npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (220) hide show

package/dist/core/objects/table/table.diff.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { diffObjects } from "../base.diff.js";
 import { diffPrivileges, emitColumnPrivilegeChanges, } from "../base.privilege-diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual } from "../utils.js";
 import { AlterTableAddColumn, AlterTableAddConstraint, AlterTableAlterColumnAddIdentity, AlterTableAlterColumnDropDefault, AlterTableAlterColumnDropIdentity, AlterTableAlterColumnDropNotNull, AlterTableAlterColumnSetDefault, AlterTableAlterColumnSetGenerated, AlterTableAlterColumnSetNotNull, AlterTableAlterColumnType, AlterTableAttachPartition, AlterTableChangeOwner, AlterTableDetachPartition, AlterTableDisableRowLevelSecurity, AlterTableDropColumn, AlterTableDropConstraint, AlterTableEnableRowLevelSecurity, AlterTableForceRowLevelSecurity, AlterTableNoForceRowLevelSecurity, AlterTableResetStorageParams, AlterTableSetLogged, AlterTableSetReplicaIdentity, AlterTableSetStorageParams, AlterTableSetUnlogged, AlterTableValidateConstraint, } from "./changes/table.alter.js";
 import { CreateCommentOnColumn, CreateCommentOnConstraint, CreateCommentOnTable, DropCommentOnColumn, DropCommentOnConstraint, DropCommentOnTable, } from "./changes/table.comment.js";
 import { CreateTable } from "./changes/table.create.js";
 import { DropTable } from "./changes/table.drop.js";
 import { GrantTablePrivileges, RevokeGrantOptionTablePrivileges, RevokeTablePrivileges, } from "./changes/table.privilege.js";
+import { CreateSecurityLabelOnColumn, CreateSecurityLabelOnTable, DropSecurityLabelOnColumn, DropSecurityLabelOnTable, } from "./changes/table.security-label.js";
 import { Table } from "./table.model.js";
 function createAlterConstraintChange(mainTable, branchTable) {
     const changes = [];
@@ -174,6 +176,23 @@ export function diffTables(ctx, main, branch) {
                 changes.push(new CreateCommentOnColumn({ table: branchTable, column: col }));
             }
         }
+        // Table security labels on creation
+        for (const label of branchTable.security_labels) {
+            changes.push(new CreateSecurityLabelOnTable({
+                table: branchTable,
+                securityLabel: label,
+            }));
+        }
+        // Column security labels on creation
+        for (const col of branchTable.columns) {
+            for (const label of col.security_labels ?? []) {
+                changes.push(new CreateSecurityLabelOnColumn({
+                    table: branchTable,
+                    column: col,
+                    securityLabel: label,
+                }));
+            }
+        }
         // PRIVILEGES: For created objects, compare against default privileges state
         // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
         // so objects are created with the default privileges state in effect.
@@ -290,6 +309,14 @@ export function diffTables(ctx, main, branch) {
                 changes.push(new CreateCommentOnTable({ table: branchTable }));
             }
         }
+        // TABLE SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainTable.security_labels, branchTable.security_labels, (securityLabel) => new CreateSecurityLabelOnTable({
+            table: branchTable,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnTable({
+            table: mainTable,
+            securityLabel,
+        })));
         // PARTITION ATTACH/DETACH
         const mainIsPartition = Boolean(mainTable.parent_schema && mainTable.parent_name);
         const branchIsPartition = Boolean(branchTable.parent_schema && branchTable.parent_name);
@@ -596,6 +623,28 @@ export function diffTables(ctx, main, branch) {
                     }));
                 }
             }
+            // SECURITY LABELS on column
+            changes.push(...diffSecurityLabels(mainCol.security_labels ?? [], branchCol.security_labels ?? [], (securityLabel) => new CreateSecurityLabelOnColumn({
+                table: branchTable,
+                column: branchCol,
+                securityLabel,
+            }), (securityLabel) => new DropSecurityLabelOnColumn({
+                table: mainTable,
+                column: mainCol,
+                securityLabel,
+            })));
+        }
+        // Added columns with security labels (for created columns on existing tables)
+        for (const [name, col] of branchCols) {
+            if (!mainCols.has(name)) {
+                for (const label of col.security_labels ?? []) {
+                    changes.push(new CreateSecurityLabelOnColumn({
+                        table: branchTable,
+                        column: col,
+                        securityLabel: label,
+                    }));
+                }
+            }
         }
         // PRIVILEGES (unified object and column privileges)
         // Filter out owner privileges - owner always has ALL privileges implicitly

