@rebasepro/server-postgresql 0.1.2 → 0.2.1

package/dist/index.umd.js

@@ -59,6 +59,12 @@
       connectionString
     };
   }
+  class Vector {
+    value;
+    constructor(value) {
+      this.value = value;
+    }
+  }
   function isPostgresCollection(collection) {
     return !collection.driver || collection.driver === "postgres";
   }
@@ -135,16 +141,25 @@
   const tokenizeRegex = /[A-Z]{2,}(?=[A-Z][a-z]|\b)|[A-Z]?[a-z]+|[0-9]+(?:[a-z](?![a-z]))?|[A-Z]/g;
   const snakeCaseRegex = tokenizeRegex;
   const toSnakeCase = (str) => {
+    if (!str || typeof str !== "string") return "";
     const regExpMatchArray = str.match(snakeCaseRegex);
     if (!regExpMatchArray) return "";
     return regExpMatchArray.map((x) => x.toLowerCase()).join("_");
   };
+  function camelCase(str) {
+    if (!str) return "";
+    if (str.length === 1) return str.toLowerCase();
+    const parts = str.split(/[-_ ]+/).filter(Boolean);
+    if (parts.length === 0) return "";
+    return parts[0].toLowerCase() + // Transform remaining parts to have first letter uppercase
+    parts.slice(1).map((part) => part.charAt(0).toUpperCase() + part.substring(1).toLowerCase()).join("");
+  }
   var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
   function commonjsRequire(path2) {
     throw new Error('Could not dynamically require "' + path2 + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.');
   }
   var object_hash = { exports: {} };
-  (function(module2, exports$1) {
+  (function(module2, exports3) {
     !function(e) {
       module2.exports = e();
     }(function() {
@@ -1263,14 +1278,56 @@
     }
     return Object.keys(propertyCallbacks).length > 0 ? propertyCallbacks : void 0;
   };
-  function sanitizeRelation(relation, sourceCollection) {
+  function sanitizeRelation(relation, sourceCollection, resolveCollection) {
     if (!relation.target) {
       throw new Error("Relation is missing a `target` collection.");
     }
-    const targetCollection = relation.target();
+    const rawTarget = relation.target;
+    let targetCollection;
+    if (typeof rawTarget === "string") {
+      if (resolveCollection) {
+        targetCollection = resolveCollection(rawTarget);
+      }
+      if (!targetCollection) {
+        targetCollection = {
+          slug: rawTarget,
+          name: rawTarget
+        };
+      }
+    } else if (typeof rawTarget === "function") {
+      const evaluated = rawTarget();
+      if (typeof evaluated === "string") {
+        if (resolveCollection) {
+          targetCollection = resolveCollection(evaluated);
+        }
+        if (!targetCollection) {
+          targetCollection = {
+            slug: evaluated,
+            name: evaluated
+          };
+        }
+      } else {
+        targetCollection = evaluated;
+      }
+    }
+    if (!targetCollection) {
+      throw new Error("Relation is missing a valid `target` collection.");
+    }
     const newRelation = {
       ...relation
     };
+    newRelation.target = () => {
+      if (typeof rawTarget === "string") {
+        return resolveCollection && resolveCollection(rawTarget) || targetCollection;
+      } else if (typeof rawTarget === "function") {
+        const evaluated = rawTarget();
+        if (typeof evaluated === "string") {
+          return resolveCollection && resolveCollection(evaluated) || targetCollection;
+        }
+        return evaluated;
+      }
+      return targetCollection;
+    };
     if (!newRelation.relationName) {
       newRelation.relationName = toSnakeCase(targetCollection.slug);
     }
@@ -1323,6 +1380,17 @@
                 break;
               }
             }
+            if (!isManyToManyInverse && targetCollection.properties) {
+              for (const [propKey, prop] of Object.entries(targetCollection.properties)) {
+                if (prop.type !== "relation") continue;
+                const relProp = prop;
+                const relName = relProp.relationName || propKey;
+                if (relName === newRelation.inverseRelationName && relProp.cardinality === "many" && (relProp.direction === "owning" || !relProp.direction)) {
+                  isManyToManyInverse = true;
+                  break;
+                }
+              }
+            }
           } catch (e) {
           }
         }
@@ -1445,7 +1513,7 @@
     return void 0;
   }
   var logic = { exports: {} };
-  (function(module2, exports$1) {
+  (function(module2, exports3) {
     (function(root, factory) {
       {
         module2.exports = factory();
@@ -2202,7 +2270,7 @@
       "[object Uint32Array]": areTypedArraysEqual2
     };
   }
-  const deepEqual = createCustomEqual();
+  const deepEqual$1 = createCustomEqual();
   createCustomEqual({ strict: true });
   createCustomEqual({ circular: true });
   createCustomEqual({
@@ -2271,10 +2339,16 @@
      */
     registerMultiple(collections) {
       const rawSnapshot = collections.map((c) => removeFunctions(c));
-      if (this.lastRawInputSnapshot && deepEqual(this.lastRawInputSnapshot, rawSnapshot)) {
+      if (this.lastRawInputSnapshot && deepEqual$1(this.lastRawInputSnapshot, rawSnapshot)) {
         return false;
       }
       this.reset();
+      collections.forEach((c) => {
+        if (c.slug) {
+          this.collectionsBySlug.set(c.slug, c);
+        }
+        this.collectionsByTableName.set(getTableName(c), c);
+      });
       const normalizedCollections = collections.map((c) => this.normalizeCollection({
         ...c
       }));
@@ -2353,7 +2427,7 @@
       if (getDataSourceCapabilities(result.driver).supportsRelations) {
         mergedRelations = mergedRelationsRaw.map((r) => {
           try {
-            return sanitizeRelation(r, result);
+            return sanitizeRelation(r, result, (slug) => this.get(slug));
           } catch {
             return r;
           }
@@ -2792,8 +2866,14 @@
     static buildSingleFilterCondition(column, op, value) {
       switch (op) {
         case "==":
+          if (value === null || value === void 0) {
+            return drizzleOrm.sql`${column} IS NULL`;
+          }
           return drizzleOrm.eq(column, value);
         case "!=":
+          if (value === null || value === void 0) {
+            return drizzleOrm.sql`${column} IS NOT NULL`;
+          }
           return drizzleOrm.sql`${column} != ${value}`;
         case ">":
           return drizzleOrm.sql`${column} > ${value}`;
@@ -3124,7 +3204,10 @@
         if (p.type === "string" && !p.enum && p.isId !== "uuid") {
           const fieldColumn = table[key];
           if (fieldColumn) {
-            searchConditions.push(drizzleOrm.ilike(fieldColumn, `%${searchString}%`));
+            const supportsILike = fieldColumn instanceof pgCore.PgVarchar || fieldColumn instanceof pgCore.PgText || fieldColumn instanceof pgCore.PgChar || fieldColumn && typeof fieldColumn === "object" && !("columnType" in fieldColumn);
+            if (supportsILike) {
+              searchConditions.push(drizzleOrm.ilike(fieldColumn, `%${searchString}%`));
+            }
           }
         }
       }
@@ -3597,6 +3680,31 @@
           return result;
         }
         return value;
+      case "vector": {
+        if (value instanceof Vector) {
+          return value.value;
+        }
+        if (value && typeof value === "object" && "value" in value && Array.isArray(value.value)) {
+          return value.value.map(Number);
+        }
+        if (Array.isArray(value)) {
+          return value.map(Number);
+        }
+        return value;
+      }
+      case "binary":
+        if (typeof value === "string") {
+          if (value.startsWith("data:application/octet-stream;base64,")) {
+            const base64Data = value.split(",")[1];
+            if (base64Data) {
+              return Buffer.from(base64Data, "base64");
+            }
+          }
+        }
+        if (Buffer.isBuffer(value)) {
+          return value;
+        }
+        return value;
       case "string":
         if (typeof value === "string") {
           if (value.startsWith("data:application/octet-stream;base64,")) {
@@ -3741,6 +3849,21 @@
       return value;
     }
     switch (property.type) {
+      case "binary": {
+        let buf = null;
+        if (Buffer.isBuffer(value)) {
+          buf = value;
+        } else if (typeof value === "object" && value !== null) {
+          const rawVal = value;
+          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+            buf = Buffer.from(rawVal.data);
+          }
+        }
+        if (buf) {
+          return `data:application/octet-stream;base64,${buf.toString("base64")}`;
+        }
+        return value;
+      }
       case "string": {
         if (typeof value === "string") return value;
         let isBuffer = false;
@@ -3748,9 +3871,12 @@
         if (Buffer.isBuffer(value)) {
           isBuffer = true;
           buf = value;
-        } else if (typeof value === "object" && value !== null && value.type === "Buffer" && Array.isArray(value.data)) {
-          isBuffer = true;
-          buf = Buffer.from(value.data);
+        } else if (typeof value === "object" && value !== null) {
+          const rawVal = value;
+          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+            isBuffer = true;
+            buf = Buffer.from(rawVal.data);
+          }
         }
         if (isBuffer && buf) {
           let isPrintable = true;
@@ -3837,6 +3963,25 @@
           return isNaN(parsed) ? null : parsed;
         }
         return value;
+      case "vector": {
+        let nums = [];
+        if (typeof value === "string") {
+          nums = value.slice(1, -1).split(",").map(Number);
+        } else if (Array.isArray(value)) {
+          nums = value.map(Number);
+        } else if (value instanceof Vector) {
+          nums = value.value;
+        } else if (typeof value === "object" && value !== null && "value" in value) {
+          const valObj = value;
+          if (Array.isArray(valObj.value)) {
+            nums = valObj.value.map(Number);
+          }
+        }
+        return {
+          __type: "Vector",
+          value: nums
+        };
+      }
       case "date": {
         let date;
         if (value instanceof Date) {
@@ -3861,9 +4006,12 @@
         if (Buffer.isBuffer(value)) {
           isBuffer = true;
           buf = value;
-        } else if (typeof value === "object" && value !== null && value.type === "Buffer" && Array.isArray(value.data)) {
-          isBuffer = true;
-          buf = Buffer.from(value.data);
+        } else if (typeof value === "object" && value !== null) {
+          const rawVal = value;
+          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+            isBuffer = true;
+            buf = Buffer.from(rawVal.data);
+          }
         }
         if (isBuffer && buf) {
           let isPrintable = true;
@@ -4653,7 +4801,7 @@
           if (parentFKValue !== null && parentFKValue !== void 0) {
             await tx.update(targetTable).set({
               [targetFKColName]: null
-            }).where(drizzleOrm.eq(targetFKCol, parentFKValue));
+            }).where(drizzleOrm.eq(targetFKCol, String(parentFKValue)));
           }
           continue;
         }
@@ -4662,7 +4810,7 @@
         if (parentFKValue !== null && parentFKValue !== void 0) {
           await tx.update(targetTable).set({
             [targetFKColName]: null
-          }).where(drizzleOrm.eq(targetFKCol, parentFKValue));
+          }).where(drizzleOrm.eq(targetFKCol, String(parentFKValue)));
         } else {
           console.warn(`Cannot set joinPath relation '${relation.relationName}' because parent FK value is null/undefined`);
           continue;
@@ -6739,23 +6887,33 @@
         client: this.client
       };
       if (callbacks?.beforeDelete || propertyCallbacks?.beforeDelete) {
+        let preventDefault = false;
         if (callbacks?.beforeDelete) {
-          await callbacks.beforeDelete({
+          const result = await callbacks.beforeDelete({
             collection: resolvedCollection,
             path: entity.path,
             entityId: entity.id,
             entity,
             context: contextForCallback
           });
+          if (result === false) {
+            preventDefault = true;
+          }
         }
         if (propertyCallbacks?.beforeDelete) {
-          await propertyCallbacks.beforeDelete({
+          const result = await propertyCallbacks.beforeDelete({
             collection: resolvedCollection,
             path: entity.path,
             entityId: entity.id,
             entity,
             context: contextForCallback
           });
+          if (result === false) {
+            preventDefault = true;
+          }
+        }
+        if (preventDefault) {
+          return;
         }
       }
       await this.entityService.deleteEntity(entity.path, entity.id, entity.databaseId || resolvedCollection?.databaseId);
@@ -6828,7 +6986,17 @@
       }
       const targetDb = this.getTargetDb(options?.database);
       try {
-        if (options?.role) {
+        let needsRoleSwitch = false;
+        if (options?.role && process.env.DISABLE_DB_ROLE_SWITCHING !== "true") {
+          try {
+            const currentRoleResult = await targetDb.execute(drizzleOrm.sql.raw("SELECT current_user AS role"));
+            const currentRole = currentRoleResult.rows?.[0]?.role;
+            needsRoleSwitch = !!currentRole && currentRole !== options.role;
+          } catch {
+            needsRoleSwitch = true;
+          }
+        }
+        if (needsRoleSwitch && options?.role) {
           const safeRole = options.role.replace(/"/g, '""');
           return await targetDb.transaction(async (tx) => {
             await tx.execute(drizzleOrm.sql.raw(`SET LOCAL ROLE "${safeRole}"`));
@@ -6866,7 +7034,7 @@
       return databases;
     }
     async fetchAvailableRoles() {
-      const result = await this.executeSql("SELECT rolname FROM pg_roles;");
+      const result = await this.executeSql("SELECT rolname FROM pg_roles WHERE pg_has_role(current_user, rolname, 'member') ORDER BY rolname;");
       return result.map((r) => r.rolname);
     }
     async fetchCurrentDatabase() {
@@ -7035,6 +7203,21 @@
      * Typed admin capabilities — delegates to the base driver.
