const baseTableName = tableName.includes(".") ? tableName.split(".").pop() : tableName;
+      schemaContent += `export const ${tableVarName} = ${tableCreator}("${baseTableName}", {
 `;
       const columns = /* @__PURE__ */ new Set();
       Object.entries(collection.properties ?? {}).forEach(([propName, prop]) => {
@@ -7760,7 +8002,7 @@ const generateSchema = async (collections, stripPolicies = false) => {
       if (!stripPolicies && securityRules && securityRules.length > 0) {
         schemaContent += "\n}, (table) => ([\n";
         securityRules.forEach((rule, idx) => {
-          schemaContent += generatePolicyCode(tableName, rule);
+          schemaContent += generatePolicyCode(collection, rule);
         });
         schemaContent += "])).enableRLS();\n\n";
       } else {
@@ -7805,11 +8047,11 @@ const generateSchema = async (collections, stripPolicies = false) => {
         references: [${sourceTableVar}.${sourceId}],
         relationName: "${owningRelationName}"
     })`);
-        const targetRelName = inverseRelationName ?? owningRelationName;
+        const targetRelationName = inverseRelationName ? inverseRelationName : `${tableName}_${relation.through.targetColumn}`;
         tableRelations.push(`    "${relation.through.targetColumn}": one(${targetTableVar}, {
         fields: [${tableVarName}.${relation.through.targetColumn}],
         references: [${targetTableVar}.${targetId}],
-        relationName: "${targetRelName}"
+        relationName: "${targetRelationName}"
     })`);
       }
     } else {
@@ -7908,6 +8150,89 @@ ${tableRelations.join(",\n")}
   schemaContent += tablesExport + enumsExport + relationsExport;
   return schemaContent;
 };
+const defaultUsersCollection = {
+  name: "Users",
+  singularName: "User",
+  slug: "users",
+  table: "users",
+  icon: "Users",
+  group: "Settings",
+  properties: {
+    id: {
+      name: "ID",
+      type: "string",
+      isId: "uuid"
+    },
+    email: {
+      name: "Email",
+      type: "string",
+      validation: {
+        required: true,
+        unique: true
+      }
+    },
+    password_hash: {
+      name: "Password Hash",
+      type: "string",
+      ui: {
+        hideFromCollection: true
+      }
+    },
+    display_name: {
+      name: "Display Name",
+      type: "string"
+    },
+    photo_url: {
+      name: "Photo URL",
+      type: "string"
+    },
+    email_verified: {
+      name: "Email Verified",
+      type: "boolean",
+      defaultValue: false
+    },
+    email_verification_token: {
+      name: "Email Verification Token",
+      type: "string",
+      ui: {
+        hideFromCollection: true
+      }
+    },
+    email_verification_sent_at: {
+      name: "Email Verification Sent At",
+      type: "date",
+      ui: {
+        hideFromCollection: true
+      }
+    },
+    metadata: {
+      name: "Metadata",
+      type: "map",
+      defaultValue: {},
+      ui: {
+        hideFromCollection: true
+      }
+    },
+    created_at: {
+      name: "Created At",
+      type: "date",
+      autoValue: "on_create",
+      ui: {
+        readOnly: true,
+        hideFromCollection: true
+      }
+    },
+    updated_at: {
+      name: "Updated At",
+      type: "date",
+      autoValue: "on_update",
+      ui: {
+        readOnly: true,
+        hideFromCollection: true
+      }
+    }
+  }
+};
 const formatTerminalText = (text, options = {}) => {
   let codes = "";
   if (options.bold) codes += "\x1B[1m";
@@ -7970,10 +8295,14 @@ const runGeneration = async (collectionsFilePath, outputPath) => {
       const imported = await dynamicImport(fileUrl);
       collections = imported.backendCollections || imported.collections;
     }
-    if (!collections || !Array.isArray(collections) || collections.length === 0) {
-      console.error("Error: Could not find collections array or failed to load directory.");
-      return;
+    if (!collections || !Array.isArray(collections)) {
+      collections = [];
+    }
+    const hasUsersCollection = collections.some((c) => c.slug === "users");
+    if (!hasUsersCollection) {
+      collections.push(defaultUsersCollection);
     }
+    collections.sort((a, b) => a.slug.localeCompare(b.slug));
     const schemaContent = await generateSchema(collections);
     if (outputPath) {
       const outputDir = path.dirname(outputPath);
@@ -8201,29 +8530,14 @@ class RealtimeService extends EventEmitter {
         },
         authContext
       });
-      let entities;
-      if (this.driver) {
-        entities = await this.driver.fetchCollection({
-          path: request.path,
-          collection,
-          filter: request.filter,
-          orderBy: request.orderBy,
-          order: request.order,
-          limit: request.limit,
-          startAfter: request.startAfter,
-          searchString: request.searchString
-        });
-      } else {
-        entities = await this.entityService.fetchCollection(request.path, {
-          filter: request.filter,
-          orderBy: request.orderBy,
-          order: request.order,
-          limit: request.limit,
-          startAfter: request.startAfter,
-          databaseId: request.collection?.databaseId,
-          searchString: request.searchString
-        });
-      }
+      const entities = await this.fetchCollectionWithAuth(request.path, {
+        filter: request.filter,
+        orderBy: request.orderBy,
+        order: request.order,
+        limit: request.limit,
+        startAfter: request.startAfter,
+        searchString: request.searchString
+      }, authContext);
       this.sendCollectionUpdate(clientId, subscriptionId, entities);
     } catch (error) {
       this.sendError(clientId, `Failed to subscribe to collection: ${error}`, subscriptionId);
@@ -8247,16 +8561,7 @@ class RealtimeService extends EventEmitter {
         entityId: request.entityId,
         authContext
       });
-      let entity;
-      if (this.driver) {
-        entity = await this.driver.fetchEntity({
-          path: request.path,
-          entityId: request.entityId,
-          collection
-        });
-      } else {
-        entity = await this.entityService.fetchEntity(request.path, request.entityId, request.collection?.databaseId);
-      }
+      const entity = await this.fetchEntityWithAuth(request.path, String(request.entityId), authContext);
       this.sendEntityUpdate(clientId, subscriptionId, entity || null);
     } catch (error) {
       this.sendError(clientId, `Failed to subscribe to entity: ${request.path} ${request.entityId} ${error}`, subscriptionId);
@@ -8401,87 +8706,77 @@ class RealtimeService extends EventEmitter {
   async fetchCollectionWithAuth(notifyPath, collectionRequest, authContext) {
     if (this.driver) {
       const collection = this.registry.getCollectionByPath(notifyPath);
-      const fetchFn = async () => this.driver.fetchCollection({
-        path: notifyPath,
-        collection,
-        filter: collectionRequest.filter,
-        orderBy: collectionRequest.orderBy,
-        order: collectionRequest.order,
-        limit: collectionRequest.limit,
-        offset: collectionRequest.offset,
-        startAfter: collectionRequest.startAfter,
-        searchString: collectionRequest.searchString
+      const activeAuth = authContext || {
+        userId: "anon",
+        roles: ["anon"]
+      };
+      return await this.db.transaction(async (tx) => {
+        await tx.execute(sql`SELECT set_config('app.user_id', ${activeAuth.userId}, true)`);
+        await tx.execute(sql`SELECT set_config('app.user_roles', ${activeAuth.roles.join(",")}, true)`);
+        await tx.execute(sql`SELECT set_config('app.jwt', ${JSON.stringify({
+          sub: activeAuth.userId,
+          roles: activeAuth.roles
+        })}, true)`);
+        const txEntityService = new EntityService(tx, this.registry);
+        let fetchedEntities;
+        if (collectionRequest.searchString) {
+          fetchedEntities = await txEntityService.searchEntities(notifyPath, collectionRequest.searchString, {
+            filter: collectionRequest.filter,
+            orderBy: collectionRequest.orderBy,
+            order: collectionRequest.order,
+            limit: collectionRequest.limit,
+            databaseId: collectionRequest.databaseId
+          });
+        } else {
+          fetchedEntities = await txEntityService.fetchCollection(notifyPath, {
+            filter: collectionRequest.filter,
+            orderBy: collectionRequest.orderBy,
+            order: collectionRequest.order,
+            limit: collectionRequest.limit,
+            offset: collectionRequest.offset,
+            startAfter: collectionRequest.startAfter,
+            databaseId: collectionRequest.databaseId
+          });
+        }
+        const registryCollection = this.registry.getCollectionByPath(notifyPath);
+        const resolvedCollection = collection ? {
+          ...collection,
+          ...registryCollection
+        } : registryCollection;
+        const callbacks = resolvedCollection?.callbacks;
+        const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
+        if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
+          const contextForCallback = {
+            user: {
+              uid: activeAuth.userId,
+              roles: activeAuth.roles
+            },
+            driver: this.driver,
+            data: this.driver && "data" in this.driver ? this.driver.data : void 0
+          };
+          return await Promise.all(fetchedEntities.map(async (entity) => {
+            let processedEntity = entity;
+            if (callbacks?.afterRead) {
+              processedEntity = await callbacks.afterRead({
