npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.21 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.21 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/dist/core/objects/table/changes/table.security-label.js ADDED Viewed

@@ -0,0 +1,134 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreateTableChange, DropTableChange } from "./table.base.js";
+/**
+ * SECURITY LABEL FOR <provider> ON TABLE <schema>.<table> IS <literal>
+ */
+export class CreateSecurityLabelOnTable extends CreateTableChange {
+    table;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.table = props.table;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.table.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TABLE",
+            `${this.table.schema}.${this.table.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnTable extends DropTableChange {
+    table;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.table = props.table;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+            this.table.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TABLE",
+            `${this.table.schema}.${this.table.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}
+/**
+ * SECURITY LABEL FOR <provider> ON COLUMN <schema>.<table>.<column> IS <literal>
+ */
+export class CreateSecurityLabelOnColumn extends CreateTableChange {
+    table;
+    column;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.table = props.table;
+        this.column = props.column;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        const columnStableId = stableId.column(this.table.schema, this.table.name, this.column.name);
+        return [
+            stableId.securityLabel(columnStableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.column(this.table.schema, this.table.name, this.column.name),
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON COLUMN",
+            `${this.table.schema}.${this.table.name}.${this.column.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnColumn extends DropTableChange {
+    table;
+    column;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.table = props.table;
+        this.column = props.column;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        const columnStableId = stableId.column(this.table.schema, this.table.name, this.column.name);
+        return [
+            stableId.securityLabel(columnStableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        const columnStableId = stableId.column(this.table.schema, this.table.name, this.column.name);
+        return [
+            stableId.securityLabel(columnStableId, this.securityLabel.provider),
+            columnStableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON COLUMN",
+            `${this.table.schema}.${this.table.name}.${this.column.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/table/changes/table.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentTable } from "./table.comment.ts";
 import type { CreateTable } from "./table.create.ts";
 import type { DropTable } from "./table.drop.ts";
 import type { TablePrivilege } from "./table.privilege.ts";
+import type { SecurityLabelTable } from "./table.security-label.ts";
 /** Union of all table-related change variants (`objectType: "table"`). @category Change Types */
-export type TableChange = AlterTable | CommentTable | CreateTable | DropTable | TablePrivilege;
+export type TableChange = AlterTable | CommentTable | CreateTable | DropTable | TablePrivilege | SecurityLabelTable;

package/dist/core/objects/table/table.diff.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { diffObjects } from "../base.diff.js";
 import { diffPrivileges, emitColumnPrivilegeChanges, } from "../base.privilege-diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual } from "../utils.js";
 import { AlterTableAddColumn, AlterTableAddConstraint, AlterTableAlterColumnAddIdentity, AlterTableAlterColumnDropDefault, AlterTableAlterColumnDropIdentity, AlterTableAlterColumnDropNotNull, AlterTableAlterColumnSetDefault, AlterTableAlterColumnSetGenerated, AlterTableAlterColumnSetNotNull, AlterTableAlterColumnType, AlterTableAttachPartition, AlterTableChangeOwner, AlterTableDetachPartition, AlterTableDisableRowLevelSecurity, AlterTableDropColumn, AlterTableDropConstraint, AlterTableEnableRowLevelSecurity, AlterTableForceRowLevelSecurity, AlterTableNoForceRowLevelSecurity, AlterTableResetStorageParams, AlterTableSetLogged, AlterTableSetReplicaIdentity, AlterTableSetStorageParams, AlterTableSetUnlogged, AlterTableValidateConstraint, } from "./changes/table.alter.js";
 import { CreateCommentOnColumn, CreateCommentOnConstraint, CreateCommentOnTable, DropCommentOnColumn, DropCommentOnConstraint, DropCommentOnTable, } from "./changes/table.comment.js";
 import { CreateTable } from "./changes/table.create.js";
 import { DropTable } from "./changes/table.drop.js";
 import { GrantTablePrivileges, RevokeGrantOptionTablePrivileges, RevokeTablePrivileges, } from "./changes/table.privilege.js";
+import { CreateSecurityLabelOnColumn, CreateSecurityLabelOnTable, DropSecurityLabelOnColumn, DropSecurityLabelOnTable, } from "./changes/table.security-label.js";
 import { Table } from "./table.model.js";
 function createAlterConstraintChange(mainTable, branchTable) {
     const changes = [];
@@ -152,13 +154,11 @@ export function diffTables(ctx, main, branch) {
         }
         // REPLICA IDENTITY: If non-default, emit ALTER TABLE ... REPLICA IDENTITY
         if (branchTable.replica_identity !== "d") {
-            // Skip 'i' (USING INDEX) — handled by index changes
-            if (branchTable.replica_identity !== "i") {
-                changes.push(new AlterTableSetReplicaIdentity({
-                    table: branchTable,
-                    mode: branchTable.replica_identity,
-                }));
-            }
+            changes.push(new AlterTableSetReplicaIdentity({
+                table: branchTable,
+                mode: branchTable.replica_identity,
+                indexName: branchTable.replica_identity_index,
+            }));
         }
         changes.push(...createAlterConstraintChange(