      */
     admin;
+    get restFetchService() {
+      if (!this.delegate.restFetchService) return void 0;
+      return {
+        fetchCollectionForRest: async (collectionPath, options, include) => {
+          return this.withTransaction(async (delegate) => {
+            return delegate.restFetchService.fetchCollectionForRest(collectionPath, options, include);
+          });
+        },
+        fetchEntityForRest: async (collectionPath, entityId, include, databaseId) => {
+          return this.withTransaction(async (delegate) => {
+            return delegate.restFetchService.fetchEntityForRest(collectionPath, entityId, include, databaseId);
+          });
+        }
+      };
+    }
     async withTransaction(operation) {
       const pendingNotifications = [];
       const result = await this.delegate.db.transaction(async (tx) => {
@@ -7189,113 +7372,140 @@
       this.pools.clear();
     }
   }
-  const rebaseSchema = pgCore.pgSchema("rebase");
-  const users = rebaseSchema.table("users", {
-    id: pgCore.uuid("id").defaultRandom().primaryKey(),
-    email: pgCore.varchar("email", {
-      length: 255
-    }).notNull().unique(),
-    passwordHash: pgCore.varchar("password_hash", {
-      length: 255
-    }),
-    // NULL for OAuth-only users
-    displayName: pgCore.varchar("display_name", {
-      length: 255
-    }),
-    photoUrl: pgCore.varchar("photo_url", {
-      length: 500
-    }),
-    emailVerified: pgCore.boolean("email_verified").default(false).notNull(),
-    emailVerificationToken: pgCore.varchar("email_verification_token", {
-      length: 255
-    }),
-    emailVerificationSentAt: pgCore.timestamp("email_verification_sent_at"),
-    createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
-    updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
-  });
-  const roles = rebaseSchema.table("roles", {
-    id: pgCore.varchar("id", {
-      length: 50
-    }).primaryKey(),
-    // 'admin', 'editor', 'viewer'
-    name: pgCore.varchar("name", {
-      length: 100
-    }).notNull(),
-    isAdmin: pgCore.boolean("is_admin").default(false).notNull(),
-    defaultPermissions: pgCore.jsonb("default_permissions").$type(),
-    collectionPermissions: pgCore.jsonb("collection_permissions").$type(),
-    config: pgCore.jsonb("config").$type()
-  });
-  const userRoles = rebaseSchema.table("user_roles", {
-    userId: pgCore.uuid("user_id").notNull().references(() => users.id, {
-      onDelete: "cascade"
-    }),
-    roleId: pgCore.varchar("role_id", {
-      length: 50
-    }).notNull().references(() => roles.id, {
-      onDelete: "cascade"
-    })
-  }, (table) => ({
-    pk: pgCore.primaryKey({
-      columns: [table.userId, table.roleId]
-    })
-  }));
-  const refreshTokens = rebaseSchema.table("refresh_tokens", {
-    id: pgCore.uuid("id").defaultRandom().primaryKey(),
-    userId: pgCore.uuid("user_id").notNull().references(() => users.id, {
-      onDelete: "cascade"
-    }),
-    tokenHash: pgCore.varchar("token_hash", {
-      length: 255
-    }).notNull().unique(),
-    expiresAt: pgCore.timestamp("expires_at").notNull(),
-    userAgent: pgCore.varchar("user_agent", {
-      length: 500
-    }),
-    ipAddress: pgCore.varchar("ip_address", {
-      length: 45
-    }),
-    createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
-  }, (table) => ({
-    uniqueDeviceSession: pgCore.unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
-  }));
-  const passwordResetTokens = rebaseSchema.table("password_reset_tokens", {
-    id: pgCore.uuid("id").defaultRandom().primaryKey(),
-    userId: pgCore.uuid("user_id").notNull().references(() => users.id, {
-      onDelete: "cascade"
-    }),
-    tokenHash: pgCore.varchar("token_hash", {
-      length: 255
-    }).notNull().unique(),
-    expiresAt: pgCore.timestamp("expires_at").notNull(),
-    usedAt: pgCore.timestamp("used_at"),
-    createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
-  });
-  const appConfig = rebaseSchema.table("app_config", {
-    key: pgCore.varchar("key", {
-      length: 100
-    }).primaryKey(),
-    value: pgCore.jsonb("value").notNull(),
-    updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
-  });
-  const userIdentities = rebaseSchema.table("user_identities", {
-    id: pgCore.uuid("id").defaultRandom().primaryKey(),
-    userId: pgCore.uuid("user_id").notNull().references(() => users.id, {
-      onDelete: "cascade"
-    }),
-    provider: pgCore.varchar("provider", {
-      length: 50
-    }).notNull(),
-    // e.g. 'google', 'linkedin'
-    providerId: pgCore.varchar("provider_id", {
-      length: 255
-    }).notNull(),
-    profileData: pgCore.jsonb("profile_data"),
-    createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
-    updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
-  }, (table) => ({
-    uniqueProviderId: pgCore.unique("unique_provider_id").on(table.provider, table.providerId)
-  }));
+  function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase") {
+    const rolesSchema = rolesSchemaName === "public" ? null : pgCore.pgSchema(rolesSchemaName);
+    const usersSchema2 = usersSchemaName === "public" ? null : pgCore.pgSchema(usersSchemaName);
+    const rolesTableCreator = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgCore.pgTable;
+    const usersTableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgCore.pgTable;
+    const users2 = usersTableCreator("users", {
+      id: pgCore.uuid("id").defaultRandom().primaryKey(),
+      email: pgCore.varchar("email", {
+        length: 255
+      }).notNull().unique(),
+      passwordHash: pgCore.varchar("password_hash", {
+        length: 255
+      }),
+      // NULL for OAuth-only users
+      displayName: pgCore.varchar("display_name", {
+        length: 255
+      }),
+      photoUrl: pgCore.varchar("photo_url", {
+        length: 500
+      }),
+      emailVerified: pgCore.boolean("email_verified").default(false).notNull(),
+      emailVerificationToken: pgCore.varchar("email_verification_token", {
+        length: 255
+      }),
+      emailVerificationSentAt: pgCore.timestamp("email_verification_sent_at"),
+      metadata: pgCore.jsonb("metadata").$type().default({}).notNull(),
+      createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
+      updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
+    });
+    const roles2 = rolesTableCreator("roles", {
+      id: pgCore.varchar("id", {
+        length: 50
+      }).primaryKey(),
+      // 'admin', 'editor', 'viewer'
+      name: pgCore.varchar("name", {
+        length: 100
+      }).notNull(),
+      isAdmin: pgCore.boolean("is_admin").default(false).notNull(),
+      defaultPermissions: pgCore.jsonb("default_permissions").$type(),
+      collectionPermissions: pgCore.jsonb("collection_permissions").$type(),
+      config: pgCore.jsonb("config").$type()
+    });
+    const userRoles2 = rolesTableCreator("user_roles", {
+      userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
+        onDelete: "cascade"
+      }),
+      roleId: pgCore.varchar("role_id", {
+        length: 50
+      }).notNull().references(() => roles2.id, {
+        onDelete: "cascade"
+      })
+    }, (table) => ({
+      pk: pgCore.primaryKey({
+        columns: [table.userId, table.roleId]
+      })
+    }));
+    const refreshTokens2 = rolesTableCreator("refresh_tokens", {
+      id: pgCore.uuid("id").defaultRandom().primaryKey(),
+      userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
+        onDelete: "cascade"
+      }),
+      tokenHash: pgCore.varchar("token_hash", {
+        length: 255
+      }).notNull().unique(),
+      expiresAt: pgCore.timestamp("expires_at").notNull(),
+      userAgent: pgCore.varchar("user_agent", {
+        length: 500
+      }),
+      ipAddress: pgCore.varchar("ip_address", {
+        length: 45
+      }),
+      createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
+    }, (table) => ({
+      uniqueDeviceSession: pgCore.unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
+    }));
+    const passwordResetTokens2 = rolesTableCreator("password_reset_tokens", {
+      id: pgCore.uuid("id").defaultRandom().primaryKey(),
+      userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
+        onDelete: "cascade"
+      }),
+      tokenHash: pgCore.varchar("token_hash", {
+        length: 255
+      }).notNull().unique(),
+      expiresAt: pgCore.timestamp("expires_at").notNull(),
+      usedAt: pgCore.timestamp("used_at"),
+      createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
+    });
+    const appConfig2 = rolesTableCreator("app_config", {
+      key: pgCore.varchar("key", {
+        length: 100
+      }).primaryKey(),
+      value: pgCore.jsonb("value").notNull(),
+      updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
+    });
+    const userIdentities2 = rolesTableCreator("user_identities", {
+      id: pgCore.uuid("id").defaultRandom().primaryKey(),
+      userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
+        onDelete: "cascade"
+      }),
+      provider: pgCore.varchar("provider", {
+        length: 50
+      }).notNull(),
+      // e.g. 'google', 'linkedin'
+      providerId: pgCore.varchar("provider_id", {
+        length: 255
+      }).notNull(),
+      profileData: pgCore.jsonb("profile_data"),
+      createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
+      updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
+    }, (table) => ({
+      uniqueProviderId: pgCore.unique("unique_provider_id").on(table.provider, table.providerId)
+    }));
+    return {
+      rolesSchema,
+      usersSchema: usersSchema2,
+      users: users2,
+      roles: roles2,
+      userRoles: userRoles2,
+      refreshTokens: refreshTokens2,
+      passwordResetTokens: passwordResetTokens2,
+      appConfig: appConfig2,
+      userIdentities: userIdentities2
+    };
+  }
+  const defaultAuthSchema = createAuthSchema("rebase", "rebase");
+  const rebaseSchema = defaultAuthSchema.rolesSchema;
+  const usersSchema = defaultAuthSchema.usersSchema;
+  const users = defaultAuthSchema.users;
+  const roles = defaultAuthSchema.roles;
+  const userRoles = defaultAuthSchema.userRoles;
+  const refreshTokens = defaultAuthSchema.refreshTokens;
+  const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
+  const appConfig = defaultAuthSchema.appConfig;
+  const userIdentities = defaultAuthSchema.userIdentities;
   const usersRelations = drizzleOrm.relations(users, ({
     many
   }) => ({
@@ -7478,6 +7688,15 @@
         }
         break;
       }
+      case "vector": {
+        const vp = prop;
+        columnDefinition = `vector("${colName}", { dimensions: ${vp.dimensions} })`;
+        break;
+      }
+      case "binary": {
+        columnDefinition = `customType({ dataType() { return 'bytea'; } })("${colName}")`;
+        break;
+      }
       case "relation": {
         const refProp = prop;
         const resolvedRelations = resolveCollectionRelations(collection);
@@ -7544,7 +7763,7 @@
     return `    ${propName}: ${columnDefinition}`;
   };
   const resolveRawSql = (expression) => {
-    const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => `\${table.${col}}`);
+    const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => col);
     return `sql\`${resolved}\``;
   };
   const wrapWithRoleCheck = (clause, roles2) => {
@@ -7556,7 +7775,7 @@
     const match = sqlExpr.match(/^sql`(.*)`$/s);
     return match ? match[1] : sqlExpr;
   };
-  const buildUsingClause = (rule) => {
+  const buildUsingClause = (rule, collection) => {
     if (rule.using) {
       return resolveRawSql(rule.using);
     }
@@ -7564,15 +7783,17 @@
       return "sql`true`";
     }
     if (rule.ownerField) {
-      return `sql\`\${table.${rule.ownerField}} = auth.uid()\``;
+      const prop = collection.properties?.[rule.ownerField];
+      const colName = resolveColumnName(rule.ownerField, prop);
+      return `sql\`${colName} = auth.uid()\``;
     }
     return null;
   };
-  const buildWithCheckClause = (rule) => {
+  const buildWithCheckClause = (rule, collection) => {
     if (rule.withCheck) {
       return resolveRawSql(rule.withCheck);
     }
-    return buildUsingClause(rule);
+    return buildUsingClause(rule, collection);
   };
   const getPolicyNameHash = (rule) => {
     const data = JSON.stringify({
@@ -7588,21 +7809,22 @@
     });
     return crypto.createHash("sha1").update(data).digest("hex").substring(0, 7);
   };
-  const generatePolicyCode = (tableName, rule, index) => {
+  const generatePolicyCode = (collection, rule, index) => {
+    const tableName = getTableName(collection);
     const ops = rule.operations && rule.operations.length > 0 ? rule.operations : [rule.operation ?? "all"];
     const ruleHash = getPolicyNameHash(rule);
     return ops.map((op, opIdx) => {
       const policyName = rule.name ? ops.length > 1 ? `${rule.name}_${op}` : rule.name : `${tableName}_${op}_${ruleHash}${ops.length > 1 ? `_${opIdx}` : ""}`;
-      return generateSinglePolicyCode(tableName, rule, op, policyName);
+      return generateSinglePolicyCode(collection, rule, op, policyName);
     }).join("");
   };
-  const generateSinglePolicyCode = (tableName, rule, operation, policyName) => {
+  const generateSinglePolicyCode = (collection, rule, operation, policyName) => {
     const mode = rule.mode ?? "permissive";
     const roles2 = rule.roles ? [...rule.roles].sort() : void 0;
     const needsUsing = operation !== "insert";
     const needsWithCheck = operation !== "select" && operation !== "delete";
-    let usingClause = needsUsing ? buildUsingClause(rule) : null;
-    let withCheckClause = needsWithCheck ? buildWithCheckClause(rule) : null;
+    let usingClause = needsUsing ? buildUsingClause(rule, collection) : null;
+    let withCheckClause = needsWithCheck ? buildWithCheckClause(rule, collection) : null;
     if (roles2 && roles2.length > 0) {
       if (usingClause) {
