npm - @runa-ai/runa-cli - Versions diffs - 0.8.0 → 0.9.0 - Mend

@runa-ai/runa-cli 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/commands/db/apply/helpers/planner-artifact.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import { z } from 'zod';
+import { type RunaDbEnv } from '../../utils/db-target.js';
+import { type DbApplyInput, type DbApplyOutput, type DbApplyPlanner } from '../contract.js';
+export declare const DbPlanArtifactSchema: z.ZodObject<{
+    version: z.ZodLiteral<"1">;
+    environment: z.ZodEnum<{
+        local: "local";
+        preview: "preview";
+        production: "production";
+    }>;
+    mode: z.ZodLiteral<"check">;
+    previewProfile: z.ZodEnum<{
+        full: "full";
+        "compare-only": "compare-only";
+    }>;
+    createdAt: z.ZodString;
+    hasChanges: z.ZodBoolean;
+    planSql: z.ZodString;
+    filteredPlanSql: z.ZodString;
+    planSummary: z.ZodOptional<z.ZodObject<{
+        rawStatements: z.ZodNumber;
+        effectiveStatements: z.ZodNumber;
+        noiseStatements: z.ZodNumber;
+        categories: z.ZodObject<{
+            idempotentDrop: z.ZodNumber;
+            idempotentAuthz: z.ZodNumber;
+            idempotentRls: z.ZodNumber;
+            suppressedFunction: z.ZodNumber;
+        }, z.core.$strict>;
+    }, z.core.$strict>>;
+    hazards: z.ZodArray<z.ZodString>;
+    sourceFingerprint: z.ZodString;
+    targetFingerprint: z.ZodString;
+    toolMetadata: z.ZodObject<{
+        cliVersion: z.ZodString;
+        pgSchemaDiffVersion: z.ZodOptional<z.ZodString>;
+        nodeVersion: z.ZodString;
+    }, z.core.$strict>;
+}, z.core.$strict>;
+export type DbPlanArtifact = z.infer<typeof DbPlanArtifactSchema>;
+export declare function detectPlannerSchemas(repoRoot: string): string[];
+export declare function buildTargetFingerprint(params: {
+    databaseUrl: string;
+    includeSchemas: string[];
+}): string;
+export declare function getDbPlanArtifactPath(params: {
+    repoRoot: string;
+    environment: RunaDbEnv;
+    previewProfile: 'compare-only' | 'full';
+}): string;
+export declare function persistDbPlanArtifact(params: {
+    repoRoot: string;
+    input: Pick<DbApplyInput, 'env' | 'check' | 'compareOnly' | 'databaseUrl'>;
+    output: Pick<DbApplyOutput, 'planSql' | 'filteredPlanSql' | 'planSummary' | 'hazards'>;
+}): DbApplyPlanner;
+export declare function tryReuseDbPlanArtifact(params: {
+    repoRoot: string;
+    artifactPath: string;
+    input: Pick<DbApplyInput, 'env' | 'databaseUrl'>;
+    precomputedTargetFingerprint?: string;
+}): {
+    artifact: DbPlanArtifact | null;
+    planner: DbApplyPlanner;
+};
+//# sourceMappingURL=planner-artifact.d.ts.map

package/dist/commands/db/apply/helpers/retry-logic.d.ts CHANGED Viewed

@@ -84,6 +84,11 @@ export interface PlanSqlRetryConfig extends RetryConfig {
      * Recommended for production to avoid executing ambiguous SQL plans.
      */
     failOnLowParseConfidence?: boolean;
+    /**
+     * Fail immediately when a retryable lock error occurs but re-planning is not allowed.
+     * Used by checked planner artifact reuse to avoid replaying stale SQL after partial execution.
+     */
+    retryRequiresReplanMessage?: string;
 }
 /**
  * Execute plan SQL via psql with retry logic.

