npm - @runa-ai/runa-cli - Versions diffs - 0.10.1 → 0.10.2 - Mend

@runa-ai/runa-cli 0.10.1 → 0.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/{db-PRGL7PBX.js → db-4AGPISOW.js} RENAMED Viewed

@@ -1,16 +1,16 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
 import { detectDatabaseStack, getStackPaths } from './chunk-MILCC3B6.js';
-import { categorizeRisks, detectSchemaRisks } from './chunk-PAWNJA3N.js';
-import { isExecaError, resolveDbPreviewEnvironment, buildDbPlanCommandLabel, runDbApply, buildDbApplyCliError, DbPlanOutputSchema, parseDbPreviewProfile, DEFAULT_DB_PREVIEW_PROFILE, getDbPreviewModeLabel, buildDbPreviewCommandLabel, isCompareOnlyPreviewProfile, DbApplyOutputSchema, applyCommand, getDbPreviewIdempotentSchemaCount, classifyDbSyncCommandFailure, getDbSyncFallbackSuggestions, detectAppSchemas, normalizeDatabaseUrlForDdl, analyzeDuplicateFunctionOwnership, formatDuplicateFunctionOwnershipFinding, reviewDeclarativeDependencyWarnings, logDeclarativeDependencyWarnings, buildDeclarativeDependencyWarningFailureLines, parsePlanOutput, validateDependencyOrder, getBoundaryPolicy, resolveProductionApplyStrictMode, findDeclarativeRiskAllowlistMatch, assertBoundaryPolicyUsable, assertBoundaryPolicyQualityGate, formatSchemasForSql, findDirectoryPlacementAllowlistMatch, formatAllowlistMetadata, assessPlanSize, formatPlanSizeSummary, extractFunctionOwnershipDefinition } from './chunk-XRLIZKB2.js';
+import { categorizeRisks, detectSchemaRisks } from './chunk-XFXGFUAM.js';
+import { isExecaError, resolveDbPreviewEnvironment, buildDbPlanCommandLabel, runDbApply, buildDbApplyCliError, DbPlanOutputSchema, parseDbPreviewProfile, DEFAULT_DB_PREVIEW_PROFILE, getDbPreviewModeLabel, buildDbPreviewCommandLabel, isCompareOnlyPreviewProfile, DbApplyOutputSchema, applyCommand, getDbPreviewIdempotentSchemaCount, classifyDbSyncCommandFailure, getDbSyncFallbackSuggestions, detectAppSchemas, normalizeDatabaseUrlForDdl, analyzeDuplicateFunctionOwnership, formatDuplicateFunctionOwnershipFinding, reviewDeclarativeDependencyWarnings, logDeclarativeDependencyWarnings, buildDeclarativeDependencyWarningFailureLines, parsePlanOutput, validateDependencyOrder, getBoundaryPolicy, resolveProductionApplyStrictMode, findDeclarativeRiskAllowlistMatch, assertBoundaryPolicyUsable, assertBoundaryPolicyQualityGate, formatSchemasForSql, findDirectoryPlacementAllowlistMatch, formatAllowlistMetadata, assessPlanSize, formatPlanSizeSummary, extractFunctionOwnershipDefinition } from './chunk-LCJNIHZY.js';
 import { createError } from './chunk-NIS77243.js';
 import { resolveDatabaseUrl, resolveDatabaseTarget, tryResolveDatabaseUrl } from './chunk-WGRVAGSR.js';
 export { resolveDatabaseUrl, tryResolveDatabaseUrl } from './chunk-WGRVAGSR.js';
 import { analyzeDeclarativeDependencyContract, formatDeclarativeDependencyViolation, parseSqlFilename, collectSqlFiles, splitSqlStatements, ALLOW_DYNAMIC_SQL_ANNOTATION, extractFirstDollarBody, sanitizeExecutableCode, detectExtensionFilePath, FUNCTION_DEFINITION_RE, blankQuotedStrings, sanitizeExecutableCodePreserveStrings, countNewlines, shouldReviewUnknownDeclarativeDdl, extractDdlObject, isNonSchemaOperation, isNonDdlMaintenanceStatement, shouldReviewUnknownIdempotentDdl } from './chunk-HWR5NUUZ.js';
 import './chunk-UHDAYPHH.js';
-import './chunk-Y5ANTCKE.js';
+import './chunk-EZ46JIEO.js';
 import { loadEnvFiles } from './chunk-IWVXI5O4.js';
-import './chunk-ZPE52NEK.js';
+import './chunk-IR7SA2ME.js';
 import { diagnoseSupabaseStart } from './chunk-AAIE4F2U.js';
 import { validateUserFilePath, filterSafePaths, resolveSafePath } from './chunk-B7C7CLW2.js';
 import { runMachine } from './chunk-QDF7QXBL.js';
@@ -1848,6 +1848,10 @@ async function collectSchemaRisks(sqlDir, sqlFiles) {
   }
   return allRisks;
 }
