@saacms/core 0.1.0

package/dist/access/index.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Three-grain access control per ADR 0006.
+ *
+ * 1. Collection-level (per-verb)  — `read | create | update | delete`
+ * 2. Per-record predicates (post-fetch, when the predicate accepts a `record`)
+ * 3. Field-level (per-field)      — declared via `Schema.X.annotations({ saacmsAccess })`
+ *
+ * Each predicate returns either a boolean (allow/deny) or a Where-clause to filter
+ * (read) / scope (update/delete). v1 alpha ships the types + a stub evaluator.
+ */
+import type { User } from "../types/user.ts";
+export type AccessVerb = "read" | "create" | "update" | "delete";
+/** Alias chosen for symmetry with Drizzle's `where` argument shape. */
+export type WhereClause = Record<string, unknown>;
+export type AccessResult = boolean | {
+    where: WhereClause;
+};
+export interface AccessContext<TRecord = unknown> {
+    readonly user: User | null;
+    readonly record?: TRecord;
+}
+export type AccessPredicate<TRecord = unknown> = (ctx: AccessContext<TRecord>) => AccessResult | Promise<AccessResult>;
+/**
+ * Field-level access semantics carried on Effect Schema annotations
+ * (`saacmsAccess: { read, update }`) per ADR 0006 §3.
+ */
+export interface FieldAccess<TRecord = unknown> {
+    readonly read?: AccessPredicate<TRecord>;
+    readonly update?: AccessPredicate<TRecord>;
+}
+/**
+ * Evaluate an access predicate. Stub for v1 alpha — a real implementation will
+ * resolve the Effect (when predicate returns one), normalise the result, and
+ * apply Where-clause merging across multiple predicates.
+ */
+export declare function evaluateAccess<TRecord = unknown>(_predicate: AccessPredicate<TRecord>, _ctx: AccessContext<TRecord>): AccessResult;
+//# sourceMappingURL=index.d.ts.map

package/dist/access/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/access/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAE5C,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;AAEhE,uEAAuE;AACvE,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEjD,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG;IAAE,KAAK,EAAE,WAAW,CAAA;CAAE,CAAA;AAE3D,MAAM,WAAW,aAAa,CAAC,OAAO,GAAG,OAAO;IAC9C,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,MAAM,eAAe,CAAC,OAAO,GAAG,OAAO,IAAI,CAC/C,GAAG,EAAE,aAAa,CAAC,OAAO,CAAC,KACxB,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;AAEzC;;;GAGG;AACH,MAAM,WAAW,WAAW,CAAC,OAAO,GAAG,OAAO;IAC5C,QAAQ,CAAC,IAAI,CAAC,EAAE,eAAe,CAAC,OAAO,CAAC,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC,OAAO,CAAC,CAAA;CAC3C;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAG,OAAO,EAC9C,UAAU,EAAE,eAAe,CAAC,OAAO,CAAC,EACpC,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC,GAC3B,YAAY,CAEd"}

package/dist/access/index.js

@@ -0,0 +1,6 @@
+import {
+  evaluateAccess
+} from "../index-b7z43xwp.js";
+export {
+  evaluateAccess
+};

package/dist/auth/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Auth adapter interface per ADR 0008 (Identity bounded context, ADR 0020).
+ *
+ * The `AuthAdapter` is the seam between saacms's runtime and whatever auth
+ * library the host wires (Better Auth in v1.0; Clerk / Auth.js / lucia in
+ * v1.x). saacms's runtime never imports better-auth directly — the host
+ * supplies an `AuthAdapter` implementation in `SaacmsConfig.auth`, and the
+ * `auth-middleware` calls into it before every authenticated route.
+ *
+ * The adapter contract is intentionally minimal: given an incoming request,
+ * return the `User` projection (per `types/user.ts`) or `null` for anonymous.
+ * Session creation, sign-in, sign-out, password reset, etc. all happen on the
+ * host's own routes (mounted by the host adapter), not on `/api/saacms/v1/*`.
+ */
+import type { User } from "../types/user.ts";
+/**
+ * Resolve a `User` (or `null` for anonymous) for an incoming request.
+ *
+ * Implementations typically inspect `Cookie:` and `Authorization:` headers,
+ * then call into the auth library's session-validation API.
+ *
+ * Errors should be thrown only for *transport* failures (e.g. session store
+ * unreachable) — invalid/expired/missing sessions resolve to `null` so the
+ * runtime can treat them uniformly as anonymous.
+ */
+export interface AuthAdapter {
+    readonly name: string;
+    getSession(request: Request): Promise<User | null>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAE5C;;;;;;;;;GASG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;CACnD"}