package/dist/commands/db/apply/machine.d.ts CHANGED Viewed

@@ -33,11 +33,12 @@
 import { type CommandWarning } from '@runa-ai/runa';
 import { type SnapshotFrom } from 'xstate';
 import * as actors from './actors.js';
-import type { DbApplyInput, DbApplyPlanSummary } from './contract.js';
+import type { DbApplyInput, DbApplyPlanner, DbApplyPlanSummary } from './contract.js';
 interface DbApplyContext {
     input: DbApplyInput;
     targetDir: string;
     lockAcquired: boolean;
+    preIdempotentTargetFingerprint: string | null;
     idempotentPreApplied: number;
     idempotentPreSkipped: number;
     idempotentPostApplied: number;
@@ -52,6 +53,7 @@ interface DbApplyContext {
     planSql: string | null;
     filteredPlanSql: string | null;
     planSummary: DbApplyPlanSummary | null;
+    planner: DbApplyPlanner | null;
     ssotWarning: string | null;
     nonCriticalWarnings: CommandWarning[];
     idempotentFiles: string[];
@@ -70,7 +72,14 @@ interface DbApplyContext {
     seedStartTime: number | null;
     seedEndTime: number | null;
     retryAttempts: number;
+    retryWaitMs: number;
 }
+interface DbApplyFailureMetadata {
+    code: string;
+    retryable: boolean;
+}
+export declare function classifyDbApplyFailure(errorMessage: string): DbApplyFailureMetadata;
+export declare function createMachineWarning(code: string, message: string, phase: string): CommandWarning;
 export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContext, {
     type: "START";
 } | {
@@ -78,12 +87,6 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
     error: Error;
 }, {
     [x: string]: import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
-        applied: boolean;
-        warnings: string[];
-    }, {
-        input: DbApplyInput;
-        targetDir: string;
-    }, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
         acquired: boolean;
     }, {
         input: DbApplyInput;
@@ -99,23 +102,23 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
     }, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<actors.PgSchemaDiffResult, {
         input: DbApplyInput;
         targetDir: string;
+        preIdempotentTargetFingerprint?: string | null;
     }, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
         warnings: string[];
     }, {
         input: DbApplyInput;
         targetDir: string;
-    }, import("xstate").EventObject>> | undefined;
-}, {
-    src: "applySeeds";
-    logic: import("xstate").PromiseActorLogic<{
+    }, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
         applied: boolean;
         warnings: string[];
     }, {
         input: DbApplyInput;
         targetDir: string;
-    }, import("xstate").EventObject>;
-    id: string | undefined;
-} | {
+    }, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<string | null, {
+        input: DbApplyInput;
+        targetDir: string;
+    }, import("xstate").EventObject>> | undefined;
+}, {
     src: "acquireLock";
     logic: import("xstate").PromiseActorLogic<{
         acquired: boolean;
@@ -149,6 +152,7 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
     logic: import("xstate").PromiseActorLogic<actors.PgSchemaDiffResult, {
         input: DbApplyInput;
         targetDir: string;
+        preIdempotentTargetFingerprint?: string | null;
     }, import("xstate").EventObject>;
     id: string | undefined;
 } | {
@@ -160,13 +164,30 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
         targetDir: string;
     }, import("xstate").EventObject>;
     id: string | undefined;
+} | {
+    src: "applySeeds";
+    logic: import("xstate").PromiseActorLogic<{
+        applied: boolean;
+        warnings: string[];
+    }, {
+        input: DbApplyInput;
+        targetDir: string;
+    }, import("xstate").EventObject>;
+    id: string | undefined;
+} | {
+    src: "captureTargetFingerprint";
+    logic: import("xstate").PromiseActorLogic<string | null, {
+        input: DbApplyInput;
+        targetDir: string;
+    }, import("xstate").EventObject>;
+    id: string | undefined;
 }, {
     type: "assignPgSchemaDiffResult";
     params: import("xstate").NonReducibleUnknown;
 } | {
     type: "releaseAdvisoryLockOnFailure";
     params: unknown;
-}, never, never, "done" | "failed" | "idle" | "acquiringLock" | "previewingIdempotent" | "applyingIdempotentPre" | "applyingPgSchemaDiff" | "applyingIdempotentPost" | "validatingPartitions" | "releasingLock" | "applyingSeeds", string, {
+}, never, never, "done" | "failed" | "idle" | "acquiringLock" | "previewingIdempotent" | "capturingTargetFingerprint" | "applyingIdempotentPre" | "applyingPgSchemaDiff" | "applyingIdempotentPost" | "validatingPartitions" | "releasingLock" | "applyingSeeds", string, {
     input: DbApplyInput;
     targetDir: string;
 }, {
@@ -248,6 +269,7 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
         };
     } | undefined;
     checkOnly?: boolean | undefined;
+    previewProfile?: "full" | "compare-only" | undefined;
     dataViolations?: number | undefined;
     ssotWarning?: string | undefined;
     partitionWarnings?: string[] | undefined;
@@ -263,12 +285,25 @@ export declare const dbApplyMachine: import("xstate").StateMachine<DbApplyContex
         applyMs?: number | undefined;
         seedMs?: number | undefined;
         retryAttempts?: number | undefined;
+        retryWaitMs?: number | undefined;
+    } | undefined;
+    planner?: {
+        source: "inline" | "artifact";
+        path?: string | undefined;
+        reuseAttempted?: boolean | undefined;
+        reuseReason?: "artifact_missing" | "artifact_invalid" | "profile_ineligible" | "source_fingerprint_mismatch" | "target_fingerprint_unavailable" | "target_fingerprint_mismatch" | "tool_version_mismatch" | undefined;
+        reuseMessage?: string | undefined;
+        sourceFingerprint?: string | undefined;
+        targetFingerprint?: string | undefined;
+        targetFingerprintMatched?: boolean | undefined;
+        hasChanges?: boolean | undefined;
     } | undefined;
 }, import("xstate").EventObject, import("xstate").MetaObject, {
     id: "dbApply";
     states: {
         readonly idle: {};
         readonly acquiringLock: {};
+        readonly capturingTargetFingerprint: {};
         readonly previewingIdempotent: {};
         readonly applyingIdempotentPre: {};
         readonly applyingPgSchemaDiff: {};