+function filterAllowlistedSchemaRisks(risks) {
+  const policy = getBoundaryPolicy();
+  return risks.filter((risk) => !findDeclarativeRiskAllowlistMatch(risk, policy));
+}
 function summarizeRisks(risks) {
   const summaries = /* @__PURE__ */ new Map();
   for (const risk of risks) {
@@ -1966,7 +1970,7 @@ async function runSqlSchemaRiskCheck(result, logger4, step) {
   const sqlFiles = getDeclarativeSqlFiles(sqlDir, logger4);
   if (!sqlFiles) return;
   try {
-    const allRisks = await collectSchemaRisks(sqlDir, sqlFiles);
+    const allRisks = filterAllowlistedSchemaRisks(await collectSchemaRisks(sqlDir, sqlFiles));
     if (allRisks.length === 0) {
       logger4.success(`Scanned ${sqlFiles.length} SQL file(s) - no violations`);
       return;
@@ -2653,18 +2657,326 @@ async function runDeclarativeDependencyCheck(result, logger4, step, strictOption
 // src/commands/db/utils/preflight-checks/duplicate-function-ownership-checks.ts
 init_esm_shims();
+// src/commands/db/utils/duplicate-function-ownership-allowlist.ts
+init_esm_shims();
+// src/commands/db/sync/schema-guardrail-config.ts
+init_esm_shims();
+// src/commands/db/sync/schema-guardrail-config-test-support.ts
+init_esm_shims();
+function extractFirstStringMatch(content, fieldName) {
+  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*['"]([^'"]+)['"]`));
+  return match?.[1];
+}
+function extractFirstNumberMatch(content, fieldName) {
+  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*(-?\\d+(?:\\.\\d+)?)`));
+  if (!match?.[1]) {
+    return void 0;
+  }
+  const parsed = Number(match[1]);
+  return Number.isFinite(parsed) ? parsed : void 0;
+}
+function extractStringArrayMatch(content, fieldName) {
+  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*\\[([\\s\\S]*?)\\]`));
+  if (!match?.[1]) {
+    return [];
+  }
+  return Array.from(match[1].matchAll(/['"]([^'"]+)['"]/g), (entry) => entry[1] ?? "").filter(
+    (value) => value.length > 0
+  );
+}
+function extractNamedObjectBlock(content, fieldName) {
+  const nameMatch = new RegExp(`${fieldName}\\s*:\\s*\\{`).exec(content);
+  if (!nameMatch) {
+    return null;
+  }
+  const startIndex = nameMatch.index + nameMatch[0].length - 1;
+  let depth = 0;
+  for (let index = startIndex; index < content.length; index += 1) {
+    const current = content[index];
+    if (current === "{") {
+      depth += 1;
+    } else if (current === "}") {
+      depth -= 1;
+      if (depth === 0) {
+        return content.slice(startIndex + 1, index);
+      }
+    }
+  }
+  return null;
+}
+function extractAllowedDuplicateFunctions(content, normalizers) {
+  const match = content.match(/allowedDuplicateFunctions\s*:\s*\[([\s\S]*?)\]/);
+  if (!match?.[1]) {
+    return [];
+  }
+  const entries = [];
+  for (const objectMatch of match[1].matchAll(/\{([\s\S]*?)\}/g)) {
+    const objectBody = objectMatch[1] ?? "";
+    const qualifiedName = extractFirstStringMatch(objectBody, "qualifiedName");
+    const signature = extractFirstStringMatch(objectBody, "signature");
+    const reason = extractFirstStringMatch(objectBody, "reason");
+    if (!qualifiedName || !signature || !reason) {
+      continue;
+    }
+    entries.push({
+      qualifiedName: normalizers.normalizeFunctionQualifiedName(qualifiedName),
+      signature: normalizers.normalizeAllowlistSignature(signature),
+      reason,
+      declarativeFile: extractFirstStringMatch(objectBody, "declarativeFile"),
+      idempotentFile: extractFirstStringMatch(objectBody, "idempotentFile"),
+      expectedBodyHash: extractFirstStringMatch(objectBody, "expectedBodyHash")
+    });
+  }
+  return entries;
+}
+function tryLoadSchemaGuardrailConfigFromText(params) {
+  const configPath = findRunaConfig(params.targetDir);
+  if (!configPath || !existsSync(configPath)) {
+    return null;
+  }
+  try {