package/dist/codegen/content-migration.d.ts

@@ -0,0 +1,167 @@
+/**
+ * Block-Schema → content-migration projection per ADR 0012 (Migrations: schema
+ * and content) and ADR 0005 (Effect Schema is the single source of truth).
+ *
+ * Where `to-d1-migration.ts` projects a *Collection* Schema to the DDL that is
+ * the comparator for DB drift, this module projects a *Block* Schema to a
+ * structural **fingerprint** that is the comparator for *content* drift: when a
+ * Block's Schema evolves, every stored Page JSON that references that Block
+ * must be transformed so the next compile step can parse it.
+ *
+ * Four pure, deterministic exports:
+ *
+ *   - `fingerprintBlockSchema(block)` — a stable structural fingerprint of a
+ *     Block's Effect Schema (field name + projected type + optionality). The
+ *     content analogue of `schemaToD1Migration`'s DDL string.
+ *   - `diffBlockSchemas(prev, next)` — a structured added/removed/renamed/
+ *     retyped description, sufficient to (a) decide a content migration is
+ *     needed and (b) scaffold its transform body.
+ *   - `contentMigrationModuleSource(slug, fromVersion, toVersion, diff)` — the
+ *     **string** source of a runnable, type-correct
+ *     `saacms/migrations/content/NNNN_<name>.ts` module: a typed `up(pageJson)`
+ *     that walks a Page Block tree and transforms instances of the changed
+ *     Block, plus a forward-only `down` stub.
+ *   - `detectPendingContentMigrations({...})` — the pure refuse-to-start guard:
+ *     for each Block whose current fingerprint ≠ its last-migrated fingerprint
+ *     (with no corresponding applied content migration), a precise
+ *     human-readable reason. Consumed by `saacms migrate check`; reusable
+ *     verbatim by a future runtime-boot guard (kept pure for that reason).
+ *
+ * Block-version note (ADR 0012 + CONTEXT.md "Schema is the single source of
+ * truth; projections are mechanical"): the Block `version` lives on the dev's
+ * authored `defineBlock({...})` *structure*. saacms migrates *instances*
+ * (stored Page JSON); it must not rewrite the dev's authored structure source.
+ * So the generator records `from`/`to` versions in the emitted migration + the
+ * snapshot and the CLI logs an explicit "bump `version:`" instruction — it
+ * never edits a Block source file.
+ */
+import type { BlockDef } from "../schema/index.ts";
+/** One projected field of a Block Schema. */
+export interface BlockFieldShape {
+    readonly name: string;
+    /**
+     * Coarse projected type: `string` | `number` | `boolean` | `date` |
+     * `literal:<a|b|…>` (sorted) | `array` | `object` | `unknown`. Coarse on
+     * purpose — it is the same granularity a content transform can act on.
+     */
+    readonly type: string;
+    readonly optional: boolean;
+}
+/** A stable, order-independent structural fingerprint of a Block Schema. */
+export interface BlockFingerprint {
+    readonly fields: ReadonlyArray<BlockFieldShape>;
+}
+/**
+ * Compute the stable structural fingerprint of a Block's Effect Schema.
+ *
+ * Fields are sorted by name so the fingerprint is order-independent: the same
+ * Schema always produces the same fingerprint regardless of declaration order.
+ * Throws if the Block's root Schema is not a Struct (TypeLiteral) — the same
+ * invariant `schemaToD1Migration` enforces for Collections.
+ */
+export declare function fingerprintBlockSchema(block: BlockDef): BlockFingerprint;
+/**
+ * Canonical stable string form of a fingerprint — the value stored in the
+ * migration snapshot and compared for drift (the content analogue of the DDL
+ * string the DB snapshot stores).
+ */
+export declare function fingerprintToString(fp: BlockFingerprint): string;
+export interface AddedField {
+    readonly name: string;
+    readonly type: string;
+    readonly optional: boolean;
+}
+export interface RemovedField {
+    readonly name: string;
+}
+export interface RenamedField {
+    readonly from: string;
+    readonly to: string;
+    readonly type: string;
+}
+export interface RetypedField {
+    readonly name: string;
+    readonly fromType: string;
+    readonly toType: string;
+}
+export interface BlockSchemaDiff {
+    readonly added: ReadonlyArray<AddedField>;
+    readonly removed: ReadonlyArray<RemovedField>;
+    readonly renamed: ReadonlyArray<RenamedField>;
+    readonly retyped: ReadonlyArray<RetypedField>;
+    /** True iff any of the four buckets is non-empty (a content migration is warranted). */
+    readonly changed: boolean;
+}
+/**
+ * Diff two Block fingerprints into a structured change description.
+ *
+ * Rename heuristic: a removed field and an added field that share an identical
+ * projected type are paired as a rename (the common single-field case). This
+ * keeps the transform a safe key-copy rather than a drop+add data loss. Per
+ * ADR 0012 renames are otherwise an explicit dev/CLI conversation; the
+ * generated transform is reviewed before it is committed, so the heuristic is
+ * a scaffold, not an irreversible auto-decision.
+ */
+export declare function diffBlockSchemas(prev: BlockFingerprint, next: BlockFingerprint): BlockSchemaDiff;
+/**
+ * Produce the **string** source of a runnable, type-correct content-migration
+ * module for `saacms/migrations/content/<NNNN>_<name>.ts`.
+ *
+ * The module exports:
+ *   - `meta` — `{ block, fromVersion, toVersion }` (the version transition the
+ *     runtime/`check` guard reads).
+ *   - `up(pageJson: unknown): unknown` — deep-walks a Page Block tree and, on
+ *     every node whose `type` equals the changed Block's slug, applies the
+ *     diff (rename → copy old→new key; add → default; remove → drop; retype →
+ *     a documented TODO with the diff inlined so the dev finishes intent).
+ *     Non-matching nodes and all other Pages/Blocks are returned untouched.
+ *   - `down(pageJson: unknown): never` — forward-only stub (rollback is
+ *     git-revert + re-run per ADR 0012 "Deferred to v2").
+ *
+ * The generated source uses only language built-ins (no `@saacms/*` import) so
+ * it type-checks and runs standalone in the dev's repo.
+ */
+export declare function contentMigrationModuleSource(blockSlug: string, fromVersion: number, toVersion: number, diff: BlockSchemaDiff): string;
+/** One Block with a pending content migration. */
+export interface PendingContentMigration {
+    readonly slug: string;
+    readonly fromVersion: number;
+    readonly toVersion: number;
+    /** Precise, human-readable refuse-to-start reason. */
+    readonly reason: string;
+}
+export interface PendingContentReport {
+    readonly pending: ReadonlyArray<PendingContentMigration>;
+    readonly clean: boolean;
+}
+/** The per-Block record stored under the snapshot's `$blocks` section. */
+export interface BlockSnapshotEntry {
+    /** `fingerprintToString` of the last *migrated* Block Schema. */
+    readonly fingerprint: string;
+    /** Block version the last migration migrated *to*. */
+    readonly version: number;
+    /** How many content migrations have been generated for this Block. */
+    readonly migrationCount: number;
+}
+export interface DetectPendingInput {
+    readonly blocks: ReadonlyArray<BlockDef>;
+    /** The `$blocks` section of the migration snapshot (last-migrated state). */
+    readonly snapshot: Readonly<Record<string, BlockSnapshotEntry>>;
+    /**
+     * Filenames of content migrations already applied (e.g. from a content
+     * ledger). Optional: when supplied, a Block whose fingerprint matches the
+     * snapshot but whose recorded migration filename is absent here is still
+     * reported (generated-but-not-applied). When omitted, pendingness is derived
+     * purely from fingerprint-vs-last-migrated drift.
+     */
+    readonly appliedMigrations?: ReadonlyArray<string>;
+}
+/**
+ * Pure refuse-to-start guard. For each Block whose current Schema fingerprint
+ * differs from its last-migrated fingerprint (or whose generated migration is
+ * not in `appliedMigrations`), return a precise reason. A Block with no
+ * snapshot entry is NOT pending — it has no stored instances on a prior
+ * version to transform (the content analogue of a brand-new table).
+ */
+export declare function detectPendingContentMigrations(input: DetectPendingInput): PendingContentReport;
+//# sourceMappingURL=content-migration.d.ts.map

