@runa-ai/runa-cli 0.6.0 → 0.7.0

package/dist/{db-HR7CREX2.js → db-XULCILOU.js}

@@ -1,47 +1,43 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
+import { detectDatabaseStack, getStackPaths } from './chunk-CCKG5R4Y.js';
 import './chunk-ZZOXM6Q4.js';
 import { createError } from './chunk-JQXOVCOP.js';
 import { resolveDatabaseUrl, tryResolveDatabaseUrl } from './chunk-KWX3JHCY.js';
 export { resolveDatabaseUrl, tryResolveDatabaseUrl } from './chunk-KWX3JHCY.js';
-import { detectDatabaseStack, getStackPaths } from './chunk-CCKG5R4Y.js';
-import { detectAppSchemas, normalizeDatabaseUrlForDdl, parsePostgresUrl, buildPsqlEnv, buildPsqlArgs, psqlSyncQuery, formatSchemasForSql, blankDollarQuotedBodies, stripSqlComments, psqlQuery, psqlSyncFile, psqlExec } from './chunk-CE3DEYFT.js';
+import { detectAppSchemas, normalizeDatabaseUrlForDdl, formatSchemasForSql } from './chunk-XDCHRVE3.js';
 import './chunk-NPSRD26F.js';
-import { categorizeRisks, detectSchemaRisks } from './chunk-22CS6EMA.js';
-import { getDatabasePackagePath, loadRunaConfig, getSDKScriptsPath } from './chunk-5NKWR4FF.js';
-import { loadEnvFiles } from './chunk-MNPMZERI.js';
-import { findWorkspaceRoot } from './chunk-JMJP4A47.js';
+import { categorizeRisks, detectSchemaRisks } from './chunk-H2AHNI75.js';
+import { loadEnvFiles } from './chunk-644FVGIQ.js';
 import { diagnoseSupabaseStart } from './chunk-AAIE4F2U.js';
+import { validateUserFilePath, filterSafePaths, resolveSafePath } from './chunk-DRSUEMAK.js';
 import { runMachine } from './chunk-QDF7QXBL.js';
 import './chunk-IBVVGH6X.js';
+import { extractSchemaTablesAndEnums, fetchDbTablesAndEnums, extractTablesFromIdempotentSql, diffSchema, generateTablesManifest, writeEnvLocalBridge, removeEnvLocalBridge } from './chunk-FHG3ILE4.js';
+import { parsePostgresUrl, buildPsqlEnv, buildPsqlArgs, psqlSyncQuery, blankDollarQuotedBodies, stripSqlComments, psqlSyncFile, psqlExec, psqlQuery } from './chunk-7B5C6U2K.js';
 import { redactSecrets } from './chunk-II7VYQEM.js';
-import { writeEnvLocalBridge, removeEnvLocalBridge } from './chunk-M47WJJVS.js';
 import { init_local_supabase, init_constants, detectLocalSupabasePorts, buildLocalDatabaseUrl, DATABASE_DEFAULTS, SEED_DEFAULTS, SCRIPT_LOCATIONS } from './chunk-VM3IWOT5.js';
 export { DATABASE_DEFAULTS, SCRIPT_LOCATIONS, SEED_DEFAULTS } from './chunk-VM3IWOT5.js';
 import { secureSupabase, secureDocker } from './chunk-RZLYEO4U.js';
-import { validateUserFilePath, filterSafePaths, resolveSafePath } from './chunk-DRSUEMAK.js';
-import { emitJsonSuccess } from './chunk-UU55OH7P.js';
-import './chunk-RRGQCUKT.js';
-import './chunk-JT5SUTWE.js';
+import { emitJsonSuccess } from './chunk-KE6QJBZG.js';
+import './chunk-WJXC4MVY.js';
 import { getOutputFormatFromEnv } from './chunk-HKUWEGUX.js';
+import { getDatabasePackagePath, loadRunaConfig, getSDKScriptsPath } from './chunk-5NKWR4FF.js';
+import { findWorkspaceRoot } from './chunk-JMJP4A47.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';
 import { Command } from 'commander';
-import { createCLILogger, SUPABASE_SYSTEM_SCHEMAS, CLIError, dbGenerateDiagram, DbDiagramGenerateOutputSchema, createDbSnapshot, syncDatabase, emitDbPushFailureCapsule, emitDbAnnotations, writeDbPushStepSummary, exportDbReportJson, DbSyncOutputSchema, databasePaths, detectRequiredServices, formatDetectionResults, dbStart, DbLifecycleStartOutputSchema, dbStop, DbLifecycleStopOutputSchema, dbReset, DbLifecycleResetOutputSchema, dbValidateSchemas, DbSchemaValidateOutputSchema, DbSchemaRisksOutputSchema, dbApplySchemas, DbSchemaApplyOutputSchema, dbGenerateTypes, DbSchemaGenerateOutputSchema, extractSchemaFilter, dbSeedInit, DbSeedInitOutputSchema, dbSeedValidate, DbSeedValidateOutputSchema, dbSeedGenerate, DbSeedGenerateOutputSchema, dbVerifySeeds, DbSeedVerifyOutputSchema, DbSnapshotCreateOutputSchema, restoreDbSnapshot, DbSnapshotRestoreOutputSchema, listDbSnapshots, DbSnapshotListOutputSchema, dbGeneratePgTapTests, DbTestGenOutputSchema, dbUpdateGoldenRecord, DbTestUpdateGoldenOutputSchema, recordSchemaAudit, RecordSchemaAuditOutputSchema, createBackup, CreateBackupOutputSchema, listBackups, ListBackupsOutputSchema, getBackupMetadata, restoreBackup, RestoreBackupOutputSchema, deleteBackup, DeleteBackupOutputSchema, detectSchemaNames, loadRunaConfigOrThrow, dbDetectSchemaRisks, dbSeedApply, writeDbSeedStepSummary, DbSeedApplyOutputSchema, emitDbSeedFailureCapsule, checkExtensionConfig, resolveAvailablePorts, calculatePortOffset, getPortsWithOffset, formatExtensionWarnings } from '@runa-ai/runa';
+import { createCLILogger, CLIError, dbGenerateDiagram, DbDiagramGenerateOutputSchema, createDbSnapshot, syncDatabase, emitDbPushFailureCapsule, emitDbAnnotations, writeDbPushStepSummary, exportDbReportJson, DbSyncOutputSchema, databasePaths, detectRequiredServices, formatDetectionResults, dbStart, DbLifecycleStartOutputSchema, dbStop, DbLifecycleStopOutputSchema, dbReset, DbLifecycleResetOutputSchema, dbValidateSchemas, DbSchemaValidateOutputSchema, DbSchemaRisksOutputSchema, dbApplySchemas, DbSchemaApplyOutputSchema, dbGenerateTypes, DbSchemaGenerateOutputSchema, extractSchemaFilter, dbSeedInit, DbSeedInitOutputSchema, dbSeedValidate, DbSeedValidateOutputSchema, dbSeedGenerate, DbSeedGenerateOutputSchema, dbVerifySeeds, DbSeedVerifyOutputSchema, DbSnapshotCreateOutputSchema, restoreDbSnapshot, DbSnapshotRestoreOutputSchema, listDbSnapshots, DbSnapshotListOutputSchema, dbGeneratePgTapTests, DbTestGenOutputSchema, dbUpdateGoldenRecord, DbTestUpdateGoldenOutputSchema, recordSchemaAudit, RecordSchemaAuditOutputSchema, createBackup, CreateBackupOutputSchema, listBackups, ListBackupsOutputSchema, getBackupMetadata, restoreBackup, RestoreBackupOutputSchema, deleteBackup, DeleteBackupOutputSchema, loadRunaConfigOrThrow, dbDetectSchemaRisks, dbSeedApply, writeDbSeedStepSummary, DbSeedApplyOutputSchema, emitDbSeedFailureCapsule, checkExtensionConfig, resolveAvailablePorts, calculatePortOffset, getPortsWithOffset, formatExtensionWarnings } from '@runa-ai/runa';
 import { fromPromise, setup, assign, createActor } from 'xstate';
 import { spawn, spawnSync, execFileSync } from 'child_process';
 import { z } from 'zod';
-import { existsSync, mkdirSync, copyFileSync, readdirSync, mkdtempSync, readFileSync, writeFileSync, rmSync, lstatSync, realpathSync, unlinkSync, statSync } from 'fs';
-import path, { join, dirname, resolve, basename, isAbsolute, relative } from 'path';
+import { existsSync, mkdirSync, copyFileSync, readdirSync, mkdtempSync, readFileSync, writeFileSync, rmSync, lstatSync, unlinkSync, statSync } from 'fs';
+import path6, { join, dirname, resolve, basename, relative } from 'path';
 import crypto, { randomBytes, randomUUID } from 'crypto';
 import { tmpdir } from 'os';
-import postgres2 from 'postgres';
-import { isTable, getTableUniqueName, getTableName } from 'drizzle-orm';
-import { isPgEnum } from 'drizzle-orm/pg-core';
-import { createJiti } from 'jiti';
-import { introspectDatabase } from '@runa-ai/runa/test-generators';
 import { writeFile, appendFile, readFile, stat, realpath } from 'fs/promises';
 import chalk from 'chalk';
 import { execa } from 'execa';
+import postgres from 'postgres';
 import { fileURLToPath } from 'url';
 import { Project } from 'ts-morph';
 import ora from 'ora';
@@ -1446,6 +1442,46 @@ function cleanupPlanFile(planFile) {
   } catch {
   }
 }
+function validatePreparedPlan(config, attempt, totalWaitMs, planSql, verbose) {
+  const plan = parsePlanOutput(planSql);
+  if (config?.allowedHazardTypes) {
+    validatePlanForExecution(plan, config.allowedHazardTypes);
+  }
+  if (plan.totalStatements === 0) {
+    return {
+      currentPlanSql: plan.rawSql,
+      result: { success: true, attempts: attempt, totalWaitMs }
+    };
+  }
+  validateStatementTypes(plan);
+  if (verbose) {
+    logger6.debug(`Plan validated: ${plan.totalStatements} statement(s)`);
+  }
+  return { currentPlanSql: plan.rawSql };
+}
+function writePlanFile(planSql, attempt) {
+  const planFile = join(tmpdir(), `runa-plan-${randomUUID()}-${attempt}.sql`);
+  const wrappedSql = wrapPlanSql(planSql);
+  writeFileSync(planFile, wrappedSql, "utf-8");
+  return planFile;
+}
+function runPlanAttempt(context, planFile) {
+  const execution = runPlanExecution(context.dbUrl, planFile, context.verbose);
+  if (execution.kind !== "retry") {
+    return execution;
+  }
+  logRetryableExecution(context.attempt, context.maxRetries, execution.errorOutput);
+  return execution;
+}
+function buildRetryFailure(maxRetries, totalWaitMs, lastError) {
+  logger6.error(`Migration failed after ${maxRetries} attempts (total wait: ${totalWaitMs}ms)`);
+  return {
+    success: false,
+    error: lastError || new Error("Migration failed after max retries"),
+    attempts: maxRetries,
+    totalWaitMs
+  };
+}
 async function prepareRetryIteration(params) {
   if (params.attempt === 0) {
     return {
@@ -1497,44 +1533,31 @@ async function executePlanSqlWithRetry(dbUrl, initialPlanSql, verbose, config) {
       return preparedPlan.result;
     }
     currentPlanSql = preparedPlan.currentPlanSql;
-    let plan = parsePlanOutput(currentPlanSql);
-    if (config?.protectedTables?.length || config?.protectedObjects) {
-      const { filteredPlan, removedStatements } = filterIdempotentProtectedStatements(
-        plan,
-        config?.protectedTables ?? [],
-        config?.protectedObjects
-      );
-      if (removedStatements.length > 0) {
-        logger6.warn(
-          `Filtered ${removedStatements.length} DROP statement(s) targeting idempotent-managed tables`
-        );
-        for (const stmt of removedStatements) {
-          logger6.warn(`  Skipped: ${stmt.sql.split("\n")[0]}`);
-        }
-        plan = filteredPlan;
-        currentPlanSql = filteredPlan.rawSql;
-      }
-    }
-    if (plan.totalStatements === 0) {
-      return { success: true, attempts: attempt, totalWaitMs };
-    }
-    if (config?.allowedHazardTypes) {
-      validatePlanForExecution(plan, config.allowedHazardTypes);
-    }
-    validateStatementTypes(plan);
-    if (verbose) {
-      logger6.debug(`Plan validated: ${plan.totalStatements} statement(s)`);
+    const validatedPlan = validatePreparedPlan(
+      config,
+      attempt,
+      totalWaitMs,
+      currentPlanSql,
+      verbose
+    );
+    if (validatedPlan.result) {
+      return validatedPlan.result;
     }
-    const planFile = join(tmpdir(), `runa-plan-${randomUUID()}-${attempt}.sql`);
-    const wrappedSql = wrapPlanSql(currentPlanSql);
-    writeFileSync(planFile, wrappedSql, "utf-8");
+    currentPlanSql = validatedPlan.currentPlanSql;
+    const planFile = writePlanFile(currentPlanSql, attempt);
+    const context = {
+      dbUrl,
+      attempt,
+      maxRetries,
+      verbose,
+      totalWaitMs
+    };
     try {
-      const execution = runPlanExecution(dbUrl, planFile, verbose);
+      const execution = runPlanAttempt(context, planFile);
       if (execution.kind === "success") {
         return { success: true, attempts: attempt, totalWaitMs };
       }
       if (execution.kind === "retry") {
-        logRetryableExecution(attempt, maxRetries, execution.errorOutput);
         lastError = execution.error;
         continue;
       }
@@ -1548,13 +1571,7 @@ async function executePlanSqlWithRetry(dbUrl, initialPlanSql, verbose, config) {
       cleanupPlanFile(planFile);
     }
   }
-  logger6.error(`Migration failed after ${maxRetries} attempts (total wait: ${totalWaitMs}ms)`);
-  return {
-    success: false,
-    error: lastError || new Error("Migration failed after max retries"),
-    attempts: maxRetries,
-    totalWaitMs
-  };
+  return buildRetryFailure(maxRetries, totalWaitMs, lastError);
 }
 
 // src/commands/db/apply/helpers/shadow-db-manager.ts
@@ -3234,7 +3251,7 @@ function logIdempotentRiskSummary(summary) {
 async function detectIdempotentRiskSummary(schemasDir, files, verbose) {
   const summary = emptyRiskSummary();
   try {
-    const { detectSchemaRisks: detectSchemaRisks2 } = await import('./risk-detector-BXUY2WKS.js');
+    const { detectSchemaRisks: detectSchemaRisks2 } = await import('./risk-detector-4U6ZJ2G5.js');
     for (const file of files) {
       const filePath = join(schemasDir, file);
       const risks = await detectSchemaRisks2(filePath);
@@ -3523,2088 +3540,154 @@ function buildCheckModeResult(input, planOutput, hazards, protectedTables, prote
     applied: false,
     dataViolations: dataViolationCount > 0 ? dataViolationCount : void 0
   };
-}
-function backupProtectedTablesForProduction(dbUrl, protectedTables, input) {
-  if (input.env !== "production") {
-    return;
-  }
-  const { backupPath } = backupIdempotentTables(dbUrl, protectedTables, input.verbose);
-  if (backupPath) {
-    logger13.info(`Recovery: pg_restore -d <DATABASE_URL> ${backupPath}`);
-    return;
-  }
-  if (protectedTables.length > 0 && !input.allowDataLoss) {
-    throw new Error(
-      "Pre-apply backup failed for production deployment.\n  Protected tables exist but could not be backed up.\n  Use --allow-data-loss to proceed without backup (emergency only)."
