@sqlite-sync/ai 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +14 -4
  2. package/dist/index.d.ts +67 -8
  3. package/dist/index.js +181 -1
  4. package/dist/index.js.map +1 -1
  5. package/package.json +3 -3
package/README.md CHANGED
@@ -6,7 +6,9 @@ AI agent tools for [@sqlite-sync](https://github.com/krolebord-dev/sqlite-sync)
6
6
 
7
7
  - `createSchemaDoc` — generates a markdown schema doc by introspecting the synced database (structure from `PRAGMA table_info`, semantics from app-provided context).
8
8
  - `createAiDbAccess` — server-side access object living next to the storage; its methods double as an RPC contract for cross-Durable-Object setups.
9
- - `createDbTools` — AI SDK v6 `ToolSet` (currently a `getDbSchema` tool) backed by an `AiDbAccess` or a stub proxying to one.
9
+ - `createDbTools` — AI SDK v6 `ToolSet` (`getDbSchema` and `queryDb` tools) backed by an `AiDbAccess` or a stub proxying to one.
10
+
11
+ `queryDb` is strictly read-only: a single `SELECT`/`WITH`/`VALUES` statement, verified against SQLite's `EXPLAIN` bytecode for write opcodes, and executed inside a transaction that is always rolled back. Reads are **not** restricted by table — the agent can query every table in the database file (including sqlite-sync's internal event log), so don't colocate data the agent must not see. Results are capped (default 200 rows, 2000 chars per cell) and report `truncated` so the agent can narrow its query.
10
12
 
11
13
  ## Usage (Cloudflare Durable Object)
12
14
 
@@ -21,7 +23,7 @@ async onStart() {
21
23
  executor: createKyselyExecutor(this.ctx.storage),
22
24
  syncDbSchema,
23
25
  context: {
24
- overview: "# My app's database\n\nDeletes are soft-deletes; the views below already hide them.",
26
+ overview: "# My app's database\n\nA todo app for a single user.",
25
27
  tables: {
26
28
  todos: {
27
29
  description: "The user's todos.",
@@ -32,10 +34,13 @@ async onStart() {
32
34
  });
33
35
  }
34
36
 
35
- // RPC method for agents running elsewhere:
37
+ // RPC methods for agents running elsewhere:
36
38
  getDbSchemaDoc() {
37
39
  return this.aiDbAccess.getSchemaDoc();
38
40
  }
41
+ queryDb(input: AiQueryInput) {
42
+ return this.aiDbAccess.query(input);
43
+ }
39
44
  ```
40
45
 
41
46
  ```ts
@@ -46,10 +51,15 @@ getTools() {
46
51
  return createDbTools({
47
52
  access: async () => {
48
53
  const stub = await this.getUserDbStub();
49
- return { getSchemaDoc: () => stub.getDbSchemaDoc() };
54
+ return {
55
+ getSchemaDoc: () => stub.getDbSchemaDoc(),
56
+ query: (input) => stub.queryDb(input),
57
+ };
50
58
  },
51
59
  });
52
60
  }
53
61
  ```
54
62
 
55
63
  `context.tables` keys are CRDT view names (`crdtTableName`). The doc skips the internal `tombstone` column and introspects base tables (views lose `NOT NULL` fidelity), presenting them under their view names.
64
+
65
+ The generated doc always includes a built-in preamble (after your `overview`) explaining sqlite-sync mechanics — that the database syncs between devices and that the listed tables are read-only views with soft-deleted rows already filtered out. Your `context` only needs to describe your domain: what the app is, what each table/column means, and any data conventions (units, enums, timestamp formats).
package/dist/index.d.ts CHANGED
@@ -17,6 +17,10 @@ type SchemaDocContext = {
17
17
  * Structure comes from `PRAGMA table_info` on the base tables (introspecting the views would
18
18
  * lose NOT NULL fidelity), presented under the view names the agent queries; semantics come
19
19
  * from the consumer-provided context. The internal `tombstone` column is omitted.
20
+ *
21
+ * The doc always includes a built-in preamble explaining sqlite-sync mechanics (read-only
22
+ * views, soft-deletes already filtered) after the consumer's `overview` — consumers only
23
+ * need to describe their own domain.
20
24
  */
21
25
  declare function createSchemaDoc(opts: {
22
26
  execute: (sql: string) => Record<string, unknown>[];
@@ -31,9 +35,6 @@ type AiDbExecuteParams = {
31
35
  /**
32
36
  * Minimal executor contract for AI database access. Runtime-specific — inject the one that
33
37
  * matches where the storage lives; @sqlite-sync/cloudflare's `createKyselyExecutor` satisfies it.
34
- *
35
- * `transaction` MUST roll back everything the callback executed when the callback throws —
36
- * it backs the read-only enforcement of the query tooling.
37
38
  */
38
39
  type AiDbExecutor = {
39
40
  execute<TResult = unknown>(query: AiDbExecuteParams): {
@@ -41,24 +42,81 @@ type AiDbExecutor = {
41
42
  };
42
43
  transaction(callback: (tx: Pick<AiDbExecutor, "execute">) => void): void;
43
44
  };
45
+ type AiQueryInput = {
46
+ sql: string;
47
+ parameters?: readonly unknown[];
48
+ };
49
+ type AiQueryResult = {
50
+ rows: Record<string, unknown>[];
51
+ rowCount: number;
52
+ truncated: boolean;
53
+ } | {
54
+ error: string;
55
+ };
44
56
  /**
45
57
  * Read-only AI access to a synced database. Lives where the storage lives; its method names
46
58
  * are the RPC contract, so a DO stub proxying to these methods exposes the same surface
47
59
  * (promise-wrapped) and satisfies the tool layer's `DbToolsAccess`.
60
+ *
61
+ * `query` enforces read-only (single SELECT/WITH/VALUES statement, no write opcodes, executed
62
+ * in a forced-rollback transaction) but reads are not restricted by table — the whole database
63
+ * file is in scope for the agent, so don't colocate data the agent must not see.
48
64
  */
49
65
  type AiDbAccess = {
50
66
  getSchemaDoc(): string;
67
+ query(input: AiQueryInput): AiQueryResult;
51
68
  };
52
- /**
53
- * Create where the CRDT storage was created (e.g. a Durable Object's `onStart`, after
54
- * migrations have run) — the schema doc is introspected once and cached.