package/dist/codegen/content-migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-migration.d.ts","sourceRoot":"","sources":["../../src/codegen/content-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAMlD,6CAA6C;AAC7C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CAC3B;AAED,4EAA4E;AAC5E,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC,eAAe,CAAC,CAAA;CAChD;AAoDD;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,QAAQ,GAAG,gBAAgB,CAaxE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,gBAAgB,GAAG,MAAM,CAEhE;AAMD,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CAC3B;AACD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CACtB;AACD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CACtB;AACD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,UAAU,CAAC,CAAA;IACzC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC,CAAA;IAC7C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC,CAAA;IAC7C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC,CAAA;IAC7C,wFAAwF;IACxF,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;CAC1B;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,gBAAgB,EACtB,IAAI,EAAE,gBAAgB,GACrB,eAAe,CA6CjB;AA0BD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,4BAA4B,CAC1C,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,eAAe,GACpB,MAAM,CA+GR;AAMD,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,sDAAsD;IACtD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,uBAAuB,CAAC,CAAA;IACxD,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAA;CACxB;AAED,0EAA0E;AAC1E,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,sDAAsD;IACtD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,sEAAsE;IACtE,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAA;IACxC,6EAA6E;IAC7E,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAA;IAC/D;;;;;;OAMG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;CACnD;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,kBAAkB,GACxB,oBAAoB,CA4BtB"}

