@runa-ai/runa-cli 0.5.71 → 0.6.0

package/dist/commands/db/apply/helpers/hazard-handler.d.ts

@@ -0,0 +1,60 @@
+/**
+ * AI HINT: Hazard Handler for pg-schema-diff
+ *
+ * Purpose: Parse, display, and handle hazards from pg-schema-diff plan output.
+ * Separates hazard logic from binary verification and plan execution.
+ *
+ * Hazard Types:
+ * - DELETES_DATA: Data loss risk (blocks production without --allow-data-loss)
+ * - AUTHZ_UPDATE: RLS policy changes (blocks production without --confirm-authz-update)
+ * - ACQUIRES_ACCESS_EXCLUSIVE_LOCK: Table lock during migration
+ * - HAS_UNTRACKABLE_DEPENDENCIES: Cross-schema dependencies
+ * - INDEX_BUILD / INDEX_DROPPED: Index operations
+ */
+import type { DbApplyInput } from '../contract.js';
+import { type ParsedHazard } from './idempotent-object-registry.js';
+/**
+ * Parse hazards from pg-schema-diff output with context.
+ * Enhanced to extract the SQL statement that caused each hazard.
+ */
+export declare function parseHazardsWithContext(planOutput: string): ParsedHazard[];
+/**
+ * Display hazards with context and return flags.
+ */
+export declare function displayHazardsWithContext(hazards: ParsedHazard[], verbose: boolean): {
+    hasDeletesData: boolean;
+    hasAuthzUpdate: boolean;
+};
+/**
+ * Handle production data protection for DELETES_DATA hazard.
+ */
+export declare function handleProductionDataProtection(allowDataLoss: boolean): void;
+/**
+ * Handle production RLS policy protection for AUTHZ_UPDATE hazard.
+ */
+export declare function handleProductionAuthzProtection(confirmAuthzUpdate: boolean): void;
+/**
+ * Build list of allowed hazards based on environment and flags.
+ */
+export declare function buildAllowedHazards(input: DbApplyInput): string[];
+/**
+ * Handle hazards with enhanced context display.
+ *
+ * This function filters out false positive AUTHZ_UPDATE hazards for roles
+ * defined in idempotent/*.sql (e.g., drizzle_app, drizzle_service).
+ */
+export declare function handleHazardsWithContext(planOutput: string, input: DbApplyInput, schemasDir?: string): {
+    hazards: string[];
+    hasDeletesData: boolean;
+    hasAuthzUpdate: boolean;
+};
+/**
+ * Display check mode results.
+ */
+export declare function displayCheckModeResults(planOutput: string, filterInfo?: {
+    filteredPlanSql: string;
+    removedStatements: {
+        sql: string;
+    }[];
+}): void;
+//# sourceMappingURL=hazard-handler.d.ts.map

