npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (220) hide show

package/dist/core/catalog.model.js CHANGED Viewed

@@ -157,6 +157,7 @@ export async function createEmptyCatalog(version, currentUser) {
         owner: currentUser,
         comment: "standard public schema",
         privileges: [],
+        security_labels: [],
     });
     return new Catalog({
         aggregates: {},

package/dist/core/integrations/filter/flatten.js CHANGED Viewed

@@ -75,6 +75,19 @@ export function flattenChange(change) {
                 }
             }
         }
+        else if (key === "securityLabel" &&
+            value &&
+            typeof value === "object" &&
+            !Array.isArray(value)) {
+            // Security labels are change-level metadata, so expose provider/label as
+            // bare keys for filters like { scope: "security_label", provider: "..." }.
+            for (const [subKey, subValue] of Object.entries(value)) {
+                const flatVal = toFlatValue(subValue);
+                if (flatVal !== undefined) {
+                    flat[subKey] = flatVal;
+                }
+            }
+        }
         else {
             const flatVal = toFlatValue(value);
             if (flatVal !== undefined) {

package/dist/core/objects/aggregate/aggregate.diff.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { diffObjects } from "../base.diff.js";
 import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../base.privilege-diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual, hasNonAlterableChanges } from "../utils.js";
 import { AlterAggregateChangeOwner } from "./changes/aggregate.alter.js";
 import { CreateCommentOnAggregate, DropCommentOnAggregate, } from "./changes/aggregate.comment.js";
 import { CreateAggregate } from "./changes/aggregate.create.js";
 import { DropAggregate } from "./changes/aggregate.drop.js";
 import { GrantAggregatePrivileges, RevokeAggregatePrivileges, RevokeGrantOptionAggregatePrivileges, } from "./changes/aggregate.privilege.js";
+import { CreateSecurityLabelOnAggregate, DropSecurityLabelOnAggregate, } from "./changes/aggregate.security-label.js";
 export function diffAggregates(ctx, main, branch) {
     const { created, dropped, altered } = diffObjects(main, branch);
     const changes = [];
@@ -23,6 +25,12 @@ export function diffAggregates(ctx, main, branch) {
         if (aggregate.comment !== null) {
             changes.push(new CreateCommentOnAggregate({ aggregate }));
         }
+        for (const label of aggregate.security_labels) {
+            changes.push(new CreateSecurityLabelOnAggregate({
+                aggregate,
+                securityLabel: label,
+            }));
+        }
         // PRIVILEGES: For created objects, compare against default privileges state
         // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
         // so objects are created with the default privileges state in effect.
@@ -113,6 +121,14 @@ export function diffAggregates(ctx, main, branch) {
                 changes.push(new CreateCommentOnAggregate({ aggregate: branchAggregate }));
             }
         }
+        // SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainAggregate.security_labels, branchAggregate.security_labels, (securityLabel) => new CreateSecurityLabelOnAggregate({
+            aggregate: branchAggregate,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnAggregate({
+            aggregate: mainAggregate,
+            securityLabel,
+        })));
         // PRIVILEGES
         // Filter out PUBLIC's built-in default EXECUTE privilege from main catalog
         // (PostgreSQL grants it automatically, so we shouldn't compare it)

package/dist/core/objects/aggregate/aggregate.model.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const aggregatePropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -71,6 +72,10 @@ declare const aggregatePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type AggregatePrivilegeProps = PrivilegeProps;
 type AggregateProps = z.infer<typeof aggregatePropsSchema>;
@@ -116,6 +121,7 @@ export declare class Aggregate extends BasePgModel {
     readonly owner: AggregateProps["owner"];
     readonly comment: AggregateProps["comment"];
     readonly privileges: AggregatePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: AggregateProps);
     get stableId(): `aggregate:${string}`;
     get identityFields(): {
@@ -168,6 +174,10 @@ export declare class Aggregate extends BasePgModel {
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
 }
 export declare function extractAggregates(pool: Pool): Promise<Aggregate[]>;