55
- */
56
69
  declare function createAiDbAccess(opts: {
57
70
  executor: AiDbExecutor;
58
71
  syncDbSchema: SyncDbSchema;
59
72
  context?: SchemaDocContext;
73
+ limits?: {
74
+ maxRows?: number;
75
+ maxCellChars?: number;
76
+ };
60
77
  }): AiDbAccess;
61
78
 
79
+ type QueryGuardInput = {
80
+ sql: string;
81
+ parameters?: readonly unknown[];
82
+ };
83
+ type QueryGuardRejection = {
84
+ allowed: false;
85
+ code: "invalid-statement" | "multi-statement" | "invalid-sql" | "write-detected";
86
+ message: string;
87
+ };
88
+ type QueryGuardVerdict = {
89
+ allowed: true;
90
+ } | QueryGuardRejection;
91
+ declare class QueryGuardError extends Error {
92
+ readonly rejection: QueryGuardRejection;
93
+ constructor(rejection: QueryGuardRejection);
94
+ }
95
+ type QueryGuard = {
96
+ /**
97
+ * Statically verifies the query is a read-only single statement. Reads are not restricted
98
+ * by table — the whole database file is in scope for the agent, so don't colocate data the
99
+ * agent must not see.
100
+ */
101
+ check(input: QueryGuardInput): QueryGuardVerdict;
102
+ /**
103
+ * `check` + execute inside a forced-rollback transaction (the unconditional backstop for
104
+ * anything the analysis might miss). Throws {@link QueryGuardError} when the check rejects.
105
+ */
106
+ execute<TResult = unknown>(input: QueryGuardInput): {
107
+ rows: TResult[];
108
+ };
109
+ };
110
+ declare function createQueryGuard(opts: {
111
+ executor: AiDbExecutor;
112
+ }): QueryGuard;
113
+ /**
114
+ * Runs `callback` in a transaction that is always rolled back (via a sentinel throw, relying
115
+ * on the {@link AiDbExecutor} contract that a throwing callback rolls back). This is the
116
+ * unconditional write guard backing any gap in the static analysis.
117
+ */
118
+ declare function runWithForcedRollback<T>(executor: Pick<AiDbExecutor, "transaction">, callback: (tx: Pick<AiDbExecutor, "execute">) => T): T;
119
+
62
120
  type MaybePromise<T> = T | Promise<T>;
63
121
  /**
64
122
  * What the tools need from the database side. Satisfied directly by `AiDbAccess`, or by a
@@ -66,6 +124,7 @@ type MaybePromise<T> = T | Promise<T>;
66
124
  */
67
125
  type DbToolsAccess = {
68
126
  getSchemaDoc(): MaybePromise<string>;
127
+ query(input: AiQueryInput): MaybePromise<AiQueryResult>;
69
128
  };
70
129
  /**
71
130
  * AI SDK tools for a synced database. `access` is a factory because acquiring the database
@@ -75,4 +134,4 @@ declare function createDbTools(opts: {
75
134
  access: () => MaybePromise<DbToolsAccess>;
76
135
  }): ToolSet;
77
136
 
78
- export { type AiDbAccess, type AiDbExecuteParams, type AiDbExecutor, type DbToolsAccess, type SchemaDocContext, createAiDbAccess, createDbTools, createSchemaDoc };
137
+ export { type AiDbAccess, type AiDbExecuteParams, type AiDbExecutor, type AiQueryInput, type AiQueryResult, type DbToolsAccess, type QueryGuard, QueryGuardError, type QueryGuardInput, type QueryGuardRejection, type QueryGuardVerdict, type SchemaDocContext, createAiDbAccess, createDbTools, createQueryGuard, createSchemaDoc, runWithForcedRollback };
package/dist/index.js CHANGED
@@ -1,4 +1,118 @@
1
+ // src/query-guard.ts
2
+ var QueryGuardError = class extends Error {
3
+ rejection;
4
+ constructor(rejection) {
5
+ super(rejection.message);
6
+ this.name = "QueryGuardError";
7
+ this.rejection = rejection;
8
+ }
9
+ };
10
+ var WRITE_OPCODES = /* @__PURE__ */ new Set([
11
+ "OpenWrite",
12
+ "Clear",
13
+ "Destroy",
14
+ "CreateBtree",
15
+ "SqlExec",
16
+ "ParseSchema",
17
+ "DropTable",
18
+ "DropIndex",
19
+ "DropTrigger",
20
+ "SetCookie",
21
+ "JournalMode",
22
+ "Vacuum",
23
+ "IncrVacuum",
24
+ "Checkpoint",
25
+ "MaxPgcnt",
26
+ "Expire",
27
+ "AutoCommit",
28
+ "VUpdate",
29
+ "VCreate",
30
+ "VDestroy",
31
+ "Program"
32
+ ]);
33
+ var READ_STATEMENT_PREFIXES = ["select", "with", "values"];
34
+ function createQueryGuard(opts) {
35
+ function reject(code, message) {
36
+ return { allowed: false, code, message };
37
+ }
38
+ function check(input) {
39
+ let body = input.sql.trim();
40
+ while (body.endsWith(";")) {
41
+ body = body.slice(0, -1).trimEnd();
42
+ }
43
+ if (body.includes(";")) {
44
+ return reject(
45
+ "multi-statement",
46
+ "Only a single SQL statement is allowed per query, and semicolons are only allowed at the very end. If the semicolon is inside a string literal, pass the value as a bound parameter instead."
47
+ );
48
+ }
49
+ const lowered = body.toLowerCase();
50
+ if (!READ_STATEMENT_PREFIXES.some((keyword) => lowered.startsWith(keyword))) {
51
+ return reject(
52
+ "invalid-statement",
53
+ "Only read-only queries are allowed: the statement must start directly with SELECT, WITH, or VALUES (no leading comments)."
