@secondlayer/shared 0.2.0

package/README.md

@@ -0,0 +1,19 @@
+# @secondlayer/shared
+
+Foundational utilities for Second Layer services: DB layer (Kysely+Postgres), job queue, Zod schemas, HMAC signing, Stacks node clients.
+
+## Testing
+
+```bash
+# Run tests (DB tests skip without DATABASE_URL)
+bun test
+
+# Run with database
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/streams_test bun test
+```
+
+## Migrations
+
+```bash
+DATABASE_URL=... bun run migrate
+```

package/dist/src/crypto/hmac.d.ts

@@ -0,0 +1,26 @@
+/**
+* Generate a random secret for webhook signing
+* Returns 32 bytes as a 64-character hex string
+*/
+declare function generateSecret(): string;
+/**
+* Sign a payload with HMAC-SHA256
+* Returns the signature as a hex string
+*/
+declare function signPayload(payload: string, secret: string): string;
+/**
+* Verify an HMAC signature
+* Uses constant-time comparison to prevent timing attacks
+*/
+declare function verifySignature(payload: string, signature: string, secret: string): boolean;
+/**
+* Create a Stripe-style signature header
+* Format: t=timestamp,v1=signature
+*/
+declare function createSignatureHeader(payload: string, secret: string, timestamp?: number): string;
+/**
+* Parse and verify a Stripe-style signature header
+* Returns true if valid, false otherwise
+*/
+declare function verifySignatureHeader(payload: string, header: string, secret: string, toleranceSeconds?: number): boolean;
+export { verifySignatureHeader, verifySignature, signPayload, generateSecret, createSignatureHeader };

package/dist/src/crypto/hmac.js

@@ -0,0 +1,75 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// src/crypto/hmac.ts
+var exports_hmac = {};
+__export(exports_hmac, {
+  verifySignatureHeader: () => verifySignatureHeader,
+  verifySignature: () => verifySignature,
+  signPayload: () => signPayload,
+  generateSecret: () => generateSecret,
+  createSignatureHeader: () => createSignatureHeader
+});
+import { createHmac, randomBytes } from "crypto";
+function generateSecret() {
+  return randomBytes(32).toString("hex");
+}
+function signPayload(payload, secret) {
+  const hmac = createHmac("sha256", secret);
+  hmac.update(payload);
+  return hmac.digest("hex");
+}
+function verifySignature(payload, signature, secret) {
+  const expectedSignature = signPayload(payload, secret);
+  if (signature.length !== expectedSignature.length) {
+    return false;
+  }
+  let result = 0;
+  for (let i = 0;i < signature.length; i++) {
+    result |= signature.charCodeAt(i) ^ expectedSignature.charCodeAt(i);
+  }
+  return result === 0;
+}
+function createSignatureHeader(payload, secret, timestamp) {
+  const ts = timestamp ?? Math.floor(Date.now() / 1000);
+  const signedPayload = `${ts}.${payload}`;
+  const signature = signPayload(signedPayload, secret);
+  return `t=${ts},v1=${signature}`;
+}
+function verifySignatureHeader(payload, header, secret, toleranceSeconds = 300) {
+  const parts = header.split(",");
+  const timestamp = parts.find((p) => p.startsWith("t="))?.slice(2);
+  const signature = parts.find((p) => p.startsWith("v1="))?.slice(3);
+  if (!timestamp || !signature) {
+    return false;
+  }
+  const ts = parseInt(timestamp, 10);
+  if (isNaN(ts)) {
+    return false;
+  }
+  const now = Math.floor(Date.now() / 1000);
+  if (Math.abs(now - ts) > toleranceSeconds) {
+    return false;
+  }
+  const signedPayload = `${ts}.${payload}`;
+  return verifySignature(signedPayload, signature, secret);
+}
+export {
+  verifySignatureHeader,
+  verifySignature,
+  signPayload,
+  generateSecret,
+  createSignatureHeader
+};
+
+//# debugId=C5FB6F078225904664756E2164756E21
+//# sourceMappingURL=hmac.js.map

