@rebasepro/server-postgresql 0.3.0 → 0.5.0

package/dist/index.umd.js

@@ -2719,114 +2719,6 @@
       };
     }
   }
-  const defaultUsersCollection = {
-    name: "Users",
-    singularName: "User",
-    slug: "users",
-    table: "users",
-    schema: "rebase",
-    icon: "Users",
-    group: "Settings",
-    properties: {
-      id: {
-        name: "ID",
-        type: "string",
-        isId: "uuid"
-      },
-      email: {
-        name: "Email",
-        type: "string",
-        validation: {
-          required: true,
-          unique: true
-        }
-      },
-      password_hash: {
-        name: "Password Hash",
-        type: "string",
-        ui: {
-          hideFromCollection: true
-        }
-      },
-      display_name: {
-        name: "Display Name",
-        type: "string"
-      },
-      photo_url: {
-        name: "Photo URL",
-        type: "string"
-      },
-      email_verified: {
-        name: "Email Verified",
-        type: "boolean",
-        defaultValue: false
-      },
-      email_verification_token: {
-        name: "Email Verification Token",
-        type: "string",
-        ui: {
-          hideFromCollection: true
-        }
-      },
-      email_verification_sent_at: {
-        name: "Email Verification Sent At",
-        type: "date",
-        ui: {
-          hideFromCollection: true
-        }
-      },
-      metadata: {
-        name: "Metadata",
-        type: "map",
-        defaultValue: {},
-        ui: {
-          hideFromCollection: true
-        }
-      },
-      created_at: {
-        name: "Created At",
-        type: "date",
-        autoValue: "on_create",
-        ui: {
-          readOnly: true,
-          hideFromCollection: true
-        }
-      },
-      updated_at: {
-        name: "Updated At",
-        type: "date",
-        autoValue: "on_update",
-        ui: {
-          readOnly: true,
-          hideFromCollection: true
-        }
-      }
-    }
-  };
-  function mapOperator(op) {
-    switch (op) {
-      case "==":
-        return "eq";
-      case "!=":
-        return "neq";
-      case ">":
-        return "gt";
-      case ">=":
-        return "gte";
-      case "<":
-        return "lt";
-      case "<=":
-        return "lte";
-      case "array-contains":
-        return "cs";
-      case "array-contains-any":
-        return "csa";
-      case "not-in":
-        return "nin";
-      default:
-        return op;
-    }
-  }
   class QueryBuilder {
     constructor(collection) {
       this.collection = collection;
@@ -2834,23 +2726,30 @@
     params = {
       where: {}
     };
-    /**
-     * Add a filter condition to your query.
-     * @example
-     * client.collection('users').where('age', '>=', 18).find()
-     */
-    where(column, operator, value) {
+    where(columnOrCondition, operator, value) {
+      if (typeof columnOrCondition === "object" && columnOrCondition !== null && "type" in columnOrCondition) {
+        this.params.logical = columnOrCondition;
+        return this;
+      }
       if (!this.params.where) {
         this.params.where = {};
       }
-      const mappedOp = mapOperator(operator);
-      let formattedValue = value;
-      if (Array.isArray(value) && ["in", "nin", "cs", "csa"].includes(mappedOp)) {
-        formattedValue = `(${value.join(",")})`;
-      } else if (value === null) {
-        formattedValue = "null";
+      const column = columnOrCondition;
+      const condition = [operator, value];
+      const existing = this.params.where[column];
+      if (existing === void 0) {
+        this.params.where[column] = condition;
+      } else if (Array.isArray(existing) && existing.length > 0 && Array.isArray(existing[0])) {
+        this.params.where[column].push(condition);
+      } else {
+        let firstCondition;
+        if (Array.isArray(existing) && existing.length === 2 && typeof existing[0] === "string") {
+          firstCondition = existing;
+        } else {
+          firstCondition = ["==", existing];
+        }
+        this.params.where[column] = [firstCondition, condition];
       }
-      this.params.where[column] = mappedOp === "eq" ? String(formattedValue) : `${mappedOp}.${formattedValue}`;
       return this;
     }
     /**
@@ -2952,10 +2851,13 @@
         filter[field] = ["==", rawValue];
         continue;
       }
-      if (Array.isArray(rawValue) && rawValue.length === 2) {
-        const [rawOp, val] = rawValue;
-        const mappedOp = operatorMap[rawOp] ?? "==";
-        filter[field] = [mappedOp, val];
+      if (Array.isArray(rawValue)) {
+        const conditions = Array.isArray(rawValue[0]) ? rawValue : [rawValue];
+        const mappedConditions = conditions.map(([rawOp, val]) => {
+          const mappedOp = operatorMap[rawOp] ?? "==";
+          return [mappedOp, val];
+        });
+        filter[field] = Array.isArray(rawValue[0]) ? mappedConditions : mappedConditions[0];
         continue;
       }
       if (typeof rawValue === "string") {
@@ -3049,6 +2951,9 @@
           }
         });
       },
+      deleteAll: driver.deleteAll ? async () => {
+        return driver.deleteAll(slug);
+      } : void 0,
       count: driver.countEntities ? async (params) => {
         return driver.countEntities({
           path: slug,
@@ -3090,8 +2995,12 @@
         });
       } : void 0,
       // Fluent Query Builder
-      where(column, operator, value) {
-        return new QueryBuilder(accessor).where(column, operator, value);
+      where(columnOrCondition, operator, value) {
+        const builder = new QueryBuilder(accessor);
+        if (typeof columnOrCondition === "object") {
+          return builder.where(columnOrCondition);
+        }
+        return builder.where(columnOrCondition, operator, value);
       },
       orderBy(column, ascending) {
         return new QueryBuilder(accessor).orderBy(column, ascending);
@@ -3142,7 +3051,6 @@
       const conditions = [];
       for (const [field, filterParam] of Object.entries(filter)) {
         if (!filterParam) continue;
-        const [op, value] = filterParam;
         let fieldColumn = table[field];
         if (!fieldColumn) {
           const relationKey = `${field}_id`;
@@ -3154,13 +3062,39 @@
           console.warn(`Filtering by field '${field}', but it does not exist in table for collection '${collectionPath}'`);
           continue;
         }
-        const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
-        if (condition) {
-          conditions.push(condition);
+        const paramsList = Array.isArray(filterParam) && filterParam.length > 0 && Array.isArray(filterParam[0]) ? filterParam : [filterParam];
+        for (const [op, value] of paramsList) {
+          const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
+          if (condition) {
+            conditions.push(condition);
+          }
         }
       }
       return conditions;
     }
+    /**
+     * Build logical conditions recursively from LogicalCondition or FilterCondition
+     */
+    static buildLogicalConditions(cond, table, collectionPath) {
+      if ("type" in cond) {
+        const subSQLs = cond.conditions.map((c) => this.buildLogicalConditions(c, table, collectionPath)).filter((sql2) => sql2 !== null);
+        if (subSQLs.length === 0) return null;
+        return (cond.type === "or" ? drizzleOrm.or(...subSQLs) : drizzleOrm.and(...subSQLs)) ?? null;
+      } else {
+        let fieldColumn = table[cond.column];
+        if (!fieldColumn) {
+          const relationKey = `${cond.column}_id`;
+          if (relationKey in table) {
+            fieldColumn = table[relationKey];
+          }
+        }