package/dist/core/objects/table/table.model.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel, type TableLikeObject } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
 import { type ExtractRetryOptions } from "../extract-with-retry.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 export declare const ReplicaIdentitySchema: z.ZodEnum<{
     n: "n";
     i: "i";
@@ -112,6 +113,10 @@ declare const tablePropsSchema: z.ZodObject<{
         collation: z.ZodNullable<z.ZodString>;
         default: z.ZodNullable<z.ZodString>;
         comment: z.ZodNullable<z.ZodString>;
+        security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            provider: z.ZodString;
+            label: z.ZodString;
+        }, z.z.core.$strip>>>;
     }, z.z.core.$strip>>;
     constraints: z.ZodOptional<z.ZodArray<z.ZodObject<{
         name: z.ZodString;
@@ -174,8 +179,16 @@ declare const tablePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type TablePrivilegeProps = PrivilegeProps;
+/**
+ * Table input props. `security_labels` is optional on direct construction
+ * (defaults to `[]`); extraction always produces it via the Zod default.
+ */
 export type TableProps = z.infer<typeof tablePropsSchema>;
 export declare class Table extends BasePgModel implements TableLikeObject {
     readonly schema: TableProps["schema"];
@@ -201,6 +214,7 @@ export declare class Table extends BasePgModel implements TableLikeObject {
     readonly columns: TableProps["columns"];
     readonly constraints: TableConstraintProps[];
     readonly privileges: TablePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: TableProps);
     get stableId(): `table:${string}`;
     get identityFields(): {
@@ -236,6 +250,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
             collation: string | null;
             default: string | null;
             comment: string | null;
+            security_labels?: {
+                provider: string;
+                label: string;
+            }[] | undefined;
         }[];
         constraints: {
             name: string;
@@ -274,6 +292,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -297,6 +319,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
                 collation: string | null;
                 default: string | null;
                 comment: string | null;
+                security_labels?: {
+                    provider: string;
+                    label: string;
+                }[] | undefined;
             }[];
             options: string[] | null;
             constraints: {
@@ -336,6 +362,10 @@ export declare class Table extends BasePgModel implements TableLikeObject {
                 grantable: boolean;
                 columns: string[] | null | undefined;
             }[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             persistence: "u" | "t" | "p";
             row_security: boolean;
             force_row_security: boolean;

package/dist/core/objects/table/table.model.js CHANGED Viewed

@@ -4,6 +4,7 @@ import { BasePgModel, columnPropsSchema, normalizeColumns, } from "../base.model
 import { normalizePrivileges } from "../base.privilege.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
 import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../security-label.types.js";
 const RelationPersistenceSchema = z.enum([
     "p", // permanent
     "u", // unlogged
@@ -98,6 +99,7 @@ const tablePropsSchema = z.object({
     columns: z.array(columnPropsSchema),
     constraints: z.array(tableConstraintPropsSchema).optional(),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 const tableRowSchema = tablePropsSchema.extend({
     constraints: z.array(tableConstraintRowSchema).optional(),
@@ -126,6 +128,7 @@ export class Table extends BasePgModel {
     columns;
     constraints;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -153,6 +156,7 @@ export class Table extends BasePgModel {
         this.columns = props.columns;
         this.constraints = props.constraints ?? [];
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `table:${this.schema}.${this.name}`;
@@ -181,6 +185,7 @@ export class Table extends BasePgModel {
             columns: this.columns,
             constraints: this.constraints,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -197,6 +202,7 @@ export class Table extends BasePgModel {
                 options: this.options ? [...this.options].sort() : this.options,
                 constraints: normalizeConstraints(),
                 privileges: normalizePrivileges(this.privileges),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
@@ -405,7 +411,20 @@ select
             and a.attcollation <> t2.typcollation
         ),
         'default', pg_get_expr(ad.adbin, ad.adrelid),
-        'comment', col_description(a.attrelid, a.attnum)
+        'comment', col_description(a.attrelid, a.attnum),
+        'security_labels', coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = t.oid
+              and sl.classoid = 'pg_class'::regclass
+              and sl.objsubid = a.attnum
+          ),
+          '[]'::json
+        )
       )
     end
     order by a.attnum
@@ -445,7 +464,20 @@ select
       join lateral aclexplode(src.acl) as x(grantor, grantee, privilege_type, is_grantable) on true
       group by x.grantee, x.privilege_type
     ) as grp
-  ), '[]') as privileges
+  ), '[]') as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = t.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   tables t
   left join pg_attribute a on a.attrelid = t.oid and a.attnum > 0 and not a.attisdropped