         // Create a dummy table with no constraints do diff constraints against
@@ -176,6 +176,23 @@ export function diffTables(ctx, main, branch) {
                 changes.push(new CreateCommentOnColumn({ table: branchTable, column: col }));
             }
         }
+        // Table security labels on creation
+        for (const label of branchTable.security_labels) {
+            changes.push(new CreateSecurityLabelOnTable({
+                table: branchTable,
+                securityLabel: label,
+            }));
+        }
+        // Column security labels on creation
+        for (const col of branchTable.columns) {
+            for (const label of col.security_labels ?? []) {
+                changes.push(new CreateSecurityLabelOnColumn({
+                    table: branchTable,
+                    column: col,
+                    securityLabel: label,
+                }));
+            }
+        }
         // PRIVILEGES: For created objects, compare against default privileges state
         // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
         // so objects are created with the default privileges state in effect.
@@ -261,14 +278,20 @@ export function diffTables(ctx, main, branch) {
             }
         }
         // REPLICA IDENTITY
-        if (mainTable.replica_identity !== branchTable.replica_identity) {
-            // Skip when target is 'i' (USING INDEX) — handled by index changes
-            if (branchTable.replica_identity !== "i") {
-                changes.push(new AlterTableSetReplicaIdentity({
-                    table: mainTable,
-                    mode: branchTable.replica_identity,
-                }));
-            }
+        // Re-emit when the mode changes, or when staying in 'i' mode but pointing
+        // at a different index. The index named on the branch must already exist
+        // before this ALTER runs; AlterTableSetReplicaIdentity declares that
+        // dependency in its `requires`.
+        const replicaIdentityChanged = mainTable.replica_identity !== branchTable.replica_identity ||
+            (branchTable.replica_identity === "i" &&
+                mainTable.replica_identity_index !==
+                    branchTable.replica_identity_index);
+        if (replicaIdentityChanged) {
+            changes.push(new AlterTableSetReplicaIdentity({
+                table: mainTable,
+                mode: branchTable.replica_identity,
+                indexName: branchTable.replica_identity_index,
+            }));
         }
         // OWNER
         if (mainTable.owner !== branchTable.owner) {
@@ -286,6 +309,14 @@ export function diffTables(ctx, main, branch) {
                 changes.push(new CreateCommentOnTable({ table: branchTable }));
             }
         }
+        // TABLE SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainTable.security_labels, branchTable.security_labels, (securityLabel) => new CreateSecurityLabelOnTable({
+            table: branchTable,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnTable({
+            table: mainTable,
+            securityLabel,
+        })));
         // PARTITION ATTACH/DETACH
         const mainIsPartition = Boolean(mainTable.parent_schema && mainTable.parent_name);
         const branchIsPartition = Boolean(branchTable.parent_schema && branchTable.parent_name);
@@ -592,6 +623,28 @@ export function diffTables(ctx, main, branch) {
                     }));
                 }
             }
+            // SECURITY LABELS on column
+            changes.push(...diffSecurityLabels(mainCol.security_labels ?? [], branchCol.security_labels ?? [], (securityLabel) => new CreateSecurityLabelOnColumn({
+                table: branchTable,
+                column: branchCol,
+                securityLabel,
+            }), (securityLabel) => new DropSecurityLabelOnColumn({
+                table: mainTable,
+                column: mainCol,
+                securityLabel,
+            })));
+        }
+        // Added columns with security labels (for created columns on existing tables)
+        for (const [name, col] of branchCols) {
+            if (!mainCols.has(name)) {
+                for (const label of col.security_labels ?? []) {
+                    changes.push(new CreateSecurityLabelOnColumn({
+                        table: branchTable,
+                        column: col,
+                        securityLabel: label,
+                    }));
+                }
+            }
         }
         // PRIVILEGES (unified object and column privileges)
         // Filter out owner privileges - owner always has ALL privileges implicitly

package/dist/core/objects/table/table.model.d.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel, type TableLikeObject } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
+import { type ExtractRetryOptions } from "../extract-with-retry.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 export declare const ReplicaIdentitySchema: z.ZodEnum<{
     n: "n";
     i: "i";
@@ -85,6 +87,7 @@ declare const tablePropsSchema: z.ZodObject<{
         d: "d";
         f: "f";
     }>;
+    replica_identity_index: z.ZodOptional<z.ZodNullable<z.ZodString>>;
     is_partition: z.ZodBoolean;
     options: z.ZodNullable<z.ZodArray<z.ZodString>>;
     partition_bound: z.ZodNullable<z.ZodString>;
@@ -110,6 +113,10 @@ declare const tablePropsSchema: z.ZodObject<{
         collation: z.ZodNullable<z.ZodString>;
         default: z.ZodNullable<z.ZodString>;
         comment: z.ZodNullable<z.ZodString>;
+        security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            provider: z.ZodString;
+            label: z.ZodString;
+        }, z.z.core.$strip>>>;
     }, z.z.core.$strip>>;
     constraints: z.ZodOptional<z.ZodArray<z.ZodObject<{
         name: z.ZodString;
@@ -172,8 +179,16 @@ declare const tablePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type TablePrivilegeProps = PrivilegeProps;
+/**
+ * Table input props. `security_labels` is optional on direct construction
+ * (defaults to `[]`); extraction always produces it via the Zod default.