package/dist/codegen/filter-openapi-for-user.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Per-user OpenAPI filtering per ADR 0006 + ADR 0018.
+ *
+ * The runtime calls `filterOpenApiForUser` on every `GET /api/saacms/v1/openapi.json`
+ * request, after assembling the full spec from `collectionToOpenApiPaths`. The
+ * result is the slice of routes + fields the *calling* user is allowed to see.
+ *
+ * --------------------------------------------------------------------
+ * Mapping HTTP method → AccessVerb (per ADR 0006 + ADR 0018)
+ * --------------------------------------------------------------------
+ *
+ *   GET                 →  read
+ *   POST (create)       →  create
+ *   PUT, PATCH          →  update
+ *   DELETE              →  delete
+ *   POST /{...}:verb    →  update  (custom-action default for v1;
+ *                                    TODO: per-action override)
+ *
+ * Note: per the no-SSE-dependency principle, the v1 spec does not advertise a
+ * `/subscribe` path. If a host installs an opt-in realtime plugin that adds
+ * one, that plugin is responsible for declaring its own filter mapping.
+ *
+ * --------------------------------------------------------------------
+ * Predicate semantics (callable out for review)
+ * --------------------------------------------------------------------
+ *
+ * 1. The predicate is invoked with `{ user, record: undefined }`. A `false`
+ *    return removes the operation; anything else (`true`, `{ where }`, or a
+ *    Promise resolving to either) keeps it. Where-clauses scope returned
+ *    records at fetch time — they don't hide the route at the spec level.
+ *
+ * 2. Per-record predicates (those that destructure or de-reference `record`)
+ *    can't be meaningfully evaluated without a record. If such a predicate
+ *    throws on `record: undefined`, we treat it as "would-allow at the listing
+ *    level" per ADR 0006: hiding the route would over-deny; the per-record
+ *    filter still fires at fetch time.
+ *
+ * 3. `null` user is passed through to the predicate; the predicate decides what
+ *    anonymous gets. Collections with NO `access` declared default every verb
+ *    to allowed (open by default — devs opt in to access control).
+ *
+ * --------------------------------------------------------------------
+ * Field-level filtering
+ * --------------------------------------------------------------------
+ *
+ * For each Collection we walk its Effect Schema AST; on every `PropertySignature`
+ * we read the `saacmsAccess` annotation (per ADR 0006 §3 + ADR 0005 annotation
+ * namespace). If `saacmsAccess.read` returns false for the user, the property
+ * is stripped from `components.schemas.{PascalSlug}.properties` and from the
+ * `required` array. Per-record field evaluation stays a runtime concern.
+ *
+ * --------------------------------------------------------------------
+ * Immutability + caching
+ * --------------------------------------------------------------------
+ *
+ * The runtime cache (per ADR 0021) shares the full-spec snapshot across requests
+ * and re-filters per "access fingerprint" (role + relevant claims). To keep that
+ * sharing safe we deep-clone the input via `structuredClone` and never mutate
+ * what was passed in. The output is a fresh tree.
+ *
+ * --------------------------------------------------------------------
+ * Reference pruning
+ * --------------------------------------------------------------------
+ *
+ * After path filtering we walk every surviving Path Item collecting
+ * `$ref: "#/components/schemas/X"` strings, then transitively walk the kept
+ * schemas. Schemas not in that set are dropped from `components.schemas`.
+ * `ProblemDetails` is always preserved — every error response references it.
+ */
+import type { CollectionDef } from "../schema/index.ts";
+import type { User } from "../types/user.ts";
+import type { OpenAPIPathsObject, OpenAPISchemaObject } from "./openapi-types.ts";
+/**
+ * The slice of an OpenAPI document this filter operates on. `paths` and
+ * `components.schemas` are the only parts whose contents are user-dependent;
+ * `info`, `servers`, `tags`, etc. are caller-attached and pass through unchanged
+ * outside this filter.
+ */
+export interface FilterableSpec {
+    readonly paths: OpenAPIPathsObject;
+    readonly components: {
+        readonly schemas: Record<string, OpenAPISchemaObject>;
+    };
+}
+export interface FilterOpenApiForUserInput {
+    readonly spec: FilterableSpec;
+    readonly collections: ReadonlyArray<CollectionDef>;
+    /** `null` is anonymous; the predicate decides what anonymous gets. */
+    readonly user: User | null;
+}
+/**
+ * Return a NEW spec scoped to what `user` is allowed to see:
+ * operations whose verb-mapped predicate returns false are removed; paths whose
+ * operations are all removed are pruned; fields with `saacmsAccess.read`
+ * returning false are stripped from the Collection's Schema Object; finally
+ * unreferenced `components.schemas` entries are pruned (best-effort $ref walk,
+ * with `ProblemDetails` always preserved).
+ */
+export declare function filterOpenApiForUser(input: FilterOpenApiForUserInput): Promise<FilterableSpec>;
+//# sourceMappingURL=filter-openapi-for-user.d.ts.map