         usingClause = wrapWithRoleCheck(usingClause, roles2);
@@ -7671,12 +7893,26 @@
   const generateSchema = async (collections, stripPolicies = false) => {
     let schemaContent = "// This file is auto-generated by the Rebase Drizzle generator. Do not edit manually.\n\n";
     const hasUuid = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "string" && (p.autoValue === "uuid" || p.isId === "uuid")));
-    collections.some((c) => c.properties && Object.values(c.properties).some((p) => (p.type === "map" || p.type === "array") && p.columnType === "json"));
+    const hasVector = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "vector"));
+    const hasBinary = collections.some((c) => c.properties && Object.values(c.properties).some((p) => p.type === "binary"));
     const pgCoreImports = ["primaryKey", "pgTable", "integer", "varchar", "text", "char", "boolean", "timestamp", "date", "time", "jsonb", "json", "pgEnum", "numeric", "real", "doublePrecision", "bigint", "serial", "bigserial", "pgPolicy"];
     if (hasUuid) pgCoreImports.push("uuid");
+    if (hasVector) pgCoreImports.push("vector");
+    if (hasBinary) pgCoreImports.push("customType");
+    const uniqueSchemas = Array.from(new Set(collections.map((c) => isPostgresCollection(c) ? c.schema : void 0).filter(Boolean)));
+    if (uniqueSchemas.length > 0) {
+      pgCoreImports.push("pgSchema");
+    }
     schemaContent += `import { ${pgCoreImports.join(", ")} } from 'drizzle-orm/pg-core';
 `;
     schemaContent += "import { relations as drizzleRelations, sql } from 'drizzle-orm';\n\n";
+    uniqueSchemas.forEach((schema) => {
+      schemaContent += `export const ${schema}Schema = pgSchema("${schema}");
+`;
+    });
+    if (uniqueSchemas.length > 0) {
+      schemaContent += "\n";
+    }
     const exportedTableVars = [];
     const exportedEnumVars = [];
     const exportedRelationVars = [];
@@ -7731,6 +7967,9 @@
       const tableVarName = getTableVarName(tableName);
       if (isJunction && relation && sourceCollection && relation.through) {
         const targetCollection = relation.target();
+        const schema = (isPostgresCollection(targetCollection) ? targetCollection.schema : void 0) || (isPostgresCollection(sourceCollection) ? sourceCollection.schema : void 0);
+        const tableCreator = schema ? `${schema}Schema.table` : "pgTable";
+        const baseTableName = tableName.includes(".") ? tableName.split(".").pop() : tableName;
         const {
           sourceColumn,
           targetColumn
@@ -7741,7 +7980,7 @@
         const targetColType = isNumericId(targetCollection) ? "integer" : getPrimaryKeyProp(targetCollection).isUuid ? "uuid" : "varchar";
         const sourceId = getPrimaryKeyName(sourceCollection);
         const targetId = getPrimaryKeyName(targetCollection);
-        schemaContent += `export const ${tableVarName} = pgTable("${tableName}", {
+        schemaContent += `export const ${tableVarName} = ${tableCreator}("${baseTableName}", {
 `;
         schemaContent += `    ${sourceColumn}: ${sourceColType}("${sourceColumn}").notNull().references(() => ${getTableVarName(getTableName(sourceCollection))}.${sourceId}, ${refOptions}),
 `;
@@ -7752,7 +7991,10 @@
 `;
         schemaContent += "}));\n\n";
       } else if (!isJunction) {
-        schemaContent += `export const ${tableVarName} = pgTable("${tableName}", {
+        const schema = isPostgresCollection(collection) ? collection.schema : void 0;
+        const tableCreator = schema ? `${schema}Schema.table` : "pgTable";
+        const baseTableName = tableName.includes(".") ? tableName.split(".").pop() : tableName;
+        schemaContent += `export const ${tableVarName} = ${tableCreator}("${baseTableName}", {
 `;
         const columns = /* @__PURE__ */ new Set();
         Object.entries(collection.properties ?? {}).forEach(([propName, prop]) => {
@@ -7768,7 +8010,7 @@
         if (!stripPolicies && securityRules && securityRules.length > 0) {
           schemaContent += "\n}, (table) => ([\n";
           securityRules.forEach((rule, idx) => {
-            schemaContent += generatePolicyCode(tableName, rule);
+            schemaContent += generatePolicyCode(collection, rule);
           });
           schemaContent += "])).enableRLS();\n\n";
         } else {
@@ -7813,11 +8055,11 @@
         references: [${sourceTableVar}.${sourceId}],
         relationName: "${owningRelationName}"
     })`);
-          const targetRelName = inverseRelationName ?? owningRelationName;
+          const targetRelationName = inverseRelationName ? inverseRelationName : `${tableName}_${relation.through.targetColumn}`;
           tableRelations.push(`    "${relation.through.targetColumn}": one(${targetTableVar}, {
         fields: [${tableVarName}.${relation.through.targetColumn}],
         references: [${targetTableVar}.${targetId}],
-        relationName: "${targetRelName}"
+        relationName: "${targetRelationName}"
     })`);
         }
       } else {
@@ -7916,6 +8158,89 @@ ${tableRelations.join(",\n")}
     schemaContent += tablesExport + enumsExport + relationsExport;
     return schemaContent;
   };
+  const defaultUsersCollection = {
+    name: "Users",
+    singularName: "User",
+    slug: "users",
+    table: "users",
+    icon: "Users",
+    group: "Settings",
+    properties: {
+      id: {
+        name: "ID",
+        type: "string",
+        isId: "uuid"
+      },
+      email: {
+        name: "Email",
+        type: "string",
+        validation: {
+          required: true,
+          unique: true
+        }
+      },
+      password_hash: {
+        name: "Password Hash",
+        type: "string",
+        ui: {
+          hideFromCollection: true
+        }
+      },
+      display_name: {
+        name: "Display Name",
+        type: "string"
+      },
+      photo_url: {
+        name: "Photo URL",
+        type: "string"
+      },
+      email_verified: {
+        name: "Email Verified",
+        type: "boolean",
+        defaultValue: false
+      },
+      email_verification_token: {
+        name: "Email Verification Token",
+        type: "string",
+        ui: {
+          hideFromCollection: true
+        }
+      },
+      email_verification_sent_at: {
+        name: "Email Verification Sent At",
+        type: "date",
+        ui: {
+          hideFromCollection: true
+        }
+      },
+      metadata: {
+        name: "Metadata",
+        type: "map",
+        defaultValue: {},
+        ui: {
+          hideFromCollection: true
+        }
+      },
+      created_at: {
+        name: "Created At",
+        type: "date",
+        autoValue: "on_create",
+        ui: {
+          readOnly: true,
+          hideFromCollection: true
+        }
+      },
+      updated_at: {
+        name: "Updated At",
+        type: "date",
+        autoValue: "on_update",
+        ui: {
+          readOnly: true,
+          hideFromCollection: true
+        }
+      }
+    }
+  };
   const formatTerminalText = (text, options = {}) => {
     let codes = "";
     if (options.bold) codes += "\x1B[1m";
@@ -7978,10 +8303,14 @@ ${tableRelations.join(",\n")}
         const imported = await dynamicImport(fileUrl);
         collections = imported.backendCollections || imported.collections;
       }
-      if (!collections || !Array.isArray(collections) || collections.length === 0) {
-        console.error("Error: Could not find collections array or failed to load directory.");
-        return;
+      if (!collections || !Array.isArray(collections)) {
+        collections = [];
+      }
+      const hasUsersCollection = collections.some((c) => c.slug === "users");
+      if (!hasUsersCollection) {
+        collections.push(defaultUsersCollection);
       }
+      collections.sort((a, b) => a.slug.localeCompare(b.slug));
       const schemaContent = await generateSchema(collections);
       if (outputPath) {
         const outputDir = path.dirname(outputPath);
@@ -8209,29 +8538,14 @@ ${tableRelations.join(",\n")}
           },
           authContext
         });
-        let entities;
-        if (this.driver) {
-          entities = await this.driver.fetchCollection({
-            path: request.path,
-            collection,
-            filter: request.filter,
-            orderBy: request.orderBy,
-            order: request.order,
-            limit: request.limit,
-            startAfter: request.startAfter,
-            searchString: request.searchString
-          });
-        } else {
-          entities = await this.entityService.fetchCollection(request.path, {
-            filter: request.filter,
-            orderBy: request.orderBy,
-            order: request.order,
-            limit: request.limit,
-            startAfter: request.startAfter,
-            databaseId: request.collection?.databaseId,
-            searchString: request.searchString
-          });
-        }
+        const entities = await this.fetchCollectionWithAuth(request.path, {
+          filter: request.filter,
+          orderBy: request.orderBy,
+          order: request.order,
+          limit: request.limit,
+          startAfter: request.startAfter,
+          searchString: request.searchString
+        }, authContext);
         this.sendCollectionUpdate(clientId, subscriptionId, entities);
       } catch (error) {
         this.sendError(clientId, `Failed to subscribe to collection: ${error}`, subscriptionId);
@@ -8255,16 +8569,7 @@ ${tableRelations.join(",\n")}
           entityId: request.entityId,
           authContext
         });
-        let entity;
-        if (this.driver) {
-          entity = await this.driver.fetchEntity({
-            path: request.path,
-            entityId: request.entityId,
-            collection
-          });
-        } else {
-          entity = await this.entityService.fetchEntity(request.path, request.entityId, request.collection?.databaseId);
-        }
+        const entity = await this.fetchEntityWithAuth(request.path, String(request.entityId), authContext);
         this.sendEntityUpdate(clientId, subscriptionId, entity || null);
       } catch (error) {
         this.sendError(clientId, `Failed to subscribe to entity: ${request.path} ${request.entityId} ${error}`, subscriptionId);
@@ -8409,87 +8714,77 @@ ${tableRelations.join(",\n")}
     async fetchCollectionWithAuth(notifyPath, collectionRequest, authContext) {
       if (this.driver) {
         const collection = this.registry.getCollectionByPath(notifyPath);
-        const fetchFn = async () => this.driver.fetchCollection({
-          path: notifyPath,
-          collection,
-          filter: collectionRequest.filter,
-          orderBy: collectionRequest.orderBy,
-          order: collectionRequest.order,
-          limit: collectionRequest.limit,
-          offset: collectionRequest.offset,
-          startAfter: collectionRequest.startAfter,
-          searchString: collectionRequest.searchString
+        const activeAuth = authContext || {
+          userId: "anon",
+          roles: ["anon"]
+        };
+        return await this.db.transaction(async (tx) => {
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_id', ${activeAuth.userId}, true)`);
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_roles', ${activeAuth.roles.join(",")}, true)`);
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.jwt', ${JSON.stringify({
+            sub: activeAuth.userId,
+            roles: activeAuth.roles
+          })}, true)`);
+          const txEntityService = new EntityService(tx, this.registry);
+          let fetchedEntities;
+          if (collectionRequest.searchString) {
+            fetchedEntities = await txEntityService.searchEntities(notifyPath, collectionRequest.searchString, {
+              filter: collectionRequest.filter,
+              orderBy: collectionRequest.orderBy,
+              order: collectionRequest.order,
+              limit: collectionRequest.limit,
+              databaseId: collectionRequest.databaseId
+            });
+          } else {
+            fetchedEntities = await txEntityService.fetchCollection(notifyPath, {
+              filter: collectionRequest.filter,
+              orderBy: collectionRequest.orderBy,
+              order: collectionRequest.order,
+              limit: collectionRequest.limit,
+              offset: collectionRequest.offset,
+              startAfter: collectionRequest.startAfter,
+              databaseId: collectionRequest.databaseId
+            });
+          }
+          const registryCollection = this.registry.getCollectionByPath(notifyPath);
+          const resolvedCollection = collection ? {
+            ...collection,
+            ...registryCollection
+          } : registryCollection;
+          const callbacks = resolvedCollection?.callbacks;
+          const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
+          if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
+            const contextForCallback = {
+              user: {
+                uid: activeAuth.userId,
+                roles: activeAuth.roles
+              },
+              driver: this.driver,
+              data: this.driver && "data" in this.driver ? this.driver.data : void 0
+            };
+            return await Promise.all(fetchedEntities.map(async (entity) => {
+              let processedEntity = entity;
+              if (callbacks?.afterRead) {
+                processedEntity = await callbacks.afterRead({
+                  collection: resolvedCollection,
+                  path: notifyPath,
+                  entity: processedEntity,
+                  context: contextForCallback
+                }) ?? processedEntity;
+              }
+              if (propertyCallbacks?.afterRead) {
+                processedEntity = await propertyCallbacks.afterRead({
+                  collection: resolvedCollection,
+                  path: notifyPath,
+                  entity: processedEntity,
+                  context: contextForCallback
+                }) ?? processedEntity;