package/dist/commands/db/apply/helpers/idempotent-object-registry.d.ts

@@ -0,0 +1,96 @@
+/**
+ * AI HINT: Idempotent Object Registry
+ *
+ * Purpose: Detect and register all objects defined in idempotent/*.sql files.
+ * These objects are invisible to pg-schema-diff's shadow DB, so pg-schema-diff
+ * generates DROP statements for them. This registry is used to filter those out.
+ *
+ * Objects tracked:
+ * - Roles (CREATE ROLE) — for AUTHZ_UPDATE false positive filtering
+ * - Tables (CREATE TABLE) — for DROP TABLE protection
+ * - Functions, Triggers, Views, Types, Sequences — for DROP protection
+ *
+ * Security: All identifier extraction uses regex on comment-stripped SQL.
+ */
+/**
+ * Resolve the idempotent directory from a schemasDir path.
+ */
+export declare function resolveIdempotentDir(schemasDir?: string): string;
+/**
+ * Read and strip comments from all idempotent SQL files.
+ * Returns per-file results with filename and comment-stripped content.
+ */
+export declare function readIdempotentSqlFiles(idempotentDir: string): Array<{
+    file: string;
+    content: string;
+}> | null;
+/**
+ * Extract role names from idempotent SQL files.
+ * These roles are managed outside pg-schema-diff and should not trigger AUTHZ_UPDATE.
+ */
+export declare function getIdempotentRoles(schemasDir?: string): string[];
+/**
+ * Reset the cached idempotent roles.
+ * Useful for testing or when schema files change.
+ */
+export declare function resetIdempotentRolesCache(): void;
+/**
+ * Extract table names from idempotent SQL files.
+ * These tables are managed outside pg-schema-diff and must not be dropped.
+ *
+ * Also merges tables from `excludeFromOrphanDetection` config.
+ */
+export declare function getIdempotentProtectedTables(schemasDir?: string, configExclusions?: string[]): string[];
+export interface IdempotentProtectedObjects {
+    tables: string[];
+    functions: string[];
+    triggers: string[];
+    views: string[];
+    types: string[];
+    sequences: string[];
+}
+/**
+ * Extract all protected object names from idempotent/*.sql files.
+ *
+ * Scans for:
+ * - CREATE [OR REPLACE] FUNCTION schema.name(...)
+ * - CREATE TRIGGER name ON schema.table
+ * - CREATE [OR REPLACE] [MATERIALIZED] VIEW schema.name
+ * - CREATE TYPE schema.name
+ * - CREATE SEQUENCE schema.name
+ */
+export declare function getIdempotentProtectedObjects(schemasDir?: string, configExclusions?: string[]): IdempotentProtectedObjects;
+/**
+ * Parsed hazard with context information.
+ * Defined here to avoid circular dependency (used by both registry and handler).
+ */
+export interface ParsedHazard {
+    type: string;
+    message: string;
+    fullMatch: string;
+    /** SQL statement that caused this hazard (if extractable) */
+    causingSql?: string;
+    /** Line number in the plan output */
+    lineNumber?: number;
+}
+/**
+ * Check if an AUTHZ_UPDATE hazard is a false positive.
+ *
+ * False positives occur when the hazard's causingSql is a GRANT/REVOKE statement
+ * targeting a role defined in idempotent/*.sql. These are expected to be re-applied
+ * by the 2nd-pass idempotent execution.
+ *
+ * IMPORTANT: Only GRANT/REVOKE statements are considered FP. If causingSql is a
+ * schema change (ALTER TABLE, CREATE TABLE, etc.) that triggers an AUTHZ_UPDATE,
+ * it is a genuine hazard and should NOT be filtered.
+ */
+export declare function isIdempotentRoleHazard(hazard: ParsedHazard, schemasDir?: string): boolean;
+/**
+ * Filter out false positive hazards.
+ * Returns hazards that are NOT false positives (i.e., real issues).
+ */
+export declare function filterFalsePositiveHazards(hazards: ParsedHazard[], schemasDir?: string): {
+    filtered: ParsedHazard[];
+    falsePositives: ParsedHazard[];
+};
+//# sourceMappingURL=idempotent-object-registry.d.ts.map

package/dist/commands/db/apply/helpers/idempotent-transaction.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Check if a SQL file contains statements that cannot run inside a transaction block.
+ */
+export declare function hasTransactionIncompatibleStatements(filePath: string): boolean;
+/**
+ * Check if SQL content contains transaction-incompatible statements.
+ * Exported separately for testing without file I/O.
+ */
+export declare function hasTransactionIncompatibleContent(sql: string): boolean;
+/**
+ * Determine the transaction strategy for a SQL file.
+ *
+ * @returns 'wrap' if file can be wrapped in BEGIN/COMMIT, 'skip' otherwise
+ */
+export declare function getTransactionStrategy(filePath: string): 'wrap' | 'skip';
+/**
+ * Wrap SQL content in a transaction block (BEGIN/COMMIT).
+ */
+export declare function wrapInTransaction(sql: string): string;
+//# sourceMappingURL=idempotent-transaction.d.ts.map

