@rebasepro/server-postgresql 0.2.3 → 0.3.0

package/src/connection.ts

@@ -82,3 +82,80 @@ export function createPostgresDatabaseConnection(
 pool,
 connectionString };
 }
+
+/**
+ * Create a direct (non-pooled) connection for operations that require
+ * session-level features incompatible with PgBouncer transaction mode,
+ * such as LISTEN/NOTIFY, prepared statements, or advisory locks.
+ *
+ * Uses a smaller pool since this is only for specific use cases.
+ */
+export function createDirectDatabaseConnection(
+    connectionString: string,
+    schema?: Record<string, unknown>,
+    poolConfig?: PostgresPoolConfig
+) {
+    const opts = {
+        ...DEFAULT_POOL,
+        max: 5,
+        ...poolConfig
+    };
+
+    const pgPoolConfig: PoolConfig = {
+        connectionString,
+        max: opts.max,
+        idleTimeoutMillis: opts.idleTimeoutMillis,
+        connectionTimeoutMillis: opts.connectionTimeoutMillis,
+        query_timeout: opts.queryTimeout,
+        statement_timeout: opts.statementTimeout,
+        keepAlive: opts.keepAlive,
+        keepAliveInitialDelayMillis: 0
+    };
+
+    const pool = new Pool(pgPoolConfig);
+
+    pool.on("error", (err) => {
+        console.error("[pg-direct-pool] Unexpected pool error:", err.message);
+    });
+
+    const db = schema ? drizzle(pool, { schema }) : drizzle(pool);
+
+    return { db, pool, connectionString };
+}
+
+/**
+ * Create a read-only connection for routing read queries to replicas.
+ * Uses a moderate pool size since reads are distributed across replicas.
+ */
+export function createReadReplicaConnection(
+    connectionString: string,
+    schema?: Record<string, unknown>,
+    poolConfig?: PostgresPoolConfig
+) {
+    const opts = {
+        ...DEFAULT_POOL,
+        max: 10,
+        ...poolConfig
+    };
+
+    const pgPoolConfig: PoolConfig = {
+        connectionString,
+        max: opts.max,
+        idleTimeoutMillis: opts.idleTimeoutMillis,
+        connectionTimeoutMillis: opts.connectionTimeoutMillis,
+        query_timeout: opts.queryTimeout,
+        statement_timeout: opts.statementTimeout,
+        keepAlive: opts.keepAlive,
+        keepAliveInitialDelayMillis: 0
+    };
+
+    const pool = new Pool(pgPoolConfig);
+
+    pool.on("error", (err) => {
+        console.error("[pg-replica-pool] Unexpected pool error:", err.message);
+    });
+
+    const db = schema ? drizzle(pool, { schema }) : drizzle(pool);
+
+    return { db, pool, connectionString };
+}

package/src/data-transformer.ts

@@ -263,8 +263,8 @@ export function serializePropertyToServer(value: unknown, property: Property): u
             if (value instanceof Vector) {
                 return value.value;
             }
-            if (value && typeof value === "object" && "value" in value && Array.isArray((value as any).value)) {
-                return (value as any).value.map(Number);
+            if (value && typeof value === "object" && "value" in value && Array.isArray((value as { value: unknown }).value)) {
+                return (value as { value: unknown[] }).value.map(Number);
             }
             if (Array.isArray(value)) {
                 return value.map(Number);

package/src/schema/auth-schema.ts

@@ -8,8 +8,8 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     const rolesSchema = rolesSchemaName === "public" ? null : pgSchema(rolesSchemaName);
     const usersSchema = usersSchemaName === "public" ? null : pgSchema(usersSchemaName);
 
-    const rolesTableCreator: any = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable;
-    const usersTableCreator: any = usersSchema ? usersSchema.table.bind(usersSchema) : pgTable;
+    const rolesTableCreator = (rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable) as typeof pgTable;
+    const usersTableCreator = (usersSchema ? usersSchema.table.bind(usersSchema) : pgTable) as typeof pgTable;
 