package/dist/codegen/filter-openapi-for-user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"filter-openapi-for-user.d.ts","sourceRoot":"","sources":["../../src/codegen/filter-openapi-for-user.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AAQH,OAAO,KAAK,EAAa,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAC5C,OAAO,KAAK,EAEV,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,oBAAoB,CAAA;AAM3B;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAA;IAClC,QAAQ,CAAC,UAAU,EAAE;QACnB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;KACtD,CAAA;CACF;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAA;IAC7B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,aAAa,CAAC,CAAA;IAClD,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;CAC3B;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,yBAAyB,GAC/B,OAAO,CAAC,cAAc,CAAC,CAoDzB"}

package/dist/codegen/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @saacms/core — codegen surface.
+ *
+ * Schema → projection generators per ADR 0005 (Effect Schema is the single
+ * source of truth) — Drizzle table, OpenAPI spec, TS types, Puck field config.
+ *
+ * Each projection is a pure function of the Schema (and CollectionDef where
+ * relevant); they're called from `saacms codegen` (CLI) and from the runtime
+ * when assembling per-user OpenAPI documents.
+ */
+export * from "./openapi-types.ts";
+export * from "./to-openapi.ts";
+export * from "./to-drizzle.ts";
+export * from "./to-d1-migration.ts";
+export * from "./content-migration.ts";
+export * from "./to-puck-fields.ts";
+export * from "./to-ts-types.ts";
+export * from "./filter-openapi-for-user.ts";
+//# sourceMappingURL=index.d.ts.map

package/dist/codegen/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/codegen/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,cAAc,oBAAoB,CAAA;AAClC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,sBAAsB,CAAA;AACpC,cAAc,wBAAwB,CAAA;AACtC,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,8BAA8B,CAAA"}

package/dist/codegen/index.js

@@ -0,0 +1,43 @@
+import {
+  assertNoTableNameCollisions,
+  camelToSnakeCase,
+  collectionToOpenApiPaths,
+  contentMigrationModuleSource,
+  defaultLabel,
+  detectPendingContentMigrations,
+  diffBlockSchemas,
+  filterOpenApiForUser,
+  fingerprintBlockSchema,
+  fingerprintToString,
+  normalizeDateSchemas,
+  schemaToD1Migration,
+  schemaToD1Migrations,
+  schemaToDrizzle,
+  schemaToOpenApiSchema,
+  schemaToPuckFields,
+  schemaToTsType,
+  schemaToTsTypes,
+  slugToTableName
+} from "../index-a3pnt8yz.js";
+import"../index-8g8ymd37.js";
+export {
+  slugToTableName,
+  schemaToTsTypes,
+  schemaToTsType,
+  schemaToPuckFields,
+  schemaToOpenApiSchema,
+  schemaToDrizzle,
+  schemaToD1Migrations,
+  schemaToD1Migration,
+  normalizeDateSchemas,
+  fingerprintToString,
+  fingerprintBlockSchema,
+  filterOpenApiForUser,
+  diffBlockSchemas,
+  detectPendingContentMigrations,
+  defaultLabel,
+  contentMigrationModuleSource,
+  collectionToOpenApiPaths,
+  camelToSnakeCase,
+  assertNoTableNameCollisions
+};

