@spfn/auth 0.2.0-beta.2 → 0.2.0-beta.21

package/migrations/0000_premium_famine.sql

@@ -0,0 +1,292 @@
+CREATE SCHEMA IF NOT EXISTS "spfn_auth";
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."users" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"email" text,
+	"phone" text,
+	"password_hash" text,
+	"password_change_required" boolean DEFAULT false NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"status" text DEFAULT 'active' NOT NULL,
+	"email_verified_at" timestamp with time zone,
+	"phone_verified_at" timestamp with time zone,
+	"last_login_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "users_email_unique" UNIQUE("email"),
+	CONSTRAINT "users_phone_unique" UNIQUE("phone"),
+	CONSTRAINT "email_or_phone_check" CHECK ("spfn_auth"."users"."email" IS NOT NULL OR "spfn_auth"."users"."phone" IS NOT NULL)
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_profiles" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"display_name" text NOT NULL,
+	"first_name" text,
+	"last_name" text,
+	"avatar_url" text,
+	"bio" text,
+	"locale" text DEFAULT 'en',
+	"timezone" text DEFAULT 'UTC',
+	"date_of_birth" text,
+	"gender" text,
+	"website" text,
+	"location" text,
+	"company" text,
+	"job_title" text,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_profiles_user_id_unique" UNIQUE("user_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_public_keys" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"key_id" text NOT NULL,
+	"public_key" text NOT NULL,
+	"algorithm" text DEFAULT 'ES256' NOT NULL,
+	"fingerprint" text NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"last_used_at" timestamp with time zone,
+	"expires_at" timestamp with time zone,
+	"revoked_at" timestamp with time zone,
+	"revoked_reason" text,
+	CONSTRAINT "user_public_keys_key_id_unique" UNIQUE("key_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_social_accounts" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"provider" text NOT NULL,
+	"provider_user_id" text NOT NULL,
+	"provider_email" text,
+	"access_token" text,
+	"refresh_token" text,
+	"token_expires_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."verification_codes" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"target" text NOT NULL,
+	"target_type" text NOT NULL,
+	"code" text NOT NULL,
+	"purpose" text NOT NULL,
+	"expires_at" timestamp with time zone NOT NULL,
+	"used_at" timestamp with time zone,
+	"attempts" integer DEFAULT 0 NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "attempts_limit_check" CHECK ("spfn_auth"."verification_codes"."attempts" >= 0 AND "spfn_auth"."verification_codes"."attempts" <= 10)
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_invitations" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"email" text NOT NULL,
+	"token" text NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"invited_by_id" bigserial NOT NULL,
+	"status" text DEFAULT 'pending' NOT NULL,
+	"expires_at" timestamp with time zone NOT NULL,
+	"accepted_at" timestamp with time zone,
+	"cancelled_at" timestamp with time zone,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_invitations_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."roles" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"display_name" text NOT NULL,
+	"description" text,
+	"is_builtin" boolean DEFAULT false NOT NULL,
+	"is_system" boolean DEFAULT false NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"priority" integer DEFAULT 10 NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "roles_name_unique" UNIQUE("name")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"display_name" text NOT NULL,
+	"description" text,
+	"category" text,
+	"is_builtin" boolean DEFAULT false NOT NULL,
+	"is_system" boolean DEFAULT false NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "permissions_name_unique" UNIQUE("name")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."role_permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"permission_id" bigserial NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "role_permissions_unique" UNIQUE("role_id","permission_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"permission_id" bigserial NOT NULL,
+	"granted" boolean DEFAULT true NOT NULL,
+	"reason" text,
+	"expires_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_permissions_unique" UNIQUE("user_id","permission_id")
+);
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'users_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."users" ADD CONSTRAINT "users_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_profiles_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_profiles" ADD CONSTRAINT "user_profiles_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_public_keys_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_public_keys" ADD CONSTRAINT "user_public_keys_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_social_accounts_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_social_accounts" ADD CONSTRAINT "user_social_accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_invitations_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_invitations_invited_by_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_invited_by_id_users_id_fk" FOREIGN KEY ("invited_by_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'role_permissions_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'role_permissions_permission_id_permissions_id_fk') THEN