+                collection: resolvedCollection,
+                path: notifyPath,
+                entity: processedEntity,
+                context: contextForCallback
+              }) ?? processedEntity;
+            }
+            if (propertyCallbacks?.afterRead) {
+              processedEntity = await propertyCallbacks.afterRead({
+                collection: resolvedCollection,
+                path: notifyPath,
+                entity: processedEntity,
+                context: contextForCallback
+              }) ?? processedEntity;
+            }
+            return processedEntity;
+          }));
+        }
+        return fetchedEntities;
       });
-      if (authContext) {
-        return await this.db.transaction(async (tx) => {
-          await tx.execute(sql`SELECT set_config('app.user_id', ${authContext.userId}, true)`);
-          await tx.execute(sql`SELECT set_config('app.user_roles', ${authContext.roles.join(",")}, true)`);
-          await tx.execute(sql`SELECT set_config('app.jwt', ${JSON.stringify({
-            sub: authContext.userId,
-            roles: authContext.roles
-          })}, true)`);
-          const txEntityService = new EntityService(tx, this.registry);
-          let fetchedEntities;
-          if (collectionRequest.searchString) {
-            fetchedEntities = await txEntityService.searchEntities(notifyPath, collectionRequest.searchString, {
-              filter: collectionRequest.filter,
-              orderBy: collectionRequest.orderBy,
-              order: collectionRequest.order,
-              limit: collectionRequest.limit,
-              databaseId: collectionRequest.databaseId
-            });
-          } else {
-            fetchedEntities = await txEntityService.fetchCollection(notifyPath, {
-              filter: collectionRequest.filter,
-              orderBy: collectionRequest.orderBy,
-              order: collectionRequest.order,
-              limit: collectionRequest.limit,
-              offset: collectionRequest.offset,
-              startAfter: collectionRequest.startAfter,
-              databaseId: collectionRequest.databaseId
-            });
-          }
-          const registryCollection = this.registry.getCollectionByPath(notifyPath);
-          const resolvedCollection = collection ? {
-            ...collection,
-            ...registryCollection
-          } : registryCollection;
-          const callbacks = resolvedCollection?.callbacks;
-          const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
-          if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
-            const contextForCallback = {
-              user: {
-                uid: authContext.userId,
-                roles: authContext.roles
-              },
-              driver: this.driver,
-              data: this.driver ? this.driver.data : void 0
-            };
-            return await Promise.all(fetchedEntities.map(async (entity) => {
-              let processedEntity = entity;
-              if (callbacks?.afterRead) {
-                processedEntity = await callbacks.afterRead({
-                  collection: resolvedCollection,
-                  path: notifyPath,
-                  entity: processedEntity,
-                  context: contextForCallback
-                }) ?? processedEntity;
-              }
-              if (propertyCallbacks?.afterRead) {
-                processedEntity = await propertyCallbacks.afterRead({
-                  collection: resolvedCollection,
-                  path: notifyPath,
-                  entity: processedEntity,
-                  context: contextForCallback
-                }) ?? processedEntity;
-              }
-              return processedEntity;
-            }));
-          }
-          return fetchedEntities;
-        });
-      }
-      return fetchFn();
     }
     if (collectionRequest.searchString) {
       return await this.entityService.searchEntities(notifyPath, collectionRequest.searchString, {
@@ -8545,60 +8840,56 @@ class RealtimeService extends EventEmitter {
   async fetchEntityWithAuth(notifyPath, entityId, authContext) {
     if (this.driver) {
       const collection = this.registry.getCollectionByPath(notifyPath);
-      const fetchFn = async () => this.driver.fetchEntity({
-        path: notifyPath,
-        entityId,
-        collection
-      });
-      if (authContext) {
-        return await this.db.transaction(async (tx) => {
-          await tx.execute(sql`SELECT set_config('app.user_id', ${authContext.userId}, true)`);
-          await tx.execute(sql`SELECT set_config('app.user_roles', ${authContext.roles.join(",")}, true)`);
-          await tx.execute(sql`SELECT set_config('app.jwt', ${JSON.stringify({
-            sub: authContext.userId,
-            roles: authContext.roles
-          })}, true)`);
-          const txEntityService = new EntityService(tx, this.registry);
-          let processedEntity = await txEntityService.fetchEntity(notifyPath, entityId, collection?.databaseId);
-          if (processedEntity) {
-            const registryCollection = this.registry.getCollectionByPath(notifyPath);
-            const resolvedCollection = collection ? {
-              ...collection,
-              ...registryCollection
-            } : registryCollection;
-            const callbacks = resolvedCollection?.callbacks;
-            const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
-            if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
-              const contextForCallback = {
-                user: {
-                  uid: authContext.userId,
-                  roles: authContext.roles
-                },
-                driver: this.driver,
-                data: this.driver ? this.driver.data : void 0
-              };
-              if (callbacks?.afterRead) {
-                processedEntity = await callbacks.afterRead({
-                  collection: resolvedCollection,
-                  path: notifyPath,
-                  entity: processedEntity,
-                  context: contextForCallback
-                }) ?? processedEntity;
-              }
-              if (propertyCallbacks?.afterRead) {
-                processedEntity = await propertyCallbacks.afterRead({
-                  collection: resolvedCollection,
-                  path: notifyPath,
-                  entity: processedEntity,
-                  context: contextForCallback
-                }) ?? processedEntity;
-              }
+      const activeAuth = authContext || {
+        userId: "anon",
+        roles: ["anon"]
+      };
+      return await this.db.transaction(async (tx) => {
+        await tx.execute(sql`SELECT set_config('app.user_id', ${activeAuth.userId}, true)`);
+        await tx.execute(sql`SELECT set_config('app.user_roles', ${activeAuth.roles.join(",")}, true)`);
+        await tx.execute(sql`SELECT set_config('app.jwt', ${JSON.stringify({
+          sub: activeAuth.userId,
+          roles: activeAuth.roles
+        })}, true)`);
+        const txEntityService = new EntityService(tx, this.registry);
+        let processedEntity = await txEntityService.fetchEntity(notifyPath, entityId, collection?.databaseId);
+        if (processedEntity) {
+          const registryCollection = this.registry.getCollectionByPath(notifyPath);
+          const resolvedCollection = collection ? {
+            ...collection,
+            ...registryCollection
+          } : registryCollection;
+          const callbacks = resolvedCollection?.callbacks;
+          const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
+          if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
+            const contextForCallback = {
+              user: {
+                uid: activeAuth.userId,
+                roles: activeAuth.roles
+              },
+              driver: this.driver,
+              data: this.driver && "data" in this.driver ? this.driver.data : void 0
+            };
+            if (callbacks?.afterRead) {
+              processedEntity = await callbacks.afterRead({
+                collection: resolvedCollection,
+                path: notifyPath,
+                entity: processedEntity,
+                context: contextForCallback
+              }) ?? processedEntity;
+            }
+            if (propertyCallbacks?.afterRead) {
+              processedEntity = await propertyCallbacks.afterRead({
+                collection: resolvedCollection,
+                path: notifyPath,
+                entity: processedEntity,
+                context: contextForCallback
+              }) ?? processedEntity;
             }
           }
-          return processedEntity;
-        });
-      }
-      return fetchFn();
+        }
+        return processedEntity;
+      });
     }
     return await this.entityService.fetchEntity(notifyPath, entityId);
   }
@@ -8666,6 +8957,31 @@ class RealtimeService extends EventEmitter {
     return parentPaths;
   }
   // =============================================================================
+  // Lifecycle / Cleanup
+  // =============================================================================
+  /**
+   * Gracefully tear down all realtime resources.
+   *
+   * This MUST be called during process shutdown, **before** `pool.end()`.
+   * It ensures:
+   *  1. All debounced refetch timers are cancelled (prevents queries after pool closes).
+   *  2. All subscription state and callbacks are cleared.
+   *  3. The dedicated LISTEN client (outside the pool) is disconnected.
+   *  4. All WebSocket clients are removed (but not forcefully closed — the
+   *     HTTP server close will handle that).