package/dist/commands/db/apply/helpers/index.d.ts

@@ -5,7 +5,7 @@
  */
 export { acquireAdvisoryLock, MIGRATION_LOCK_ID, releaseAdvisoryLock, } from './advisory-lock.js';
 export type { FilterResult, PlanHazard, PlanStatement, ValidatedPlan } from './plan-validator.js';
-export { filterIdempotentProtectedStatements, isDropStatementForProtectedObject, parsePlanOutput, validatePlanForExecution, } from './plan-validator.js';
+export { ALLOWED_DDL_PREFIXES, BLOCKED_SQL_PATTERNS, filterIdempotentProtectedStatements, isDropStatementForProtectedObject, parsePlanOutput, validatePlanForExecution, validateStatementTypes, } from './plan-validator.js';
 export type { IdempotentProtectedObjects, ParsedHazard, PartitionPrivilegeDetection, PgSchemaDiffPlanOptions, } from './pg-schema-diff-helpers.js';
 export type { ShadowDbConfig, ShadowDbResult } from './shadow-db-manager.js';
 export { buildAllowedHazards, detectDropTableStatements, detectPartitionPrivilegeError, displayCheckModeResults, displayHazardsWithContext, executePgSchemaDiffPlan, filterFalsePositiveHazards, formatPartitionPrivilegeHint, getIdempotentProtectedObjects, getIdempotentProtectedTables, getIdempotentRoles, handleHazardsWithContext, handleProductionAuthzProtection, handleProductionDataProtection, isIdempotentRoleHazard, parseHazardsWithContext, PG_SCHEMA_DIFF_APPLY_TIMEOUT_MS, resetIdempotentRolesCache, verifyDatabaseConnection, verifyPgSchemaDiffBinary, } from './pg-schema-diff-helpers.js';
@@ -20,4 +20,10 @@ export type { DetectedPartitionStub, PrefilterResult } from './partition-prefilt
 export { prefilterPartitionStubs } from './partition-prefilter.js';
 export type { ExpectedPartition, PartitionDrift } from './partition-validator.js';
 export { blankDollarQuotedBodies, detectPartitionDrift, formatPartitionWarnings, parseExpectedPartitions, queryActualPartitions, } from './partition-validator.js';
+export { isValidIdentifier, maskDbCredentials, qualifiedTable, quoteIdent } from './sql-utils.js';
+export type { PgSchemaDiffResult } from './fresh-db-handler.js';
+export { handleFreshDbCase, hasAppTables } from './fresh-db-handler.js';
+export { checkPasswordSecurity, parseDbCredentials, setRolePasswords, } from './rbac-password-manager.js';
+export { backupIdempotentTables, getTableRowEstimates, verifyDataIntegrity, } from './data-integrity-verifier.js';
+export { getTransactionStrategy, hasTransactionIncompatibleContent, hasTransactionIncompatibleStatements, wrapInTransaction, } from './idempotent-transaction.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/commands/db/apply/helpers/partition-validator.d.ts

@@ -1,3 +1,5 @@
+import { blankDollarQuotedBodies, stripSqlComments } from '../../../../lib/sql-comment-utils.js';
+export { blankDollarQuotedBodies, stripSqlComments };
 export interface ExpectedPartition {
     /** Qualified child table name (e.g., "events.location_events_2026_01") */
     child: string;
@@ -10,12 +12,6 @@ export interface PartitionDrift {
     /** Partitions expected in SQL but missing from the database */
     missing: ExpectedPartition[];
 }
-/**
- * Strip SQL comments while preserving quoted text.
- * Handles: -- line comments, nested block comments, single/double/dollar-quoted strings,
- * and PostgreSQL E-string literals (E'...' with backslash escapes).
- */
-export declare function stripSqlComments(content: string): string;
 /**
  * Qualified name pattern: optional schema prefix + table name.
  * Matches: schema.table, "schema"."table", or bare table (no schema).
@@ -43,15 +39,6 @@ export declare const PARTITION_OF_REGEX: RegExp;
  * Returns "schema.table" when schema is present, or just "table" when absent.
  */
 export declare function extractQualifiedName(quotedSchema: string | undefined, unquotedSchema: string | undefined, quotedTable: string | undefined, unquotedTable: string | undefined): string;
-/**
- * Replace content inside dollar-quoted strings with spaces.
- * This prevents false-positive PARTITION OF matches inside PL/pgSQL function bodies.
- *
- * Input is already comment-stripped (from stripSqlComments), so we only need to
- * handle dollar-quoted strings — single/double quotes are already handled by the
- * regex (they can't span the CREATE TABLE ... PARTITION OF ... ; pattern).
- */
-export declare function blankDollarQuotedBodies(content: string): string;
 /**
  * Parse all expected partitions from idempotent SQL directory.
  *