package/dist/src/crypto/hmac.js.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/crypto/hmac.ts"],
+  "sourcesContent": [
+    "import { createHmac, randomBytes } from \"crypto\";\n\n/**\n * Generate a random secret for webhook signing\n * Returns 32 bytes as a 64-character hex string\n */\nexport function generateSecret(): string {\n  return randomBytes(32).toString(\"hex\");\n}\n\n/**\n * Sign a payload with HMAC-SHA256\n * Returns the signature as a hex string\n */\nexport function signPayload(payload: string, secret: string): string {\n  const hmac = createHmac(\"sha256\", secret);\n  hmac.update(payload);\n  return hmac.digest(\"hex\");\n}\n\n/**\n * Verify an HMAC signature\n * Uses constant-time comparison to prevent timing attacks\n */\nexport function verifySignature(\n  payload: string,\n  signature: string,\n  secret: string\n): boolean {\n  const expectedSignature = signPayload(payload, secret);\n\n  // Constant-time comparison\n  if (signature.length !== expectedSignature.length) {\n    return false;\n  }\n\n  let result = 0;\n  for (let i = 0; i < signature.length; i++) {\n    result |= signature.charCodeAt(i) ^ expectedSignature.charCodeAt(i);\n  }\n\n  return result === 0;\n}\n\n/**\n * Create a Stripe-style signature header\n * Format: t=timestamp,v1=signature\n */\nexport function createSignatureHeader(\n  payload: string,\n  secret: string,\n  timestamp?: number\n): string {\n  const ts = timestamp ?? Math.floor(Date.now() / 1000);\n  const signedPayload = `${ts}.${payload}`;\n  const signature = signPayload(signedPayload, secret);\n\n  return `t=${ts},v1=${signature}`;\n}\n\n/**\n * Parse and verify a Stripe-style signature header\n * Returns true if valid, false otherwise\n */\nexport function verifySignatureHeader(\n  payload: string,\n  header: string,\n  secret: string,\n  toleranceSeconds = 300 // 5 minutes\n): boolean {\n  // Parse header\n  const parts = header.split(\",\");\n  const timestamp = parts\n    .find((p) => p.startsWith(\"t=\"))\n    ?.slice(2);\n  const signature = parts\n    .find((p) => p.startsWith(\"v1=\"))\n    ?.slice(3);\n\n  if (!timestamp || !signature) {\n    return false;\n  }\n\n  const ts = parseInt(timestamp, 10);\n  if (isNaN(ts)) {\n    return false;\n  }\n\n  // Check timestamp is within tolerance\n  const now = Math.floor(Date.now() / 1000);\n  if (Math.abs(now - ts) > toleranceSeconds) {\n    return false;\n  }\n\n  // Verify signature\n  const signedPayload = `${ts}.${payload}`;\n  return verifySignature(signedPayload, signature, secret);\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;AAAA;AAMO,SAAS,cAAc,GAAW;AAAA,EACvC,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AAAA;AAOhC,SAAS,WAAW,CAAC,SAAiB,QAAwB;AAAA,EACnE,MAAM,OAAO,WAAW,UAAU,MAAM;AAAA,EACxC,KAAK,OAAO,OAAO;AAAA,EACnB,OAAO,KAAK,OAAO,KAAK;AAAA;AAOnB,SAAS,eAAe,CAC7B,SACA,WACA,QACS;AAAA,EACT,MAAM,oBAAoB,YAAY,SAAS,MAAM;AAAA,EAGrD,IAAI,UAAU,WAAW,kBAAkB,QAAQ;AAAA,IACjD,OAAO;AAAA,EACT;AAAA,EAEA,IAAI,SAAS;AAAA,EACb,SAAS,IAAI,EAAG,IAAI,UAAU,QAAQ,KAAK;AAAA,IACzC,UAAU,UAAU,WAAW,CAAC,IAAI,kBAAkB,WAAW,CAAC;AAAA,EACpE;AAAA,EAEA,OAAO,WAAW;AAAA;AAOb,SAAS,qBAAqB,CACnC,SACA,QACA,WACQ;AAAA,EACR,MAAM,KAAK,aAAa,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EACpD,MAAM,gBAAgB,GAAG,MAAM;AAAA,EAC/B,MAAM,YAAY,YAAY,eAAe,MAAM;AAAA,EAEnD,OAAO,KAAK,SAAS;AAAA;AAOhB,SAAS,qBAAqB,CACnC,SACA,QACA,QACA,mBAAmB,KACV;AAAA,EAET,MAAM,QAAQ,OAAO,MAAM,GAAG;AAAA,EAC9B,MAAM,YAAY,MACf,KAAK,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,GAC7B,MAAM,CAAC;AAAA,EACX,MAAM,YAAY,MACf,KAAK,CAAC,MAAM,EAAE,WAAW,KAAK,CAAC,GAC9B,MAAM,CAAC;AAAA,EAEX,IAAI,CAAC,aAAa,CAAC,WAAW;AAAA,IAC5B,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,KAAK,SAAS,WAAW,EAAE;AAAA,EACjC,IAAI,MAAM,EAAE,GAAG;AAAA,IACb,OAAO;AAAA,EACT;AAAA,EAGA,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EACxC,IAAI,KAAK,IAAI,MAAM,EAAE,IAAI,kBAAkB;AAAA,IACzC,OAAO;AAAA,EACT;AAAA,EAGA,MAAM,gBAAgB,GAAG,MAAM;AAAA,EAC/B,OAAO,gBAAgB,eAAe,WAAW,MAAM;AAAA;",
+  "debugId": "C5FB6F078225904664756E2164756E21",
+  "names": []
+}