+   */
+  async destroy() {
+    for (const [key, timer] of this.refetchTimers) {
+      clearTimeout(timer);
+      this.refetchTimers.delete(key);
+    }
+    this._subscriptions.clear();
+    this.subscriptionCallbacks.clear();
+    await this.stopListening();
+    this.clients.clear();
+    this.debugLog("🧹 [RealtimeService] destroy() complete — all resources released.");
+  }
+  // =============================================================================
   // Cross-Instance LISTEN/NOTIFY
   // =============================================================================
   /**
@@ -8806,8 +9122,23 @@ const clientSessions = /* @__PURE__ */ new Map();
 const WS_RATE_LIMIT = 2e3;
 const WS_RATE_WINDOW_MS = 6e4;
 const ADMIN_ONLY_TYPES = /* @__PURE__ */ new Set(["EXECUTE_SQL", "FETCH_DATABASES", "FETCH_ROLES", "FETCH_UNMAPPED_TABLES", "FETCH_TABLE_METADATA", "FETCH_CURRENT_DATABASE", "CREATE_BRANCH", "DELETE_BRANCH", "LIST_BRANCHES"]);
+function extractErrorMessage(error) {
+  if (!error) return "Unknown error";
+  if (typeof error === "object") {
+    const err = error;
+    if (err.cause) {
+      return extractErrorMessage(err.cause);
+    }
+    if (typeof err.message === "string") {
+      return err.message;
+    }
+  }
+  return String(error);
+}
 function isAdminSession(session) {
-  if (!session?.user?.roles) return false;
+  if (!session?.user) return false;
+  if (session.user.isAdmin) return true;
+  if (!session.user.roles) return false;
   return session.user.roles.some((r) => {
     if (typeof r === "string") return r === "admin";
     if (r && typeof r === "object" && "isAdmin" in r) return r.isAdmin;
@@ -8815,7 +9146,7 @@ function isAdminSession(session) {
     return false;
   });
 }
-function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
+function createPostgresWebSocket(server, realtimeService, driver, authConfig, authAdapter) {
   const isProduction = process.env.NODE_ENV === "production";
   const wsDebug = (...args) => {
     if (!isProduction) console.debug(...args);
@@ -8829,7 +9160,7 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
     }
     console.error("❌ [WebSocket Server] Error:", err);
   });
-  const requireAuth = authConfig?.requireAuth !== false && authConfig?.jwtSecret;
+  const requireAuth = authAdapter ? true : authConfig?.requireAuth !== false && !!authConfig?.jwtSecret;
   wss.on("connection", (ws) => {
     const clientId = `client_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
     wsDebug(`WebSocket client connected: ${clientId}`);
@@ -8874,11 +9205,37 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
             sendError("AUTH_ERROR", "INVALID_INPUT", "Token is required");
             return;
           }
-          const user = extractUserFromToken(token);
-          if (user) {
+          let verifiedUser = null;
+          if (authAdapter) {
+            try {
+              const adapterUser = authAdapter.verifyToken ? await authAdapter.verifyToken(token) : await authAdapter.verifyRequest(new Request("http://localhost/_ws_auth", {
+                headers: {
+                  Authorization: `Bearer ${token}`
+                }
+              }));
+              if (adapterUser) {
+                verifiedUser = {
+                  userId: adapterUser.uid,
+                  roles: adapterUser.roles,
+                  isAdmin: adapterUser.isAdmin
+                };
+              }
+            } catch {
+            }
+          } else {
+            const jwtPayload = extractUserFromToken(token);
+            if (jwtPayload) {
+              verifiedUser = {
+                userId: jwtPayload.userId,
+                roles: jwtPayload.roles ?? [],
+                isAdmin: (jwtPayload.roles ?? []).some((r) => r === "admin")
+              };
+            }
+          }
+          if (verifiedUser) {
             const session = clientSessions.get(clientId);
             if (session) {
-              session.user = user;
+              session.user = verifiedUser;
               session.authenticated = true;
             }
             wsDebug(`[WS] replying AUTH_SUCCESS for requestId ${requestId}`);
@@ -8886,11 +9243,11 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
               type: "AUTH_SUCCESS",
               requestId,
               payload: {
-                userId: user.userId,
-                roles: user.roles
+                userId: verifiedUser.userId,
+                roles: verifiedUser.roles
               }
             }));
-            wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${user.userId}`);
+            wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${verifiedUser.userId}`);
           } else {
             wsDebug(`[WS] replying AUTH_ERROR for requestId ${requestId} (invalid token)`);
             sendError("AUTH_ERROR", "INVALID_TOKEN", "Invalid or expired token");
@@ -8928,16 +9285,19 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
         }
         const getScopedDelegate = async () => {
           const session = clientSessions.get(clientId);
-          if (session?.user && "withAuth" in driver && typeof driver.withAuth === "function") {
+          if ("withAuth" in driver && typeof driver.withAuth === "function") {
             try {
-              const userForAuth = {
+              const userForAuth = session?.user ? {
                 uid: session.user.userId,
                 roles: session.user.roles ?? []
+              } : {
+                uid: "anon",
+                roles: ["anon"]
               };
               return await driver.withAuth(userForAuth);
             } catch (e) {
-              console.error("Failed to create authenticated delegate for WS request", e);
-              return driver;
+              console.error("Failed to create RLS scoped delegate for WS request", e);
+              throw new Error("Internal authentication error");
             }
           }
           return driver;
@@ -9068,24 +9428,29 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
                 sql: sql2,
                 options
               } = payload;
-              const delegate = await getScopedDelegate();
-              const admin = delegate.admin;
-              if (!isSQLAdmin(admin)) {
-                sendError("ERROR", "NOT_SUPPORTED", "SQL execution is not available for this driver.");
-                break;
-              }
-              const result = await admin.executeSql(sql2, options);
-              if (process.env.NODE_ENV !== "production") {
-                wsDebug(`⚡ [WebSocket Server] SQL executed. Returned ${Array.isArray(result) ? result.length : "non-array"} rows.`);
+              try {
+                const delegate = await getScopedDelegate();
+                const admin = delegate.admin;
+                if (!isSQLAdmin(admin)) {
+                  sendError("ERROR", "NOT_SUPPORTED", "SQL execution is not available for this driver.");
+                  break;
+                }
+                const result = await admin.executeSql(sql2, options);
+                if (process.env.NODE_ENV !== "production") {
+                  wsDebug(`⚡ [WebSocket Server] SQL executed. Returned ${Array.isArray(result) ? result.length : "non-array"} rows.`);
+                }
+                const response = {
+                  type: "EXECUTE_SQL_SUCCESS",
+                  payload: {
+                    result
+                  },
+                  requestId
+                };
+                ws.send(JSON.stringify(response));
+              } catch (sqlError) {
+                const errMsg = extractErrorMessage(sqlError);
+                sendError("ERROR", "SQL_ERROR", errMsg);
               }
-              const response = {
-                type: "EXECUTE_SQL_SUCCESS",
-                payload: {
-                  result
-                },
-                requestId
-              };
-              ws.send(JSON.stringify(response));
             }
             break;
           case "FETCH_DATABASES":
@@ -9264,7 +9629,10 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
             const authContext = session?.user ? {
               userId: session.user.userId,
               roles: session.user.roles ?? []
-            } : void 0;
+            } : {
+              userId: "anon",
+              roles: ["anon"]
+            };
             await realtimeService.handleClientMessage(clientId, {
               type,
               payload,
@@ -9408,29 +9776,58 @@ const DEFAULT_ROLES = [{
   },
   config: null
 }];
-async function ensureAuthTablesExist(db) {
+async function ensureAuthTablesExist(db, registry) {
   console.log("🔍 Checking auth tables...");
   try {
+    let usersTableName = '"users"';
+    let userIdType = "TEXT";
+    let usersSchema2 = "public";
+    if (registry) {
+      const usersTable = registry.getTable("users");
+      if (usersTable) {
+        const {
+          getTableName: getTableName2
+        } = await import("drizzle-orm");
+        usersSchema2 = getTableConfig(usersTable).schema || "public";
+        usersTableName = usersSchema2 === "public" ? `"${getTableName2(usersTable)}"` : `"${usersSchema2}"."${getTableName2(usersTable)}"`;
+        if (usersTable.id) {
+          const col = usersTable.id;