54
+ );
55
+ }
56
+ let operations;
57
+ try {
58
+ operations = opts.executor.execute({
59
+ sql: `EXPLAIN ${input.sql}`,
60
+ parameters: input.parameters ?? []
61
+ }).rows;
62
+ } catch (error) {
63
+ return reject("invalid-sql", `SQL error: ${error instanceof Error ? error.message : String(error)}`);
64
+ }
65
+ for (const operation of operations) {
66
+ if (WRITE_OPCODES.has(operation.opcode)) {
67
+ return reject(
68
+ "write-detected",
69
+ `The statement was rejected because it would modify the database (${operation.opcode}). This tool is strictly read-only; rewrite the query as a pure SELECT.`
70
+ );
71
+ }
72
+ }
73
+ return { allowed: true };
74
+ }
75
+ return {
76
+ check,
77
+ execute(input) {
78
+ const verdict = check(input);
79
+ if (!verdict.allowed) {
80
+ throw new QueryGuardError(verdict);
81
+ }
82
+ return runWithForcedRollback(opts.executor, (tx) => {
83
+ return tx.execute({ sql: input.sql, parameters: input.parameters ?? [] });
84
+ });
85
+ }
86
+ };
87
+ }
88
+ function runWithForcedRollback(executor, callback) {
89
+ let result;
90
+ let completed = false;
91
+ const rollbackSentinel = new Error("forced read-only rollback");
92
+ try {
93
+ executor.transaction((tx) => {
94
+ result = callback(tx);
95
+ completed = true;
96
+ throw rollbackSentinel;
97
+ });
98
+ } catch (error) {
99
+ if (error !== rollbackSentinel) {
100
+ throw error;
101
+ }
102
+ }
103
+ if (!completed) {
104
+ throw new Error("Transaction completed without running the callback");
105
+ }
106
+ return result;
107
+ }
108
+
1
109
  // src/schema-doc.ts
110
+ var SCHEMA_DOC_PREAMBLE = [
111
+ "This is a synced SQLite database \u2014 data replicates automatically between the user's devices.",
112
+ "All writes go through a sync event log, which is why the tables listed below are exposed as",
113
+ "read-only SQL views; soft-deleted rows are already filtered out, so query them directly",
114
+ "without any tombstone filtering. Every table has a unique `id` text primary key."
115
+ ].join("\n");
2
116
  function quoteId(name) {
3
117
  return `"${name.replaceAll('"', '""')}"`;
4
118
  }
@@ -8,6 +122,7 @@ function createSchemaDoc(opts) {
8
122
  if (overview) {
9
123
  sections.push(overview);
10
124
  }
125
+ sections.push(SCHEMA_DOC_PREAMBLE);
11
126
  for (const table of opts.syncDbSchema.tablesConfig) {
12
127
  const tableContext = opts.context?.tables?.[table.crdtTableName];
13
128
  const columns = opts.execute(`PRAGMA table_info(${quoteId(table.baseTableName)})`);
@@ -29,8 +144,18 @@ function createSchemaDoc(opts) {
29
144
  }
30
145
 
31
146
  // src/db-access.ts
147
+ function toBase64(bytes) {
148
+ let binary = "";
149
+ for (const byte of bytes) {
150
+ binary += String.fromCharCode(byte);
151
+ }
152
+ return btoa(binary);
153
+ }
32
154
  function createAiDbAccess(opts) {
33
155
  let schemaDoc;
156
+ const guard = createQueryGuard({ executor: opts.executor });
157
+ const maxRows = opts.limits?.maxRows ?? 200;
158
+ const maxCellChars = opts.limits?.maxCellChars ?? 2e3;
34
159
  return {
35
160
  getSchemaDoc() {
36
161
  schemaDoc ??= createSchemaDoc({
@@ -39,6 +164,34 @@ function createAiDbAccess(opts) {
39
164
  context: opts.context
40
165
  });
41
166
  return schemaDoc;
167
+ },
168
+ query(input) {
169
+ let resultRows;
170
+ try {
171
+ resultRows = guard.execute(input).rows;
172
+ } catch (error) {
173
+ if (error instanceof QueryGuardError) {
174
+ return { error: error.message };
175
+ }
176
+ throw error;
177
+ }
178
+ let truncated = resultRows.length > maxRows;
179
+ function shapeCell(value) {
180
+ if (value instanceof Uint8Array) {
181
+ if (Math.ceil(value.byteLength / 3) * 4 <= maxCellChars) {
182
+ return `<blob base64 ${toBase64(value)}>`;
183
+ }
184
+ truncated = true;
185
+ return `<blob ${value.byteLength} bytes>`;
186
+ }
187
+ if (typeof value === "string" && value.length > maxCellChars) {
188
+ truncated = true;
189
+ return `${value.slice(0, maxCellChars)}\u2026`;
190
+ }
191
+ return value;
192
+ }
193
+ const rows = resultRows.slice(0, maxRows).map((row) => Object.fromEntries(Object.entries(row).map(([column, value]) => [column, shapeCell(value)])));
194
+ return { rows, rowCount: resultRows.length, truncated };
42
195
  }
43
196
  };
44
197
  }
@@ -50,6 +203,22 @@ var emptyInputSchema = jsonSchema({
50
203
  properties: {},
51
204
  additionalProperties: false
52
205
  });
206
+ var queryInputSchema = jsonSchema({
207
+ type: "object",
208
+ properties: {
209
+ sql: {
210
+ type: "string",
211
+ description: "A single read-only SQLite statement starting with SELECT, WITH, or VALUES. Use ? placeholders for values."
212
+ },
213
+ parameters: {
214
+ type: "array",
215
+ items: { type: ["string", "number", "boolean", "null"] },
216
+ description: "Values bound to the ? placeholders, in order."