+        if (!fieldColumn) {
+          console.warn(`Filtering by field '${cond.column}', but it does not exist in table for collection '${collectionPath}'`);
+          return null;
+        }
+        return this.buildSingleFilterCondition(fieldColumn, cond.operator, cond.value);
+      }
+    }
     /**
      * Build a single filter condition for a specific operator and value
      */
@@ -4038,39 +3972,18 @@
         }
         return value;
       }
-      case "binary":
-        if (typeof value === "string") {
-          if (value.startsWith("data:application/octet-stream;base64,")) {
-            const base64Data = value.split(",")[1];
-            if (base64Data) {
-              return Buffer.from(base64Data, "base64");
-            }
-          }
-        }
-        if (Buffer.isBuffer(value)) {
-          return value;
-        }
+      case "binary": {
+        const decoded = tryDecodeBase64DataUrl(value);
+        if (decoded) return decoded;
+        if (Buffer.isBuffer(value)) return value;
         return value;
+      }
       case "string":
-        if (typeof value === "string") {
-          if (value.startsWith("data:application/octet-stream;base64,")) {
-            const base64Data = value.split(",")[1];
-            if (base64Data) {
-              return Buffer.from(base64Data, "base64");
-            }
-          }
-        }
-        return value;
-      default:
-        if (typeof value === "string") {
-          if (value.startsWith("data:application/octet-stream;base64,")) {
-            const base64Data = value.split(",")[1];
-            if (base64Data) {
-              return Buffer.from(base64Data, "base64");
-            }
-          }
-        }
+      default: {
+        const decoded = tryDecodeBase64DataUrl(value);
+        if (decoded) return decoded;
         return value;
+      }
     }
   }
   async function parseDataFromServer(data, collection, db, registry) {
@@ -4190,21 +4103,36 @@
     }
     return result;
   }
-  function parsePropertyFromServer(value, property, collection, propertyKey) {
-    if (value === null || value === void 0) {
-      return value;
+  function tryDecodeBase64DataUrl(value) {
+    if (typeof value !== "string") return null;
+    if (!value.startsWith("data:application/octet-stream;base64,")) return null;
+    const base64Data = value.split(",")[1];
+    return base64Data ? Buffer.from(base64Data, "base64") : null;
+  }
+  function tryResolveBuffer(value) {
+    if (Buffer.isBuffer(value)) return value;
+    if (typeof value === "object" && value !== null) {
+      const rawVal = value;
+      if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+        return Buffer.from(rawVal.data);
+      }
+    }
+    return null;
+  }
+  function bufferToStringOrBase64(buf) {
+    for (let i = 0; i < buf.length; i++) {
+      const b = buf[i];
+      if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
+        return `data:application/octet-stream;base64,${buf.toString("base64")}`;
+      }
     }
+    return buf.toString("utf8");
+  }
+  function parsePropertyFromServer(value, property, collection, propertyKey) {
+    if (value === null || value === void 0) return value;
     switch (property.type) {
       case "binary": {
-        let buf = null;
-        if (Buffer.isBuffer(value)) {
-          buf = value;
-        } else if (typeof value === "object" && value !== null) {
-          const rawVal = value;
-          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-            buf = Buffer.from(rawVal.data);
-          }
-        }
+        const buf = tryResolveBuffer(value);
         if (buf) {
           return `data:application/octet-stream;base64,${buf.toString("base64")}`;
         }
@@ -4212,28 +4140,9 @@
       }
       case "string": {
         if (typeof value === "string") return value;
-        let isBuffer = false;
-        let buf = null;
-        if (Buffer.isBuffer(value)) {
-          isBuffer = true;
-          buf = value;
-        } else if (typeof value === "object" && value !== null) {
-          const rawVal = value;
-          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-            isBuffer = true;
-            buf = Buffer.from(rawVal.data);
-          }
-        }
-        if (isBuffer && buf) {
-          let isPrintable = true;
-          for (let i = 0; i < buf.length; i++) {
-            const b = buf[i];
-            if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-              isPrintable = false;
-              break;
-            }
-          }
-          return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+        const buf = tryResolveBuffer(value);
+        if (buf) {
+          return bufferToStringOrBase64(buf);
         }
         if (typeof value === "object" && value !== null) {
           try {
@@ -4347,28 +4256,9 @@
         return null;
       }
       default: {
-        let isBuffer = false;
-        let buf = null;
-        if (Buffer.isBuffer(value)) {
-          isBuffer = true;
-          buf = value;
-        } else if (typeof value === "object" && value !== null) {
-          const rawVal = value;
-          if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-            isBuffer = true;
-            buf = Buffer.from(rawVal.data);
-          }
-        }
-        if (isBuffer && buf) {
-          let isPrintable = true;
-          for (let i = 0; i < buf.length; i++) {
-            const b = buf[i];
-            if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-              isPrintable = false;
-              break;
-            }
-          }
-          return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+        const buf = tryResolveBuffer(value);
+        if (buf) {
+          return bufferToStringOrBase64(buf);
         }
         return value;
       }
@@ -5557,6 +5447,10 @@
         const filterConditions = this.buildFilterConditions(options.filter, table, collectionPath);
         if (filterConditions.length > 0) allConditions.push(...filterConditions);
       }
+      if (options.logical) {
+        const logicalCondition = DrizzleConditionBuilder.buildLogicalConditions(options.logical, table, collectionPath);
+        if (logicalCondition) allConditions.push(logicalCondition);
+      }
       if (options.startAfter) {
         const cursorConditions = this.buildCursorConditions(table, idField, idInfo, options, collectionPath);
         if (cursorConditions.length > 0) allConditions.push(...cursorConditions);
@@ -5728,6 +5622,10 @@
         const filterConditions = this.buildFilterConditions(options.filter, table, collectionPath);
         if (filterConditions.length > 0) allConditions.push(...filterConditions);
       }
+      if (options.logical) {
+        const logicalCondition = DrizzleConditionBuilder.buildLogicalConditions(options.logical, table, collectionPath);
+        if (logicalCondition) allConditions.push(logicalCondition);
+      }
       if (vectorMeta?.filter) {
         allConditions.push(vectorMeta.filter);
       }
@@ -6313,6 +6211,14 @@
       const parsedId = parsedIdObj[idInfo.fieldName];
       await this.db.delete(table).where(drizzleOrm.eq(idField, parsedId));
     }
+    /**
+     * Delete all entities from a collection
+     */
+    async deleteAll(collectionPath, _databaseId) {
+      const collection = getCollectionByPath(collectionPath, this.registry);
+      const table = getTableForCollection(collection, this.registry);
+      await this.db.delete(table);
+    }
     /**
      * Save an entity (create or update)
      */
@@ -6545,12 +6451,12 @@
      */
     extractCauseMessage(error) {