-    );
-  }
-}
-async function cleanupApplyResources(params) {
-  if (params.shadowDb) {
-    try {
-      await params.shadowDb.cleanup();
-      if (params.verbose) {
-        logger13.debug("Shadow DB cleaned up");
-      }
-    } catch (cleanupError) {
-      logger13.warn(`Failed to cleanup shadow DB: ${cleanupError}`);
-    }
-  }
-  if (params.prefilter) {
-    try {
-      rmSync(params.prefilter.filteredDir, { recursive: true, force: true });
-    } catch {
-    }
-  }
-  try {
-    rmSync(params.tmpDir, { recursive: true, force: true });
-  } catch {
-  }
-}
-var applyPgSchemaDiff = fromPromise(async ({ input: { input, targetDir } }) => {
-  const schemasDir = join(targetDir, "supabase/schemas/declarative");
-  if (!existsSync(schemasDir)) {
-    logger13.info("No declarative schemas found");
-    return { sql: "", hazards: [], applied: false };
-  }
-  const dbUrl = getDbUrl(input);
-  const configState = loadPgSchemaDiffConfigState(targetDir, input.verbose);
-  const prefilterState = createPrefilterState(
-    schemasDir,
-    input.verbose,
-    configState.configExclusions
-  );
-  const freshDbResult = handleFreshDbCase(input, dbUrl, targetDir, prefilterState.pgSchemaDiffDir);
-  if (freshDbResult) return freshDbResult;
-  const schemaFiles = collectSchemaFiles(schemasDir);
-  if (schemaFiles.length === 0) {
-    logger13.info("No schema files to apply");
-    return { sql: "", hazards: [], applied: false };
-  }
-  const tmpDir = createCombinedSchemaBundle(schemaFiles, input.verbose);
-  logger13.step("Running pg-schema-diff (incremental changes)...");
-  let shadowDb = null;
-  try {
-    verifyPgSchemaDiffBinary({ strictVersion: input.env === "production" });
-    await verifyDatabaseConnection(dbUrl);
-    shadowDb = await createShadowDbForRun(dbUrl, configState.shadowExtensions, input.verbose);
-    const includeSchemas = detectAppSchemas(schemasDir, input.verbose);
-    cleanPartitionAclsForPgSchemaDiff(dbUrl, includeSchemas, input.verbose);
-    const { planOutput } = executePgSchemaDiffPlan(
-      dbUrl,
-      prefilterState.pgSchemaDiffDir,
-      includeSchemas,
-      input.verbose,
-      { tempDbDsn: shadowDb?.dsn }
-    );
-    const noChangesResult = buildNoChangesResult(planOutput);
-    if (noChangesResult) return noChangesResult;
-    const { hazards } = handleHazardsWithContext(planOutput, input, schemasDir);
-    const droppedTables = detectDropTableStatements(planOutput);
-    enforceDropSafety(input, droppedTables);
-    const dataViolationCount = runPreApplyDataCompatibility(dbUrl, planOutput, input);
-    const protectedTables = getIdempotentProtectedTables(
-      schemasDir,
-      prefilterState.configExclusions
-    );
-    const protectedObjects = getIdempotentProtectedObjects(
-      schemasDir,
-      prefilterState.configExclusions
-    );
-    const checkModeResult = buildCheckModeResult(
-      input,
-      planOutput,
-      hazards,
-      protectedTables,
-      protectedObjects,
-      dataViolationCount
-    );
-    if (checkModeResult) return checkModeResult;
-    backupProtectedTablesForProduction(dbUrl, protectedTables, input);
-    const preApplyCounts = getTableRowEstimates(dbUrl, schemasDir, input.verbose);
-    const applyResult = await applyWithRetry({
-      dbUrl,
-      schemasDir,
-      includeSchemas,
-      input,
-      planOutput,
-      hazards,
-      protectedTables,
-      protectedObjects,
-      tempDbDsn: shadowDb?.dsn,
-      pgSchemaDiffDir: prefilterState.pgSchemaDiffDir
-    });
-    if (applyResult.applied) {
-      verifyDataIntegrity(dbUrl, schemasDir, preApplyCounts, input.verbose, input.allowDataLoss);
-    }
-    return {
-      ...applyResult,
-      dataViolations: dataViolationCount > 0 ? dataViolationCount : void 0
-    };
-  } finally {
-    await cleanupApplyResources({
-      shadowDb,
-      prefilter: prefilterState.prefilter,
-      tmpDir,
-      verbose: input.verbose
-    });
-  }
-});
-var validatePartitions = fromPromise(async ({ input: { input, targetDir } }) => {
-  if (input.check) return { warnings: [] };
-  const idempotentDir = join(targetDir, "supabase/schemas/idempotent");
-  if (!existsSync(idempotentDir)) return { warnings: [] };
-  const expected = parseExpectedPartitions(idempotentDir);
-  if (expected.length === 0) return { warnings: [] };
-  const dbUrl = getDbUrl(input);
-  const schemas = [...new Set(expected.map((e) => e.parent.split(".")[0] ?? ""))];
-  const actual = queryActualPartitions(dbUrl, schemas);
-  const drift = detectPartitionDrift(expected, actual);
-  if (drift.missing.length === 0) {
-    logger13.success(`All ${expected.length} expected partition(s) verified`);
-    return { warnings: [] };
-  }
-  const warnings = formatPartitionWarnings(drift);
-  for (const w of warnings) logger13.warn(w);
-  return { warnings };
-});
-
-// src/commands/db/apply/actors/seed-actors.ts
-init_esm_shims();
-
-// src/commands/db/utils/table-registry.ts
-init_esm_shims();
-
-// src/commands/db/utils/semantic-mapper.ts
-init_esm_shims();
-function snakeToCamel(str) {
-  return str.replace(/_([a-z])/g, (_, c) => c.toUpperCase());
-}
-function generateSemanticName(schema, tableName, useSchemaPrefix = false) {
-  const baseName = snakeToCamel(tableName);
-  if (useSchemaPrefix) {
-    const schemaPrefix = snakeToCamel(schema);
-    return schemaPrefix + baseName.charAt(0).toUpperCase() + baseName.slice(1);
-  }
-  return baseName;
-}
-function groupBySemanticName(tables) {
-  const bySemanticName = /* @__PURE__ */ new Map();
-  for (const table of tables) {
-    const baseName = snakeToCamel(table.name);
-    const existing = bySemanticName.get(baseName) ?? [];
-    existing.push(table);
-    bySemanticName.set(baseName, existing);
-  }
-  return bySemanticName;
-}
-function collectConflicts(bySemanticName) {
-  const conflicts = [];
-  for (const [semanticName, tables] of bySemanticName) {
-    if (tables.length <= 1) continue;
-    conflicts.push({
-      semanticName,
-      tables: tables.map((table) => table.qualifiedName)
-    });
-  }
-  return conflicts;
-}
-function getSchemaPriorityRank(schema, prioritySchemas) {
-  const index = prioritySchemas.indexOf(schema);
-  return index === -1 ? Number.POSITIVE_INFINITY : index;
-}
-function compareTablesByPriorityAndName(left, right, prioritySchemas) {
-  const leftRank = getSchemaPriorityRank(left.schema, prioritySchemas);
-  const rightRank = getSchemaPriorityRank(right.schema, prioritySchemas);
-  if (leftRank !== rightRank) {
-    return leftRank - rightRank;
-  }
-  return left.qualifiedName.localeCompare(right.qualifiedName);
-}
-function applyOverride(table, overrides, mapping) {
-  const overrideName = overrides[table.qualifiedName];
-  if (!overrideName) return false;
-  mapping[overrideName] = table.qualifiedName;
-  return true;
-}
-function resolveFirstStrategy(table, baseName, tablesWithSameName, prioritySchemas) {
-  const sorted = [...tablesWithSameName].sort(
-    (left, right) => compareTablesByPriorityAndName(left, right, prioritySchemas)
-  );
-  if (sorted[0]?.qualifiedName === table.qualifiedName) {
-    return { mappedName: baseName };
-  }
-  return { skipped: true };
-}
-function resolveConflict(table, baseName, tablesWithSameName, conflictStrategy, prioritySchemas) {
-  switch (conflictStrategy) {
-    case "prefix":
-      return { mappedName: generateSemanticName(table.schema, table.name, true) };
-    case "error":
-      throw new Error(
-        `Semantic name conflict: '${baseName}' maps to multiple tables: ${tablesWithSameName.map((candidate) => candidate.qualifiedName).join(", ")}`
-      );
-    case "first":
-      return resolveFirstStrategy(table, baseName, tablesWithSameName, prioritySchemas);
-  }
-}
-function generateMapping(tables, options = {}) {
-  const { conflictStrategy = "prefix", prioritySchemas = [], overrides = {} } = options;
-  const bySemanticName = groupBySemanticName(tables);
-  const conflicts = collectConflicts(bySemanticName);
-  const mapping = {};
-  const skipped = [];
-  for (const table of tables) {
-    if (applyOverride(table, overrides, mapping)) {
-      continue;
-    }
-    const baseName = snakeToCamel(table.name);
-    const tablesWithSameName = bySemanticName.get(baseName) ?? [];
-    if (tablesWithSameName.length === 1) {
-      mapping[baseName] = table.qualifiedName;
-      continue;
-    }
-    const resolution = resolveConflict(
-      table,
-      baseName,
-      tablesWithSameName,
-      conflictStrategy,
-      prioritySchemas
-    );
-    if (resolution.mappedName) {
-      mapping[resolution.mappedName] = table.qualifiedName;
-    } else if (resolution.skipped) {
-      skipped.push(table.qualifiedName);
-    }
-  }
-  return { mapping, conflicts, skipped };
-}
-function applyMappingToTables(tables, mapping) {
-  const reverseMapping = /* @__PURE__ */ new Map();
-  for (const [semantic, qualified] of Object.entries(mapping)) {
-    reverseMapping.set(qualified, semantic);
-  }
-  return tables.map((table) => ({
-    ...table,
-    semanticName: reverseMapping.get(table.qualifiedName) || table.semanticName
-  }));
-}
-
-// src/commands/db/utils/schema-sync.ts
-init_esm_shims();
-var VALID_PG_IDENTIFIER_PATTERN = /^[a-zA-Z_][a-zA-Z0-9_]{0,62}$/;
-function validatePgIdentifier(name, context) {
-  if (!name || typeof name !== "string") {
-    throw new Error(`Invalid ${context}: empty or not a string`);
-  }
-  if (!VALID_PG_IDENTIFIER_PATTERN.test(name)) {
-    throw new Error(
-      `Invalid ${context} "${name}": must start with letter/underscore and contain only alphanumeric/underscore characters`
-    );
-  }
-}
-function escapePgStringLiteral(value) {
-  if (typeof value !== "string") {
-    throw new Error("Value must be a string");
-  }
-  return value.replace(/\\/g, "\\\\").replace(/'/g, "''");
-}
-function buildSafeSchemaInClause(schemas) {
-  if (schemas.length === 0) {
-    throw new Error("No schemas provided for IN clause");
-  }
-  const safeSchemas = [];
-  for (const schema of schemas) {
-    validatePgIdentifier(schema, "schema name");
-    safeSchemas.push(`'${escapePgStringLiteral(schema)}'`);
-  }
-  return safeSchemas.join(",");
-}
-var ERROR_MESSAGES = {
-  PATH_TRAVERSAL: "Schema path validation failed",
-  SCHEMA_NOT_FOUND: "Schema file not found"
-};
-function containsPathTraversal(inputPath) {
-  const normalized = path.normalize(inputPath);
-  return normalized.includes("..") || inputPath.includes("\0");
-}
-function isPathWithinBase(filePath, baseDir) {
-  try {
-    const resolvedFile = path.resolve(filePath);
-    const resolvedBase = path.resolve(baseDir);
-    const normalizedFile = path.normalize(resolvedFile);
-    const normalizedBase = path.normalize(resolvedBase);
-    return normalizedFile === normalizedBase || normalizedFile.startsWith(normalizedBase + path.sep);
-  } catch {
-    return false;
-  }
-}
-function validateSchemaPath(dbPackagePath, projectRoot = process.cwd()) {
-  if (containsPathTraversal(dbPackagePath)) {
-    throw new Error(ERROR_MESSAGES.PATH_TRAVERSAL);
-  }
-  const schemaEntry = path.join(dbPackagePath, "src", "schema", "index.ts");
-  const absoluteSchemaPath = path.resolve(projectRoot, schemaEntry);
-  let resolvedProjectRoot;
-  try {
-    resolvedProjectRoot = realpathSync(projectRoot);
-  } catch {
-    resolvedProjectRoot = path.resolve(projectRoot);
-  }
-  if (!isPathWithinBase(absoluteSchemaPath, resolvedProjectRoot)) {
-    throw new Error(ERROR_MESSAGES.PATH_TRAVERSAL);
-  }
-  if (!existsSync(absoluteSchemaPath)) {
-    throw new Error(ERROR_MESSAGES.SCHEMA_NOT_FOUND);
-  }
-  return absoluteSchemaPath;
-}
-function uniqueSorted(values) {
-  return [...new Set(values)].sort((a, b) => a.localeCompare(b));
-}
-async function extractSchemaTablesAndEnums(dbPackagePath, projectRoot = process.cwd()) {
-  const validatedSchemaPath = validateSchemaPath(dbPackagePath, projectRoot);
-  const jiti = createJiti(projectRoot, { interopDefault: true });
-  let schemaModule;
-  try {
-    schemaModule = await jiti.import(validatedSchemaPath);
-  } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : String(error);
-    const hint = errorMessage.includes("unknown is not defined") ? "\n\nHint: Add 'unknown' to drizzle-orm/pg-core imports:\n  import { unknown, ... } from 'drizzle-orm/pg-core'" : "";
-    throw new Error(`Failed to load schema from ${validatedSchemaPath}: ${errorMessage}${hint}`);
-  }
-  const expectedTables = /* @__PURE__ */ new Set();
-  const expectedEnums = /* @__PURE__ */ new Map();
-  for (const value of Object.values(schemaModule)) {
-    if (isTable(value)) {
-      const unique = String(getTableUniqueName(value));
-      if (unique.startsWith("undefined.")) {
-        expectedTables.add(`public.${getTableName(value)}`);
-      } else {
-        expectedTables.add(unique);
-      }
-      continue;
-    }
-    if (isPgEnum(value)) {
-      expectedEnums.set(value.enumName, {
-        name: value.enumName,
-        values: uniqueSorted(value.enumValues)
-      });
-    }
-  }
-  return { expectedTables, expectedEnums };
-}
-async function fetchDbTablesAndEnums(databaseUrl, options) {
-  const schemaDir = options?.schemaDir ?? "packages/database/src/schema";
-  const managedSchemas = detectSchemaNames(schemaDir, process.cwd());
-  const systemSchemas = /* @__PURE__ */ new Set([
-    ...SUPABASE_SYSTEM_SCHEMAS,
-    ...options?.additionalSystemSchemas ?? []
-  ]);
-  const filteredManagedSchemas = managedSchemas.filter((s) => !systemSchemas.has(s));
-  const schemaList = buildSafeSchemaInClause(filteredManagedSchemas);
-  const tablesSql = `
-SELECT schemaname || '.' || tablename
-FROM pg_tables
-WHERE schemaname IN (${schemaList})
-ORDER BY schemaname, tablename;`.trim();
-  const enumsSql = `
-SELECT t.typname AS enum_name, string_agg(e.enumlabel, ',' ORDER BY e.enumsortorder) AS values
-FROM pg_type t
-JOIN pg_enum e ON t.oid = e.enumtypid
-JOIN pg_namespace n ON n.oid = t.typnamespace
-WHERE n.nspname = 'public'
-GROUP BY t.typname
-ORDER BY t.typname;`.trim();
-  const tablesOut = await psqlQuery({ databaseUrl, sql: tablesSql, mode: "table" });
-  const dbTables = /* @__PURE__ */ new Set();
-  for (const line of tablesOut.split("\n")) {
-    const v = line.trim();
-    if (v.length > 0) dbTables.add(v);
-  }
-  const enumsOut = await psqlQuery({ databaseUrl, sql: enumsSql, mode: "table" });
-  const dbEnums = /* @__PURE__ */ new Map();
-  for (const line of enumsOut.split("\n")) {
-    const trimmed = line.trim();
-    if (trimmed.length === 0) continue;
-    const [enumName, valuesCsv] = trimmed.split("|").map((s) => s.trim());
-    const values = valuesCsv ? valuesCsv.split(",").map((s) => s.trim()) : [];
-    dbEnums.set(enumName, { name: enumName, values: uniqueSorted(values) });
-  }
-  return { dbTables, dbEnums };
-}
-function diffSchema(params) {
-  const missingTables = uniqueSorted(
-    [...params.expectedTables].filter((t) => !params.dbTables.has(t))
-  );
-  const exclusions = new Set(params.excludeFromOrphanDetection ?? []);
-  const exclusionPatterns = [...exclusions].filter((e) => e.includes("*"));
-  const exactExclusions = [...exclusions].filter((e) => !e.includes("*"));
-  const isExcluded = (table) => {
-    if (exactExclusions.includes(table)) return true;
-    for (const pattern of exclusionPatterns) {
-      const escaped = pattern.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-      const regex = new RegExp(`^${escaped.replace(/\\\*/g, ".*")}$`);
-      if (regex.test(table)) return true;
-    }
-    return false;
-  };
-  const orphanTables = uniqueSorted(
-    [...params.dbTables].filter((t) => !params.expectedTables.has(t) && !isExcluded(t))
-  );
-  const expectedEnumNames = new Set(params.expectedEnums.keys());
-  const dbEnumNames = new Set(params.dbEnums.keys());
-  const missingEnums = uniqueSorted([...expectedEnumNames].filter((n) => !dbEnumNames.has(n)));
-  const extraEnums = uniqueSorted([...dbEnumNames].filter((n) => !expectedEnumNames.has(n)));
-  const enumValueMismatches = [];
-  for (const name of uniqueSorted([...expectedEnumNames].filter((n) => dbEnumNames.has(n)))) {
-    const s = params.expectedEnums.get(name);
-    const d = params.dbEnums.get(name);
-    if (!s || !d) continue;
-    const schemaValues = uniqueSorted(s.values);
-    const dbValues = uniqueSorted(d.values);
-    const same = schemaValues.length === dbValues.length && schemaValues.every((v, i) => v === dbValues[i]);
-    if (same) continue;
-    const added = schemaValues.filter((v) => !dbValues.includes(v));
-    const removed = dbValues.filter((v) => !schemaValues.includes(v));
-    enumValueMismatches.push({ name, dbValues, schemaValues, added, removed });
-  }
-  return {
-    expectedTables: params.expectedTables,
-    expectedEnums: params.expectedEnums,
-    dbTables: params.dbTables,
-    dbEnums: params.dbEnums,
-    missingTables,
-    orphanTables,
-    missingEnums,
-    extraEnums,
-    enumValueMismatches
-  };
-}
-function extractTablesFromIdempotentSql(idempotentDir, projectRoot = process.cwd()) {