+        ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_permissions_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_permissions_permission_id_permissions_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_email_idx" ON "spfn_auth"."users" USING btree ("email");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_phone_idx" ON "spfn_auth"."users" USING btree ("phone");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_status_idx" ON "spfn_auth"."users" USING btree ("status");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_role_id_idx" ON "spfn_auth"."users" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_user_id_idx" ON "spfn_auth"."user_profiles" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_display_name_idx" ON "spfn_auth"."user_profiles" USING btree ("display_name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_locale_idx" ON "spfn_auth"."user_profiles" USING btree ("locale");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_user_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_key_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("key_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_active_idx" ON "spfn_auth"."user_public_keys" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_fingerprint_idx" ON "spfn_auth"."user_public_keys" USING btree ("fingerprint");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_social_accounts_user_id_idx" ON "spfn_auth"."user_social_accounts" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_social_accounts_provider_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider");
+--> statement-breakpoint
+CREATE UNIQUE INDEX IF NOT EXISTS "provider_user_unique_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider","provider_user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "target_purpose_idx" ON "spfn_auth"."verification_codes" USING btree ("target","purpose","expires_at");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_token_idx" ON "spfn_auth"."user_invitations" USING btree ("token");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_email_idx" ON "spfn_auth"."user_invitations" USING btree ("email");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_status_idx" ON "spfn_auth"."user_invitations" USING btree ("status");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_invited_by_idx" ON "spfn_auth"."user_invitations" USING btree ("invited_by_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_expires_at_idx" ON "spfn_auth"."user_invitations" USING btree ("expires_at");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_role_id_idx" ON "spfn_auth"."user_invitations" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_name_idx" ON "spfn_auth"."roles" USING btree ("name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_system_idx" ON "spfn_auth"."roles" USING btree ("is_system");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_active_idx" ON "spfn_auth"."roles" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_builtin_idx" ON "spfn_auth"."roles" USING btree ("is_builtin");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_priority_idx" ON "spfn_auth"."roles" USING btree ("priority");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_name_idx" ON "spfn_auth"."permissions" USING btree ("name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_category_idx" ON "spfn_auth"."permissions" USING btree ("category");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_system_idx" ON "spfn_auth"."permissions" USING btree ("is_system");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_active_idx" ON "spfn_auth"."permissions" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_builtin_idx" ON "spfn_auth"."permissions" USING btree ("is_builtin");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "role_permissions_role_id_idx" ON "spfn_auth"."role_permissions" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "role_permissions_permission_id_idx" ON "spfn_auth"."role_permissions" USING btree ("permission_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_user_id_idx" ON "spfn_auth"."user_permissions" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_permission_id_idx" ON "spfn_auth"."user_permissions" USING btree ("permission_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_expires_at_idx" ON "spfn_auth"."user_permissions" USING btree ("expires_at");

package/migrations/meta/0000_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "71731821-9a5c-4992-8785-5c84089d7b0b",
+  "id": "e610afd0-f072-4f82-92cd-2bb8c156f284",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "version": "7",
   "dialect": "postgresql",

package/migrations/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1765247036863,
-      "tag": "0000_marvelous_justice",
+      "when": 1764036749408,
+      "tag": "0000_premium_famine",
       "breakpoints": true
     }
   ]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spfn/auth",
-  "version": "0.2.0-beta.2",
+  "version": "0.2.0-beta.21",
   "type": "module",
   "description": "Authentication, authorization, and RBAC module for SPFN",
   "main": "./dist/index.js",
@@ -36,6 +36,11 @@
       "import": "./dist/nextjs/api.js",
       "require": "./dist/nextjs/api.js"
     },
+    "./nextjs/client": {
+      "types": "./dist/nextjs/client.d.ts",
+      "import": "./dist/nextjs/client.js",
+      "require": "./dist/nextjs/client.js"
+    },
     "./nextjs/server": {
