@rebasepro/server-postgresql 0.3.0 → 0.5.0

package/dist/index.es.js

@@ -1,7 +1,7 @@
 import { Pool, Client } from "pg";
 import { drizzle } from "drizzle-orm/node-postgres";
-import { sql, inArray, eq, and, or, ilike, asc, desc, gt, lt, getTableName as getTableName$1, count, relations, isTable } from "drizzle-orm";
-import { PgVarchar, PgText, PgChar, pgSchema, pgTable, timestamp, jsonb, boolean, varchar, uuid, primaryKey, unique, getTableConfig } from "drizzle-orm/pg-core";
+import { or, and, sql, inArray, eq, ilike, asc, desc, gt, lt, getTableName as getTableName$1, count, relations, isTable } from "drizzle-orm";
+import { PgVarchar, PgText, PgChar, pgSchema, pgTable, timestamp, jsonb, text, boolean, varchar, uuid, unique, getTableConfig } from "drizzle-orm/pg-core";
 import { createHash, randomUUID } from "crypto";
 import * as fs from "fs";
 import { promises } from "fs";
@@ -2711,114 +2711,6 @@ class CollectionRegistry {
     };
   }
 }
-const defaultUsersCollection = {
-  name: "Users",
-  singularName: "User",
-  slug: "users",
-  table: "users",
-  schema: "rebase",
-  icon: "Users",
-  group: "Settings",
-  properties: {
-    id: {
-      name: "ID",
-      type: "string",
-      isId: "uuid"
-    },
-    email: {
-      name: "Email",
-      type: "string",
-      validation: {
-        required: true,
-        unique: true
-      }
-    },
-    password_hash: {
-      name: "Password Hash",
-      type: "string",
-      ui: {
-        hideFromCollection: true
-      }
-    },
-    display_name: {
-      name: "Display Name",
-      type: "string"
-    },
-    photo_url: {
-      name: "Photo URL",
-      type: "string"
-    },
-    email_verified: {
-      name: "Email Verified",
-      type: "boolean",
-      defaultValue: false
-    },
-    email_verification_token: {
-      name: "Email Verification Token",
-      type: "string",
-      ui: {
-        hideFromCollection: true
-      }
-    },
-    email_verification_sent_at: {
-      name: "Email Verification Sent At",
-      type: "date",
-      ui: {
-        hideFromCollection: true
-      }
-    },
-    metadata: {
-      name: "Metadata",
-      type: "map",
-      defaultValue: {},
-      ui: {
-        hideFromCollection: true
-      }
-    },
-    created_at: {
-      name: "Created At",
-      type: "date",
-      autoValue: "on_create",
-      ui: {
-        readOnly: true,
-        hideFromCollection: true
-      }
-    },
-    updated_at: {
-      name: "Updated At",
-      type: "date",
-      autoValue: "on_update",
-      ui: {
-        readOnly: true,
-        hideFromCollection: true
-      }
-    }
-  }
-};
-function mapOperator(op) {
-  switch (op) {
-    case "==":
-      return "eq";
-    case "!=":
-      return "neq";
-    case ">":
-      return "gt";
-    case ">=":
-      return "gte";
-    case "<":
-      return "lt";
-    case "<=":
-      return "lte";
-    case "array-contains":
-      return "cs";
-    case "array-contains-any":
-      return "csa";
-    case "not-in":
-      return "nin";
-    default:
-      return op;
-  }
-}
 class QueryBuilder {
   constructor(collection) {
     this.collection = collection;
@@ -2826,23 +2718,30 @@ class QueryBuilder {
   params = {
     where: {}
   };
-  /**
-   * Add a filter condition to your query.
-   * @example
-   * client.collection('users').where('age', '>=', 18).find()
-   */
-  where(column, operator, value) {
+  where(columnOrCondition, operator, value) {
+    if (typeof columnOrCondition === "object" && columnOrCondition !== null && "type" in columnOrCondition) {
+      this.params.logical = columnOrCondition;
+      return this;
+    }
     if (!this.params.where) {
       this.params.where = {};
     }
-    const mappedOp = mapOperator(operator);
-    let formattedValue = value;
-    if (Array.isArray(value) && ["in", "nin", "cs", "csa"].includes(mappedOp)) {
-      formattedValue = `(${value.join(",")})`;
-    } else if (value === null) {
-      formattedValue = "null";
+    const column = columnOrCondition;
+    const condition = [operator, value];
+    const existing = this.params.where[column];
+    if (existing === void 0) {
+      this.params.where[column] = condition;
+    } else if (Array.isArray(existing) && existing.length > 0 && Array.isArray(existing[0])) {
+      this.params.where[column].push(condition);
+    } else {
+      let firstCondition;
+      if (Array.isArray(existing) && existing.length === 2 && typeof existing[0] === "string") {
+        firstCondition = existing;
+      } else {
+        firstCondition = ["==", existing];
+      }
+      this.params.where[column] = [firstCondition, condition];
     }
-    this.params.where[column] = mappedOp === "eq" ? String(formattedValue) : `${mappedOp}.${formattedValue}`;
     return this;
   }
   /**
@@ -2944,10 +2843,13 @@ function convertWhereToFilter(where) {
       filter[field] = ["==", rawValue];
       continue;
     }
-    if (Array.isArray(rawValue) && rawValue.length === 2) {
-      const [rawOp, val] = rawValue;
-      const mappedOp = operatorMap[rawOp] ?? "==";
-      filter[field] = [mappedOp, val];
+    if (Array.isArray(rawValue)) {
+      const conditions = Array.isArray(rawValue[0]) ? rawValue : [rawValue];
+      const mappedConditions = conditions.map(([rawOp, val]) => {
+        const mappedOp = operatorMap[rawOp] ?? "==";
+        return [mappedOp, val];
+      });
+      filter[field] = Array.isArray(rawValue[0]) ? mappedConditions : mappedConditions[0];
       continue;
     }
     if (typeof rawValue === "string") {
@@ -3041,6 +2943,9 @@ function createDriverAccessor(driver, slug) {
         }
       });
     },
+    deleteAll: driver.deleteAll ? async () => {
+      return driver.deleteAll(slug);
+    } : void 0,
     count: driver.countEntities ? async (params) => {
       return driver.countEntities({
         path: slug,
@@ -3082,8 +2987,12 @@ function createDriverAccessor(driver, slug) {
       });
     } : void 0,
     // Fluent Query Builder
-    where(column, operator, value) {
-      return new QueryBuilder(accessor).where(column, operator, value);
+    where(columnOrCondition, operator, value) {
+      const builder = new QueryBuilder(accessor);
+      if (typeof columnOrCondition === "object") {
+        return builder.where(columnOrCondition);
+      }
+      return builder.where(columnOrCondition, operator, value);
     },
     orderBy(column, ascending) {
       return new QueryBuilder(accessor).orderBy(column, ascending);
@@ -3134,7 +3043,6 @@ class DrizzleConditionBuilder {
     const conditions = [];
     for (const [field, filterParam] of Object.entries(filter)) {
       if (!filterParam) continue;
-      const [op, value] = filterParam;
       let fieldColumn = table[field];
       if (!fieldColumn) {
         const relationKey = `${field}_id`;
@@ -3146,13 +3054,39 @@ class DrizzleConditionBuilder {
         console.warn(`Filtering by field '${field}', but it does not exist in table for collection '${collectionPath}'`);
         continue;
       }
-      const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
-      if (condition) {
-        conditions.push(condition);
+      const paramsList = Array.isArray(filterParam) && filterParam.length > 0 && Array.isArray(filterParam[0]) ? filterParam : [filterParam];
+      for (const [op, value] of paramsList) {
+        const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
+        if (condition) {