-  const fullPath = path.resolve(projectRoot, idempotentDir);
-  if (!existsSync(fullPath)) {
-    return [];
-  }
-  const tables = [];
-  const createTablePattern = /CREATE\s+TABLE\s+(?:IF\s+NOT\s+EXISTS\s+)?(?:"?([a-zA-Z_][a-zA-Z0-9_]*)"?\.)?(?:"?([a-zA-Z_][a-zA-Z0-9_]*)"?)/gi;
-  try {
-    const files = readdirSync(fullPath).filter((f) => f.endsWith(".sql"));
-    for (const file of files) {
-      const filePath = path.join(fullPath, file);
-      const content = readFileSync(filePath, "utf-8");
-      const contentWithoutComments = content.replace(/--.*$/gm, "").replace(/\/\*[\s\S]*?\*\//g, "");
-      for (const match of contentWithoutComments.matchAll(createTablePattern)) {
-        const schema = match[1] || "public";
-        const tableName = match[2];
-        if (tableName) {
-          tables.push(`${schema}.${tableName}`);
-        }
-      }
-    }
-  } catch {
-    return [];
-  }
-  return [...new Set(tables)].sort();
-}
-
-// src/commands/db/utils/sql-table-extractor.ts
-init_esm_shims();
-
-// src/commands/db/utils/sql-table-extractor-regex.ts
-init_esm_shims();
-function findTablesRegex(ctx) {
-  const tables = [];
-  const regex = new RegExp(SQL_PATTERNS.createTable.source, "gi");
-  for (const match of ctx.content.matchAll(regex)) {
-    const reference = parseTableReference(match[1] ?? "");
-    if (!reference) continue;
-    const lineNumber = getLineNumber(ctx.content, match.index ?? 0);
-    const tableBody = extractTableBody(ctx.content, match.index ?? 0);
-    tables.push({ schema: reference.schema, name: reference.name, lineNumber, tableBody });
-  }
-  return tables;
-}
-function shouldSkipColumnLine(trimmed) {
-  return !trimmed || trimmed.startsWith("--") || /^(?:PRIMARY|FOREIGN|UNIQUE|CHECK|CONSTRAINT)\s/i.test(trimmed);
-}
-function isReservedKeyword(name) {
-  return /^(?:PRIMARY|FOREIGN|UNIQUE|CHECK|CONSTRAINT)$/i.test(name);
-}
-var COLUMN_CONSTRAINT_KEYWORDS = [
-  "NOT NULL",
-  "DEFAULT",
-  "REFERENCES",
-  "PRIMARY",
-  "UNIQUE",
-  "CHECK",
-  "CONSTRAINT"
-];
-function isBoundaryAtTopLevel(source, index, keyword) {
-  const before = index === 0 || /\s|[(),]/.test(source[index - 1] ?? "");
-  const after = index + keyword.length;
-  const afterChar = source[after] ?? "";
-  const afterBoundary = after === source.length || /\s|[(),]/.test(afterChar);
-  if (!before || !afterBoundary) {
-    return false;
-  }
-  return source.substring(index, after).toUpperCase() === keyword;
-}
-function createConstraintScanState() {
-  return {
-    depth: 0,
-    dollarTag: "",
-    inDollarQuote: false,
-    inDoubleQuote: false,
-    inSingleQuote: false
-  };
-}
-function consumeConstraintDollarQuote(line, index, state) {
-  if ((line[index] ?? "") !== "$" || state.inSingleQuote || state.inDoubleQuote) {
-    return null;
-  }
-  if (state.inDollarQuote) {
-    const closeTag = `$${state.dollarTag}$`;
-    if (!line.slice(index).startsWith(closeTag)) {
-      return null;
-    }
-    state.inDollarQuote = false;
-    state.dollarTag = "";
-    return index + closeTag.length - 1;
-  }
-  const tagMatch = line.slice(index).match(/^\$([a-zA-Z_][a-zA-Z0-9_]*)?\$/);
-  if (!tagMatch) {
-    return null;
-  }
-  state.inDollarQuote = true;
-  state.dollarTag = tagMatch[1] ?? "";
-  return index + tagMatch[0].length - 1;
-}
-function consumeConstraintSingleQuote(line, index, state) {
-  if ((line[index] ?? "") !== "'" || state.inDoubleQuote || state.inDollarQuote) {
-    return null;
-  }
-  if (state.inSingleQuote && (line[index + 1] ?? "") === "'") {
-    return index + 1;
-  }
-  state.inSingleQuote = !state.inSingleQuote;
-  return index;
-}
-function consumeConstraintDoubleQuote(line, index, state) {
-  if ((line[index] ?? "") !== '"' || state.inSingleQuote || state.inDollarQuote) {
-    return null;
-  }
-  if (state.inDoubleQuote && (line[index + 1] ?? "") === '"') {
-    return index + 1;
-  }
-  state.inDoubleQuote = !state.inDoubleQuote;
-  return index;
-}
-function consumeConstraintQuote(line, index, state) {
-  const adjustedByDollar = consumeConstraintDollarQuote(line, index, state);
-  if (adjustedByDollar !== null) {
-    return adjustedByDollar;
-  }
-  const adjustedBySingle = consumeConstraintSingleQuote(line, index, state);
-  if (adjustedBySingle !== null) {
-    return adjustedBySingle;
-  }
-  return consumeConstraintDoubleQuote(line, index, state);
-}
-function isInsideConstraintQuote(state) {
-  return state.inSingleQuote || state.inDoubleQuote || state.inDollarQuote;
-}
-function updateConstraintDepth(char, state) {
-  if (char === "(") {
-    state.depth += 1;
-    return;
-  }
-  if (char === ")" && state.depth > 0) {
-    state.depth -= 1;
-  }
-}
-function findKeywordAtTopLevel(upper, index, keywords) {
-  return keywords.some(
-    (keyword) => upper.startsWith(keyword, index) && isBoundaryAtTopLevel(upper, index, keyword)
-  );
-}
-function findConstraintStart(line, keywords = COLUMN_CONSTRAINT_KEYWORDS) {
-  const upper = line.toUpperCase();
-  const state = createConstraintScanState();
-  for (let i = 0; i < upper.length; i++) {
-    const adjustedIndex = consumeConstraintQuote(line, i, state);
-    if (adjustedIndex !== null) {
-      i = adjustedIndex;
-      continue;
-    }
-    if (isInsideConstraintQuote(state)) continue;
-    const char = upper[i] ?? "";
-    updateConstraintDepth(char, state);
-    if (char === "(" || char === ")") continue;
-    if (state.depth !== 0) continue;
-    if (findKeywordAtTopLevel(upper, i, keywords)) return i;
-  }
-  return -1;
-}
-function parseInlineReference(constraintSource) {
-  const referenceStart = findConstraintStart(constraintSource, ["REFERENCES"]);
-  if (referenceStart === -1) {
-    return null;
-  }
-  const afterConstraint = constraintSource.slice(referenceStart);
-  if (!/^\s*REFERENCES\s+/i.test(afterConstraint)) {
-    return null;
-  }
-  const refMatch = afterConstraint.match(
-    new RegExp(`^\\s*REFERENCES\\s+(${TABLE_REFERENCE})\\s*\\(\\s*(${SQL_IDENTIFIER})\\s*\\)`, "i")
-  );
-  if (!refMatch) {
-    return null;
-  }
-  const ref = parseTableReference(refMatch[1] ?? "");
-  const refColumn = unquoteIdentifier(refMatch[2] ?? "");
-  if (!ref || !refColumn) {
-    return null;
-  }
-  return { table: `${ref.schema}.${ref.name}`, column: refColumn };
-}
-function splitColumnDeclaration(line) {
-  const columnMatch = line.match(
-    /^((?:"(?:[^"]|"")*"|[a-zA-Z_][a-zA-Z0-9_]*))\s+(.+?)(?:\s*,\s*)?$/
-  );
-  if (!columnMatch) {
-    return null;
-  }
-  const name = unquoteIdentifier(columnMatch[1] ?? "");
-  const rest = (columnMatch[2] ?? "").trim();
-  if (!name || isReservedKeyword(name)) {
-    return null;
-  }
-  const typeEndIndex = (() => {
-    const withParens = rest;
-    const constraintsIndex = findConstraintStart(withParens);
-    if (constraintsIndex === -1) {
-      return withParens.length;
-    }
-    return constraintsIndex;
-  })();
-  const type = rest.slice(0, typeEndIndex).trim();
-  const remaining = rest.slice(typeEndIndex);
-  const inlineReference = parseInlineReference(remaining);
-  const hasDefault = findConstraintStart(remaining, ["DEFAULT"]) !== -1;
-  const notNull = findConstraintStart(remaining, ["NOT NULL"]) !== -1;
-  const isPrimaryKey = findConstraintStart(remaining, ["PRIMARY KEY"]) !== -1;
-  return {
-    name,
-    type,
-    hasDefault,
-    notNull,
-    isPrimaryKey,
-    inlineReferenceTable: inlineReference?.table,
-    inlineReferenceColumn: inlineReference?.column
-  };
-}
-function parseColumnsRegex(tableBody) {
-  const columns = [];
-  const seen = /* @__PURE__ */ new Set();
-  const lines = splitTopLevelSqlStatements(tableBody);
-  for (const line of lines) {
-    const trimmed = line.trim();
-    if (shouldSkipColumnLine(trimmed)) continue;
-    const column = splitColumnDeclaration(trimmed);
-    if (!column) continue;
-    if (!column.name || seen.has(column.name) || isReservedKeyword(column.name)) continue;
-    seen.add(column.name);
-    columns.push({
-      name: column.name,
-      type: normalizeType(column.type),
-      notNull: column.notNull || column.isPrimaryKey,
-      hasDefault: column.hasDefault,
-      isPrimaryKey: column.isPrimaryKey
-    });
-  }
-  return columns;
-}
-function parsePrimaryKeyRegex(tableBody) {
-  const regex = new RegExp(SQL_PATTERNS.primaryKey.source, "i");
-  const found = [];
-  for (const line of splitTopLevelSqlStatements(tableBody)) {
-    const match = line.match(regex);
-    if (!match || !match[1]) {
-      continue;
-    }
-    for (const col of match[1]?.split(",") ?? []) {
-      const normalized = unquoteIdentifier(col.trim());
-      if (normalized && !found.includes(normalized)) {
-        found.push(normalized);
-      }
-    }
-    regex.lastIndex = 0;
-  }
-  return found;
-}
-function parseExplicitForeignKeys(tableBody) {
-  const fks = [];
-  const fkRegex = new RegExp(SQL_PATTERNS.foreignKey.source, "gi");
-  for (const line of splitTopLevelSqlStatements(tableBody)) {
-    for (const match of line.matchAll(fkRegex)) {
-      const column = unquoteIdentifier(match[1] ?? "");
-      const ref = parseTableReference(match[2] ?? "");
-      const refColumn = unquoteIdentifier(match[3] ?? "");
-      if (!column || !ref || !refColumn) continue;
-      fks.push({
-        column,
-        referencesTable: `${ref.schema}.${ref.name}`,
-        referencesColumn: refColumn,
-        onDelete: normalizeOnAction(match[4]),
-        onUpdate: normalizeOnAction(match[5])
-      });
-    }
-  }
-  return fks;
-}
-function parseInlineForeignKeys(tableBody, existingColumns) {
-  const fks = [];
-  for (const fragment of splitTopLevelSqlStatements(tableBody)) {
-    const declaration = splitColumnDeclaration(fragment);
-    if (!declaration) continue;
-    if (!declaration.inlineReferenceTable || !declaration.inlineReferenceColumn) continue;
-    if (existingColumns.has(declaration.name)) continue;
-    fks.push({
-      column: declaration.name,
-      referencesTable: declaration.inlineReferenceTable,
-      referencesColumn: declaration.inlineReferenceColumn
-    });
-  }
-  return fks;
-}
-function parseForeignKeysRegex(tableBody) {
-  const explicitFks = parseExplicitForeignKeys(tableBody);
-  const existingColumns = new Set(explicitFks.map((fk) => fk.column));
-  const inlineFks = parseInlineForeignKeys(tableBody, existingColumns);
-  return [...explicitFks, ...inlineFks];
-}
-function parseIndexesRegex(content, schema, tableName) {
-  const indexes = [];
-  const regex = new RegExp(SQL_PATTERNS.createIndex.source, "gi");
-  for (const match of content.matchAll(regex)) {
-    const indexTableRef = parseTableReference(match[3] ?? "");
-    if (!indexTableRef) continue;
-    const indexSchema = indexTableRef.schema;
-    const indexTable = indexTableRef.name;
-    if (indexSchema === schema && indexTable === tableName) {
-      const indexName = unquoteIdentifier(match[2] ?? "");
-      if (!indexName) continue;
-      const rawColumns = match[4] ?? "";
-      indexes.push({
-        name: indexName,
-        columns: parseIndexColumns(rawColumns),
-        isUnique: !!match[1]
-      });
-    }
-  }
-  return indexes;
-}
-function hasRlsEnabledRegex(content, schema, tableName) {
-  const regex = new RegExp(SQL_PATTERNS.enableRls.source, "gi");
-  for (const match of content.matchAll(regex)) {
-    const matchTable = parseTableReference(match[1] ?? "");
-    if (!matchTable) continue;
-    if (matchTable.schema === schema && matchTable.name === tableName) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// src/commands/db/utils/sql-table-extractor-rls.ts
-init_esm_shims();
-function readDollarTagAt(content, index) {
-  if (content[index] !== "$") return void 0;
-  const match = content.slice(index).match(/^\$([a-zA-Z_][a-zA-Z0-9_]*)?\$/);
-  return match?.[0];
-}
-function consumePolicySingleQuote(content, state) {
-  if (!state.inSingleQuote) return false;
-  const char = content[state.cursor] ?? "";
-  const next = content[state.cursor + 1] ?? "";
-  if (char === "'" && next === "'") {
-    state.cursor += 2;
-    return true;
-  }
-  if (char === "'") {
-    state.inSingleQuote = false;
-  }
-  state.cursor += 1;
-  return true;
-}
-function consumePolicyDoubleQuote(content, state) {
-  if (!state.inDoubleQuote) return false;
-  const char = content[state.cursor] ?? "";
-  const next = content[state.cursor + 1] ?? "";
-  if (char === '"' && next === '"') {
-    state.cursor += 2;
-    return true;
-  }
-  if (char === '"') {
-    state.inDoubleQuote = false;
-  }
-  state.cursor += 1;
-  return true;
-}
-function consumePolicyDollarQuote(content, state) {
-  if (!state.inDollarQuote) return false;
-  const closeTag = `$${state.dollarTag}$`;
-  if (content.startsWith(closeTag, state.cursor)) {
-    state.inDollarQuote = false;
-    state.dollarTag = "";
-    state.cursor += closeTag.length;
-    return true;
-  }
-  state.cursor += 1;
-  return true;
-}
-function trySkipPolicyLineComment(content, state) {
-  if (state.inSingleQuote || state.inDoubleQuote || state.inDollarQuote) return false;
-  const char = content[state.cursor] ?? "";
-  const next = content[state.cursor + 1] ?? "";
-  if (char !== "-" || next !== "-") return false;
-  const newlineIndex = content.indexOf("\n", state.cursor);
-  state.cursor = newlineIndex === -1 ? content.length : newlineIndex + 1;
-  return true;
-}
-function trySkipPolicyBlockComment(content, state) {
-  if (state.inSingleQuote || state.inDoubleQuote || state.inDollarQuote) return false;
-  const char = content[state.cursor] ?? "";
-  const next = content[state.cursor + 1] ?? "";
-  if (char !== "/" || next !== "*") return false;
-  const closeIndex = content.indexOf("*/", state.cursor + 2);
-  state.cursor = closeIndex === -1 ? content.length : closeIndex + 2;
-  return true;
-}
-function tryStartPolicyDollarQuote(content, state) {
-  if (state.inSingleQuote || state.inDoubleQuote) return false;
-  const tag = readDollarTagAt(content, state.cursor);
-  if (!tag) return false;
-  state.inDollarQuote = true;
-  state.dollarTag = tag.slice(1, -1);
-  state.cursor += tag.length;
-  return true;
-}
-function tryStartPolicySingleQuote(content, state) {
-  if (state.inDoubleQuote || state.inDollarQuote || content[state.cursor] !== "'") return false;
-  state.inSingleQuote = true;
-  state.cursor += 1;
-  return true;
-}
-function tryStartPolicyDoubleQuote(content, state) {
-  if (state.inSingleQuote || state.inDollarQuote || content[state.cursor] !== '"') return false;
-  state.inDoubleQuote = true;
-  state.cursor += 1;
-  return true;
-}
-function consumePolicySqlTrivia(content, state) {
-  if (consumePolicySingleQuote(content, state)) return true;
-  if (consumePolicyDoubleQuote(content, state)) return true;
-  if (consumePolicyDollarQuote(content, state)) return true;
-  if (trySkipPolicyLineComment(content, state)) return true;
-  if (trySkipPolicyBlockComment(content, state)) return true;
-  if (tryStartPolicyDollarQuote(content, state)) return true;
-  if (tryStartPolicySingleQuote(content, state)) return true;
-  return tryStartPolicyDoubleQuote(content, state);
-}
-function findOutsideSqlCharIndex(content, startIndex, predicate) {
-  const state = {
-    cursor: startIndex,
-    inSingleQuote: false,
-    inDoubleQuote: false,
-    inDollarQuote: false,
-    dollarTag: ""
-  };
-  while (state.cursor < content.length) {
-    if (consumePolicySqlTrivia(content, state)) continue;
-    const char = content[state.cursor] ?? "";
-    if (predicate(char, state.cursor)) return state.cursor;
-    state.cursor += 1;
-  }
-  return void 0;
-}
-function extractCreatePolicyStatements(content) {
-  const statements = [];
-  const startRegex = /\bCREATE\s+POLICY\b/gi;
-  let match;
-  while ((match = startRegex.exec(content)) !== null) {
-    const startIndex = match.index ?? 0;
-    const endIndex = findSqlStatementEndForPolicy(content, startIndex);
-    statements.push(content.slice(startIndex, endIndex).trim());
-  }
-  return statements;
-}
-function findSqlStatementEndForPolicy(content, startIndex) {
-  const semicolonIndex = findOutsideSqlCharIndex(content, startIndex, (char) => char === ";");
-  return semicolonIndex === void 0 ? content.length : semicolonIndex + 1;
-}
-function extractBalancedClause(statement, startIndex) {
-  const openParenIndex = statement.indexOf("(", startIndex);
-  if (openParenIndex === -1) return void 0;
-  let depth = 0;
-  let clauseStart = -1;
-  const closeParenIndex = findOutsideSqlCharIndex(statement, openParenIndex, (char, index) => {
-    if (char === "(") {
-      if (depth === 0) clauseStart = index + 1;
-      depth++;
-      return false;
-    }
-    if (char === ")") {
-      depth--;
-      return depth === 0 && clauseStart !== -1;
-    }
-    return false;
-  });
-  if (closeParenIndex === void 0 || clauseStart === -1) return void 0;
-  return statement.slice(clauseStart, closeParenIndex).trim();
-}
-function parsePolicyDefinitionFromStatement(statement, headerRegex, schema, tableName) {
-  const match = statement.match(headerRegex);
-  if (!match) return void 0;
-  const policyName = unquoteIdentifier(match[1] ?? match[2] ?? "");