+          const meta = getColumnMeta(col);
+          const columnType = meta.columnType;
+          if (columnType === "PgUUID") {
+            userIdType = "UUID";
+          } else if (columnType === "PgSerial" || columnType === "PgInteger") {
+            userIdType = "INTEGER";
+          } else if (columnType === "PgBigInt" || columnType === "PgBigSerial") {
+            userIdType = "BIGINT";
+          }
+        }
+      }
+    }
+    let rolesSchema = "rebase";
+    if (registry) {
+      const rolesTable = registry.getTable("roles");
+      if (rolesTable) {
+        rolesSchema = getTableConfig(rolesTable).schema || "public";
+      }
+    }
+    if (usersSchema2 !== "public") {
+      await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(usersSchema2)}`);
+    }
+    if (rolesSchema !== "public" && rolesSchema !== usersSchema2) {
+      await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(rolesSchema)}`);
+    }
     await db.execute(sql`CREATE SCHEMA IF NOT EXISTS rebase`);
+    const userIdentitiesTable = `"${rolesSchema}"."user_identities"`;
+    const rolesTableName = `"${rolesSchema}"."roles"`;
+    const userRolesTableName = `"${rolesSchema}"."user_roles"`;
+    const refreshTokensTableName = `"${rolesSchema}"."refresh_tokens"`;
+    const passwordResetTokensTableName = `"${rolesSchema}"."password_reset_tokens"`;
+    const appConfigTableName = `"${rolesSchema}"."app_config"`;
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.users (
+            CREATE TABLE IF NOT EXISTS ${sql.raw(userIdentitiesTable)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                email TEXT NOT NULL UNIQUE,
-                password_hash TEXT,
-                display_name TEXT,
-                photo_url TEXT,
-                created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
-                updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-            )
-        `);
-    await db.execute(sql`
-            CREATE INDEX IF NOT EXISTS idx_users_email 
-            ON rebase.users(email)
-        `);
-    await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.user_identities (
-                id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 provider TEXT NOT NULL,
                 provider_id TEXT NOT NULL,
                 profile_data JSONB,
@@ -9441,10 +9838,10 @@ async function ensureAuthTablesExist(db) {
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_user_identities_user 
-            ON rebase.user_identities(user_id)
+            ON ${sql.raw(userIdentitiesTable)}(user_id)
         `);
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.roles (
+            CREATE TABLE IF NOT EXISTS ${sql.raw(rolesTableName)} (
                 id TEXT PRIMARY KEY,
                 name TEXT NOT NULL,
                 is_admin BOOLEAN DEFAULT FALSE,
@@ -9455,20 +9852,20 @@ async function ensureAuthTablesExist(db) {
             )
         `);
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.user_roles (
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
-                role_id TEXT NOT NULL REFERENCES rebase.roles(id) ON DELETE CASCADE,
+            CREATE TABLE IF NOT EXISTS ${sql.raw(userRolesTableName)} (
+                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
+                role_id TEXT NOT NULL REFERENCES ${sql.raw(rolesTableName)}(id) ON DELETE CASCADE,
                 PRIMARY KEY (user_id, role_id)
             )
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_user_roles_user 
-            ON rebase.user_roles(user_id)
+            ON ${sql.raw(userRolesTableName)}(user_id)
         `);
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.refresh_tokens (
+            CREATE TABLE IF NOT EXISTS ${sql.raw(refreshTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 token_hash TEXT NOT NULL UNIQUE,
                 expires_at TIMESTAMP WITH TIME ZONE NOT NULL,
                 user_agent TEXT,
@@ -9479,16 +9876,16 @@ async function ensureAuthTablesExist(db) {
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_refresh_tokens_hash 
-            ON rebase.refresh_tokens(token_hash)
+            ON ${sql.raw(refreshTokensTableName)}(token_hash)
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_refresh_tokens_user 
-            ON rebase.refresh_tokens(user_id)
+            ON ${sql.raw(refreshTokensTableName)}(user_id)
         `);
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.password_reset_tokens (
+            CREATE TABLE IF NOT EXISTS ${sql.raw(passwordResetTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 token_hash TEXT NOT NULL UNIQUE,
                 expires_at TIMESTAMP WITH TIME ZONE NOT NULL,
                 used_at TIMESTAMP WITH TIME ZONE,
@@ -9497,20 +9894,19 @@ async function ensureAuthTablesExist(db) {
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_hash 
-            ON rebase.password_reset_tokens(token_hash)
+            ON ${sql.raw(passwordResetTokensTableName)}(token_hash)
         `);
     await db.execute(sql`
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_user 
-            ON rebase.password_reset_tokens(user_id)
+            ON ${sql.raw(passwordResetTokensTableName)}(user_id)
         `);
     await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS rebase.app_config (
+            CREATE TABLE IF NOT EXISTS ${sql.raw(appConfigTableName)} (
                 key TEXT PRIMARY KEY,
                 value JSONB NOT NULL,
                 updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
             )
         `);
-    await applyInternalMigrations(db);
     await db.execute(sql`CREATE SCHEMA IF NOT EXISTS auth`);
     await db.transaction(async (tx) => {
       await tx.execute(sql`SELECT pg_advisory_xact_lock(hashtext('rebase_auth_functions_init'))`);
@@ -9533,15 +9929,15 @@ async function ensureAuthTablesExist(db) {
                 $$ LANGUAGE sql STABLE
             `);
     });
-    await seedDefaultRoles(db);
+    await seedDefaultRoles(db, rolesTableName);
     console.log("✅ Auth tables ready");
   } catch (error) {
     console.error("❌ Failed to create auth tables:", error);
     console.warn("⚠️ Continuing without creating auth tables.");
   }
 }
-async function seedDefaultRoles(db) {
-  const result = await db.execute(sql`SELECT COUNT(*) as count FROM rebase.roles`);
+async function seedDefaultRoles(db, rolesTableName) {
+  const result = await db.execute(sql`SELECT COUNT(*) as count FROM ${sql.raw(rolesTableName)}`);
   const count2 = parseInt(result.rows[0]?.count || "0", 10);
   if (count2 > 0) {
     console.log(`📋 Found ${count2} existing roles`);
@@ -9550,7 +9946,7 @@ async function seedDefaultRoles(db) {
   console.log("🌱 Seeding default roles...");
   for (const role of DEFAULT_ROLES) {
     await db.execute(sql`
-            INSERT INTO rebase.roles (id, name, is_admin, default_permissions, config)
+            INSERT INTO ${sql.raw(rolesTableName)} (id, name, is_admin, default_permissions, config)
             VALUES (
                 ${role.id}, 
                 ${role.name}, 
@@ -9563,142 +9959,156 @@ async function seedDefaultRoles(db) {
   }
   console.log("✅ Default roles created: admin, editor, viewer");
 }
-async function applyInternalMigrations(db) {
-  try {
-    await db.execute(sql`
-            ALTER TABLE rebase.users 
-            ADD COLUMN IF NOT EXISTS email_verified BOOLEAN DEFAULT FALSE,
-            ADD COLUMN IF NOT EXISTS email_verification_token TEXT,
-            ADD COLUMN IF NOT EXISTS email_verification_sent_at TIMESTAMP WITH TIME ZONE
-        `);
-    const columnsCheck = await db.execute(sql`
-            SELECT column_name 
-            FROM information_schema.columns 
-            WHERE table_schema='rebase' AND table_name='users' AND column_name IN ('google_id', 'linkedin_id', 'provider')
-        `);
-    const existingColumns = columnsCheck.rows.map((r) => r.column_name);
-    if (existingColumns.includes("google_id")) {
-      await db.execute(sql`
-                INSERT INTO rebase.user_identities (user_id, provider, provider_id)
-                SELECT id, 'google', google_id
-                FROM rebase.users
-                WHERE google_id IS NOT NULL
-                ON CONFLICT (provider, provider_id) DO NOTHING
-            `);
-    }
-    if (existingColumns.includes("linkedin_id")) {
-      await db.execute(sql`
-                INSERT INTO rebase.user_identities (user_id, provider, provider_id)
-                SELECT id, 'linkedin', linkedin_id
-                FROM rebase.users
-                WHERE linkedin_id IS NOT NULL
-                ON CONFLICT (provider, provider_id) DO NOTHING
-            `);
-    }
-    if (existingColumns.length > 0) {
-      await db.execute(sql`
-                ALTER TABLE rebase.users
-                DROP COLUMN IF EXISTS provider,
-                DROP COLUMN IF EXISTS google_id,
-                DROP COLUMN IF EXISTS linkedin_id
-            `);
-      await db.execute(sql`DROP INDEX IF EXISTS rebase.idx_users_google_id`);
-      await db.execute(sql`DROP INDEX IF EXISTS rebase.idx_users_linkedin_id`);
-      console.log("✅ Migrated to user_identities and dropped legacy columns.");
-    }
-    await db.execute(sql`
-            ALTER TABLE rebase.roles 