+          conditions.push(condition);
+        }
       }
     }
     return conditions;
   }
+  /**
+   * Build logical conditions recursively from LogicalCondition or FilterCondition
+   */
+  static buildLogicalConditions(cond, table, collectionPath) {
+    if ("type" in cond) {
+      const subSQLs = cond.conditions.map((c) => this.buildLogicalConditions(c, table, collectionPath)).filter((sql2) => sql2 !== null);
+      if (subSQLs.length === 0) return null;
+      return (cond.type === "or" ? or(...subSQLs) : and(...subSQLs)) ?? null;
+    } else {
+      let fieldColumn = table[cond.column];
+      if (!fieldColumn) {
+        const relationKey = `${cond.column}_id`;
+        if (relationKey in table) {
+          fieldColumn = table[relationKey];
+        }
+      }
+      if (!fieldColumn) {
+        console.warn(`Filtering by field '${cond.column}', but it does not exist in table for collection '${collectionPath}'`);
+        return null;
+      }
+      return this.buildSingleFilterCondition(fieldColumn, cond.operator, cond.value);
+    }
+  }
   /**
    * Build a single filter condition for a specific operator and value
    */
@@ -4030,39 +3964,18 @@ function serializePropertyToServer(value, property) {
       }
       return value;
     }
-    case "binary":
-      if (typeof value === "string") {
-        if (value.startsWith("data:application/octet-stream;base64,")) {
-          const base64Data = value.split(",")[1];
-          if (base64Data) {
-            return Buffer.from(base64Data, "base64");
-          }
-        }
-      }
-      if (Buffer.isBuffer(value)) {
-        return value;
-      }
+    case "binary": {
+      const decoded = tryDecodeBase64DataUrl(value);
+      if (decoded) return decoded;
+      if (Buffer.isBuffer(value)) return value;
       return value;
+    }
     case "string":
-      if (typeof value === "string") {
-        if (value.startsWith("data:application/octet-stream;base64,")) {
-          const base64Data = value.split(",")[1];
-          if (base64Data) {
-            return Buffer.from(base64Data, "base64");
-          }
-        }
-      }
-      return value;
-    default:
-      if (typeof value === "string") {
-        if (value.startsWith("data:application/octet-stream;base64,")) {
-          const base64Data = value.split(",")[1];
-          if (base64Data) {
-            return Buffer.from(base64Data, "base64");
-          }
-        }
-      }
+    default: {
+      const decoded = tryDecodeBase64DataUrl(value);
+      if (decoded) return decoded;
       return value;
+    }
   }
 }
 async function parseDataFromServer(data, collection, db, registry) {
@@ -4182,21 +4095,36 @@ async function parseDataFromServer(data, collection, db, registry) {
   }
   return result;
 }
-function parsePropertyFromServer(value, property, collection, propertyKey) {
-  if (value === null || value === void 0) {
-    return value;
+function tryDecodeBase64DataUrl(value) {
+  if (typeof value !== "string") return null;
+  if (!value.startsWith("data:application/octet-stream;base64,")) return null;
+  const base64Data = value.split(",")[1];
+  return base64Data ? Buffer.from(base64Data, "base64") : null;
+}
+function tryResolveBuffer(value) {
+  if (Buffer.isBuffer(value)) return value;
+  if (typeof value === "object" && value !== null) {
+    const rawVal = value;
+    if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+      return Buffer.from(rawVal.data);
+    }
+  }
+  return null;
+}
+function bufferToStringOrBase64(buf) {
+  for (let i = 0; i < buf.length; i++) {
+    const b = buf[i];
+    if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
+      return `data:application/octet-stream;base64,${buf.toString("base64")}`;
+    }
   }
+  return buf.toString("utf8");
+}
+function parsePropertyFromServer(value, property, collection, propertyKey) {
+  if (value === null || value === void 0) return value;
   switch (property.type) {
     case "binary": {
-      let buf = null;
-      if (Buffer.isBuffer(value)) {
-        buf = value;
-      } else if (typeof value === "object" && value !== null) {
-        const rawVal = value;
-        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-          buf = Buffer.from(rawVal.data);
-        }
-      }
+      const buf = tryResolveBuffer(value);
       if (buf) {
         return `data:application/octet-stream;base64,${buf.toString("base64")}`;
       }
@@ -4204,28 +4132,9 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
     }
     case "string": {
       if (typeof value === "string") return value;
-      let isBuffer = false;
-      let buf = null;
-      if (Buffer.isBuffer(value)) {
-        isBuffer = true;
-        buf = value;
-      } else if (typeof value === "object" && value !== null) {
-        const rawVal = value;
-        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-          isBuffer = true;
-          buf = Buffer.from(rawVal.data);
-        }
-      }
-      if (isBuffer && buf) {
-        let isPrintable = true;
-        for (let i = 0; i < buf.length; i++) {
-          const b = buf[i];
-          if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-            isPrintable = false;
-            break;
-          }
-        }
-        return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+      const buf = tryResolveBuffer(value);
+      if (buf) {
+        return bufferToStringOrBase64(buf);
       }
       if (typeof value === "object" && value !== null) {
         try {
@@ -4339,28 +4248,9 @@ function parsePropertyFromServer(value, property, collection, propertyKey) {
       return null;
     }
     default: {
-      let isBuffer = false;
-      let buf = null;
-      if (Buffer.isBuffer(value)) {
-        isBuffer = true;
-        buf = value;
-      } else if (typeof value === "object" && value !== null) {
-        const rawVal = value;
-        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-          isBuffer = true;
-          buf = Buffer.from(rawVal.data);
-        }
-      }
-      if (isBuffer && buf) {
-        let isPrintable = true;
-        for (let i = 0; i < buf.length; i++) {
-          const b = buf[i];
-          if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-            isPrintable = false;
-            break;
-          }
-        }
-        return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+      const buf = tryResolveBuffer(value);
+      if (buf) {
+        return bufferToStringOrBase64(buf);
       }
       return value;
     }
@@ -5549,6 +5439,10 @@ class EntityFetchService {
       const filterConditions = this.buildFilterConditions(options.filter, table, collectionPath);
       if (filterConditions.length > 0) allConditions.push(...filterConditions);
     }
+    if (options.logical) {
+      const logicalCondition = DrizzleConditionBuilder.buildLogicalConditions(options.logical, table, collectionPath);
+      if (logicalCondition) allConditions.push(logicalCondition);
+    }
     if (options.startAfter) {
       const cursorConditions = this.buildCursorConditions(table, idField, idInfo, options, collectionPath);
       if (cursorConditions.length > 0) allConditions.push(...cursorConditions);
@@ -5720,6 +5614,10 @@ class EntityFetchService {
       const filterConditions = this.buildFilterConditions(options.filter, table, collectionPath);
       if (filterConditions.length > 0) allConditions.push(...filterConditions);
     }
+    if (options.logical) {