-  const policyTableRef = parseTableReference(match[3] ?? "");
-  if (!policyName || !policyTableRef) return void 0;
-  if (policyTableRef.schema !== schema || policyTableRef.name !== tableName) return void 0;
-  const usingIndex = statement.search(/\bUSING\s*\(/i);
-  const withCheckIndex = statement.search(/\bWITH\s+CHECK\s*\(/i);
-  return {
-    name: policyName,
-    command: (match[4] || "ALL").toUpperCase(),
-    using: usingIndex !== -1 ? extractBalancedClause(statement, usingIndex) : void 0,
-    withCheck: withCheckIndex !== -1 ? extractBalancedClause(statement, withCheckIndex) : void 0
-  };
-}
-function parsePoliciesRegex(content, schema, tableName) {
-  const policies = [];
-  const statements = extractCreatePolicyStatements(content);
-  const headerRegex = new RegExp(
-    `^\\s*CREATE\\s+POLICY\\s+(?:"((?:[^"]|"")*)"|([a-zA-Z_][a-zA-Z0-9_]*))\\s+ON\\s+(${TABLE_REFERENCE})(?:\\s+AS\\s+\\w+)?(?:\\s+FOR\\s+(\\w+))?`,
-    "i"
-  );
-  for (const statement of statements) {
-    const parsed = parsePolicyDefinitionFromStatement(statement, headerRegex, schema, tableName);
-    if (parsed) {
-      policies.push(parsed);
-    }
-  }
-  return policies;
-}
-
-// src/commands/db/utils/sql-table-extractor-ast.ts
-init_esm_shims();
-function convertAstColumns(columns, include) {
-  if (!include) return void 0;
-  return columns.map((col) => ({
-    name: col.name,
-    type: col.type,
-    notNull: col.notNull,
-    hasDefault: col.hasDefault,
-    isPrimaryKey: col.isPrimaryKey
-  }));
-}
-function convertAstForeignKeys(fks, include) {
-  if (!include) return void 0;
-  const result = fks.map((fk) => ({
-    column: fk.column,
-    referencesTable: fk.referencesTable,
-    referencesColumn: fk.referencesColumn,
-    onDelete: fk.onDelete,
-    onUpdate: fk.onUpdate
-  }));
-  return result.length > 0 ? result : void 0;
-}
-function convertAstIndexes(indexes, include) {
-  if (!include || indexes.length === 0) return void 0;
-  return indexes.map((idx) => ({
-    name: idx.name,
-    columns: idx.columns,
-    isUnique: idx.isUnique
-  }));
-}
-async function extractTablesWithAst(content, filePath, opts) {
-  const parser = await getSqlParserUtils();
-  if (!parser) return [];
-  const astTables = await parser.parseCreateTables(content);
-  const tables = [];
-  for (const astTable of astTables) {
-    if (opts.includeIndexes) {
-      await parser.parseIndexesForTables(content, [astTable]);
-    }
-    const hasRls = hasRlsEnabledRegex(content, astTable.schema, astTable.name);
-    const rlsPolicies = opts.includeRlsPolicies && hasRls ? parsePoliciesRegex(content, astTable.schema, astTable.name) : void 0;
-    tables.push({
-      schema: astTable.schema,
-      name: astTable.name,
-      qualifiedName: astTable.qualifiedName,
-      semanticName: snakeToCamel2(astTable.name),
-      sourceFile: filePath,
-      lineNumber: astTable.lineNumber ?? 1,
-      columns: convertAstColumns(astTable.columns, opts.includeColumns),
-      primaryKey: astTable.primaryKey,
-      foreignKeys: convertAstForeignKeys(astTable.foreignKeys, opts.includeForeignKeys),
-      indexes: convertAstIndexes(astTable.indexes, opts.includeIndexes),
-      hasRls,
-      rlsPolicies: rlsPolicies?.length ? rlsPolicies : void 0
-    });
-  }
-  return tables;
-}
-
-// src/commands/db/utils/sql-table-extractor.ts
-var sqlParserUtils = null;
-var astAvailable = null;
-async function isAstParserAvailable() {
-  if (astAvailable !== null) return astAvailable;
-  try {
-    const { loadSqlParserUtils } = await import('@runa-ai/runa/ast');
-    sqlParserUtils = await loadSqlParserUtils();
-    const isAvailable = await sqlParserUtils.isSqlParserAvailable();
-    astAvailable = isAvailable;
-    return isAvailable;
-  } catch {
-    astAvailable = false;
-    return false;
-  }
-}
-async function getSqlParserUtils() {
-  if (sqlParserUtils) return sqlParserUtils;
-  await isAstParserAvailable();
-  return sqlParserUtils;
-}
-var SQL_IDENTIFIER = '(?:"(?:[^"]|"")*"|[a-zA-Z_][a-zA-Z0-9_]*)';
-var TABLE_REFERENCE = `${SQL_IDENTIFIER}(?:\\s*\\.\\s*${SQL_IDENTIFIER})?`;
-var TABLE_IDENTIFIER = /(?:"(?:[^"]|"")*"|[a-zA-Z_][a-zA-Z0-9_]*)/g;
-var SQL_PATTERNS = {
-  // CREATE TABLE [IF NOT EXISTS] schema.table_name (
-  createTable: new RegExp(
-    `CREATE\\s+TABLE\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(${TABLE_REFERENCE})\\s*\\(`,
-    "gi"
-  ),
-  // PRIMARY KEY (columns)
-  primaryKey: /PRIMARY\s+KEY\s*\(([^)]+)\)/gi,
-  // FOREIGN KEY (column) REFERENCES schema.table(column) [ON DELETE|UPDATE ...]
-  foreignKey: new RegExp(
-    `FOREIGN\\s+KEY\\s*\\((${SQL_IDENTIFIER})\\)\\s*REFERENCES\\s+(${TABLE_REFERENCE})\\s*\\((${SQL_IDENTIFIER})\\)(?:\\s+ON\\s+DELETE\\s+(\\w+(?:\\s+\\w+)?))?(?:\\s+ON\\s+UPDATE\\s+(\\w+(?:\\s+\\w+)?))?`,
-    "gi"
-  ),
-  // CREATE [UNIQUE] INDEX name ON schema.table (columns)
-  createIndex: new RegExp(
-    `CREATE\\s+(UNIQUE\\s+)?INDEX\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(${SQL_IDENTIFIER})\\s+ON\\s+(${TABLE_REFERENCE})(?:\\s+USING\\s+\\w+)?\\s*\\(([^)]+)\\)`,
-    "gi"
-  ),
-  // ALTER TABLE ... ENABLE ROW LEVEL SECURITY
-  enableRls: new RegExp(
-    `ALTER\\s+TABLE\\s+(${TABLE_REFERENCE})\\s+ENABLE\\s+ROW\\s+LEVEL\\s+SECURITY`,
-    "gi"
-  )
-};
-function createTopLevelSplitState() {
-  return {
-    depth: 0,
-    dollarTag: "",
-    inDollarQuote: false,
-    inDoubleQuote: false,
-    inSingleQuote: false,
-    start: 0
-  };
-}
-function consumeDollarQuoteToken(content, index, state) {
-  if ((content[index] ?? "") !== "$" || state.inSingleQuote || state.inDoubleQuote) {
-    return null;
-  }
-  if (state.inDollarQuote) {
-    const closeTag = `$${state.dollarTag}$`;
-    if (!content.slice(index).startsWith(closeTag)) {
-      return null;
-    }
-    state.inDollarQuote = false;
-    state.dollarTag = "";
-    return index + closeTag.length - 1;
-  }
-  const tagMatch = content.slice(index).match(/^\$([a-zA-Z_][a-zA-Z0-9_]*)?\$/);
-  if (!tagMatch) {
-    return null;
-  }
-  state.inDollarQuote = true;
-  state.dollarTag = tagMatch[1] ?? "";
-  return index + tagMatch[0].length - 1;
-}
-function consumeSingleQuoteToken(content, index, state) {
-  if ((content[index] ?? "") !== "'" || state.inDoubleQuote || state.inDollarQuote) {
-    return null;
-  }
-  if (state.inSingleQuote && (content[index + 1] ?? "") === "'") {
-    return index + 1;
-  }
-  state.inSingleQuote = !state.inSingleQuote;
-  return index;
-}
-function consumeDoubleQuoteToken(content, index, state) {
-  if ((content[index] ?? "") !== '"' || state.inSingleQuote || state.inDollarQuote) {
-    return null;
-  }
-  if (state.inDoubleQuote && (content[index + 1] ?? "") === '"') {
-    return index + 1;
-  }
-  state.inDoubleQuote = !state.inDoubleQuote;
-  return index;
-}
-function consumeQuoteToken(content, index, state) {
-  const adjustedByDollarQuote = consumeDollarQuoteToken(content, index, state);
-  if (adjustedByDollarQuote !== null) {
-    return adjustedByDollarQuote;
-  }
-  const adjustedBySingleQuote = consumeSingleQuoteToken(content, index, state);
-  if (adjustedBySingleQuote !== null) {
-    return adjustedBySingleQuote;
-  }
-  return consumeDoubleQuoteToken(content, index, state);
-}
-function isInQuotedScope(state) {
-  return state.inSingleQuote || state.inDoubleQuote || state.inDollarQuote;
-}
-function processStructuralToken(content, index, state, chunks) {
-  const char = content[index] ?? "";
-  if (char === "(") {
-    state.depth += 1;
-    return;
-  }
-  if (char === ")" && state.depth > 0) {
-    state.depth -= 1;
-    return;
-  }
-  if (char === "," && state.depth === 0) {
-    chunks.push(content.slice(state.start, index));
-    state.start = index + 1;
-  }
-}
-function splitByTopLevelComma(content) {
-  const chunks = [];
-  const state = createTopLevelSplitState();
-  for (let i = 0; i < content.length; i++) {
-    const adjustedIndex = consumeQuoteToken(content, i, state);
-    if (adjustedIndex !== null) {
-      i = adjustedIndex;
-      continue;
-    }
-    if (isInQuotedScope(state)) continue;
-    processStructuralToken(content, i, state, chunks);
-  }
-  chunks.push(content.slice(state.start));
-  return chunks.map((chunk) => chunk.trim()).filter(Boolean);
-}
-function splitTopLevelSqlStatements(content) {
-  return splitByTopLevelComma(content);
-}
-function splitTopLevelCsv(content) {
-  return splitByTopLevelComma(content);
-}
-function collectSqlFiles(dir) {
-  const entries = readdirSync(dir, { withFileTypes: true });
-  const files = [];
-  for (const entry of entries) {
-    const fullPath = join(dir, entry.name);
-    if (entry.isDirectory()) {
-      files.push(...collectSqlFiles(fullPath));
-    } else if (entry.isFile() && fullPath.endsWith(".sql")) {
-      files.push(fullPath);
-    }
-  }
-  return files;
-}
-function snakeToCamel2(str) {
-  return str.replace(/_([a-z])/g, (_, c) => c.toUpperCase());
-}
-function getLineNumber(content, position) {
-  return content.substring(0, position).split("\n").length;
-}
-function extractTableBody(content, startPos) {
-  let depth = 0;
-  let bodyStart = -1;
-  let bodyEnd = -1;
-  for (let i = startPos; i < content.length; i++) {
-    const char = content[i];
-    if (char === "(") {
-      if (depth === 0) {
-        bodyStart = i + 1;
-      }
-      depth++;
-    } else if (char === ")") {
-      depth--;
-      if (depth === 0) {
-        bodyEnd = i;
-        break;
-      }
-    }
-  }
-  if (bodyStart === -1 || bodyEnd === -1) {
-    return "";
-  }
-  return content.substring(bodyStart, bodyEnd);
-}
-function normalizeType(type) {
-  return type.trim().replace(/\s+/g, " ").toLowerCase().replace("character varying", "varchar").replace("timestamp with time zone", "timestamptz").replace("timestamp without time zone", "timestamp");
-}
-function unquoteIdentifier(identifier) {
-  const trimmed = identifier.trim();
-  if (trimmed.startsWith('"') && trimmed.endsWith('"')) {
-    return trimmed.slice(1, -1).replace(/""/g, '"');
-  }
-  return trimmed;
-}
-function parseTableReference(ref) {
-  const tokens = [...ref.matchAll(new RegExp(TABLE_IDENTIFIER.source, "g"))].map(
-    (match) => unquoteIdentifier(match[0] ?? "")
-  );
-  if (tokens.length === 1) {
-    return { schema: "public", name: tokens[0] ?? "" };
-  }
-  if (tokens.length === 2) {
-    return { schema: tokens[0] ?? "", name: tokens[1] ?? "" };
-  }
-  return null;
-}
-function parseIndexColumns(rawColumns) {
-  return splitTopLevelCsv(rawColumns).map((col) => {
-    const trimmed = col.trim();
-    const quotedMatch = trimmed.match(/^"([^"]+)"/);
-    if (quotedMatch) {
-      return quotedMatch[1];
-    }
-    const unquotedMatch = trimmed.match(/^(\w+)/);
-    if (unquotedMatch) {
-      return unquotedMatch[1];
-    }
-    return "";
-  }).filter(Boolean);
-}
-function normalizeOnAction(action) {
-  if (!action) return void 0;
-  const normalized = action.toUpperCase().replace(/\s+/g, " ").trim();
-  switch (normalized) {
-    case "CASCADE":
-      return "CASCADE";
-    case "SET NULL":
-      return "SET NULL";
-    case "SET DEFAULT":
-      return "SET DEFAULT";
-    case "RESTRICT":
-      return "RESTRICT";
-    case "NO ACTION":
-      return "NO ACTION";
-    default:
-      return void 0;
-  }
-}
-function resolveOptions(options) {
-  return {
-    includeColumns: options.includeColumns ?? true,
-    includeForeignKeys: options.includeForeignKeys ?? true,
-    includeIndexes: options.includeIndexes ?? true,
-    includeRlsPolicies: options.includeRlsPolicies ?? true
-  };
-}
-function buildTableEntryRegex(table, content, filePath, opts) {
-  const qualifiedName = `${table.schema}.${table.name}`;
-  const pkFromBody = parsePrimaryKeyRegex(table.tableBody);
-  let columns;
-  if (opts.includeColumns) {
-    columns = parseColumnsRegex(table.tableBody);
-    for (const col of columns) {
-      if (pkFromBody.includes(col.name)) {
-        col.isPrimaryKey = true;
-      }
-    }
-  }
-  const foreignKeys = opts.includeForeignKeys ? parseForeignKeysRegex(table.tableBody) : void 0;
-  const indexes = opts.includeIndexes ? parseIndexesRegex(content, table.schema, table.name) : void 0;
-  const hasRls = hasRlsEnabledRegex(content, table.schema, table.name);
-  const rlsPolicies = opts.includeRlsPolicies && hasRls ? parsePoliciesRegex(content, table.schema, table.name) : void 0;
-  return {
-    schema: table.schema,
-    name: table.name,
-    qualifiedName,
-    semanticName: snakeToCamel2(table.name),
-    sourceFile: filePath,
-    lineNumber: table.lineNumber,
-    columns,
-    primaryKey: pkFromBody.length > 0 ? pkFromBody : void 0,
-    foreignKeys: foreignKeys?.length ? foreignKeys : void 0,
-    indexes: indexes?.length ? indexes : void 0,
-    hasRls,
-    rlsPolicies: rlsPolicies?.length ? rlsPolicies : void 0
-  };
-}
-function processTablesFromFileRegex(filePath, opts, seen) {
-  const rawContent = readFileSync(filePath, "utf-8");
-  const content = stripSqlComments(rawContent);
-  const ctx = { content, lines: content.split("\n") };
-  const tables = findTablesRegex(ctx);
-  const entries = [];
-  for (const table of tables) {
-    const qualifiedName = `${table.schema}.${table.name}`;
-    if (seen?.has(qualifiedName)) continue;
-    seen?.add(qualifiedName);
-    entries.push(buildTableEntryRegex(table, content, filePath, opts));
-  }
-  return entries;
-}
-async function processTablesFromFile(filePath, opts, seen) {
-  const content = readFileSync(filePath, "utf-8");
-  if (await isAstParserAvailable()) {
-    const astTables = await extractTablesWithAst(content, filePath, opts);
-    if (astTables.length > 0) {
-      const entries = [];
-      for (const table of astTables) {
-        if (seen?.has(table.qualifiedName)) continue;
-        seen?.add(table.qualifiedName);
-        entries.push(table);
-      }
-      return entries;
-    }
-  }
-  return processTablesFromFileRegex(filePath, opts, seen);
-}
-async function extractTablesFromSqlDir(sqlDir, options = {}) {
-  if (!existsSync(sqlDir)) return [];
-  const opts = resolveOptions(options);
-  const seen = /* @__PURE__ */ new Set();
-  const tableEntries = [];
-  const files = collectSqlFiles(sqlDir).sort();
-  for (const file of files) {
-    const filePath = file;
-    const entries = await processTablesFromFile(filePath, opts, seen);
-    tableEntries.push(...entries);
-  }
-  return tableEntries;
-}
-
-// src/commands/db/utils/table-source-classifier.ts
-init_esm_shims();
-function splitQualifiedName(qualifiedName) {
-  const [schema = "", table = ""] = qualifiedName.split(".", 2);
-  return { schema, table };
-}
-function escapeRegexLiteral(value) {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function buildTablePatternMatcher(patterns) {
-  const compiled = patterns.map((p) => p.trim()).filter((p) => p.length > 0).map((pattern) => {
-    const target = pattern.includes(".") ? "qualified" : "table";
-    const regex = new RegExp(`^${escapeRegexLiteral(pattern).replace(/\\\*/g, ".*")}$`);
-    return { target, regex };
-  });
-  return (qualifiedName) => {
-    const { table } = splitQualifiedName(qualifiedName);
-    for (const entry of compiled) {
-      const candidate = entry.target === "qualified" ? qualifiedName : table;
-      if (entry.regex.test(candidate)) {
-        return true;
-      }
-    }
-    return false;
-  };
-}
-function findIdempotentAncestor(table, partitionParentMap, idempotentManagedTables) {
-  if (idempotentManagedTables.has(table)) {
-    return table;
-  }
-  let current = table;
-  const visited = /* @__PURE__ */ new Set();
-  while (!visited.has(current)) {
-    visited.add(current);
-    const parent = partitionParentMap.get(current);
-    if (!parent) {
-      return null;
-    }
-    if (idempotentManagedTables.has(parent)) {
-      return parent;
-    }
-    current = parent;
-  }
-  return null;
-}
-function isSystemManagedTable(params) {
-  const { schema } = splitQualifiedName(params.qualifiedName);
-  return params.systemSchemas.has(schema) || params.knownSystemTables.has(params.qualifiedName);
-}
-function classifyIdempotentManagedTable(params) {
-  const idempotentAncestor = findIdempotentAncestor(
-    params.qualifiedName,
-    params.partitionParentMap,
-    params.idempotentManagedTables
-  );
-  if (!idempotentAncestor) {
-    return null;
-  }
-  return {
-    qualifiedName: params.qualifiedName,
-    detail: idempotentAncestor === params.qualifiedName ? "matched CREATE TABLE in idempotent SQL" : `partition child of ${idempotentAncestor}`
-  };
-}
-function classifyExtensionSystemOrAllowlistedTable(params) {
-  const extensionName = params.extensionManagedTables.get(params.qualifiedName);
-  if (extensionName) {
-    return {
-      qualifiedName: params.qualifiedName,
-      detail: `managed by extension "${extensionName}"`
-    };
-  }
-  if (isSystemManagedTable({
-    qualifiedName: params.qualifiedName,
-    systemSchemas: params.systemSchemas,
-    knownSystemTables: params.knownSystemTables
-  })) {
-    return {
-      qualifiedName: params.qualifiedName,