       "types": "./dist/nextjs/server.d.ts",
       "import": "./dist/nextjs/server.js",
@@ -76,11 +81,12 @@
   },
   "dependencies": {
     "bcryptjs": "^2.4.3",
-    "drizzle-orm": "^0.44.7",
+    "drizzle-orm": "^0.45.0",
     "jose": "^6.1.0",
     "jsonwebtoken": "^9.0.2",
     "postgres": "^3.4.0",
-    "@spfn/core": "0.2.0-beta.1"
+    "@spfn/core": "0.2.0-beta.18",
+    "@spfn/notification": "0.1.0-beta.3"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.6",
@@ -92,34 +98,32 @@
     "drizzle-kit": "^0.31.6",
     "hono": "^4.10.6",
     "madge": "^8.0.0",
-    "next": "16.0.7",
+    "next": "^16.0.0",
     "tsup": "^8.5.0",
     "tsx": "^4.20.6",
     "typescript": "^5.3.3",
     "vitest": "^4.0.6",
-    "spfn": "0.2.0-beta.1"
+    "spfn": "0.2.0-beta.15"
   },
   "peerDependencies": {
-    "@aws-sdk/client-sns": "^3.0.0",
     "next": "^15.0.0 || ^16.0.0"
   },
   "peerDependenciesMeta": {
-    "@aws-sdk/client-sns": {
-      "optional": true
-    },
     "next": {
       "optional": true
     }
   },
   "scripts": {
-    "build": "pnpm check:circular && npm run db:generate && tsup",
+    "build": "pnpm check:circular && tsup && tsup --config tsup.client.config.ts",
     "watch": "tsup --watch",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",
-    "clean": "rm -rf dist migrations",
+    "clean": "rm -rf dist",
     "db:generate": "drizzle-kit generate",
     "codegen": "spfn codegen run",
     "test": "vitest run",
+    "test:unit": "vitest run src/__tests__/unit/",
+    "test:integration": "vitest run src/__tests__/integration/",
     "test:coverage": "vitest run --coverage",
     "test:routes": "vitest src/server/routes",
     "docker:test:up": "docker compose -f docker-compose.test.yml up -d",

package/migrations/0000_marvelous_justice.sql

@@ -1,197 +0,0 @@
-CREATE SCHEMA "spfn_auth";
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."users" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"email" text,
-	"phone" text,
-	"password_hash" text,
-	"password_change_required" boolean DEFAULT false NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"status" text DEFAULT 'active' NOT NULL,
-	"email_verified_at" timestamp with time zone,
-	"phone_verified_at" timestamp with time zone,
-	"last_login_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "users_email_unique" UNIQUE("email"),
-	CONSTRAINT "users_phone_unique" UNIQUE("phone"),
-	CONSTRAINT "email_or_phone_check" CHECK ("spfn_auth"."users"."email" IS NOT NULL OR "spfn_auth"."users"."phone" IS NOT NULL)
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_profiles" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"display_name" text NOT NULL,
-	"first_name" text,
-	"last_name" text,
-	"avatar_url" text,
-	"bio" text,
-	"locale" text DEFAULT 'en',
-	"timezone" text DEFAULT 'UTC',
-	"date_of_birth" text,
-	"gender" text,
-	"website" text,
-	"location" text,
-	"company" text,
-	"job_title" text,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_profiles_user_id_unique" UNIQUE("user_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_public_keys" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"key_id" text NOT NULL,
-	"public_key" text NOT NULL,
-	"algorithm" text DEFAULT 'ES256' NOT NULL,
-	"fingerprint" text NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"last_used_at" timestamp with time zone,
-	"expires_at" timestamp with time zone,
-	"revoked_at" timestamp with time zone,
-	"revoked_reason" text,
-	CONSTRAINT "user_public_keys_key_id_unique" UNIQUE("key_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_social_accounts" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"provider" text NOT NULL,
-	"provider_user_id" text NOT NULL,
-	"provider_email" text,
-	"access_token" text,
-	"refresh_token" text,
-	"token_expires_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."verification_codes" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"target" text NOT NULL,
-	"target_type" text NOT NULL,
-	"code" text NOT NULL,
-	"purpose" text NOT NULL,
-	"expires_at" timestamp with time zone NOT NULL,
-	"used_at" timestamp with time zone,
-	"attempts" integer DEFAULT 0 NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "attempts_limit_check" CHECK ("spfn_auth"."verification_codes"."attempts" >= 0 AND "spfn_auth"."verification_codes"."attempts" <= 10)
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_invitations" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"email" text NOT NULL,
-	"token" text NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"invited_by_id" bigserial NOT NULL,
-	"status" text DEFAULT 'pending' NOT NULL,
-	"expires_at" timestamp with time zone NOT NULL,
-	"accepted_at" timestamp with time zone,
-	"cancelled_at" timestamp with time zone,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_invitations_token_unique" UNIQUE("token")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."roles" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"name" text NOT NULL,
-	"display_name" text NOT NULL,
-	"description" text,
-	"is_builtin" boolean DEFAULT false NOT NULL,
-	"is_system" boolean DEFAULT false NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"priority" integer DEFAULT 10 NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "roles_name_unique" UNIQUE("name")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"name" text NOT NULL,
-	"display_name" text NOT NULL,
-	"description" text,