+      const logicalCondition = DrizzleConditionBuilder.buildLogicalConditions(options.logical, table, collectionPath);
+      if (logicalCondition) allConditions.push(logicalCondition);
+    }
     if (vectorMeta?.filter) {
       allConditions.push(vectorMeta.filter);
     }
@@ -6305,6 +6203,14 @@ class EntityPersistService {
     const parsedId = parsedIdObj[idInfo.fieldName];
     await this.db.delete(table).where(eq(idField, parsedId));
   }
+  /**
+   * Delete all entities from a collection
+   */
+  async deleteAll(collectionPath, _databaseId) {
+    const collection = getCollectionByPath(collectionPath, this.registry);
+    const table = getTableForCollection(collection, this.registry);
+    await this.db.delete(table);
+  }
   /**
    * Save an entity (create or update)
    */
@@ -6537,12 +6443,12 @@ class EntityPersistService {
    */
   extractCauseMessage(error) {
     if (!error || typeof error !== "object") return null;
-    const err = error;
-    if (err.cause && typeof err.cause === "object") {
-      const deeper = this.extractCauseMessage(err.cause);
+    if (!(error instanceof Error)) return null;
+    if (error.cause && typeof error.cause === "object") {
+      const deeper = this.extractCauseMessage(error.cause);
       if (deeper) return deeper;
-      if (err.cause instanceof Error && err.cause.message) {
-        return err.cause.message;
+      if (error.cause instanceof Error && error.cause.message) {
+        return error.cause.message;
       }
     }
     return null;
@@ -6563,12 +6469,17 @@ class EntityPersistService {
    */
   extractPgError(error) {
     if (!error || typeof error !== "object") return null;
-    const err = error;
-    if (err.code && /^[0-9A-Z]{5}$/.test(err.code)) {
-      return err;
+    if (!(error instanceof Error)) {
+      if ("cause" in error && error.cause && typeof error.cause === "object") {
+        return this.extractPgError(error.cause);
+      }
+      return null;
+    }
+    if ("code" in error && typeof error.code === "string" && /^[0-9A-Z]{5}$/.test(error.code)) {
+      return error;
     }
-    if (err.cause && typeof err.cause === "object") {
-      return this.extractPgError(err.cause);
+    if (error.cause && typeof error.cause === "object") {
+      return this.extractPgError(error.cause);
     }
     return null;
   }
@@ -6636,6 +6547,12 @@ class EntityService {
   async deleteEntity(collectionPath, entityId, databaseId) {
     return this.persistService.deleteEntity(collectionPath, entityId, databaseId);
   }
+  /**
+   * Delete all entities from a collection
+   */
+  async deleteAll(collectionPath, databaseId) {
+    return this.persistService.deleteAll(collectionPath, databaseId);
+  }
   /**
    * Execute raw SQL
    */
@@ -7336,6 +7253,10 @@ class PostgresBackendDriver {
       await this.realtimeService.notifyEntityUpdate(entity.path, entity.id.toString(), null, entity.databaseId || resolvedCollection?.databaseId);
     }
   }
+  async deleteAll(path2) {
+    await this.entityService.deleteAll(path2);
+    await this.realtimeService.notifyEntityUpdate(path2, "*", null);
+  }
   async checkUniqueField(path2, name, value, entityId, collection) {
     return this.entityService.checkUniqueField(path2, name, value, entityId, collection?.databaseId);
   }
@@ -7605,11 +7526,11 @@ class AuthenticatedPostgresBackendDriver {
         console.warn("[DataDriver] User ID (uid) is missing for authenticated delegate. Using 'anonymous'. User object:", this.user);
         userId = "anonymous";
       }
-      const userRoles2 = this.user?.roles ?? [];
+      const userRoles = this.user?.roles ?? [];
       if (!this.user?.roles) {
         console.warn("[DataDriver] User roles are missing for authenticated delegate. Using empty array. User object:", this.user);
       }
-      const normalizedRoles = userRoles2.map((r) => typeof r === "string" ? r : r?.id ?? String(r));
+      const normalizedRoles = userRoles.map((r) => typeof r === "string" ? r : r?.id ?? String(r));
       const rolesString = normalizedRoles.join(",");
       await tx.execute(sql`
                 SELECT 
@@ -7617,7 +7538,7 @@ class AuthenticatedPostgresBackendDriver {
                     set_config('app.user_roles', ${rolesString}, true),
                     set_config('app.jwt', ${JSON.stringify({
         sub: userId,
-        roles: userRoles2
+        roles: userRoles
       })}, true)
             `);
       const txEntityService = new EntityService(tx, this.delegate.registry);
@@ -7672,6 +7593,9 @@ class AuthenticatedPostgresBackendDriver {
   async deleteEntity(props) {
     return this.withTransaction((delegate) => delegate.deleteEntity(props));
   }
+  async deleteAll(path2) {
+    return this.withTransaction((delegate) => delegate.deleteAll(path2));
+  }
   async checkUniqueField(path2, name, value, entityId, collection) {
     return this.withTransaction((delegate) => delegate.checkUniqueField(path2, name, value, entityId, collection));
   }
@@ -7749,13 +7673,13 @@ class DatabasePoolManager {
     }
     await Promise.all(promises2);
     this.pools.clear();
+    this.drizzleInstances.clear();
   }
 }
-function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase") {
-  const rolesSchema = rolesSchemaName === "public" ? null : pgSchema(rolesSchemaName);
+function createAuthSchema(usersSchemaName = "rebase") {
   const usersSchema2 = usersSchemaName === "public" ? null : pgSchema(usersSchemaName);
-  const rolesTableCreator = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable;
-  const usersTableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgTable;
+  const tableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgTable;
+  const usersTableCreator = tableCreator;
   const users2 = usersTableCreator("users", {
     id: uuid("id").defaultRandom().primaryKey(),
     email: varchar("email", {
@@ -7777,37 +7701,12 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     }),
     emailVerificationSentAt: timestamp("email_verification_sent_at"),
     isAnonymous: boolean("is_anonymous").default(false).notNull(),
+    roles: text("roles").array().default([]).notNull(),
     metadata: jsonb("metadata").$type().default({}).notNull(),
     createdAt: timestamp("created_at").defaultNow().notNull(),
     updatedAt: timestamp("updated_at").defaultNow().notNull()
   });
-  const roles2 = rolesTableCreator("roles", {
-    id: varchar("id", {
-      length: 50
-    }).primaryKey(),
-    // 'admin', 'editor', 'viewer'
-    name: varchar("name", {
-      length: 100
-    }).notNull(),
-    isAdmin: boolean("is_admin").default(false).notNull(),
-    defaultPermissions: jsonb("default_permissions").$type(),
-    collectionPermissions: jsonb("collection_permissions").$type()
-  });
-  const userRoles2 = rolesTableCreator("user_roles", {
-    userId: uuid("user_id").notNull().references(() => users2.id, {
-      onDelete: "cascade"
-    }),
-    roleId: varchar("role_id", {
-      length: 50
-    }).notNull().references(() => roles2.id, {
-      onDelete: "cascade"
-    })
-  }, (table) => ({
-    pk: primaryKey({
-      columns: [table.userId, table.roleId]
-    })
-  }));
-  const refreshTokens2 = rolesTableCreator("refresh_tokens", {
+  const refreshTokens2 = tableCreator("refresh_tokens", {
     id: uuid("id").defaultRandom().primaryKey(),
     userId: uuid("user_id").notNull().references(() => users2.id, {
       onDelete: "cascade"