     /**
      * Users table - stores both email/password and OAuth users
@@ -23,7 +23,8 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         emailVerified: boolean("email_verified").default(false).notNull(),
         emailVerificationToken: varchar("email_verification_token", { length: 255 }),
         emailVerificationSentAt: timestamp("email_verification_sent_at"),
-        metadata: jsonb("metadata").$type<Record<string, any>>().default({}).notNull(),
+        isAnonymous: boolean("is_anonymous").default(false).notNull(),
+        metadata: jsonb("metadata").$type<Record<string, unknown>>().default({}).notNull(),
         createdAt: timestamp("created_at").defaultNow().notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
     });
@@ -48,12 +49,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
                 edit?: boolean;
                 delete?: boolean;
             }>
-        >(),
-        config: jsonb("config").$type<{
-            createCollections?: boolean;
-            editCollections?: "own" | "all" | boolean;
-            deleteCollections?: "own" | "all" | boolean;
-        }>()
+        >()
     });
 
     /**
@@ -62,7 +58,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     const userRoles = rolesTableCreator("user_roles", {
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         roleId: varchar("role_id", { length: 50 }).notNull().references(() => roles.id, { onDelete: "cascade" })
-    }, (table: any) => ({
+    }, (table) => ({
         pk: primaryKey({ columns: [table.userId, table.roleId] })
     }));
 
@@ -77,7 +73,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         userAgent: varchar("user_agent", { length: 500 }),
         ipAddress: varchar("ip_address", { length: 45 }),
         createdAt: timestamp("created_at").defaultNow().notNull()
-    }, (table: any) => ({
+    }, (table) => ({
         uniqueDeviceSession: unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
     }));
 
@@ -113,10 +109,47 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         profileData: jsonb("profile_data"),
         createdAt: timestamp("created_at").defaultNow().notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
-    }, (table: any) => ({
+    }, (table) => ({
         uniqueProviderId: unique("unique_provider_id").on(table.provider, table.providerId)
     }));
 
+    /**
+     * MFA factors table - stores enrolled MFA methods
+     */
+    const mfaFactors = rolesTableCreator("mfa_factors", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+        factorType: varchar("factor_type", { length: 20 }).notNull(), // 'totp'
+        secretEncrypted: varchar("secret_encrypted", { length: 500 }).notNull(),
+        friendlyName: varchar("friendly_name", { length: 255 }),
+        verified: boolean("verified").default(false).notNull(),
+        createdAt: timestamp("created_at").defaultNow().notNull(),
+        updatedAt: timestamp("updated_at").defaultNow().notNull()
+    });
+
+    /**
+     * MFA challenges table - tracks active MFA verification attempts
+     */
+    const mfaChallenges = rolesTableCreator("mfa_challenges", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        factorId: uuid("factor_id").notNull().references(() => mfaFactors.id, { onDelete: "cascade" }),
+        createdAt: timestamp("created_at").defaultNow().notNull(),
+        verifiedAt: timestamp("verified_at"),
+        ipAddress: varchar("ip_address", { length: 45 }),
+        expiresAt: timestamp("expires_at").notNull()
+    });
+
+    /**
+     * Recovery codes table - backup codes for MFA
+     */
+    const recoveryCodes = rolesTableCreator("recovery_codes", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+        codeHash: varchar("code_hash", { length: 255 }).notNull(),
+        usedAt: timestamp("used_at"),
+        createdAt: timestamp("created_at").defaultNow().notNull()
+    });
+
     return {
         rolesSchema,
         usersSchema,
@@ -126,7 +159,10 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         refreshTokens,
         passwordResetTokens,
         appConfig,
-        userIdentities
+        userIdentities,
+        mfaFactors,
+        mfaChallenges,
+        recoveryCodes
     };
 }
 
@@ -143,13 +179,18 @@ export const refreshTokens = defaultAuthSchema.refreshTokens;
 export const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
 export const appConfig = defaultAuthSchema.appConfig;
 export const userIdentities = defaultAuthSchema.userIdentities;
+export const mfaFactors = defaultAuthSchema.mfaFactors;
+export const mfaChallenges = defaultAuthSchema.mfaChallenges;
+export const recoveryCodes = defaultAuthSchema.recoveryCodes;
 