package/dist/core/objects/type/composite-type/changes/composite-type.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../../base.change.ts";
 import type { CompositeType } from "../composite-type.model.ts";
 declare abstract class BaseCompositeTypeChange extends BaseChange {
     abstract readonly compositeType: CompositeType;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "composite_type";
 }
 export declare abstract class CreateCompositeTypeChange extends BaseCompositeTypeChange {

package/dist/core/objects/type/composite-type/changes/composite-type.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../../security-label.types.ts";
+import type { CompositeType } from "../composite-type.model.ts";
+import { CreateCompositeTypeChange, DropCompositeTypeChange } from "./composite-type.base.ts";
+export type SecurityLabelCompositeType = CreateSecurityLabelOnCompositeType | DropSecurityLabelOnCompositeType;
+export declare class CreateSecurityLabelOnCompositeType extends CreateCompositeTypeChange {
+    readonly compositeType: CompositeType;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        compositeType: CompositeType;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `type:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnCompositeType extends DropCompositeTypeChange {
+    readonly compositeType: CompositeType;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        compositeType: CompositeType;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `type:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/type/composite-type/changes/composite-type.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../../base.change.js";
+import { stableId } from "../../../utils.js";
+import { CreateCompositeTypeChange, DropCompositeTypeChange, } from "./composite-type.base.js";
+export class CreateSecurityLabelOnCompositeType extends CreateCompositeTypeChange {
+    compositeType;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.compositeType = props.compositeType;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.compositeType.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.compositeType.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TYPE",
+            `${this.compositeType.schema}.${this.compositeType.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnCompositeType extends DropCompositeTypeChange {
+    compositeType;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.compositeType = props.compositeType;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.compositeType.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.compositeType.stableId, this.securityLabel.provider),
+            this.compositeType.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TYPE",
+            `${this.compositeType.schema}.${this.compositeType.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/type/composite-type/changes/composite-type.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentCompositeType } from "./composite-type.comment.ts";
 import type { CreateCompositeType } from "./composite-type.create.ts";
 import type { DropCompositeType } from "./composite-type.drop.ts";
 import type { CompositeTypePrivilege } from "./composite-type.privilege.ts";
+import type { SecurityLabelCompositeType } from "./composite-type.security-label.ts";
 /** Union of all composite-type-related change variants (`objectType: "composite_type"`). @category Change Types */
-export type CompositeTypeChange = AlterCompositeType | CommentCompositeType | CreateCompositeType | DropCompositeType | CompositeTypePrivilege;
+export type CompositeTypeChange = AlterCompositeType | CommentCompositeType | CreateCompositeType | DropCompositeType | CompositeTypePrivilege | SecurityLabelCompositeType;