package/dist/core/objects/aggregate/aggregate.model.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
+import { securityLabelPropsSchema, } from "../security-label.types.js";
 const AggregateKindSchema = z.enum([
     "n", // normal aggregate
     "o", // ordered-set aggregate
@@ -66,6 +67,7 @@ const aggregatePropsSchema = z.object({
     owner: z.string(),
     comment: z.string().nullable(),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 export class Aggregate extends BasePgModel {
     schema;
@@ -109,6 +111,7 @@ export class Aggregate extends BasePgModel {
     owner;
     comment;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         this.schema = props.schema;
@@ -153,6 +156,7 @@ export class Aggregate extends BasePgModel {
         this.owner = props.owner;
         this.comment = props.comment;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         const normalized = this.identityArguments;
@@ -206,6 +210,7 @@ export class Aggregate extends BasePgModel {
             owner: this.owner,
             comment: this.comment,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
 }
@@ -275,7 +280,20 @@ select
       )
       from lateral aclexplode(COALESCE(p.proacl, acldefault('f', p.proowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
-  ) as privileges
+  ) as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = p.oid
+        and sl.classoid = 'pg_proc'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_proc p
   inner join pg_catalog.pg_aggregate a on a.aggfnoid = p.oid

package/dist/core/objects/aggregate/changes/aggregate.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { Aggregate } from "../aggregate.model.ts";
 declare abstract class BaseAggregateChange extends BaseChange {
     abstract readonly aggregate: Aggregate;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "aggregate";
 }
 export declare abstract class CreateAggregateChange extends BaseAggregateChange {

package/dist/core/objects/aggregate/changes/aggregate.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { Aggregate } from "../aggregate.model.ts";
+import { CreateAggregateChange, DropAggregateChange } from "./aggregate.base.ts";
+export type SecurityLabelAggregate = CreateSecurityLabelOnAggregate | DropSecurityLabelOnAggregate;
+export declare class CreateSecurityLabelOnAggregate extends CreateAggregateChange {
+    readonly aggregate: Aggregate;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        aggregate: Aggregate;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `aggregate:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnAggregate extends DropAggregateChange {
+    readonly aggregate: Aggregate;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        aggregate: Aggregate;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `aggregate:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/aggregate/changes/aggregate.security-label.js ADDED Viewed

@@ -0,0 +1,64 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreateAggregateChange, DropAggregateChange, } from "./aggregate.base.js";
+function aggregateIdentity(a) {
+    return `${a.schema}.${a.name}(${a.identityArguments})`;
+}
+export class CreateSecurityLabelOnAggregate extends CreateAggregateChange {
+    aggregate;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.aggregate = props.aggregate;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.aggregate.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.aggregate.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON AGGREGATE",
+            aggregateIdentity(this.aggregate),
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnAggregate extends DropAggregateChange {
+    aggregate;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.aggregate = props.aggregate;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.aggregate.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.aggregate.stableId, this.securityLabel.provider),
+            this.aggregate.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON AGGREGATE",
+            aggregateIdentity(this.aggregate),
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/aggregate/changes/aggregate.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentAggregate } from "./aggregate.comment.ts";
 import type { CreateAggregate } from "./aggregate.create.ts";
 import type { DropAggregate } from "./aggregate.drop.ts";
 import type { AggregatePrivilege } from "./aggregate.privilege.ts";
+import type { SecurityLabelAggregate } from "./aggregate.security-label.ts";
 /** Union of all aggregate-related change variants (`objectType: "aggregate"`). @category Change Types */
-export type AggregateChange = AlterAggregate | CommentAggregate | CreateAggregate | DropAggregate | AggregatePrivilege;
+export type AggregateChange = AlterAggregate | CommentAggregate | CreateAggregate | DropAggregate | AggregatePrivilege | SecurityLabelAggregate;

package/dist/core/objects/base.model.d.ts CHANGED Viewed

@@ -16,6 +16,10 @@ export declare const columnPropsSchema: z.ZodObject<{
     collation: z.ZodNullable<z.ZodString>;
     default: z.ZodNullable<z.ZodString>;
     comment: z.ZodNullable<z.ZodString>;
+    security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>;
 }, z.z.core.$strip>;
 export type ColumnProps = z.infer<typeof columnPropsSchema>;
 export declare function normalizeColumns(columns: ColumnProps[]): {
@@ -34,6 +38,10 @@ export declare function normalizeColumns(columns: ColumnProps[]): {
     collation: string | null;
     default: string | null;
     comment: string | null;
+    security_labels?: {
+        provider: string;
+        label: string;
+    }[] | undefined;
 }[];
 /**
  * Interface for table-like objects that have columns (tables, views, materialized views).

