@runa-ai/runa-cli 0.10.2 → 0.10.3

package/dist/{chunk-IR7SA2ME.js → chunk-SS7RIWW3.js}

@@ -6,7 +6,7 @@ createRequire(import.meta.url);
 
 // src/version.ts
 init_esm_shims();
-var CLI_VERSION = "0.10.2";
+var CLI_VERSION = "0.10.3";
 var HAS_ADMIN_COMMAND = false;
 
 export { CLI_VERSION, HAS_ADMIN_COMMAND };

package/dist/{ci-6XYG7XNX.js → ci-6P7VK6WB.js}

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import { normalizeDatabaseUrlForDdl, parseBoolish, enhanceConnectionError, isIdempotentRoleHazard, detectAppSchemas, formatSchemasForSql, getDbPlanArtifactPath, runDbApply } from './chunk-LCJNIHZY.js';
+import { normalizeDatabaseUrlForDdl, parseBoolish, enhanceConnectionError, isIdempotentRoleHazard, detectAppSchemas, formatSchemasForSql, getDbPlanArtifactPath, runDbApply } from './chunk-S7VGVFYF.js';
 import './chunk-WGRVAGSR.js';
 import './chunk-HWR5NUUZ.js';
 import './chunk-UHDAYPHH.js';
 import './chunk-EZ46JIEO.js';
 import './chunk-IWVXI5O4.js';
-import './chunk-IR7SA2ME.js';
+import './chunk-SS7RIWW3.js';
 import './chunk-B7C7CLW2.js';
 import './chunk-QDF7QXBL.js';
 import { getSnapshotStateName, getSnapshotStatePaths, isSnapshotComplete } from './chunk-XVNDDHAF.js';

package/dist/{cli-2XL3VESS.js → cli-Q665YRVT.js}

@@ -2,7 +2,7 @@
 import { createRequire } from 'module';
 import { enableNonInteractiveMode } from './chunk-6Y3LAUGL.js';
 import { getRequestedCommandNameFromArgv } from './chunk-UWWSAPDR.js';
-import { CLI_VERSION, HAS_ADMIN_COMMAND } from './chunk-IR7SA2ME.js';
+import { CLI_VERSION, HAS_ADMIN_COMMAND } from './chunk-SS7RIWW3.js';
 import { emitDefaultSuccessIfNeeded } from './chunk-WJXC4MVY.js';
 import { parseOutputFormat, setOutputFormat, getOutputFormatFromEnv } from './chunk-HKUWEGUX.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';
@@ -462,11 +462,11 @@ async function registerFocusedStatusUtilityCommand(program, requested) {
   return false;
 }
 async function registerCiCommand(program) {
-  const { ciCommand } = await import('./ci-6XYG7XNX.js');
+  const { ciCommand } = await import('./ci-6P7VK6WB.js');
   program.addCommand(ciCommand);
 }
 async function registerDbCommand(program) {
-  const { dbCommand } = await import('./db-4AGPISOW.js');
+  const { dbCommand } = await import('./db-BQOVOQXU.js');
   program.addCommand(dbCommand);
 }
 async function registerServicesCommand(program) {
@@ -498,7 +498,7 @@ async function registerWorkflowCommand(program) {
   program.addCommand(workflowCommand);
 }
 async function registerVulnCheckCommand(program) {
-  const { vulnCheckCommand } = await import('./vuln-check-LMDYYJUE.js');
+  const { vulnCheckCommand } = await import('./vuln-check-WW43E7PS.js');
   program.addCommand(vulnCheckCommand);
 }
 async function registerTemplateCheckCommand(program) {

package/dist/commands/db/apply/helpers/plan-check-filter.d.ts

@@ -1,5 +1,5 @@
 import type { DbApplyPlanSummary } from '../contract.js';
-import type { IdempotentProtectedObjects } from './idempotent-object-registry.js';
+import { type IdempotentProtectedObjects } from './idempotent-object-registry.js';
 import type { PlanStatement, ValidatedPlan } from './plan-validator.js';
 export interface CheckModeFilterResult {
     filteredPlan: ValidatedPlan;