package/dist/commands/db/apply/helpers/pg-schema-diff-helpers.d.ts

@@ -1,163 +1,37 @@
 /**
  * AI HINT: pg-schema-diff Helper Functions
  *
- * Purpose: Utility functions for pg-schema-diff operations
- * Pattern: Pure functions for verification, parsing, and display
+ * Purpose: Binary verification, plan execution, and error detection for pg-schema-diff.
+ * This file was refactored from a 1,015-line monolith into 3 focused modules:
  *
- * False Positive Filtering:
- * - AUTHZ_UPDATE hazards for roles defined in idempotent/*.sql are filtered
- * - Reason: idempotent files (e.g., 15_rbac_roles.sql) grant privileges that
- *   pg-schema-diff doesn't know about (it only manages declarative/*.sql)
+ * - idempotent-object-registry.ts: Idempotent object detection & DROP protection
+ * - hazard-handler.ts: Hazard parsing, display, and production protection
+ * - pg-schema-diff-helpers.ts (this file): Binary verification, plan execution, error detection
+ *
+ * Re-exports are provided for backward compatibility.
  *
  * Security:
  * - All psql calls use parsePostgresUrl + buildPsqlArgs to prevent SQL injection
  * - Passwords are passed via PGPASSWORD env var, not command line
  */
-import type { DbApplyInput } from '../contract.js';
-/**
- * Extract role names from idempotent SQL files.
- * These roles are managed outside pg-schema-diff and should not trigger AUTHZ_UPDATE.
- */
-export declare function getIdempotentRoles(schemasDir?: string): string[];
-/**
- * Check if an AUTHZ_UPDATE hazard is a false positive.
- *
- * False positives occur when:
- * - The hazard type is AUTHZ_UPDATE
- * - The causing SQL references a role defined in idempotent/*.sql
- * - Example: "REVOKE ... FROM drizzle_app" when drizzle_app is in 15_rbac_roles.sql
- */
-export declare function isIdempotentRoleHazard(hazard: ParsedHazard, schemasDir?: string): boolean;
-/**
- * Filter out false positive hazards.
- * Returns hazards that are NOT false positives (i.e., real issues).
- */
-export declare function filterFalsePositiveHazards(hazards: ParsedHazard[], schemasDir?: string): {
-    filtered: ParsedHazard[];
-    falsePositives: ParsedHazard[];
-};
-/**
- * Reset the cached idempotent roles.
- * Useful for testing or when schema files change.
- */
-export declare function resetIdempotentRolesCache(): void;
-/**
- * AI HINT: Idempotent Table Extraction
- *
- * Purpose: Extract table names defined in idempotent/*.sql files
- * Use case: Filter out DROP TABLE statements for these tables from pg-schema-diff plan
- *
- * Pattern: Parse SQL for CREATE TABLE statements
- * Example: CREATE TABLE location_data.location_events → ['location_data.location_events']
- *
- * Incident context: pg-schema-diff drops tables not in declarative/*.sql because its
- * shadow DB doesn't contain idempotent-managed tables. This function identifies those
- * tables so their DROP statements can be filtered from the plan output.
- */
-/**
- * Extract table names from idempotent SQL files.
- * These tables are managed outside pg-schema-diff and must not be dropped.
- *
- * Also merges tables from `excludeFromOrphanDetection` config.
- */
-export declare function getIdempotentProtectedTables(schemasDir?: string, configExclusions?: string[]): string[];
+export type { IdempotentProtectedObjects, ParsedHazard, } from './idempotent-object-registry.js';
+export { filterFalsePositiveHazards, getIdempotentProtectedObjects, getIdempotentProtectedTables, getIdempotentRoles, isIdempotentRoleHazard, resetIdempotentRolesCache, } from './idempotent-object-registry.js';
+export { buildAllowedHazards, displayCheckModeResults, displayHazardsWithContext, handleHazardsWithContext, handleProductionAuthzProtection, handleProductionDataProtection, parseHazardsWithContext, } from './hazard-handler.js';
 /**
  * Verify pg-schema-diff binary is available.
  */
-export declare function verifyPgSchemaDiffBinary(): void;
-/**
- * Verify database connection.
- */
-export declare function verifyDatabaseConnection(dbUrl: string): void;
-/**
- * Parsed hazard with context information.
- */
-export interface ParsedHazard {
-    type: string;
-    message: string;
-    fullMatch: string;
-    /** SQL statement that caused this hazard (if extractable) */
-    causingSql?: string;
-    /** Line number in the plan output */
-    lineNumber?: number;
+export interface VerifyPgSchemaDiffBinaryOptions {
+    strictVersion?: boolean;
 }
 /**
- * Parse hazards from pg-schema-diff output with context.
- * Enhanced to extract the SQL statement that caused each hazard.
- */
-export declare function parseHazardsWithContext(planOutput: string): ParsedHazard[];
-/**
- * Display hazards with context and return flags.
- */
-export declare function displayHazardsWithContext(hazards: ParsedHazard[], verbose: boolean): {
-    hasDeletesData: boolean;
-    hasAuthzUpdate: boolean;
-};
-/**
- * Handle production data protection for DELETES_DATA hazard.
