@rebasepro/server-postgresql 0.3.0 → 0.5.0

package/src/auth/services.ts

@@ -1,7 +1,8 @@
 import { eq, getTableName, sql } from "drizzle-orm";
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import { getTableConfig, PgTable, AnyPgColumn } from "drizzle-orm/pg-core";
-import { users, roles, userRoles, refreshTokens, passwordResetTokens, userIdentities } from "../schema/auth-schema";
+import { getTableConfig } from "drizzle-orm/pg-core";
+import type { RebasePgTable } from "../types";
+import { users, refreshTokens, passwordResetTokens, userIdentities } from "../schema/auth-schema";
 import {
     UserRepository,
     RoleRepository,
@@ -27,16 +28,14 @@ import { toSnakeCase, camelCase } from "@rebasepro/utils";
 export type { Role };
 
 export interface AuthSchemaTables {
-    users: PgTable & Record<string, AnyPgColumn>;
-    roles: PgTable & Record<string, AnyPgColumn>;
-    userRoles: PgTable & Record<string, AnyPgColumn>;
-    refreshTokens: PgTable & Record<string, AnyPgColumn>;
-    passwordResetTokens: PgTable & Record<string, AnyPgColumn>;
-    appConfig: PgTable & Record<string, AnyPgColumn>;
-    userIdentities: PgTable & Record<string, AnyPgColumn>;
+    users: RebasePgTable;
+    refreshTokens: RebasePgTable;
+    passwordResetTokens: RebasePgTable;
+    appConfig: RebasePgTable;
+    userIdentities: RebasePgTable;
 }
 
-function getColumnKey(table: (PgTable & Record<string, AnyPgColumn>) | undefined, ...keys: string[]): string | undefined {
+function getColumnKey(table: RebasePgTable | undefined, ...keys: string[]): string | undefined {
     if (!table) return undefined;
     for (const key of keys) {
         if (key in table) return key;
@@ -48,7 +47,7 @@ function getColumnKey(table: (PgTable & Record<string, AnyPgColumn>) | undefined
     return undefined;
 }
 
-function getColumn(table: (PgTable & Record<string, AnyPgColumn>) | undefined, ...keys: string[]): AnyPgColumn | undefined {
+function getColumn(table: RebasePgTable | undefined, ...keys: string[]): RebasePgTable[string] | undefined {
     if (!table) return undefined;
     const key = getColumnKey(table, ...keys);
     return key ? table[key] : undefined;
@@ -59,27 +58,21 @@ function getColumn(table: (PgTable & Record<string, AnyPgColumn>) | undefined, .
  * Handles all user-related database operations using Drizzle ORM.
  */
 export class UserService implements UserRepository {
-    private usersTable: PgTable & Record<string, AnyPgColumn>;
-    private userIdentitiesTable: PgTable & Record<string, AnyPgColumn>;
-    private userRolesTable: PgTable & Record<string, AnyPgColumn>;
-    private rolesTable: PgTable & Record<string, AnyPgColumn>;
+    private usersTable: RebasePgTable;
+    private userIdentitiesTable: RebasePgTable;
 
     constructor(
         private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
+        tableOrTables?: RebasePgTable | Partial<AuthSchemaTables>
     ) {
-        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).users || (tableOrTables as Partial<AuthSchemaTables>).roles)) {
+        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).users)) {
             const tables = tableOrTables as Partial<AuthSchemaTables>;
-            this.usersTable = (tables.users || users) as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.userIdentitiesTable = (tables.userIdentities || userIdentities) as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.userRolesTable = (tables.userRoles || userRoles) as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.rolesTable = (tables.roles || roles) as unknown as PgTable & Record<string, AnyPgColumn>;
+            this.usersTable = (tables.users || users) as RebasePgTable;
+            this.userIdentitiesTable = (tables.userIdentities || userIdentities) as RebasePgTable;
         } else {
-            const table = tableOrTables as (PgTable & Record<string, AnyPgColumn>) | undefined;
-            this.usersTable = table || (users as unknown as PgTable & Record<string, AnyPgColumn>);
-            this.userIdentitiesTable = userIdentities as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.userRolesTable = userRoles as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.rolesTable = roles as unknown as PgTable & Record<string, AnyPgColumn>;
+            const table = tableOrTables as RebasePgTable | undefined;
+            this.usersTable = table || (users as unknown as RebasePgTable);
+            this.userIdentitiesTable = userIdentities as unknown as RebasePgTable;
         }
     }
 