+ */
 export type TableProps = z.infer<typeof tablePropsSchema>;
 export declare class Table extends BasePgModel implements TableLikeObject {
     readonly schema: TableProps["schema"];
@@ -187,6 +202,7 @@ export declare class Table extends BasePgModel implements TableLikeObject {
     readonly has_subclasses: TableProps["has_subclasses"];
     readonly is_populated: TableProps["is_populated"];
     readonly replica_identity: TableProps["replica_identity"];
+    readonly replica_identity_index: TableProps["replica_identity_index"];
     readonly is_partition: TableProps["is_partition"];
     readonly options: TableProps["options"];
     readonly partition_bound: TableProps["partition_bound"];
@@ -198,6 +214,7 @@ export declare class Table extends BasePgModel implements TableLikeObject {
     readonly columns: TableProps["columns"];
     readonly constraints: TableConstraintProps[];
     readonly privileges: TablePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: TableProps);
     get stableId(): `table:${string}`;
     get identityFields(): {
@@ -209,6 +226,7 @@ export declare class Table extends BasePgModel implements TableLikeObject {
         row_security: boolean;
         force_row_security: boolean;
         replica_identity: "n" | "i" | "d" | "f";
+        replica_identity_index: string | null | undefined;
         options: string[] | null;
         parent_schema: string | null;
         parent_name: string | null;
@@ -232,6 +250,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
             collation: string | null;
             default: string | null;
             comment: string | null;
+            security_labels?: {
+                provider: string;
+                label: string;
+            }[] | undefined;
         }[];
         constraints: {
             name: string;
@@ -270,6 +292,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -293,6 +319,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
                 collation: string | null;
                 default: string | null;
                 comment: string | null;
+                security_labels?: {
+                    provider: string;
+                    label: string;
+                }[] | undefined;
             }[];
             options: string[] | null;
             constraints: {
@@ -332,10 +362,15 @@ export declare class Table extends BasePgModel implements TableLikeObject {
                 grantable: boolean;
                 columns: string[] | null | undefined;
             }[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             persistence: "u" | "t" | "p";
             row_security: boolean;
             force_row_security: boolean;
             replica_identity: "n" | "i" | "d" | "f";
+            replica_identity_index: string | null | undefined;
             parent_schema: string | null;
             parent_name: string | null;
             partition_bound: string | null;
@@ -344,5 +379,5 @@ export declare class Table extends BasePgModel implements TableLikeObject {
         };
     };
 }
-export declare function extractTables(pool: Pool): Promise<Table[]>;
+export declare function extractTables(pool: Pool, options?: ExtractRetryOptions): Promise<Table[]>;
 export {};

package/dist/core/objects/table/table.model.js CHANGED Viewed

@@ -3,6 +3,8 @@ import z from "zod";
 import { BasePgModel, columnPropsSchema, normalizeColumns, } from "../base.model.js";
 import { normalizePrivileges } from "../base.privilege.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
+import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../security-label.types.js";
 const RelationPersistenceSchema = z.enum([
     "p", // permanent
     "u", // unlogged
@@ -65,6 +67,14 @@ const tableConstraintPropsSchema = z.object({
     definition: z.string(),
     comment: z.string().nullable().optional(),
 });
+// pg_get_constraintdef(oid, pretty) can return NULL under the same conditions
+// as pg_get_indexdef: races with concurrent DDL, transient catalog
+// inconsistencies, recovery edges. An unreadable constraint cannot be diffed,
+// so we accept NULL here and filter the constraint out at extraction time
+// rather than crashing the whole catalog parse with a ZodError.