       if (!error || typeof error !== "object") return null;
-      const err = error;
-      if (err.cause && typeof err.cause === "object") {
-        const deeper = this.extractCauseMessage(err.cause);
+      if (!(error instanceof Error)) return null;
+      if (error.cause && typeof error.cause === "object") {
+        const deeper = this.extractCauseMessage(error.cause);
         if (deeper) return deeper;
-        if (err.cause instanceof Error && err.cause.message) {
-          return err.cause.message;
+        if (error.cause instanceof Error && error.cause.message) {
+          return error.cause.message;
         }
       }
       return null;
@@ -6571,12 +6477,17 @@
      */
     extractPgError(error) {
       if (!error || typeof error !== "object") return null;
-      const err = error;
-      if (err.code && /^[0-9A-Z]{5}$/.test(err.code)) {
-        return err;
+      if (!(error instanceof Error)) {
+        if ("cause" in error && error.cause && typeof error.cause === "object") {
+          return this.extractPgError(error.cause);
+        }
+        return null;
+      }
+      if ("code" in error && typeof error.code === "string" && /^[0-9A-Z]{5}$/.test(error.code)) {
+        return error;
       }
-      if (err.cause && typeof err.cause === "object") {
-        return this.extractPgError(err.cause);
+      if (error.cause && typeof error.cause === "object") {
+        return this.extractPgError(error.cause);
       }
       return null;
     }
@@ -6644,6 +6555,12 @@
     async deleteEntity(collectionPath, entityId, databaseId) {
       return this.persistService.deleteEntity(collectionPath, entityId, databaseId);
     }
+    /**
+     * Delete all entities from a collection
+     */
+    async deleteAll(collectionPath, databaseId) {
+      return this.persistService.deleteAll(collectionPath, databaseId);
+    }
     /**
      * Execute raw SQL
      */
@@ -7344,6 +7261,10 @@
         await this.realtimeService.notifyEntityUpdate(entity.path, entity.id.toString(), null, entity.databaseId || resolvedCollection?.databaseId);
       }
     }
+    async deleteAll(path2) {
+      await this.entityService.deleteAll(path2);
+      await this.realtimeService.notifyEntityUpdate(path2, "*", null);
+    }
     async checkUniqueField(path2, name, value, entityId, collection) {
       return this.entityService.checkUniqueField(path2, name, value, entityId, collection?.databaseId);
     }
@@ -7613,11 +7534,11 @@
           console.warn("[DataDriver] User ID (uid) is missing for authenticated delegate. Using 'anonymous'. User object:", this.user);
           userId = "anonymous";
         }
-        const userRoles2 = this.user?.roles ?? [];
+        const userRoles = this.user?.roles ?? [];
         if (!this.user?.roles) {
           console.warn("[DataDriver] User roles are missing for authenticated delegate. Using empty array. User object:", this.user);
         }
-        const normalizedRoles = userRoles2.map((r) => typeof r === "string" ? r : r?.id ?? String(r));
+        const normalizedRoles = userRoles.map((r) => typeof r === "string" ? r : r?.id ?? String(r));
         const rolesString = normalizedRoles.join(",");
         await tx.execute(drizzleOrm.sql`
                 SELECT 
@@ -7625,7 +7546,7 @@
                     set_config('app.user_roles', ${rolesString}, true),
                     set_config('app.jwt', ${JSON.stringify({
           sub: userId,
-          roles: userRoles2
+          roles: userRoles
         })}, true)
             `);
         const txEntityService = new EntityService(tx, this.delegate.registry);
@@ -7680,6 +7601,9 @@
     async deleteEntity(props) {
       return this.withTransaction((delegate) => delegate.deleteEntity(props));
     }
+    async deleteAll(path2) {
+      return this.withTransaction((delegate) => delegate.deleteAll(path2));
+    }
     async checkUniqueField(path2, name, value, entityId, collection) {
       return this.withTransaction((delegate) => delegate.checkUniqueField(path2, name, value, entityId, collection));
     }
@@ -7757,13 +7681,13 @@
       }
       await Promise.all(promises);
       this.pools.clear();
+      this.drizzleInstances.clear();
     }
   }
-  function createAuthSchema(rolesSchemaName = "rebase", usersSchemaName = "rebase") {
-    const rolesSchema = rolesSchemaName === "public" ? null : pgCore.pgSchema(rolesSchemaName);
+  function createAuthSchema(usersSchemaName = "rebase") {
     const usersSchema2 = usersSchemaName === "public" ? null : pgCore.pgSchema(usersSchemaName);
-    const rolesTableCreator = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgCore.pgTable;
-    const usersTableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgCore.pgTable;
+    const tableCreator = usersSchema2 ? usersSchema2.table.bind(usersSchema2) : pgCore.pgTable;
+    const usersTableCreator = tableCreator;
     const users2 = usersTableCreator("users", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       email: pgCore.varchar("email", {
@@ -7785,37 +7709,12 @@
       }),
       emailVerificationSentAt: pgCore.timestamp("email_verification_sent_at"),
       isAnonymous: pgCore.boolean("is_anonymous").default(false).notNull(),
+      roles: pgCore.text("roles").array().default([]).notNull(),
       metadata: pgCore.jsonb("metadata").$type().default({}).notNull(),
       createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
       updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
     });
-    const roles2 = rolesTableCreator("roles", {
-      id: pgCore.varchar("id", {
-        length: 50
-      }).primaryKey(),
-      // 'admin', 'editor', 'viewer'
-      name: pgCore.varchar("name", {
-        length: 100
-      }).notNull(),
-      isAdmin: pgCore.boolean("is_admin").default(false).notNull(),
-      defaultPermissions: pgCore.jsonb("default_permissions").$type(),
-      collectionPermissions: pgCore.jsonb("collection_permissions").$type()
-    });
-    const userRoles2 = rolesTableCreator("user_roles", {
-      userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
-        onDelete: "cascade"
-      }),
-      roleId: pgCore.varchar("role_id", {
-        length: 50
-      }).notNull().references(() => roles2.id, {
-        onDelete: "cascade"
-      })
-    }, (table) => ({
-      pk: pgCore.primaryKey({
-        columns: [table.userId, table.roleId]
-      })
-    }));
-    const refreshTokens2 = rolesTableCreator("refresh_tokens", {
+    const refreshTokens2 = tableCreator("refresh_tokens", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
         onDelete: "cascade"
@@ -7834,7 +7733,7 @@
     }, (table) => ({
       uniqueDeviceSession: pgCore.unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
     }));
-    const passwordResetTokens2 = rolesTableCreator("password_reset_tokens", {
+    const passwordResetTokens2 = tableCreator("password_reset_tokens", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
         onDelete: "cascade"
@@ -7846,14 +7745,14 @@
       usedAt: pgCore.timestamp("used_at"),
       createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
     });
-    const appConfig2 = rolesTableCreator("app_config", {
+    const appConfig2 = tableCreator("app_config", {
       key: pgCore.varchar("key", {
         length: 100
       }).primaryKey(),
       value: pgCore.jsonb("value").notNull(),
       updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
     });
-    const userIdentities2 = rolesTableCreator("user_identities", {
+    const userIdentities2 = tableCreator("user_identities", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
         onDelete: "cascade"
@@ -7871,7 +7770,7 @@