+              }
+              return processedEntity;
+            }));
+          }
+          return fetchedEntities;
         });
-        if (authContext) {
-          return await this.db.transaction(async (tx) => {
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_id', ${authContext.userId}, true)`);
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_roles', ${authContext.roles.join(",")}, true)`);
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.jwt', ${JSON.stringify({
-              sub: authContext.userId,
-              roles: authContext.roles
-            })}, true)`);
-            const txEntityService = new EntityService(tx, this.registry);
-            let fetchedEntities;
-            if (collectionRequest.searchString) {
-              fetchedEntities = await txEntityService.searchEntities(notifyPath, collectionRequest.searchString, {
-                filter: collectionRequest.filter,
-                orderBy: collectionRequest.orderBy,
-                order: collectionRequest.order,
-                limit: collectionRequest.limit,
-                databaseId: collectionRequest.databaseId
-              });
-            } else {
-              fetchedEntities = await txEntityService.fetchCollection(notifyPath, {
-                filter: collectionRequest.filter,
-                orderBy: collectionRequest.orderBy,
-                order: collectionRequest.order,
-                limit: collectionRequest.limit,
-                offset: collectionRequest.offset,
-                startAfter: collectionRequest.startAfter,
-                databaseId: collectionRequest.databaseId
-              });
-            }
-            const registryCollection = this.registry.getCollectionByPath(notifyPath);
-            const resolvedCollection = collection ? {
-              ...collection,
-              ...registryCollection
-            } : registryCollection;
-            const callbacks = resolvedCollection?.callbacks;
-            const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
-            if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
-              const contextForCallback = {
-                user: {
-                  uid: authContext.userId,
-                  roles: authContext.roles
-                },
-                driver: this.driver,
-                data: this.driver ? this.driver.data : void 0
-              };
-              return await Promise.all(fetchedEntities.map(async (entity) => {
-                let processedEntity = entity;
-                if (callbacks?.afterRead) {
-                  processedEntity = await callbacks.afterRead({
-                    collection: resolvedCollection,
-                    path: notifyPath,
-                    entity: processedEntity,
-                    context: contextForCallback
-                  }) ?? processedEntity;
-                }
-                if (propertyCallbacks?.afterRead) {
-                  processedEntity = await propertyCallbacks.afterRead({
-                    collection: resolvedCollection,
-                    path: notifyPath,
-                    entity: processedEntity,
-                    context: contextForCallback
-                  }) ?? processedEntity;
-                }
-                return processedEntity;
-              }));
-            }
-            return fetchedEntities;
-          });
-        }
-        return fetchFn();
       }
       if (collectionRequest.searchString) {
         return await this.entityService.searchEntities(notifyPath, collectionRequest.searchString, {
@@ -8553,60 +8848,56 @@ ${tableRelations.join(",\n")}
     async fetchEntityWithAuth(notifyPath, entityId, authContext) {
       if (this.driver) {
         const collection = this.registry.getCollectionByPath(notifyPath);
-        const fetchFn = async () => this.driver.fetchEntity({
-          path: notifyPath,
-          entityId,
-          collection
-        });
-        if (authContext) {
-          return await this.db.transaction(async (tx) => {
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_id', ${authContext.userId}, true)`);
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_roles', ${authContext.roles.join(",")}, true)`);
-            await tx.execute(drizzleOrm.sql`SELECT set_config('app.jwt', ${JSON.stringify({
-              sub: authContext.userId,
-              roles: authContext.roles
-            })}, true)`);
-            const txEntityService = new EntityService(tx, this.registry);
-            let processedEntity = await txEntityService.fetchEntity(notifyPath, entityId, collection?.databaseId);
-            if (processedEntity) {
-              const registryCollection = this.registry.getCollectionByPath(notifyPath);
-              const resolvedCollection = collection ? {
-                ...collection,
-                ...registryCollection
-              } : registryCollection;
-              const callbacks = resolvedCollection?.callbacks;
-              const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
-              if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
-                const contextForCallback = {
-                  user: {
-                    uid: authContext.userId,
-                    roles: authContext.roles
-                  },
-                  driver: this.driver,
-                  data: this.driver ? this.driver.data : void 0
-                };
-                if (callbacks?.afterRead) {
-                  processedEntity = await callbacks.afterRead({
-                    collection: resolvedCollection,
-                    path: notifyPath,
-                    entity: processedEntity,
-                    context: contextForCallback
-                  }) ?? processedEntity;
-                }
-                if (propertyCallbacks?.afterRead) {
-                  processedEntity = await propertyCallbacks.afterRead({
-                    collection: resolvedCollection,
-                    path: notifyPath,
-                    entity: processedEntity,
-                    context: contextForCallback
-                  }) ?? processedEntity;
-                }
+        const activeAuth = authContext || {
+          userId: "anon",
+          roles: ["anon"]
+        };
+        return await this.db.transaction(async (tx) => {
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_id', ${activeAuth.userId}, true)`);
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.user_roles', ${activeAuth.roles.join(",")}, true)`);
+          await tx.execute(drizzleOrm.sql`SELECT set_config('app.jwt', ${JSON.stringify({
+            sub: activeAuth.userId,
+            roles: activeAuth.roles
+          })}, true)`);
+          const txEntityService = new EntityService(tx, this.registry);
+          let processedEntity = await txEntityService.fetchEntity(notifyPath, entityId, collection?.databaseId);
+          if (processedEntity) {
+            const registryCollection = this.registry.getCollectionByPath(notifyPath);
+            const resolvedCollection = collection ? {
+              ...collection,
+              ...registryCollection
+            } : registryCollection;
+            const callbacks = resolvedCollection?.callbacks;
+            const propertyCallbacks = resolvedCollection?.properties ? buildPropertyCallbacks(resolvedCollection.properties) : void 0;
+            if (callbacks?.afterRead || propertyCallbacks?.afterRead) {
+              const contextForCallback = {
+                user: {
+                  uid: activeAuth.userId,
+                  roles: activeAuth.roles
+                },
+                driver: this.driver,
+                data: this.driver && "data" in this.driver ? this.driver.data : void 0
+              };
+              if (callbacks?.afterRead) {
+                processedEntity = await callbacks.afterRead({
+                  collection: resolvedCollection,
+                  path: notifyPath,
+                  entity: processedEntity,
+                  context: contextForCallback
+                }) ?? processedEntity;
+              }
+              if (propertyCallbacks?.afterRead) {
+                processedEntity = await propertyCallbacks.afterRead({
+                  collection: resolvedCollection,
+                  path: notifyPath,
+                  entity: processedEntity,
+                  context: contextForCallback
+                }) ?? processedEntity;
               }
             }
-            return processedEntity;
-          });
-        }
-        return fetchFn();
+          }
+          return processedEntity;
+        });
       }
       return await this.entityService.fetchEntity(notifyPath, entityId);
     }
@@ -8674,6 +8965,31 @@ ${tableRelations.join(",\n")}
       return parentPaths;
     }
     // =============================================================================
+    // Lifecycle / Cleanup
+    // =============================================================================
+    /**
+     * Gracefully tear down all realtime resources.
+     *
+     * This MUST be called during process shutdown, **before** `pool.end()`.
+     * It ensures:
+     *  1. All debounced refetch timers are cancelled (prevents queries after pool closes).
+     *  2. All subscription state and callbacks are cleared.
+     *  3. The dedicated LISTEN client (outside the pool) is disconnected.
+     *  4. All WebSocket clients are removed (but not forcefully closed — the
+     *     HTTP server close will handle that).
+     */
+    async destroy() {
+      for (const [key, timer] of this.refetchTimers) {
+        clearTimeout(timer);
+        this.refetchTimers.delete(key);
+      }
+      this._subscriptions.clear();
+      this.subscriptionCallbacks.clear();
+      await this.stopListening();
+      this.clients.clear();
+      this.debugLog("🧹 [RealtimeService] destroy() complete — all resources released.");
+    }
+    // =============================================================================
     // Cross-Instance LISTEN/NOTIFY
     // =============================================================================
     /**
@@ -8814,8 +9130,23 @@ ${tableRelations.join(",\n")}
   const WS_RATE_LIMIT = 2e3;
   const WS_RATE_WINDOW_MS = 6e4;
   const ADMIN_ONLY_TYPES = /* @__PURE__ */ new Set(["EXECUTE_SQL", "FETCH_DATABASES", "FETCH_ROLES", "FETCH_UNMAPPED_TABLES", "FETCH_TABLE_METADATA", "FETCH_CURRENT_DATABASE", "CREATE_BRANCH", "DELETE_BRANCH", "LIST_BRANCHES"]);
+  function extractErrorMessage(error) {
+    if (!error) return "Unknown error";
+    if (typeof error === "object") {
+      const err = error;
+      if (err.cause) {
+        return extractErrorMessage(err.cause);
+      }
+      if (typeof err.message === "string") {
+        return err.message;
+      }
+    }
+    return String(error);
+  }
   function isAdminSession(session) {
-    if (!session?.user?.roles) return false;
+    if (!session?.user) return false;
+    if (session.user.isAdmin) return true;
+    if (!session.user.roles) return false;
     return session.user.roles.some((r) => {
       if (typeof r === "string") return r === "admin";
       if (r && typeof r === "object" && "isAdmin" in r) return r.isAdmin;
@@ -8823,7 +9154,7 @@ ${tableRelations.join(",\n")}
       return false;
     });
   }
-  function createPostgresWebSocket(server, realtimeService, driver, authConfig) {
+  function createPostgresWebSocket(server, realtimeService, driver, authConfig, authAdapter) {
     const isProduction = process.env.NODE_ENV === "production";
     const wsDebug = (...args) => {
       if (!isProduction) console.debug(...args);
@@ -8837,7 +9168,7 @@ ${tableRelations.join(",\n")}
       }
       console.error("❌ [WebSocket Server] Error:", err);
     });
-    const requireAuth = authConfig?.requireAuth !== false && authConfig?.jwtSecret;
+    const requireAuth = authAdapter ? true : authConfig?.requireAuth !== false && !!authConfig?.jwtSecret;
     wss.on("connection", (ws2) => {
       const clientId = `client_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
       wsDebug(`WebSocket client connected: ${clientId}`);
@@ -8882,11 +9213,37 @@ ${tableRelations.join(",\n")}
               sendError("AUTH_ERROR", "INVALID_INPUT", "Token is required");
               return;
             }
-            const user = serverCore.extractUserFromToken(token);
-            if (user) {
+            let verifiedUser = null;
+            if (authAdapter) {
+              try {
+                const adapterUser = authAdapter.verifyToken ? await authAdapter.verifyToken(token) : await authAdapter.verifyRequest(new Request("http://localhost/_ws_auth", {
+                  headers: {
+                    Authorization: `Bearer ${token}`
+                  }
+                }));
+                if (adapterUser) {
+                  verifiedUser = {
+                    userId: adapterUser.uid,
+                    roles: adapterUser.roles,
+                    isAdmin: adapterUser.isAdmin
+                  };
+                }
+              } catch {
+              }
+            } else {
+              const jwtPayload = serverCore.extractUserFromToken(token);
+              if (jwtPayload) {
+                verifiedUser = {
+                  userId: jwtPayload.userId,
+                  roles: jwtPayload.roles ?? [],
+                  isAdmin: (jwtPayload.roles ?? []).some((r) => r === "admin")
+                };
+              }
+            }
+            if (verifiedUser) {
               const session = clientSessions.get(clientId);
               if (session) {
-                session.user = user;
+                session.user = verifiedUser;
                 session.authenticated = true;
               }
               wsDebug(`[WS] replying AUTH_SUCCESS for requestId ${requestId}`);
@@ -8894,11 +9251,11 @@ ${tableRelations.join(",\n")}
                 type: "AUTH_SUCCESS",