package/dist/codegen/openapi-types.d.ts

@@ -0,0 +1,125 @@
+/**
+ * Minimal local OpenAPI 3.1 type subset for emission.
+ *
+ * We deliberately avoid pulling `openapi-types` as a runtime dep (it brings the
+ * full 3.0/3.1 surface plus historical baggage). Per ADR 0018 saacms only emits
+ * a constrained subset; this file covers exactly that subset.
+ *
+ * Shapes follow the OpenAPI Specification 3.1.0
+ * (https://spec.openapis.org/oas/v3.1.0). For the schema-object shape we lean
+ * on Effect's `JSONSchema.make(..., { target: "openApi3.1" })` projection,
+ * which already aligns with JSON Schema 2020-12 (the dialect OpenAPI 3.1 uses).
+ */
+/**
+ * OpenAPI 3.1 Schema Object. Open-shape; we only spell out the fields we
+ * actively emit so authoring stays type-safe but downstream merging stays
+ * permissive. See OAS 3.1 §4.7.24.
+ */
+export interface OpenAPISchemaObject {
+    readonly $ref?: string;
+    readonly type?: "string" | "number" | "integer" | "boolean" | "object" | "array" | "null" | ReadonlyArray<"string" | "number" | "integer" | "boolean" | "object" | "array" | "null">;
+    readonly format?: string;
+    readonly title?: string;
+    readonly description?: string;
+    readonly default?: unknown;
+    readonly example?: unknown;
+    readonly examples?: ReadonlyArray<unknown>;
+    readonly enum?: ReadonlyArray<unknown>;
+    readonly const?: unknown;
+    readonly nullable?: boolean;
+    readonly deprecated?: boolean;
+    readonly readOnly?: boolean;
+    readonly writeOnly?: boolean;
+    readonly minLength?: number;
+    readonly maxLength?: number;
+    readonly pattern?: string;
+    readonly contentMediaType?: string;
+    readonly minimum?: number;
+    readonly maximum?: number;
+    readonly exclusiveMinimum?: number | boolean;
+    readonly exclusiveMaximum?: number | boolean;
+    readonly multipleOf?: number;
+    readonly items?: OpenAPISchemaObject | ReadonlyArray<OpenAPISchemaObject>;
+    readonly minItems?: number;
+    readonly maxItems?: number;
+    readonly uniqueItems?: boolean;
+    readonly prefixItems?: ReadonlyArray<OpenAPISchemaObject>;
+    readonly properties?: Readonly<Record<string, OpenAPISchemaObject>>;
+    readonly required?: ReadonlyArray<string>;
+    readonly additionalProperties?: boolean | OpenAPISchemaObject;
+    readonly patternProperties?: Readonly<Record<string, OpenAPISchemaObject>>;
+    readonly allOf?: ReadonlyArray<OpenAPISchemaObject>;
+    readonly anyOf?: ReadonlyArray<OpenAPISchemaObject>;
+    readonly oneOf?: ReadonlyArray<OpenAPISchemaObject>;
+    readonly not?: OpenAPISchemaObject;
+    readonly [key: string]: unknown;
+}
+export type OpenAPIParameterIn = "query" | "header" | "path" | "cookie";
+export interface OpenAPIParameter {
+    readonly name: string;
+    readonly in: OpenAPIParameterIn;
+    readonly description?: string;
+    readonly required?: boolean;
+    readonly deprecated?: boolean;
+    readonly allowEmptyValue?: boolean;
+    readonly schema?: OpenAPISchemaObject;
+    readonly example?: unknown;
+    readonly examples?: Readonly<Record<string, OpenAPIExample>>;
+    readonly content?: Readonly<Record<string, OpenAPIMediaType>>;
+}
+export interface OpenAPIExample {
+    readonly summary?: string;
+    readonly description?: string;
+    readonly value?: unknown;
+    readonly externalValue?: string;
+}
+export interface OpenAPIHeader {
+    readonly description?: string;
+    readonly required?: boolean;
+    readonly deprecated?: boolean;
+    readonly schema?: OpenAPISchemaObject;
+    readonly example?: unknown;
+}
+export interface OpenAPIMediaType {
+    readonly schema?: OpenAPISchemaObject;
+    readonly example?: unknown;
+    readonly examples?: Readonly<Record<string, OpenAPIExample>>;
+}
+export interface OpenAPIRequestBody {
+    readonly description?: string;
+    readonly required?: boolean;
+    readonly content: Readonly<Record<string, OpenAPIMediaType>>;
+}
+export interface OpenAPIResponse {
+    readonly description: string;
+    readonly headers?: Readonly<Record<string, OpenAPIHeader>>;
+    readonly content?: Readonly<Record<string, OpenAPIMediaType>>;
+}
+export type OpenAPIResponses = Readonly<Record<string, OpenAPIResponse>>;
+export type OpenAPISecurityRequirement = Readonly<Record<string, ReadonlyArray<string>>>;
+export interface OpenAPIOperation {
+    readonly tags?: ReadonlyArray<string>;
+    readonly summary?: string;
+    readonly description?: string;
+    readonly operationId?: string;
+    readonly parameters?: ReadonlyArray<OpenAPIParameter>;
+    readonly requestBody?: OpenAPIRequestBody;
+    readonly responses: OpenAPIResponses;
+    readonly security?: ReadonlyArray<OpenAPISecurityRequirement>;
+    readonly deprecated?: boolean;
+}
+export interface OpenAPIPathItem {
+    readonly summary?: string;
+    readonly description?: string;
+    readonly get?: OpenAPIOperation;
+    readonly put?: OpenAPIOperation;
+    readonly post?: OpenAPIOperation;
+    readonly delete?: OpenAPIOperation;
+    readonly options?: OpenAPIOperation;
+    readonly head?: OpenAPIOperation;
+    readonly patch?: OpenAPIOperation;
+    readonly trace?: OpenAPIOperation;
+    readonly parameters?: ReadonlyArray<OpenAPIParameter>;
+}
+export type OpenAPIPathsObject = Readonly<Record<string, OpenAPIPathItem>>;
+//# sourceMappingURL=openapi-types.d.ts.map