     }, (table) => ({
       uniqueProviderId: pgCore.unique("unique_provider_id").on(table.provider, table.providerId)
     }));
-    const mfaFactors2 = rolesTableCreator("mfa_factors", {
+    const mfaFactors2 = tableCreator("mfa_factors", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
         onDelete: "cascade"
@@ -7890,7 +7789,7 @@
       createdAt: pgCore.timestamp("created_at").defaultNow().notNull(),
       updatedAt: pgCore.timestamp("updated_at").defaultNow().notNull()
     });
-    const mfaChallenges2 = rolesTableCreator("mfa_challenges", {
+    const mfaChallenges2 = tableCreator("mfa_challenges", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       factorId: pgCore.uuid("factor_id").notNull().references(() => mfaFactors2.id, {
         onDelete: "cascade"
@@ -7902,7 +7801,7 @@
       }),
       expiresAt: pgCore.timestamp("expires_at").notNull()
     });
-    const recoveryCodes2 = rolesTableCreator("recovery_codes", {
+    const recoveryCodes2 = tableCreator("recovery_codes", {
       id: pgCore.uuid("id").defaultRandom().primaryKey(),
       userId: pgCore.uuid("user_id").notNull().references(() => users2.id, {
         onDelete: "cascade"
@@ -7914,11 +7813,8 @@
       createdAt: pgCore.timestamp("created_at").defaultNow().notNull()
     });
     return {
-      rolesSchema,
       usersSchema: usersSchema2,
       users: users2,
-      roles: roles2,
-      userRoles: userRoles2,
       refreshTokens: refreshTokens2,
       passwordResetTokens: passwordResetTokens2,
       appConfig: appConfig2,
@@ -7928,12 +7824,9 @@
       recoveryCodes: recoveryCodes2
     };
   }
-  const defaultAuthSchema = createAuthSchema("rebase", "rebase");
-  const rebaseSchema = defaultAuthSchema.rolesSchema;
+  const defaultAuthSchema = createAuthSchema("rebase");
   const usersSchema = defaultAuthSchema.usersSchema;
   const users = defaultAuthSchema.users;
-  const roles = defaultAuthSchema.roles;
-  const userRoles = defaultAuthSchema.userRoles;
   const refreshTokens = defaultAuthSchema.refreshTokens;
   const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
   const appConfig = defaultAuthSchema.appConfig;
@@ -7944,30 +7837,12 @@
   const usersRelations = drizzleOrm.relations(users, ({
     many
   }) => ({
-    userRoles: many(userRoles),
     refreshTokens: many(refreshTokens),
     passwordResetTokens: many(passwordResetTokens),
     userIdentities: many(userIdentities),
     mfaFactors: many(mfaFactors),
     recoveryCodes: many(recoveryCodes)
   }));
-  const rolesRelations = drizzleOrm.relations(roles, ({
-    many
-  }) => ({
-    userRoles: many(userRoles)
-  }));
-  const userRolesRelations = drizzleOrm.relations(userRoles, ({
-    one
-  }) => ({
-    user: one(users, {
-      fields: [userRoles.userId],
-      references: [users.id]
-    }),
-    role: one(roles, {
-      fields: [userRoles.roleId],
-      references: [roles.id]
-    })
-  }));
   const refreshTokensRelations = drizzleOrm.relations(refreshTokens, ({
     one
   }) => ({
@@ -8074,6 +7949,8 @@
           columnDefinition = `${enumName}("${colName}")`;
         } else if ("isId" in stringProp && stringProp.isId === "uuid") {
           columnDefinition = `uuid("${colName}")`;
+        } else if (stringProp.columnType === "uuid") {
+          columnDefinition = `uuid("${colName}")`;
         } else if (stringProp.columnType === "text") {
           columnDefinition = `text("${colName}")`;
         } else if (stringProp.columnType === "char") {
@@ -8141,11 +8018,38 @@
         }
         break;
       }
-      case "map":
+      case "map": {
+        const mapProp = prop;
+        if (mapProp.columnType === "json") {
+          columnDefinition = `json("${colName}")`;
+        } else {
+          columnDefinition = `jsonb("${colName}")`;
+        }
+        break;
+      }
       case "array": {
-        const arrayOrMapProp = prop;
-        if (arrayOrMapProp.columnType === "json") {
+        const arrayProp = prop;
+        let colType = arrayProp.columnType;
+        if (!colType && arrayProp.of && !Array.isArray(arrayProp.of)) {
+          const ofProp = arrayProp.of;
+          if (ofProp.type === "string") {
+            colType = "text[]";
+          } else if (ofProp.type === "number") {
+            colType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+          } else if (ofProp.type === "boolean") {
+            colType = "boolean[]";
+          }
+        }
+        if (colType === "json") {
           columnDefinition = `json("${colName}")`;
+        } else if (colType === "text[]") {
+          columnDefinition = `text("${colName}").array()`;
+        } else if (colType === "integer[]") {
+          columnDefinition = `integer("${colName}").array()`;
+        } else if (colType === "boolean[]") {
+          columnDefinition = `boolean("${colName}").array()`;
+        } else if (colType === "numeric[]") {
+          columnDefinition = `numeric("${colName}").array()`;
         } else {
           columnDefinition = `jsonb("${colName}")`;
         }
@@ -8229,8 +8133,8 @@
     const resolved = expression.replace(/\{(\w+)\}/g, (_, col) => col);
     return `sql\`${resolved}\``;
   };
-  const wrapWithRoleCheck = (clause, roles2) => {
-    const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+  const wrapWithRoleCheck = (clause, roles) => {
+    const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
     const roleCondition = `string_to_array(auth.roles(), ',') @> ${rolesArrayString}`;
     return `sql\`(${unwrapSql(clause)}) AND (${roleCondition})\``;
   };
@@ -8283,22 +8187,22 @@
   };
   const generateSinglePolicyCode = (collection, rule, operation, policyName) => {
     const mode = rule.mode ?? "permissive";
-    const roles2 = rule.roles ? [...rule.roles].sort() : void 0;
+    const roles = rule.roles ? [...rule.roles].sort() : void 0;
     const needsUsing = operation !== "insert";
     const needsWithCheck = operation !== "select" && operation !== "delete";
     let usingClause = needsUsing ? buildUsingClause(rule, collection) : null;
     let withCheckClause = needsWithCheck ? buildWithCheckClause(rule, collection) : null;
-    if (roles2 && roles2.length > 0) {
+    if (roles && roles.length > 0) {
       if (usingClause) {
-        usingClause = wrapWithRoleCheck(usingClause, roles2);
+        usingClause = wrapWithRoleCheck(usingClause, roles);
       } else if (needsUsing) {
-        const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+        const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
         usingClause = `sql\`string_to_array(auth.roles(), ',') @> ${rolesArrayString}\``;
       }
       if (withCheckClause) {
-        withCheckClause = wrapWithRoleCheck(withCheckClause, roles2);
+        withCheckClause = wrapWithRoleCheck(withCheckClause, roles);
       } else if (needsWithCheck) {
-        const rolesArrayString = `ARRAY[${roles2.map((r) => `'${r}'`).join(",")}]`;
+        const rolesArrayString = `ARRAY[${roles.map((r) => `'${r}'`).join(",")}]`;
         withCheckClause = `sql\`string_to_array(auth.roles(), ',') @> ${rolesArrayString}\``;
       }
     }
@@ -8686,7 +8590,6 @@ ${tableRelations.join(",\n")}
       if (!collections || !Array.isArray(collections)) {
         collections = [];
       }
-      collections = Array.from(new Map([defaultUsersCollection, ...collections].map((c) => [c.slug, c])).values());
       collections.sort((a, b) => a.slug.localeCompare(b.slug));
       const schemaContent = await generateSchema(collections);
       if (outputPath) {
@@ -9672,20 +9575,19 @@ ${tableRelations.join(",\n")}
     }
   }
   const PostgresRealtimeProvider = RealtimeService;