- */
-export declare function handleProductionDataProtection(allowDataLoss: boolean): void;
-/**
- * Handle production RLS policy protection for AUTHZ_UPDATE hazard.
- * RLS policy changes can silently affect security if not explicitly approved.
- */
-export declare function handleProductionAuthzProtection(confirmAuthzUpdate: boolean): void;
-/**
- * AI HINT: Idempotent Object Extraction
- *
- * Purpose: Extract all object names defined in idempotent/*.sql files
- * Use case: Filter DROP FUNCTION/TRIGGER/VIEW/TYPE/SEQUENCE from pg-schema-diff plan
- *
- * Pattern: Parse SQL for CREATE statements (after stripping comments)
- * Objects created in idempotent/*.sql are invisible to pg-schema-diff's shadow DB,
- * so pg-schema-diff generates DROP statements for them. We must filter these out.
- */
-export interface IdempotentProtectedObjects {
-    tables: string[];
-    functions: string[];
-    triggers: string[];
-    views: string[];
-    types: string[];
-    sequences: string[];
-}
-/**
- * Extract all protected object names from idempotent/*.sql files.
- *
- * Scans for:
- * - CREATE [OR REPLACE] FUNCTION schema.name(...)
- * - CREATE TRIGGER name ON schema.table
- * - CREATE [OR REPLACE] [MATERIALIZED] VIEW schema.name
- * - CREATE TYPE schema.name
- * - CREATE SEQUENCE schema.name
- *
- * Uses stripSqlComments to avoid matching inside comments.
- */
-export declare function getIdempotentProtectedObjects(schemasDir?: string, configExclusions?: string[]): IdempotentProtectedObjects;
-/**
- * Display check mode results.
- */
-export declare function displayCheckModeResults(planOutput: string, filterInfo?: {
-    filteredPlanSql: string;
-    removedStatements: {
-        sql: string;
-    }[];
-}): void;
-/**
- * Build list of allowed hazards based on environment and flags.
+ * Verify pg-schema-diff binary is available.
+ * strictVersion=true blocks unsupported/undetectable versions.
  */
-export declare function buildAllowedHazards(input: DbApplyInput): string[];
+export declare function verifyPgSchemaDiffBinary(options?: VerifyPgSchemaDiffBinaryOptions): void;
 /**
- * Handle hazards with enhanced context display.
- * Use this for detailed hazard reporting with SQL context.
- *
- * This function filters out false positive AUTHZ_UPDATE hazards for roles
- * defined in idempotent/*.sql (e.g., drizzle_app, drizzle_service).
+ * Verify database connection with retry for transient startup errors.
  */
-export declare function handleHazardsWithContext(planOutput: string, input: DbApplyInput, schemasDir?: string): {
-    hazards: string[];
-    hasDeletesData: boolean;
-    hasAuthzUpdate: boolean;
-};
+export declare function verifyDatabaseConnection(dbUrl: string): Promise<void>;
 export interface MissingExtensionDetection {
     detected: boolean;
     missingTypes: string[];
@@ -178,7 +52,6 @@ export interface PartitionPrivilegeDetection {
 }
 /**
  * Detect "privileges on partitions: not implemented" errors in pg-schema-diff output.
- * pg-schema-diff v1.0.5 hard-rejects partition privilege diffs in sql_generator.go.
  */
 export declare function detectPartitionPrivilegeError(errorOutput: string): PartitionPrivilegeDetection;
 /**
@@ -187,23 +60,12 @@ export declare function detectPartitionPrivilegeError(errorOutput: string): Part
 export declare function formatPartitionPrivilegeHint(detection: PartitionPrivilegeDetection): string;
 /**
  * Detect DROP TABLE statements in plan output.
- * Returns list of "schema.table" names that would be dropped.
- * Used for pre-apply warnings (separate from idempotent protection).
  */
 export declare function detectDropTableStatements(planOutput: string): string[];
-/**
- * Options for pg-schema-diff plan execution.
- */
 export interface PgSchemaDiffPlanOptions {
     /**
      * Shadow DB DSN for extension type resolution.
-     *
-     * When specified, pg-schema-diff uses this database for parsing
-     * extension-defined types (PostGIS geometry, pgvector vector, etc.).
-     *
-     * This is passed as --temp-db-dsn to pg-schema-diff.
-     *
-     * @see https://github.com/stripe/pg-schema-diff/pull/194
+     * Passed as --temp-db-dsn to pg-schema-diff.
      */
     tempDbDsn?: string;
 }
@@ -211,12 +73,6 @@ export interface PgSchemaDiffPlanOptions {
 export declare const PG_SCHEMA_DIFF_APPLY_TIMEOUT_MS = 600000;
 /**
  * Execute pg-schema-diff plan and handle errors.
- *
- * @param dbUrl - Source database URL (--from-dsn)
- * @param schemasDir - Directory containing declarative SQL schemas (--to-dir)
- * @param includeSchemas - Schemas to include in diff
- * @param verbose - Enable verbose logging
- * @param options - Additional options (tempDbDsn for extension support)
  */
 export declare function executePgSchemaDiffPlan(dbUrl: string, schemasDir: string, includeSchemas: string[], verbose: boolean, options?: PgSchemaDiffPlanOptions): {
     planOutput: string;