217
+ }
218
+ },
219
+ required: ["sql"],
220
+ additionalProperties: false
221
+ });
53
222
  function createDbTools(opts) {
54
223
  return {
55
224
  getDbSchema: tool({
@@ -59,12 +228,23 @@ function createDbTools(opts) {
59
228
  const access = await opts.access();
60
229
  return await access.getSchemaDoc();
61
230
  }
231
+ }),
232
+ queryDb: tool({
233
+ description: "Run a read-only SQL query against the synced SQLite database. Only a single SELECT/WITH/VALUES statement is allowed \u2014 anything that writes is rejected. Pass values as ? placeholders via `parameters` instead of inlining them as literals. Results are capped; ask for fewer columns or add LIMIT/WHERE if `truncated` is true.",
234
+ inputSchema: queryInputSchema,
235
+ execute: async ({ sql, parameters }) => {
236
+ const access = await opts.access();
237
+ return await access.query({ sql, parameters });
238
+ }
62
239
  })
63
240
  };
64
241
  }
65
242
  export {
243
+ QueryGuardError,
66
244
  createAiDbAccess,
67
245
  createDbTools,
68
- createSchemaDoc
246
+ createQueryGuard,
247
+ createSchemaDoc,
248
+ runWithForcedRollback
69
249
  };
70
250
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/schema-doc.ts","../src/db-access.ts","../src/tools.ts"],"sourcesContent":["import type { SyncDbSchema } from \"@sqlite-sync/core\";\n\n/**\n * App-provided semantics merged into the generated schema doc.\n * Keys of `tables` are CRDT view names (`crdtTableName`), not base table names.\n */\nexport type SchemaDocContext = {\n overview?: string;\n tables?: Record<string, { description?: string; columns?: Record<string, string> }>;\n};\n\ntype TableInfoRow = {\n cid: number;\n name: string;\n type: string;\n notnull: number;\n};\n\nfunction quoteId(name: string) {\n return `\"${name.replaceAll('\"', '\"\"')}\"`;\n}\n\n/**\n * Generates a markdown schema doc for an AI agent by introspecting the synced database.\n * Structure comes from `PRAGMA table_info` on the base tables (introspecting the views would\n * lose NOT NULL fidelity), presented under the view names the agent queries; semantics come\n * from the consumer-provided context. The internal `tombstone` column is omitted.\n */\nexport function createSchemaDoc(opts: {\n execute: (sql: string) => Record<string, unknown>[];\n syncDbSchema: SyncDbSchema;\n context?: SchemaDocContext;\n}): string {\n const sections: string[] = [];\n\n const overview = opts.context?.overview?.trim();\n if (overview) {\n sections.push(overview);\n }\n\n for (const table of opts.syncDbSchema.tablesConfig) {\n const tableContext = opts.context?.tables?.[table.crdtTableName];\n const columns = opts.execute(`PRAGMA table_info(${quoteId(table.baseTableName)})`) as TableInfoRow[];\n\n const lines = [`## ${table.crdtTableName}`];\n if (tableContext?.description) {\n lines.push(\"\", tableContext.description.trim());\n }\n lines.push(\"\", \"Columns:\");\n for (const column of columns) {\n if (column.name === \"tombstone\") continue;\n const description = tableContext?.columns?.[column.name];\n lines.push(\n `- \\`${column.name}\\` ${column.type}${column.notnull ? \" NOT NULL\" : \"\"}${description ? ` — ${description}` : \"\"}`,\n );\n }\n sections.push(lines.join(\"\\n\"));\n }\n\n return sections.join(\"\\n\\n\");\n}\n","import type { SyncDbSchema } from \"@sqlite-sync/core\";\nimport { createSchemaDoc, type SchemaDocContext } from \"./schema-doc\";\n\nexport type AiDbExecuteParams = {\n sql: string;\n parameters: readonly unknown[];\n};\n\n/**\n * Minimal executor contract for AI database access. Runtime-specific — inject the one that\n * matches where the storage lives; @sqlite-sync/cloudflare's `createKyselyExecutor` satisfies it.\n *\n * `transaction` MUST roll back everything the callback executed when the callback throws —\n * it backs the read-only enforcement of the query tooling.\n */\nexport type AiDbExecutor = {\n execute<TResult = unknown>(query: AiDbExecuteParams): { rows: TResult[] };\n transaction(callback: (tx: Pick<AiDbExecutor, \"execute\">) => void): void;\n};\n\n/**\n * Read-only AI access to a synced database. Lives where the storage lives; its method names\n * are the RPC contract, so a DO stub proxying to these methods exposes the same surface\n * (promise-wrapped) and satisfies the tool layer's `DbToolsAccess`.\n */\nexport type AiDbAccess = {\n getSchemaDoc(): string;\n};\n\n/**\n * Create where the CRDT storage was created (e.g. a Durable Object's `onStart`, after\n * migrations have run) — the schema doc is introspected once and cached.\n */\nexport function createAiDbAccess(opts: {\n executor: AiDbExecutor;\n syncDbSchema: SyncDbSchema;\n context?: SchemaDocContext;\n}): AiDbAccess {\n let schemaDoc: string | undefined;\n\n return {\n getSchemaDoc() {\n schemaDoc ??= createSchemaDoc({\n execute: (sql) => opts.executor.execute<Record<string, unknown>>({ sql, parameters: [] }).rows,\n syncDbSchema: opts.syncDbSchema,\n context: opts.context,\n });\n return schemaDoc;\n },\n };\n}\n","import { jsonSchema, type ToolSet, tool } from \"ai\";\n\ntype MaybePromise<T> = T | Promise<T>;\n\n/**\n * What the tools need from the database side. Satisfied directly by `AiDbAccess`, or by a\n * Durable Object stub whose RPC methods delegate to one (RPC wraps returns in promises).