+    const content = readFileSync(configPath, "utf-8");
+    const schemaGuardrailsBlock = extractNamedObjectBlock(content, "schemaGuardrails") ?? "";
+    const pgSchemaDiffBlock = extractNamedObjectBlock(content, "pgSchemaDiff") ?? "";
+    return {
+      ...params.defaults,
+      declarativeSqlDir: extractFirstStringMatch(schemaGuardrailsBlock, "declarativeSqlDir") ?? params.defaults.declarativeSqlDir,
+      allowedDuplicateFunctions: extractAllowedDuplicateFunctions(
+        schemaGuardrailsBlock,
+        params.normalizers
+      ),
+      generatedHeaderRewriteTargets: params.normalizers.normalizeFileList(
+        extractStringArrayMatch(schemaGuardrailsBlock, "generatedHeaderRewriteTargets").map(
+          (value) => params.normalizers.normalizePathForMatch(value)
+        )
+      ),
+      semanticWarnings: {
+        threshold: extractFirstNumberMatch(schemaGuardrailsBlock, "threshold") ?? params.defaults.semanticWarnings.threshold,
+        maxCandidates: extractFirstNumberMatch(schemaGuardrailsBlock, "maxCandidates") ?? params.defaults.semanticWarnings.maxCandidates,
+        ignorePairs: new Set(
+          extractStringArrayMatch(schemaGuardrailsBlock, "ignorePairs").map(
+            (value) => params.normalizers.normalizeSuppressionPair(value)
+          )
+        )
+      },
+      tableHeaderMaxWidth: extractFirstNumberMatch(schemaGuardrailsBlock, "tableHeaderMaxWidth") ?? params.defaults.tableHeaderMaxWidth,
+      excludeFromOrphanDetection: extractStringArrayMatch(
+        pgSchemaDiffBlock,
+        "excludeFromOrphanDetection"
+      ),
+      idempotentSqlDir: extractFirstStringMatch(pgSchemaDiffBlock, "idempotentSqlDir") ?? params.defaults.idempotentSqlDir
+    };
+  } catch {
+    return null;
+  }
+}
+// src/commands/db/sync/schema-guardrail-config.ts
+var DEFAULT_TABLE_HEADER_MAX_WIDTH = 160;
+var DEFAULT_SEMANTIC_WARNING_THRESHOLD = 0.55;
+var DEFAULT_SEMANTIC_WARNING_MAX_CANDIDATES = 3;
+var GENERIC_SIMILARITY_COLUMNS = /* @__PURE__ */ new Set([
+  "id",
+  "created_at",
+  "updated_at",
+  "deleted_at",
+  "scope_id"
+]);
+function normalizePathForMatch(filePath) {
+  return filePath.replaceAll("\\", "/");
+}
+function normalizeFunctionQualifiedName(value) {
+  return value.trim().toLowerCase();
+}
+function normalizeAllowlistSignature(value) {
+  return value.replace(/\s+/g, " ").trim();
+}
+function normalizeSuppressionPair(value) {
+  return value.split("::").map((part) => part.trim().toLowerCase()).filter((part) => part.length > 0).sort((left, right) => left.localeCompare(right)).join("::");
+}
+function normalizeFileList(files) {
+  return [...new Set(files)].sort((a, b) => a.localeCompare(b));
+}
+function isSchemaGuardrailTextFallbackAllowed() {
+  return Boolean(process.env.VITEST);
+}
+function createDefaultSchemaGuardrailConfig() {
+  return {
+    declarativeSqlDir: "supabase/schemas/declarative",
+    allowedDuplicateFunctions: [],
+    generatedHeaderRewriteTargets: [],
+    semanticWarnings: {
+      threshold: DEFAULT_SEMANTIC_WARNING_THRESHOLD,
+      maxCandidates: DEFAULT_SEMANTIC_WARNING_MAX_CANDIDATES,
+      ignorePairs: /* @__PURE__ */ new Set()
+    },
+    tableHeaderMaxWidth: DEFAULT_TABLE_HEADER_MAX_WIDTH,
+    excludeFromOrphanDetection: [],
+    idempotentSqlDir: "supabase/schemas/idempotent"
+  };
+}
+function loadAllowedDuplicatesFromSchemaOwnership(targetDir) {
+  const candidates = [
+    join(targetDir, "supabase", "schemas", "schema-ownership.json"),
+    join(targetDir, "schema-ownership.json")
+  ];
+  for (const filePath of candidates) {
+    if (!existsSync(filePath)) continue;
+    try {
+      const raw = JSON.parse(readFileSync(filePath, "utf-8"));
+      const allowedDuplicates = raw?.rules?.allowed_duplicates;
+      if (!Array.isArray(allowedDuplicates)) continue;