@@ -90,7 +83,7 @@ export class UserService implements UserRepository {
     }
 
     private mapRowToUser(row: Record<string, unknown>): UserData {
-        if (!row) return row as unknown as UserData;
+        if (!row) return row as UserData;
 
         const id = (row.id ?? row.uid) as string;
         const email = row.email as string;
@@ -115,6 +108,7 @@ export class UserService implements UserRepository {
             "email_verification_token", "emailVerificationToken",
             "email_verification_sent_at", "emailVerificationSentAt",
             "is_anonymous", "isAnonymous",
+            "roles",
             "created_at", "createdAt",
             "updated_at", "updatedAt",
             "metadata"
@@ -315,11 +309,9 @@ export class UserService implements UserRepository {
         const idColumn = idCol ? idCol.name : "id";
 
         const usersTableName = this.getQualifiedUsersTableName();
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
-
         const conditions = [];
         if (roleId) {
-            conditions.push(sql`EXISTS (SELECT 1 FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
+            conditions.push(sql`${roleId} = ANY(${sql.raw(usersTableName)}.roles)`);
         }
         if (search) {
             const pattern = `%${search}%`;
@@ -331,7 +323,7 @@ export class UserService implements UserRepository {
         // Sorting: users with roles first if no role filter, then by requested order
         const orderByClause = roleId
             ? sql`ORDER BY ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`
-            : sql`ORDER BY (SELECT count(*) FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)}) DESC, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
+            : sql`ORDER BY array_length(${sql.raw(usersTableName)}.roles, 1) DESC NULLS LAST, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
 
         const countResult = await this.db.execute(sql`
             SELECT count(*)::int as total FROM ${sql.raw(usersTableName)}
@@ -428,23 +420,25 @@ export class UserService implements UserRepository {
     }
 
     /**
-     * Get roles for a user from database
+     * Get roles for a user from database (inline TEXT[] column)
      */
     async getUserRoles(userId: string): Promise<Role[]> {
-        const rolesSchema = getTableConfig(this.rolesTable).schema || "public";
+        const usersTableName = this.getQualifiedUsersTableName();
         const result = await this.db.execute(sql`
-            SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions
-            FROM ${sql.raw(`"${rolesSchema}"."roles"`)} r
-            INNER JOIN ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
-            WHERE ur.user_id = ${userId}
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
         `);
 
-        return (result.rows as Array<{ id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null }>).map(row => ({
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
+        if (result.rows.length === 0) return [];
+
+        const row = result.rows[0] as { roles: string[] | null };
+        const roleIds = row.roles ?? [];
+
+        return roleIds.map(id => ({
+            id,
+            name: id,
+            isAdmin: id === "admin",
+            defaultPermissions: null,
+            collectionPermissions: null
         }));
     }
 
@@ -452,37 +446,39 @@ export class UserService implements UserRepository {
      * Get role IDs for a user
      */
     async getUserRoleIds(userId: string): Promise<string[]> {
-        const roles = await this.getUserRoles(userId);
-        return roles.map(r => r.id);
+        const usersTableName = this.getQualifiedUsersTableName();
+        const result = await this.db.execute(sql`
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
+        `);
+
+        if (result.rows.length === 0) return [];
+
+        const row = result.rows[0] as { roles: string[] | null };
+        return row.roles ?? [];
     }
 