-            ADD COLUMN IF NOT EXISTS collection_permissions JSONB
-        `);
-    await db.execute(sql`
-            ALTER TABLE rebase.refresh_tokens 
-            ADD COLUMN IF NOT EXISTS user_agent TEXT,
-            ADD COLUMN IF NOT EXISTS ip_address TEXT
-        `);
-    const constraintCheck = await db.execute(sql`
-            SELECT 1 FROM information_schema.table_constraints 
-            WHERE constraint_name = 'unique_device_session' 
-            AND table_schema = 'rebase'
-            AND table_name = 'refresh_tokens'
-        `);
-    if (constraintCheck.rows.length === 0) {
-      try {
-        await db.execute(sql`
-                    ALTER TABLE rebase.refresh_tokens
-                    ADD CONSTRAINT unique_device_session UNIQUE (user_id, user_agent, ip_address)
-                `);
-        console.log("✅ Added unique_device_session constraint");
-      } catch (e) {
-        const errorMessage = e instanceof Error ? e.message : String(e);
-        if (errorMessage.includes("could not create unique index")) {
-          console.warn("⚠️ Duplicate sessions found, cleaning up before adding constraint...");
-          await db.execute(sql`
-                        DELETE FROM rebase.refresh_tokens a
-                        USING rebase.refresh_tokens b
-                        WHERE a.user_id = b.user_id 
-                        AND COALESCE(a.user_agent, '') = COALESCE(b.user_agent, '')
-                        AND COALESCE(a.ip_address, '') = COALESCE(b.ip_address, '')
-                        AND a.created_at < b.created_at
-                    `);
-          await db.execute(sql`
-                        ALTER TABLE rebase.refresh_tokens
-                        ADD CONSTRAINT unique_device_session UNIQUE (user_id, user_agent, ip_address)
-                    `).catch((retryErr) => {
-            const retryMessage = retryErr instanceof Error ? retryErr.message : String(retryErr);
-            console.error("Failed to add unique_device_session constraint after cleanup:", retryMessage);
-          });
-        } else {
-          console.error("Constraint migration issue:", errorMessage);
-        }
-      }
-    }
-  } catch (error) {
-    console.error("❌ Failed to run internal migrations:", error);
+function getColumnKey(table, ...keys2) {
+  if (!table) return void 0;
+  for (const key of keys2) {
+    if (key in table) return key;
+    const snake = toSnakeCase(key);
+    if (snake in table) return snake;
+    const camel = camelCase(key);
+    if (camel in table) return camel;
   }
+  return void 0;
+}
+function getColumn(table, ...keys2) {
+  if (!table) return void 0;
+  const key = getColumnKey(table, ...keys2);
+  return key ? table[key] : void 0;
 }
 class UserService {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
+    if (tableOrTables && (tableOrTables.users || tableOrTables.roles)) {
+      const tables = tableOrTables;
+      this.usersTable = tables.users || users;
+      this.userIdentitiesTable = tables.userIdentities || userIdentities;
+      this.userRolesTable = tables.userRoles || userRoles;
+      this.rolesTable = tables.roles || roles;
+    } else {
+      const table = tableOrTables;
+      this.usersTable = table || users;
+      this.userIdentitiesTable = userIdentities;
+      this.userRolesTable = userRoles;
+      this.rolesTable = roles;
+    }
+  }
+  usersTable;
+  userIdentitiesTable;
+  userRolesTable;
+  rolesTable;
+  getQualifiedUsersTableName() {
+    const name = getTableName$1(this.usersTable);
+    const schema = getTableConfig(this.usersTable).schema || "public";
+    return `"${schema}"."${name}"`;
+  }
+  mapRowToUser(row) {
+    if (!row) return row;
+    const id = row.id ?? row.uid;
+    const email = row.email;
+    const passwordHash = row.password_hash ?? row.passwordHash ?? null;
+    const displayName = row.display_name ?? row.displayName ?? null;
+    const photoUrl = row.photo_url ?? row.photoUrl ?? row.photoURL ?? null;
+    const emailVerified = row.email_verified ?? row.emailVerified ?? false;
+    const emailVerificationToken = row.email_verification_token ?? row.emailVerificationToken ?? null;
+    const emailVerificationSentAt = row.email_verification_sent_at ?? row.emailVerificationSentAt ?? null;
+    const createdAt = row.created_at ?? row.createdAt;
+    const updatedAt = row.updated_at ?? row.updatedAt;
+    const metadata = {
+      ...row.metadata || {}
+    };
+    const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
+    for (const [key, val] of Object.entries(row)) {
+      if (!knownKeys.has(key)) {
+        const camelKey = camelCase(key);
+        metadata[camelKey] = val;
+      }
+    }
+    return {
+      id,
+      email,
+      passwordHash,
+      displayName,
+      photoUrl,
+      emailVerified,
+      emailVerificationToken,
+      emailVerificationSentAt: emailVerificationSentAt ? new Date(emailVerificationSentAt) : null,
+      createdAt: createdAt ? new Date(createdAt) : /* @__PURE__ */ new Date(),
+      updatedAt: updatedAt ? new Date(updatedAt) : /* @__PURE__ */ new Date(),
+      metadata
+    };
+  }
+  mapPayload(data) {
+    if (!data) return {};
+    const payload = {};
+    const idKey = getColumnKey(this.usersTable, "id") || "id";
+    const emailKey = getColumnKey(this.usersTable, "email") || "email";
+    const passwordHashKey = getColumnKey(this.usersTable, "passwordHash", "password_hash") || "passwordHash";
+    const displayNameKey = getColumnKey(this.usersTable, "displayName", "display_name") || "displayName";
+    const photoUrlKey = getColumnKey(this.usersTable, "photoUrl", "photo_url") || "photoUrl";
+    const emailVerifiedKey = getColumnKey(this.usersTable, "emailVerified", "email_verified") || "emailVerified";
+    const emailVerificationTokenKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+    const emailVerificationSentAtKey = getColumnKey(this.usersTable, "emailVerificationSentAt", "email_verification_sent_at") || "emailVerificationSentAt";
+    const createdAtKey = getColumnKey(this.usersTable, "createdAt", "created_at") || "createdAt";
+    const updatedAtKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+    const metadataKey = getColumnKey(this.usersTable, "metadata") || "metadata";
+    if ("id" in data) payload[idKey] = data.id;
+    if ("email" in data) payload[emailKey] = data.email;
+    if ("passwordHash" in data) payload[passwordHashKey] = data.passwordHash;
+    if ("displayName" in data) payload[displayNameKey] = data.displayName;
+    if ("photoUrl" in data) payload[photoUrlKey] = data.photoUrl;
+    if ("emailVerified" in data) payload[emailVerifiedKey] = data.emailVerified;
+    if ("emailVerificationToken" in data) payload[emailVerificationTokenKey] = data.emailVerificationToken;
+    if ("emailVerificationSentAt" in data) payload[emailVerificationSentAtKey] = data.emailVerificationSentAt;
+    if ("createdAt" in data) payload[createdAtKey] = data.createdAt;
+    if ("updatedAt" in data) payload[updatedAtKey] = data.updatedAt;
+    const metadata = {
+      ...data.metadata || {}
+    };
+    const remainingMetadata = {};
+    for (const [key, val] of Object.entries(metadata)) {
+      const tableColKey = getColumnKey(this.usersTable, key);
+      if (tableColKey && tableColKey !== idKey && tableColKey !== emailKey && tableColKey !== passwordHashKey && tableColKey !== displayNameKey && tableColKey !== photoUrlKey && tableColKey !== emailVerifiedKey && tableColKey !== emailVerificationTokenKey && tableColKey !== emailVerificationSentAtKey && tableColKey !== createdAtKey && tableColKey !== updatedAtKey && tableColKey !== metadataKey) {
+        payload[tableColKey] = val;
+      } else {
+        remainingMetadata[key] = val;
+      }
+    }
+    if (metadataKey in this.usersTable) {
+      payload[metadataKey] = remainingMetadata;
+    }
+    return payload;
   }
   async createUser(data) {
-    const [user] = await this.db.insert(users).values(data).returning();
-    return user;
+    const payload = this.mapPayload(data);
+    const [row] = await this.db.insert(this.usersTable).values(payload).returning();
+    return this.mapRowToUser(row);
   }
   async getUserById(id) {
-    const [user] = await this.db.select().from(users).where(eq(users.id, id));
-    return user || null;
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return null;
+    const [row] = await this.db.select().from(this.usersTable).where(eq(idCol, id));
+    return row ? this.mapRowToUser(row) : null;
   }
   async getUserByEmail(email) {
-    const [user] = await this.db.select().from(users).where(eq(users.email, email.toLowerCase()));
-    return user || null;
+    const emailCol = getColumn(this.usersTable, "email");
+    if (!emailCol) return null;
+    const [row] = await this.db.select().from(this.usersTable).where(eq(emailCol, email.toLowerCase()));
+    return row ? this.mapRowToUser(row) : null;
   }
   async getUserByIdentity(provider, providerId) {
-    const result = await this.db.execute(sql`
-            SELECT u.*
-            FROM rebase.users u
-            INNER JOIN rebase.user_identities ui ON u.id = ui.user_id
-            WHERE ui.provider = ${provider} AND ui.provider_id = ${providerId}
-            LIMIT 1
-        `);
-    if (result.rows.length === 0) return null;
-    const row = result.rows[0];