package/dist/commands/db/apply/helpers/pg-schema-diff-patterns.d.ts

@@ -0,0 +1,55 @@
+/**
+ * AI HINT: pg-schema-diff Version-Sensitive Patterns
+ *
+ * Purpose: Centralize all regex patterns that depend on pg-schema-diff output format.
+ * When pg-schema-diff changes its output format, update ONLY this file.
+ *
+ * VERSION SENSITIVE: Tested against pg-schema-diff v0.9.x – v0.11.x
+ */
+/**
+ * Regex to detect statement index markers in plan output.
+ * VERSION SENSITIVE: pg-schema-diff v0.9.x uses "-- Statement Idx. N"
+ * Future versions may use different formats.
+ */
+export declare const STATEMENT_IDX_REGEX: RegExp;
+/**
+ * Test if a line is a statement index marker.
+ */
+export declare function isStatementMarker(line: string): boolean;
+/**
+ * Regex to parse hazard comments from plan output.
+ * VERSION SENSITIVE: pg-schema-diff v0.9.x uses "-- Hazard TYPE: message"
+ */
+export declare const HAZARD_REGEX: RegExp;
+/**
+ * Parse a hazard comment line. Returns null if not a hazard.
+ */
+export declare function parseHazardLine(line: string): {
+    type: string;
+    message: string;
+} | null;
+/**
+ * Map of type names to their required PostgreSQL extensions.
+ * VERSION SENSITIVE: pg-schema-diff reports these as type errors in shadow DB.
+ */
+export declare const EXTENSION_TYPE_MAP: Record<string, string>;
+/**
+ * Detect if a pg-schema-diff error is caused by a missing extension type.
+ * Returns the extension name if detected, null otherwise.
+ */
+export declare function detectExtensionTypeError(stderr: string): string | null;
+/**
+ * Regex to detect the pg-schema-diff partition privilege error.
+ * VERSION SENSITIVE: pg-schema-diff v1.0.5 uses this exact message.
+ */
+export declare const PARTITION_PRIVILEGE_ERROR_REGEX: RegExp;
+/**
+ * Check if a pg-schema-diff error is the known partition privilege limitation.
+ */
+export declare function isPartitionPrivilegeError(stderr: string): boolean;
+/**
+ * Check if stderr contains hazard-like content that wasn't parsed by the
+ * standard hazard regex. Used as a fallback warning mechanism.
+ */
+export declare function hasUnparsedHazardHints(stderr: string): boolean;
+//# sourceMappingURL=pg-schema-diff-patterns.d.ts.map