package/dist/commands/db/sync/schema-guardrail-graph.d.ts

@@ -4,10 +4,12 @@
  * Purpose: Main entry points for schema guardrail graph building
  * Exports: loadSqlSources, buildStaticGraph, StaticGraphBuildResult
  */
+import { type FunctionAclManifest } from '../utils/function-acl-manifest.js';
 import type { LoadedSqlSources, SchemaGraphManifest, SchemaGuardrailConfig, SchemaGuardrailReport } from './schema-guardrail-types.js';
 export declare function loadSqlSources(targetDir: string, config: SchemaGuardrailConfig): LoadedSqlSources;
 export type StaticGraphBuildResult = {
     graph: SchemaGraphManifest;
+    functionAclManifest: FunctionAclManifest;
     duplicateTableOwners: SchemaGuardrailReport['duplicateTableOwners'];
     duplicateFunctionOwners: SchemaGuardrailReport['duplicateFunctionOwners'];
     policyOwnershipConflicts: SchemaGuardrailReport['policyOwnershipConflicts'];

package/dist/commands/db/sync/schema-guardrail-rewrite.d.ts

@@ -1,3 +1,4 @@
+import { type FunctionAclManifest } from '../utils/function-acl-manifest.js';
 import type { SchemaGraphManifest, SchemaManagedBlockKind, SchemaGuardrailConfig, SchemaGuardrailReport, SchemaGuardrailStaticResult } from './schema-guardrail-types.js';
 type RenderedManagedBlock = {
     kind: SchemaManagedBlockKind;
@@ -16,14 +17,20 @@ export type HeaderRewritePlan = {
     }>;
     existingManagedCount: number;
 };
+export type GeneratedFileRewritePlan = {
+    filePath: string;
+    expectedSql: string;
+};
 export declare function loadHeaderRewritePlans(params: {
     targetDir: string;
     graph: SchemaGraphManifest;
+    functionAclManifest: FunctionAclManifest;
     config: SchemaGuardrailConfig;
     report: SchemaGuardrailReport;
 }): {
     staleBlocks: SchemaGuardrailReport['staleBlocks'];
     rewritePlans: HeaderRewritePlan[];
+    generatedFileRewritePlans: GeneratedFileRewritePlan[];
     failure?: undefined;
 } | {
     staleBlocks?: undefined;
@@ -40,6 +47,7 @@ export declare function finalizeCheckModeReport(params: {
 export declare function rewriteManagedHeaders(params: {
     targetDir: string;
     rewritePlans: HeaderRewritePlan[];
+    generatedFileRewritePlans: GeneratedFileRewritePlan[];
     report: SchemaGuardrailReport;
 }): SchemaGuardrailStaticResult | null;
 export {};