-    return {
-      id: row.id,
-      email: row.email,
-      passwordHash: row.password_hash ?? null,
-      displayName: row.display_name ?? null,
-      photoUrl: row.photo_url ?? null,
-      emailVerified: row.email_verified ?? false,
-      emailVerificationToken: row.email_verification_token ?? null,
-      emailVerificationSentAt: row.email_verification_sent_at ?? null,
-      createdAt: row.created_at,
-      updatedAt: row.updated_at
-    };
+    const userIdCol = getColumn(this.usersTable, "id");
+    if (!userIdCol) return null;
+    const result = await this.db.select({
+      user: this.usersTable
+    }).from(this.usersTable).innerJoin(this.userIdentitiesTable, eq(userIdCol, this.userIdentitiesTable.userId)).where(sql`${this.userIdentitiesTable.provider} = ${provider} AND ${this.userIdentitiesTable.providerId} = ${providerId}`).limit(1);
+    if (result.length === 0) return null;
+    return this.mapRowToUser(result[0].user);
   }
   async getUserIdentities(userId) {
+    const schema = getTableConfig(this.userIdentitiesTable).schema || "public";
     const result = await this.db.execute(sql`
             SELECT id, user_id, provider, provider_id, profile_data, created_at, updated_at
-            FROM rebase.user_identities
+            FROM ${sql.raw(`"${schema}"."user_identities"`)}
             WHERE user_id = ${userId}
         `);
     return result.rows.map((row) => ({
@@ -9712,27 +10122,32 @@ class UserService {
     }));
   }
   async linkUserIdentity(userId, provider, providerId, profileData) {
-    await this.db.insert(userIdentities).values({
+    await this.db.insert(this.userIdentitiesTable).values({
       userId,
       provider,
       providerId,
       profileData: profileData || null
     }).onConflictDoNothing({
-      target: [userIdentities.provider, userIdentities.providerId]
+      target: [this.userIdentitiesTable.provider, this.userIdentitiesTable.providerId]
     });
   }
   async updateUser(id, data) {
-    const [user] = await this.db.update(users).set({
-      ...data,
-      updatedAt: /* @__PURE__ */ new Date()
-    }).where(eq(users.id, id)).returning();
-    return user || null;
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return null;
+    const payload = this.mapPayload(data);
+    const updatedAtKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+    payload[updatedAtKey] = /* @__PURE__ */ new Date();
+    const [row] = await this.db.update(this.usersTable).set(payload).where(eq(idCol, id)).returning();
+    return row ? this.mapRowToUser(row) : null;
   }
   async deleteUser(id) {
-    await this.db.delete(users).where(eq(users.id, id));
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return;
+    await this.db.delete(this.usersTable).where(eq(idCol, id));
   }
   async listUsers() {
-    return this.db.select().from(users);
+    const rows = await this.db.select().from(this.usersTable);
+    return rows.map((row) => this.mapRowToUser(row));
   }
   async listUsersPaginated(options) {
     const limit = options?.limit ?? 25;
@@ -9741,49 +10156,40 @@ class UserService {
     const orderBy = options?.orderBy || "createdAt";
     const orderDir = options?.orderDir || "desc";
     const roleId = options?.roleId;
-    const columnMap = {
-      email: "email",
-      displayName: "display_name",
-      createdAt: "created_at",
-      updatedAt: "updated_at",
-      provider: "provider"
-    };
-    const orderColumn = columnMap[orderBy] || "created_at";
+    const orderCol = getColumn(this.usersTable, orderBy);
+    const orderColumn = orderCol ? orderCol.name : "created_at";
     const direction = orderDir === "asc" ? sql`ASC` : sql`DESC`;
+    const emailCol = getColumn(this.usersTable, "email");
+    const emailColumn = emailCol ? emailCol.name : "email";
+    const displayNameCol = getColumn(this.usersTable, "displayName", "display_name");
+    const displayNameColumn = displayNameCol ? displayNameCol.name : "display_name";
+    const idCol = getColumn(this.usersTable, "id");
+    const idColumn = idCol ? idCol.name : "id";
+    const usersTableName = this.getQualifiedUsersTableName();
+    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
     const conditions = [];
     if (roleId) {
-      conditions.push(sql`EXISTS (SELECT 1 FROM rebase.user_roles ur WHERE ur.user_id = users.id AND ur.role_id = ${roleId})`);
+      conditions.push(sql`EXISTS (SELECT 1 FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
     }
     if (search) {
       const pattern = `%${search}%`;
-      conditions.push(sql`(email ILIKE ${pattern} OR display_name ILIKE ${pattern})`);
+      conditions.push(sql`(${sql.raw(usersTableName)}.${sql.raw(emailColumn)} ILIKE ${pattern} OR ${sql.raw(usersTableName)}.${sql.raw(displayNameColumn)} ILIKE ${pattern})`);
     }
     const whereClause = conditions.length > 0 ? sql`WHERE ${sql.join(conditions, sql` AND `)}` : sql``;
-    const orderByClause = roleId ? sql`ORDER BY ${sql.raw(orderColumn)} ${direction}` : sql`ORDER BY (SELECT count(*) FROM rebase.user_roles ur WHERE ur.user_id = users.id) DESC, ${sql.raw(orderColumn)} ${direction}`;
+    const orderByClause = roleId ? sql`ORDER BY ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}` : sql`ORDER BY (SELECT count(*) FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)}) DESC, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
     const countResult = await this.db.execute(sql`
-            SELECT count(*)::int as total FROM rebase.users
+            SELECT count(*)::int as total FROM ${sql.raw(usersTableName)}
             ${whereClause}
         `);
     const total = countResult.rows[0].total;
     const dataResult = await this.db.execute(sql`
-            SELECT * FROM rebase.users
+            SELECT * FROM ${sql.raw(usersTableName)}
             ${whereClause}
             ${orderByClause}
             LIMIT ${limit} OFFSET ${offset}
         `);
     const rows = dataResult.rows;
-    const mappedUsers = rows.map((row) => ({
-      id: row.id,
-      email: row.email,
-      passwordHash: row.password_hash ?? row.passwordHash ?? null,
-      displayName: row.display_name ?? row.displayName ?? null,
-      photoUrl: row.photo_url ?? row.photoUrl ?? null,
-      emailVerified: row.email_verified ?? row.emailVerified ?? false,
-      emailVerificationToken: row.email_verification_token ?? row.emailVerificationToken ?? null,
-      emailVerificationSentAt: row.email_verification_sent_at ?? row.emailVerificationSentAt ?? null,
-      createdAt: row.created_at ?? row.createdAt,
-      updatedAt: row.updated_at ?? row.updatedAt
-    }));
+    const mappedUsers = rows.map((row) => this.mapRowToUser(row));
     return {
       users: mappedUsers,
       total,
@@ -9795,46 +10201,63 @@ class UserService {
    * Update user's password hash
    */
   async updatePassword(id, passwordHash) {
-    await this.db.update(users).set({
-      passwordHash,
-      updatedAt: /* @__PURE__ */ new Date()
-    }).where(eq(users.id, id));
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return;
+    const passwordHashColKey = getColumnKey(this.usersTable, "passwordHash", "password_hash") || "passwordHash";
+    const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+    await this.db.update(this.usersTable).set({
+      [passwordHashColKey]: passwordHash,
+      [updatedAtColKey]: /* @__PURE__ */ new Date()
+    }).where(eq(idCol, id));
   }
   /**
    * Set email verification status
    */
   async setEmailVerified(id, verified) {
-    await this.db.update(users).set({
-      emailVerified: verified,
-      emailVerificationToken: null,
-      updatedAt: /* @__PURE__ */ new Date()
-    }).where(eq(users.id, id));
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return;
+    const emailVerifiedColKey = getColumnKey(this.usersTable, "emailVerified", "email_verified") || "emailVerified";
+    const emailVerificationTokenColKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+    const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+    await this.db.update(this.usersTable).set({
+      [emailVerifiedColKey]: verified,
+      [emailVerificationTokenColKey]: null,
+      [updatedAtColKey]: /* @__PURE__ */ new Date()
+    }).where(eq(idCol, id));
   }
   /**
    * Set email verification token
    */
   async setVerificationToken(id, token) {
-    await this.db.update(users).set({
-      emailVerificationToken: token,
-      emailVerificationSentAt: token ? /* @__PURE__ */ new Date() : null,
-      updatedAt: /* @__PURE__ */ new Date()
-    }).where(eq(users.id, id));
+    const idCol = getColumn(this.usersTable, "id");
+    if (!idCol) return;
+    const emailVerificationTokenColKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+    const emailVerificationSentAtColKey = getColumnKey(this.usersTable, "emailVerificationSentAt", "email_verification_sent_at") || "emailVerificationSentAt";
+    const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+    await this.db.update(this.usersTable).set({
+      [emailVerificationTokenColKey]: token,
+      [emailVerificationSentAtColKey]: token ? /* @__PURE__ */ new Date() : null,
+      [updatedAtColKey]: /* @__PURE__ */ new Date()
+    }).where(eq(idCol, id));
   }
   /**
    * Find user by email verification token
    */
   async getUserByVerificationToken(token) {