package/dist/commands/db/apply/helpers/pg-schema-diff-version.d.ts

@@ -0,0 +1,50 @@
+/**
+ * AI HINT: pg-schema-diff Version Detection & Compatibility
+ *
+ * Purpose: Detect installed pg-schema-diff version and enforce compatibility.
+ * In strict mode (production), incompatible/undetectable versions are blocked.
+ */
+/**
+ * Known compatible pg-schema-diff version range.
+ * Update this when testing against new pg-schema-diff releases.
+ */
+export declare const SUPPORTED_PG_SCHEMA_DIFF_VERSIONS: {
+    minMajor: number;
+    minMinor: number;
+    maxMajor: number;
+    maxMinor: number;
+};
+export interface PgSchemaDiffVersion {
+    raw: string;
+    major: number;
+    minor: number;
+    patch: number;
+}
+export interface VerifyPgSchemaDiffVersionOptions {
+    strict?: boolean;
+}
+/**
+ * Parse a version string into components.
+ * Supports formats:
+ *   - "v0.9.0", "0.10.1" (legacy --version output)
+ *   - "version=v1.0.5" (v1.x+ `version` subcommand output)
+ *   - "pg-schema-diff version v0.9.3" (verbose output)
+ */
+export declare function parseVersion(raw: string): PgSchemaDiffVersion | null;
+/**
+ * Check if a version is within the supported range.
+ */
+export declare function isVersionSupported(version: PgSchemaDiffVersion): boolean;
+/**
+ * Detect the installed pg-schema-diff version by running the binary.
+ * Tries `version` subcommand first (v1.x+), falls back to `--version` (v0.x).
+ * Returns null if the binary is not found or version cannot be parsed.
+ */
+export declare function detectPgSchemaDiffVersion(binaryPath: string): PgSchemaDiffVersion | null;
+/**
+ * Verify pg-schema-diff version compatibility.
+ * strict=true: throw on unknown/incompatible version (fail-closed).
+ * strict=false: warn only (best effort).
+ */
+export declare function verifyPgSchemaDiffVersion(binaryPath: string, options?: VerifyPgSchemaDiffVersionOptions): void;
+//# sourceMappingURL=pg-schema-diff-version.d.ts.map