package/dist/codegen/openapi-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi-types.d.ts","sourceRoot":"","sources":["../../src/codegen/openapi-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,IAAI,CAAC,EACV,QAAQ,GACR,QAAQ,GACR,SAAS,GACT,SAAS,GACT,QAAQ,GACR,OAAO,GACP,MAAM,GACN,aAAa,CACX,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,CAC1E,CAAA;IACL,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;IAC1C,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;IACtC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAA;IACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAA;IAE5B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAElC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;IAC5C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;IAC5C,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAE5B,QAAQ,CAAC,KAAK,CAAC,EAAE,mBAAmB,GAAG,aAAa,CAAC,mBAAmB,CAAC,CAAA;IACzE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAA;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC,mBAAmB,CAAC,CAAA;IAEzD,QAAQ,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAA;IACnE,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IACzC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,GAAG,mBAAmB,CAAA;IAC7D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAA;IAE1E,QAAQ,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,mBAAmB,CAAC,CAAA;IACnD,QAAQ,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,mBAAmB,CAAC,CAAA;IACnD,QAAQ,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,mBAAmB,CAAC,CAAA;IACnD,QAAQ,CAAC,GAAG,CAAC,EAAE,mBAAmB,CAAA;IAElC,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAChC;AAMD,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAA;AAEvE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,EAAE,EAAE,kBAAkB,CAAA;IAC/B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAA;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,mBAAmB,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAA;IAC5D,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAA;CAC9D;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAA;IACxB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAChC;AAMD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,MAAM,CAAC,EAAE,mBAAmB,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAC3B;AAMD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,CAAC,EAAE,mBAAmB,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAA;CAC7D;AAMD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAA;CAC7D;AAMD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAA;IAC1D,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAA;CAC9D;AAED,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAA;AAMxE,MAAM,MAAM,0BAA0B,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;AAMxF,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACrD,QAAQ,CAAC,WAAW,CAAC,EAAE,kBAAkB,CAAA;IACzC,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAA;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,0BAA0B,CAAC,CAAA;IAC7D,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;CAC9B;AAMD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,CAAA;IAC/B,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,CAAA;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAA;IAChC,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAA;IAClC,QAAQ,CAAC,OAAO,CAAC,EAAE,gBAAgB,CAAA;IACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAA;IAChC,QAAQ,CAAC,KAAK,CAAC,EAAE,gBAAgB,CAAA;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,gBAAgB,CAAA;IACjC,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAA;CACtD;AAMD,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAA"}