-    const [user] = await this.db.select().from(users).where(eq(users.emailVerificationToken, token));
-    return user || null;
+    const tokenCol = getColumn(this.usersTable, "emailVerificationToken", "email_verification_token");
+    if (!tokenCol) return null;
+    const [row] = await this.db.select().from(this.usersTable).where(eq(tokenCol, token));
+    return row ? this.mapRowToUser(row) : null;
   }
   /**
    * Get roles for a user from database
    */
   async getUserRoles(userId) {
+    const rolesSchema = getTableConfig(this.rolesTable).schema || "public";
     const result = await this.db.execute(sql`
             SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions, r.config
-            FROM rebase.roles r
-            INNER JOIN rebase.user_roles ur ON r.id = ur.role_id
+            FROM ${sql.raw(`"${rolesSchema}"."roles"`)} r
+            INNER JOIN ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
             WHERE ur.user_id = ${userId}
         `);
     return result.rows.map((row) => ({
@@ -9857,10 +10280,11 @@ class UserService {
    * Set roles for a user
    */
   async setUserRoles(userId, roleIds) {
-    await this.db.execute(sql`DELETE FROM rebase.user_roles WHERE user_id = ${userId}`);
+    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
+    await this.db.execute(sql`DELETE FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
     for (const roleId of roleIds) {
       await this.db.execute(sql`
-                INSERT INTO rebase.user_roles (user_id, role_id)
+                INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
                 VALUES (${userId}, ${roleId})
                 ON CONFLICT DO NOTHING
             `);
@@ -9870,8 +10294,9 @@ class UserService {
    * Assign a specific role to new user
    */
   async assignDefaultRole(userId, roleId) {
+    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
     await this.db.execute(sql`
-            INSERT INTO rebase.user_roles (user_id, role_id)
+            INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
             VALUES (${userId}, ${roleId})
             ON CONFLICT DO NOTHING
         `);
@@ -9890,13 +10315,25 @@ class UserService {
   }
 }
 class RoleService {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
+    if (tableOrTables && (tableOrTables.roles || tableOrTables.users)) {
+      this.rolesTable = tableOrTables.roles || roles;
+    } else {
+      this.rolesTable = tableOrTables || roles;
+    }
+  }
+  rolesTable;
+  getQualifiedRolesTableName() {
+    const name = getTableName$1(this.rolesTable);
+    const schema = getTableConfig(this.rolesTable).schema || "public";
+    return `"${schema}"."${name}"`;
   }
   async getRoleById(id) {
+    const tableName = this.getQualifiedRolesTableName();
     const result = await this.db.execute(sql`
             SELECT id, name, is_admin, default_permissions, collection_permissions, config
-            FROM rebase.roles
+            FROM ${sql.raw(tableName)}
             WHERE id = ${id}
         `);
     if (result.rows.length === 0) return null;
@@ -9911,9 +10348,10 @@ class RoleService {
     };
   }
   async listRoles() {
+    const tableName = this.getQualifiedRolesTableName();
     const result = await this.db.execute(sql`
             SELECT id, name, is_admin, default_permissions, collection_permissions, config
-            FROM rebase.roles
+            FROM ${sql.raw(tableName)}
             ORDER BY name
         `);
     return result.rows.map((row) => ({
@@ -9926,8 +10364,9 @@ class RoleService {
     }));
   }
   async createRole(data) {
+    const tableName = this.getQualifiedRolesTableName();
     const result = await this.db.execute(sql`
-            INSERT INTO rebase.roles (id, name, is_admin, default_permissions, collection_permissions, config)
+            INSERT INTO ${sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions, config)
             VALUES (
                 ${data.id},
                 ${data.name},
@@ -9951,8 +10390,9 @@ class RoleService {
   async updateRole(id, data) {
     const existing = await this.getRoleById(id);
     if (!existing) return null;
+    const tableName = this.getQualifiedRolesTableName();
     await this.db.execute(sql`
-            UPDATE rebase.roles 
+            UPDATE ${sql.raw(tableName)}
             SET 
                 name = ${data.name ?? existing.name},
                 is_admin = ${data.isAdmin ?? existing.isAdmin},
@@ -9964,23 +10404,36 @@ class RoleService {
     return this.getRoleById(id);
   }
   async deleteRole(id) {
-    await this.db.execute(sql`DELETE FROM rebase.roles WHERE id = ${id}`);
+    const tableName = this.getQualifiedRolesTableName();
+    await this.db.execute(sql`DELETE FROM ${sql.raw(tableName)} WHERE id = ${id}`);
   }
 }
 class RefreshTokenService {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
+    if (tableOrTables && (tableOrTables.refreshTokens || tableOrTables.users)) {
+      this.refreshTokensTable = tableOrTables.refreshTokens || refreshTokens;
+    } else {
+      this.refreshTokensTable = tableOrTables || refreshTokens;
+    }
+  }
+  refreshTokensTable;
+  getQualifiedRefreshTokensTableName() {
+    const name = getTableName$1(this.refreshTokensTable);
+    const schema = getTableConfig(this.refreshTokensTable).schema || "public";
+    return `"${schema}"."${name}"`;
   }
   async createToken(userId, tokenHash, expiresAt, userAgent, ipAddress) {
     const safeUserAgent = userAgent || "";
     const safeIpAddress = ipAddress || "";
+    const tableName = this.getQualifiedRefreshTokensTableName();
     await this.db.execute(sql`
-            DELETE FROM rebase.refresh_tokens 
+            DELETE FROM ${sql.raw(tableName)} 
             WHERE user_id = ${userId} 
             AND user_agent = ${safeUserAgent} 
             AND ip_address = ${safeIpAddress}
         `);
-    await this.db.insert(refreshTokens).values({
+    await this.db.insert(this.refreshTokensTable).values({
       userId,
       tokenHash,
       expiresAt,
@@ -9990,51 +10443,63 @@ class RefreshTokenService {
   }
   async findByHash(tokenHash) {
     const [token] = await this.db.select({
-      id: refreshTokens.id,
-      userId: refreshTokens.userId,
-      tokenHash: refreshTokens.tokenHash,
-      expiresAt: refreshTokens.expiresAt,
-      createdAt: refreshTokens.createdAt,
-      userAgent: refreshTokens.userAgent,
-      ipAddress: refreshTokens.ipAddress
-    }).from(refreshTokens).where(eq(refreshTokens.tokenHash, tokenHash));
+      id: this.refreshTokensTable.id,
+      userId: this.refreshTokensTable.userId,
+      tokenHash: this.refreshTokensTable.tokenHash,
+      expiresAt: this.refreshTokensTable.expiresAt,
+      createdAt: this.refreshTokensTable.createdAt,
+      userAgent: this.refreshTokensTable.userAgent,
+      ipAddress: this.refreshTokensTable.ipAddress
+    }).from(this.refreshTokensTable).where(eq(this.refreshTokensTable.tokenHash, tokenHash));
     return token || null;
   }
   async deleteByHash(tokenHash) {
-    await this.db.delete(refreshTokens).where(eq(refreshTokens.tokenHash, tokenHash));
+    await this.db.delete(this.refreshTokensTable).where(eq(this.refreshTokensTable.tokenHash, tokenHash));
   }
   async deleteAllForUser(userId) {
-    await this.db.delete(refreshTokens).where(eq(refreshTokens.userId, userId));
+    await this.db.delete(this.refreshTokensTable).where(eq(this.refreshTokensTable.userId, userId));
   }
   async listForUser(userId) {
     const tokens = await this.db.select({
-      id: refreshTokens.id,
-      userId: refreshTokens.userId,
-      tokenHash: refreshTokens.tokenHash,
-      expiresAt: refreshTokens.expiresAt,
-      createdAt: refreshTokens.createdAt,
-      userAgent: refreshTokens.userAgent,
-      ipAddress: refreshTokens.ipAddress
-    }).from(refreshTokens).where(eq(refreshTokens.userId, userId)).orderBy(refreshTokens.createdAt);
+      id: this.refreshTokensTable.id,
+      userId: this.refreshTokensTable.userId,
+      tokenHash: this.refreshTokensTable.tokenHash,
+      expiresAt: this.refreshTokensTable.expiresAt,
+      createdAt: this.refreshTokensTable.createdAt,
+      userAgent: this.refreshTokensTable.userAgent,
+      ipAddress: this.refreshTokensTable.ipAddress
+    }).from(this.refreshTokensTable).where(eq(this.refreshTokensTable.userId, userId)).orderBy(this.refreshTokensTable.createdAt);
     return tokens;
   }
   async deleteById(id, userId) {
-    await this.db.delete(refreshTokens).where(sql`${refreshTokens.id} = ${id} AND ${refreshTokens.userId} = ${userId}`);
+    await this.db.delete(this.refreshTokensTable).where(sql`${this.refreshTokensTable.id} = ${id} AND ${this.refreshTokensTable.userId} = ${userId}`);
   }
 }
 class PasswordResetTokenService {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
+    if (tableOrTables && (tableOrTables.passwordResetTokens || tableOrTables.users)) {
+      this.passwordResetTokensTable = tableOrTables.passwordResetTokens || passwordResetTokens;
+    } else {
+      this.passwordResetTokensTable = tableOrTables || passwordResetTokens;
+    }
+  }
+  passwordResetTokensTable;
+  getQualifiedPasswordResetTokensTableName() {
+    const name = getTableName$1(this.passwordResetTokensTable);