-      detail: "system-managed schema/table"
-    };
-  }
-  if (params.exclusionMatcher(params.qualifiedName)) {
-    return {
-      qualifiedName: params.qualifiedName,
-      detail: "allowlisted by database.pgSchemaDiff.excludeFromOrphanDetection"
-    };
-  }
-  return null;
-}
-function classifyMissingSourceTables(params) {
-  const extensionManagedTables = params.extensionManagedTables ?? /* @__PURE__ */ new Map();
-  const partitionParentMap = params.partitionParentMap ?? /* @__PURE__ */ new Map();
-  const exclusionMatcher = buildTablePatternMatcher(params.excludeFromOrphanDetection ?? []);
-  const systemSchemas = new Set(params.systemSchemas ?? []);
-  const knownSystemTables = new Set(params.knownSystemTables ?? []);
-  const classified = {
-    definedInIdempotentDynamicDdl: [],
-    extensionManagedOrSystemTable: [],
-    trulyOrphaned: []
-  };
-  for (const qualifiedName of params.tablesWithoutSource) {
-    const idempotentManagedItem = classifyIdempotentManagedTable({
-      qualifiedName,
-      partitionParentMap,
-      idempotentManagedTables: params.idempotentManagedTables
-    });
-    if (idempotentManagedItem) {
-      classified.definedInIdempotentDynamicDdl.push(idempotentManagedItem);
-      continue;
-    }
-    const extensionSystemOrAllowlistedItem = classifyExtensionSystemOrAllowlistedTable({
-      qualifiedName,
-      extensionManagedTables,
-      systemSchemas,
-      knownSystemTables,
-      exclusionMatcher
-    });
-    if (extensionSystemOrAllowlistedItem) {
-      classified.extensionManagedOrSystemTable.push(extensionSystemOrAllowlistedItem);
-      continue;
-    }
-    classified.trulyOrphaned.push(qualifiedName);
-  }
-  return classified;
-}
-
-// src/commands/db/utils/table-registry-introspection.ts
-init_esm_shims();
-var VALID_PG_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]{0,62}$/;
-function validatePgIdentifier2(name, context) {
-  if (!name || typeof name !== "string") {
-    throw new Error(`Invalid ${context}: empty or not a string`);
-  }
-  if (!VALID_PG_IDENTIFIER.test(name)) {
-    throw new Error(
-      `Invalid ${context} "${name}": must start with letter/underscore and contain only alphanumeric/underscore characters`
-    );
-  }
-}
-function buildSafeSchemaInClause2(schemas) {
-  if (schemas.length === 0) {
-    throw new Error("No schemas provided for IN clause");
-  }
-  const safeSchemas = [];
-  for (const schema of schemas) {
-    validatePgIdentifier2(schema, "schema name");
-    safeSchemas.push(`'${schema.replace(/'/g, "''")}'`);
-  }
-  return safeSchemas.join(",");
-}
-async function introspectTablesFromDb(databaseUrl, schemas) {
-  try {
-    const result = await introspectDatabase(databaseUrl, { schemas });
-    return convertIntrospectionToTableEntries(result);
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    if (message.includes("ECONNREFUSED") || message.includes("connection refused")) {
-      throw new Error(
-        `[DB Introspection] Cannot connect to database.
-  URL: ${databaseUrl.replace(/:[^:@]+@/, ":***@")}
-  Cause: ${message}
-
-  Solutions:
-  1. Ensure database is running: runa check --fix
-  2. Check DATABASE_URL in .env.development`
-      );
-    }
-    if (message.includes("authentication") || message.includes("password")) {
-      throw new Error(
-        `[DB Introspection] Database authentication failed.
-  Cause: ${message}
-
-  Solutions:
-  1. Check DATABASE_URL credentials
-  2. Verify database user has SELECT on pg_catalog`
-      );
-    }
-    if (message.includes("permission") || message.includes("denied")) {
-      throw new Error(
-        `[DB Introspection] Permission denied.
-  Cause: ${message}
-
-  Solutions:
-  1. Ensure database user has SELECT on information_schema
-  2. Ensure database user has SELECT on pg_catalog`
-      );
-    }
-    throw new Error(
-      `[DB Introspection] Failed to introspect database.
-  Cause: ${message}
-
-  Solutions:
-  1. Run: runa check --verbose
-  2. Verify database is running and accessible`
-    );
-  }
-}
-function buildForeignKeyMap(foreignKeys) {
-  const fksByTable = /* @__PURE__ */ new Map();
-  for (const fk of foreignKeys) {
-    const key = `${fk.schemaName}.${fk.tableName}`;
-    if (!fksByTable.has(key)) fksByTable.set(key, []);
-    fksByTable.get(key)?.push({
-      column: fk.columnName,
-      referencesTable: `${fk.referencedSchema}.${fk.referencedTable}`,
-      referencesColumn: fk.referencedColumn,
-      onDelete: normalizeOnAction2(fk.onDelete),
-      onUpdate: normalizeOnAction2(fk.onUpdate)
-    });
-  }
-  return fksByTable;
-}
-function buildIndexMap(indexes) {
-  const indexesByTable = /* @__PURE__ */ new Map();
-  for (const idx of indexes) {
-    const key = `${idx.schemaName}.${idx.tableName}`;
-    if (!indexesByTable.has(key)) indexesByTable.set(key, []);
-    indexesByTable.get(key)?.push({
-      name: idx.indexName,
-      columns: idx.columns,
-      isUnique: idx.isUnique
-    });
-  }
-  return indexesByTable;
-}
-function buildRlsEnabledMap(rlsTables) {
-  const rlsByTable = /* @__PURE__ */ new Map();
-  for (const rls of rlsTables) {
-    rlsByTable.set(`${rls.schemaName}.${rls.tableName}`, rls.rlsEnabled);
-  }
-  return rlsByTable;
-}
-function buildRlsPoliciesMap(rlsPolicies) {
-  const rlsPoliciesByTable = /* @__PURE__ */ new Map();
-  for (const policy of rlsPolicies) {
-    const key = `${policy.schemaName}.${policy.tableName}`;
-    if (!rlsPoliciesByTable.has(key)) rlsPoliciesByTable.set(key, []);
-    rlsPoliciesByTable.get(key)?.push({
-      name: policy.policyName,
-      command: policy.command,
-      using: policy.usingExpr ?? void 0,
-      withCheck: policy.withCheckExpr ?? void 0
-    });
-  }
-  return rlsPoliciesByTable;
-}
-function buildCheckConstraintsMap(checkConstraints) {
-  const checksByTable = /* @__PURE__ */ new Map();
-  for (const check of checkConstraints) {
-    if (!check.name || !check.definition) {
-      console.warn(
-        `[DB Introspection] Skipping CHECK constraint with missing name or definition in ${check.schemaName}.${check.tableName}`
-      );
-      continue;
-    }
-    const key = `${check.schemaName}.${check.tableName}`;
-    if (!checksByTable.has(key)) checksByTable.set(key, []);
-    checksByTable.get(key)?.push({
-      name: check.name,
-      definition: check.definition,
-      columns: check.columns ?? []
-    });
-  }
-  return checksByTable;
-}
-function buildTriggersMap(triggers) {
-  const triggersByTable = /* @__PURE__ */ new Map();
-  for (const trigger of triggers) {
-    if (!trigger.actionStatement) {
-      console.warn(
-        `[DB Introspection] Skipping trigger ${trigger.triggerName} with missing actionStatement`
-      );
-      continue;
-    }
-    const key = `${trigger.schemaName}.${trigger.tableName}`;
-    if (!triggersByTable.has(key)) triggersByTable.set(key, []);
-    const functionMatch = trigger.actionStatement.match(
-      /EXECUTE\s+(?:FUNCTION|PROCEDURE)\s+([^\s(]+)/i
-    );
-    const functionName = functionMatch?.[1] ?? trigger.actionStatement;
-    triggersByTable.get(key)?.push({
-      name: trigger.triggerName,
-      event: trigger.eventManipulation,
-      timing: trigger.actionTiming,
-      function: functionName
-    });
-  }
-  return triggersByTable;
-}
-function buildPrimaryKeyMap(indexes) {
-  const pkByTable = /* @__PURE__ */ new Map();
-  for (const idx of indexes) {
-    if (idx.indexName.endsWith("_pkey")) {
-      const key = `${idx.schemaName}.${idx.tableName}`;
-      pkByTable.set(key, idx.columns);
-    }
-  }
-  return pkByTable;
-}
-function convertIntrospectionToTableEntries(result) {
-  const fksByTable = buildForeignKeyMap(result.foreignKeys);
-  const indexesByTable = buildIndexMap(result.indexes);
-  const rlsByTable = buildRlsEnabledMap(result.rlsTables);
-  const rlsPoliciesByTable = buildRlsPoliciesMap(result.rlsPolicies);
-  const checksByTable = buildCheckConstraintsMap(result.checkConstraints);
-  const triggersByTable = buildTriggersMap(result.triggers);
-  const pkByTable = buildPrimaryKeyMap(result.indexes);
-  return result.tables.map((table) => {
-    const qualifiedName = `${table.schema}.${table.name}`;
-    const primaryKeyColumns = pkByTable.get(qualifiedName) ?? [];
-    const columns = table.columns.map((col) => ({
-      name: col.name,
-      type: col.type,
-      notNull: !col.nullable,
-      hasDefault: col.default !== null && col.default !== void 0,
-      isPrimaryKey: primaryKeyColumns.includes(col.name)
-    }));
-    return {
-      schema: table.schema,
-      name: table.name,
-      qualifiedName,
-      semanticName: "",
-      // Will be set by semantic mapper
-      sourceFile: "",
-      // Will be set by SQL file mapping
-      columns,
-      primaryKey: pkByTable.get(qualifiedName) ?? table.primaryKey,
-      foreignKeys: fksByTable.get(qualifiedName) ?? [],
-      indexes: indexesByTable.get(qualifiedName) ?? [],
-      hasRls: rlsByTable.get(qualifiedName) ?? false,
-      rlsPolicies: rlsPoliciesByTable.get(qualifiedName) ?? [],
-      checkConstraints: checksByTable.get(qualifiedName) ?? [],
-      triggers: triggersByTable.get(qualifiedName) ?? []
-    };
-  });
-}
-function normalizeOnAction2(action) {
-  if (!action) return void 0;
-  const upper = action.toUpperCase().replace(/\s+/g, " ").trim();
-  switch (upper) {
-    case "CASCADE":
-      return "CASCADE";
-    case "SET NULL":
-      return "SET NULL";
-    case "SET DEFAULT":
-      return "SET DEFAULT";
-    case "RESTRICT":
-      return "RESTRICT";
-    case "NO ACTION":
-      return "NO ACTION";
-    default:
-      return void 0;
-  }
-}
-function shouldSkipDrizzleExport(exportName) {
-  return exportName.endsWith("Schema") || exportName.endsWith("Enum") || exportName.endsWith("Relations");
-}
-function extractDrizzleTableNames(schemaModule) {
-  const drizzleTables = /* @__PURE__ */ new Set();
-  for (const [exportName, exportValue] of Object.entries(schemaModule)) {
-    if (shouldSkipDrizzleExport(exportName)) continue;
-    const maybeTable = exportValue;
-    if (maybeTable?._?.name) {
-      const fullName = maybeTable._.schema ? `${maybeTable._.schema}.${maybeTable._.name}` : maybeTable._.name;
-      drizzleTables.add(fullName);
-    }
-  }
-  return drizzleTables;
-}
-function compareTables(sqlTables, drizzleTables) {
-  const matched = [];
-  const sqlOnly = [];
-  const sqlFullNames = new Set(sqlTables.map((t) => t.qualifiedName));
-  for (const table of sqlTables) {
-    if (drizzleTables.has(table.qualifiedName)) {
-      matched.push(table);
-    } else {
-      sqlOnly.push(table);
-    }
-  }
-  const drizzleOnly = [...drizzleTables].filter((name) => !sqlFullNames.has(name));
-  return { matched, sqlOnly, drizzleOnly };
-}
-async function crossCheckWithDrizzle(sqlTables, drizzleSchemaPath) {
-  if (!existsSync(drizzleSchemaPath)) {
-    return { matched: [], sqlOnly: sqlTables, drizzleOnly: [] };
-  }
-  try {
-    const schemaModule = await import(drizzleSchemaPath);
-    const drizzleTables = extractDrizzleTableNames(schemaModule);
-    return compareTables(sqlTables, drizzleTables);
-  } catch {
-    return { matched: [], sqlOnly: sqlTables, drizzleOnly: [] };
-  }
-}
-
-// src/commands/db/utils/table-registry.ts
-var MANIFEST_VERSION = 2;
-var GENERATOR_VERSION = "1.0.0";
-var DEFAULT_IDEMPOTENT_SQL_DIR = "supabase/schemas/idempotent";
-var KNOWN_EXTENSION_SYSTEM_TABLES = /* @__PURE__ */ new Set([
-  "public.spatial_ref_sys",
-  "public.geometry_columns",
-  "public.geography_columns"
-]);
-var SUPABASE_SYSTEM_SCHEMA_SET = new Set(SUPABASE_SYSTEM_SCHEMAS);
-function toRelativeSourcePath(projectRoot, sourceFile) {
-  let relativeSource = relative(projectRoot, sourceFile);
-  if (relativeSource.startsWith("/") || relativeSource.startsWith("..")) {
-    const schemaMatch = sourceFile.match(/supabase\/schemas\/[^/]+\/[^/]+$/);
-    relativeSource = schemaMatch ? schemaMatch[0] : sourceFile;
-  }
-  return relativeSource;
-}
-function resolveSourceConfig(projectRoot, options) {
-  let idempotentSqlDir = options.idempotentSqlDir ?? DEFAULT_IDEMPOTENT_SQL_DIR;
-  const exclusions = new Set(options.excludeFromOrphanDetection ?? []);
-  try {
-    const config = loadRunaConfig(projectRoot);
-    const pgSchemaDiff = config.database?.pgSchemaDiff;
-    if (!options.idempotentSqlDir && pgSchemaDiff?.idempotentSqlDir) {
-      idempotentSqlDir = pgSchemaDiff.idempotentSqlDir;
-    }
-    if (pgSchemaDiff?.excludeFromOrphanDetection) {
-      for (const pattern of pgSchemaDiff.excludeFromOrphanDetection) {
-        exclusions.add(pattern);
-      }
-    }
-  } catch {
-  }
-  return {
-    idempotentSqlDir: isAbsolute(idempotentSqlDir) ? idempotentSqlDir : join(projectRoot, idempotentSqlDir),
-    excludeFromOrphanDetection: [...exclusions].sort((a, b) => a.localeCompare(b))
-  };
-}
-async function fetchMissingSourceMetadata(params) {
-  const { databaseUrl, schemas } = params;
-  if (schemas.length === 0) {
-    return {
-      extensionManagedTables: /* @__PURE__ */ new Map(),
-      partitionParentMap: /* @__PURE__ */ new Map()
-    };
-  }
-  const isRemoteSupabase = databaseUrl.includes(".supabase.co");
-  const sql = postgres2(databaseUrl, {
-    ...isRemoteSupabase && { ssl: "require" }
-  });
-  try {
-    const schemaList = buildSafeSchemaInClause2(schemas);
-    const [extensionRows, partitionRows] = await Promise.all([
-      sql`
-        SELECT
-          n.nspname AS schema_name,
-          c.relname AS table_name,
-          ext.extname AS extension_name
-        FROM pg_class c
-        JOIN pg_namespace n ON n.oid = c.relnamespace
-        JOIN pg_depend d
-          ON d.classid = 'pg_class'::regclass
-          AND d.objid = c.oid
-          AND d.refclassid = 'pg_extension'::regclass
-          AND d.deptype = 'e'
-        JOIN pg_extension ext ON ext.oid = d.refobjid
-        WHERE c.relkind IN ('r', 'p')
-          AND n.nspname IN (${sql.unsafe(schemaList)})
-      `,
-      sql`
-        SELECT
-          child_ns.nspname AS child_schema,
-          child.relname AS child_table,
-          parent_ns.nspname AS parent_schema,
-          parent.relname AS parent_table
-        FROM pg_inherits i
-        JOIN pg_class child ON child.oid = i.inhrelid
-        JOIN pg_namespace child_ns ON child_ns.oid = child.relnamespace
-        JOIN pg_class parent ON parent.oid = i.inhparent
-        JOIN pg_namespace parent_ns ON parent_ns.oid = parent.relnamespace
-        WHERE child.relkind IN ('r', 'p')
-          AND child_ns.nspname IN (${sql.unsafe(schemaList)})
-      `
-    ]);
-    const extensionManagedTables = /* @__PURE__ */ new Map();
-    for (const row of extensionRows) {
-      extensionManagedTables.set(
-        `${String(row.schema_name)}.${String(row.table_name)}`,
-        String(row.extension_name)
-      );
-    }
-    const partitionParentMap = /* @__PURE__ */ new Map();
-    for (const row of partitionRows) {
-      partitionParentMap.set(
-        `${String(row.child_schema)}.${String(row.child_table)}`,
-        `${String(row.parent_schema)}.${String(row.parent_table)}`
-      );
-    }
-    return { extensionManagedTables, partitionParentMap };
-  } finally {
-    await sql.end();
-  }
-}
-function formatMissingSourceItems(items) {
-  return items.map((item) => item.detail ? `${item.qualifiedName} (${item.detail})` : item.qualifiedName).join(", ");
-}
-function logMissingSourceClassification(classification) {
-  const total = classification.definedInIdempotentDynamicDdl.length + classification.extensionManagedOrSystemTable.length + classification.trulyOrphaned.length;
-  if (total === 0) return;
-  console.warn(`[tables-manifest] \u26A0 ${total} table(s) exist in DB but not in SQL files.`);
-  if (classification.definedInIdempotentDynamicDdl.length > 0) {
-    console.log(
-      `[tables-manifest] info: defined_in_idempotent_dynamic_ddl (${classification.definedInIdempotentDynamicDdl.length})`
-    );
-    console.log(`  ${formatMissingSourceItems(classification.definedInIdempotentDynamicDdl)}`);
+}
+function backupProtectedTablesForProduction(dbUrl, protectedTables, input) {
+  if (input.env !== "production") {
+    return;
   }
-  if (classification.extensionManagedOrSystemTable.length > 0) {
-    console.log(
-      `[tables-manifest] info: extension_managed/system_table (${classification.extensionManagedOrSystemTable.length})`
-    );
-    console.log(`  ${formatMissingSourceItems(classification.extensionManagedOrSystemTable)}`);
+  const { backupPath } = backupIdempotentTables(dbUrl, protectedTables, input.verbose);
+  if (backupPath) {
+    logger13.info(`Recovery: pg_restore -d <DATABASE_URL> ${backupPath}`);
+    return;
   }
-  if (classification.trulyOrphaned.length > 0) {
-    console.warn(`[tables-manifest] warn: truly_orphaned (${classification.trulyOrphaned.length})`);
-    console.warn(`  ${classification.trulyOrphaned.join(", ")}`);
-    console.warn(
-      "  \u2192 Add declarative/idempotent SQL definitions or allowlist via database.pgSchemaDiff.excludeFromOrphanDetection."