+      return allowedDuplicates.filter(
+        (entry) => typeof entry === "object" && entry !== null && "qualifiedName" in entry && typeof entry.qualifiedName === "string"
+      ).map((entry) => ({
+        qualifiedName: normalizeFunctionQualifiedName(entry.qualifiedName),
+        signature: normalizeAllowlistSignature(entry.signature ?? ""),
+        reason: entry.reason ?? "Loaded from schema-ownership.json"
+      }));
+    } catch {
+    }
+  }
+  return [];
+}
+function loadSchemaGuardrailConfig(targetDir) {
+  const defaults = createDefaultSchemaGuardrailConfig();
+  try {
+    const config = loadRunaConfig(targetDir);
+    const databaseConfig = config.database ?? {};
+    return {
+      declarativeSqlDir: databaseConfig.schemaGuardrails?.declarativeSqlDir ?? defaults.declarativeSqlDir,
+      allowedDuplicateFunctions: [
+        ...databaseConfig.schemaGuardrails?.allowedDuplicateFunctions?.map((entry) => ({
+          ...entry,
+          qualifiedName: normalizeFunctionQualifiedName(entry.qualifiedName),
+          signature: normalizeAllowlistSignature(entry.signature),
+          declarativeFile: entry.declarativeFile ? normalizePathForMatch(entry.declarativeFile) : void 0,
+          idempotentFile: entry.idempotentFile ? normalizePathForMatch(entry.idempotentFile) : void 0
+        })) ?? [],
+        // Fallback: merge schema-ownership.json allowed_duplicates if present
+        ...loadAllowedDuplicatesFromSchemaOwnership(targetDir)
+      ],
+      generatedHeaderRewriteTargets: normalizeFileList(
+        (databaseConfig.schemaGuardrails?.generatedHeaderRewriteTargets ?? []).map(
+          (value) => normalizePathForMatch(value)
+        )
+      ),
+      semanticWarnings: {
+        threshold: databaseConfig.schemaGuardrails?.semanticWarnings?.threshold ?? defaults.semanticWarnings.threshold,
+        maxCandidates: databaseConfig.schemaGuardrails?.semanticWarnings?.maxCandidates ?? defaults.semanticWarnings.maxCandidates,
+        ignorePairs: new Set(
+          (databaseConfig.schemaGuardrails?.semanticWarnings?.ignorePairs ?? []).map(
+            (value) => normalizeSuppressionPair(value)
+          )
+        )
+      },
+      tableHeaderMaxWidth: databaseConfig.schemaGuardrails?.tableHeaderMaxWidth ?? defaults.tableHeaderMaxWidth,
+      excludeFromOrphanDetection: databaseConfig.pgSchemaDiff?.excludeFromOrphanDetection ?? [],
+      idempotentSqlDir: databaseConfig.pgSchemaDiff?.idempotentSqlDir ?? defaults.idempotentSqlDir
+    };
+  } catch (error) {
+    if (isSchemaGuardrailTextFallbackAllowed()) {
+      return tryLoadSchemaGuardrailConfigFromText({
+        targetDir,
+        defaults,
+        normalizers: {
+          normalizeAllowlistSignature,
+          normalizeFileList,
+          normalizeFunctionQualifiedName,
+          normalizePathForMatch,
+          normalizeSuppressionPair
+        }
+      }) ?? defaults;
+    }
+    throw error;
+  }
+}
+// src/commands/db/utils/duplicate-function-ownership-allowlist.ts
+function matchesDuplicateFunctionSignature(params) {
+  return normalizeFunctionQualifiedName(params.entry.qualifiedName) === normalizeFunctionQualifiedName(params.finding.qualifiedName) && normalizeAllowlistSignature(params.entry.signature) === normalizeAllowlistSignature(params.finding.signature ?? "");
+}
+function matchesOptionalFilePath(params) {
+  if (!params.configuredPath) {
+    return true;
+  }
+  return params.definitionFiles.some(
+    (filePath) => normalizePathForMatch(filePath) === params.configuredPath
+  );
+}
+function matchesExpectedBodyHash(params) {
+  if (!params.entry.expectedBodyHash || !params.bodyHashes) {
+    return true;
+  }
+  const definitions = [
+    ...params.finding.declarativeDefinitions,
+    ...params.finding.idempotentDefinitions