-	"category" text,
-	"is_builtin" boolean DEFAULT false NOT NULL,
-	"is_system" boolean DEFAULT false NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "permissions_name_unique" UNIQUE("name")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."role_permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"permission_id" bigserial NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "role_permissions_unique" UNIQUE("role_id","permission_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"permission_id" bigserial NOT NULL,
-	"granted" boolean DEFAULT true NOT NULL,
-	"reason" text,
-	"expires_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_permissions_unique" UNIQUE("user_id","permission_id")
-);
---> statement-breakpoint
-ALTER TABLE "spfn_auth"."users" ADD CONSTRAINT "users_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_profiles" ADD CONSTRAINT "user_profiles_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_public_keys" ADD CONSTRAINT "user_public_keys_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_social_accounts" ADD CONSTRAINT "user_social_accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_invited_by_id_users_id_fk" FOREIGN KEY ("invited_by_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-CREATE INDEX "users_email_idx" ON "spfn_auth"."users" USING btree ("email");--> statement-breakpoint
-CREATE INDEX "users_phone_idx" ON "spfn_auth"."users" USING btree ("phone");--> statement-breakpoint
-CREATE INDEX "users_status_idx" ON "spfn_auth"."users" USING btree ("status");--> statement-breakpoint
-CREATE INDEX "users_role_id_idx" ON "spfn_auth"."users" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "user_profiles_user_id_idx" ON "spfn_auth"."user_profiles" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_profiles_display_name_idx" ON "spfn_auth"."user_profiles" USING btree ("display_name");--> statement-breakpoint
-CREATE INDEX "user_profiles_locale_idx" ON "spfn_auth"."user_profiles" USING btree ("locale");--> statement-breakpoint
-CREATE INDEX "user_public_keys_user_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_public_keys_key_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("key_id");--> statement-breakpoint
-CREATE INDEX "user_public_keys_active_idx" ON "spfn_auth"."user_public_keys" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "user_public_keys_fingerprint_idx" ON "spfn_auth"."user_public_keys" USING btree ("fingerprint");--> statement-breakpoint
-CREATE INDEX "user_social_accounts_user_id_idx" ON "spfn_auth"."user_social_accounts" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_social_accounts_provider_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider");--> statement-breakpoint
-CREATE UNIQUE INDEX "provider_user_unique_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider","provider_user_id");--> statement-breakpoint
-CREATE INDEX "target_purpose_idx" ON "spfn_auth"."verification_codes" USING btree ("target","purpose","expires_at");--> statement-breakpoint
-CREATE INDEX "invitations_token_idx" ON "spfn_auth"."user_invitations" USING btree ("token");--> statement-breakpoint
-CREATE INDEX "invitations_email_idx" ON "spfn_auth"."user_invitations" USING btree ("email");--> statement-breakpoint
-CREATE INDEX "invitations_status_idx" ON "spfn_auth"."user_invitations" USING btree ("status");--> statement-breakpoint
-CREATE INDEX "invitations_invited_by_idx" ON "spfn_auth"."user_invitations" USING btree ("invited_by_id");--> statement-breakpoint
-CREATE INDEX "invitations_expires_at_idx" ON "spfn_auth"."user_invitations" USING btree ("expires_at");--> statement-breakpoint
-CREATE INDEX "invitations_role_id_idx" ON "spfn_auth"."user_invitations" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "roles_name_idx" ON "spfn_auth"."roles" USING btree ("name");--> statement-breakpoint
-CREATE INDEX "roles_is_system_idx" ON "spfn_auth"."roles" USING btree ("is_system");--> statement-breakpoint
-CREATE INDEX "roles_is_active_idx" ON "spfn_auth"."roles" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "roles_is_builtin_idx" ON "spfn_auth"."roles" USING btree ("is_builtin");--> statement-breakpoint
-CREATE INDEX "roles_priority_idx" ON "spfn_auth"."roles" USING btree ("priority");--> statement-breakpoint
-CREATE INDEX "permissions_name_idx" ON "spfn_auth"."permissions" USING btree ("name");--> statement-breakpoint
-CREATE INDEX "permissions_category_idx" ON "spfn_auth"."permissions" USING btree ("category");--> statement-breakpoint
-CREATE INDEX "permissions_is_system_idx" ON "spfn_auth"."permissions" USING btree ("is_system");--> statement-breakpoint
-CREATE INDEX "permissions_is_active_idx" ON "spfn_auth"."permissions" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "permissions_is_builtin_idx" ON "spfn_auth"."permissions" USING btree ("is_builtin");--> statement-breakpoint
-CREATE INDEX "role_permissions_role_id_idx" ON "spfn_auth"."role_permissions" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "role_permissions_permission_id_idx" ON "spfn_auth"."role_permissions" USING btree ("permission_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_user_id_idx" ON "spfn_auth"."user_permissions" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_permission_id_idx" ON "spfn_auth"."user_permissions" USING btree ("permission_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_expires_at_idx" ON "spfn_auth"."user_permissions" USING btree ("expires_at");