package/dist/src/db/index.d.ts

@@ -0,0 +1,227 @@
+/**
+* Safely encode a JS value as a JSONB literal for Kysely inserts/updates.
+* Kysely + postgres.js double-encodes JSON when using parameterized queries
+* with ::jsonb casts. This uses sql.raw to inline a properly escaped literal.
+*/
+declare function jsonb(value: unknown);
+/**
+* Safely parse a JSONB value from the database.
+* Handles double-encoded strings where postgres.js returns a JSON string
+* instead of a parsed object.
+*/
+declare function parseJsonb<T = unknown>(value: unknown): T;
+import { Kysely } from "kysely";
+import postgres from "postgres";
+import { Generated, Insertable, Selectable, Updateable } from "kysely";
+interface BlocksTable {
+	height: number;
+	hash: string;
+	parent_hash: string;
+	burn_block_height: number;
+	timestamp: number;
+	canonical: Generated<boolean>;
+	created_at: Generated<Date>;
+}
+interface TransactionsTable {
+	tx_id: string;
+	block_height: number;
+	type: string;
+	sender: string;
+	status: string;
+	contract_id: string | null;
+	function_name: string | null;
+	raw_tx: string;
+	created_at: Generated<Date>;
+}
+interface EventsTable {
+	id: Generated<string>;
+	tx_id: string;
+	block_height: number;
+	event_index: number;
+	type: string;
+	data: unknown;
+	created_at: Generated<Date>;
+}
+interface StreamsTable {
+	id: Generated<string>;
+	name: string;
+	status: Generated<string>;
+	filters: unknown;
+	options: Generated<unknown>;
+	webhook_url: string;
+	webhook_secret: string | null;
+	api_key_id: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface StreamMetricsTable {
+	stream_id: string;
+	last_triggered_at: Date | null;
+	last_triggered_block: number | null;
+	total_deliveries: Generated<number>;
+	failed_deliveries: Generated<number>;
+	error_message: string | null;
+}
+interface JobsTable {
+	id: Generated<string>;
+	stream_id: string;
+	block_height: number;
+	status: Generated<string>;
+	attempts: Generated<number>;
+	locked_at: Date | null;
+	locked_by: string | null;
+	error: string | null;
+	backfill: Generated<boolean>;
+	created_at: Generated<Date>;
+	completed_at: Date | null;
+}
+interface IndexProgressTable {
+	network: string;
+	last_indexed_block: Generated<number>;
+	last_contiguous_block: Generated<number>;
+	highest_seen_block: Generated<number>;
+	updated_at: Generated<Date>;
+}
+interface DeliveriesTable {
+	id: Generated<string>;
+	stream_id: string;
+	job_id: string | null;
+	block_height: number;
+	status: string;
+	status_code: number | null;
+	response_time_ms: number | null;
+	attempts: Generated<number>;
+	error: string | null;
+	payload: unknown;
+	created_at: Generated<Date>;
+}
+interface ViewsTable {
+	id: Generated<string>;
+	name: string;
+	version: Generated<string>;
+	status: Generated<string>;
+	definition: unknown;
+	schema_hash: string;
+	handler_path: string;
+	schema_name: string | null;
+	last_processed_block: Generated<number>;
+	last_error: string | null;
+	last_error_at: Date | null;
+	total_processed: Generated<number>;
+	total_errors: Generated<number>;
+	api_key_id: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface ApiKeysTable {
+	id: Generated<string>;
+	key_hash: string;
+	key_prefix: string;
+	name: string | null;
+	status: Generated<string>;
+	rate_limit: Generated<number>;
+	ip_address: string;
+	account_id: string;
+	last_used_at: Date | null;
+	revoked_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface AccountsTable {
+	id: Generated<string>;
+	email: string;
+	plan: Generated<string>;
+	created_at: Generated<Date>;
+}
+interface SessionsTable {
+	id: Generated<string>;
+	token_hash: string;
+	token_prefix: string;
+	account_id: string;
+	ip_address: string;
+	expires_at: Generated<Date>;
+	revoked_at: Date | null;
+	last_used_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface MagicLinksTable {
+	id: Generated<string>;