+  ];
+  if (definitions.length === 0) {
+    return false;
+  }
+  return definitions.every((definition) => {
+    const key = `${definition.layer}:${definition.file}:${definition.line}`;
+    return params.bodyHashes?.get(key) === params.entry.expectedBodyHash;
+  });
+}
+function isAllowlistedDuplicateFunction(params) {
+  const { finding, allowlist, bodyHashes } = params;
+  if (!finding.signature) return false;
+  return allowlist.some((entry) => {
+    if (!matchesDuplicateFunctionSignature({ entry, finding })) {
+      return false;
+    }
+    if (!matchesOptionalFilePath({
+      configuredPath: entry.declarativeFile,
+      definitionFiles: finding.declarativeDefinitions.map((definition) => definition.file)
+    })) {
+      return false;
+    }
+    if (!matchesOptionalFilePath({
+      configuredPath: entry.idempotentFile,
+      definitionFiles: finding.idempotentDefinitions.map((definition) => definition.file)
+    })) {
+      return false;
+    }
+    return matchesExpectedBodyHash({ entry, finding, bodyHashes });
+  });
+}
+function filterAllowlistedDuplicateFunctions(params) {
+  return params.findings.filter(
+    (finding) => !isAllowlistedDuplicateFunction({
+      finding,
+      allowlist: params.allowlist,
+      bodyHashes: params.bodyHashes
+    })
+  );
+}
+// src/commands/db/utils/preflight-checks/duplicate-function-ownership-checks.ts
 async function runDuplicateFunctionOwnershipCheck(result, logger4, step) {
   logger4.step("Checking duplicate function ownership", step.next());
   const analysis = analyzeDuplicateFunctionOwnership(process.cwd());
-  if (analysis.findings.length === 0) {
+  let findings = analysis.findings;
+  try {
+    const allowlist = loadSchemaGuardrailConfig(process.cwd()).allowedDuplicateFunctions;
+    findings = filterAllowlistedDuplicateFunctions({
+      findings,
+      allowlist
+    });
+  } catch {
+  }
+  if (findings.length === 0) {
     logger4.success("No duplicate declarative/idempotent function ownership detected");
     return;
   }
   result.passed = false;
-  result.errors.push(`Found ${analysis.findings.length} duplicate function ownership finding(s)`);
-  logger4.error(`Found ${analysis.findings.length} duplicate function ownership finding(s):`);
+  result.errors.push(`Found ${findings.length} duplicate function ownership finding(s)`);
+  logger4.error(`Found ${findings.length} duplicate function ownership finding(s):`);
   logger4.info(`  ${analysis.contractNote}`);
-  for (const finding of analysis.findings) {
+  for (const finding of findings) {
     const formatted = formatDuplicateFunctionOwnershipFinding(finding);
     logger4.info(`  [ERROR] ${formatted.summary}`);
     for (const location of formatted.declarativeLocations) {
@@ -3884,7 +4196,7 @@ init_esm_shims();
 var riskDetectorLoader = null;
 function loadRiskDetectorModule() {
   if (!riskDetectorLoader) {
-    riskDetectorLoader = import('./risk-detector-S7XQF4I2.js').then((module) => ({
+    riskDetectorLoader = import('./risk-detector-GDDLISVE.js').then((module) => ({
       detectSchemaRisks: module.detectSchemaRisks
     })).catch((error) => {
       riskDetectorLoader = null;
@@ -5124,240 +5436,6 @@ init_esm_shims();
 // src/commands/db/sync/schema-guardrail.ts
 init_esm_shims();
-// src/commands/db/sync/schema-guardrail-config.ts
-init_esm_shims();
-// src/commands/db/sync/schema-guardrail-config-test-support.ts
-init_esm_shims();
-function extractFirstStringMatch(content, fieldName) {
-  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*['"]([^'"]+)['"]`));
-  return match?.[1];
-}
-function extractFirstNumberMatch(content, fieldName) {
-  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*(-?\\d+(?:\\.\\d+)?)`));
-  if (!match?.[1]) {
-    return void 0;
-  }
-  const parsed = Number(match[1]);