@@ -7826,7 +7725,7 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
   }, (table) => ({
     uniqueDeviceSession: unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
   }));
-  const passwordResetTokens2 = rolesTableCreator("password_reset_tokens", {
+  const passwordResetTokens2 = tableCreator("password_reset_tokens", {
     id: uuid("id").defaultRandom().primaryKey(),
     userId: uuid("user_id").notNull().references(() => users2.id, {
       onDelete: "cascade"
@@ -7838,14 +7737,14 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     usedAt: timestamp("used_at"),
     createdAt: timestamp("created_at").defaultNow().notNull()
   });
-  const appConfig2 = rolesTableCreator("app_config", {
+  const appConfig2 = tableCreator("app_config", {
     key: varchar("key", {
       length: 100
     }).primaryKey(),
     value: jsonb("value").notNull(),
     updatedAt: timestamp("updated_at").defaultNow().notNull()
   });
-  const userIdentities2 = rolesTableCreator("user_identities", {
+  const userIdentities2 = tableCreator("user_identities", {
     id: uuid("id").defaultRandom().primaryKey(),
     userId: uuid("user_id").notNull().references(() => users2.id, {
       onDelete: "cascade"
@@ -7863,7 +7762,7 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
   }, (table) => ({
     uniqueProviderId: unique("unique_provider_id").on(table.provider, table.providerId)
   }));
-  const mfaFactors2 = rolesTableCreator("mfa_factors", {
+  const mfaFactors2 = tableCreator("mfa_factors", {
     id: uuid("id").defaultRandom().primaryKey(),
     userId: uuid("user_id").notNull().references(() => users2.id, {
       onDelete: "cascade"
@@ -7882,7 +7781,7 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     createdAt: timestamp("created_at").defaultNow().notNull(),
     updatedAt: timestamp("updated_at").defaultNow().notNull()
   });
-  const mfaChallenges2 = rolesTableCreator("mfa_challenges", {
+  const mfaChallenges2 = tableCreator("mfa_challenges", {
     id: uuid("id").defaultRandom().primaryKey(),
     factorId: uuid("factor_id").notNull().references(() => mfaFactors2.id, {
       onDelete: "cascade"
@@ -7894,7 +7793,7 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     }),
     expiresAt: timestamp("expires_at").notNull()
   });
-  const recoveryCodes2 = rolesTableCreator("recovery_codes", {
+  const recoveryCodes2 = tableCreator("recovery_codes", {
     id: uuid("id").defaultRandom().primaryKey(),
     userId: uuid("user_id").notNull().references(() => users2.id, {
       onDelete: "cascade"
@@ -7906,11 +7805,8 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     createdAt: timestamp("created_at").defaultNow().notNull()
   });
   return {
-    rolesSchema,
     usersSchema: usersSchema2,
     users: users2,
-    roles: roles2,
-    userRoles: userRoles2,
     refreshTokens: refreshTokens2,
     passwordResetTokens: passwordResetTokens2,
     appConfig: appConfig2,
@@ -7920,12 +7816,9 @@ function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase"
     recoveryCodes: recoveryCodes2
   };
 }
-const defaultAuthSchema = createAuthSchema("rebase", "rebase");
-const rebaseSchema = defaultAuthSchema.rolesSchema;
+const defaultAuthSchema = createAuthSchema("rebase");
 const usersSchema = defaultAuthSchema.usersSchema;
 const users = defaultAuthSchema.users;
-const roles = defaultAuthSchema.roles;
-const userRoles = defaultAuthSchema.userRoles;
 const refreshTokens = defaultAuthSchema.refreshTokens;
 const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
 const appConfig = defaultAuthSchema.appConfig;
@@ -7936,30 +7829,12 @@ const recoveryCodes = defaultAuthSchema.recoveryCodes;
 const usersRelations = relations(users, ({
   many
 }) => ({
-  userRoles: many(userRoles),
   refreshTokens: many(refreshTokens),
   passwordResetTokens: many(passwordResetTokens),
   userIdentities: many(userIdentities),
   mfaFactors: many(mfaFactors),
   recoveryCodes: many(recoveryCodes)
 }));
-const rolesRelations = relations(roles, ({
-  many
-}) => ({
-  userRoles: many(userRoles)
-}));
-const userRolesRelations = relations(userRoles, ({
-  one
-}) => ({
-  user: one(users, {
-    fields: [userRoles.userId],
-    references: [users.id]
-  }),
-  role: one(roles, {
-    fields: [userRoles.roleId],
-    references: [roles.id]
-  })
-}));
 const refreshTokensRelations = relations(refreshTokens, ({
   one
 }) => ({
@@ -8066,6 +7941,8 @@ const getDrizzleColumn = (propName, prop, collection, collections) => {
         columnDefinition = `${enumName}("${colName}")`;
       } else if ("isId" in stringProp && stringProp.isId === "uuid") {
         columnDefinition = `uuid("${colName}")`;
+      } else if (stringProp.columnType === "uuid") {
+        columnDefinition = `uuid("${colName}")`;
       } else if (stringProp.columnType === "text") {
         columnDefinition = `text("${colName}")`;
       } else if (stringProp.columnType === "char") {
@@ -8133,11 +8010,38 @@ const getDrizzleColumn = (propName, prop, collection, collections) => {
       }
       break;
     }
-    case "map":
+    case "map": {
+      const mapProp = prop;
+      if (mapProp.columnType === "json") {
+        columnDefinition = `json("${colName}")`;
+      } else {
+        columnDefinition = `jsonb("${colName}")`;
+      }
+      break;
+    }
     case "array": {
-      const arrayOrMapProp = prop;
-      if (arrayOrMapProp.columnType === "json") {
+      const arrayProp = prop;
+      let colType = arrayProp.columnType;
+      if (!colType && arrayProp.of && !Array.isArray(arrayProp.of)) {
+        const ofProp = arrayProp.of;
+        if (ofProp.type === "string") {
+          colType = "text[]";
+        } else if (ofProp.type === "number") {
+          colType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+        } else if (ofProp.type === "boolean") {
+          colType = "boolean[]";
+        }
+      }
+      if (colType === "json") {
         columnDefinition = `json("${colName}")`;
+      } else if (colType === "text[]") {
+        columnDefinition = `text("${colName}").array()`;
+      } else if (colType === "integer[]") {
+        columnDefinition = `integer("${colName}").array()`;
+      } else if (colType === "boolean[]") {
+        columnDefinition = `boolean("${colName}").array()`;
+      } else if (colType === "numeric[]") {
+        columnDefinition = `numeric("${colName}").array()`;
       } else {
         columnDefinition = `jsonb("${colName}")`;
       }
@@ -8221,8 +8125,8 @@ const resolveRawSql = (expression) => {
   const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => col);
   return `sql\`${resolved}\``;
 };
-const wrapWithRoleCheck = (clause, roles2) => {
-  const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+const wrapWithRoleCheck = (clause, roles) => {
+  const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
   const roleCondition = `string_to_array(auth.roles(), ',') @> ${rolesArrayString}`;
   return `sql\`(${unwrapSql(clause)}) AND (${roleCondition})\``;
 };
@@ -8275,22 +8179,22 @@ const generatePolicyCode = (collection, rule, index) => {
 };
 const generateSinglePolicyCode = (collection, rule, operation, policyName) => {
   const mode = rule.mode ?? "permissive";
-  const roles2 = rule.roles ? [...rule.roles].sort() : void 0;
+  const roles = rule.roles ? [...rule.roles].sort() : void 0;
   const needsUsing = operation !== "insert";
   const needsWithCheck = operation !== "select" && operation !== "delete";