-  const clientSessions = /* @__PURE__ */ new Map();
   const WS_RATE_LIMIT = 2e3;
   const WS_RATE_WINDOW_MS = 6e4;
   const ADMIN_ONLY_TYPES = /* @__PURE__ */ new Set(["EXECUTE_SQL", "FETCH_DATABASES", "FETCH_ROLES", "FETCH_UNMAPPED_TABLES", "FETCH_TABLE_METADATA", "FETCH_CURRENT_DATABASE", "CREATE_BRANCH", "DELETE_BRANCH", "LIST_BRANCHES"]);
   function extractErrorMessage(error) {
     if (!error) return "Unknown error";
-    if (typeof error === "object") {
-      const err = error;
-      if (err.cause) {
-        return extractErrorMessage(err.cause);
-      }
-      if (typeof err.message === "string") {
-        return err.message;
+    if (error instanceof Error) {
+      if ("cause" in error && error.cause) {
+        return extractErrorMessage(error.cause);
       }
+      return error.message;
+    }
+    if (typeof error === "object" && "message" in error && typeof error.message === "string") {
+      return error.message;
     }
     return String(error);
   }
@@ -9693,14 +9595,10 @@ ${tableRelations.join(",\n")}
     if (!session?.user) return false;
     if (session.user.isAdmin) return true;
     if (!session.user.roles) return false;
-    return session.user.roles.some((r) => {
-      if (typeof r === "string") return r === "admin";
-      if (r && typeof r === "object" && "isAdmin" in r) return r.isAdmin;
-      if (r && typeof r === "object" && "id" in r) return r.id === "admin";
-      return false;
-    });
+    return session.user.roles.some((r) => r === "admin");
   }
   function createPostgresWebSocket(server, realtimeService, driver, authConfig, authAdapter) {
+    const clientSessions = /* @__PURE__ */ new Map();
     const isProduction = process.env.NODE_ENV === "production";
     const wsDebug = (...args) => {
       if (!isProduction) console.debug(...args);
@@ -9839,13 +9737,23 @@ ${tableRelations.join(",\n")}
           }
           const getScopedDelegate = async () => {
             const session = clientSessions.get(clientId);
-            if ("withAuth" in driver && typeof driver.withAuth === "function") {
+            if (typeof driver.withAuth === "function") {
               try {
                 const userForAuth = session?.user ? {
                   uid: session.user.userId,
+                  displayName: null,
+                  email: null,
+                  photoURL: null,
+                  providerId: "websocket",
+                  isAnonymous: false,
                   roles: session.user.roles ?? []
                 } : {
                   uid: "anon",
+                  displayName: null,
+                  email: null,
+                  photoURL: null,
+                  providerId: "websocket",
+                  isAnonymous: true,
                   roles: ["anon"]
                 };
                 return await driver.withAuth(userForAuth);
@@ -10032,15 +9940,15 @@ ${tableRelations.join(",\n")}
                 wsDebug("👤 [WebSocket Server] Processing FETCH_ROLES request");
                 const delegate = await getScopedDelegate();
                 const admin = delegate.admin;
-                let roles2 = [];
+                let roles = [];
                 if (isSQLAdmin(admin) && admin.fetchAvailableRoles) {
-                  roles2 = await admin.fetchAvailableRoles();
+                  roles = await admin.fetchAvailableRoles();
                 }
-                wsDebug(`👤 [WebSocket Server] Fetched ${roles2.length} roles.`);
+                wsDebug(`👤 [WebSocket Server] Fetched ${roles.length} roles.`);
                 const response = {
                   type: "FETCH_ROLES_SUCCESS",
                   payload: {
-                    roles: roles2
+                    roles
                   },
                   requestId
                 };
@@ -10294,85 +10202,35 @@ ${tableRelations.join(",\n")}
       return collection.relations.map((r) => r.relationName || r.localKey || "").filter(Boolean);
     }
   }
-  const DEFAULT_ROLES = [{
-    id: "admin",
-    name: "Admin",
-    is_admin: true,
-    default_permissions: {
-      read: true,
-      create: true,
-      edit: true,
-      delete: true
-    }
-  }, {
-    id: "editor",
-    name: "Editor",
-    is_admin: false,
-    default_permissions: {
-      read: true,
-      create: true,
-      edit: true,
-      delete: true
-    }
-  }, {
-    id: "viewer",
-    name: "Viewer",
-    is_admin: false,
-    default_permissions: {
-      read: true,
-      create: false,
-      edit: false,
-      delete: false
-    }
-  }];
-  async function ensureAuthTablesExist(db, registry) {
+  async function ensureAuthTablesExist(db, collection) {
     serverCore.logger.info("🔍 Checking auth tables...");
     try {
-      let usersTableName = '"users"';
+      let usersTableName = '"rebase"."users"';
       let userIdType = "TEXT";
-      let usersSchema2 = "public";
-      if (registry) {
-        const usersTable = registry.getTable("users");
-        if (usersTable) {
-          const {
-            getTableName: getTableName2
-          } = await import("drizzle-orm");
-          usersSchema2 = pgCore.getTableConfig(usersTable).schema || "public";
-          usersTableName = usersSchema2 === "public" ? `"${getTableName2(usersTable)}"` : `"${usersSchema2}"."${getTableName2(usersTable)}"`;
-          if (usersTable.id) {
-            const col = usersTable.id;
-            const meta = getColumnMeta(col);
-            const columnType = meta.columnType;
-            if (columnType === "PgUUID") {
-              userIdType = "UUID";
-            } else if (columnType === "PgSerial" || columnType === "PgInteger") {
-              userIdType = "INTEGER";
-            } else if (columnType === "PgBigInt" || columnType === "PgBigSerial") {
-              userIdType = "BIGINT";
-            }
+      let usersSchema2 = "rebase";
+      if (collection) {
+        const rawTable = "table" in collection && typeof collection.table === "string" ? collection.table : collection.slug;
+        usersSchema2 = "schema" in collection && typeof collection.schema === "string" ? collection.schema : "public";
+        usersTableName = usersSchema2 === "public" ? `"${rawTable}"` : `"${usersSchema2}"."${rawTable}"`;
+        const idProp = collection.properties?.id;
+        if (idProp) {
+          const isId = "isId" in idProp ? idProp.isId : void 0;
+          if (isId === "uuid") {
+            userIdType = "UUID";
+          } else if (isId === "autoincrement") {
+            userIdType = "INTEGER";
           }
         }
       }
-      let rolesSchema = "rebase";
-      if (registry) {
-        const rolesTable = registry.getTable("roles");
-        if (rolesTable) {
-          rolesSchema = pgCore.getTableConfig(rolesTable).schema || "public";
-        }
-      }
       if (usersSchema2 !== "public") {
         await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS ${drizzleOrm.sql.raw(usersSchema2)}`);
       }
-      if (rolesSchema !== "public" && rolesSchema !== usersSchema2) {
-        await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS ${drizzleOrm.sql.raw(rolesSchema)}`);
-      }
       await db.execute(drizzleOrm.sql`CREATE SCHEMA IF NOT EXISTS rebase`);
-      const userIdentitiesTable = `"${rolesSchema}"."user_identities"`;
-      const rolesTableName = `"${rolesSchema}"."roles"`;
-      const userRolesTableName = `"${rolesSchema}"."user_roles"`;
-      const refreshTokensTableName = `"${rolesSchema}"."refresh_tokens"`;
-      const passwordResetTokensTableName = `"${rolesSchema}"."password_reset_tokens"`;
-      const appConfigTableName = `"${rolesSchema}"."app_config"`;