\n */\nexport type DbToolsAccess = {\n getSchemaDoc(): MaybePromise<string>;\n};\n\nconst emptyInputSchema = jsonSchema<Record<string, never>>({\n type: \"object\",\n properties: {},\n additionalProperties: false,\n});\n\n/**\n * AI SDK tools for a synced database. `access` is a factory because acquiring the database\n * may itself be async per call (e.g. resolving a Durable Object stub from another DO).\n */\nexport function createDbTools(opts: { access: () => MaybePromise<DbToolsAccess> }): ToolSet {\n return {\n getDbSchema: tool({\n description:\n \"Get the schema documentation for the synced SQLite database: tables, columns, types, and data conventions. Call this before reasoning about the data.\",\n inputSchema: emptyInputSchema,\n execute: async () => {\n const access = await opts.access();\n return await access.getSchemaDoc();\n },\n }),\n };\n}\n"],"mappings":";AAkBA,SAAS,QAAQ,MAAc;AAC7B,SAAO,IAAI,KAAK,WAAW,KAAK,IAAI,CAAC;AACvC;AAQO,SAAS,gBAAgB,MAIrB;AACT,QAAM,WAAqB,CAAC;AAE5B,QAAM,WAAW,KAAK,SAAS,UAAU,KAAK;AAC9C,MAAI,UAAU;AACZ,aAAS,KAAK,QAAQ;AAAA,EACxB;AAEA,aAAW,SAAS,KAAK,aAAa,cAAc;AAClD,UAAM,eAAe,KAAK,SAAS,SAAS,MAAM,aAAa;AAC/D,UAAM,UAAU,KAAK,QAAQ,qBAAqB,QAAQ,MAAM,aAAa,CAAC,GAAG;AAEjF,UAAM,QAAQ,CAAC,MAAM,MAAM,aAAa,EAAE;AAC1C,QAAI,cAAc,aAAa;AAC7B,YAAM,KAAK,IAAI,aAAa,YAAY,KAAK,CAAC;AAAA,IAChD;AACA,UAAM,KAAK,IAAI,UAAU;AACzB,eAAW,UAAU,SAAS;AAC5B,UAAI,OAAO,SAAS,YAAa;AACjC,YAAM,cAAc,cAAc,UAAU,OAAO,IAAI;AACvD,YAAM;AAAA,QACJ,OAAO,OAAO,IAAI,MAAM,OAAO,IAAI,GAAG,OAAO,UAAU,cAAc,EAAE,GAAG,cAAc,WAAM,WAAW,KAAK,EAAE;AAAA,MAClH;AAAA,IACF;AACA,aAAS,KAAK,MAAM,KAAK,IAAI,CAAC;AAAA,EAChC;AAEA,SAAO,SAAS,KAAK,MAAM;AAC7B;;;AC3BO,SAAS,iBAAiB,MAIlB;AACb,MAAI;AAEJ,SAAO;AAAA,IACL,eAAe;AACb,oBAAc,gBAAgB;AAAA,QAC5B,SAAS,CAAC,QAAQ,KAAK,SAAS,QAAiC,EAAE,KAAK,YAAY,CAAC,EAAE,CAAC,EAAE;AAAA,QAC1F,cAAc,KAAK;AAAA,QACnB,SAAS,KAAK;AAAA,MAChB,CAAC;AACD,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClDA,SAAS,YAA0B,YAAY;AAY/C,IAAM,mBAAmB,WAAkC;AAAA,EACzD,MAAM;AAAA,EACN,YAAY,CAAC;AAAA,EACb,sBAAsB;AACxB,CAAC;AAMM,SAAS,cAAc,MAA8D;AAC1F,SAAO;AAAA,IACL,aAAa,KAAK;AAAA,MAChB,aACE;AAAA,MACF,aAAa;AAAA,MACb,SAAS,YAAY;AACnB,cAAM,SAAS,MAAM,KAAK,OAAO;AACjC,eAAO,MAAM,OAAO,aAAa;AAAA,MACnC;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/query-guard.ts","../src/schema-doc.ts","../src/db-access.ts","../src/tools.ts"],"sourcesContent":["import type { AiDbExecutor } from \"./db-access\";\n\nexport type QueryGuardInput = {\n sql: string;\n parameters?: readonly unknown[];\n};\n\nexport type QueryGuardRejection = {\n allowed: false;\n code: \"invalid-statement\" | \"multi-statement\" | \"invalid-sql\" | \"write-detected\";\n message: string;\n};\n\nexport type QueryGuardVerdict = { allowed: true } | QueryGuardRejection;\n\nexport class QueryGuardError extends Error {\n readonly rejection: QueryGuardRejection;\n\n constructor(rejection: QueryGuardRejection) {\n super(rejection.message);\n this.name = \"QueryGuardError\";\n this.rejection = rejection;\n }\n}\n\nexport type QueryGuard = {\n /**\n * Statically verifies the query is a read-only single statement. Reads are not restricted\n * by table — the whole database file is in scope for the agent, so don't colocate data the\n * agent must not see.\n */\n check(input: QueryGuardInput): QueryGuardVerdict;\n /**\n * `check` + execute inside a forced-rollback transaction (the unconditional backstop for\n * anything the analysis might miss). Throws {@link QueryGuardError} when the check rejects.\n */\n execute<TResult = unknown>(input: QueryGuardInput): { rows: TResult[] };\n};\n\n/**\n * Opcodes that prove a statement is not read-only. `OpenWrite` covers row-level writes (every\n * real-table mutation opens its cursor through it), `Clear`/`Destroy` cover whole-table\n * deletes that skip cursors (truncate optimization), the rest cover DDL, pragma-class\n * statements (which a transaction rollback would NOT undo), virtual-table writes, and trigger\n * subprograms. `Insert`/`Delete`/`IdxInsert` are deliberately absent — they also run against\n * ephemeral/sorter cursors in ordinary SELECTs (DISTINCT, ORDER BY) and are only dangerous on\n * a cursor an `OpenWrite` would have created.\n */\nconst WRITE_OPCODES = new Set([\n \"OpenWrite\",\n \"Clear\",\n \"Destroy\",\n \"CreateBtree\",\n \"SqlExec\",\n \"ParseSchema\",\n \"DropTable\",\n \"DropIndex\",\n \"DropTrigger\",\n \"SetCookie\",\n \"JournalMode\",\n \"Vacuum\",\n \"IncrVacuum\",\n \"Checkpoint\",\n \"MaxPgcnt\",\n \"Expire\",\n \"AutoCommit\",\n \"VUpdate\",\n \"VCreate\",\n \"VDestroy\",\n \"Program\",\n]);\n\ntype ExplainRow = {\n opcode: string;\n};\n\nconst READ_STATEMENT_PREFIXES = [\"select\", \"with\", \"values\"];\n\nexport function createQueryGuard(opts: { executor: AiDbExecutor }): QueryGuard {\n function reject(code: QueryGuardRejection[\"code\"], message: string): QueryGuardRejection {\n return { allowed: false, code, message };\n }\n\n function check(input: QueryGuardInput): QueryGuardVerdict {\n let body = input.sql.trim();\n while (body.endsWith(\";\")) {\n body = body.slice(0, -1).trimEnd();\n }\n\n if (body.includes(\";\")) {\n return reject(\n \"multi-statement\",\n \"Only a single SQL statement is allowed per query, and semicolons are only allowed at the very end. If the semicolon is inside a string literal, pass the value as a bound parameter instead.