   let usingClause = needsUsing ? buildUsingClause(rule, collection) : null;
   let withCheckClause = needsWithCheck ? buildWithCheckClause(rule, collection) : null;
-  if (roles2 && roles2.length > 0) {
+  if (roles && roles.length > 0) {
     if (usingClause) {
-      usingClause = wrapWithRoleCheck(usingClause, roles2);
+      usingClause = wrapWithRoleCheck(usingClause, roles);
     } else if (needsUsing) {
-      const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+      const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
       usingClause = `sql\`string_to_array(auth.roles(), ',') @> ${rolesArrayString}\``;
     }
     if (withCheckClause) {
-      withCheckClause = wrapWithRoleCheck(withCheckClause, roles2);
+      withCheckClause = wrapWithRoleCheck(withCheckClause, roles);
     } else if (needsWithCheck) {
-      const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+      const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
       withCheckClause = `sql\`string_to_array(auth.roles(), ',') @> ${rolesArrayString}\``;
     }
   }
@@ -8613,7 +8517,7 @@ ${tableRelations.join(",\n")}
   schemaContent += tablesExport + enumsExport + relationsExport;
   return schemaContent;
 };
-const formatTerminalText = (text, options = {}) => {
+const formatTerminalText = (text2, options = {}) => {
   let codes = "";
   if (options.bold) codes += "\x1B[1m";
   if (options.backgroundColor) {
@@ -8640,7 +8544,7 @@ const formatTerminalText = (text, options = {}) => {
     };
     codes += textColors[options.textColor];
   }
-  return `${codes}${text}\x1B[0m`;
+  return `${codes}${text2}\x1B[0m`;
 };
 const runGeneration = async (collectionsFilePath, outputPath) => {
   try {
@@ -8678,7 +8582,6 @@ const runGeneration = async (collectionsFilePath, outputPath) => {
     if (!collections || !Array.isArray(collections)) {
       collections = [];
     }
-    collections = Array.from(new Map([defaultUsersCollection, ...collections].map((c) => [c.slug, c])).values());
     collections.sort((a, b) => a.slug.localeCompare(b.slug));
     const schemaContent = await generateSchema(collections);
     if (outputPath) {
@@ -9664,20 +9567,19 @@ class RealtimeService extends EventEmitter {
   }
 }
 const PostgresRealtimeProvider = RealtimeService;
-const clientSessions = /* @__PURE__ */ new Map();
 const WS_RATE_LIMIT = 2e3;
 const WS_RATE_WINDOW_MS = 6e4;
 const ADMIN_ONLY_TYPES = /* @__PURE__ */ new Set(["EXECUTE_SQL", "FETCH_DATABASES", "FETCH_ROLES", "FETCH_UNMAPPED_TABLES", "FETCH_TABLE_METADATA", "FETCH_CURRENT_DATABASE", "CREATE_BRANCH", "DELETE_BRANCH", "LIST_BRANCHES"]);
 function extractErrorMessage(error) {
   if (!error) return "Unknown error";
-  if (typeof error === "object") {
-    const err = error;
-    if (err.cause) {
-      return extractErrorMessage(err.cause);
-    }
-    if (typeof err.message === "string") {
-      return err.message;
+  if (error instanceof Error) {
+    if ("cause" in error && error.cause) {
+      return extractErrorMessage(error.cause);
     }
+    return error.message;
+  }
+  if (typeof error === "object" && "message" in error && typeof error.message === "string") {
+    return error.message;
   }
   return String(error);
 }
@@ -9685,14 +9587,10 @@ function isAdminSession(session) {
   if (!session?.user) return false;
   if (session.user.isAdmin) return true;
   if (!session.user.roles) return false;
-  return session.user.roles.some((r) => {
-    if (typeof r === "string") return r === "admin";
-    if (r && typeof r === "object" && "isAdmin" in r) return r.isAdmin;
-    if (r && typeof r === "object" && "id" in r) return r.id === "admin";
-    return false;
-  });
+  return session.user.roles.some((r) => r === "admin");
 }
 function createPostgresWebSocket(server, realtimeService, driver, authConfig, authAdapter) {
+  const clientSessions = /* @__PURE__ */ new Map();
   const isProduction = process.env.NODE_ENV === "production";
   const wsDebug = (...args) => {
     if (!isProduction) console.debug(...args);
@@ -9831,13 +9729,23 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig, au
         }
         const getScopedDelegate = async () => {
           const session = clientSessions.get(clientId);
-          if ("withAuth" in driver && typeof driver.withAuth === "function") {
+          if (typeof driver.withAuth === "function") {
             try {
               const userForAuth = session?.user ? {
                 uid: session.user.userId,
+                displayName: null,
+                email: null,
+                photoURL: null,
+                providerId: "websocket",
+                isAnonymous: false,
                 roles: session.user.roles ?? []
               } : {
                 uid: "anon",
+                displayName: null,
+                email: null,
+                photoURL: null,
+                providerId: "websocket",
+                isAnonymous: true,
                 roles: ["anon"]
               };
               return await driver.withAuth(userForAuth);
@@ -10024,15 +9932,15 @@ function createPostgresWebSocket(server, realtimeService, driver, authConfig, au
               wsDebug("👤 [WebSocket Server] Processing FETCH_ROLES request");
               const delegate = await getScopedDelegate();
               const admin = delegate.admin;
-              let roles2 = [];
+              let roles = [];
               if (isSQLAdmin(admin) && admin.fetchAvailableRoles) {
-                roles2 = await admin.fetchAvailableRoles();
+                roles = await admin.fetchAvailableRoles();
               }
-              wsDebug(`👤 [WebSocket Server] Fetched ${roles2.length} roles.`);
+              wsDebug(`👤 [WebSocket Server] Fetched ${roles.length} roles.`);
               const response = {
                 type: "FETCH_ROLES_SUCCESS",
                 payload: {
-                  roles: roles2
+                  roles
                 },
                 requestId
               };
@@ -10286,85 +10194,35 @@ class PostgresCollectionRegistry extends CollectionRegistry {
     return collection.relations.map((r) => r.relationName || r.localKey || "").filter(Boolean);
   }
 }
-const DEFAULT_ROLES = [{
-  id: "admin",
-  name: "Admin",
-  is_admin: true,
-  default_permissions: {
-    read: true,
-    create: true,
-    edit: true,
-    delete: true
-  }
-}, {
-  id: "editor",
-  name: "Editor",
-  is_admin: false,
-  default_permissions: {
-    read: true,
-    create: true,
-    edit: true,
-    delete: true
-  }
-}, {
-  id: "viewer",
-  name: "Viewer",
-  is_admin: false,
-  default_permissions: {
-    read: true,
-    create: false,
-    edit: false,
-    delete: false
-  }
-}];
-async function ensureAuthTablesExist(db, registry) {
+async function ensureAuthTablesExist(db, collection) {
   logger.info("🔍 Checking auth tables...");
   try {
-    let usersTableName = '"users"';
+    let usersTableName = '"rebase"."users"';
     let userIdType = "TEXT";
-    let usersSchema2 = "public";
-    if (registry) {
-      const usersTable = registry.getTable("users");
-      if (usersTable) {
-        const {
-          getTableName: getTableName2
-        } = await import("drizzle-orm");
-        usersSchema2 = getTableConfig(usersTable).schema || "public";
-        usersTableName = usersSchema2 === "public" ? `"${getTableName2(usersTable)}"` : `"${usersSchema2}"."${getTableName2(usersTable)}"`;
-        if (usersTable.id) {
-          const col = usersTable.id;