+  if (protectedTables.length > 0 && !input.allowDataLoss) {
+    throw new Error(
+      "Pre-apply backup failed for production deployment.\n  Protected tables exist but could not be backed up.\n  Use --allow-data-loss to proceed without backup (emergency only)."
     );
-  } else {
-    console.log("[tables-manifest] info: no truly_orphaned tables detected.");
   }
 }
-async function logDrizzleCrossCheck(tables, drizzleSchemaPath) {
-  const result = await crossCheckWithDrizzle(tables, drizzleSchemaPath);
-  if (result.sqlOnly.length === 0 && result.drizzleOnly.length === 0) return;
-  console.warn("[tables-manifest] SQL\u2194Drizzle discrepancies found:");
-  if (result.sqlOnly.length > 0) {
-    console.warn("  SQL only:", result.sqlOnly.map((t) => t.qualifiedName).join(", "));
+async function cleanupApplyResources(params) {
+  if (params.shadowDb) {
+    try {
+      await params.shadowDb.cleanup();
+      if (params.verbose) {
+        logger13.debug("Shadow DB cleaned up");
+      }
+    } catch (cleanupError) {
+      logger13.warn(`Failed to cleanup shadow DB: ${cleanupError}`);
+    }
   }
-  if (result.drizzleOnly.length > 0) {
-    console.warn("  Drizzle only:", result.drizzleOnly.join(", "));
+  if (params.prefilter) {
+    try {
+      rmSync(params.prefilter.filteredDir, { recursive: true, force: true });
+    } catch {
+    }
   }
-}
-function logMappingConflicts(conflicts) {
-  if (conflicts.length === 0) return;
-  console.warn("[tables-manifest] Semantic name conflicts detected:");
-  for (const conflict of conflicts) {
-    console.warn(`  '${conflict.semanticName}': ${conflict.tables.join(", ")}`);
+  try {
+    rmSync(params.tmpDir, { recursive: true, force: true });
+  } catch {
   }
 }
-async function generateTablesManifest(projectRoot, options = {}) {
-  const {
-    sqlDir = join(projectRoot, "supabase/schemas/declarative"),
-    drizzleSchemaPath = join(projectRoot, "packages/database/src/schema/index.js"),
-    outputPath = join(projectRoot, ".runa/manifests/tables.json"),
-    crossCheck = true,
-    databaseUrl,
-    mappingOptions = { conflictStrategy: "prefix" },
-    // includeMetadata is defined in options but not yet used
-    // Reserved for future metadata filtering feature
-    includeMetadata: _includeMetadata = true
-  } = options;
-  const sourceConfig = resolveSourceConfig(projectRoot, options);
-  let tables = [];
-  const source = "introspection";
-  const declarativeTables = await extractTablesFromSqlDir(sqlDir, {
-    includeColumns: false,
-    // Don't need columns from SQL (DB introspection is more accurate)
-    includeForeignKeys: false,
-    includeIndexes: false,
-    includeRlsPolicies: false
-  });
-  const idempotentTablesForSource = await extractTablesFromSqlDir(sourceConfig.idempotentSqlDir, {
-    includeColumns: false,
-    includeForeignKeys: false,
-    includeIndexes: false,
-    includeRlsPolicies: false
-  });
-  const idempotentTablesFromRegex = extractTablesFromIdempotentSql(
-    sourceConfig.idempotentSqlDir,
-    projectRoot
+var applyPgSchemaDiff = fromPromise(async ({ input: { input, targetDir } }) => {
+  const schemasDir = join(targetDir, "supabase/schemas/declarative");
+  if (!existsSync(schemasDir)) {
+    logger13.info("No declarative schemas found");
+    return { sql: "", hazards: [], applied: false };
+  }
+  const dbUrl = getDbUrl(input);
+  const configState = loadPgSchemaDiffConfigState(targetDir, input.verbose);
+  const prefilterState = createPrefilterState(
+    schemasDir,
+    input.verbose,
+    configState.configExclusions
   );
-  const idempotentManagedTables = /* @__PURE__ */ new Set([
-    ...idempotentTablesFromRegex,
-    ...idempotentTablesForSource.map((t) => t.qualifiedName)
-  ]);
-  const sourceFileMap = /* @__PURE__ */ new Map();
-  const sourceTables = [...declarativeTables, ...idempotentTablesForSource];
-  for (const t of sourceTables) {
-    if (sourceFileMap.has(t.qualifiedName)) {
-      continue;
-    }
-    sourceFileMap.set(t.qualifiedName, {
-      sourceFile: toRelativeSourcePath(projectRoot, t.sourceFile),
-      lineNumber: t.lineNumber
-    });
+  const freshDbResult = handleFreshDbCase(input, dbUrl, targetDir, prefilterState.pgSchemaDiffDir);
+  if (freshDbResult) return freshDbResult;
+  const schemaFiles = collectSchemaFiles(schemasDir);
+  if (schemaFiles.length === 0) {
+    logger13.info("No schema files to apply");
+    return { sql: "", hazards: [], applied: false };
   }
-  if (!databaseUrl) {
-    throw new Error(
-      "[tables-manifest] databaseUrl is required.\nDB introspection is the primary source for accurate table metadata.\nEnsure database is running and DATABASE_URL is set.\nRun: runa db sync (which starts the database automatically)"
+  const tmpDir = createCombinedSchemaBundle(schemaFiles, input.verbose);
+  logger13.step("Running pg-schema-diff (incremental changes)...");
+  let shadowDb = null;
+  try {
+    verifyPgSchemaDiffBinary({ strictVersion: input.env === "production" });
+    await verifyDatabaseConnection(dbUrl);
+    shadowDb = await createShadowDbForRun(dbUrl, configState.shadowExtensions, input.verbose);
+    const includeSchemas = detectAppSchemas(schemasDir, input.verbose);
+    cleanPartitionAclsForPgSchemaDiff(dbUrl, includeSchemas, input.verbose);
+    const { planOutput } = executePgSchemaDiffPlan(
+      dbUrl,
+      prefilterState.pgSchemaDiffDir,
+      includeSchemas,
+      input.verbose,
+      { tempDbDsn: shadowDb?.dsn }
     );
-  }
-  console.log("[tables-manifest] Using DB introspection (PostgreSQL system catalogs)...");
-  tables = await introspectTablesFromDb(databaseUrl);
-  tables = tables.map((t) => {
-    const fileInfo = sourceFileMap.get(t.qualifiedName);
+    const noChangesResult = buildNoChangesResult(planOutput);
+    if (noChangesResult) return noChangesResult;
+    const { hazards } = handleHazardsWithContext(planOutput, input, schemasDir);
+    const droppedTables = detectDropTableStatements(planOutput);
+    enforceDropSafety(input, droppedTables);
+    const dataViolationCount = runPreApplyDataCompatibility(dbUrl, planOutput, input);
+    const protectedTables = getIdempotentProtectedTables(
+      schemasDir,
+      prefilterState.configExclusions
+    );
+    const protectedObjects = getIdempotentProtectedObjects(
+      schemasDir,
+      prefilterState.configExclusions
+    );
+    const checkModeResult = buildCheckModeResult(
+      input,
+      planOutput,
+      hazards,
+      protectedTables,
+      protectedObjects,
+      dataViolationCount
+    );
+    if (checkModeResult) return checkModeResult;
+    backupProtectedTablesForProduction(dbUrl, protectedTables, input);
+    const preApplyCounts = getTableRowEstimates(dbUrl, schemasDir, input.verbose);
+    const applyResult = await applyWithRetry({
+      dbUrl,
+      schemasDir,
+      includeSchemas,
+      input,
+      planOutput,
+      hazards,
+      protectedTables,
+      protectedObjects,
+      tempDbDsn: shadowDb?.dsn,
+      pgSchemaDiffDir: prefilterState.pgSchemaDiffDir
+    });
+    if (applyResult.applied) {
+      verifyDataIntegrity(dbUrl, schemasDir, preApplyCounts, input.verbose, input.allowDataLoss);
+    }
     return {
-      ...t,
-      sourceFile: fileInfo?.sourceFile ?? "",
-      lineNumber: fileInfo?.lineNumber
+      ...applyResult,
+      dataViolations: dataViolationCount > 0 ? dataViolationCount : void 0
     };
-  });
-  console.log(`[tables-manifest] \u2713 Introspected ${tables.length} tables from database`);
-  const tablesWithoutSource = tables.filter((t) => !t.sourceFile);
-  if (tablesWithoutSource.length > 0) {
-    const missingSourceQualifiedNames = tablesWithoutSource.map((t) => t.qualifiedName);
-    const missingSchemas = [...new Set(tablesWithoutSource.map((t) => t.schema))];
-    let extensionManagedTables = /* @__PURE__ */ new Map();
-    let partitionParentMap = /* @__PURE__ */ new Map();
-    try {
-      const metadata = await fetchMissingSourceMetadata({
-        databaseUrl,
-        schemas: missingSchemas
-      });
-      extensionManagedTables = metadata.extensionManagedTables;
-      partitionParentMap = metadata.partitionParentMap;
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      console.warn(`[tables-manifest] Failed to classify extension/partition metadata: ${message}`);
-    }
-    const classification = classifyMissingSourceTables({
-      tablesWithoutSource: missingSourceQualifiedNames,
-      idempotentManagedTables,
-      extensionManagedTables,
-      partitionParentMap,
-      excludeFromOrphanDetection: sourceConfig.excludeFromOrphanDetection,
-      systemSchemas: SUPABASE_SYSTEM_SCHEMA_SET,
-      knownSystemTables: KNOWN_EXTENSION_SYSTEM_TABLES
+  } finally {
+    await cleanupApplyResources({
+      shadowDb,
+      prefilter: prefilterState.prefilter,
+      tmpDir,
+      verbose: input.verbose
     });
-    logMissingSourceClassification(classification);
-  }
-  if (crossCheck && existsSync(drizzleSchemaPath)) {
-    await logDrizzleCrossCheck(tables, drizzleSchemaPath);
-  }
-  const mappingResult = generateMapping(tables, mappingOptions);
-  logMappingConflicts(mappingResult.conflicts);
-  tables = applyMappingToTables(tables, mappingResult.mapping);
-  const now = /* @__PURE__ */ new Date();
-  const jstOffset = 9 * 60 * 60 * 1e3;
-  const jst = new Date(now.getTime() + jstOffset);
-  const generatedAtJST = `${jst.getUTCFullYear()}-${String(jst.getUTCMonth() + 1).padStart(2, "0")}-${String(jst.getUTCDate()).padStart(2, "0")}T${String(jst.getUTCHours()).padStart(2, "0")}:${String(jst.getUTCMinutes()).padStart(2, "0")}:${String(jst.getUTCSeconds()).padStart(2, "0")}+09:00`;
-  const manifest = {
-    version: MANIFEST_VERSION,
-    source,
-    generatedAt: generatedAtJST,
-    generatorVersion: GENERATOR_VERSION,
-    tables,
-    mapping: mappingResult.mapping
-  };
-  const outputDir = join(outputPath, "..");
-  if (!existsSync(outputDir)) {
-    mkdirSync(outputDir, { recursive: true });
-  }
-  writeFileSync(outputPath, `${JSON.stringify(manifest, null, 2)}
-`);
-  logManifestSummary(manifest, mappingResult.conflicts);
-  return manifest;
-}
-function logManifestSummary(manifest, conflicts) {
-  const tableCount = manifest.tables.length;
-  const schemas = [...new Set(manifest.tables.map((t) => t.schema))];
-  const mappingCount = Object.keys(manifest.mapping).length;
-  const checkCount = manifest.tables.reduce(
-    (sum, t) => sum + (t.checkConstraints?.length ?? 0),
-    0
-  );
-  const triggerCount = manifest.tables.reduce(
-    (sum, t) => sum + (t.triggers?.length ?? 0),
-    0
-  );
-  console.log("\n\u2713 Tables manifest generated");
-  console.log(`  - Source: DB introspection (PostgreSQL system catalogs)`);
-  console.log(`  - ${tableCount} tables extracted`);
-  console.log(`  - ${schemas.length} schemas: ${schemas.join(", ")}`);
-  console.log(`  - ${mappingCount} semantic names mapped`);
-  if (checkCount > 0) {
-    console.log(`  - ${checkCount} CHECK constraints detected`);
-  }
-  if (triggerCount > 0) {
-    console.log(`  - ${triggerCount} triggers detected`);
   }
-  const mappingEntries = Object.entries(manifest.mapping).slice(0, 5);
-  if (mappingEntries.length > 0) {
-    console.log(`  - Mappings: ${mappingEntries.map(([k, v]) => `${k}\u2192${v}`).join(", ")}`);
-    if (Object.keys(manifest.mapping).length > 5) {
-      console.log(`    ... and ${Object.keys(manifest.mapping).length - 5} more`);
-    }
-  }
-  const warnings = [];
-  if (conflicts.length > 0) {
-    for (const conflict of conflicts) {
-      warnings.push(`Naming conflict '${conflict.semanticName}': ${conflict.tables.join(", ")}`);
-    }
-  }
-  const expectedTables = ["clients", "projects", "repositories", "workflows", "deployments"];
-  const missingTables = expectedTables.filter((name) => !manifest.mapping[name]);
-  if (missingTables.length > 0) {
-    warnings.push(
-      `Optional SDK tables not found: ${missingTables.join(", ")}
-     (This is OK if your schema uses different names)`
-    );
-  }
-  if (warnings.length > 0) {
-    console.log("\n\u26A0\uFE0F  Warnings:");
-    for (const warning of warnings) {
-      console.log(`  - ${warning}`);
-    }
+});
+var validatePartitions = fromPromise(async ({ input: { input, targetDir } }) => {
+  if (input.check) return { warnings: [] };
+  const idempotentDir = join(targetDir, "supabase/schemas/idempotent");
+  if (!existsSync(idempotentDir)) return { warnings: [] };
+  const expected = parseExpectedPartitions(idempotentDir);
+  if (expected.length === 0) return { warnings: [] };
+  const dbUrl = getDbUrl(input);
+  const schemas = [...new Set(expected.map((e) => e.parent.split(".")[0] ?? ""))];
+  const actual = queryActualPartitions(dbUrl, schemas);
+  const drift = detectPartitionDrift(expected, actual);
+  if (drift.missing.length === 0) {
+    logger13.success(`All ${expected.length} expected partition(s) verified`);
+    return { warnings: [] };
   }
-  console.log("\n\u{1F4A1} Tip: SDK will auto-load this manifest. No additional setup required.");
-  console.log("   Path: .runa/manifests/tables.json\n");
-}
+  const warnings = formatPartitionWarnings(drift);
+  for (const w of warnings) logger13.warn(w);
+  return { warnings };
+});
 
 // src/commands/db/apply/actors/seed-actors.ts
+init_esm_shims();
 var DESTRUCTIVE_SEED_PATTERNS = [
   { pattern: /\bDELETE\s+FROM\b/i, description: "DELETE FROM" },
   { pattern: /\bTRUNCATE\b/i, description: "TRUNCATE" },
@@ -5637,9 +3720,12 @@ function isUnsafeProductionSeed(input, seedFile) {
   return true;
 }
 function parseSeedErrorDiagnostics(stderr) {
+  const psqlLocation = stderr.match(/psql:([^:]+):(\d+):\s*ERROR:/);
+  const locationInfo = psqlLocation ? { file: psqlLocation[1], line: Number(psqlLocation[2]) } : {};
   const columnMissing = stderr.match(/column "([^"]+)" of relation "([^"]+)" does not exist/);
   if (columnMissing) {
     return {
+      ...locationInfo,
       table: columnMissing[2],
       errorType: "missing_column",
       hint: `Column "${columnMissing[1]}" missing from ${columnMissing[2]}. Schema may have changed. Regenerate seeds: pnpm generate:seeds ci`
@@ -5648,6 +3734,7 @@ function parseSeedErrorDiagnostics(stderr) {
   const relationMissing = stderr.match(/relation "([^"]+)" does not exist/);
   if (relationMissing) {
     return {
+      ...locationInfo,
       table: relationMissing[1],
       errorType: "missing_relation",
       hint: `Table ${relationMissing[1]} does not exist. Regenerate seeds: pnpm generate:seeds ci`
@@ -5658,6 +3745,7 @@ function parseSeedErrorDiagnostics(stderr) {
   );
   if (fkViolation) {
     return {
+      ...locationInfo,
