@stratum-hq/lib 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/dist/__tests__/migrate-schemas.test.d.ts +2 -0
  2. package/dist/__tests__/migrate-schemas.test.d.ts.map +1 -0
  3. package/dist/__tests__/migrate-schemas.test.js +225 -0
  4. package/dist/__tests__/migrate-schemas.test.js.map +1 -0
  5. package/dist/__tests__/stratum-als.test.d.ts +2 -0
  6. package/dist/__tests__/stratum-als.test.d.ts.map +1 -0
  7. package/dist/__tests__/stratum-als.test.js +49 -0
  8. package/dist/__tests__/stratum-als.test.js.map +1 -0
  9. package/dist/crypto.d.ts.map +1 -1
  10. package/dist/crypto.js +9 -3
  11. package/dist/crypto.js.map +1 -1
  12. package/dist/index.d.ts +1 -0
  13. package/dist/index.d.ts.map +1 -1
  14. package/dist/index.js +3 -1
  15. package/dist/index.js.map +1 -1
  16. package/dist/migrate-schemas.d.ts +22 -0
  17. package/dist/migrate-schemas.d.ts.map +1 -0
  18. package/dist/migrate-schemas.js +128 -0
  19. package/dist/migrate-schemas.js.map +1 -0
  20. package/dist/migrations/001_init.sql +12 -3
  21. package/dist/services/event-service.d.ts +7 -0
  22. package/dist/services/event-service.d.ts.map +1 -1
  23. package/dist/services/event-service.js +2 -0
  24. package/dist/services/event-service.js.map +1 -1
  25. package/dist/stratum.d.ts +16 -3
  26. package/dist/stratum.d.ts.map +1 -1
  27. package/dist/stratum.js +30 -23
  28. package/dist/stratum.js.map +1 -1
  29. package/package.json +20 -1
  30. package/dist/migrations/migrations/001_init.sql +0 -145
  31. package/dist/migrations/migrations/002_schema_isolation.sql +0 -6
  32. package/dist/migrations/migrations/003_db_isolation.sql +0 -12
  33. package/dist/migrations/migrations/004_webhooks.sql +0 -53
  34. package/dist/migrations/migrations/005_audit_logs.sql +0 -21
  35. package/dist/migrations/migrations/006_api_key_scopes.sql +0 -2
  36. package/dist/migrations/migrations/007_sensitive_config.sql +0 -1
  37. package/dist/migrations/migrations/008_api_key_management.sql +0 -7
  38. package/dist/migrations/migrations/009_consent.sql +0 -18
  39. package/dist/migrations/migrations/010_multi_region.sql +0 -19
  40. package/dist/migrations/migrations/011_demo_bootstrap.sql +0 -5
  41. package/dist/migrations/migrations/012_roles.sql +0 -18
  42. package/dist/migrations/migrations/013_api_key_hmac.sql +0 -4
  43. package/dist/migrations/migrations/014_sort_order.sql +0 -5
  44. package/dist/migrations/migrations/015_region_url_encryption.sql +0 -5
  45. package/dist/migrations/migrations/016_migration_alias.sql +0 -8
  46. /package/dist/migrations/{migrations/017_abac_policies.sql → 017_abac_policies.sql} +0 -0
@@ -1,7 +0,0 @@
1
- -- Add expiration and rate limit columns to api_keys
2
- ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS expires_at TIMESTAMPTZ;
3
- ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS rate_limit_max INTEGER;
4
- ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS rate_limit_window TEXT;
5
-
6
- CREATE INDEX idx_api_keys_expires ON api_keys(expires_at) WHERE expires_at IS NOT NULL;
7
- CREATE INDEX idx_api_keys_last_used ON api_keys(last_used_at);
@@ -1,18 +0,0 @@
1
- CREATE TABLE IF NOT EXISTS consent_records (
2
- id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
3
- tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
4
- subject_id TEXT NOT NULL,
5
- purpose TEXT NOT NULL,
6
- granted BOOLEAN NOT NULL DEFAULT true,
7
- granted_at TIMESTAMPTZ DEFAULT now(),
8
- revoked_at TIMESTAMPTZ,
9
- expires_at TIMESTAMPTZ,
10
- metadata JSONB DEFAULT '{}',
11
- created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
12
- updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
13
- UNIQUE(tenant_id, subject_id, purpose)
14
- );
15
-
16
- CREATE INDEX IF NOT EXISTS idx_consent_tenant ON consent_records(tenant_id);