                 requestId,
                 payload: {
-                  userId: user.userId,
-                  roles: user.roles
+                  userId: verifiedUser.userId,
+                  roles: verifiedUser.roles
                 }
               }));
-              wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${user.userId}`);
+              wsDebug(`🔐 [WebSocket Server] Client ${clientId} authenticated as ${verifiedUser.userId}`);
             } else {
               wsDebug(`[WS] replying AUTH_ERROR for requestId ${requestId} (invalid token)`);
               sendError("AUTH_ERROR", "INVALID_TOKEN", "Invalid or expired token");
@@ -8936,16 +9293,19 @@ ${tableRelations.join(",\n")}
           }
           const getScopedDelegate = async () => {
             const session = clientSessions.get(clientId);
-            if (session?.user && "withAuth" in driver && typeof driver.withAuth === "function") {
+            if ("withAuth" in driver && typeof driver.withAuth === "function") {
               try {
-                const userForAuth = {
+                const userForAuth = session?.user ? {
                   uid: session.user.userId,
                   roles: session.user.roles ?? []
+                } : {
+                  uid: "anon",
+                  roles: ["anon"]
                 };
                 return await driver.withAuth(userForAuth);
               } catch (e) {
-                console.error("Failed to create authenticated delegate for WS request", e);
-                return driver;
+                console.error("Failed to create RLS scoped delegate for WS request", e);
+                throw new Error("Internal authentication error");
               }
             }
             return driver;
@@ -9076,24 +9436,29 @@ ${tableRelations.join(",\n")}
                   sql,
                   options
                 } = payload;
-                const delegate = await getScopedDelegate();
-                const admin = delegate.admin;
-                if (!isSQLAdmin(admin)) {
-                  sendError("ERROR", "NOT_SUPPORTED", "SQL execution is not available for this driver.");
-                  break;
-                }
-                const result = await admin.executeSql(sql, options);
-                if (process.env.NODE_ENV !== "production") {
-                  wsDebug(`⚡ [WebSocket Server] SQL executed. Returned ${Array.isArray(result) ? result.length : "non-array"} rows.`);
+                try {
+                  const delegate = await getScopedDelegate();
+                  const admin = delegate.admin;
+                  if (!isSQLAdmin(admin)) {
+                    sendError("ERROR", "NOT_SUPPORTED", "SQL execution is not available for this driver.");
+                    break;
+                  }
+                  const result = await admin.executeSql(sql, options);
+                  if (process.env.NODE_ENV !== "production") {
+                    wsDebug(`⚡ [WebSocket Server] SQL executed. Returned ${Array.isArray(result) ? result.length : "non-array"} rows.`);
+                  }
+                  const response = {
+                    type: "EXECUTE_SQL_SUCCESS",
+                    payload: {
+                      result
+                    },
+                    requestId
+                  };
+                  ws2.send(JSON.stringify(response));
+                } catch (sqlError) {
+                  const errMsg = extractErrorMessage(sqlError);
+                  sendError("ERROR", "SQL_ERROR", errMsg);
                 }
-                const response = {
-                  type: "EXECUTE_SQL_SUCCESS",
-                  payload: {
-                    result
-                  },
-                  requestId
-                };
-                ws2.send(JSON.stringify(response));
               }
               break;
             case "FETCH_DATABASES":
@@ -9272,7 +9637,10 @@ ${tableRelations.join(",\n")}
               const authContext = session?.user ? {
                 userId: session.user.userId,
                 roles: session.user.roles ?? []
-              } : void 0;
+              } : {
+                userId: "anon",
+                roles: ["anon"]
+              };
               await realtimeService.handleClientMessage(clientId, {
                 type,
                 payload,
@@ -9416,29 +9784,58 @@ ${tableRelations.join(",\n")}
     },
     config: null
   }];
-  async function ensureAuthTablesExist(db) {
+  async function ensureAuthTablesExist(db, registry) {
     console.log("🔍 Checking auth tables...");
     try {
+      let usersTableName = '"users"';
+      let userIdType = "TEXT";
+      let usersSchema2 = "public";
+      if (registry) {
+        const usersTable = registry.getTable("users");
+        if (usersTable) {
+          const {
+            getTableName: getTableName2
+          } = await import("drizzle-orm");
+          usersSchema2 = pgCore.getTableConfig(usersTable).schema || "public";
+          usersTableName = usersSchema2 === "public" ? `"${getTableName2(usersTable)}"` : `"${usersSchema2}"."${getTableName2(usersTable)}"`;
+          if (usersTable.id) {
+            const col = usersTable.id;
+            const meta = getColumnMeta(col);
+            const columnType = meta.columnType;
+            if (columnType === "PgUUID") {
+              userIdType = "UUID";
+            } else if (columnType === "PgSerial" || columnType === "PgInteger") {
+              userIdType = "INTEGER";
+            } else if (columnType === "PgBigInt" || columnType === "PgBigSerial") {
+              userIdType = "BIGINT";
+            }
+          }
+        }
+      }
+      let rolesSchema = "rebase";
+      if (registry) {
+        const rolesTable = registry.getTable("roles");
+        if (rolesTable) {
+          rolesSchema = pgCore.getTableConfig(rolesTable).schema || "public";
+        }
+      }
+      if (usersSchema2 !== "public") {
+        await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS ${drizzleOrm.sql.raw(usersSchema2)}`);
+      }
+      if (rolesSchema !== "public" && rolesSchema !== usersSchema2) {
+        await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS ${drizzleOrm.sql.raw(rolesSchema)}`);
+      }
       await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS rebase`);
+      const userIdentitiesTable = `"${rolesSchema}"."user_identities"`;
+      const rolesTableName = `"${rolesSchema}"."roles"`;
+      const userRolesTableName = `"${rolesSchema}"."user_roles"`;
+      const refreshTokensTableName = `"${rolesSchema}"."refresh_tokens"`;
+      const passwordResetTokensTableName = `"${rolesSchema}"."password_reset_tokens"`;
+      const appConfigTableName = `"${rolesSchema}"."app_config"`;
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.users (
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(userIdentitiesTable)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                email TEXT NOT NULL UNIQUE,
-                password_hash TEXT,
-                display_name TEXT,
-                photo_url TEXT,
-                created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
-                updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-            )
-        `);
-      await db.execute(drizzleOrm.sql`
-            CREATE INDEX IF NOT EXISTS idx_users_email 
-            ON rebase.users(email)
-        `);
-      await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.user_identities (
-                id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${drizzleOrm.sql.raw(userIdType)} NOT NULL REFERENCES ${drizzleOrm.sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 provider TEXT NOT NULL,
                 provider_id TEXT NOT NULL,
                 profile_data JSONB,
@@ -9449,10 +9846,10 @@ ${tableRelations.join(",\n")}
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_user_identities_user 
-            ON rebase.user_identities(user_id)
+            ON ${drizzleOrm.sql.raw(userIdentitiesTable)}(user_id)
         `);
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.roles (
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(rolesTableName)} (
                 id TEXT PRIMARY KEY,
                 name TEXT NOT NULL,
                 is_admin BOOLEAN DEFAULT FALSE,
@@ -9463,20 +9860,20 @@ ${tableRelations.join(",\n")}
             )
         `);
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.user_roles (
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
-                role_id TEXT NOT NULL REFERENCES rebase.roles(id) ON DELETE CASCADE,
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(userRolesTableName)} (
+                user_id ${drizzleOrm.sql.raw(userIdType)} NOT NULL REFERENCES ${drizzleOrm.sql.raw(usersTableName)}(id) ON DELETE CASCADE,
+                role_id TEXT NOT NULL REFERENCES ${drizzleOrm.sql.raw(rolesTableName)}(id) ON DELETE CASCADE,
                 PRIMARY KEY (user_id, role_id)
             )
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_user_roles_user 
-            ON rebase.user_roles(user_id)
+            ON ${drizzleOrm.sql.raw(userRolesTableName)}(user_id)
         `);
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.refresh_tokens (
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(refreshTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${drizzleOrm.sql.raw(userIdType)} NOT NULL REFERENCES ${drizzleOrm.sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 token_hash TEXT NOT NULL UNIQUE,
                 expires_at TIMESTAMP WITH TIME ZONE NOT NULL,
                 user_agent TEXT,
@@ -9487,16 +9884,16 @@ ${tableRelations.join(",\n")}
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_refresh_tokens_hash 
-            ON rebase.refresh_tokens(token_hash)
+            ON ${drizzleOrm.sql.raw(refreshTokensTableName)}(token_hash)
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_refresh_tokens_user 
-            ON rebase.refresh_tokens(user_id)
+            ON ${drizzleOrm.sql.raw(refreshTokensTableName)}(user_id)
         `);
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.password_reset_tokens (
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(passwordResetTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
-                user_id TEXT NOT NULL REFERENCES rebase.users(id) ON DELETE CASCADE,
+                user_id ${drizzleOrm.sql.raw(userIdType)} NOT NULL REFERENCES ${drizzleOrm.sql.raw(usersTableName)}(id) ON DELETE CASCADE,
                 token_hash TEXT NOT NULL UNIQUE,
                 expires_at TIMESTAMP WITH TIME ZONE NOT NULL,
                 used_at TIMESTAMP WITH TIME ZONE,
@@ -9505,20 +9902,19 @@ ${tableRelations.join(",\n")}
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_hash 
-            ON rebase.password_reset_tokens(token_hash)
+            ON ${drizzleOrm.sql.raw(passwordResetTokensTableName)}(token_hash)
         `);
       await db.execute(drizzleOrm.sql`
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_user 
-            ON rebase.password_reset_tokens(user_id)
+            ON ${drizzleOrm.sql.raw(passwordResetTokensTableName)}(user_id)
         `);
       await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS rebase.app_config (
+            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(appConfigTableName)} (
                 key TEXT PRIMARY KEY,
                 value JSONB NOT NULL,
                 updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
             )
         `);
-      await applyInternalMigrations(db);
       await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS auth`);
       await db.transaction(async (tx) => {
         await tx.execute(drizzleOrm.sql`SELECT pg_advisory_xact_lock(hashtext('rebase_auth_functions_init'))`);
@@ -9541,15 +9937,15 @@ ${tableRelations.join(",\n")}
                 $$ LANGUAGE sql STABLE
             `);
       });
-      await seedDefaultRoles(db);
+      await seedDefaultRoles(db, rolesTableName);
       console.log("✅ Auth tables ready");
     } catch (error) {
       console.error("❌ Failed to create auth tables:", error);
       console.warn("⚠️ Continuing without creating auth tables.");
     }
   }
-  async function seedDefaultRoles(db) {
-    const result = await db.execute(drizzleOrm.sql`SELECT COUNT(*) as count FROM rebase.roles`);
+  async function seedDefaultRoles(db, rolesTableName) {
+    const result = await db.execute(drizzleOrm.sql`SELECT COUNT(*) as count FROM ${drizzleOrm.sql.raw(rolesTableName)}`);
     const count = parseInt(result.rows[0]?.count || "0", 10);
     if (count > 0) {
       console.log(`📋 Found ${count} existing roles`);
@@ -9558,7 +9954,7 @@ ${tableRelations.join(",\n")}
     console.log("🌱 Seeding default roles...");
     for (const role of DEFAULT_ROLES) {
       await db.execute(drizzleOrm.sql`
-            INSERT INTO rebase.roles (id, name, is_admin, default_permissions, config)
+            INSERT INTO ${drizzleOrm.sql.raw(rolesTableName)} (id, name, is_admin, default_permissions, config)
             VALUES (
                 ${role.id}, 
                 ${role.name}, 
@@ -9571,142 +9967,156 @@ ${tableRelations.join(",\n")}
     }
     console.log("✅ Default roles created: admin, editor, viewer");
   }
-  async function applyInternalMigrations(db) {
-    try {
-      await db.execute(drizzleOrm.sql`
-            ALTER TABLE rebase.users 
-            ADD COLUMN IF NOT EXISTS email_verified BOOLEAN DEFAULT FALSE,
-            ADD COLUMN IF NOT EXISTS email_verification_token TEXT,
-            ADD COLUMN IF NOT EXISTS email_verification_sent_at TIMESTAMP WITH TIME ZONE
-        `);
-      const columnsCheck = await db.execute(drizzleOrm.sql`
-            SELECT column_name 
-            FROM information_schema.columns 
-            WHERE table_schema='rebase' AND table_name='users' AND column_name IN ('google_id', 'linkedin_id', 'provider')
-        `);