package/dist/commands/db/commands/db-apply-error.d.ts CHANGED Viewed

@@ -1,5 +1,10 @@
 import { CLIError } from '@runa-ai/runa';
+import type { DbPreviewProfile } from '../apply/contract.js';
 type DbApplyEnvironment = 'local' | 'preview' | 'production';
-export declare function buildDbApplyCliError(errorMessage: string, environment: DbApplyEnvironment): CLIError;
+interface DbApplyCliErrorOptions {
+    previewProfile?: DbPreviewProfile | null;
+    fromPlan?: boolean;
+}
+export declare function buildDbApplyCliError(errorMessage: string, environment: DbApplyEnvironment, options?: DbApplyCliErrorOptions): CLIError;
 export {};
 //# sourceMappingURL=db-apply-error.d.ts.map

package/dist/commands/db/commands/db-apply.d.ts CHANGED Viewed

@@ -14,6 +14,11 @@ export interface DbApplyOptions {
     compareOnly?: boolean;
     maxLockWaitMs?: number;
     freshDbCheckSql?: string;
+    commandLabel?: string;
+    /** Reuse a checked plan artifact generated by `runa db plan`. */
+    fromPlan?: string;
+    /** Persist the checked plan artifact after a successful full preview. */
+    persistPlanArtifact?: boolean;
 }
 /**
  * Run db apply workflow

package/dist/commands/db/commands/db-plan.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare const planCommand: Command;
+//# sourceMappingURL=db-plan.d.ts.map

package/dist/commands/db/commands/db-preview-profile.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { z } from 'zod';
+import { type DbApplyOutput, type DbPreviewProfile } from '../apply/contract.js';
+export declare const DEFAULT_DB_PREVIEW_PROFILE: DbPreviewProfile;
+export declare const DbPreviewEnvironmentSchema: z.ZodEnum<{
+    local: "local";
+    preview: "preview";
+    production: "production";
+}>;
+export declare const LEGACY_DB_APPLY_CHECK_REMOVAL_TARGET = "the next major CLI release";
+export declare function parseDbPreviewProfile(value: string): DbPreviewProfile;
+export type DbPreviewEnvironment = z.infer<typeof DbPreviewEnvironmentSchema>;
+export declare function resolveDbPreviewEnvironment(value: string): DbPreviewEnvironment | null;
+export declare function resolveDbPreviewProfile(params: {
+    check?: boolean;
+    compareOnly?: boolean;
+}): DbPreviewProfile | null;
+export declare function isCompareOnlyPreviewProfile(profile: DbPreviewProfile): boolean;
+export declare function getDbPreviewModeLabel(profile: DbPreviewProfile): string;
+export declare function buildDbPreviewCommandLabel(env: string, profile: DbPreviewProfile): string;
+export declare function buildDbPlanCommandLabel(env: string): string;
+export declare function getDbPreviewIdempotentSchemaCount(result: Pick<DbApplyOutput, 'idempotentFiles' | 'idempotentSchemasApplied'>): number;
+export declare function buildLegacyDbApplyCheckWarning(profile: DbPreviewProfile): string;
+//# sourceMappingURL=db-preview-profile.d.ts.map