+	email: string;
+	token: string;
+	expires_at: Date;
+	used_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface UsageDailyTable {
+	account_id: string;
+	date: string;
+	api_requests: Generated<number>;
+	deliveries: Generated<number>;
+}
+interface UsageSnapshotsTable {
+	id: Generated<string>;
+	account_id: string;
+	measured_at: Generated<Date>;
+	storage_bytes: Generated<number>;
+}
+interface Database {
+	blocks: BlocksTable;
+	transactions: TransactionsTable;
+	events: EventsTable;
+	streams: StreamsTable;
+	stream_metrics: StreamMetricsTable;
+	jobs: JobsTable;
+	index_progress: IndexProgressTable;
+	deliveries: DeliveriesTable;
+	views: ViewsTable;
+	api_keys: ApiKeysTable;
+	accounts: AccountsTable;
+	sessions: SessionsTable;
+	magic_links: MagicLinksTable;
+	usage_daily: UsageDailyTable;
+	usage_snapshots: UsageSnapshotsTable;
+}
+type Block = Selectable<BlocksTable>;
+type InsertBlock = Insertable<BlocksTable>;
+type UpdateBlock = Updateable<BlocksTable>;
+type Transaction = Selectable<TransactionsTable>;
+type InsertTransaction = Insertable<TransactionsTable>;
+type UpdateTransaction = Updateable<TransactionsTable>;
+type Event = Selectable<EventsTable>;
+type InsertEvent = Insertable<EventsTable>;
+type UpdateEvent = Updateable<EventsTable>;
+type Stream = Selectable<StreamsTable>;
+type InsertStream = Insertable<StreamsTable>;
+type UpdateStreamRow = Updateable<StreamsTable>;
+type StreamMetrics = Selectable<StreamMetricsTable>;
+type InsertStreamMetrics = Insertable<StreamMetricsTable>;
+type UpdateStreamMetrics = Updateable<StreamMetricsTable>;
+type Job = Selectable<JobsTable>;
+type InsertJob = Insertable<JobsTable>;
+type UpdateJob = Updateable<JobsTable>;
+type IndexProgress = Selectable<IndexProgressTable>;
+type InsertIndexProgress = Insertable<IndexProgressTable>;
+type UpdateIndexProgress = Updateable<IndexProgressTable>;
+type Delivery = Selectable<DeliveriesTable>;
+type InsertDelivery = Insertable<DeliveriesTable>;
+type UpdateDelivery = Updateable<DeliveriesTable>;
+type View = Selectable<ViewsTable>;
+type InsertView = Insertable<ViewsTable>;
+type UpdateView = Updateable<ViewsTable>;
+type ApiKey = Selectable<ApiKeysTable>;
+type InsertApiKey = Insertable<ApiKeysTable>;
+type UpdateApiKey = Updateable<ApiKeysTable>;
+type Account = Selectable<AccountsTable>;
+type InsertAccount = Insertable<AccountsTable>;
+type MagicLink = Selectable<MagicLinksTable>;
+type InsertMagicLink = Insertable<MagicLinksTable>;
+type Session = Selectable<SessionsTable>;
+type InsertSession = Insertable<SessionsTable>;
+type UsageDaily = Selectable<UsageDailyTable>;
+type UsageSnapshot = Selectable<UsageSnapshotsTable>;
+import { sql } from "kysely";
+declare function getDb(connectionString?: string): Kysely<Database>;
+/** Raw postgres.js client for dynamic schema DDL (CREATE SCHEMA, DROP, etc.) */
+declare function getRawClient(): ReturnType<typeof postgres>;
+/** Close the DB connection pool. Call in CLI commands to allow process exit. */
+declare function closeDb(): Promise<void>;
+export { sql, parseJsonb, jsonb, getRawClient, getDb, closeDb, ViewsTable, View, UsageSnapshotsTable, UsageSnapshot, UsageDailyTable, UsageDaily, UpdateView, UpdateTransaction, UpdateStreamRow, UpdateStreamMetrics, UpdateJob, UpdateIndexProgress, UpdateEvent, UpdateDelivery, UpdateBlock, UpdateApiKey, TransactionsTable, Transaction, StreamsTable, StreamMetricsTable, StreamMetrics, Stream, SessionsTable, Session, MagicLinksTable, MagicLink, JobsTable, Job, InsertView, InsertTransaction, InsertStreamMetrics, InsertStream, InsertSession, InsertMagicLink, InsertJob, InsertIndexProgress, InsertEvent, InsertDelivery, InsertBlock, InsertApiKey, InsertAccount, IndexProgressTable, IndexProgress, EventsTable, Event, Delivery, DeliveriesTable, Database, BlocksTable, Block, ApiKeysTable, ApiKey, AccountsTable, Account };