-      const existingColumns = columnsCheck.rows.map((r) => r.column_name);
-      if (existingColumns.includes("google_id")) {
-        await db.execute(drizzleOrm.sql`
-                INSERT INTO rebase.user_identities (user_id, provider, provider_id)
-                SELECT id, 'google', google_id
-                FROM rebase.users
-                WHERE google_id IS NOT NULL
-                ON CONFLICT (provider, provider_id) DO NOTHING
-            `);
-      }
-      if (existingColumns.includes("linkedin_id")) {
-        await db.execute(drizzleOrm.sql`
-                INSERT INTO rebase.user_identities (user_id, provider, provider_id)
-                SELECT id, 'linkedin', linkedin_id
-                FROM rebase.users
-                WHERE linkedin_id IS NOT NULL
-                ON CONFLICT (provider, provider_id) DO NOTHING
-            `);
-      }
-      if (existingColumns.length > 0) {
-        await db.execute(drizzleOrm.sql`
-                ALTER TABLE rebase.users
-                DROP COLUMN IF EXISTS provider,
-                DROP COLUMN IF EXISTS google_id,
-                DROP COLUMN IF EXISTS linkedin_id
-            `);
-        await db.execute(drizzleOrm.sql`DROP INDEX IF EXISTS rebase.idx_users_google_id`);
-        await db.execute(drizzleOrm.sql`DROP INDEX IF EXISTS rebase.idx_users_linkedin_id`);
-        console.log("✅ Migrated to user_identities and dropped legacy columns.");
-      }
-      await db.execute(drizzleOrm.sql`
-            ALTER TABLE rebase.roles 
-            ADD COLUMN IF NOT EXISTS collection_permissions JSONB
-        `);
-      await db.execute(drizzleOrm.sql`
-            ALTER TABLE rebase.refresh_tokens 
-            ADD COLUMN IF NOT EXISTS user_agent TEXT,
-            ADD COLUMN IF NOT EXISTS ip_address TEXT
-        `);
-      const constraintCheck = await db.execute(drizzleOrm.sql`
-            SELECT 1 FROM information_schema.table_constraints 
-            WHERE constraint_name = 'unique_device_session' 
-            AND table_schema = 'rebase'
-            AND table_name = 'refresh_tokens'
-        `);
-      if (constraintCheck.rows.length === 0) {
-        try {
-          await db.execute(drizzleOrm.sql`
-                    ALTER TABLE rebase.refresh_tokens
-                    ADD CONSTRAINT unique_device_session UNIQUE (user_id, user_agent, ip_address)
-                `);
-          console.log("✅ Added unique_device_session constraint");
-        } catch (e) {
-          const errorMessage = e instanceof Error ? e.message : String(e);
-          if (errorMessage.includes("could not create unique index")) {
-            console.warn("⚠️ Duplicate sessions found, cleaning up before adding constraint...");
-            await db.execute(drizzleOrm.sql`
-                        DELETE FROM rebase.refresh_tokens a
-                        USING rebase.refresh_tokens b
-                        WHERE a.user_id = b.user_id 
-                        AND COALESCE(a.user_agent, '') = COALESCE(b.user_agent, '')
-                        AND COALESCE(a.ip_address, '') = COALESCE(b.ip_address, '')
-                        AND a.created_at < b.created_at
-                    `);
-            await db.execute(drizzleOrm.sql`
-                        ALTER TABLE rebase.refresh_tokens
-                        ADD CONSTRAINT unique_device_session UNIQUE (user_id, user_agent, ip_address)
-                    `).catch((retryErr) => {
-              const retryMessage = retryErr instanceof Error ? retryErr.message : String(retryErr);
-              console.error("Failed to add unique_device_session constraint after cleanup:", retryMessage);
-            });
-          } else {
-            console.error("Constraint migration issue:", errorMessage);
-          }
-        }
-      }
-    } catch (error) {
-      console.error("❌ Failed to run internal migrations:", error);
+  function getColumnKey(table, ...keys2) {
+    if (!table) return void 0;
+    for (const key of keys2) {
+      if (key in table) return key;
+      const snake = toSnakeCase(key);
+      if (snake in table) return snake;
+      const camel = camelCase(key);
+      if (camel in table) return camel;
     }
+    return void 0;
+  }
+  function getColumn(table, ...keys2) {
+    if (!table) return void 0;
+    const key = getColumnKey(table, ...keys2);
+    return key ? table[key] : void 0;
   }
   class UserService {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
+      if (tableOrTables && (tableOrTables.users || tableOrTables.roles)) {
+        const tables = tableOrTables;
+        this.usersTable = tables.users || users;
+        this.userIdentitiesTable = tables.userIdentities || userIdentities;
+        this.userRolesTable = tables.userRoles || userRoles;
+        this.rolesTable = tables.roles || roles;
+      } else {
+        const table = tableOrTables;
+        this.usersTable = table || users;
+        this.userIdentitiesTable = userIdentities;
+        this.userRolesTable = userRoles;
+        this.rolesTable = roles;
+      }
+    }
+    usersTable;
+    userIdentitiesTable;
+    userRolesTable;
+    rolesTable;
+    getQualifiedUsersTableName() {
+      const name = drizzleOrm.getTableName(this.usersTable);
+      const schema = pgCore.getTableConfig(this.usersTable).schema || "public";
+      return `"${schema}"."${name}"`;
+    }
+    mapRowToUser(row) {
+      if (!row) return row;
+      const id = row.id ?? row.uid;
+      const email = row.email;
+      const passwordHash = row.password_hash ?? row.passwordHash ?? null;
+      const displayName = row.display_name ?? row.displayName ?? null;
+      const photoUrl = row.photo_url ?? row.photoUrl ?? row.photoURL ?? null;
+      const emailVerified = row.email_verified ?? row.emailVerified ?? false;
+      const emailVerificationToken = row.email_verification_token ?? row.emailVerificationToken ?? null;
+      const emailVerificationSentAt = row.email_verification_sent_at ?? row.emailVerificationSentAt ?? null;
+      const createdAt = row.created_at ?? row.createdAt;
+      const updatedAt = row.updated_at ?? row.updatedAt;
+      const metadata = {
+        ...row.metadata || {}
+      };
+      const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
+      for (const [key, val] of Object.entries(row)) {
+        if (!knownKeys.has(key)) {
+          const camelKey = camelCase(key);
+          metadata[camelKey] = val;
+        }
+      }
+      return {
+        id,
+        email,
+        passwordHash,
+        displayName,
+        photoUrl,
+        emailVerified,
+        emailVerificationToken,
+        emailVerificationSentAt: emailVerificationSentAt ? new Date(emailVerificationSentAt) : null,
+        createdAt: createdAt ? new Date(createdAt) : /* @__PURE__ */ new Date(),
+        updatedAt: updatedAt ? new Date(updatedAt) : /* @__PURE__ */ new Date(),
+        metadata
+      };
+    }
+    mapPayload(data) {
+      if (!data) return {};
+      const payload = {};
+      const idKey = getColumnKey(this.usersTable, "id") || "id";
+      const emailKey = getColumnKey(this.usersTable, "email") || "email";
+      const passwordHashKey = getColumnKey(this.usersTable, "passwordHash", "password_hash") || "passwordHash";
+      const displayNameKey = getColumnKey(this.usersTable, "displayName", "display_name") || "displayName";
+      const photoUrlKey = getColumnKey(this.usersTable, "photoUrl", "photo_url") || "photoUrl";
+      const emailVerifiedKey = getColumnKey(this.usersTable, "emailVerified", "email_verified") || "emailVerified";
+      const emailVerificationTokenKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+      const emailVerificationSentAtKey = getColumnKey(this.usersTable, "emailVerificationSentAt", "email_verification_sent_at") || "emailVerificationSentAt";
+      const createdAtKey = getColumnKey(this.usersTable, "createdAt", "created_at") || "createdAt";
+      const updatedAtKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+      const metadataKey = getColumnKey(this.usersTable, "metadata") || "metadata";
+      if ("id" in data) payload[idKey] = data.id;
+      if ("email" in data) payload[emailKey] = data.email;
+      if ("passwordHash" in data) payload[passwordHashKey] = data.passwordHash;
+      if ("displayName" in data) payload[displayNameKey] = data.displayName;
+      if ("photoUrl" in data) payload[photoUrlKey] = data.photoUrl;
+      if ("emailVerified" in data) payload[emailVerifiedKey] = data.emailVerified;
+      if ("emailVerificationToken" in data) payload[emailVerificationTokenKey] = data.emailVerificationToken;
+      if ("emailVerificationSentAt" in data) payload[emailVerificationSentAtKey] = data.emailVerificationSentAt;
+      if ("createdAt" in data) payload[createdAtKey] = data.createdAt;
+      if ("updatedAt" in data) payload[updatedAtKey] = data.updatedAt;
+      const metadata = {
+        ...data.metadata || {}
+      };
+      const remainingMetadata = {};
+      for (const [key, val] of Object.entries(metadata)) {
+        const tableColKey = getColumnKey(this.usersTable, key);
+        if (tableColKey && tableColKey !== idKey && tableColKey !== emailKey && tableColKey !== passwordHashKey && tableColKey !== displayNameKey && tableColKey !== photoUrlKey && tableColKey !== emailVerifiedKey && tableColKey !== emailVerificationTokenKey && tableColKey !== emailVerificationSentAtKey && tableColKey !== createdAtKey && tableColKey !== updatedAtKey && tableColKey !== metadataKey) {
+          payload[tableColKey] = val;
+        } else {
+          remainingMetadata[key] = val;
+        }
+      }
+      if (metadataKey in this.usersTable) {
+        payload[metadataKey] = remainingMetadata;
+      }
+      return payload;
     }
     async createUser(data) {
-      const [user] = await this.db.insert(users).values(data).returning();
-      return user;
+      const payload = this.mapPayload(data);
+      const [row] = await this.db.insert(this.usersTable).values(payload).returning();
+      return this.mapRowToUser(row);
     }
     async getUserById(id) {
-      const [user] = await this.db.select().from(users).where(drizzleOrm.eq(users.id, id));
-      return user || null;
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return null;
+      const [row] = await this.db.select().from(this.usersTable).where(drizzleOrm.eq(idCol, id));
+      return row ? this.mapRowToUser(row) : null;
     }
     async getUserByEmail(email) {
-      const [user] = await this.db.select().from(users).where(drizzleOrm.eq(users.email, email.toLowerCase()));
-      return user || null;
+      const emailCol = getColumn(this.usersTable, "email");
+      if (!emailCol) return null;
+      const [row] = await this.db.select().from(this.usersTable).where(drizzleOrm.eq(emailCol, email.toLowerCase()));
+      return row ? this.mapRowToUser(row) : null;
     }
     async getUserByIdentity(provider, providerId) {
-      const result = await this.db.execute(drizzleOrm.sql`
-            SELECT u.*
-            FROM rebase.users u
-            INNER JOIN rebase.user_identities ui ON u.id = ui.user_id
-            WHERE ui.provider = ${provider} AND ui.provider_id = ${providerId}
-            LIMIT 1
-        `);
-      if (result.rows.length === 0) return null;
-      const row = result.rows[0];
-      return {
-        id: row.id,
-        email: row.email,
-        passwordHash: row.password_hash ?? null,
-        displayName: row.display_name ?? null,
-        photoUrl: row.photo_url ?? null,
-        emailVerified: row.email_verified ?? false,
-        emailVerificationToken: row.email_verification_token ?? null,
-        emailVerificationSentAt: row.email_verification_sent_at ?? null,
-        createdAt: row.created_at,
-        updatedAt: row.updated_at
-      };
+      const userIdCol = getColumn(this.usersTable, "id");
+      if (!userIdCol) return null;
+      const result = await this.db.select({
+        user: this.usersTable
+      }).from(this.usersTable).innerJoin(this.userIdentitiesTable, drizzleOrm.eq(userIdCol, this.userIdentitiesTable.userId)).where(drizzleOrm.sql`${this.userIdentitiesTable.provider} = ${provider} AND ${this.userIdentitiesTable.providerId} = ${providerId}`).limit(1);
+      if (result.length === 0) return null;
+      return this.mapRowToUser(result[0].user);
     }
     async getUserIdentities(userId) {
+      const schema = pgCore.getTableConfig(this.userIdentitiesTable).schema || "public";
       const result = await this.db.execute(drizzleOrm.sql`
             SELECT id, user_id, provider, provider_id, profile_data, created_at, updated_at
-            FROM rebase.user_identities
+            FROM ${drizzleOrm.sql.raw(`"${schema}"."user_identities"`)}
             WHERE user_id = ${userId}
         `);
       return result.rows.map((row) => ({
@@ -9720,27 +10130,32 @@ ${tableRelations.join(",\n")}
       }));
     }
     async linkUserIdentity(userId, provider, providerId, profileData) {
-      await this.db.insert(userIdentities).values({
+      await this.db.insert(this.userIdentitiesTable).values({
         userId,
         provider,
         providerId,
         profileData: profileData || null
       }).onConflictDoNothing({
-        target: [userIdentities.provider, userIdentities.providerId]
+        target: [this.userIdentitiesTable.provider, this.userIdentitiesTable.providerId]
       });
     }
     async updateUser(id, data) {
-      const [user] = await this.db.update(users).set({
-        ...data,
-        updatedAt: /* @__PURE__ */ new Date()
-      }).where(drizzleOrm.eq(users.id, id)).returning();
-      return user || null;
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return null;
+      const payload = this.mapPayload(data);
+      const updatedAtKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+      payload[updatedAtKey] = /* @__PURE__ */ new Date();
+      const [row] = await this.db.update(this.usersTable).set(payload).where(drizzleOrm.eq(idCol, id)).returning();