 // Relations
 export const usersRelations = relations(users, ({ many }) => ({
     userRoles: many(userRoles),
     refreshTokens: many(refreshTokens),
     passwordResetTokens: many(passwordResetTokens),
-    userIdentities: many(userIdentities)
+    userIdentities: many(userIdentities),
+    mfaFactors: many(mfaFactors),
+    recoveryCodes: many(recoveryCodes)
 }));
 
 export const rolesRelations = relations(roles, ({ many }) => ({
@@ -188,6 +229,28 @@ export const userIdentitiesRelations = relations(userIdentities, ({ one }) => ({
     })
 }));
 
+export const mfaFactorsRelations = relations(mfaFactors, ({ one, many }) => ({
+    user: one(users, {
+        fields: [mfaFactors.userId],
+        references: [users.id]
+    }),
+    challenges: many(mfaChallenges)
+}));
+
+export const mfaChallengesRelations = relations(mfaChallenges, ({ one }) => ({
+    factor: one(mfaFactors, {
+        fields: [mfaChallenges.factorId],
+        references: [mfaFactors.id]
+    })
+}));
+
+export const recoveryCodesRelations = relations(recoveryCodes, ({ one }) => ({
+    user: one(users, {
+        fields: [recoveryCodes.userId],
+        references: [users.id]
+    })
+}));
+
 // Type exports
 export type User = typeof users.$inferSelect;
 export type NewUser = typeof users.$inferInsert;
@@ -199,3 +262,6 @@ export type PasswordResetToken = typeof passwordResetTokens.$inferSelect;
 export type AppConfig = typeof appConfig.$inferSelect;
 export type UserIdentity = typeof userIdentities.$inferSelect;
 export type NewUserIdentity = typeof userIdentities.$inferInsert;
+export type MfaFactorRow = typeof mfaFactors.$inferSelect;
+export type MfaChallengeRow = typeof mfaChallenges.$inferSelect;
+export type RecoveryCodeRow = typeof recoveryCodes.$inferSelect;

package/src/schema/generate-drizzle-schema.ts

@@ -5,7 +5,7 @@ import { pathToFileURL } from "url";
 import chokidar from "chokidar";
 import { generateSchema } from "./generate-drizzle-schema-logic";
 import { EntityCollection } from "@rebasepro/types";
-import { defaultUsersCollection } from "./default-collections";
+import { defaultUsersCollection } from "@rebasepro/common";
 
 // --- Helper Functions ---
 
@@ -90,11 +90,11 @@ const runGeneration = async (collectionsFilePath?: string, outputPath?: string)
             collections = [];
         }
 
-        // Inject default collections if not overridden by the developer
-        const hasUsersCollection = collections.some(c => c.slug === "users");
-        if (!hasUsersCollection) {
-            collections.push(defaultUsersCollection);
-        }
+        // Always inject defaults first; developer collections override via generic dedup
+        // Map keyed by slug — last-write-wins, so developer collections overwrite defaults
+        collections = Array.from(
+            new Map([defaultUsersCollection, ...collections].map(c => [c.slug, c])).values()
+        );
 
         // Sort collections by slug alphabetically to ensure deterministic schema generation
         collections.sort((a, b) => a.slug.localeCompare(b.slug));

package/src/services/EntityFetchService.ts

@@ -1,6 +1,7 @@
 import { and, asc, count, desc, eq, getTableName, gt, lt, or, SQL, TableRelationalConfig, TablesRelationalConfig } from "drizzle-orm";
 import { AnyPgColumn, PgTable } from "drizzle-orm/pg-core";
 import { Entity, EntityCollection, FilterValues, Relation } from "@rebasepro/types";
+import type { VectorSearchParams } from "@rebasepro/types";
 import { resolveCollectionRelations, findRelation, createRelationRef, createRelationRefWithData } from "@rebasepro/common";
 import { DrizzleConditionBuilder } from "../utils/drizzle-conditions";
 import {
@@ -698,6 +699,7 @@ export class EntityFetchService {
             startAfter?: Record<string, unknown>;
             searchString?: string;
             databaseId?: string;
+            vectorSearch?: VectorSearchParams;
         } = {}
     ): Promise<Entity<M>[]> {
         const collection = getCollectionByPath(collectionPath, this.registry);
@@ -722,7 +724,9 @@ export class EntityFetchService {
         const withConfig = this.buildWithConfig(collection);
         const hasRelations = withConfig && Object.keys(withConfig).length > 0;
 