package/dist/src/db/index.js

@@ -0,0 +1,75 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// src/db/jsonb.ts
+import { sql } from "kysely";
+function jsonb(value) {
+  const escaped = JSON.stringify(value).replace(/'/g, "''");
+  return sql`${sql.raw(`'${escaped}'::jsonb`)}`;
+}
+function parseJsonb(value) {
+  if (typeof value === "string") {
+    try {
+      return JSON.parse(value);
+    } catch {
+      return value;
+    }
+  }
+  return value ?? {};
+}
+
+// src/db/index.ts
+import { Kysely } from "kysely";
+import { PostgresJSDialect } from "kysely-postgres-js";
+import postgres from "postgres";
+import { sql as sql2 } from "kysely";
+var db = null;
+var rawClient = null;
+function getDb(connectionString) {
+  if (!db) {
+    const url = connectionString || process.env.DATABASE_URL || "postgres://postgres:postgres@localhost:5432/streams_dev";
+    const isLocal = url.includes("localhost") || url.includes("127.0.0.1") || url.includes("@postgres:");
+    rawClient = postgres(url, {
+      ssl: isLocal ? undefined : { rejectUnauthorized: process.env.NODE_TLS_REJECT_UNAUTHORIZED !== "0" }
+    });
+    db = new Kysely({
+      dialect: new PostgresJSDialect({ postgres: rawClient })
+    });
+  }
+  return db;
+}
+function getRawClient() {
+  if (!rawClient)
+    getDb();
+  return rawClient;
+}
+async function closeDb() {
+  if (db) {
+    await db.destroy();
+    db = null;
+  }
+  if (rawClient) {
+    await rawClient.end();
+    rawClient = null;
+  }
+}
+export {
+  sql2 as sql,
+  parseJsonb,
+  jsonb,
+  getRawClient,
+  getDb,
+  closeDb
+};
+
+//# debugId=F675FEF083D960AD64756E2164756E21
+//# sourceMappingURL=index.js.map