package/dist/commands/db/commands/db-preview.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare const previewCommand: Command;
+//# sourceMappingURL=db-preview.d.ts.map

package/dist/commands/db/sync/actors.d.ts CHANGED Viewed

@@ -74,6 +74,7 @@ export interface SyncInput {
 export declare const syncSchema: import("xstate").PromiseActorLogic<{
     applied: boolean;
     stepsCompleted: string[];
+    applyCommitted?: boolean | undefined;
     error?: string | undefined;
 }, SyncInput, import("xstate").EventObject>;
 export interface ReportInput {

package/dist/commands/db/sync/contract.d.ts CHANGED Viewed

@@ -13,6 +13,7 @@
  * - runa db sync --check      # Dry-run mode
  */
 import { z } from 'zod';
+import type { BoundaryGuidanceWarning, LocalBlindSpotBlocker, RuntimeContradictionIssue, RuntimeWarningIssue, SchemaGuardrailReport, SchemaManagedBlockKind, SchemaGuardrailFailureCode, SchemaGuardrailPhaseId, SemanticDuplicateCandidate, SemanticDuplicateEvidence, SemanticDuplicateWarning } from './schema-guardrail-types.js';
 /**
  * Environment type for db sync
  */
@@ -89,6 +90,7 @@ export type SnapshotResult = z.infer<typeof SnapshotResultSchema>;
  */
 export declare const SyncResultSchema: z.ZodObject<{
     applied: z.ZodBoolean;
+    applyCommitted: z.ZodOptional<z.ZodBoolean>;
     stepsCompleted: z.ZodArray<z.ZodString>;
     error: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
@@ -123,6 +125,18 @@ export declare const StepContextSchema: z.ZodObject<{
     configTimeoutMs: z.ZodOptional<z.ZodNumber>;
 }, z.core.$strip>;
 export type StepContext = z.infer<typeof StepContextSchema>;
+export declare const SchemaManagedBlockKindSchema: z.ZodType<SchemaManagedBlockKind>;
+export declare const SchemaGuardrailPhaseIdSchema: z.ZodType<SchemaGuardrailPhaseId>;
+export declare const SchemaGuardrailFailureCodeSchema: z.ZodType<SchemaGuardrailFailureCode>;
+export declare const RuntimeWarningIssueSchema: z.ZodType<RuntimeWarningIssue>;
+export declare const RuntimeContradictionIssueSchema: z.ZodType<RuntimeContradictionIssue>;
+export declare const SemanticDuplicateEvidenceSchema: z.ZodType<SemanticDuplicateEvidence>;
+export declare const SemanticDuplicateCandidateSchema: z.ZodType<SemanticDuplicateCandidate>;
+export declare const SemanticDuplicateWarningSchema: z.ZodType<SemanticDuplicateWarning>;
+export declare const BoundaryGuidanceWarningSchema: z.ZodType<BoundaryGuidanceWarning>;
+export declare const LocalBlindSpotBlockerSchema: z.ZodType<LocalBlindSpotBlocker>;
+export declare const SchemaGuardrailReportSchema: z.ZodType<SchemaGuardrailReport>;
+export type { RuntimeContradictionIssue, RuntimeWarningIssue, SchemaGuardrailReport, SchemaManagedBlockKind, SchemaGuardrailFailureCode, SchemaGuardrailPhaseId, SemanticDuplicateCandidate, SemanticDuplicateEvidence, SemanticDuplicateWarning, } from './schema-guardrail-types.js';
 /**
  * DB sync command result
  */
@@ -137,10 +151,12 @@ export declare const DbSyncOutputSchema: z.ZodObject<{
     preflightPassed: z.ZodBoolean;
     snapshotCreated: z.ZodBoolean;
     applied: z.ZodBoolean;
+    applyCommitted: z.ZodOptional<z.ZodBoolean>;
     stepsCompleted: z.ZodArray<z.ZodString>;
     reportJsonPath: z.ZodOptional<z.ZodString>;
     exitCode: z.ZodUnion<readonly [z.ZodLiteral<0>, z.ZodLiteral<1>]>;
     error: z.ZodOptional<z.ZodString>;
+    guardrail: z.ZodOptional<z.ZodType<SchemaGuardrailReport, unknown, z.core.$ZodTypeInternals<SchemaGuardrailReport, unknown>>>;
     outcome: z.ZodObject<{
         command: z.ZodString;
         exitMode: z.ZodEnum<{