-          const meta = getColumnMeta(col);
-          const columnType = meta.columnType;
-          if (columnType === "PgUUID") {
-            userIdType = "UUID";
-          } else if (columnType === "PgSerial" || columnType === "PgInteger") {
-            userIdType = "INTEGER";
-          } else if (columnType === "PgBigInt" || columnType === "PgBigSerial") {
-            userIdType = "BIGINT";
-          }
+    let usersSchema2 = "rebase";
+    if (collection) {
+      const rawTable = "table" in collection && typeof collection.table === "string" ? collection.table : collection.slug;
+      usersSchema2 = "schema" in collection && typeof collection.schema === "string" ? collection.schema : "public";
+      usersTableName = usersSchema2 === "public" ? `"${rawTable}"` : `"${usersSchema2}"."${rawTable}"`;
+      const idProp = collection.properties?.id;
+      if (idProp) {
+        const isId = "isId" in idProp ? idProp.isId : void 0;
+        if (isId === "uuid") {
+          userIdType = "UUID";
+        } else if (isId === "autoincrement") {
+          userIdType = "INTEGER";
         }
       }
     }
-    let rolesSchema = "rebase";
-    if (registry) {
-      const rolesTable = registry.getTable("roles");
-      if (rolesTable) {
-        rolesSchema = getTableConfig(rolesTable).schema || "public";
-      }
-    }
     if (usersSchema2 !== "public") {
       await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(usersSchema2)}`);
     }
-    if (rolesSchema !== "public" && rolesSchema !== usersSchema2) {
-      await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(rolesSchema)}`);
-    }
     await db.execute(sql`CREATE SCHEMA IF NOT EXISTS rebase`);
-    const userIdentitiesTable = `"${rolesSchema}"."user_identities"`;
-    const rolesTableName = `"${rolesSchema}"."roles"`;
-    const userRolesTableName = `"${rolesSchema}"."user_roles"`;
-    const refreshTokensTableName = `"${rolesSchema}"."refresh_tokens"`;
-    const passwordResetTokensTableName = `"${rolesSchema}"."password_reset_tokens"`;
-    const appConfigTableName = `"${rolesSchema}"."app_config"`;
+    const authSchema = usersSchema2 === "public" ? "rebase" : usersSchema2;
+    const userIdentitiesTable = `"${authSchema}"."user_identities"`;
+    const refreshTokensTableName = `"${authSchema}"."refresh_tokens"`;
+    const passwordResetTokensTableName = `"${authSchema}"."password_reset_tokens"`;
+    const appConfigTableName = `"${authSchema}"."app_config"`;
     await db.execute(sql`
             CREATE TABLE IF NOT EXISTS ${sql.raw(userIdentitiesTable)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10381,27 +10239,6 @@ async function ensureAuthTablesExist(db, registry) {
             CREATE INDEX IF NOT EXISTS idx_user_identities_user 
             ON ${sql.raw(userIdentitiesTable)}(user_id)
         `);
-    await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS ${sql.raw(rolesTableName)} (
-                id TEXT PRIMARY KEY,
-                name TEXT NOT NULL,
-                is_admin BOOLEAN DEFAULT FALSE,
-                default_permissions JSONB,
-                collection_permissions JSONB,
-                created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-            )
-        `);
-    await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS ${sql.raw(userRolesTableName)} (
-                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
-                role_id TEXT NOT NULL REFERENCES ${sql.raw(rolesTableName)}(id) ON DELETE CASCADE,
-                PRIMARY KEY (user_id, role_id)
-            )
-        `);
-    await db.execute(sql`
-            CREATE INDEX IF NOT EXISTS idx_user_roles_user 
-            ON ${sql.raw(userRolesTableName)}(user_id)
-        `);
     await db.execute(sql`
             CREATE TABLE IF NOT EXISTS ${sql.raw(refreshTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10469,14 +10306,43 @@ async function ensureAuthTablesExist(db, registry) {
                 $$ LANGUAGE sql STABLE
             `);
     });
-    await seedDefaultRoles(db, rolesTableName);
     await db.execute(sql`
             ALTER TABLE ${sql.raw(usersTableName)}
             ADD COLUMN IF NOT EXISTS is_anonymous BOOLEAN DEFAULT FALSE
         `);
-    const mfaFactorsTableName = `"${rolesSchema}"."mfa_factors"`;
-    const mfaChallengesTableName = `"${rolesSchema}"."mfa_challenges"`;
-    const recoveryCodesTableName = `"${rolesSchema}"."recovery_codes"`;
+    await db.execute(sql`
+            ALTER TABLE ${sql.raw(usersTableName)}
+            ADD COLUMN IF NOT EXISTS roles TEXT[] DEFAULT '{}' NOT NULL
+        `);
+    try {
+      const legacyCheck = await db.execute(sql`
+                SELECT EXISTS (
+                    SELECT 1 FROM information_schema.tables
+                    WHERE table_schema = 'rebase' AND table_name = 'user_roles'
+                ) AS has_user_roles
+            `);
+      const hasLegacyTables = legacyCheck.rows[0].has_user_roles;
+      if (hasLegacyTables) {
+        logger.info("🔄 Migrating roles from legacy user_roles table...");
+        await db.execute(sql`
+                    UPDATE ${sql.raw(usersTableName)} u
+                    SET roles = COALESCE((
+                        SELECT array_agg(ur.role_id)
+                        FROM "rebase"."user_roles" ur
+                        WHERE ur.user_id = u.id
+                    ), '{}')
+                    WHERE u.roles = '{}' OR u.roles IS NULL
+                `);
+        await db.execute(sql`DROP TABLE IF EXISTS "rebase"."user_roles" CASCADE`);
+        await db.execute(sql`DROP TABLE IF EXISTS "rebase"."roles" CASCADE`);
+        logger.info("✅ Legacy roles tables migrated and dropped");
+      }
+    } catch (migrationError) {
+      logger.warn(`⚠️  Legacy roles migration skipped: ${migrationError instanceof Error ? migrationError.message : String(migrationError)}`);
+    }
+    const mfaFactorsTableName = `"${authSchema}"."mfa_factors"`;
+    const mfaChallengesTableName = `"${authSchema}"."mfa_challenges"`;
+    const recoveryCodesTableName = `"${authSchema}"."recovery_codes"`;
     await db.execute(sql`
             CREATE TABLE IF NOT EXISTS ${sql.raw(mfaFactorsTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10528,28 +10394,6 @@ async function ensureAuthTablesExist(db, registry) {
     logger.warn("⚠️ Continuing without creating auth tables.");
   }
 }
-async function seedDefaultRoles(db, rolesTableName) {
-  const result = await db.execute(sql`SELECT COUNT(*) as count FROM ${sql.raw(rolesTableName)}`);
-  const count2 = parseInt(result.rows[0]?.count || "0", 10);
-  if (count2 > 0) {
-    logger.info(`📋 Found ${count2} existing roles`);
-    return;
-  }
-  logger.info("🌱 Seeding default roles...");
-  for (const role of DEFAULT_ROLES) {
-    await db.execute(sql`
-            INSERT INTO ${sql.raw(rolesTableName)} (id, name, is_admin, default_permissions)
-            VALUES (
-                ${role.id}, 
-                ${role.name}, 
-                ${role.is_admin}, 
-                ${JSON.stringify(role.default_permissions)}::jsonb
-            )
-            ON CONFLICT (id) DO NOTHING
-        `);
-  }
-  logger.info("✅ Default roles created: admin, editor, viewer");
-}
 function getColumnKey(table, ...keys2) {
   if (!table) return void 0;
   for (const key of keys2) {
@@ -10569,24 +10413,18 @@ function getColumn(table, ...keys2) {
 class UserService {