package/dist/src/db/index.js.map

@@ -0,0 +1,11 @@
+{
+  "version": 3,
+  "sources": ["../src/db/jsonb.ts", "../src/db/index.ts"],
+  "sourcesContent": [
+    "import { sql } from \"kysely\";\n\n/**\n * Safely encode a JS value as a JSONB literal for Kysely inserts/updates.\n * Kysely + postgres.js double-encodes JSON when using parameterized queries\n * with ::jsonb casts. This uses sql.raw to inline a properly escaped literal.\n */\nexport function jsonb(value: unknown) {\n  const escaped = JSON.stringify(value).replace(/'/g, \"''\");\n  return sql`${sql.raw(`'${escaped}'::jsonb`)}`;\n}\n\n/**\n * Safely parse a JSONB value from the database.\n * Handles double-encoded strings where postgres.js returns a JSON string\n * instead of a parsed object.\n */\nexport function parseJsonb<T = unknown>(value: unknown): T {\n  if (typeof value === \"string\") {\n    try {\n      return JSON.parse(value) as T;\n    } catch {\n      return value as T;\n    }\n  }\n  return (value ?? {}) as T;\n}\n",
+    "import { Kysely } from \"kysely\";\nimport { PostgresJSDialect } from \"kysely-postgres-js\";\nimport postgres from \"postgres\";\nimport type { Database } from \"./types.ts\";\n\nlet db: Kysely<Database> | null = null;\nlet rawClient: ReturnType<typeof postgres> | null = null;\n\nexport function getDb(connectionString?: string): Kysely<Database> {\n  if (!db) {\n    const url = connectionString || process.env.DATABASE_URL || \"postgres://postgres:postgres@localhost:5432/streams_dev\";\n\n    // Always use SSL for remote databases, just disable cert verification if needed\n    const isLocal = url.includes(\"localhost\") || url.includes(\"127.0.0.1\") || url.includes(\"@postgres:\");\n    rawClient = postgres(url, {\n      ssl: isLocal ? undefined : { rejectUnauthorized: process.env.NODE_TLS_REJECT_UNAUTHORIZED !== \"0\" },\n    });\n    db = new Kysely<Database>({\n      dialect: new PostgresJSDialect({ postgres: rawClient }),\n    });\n  }\n  return db;\n}\n\n/** Raw postgres.js client for dynamic schema DDL (CREATE SCHEMA, DROP, etc.) */\nexport function getRawClient(): ReturnType<typeof postgres> {\n  if (!rawClient) getDb();\n  return rawClient!;\n}\n\n/** Close the DB connection pool. Call in CLI commands to allow process exit. */\nexport async function closeDb(): Promise<void> {\n  if (db) {\n    await db.destroy();\n    db = null;\n  }\n  if (rawClient) {\n    await rawClient.end();\n    rawClient = null;\n  }\n}\n\nimport { sql } from \"kysely\";\nexport { sql };\nexport * from \"./types.ts\";\nexport { jsonb, parseJsonb } from \"./jsonb.ts\";\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;AAAA;AAOO,SAAS,KAAK,CAAC,OAAgB;AAAA,EACpC,MAAM,UAAU,KAAK,UAAU,KAAK,EAAE,QAAQ,MAAM,IAAI;AAAA,EACxD,OAAO,MAAM,IAAI,IAAI,IAAI,iBAAiB;AAAA;AAQrC,SAAS,UAAuB,CAAC,OAAmB;AAAA,EACzD,IAAI,OAAO,UAAU,UAAU;AAAA,IAC7B,IAAI;AAAA,MACF,OAAO,KAAK,MAAM,KAAK;AAAA,MACvB,MAAM;AAAA,MACN,OAAO;AAAA;AAAA,EAEX;AAAA,EACA,OAAQ,SAAS,CAAC;AAAA;;;ACzBpB;AACA;AACA;AAwCA,gBAAS;AArCT,IAAI,KAA8B;AAClC,IAAI,YAAgD;AAE7C,SAAS,KAAK,CAAC,kBAA6C;AAAA,EACjE,IAAI,CAAC,IAAI;AAAA,IACP,MAAM,MAAM,oBAAoB,QAAQ,IAAI,gBAAgB;AAAA,IAG5D,MAAM,UAAU,IAAI,SAAS,WAAW,KAAK,IAAI,SAAS,WAAW,KAAK,IAAI,SAAS,YAAY;AAAA,IACnG,YAAY,SAAS,KAAK;AAAA,MACxB,KAAK,UAAU,YAAY,EAAE,oBAAoB,QAAQ,IAAI,iCAAiC,IAAI;AAAA,IACpG,CAAC;AAAA,IACD,KAAK,IAAI,OAAiB;AAAA,MACxB,SAAS,IAAI,kBAAkB,EAAE,UAAU,UAAU,CAAC;AAAA,IACxD,CAAC;AAAA,EACH;AAAA,EACA,OAAO;AAAA;AAIF,SAAS,YAAY,GAAgC;AAAA,EAC1D,IAAI,CAAC;AAAA,IAAW,MAAM;AAAA,EACtB,OAAO;AAAA;AAIT,eAAsB,OAAO,GAAkB;AAAA,EAC7C,IAAI,IAAI;AAAA,IACN,MAAM,GAAG,QAAQ;AAAA,IACjB,KAAK;AAAA,EACP;AAAA,EACA,IAAI,WAAW;AAAA,IACb,MAAM,UAAU,IAAI;AAAA,IACpB,YAAY;AAAA,EACd;AAAA;",
+  "debugId": "F675FEF083D960AD64756E2164756E21",
+  "names": []
+}