+      const authSchema = usersSchema2 === "public" ? "rebase" : usersSchema2;
+      const userIdentitiesTable = `"${authSchema}"."user_identities"`;
+      const refreshTokensTableName = `"${authSchema}"."refresh_tokens"`;
+      const passwordResetTokensTableName = `"${authSchema}"."password_reset_tokens"`;
+      const appConfigTableName = `"${authSchema}"."app_config"`;
       await db.execute(drizzleOrm.sql`
             CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(userIdentitiesTable)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10389,27 +10247,6 @@ ${tableRelations.join(",\n")}
             CREATE INDEX IF NOT EXISTS idx_user_identities_user 
             ON ${drizzleOrm.sql.raw(userIdentitiesTable)}(user_id)
         `);
-      await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(rolesTableName)} (
-                id TEXT PRIMARY KEY,
-                name TEXT NOT NULL,
-                is_admin BOOLEAN DEFAULT FALSE,
-                default_permissions JSONB,
-                collection_permissions JSONB,
-                created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-            )
-        `);
-      await db.execute(drizzleOrm.sql`
-            CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(userRolesTableName)} (
-                user_id ${drizzleOrm.sql.raw(userIdType)} NOT NULL REFERENCES ${drizzleOrm.sql.raw(usersTableName)}(id) ON DELETE CASCADE,
-                role_id TEXT NOT NULL REFERENCES ${drizzleOrm.sql.raw(rolesTableName)}(id) ON DELETE CASCADE,
-                PRIMARY KEY (user_id, role_id)
-            )
-        `);
-      await db.execute(drizzleOrm.sql`
-            CREATE INDEX IF NOT EXISTS idx_user_roles_user 
-            ON ${drizzleOrm.sql.raw(userRolesTableName)}(user_id)
-        `);
       await db.execute(drizzleOrm.sql`
             CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(refreshTokensTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10477,14 +10314,43 @@ ${tableRelations.join(",\n")}
                 $$ LANGUAGE sql STABLE
             `);
       });
-      await seedDefaultRoles(db, rolesTableName);
       await db.execute(drizzleOrm.sql`
             ALTER TABLE ${drizzleOrm.sql.raw(usersTableName)}
             ADD COLUMN IF NOT EXISTS is_anonymous BOOLEAN DEFAULT FALSE
         `);
-      const mfaFactorsTableName = `"${rolesSchema}"."mfa_factors"`;
-      const mfaChallengesTableName = `"${rolesSchema}"."mfa_challenges"`;
-      const recoveryCodesTableName = `"${rolesSchema}"."recovery_codes"`;
+      await db.execute(drizzleOrm.sql`
+            ALTER TABLE ${drizzleOrm.sql.raw(usersTableName)}
+            ADD COLUMN IF NOT EXISTS roles TEXT[] DEFAULT '{}' NOT NULL
+        `);
+      try {
+        const legacyCheck = await db.execute(drizzleOrm.sql`
+                SELECT EXISTS (
+                    SELECT 1 FROM information_schema.tables
+                    WHERE table_schema = 'rebase' AND table_name = 'user_roles'
+                ) AS has_user_roles
+            `);
+        const hasLegacyTables = legacyCheck.rows[0].has_user_roles;
+        if (hasLegacyTables) {
+          serverCore.logger.info("🔄 Migrating roles from legacy user_roles table...");
+          await db.execute(drizzleOrm.sql`
+                    UPDATE ${drizzleOrm.sql.raw(usersTableName)} u
+                    SET roles = COALESCE((
+                        SELECT array_agg(ur.role_id)
+                        FROM "rebase"."user_roles" ur
+                        WHERE ur.user_id = u.id
+                    ), '{}')
+                    WHERE u.roles = '{}' OR u.roles IS NULL
+                `);
+          await db.execute(drizzleOrm.sql`DROP TABLE IF EXISTS "rebase"."user_roles" CASCADE`);
+          await db.execute(drizzleOrm.sql`DROP TABLE IF EXISTS "rebase"."roles" CASCADE`);
+          serverCore.logger.info("✅ Legacy roles tables migrated and dropped");
+        }
+      } catch (migrationError) {
+        serverCore.logger.warn(`⚠️  Legacy roles migration skipped: ${migrationError instanceof Error ? migrationError.message : String(migrationError)}`);
+      }
+      const mfaFactorsTableName = `"${authSchema}"."mfa_factors"`;
+      const mfaChallengesTableName = `"${authSchema}"."mfa_challenges"`;
+      const recoveryCodesTableName = `"${authSchema}"."recovery_codes"`;
       await db.execute(drizzleOrm.sql`
             CREATE TABLE IF NOT EXISTS ${drizzleOrm.sql.raw(mfaFactorsTableName)} (
                 id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
@@ -10536,28 +10402,6 @@ ${tableRelations.join(",\n")}
       serverCore.logger.warn("⚠️ Continuing without creating auth tables.");
     }
   }
-  async function seedDefaultRoles(db, rolesTableName) {
-    const result = await db.execute(drizzleOrm.sql`SELECT COUNT(*) as count FROM ${drizzleOrm.sql.raw(rolesTableName)}`);
-    const count = parseInt(result.rows[0]?.count || "0", 10);
-    if (count > 0) {
-      serverCore.logger.info(`📋 Found ${count} existing roles`);
-      return;
-    }
-    serverCore.logger.info("🌱 Seeding default roles...");
-    for (const role of DEFAULT_ROLES) {
-      await db.execute(drizzleOrm.sql`
-            INSERT INTO ${drizzleOrm.sql.raw(rolesTableName)} (id, name, is_admin, default_permissions)
-            VALUES (
-                ${role.id}, 
-                ${role.name}, 
-                ${role.is_admin}, 
-                ${JSON.stringify(role.default_permissions)}::jsonb
-            )
-            ON CONFLICT (id) DO NOTHING
-        `);
-    }
-    serverCore.logger.info("✅ Default roles created: admin, editor, viewer");
-  }
   function getColumnKey(table, ...keys2) {
     if (!table) return void 0;
     for (const key of keys2) {
@@ -10577,24 +10421,18 @@ ${tableRelations.join(",\n")}
   class UserService {
     constructor(db, tableOrTables) {
       this.db = db;
-      if (tableOrTables && (tableOrTables.users || tableOrTables.roles)) {
+      if (tableOrTables && tableOrTables.users) {
         const tables = tableOrTables;
         this.usersTable = tables.users || users;
         this.userIdentitiesTable = tables.userIdentities || userIdentities;
-        this.userRolesTable = tables.userRoles || userRoles;
-        this.rolesTable = tables.roles || roles;
       } else {
         const table = tableOrTables;
         this.usersTable = table || users;
         this.userIdentitiesTable = userIdentities;
-        this.userRolesTable = userRoles;
-        this.rolesTable = roles;
       }
     }
     usersTable;
     userIdentitiesTable;
-    userRolesTable;
-    rolesTable;
     getQualifiedUsersTableName() {
       const name = drizzleOrm.getTableName(this.usersTable);
       const schema = pgCore.getTableConfig(this.usersTable).schema || "public";
@@ -10616,7 +10454,7 @@ ${tableRelations.join(",\n")}
       const metadata = {
         ...row.metadata || {}
       };
-      const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "is_anonymous", "isAnonymous", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
+      const knownKeys = /* @__PURE__ */ new Set(["id", "uid", "email", "password_hash", "passwordHash", "display_name", "displayName", "photo_url", "photoUrl", "photoURL", "email_verified", "emailVerified", "email_verification_token", "emailVerificationToken", "email_verification_sent_at", "emailVerificationSentAt", "is_anonymous", "isAnonymous", "roles", "created_at", "createdAt", "updated_at", "updatedAt", "metadata"]);
       for (const [key, val] of Object.entries(row)) {
         if (!knownKeys.has(key)) {
           const camelKey = camelCase(key);
@@ -10767,19 +10605,18 @@ ${tableRelations.join(",\n")}