package/dist/core/objects/type/composite-type/composite-type.diff.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { diffObjects } from "../../base.diff.js";
 import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../../base.privilege-diff.js";
+import { diffSecurityLabels } from "../../security-label.types.js";
 import { deepEqual, hasNonAlterableChanges } from "../../utils.js";
 import { AlterCompositeTypeAddAttribute, AlterCompositeTypeAlterAttributeType, AlterCompositeTypeChangeOwner, AlterCompositeTypeDropAttribute, } from "./changes/composite-type.alter.js";
 import { CreateCommentOnCompositeType, CreateCommentOnCompositeTypeAttribute, DropCommentOnCompositeType, DropCommentOnCompositeTypeAttribute, } from "./changes/composite-type.comment.js";
 import { CreateCompositeType } from "./changes/composite-type.create.js";
 import { DropCompositeType } from "./changes/composite-type.drop.js";
 import { GrantCompositeTypePrivileges, RevokeCompositeTypePrivileges, RevokeGrantOptionCompositeTypePrivileges, } from "./changes/composite-type.privilege.js";
+import { CreateSecurityLabelOnCompositeType, DropSecurityLabelOnCompositeType, } from "./changes/composite-type.security-label.js";
 /**
  * Diff two sets of composite types from main and branch catalogs.
  *
@@ -32,6 +34,12 @@ export function diffCompositeTypes(ctx, main, branch) {
         if (ct.comment !== null) {
             changes.push(new CreateCommentOnCompositeType({ compositeType: ct }));
         }
+        for (const label of ct.security_labels) {
+            changes.push(new CreateSecurityLabelOnCompositeType({
+                compositeType: ct,
+                securityLabel: label,
+            }));
+        }
         // Attribute comments on creation
         for (const attr of ct.columns) {
             if (attr.comment !== null) {
@@ -111,6 +119,14 @@ export function diffCompositeTypes(ctx, main, branch) {
                     }));
                 }
             }
+            // SECURITY LABELS
+            changes.push(...diffSecurityLabels(mainCompositeType.security_labels, branchCompositeType.security_labels, (securityLabel) => new CreateSecurityLabelOnCompositeType({
+                compositeType: branchCompositeType,
+                securityLabel,
+            }), (securityLabel) => new DropSecurityLabelOnCompositeType({
+                compositeType: mainCompositeType,
+                securityLabel,
+            })));
             // ATTRIBUTE diffs
             const mainAttrs = new Map(mainCompositeType.columns.map((c) => [c.name, c]));
             const branchAttrs = new Map(branchCompositeType.columns.map((c) => [c.name, c]));

package/dist/core/objects/type/composite-type/composite-type.model.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel, type TableLikeObject } from "../../base.model.ts";
 import { type PrivilegeProps } from "../../base.privilege-diff.ts";
+import { type SecurityLabelProps } from "../../security-label.types.ts";
 declare const compositeTypePropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -40,6 +41,10 @@ declare const compositeTypePropsSchema: z.ZodObject<{
         collation: z.ZodNullable<z.ZodString>;
         default: z.ZodNullable<z.ZodString>;
         comment: z.ZodNullable<z.ZodString>;
+        security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            provider: z.ZodString;
+            label: z.ZodString;
+        }, z.z.core.$strip>>>;
     }, z.z.core.$strip>>;
     privileges: z.ZodArray<z.ZodObject<{
         grantee: z.ZodString;
@@ -47,6 +52,10 @@ declare const compositeTypePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type CompositeTypePrivilegeProps = PrivilegeProps;
 export type CompositeTypeProps = z.infer<typeof compositeTypePropsSchema>;
@@ -68,6 +77,7 @@ export declare class CompositeType extends BasePgModel implements TableLikeObjec
     readonly comment: CompositeTypeProps["comment"];
     readonly columns: CompositeTypeProps["columns"];
     readonly privileges: CompositeTypePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: CompositeTypeProps);
     get stableId(): `type:${string}`;
     get identityFields(): {
@@ -105,6 +115,10 @@ export declare class CompositeType extends BasePgModel implements TableLikeObjec
             collation: string | null;
             default: string | null;
             comment: string | null;
+            security_labels?: {
+                provider: string;
+                label: string;
+            }[] | undefined;
         }[];
         privileges: {
             grantee: string;
@@ -112,6 +126,10 @@ export declare class CompositeType extends BasePgModel implements TableLikeObjec
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -122,6 +140,10 @@ export declare class CompositeType extends BasePgModel implements TableLikeObjec
             columns: {
                 [x: string]: unknown;
             }[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             row_security: boolean;
             force_row_security: boolean;
             has_indexes: boolean;