-  return Number.isFinite(parsed) ? parsed : void 0;
-}
-function extractStringArrayMatch(content, fieldName) {
-  const match = content.match(new RegExp(`${fieldName}\\s*:\\s*\\[([\\s\\S]*?)\\]`));
-  if (!match?.[1]) {
-    return [];
-  }
-  return Array.from(match[1].matchAll(/['"]([^'"]+)['"]/g), (entry) => entry[1] ?? "").filter(
-    (value) => value.length > 0
-  );
-}
-function extractNamedObjectBlock(content, fieldName) {
-  const nameMatch = new RegExp(`${fieldName}\\s*:\\s*\\{`).exec(content);
-  if (!nameMatch) {
-    return null;
-  }
-  const startIndex = nameMatch.index + nameMatch[0].length - 1;
-  let depth = 0;
-  for (let index = startIndex; index < content.length; index += 1) {
-    const current = content[index];
-    if (current === "{") {
-      depth += 1;
-    } else if (current === "}") {
-      depth -= 1;
-      if (depth === 0) {
-        return content.slice(startIndex + 1, index);
-      }
-    }
-  }
-  return null;
-}
-function extractAllowedDuplicateFunctions(content, normalizers) {
-  const match = content.match(/allowedDuplicateFunctions\s*:\s*\[([\s\S]*?)\]/);
-  if (!match?.[1]) {
-    return [];
-  }
-  const entries = [];
-  for (const objectMatch of match[1].matchAll(/\{([\s\S]*?)\}/g)) {
-    const objectBody = objectMatch[1] ?? "";
-    const qualifiedName = extractFirstStringMatch(objectBody, "qualifiedName");
-    const signature = extractFirstStringMatch(objectBody, "signature");
-    const reason = extractFirstStringMatch(objectBody, "reason");
-    if (!qualifiedName || !signature || !reason) {
-      continue;
-    }
-    entries.push({
-      qualifiedName: normalizers.normalizeFunctionQualifiedName(qualifiedName),
-      signature: normalizers.normalizeAllowlistSignature(signature),
-      reason,
-      declarativeFile: extractFirstStringMatch(objectBody, "declarativeFile"),
-      idempotentFile: extractFirstStringMatch(objectBody, "idempotentFile"),
-      expectedBodyHash: extractFirstStringMatch(objectBody, "expectedBodyHash")
-    });
-  }
-  return entries;
-}
-function tryLoadSchemaGuardrailConfigFromText(params) {
-  const configPath = findRunaConfig(params.targetDir);
-  if (!configPath || !existsSync(configPath)) {
-    return null;
-  }
-  try {
-    const content = readFileSync(configPath, "utf-8");
-    const schemaGuardrailsBlock = extractNamedObjectBlock(content, "schemaGuardrails") ?? "";
-    const pgSchemaDiffBlock = extractNamedObjectBlock(content, "pgSchemaDiff") ?? "";
-    return {
-      ...params.defaults,
-      declarativeSqlDir: extractFirstStringMatch(schemaGuardrailsBlock, "declarativeSqlDir") ?? params.defaults.declarativeSqlDir,
-      allowedDuplicateFunctions: extractAllowedDuplicateFunctions(
-        schemaGuardrailsBlock,
-        params.normalizers
-      ),
-      generatedHeaderRewriteTargets: params.normalizers.normalizeFileList(
-        extractStringArrayMatch(schemaGuardrailsBlock, "generatedHeaderRewriteTargets").map(
-          (value) => params.normalizers.normalizePathForMatch(value)
-        )
-      ),
-      semanticWarnings: {
-        threshold: extractFirstNumberMatch(schemaGuardrailsBlock, "threshold") ?? params.defaults.semanticWarnings.threshold,
-        maxCandidates: extractFirstNumberMatch(schemaGuardrailsBlock, "maxCandidates") ?? params.defaults.semanticWarnings.maxCandidates,
-        ignorePairs: new Set(
-          extractStringArrayMatch(schemaGuardrailsBlock, "ignorePairs").map(
-            (value) => params.normalizers.normalizeSuppressionPair(value)
-          )
-        )
-      },
-      tableHeaderMaxWidth: extractFirstNumberMatch(schemaGuardrailsBlock, "tableHeaderMaxWidth") ?? params.defaults.tableHeaderMaxWidth,
-      excludeFromOrphanDetection: extractStringArrayMatch(
-        pgSchemaDiffBlock,