package/dist/codegen/to-d1-migration.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Schema → D1 migration SQL projection per ADR 0005 (Effect Schema is the
+ * single source of truth) and ADR 0024 (v1 alpha targets D1 / SQLite).
+ *
+ * Two functions:
+ *   - `schemaToD1Migration(coll)`   — projects ONE Collection to a
+ *     `CREATE TABLE IF NOT EXISTS ...` statement.
+ *   - `schemaToD1Migrations(colls)` — joins per-collection statements with a
+ *     blank line, in the order given. Caller orders tables so that any FK
+ *     target precedes its referrer (v1 does not topo-sort).
+ *
+ * This is the SQL form of `to-drizzle.ts`'s in-memory Drizzle table. The two
+ * agree on column names (snake_case for the SQL form), types, NOT NULL,
+ * defaults, and FK constraints.
+ *
+ * Annotation namespace recognised (mirrors `to-drizzle.ts`):
+ *   - `saacmsRef: <CollectionSlug>` — foreign key to `<slug>.id`.
+ *   - `saacmsInt: true`             — narrows `Schema.Number` from REAL to INTEGER.
+ *   - `saacmsLength: number`        — max length hint (no SQLite enforcement).
+ *   - `saacmsRefOnDelete: "cascade"|"restrict"|"set null"|"no action"` —
+ *     overrides the default `cascade` ON DELETE action.
+ *
+ * Auto-injected columns (always present, override user-defined collisions):
+ *   - `id`         TEXT PRIMARY KEY NOT NULL
+ *   - `created_at` TEXT NOT NULL DEFAULT (datetime('now'))
+ *   - `updated_at` TEXT NOT NULL DEFAULT (datetime('now'))
+ *
+ * Type mapping (Effect → SQLite):
+ *   - `Schema.String`                     → TEXT
+ *   - `Schema.Number`                     → REAL (INTEGER with `saacmsInt`)
+ *   - `Schema.Boolean`                    → INTEGER (stored 0/1)
+ *   - `Schema.Date` / DateFromString      → TEXT (ISO-8601)
+ *   - `Schema.Literal("a","b",…)`         → TEXT + `CHECK (col IN ('a','b',…))`
+ *   - `Schema.Array(X)` / nested Struct   → TEXT (JSON at the runtime layer —
+ *     `encodeJsonColumns`/`decodeJsonColumns` in `../runtime/json-columns.ts`
+ *     own the (de)serialisation at the runtime storage boundary; the adapter
+ *     stays schema-agnostic per ADR 0020).
+ *
+ * Physical table name: the external Collection slug is the data contract (route
+ * path + cache tag) and MAY contain characters illegal in a SQL identifier
+ * (e.g. the Payload-idiomatic `discount-codes`). `slugToTableName` projects the
+ * slug to a deterministic `IDENT_RE`-valid physical table identifier; only the
+ * DDL table name + FK `REFERENCES` targets use the projected form. The runtime
+ * passes the same projection to every `rows.*` call so DDL and queries agree.
+ */
+import type { CollectionDef } from "../schema/index.ts";
+/**
+ * Project a camelCase domain key to its snake_case physical column name.
+ *
+ * This is the canonical naming convention (ADR 0005 — Schema is the single
+ * source of truth, the DB is a mechanical projection). It is exported so the
+ * Storage anti-corruption layer (`@saacms/storage-d1`, ADR 0020) reuses the
+ * *same* function rather than re-deriving the convention — single source of
+ * truth for the snake↔camel boundary.
+ *
+ * `id` and other single-word keys map to themselves.
+ */
+export declare function camelToSnakeCase(name: string): string;
+/** Project an external Collection slug to a deterministic `IDENT_RE`-valid physical table name. */
+export declare function slugToTableName(slug: string): string;
+/**
+ * Throw precisely when two DISTINCT external slugs in a single config project
+ * to the same physical table name (e.g. `discount-codes` + `discount_codes`).
+ * Without this guard the collision would silently merge two Collections' rows
+ * into one table — a loud config-time error is the correct disposition.
+ */
+export declare function assertNoTableNameCollisions(colls: ReadonlyArray<{
+    readonly slug: CollectionSlugLike;
+}>): void;
+type CollectionSlugLike = CollectionDef["slug"];
+/**
+ * Project a Collection to a `CREATE TABLE IF NOT EXISTS ...` statement.
+ *
+ * The output is the SQL `wrangler d1 migrations create` consumes. Whitespace
+ * is intentionally pretty (one column per line) so generated migration files
+ * are diff-friendly.
+ */
+export declare function schemaToD1Migration(coll: CollectionDef): string;
+/**
+ * Project an ordered list of Collections to a single SQL script with one
+ * blank line between statements.
+ *
+ * The caller is responsible for ordering: tables referenced by FK constraints
+ * should appear before their referrers. v1 does not topo-sort.
+ */
+export declare function schemaToD1Migrations(colls: ReadonlyArray<CollectionDef>): string;
+export {};
+//# sourceMappingURL=to-d1-migration.d.ts.map