-        if (qb && !options.searchString && !hasRelations) {
+        // Skip db.query path when vectorSearch is present — it doesn't support
+        // custom SELECT expressions needed for the _distance column.
+        if (qb && !options.searchString && !hasRelations && !options.vectorSearch) {
             try {
                 const queryOpts = this.buildDrizzleQueryOptions<M>(
                     table, idField, idInfo, options, collectionPath, undefined
@@ -746,7 +750,15 @@ export class EntityFetchService {
         }
 
         // Fallback: db.select + processEntityResults (N+1 for relations)
-        let query = this.db.select().from(table).$dynamic();
+        // When vectorSearch is present, add _distance to the SELECT.
+        let vectorMeta: { orderBy: SQL; filter?: SQL; distanceSelect: SQL } | undefined;
+        if (options.vectorSearch) {
+            vectorMeta = DrizzleConditionBuilder.buildVectorSearchConditions(table, options.vectorSearch);
+        }
+
+        let query = vectorMeta
+            ? this.db.select({ table_row: table, _distance: vectorMeta.distanceSelect }).from(table).$dynamic()
+            : this.db.select().from(table).$dynamic();
         const allConditions: SQL[] = [];
 
         if (options.searchString) {
@@ -762,13 +774,21 @@ export class EntityFetchService {
             if (filterConditions.length > 0) allConditions.push(...filterConditions);
         }
 
+        // Vector distance threshold filter
+        if (vectorMeta?.filter) {
+            allConditions.push(vectorMeta.filter);
+        }
+
         if (allConditions.length > 0) {
             const finalCondition = DrizzleConditionBuilder.combineConditionsWithAnd(allConditions);
             if (finalCondition) query = query.where(finalCondition);
         }
 
         const orderExpressions = [];
-        if (options.orderBy) {
+        // Vector search overrides ORDER BY with distance (ascending = closest first)
+        if (vectorMeta) {
+            orderExpressions.push(asc(vectorMeta.orderBy));
+        } else if (options.orderBy) {
             const orderByField = this.resolveOrderByField(table, options.orderBy, collection);
             if (orderByField) {
                 orderExpressions.push(options.order === "asc" ? asc(orderByField) : desc(orderByField));
@@ -786,13 +806,24 @@ export class EntityFetchService {
             }
         }
 
-        const limitValue = options.searchString ? (options.limit || 50) : options.limit;
+        const limitValue = options.vectorSearch
+            ? (options.limit || 10)
+            : options.searchString ? (options.limit || 50) : options.limit;
         if (limitValue) query = query.limit(limitValue);
 
         // Offset (numeric pagination)
         if (options.offset && options.offset > 0) query = query.offset(options.offset);
 
-        const results = await query;
+        const rawResults = await query;
+
+        // When vector search is active, unwrap the nested select shape and
+        // attach _distance to each entity's values.
+        const results = vectorMeta
+            ? (rawResults as { table_row: Record<string, unknown>; _distance: unknown }[]).map(r => ({
+                ...r.table_row,
+                _distance: typeof r._distance === "number" ? r._distance : parseFloat(String(r._distance))
+            }))
+            : rawResults as Record<string, unknown>[];
 
         return this.processEntityResults<M>(results, collection, collectionPath, idInfo, options.databaseId, false, idInfoArray);
     }
@@ -919,6 +950,7 @@ export class EntityFetchService {
             startAfter?: Record<string, unknown>;
             searchString?: string;
             databaseId?: string;
+            vectorSearch?: VectorSearchParams;
         } = {}
     ): Promise<Entity<M>[]> {
         // Handle multi-segment paths by resolving through relations
@@ -1164,6 +1196,7 @@ export class EntityFetchService {
             startAfter?: Record<string, unknown>;
             searchString?: string;
             databaseId?: string;
+            vectorSearch?: VectorSearchParams;
         } = {},
         include?: string[]
     ): Promise<Record<string, unknown>[]> {
@@ -1181,7 +1214,8 @@ export class EntityFetchService {
         const tableName = getTableName(table);
 