     /**
-     * Set roles for a user
+     * Set roles for a user (replaces existing roles)
      */
     async setUserRoles(userId: string, roleIds: string[]): Promise<void> {
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
-        // Delete existing roles
-        await this.db.execute(sql`DELETE FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
-
-        // Insert new roles
-        for (const roleId of roleIds) {
-            await this.db.execute(sql`
-                INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-                VALUES (${userId}, ${roleId})
-                ON CONFLICT DO NOTHING
-            `);
-        }
+        const usersTableName = this.getQualifiedUsersTableName();
+        const rolesArray = `{${roleIds.join(",")}}`;
+        await this.db.execute(sql`
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = ${rolesArray}::text[], updated_at = NOW()
+            WHERE id = ${userId}
+        `);
     }
 
     /**
-     * Assign a specific role to new user
+     * Assign a specific role to new user (appends if not present)
      */
     async assignDefaultRole(userId: string, roleId: string): Promise<void> {
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
+        const usersTableName = this.getQualifiedUsersTableName();
         await this.db.execute(sql`
-            INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-            VALUES (${userId}, ${roleId})
-            ON CONFLICT DO NOTHING
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = array_append(roles, ${roleId}), updated_at = NOW()
+            WHERE id = ${userId} AND NOT (${roleId} = ANY(roles))
         `);
     }
 
@@ -499,126 +495,19 @@ export class UserService implements UserRepository {
     }
 }
 
-/**
- * PostgreSQL implementation of RoleRepository.
- * Handles all role-related database operations using Drizzle ORM.
- */
-export class RoleService implements RoleRepository {
-    private rolesTable: PgTable & Record<string, AnyPgColumn>;
-
-    constructor(
-        private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
-    ) {
-        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).roles || (tableOrTables as Partial<AuthSchemaTables>).users)) {
-            this.rolesTable = ((tableOrTables as Partial<AuthSchemaTables>).roles || roles) as unknown as PgTable & Record<string, AnyPgColumn>;
-        } else {
-            this.rolesTable = (tableOrTables as unknown as PgTable & Record<string, AnyPgColumn>) || (roles as unknown as PgTable & Record<string, AnyPgColumn>);
-        }
-    }
-
-    private getQualifiedRolesTableName(): string {
-        const name = getTableName(this.rolesTable);
-        const schema = getTableConfig(this.rolesTable).schema || "public";
-        return `"${schema}"."${name}"`;
-    }
-
-    async getRoleById(id: string): Promise<Role | null> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            WHERE id = ${id}
-        `);
-
-        if (result.rows.length === 0) return null;
 
-        const row = result.rows[0] as { id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null };
-        return {
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        };
-    }
-
-    async listRoles(): Promise<Role[]> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            ORDER BY name
-        `);
-
-        return (result.rows as Array<{ id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null }>).map(row => ({
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        }));
-    }
-
-    async createRole(data: Omit<Role, "isAdmin" | "collectionPermissions"> & { isAdmin?: boolean; collectionPermissions?: Role["collectionPermissions"] }): Promise<Role> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            INSERT INTO ${sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions)
-            VALUES (
-                ${data.id},
-                ${data.name},
-                ${data.isAdmin ?? false},
-                ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : null}::jsonb,
-                ${data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null}::jsonb
-            )
-            RETURNING id, name, is_admin, default_permissions, collection_permissions
-        `);
-
-        const row = result.rows[0] as { id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null };
-        return {
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        };
-    }
-
-    async updateRole(id: string, data: Partial<Omit<Role, "id">>): Promise<Role | null> {
-        const existing = await this.getRoleById(id);
-        if (!existing) return null;
-
-        const tableName = this.getQualifiedRolesTableName();
-        await this.db.execute(sql`
-            UPDATE ${sql.raw(tableName)}
-            SET 
-                name = ${data.name ?? existing.name},
-                is_admin = ${data.isAdmin ?? existing.isAdmin},
-                default_permissions = ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : JSON.stringify(existing.defaultPermissions)}::jsonb,
-                collection_permissions = ${data.collectionPermissions !== undefined ? (data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null) : (existing.collectionPermissions ? JSON.stringify(existing.collectionPermissions) : null)}::jsonb
-            WHERE id = ${id}
-        `);
-
-        return this.getRoleById(id);
-    }
-
-    async deleteRole(id: string): Promise<void> {
-        const tableName = this.getQualifiedRolesTableName();
-        await this.db.execute(sql`DELETE FROM ${sql.raw(tableName)} WHERE id = ${id}`);
-    }
-}
 