+      return row ? this.mapRowToUser(row) : null;
     }
     async deleteUser(id) {
-      await this.db.delete(users).where(drizzleOrm.eq(users.id, id));
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return;
+      await this.db.delete(this.usersTable).where(drizzleOrm.eq(idCol, id));
     }
     async listUsers() {
-      return this.db.select().from(users);
+      const rows = await this.db.select().from(this.usersTable);
+      return rows.map((row) => this.mapRowToUser(row));
     }
     async listUsersPaginated(options) {
       const limit = options?.limit ?? 25;
@@ -9749,49 +10164,40 @@ ${tableRelations.join(",\n")}
       const orderBy = options?.orderBy || "createdAt";
       const orderDir = options?.orderDir || "desc";
       const roleId = options?.roleId;
-      const columnMap = {
-        email: "email",
-        displayName: "display_name",
-        createdAt: "created_at",
-        updatedAt: "updated_at",
-        provider: "provider"
-      };
-      const orderColumn = columnMap[orderBy] || "created_at";
+      const orderCol = getColumn(this.usersTable, orderBy);
+      const orderColumn = orderCol ? orderCol.name : "created_at";
       const direction = orderDir === "asc" ? drizzleOrm.sql`ASC` : drizzleOrm.sql`DESC`;
+      const emailCol = getColumn(this.usersTable, "email");
+      const emailColumn = emailCol ? emailCol.name : "email";
+      const displayNameCol = getColumn(this.usersTable, "displayName", "display_name");
+      const displayNameColumn = displayNameCol ? displayNameCol.name : "display_name";
+      const idCol = getColumn(this.usersTable, "id");
+      const idColumn = idCol ? idCol.name : "id";
+      const usersTableName = this.getQualifiedUsersTableName();
+      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
       const conditions = [];
       if (roleId) {
-        conditions.push(drizzleOrm.sql`EXISTS (SELECT 1 FROM rebase.user_roles ur WHERE ur.user_id = users.id AND ur.role_id = ${roleId})`);
+        conditions.push(drizzleOrm.sql`EXISTS (SELECT 1 FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
       }
       if (search) {
         const pattern = `%${search}%`;
-        conditions.push(drizzleOrm.sql`(email ILIKE ${pattern} OR display_name ILIKE ${pattern})`);
+        conditions.push(drizzleOrm.sql`(${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(emailColumn)} ILIKE ${pattern} OR ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(displayNameColumn)} ILIKE ${pattern})`);
       }
       const whereClause = conditions.length > 0 ? drizzleOrm.sql`WHERE ${drizzleOrm.sql.join(conditions, drizzleOrm.sql` AND `)}` : drizzleOrm.sql``;
-      const orderByClause = roleId ? drizzleOrm.sql`ORDER BY ${drizzleOrm.sql.raw(orderColumn)} ${direction}` : drizzleOrm.sql`ORDER BY (SELECT count(*) FROM rebase.user_roles ur WHERE ur.user_id = users.id) DESC, ${drizzleOrm.sql.raw(orderColumn)} ${direction}`;
+      const orderByClause = roleId ? drizzleOrm.sql`ORDER BY ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}` : drizzleOrm.sql`ORDER BY (SELECT count(*) FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(idColumn)}) DESC, ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}`;
       const countResult = await this.db.execute(drizzleOrm.sql`
-            SELECT count(*)::int as total FROM rebase.users
+            SELECT count(*)::int as total FROM ${drizzleOrm.sql.raw(usersTableName)}
             ${whereClause}
         `);
       const total = countResult.rows[0].total;
       const dataResult = await this.db.execute(drizzleOrm.sql`
-            SELECT * FROM rebase.users
+            SELECT * FROM ${drizzleOrm.sql.raw(usersTableName)}
             ${whereClause}
             ${orderByClause}
             LIMIT ${limit} OFFSET ${offset}
         `);
       const rows = dataResult.rows;
-      const mappedUsers = rows.map((row) => ({
-        id: row.id,
-        email: row.email,
-        passwordHash: row.password_hash ?? row.passwordHash ?? null,
-        displayName: row.display_name ?? row.displayName ?? null,
-        photoUrl: row.photo_url ?? row.photoUrl ?? null,
-        emailVerified: row.email_verified ?? row.emailVerified ?? false,
-        emailVerificationToken: row.email_verification_token ?? row.emailVerificationToken ?? null,
-        emailVerificationSentAt: row.email_verification_sent_at ?? row.emailVerificationSentAt ?? null,
-        createdAt: row.created_at ?? row.createdAt,
-        updatedAt: row.updated_at ?? row.updatedAt
-      }));
+      const mappedUsers = rows.map((row) => this.mapRowToUser(row));
       return {
         users: mappedUsers,
         total,
@@ -9803,46 +10209,63 @@ ${tableRelations.join(",\n")}
      * Update user's password hash
      */
     async updatePassword(id, passwordHash) {
-      await this.db.update(users).set({
-        passwordHash,
-        updatedAt: /* @__PURE__ */ new Date()
-      }).where(drizzleOrm.eq(users.id, id));
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return;
+      const passwordHashColKey = getColumnKey(this.usersTable, "passwordHash", "password_hash") || "passwordHash";
+      const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+      await this.db.update(this.usersTable).set({
+        [passwordHashColKey]: passwordHash,
+        [updatedAtColKey]: /* @__PURE__ */ new Date()
+      }).where(drizzleOrm.eq(idCol, id));
     }
     /**
      * Set email verification status
      */
     async setEmailVerified(id, verified) {
-      await this.db.update(users).set({
-        emailVerified: verified,
-        emailVerificationToken: null,
-        updatedAt: /* @__PURE__ */ new Date()
-      }).where(drizzleOrm.eq(users.id, id));
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return;
+      const emailVerifiedColKey = getColumnKey(this.usersTable, "emailVerified", "email_verified") || "emailVerified";
+      const emailVerificationTokenColKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+      const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+      await this.db.update(this.usersTable).set({
+        [emailVerifiedColKey]: verified,
+        [emailVerificationTokenColKey]: null,
+        [updatedAtColKey]: /* @__PURE__ */ new Date()
+      }).where(drizzleOrm.eq(idCol, id));
     }
     /**
      * Set email verification token
      */
     async setVerificationToken(id, token) {
-      await this.db.update(users).set({
-        emailVerificationToken: token,
-        emailVerificationSentAt: token ? /* @__PURE__ */ new Date() : null,
-        updatedAt: /* @__PURE__ */ new Date()
-      }).where(drizzleOrm.eq(users.id, id));
+      const idCol = getColumn(this.usersTable, "id");
+      if (!idCol) return;
+      const emailVerificationTokenColKey = getColumnKey(this.usersTable, "emailVerificationToken", "email_verification_token") || "emailVerificationToken";
+      const emailVerificationSentAtColKey = getColumnKey(this.usersTable, "emailVerificationSentAt", "email_verification_sent_at") || "emailVerificationSentAt";
+      const updatedAtColKey = getColumnKey(this.usersTable, "updatedAt", "updated_at") || "updatedAt";
+      await this.db.update(this.usersTable).set({
+        [emailVerificationTokenColKey]: token,
+        [emailVerificationSentAtColKey]: token ? /* @__PURE__ */ new Date() : null,
+        [updatedAtColKey]: /* @__PURE__ */ new Date()
+      }).where(drizzleOrm.eq(idCol, id));
     }
     /**
      * Find user by email verification token
      */
     async getUserByVerificationToken(token) {
-      const [user] = await this.db.select().from(users).where(drizzleOrm.eq(users.emailVerificationToken, token));
-      return user || null;
+      const tokenCol = getColumn(this.usersTable, "emailVerificationToken", "email_verification_token");
+      if (!tokenCol) return null;
+      const [row] = await this.db.select().from(this.usersTable).where(drizzleOrm.eq(tokenCol, token));
+      return row ? this.mapRowToUser(row) : null;
     }
     /**
      * Get roles for a user from database
      */
     async getUserRoles(userId) {
+      const rolesSchema = pgCore.getTableConfig(this.rolesTable).schema || "public";
       const result = await this.db.execute(drizzleOrm.sql`
             SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions, r.config
-            FROM rebase.roles r
-            INNER JOIN rebase.user_roles ur ON r.id = ur.role_id
+            FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."roles"`)} r
+            INNER JOIN ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
             WHERE ur.user_id = ${userId}
         `);
       return result.rows.map((row) => ({
@@ -9865,10 +10288,11 @@ ${tableRelations.join(",\n")}
      * Set roles for a user
      */
     async setUserRoles(userId, roleIds) {
-      await this.db.execute(drizzleOrm.sql`DELETE FROM rebase.user_roles WHERE user_id = ${userId}`);
+      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
+      await this.db.execute(drizzleOrm.sql`DELETE FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
       for (const roleId of roleIds) {
         await this.db.execute(drizzleOrm.sql`
-                INSERT INTO rebase.user_roles (user_id, role_id)
+                INSERT INTO ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
                 VALUES (${userId}, ${roleId})
                 ON CONFLICT DO NOTHING
             `);
@@ -9878,8 +10302,9 @@ ${tableRelations.join(",\n")}
      * Assign a specific role to new user
      */
     async assignDefaultRole(userId, roleId) {
+      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
       await this.db.execute(drizzleOrm.sql`
-            INSERT INTO rebase.user_roles (user_id, role_id)
+            INSERT INTO ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
             VALUES (${userId}, ${roleId})
             ON CONFLICT DO NOTHING
         `);
@@ -9898,13 +10323,25 @@ ${tableRelations.join(",\n")}
     }
   }
   class RoleService {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
+      if (tableOrTables && (tableOrTables.roles || tableOrTables.users)) {
+        this.rolesTable = tableOrTables.roles || roles;
+      } else {
+        this.rolesTable = tableOrTables || roles;
+      }
+    }
+    rolesTable;
+    getQualifiedRolesTableName() {
+      const name = drizzleOrm.getTableName(this.rolesTable);
+      const schema = pgCore.getTableConfig(this.rolesTable).schema || "public";
+      return `"${schema}"."${name}"`;
     }
     async getRoleById(id) {
+      const tableName = this.getQualifiedRolesTableName();
       const result = await this.db.execute(drizzleOrm.sql`
             SELECT id, name, is_admin, default_permissions, collection_permissions, config
-            FROM rebase.roles
+            FROM ${drizzleOrm.sql.raw(tableName)}
             WHERE id = ${id}
         `);
       if (result.rows.length === 0) return null;
@@ -9919,9 +10356,10 @@ ${tableRelations.join(",\n")}
       };
     }
     async listRoles() {
+      const tableName = this.getQualifiedRolesTableName();
       const result = await this.db.execute(drizzleOrm.sql`
             SELECT id, name, is_admin, default_permissions, collection_permissions, config
-            FROM rebase.roles
+            FROM ${drizzleOrm.sql.raw(tableName)}
             ORDER BY name
         `);
       return result.rows.map((row) => ({
@@ -9934,8 +10372,9 @@ ${tableRelations.join(",\n")}
       }));
     }
     async createRole(data) {
+      const tableName = this.getQualifiedRolesTableName();
       const result = await this.db.execute(drizzleOrm.sql`
-            INSERT INTO rebase.roles (id, name, is_admin, default_permissions, collection_permissions, config)
+            INSERT INTO ${drizzleOrm.sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions, config)
             VALUES (
                 ${data.id},
                 ${data.name},
@@ -9959,8 +10398,9 @@ ${tableRelations.join(",\n")}
     async updateRole(id, data) {
       const existing = await this.getRoleById(id);
       if (!existing) return null;
+      const tableName = this.getQualifiedRolesTableName();
       await this.db.execute(drizzleOrm.sql`
-            UPDATE rebase.roles 
+            UPDATE ${drizzleOrm.sql.raw(tableName)}
             SET 
                 name = ${data.name ?? existing.name},
                 is_admin = ${data.isAdmin ?? existing.isAdmin},
@@ -9972,23 +10412,36 @@ ${tableRelations.join(",\n")}
       return this.getRoleById(id);
     }
     async deleteRole(id) {
-      await this.db.execute(drizzleOrm.sql`DELETE FROM rebase.roles WHERE id = ${id}`);
+      const tableName = this.getQualifiedRolesTableName();
+      await this.db.execute(drizzleOrm.sql`DELETE FROM ${drizzleOrm.sql.raw(tableName)} WHERE id = ${id}`);
     }
   }
   class RefreshTokenService {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
+      if (tableOrTables && (tableOrTables.refreshTokens || tableOrTables.users)) {
+        this.refreshTokensTable = tableOrTables.refreshTokens || refreshTokens;
+      } else {
+        this.refreshTokensTable = tableOrTables || refreshTokens;
+      }
+    }
+    refreshTokensTable;
+    getQualifiedRefreshTokensTableName() {
+      const name = drizzleOrm.getTableName(this.refreshTokensTable);
+      const schema = pgCore.getTableConfig(this.refreshTokensTable).schema || "public";
+      return `"${schema}"."${name}"`;
     }
     async createToken(userId, tokenHash, expiresAt, userAgent, ipAddress) {
       const safeUserAgent = userAgent || "";
       const safeIpAddress = ipAddress || "";
+      const tableName = this.getQualifiedRefreshTokensTableName();
       await this.db.execute(drizzleOrm.sql`
-            DELETE FROM rebase.refresh_tokens 
+            DELETE FROM ${drizzleOrm.sql.raw(tableName)} 
             WHERE user_id = ${userId} 
             AND user_agent = ${safeUserAgent} 
             AND ip_address = ${safeIpAddress}