+    const schema = getTableConfig(this.passwordResetTokensTable).schema || "public";
+    return `"${schema}"."${name}"`;
   }
   /**
    * Create a password reset token
    */
   async createToken(userId, tokenHash, expiresAt) {
+    const tableName = this.getQualifiedPasswordResetTokensTableName();
     await this.db.execute(sql`
-            DELETE FROM rebase.password_reset_tokens 
+            DELETE FROM ${sql.raw(tableName)} 
             WHERE user_id = ${userId} AND used_at IS NULL
         `);
-    await this.db.insert(passwordResetTokens).values({
+    await this.db.insert(this.passwordResetTokensTable).values({
       userId,
       tokenHash,
       expiresAt
@@ -10045,13 +10510,14 @@ class PasswordResetTokenService {
    */
   async findValidByHash(tokenHash) {
     const [token] = await this.db.select({
-      userId: passwordResetTokens.userId,
-      expiresAt: passwordResetTokens.expiresAt
-    }).from(passwordResetTokens).where(eq(passwordResetTokens.tokenHash, tokenHash));
+      userId: this.passwordResetTokensTable.userId,
+      expiresAt: this.passwordResetTokensTable.expiresAt
+    }).from(this.passwordResetTokensTable).where(eq(this.passwordResetTokensTable.tokenHash, tokenHash));
     if (!token) return null;
+    const tableName = this.getQualifiedPasswordResetTokensTableName();
     const result = await this.db.execute(sql`
             SELECT user_id, expires_at 
-            FROM rebase.password_reset_tokens 
+            FROM ${sql.raw(tableName)} 
             WHERE token_hash = ${tokenHash} 
               AND used_at IS NULL 
               AND expires_at > NOW()
@@ -10067,31 +10533,32 @@ class PasswordResetTokenService {
    * Mark token as used
    */
   async markAsUsed(tokenHash) {
-    await this.db.update(passwordResetTokens).set({
+    await this.db.update(this.passwordResetTokensTable).set({
       usedAt: /* @__PURE__ */ new Date()
-    }).where(eq(passwordResetTokens.tokenHash, tokenHash));
+    }).where(eq(this.passwordResetTokensTable.tokenHash, tokenHash));
   }
   /**
    * Delete all tokens for a user
    */
   async deleteAllForUser(userId) {
-    await this.db.delete(passwordResetTokens).where(eq(passwordResetTokens.userId, userId));
+    await this.db.delete(this.passwordResetTokensTable).where(eq(this.passwordResetTokensTable.userId, userId));
   }
   /**
    * Clean up expired tokens
    */
   async deleteExpired() {
+    const tableName = this.getQualifiedPasswordResetTokensTableName();
     await this.db.execute(sql`
-            DELETE FROM rebase.password_reset_tokens 
+            DELETE FROM ${sql.raw(tableName)} 
             WHERE expires_at < NOW()
         `);
   }
 }
 class PostgresTokenRepository {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
-    this.refreshTokenService = new RefreshTokenService(db);
-    this.passwordResetTokenService = new PasswordResetTokenService(db);
+    this.refreshTokenService = new RefreshTokenService(db, tableOrTables);
+    this.passwordResetTokenService = new PasswordResetTokenService(db, tableOrTables);
   }
   refreshTokenService;
   passwordResetTokenService;
@@ -10132,11 +10599,11 @@ class PostgresTokenRepository {
   }
 }
 class PostgresAuthRepository {
-  constructor(db) {
+  constructor(db, tableOrTables) {
     this.db = db;
-    this.userService = new UserService(db);
-    this.roleService = new RoleService(db);
-    this.tokenRepository = new PostgresTokenRepository(db);
+    this.userService = new UserService(db, tableOrTables);
+    this.roleService = new RoleService(db, tableOrTables);
+    this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
   }
   userService;
   roleService;
@@ -10197,8 +10664,7 @@ class PostgresAuthRepository {
     await this.userService.assignDefaultRole(userId, roleId);
   }
   async getUserWithRoles(userId) {
-    const result = await this.userService.getUserWithRoles(userId);
-    return result;
+    return this.userService.getUserWithRoles(userId);
   }
   // Role operations (delegate to RoleService)
   async getRoleById(id) {
@@ -10386,6 +10852,24 @@ class HistoryService {
     return result.rowCount ?? 0;
   }
 }
+function deepEqual(a, b) {
+  if (a === b) return true;
+  if (a == null || b == null) return false;
+  if (a instanceof Date && b instanceof Date) return a.getTime() === b.getTime();
+  if (Array.isArray(a) && Array.isArray(b)) {
+    if (a.length !== b.length) return false;
+    return a.every((v, i) => deepEqual(v, b[i]));
+  }
+  if (typeof a === "object" && typeof b === "object") {
+    const aObj = a;
+    const bObj = b;
+    const aKeys = Object.keys(aObj);
+    const bKeys = Object.keys(bObj);
+    if (aKeys.length !== bKeys.length) return false;
+    return aKeys.every((k) => deepEqual(aObj[k], bObj[k]));
+  }
+  return false;
+}
 function findChangedFields(oldValues, newValues) {
   const changed = [];
   const allKeys = /* @__PURE__ */ new Set([...Object.keys(oldValues), ...Object.keys(newValues)]);
@@ -10395,7 +10879,7 @@ function findChangedFields(oldValues, newValues) {
     if (key.startsWith("__")) continue;
     if (oldVal !== newVal) {
       if (typeof oldVal === "object" && oldVal !== null && typeof newVal === "object" && newVal !== null) {
-        if (JSON.stringify(oldVal) !== JSON.stringify(newVal)) {
+        if (!deepEqual(oldVal, newVal)) {
           changed.push(key);
         }
       } else {
@@ -10513,14 +10997,32 @@ function createPostgresBootstrapper(pgConfig) {
       if (!authConfig) return void 0;
       const internals = driverResult.internals;
       const db = internals.db;
-      await ensureAuthTablesExist(db);
+      const registry = internals.registry;
+      await ensureAuthTablesExist(db, registry);
       let emailService;
       if (authConfig.email) {
         emailService = createEmailService(authConfig.email);
       }
-      const userService = new UserService(db);
-      const roleService = new RoleService(db);
-      const authRepository = new PostgresAuthRepository(db);
+      const customUsersTable = registry?.getTable("users");
+      const customRolesTable = registry?.getTable("roles");
+      let usersSchemaName = "rebase";
+      let rolesSchemaName = "rebase";
+      if (customUsersTable) {
+        usersSchemaName = getTableConfig(customUsersTable).schema || "public";
+      }
+      if (customRolesTable) {
+        rolesSchemaName = getTableConfig(customRolesTable).schema || "public";
+      }
+      const authTables = createAuthSchema(rolesSchemaName, usersSchemaName);
+      if (customUsersTable) {
+        authTables.users = customUsersTable;
+      }
+      if (customRolesTable) {
+        authTables.roles = customRolesTable;
+      }
+      const userService = new UserService(db, authTables);
+      const roleService = new RoleService(db, authTables);
+      const authRepository = new PostgresAuthRepository(db, authTables);
       return {
         userService,
         roleService,
@@ -10552,11 +11054,54 @@ function createPostgresBootstrapper(pgConfig) {
     },
     mountRoutes(app, basePath, driverResult) {
     },
-    async initializeWebsockets(server, realtimeService, driver, config) {
+    async initializeWebsockets(server, realtimeService, driver, config, adapter) {
       const {
         createPostgresWebSocket: createPostgresWebSocket2
       } = await Promise.resolve().then(() => websocket);
-      createPostgresWebSocket2(server, realtimeService, driver, config);
+      createPostgresWebSocket2(server, realtimeService, driver, config, adapter);
+    }
+  };
+}
+function createPostgresAdapter(pgConfig) {
+  const bootstrapper = createPostgresBootstrapper(pgConfig);
+  return {
+    type: bootstrapper.type,
+    async initializeDriver(config) {
+      return bootstrapper.initializeDriver(config);
+    },
+    async initializeRealtime(driverResult) {
+      if (bootstrapper.initializeRealtime) {
+        return bootstrapper.initializeRealtime({}, driverResult);
+      }
+      return void 0;
+    },
+    async initializeAuth(config, driverResult) {
+      if (bootstrapper.initializeAuth) {
+        return bootstrapper.initializeAuth(config, driverResult);
+      }
+      return void 0;
+    },
+    async initializeHistory(config, driverResult) {
+      if (bootstrapper.initializeHistory) {
+        return bootstrapper.initializeHistory(config, driverResult);
+      }
+      return void 0;
+    },
+    initializeWebsockets(server, realtimeService, driver, config) {
+      if (bootstrapper.initializeWebsockets) {
+        return bootstrapper.initializeWebsockets(server, realtimeService, driver, config);
+      }
+    },
+    getAdmin(driverResult) {
+      if (bootstrapper.getAdmin) {
+        return bootstrapper.getAdmin(driverResult);
+      }
+      return void 0;
+    },
+    mountRoutes(app, basePath, driverResult) {
+      if (bootstrapper.mountRoutes) {
+        bootstrapper.mountRoutes(app, basePath, driverResult);
+      }
     }
   };
 }
@@ -10571,6 +11116,8 @@ export {
   PostgresRealtimeProvider,
   RealtimeService,
   appConfig,
+  createAuthSchema,
+  createPostgresAdapter,
   createPostgresBootstrapper,
   createPostgresDatabaseConnection,
   createPostgresWebSocket,
@@ -10587,6 +11134,7 @@ export {
   userRoles,
   userRolesRelations,
   users,
-  usersRelations
+  usersRelations,
+  usersSchema
 };
 //# sourceMappingURL=index.es.js.map