 export class RefreshTokenService {
-    private refreshTokensTable: PgTable & Record<string, AnyPgColumn>;
+    private refreshTokensTable: RebasePgTable;
 
     constructor(
         private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
+        tableOrTables?: RebasePgTable | Partial<AuthSchemaTables>
     ) {
         if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).refreshTokens || (tableOrTables as Partial<AuthSchemaTables>).users)) {
-            this.refreshTokensTable = ((tableOrTables as Partial<AuthSchemaTables>).refreshTokens || refreshTokens) as unknown as PgTable & Record<string, AnyPgColumn>;
+            this.refreshTokensTable = ((tableOrTables as Partial<AuthSchemaTables>).refreshTokens || refreshTokens) as RebasePgTable;
         } else {
-            this.refreshTokensTable = (tableOrTables as unknown as PgTable & Record<string, AnyPgColumn>) || (refreshTokens as unknown as PgTable & Record<string, AnyPgColumn>);
+            this.refreshTokensTable = (tableOrTables as RebasePgTable) || (refreshTokens as unknown as RebasePgTable);
         }
     }
 
@@ -707,16 +596,16 @@ export class RefreshTokenService {
  * Password reset token service
  */
 export class PasswordResetTokenService {
-    private passwordResetTokensTable: PgTable & Record<string, AnyPgColumn>;
+    private passwordResetTokensTable: RebasePgTable;
 
     constructor(
         private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
+        tableOrTables?: RebasePgTable | Partial<AuthSchemaTables>
     ) {
         if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).passwordResetTokens || (tableOrTables as Partial<AuthSchemaTables>).users)) {
-            this.passwordResetTokensTable = ((tableOrTables as Partial<AuthSchemaTables>).passwordResetTokens || passwordResetTokens) as unknown as PgTable & Record<string, AnyPgColumn>;
+            this.passwordResetTokensTable = ((tableOrTables as Partial<AuthSchemaTables>).passwordResetTokens || passwordResetTokens) as RebasePgTable;
         } else {
-            this.passwordResetTokensTable = (tableOrTables as unknown as PgTable & Record<string, AnyPgColumn>) || (passwordResetTokens as unknown as PgTable & Record<string, AnyPgColumn>);
+            this.passwordResetTokensTable = (tableOrTables as RebasePgTable) || (passwordResetTokens as unknown as RebasePgTable);
         }
     }
 
@@ -816,7 +705,7 @@ export class PostgresTokenRepository implements TokenRepository {
 
     constructor(
         private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
+        tableOrTables?: RebasePgTable | Partial<AuthSchemaTables>
     ) {
         this.refreshTokenService = new RefreshTokenService(db, tableOrTables);
         this.passwordResetTokenService = new PasswordResetTokenService(db, tableOrTables);
@@ -878,15 +767,13 @@ export class PostgresTokenRepository implements TokenRepository {
  */
 export class PostgresAuthRepository implements AuthRepository {
     private userService: UserService;
-    private roleService: RoleService;
     private tokenRepository: PostgresTokenRepository;
 
     constructor(
         private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
+        tableOrTables?: RebasePgTable | Partial<AuthSchemaTables>
     ) {
         this.userService = new UserService(db, tableOrTables);
-        this.roleService = new RoleService(db, tableOrTables);
         this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
     }
 
@@ -968,30 +855,48 @@ export class PostgresAuthRepository implements AuthRepository {
         return this.userService.getUserWithRoles(userId);
     }
 