       table: fkViolation[1],
       errorType: "fk_violation",
       hint: `FK constraint failed on ${fkViolation[1]}. Check seed insertion order or missing parent records.`
@@ -5666,6 +3754,7 @@ function parseSeedErrorDiagnostics(stderr) {
   const checkViolation = stderr.match(/new row for relation "([^"]+)" violates check constraint/);
   if (checkViolation) {
     return {
+      ...locationInfo,
       table: checkViolation[1],
       errorType: "check_violation",
       hint: `CHECK constraint failed on ${checkViolation[1]}. Seed data may not match column constraints. Regenerate seeds: pnpm generate:seeds ci`
@@ -5676,12 +3765,47 @@ function parseSeedErrorDiagnostics(stderr) {
   );
   if (uniqueViolation) {
     return {
+      ...locationInfo,
       table: uniqueViolation[1],
       errorType: "unique_violation",
       hint: `Duplicate key on ${uniqueViolation[1]}. Seeds may have been partially applied. Try: runa db reset`
     };
   }
-  return {};
+  return { ...locationInfo };
+}
+function createSeedFailureMessage(diagnostics, locationSuffix) {
+  if (diagnostics.table) {
+    const summary = `Seed apply failed on table: ${diagnostics.table} (${diagnostics.errorType})${locationSuffix}`;
+    return {
+      summary,
+      hint: diagnostics.hint
+    };
+  }
+  if (locationSuffix) {
+    return { summary: `Seed apply failed${locationSuffix} (non-blocking)` };
+  }
+  return { summary: "Seed apply failed (non-blocking)" };
+}
+function logSeedFailureSummary(seedFailure) {
+  logger13.warn(seedFailure.summary);
+  if (seedFailure.hint) {
+    logger13.info(`  Hint: ${seedFailure.hint}`);
+  }
+}
+function buildSeedLocationSuffix(diagnostics) {
+  if (diagnostics.line == null) return "";
+  const fileSuffix = diagnostics.file ? ` of ${diagnostics.file}` : "";
+  return ` at line ${diagnostics.line}${fileSuffix}`;
+}
+function handleFailedSeed(result, verbose) {
+  const errorMsg = result.stderr ? maskDbCredentials(result.stderr) : "";
+  const diagnostics = parseSeedErrorDiagnostics(result.stderr);
+  const failure = createSeedFailureMessage(diagnostics, buildSeedLocationSuffix(diagnostics));
+  logSeedFailureSummary(failure);
+  if (errorMsg && !verbose) {
+    logger13.debug(`  Error: ${errorMsg.split("\n")[0]}`);
+  }
+  return false;
 }
 function applySeedFile(dbUrl, seedFile, verbose) {
   logger13.step("Applying seeds...");
@@ -5696,24 +3820,11 @@ function applySeedFile(dbUrl, seedFile, verbose) {
     if (stdout) process.stdout.write(stdout);
     if (stderr) process.stderr.write(stderr);
   }
-  if (result.status !== 0) {
-    const errorMsg = stderr ? maskDbCredentials(stderr) : "";
-    const diagnostics = parseSeedErrorDiagnostics(stderr);
-    if (diagnostics.table) {
-      logger13.warn(`Seed apply failed on table: ${diagnostics.table} (${diagnostics.errorType})`);
-      if (diagnostics.hint) {
-        logger13.info(`  Hint: ${diagnostics.hint}`);
-      }
-    } else {
-      logger13.warn(`Seed apply failed (non-blocking)`);
-    }
-    if (errorMsg && !verbose) {
-      logger13.debug(`  Error: ${errorMsg.split("\n")[0]}`);
-    }
-    return false;
+  if (result.status === 0) {
+    logger13.success("Seeds applied");
+    return true;
   }
-  logger13.success("Seeds applied");
-  return true;
+  return handleFailedSeed(result, verbose);
 }
 function runSeeds(input, targetDir, dbUrl) {
   if (input.noSeed) {
@@ -6995,11 +5106,11 @@ async function validateGitHubOutputPath(filePath) {
   if (!filePath || filePath.trim().length === 0) {
     return invalidOutputPath("Empty file path");
   }
-  const normalizedPath = path.normalize(filePath);
+  const normalizedPath = path6.normalize(filePath);
   if (normalizedPath.includes("..")) {
     return invalidOutputPath("Path traversal detected (..) in file path");
   }
-  const absolutePath = path.resolve(normalizedPath);
+  const absolutePath = path6.resolve(normalizedPath);
   const forbiddenPath = findForbiddenPath(absolutePath);
   if (forbiddenPath) {
     return invalidOutputPath(`Forbidden path: ${forbiddenPath}`);
@@ -7393,7 +5504,7 @@ async function analyzeSchemaChanges() {
   try {
     const { getDatabasePackagePath: getDatabasePackagePath2 } = await import('./config-loader-GT3HAQ7U.js');
     const dbPath = await getDatabasePackagePath2();
-    const schemaPath = path.join(dbPath, "src/schema/");
+    const schemaPath = path6.join(dbPath, "src/schema/");
     const { stdout } = await execa("git", ["diff", "--cached", "--", schemaPath]);
     const lines = stdout.split("\n");
     return parseDiffLines(lines);
@@ -7550,7 +5661,7 @@ async function testDatabaseConnection(projectRoot) {
   const dbPort = detectLocalSupabasePorts(resolvedRoot).db;
   let sql = null;
   try {
-    sql = postgres2(connectionUrl, {
+    sql = postgres(connectionUrl, {
       connect_timeout: 5,
       idle_timeout: 5,
       max: 1
@@ -7659,7 +5770,7 @@ function getDeclarativeSqlFiles(sqlDir, logger15) {
 async function collectSchemaRisks(sqlDir, sqlFiles) {
   const allRisks = [];
   for (const sqlFile of sqlFiles) {
-    const filePath = path.join(sqlDir, sqlFile);
+    const filePath = path6.join(sqlDir, sqlFile);
     const risks = await detectSchemaRisks(filePath);
     for (const risk of risks) {
       allRisks.push({ ...risk, file: sqlFile });
@@ -7710,7 +5821,7 @@ function reportRiskGuidance(logger15, highRiskCount, lowRiskCount) {
 async function runSqlSchemaRiskCheck(result, logger15, step) {
   logger15.step("Checking SQL schema for risky patterns", step.next());
   const cwd = process.cwd();
-  const sqlDir = path.join(cwd, "supabase", "schemas", "declarative");
+  const sqlDir = path6.join(cwd, "supabase", "schemas", "declarative");
   const sqlFiles = getDeclarativeSqlFiles(sqlDir, logger15);
   if (!sqlFiles) return;
   try {
@@ -7764,7 +5875,7 @@ async function runOrphanCheck(env, dbPackagePath, result, logger15, step) {
     const { expectedTables, expectedEnums } = await extractSchemaTablesAndEnums(dbPackagePath);
     const databaseUrl = tryResolveDatabaseUrl("local") || buildLocalDatabaseUrl(process.cwd());
     const { dbTables, dbEnums } = await fetchDbTablesAndEnums(databaseUrl, {
-      schemaDir: path.join(dbPackagePath, "src", "schema")
+      schemaDir: path6.join(dbPackagePath, "src", "schema")
     });
     let excludeFromOrphanDetection = [];
     let idempotentSqlDir = "supabase/schemas/idempotent";
@@ -7858,21 +5969,21 @@ function parseSqlFilename(filename) {
 // src/commands/db/utils/preflight-checks/domain-naming-checks.ts
 var FILE_SIZE_THRESHOLD = 2e3;
 var IDENTIFIER = "[A-Za-z_][A-Za-z0-9_]{0,127}";
-var SQL_IDENTIFIER2 = `(?:"[^"]*(?:""[^"]*)*"|${IDENTIFIER})`;
+var SQL_IDENTIFIER = `(?:"[^"]*(?:""[^"]*)*"|${IDENTIFIER})`;
 var CREATE_SCHEMA_RE = new RegExp(
-  `CREATE\\s+SCHEMA\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(${SQL_IDENTIFIER2})`,
+  `CREATE\\s+SCHEMA\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(${SQL_IDENTIFIER})`,
   "gi"
 );
 var CREATE_TABLE_RE = new RegExp(
-  `CREATE\\s+TABLE\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(?:(${SQL_IDENTIFIER2})\\s*\\.\\s*)?(${SQL_IDENTIFIER2})`,
+  `CREATE\\s+TABLE\\s+(?:IF\\s+NOT\\s+EXISTS\\s+)?(?:(${SQL_IDENTIFIER})\\s*\\.\\s*)?(${SQL_IDENTIFIER})`,
   "gi"
 );
 var REFERENCES_RE = new RegExp(
-  `REFERENCES\\s+(?:(${SQL_IDENTIFIER2})\\s*\\.\\s*)?(${SQL_IDENTIFIER2})`,
+  `REFERENCES\\s+(?:(${SQL_IDENTIFIER})\\s*\\.\\s*)?(${SQL_IDENTIFIER})`,
   "gi"
 );
 var CREATE_POLICY_RE = new RegExp(
-  `CREATE\\s+POLICY\\s+${SQL_IDENTIFIER2}\\s+ON\\s+(?:(${SQL_IDENTIFIER2})\\s*\\.\\s*)?(${SQL_IDENTIFIER2})`,
+  `CREATE\\s+POLICY\\s+${SQL_IDENTIFIER}\\s+ON\\s+(?:(${SQL_IDENTIFIER})\\s*\\.\\s*)?(${SQL_IDENTIFIER})`,
   "gi"
 );
 var SCHEMA_DOT_TABLE_RE = new RegExp(`\\b(${IDENTIFIER})\\s*\\.\\s*(${IDENTIFIER})\\b`, "gi");
@@ -7944,7 +6055,7 @@ function extractFkRefs(strippedContent, rawContent) {
 function analyzeFile(sqlDir, filename) {
   const parsed = parseSqlFilename(filename);
   if (!parsed) return null;
-  const filePath = path.join(sqlDir, filename);
+  const filePath = path6.join(sqlDir, filename);
   try {
     const content = readFileSync(filePath, "utf-8");
     const strippedContent = blankDollarQuotedBodies(stripSqlComments(content));
@@ -8141,34 +6252,55 @@ function checkPolicyCrossSchemaRef(analysis, managedSchemas) {
     "schema",
     "function"
   ]);
-  const policyMatches = collectRegexMatches(CREATE_POLICY_RE, strippedContent);
-  for (const policyMatch of policyMatches) {
-    const policySchema = policyMatch[1] ? unquote(policyMatch[1]) : "public";
-    const policyLine = lineNumberAt(content, policyMatch.index);
-    const stmtEnd = strippedContent.indexOf(";", policyMatch.index);
-    const stmtText = strippedContent.slice(
-      policyMatch.index,
-      stmtEnd >= 0 ? stmtEnd : strippedContent.length
-    );
+  function isPolicyNoisePart(token) {
+    return token.length === 0 || SQL_NOISE.has(token);
+  }
+  function toPolicyLine(matchIndex) {
+    return lineNumberAt(content, matchIndex);
+  }
+  function buildPolicyIssue(file, policySchema, refSchema, refTable, policyLine) {
+    return {
+      file,
+      line: policyLine,
+      rule: "DOMAIN_POLICY_CROSS_SCHEMA_REF",
+      severity: "warning",
+      message: `RLS policy in ${file} on '${policySchema}' schema references '${refSchema}.${refTable}'. pg-schema-diff does not track cross-schema references in USING/WITH CHECK. Use a PL/pgSQL wrapper function with dynamic SQL instead. See: database-known-limitations.md #11`
+    };
+  }
+  function collectPolicyRefs(stmtText) {
     const refs = collectRegexMatches(SCHEMA_DOT_TABLE_RE, stmtText);
     const seenRefs = /* @__PURE__ */ new Set();
     for (const ref of refs) {
       const refSchema = ref[1] ? ref[1].toLowerCase() : "";
       const refTable = ref[2] ? ref[2].toLowerCase() : "";
-      if (!refSchema || !refTable) continue;
-      if (SQL_NOISE.has(refSchema) || SQL_NOISE.has(refTable)) continue;
-      if (refSchema === policySchema) continue;
-      if (!managedSchemas.has(refSchema)) continue;
-      const refKey = `${refSchema}.${refTable}`;
-      if (seenRefs.has(refKey)) continue;
-      seenRefs.add(refKey);
-      issues.push({
-        file: parsed.raw,
-        line: policyLine,
-        rule: "DOMAIN_POLICY_CROSS_SCHEMA_REF",
-        severity: "warning",
-        message: `RLS policy in ${parsed.raw} on '${policySchema}' schema references '${refSchema}.${refTable}'. pg-schema-diff does not track cross-schema references in USING/WITH CHECK. Use a PL/pgSQL wrapper function with dynamic SQL instead. See: database-known-limitations.md #11`
-      });
+      if (isPolicyNoisePart(refSchema) || isPolicyNoisePart(refTable)) {
+        continue;
+      }
+      seenRefs.add(`${refSchema}.${refTable}`);
+    }
+    return seenRefs;
+  }
+  function isRelevantRef(policySchema, ref, managedSchemas2) {
+    const [refSchema] = ref.split(".");
+    return !!refSchema && refSchema !== policySchema && managedSchemas2.has(refSchema) && !SQL_NOISE.has(refSchema);
+  }
+  function buildStatementSlice(startIndex) {
+    const stmtEnd = strippedContent.indexOf(";", startIndex);
+    return strippedContent.slice(startIndex, stmtEnd >= 0 ? stmtEnd : strippedContent.length);
+  }
+  const policyMatches = collectRegexMatches(CREATE_POLICY_RE, strippedContent);
+  for (const policyMatch of policyMatches) {
+    const policySchema = policyMatch[1] ? unquote(policyMatch[1]) : "public";
+    const policyLine = toPolicyLine(policyMatch.index);
+    const stmtText = buildStatementSlice(policyMatch.index);
+    for (const ref of collectPolicyRefs(stmtText)) {
+      if (!isRelevantRef(policySchema, ref, managedSchemas)) {
+        continue;
+      }
+      const [refSchema, refTable] = ref.split(".");
+      issues.push(
+        buildPolicyIssue(parsed.raw, policySchema, refSchema || "", refTable || "", policyLine)
+      );
     }
   }
   return issues;
@@ -8214,7 +6346,7 @@ function reportIssues(issues, result, logger15) {
 async function runDomainNamingCheck(result, logger15, step) {
   logger15.step("Checking domain naming consistency", step.next());
   const cwd = process.cwd();
-  const sqlDir = path.join(cwd, "supabase", "schemas", "declarative");
+  const sqlDir = path6.join(cwd, "supabase", "schemas", "declarative");
   if (!existsSync(sqlDir)) {
     logger15.success("No declarative SQL directory found (skipped)");
     return;
@@ -8303,12 +6435,12 @@ function logSummary(result, logger15) {
 function checkDatabasePackage() {
   const cwd = process.cwd();
   const locations = [
-    path.join(cwd, "packages", "database"),
-    path.join(cwd, "packages", "db"),
-    path.join(cwd, "db")
+    path6.join(cwd, "packages", "database"),
+    path6.join(cwd, "packages", "db"),
+    path6.join(cwd, "db")
   ];
   for (const location of locations) {
-    const configPath = path.join(location, "drizzle.config.ts");
+    const configPath = path6.join(location, "drizzle.config.ts");
     if (existsSync(configPath)) {
       return { exists: true, path: location };
     }
@@ -8323,7 +6455,7 @@ function countTsFilesRecursive(dir) {
   try {
     const entries = readdirSync(dir, { withFileTypes: true });
     for (const entry of entries) {
-      const fullPath = path.join(dir, entry.name);
+      const fullPath = path6.join(dir, entry.name);
       if (entry.isDirectory() && !entry.isSymbolicLink()) {
         count += countTsFilesRecursive(fullPath);
       } else if (entry.isFile() && entry.name.endsWith(".ts")) {
@@ -8335,7 +6467,7 @@ function countTsFilesRecursive(dir) {
   return count;
 }
 function checkSchemaFiles(dbPackagePath) {
-  const schemaDir = path.join(dbPackagePath, "src", "schema");
+  const schemaDir = path6.join(dbPackagePath, "src", "schema");
   if (!existsSync(schemaDir)) {
     return { exists: false, count: 0 };
   }
@@ -8386,7 +6518,7 @@ function runDatabasePackageChecks(result, logger15, step) {
     logger15.error("Database package path is missing");
     return null;
   }
-  logger15.success(`Found database package: ${path.basename(dbPackagePath)}`);
+  logger15.success(`Found database package: ${path6.basename(dbPackagePath)}`);
   logger15.step("Checking schema files", step.next());
   const schemaCheck = checkSchemaFiles(dbPackagePath);
   if (!schemaCheck.exists) {
@@ -10135,7 +8267,7 @@ function getSupabasePorts(projectPath) {
   return getPortsWithOffset(offset);
 }
 async function updateSupabaseConfigPortsSafe(projectPath) {
-  const configPath = path.join(projectPath, "supabase", "config.toml");
+  const configPath = path6.join(projectPath, "supabase", "config.toml");
   const resolved = await resolveAvailablePorts(projectPath);