package/dist/commands/db/apply/helpers/plan-validator.d.ts

@@ -36,6 +36,10 @@ export declare const ValidatedPlanSchema: z.ZodObject<{
     }, z.core.$strip>>;
     totalStatements: z.ZodNumber;
     rawSql: z.ZodString;
+    parseConfidence: z.ZodOptional<z.ZodEnum<{
+        high: "high";
+        low: "low";
+    }>>;
 }, z.core.$strip>;
 export type PlanHazard = z.infer<typeof PlanHazardSchema>;
 export type PlanStatement = z.infer<typeof PlanStatementSchema>;
@@ -54,16 +58,6 @@ export interface FilterResult {
     filteredPlan: ValidatedPlan;
     removedStatements: PlanStatement[];
 }
-/**
- * Check if a DROP statement targets a protected (idempotent-managed) table or index.
- *
- * Matching rules:
- * - DROP TABLE [IF EXISTS] schema.table → exact match or glob match
- * - DROP INDEX [IF EXISTS] schema.idx_* → index in same schema as protected table
- *
- * Glob support: patterns with `*` (e.g., `location_data.location_events_*`)
- * are converted to regex for matching partition child tables.
- */
 declare function isDropStatementForProtected(sql: string, protectedTables: string[]): boolean;
 /**
  * Check if a DROP FUNCTION/TRIGGER/VIEW/TYPE/SEQUENCE targets a protected object.
@@ -95,6 +89,32 @@ export declare function filterIdempotentProtectedStatements(plan: ValidatedPlan,
 export { isDropStatementForProtected as _isDropStatementForProtected };
 export { extractProtectedSchemas as _extractProtectedSchemas };
 export { isDropSchemaForProtected as _isDropSchemaForProtected };
+/**
+ * Allowed DDL statement prefixes. Only these statement types are permitted
+ * in pg-schema-diff plan output. Checked against the normalized first keyword(s)
+ * of each statement's SQL.
+ */
+export declare const ALLOWED_DDL_PREFIXES: readonly ["CREATE TABLE", "ALTER TABLE", "DROP TABLE", "CREATE INDEX", "CREATE UNIQUE INDEX", "DROP INDEX", "CREATE SCHEMA", "ALTER SCHEMA", "DROP SCHEMA", "CREATE FUNCTION", "CREATE OR REPLACE FUNCTION", "ALTER FUNCTION", "DROP FUNCTION", "CREATE TRIGGER", "ALTER TRIGGER", "DROP TRIGGER", "CREATE VIEW", "CREATE OR REPLACE VIEW", "CREATE MATERIALIZED VIEW", "ALTER VIEW", "DROP VIEW", "DROP MATERIALIZED VIEW", "CREATE TYPE", "ALTER TYPE", "DROP TYPE", "CREATE SEQUENCE", "ALTER SEQUENCE", "DROP SEQUENCE", "CREATE POLICY", "ALTER POLICY", "DROP POLICY", "CREATE ROLE", "ALTER ROLE", "DROP ROLE", "CREATE EXTENSION", "ALTER EXTENSION", "DROP EXTENSION", "GRANT", "REVOKE", "SET", "COMMENT ON"];
+/**
+ * Explicitly blocked SQL patterns. These are DML or dangerous statements
+ * that should never appear as the leading keyword of a plan statement.
+ *
+ * Note: SELECT/INSERT inside CREATE FUNCTION bodies are safe because
+ * the leading keyword is CREATE FUNCTION, not SELECT/INSERT.
+ */
+export declare const BLOCKED_SQL_PATTERNS: ReadonlyArray<{
+    pattern: RegExp;
+    label: string;
+}>;
+/**
+ * Validate that all statements in the plan use allowed DDL types.
+ *
+ * Defense-in-depth: blocks DML (INSERT/UPDATE/DELETE) and dangerous SQL
+ * (DO $$, COPY, EXECUTE) that should never appear in a schema migration plan.
+ *
+ * @throws Error if any statement uses a blocked or unrecognized SQL type
+ */
+export declare function validateStatementTypes(plan: ValidatedPlan): void;
 /**
  * Validate that all hazards in the plan are in the allowed list.
  *

package/dist/commands/db/apply/helpers/rbac-password-manager.d.ts

@@ -0,0 +1,34 @@
+/**
+ * AI HINT: RBAC Role Password Manager
+ *
+ * Purpose: Set passwords for RBAC roles (drizzle_app, drizzle_service) by
+ * extracting credentials from DATABASE_URL and DATABASE_URL_SERVICE.
+ *
+ * 3-Role Architecture:
+ * - postgres: DDL (schema migrations via db sync/apply)
+ * - drizzle_app: DML + RLS enforced (user API requests)
+ * - drizzle_service: DML + RLS bypassed (webhooks, background jobs)
+ *
+ * Security:
+ * - Role names validated against alphanumeric pattern
+ * - Passwords passed via psql command (not in logs)
+ * - Same-password warning detects RBAC bypass risk
+ */
+/**
+ * Parse database URL credentials safely.
+ */
+export declare function parseDbCredentials(url: string): {
+    username: string;
+    password: string;
+} | null;
+/**
+ * Check if drizzle_app and postgres roles use the same password.
+ * Logs a warning if they do (security risk).
+ */
+export declare function checkPasswordSecurity(): void;
+/**
+ * Set passwords for RBAC roles by extracting from DATABASE_URL and DATABASE_URL_SERVICE.
+ * Returns the number of role passwords that were successfully set.
+ */
+export declare function setRolePasswords(dbUrl: string, verbose: boolean): number;
+//# sourceMappingURL=rbac-password-manager.d.ts.map