package/dist/commands/db/sync/guardrail-orchestrator.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { DbSyncOutput } from './contract.js';
+import type { DbCommandOptions } from '../types.js';
+type GuardrailLogger = {
+    info(message: string): void;
+    warn(message: string): void;
+    error(message: string): void;
+};
+export declare function runDbSyncWithGuardrail(params: {
+    env: string;
+    options: DbCommandOptions;
+    logger: GuardrailLogger;
+    runDbSyncMachine: () => Promise<DbSyncOutput>;
+}): Promise<DbSyncOutput>;
+export {};
+//# sourceMappingURL=guardrail-orchestrator.d.ts.map

package/dist/commands/db/sync/guardrail-reporting.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { DbSyncOutput, SchemaGuardrailReport } from './contract.js';
+export type GuardrailSummaryEntry = {
+    level: 'info' | 'warn' | 'error';
+    message: string;
+};
+export declare function buildGuardrailSummaryEntries(report: SchemaGuardrailReport): GuardrailSummaryEntry[];
+export declare function buildGuardrailPreApplyEntries(report: SchemaGuardrailReport): GuardrailSummaryEntry[];
+export declare function writeMergedDbSyncReportJson(params: {
+    filePath?: string;
+    result: DbSyncOutput;
+}): void;
+//# sourceMappingURL=guardrail-reporting.d.ts.map

package/dist/commands/db/sync/index.d.ts CHANGED Viewed

@@ -6,5 +6,9 @@
  */
 export * from './actors.js';
 export * from './contract.js';
+export * from './guardrail-orchestrator.js';
+export * from './guardrail-reporting.js';
 export * from './machine.js';
+export type * from './schema-guardrail-types.js';
+export { createGuardrailOutcomePhases, createSyncApplyFailureReport, runSchemaGuardrailRuntime, runSchemaGuardrailStatic, } from './schema-guardrail.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/commands/db/sync/machine.d.ts CHANGED Viewed

@@ -31,6 +31,7 @@ interface DbSyncContext {
     preflightPassed: boolean;
     snapshotCreated: boolean;
     applied: boolean;
+    applyCommitted: boolean;
     stepsCompleted: string[];
     reportWritten: boolean;
     error: string | null;
@@ -51,17 +52,18 @@ export declare const dbSyncMachine: import("xstate").StateMachine<DbSyncContext,
     }, actors.SnapshotInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
         applied: boolean;
         stepsCompleted: string[];
+        applyCommitted?: boolean | undefined;
         error?: string | undefined;
     }, actors.SyncInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
-        passed: boolean;
-        warnings?: string[] | undefined;
-        error?: string | undefined;
-    }, actors.PreflightInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
         passed: boolean;
         databaseUrl?: string | undefined;
         dbPackagePath?: string | undefined;
         error?: string | undefined;
-    }, actors.ReconcileInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<actors.SetupOutput, actors.SetupInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<actors.ReportOutput, actors.ReportInput, import("xstate").EventObject>> | undefined;
+    }, actors.ReconcileInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<{
+        passed: boolean;
+        warnings?: string[] | undefined;
+        error?: string | undefined;
+    }, actors.PreflightInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<actors.SetupOutput, actors.SetupInput, import("xstate").EventObject>> | import("xstate").ActorRefFromLogic<import("xstate").PromiseActorLogic<actors.ReportOutput, actors.ReportInput, import("xstate").EventObject>> | undefined;
 }, {
     src: "snapshot";
     logic: import("xstate").PromiseActorLogic<{
@@ -76,25 +78,26 @@ export declare const dbSyncMachine: import("xstate").StateMachine<DbSyncContext,
     logic: import("xstate").PromiseActorLogic<{
         applied: boolean;
         stepsCompleted: string[];
+        applyCommitted?: boolean | undefined;
         error?: string | undefined;
     }, actors.SyncInput, import("xstate").EventObject>;
     id: string | undefined;
 } | {
-    src: "preflight";
+    src: "reconcile";
     logic: import("xstate").PromiseActorLogic<{
         passed: boolean;
-        warnings?: string[] | undefined;
+        databaseUrl?: string | undefined;
+        dbPackagePath?: string | undefined;
         error?: string | undefined;
-    }, actors.PreflightInput, import("xstate").EventObject>;
+    }, actors.ReconcileInput, import("xstate").EventObject>;
     id: string | undefined;
 } | {
-    src: "reconcile";
+    src: "preflight";
     logic: import("xstate").PromiseActorLogic<{
         passed: boolean;
-        databaseUrl?: string | undefined;
-        dbPackagePath?: string | undefined;
+        warnings?: string[] | undefined;
         error?: string | undefined;
-    }, actors.ReconcileInput, import("xstate").EventObject>;
+    }, actors.PreflightInput, import("xstate").EventObject>;
     id: string | undefined;
 } | {
     src: "setupContext";
@@ -104,7 +107,7 @@ export declare const dbSyncMachine: import("xstate").StateMachine<DbSyncContext,
     src: "writeReport";
     logic: import("xstate").PromiseActorLogic<actors.ReportOutput, actors.ReportInput, import("xstate").EventObject>;
     id: string | undefined;
-}, never, never, never, "done" | "failed" | "sync" | "setup" | "idle" | "snapshot" | "report" | "preflight" | "reconcile", string, {
+}, never, never, never, "done" | "failed" | "sync" | "setup" | "idle" | "snapshot" | "reconcile" | "report" | "preflight", string, {
     env?: "local" | "preview" | "production" | undefined;
     check?: boolean | undefined;
     force?: boolean | undefined;
@@ -187,8 +190,10 @@ export declare const dbSyncMachine: import("xstate").StateMachine<DbSyncContext,
         };
         nextActions?: string[] | undefined;
     };
+    applyCommitted?: boolean | undefined;
     reportJsonPath?: string | undefined;
     error?: string | undefined;
+    guardrail?: import("./schema-guardrail-types.js").SchemaGuardrailReport | undefined;
 }, import("xstate").EventObject, import("xstate").MetaObject, {
     id: "dbSync";
     states: {