       const displayNameCol = getColumn(this.usersTable, "displayName", "display_name");
       const displayNameColumn = displayNameCol ? displayNameCol.name : "display_name";
       const idCol = getColumn(this.usersTable, "id");
-      const idColumn = idCol ? idCol.name : "id";
+      idCol ? idCol.name : "id";
       const usersTableName = this.getQualifiedUsersTableName();
-      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
       const conditions = [];
       if (roleId) {
-        conditions.push(drizzleOrm.sql`EXISTS (SELECT 1 FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
+        conditions.push(drizzleOrm.sql`${roleId} = ANY(${drizzleOrm.sql.raw(usersTableName)}.roles)`);
       }
       if (search) {
         const pattern = `%${search}%`;
         conditions.push(drizzleOrm.sql`(${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(emailColumn)} ILIKE ${pattern} OR ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(displayNameColumn)} ILIKE ${pattern})`);
       }
       const whereClause = conditions.length > 0 ? drizzleOrm.sql`WHERE ${drizzleOrm.sql.join(conditions, drizzleOrm.sql` AND `)}` : drizzleOrm.sql``;
-      const orderByClause = roleId ? drizzleOrm.sql`ORDER BY ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}` : drizzleOrm.sql`ORDER BY (SELECT count(*) FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(idColumn)}) DESC, ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}`;
+      const orderByClause = roleId ? drizzleOrm.sql`ORDER BY ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}` : drizzleOrm.sql`ORDER BY array_length(${drizzleOrm.sql.raw(usersTableName)}.roles, 1) DESC NULLS LAST, ${drizzleOrm.sql.raw(usersTableName)}.${drizzleOrm.sql.raw(orderColumn)} ${direction}`;
       const countResult = await this.db.execute(drizzleOrm.sql`
             SELECT count(*)::int as total FROM ${drizzleOrm.sql.raw(usersTableName)}
             ${whereClause}
@@ -10853,54 +10690,57 @@ ${tableRelations.join(",\n")}
       return row ? this.mapRowToUser(row) : null;
     }
     /**
-     * Get roles for a user from database
+     * Get roles for a user from database (inline TEXT[] column)
      */
     async getUserRoles(userId) {
-      const rolesSchema = pgCore.getTableConfig(this.rolesTable).schema || "public";
+      const usersTableName = this.getQualifiedUsersTableName();
       const result = await this.db.execute(drizzleOrm.sql`
-            SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions
-            FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."roles"`)} r
-            INNER JOIN ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
-            WHERE ur.user_id = ${userId}
+            SELECT roles FROM ${drizzleOrm.sql.raw(usersTableName)} WHERE id = ${userId}
         `);
-      return result.rows.map((row) => ({
-        id: row.id,
-        name: row.name,
-        isAdmin: row.is_admin,
-        defaultPermissions: row.default_permissions,
-        collectionPermissions: row.collection_permissions
+      if (result.rows.length === 0) return [];
+      const row = result.rows[0];
+      const roleIds = row.roles ?? [];
+      return roleIds.map((id) => ({
+        id,
+        name: id,
+        isAdmin: id === "admin",
+        defaultPermissions: null,
+        collectionPermissions: null
       }));
     }
     /**
      * Get role IDs for a user
      */
     async getUserRoleIds(userId) {
-      const roles2 = await this.getUserRoles(userId);
-      return roles2.map((r) => r.id);
+      const usersTableName = this.getQualifiedUsersTableName();
+      const result = await this.db.execute(drizzleOrm.sql`
+            SELECT roles FROM ${drizzleOrm.sql.raw(usersTableName)} WHERE id = ${userId}
+        `);
+      if (result.rows.length === 0) return [];
+      const row = result.rows[0];
+      return row.roles ?? [];
     }
     /**
-     * Set roles for a user
+     * Set roles for a user (replaces existing roles)
      */
     async setUserRoles(userId, roleIds) {
-      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
-      await this.db.execute(drizzleOrm.sql`DELETE FROM ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
-      for (const roleId of roleIds) {
-        await this.db.execute(drizzleOrm.sql`
-                INSERT INTO ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-                VALUES (${userId}, ${roleId})
-                ON CONFLICT DO NOTHING
-            `);
-      }
+      const usersTableName = this.getQualifiedUsersTableName();
+      const rolesArray = `{${roleIds.join(",")}}`;
+      await this.db.execute(drizzleOrm.sql`
+            UPDATE ${drizzleOrm.sql.raw(usersTableName)}
+            SET roles = ${rolesArray}::text[], updated_at = NOW()
+            WHERE id = ${userId}
+        `);
     }
     /**
-     * Assign a specific role to new user
+     * Assign a specific role to new user (appends if not present)
      */
     async assignDefaultRole(userId, roleId) {
-      const rolesSchema = pgCore.getTableConfig(this.userRolesTable).schema || "public";
+      const usersTableName = this.getQualifiedUsersTableName();
       await this.db.execute(drizzleOrm.sql`
-            INSERT INTO ${drizzleOrm.sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-            VALUES (${userId}, ${roleId})
-            ON CONFLICT DO NOTHING
+            UPDATE ${drizzleOrm.sql.raw(usersTableName)}
+            SET roles = array_append(roles, ${roleId}), updated_at = NOW()
+            WHERE id = ${userId} AND NOT (${roleId} = ANY(roles))
         `);
     }
     /**
@@ -10909,101 +10749,12 @@ ${tableRelations.join(",\n")}
     async getUserWithRoles(userId) {
       const user = await this.getUserById(userId);
       if (!user) return null;
-      const roles2 = await this.getUserRoles(userId);
+      const roles = await this.getUserRoles(userId);
       return {
         user,
-        roles: roles2
-      };
-    }
-  }
-  class RoleService {
-    constructor(db, tableOrTables) {
-      this.db = db;
-      if (tableOrTables && (tableOrTables.roles || tableOrTables.users)) {
-        this.rolesTable = tableOrTables.roles || roles;
-      } else {
-        this.rolesTable = tableOrTables || roles;
-      }
-    }
-    rolesTable;
-    getQualifiedRolesTableName() {
-      const name = drizzleOrm.getTableName(this.rolesTable);
-      const schema = pgCore.getTableConfig(this.rolesTable).schema || "public";
-      return `"${schema}"."${name}"`;
-    }
-    async getRoleById(id) {
-      const tableName = this.getQualifiedRolesTableName();
-      const result = await this.db.execute(drizzleOrm.sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${drizzleOrm.sql.raw(tableName)}
-            WHERE id = ${id}
-        `);
-      if (result.rows.length === 0) return null;
-      const row = result.rows[0];
-      return {
-        id: row.id,
-        name: row.name,
-        isAdmin: row.is_admin,
-        defaultPermissions: row.default_permissions,
-        collectionPermissions: row.collection_permissions
-      };
-    }
-    async listRoles() {
-      const tableName = this.getQualifiedRolesTableName();
-      const result = await this.db.execute(drizzleOrm.sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${drizzleOrm.sql.raw(tableName)}
-            ORDER BY name
-        `);
-      return result.rows.map((row) => ({
-        id: row.id,
-        name: row.name,
-        isAdmin: row.is_admin,
-        defaultPermissions: row.default_permissions,
-        collectionPermissions: row.collection_permissions
-      }));
-    }
-    async createRole(data) {