\",\n );\n }\n\n const lowered = body.toLowerCase();\n if (!READ_STATEMENT_PREFIXES.some((keyword) => lowered.startsWith(keyword))) {\n return reject(\n \"invalid-statement\",\n \"Only read-only queries are allowed: the statement must start directly with SELECT, WITH, or VALUES (no leading comments).\",\n );\n }\n\n let operations: ExplainRow[];\n try {\n operations = opts.executor.execute<ExplainRow>({\n sql: `EXPLAIN ${input.sql}`,\n parameters: input.parameters ?? [],\n }).rows;\n } catch (error) {\n return reject(\"invalid-sql\", `SQL error: ${error instanceof Error ? error.message : String(error)}`);\n }\n\n for (const operation of operations) {\n if (WRITE_OPCODES.has(operation.opcode)) {\n return reject(\n \"write-detected\",\n `The statement was rejected because it would modify the database (${operation.opcode}). This tool is strictly read-only; rewrite the query as a pure SELECT.`,\n );\n }\n }\n\n return { allowed: true };\n }\n\n return {\n check,\n execute(input) {\n const verdict = check(input);\n if (!verdict.allowed) {\n throw new QueryGuardError(verdict);\n }\n return runWithForcedRollback(opts.executor, (tx) => {\n return tx.execute({ sql: input.sql, parameters: input.parameters ?? [] });\n });\n },\n };\n}\n\n/**\n * Runs `callback` in a transaction that is always rolled back (via a sentinel throw, relying\n * on the {@link AiDbExecutor} contract that a throwing callback rolls back). This is the\n * unconditional write guard backing any gap in the static analysis.\n */\nexport function runWithForcedRollback<T>(\n executor: Pick<AiDbExecutor, \"transaction\">,\n callback: (tx: Pick<AiDbExecutor, \"execute\">) => T,\n): T {\n let result: T | undefined;\n let completed = false;\n const rollbackSentinel = new Error(\"forced read-only rollback\");\n\n try {\n executor.transaction((tx) => {\n result = callback(tx);\n completed = true;\n throw rollbackSentinel;\n });\n } catch (error) {\n if (error !== rollbackSentinel) {\n throw error;\n }\n }\n\n if (!completed) {\n throw new Error(\"Transaction completed without running the callback\");\n }\n return result as T;\n}\n","import type { SyncDbSchema } from \"@sqlite-sync/core\";\n\n/**\n * App-provided semantics merged into the generated schema doc.\n * Keys of `tables` are CRDT view names (`crdtTableName`), not base table names.\n */\nexport type SchemaDocContext = {\n overview?: string;\n tables?: Record<string, { description?: string; columns?: Record<string, string> }>;\n};\n\n// Library mechanics every generated doc should explain, so consumers only have to describe\n// their own domain in `context`. Kept free of tombstone-column details the agent never sees.\nconst SCHEMA_DOC_PREAMBLE = [\n \"This is a synced SQLite database — data replicates automatically between the user's devices.\",\n \"All writes go through a sync event log, which is why the tables listed below are exposed as\",\n \"read-only SQL views; soft-deleted rows are already filtered out, so query them directly\",\n \"without any tombstone filtering. Every table has a unique `id` text primary key.\",\n].join(\"\\n\");\n\ntype TableInfoRow = {\n cid: number;\n name: string;\n type: string;\n notnull: number;\n};\n\nfunction quoteId(name: string) {\n return `\"${name.replaceAll('\"', '\"\"')}\"`;\n}\n\n/**\n * Generates a markdown schema doc for an AI agent by introspecting the synced database.\n * Structure comes from `PRAGMA table_info` on the base tables (introspecting the views would\n * lose NOT NULL fidelity), presented under the view names the agent queries; semantics come\n * from the consumer-provided context. The internal `tombstone` column is omitted.\n *\n * The doc always includes a built-in preamble explaining sqlite-sync mechanics (read-only\n * views, soft-deletes already filtered) after the consumer's `overview` — consumers only\n * need to describe their own domain.\n */\nexport function createSchemaDoc(opts: {\n execute: (sql: string) => Record<string, unknown>[];\n syncDbSchema: SyncDbSchema;\n context?: SchemaDocContext;\n}): string {\n const sections: string[] = [];\n\n const overview = opts.context?.overview?.trim();\n if (overview) {\n sections.push(overview);\n }\n sections.push(SCHEMA_DOC_PREAMBLE);\n\n for (const table of opts.syncDbSchema.tablesConfig) {\n const tableContext = opts.context?.tables?.[table.crdtTableName];\n const columns = opts.execute(`PRAGMA table_info(${quoteId(table.baseTableName)})`) as TableInfoRow[];\n\n const lines = [`## ${table.crdtTableName}`];\n if (tableContext?.description) {\n lines.push(\"\", tableContext.description.trim());\n }\n lines.push(\"\", \"Columns:\");\n for (const column of columns) {\n if (column.name === \"tombstone\") continue;\n const description = tableContext?.columns?.[column.name];\n lines.push(\n `- \\`${column.name}\\` ${column.type}${column.notnull ? \" NOT NULL\" : \"\"}${description ? ` — ${description}` : \"\"}`,\n );\n }\n sections.push(lines.join(\"\\n\"));\n }\n\n return sections.join(\"\\n\\n\");\n}\n","import type { SyncDbSchema } from \"@sqlite-sync/core\";\nimport { createQueryGuard, QueryGuardError } from \"./query-guard\";\nimport { createSchemaDoc, type SchemaDocContext } from \"./schema-doc\";\n\nexport type AiDbExecuteParams = {\n sql: string;\n parameters: readonly unknown[];\n};\n\n/**\n * Minimal executor contract for AI database access. Runtime-specific — inject the one that\n * matches where the storage lives; @sqlite-sync/cloudflare's `createKyselyExecutor` satisfies it.