   constructor(db, tableOrTables) {
     this.db = db;
-    if (tableOrTables && (tableOrTables.users || tableOrTables.roles)) {
+    if (tableOrTables && tableOrTables.users) {
       const tables = tableOrTables;
       this.usersTable = tables.users || users;
       this.userIdentitiesTable = tables.userIdentities || userIdentities;
-      this.userRolesTable = tables.userRoles || userRoles;
-      this.rolesTable = tables.roles || roles;
     } else {
       const table = tableOrTables;
       this.usersTable = table || users;
       this.userIdentitiesTable = userIdentities;
-      this.userRolesTable = userRoles;
-      this.rolesTable = roles;
     }
   }
   usersTable;
   userIdentitiesTable;
-  userRolesTable;
-  rolesTable;
   getQualifiedUsersTableName() {
     const name = getTableName$1(this.usersTable);
     const schema = getTableConfig(this.usersTable).schema || "public";
@@ -10608,7 +10446,7 @@ class UserService {
     const metadata = {
       ...row.metadata || {}
     };
-    const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "is_anonymous", "isAnonymous", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
+    const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "is_anonymous", "isAnonymous", "roles", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
     for (const [key, val] of Object.entries(row)) {
       if (!knownKeys.has(key)) {
         const camelKey = camelCase(key);
@@ -10759,19 +10597,18 @@ class UserService {
     const displayNameCol = getColumn(this.usersTable, "displayName", "display_name");
     const displayNameColumn = displayNameCol ? displayNameCol.name : "display_name";
     const idCol = getColumn(this.usersTable, "id");
-    const idColumn = idCol ? idCol.name : "id";
+    idCol ? idCol.name : "id";
     const usersTableName = this.getQualifiedUsersTableName();
-    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
     const conditions = [];
     if (roleId) {
-      conditions.push(sql`EXISTS (SELECT 1 FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
+      conditions.push(sql`${roleId} = ANY(${sql.raw(usersTableName)}.roles)`);
     }
     if (search) {
       const pattern = `%${search}%`;
       conditions.push(sql`(${sql.raw(usersTableName)}.${sql.raw(emailColumn)} ILIKE ${pattern} OR ${sql.raw(usersTableName)}.${sql.raw(displayNameColumn)} ILIKE ${pattern})`);
     }
     const whereClause = conditions.length > 0 ? sql`WHERE ${sql.join(conditions, sql` AND `)}` : sql``;
-    const orderByClause = roleId ? sql`ORDER BY ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}` : sql`ORDER BY (SELECT count(*) FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)}) DESC, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
+    const orderByClause = roleId ? sql`ORDER BY ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}` : sql`ORDER BY array_length(${sql.raw(usersTableName)}.roles, 1) DESC NULLS LAST, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
     const countResult = await this.db.execute(sql`
             SELECT count(*)::int as total FROM ${sql.raw(usersTableName)}
             ${whereClause}
@@ -10845,54 +10682,57 @@ class UserService {
     return row ? this.mapRowToUser(row) : null;
   }
   /**
-   * Get roles for a user from database
+   * Get roles for a user from database (inline TEXT[] column)
    */
   async getUserRoles(userId) {
-    const rolesSchema = getTableConfig(this.rolesTable).schema || "public";
+    const usersTableName = this.getQualifiedUsersTableName();
     const result = await this.db.execute(sql`
-            SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions
-            FROM ${sql.raw(`"${rolesSchema}"."roles"`)} r
-            INNER JOIN ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
-            WHERE ur.user_id = ${userId}
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
         `);
-    return result.rows.map((row) => ({
-      id: row.id,
-      name: row.name,
-      isAdmin: row.is_admin,
-      defaultPermissions: row.default_permissions,
-      collectionPermissions: row.collection_permissions
+    if (result.rows.length === 0) return [];
+    const row = result.rows[0];
+    const roleIds = row.roles ?? [];
+    return roleIds.map((id) => ({
+      id,
+      name: id,
+      isAdmin: id === "admin",
+      defaultPermissions: null,
+      collectionPermissions: null
     }));
   }
   /**
    * Get role IDs for a user
    */
   async getUserRoleIds(userId) {
-    const roles2 = await this.getUserRoles(userId);
-    return roles2.map((r) => r.id);
+    const usersTableName = this.getQualifiedUsersTableName();
+    const result = await this.db.execute(sql`
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
+        `);
+    if (result.rows.length === 0) return [];
+    const row = result.rows[0];
+    return row.roles ?? [];
   }
   /**
-   * Set roles for a user
+   * Set roles for a user (replaces existing roles)
    */
   async setUserRoles(userId, roleIds) {
-    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
-    await this.db.execute(sql`DELETE FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
-    for (const roleId of roleIds) {
-      await this.db.execute(sql`
-                INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-                VALUES (${userId}, ${roleId})
-                ON CONFLICT DO NOTHING
-            `);
-    }
+    const usersTableName = this.getQualifiedUsersTableName();
+    const rolesArray = `{${roleIds.join(",")}}`;
+    await this.db.execute(sql`
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = ${rolesArray}::text[], updated_at = NOW()
+            WHERE id = ${userId}
+        `);
   }
   /**
-   * Assign a specific role to new user
+   * Assign a specific role to new user (appends if not present)
    */
   async assignDefaultRole(userId, roleId) {
-    const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
+    const usersTableName = this.getQualifiedUsersTableName();
     await this.db.execute(sql`
-            INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-            VALUES (${userId}, ${roleId})
-            ON CONFLICT DO NOTHING
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = array_append(roles, ${roleId}), updated_at = NOW()
+            WHERE id = ${userId} AND NOT (${roleId} = ANY(roles))
         `);
   }
   /**
@@ -10901,101 +10741,12 @@ class UserService {
   async getUserWithRoles(userId) {
     const user = await this.getUserById(userId);
     if (!user) return null;
-    const roles2 = await this.getUserRoles(userId);
+    const roles = await this.getUserRoles(userId);
     return {
       user,
-      roles: roles2
-    };
-  }
-}
-class RoleService {
-  constructor(db, tableOrTables) {
-    this.db = db;
-    if (tableOrTables && (tableOrTables.roles || tableOrTables.users)) {
-      this.rolesTable = tableOrTables.roles || roles;
-    } else {
-      this.rolesTable = tableOrTables || roles;
-    }
-  }
-  rolesTable;
-  getQualifiedRolesTableName() {
-    const name = getTableName$1(this.rolesTable);
-    const schema = getTableConfig(this.rolesTable).schema || "public";
-    return `"${schema}"."${name}"`;
-  }
-  async getRoleById(id) {
-    const tableName = this.getQualifiedRolesTableName();
-    const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            WHERE id = ${id}
-        `);
-    if (result.rows.length === 0) return null;
-    const row = result.rows[0];