+const tableConstraintRowSchema = tableConstraintPropsSchema.extend({
+    definition: z.string().nullable(),
+});
 const tablePropsSchema = z.object({
     schema: z.string(),
     name: z.string(),
@@ -77,6 +87,7 @@ const tablePropsSchema = z.object({
     has_subclasses: z.boolean(),
     is_populated: z.boolean(),
     replica_identity: ReplicaIdentitySchema,
+    replica_identity_index: z.string().nullable().optional(),
     is_partition: z.boolean(),
     options: z.array(z.string()).nullable(),
     partition_bound: z.string().nullable(),
@@ -88,6 +99,10 @@ const tablePropsSchema = z.object({
     columns: z.array(columnPropsSchema),
     constraints: z.array(tableConstraintPropsSchema).optional(),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
+});
+const tableRowSchema = tablePropsSchema.extend({
+    constraints: z.array(tableConstraintRowSchema).optional(),
 });
 export class Table extends BasePgModel {
     schema;
@@ -101,6 +116,7 @@ export class Table extends BasePgModel {
     has_subclasses;
     is_populated;
     replica_identity;
+    replica_identity_index;
     is_partition;
     options;
     partition_bound;
@@ -112,6 +128,7 @@ export class Table extends BasePgModel {
     columns;
     constraints;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -127,6 +144,7 @@ export class Table extends BasePgModel {
         this.has_subclasses = props.has_subclasses;
         this.is_populated = props.is_populated;
         this.replica_identity = props.replica_identity;
+        this.replica_identity_index = props.replica_identity_index ?? null;
         this.is_partition = props.is_partition;
         this.options = props.options;
         this.partition_bound = props.partition_bound;
@@ -138,6 +156,7 @@ export class Table extends BasePgModel {
         this.columns = props.columns;
         this.constraints = props.constraints ?? [];
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `table:${this.schema}.${this.name}`;
@@ -155,6 +174,7 @@ export class Table extends BasePgModel {
             row_security: this.row_security,
             force_row_security: this.force_row_security,
             replica_identity: this.replica_identity,
+            replica_identity_index: this.replica_identity_index,
             options: this.options,
             // Partition membership can be altered via ATTACH/DETACH
             parent_schema: this.parent_schema,
@@ -165,6 +185,7 @@ export class Table extends BasePgModel {
             columns: this.columns,
             constraints: this.constraints,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -181,12 +202,18 @@ export class Table extends BasePgModel {
                 options: this.options ? [...this.options].sort() : this.options,
                 constraints: normalizeConstraints(),
                 privileges: normalizePrivileges(this.privileges),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
 }
-export async function extractTables(pool) {
-    const { rows: tableRows } = await pool.query(sql `
+export async function extractTables(pool, options) {
+    const tableRows = await extractWithDefinitionRetry({
+        label: "table constraints",
+        options,
+        hasNullDefinition: (row) => row.constraints?.some((c) => c.definition === null) ?? false,
+        query: async () => {
+            const result = await pool.query(sql `
 with extension_oids as (
   select objid
   from pg_depend d
@@ -205,6 +232,14 @@ with extension_oids as (
     c.relhassubclass as has_subclasses,
     c.relispopulated as is_populated,
     c.relreplident as replica_identity,
+    (
+      select quote_ident(ri_class.relname)
+      from pg_index ri
+      join pg_class ri_class on ri_class.oid = ri.indexrelid
+      where ri.indrelid = c.oid
+        and ri.indisreplident is true
+      limit 1
+    ) as replica_identity_index,
     c.relispartition as is_partition,
     c.reloptions as options,
     pg_get_expr(c.relpartbound, c.oid) as partition_bound,
@@ -235,6 +270,7 @@ select
   t.has_subclasses,
   t.is_populated,
   t.replica_identity,
+  t.replica_identity_index,
   t.is_partition,
   t.options,
   t.partition_bound,
@@ -375,7 +411,20 @@ select
             and a.attcollation <> t2.typcollation
         ),
         'default', pg_get_expr(ad.adbin, ad.adrelid),
-        'comment', col_description(a.attrelid, a.attnum)
+        'comment', col_description(a.attrelid, a.attnum),
+        'security_labels', coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = t.oid
+              and sl.classoid = 'pg_class'::regclass
+              and sl.objsubid = a.attnum
+          ),
+          '[]'::json
+        )
       )
     end
     order by a.attnum
@@ -415,18 +464,36 @@ select