\n */\nexport type AiDbExecutor = {\n execute<TResult = unknown>(query: AiDbExecuteParams): { rows: TResult[] };\n transaction(callback: (tx: Pick<AiDbExecutor, \"execute\">) => void): void;\n};\n\nexport type AiQueryInput = {\n sql: string;\n parameters?: readonly unknown[];\n};\n\nexport type AiQueryResult =\n | {\n rows: Record<string, unknown>[];\n rowCount: number;\n truncated: boolean;\n }\n | {\n error: string;\n };\n\n/**\n * Read-only AI access to a synced database. Lives where the storage lives; its method names\n * are the RPC contract, so a DO stub proxying to these methods exposes the same surface\n * (promise-wrapped) and satisfies the tool layer's `DbToolsAccess`.\n *\n * `query` enforces read-only (single SELECT/WITH/VALUES statement, no write opcodes, executed\n * in a forced-rollback transaction) but reads are not restricted by table — the whole database\n * file is in scope for the agent, so don't colocate data the agent must not see.\n */\nexport type AiDbAccess = {\n getSchemaDoc(): string;\n query(input: AiQueryInput): AiQueryResult;\n};\n\nfunction toBase64(bytes: Uint8Array): string {\n let binary = \"\";\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary);\n}\n\nexport function createAiDbAccess(opts: {\n executor: AiDbExecutor;\n syncDbSchema: SyncDbSchema;\n context?: SchemaDocContext;\n limits?: { maxRows?: number; maxCellChars?: number };\n}): AiDbAccess {\n let schemaDoc: string | undefined;\n const guard = createQueryGuard({ executor: opts.executor });\n const maxRows = opts.limits?.maxRows ?? 200;\n const maxCellChars = opts.limits?.maxCellChars ?? 2000;\n\n return {\n getSchemaDoc() {\n schemaDoc ??= createSchemaDoc({\n execute: (sql) => opts.executor.execute<Record<string, unknown>>({ sql, parameters: [] }).rows,\n syncDbSchema: opts.syncDbSchema,\n context: opts.context,\n });\n return schemaDoc;\n },\n query(input) {\n let resultRows: Record<string, unknown>[];\n try {\n resultRows = guard.execute<Record<string, unknown>>(input).rows;\n } catch (error) {\n if (error instanceof QueryGuardError) {\n return { error: error.message };\n }\n throw error;\n }\n\n let truncated = resultRows.length > maxRows;\n\n function shapeCell(value: unknown): unknown {\n if (value instanceof Uint8Array) {\n // Base64 inflates by 4/3, so budget the encoded length against the cell cap.\n if (Math.ceil(value.byteLength / 3) * 4 <= maxCellChars) {\n return `<blob base64 ${toBase64(value)}>`;\n }\n truncated = true;\n return `<blob ${value.byteLength} bytes>`;\n }\n if (typeof value === \"string\" && value.length > maxCellChars) {\n truncated = true;\n return `${value.slice(0, maxCellChars)}…`;\n }\n return value;\n }\n\n const rows = resultRows\n .slice(0, maxRows)\n .map((row) => Object.fromEntries(Object.entries(row).map(([column, value]) => [column, shapeCell(value)])));\n\n return { rows, rowCount: resultRows.length, truncated };\n },\n };\n}\n","import { jsonSchema, type ToolSet, tool } from \"ai\";\nimport type { AiQueryInput, AiQueryResult } from \"./db-access\";\n\ntype MaybePromise<T> = T | Promise<T>;\n\n/**\n * What the tools need from the database side. Satisfied directly by `AiDbAccess`, or by a\n * Durable Object stub whose RPC methods delegate to one (RPC wraps returns in promises).\n */\nexport type DbToolsAccess = {\n getSchemaDoc(): MaybePromise<string>;\n query(input: AiQueryInput): MaybePromise<AiQueryResult>;\n};\n\nconst emptyInputSchema = jsonSchema<Record<string, never>>({\n type: \"object\",\n properties: {},\n additionalProperties: false,\n});\n\nconst queryInputSchema = jsonSchema<{ sql: string; parameters?: unknown[] }>({\n type: \"object\",\n properties: {\n sql: {\n type: \"string\",\n description:\n \"A single read-only SQLite statement starting with SELECT, WITH, or VALUES. Use ? placeholders for values.\",\n },\n parameters: {\n type: \"array\",\n items: { type: [\"string\", \"number\", \"boolean\", \"null\"] },\n description: \"Values bound to the ? placeholders, in order.\",\n },\n },\n required: [\"sql\"],\n additionalProperties: false,\n});\n\n/**\n * AI SDK tools for a synced database. `access` is a factory because acquiring the database\n * may itself be async per call (e.g. resolving a Durable Object stub from another DO).\n */\nexport function createDbTools(opts: { access: () => MaybePromise<DbToolsAccess> }): ToolSet {\n return {\n getDbSchema: tool({\n description:\n \"Get the schema documentation for the synced SQLite database: tables, columns, types, and data conventions. Call this before reasoning about the data.\",\n inputSchema: emptyInputSchema,\n execute: async () => {\n const access = await opts.access();\n return await access.getSchemaDoc();\n },\n }),\n queryDb: tool({\n description:\n \"Run a read-only SQL query against the synced SQLite database. Only a single SELECT/WITH/VALUES statement is allowed — anything that writes is rejected. Pass values as ? placeholders via `parameters` instead of inlining them as literals. Results are capped; ask for fewer columns or add LIMIT/WHERE if `truncated` is true.