-        "excludeFromOrphanDetection"
-      ),
-      idempotentSqlDir: extractFirstStringMatch(pgSchemaDiffBlock, "idempotentSqlDir") ?? params.defaults.idempotentSqlDir
-    };
-  } catch {
-    return null;
-  }
-}
-// src/commands/db/sync/schema-guardrail-config.ts
-var DEFAULT_TABLE_HEADER_MAX_WIDTH = 160;
-var DEFAULT_SEMANTIC_WARNING_THRESHOLD = 0.55;
-var DEFAULT_SEMANTIC_WARNING_MAX_CANDIDATES = 3;
-var GENERIC_SIMILARITY_COLUMNS = /* @__PURE__ */ new Set([
-  "id",
-  "created_at",
-  "updated_at",
-  "deleted_at",
-  "scope_id"
-]);
-function normalizePathForMatch(filePath) {
-  return filePath.replaceAll("\\", "/");
-}
-function normalizeFunctionQualifiedName(value) {
-  return value.trim().toLowerCase();
-}
-function normalizeAllowlistSignature(value) {
-  return value.replace(/\s+/g, " ").trim();
-}
-function normalizeSuppressionPair(value) {
-  return value.split("::").map((part) => part.trim().toLowerCase()).filter((part) => part.length > 0).sort((left, right) => left.localeCompare(right)).join("::");
-}
-function normalizeFileList(files) {
-  return [...new Set(files)].sort((a, b) => a.localeCompare(b));
-}
-function isSchemaGuardrailTextFallbackAllowed() {
-  return Boolean(process.env.VITEST);
-}
-function createDefaultSchemaGuardrailConfig() {
-  return {
-    declarativeSqlDir: "supabase/schemas/declarative",
-    allowedDuplicateFunctions: [],
-    generatedHeaderRewriteTargets: [],
-    semanticWarnings: {
-      threshold: DEFAULT_SEMANTIC_WARNING_THRESHOLD,
-      maxCandidates: DEFAULT_SEMANTIC_WARNING_MAX_CANDIDATES,
-      ignorePairs: /* @__PURE__ */ new Set()
-    },
-    tableHeaderMaxWidth: DEFAULT_TABLE_HEADER_MAX_WIDTH,
-    excludeFromOrphanDetection: [],
-    idempotentSqlDir: "supabase/schemas/idempotent"
-  };
-}
-function loadAllowedDuplicatesFromSchemaOwnership(targetDir) {
-  const candidates = [
-    join(targetDir, "supabase", "schemas", "schema-ownership.json"),
-    join(targetDir, "schema-ownership.json")
-  ];
-  for (const filePath of candidates) {
-    if (!existsSync(filePath)) continue;
-    try {
-      const raw = JSON.parse(readFileSync(filePath, "utf-8"));
-      const allowedDuplicates = raw?.rules?.allowed_duplicates;
-      if (!Array.isArray(allowedDuplicates)) continue;
-      return allowedDuplicates.filter(
-        (entry) => typeof entry === "object" && entry !== null && "qualifiedName" in entry && typeof entry.qualifiedName === "string"
-      ).map((entry) => ({
-        qualifiedName: normalizeFunctionQualifiedName(entry.qualifiedName),
-        signature: normalizeAllowlistSignature(entry.signature ?? ""),
-        reason: entry.reason ?? "Loaded from schema-ownership.json"
-      }));
-    } catch {
-    }
-  }
-  return [];
-}
-function loadSchemaGuardrailConfig(targetDir) {
-  const defaults = createDefaultSchemaGuardrailConfig();
-  try {
-    const config = loadRunaConfig(targetDir);
-    const databaseConfig = config.database ?? {};
-    return {
-      declarativeSqlDir: databaseConfig.schemaGuardrails?.declarativeSqlDir ?? defaults.declarativeSqlDir,
-      allowedDuplicateFunctions: [
-        ...databaseConfig.schemaGuardrails?.allowedDuplicateFunctions?.map((entry) => ({
-          ...entry,
-          qualifiedName: normalizeFunctionQualifiedName(entry.qualifiedName),
-          signature: normalizeAllowlistSignature(entry.signature),
-          declarativeFile: entry.declarativeFile ? normalizePathForMatch(entry.declarativeFile) : void 0,
-          idempotentFile: entry.idempotentFile ? normalizePathForMatch(entry.idempotentFile) : void 0
-        })) ?? [],
-        // Fallback: merge schema-ownership.json allowed_duplicates if present
-        ...loadAllowedDuplicatesFromSchemaOwnership(targetDir)
-      ],
-      generatedHeaderRewriteTargets: normalizeFileList(