-      const tableName = this.getQualifiedRolesTableName();
-      const result = await this.db.execute(drizzleOrm.sql`
-            INSERT INTO ${drizzleOrm.sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions)
-            VALUES (
-                ${data.id},
-                ${data.name},
-                ${data.isAdmin ?? false},
-                ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : null}::jsonb,
-                ${data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null}::jsonb
-            )
-            RETURNING id, name, is_admin, default_permissions, collection_permissions
-        `);
-      const row = result.rows[0];
-      return {
-        id: row.id,
-        name: row.name,
-        isAdmin: row.is_admin,
-        defaultPermissions: row.default_permissions,
-        collectionPermissions: row.collection_permissions
+        roles
       };
     }
-    async updateRole(id, data) {
-      const existing = await this.getRoleById(id);
-      if (!existing) return null;
-      const tableName = this.getQualifiedRolesTableName();
-      await this.db.execute(drizzleOrm.sql`
-            UPDATE ${drizzleOrm.sql.raw(tableName)}
-            SET 
-                name = ${data.name ?? existing.name},
-                is_admin = ${data.isAdmin ?? existing.isAdmin},
-                default_permissions = ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : JSON.stringify(existing.defaultPermissions)}::jsonb,
-                collection_permissions = ${data.collectionPermissions !== void 0 ? data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null : existing.collectionPermissions ? JSON.stringify(existing.collectionPermissions) : null}::jsonb
-            WHERE id = ${id}
-        `);
-      return this.getRoleById(id);
-    }
-    async deleteRole(id) {
-      const tableName = this.getQualifiedRolesTableName();
-      await this.db.execute(drizzleOrm.sql`DELETE FROM ${drizzleOrm.sql.raw(tableName)} WHERE id = ${id}`);
-    }
   }
   class RefreshTokenService {
     constructor(db, tableOrTables) {
@@ -11199,11 +10950,9 @@ ${tableRelations.join(",\n")}
     constructor(db, tableOrTables) {
       this.db = db;
       this.userService = new UserService(db, tableOrTables);
-      this.roleService = new RoleService(db, tableOrTables);
       this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
     }
     userService;
-    roleService;
     tokenRepository;
     // User operations (delegate to UserService)
     async createUser(data) {
@@ -11263,25 +11012,56 @@ ${tableRelations.join(",\n")}
     async getUserWithRoles(userId) {
       return this.userService.getUserWithRoles(userId);
     }
-    // Role operations (delegate to RoleService)
+    // Role operations (roles are inline on users, synthesized from string IDs)
     async getRoleById(id) {
-      return this.roleService.getRoleById(id);
+      return {
+        id,
+        name: id,
+        isAdmin: id === "admin",
+        defaultPermissions: null,
+        collectionPermissions: null
+      };
     }
     async listRoles() {
-      return this.roleService.listRoles();
+      return [{
+        id: "admin",
+        name: "Admin",
+        isAdmin: true,
+        defaultPermissions: null,
+        collectionPermissions: null
+      }, {
+        id: "editor",
+        name: "Editor",
+        isAdmin: false,
+        defaultPermissions: null,
+        collectionPermissions: null
+      }, {
+        id: "viewer",
+        name: "Viewer",
+        isAdmin: false,
+        defaultPermissions: null,
+        collectionPermissions: null
+      }];
+    }
+    async createRole(_data) {
+      return {
+        id: _data.id,
+        name: _data.name,
+        isAdmin: _data.isAdmin ?? false,
+        defaultPermissions: _data.defaultPermissions ?? null,
+        collectionPermissions: _data.collectionPermissions ?? null
+      };
     }
-    async createRole(data) {
-      return this.roleService.createRole({
-        ...data,
+    async updateRole(id, data) {
+      return {
+        id,
+        name: data.name ?? id,
+        isAdmin: data.isAdmin ?? id === "admin",
         defaultPermissions: data.defaultPermissions ?? null,
         collectionPermissions: data.collectionPermissions ?? null
-      });
-    }
-    async updateRole(id, data) {
-      return this.roleService.updateRole(id, data);
+      };
     }
-    async deleteRole(id) {
-      await this.roleService.deleteRole(id);
+    async deleteRole(_id) {
     }
     // Token operations (delegate to PostgresTokenRepository)
     async createRefreshToken(userId, tokenHash, expiresAt, userAgent, ipAddress) {
@@ -11831,34 +11611,27 @@ ${tableRelations.join(",\n")}
         const internals = driverResult.internals;
         const db = internals.db;
         const registry = internals.registry;
-        await ensureAuthTablesExist(db, registry);
+        const authCollection = authConfig.collection;
+        await ensureAuthTablesExist(db, authCollection);
         let emailService;
         if (authConfig.email) {
           emailService = serverCore.createEmailService(authConfig.email);
         }
-        const customUsersTable = registry?.getTable("users");
-        const customRolesTable = registry?.getTable("roles");
+        const tableName = authCollection ? "table" in authCollection && typeof authCollection.table === "string" ? authCollection.table : authCollection.slug : void 0;
+        const usersTable = tableName ? registry.getTable(tableName) : void 0;
         let usersSchemaName = "rebase";
-        let rolesSchemaName = "rebase";
-        if (customUsersTable) {
-          usersSchemaName = pgCore.getTableConfig(customUsersTable).schema || "public";
+        if (authCollection && "schema" in authCollection && typeof authCollection.schema === "string") {
+          usersSchemaName = authCollection.schema;
         }
-        if (customRolesTable) {
-          rolesSchemaName = pgCore.getTableConfig(customRolesTable).schema || "public";
-        }
-        const authTables = createAuthSchema(rolesSchemaName, usersSchemaName);
-        if (customUsersTable) {
-          authTables.users = customUsersTable;
-        }
-        if (customRolesTable) {
-          authTables.roles = customRolesTable;
+        const authTables = createAuthSchema(usersSchemaName);
+        if (usersTable) {
+          authTables.users = usersTable;
         }
         const userService = new UserService(db, authTables);
-        const roleService = new RoleService(db, authTables);
         const authRepository = new PostgresAuthRepository(db, authTables);
         return {
           userService,
-          roleService,
+          roleService: userService,
           emailService,
           authRepository
         };
@@ -11962,17 +11735,12 @@ ${tableRelations.join(",\n")}
   exports2.mfaFactorsRelations = mfaFactorsRelations;
   exports2.passwordResetTokens = passwordResetTokens;
   exports2.passwordResetTokensRelations = passwordResetTokensRelations;
-  exports2.rebaseSchema = rebaseSchema;
   exports2.recoveryCodes = recoveryCodes;
   exports2.recoveryCodesRelations = recoveryCodesRelations;
   exports2.refreshTokens = refreshTokens;
   exports2.refreshTokensRelations = refreshTokensRelations;
-  exports2.roles = roles;
-  exports2.rolesRelations = rolesRelations;
   exports2.userIdentities = userIdentities;
   exports2.userIdentitiesRelations = userIdentitiesRelations;
-  exports2.userRoles = userRoles;
-  exports2.userRolesRelations = userRolesRelations;
   exports2.users = users;
   exports2.usersRelations = usersRelations;
   exports2.usersSchema = usersSchema;