-    // Role operations (delegate to RoleService)
+    // Role operations (roles are inline on users, synthesized from string IDs)
 
     async getRoleById(id: string): Promise<RoleData | null> {
-        return this.roleService.getRoleById(id);
+        return {
+            id,
+            name: id,
+            isAdmin: id === "admin",
+            defaultPermissions: null,
+            collectionPermissions: null
+        };
     }
 
     async listRoles(): Promise<RoleData[]> {
-        return this.roleService.listRoles();
+        return [
+            { id: "admin", name: "Admin", isAdmin: true, defaultPermissions: null, collectionPermissions: null },
+            { id: "editor", name: "Editor", isAdmin: false, defaultPermissions: null, collectionPermissions: null },
+            { id: "viewer", name: "Viewer", isAdmin: false, defaultPermissions: null, collectionPermissions: null }
+        ];
     }
 
-    async createRole(data: CreateRoleData): Promise<RoleData> {
-        return this.roleService.createRole({
-            ...data,
-            defaultPermissions: data.defaultPermissions ?? null,
-            collectionPermissions: data.collectionPermissions ?? null
-        });
+    async createRole(_data: CreateRoleData): Promise<RoleData> {
+        return {
+            id: _data.id,
+            name: _data.name,
+            isAdmin: _data.isAdmin ?? false,
+            defaultPermissions: _data.defaultPermissions ?? null,
+            collectionPermissions: _data.collectionPermissions ?? null
+        };
     }
 
     async updateRole(id: string, data: Partial<Omit<RoleData, "id">>): Promise<RoleData | null> {
-        return this.roleService.updateRole(id, data);
+        return {
+            id,
+            name: data.name ?? id,
+            isAdmin: data.isAdmin ?? (id === "admin"),
+            defaultPermissions: data.defaultPermissions ?? null,
+            collectionPermissions: data.collectionPermissions ?? null
+        };
     }
 
-    async deleteRole(id: string): Promise<void> {
-        await this.roleService.deleteRole(id);
+    async deleteRole(_id: string): Promise<void> {
+        // No-op: roles are inline strings on users
     }
 
     // Token operations (delegate to PostgresTokenRepository)
@@ -1314,6 +1219,3 @@ export class MfaService implements MfaRepository {
 
 /** PostgreSQL user repository implementation */
 export type PostgresUserRepository = UserService;
-
-/** PostgreSQL role repository implementation */
-export type PostgresRoleRepository = RoleService;

package/src/cli.ts

@@ -436,15 +436,28 @@ async function runDrizzleKit(action: string, _rawArgs: string[]): Promise<void>
         // dotenv may not be available — fall through
     }
 
-    const interactive = ["generate", "push"].includes(action);
+    const interactive = ["generate", "push"].includes(action) && Boolean(process.stdout.isTTY);
 
     // For push: always use --strict (prompts before destructive ops) and --verbose
     // (shows all SQL). This ensures unmapped tables are never silently dropped.
     const drizzleKitArgs = [action];
     if (action === "push") {
         drizzleKitArgs.push("--strict", "--verbose");
-        if (_rawArgs.includes("--force")) {
-            drizzleKitArgs.push("--force");
+    }
+
+    // Forward any additional arguments, excluding schema-generator-specific options
+    const excludedFlags = ["--collections", "-c", "--output", "-o", "--watch", "-w"];
+    for (let i = 2; i < _rawArgs.length; i++) {
+        const arg = _rawArgs[i];
+        if (excludedFlags.includes(arg)) {
+            // Skip this flag and its value if it takes a parameter
+            if (["--collections", "-c", "--output", "-o"].includes(arg)) {
+                i++; // Skip the next arg (the value)
+            }
+            continue;
+        }
+        if (!drizzleKitArgs.includes(arg)) {
+            drizzleKitArgs.push(arg);
         }
     }
 
@@ -456,7 +469,7 @@ async function runDrizzleKit(action: string, _rawArgs: string[]): Promise<void>
                 env
             });
         } else {
-            const child = execa(drizzleKitBin, [action], {
+            const child = execa(drizzleKitBin, drizzleKitArgs, {
                 cwd: process.cwd(),
                 env,
                 reject: false
@@ -473,20 +486,28 @@ async function runDrizzleKit(action: string, _rawArgs: string[]): Promise<void>
             const stdout = stripAnsi(result.stdout || "").trim();
             const stderr = stripAnsi(result.stderr || "").trim();
 