package/dist/core/objects/base.model.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import z from "zod";
+import { securityLabelPropsSchema } from "./security-label.types.js";
 import { deepEqual } from "./utils.js";
 export const columnPropsSchema = z.object({
     name: z.string(),
@@ -17,6 +18,7 @@ export const columnPropsSchema = z.object({
     collation: z.string().nullable(),
     default: z.string().nullable(),
     comment: z.string().nullable(),
+    security_labels: z.array(securityLabelPropsSchema).optional(),
 });
 export function normalizeColumns(columns) {
     return columns

package/dist/core/objects/domain/changes/domain.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { Domain } from "../domain.model.ts";
 declare abstract class BaseDomainChange extends BaseChange {
     abstract readonly domain: Domain;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "domain";
 }
 export declare abstract class CreateDomainChange extends BaseDomainChange {

package/dist/core/objects/domain/changes/domain.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { Domain } from "../domain.model.ts";
+import { CreateDomainChange, DropDomainChange } from "./domain.base.ts";
+export type SecurityLabelDomain = CreateSecurityLabelOnDomain | DropSecurityLabelOnDomain;
+export declare class CreateSecurityLabelOnDomain extends CreateDomainChange {
+    readonly domain: Domain;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        domain: Domain;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `domain:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnDomain extends DropDomainChange {
+    readonly domain: Domain;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        domain: Domain;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `domain:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/domain/changes/domain.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreateDomainChange, DropDomainChange } from "./domain.base.js";
+export class CreateSecurityLabelOnDomain extends CreateDomainChange {
+    domain;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.domain = props.domain;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.domain.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON DOMAIN",
+            `${this.domain.schema}.${this.domain.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnDomain extends DropDomainChange {
+    domain;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.domain = props.domain;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+            this.domain.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON DOMAIN",
+            `${this.domain.schema}.${this.domain.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/domain/changes/domain.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentDomain } from "./domain.comment.ts";
 import type { CreateDomain } from "./domain.create.ts";
 import type { DropDomain } from "./domain.drop.ts";
 import type { DomainPrivilege } from "./domain.privilege.ts";
+import type { SecurityLabelDomain } from "./domain.security-label.ts";
 /** Union of all domain-related change variants (`objectType: "domain"`). @category Change Types */
-export type DomainChange = AlterDomain | CommentDomain | CreateDomain | DropDomain | DomainPrivilege;
+export type DomainChange = AlterDomain | CommentDomain | CreateDomain | DropDomain | DomainPrivilege | SecurityLabelDomain;

package/dist/core/objects/domain/domain.diff.js CHANGED Viewed

@@ -1,10 +1,12 @@
 import { diffObjects } from "../base.diff.js";
 import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../base.privilege-diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { AlterDomainAddConstraint, AlterDomainChangeOwner, AlterDomainDropConstraint, AlterDomainDropDefault, AlterDomainDropNotNull, AlterDomainSetDefault, AlterDomainSetNotNull, AlterDomainValidateConstraint, } from "./changes/domain.alter.js";
 import { CreateCommentOnDomain, DropCommentOnDomain, } from "./changes/domain.comment.js";
 import { CreateDomain } from "./changes/domain.create.js";
 import { DropDomain } from "./changes/domain.drop.js";
 import { GrantDomainPrivileges, RevokeDomainPrivileges, RevokeGrantOptionDomainPrivileges, } from "./changes/domain.privilege.js";
+import { CreateSecurityLabelOnDomain, DropSecurityLabelOnDomain, } from "./changes/domain.security-label.js";
 /**
  * Diff two sets of domains from main and branch catalogs.
  *
@@ -30,6 +32,12 @@ export function diffDomains(ctx, main, branch) {
         if (newDomain.comment !== null) {
             changes.push(new CreateCommentOnDomain({ domain: newDomain }));
         }
+        for (const label of newDomain.security_labels) {
+            changes.push(new CreateSecurityLabelOnDomain({
+                domain: newDomain,
+                securityLabel: label,
+            }));
+        }
         // For unvalidated constraints, CREATE DOMAIN cannot specify NOT VALID.
         // Add them after creation and validate to match branch state semantics.
         // For already validated constraints, they are emitted inline in CREATE DOMAIN.
@@ -164,6 +172,14 @@ export function diffDomains(ctx, main, branch) {
                 changes.push(new CreateCommentOnDomain({ domain: branchDomain }));
             }
         }
+        // SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainDomain.security_labels, branchDomain.security_labels, (securityLabel) => new CreateSecurityLabelOnDomain({
+            domain: branchDomain,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnDomain({
+            domain: mainDomain,
+            securityLabel,
+        })));
         // PRIVILEGES
         // Filter out PUBLIC's built-in default USAGE privilege from main catalog
         // (PostgreSQL grants it automatically, so we shouldn't compare it)