package/dist/core/objects/type/composite-type/composite-type.model.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel, columnPropsSchema, } from "../../base.model.js";
 import { privilegePropsSchema, } from "../../base.privilege-diff.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../../security-label.types.js";
 import { ReplicaIdentitySchema } from "../../table/table.model.js";
 const compositeTypePropsSchema = z.object({
     schema: z.string(),
@@ -21,6 +22,7 @@ const compositeTypePropsSchema = z.object({
     comment: z.string().nullable(),
     columns: z.array(columnPropsSchema),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 export class CompositeType extends BasePgModel {
     schema;
@@ -40,6 +42,7 @@ export class CompositeType extends BasePgModel {
     comment;
     columns;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -61,6 +64,7 @@ export class CompositeType extends BasePgModel {
         this.comment = props.comment;
         this.columns = props.columns;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `type:${this.schema}.${this.name}`;
@@ -88,6 +92,7 @@ export class CompositeType extends BasePgModel {
             comment: this.comment,
             columns: this.columns,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -106,6 +111,7 @@ export class CompositeType extends BasePgModel {
             data: {
                 ...this.dataFields,
                 columns: normalizeColumns(),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
@@ -137,7 +143,8 @@ export async function extractCompositeTypes(pool) {
           obj_description(c.reltype, 'pg_type') AS comment,
           c.relacl                            AS relacl,    -- used by privileges LATERAL
           c.relowner                          AS relowner,
-          c.oid                                AS oid
+          c.oid                                AS oid,
+          c.reltype                            AS reltype
         FROM pg_catalog.pg_class c
         LEFT JOIN extension_oids e ON c.reltype = e.objid
         WHERE NOT c.relnamespace::regnamespace::text LIKE ANY (ARRAY['pg\\_%', 'information\\_schema'])
@@ -161,7 +168,20 @@ export async function extractCompositeTypes(pool) {
         ct.owner,
         ct.comment,
         COALESCE(priv.privileges, '[]') AS privileges,
-        COALESCE(cols.columns, '[]')    AS columns
+        COALESCE(cols.columns, '[]')    AS columns,
+        COALESCE(
+          (
+            SELECT json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              ORDER BY sl.provider
+            )
+            FROM pg_catalog.pg_seclabel sl
+            WHERE sl.objoid = ct.reltype
+              AND sl.classoid = 'pg_type'::regclass
+              AND sl.objsubid = 0
+          ),
+          '[]'::json
+        ) AS security_labels
       FROM composite_types ct
       -- privileges as a per-row LATERAL subquery

package/dist/core/objects/type/enum/changes/enum.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../../base.change.ts";
 import type { Enum } from "../enum.model.ts";
 declare abstract class BaseEnumChange extends BaseChange {
     abstract readonly enum: Enum;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "enum";
 }
 export declare abstract class CreateEnumChange extends BaseEnumChange {

package/dist/core/objects/type/enum/changes/enum.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../../security-label.types.ts";
+import type { Enum } from "../enum.model.ts";
+import { CreateEnumChange, DropEnumChange } from "./enum.base.ts";
+export type SecurityLabelEnum = CreateSecurityLabelOnEnum | DropSecurityLabelOnEnum;
+export declare class CreateSecurityLabelOnEnum extends CreateEnumChange {
+    readonly enum: Enum;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        enum: Enum;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `type:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnEnum extends DropEnumChange {
+    readonly enum: Enum;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        enum: Enum;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `type:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/type/enum/changes/enum.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../../base.change.js";
+import { stableId } from "../../../utils.js";
+import { CreateEnumChange, DropEnumChange } from "./enum.base.js";
+export class CreateSecurityLabelOnEnum extends CreateEnumChange {
+    enum;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.enum = props.enum;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.enum.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.enum.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TYPE",
+            `${this.enum.schema}.${this.enum.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnEnum extends DropEnumChange {
+    enum;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.enum = props.enum;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.enum.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.enum.stableId, this.securityLabel.provider),
+            this.enum.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON TYPE",
+            `${this.enum.schema}.${this.enum.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/type/enum/changes/enum.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentEnum } from "./enum.comment.ts";
 import type { CreateEnum } from "./enum.create.ts";
 import type { DropEnum } from "./enum.drop.ts";
 import type { EnumPrivilege } from "./enum.privilege.ts";
+import type { SecurityLabelEnum } from "./enum.security-label.ts";
 /** Union of all enum-related change variants (`objectType: "enum"`). @category Change Types */
-export type EnumChange = AlterEnum | CommentEnum | CreateEnum | DropEnum | EnumPrivilege;
+export type EnumChange = AlterEnum | CommentEnum | CreateEnum | DropEnum | EnumPrivilege | SecurityLabelEnum;