         `);
-      await this.db.insert(refreshTokens).values({
+      await this.db.insert(this.refreshTokensTable).values({
         userId,
         tokenHash,
         expiresAt,
@@ -9998,51 +10451,63 @@ ${tableRelations.join(",\n")}
     }
     async findByHash(tokenHash) {
       const [token] = await this.db.select({
-        id: refreshTokens.id,
-        userId: refreshTokens.userId,
-        tokenHash: refreshTokens.tokenHash,
-        expiresAt: refreshTokens.expiresAt,
-        createdAt: refreshTokens.createdAt,
-        userAgent: refreshTokens.userAgent,
-        ipAddress: refreshTokens.ipAddress
-      }).from(refreshTokens).where(drizzleOrm.eq(refreshTokens.tokenHash, tokenHash));
+        id: this.refreshTokensTable.id,
+        userId: this.refreshTokensTable.userId,
+        tokenHash: this.refreshTokensTable.tokenHash,
+        expiresAt: this.refreshTokensTable.expiresAt,
+        createdAt: this.refreshTokensTable.createdAt,
+        userAgent: this.refreshTokensTable.userAgent,
+        ipAddress: this.refreshTokensTable.ipAddress
+      }).from(this.refreshTokensTable).where(drizzleOrm.eq(this.refreshTokensTable.tokenHash, tokenHash));
       return token || null;
     }
     async deleteByHash(tokenHash) {
-      await this.db.delete(refreshTokens).where(drizzleOrm.eq(refreshTokens.tokenHash, tokenHash));
+      await this.db.delete(this.refreshTokensTable).where(drizzleOrm.eq(this.refreshTokensTable.tokenHash, tokenHash));
     }
     async deleteAllForUser(userId) {
-      await this.db.delete(refreshTokens).where(drizzleOrm.eq(refreshTokens.userId, userId));
+      await this.db.delete(this.refreshTokensTable).where(drizzleOrm.eq(this.refreshTokensTable.userId, userId));
     }
     async listForUser(userId) {
       const tokens = await this.db.select({
-        id: refreshTokens.id,
-        userId: refreshTokens.userId,
-        tokenHash: refreshTokens.tokenHash,
-        expiresAt: refreshTokens.expiresAt,
-        createdAt: refreshTokens.createdAt,
-        userAgent: refreshTokens.userAgent,
-        ipAddress: refreshTokens.ipAddress
-      }).from(refreshTokens).where(drizzleOrm.eq(refreshTokens.userId, userId)).orderBy(refreshTokens.createdAt);
+        id: this.refreshTokensTable.id,
+        userId: this.refreshTokensTable.userId,
+        tokenHash: this.refreshTokensTable.tokenHash,
+        expiresAt: this.refreshTokensTable.expiresAt,
+        createdAt: this.refreshTokensTable.createdAt,
+        userAgent: this.refreshTokensTable.userAgent,
+        ipAddress: this.refreshTokensTable.ipAddress
+      }).from(this.refreshTokensTable).where(drizzleOrm.eq(this.refreshTokensTable.userId, userId)).orderBy(this.refreshTokensTable.createdAt);
       return tokens;
     }
     async deleteById(id, userId) {
-      await this.db.delete(refreshTokens).where(drizzleOrm.sql`${refreshTokens.id} = ${id} AND ${refreshTokens.userId} = ${userId}`);
+      await this.db.delete(this.refreshTokensTable).where(drizzleOrm.sql`${this.refreshTokensTable.id} = ${id} AND ${this.refreshTokensTable.userId} = ${userId}`);
     }
   }
   class PasswordResetTokenService {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
+      if (tableOrTables && (tableOrTables.passwordResetTokens || tableOrTables.users)) {
+        this.passwordResetTokensTable = tableOrTables.passwordResetTokens || passwordResetTokens;
+      } else {
+        this.passwordResetTokensTable = tableOrTables || passwordResetTokens;
+      }
+    }
+    passwordResetTokensTable;
+    getQualifiedPasswordResetTokensTableName() {
+      const name = drizzleOrm.getTableName(this.passwordResetTokensTable);
+      const schema = pgCore.getTableConfig(this.passwordResetTokensTable).schema || "public";
+      return `"${schema}"."${name}"`;
     }
     /**
      * Create a password reset token
      */
     async createToken(userId, tokenHash, expiresAt) {
+      const tableName = this.getQualifiedPasswordResetTokensTableName();
       await this.db.execute(drizzleOrm.sql`
-            DELETE FROM rebase.password_reset_tokens 
+            DELETE FROM ${drizzleOrm.sql.raw(tableName)} 
             WHERE user_id = ${userId} AND used_at IS NULL
         `);
-      await this.db.insert(passwordResetTokens).values({
+      await this.db.insert(this.passwordResetTokensTable).values({
         userId,
         tokenHash,
         expiresAt
@@ -10053,13 +10518,14 @@ ${tableRelations.join(",\n")}
      */
     async findValidByHash(tokenHash) {
       const [token] = await this.db.select({
-        userId: passwordResetTokens.userId,
-        expiresAt: passwordResetTokens.expiresAt
-      }).from(passwordResetTokens).where(drizzleOrm.eq(passwordResetTokens.tokenHash, tokenHash));
+        userId: this.passwordResetTokensTable.userId,
+        expiresAt: this.passwordResetTokensTable.expiresAt
+      }).from(this.passwordResetTokensTable).where(drizzleOrm.eq(this.passwordResetTokensTable.tokenHash, tokenHash));
       if (!token) return null;
+      const tableName = this.getQualifiedPasswordResetTokensTableName();
       const result = await this.db.execute(drizzleOrm.sql`
             SELECT user_id, expires_at 
-            FROM rebase.password_reset_tokens 
+            FROM ${drizzleOrm.sql.raw(tableName)} 
             WHERE token_hash = ${tokenHash} 
               AND used_at IS NULL 
               AND expires_at > NOW()
@@ -10075,31 +10541,32 @@ ${tableRelations.join(",\n")}
      * Mark token as used
      */
     async markAsUsed(tokenHash) {
-      await this.db.update(passwordResetTokens).set({
+      await this.db.update(this.passwordResetTokensTable).set({
         usedAt: /* @__PURE__ */ new Date()
-      }).where(drizzleOrm.eq(passwordResetTokens.tokenHash, tokenHash));
+      }).where(drizzleOrm.eq(this.passwordResetTokensTable.tokenHash, tokenHash));
     }
     /**
      * Delete all tokens for a user
      */
     async deleteAllForUser(userId) {
-      await this.db.delete(passwordResetTokens).where(drizzleOrm.eq(passwordResetTokens.userId, userId));
+      await this.db.delete(this.passwordResetTokensTable).where(drizzleOrm.eq(this.passwordResetTokensTable.userId, userId));
     }
     /**
      * Clean up expired tokens
      */
     async deleteExpired() {
+      const tableName = this.getQualifiedPasswordResetTokensTableName();
       await this.db.execute(drizzleOrm.sql`
-            DELETE FROM rebase.password_reset_tokens 
+            DELETE FROM ${drizzleOrm.sql.raw(tableName)} 
             WHERE expires_at < NOW()
         `);
     }
   }
   class PostgresTokenRepository {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
-      this.refreshTokenService = new RefreshTokenService(db);
-      this.passwordResetTokenService = new PasswordResetTokenService(db);
+      this.refreshTokenService = new RefreshTokenService(db, tableOrTables);
+      this.passwordResetTokenService = new PasswordResetTokenService(db, tableOrTables);
     }
     refreshTokenService;
     passwordResetTokenService;
@@ -10140,11 +10607,11 @@ ${tableRelations.join(",\n")}
     }
   }
   class PostgresAuthRepository {
-    constructor(db) {
+    constructor(db, tableOrTables) {
       this.db = db;
-      this.userService = new UserService(db);
-      this.roleService = new RoleService(db);
-      this.tokenRepository = new PostgresTokenRepository(db);
+      this.userService = new UserService(db, tableOrTables);
+      this.roleService = new RoleService(db, tableOrTables);
+      this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
     }
     userService;
     roleService;
@@ -10205,8 +10672,7 @@ ${tableRelations.join(",\n")}
       await this.userService.assignDefaultRole(userId, roleId);
     }
     async getUserWithRoles(userId) {
-      const result = await this.userService.getUserWithRoles(userId);
-      return result;
+      return this.userService.getUserWithRoles(userId);
     }
     // Role operations (delegate to RoleService)
     async getRoleById(id) {
@@ -10394,6 +10860,24 @@ ${tableRelations.join(",\n")}
       return result.rowCount ?? 0;
     }
   }
+  function deepEqual(a, b) {
+    if (a === b) return true;
+    if (a == null || b == null) return false;
+    if (a instanceof Date && b instanceof Date) return a.getTime() === b.getTime();
+    if (Array.isArray(a) && Array.isArray(b)) {
+      if (a.length !== b.length) return false;
+      return a.every((v, i) => deepEqual(v, b[i]));
+    }
+    if (typeof a === "object" && typeof b === "object") {
+      const aObj = a;
+      const bObj = b;
+      const aKeys = Object.keys(aObj);
+      const bKeys = Object.keys(bObj);
+      if (aKeys.length !== bKeys.length) return false;
+      return aKeys.every((k) => deepEqual(aObj[k], bObj[k]));
+    }
+    return false;
+  }
   function findChangedFields(oldValues, newValues) {
     const changed = [];
     const allKeys = /* @__PURE__ */ new Set([...Object.keys(oldValues), ...Object.keys(newValues)]);
@@ -10403,7 +10887,7 @@ ${tableRelations.join(",\n")}
       if (key.startsWith("__")) continue;
       if (oldVal !== newVal) {
         if (typeof oldVal === "object" && oldVal !== null && typeof newVal === "object" && newVal !== null) {
-          if (JSON.stringify(oldVal) !== JSON.stringify(newVal)) {
+          if (!deepEqual(oldVal, newVal)) {
             changed.push(key);
           }
         } else {
@@ -10521,14 +11005,32 @@ ${tableRelations.join(",\n")}
         if (!authConfig) return void 0;
         const internals = driverResult.internals;
         const db = internals.db;
-        await ensureAuthTablesExist(db);
+        const registry = internals.registry;
+        await ensureAuthTablesExist(db, registry);
         let emailService;
         if (authConfig.email) {
           emailService = serverCore.createEmailService(authConfig.email);
         }
-        const userService = new UserService(db);
-        const roleService = new RoleService(db);
-        const authRepository = new PostgresAuthRepository(db);
+        const customUsersTable = registry?.getTable("users");
+        const customRolesTable = registry?.getTable("roles");
+        let usersSchemaName = "rebase";
+        let rolesSchemaName = "rebase";
+        if (customUsersTable) {
+          usersSchemaName = pgCore.getTableConfig(customUsersTable).schema || "public";
+        }
+        if (customRolesTable) {
+          rolesSchemaName = pgCore.getTableConfig(customRolesTable).schema || "public";
+        }
+        const authTables = createAuthSchema(rolesSchemaName, usersSchemaName);
+        if (customUsersTable) {
+          authTables.users = customUsersTable;
+        }
+        if (customRolesTable) {
+          authTables.roles = customRolesTable;
+        }
+        const userService = new UserService(db, authTables);
+        const roleService = new RoleService(db, authTables);
+        const authRepository = new PostgresAuthRepository(db, authTables);
         return {
           userService,
           roleService,
@@ -10560,11 +11062,54 @@ ${tableRelations.join(",\n")}
       },
       mountRoutes(app, basePath, driverResult) {
       },
-      async initializeWebsockets(server, realtimeService, driver, config) {
+      async initializeWebsockets(server, realtimeService, driver, config, adapter) {
         const {
           createPostgresWebSocket: createPostgresWebSocket2
         } = await Promise.resolve().then(() => websocket);
-        createPostgresWebSocket2(server, realtimeService, driver, config);
+        createPostgresWebSocket2(server, realtimeService, driver, config, adapter);
+      }
+    };
+  }
+  function createPostgresAdapter(pgConfig) {
+    const bootstrapper = createPostgresBootstrapper(pgConfig);
+    return {
+      type: bootstrapper.type,
+      async initializeDriver(config) {
+        return bootstrapper.initializeDriver(config);
+      },
+      async initializeRealtime(driverResult) {
+        if (bootstrapper.initializeRealtime) {
+          return bootstrapper.initializeRealtime({}, driverResult);
+        }
+        return void 0;
+      },
+      async initializeAuth(config, driverResult) {
+        if (bootstrapper.initializeAuth) {
+          return bootstrapper.initializeAuth(config, driverResult);
+        }
+        return void 0;
+      },
+      async initializeHistory(config, driverResult) {
+        if (bootstrapper.initializeHistory) {
+          return bootstrapper.initializeHistory(config, driverResult);
+        }
+        return void 0;
+      },
+      initializeWebsockets(server, realtimeService, driver, config) {
+        if (bootstrapper.initializeWebsockets) {
+          return bootstrapper.initializeWebsockets(server, realtimeService, driver, config);
+        }
+      },
+      getAdmin(driverResult) {
+        if (bootstrapper.getAdmin) {
+          return bootstrapper.getAdmin(driverResult);
+        }
+        return void 0;
+      },
+      mountRoutes(app, basePath, driverResult) {
+        if (bootstrapper.mountRoutes) {
+          bootstrapper.mountRoutes(app, basePath, driverResult);
+        }
       }
     };
   }
@@ -10578,6 +11123,8 @@ ${tableRelations.join(",\n")}
   exports2.PostgresRealtimeProvider = PostgresRealtimeProvider;
   exports2.RealtimeService = RealtimeService;
   exports2.appConfig = appConfig;
+  exports2.createAuthSchema = createAuthSchema;
+  exports2.createPostgresAdapter = createPostgresAdapter;
   exports2.createPostgresBootstrapper = createPostgresBootstrapper;
   exports2.createPostgresDatabaseConnection = createPostgresDatabaseConnection;
   exports2.createPostgresWebSocket = createPostgresWebSocket;
@@ -10595,6 +11142,7 @@ ${tableRelations.join(",\n")}
   exports2.userRolesRelations = userRolesRelations;
   exports2.users = users;
   exports2.usersRelations = usersRelations;
+  exports2.usersSchema = usersSchema;
   Object.defineProperty(exports2, Symbol.toStringTag, { value: "Module" });
 });
 //# sourceMappingURL=index.umd.js.map