package/dist/src/db/jsonb.d.ts

@@ -0,0 +1,13 @@
+/**
+* Safely encode a JS value as a JSONB literal for Kysely inserts/updates.
+* Kysely + postgres.js double-encodes JSON when using parameterized queries
+* with ::jsonb casts. This uses sql.raw to inline a properly escaped literal.
+*/
+declare function jsonb(value: unknown);
+/**
+* Safely parse a JSONB value from the database.
+* Handles double-encoded strings where postgres.js returns a JSON string
+* instead of a parsed object.
+*/
+declare function parseJsonb<T = unknown>(value: unknown): T;
+export { parseJsonb, jsonb };

package/dist/src/db/jsonb.js

@@ -0,0 +1,35 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// src/db/jsonb.ts
+import { sql } from "kysely";
+function jsonb(value) {
+  const escaped = JSON.stringify(value).replace(/'/g, "''");
+  return sql`${sql.raw(`'${escaped}'::jsonb`)}`;
+}
+function parseJsonb(value) {
+  if (typeof value === "string") {
+    try {
+      return JSON.parse(value);
+    } catch {
+      return value;
+    }
+  }
+  return value ?? {};
+}
+export {
+  parseJsonb,
+  jsonb
+};
+
+//# debugId=FD7B2A33BAF805D564756E2164756E21
+//# sourceMappingURL=jsonb.js.map

package/dist/src/db/jsonb.js.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/db/jsonb.ts"],
+  "sourcesContent": [
+    "import { sql } from \"kysely\";\n\n/**\n * Safely encode a JS value as a JSONB literal for Kysely inserts/updates.\n * Kysely + postgres.js double-encodes JSON when using parameterized queries\n * with ::jsonb casts. This uses sql.raw to inline a properly escaped literal.\n */\nexport function jsonb(value: unknown) {\n  const escaped = JSON.stringify(value).replace(/'/g, \"''\");\n  return sql`${sql.raw(`'${escaped}'::jsonb`)}`;\n}\n\n/**\n * Safely parse a JSONB value from the database.\n * Handles double-encoded strings where postgres.js returns a JSON string\n * instead of a parsed object.\n */\nexport function parseJsonb<T = unknown>(value: unknown): T {\n  if (typeof value === \"string\") {\n    try {\n      return JSON.parse(value) as T;\n    } catch {\n      return value as T;\n    }\n  }\n  return (value ?? {}) as T;\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;AAAA;AAOO,SAAS,KAAK,CAAC,OAAgB;AAAA,EACpC,MAAM,UAAU,KAAK,UAAU,KAAK,EAAE,QAAQ,MAAM,IAAI;AAAA,EACxD,OAAO,MAAM,IAAI,IAAI,IAAI,iBAAiB;AAAA;AAQrC,SAAS,UAAuB,CAAC,OAAmB;AAAA,EACzD,IAAI,OAAO,UAAU,UAAU;AAAA,IAC7B,IAAI;AAAA,MACF,OAAO,KAAK,MAAM,KAAK;AAAA,MACvB,MAAM;AAAA,MACN,OAAO;AAAA;AAAA,EAEX;AAAA,EACA,OAAQ,SAAS,CAAC;AAAA;",
+  "debugId": "FD7B2A33BAF805D564756E2164756E21",
+  "names": []
+}