   if (!resolved) {
     const ports = getSupabasePorts(projectPath);
@@ -10178,7 +8310,7 @@ function getPortAllocationSummary(projectPath) {
   const ports = getSupabasePorts(projectPath);
   const offset = calculatePortOffset(projectPath);
   return [
-    `Port allocation for: ${path.basename(projectPath)}`,
+    `Port allocation for: ${path6.basename(projectPath)}`,
     `  Slot: ${offset / 10} (hash-based, offset=${offset})`,
     `  API:     ${ports.api}`,
     `  DB:      ${ports.db}`,
@@ -10212,7 +8344,7 @@ function parseSeedPaths(configPath) {
   }
 }
 async function applySeedFile2(seedPath, dbUrl) {
-  const supabaseDir = path.join(process.cwd(), "supabase");
+  const supabaseDir = path6.join(process.cwd(), "supabase");
   const absolutePath = resolveSafePath(supabaseDir, seedPath);
   if (!existsSync(absolutePath)) {
     return;
@@ -10223,12 +8355,12 @@ async function applySeedFile2(seedPath, dbUrl) {
   });
 }
 async function applySeeds2(configPath) {
-  const configFile = configPath || path.join(process.cwd(), "supabase", "config.toml");
+  const configFile = configPath || path6.join(process.cwd(), "supabase", "config.toml");
   const seedPaths = parseSeedPaths(configFile);
   if (seedPaths.length === 0) {
     return;
   }
-  const supabaseDir = path.join(process.cwd(), "supabase");
+  const supabaseDir = path6.join(process.cwd(), "supabase");
   const safePaths = filterSafePaths(seedPaths, supabaseDir);
   if (safePaths.length === 0) {
     return;
@@ -10751,7 +8883,7 @@ var validateCommand = new Command("validate").description("Validate schema files
   const logger15 = createCLILogger("db:validate");
   try {
     logger15.section("Schema Validation");
-    const schemasPath = path.join(process.cwd(), "packages", "database", "src", "schema");
+    const schemasPath = path6.join(process.cwd(), "packages", "database", "src", "schema");
     if (!existsSync(schemasPath)) {
       throw new CLIError("Schema directory not found", "SCHEMA_DIR_NOT_FOUND", [
         `Expected location: ${schemasPath}`,
@@ -10885,8 +9017,8 @@ var generateCommand = new Command("generate").description("Generate TypeScript t
 var listCommand = new Command("list").description("List managed schemas from drizzle.config.ts").option("--sql", "Output as SQL-compatible string for IN clauses").option("--json", "Output as JSON array").action(async (options) => {
   const logger15 = createCLILogger("db:schema:list");
   try {
-    const dbPackagePath = path.join(process.cwd(), "packages", "database");
-    if (!existsSync(path.join(dbPackagePath, "drizzle.config.ts"))) {
+    const dbPackagePath = path6.join(process.cwd(), "packages", "database");
+    if (!existsSync(path6.join(dbPackagePath, "drizzle.config.ts"))) {
       throw new CLIError("drizzle.config.ts not found", "CONFIG_NOT_FOUND", [
         `Expected location: ${dbPackagePath}/drizzle.config.ts`,
         "Ensure you are in the project root",
@@ -12789,7 +10921,7 @@ function loadPolicyFromFile(policyFile) {
   }
 }
 function loadBoundaryPolicy(projectRoot, policyPath) {
-  const policyFile = policyPath ?? path.join(projectRoot, "supabase", "schemas", BOUNDARY_POLICY_FILENAME);
+  const policyFile = policyPath ?? path6.join(projectRoot, "supabase", "schemas", BOUNDARY_POLICY_FILENAME);
   if (!existsSync(policyFile)) {
     return {
       version: DEFAULT_POLICY_VERSION,
@@ -12817,7 +10949,7 @@ init_esm_shims();
 var riskDetectorLoader = null;
 function loadRiskDetectorModule() {
   if (!riskDetectorLoader) {
-    riskDetectorLoader = import('./risk-detector-BXUY2WKS.js').then((module) => ({
+    riskDetectorLoader = import('./risk-detector-4U6ZJ2G5.js').then((module) => ({
       detectSchemaRisks: module.detectSchemaRisks
     })).catch((error) => {
       riskDetectorLoader = null;
@@ -12831,7 +10963,7 @@ function loadRiskDetectorModule() {
 init_esm_shims();
 var boundaryPolicyCache = /* @__PURE__ */ new Map();
 function getBoundaryPolicy(cwd = process.cwd()) {
-  const resolved = path.resolve(cwd);
+  const resolved = path6.resolve(cwd);
   let cached = boundaryPolicyCache.get(resolved);
   if (!cached) {
     cached = loadBoundaryPolicy(cwd);
@@ -12978,7 +11110,7 @@ function shouldAbortSchemaPrecheckForBudget(state, filePath) {
     )}`;
   }
   if (state.scannedFiles + 1 > state.maxFiles) {
-    return `Schema file scan budget exceeds ${state.maxFiles} files at ${path.basename(filePath)}.`;
+    return `Schema file scan budget exceeds ${state.maxFiles} files at ${path6.basename(filePath)}.`;
   }
   const projectedBytes = state.scannedBytes + size;
   if (projectedBytes > state.maxBytes) {
@@ -13000,7 +11132,7 @@ function* collectSqlFilesRecursively(baseDir) {
     try {
       const entries = readdirSync(currentDir, { withFileTypes: true });
       for (const entry of entries) {
-        const fullPath = path.join(currentDir, entry.name);
+        const fullPath = path6.join(currentDir, entry.name);
         if (entry.isDirectory()) {
           queue.push(fullPath);
           continue;
@@ -14233,7 +12365,7 @@ function classifyIdempotentMisplacementRisk(file, content, boundaryPolicy) {
 }
 function classifyFileMisplacementRisks(params) {
   const risks = [];
-  const relative3 = path.relative(process.cwd(), params.file);
+  const relative2 = path6.relative(process.cwd(), params.file);
   const normalized = normalizeSqlForPlacementCheck(params.content);
   const statements = splitSqlStatements(normalized);
   const seenMessages = /* @__PURE__ */ new Set();
@@ -14241,13 +12373,13 @@ function classifyFileMisplacementRisks(params) {
     const candidates = collectRuleBasedCandidates({
       statement,
       line,
-      file: relative3,
+      file: relative2,
       rules: params.rules
     });
     const unknownObjectRisk = maybeCollectUnknownObjectBoundaryRisk({
       statement,
       line,
-      file: relative3,
+      file: relative2,
       fileType: params.fileType,
       boundaryPolicy: params.boundaryPolicy,
       resolver: params.resolver,
@@ -14313,6 +12445,93 @@ function classifyPlanStatementHazards(statement) {
   return risks;
 }
 
+// src/commands/db/commands/db-sync/error-classifier.ts
+init_esm_shims();
+var DNS_RESOLUTION_PATTERNS = [
+  "could not translate host name",
+  "could not resolve host",
+  "name or service not known",
+  "nodename nor servname provided",
+  "temporary failure in name resolution"
+];
+var CONNECTION_PATTERNS = [
+  "econnrefused",
+  "connection refused",
+  "could not connect to server",
+  "connection timed out",
+  "timeout expired",
+  "no pg_hba.conf entry",
+  "the database system is starting up",
+  "the database system is shutting down"
+];
+var FALLBACK_SUGGESTIONS = [
+  "Check database connectivity",
+  "Verify psql is installed and accessible",
+  "Ensure packages/database exists"
+];
+function getEnvironmentLabel(environment) {
+  switch (environment) {
+    case "production":
+      return "production";
+    case "main":
+      return "main";
+    case "preview":
+      return "preview";
+    case "local":
+      return "local";
+  }
+}
+function buildCombinedMessage(error) {
+  if (isExecaError(error)) {
+    return [error.message, error.stderr, error.stdout].filter(Boolean).join("\n");
+  }
+  if (error instanceof Error) {
+    return error.message;
+  }
+  return String(error);
+}
+function findRelevantLine(message, patterns) {
+  const lines = message.split("\n").map((line) => line.trim()).filter((line) => line.length > 0);
+  const matched = lines.find((line) => {
+    const lower = line.toLowerCase();
+    return patterns.some((pattern) => lower.includes(pattern));
+  });
+  return matched ?? null;
+}
+function classifyDbSyncCommandFailure(error, environment) {
+  const message = buildCombinedMessage(error);
+  const messageLower = message.toLowerCase();
+  const environmentLabel = getEnvironmentLabel(environment);
+  if (DNS_RESOLUTION_PATTERNS.some((pattern) => messageLower.includes(pattern))) {
+    const detail = findRelevantLine(message, DNS_RESOLUTION_PATTERNS);
+    return {
+      code: "DB_HOST_RESOLUTION_FAILED",
+      message: detail ? `Could not resolve the ${environmentLabel} database host: ${detail}` : `Could not resolve the ${environmentLabel} database host`,
+      suggestions: [
+        "Verify the database host in DATABASE_URL / DATABASE_URL_ADMIN",
+        "Check DNS resolution and outbound network access to the database host",
+        "Re-run from an environment that can reach the target database"
+      ]
+    };
+  }
+  if (CONNECTION_PATTERNS.some((pattern) => messageLower.includes(pattern))) {
+    const detail = findRelevantLine(message, CONNECTION_PATTERNS);
+    return {
+      code: "DB_CONNECTION_FAILED",
+      message: detail ? `Could not connect to the ${environmentLabel} database: ${detail}` : `Could not connect to the ${environmentLabel} database`,
+      suggestions: [
+        "Verify the database is reachable from this environment",
+        "Check DATABASE_URL / DATABASE_URL_ADMIN credentials and firewall settings",
+        "Retry after confirming the target database is accepting connections"
+      ]
+    };
+  }
+  return null;
+}
+function getDbSyncFallbackSuggestions() {
+  return [...FALLBACK_SUGGESTIONS];
+}
+
 // src/commands/db/commands/db-sync.ts
 var SHOW_ALLOWLIST_REPORT = process.env.RUNA_DB_PRECHECK_ALLOWLIST_REPORT === "1";
 var DIRECTORY_PLACEMENT_WARNING_PREFIX = "  [misplacement] ";
@@ -14586,8 +12805,8 @@ async function collectPlanBoundaryReconciliationReport(planSql) {
 }
 async function collectDirectoryPlacementReport() {
   const boundaryPolicy = getBoundaryPolicy();
-  const declarativeDir = path.join(process.cwd(), "supabase", "schemas", "declarative");
-  const idempotentDir = path.join(process.cwd(), "supabase", "schemas", "idempotent");
+  const declarativeDir = path6.join(process.cwd(), "supabase", "schemas", "declarative");
+  const idempotentDir = path6.join(process.cwd(), "supabase", "schemas", "idempotent");
   const blockers = [];
   const warnings = [];
   const allowlist = [];
@@ -14871,7 +13090,7 @@ async function processDeclarativeRiskFile(params) {
       report: { ...detectorResult.report, allowlist: detectorResult.report.allowlist ?? [] }
     };
   }
-  const relPath = path.relative(process.cwd(), params.file);
+  const relPath = path6.relative(process.cwd(), params.file);
   const risks = await detectorResult.detector(params.file);
   const scopedRisks = risks.map((risk) => ({ ...risk, file: relPath }));
   collectDeclarativeRiskItemsForFile({
@@ -14883,7 +13102,7 @@ async function processDeclarativeRiskFile(params) {
   return { kind: "ok", detector: detectorResult.detector };
 }
 async function collectDeclarativeRiskReport() {
-  const declarativeDir = path.join(process.cwd(), "supabase", "schemas", "declarative");
+  const declarativeDir = path6.join(process.cwd(), "supabase", "schemas", "declarative");
   if (!existsSync(declarativeDir)) {
     return {
       blockers: [],
@@ -14917,7 +13136,7 @@ async function collectDeclarativeRiskReport() {
   return formatCollectedDeclarativeRisks(collected, allowlist);
 }
 async function collectIdempotentRiskReport() {
-  const idempotentDir = path.join(process.cwd(), "supabase", "schemas", "idempotent");
+  const idempotentDir = path6.join(process.cwd(), "supabase", "schemas", "idempotent");
   if (!existsSync(idempotentDir)) {
     return { blockers: [], warnings: [] };
   }
@@ -14945,7 +13164,7 @@ async function collectIdempotentRiskReport() {
     detectSchemaRisks2 = detectorResult.detector;
     const risks = await detectSchemaRisks2(file);
     if (risks.length === 0) continue;
-    const relPath = path.relative(process.cwd(), file);
+    const relPath = path6.relative(process.cwd(), file);
     for (const risk of risks) {
       const level = correctIdempotentRiskLevel(risk.level, risk.reasonCode);
       collected.push({ ...risk, level, file: relPath });
@@ -15375,14 +13594,19 @@ async function runSyncAction(env, options) {
     throwSchemaOutOfSyncError();
   } catch (error) {
     if (error instanceof CLIError) throw error;
+    const classifiedFailure = classifyDbSyncCommandFailure(error, runaEnv);
+    if (classifiedFailure) {
+      throw new CLIError(
+        classifiedFailure.message,
+        classifiedFailure.code,
+        classifiedFailure.suggestions,
+        error instanceof Error ? error : void 0
+      );
+    }
     throw new CLIError(
       "Schema sync check failed",
       "DB_SYNC_FAILED",
-      [
-        "Check database connectivity",
-        "Verify psql is installed and accessible",
-        "Ensure packages/database exists"
-      ],
+      getDbSyncFallbackSuggestions(),
       error instanceof Error ? error : void 0
     );
   }
@@ -15406,7 +13630,7 @@ var testGenCommand = new Command("test:gen").description("Generate pgTAP behavio
     const databaseUrl = options.db || process.env.DATABASE_URL || getLocalDbUrl();
     const schemas = options.schemas ? options.schemas.split(",") : void 0;
     const dbPackage = databasePaths.package();
-    const defaultOutputPath = path.join(dbPackage, "tests/00_behavior.generated.test.sql");
+    const defaultOutputPath = path6.join(dbPackage, "tests/00_behavior.generated.test.sql");
     const outputPath = options.output || defaultOutputPath;
     spinner.text = "Generating pgTAP behavior tests...";
     const result = await dbGeneratePgTapTests({
@@ -15802,15 +14026,15 @@ async function findScriptPath(scriptKey) {
   const scriptConfig = SCRIPT_LOCATIONS[scriptKey];
   const relativePath = scriptConfig.relativePath;
   const workspaceRoot = findWorkspaceRoot() || process.cwd();
-  const directPath = path.join(workspaceRoot, relativePath);
+  const directPath = path6.join(workspaceRoot, relativePath);
   if (existsSync(directPath)) {
     return directPath;
   }
   if (relativePath.includes("sdk/scripts") || relativePath.includes("packages/sdk")) {
     try {
       const sdkScriptsPath = await getSDKScriptsPath();
-      const scriptName = path.basename(relativePath);
-      const sdkScriptPath = path.join(sdkScriptsPath, scriptName);
+      const scriptName = path6.basename(relativePath);
+      const sdkScriptPath = path6.join(sdkScriptsPath, scriptName);
       if (existsSync(sdkScriptPath)) {
         return sdkScriptPath;
       }
@@ -15827,7 +14051,7 @@ async function runSupabaseScript(scriptKey, args = [], options = {}) {
   }
   try {
     const result = await execa(scriptPath, args, {
-      cwd: options.cwd || path.dirname(scriptPath),
+      cwd: options.cwd || path6.dirname(scriptPath),
       stdio: options.stdio || "pipe",
       timeout: options.timeout,
       env: {