17
- CREATE INDEX IF NOT EXISTS idx_consent_subject ON consent_records(subject_id);
18
- CREATE INDEX IF NOT EXISTS idx_consent_purpose ON consent_records(purpose);
@@ -1,19 +0,0 @@
1
- CREATE TABLE IF NOT EXISTS regions (
2
- id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
3
- display_name TEXT NOT NULL,
4
- slug TEXT NOT NULL UNIQUE,
5
- control_plane_url TEXT,
6
- database_url TEXT,
7
- is_primary BOOLEAN NOT NULL DEFAULT false,
8
- status TEXT NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'draining', 'inactive')),
9
- metadata JSONB DEFAULT '{}',
10
- created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
11
- updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
12
- );
13
-
14
- CREATE INDEX IF NOT EXISTS idx_regions_slug ON regions(slug);
15
- CREATE INDEX IF NOT EXISTS idx_regions_status ON regions(status);
16
-
17
- -- Add region_id to tenants (nullable for backward compat)
18
- ALTER TABLE tenants ADD COLUMN IF NOT EXISTS region_id UUID REFERENCES regions(id);
19
- CREATE INDEX IF NOT EXISTS idx_tenants_region ON tenants(region_id);
@@ -1,5 +0,0 @@
1
- -- Migration 011: Demo bootstrap
2
- -- REMOVED: Demo API key seeding moved to packages/demo/api/src/seed.ts
3
- -- The original migration inserted a hardcoded API key (sk_live_demo_key)
4
- -- with global admin access, which is a security risk in production.
5
- -- Demo data is now seeded via the demo seed script only.
@@ -1,18 +0,0 @@
1
- -- 012: Role-Based Access Control (RBAC)
2
- -- Roles define named collections of scopes that can be assigned to API keys.
3
-
4
- CREATE TABLE IF NOT EXISTS roles (
5
- id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
6
- name TEXT NOT NULL UNIQUE,
7
- description TEXT,
8
- scopes TEXT[] NOT NULL DEFAULT ARRAY['read'],
9
- tenant_id UUID REFERENCES tenants(id) ON DELETE CASCADE,
10
- created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
11
- updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
12
- );
13
-
14
- -- Index for tenant-scoped role lookups
15
- CREATE INDEX IF NOT EXISTS idx_roles_tenant_id ON roles (tenant_id);
16
-
17
- -- Add role_id column to api_keys
18
- ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS role_id UUID REFERENCES roles(id) ON DELETE SET NULL;
@@ -1,4 +0,0 @@
1
- -- Add hash_version column to distinguish SHA-256 (legacy) from HMAC-SHA256 hashes.
2
- -- 1 = SHA-256 (legacy), 2 = HMAC-SHA256 (current).
3
- -- Existing keys default to version 1; new keys will be created with version 2.
4
- ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS hash_version SMALLINT NOT NULL DEFAULT 1;
@@ -1,5 +0,0 @@
1
- -- Add sort_order column for sibling reordering
2
- ALTER TABLE tenants ADD COLUMN IF NOT EXISTS sort_order INTEGER NOT NULL DEFAULT 0;
3
-
4
- -- Index for efficient ordering queries
5
- CREATE INDEX IF NOT EXISTS idx_tenant_sort_order ON tenants(parent_id, sort_order);
@@ -1,5 +0,0 @@
1
- -- Encrypt database_url column in regions table
2
- -- Existing plaintext URLs will need to be migrated via the key rotation service
3
- ALTER TABLE regions RENAME COLUMN database_url TO database_url_encrypted;
4
- -- Add a comment to remind developers this column is encrypted
5
- COMMENT ON COLUMN regions.database_url_encrypted IS 'AES-256-GCM encrypted PostgreSQL connection string. Use encrypt()/decrypt() from @stratum-hq/lib.';
@@ -1,8 +0,0 @@
1
- -- Handle migration renaming: 002_sort_order.sql → 014_sort_order.sql
2
- -- If an existing deployment already applied 002_sort_order.sql, record the
3
- -- new name so the migration runner doesn't try to re-apply it.
4
- INSERT INTO _migrations (name, applied_at)
5
- SELECT '014_sort_order.sql', applied_at
6
- FROM _migrations
7
- WHERE name = '002_sort_order.sql'
8
- ON CONFLICT DO NOTHING;