-            if (result.exitCode !== 0) {
+            const hasTtyError = stdout.includes("Interactive prompts require a TTY terminal") || 
+                               stderr.includes("Interactive prompts require a TTY terminal");
+
+            if (result.exitCode !== 0 || hasTtyError) {
                 console.error(chalk.red(`\n✗ drizzle-kit ${action} failed.\n`));
-                const errorOutput = stderr || stdout;
-                if (errorOutput) {
-                    const lines = errorOutput.split("\n").filter((l: string) => l.trim());
-                    let printedCount = 0;
-                    for (const line of lines) {
-                        if (line.toLowerCase().includes("error") || line.includes("cannot") || line.includes("already exists") || line.includes("does not exist") || line.includes("violates") || line.includes("permission denied")) {
-                            console.error(chalk.red(`  ${line.trim()}`));
-                            printedCount++;
+                if (hasTtyError) {
+                    console.error(chalk.red("  Error: Interactive prompts require a TTY terminal."));
+                    console.error(chalk.gray("  Please run with --force to skip interactive prompts or run in an interactive terminal."));
+                } else {
+                    const errorOutput = stderr || stdout;
+                    if (errorOutput) {
+                        const lines = errorOutput.split("\n").filter((l: string) => l.trim());
+                        let printedCount = 0;
+                        for (const line of lines) {
+                            if (line.toLowerCase().includes("error") || line.includes("cannot") || line.includes("already exists") || line.includes("does not exist") || line.includes("violates") || line.includes("permission denied")) {
+                                console.error(chalk.red(`  ${line.trim()}`));
+                                printedCount++;
+                            }
+                        }
+                        if (printedCount === 0) {
+                            lines.slice(0, 10).forEach(line => console.error(chalk.red(`  ${line.trim()}`)));
                         }
-                    }
-                    if (printedCount === 0) {
-                        lines.slice(0, 10).forEach(line => console.error(chalk.red(`  ${line.trim()}`)));
                     }
                 }
                 console.error("");
@@ -498,15 +519,21 @@ async function runDrizzleKit(action: string, _rawArgs: string[]): Promise<void>
         // eslint-disable-next-line no-control-regex
         const stripAnsi = (s: string) => s.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "").replace(/\[?[⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏⣷⣯⣟⡿⢿⣻⣽]+\]\s*/g, "");
         const cleaned = stripAnsi(msg).trim();
+        const hasTtyError = cleaned.includes("Interactive prompts require a TTY terminal");
         console.error(chalk.red(`\n✗ drizzle-kit ${action} failed.\n`));
-        const lines = cleaned.split("\n").filter((l: string) => l.trim());
-        for (const line of lines) {
-            if (line.toLowerCase().includes("error") || line.includes("cannot") || line.includes("already exists") || line.includes("does not exist") || line.includes("violates")) {
-                console.error(chalk.red(`  ${line.trim()}`));
+        if (hasTtyError) {
+            console.error(chalk.red("  Error: Interactive prompts require a TTY terminal."));
+            console.error(chalk.gray("  Please run with --force to skip interactive prompts or run in an interactive terminal."));
+        } else {
+            const lines = cleaned.split("\n").filter((l: string) => l.trim());
+            for (const line of lines) {
+                if (line.toLowerCase().includes("error") || line.includes("cannot") || line.includes("already exists") || line.includes("does not exist") || line.includes("violates")) {
+                    console.error(chalk.red(`  ${line.trim()}`));
+                }
+            }
+            if (lines.length === 0) {
+                console.error(chalk.gray(`  ${cleaned}`));
             }
-        }
-        if (lines.length === 0) {
-            console.error(chalk.gray(`  ${cleaned}`));
         }
         console.error("");
         process.exit(1);