         const qb = this.getQueryBuilder(tableName);
-        if (qb && !options.searchString) {
+        // Skip db.query path when vectorSearch is present — needs custom SELECT
+        if (qb && !options.searchString && !options.vectorSearch) {
             try {
                 const withConfig = (include && include.length > 0)
                     ? this.buildWithConfig(collection, include)
@@ -1389,6 +1423,7 @@ export class EntityFetchService {
             offset?: number;
             startAfter?: Record<string, unknown>;
             searchString?: string;
+            vectorSearch?: VectorSearchParams;
         } = {}
     ): Promise<Record<string, unknown>[]> {
         const collection = getCollectionByPath(collectionPath, this.registry);
@@ -1397,7 +1432,14 @@ export class EntityFetchService {
         const idInfo = idInfoArray[0];
         const idField = table[idInfo.fieldName as keyof typeof table] as AnyPgColumn;
 
-        let query = this.db.select().from(table).$dynamic();
+        let vectorMeta: { orderBy: SQL; filter?: SQL; distanceSelect: SQL } | undefined;
+        if (options.vectorSearch) {
+            vectorMeta = DrizzleConditionBuilder.buildVectorSearchConditions(table, options.vectorSearch);
+        }
+
+        let query = vectorMeta
+            ? this.db.select({ table_row: table, _distance: vectorMeta.distanceSelect }).from(table).$dynamic()
+            : this.db.select().from(table).$dynamic();
         const allConditions: SQL[] = [];
 
         if (options.searchString) {
@@ -1413,13 +1455,19 @@ export class EntityFetchService {
             if (filterConditions.length > 0) allConditions.push(...filterConditions);
         }
 
+        if (vectorMeta?.filter) {
+            allConditions.push(vectorMeta.filter);
+        }
+
         if (allConditions.length > 0) {
             const finalCondition = DrizzleConditionBuilder.combineConditionsWithAnd(allConditions);
             if (finalCondition) query = query.where(finalCondition);
         }
 
         const orderExpressions = [];
-        if (options.orderBy) {
+        if (vectorMeta) {
+            orderExpressions.push(asc(vectorMeta.orderBy));
+        } else if (options.orderBy) {
             const orderByField = this.resolveOrderByField(table, options.orderBy, collection);
             if (orderByField) {
                 orderExpressions.push(options.order === "asc" ? asc(orderByField) : desc(orderByField));
@@ -1428,13 +1476,24 @@ export class EntityFetchService {
         orderExpressions.push(desc(idField));
         if (orderExpressions.length > 0) query = query.orderBy(...orderExpressions);
 
-        const limitValue = options.searchString ? (options.limit || 50) : options.limit;
+        const limitValue = options.vectorSearch
+            ? (options.limit || 10)
+            : options.searchString ? (options.limit || 50) : options.limit;
         if (limitValue) query = query.limit(limitValue);
 
         // Offset (numeric pagination)
         if (options.offset && options.offset > 0) query = query.offset(options.offset);
 
-        return await query as Record<string, unknown>[];
+        const rawResults = await query;
+
+        if (vectorMeta) {
+            return (rawResults as { table_row: Record<string, unknown>; _distance: unknown }[]).map(r => ({
+                ...r.table_row,
+                _distance: typeof r._distance === "number" ? r._distance : parseFloat(String(r._distance))
+            }));
+        }
+
+        return rawResults as Record<string, unknown>[];
     }
 
     /**

package/src/services/entityService.ts

@@ -1,5 +1,6 @@
 // import { NodePgDatabase } from "drizzle-orm/node-postgres";
 import { Entity, FilterValues } from "@rebasepro/types";
+import type { VectorSearchParams } from "@rebasepro/types";
 import { EntityFetchService } from "./EntityFetchService";
 import { EntityPersistService } from "./EntityPersistService";
 import { RelationService } from "./RelationService";
@@ -66,6 +67,7 @@ export class EntityService implements EntityRepository {
             startAfter?: Record<string, unknown>;
             searchString?: string;
             databaseId?: string;
+            vectorSearch?: VectorSearchParams;
         } = {}
     ): Promise<Entity<M>[]> {
         return this.fetchService.fetchCollection<M>(collectionPath, options);