-    return {
-      id: row.id,
-      name: row.name,
-      isAdmin: row.is_admin,
-      defaultPermissions: row.default_permissions,
-      collectionPermissions: row.collection_permissions
-    };
-  }
-  async listRoles() {
-    const tableName = this.getQualifiedRolesTableName();
-    const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            ORDER BY name
-        `);
-    return result.rows.map((row) => ({
-      id: row.id,
-      name: row.name,
-      isAdmin: row.is_admin,
-      defaultPermissions: row.default_permissions,
-      collectionPermissions: row.collection_permissions
-    }));
-  }
-  async createRole(data) {
-    const tableName = this.getQualifiedRolesTableName();
-    const result = await this.db.execute(sql`
-            INSERT INTO ${sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions)
-            VALUES (
-                ${data.id},
-                ${data.name},
-                ${data.isAdmin ?? false},
-                ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : null}::jsonb,
-                ${data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null}::jsonb
-            )
-            RETURNING id, name, is_admin, default_permissions, collection_permissions
-        `);
-    const row = result.rows[0];
-    return {
-      id: row.id,
-      name: row.name,
-      isAdmin: row.is_admin,
-      defaultPermissions: row.default_permissions,
-      collectionPermissions: row.collection_permissions
+      roles
     };
   }
-  async updateRole(id, data) {
-    const existing = await this.getRoleById(id);
-    if (!existing) return null;
-    const tableName = this.getQualifiedRolesTableName();
-    await this.db.execute(sql`
-            UPDATE ${sql.raw(tableName)}
-            SET 
-                name = ${data.name ?? existing.name},
-                is_admin = ${data.isAdmin ?? existing.isAdmin},
-                default_permissions = ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : JSON.stringify(existing.defaultPermissions)}::jsonb,
-                collection_permissions = ${data.collectionPermissions !== void 0 ? data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null : existing.collectionPermissions ? JSON.stringify(existing.collectionPermissions) : null}::jsonb
-            WHERE id = ${id}
-        `);
-    return this.getRoleById(id);
-  }
-  async deleteRole(id) {
-    const tableName = this.getQualifiedRolesTableName();
-    await this.db.execute(sql`DELETE FROM ${sql.raw(tableName)} WHERE id = ${id}`);
-  }
 }
 class RefreshTokenService {
   constructor(db, tableOrTables) {
@@ -11191,11 +10942,9 @@ class PostgresAuthRepository {
   constructor(db, tableOrTables) {
     this.db = db;
     this.userService = new UserService(db, tableOrTables);
-    this.roleService = new RoleService(db, tableOrTables);
     this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
   }
   userService;
-  roleService;
   tokenRepository;
   // User operations (delegate to UserService)
   async createUser(data) {
@@ -11255,25 +11004,56 @@ class PostgresAuthRepository {
   async getUserWithRoles(userId) {
     return this.userService.getUserWithRoles(userId);
   }
-  // Role operations (delegate to RoleService)
+  // Role operations (roles are inline on users, synthesized from string IDs)
   async getRoleById(id) {
-    return this.roleService.getRoleById(id);
+    return {
+      id,
+      name: id,
+      isAdmin: id === "admin",
+      defaultPermissions: null,
+      collectionPermissions: null
+    };
   }
   async listRoles() {
-    return this.roleService.listRoles();
+    return [{
+      id: "admin",
+      name: "Admin",
+      isAdmin: true,
+      defaultPermissions: null,
+      collectionPermissions: null
+    }, {
+      id: "editor",
+      name: "Editor",
+      isAdmin: false,
+      defaultPermissions: null,
+      collectionPermissions: null
+    }, {
+      id: "viewer",
+      name: "Viewer",
+      isAdmin: false,
+      defaultPermissions: null,
+      collectionPermissions: null
+    }];
+  }
+  async createRole(_data) {
+    return {
+      id: _data.id,
+      name: _data.name,
+      isAdmin: _data.isAdmin ?? false,
+      defaultPermissions: _data.defaultPermissions ?? null,
+      collectionPermissions: _data.collectionPermissions ?? null
+    };
   }
-  async createRole(data) {
-    return this.roleService.createRole({
-      ...data,
+  async updateRole(id, data) {
+    return {
+      id,
+      name: data.name ?? id,
+      isAdmin: data.isAdmin ?? id === "admin",
       defaultPermissions: data.defaultPermissions ?? null,
       collectionPermissions: data.collectionPermissions ?? null
-    });
-  }
-  async updateRole(id, data) {
-    return this.roleService.updateRole(id, data);
+    };
   }
-  async deleteRole(id) {
-    await this.roleService.deleteRole(id);
+  async deleteRole(_id) {
   }
   // Token operations (delegate to PostgresTokenRepository)
   async createRefreshToken(userId, tokenHash, expiresAt, userAgent, ipAddress) {
@@ -11823,34 +11603,27 @@ function createPostgresBootstrapper(pgConfig) {
       const internals = driverResult.internals;
       const db = internals.db;
       const registry = internals.registry;
-      await ensureAuthTablesExist(db, registry);
+      const authCollection = authConfig.collection;
+      await ensureAuthTablesExist(db, authCollection);
       let emailService;
       if (authConfig.email) {
         emailService = createEmailService(authConfig.email);
       }
-      const customUsersTable = registry?.getTable("users");
-      const customRolesTable = registry?.getTable("roles");
+      const tableName = authCollection ? "table" in authCollection && typeof authCollection.table === "string" ? authCollection.table : authCollection.slug : void 0;
+      const usersTable = tableName ? registry.getTable(tableName) : void 0;
       let usersSchemaName = "rebase";
-      let rolesSchemaName = "rebase";
-      if (customUsersTable) {
-        usersSchemaName = getTableConfig(customUsersTable).schema || "public";
+      if (authCollection && "schema" in authCollection && typeof authCollection.schema === "string") {
+        usersSchemaName = authCollection.schema;
       }
-      if (customRolesTable) {
-        rolesSchemaName = getTableConfig(customRolesTable).schema || "public";
-      }
-      const authTables = createAuthSchema(rolesSchemaName, usersSchemaName);
-      if (customUsersTable) {
-        authTables.users = customUsersTable;
-      }
-      if (customRolesTable) {
-        authTables.roles = customRolesTable;
+      const authTables = createAuthSchema(usersSchemaName);
+      if (usersTable) {
+        authTables.users = usersTable;
       }
       const userService = new UserService(db, authTables);
-      const roleService = new RoleService(db, authTables);
       const authRepository = new PostgresAuthRepository(db, authTables);
       return {
         userService,
-        roleService,
+        roleService: userService,
         emailService,
         authRepository
       };
@@ -11955,17 +11728,12 @@ export {
   mfaFactorsRelations,
   passwordResetTokens,
   passwordResetTokensRelations,
-  rebaseSchema,
   recoveryCodes,
   recoveryCodesRelations,
   refreshTokens,
   refreshTokensRelations,
-  roles,
-  rolesRelations,
   userIdentities,
   userIdentitiesRelations,
-  userRoles,
-  userRolesRelations,
   users,
   usersRelations,
   usersSchema