package/dist/commands/db/sync/schema-guardrail-config-test-support.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { SchemaGuardrailConfig } from './schema-guardrail-types.js';
+type GuardrailConfigNormalizers = {
+    normalizeAllowlistSignature(value: string): string;
+    normalizeFileList(files: Iterable<string>): string[];
+    normalizeFunctionQualifiedName(value: string): string;
+    normalizePathForMatch(filePath: string): string;
+    normalizeSuppressionPair(value: string): string;
+};
+export declare function tryLoadSchemaGuardrailConfigFromText(params: {
+    targetDir: string;
+    defaults: SchemaGuardrailConfig;
+    normalizers: GuardrailConfigNormalizers;
+}): SchemaGuardrailConfig | null;
+export {};
+//# sourceMappingURL=schema-guardrail-config-test-support.d.ts.map

package/dist/commands/db/sync/schema-guardrail-config.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { SchemaGuardrailConfig } from './schema-guardrail-types.js';
+export declare const DEFAULT_TABLE_HEADER_MAX_WIDTH = 160;
+export declare const DEFAULT_SEMANTIC_WARNING_THRESHOLD = 0.55;
+export declare const DEFAULT_SEMANTIC_WARNING_MAX_CANDIDATES = 3;
+export declare const GENERIC_SIMILARITY_COLUMNS: Set<string>;
+export declare function normalizePathForMatch(filePath: string): string;
+export declare function normalizeFunctionQualifiedName(value: string): string;
+export declare function normalizeAllowlistSignature(value: string): string;
+export declare function normalizeSuppressionPair(value: string): string;
+export declare function loadSchemaGuardrailConfig(targetDir: string): SchemaGuardrailConfig;
+//# sourceMappingURL=schema-guardrail-config.d.ts.map