       join lateral aclexplode(src.acl) as x(grantor, grantee, privilege_type, is_grantable) on true
       group by x.grantee, x.privilege_type
     ) as grp
-  ), '[]') as privileges
+  ), '[]') as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = t.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   tables t
   left join pg_attribute a on a.attrelid = t.oid and a.attnum > 0 and not a.attisdropped
   left join pg_attrdef ad on a.attrelid = ad.adrelid and a.attnum = ad.adnum
   left join pg_type ty on ty.oid = a.atttypid
 group by
-  t.oid, t.schema, t.name, t.persistence, t.row_security, t.force_row_security, t.has_indexes, t.has_rules, t.has_triggers, t.has_subclasses, t.is_populated, t.replica_identity, t.is_partition, t.options, t.partition_bound, t.partition_by, t.owner, t.parent_schema, t.parent_name
+  t.oid, t.schema, t.name, t.persistence, t.row_security, t.force_row_security, t.has_indexes, t.has_rules, t.has_triggers, t.has_subclasses, t.is_populated, t.replica_identity, t.replica_identity_index, t.is_partition, t.options, t.partition_bound, t.partition_by, t.owner, t.parent_schema, t.parent_name
 order by
   t.schema, t.name
   `);
-    // Validate and parse each row using the Zod schema
-    const validatedRows = tableRows.map((row) => tablePropsSchema.parse(row));
+            return result.rows.map((row) => tableRowSchema.parse(row));
+        },
+    });
+    const validatedRows = tableRows.map((row) => {
+        const filteredConstraints = row.constraints?.filter((c) => c.definition !== null);
+        return { ...row, constraints: filteredConstraints };
+    });
     return validatedRows.map((row) => new Table(row));
 }

package/dist/core/objects/trigger/trigger.model.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel } from "../base.model.ts";
+import { type ExtractRetryOptions } from "../extract-with-retry.ts";
 declare const triggerPropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -97,5 +98,5 @@ export declare class Trigger extends BasePgModel {
         comment: string | null;
     };
 }
-export declare function extractTriggers(pool: Pool): Promise<Trigger[]>;
+export declare function extractTriggers(pool: Pool, options?: ExtractRetryOptions): Promise<Trigger[]>;
 export {};

package/dist/core/objects/trigger/trigger.model.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
+import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
 const TriggerEnabledSchema = z.enum([
     "O", // ORIGIN - trigger fires in "origin" and "local" replica modes
     "D", // DISABLED - trigger is disabled
@@ -41,6 +42,14 @@ const triggerPropsSchema = z.object({
     definition: z.string(),
     comment: z.string().nullable(),
 });
+// pg_get_triggerdef(oid, pretty) can return NULL when the trigger (its
+// pg_trigger row) is dropped between catalog scan and resolution, or under
+// transient catalog state. An unreadable trigger cannot be diffed, so we
+// accept NULL here and filter the row out at extraction time rather than
+// crashing the whole catalog parse with a ZodError.
+const triggerRowSchema = triggerPropsSchema.extend({
+    definition: z.string().nullable(),
+});
 export class Trigger extends BasePgModel {
     schema;
     name;
@@ -139,8 +148,13 @@ export class Trigger extends BasePgModel {
         };
     }
 }
-export async function extractTriggers(pool) {
-    const { rows: triggerRows } = await pool.query(sql `
+export async function extractTriggers(pool, options) {
+    const triggerRows = await extractWithDefinitionRetry({
+        label: "triggers",
+        options,
+        hasNullDefinition: (row) => row.definition === null,
+        query: async () => {
+            const result = await pool.query(sql `
       with extension_trigger_oids as (
         select objid
         from pg_depend d
@@ -245,7 +259,9 @@ export async function extractTriggers(pool) {
       order by 1, 2
   `);
-    // Validate and parse each row using the Zod schema
-    const validatedRows = triggerRows.map((row) => triggerPropsSchema.parse(row));
+            return result.rows.map((row) => triggerRowSchema.parse(row));
+        },
+    });
+    const validatedRows = triggerRows.filter((row) => row.definition !== null);
     return validatedRows.map((row) => new Trigger(row));
 }

package/dist/core/objects/type/composite-type/changes/composite-type.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../../base.change.ts";
 import type { CompositeType } from "../composite-type.model.ts";
 declare abstract class BaseCompositeTypeChange extends BaseChange {
     abstract readonly compositeType: CompositeType;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "composite_type";
 }
 export declare abstract class CreateCompositeTypeChange extends BaseCompositeTypeChange {