package/dist/commands/db/sync/schema-guardrail-types.d.ts

@@ -1,12 +1,12 @@
 import type { SqlFile } from '../utils/declarative-dependency-sql-utils.js';
-export type SchemaManagedBlockKind = 'file-header' | 'table-header';
+export type SchemaManagedBlockKind = 'file-header' | 'table-header' | 'generated-file';
 export type SchemaGuardrailMode = 'check' | 'sync';
 export type SchemaGraphFileLayer = 'declarative' | 'idempotent';
 export type SchemaGraphFileAuthoringRole = 'declarative-owner' | 'operational';
 export type BoundaryGuidanceWarningKind = 'schema' | 'function' | 'policy' | 'security_definer' | 'trigger_function' | 'trigger_dispatch_gap' | 'managed_boundary';
 export type LocalBlindSpotBlockerKind = 'cross-schema-rls' | 'dynamic-sql' | 'dynamic-sql-infra' | 'extension-placement';
 export type SchemaGuardrailPhaseId = 'load_sources' | 'build_static_graph' | 'validate_ownership' | 'compare_generated_headers' | 'refresh_generated_headers' | 'handoff_db_sync' | 'runtime_reconcile' | 'publish_report';
-export type SchemaGuardrailFailureCode = 'source_load_failed' | 'duplicate_table_owner' | 'duplicate_function_owner' | 'policy_ownership_conflict' | 'raw_cross_schema_rls_blocked' | 'dynamic_sql_blocked' | 'extension_placement_blocked' | 'stale_generated_header' | 'generated_header_validation_failed' | 'generated_header_rewrite_failed' | 'static_graph_build_failed' | 'critical_runtime_graph_contradiction' | 'sync_apply_failed';
+export type SchemaGuardrailFailureCode = 'source_load_failed' | 'duplicate_table_owner' | 'duplicate_function_owner' | 'policy_ownership_conflict' | 'raw_cross_schema_rls_blocked' | 'dynamic_sql_blocked' | 'extension_placement_blocked' | 'stale_generated_header' | 'function_acl_migration_required' | 'generated_header_validation_failed' | 'generated_header_rewrite_failed' | 'static_graph_build_failed' | 'critical_runtime_graph_contradiction' | 'sync_apply_failed';
 export interface SchemaGraphFileNode {
     path: string;
     sourceLayer: SchemaGraphFileLayer;

package/dist/commands/db/utils/function-acl-manifest.d.ts

@@ -0,0 +1,39 @@
+import type { SqlFile } from './declarative-dependency-sql-utils.js';
+import { type IdempotentTouchMetadata } from '../sync/schema-guardrail-graph-types.js';
+export declare const FUNCTION_ACL_RECONCILIATION_RELATIVE_PATH = "supabase/schemas/idempotent/18_function_acl_reconciliation.sql";
+declare const FUNCTION_ACL_ROLE_ORDER: readonly ["anon", "authenticated", "service_role"];
+export type FunctionAclGrantRole = (typeof FUNCTION_ACL_ROLE_ORDER)[number];
+export type FunctionAclAnnotationRole = FunctionAclGrantRole | 'internal';
+export interface FunctionAclFunctionEntry {
+    qualifiedName: string;
+    qualifiedSignature: string;
+    signature: string;
+    mode: 'internal' | 'grant';
+    roles: FunctionAclGrantRole[];
+    sourceFile: string;
+    line: number;
+}
+export interface FunctionAclSchemaUsageEntry {
+    schema: string;
+    roles: FunctionAclGrantRole[];
+    sourceFile: string;
+    line: number;
+}
+export interface FunctionAclManifest {
+    reconciliationFile: string;
+    functions: FunctionAclFunctionEntry[];
+    schemaUsages: FunctionAclSchemaUsageEntry[];
+}
+export declare function parseFunctionAclTarget(value: string): string | null;
+export declare function functionAclManifestHasEntries(manifest: FunctionAclManifest): boolean;
+export declare function buildFunctionAclIdempotentTouchMetadata(manifest: FunctionAclManifest): IdempotentTouchMetadata;
+export declare function buildFunctionAclManifestFromSqlFiles(declarativeFiles: SqlFile[]): FunctionAclManifest;
+export declare function loadFunctionAclManifest(targetDir: string, declarativeSqlDir: string): FunctionAclManifest;
+export declare function loadFunctionAclManifestFromDeclarativeDir(declarativeDir: string): FunctionAclManifest;
+export declare function validateFunctionAclMigration(manifest: FunctionAclManifest, existingContent: string): string[];
+export declare function renderFunctionAclFile(manifest: FunctionAclManifest): string;
+export declare function isManagedFunctionAclFileContentStale(manifest: FunctionAclManifest, existingContent: string): boolean;
+export declare function extractManagedFunctionAclTargets(manifest: FunctionAclManifest): Set<string>;
+export declare function extractManagedSchemaUsageTargets(manifest: FunctionAclManifest): Set<string>;
+export {};
+//# sourceMappingURL=function-acl-manifest.d.ts.map