@soulbatical/tetra-dev-toolkit 1.20.0 → 1.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/checks/security/config-rls-alignment.js +1 -1
  2. package/lib/checks/security/rpc-security-mode.js +19 -0
  3. package/package.json +1 -1
package/lib/checks/security/config-rls-alignment.js CHANGED
@@ -115,7 +115,7 @@ function parseMigrations(projectRoot) {
115
115
  const relFile = file.replace(projectRoot + '/', '')
116
116
 
117
117
  // Handle DROP POLICY — removes policy from earlier migration
118
- const dropPolicyMatches = content.matchAll(/DROP\s+POLICY\s+(?:IF\s+EXISTS\s+)?"?([^";\s]+)"?\s+ON\s+(?:public\.)?(\w+)/gi)
118
+ const dropPolicyMatches = content.matchAll(/DROP\s+POLICY\s+(?:IF\s+EXISTS\s+)?"([^"]+)"\s+ON\s+(?:public\.)?(\w+)/gi)
119
119
  for (const m of dropPolicyMatches) {
120
120
  const policyName = m[1]
121
121
  const table = m[2]
package/lib/checks/security/rpc-security-mode.js CHANGED
@@ -82,6 +82,9 @@ export async function run(config, projectRoot) {
82
82
  const userWhitelist = (config.supabase?.securityDefinerWhitelist || [])
83
83
  const whitelist = new Set([...BUILTIN_DEFINER_WHITELIST, ...userWhitelist])
84
84
 
85
+ // Sort files by name (timestamp order) so later migrations override earlier ones
86
+ sqlFiles.sort()
87
+
85
88
  // Track latest definition per function (migrations can override)
86
89
  const functions = new Map() // funcName → { securityMode, file, line, isDataQuery }
87
90
 
@@ -91,6 +94,22 @@ export async function run(config, projectRoot) {
91
94
 
92
95
  const relFile = file.replace(projectRoot + '/', '')
93
96
 
97
+ // Handle DROP FUNCTION — removes function from tracking
98
+ const dropFuncMatches = content.matchAll(/DROP\s+FUNCTION\s+(?:IF\s+EXISTS\s+)?(?:public\.)?(\w+)/gi)
99
+ for (const m of dropFuncMatches) {
100
+ functions.delete(m[1])
101
+ }
102
+
103
+ // Handle ALTER FUNCTION ... SECURITY INVOKER/DEFINER — overrides security mode
104
+ const alterFuncMatches = content.matchAll(/ALTER\s+FUNCTION\s+(?:public\.)?(\w+)(?:\s*\([^)]*\))?\s+SECURITY\s+(INVOKER|DEFINER)/gi)
105
+ for (const m of alterFuncMatches) {
106
+ const existing = functions.get(m[1])
107
+ if (existing) {
108
+ existing.securityMode = m[2].toUpperCase()
109
+ existing.file = relFile
110
+ }
111
+ }
112
+
94
113
  // Find all CREATE [OR REPLACE] FUNCTION statements
95
114
  const funcRegex = /CREATE\s+(?:OR\s+REPLACE\s+)?FUNCTION\s+(?:public\.)?(\w+)\s*\(/gi
96
115
  let match
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@soulbatical/tetra-dev-toolkit",
3
- "version": "1.20.0",
3
+ "version": "1.20.2",
4
4
  "publishConfig": {
5
5
  "access": "restricted"
6
6
  },