package/dist/core/objects/domain/domain.model.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const domainConstraintPropsSchema: z.ZodObject<{
     name: z.ZodString;
     validated: z.ZodBoolean;
@@ -36,6 +37,10 @@ declare const domainPropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 export type DomainConstraintProps = z.infer<typeof domainConstraintPropsSchema>;
 type DomainPrivilegeProps = PrivilegeProps;
@@ -61,6 +66,7 @@ export declare class Domain extends BasePgModel {
     readonly comment: DomainProps["comment"];
     readonly constraints: DomainConstraintProps[];
     readonly privileges: DomainPrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: DomainProps);
     get stableId(): `domain:${string}`;
     get identityFields(): {
@@ -91,6 +97,10 @@ export declare class Domain extends BasePgModel {
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
 }
 /**

package/dist/core/objects/domain/domain.model.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
+import { securityLabelPropsSchema, } from "../security-label.types.js";
 const domainConstraintPropsSchema = z.object({
     name: z.string(),
     validated: z.boolean(),
@@ -25,6 +26,7 @@ const domainPropsSchema = z.object({
     comment: z.string().nullable(),
     constraints: z.array(domainConstraintPropsSchema),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 /**
  * A domain is a user-defined data type that is based on another underlying type.
@@ -47,6 +49,7 @@ export class Domain extends BasePgModel {
     comment;
     constraints;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -66,6 +69,7 @@ export class Domain extends BasePgModel {
         this.comment = props.comment;
         this.constraints = props.constraints;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `domain:${this.schema}.${this.name}`;
@@ -90,6 +94,7 @@ export class Domain extends BasePgModel {
             comment: this.comment,
             constraints: this.constraints,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
 }
@@ -152,7 +157,20 @@ export async function extractDomains(pool) {
             )
             from lateral aclexplode(COALESCE(t.typacl, acldefault('T', t.typowner))) as x(grantor, grantee, privilege_type, is_grantable)
           ), '[]'
-        ) as privileges
+        ) as privileges,
+        coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = t.oid
+              and sl.classoid = 'pg_type'::regclass
+              and sl.objsubid = 0
+          ),
+          '[]'::json
+        ) as security_labels
       from
         pg_catalog.pg_type t
         inner join pg_catalog.pg_type bt on bt.oid = t.typbasetype

package/dist/core/objects/event-trigger/changes/event-trigger.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { EventTrigger } from "../event-trigger.model.ts";
 declare abstract class BaseEventTriggerChange extends BaseChange {
     abstract readonly eventTrigger: EventTrigger;
-    abstract readonly scope: "object" | "comment";
+    abstract readonly scope: "object" | "comment" | "security_label";
     readonly objectType: "event_trigger";
 }
 export declare abstract class CreateEventTriggerChange extends BaseEventTriggerChange {

package/dist/core/objects/event-trigger/changes/event-trigger.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { EventTrigger } from "../event-trigger.model.ts";
+import { CreateEventTriggerChange, DropEventTriggerChange } from "./event-trigger.base.ts";
+export type SecurityLabelEventTrigger = CreateSecurityLabelOnEventTrigger | DropSecurityLabelOnEventTrigger;
+export declare class CreateSecurityLabelOnEventTrigger extends CreateEventTriggerChange {
+    readonly eventTrigger: EventTrigger;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        eventTrigger: EventTrigger;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `eventTrigger:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnEventTrigger extends DropEventTriggerChange {
+    readonly eventTrigger: EventTrigger;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        eventTrigger: EventTrigger;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `eventTrigger:${string}`)[];
+    serialize(): string;
+}