\",\n inputSchema: queryInputSchema,\n execute: async ({ sql, parameters }) => {\n const access = await opts.access();\n return await access.query({ sql, parameters });\n },\n }),\n };\n}\n"],"mappings":";AAeO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EAET,YAAY,WAAgC;AAC1C,UAAM,UAAU,OAAO;AACvB,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AACF;AAyBA,IAAM,gBAAgB,oBAAI,IAAI;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAMD,IAAM,0BAA0B,CAAC,UAAU,QAAQ,QAAQ;AAEpD,SAAS,iBAAiB,MAA8C;AAC7E,WAAS,OAAO,MAAmC,SAAsC;AACvF,WAAO,EAAE,SAAS,OAAO,MAAM,QAAQ;AAAA,EACzC;AAEA,WAAS,MAAM,OAA2C;AACxD,QAAI,OAAO,MAAM,IAAI,KAAK;AAC1B,WAAO,KAAK,SAAS,GAAG,GAAG;AACzB,aAAO,KAAK,MAAM,GAAG,EAAE,EAAE,QAAQ;AAAA,IACnC;AAEA,QAAI,KAAK,SAAS,GAAG,GAAG;AACtB,aAAO;AAAA,QACL;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,UAAU,KAAK,YAAY;AACjC,QAAI,CAAC,wBAAwB,KAAK,CAAC,YAAY,QAAQ,WAAW,OAAO,CAAC,GAAG;AAC3E,aAAO;AAAA,QACL;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,mBAAa,KAAK,SAAS,QAAoB;AAAA,QAC7C,KAAK,WAAW,MAAM,GAAG;AAAA,QACzB,YAAY,MAAM,cAAc,CAAC;AAAA,MACnC,CAAC,EAAE;AAAA,IACL,SAAS,OAAO;AACd,aAAO,OAAO,eAAe,cAAc,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC,EAAE;AAAA,IACrG;AAEA,eAAW,aAAa,YAAY;AAClC,UAAI,cAAc,IAAI,UAAU,MAAM,GAAG;AACvC,eAAO;AAAA,UACL;AAAA,UACA,oEAAoE,UAAU,MAAM;AAAA,QACtF;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,OAAO;AACb,YAAM,UAAU,MAAM,KAAK;AAC3B,UAAI,CAAC,QAAQ,SAAS;AACpB,cAAM,IAAI,gBAAgB,OAAO;AAAA,MACnC;AACA,aAAO,sBAAsB,KAAK,UAAU,CAAC,OAAO;AAClD,eAAO,GAAG,QAAQ,EAAE,KAAK,MAAM,KAAK,YAAY,MAAM,cAAc,CAAC,EAAE,CAAC;AAAA,MAC1E,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAOO,SAAS,sBACd,UACA,UACG;AACH,MAAI;AACJ,MAAI,YAAY;AAChB,QAAM,mBAAmB,IAAI,MAAM,2BAA2B;AAE9D,MAAI;AACF,aAAS,YAAY,CAAC,OAAO;AAC3B,eAAS,SAAS,EAAE;AACpB,kBAAY;AACZ,YAAM;AAAA,IACR,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,UAAU,kBAAkB;AAC9B,YAAM;AAAA,IACR;AAAA,EACF;AAEA,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,oDAAoD;AAAA,EACtE;AACA,SAAO;AACT;;;AC5JA,IAAM,sBAAsB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AASX,SAAS,QAAQ,MAAc;AAC7B,SAAO,IAAI,KAAK,WAAW,KAAK,IAAI,CAAC;AACvC;AAYO,SAAS,gBAAgB,MAIrB;AACT,QAAM,WAAqB,CAAC;AAE5B,QAAM,WAAW,KAAK,SAAS,UAAU,KAAK;AAC9C,MAAI,UAAU;AACZ,aAAS,KAAK,QAAQ;AAAA,EACxB;AACA,WAAS,KAAK,mBAAmB;AAEjC,aAAW,SAAS,KAAK,aAAa,cAAc;AAClD,UAAM,eAAe,KAAK,SAAS,SAAS,MAAM,aAAa;AAC/D,UAAM,UAAU,KAAK,QAAQ,qBAAqB,QAAQ,MAAM,aAAa,CAAC,GAAG;AAEjF,UAAM,QAAQ,CAAC,MAAM,MAAM,aAAa,EAAE;AAC1C,QAAI,cAAc,aAAa;AAC7B,YAAM,KAAK,IAAI,aAAa,YAAY,KAAK,CAAC;AAAA,IAChD;AACA,UAAM,KAAK,IAAI,UAAU;AACzB,eAAW,UAAU,SAAS;AAC5B,UAAI,OAAO,SAAS,YAAa;AACjC,YAAM,cAAc,cAAc,UAAU,OAAO,IAAI;AACvD,YAAM;AAAA,QACJ,OAAO,OAAO,IAAI,MAAM,OAAO,IAAI,GAAG,OAAO,UAAU,cAAc,EAAE,GAAG,cAAc,WAAM,WAAW,KAAK,EAAE;AAAA,MAClH;AAAA,IACF;AACA,aAAS,KAAK,MAAM,KAAK,IAAI,CAAC;AAAA,EAChC;AAEA,SAAO,SAAS,KAAK,MAAM;AAC7B;;;AC3BA,SAAS,SAAS,OAA2B;AAC3C,MAAI,SAAS;AACb,aAAW,QAAQ,OAAO;AACxB,cAAU,OAAO,aAAa,IAAI;AAAA,EACpC;AACA,SAAO,KAAK,MAAM;AACpB;AAEO,SAAS,iBAAiB,MAKlB;AACb,MAAI;AACJ,QAAM,QAAQ,iBAAiB,EAAE,UAAU,KAAK,SAAS,CAAC;AAC1D,QAAM,UAAU,KAAK,QAAQ,WAAW;AACxC,QAAM,eAAe,KAAK,QAAQ,gBAAgB;AAElD,SAAO;AAAA,IACL,eAAe;AACb,oBAAc,gBAAgB;AAAA,QAC5B,SAAS,CAAC,QAAQ,KAAK,SAAS,QAAiC,EAAE,KAAK,YAAY,CAAC,EAAE,CAAC,EAAE;AAAA,QAC1F,cAAc,KAAK;AAAA,QACnB,SAAS,KAAK;AAAA,MAChB,CAAC;AACD,aAAO;AAAA,IACT;AAAA,IACA,MAAM,OAAO;AACX,UAAI;AACJ,UAAI;AACF,qBAAa,MAAM,QAAiC,KAAK,EAAE;AAAA,MAC7D,SAAS,OAAO;AACd,YAAI,iBAAiB,iBAAiB;AACpC,iBAAO,EAAE,OAAO,MAAM,QAAQ;AAAA,QAChC;AACA,cAAM;AAAA,MACR;AAEA,UAAI,YAAY,WAAW,SAAS;AAEpC,eAAS,UAAU,OAAyB;AAC1C,YAAI,iBAAiB,YAAY;AAE/B,cAAI,KAAK,KAAK,MAAM,aAAa,CAAC,IAAI,KAAK,cAAc;AACvD,mBAAO,gBAAgB,SAAS,KAAK,CAAC;AAAA,UACxC;AACA,sBAAY;AACZ,iBAAO,SAAS,MAAM,UAAU;AAAA,QAClC;AACA,YAAI,OAAO,UAAU,YAAY,MAAM,SAAS,cAAc;AAC5D,sBAAY;AACZ,iBAAO,GAAG,MAAM,MAAM,GAAG,YAAY,CAAC;AAAA,QACxC;AACA,eAAO;AAAA,MACT;AAEA,YAAM,OAAO,WACV,MAAM,GAAG,OAAO,EAChB,IAAI,CAAC,QAAQ,OAAO,YAAY,OAAO,QAAQ,GAAG,EAAE,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC;AAE5G,aAAO,EAAE,MAAM,UAAU,WAAW,QAAQ,UAAU;AAAA,IACxD;AAAA,EACF;AACF;;;AC/GA,SAAS,YAA0B,YAAY;AAc/C,IAAM,mBAAmB,WAAkC;AAAA,EACzD,MAAM;AAAA,EACN,YAAY,CAAC;AAAA,EACb,sBAAsB;AACxB,CAAC;AAED,IAAM,mBAAmB,WAAoD;AAAA,EAC3E,MAAM;AAAA,EACN,YAAY;AAAA,IACV,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aACE;AAAA,IACJ;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,OAAO,EAAE,MAAM,CAAC,UAAU,UAAU,WAAW,MAAM,EAAE;AAAA,MACvD,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,UAAU,CAAC,KAAK;AAAA,EAChB,sBAAsB;AACxB,CAAC;AAMM,SAAS,cAAc,MAA8D;AAC1F,SAAO;AAAA,IACL,aAAa,KAAK;AAAA,MAChB,aACE;AAAA,MACF,aAAa;AAAA,MACb,SAAS,YAAY;AACnB,cAAM,SAAS,MAAM,KAAK,OAAO;AACjC,eAAO,MAAM,OAAO,aAAa;AAAA,MACnC;AAAA,IACF,CAAC;AAAA,IACD,SAAS,KAAK;AAAA,MACZ,aACE;AAAA,MACF,aAAa;AAAA,MACb,SAAS,OAAO,EAAE,KAAK,WAAW,MAAM;AACtC,cAAM,SAAS,MAAM,KAAK,OAAO;AACjC,eAAO,MAAM,OAAO,MAAM,EAAE,KAAK,WAAW,CAAC;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sqlite-sync/ai",
3
- "version": "0.5.0",
3
+ "version": "0.6.0",
4
4
  "description": "AI agent tools for @sqlite-sync databases",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -31,7 +31,7 @@
31
31
  "dist"
32
32
  ],
33
33
  "peerDependencies": {
34
- "@sqlite-sync/core": "^0.5.0",
34
+ "@sqlite-sync/core": "^0.6.0",
35
35
  "ai": "^6.0.0"
36
36
  },
37
37
  "devDependencies": {
@@ -39,7 +39,7 @@
39
39
  "tsup": "^8.3.5",
40
40
  "typescript": "~6.0.3",
41
41
  "vitest": "^4.1.8",
42
- "@sqlite-sync/core": "0.5.0"
42
+ "@sqlite-sync/core": "0.6.0"
43
43
  },
44
44
  "scripts": {
45
45
  "build": "tsup",