-        (databaseConfig.schemaGuardrails?.generatedHeaderRewriteTargets ?? []).map(
-          (value) => normalizePathForMatch(value)
-        )
-      ),
-      semanticWarnings: {
-        threshold: databaseConfig.schemaGuardrails?.semanticWarnings?.threshold ?? defaults.semanticWarnings.threshold,
-        maxCandidates: databaseConfig.schemaGuardrails?.semanticWarnings?.maxCandidates ?? defaults.semanticWarnings.maxCandidates,
-        ignorePairs: new Set(
-          (databaseConfig.schemaGuardrails?.semanticWarnings?.ignorePairs ?? []).map(
-            (value) => normalizeSuppressionPair(value)
-          )
-        )
-      },
-      tableHeaderMaxWidth: databaseConfig.schemaGuardrails?.tableHeaderMaxWidth ?? defaults.tableHeaderMaxWidth,
-      excludeFromOrphanDetection: databaseConfig.pgSchemaDiff?.excludeFromOrphanDetection ?? [],
-      idempotentSqlDir: databaseConfig.pgSchemaDiff?.idempotentSqlDir ?? defaults.idempotentSqlDir
-    };
-  } catch (error) {
-    if (isSchemaGuardrailTextFallbackAllowed()) {
-      return tryLoadSchemaGuardrailConfigFromText({
-        targetDir,
-        defaults,
-        normalizers: {
-          normalizeAllowlistSignature,
-          normalizeFileList,
-          normalizeFunctionQualifiedName,
-          normalizePathForMatch,
-          normalizeSuppressionPair
-        }
-      }) ?? defaults;
-    }
-    throw error;
-  }
-}
 // src/commands/db/sync/schema-guardrail-graph.ts
 init_esm_shims();
@@ -5960,37 +6038,6 @@ function buildFunctionBodyHashMap(files, layer) {
   }
   return hashes;
 }
-function isAllowlistedDuplicateFunction(params) {
-  const { finding, allowlist, bodyHashes } = params;
-  if (!finding.signature) return false;
-  return allowlist.some((entry) => {
-    if (normalizeFunctionQualifiedName(entry.qualifiedName) !== normalizeFunctionQualifiedName(finding.qualifiedName)) {
-      return false;
-    }
-    if (normalizeAllowlistSignature(entry.signature) !== normalizeAllowlistSignature(finding.signature ?? "")) {
-      return false;
-    }
-    if (entry.declarativeFile && !finding.declarativeDefinitions.some(
-      (definition) => normalizePathForMatch(definition.file) === entry.declarativeFile
-    )) {
-      return false;
-    }
-    if (entry.idempotentFile && !finding.idempotentDefinitions.some(
-      (definition) => normalizePathForMatch(definition.file) === entry.idempotentFile
-    )) {
-      return false;
-    }
-    if (!entry.expectedBodyHash) {
-      return true;
-    }
-    const definitions = [...finding.declarativeDefinitions, ...finding.idempotentDefinitions];
-    if (definitions.length === 0) return false;
-    return definitions.every((definition) => {
-      const key = `${definition.layer}:${definition.file}:${definition.line}`;
-      return bodyHashes.get(key) === entry.expectedBodyHash;
-    });
-  });
-}
 function normalizeQualifiedObjectRef(schema, name, isFunctionCall) {
   return `${schema}.${name}${isFunctionCall ? "()" : ""}`;
 }
@@ -12069,14 +12116,10 @@ async function collectLocalPrecheckBundle(strict) {
     guardrailAllowlist = loadSchemaGuardrailConfig(process.cwd()).allowedDuplicateFunctions;
   } catch {
   }
-  const duplicateOwnershipBlockers = duplicateOwnershipAnalysis.findings.filter(
-    (finding) => !isAllowlistedDuplicateFunction({
-      finding,
-      allowlist: guardrailAllowlist,
-      bodyHashes: /* @__PURE__ */ new Map()
-      // Hash check skipped; name + signature matching still works
-    })
-  ).map((finding) => {
+  const duplicateOwnershipBlockers = filterAllowlistedDuplicateFunctions({
+    findings: duplicateOwnershipAnalysis.findings,
+    allowlist: guardrailAllowlist
+  }).map((finding) => {
     const formatted = formatDuplicateFunctionOwnershipFinding(finding);
     return [
       formatted.summary,