package/dist/commands/db/sync/schema-guardrail-ddl-order.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * AI HINT: Schema Guardrail - DDL Order Validation
+ *
+ * Purpose: Detect policy→function dependency ordering issues that would
+ * cause "function does not exist" errors during production pg-schema-diff apply.
+ *
+ * Why this matters:
+ * - Local `runa db sync` runs against a fresh DB (all CREATE, no ALTER)
+ * - Production `runa db apply` generates ALTER POLICY for changed policies
+ * - pg-schema-diff may order ALTER POLICY (phase 50) before CREATE FUNCTION (phase 60)
+ * - This check catches the issue statically from SQL files, without needing a live DB
+ *
+ * Detection: For each CREATE POLICY/ALTER POLICY with a schema-qualified function call,
+ * verify the function is defined BEFORE the policy in file ordering (by file prefix number).
+ */
+export interface DdlOrderWarning {
+    policyFile: string;
+    policyLine: number;
+    functionRef: string;
+    functionFile: string;
+    message: string;
+}
+/**
+ * Scan declarative SQL files for policy→function ordering risks.
+ *
+ * Returns warnings when a policy references a function that is defined
+ * in a later-ordered file (by numeric prefix), which means pg-schema-diff
+ * may generate ALTER POLICY before CREATE FUNCTION during incremental apply.
+ */
+export declare function detectDdlOrderRisks(declarativeDir: string): DdlOrderWarning[];
+/**
+ * Run DDL order check and log warnings.
+ * Called from guardrail orchestrator during `runa db sync`.
+ */
+export declare function runDdlOrderCheck(targetDir: string): DdlOrderWarning[];
+//# sourceMappingURL=schema-guardrail-ddl-order.d.ts.map

package/dist/commands/db/sync/schema-guardrail-graph-guidance.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * AI HINT: Schema Guardrail Graph - Boundary Guidance Warnings
+ *
+ * Purpose: Generate guidance warnings for schema boundary violations,
+ * security definer issues, trigger ownership, and managed schema access
+ */
+import type { SchemaGuardrailReport, SchemaGraphFunctionClaim, SchemaGraphFileNode, SchemaGraphSchemaNode } from './schema-guardrail-types.js';
+declare function buildBoundaryGuidanceWarnings(params: {
+    fileNodes: SchemaGraphFileNode[];
+    schemaNodes: SchemaGraphSchemaNode[];
+    functionClaims: SchemaGraphFunctionClaim[];
+    ownerFileByTable: Map<string, string>;
+}): SchemaGuardrailReport['boundaryGuidanceWarnings'];
+export { buildBoundaryGuidanceWarnings };
+//# sourceMappingURL=schema-guardrail-graph-guidance.d.ts.map

package/dist/commands/db/sync/schema-guardrail-graph-metadata.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * AI HINT: Schema Guardrail Graph - Metadata Analysis
+ *
+ * Purpose: Function ownership hashing, allowlist checking, and
+ * defined function/boundary metadata extraction
+ */
+import { type DuplicateFunctionOwnershipFinding } from '../utils/duplicate-function-ownership.js';
+import { type SqlFile } from '../utils/declarative-dependency-sql-utils.js';
+import { type DefinedFunctionMetadata, type ManagedBoundaryMetadata } from './schema-guardrail-graph-types.js';
+import type { SchemaGuardrailConfig } from './schema-guardrail-types.js';
+declare function normalizeFunctionStatementForHash(statement: string): string;
+declare function buildFunctionBodyHashMap(files: SqlFile[], layer: 'declarative' | 'idempotent'): Map<string, string>;
+declare function isAllowlistedDuplicateFunction(params: {
+    finding: DuplicateFunctionOwnershipFinding;
+    allowlist: SchemaGuardrailConfig['allowedDuplicateFunctions'];
+    bodyHashes: Map<string, string>;
+}): boolean;
+/**
+ * Collect qualified object references from SQL function bodies
+ */
+declare function normalizeQualifiedObjectRef(schema: string, name: string, isFunctionCall: boolean): string;
+declare function collectQualifiedObjectRefs(params: {
+    content: string;
+    allowedSchemas: ReadonlySet<string>;
+    includeFunctionCalls: boolean;
+}): {
+    refs: string[];
+    schemas: string[];
+};
+/**
+ * Check if function body has SET search_path locked
+ */
+declare function isSearchPathLocked(statement: string): boolean;
+declare function buildDefinedFunctionMetadataByFile(params: {
+    files: SqlFile[];
+    layer: 'declarative' | 'idempotent';
+    managedSchemas: Set<string>;
+}): Map<string, DefinedFunctionMetadata[]>;
+declare function buildManagedBoundaryMetadataByFile(files: SqlFile[]): Map<string, ManagedBoundaryMetadata>;
+export { normalizeFunctionStatementForHash, buildFunctionBodyHashMap, isAllowlistedDuplicateFunction, normalizeQualifiedObjectRef, collectQualifiedObjectRefs, isSearchPathLocked, buildDefinedFunctionMetadataByFile, buildManagedBoundaryMetadataByFile, };
+//# sourceMappingURL=schema-guardrail-graph-metadata.d.ts.map