npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.24 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/dist/core/objects/view/view.model.js CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel, columnPropsSchema, normalizeColumns, } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
 import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../security-label.types.js";
 import { ReplicaIdentitySchema } from "../table/table.model.js";
 const viewPropsSchema = z.object({
     schema: z.string(),
@@ -23,6 +24,7 @@ const viewPropsSchema = z.object({
     comment: z.string().nullable(),
     columns: z.array(columnPropsSchema),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 // pg_get_viewdef(oid) can return NULL when the underlying view (or its
 // pg_rewrite row) is dropped between catalog scan and resolution, or under
@@ -51,6 +53,7 @@ export class View extends BasePgModel {
     comment;
     columns;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -73,6 +76,7 @@ export class View extends BasePgModel {
         this.comment = props.comment;
         this.columns = props.columns;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `view:${this.schema}.${this.name}`;
@@ -101,6 +105,7 @@ export class View extends BasePgModel {
             comment: this.comment,
             columns: this.columns,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -109,6 +114,7 @@ export class View extends BasePgModel {
             data: {
                 ...this.dataFields,
                 columns: normalizeColumns(this.columns),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
@@ -235,7 +241,20 @@ select
       join lateral aclexplode(src.acl) as x(grantor, grantee, privilege_type, is_grantable) on true
       group by x.grantee, x.privilege_type
     ) as grp
-  ), '[]') as privileges
+  ), '[]') as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = v.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   views v
   left join pg_attribute a on a.attrelid = v.oid and a.attnum > 0 and not a.attisdropped

package/dist/core/plan/sql-format/fixtures.js CHANGED Viewed

@@ -806,6 +806,7 @@ const schema = new Schema({
     owner: "admin",
     comment: "application schema",
     privileges: [],
+    security_labels: [],
 });
 const extension = new Extension({
     name: "pgcrypto",

package/dist/core/post-diff-normalization.d.ts CHANGED Viewed

@@ -15,6 +15,13 @@ import type { Table } from "./objects/table/table.model.ts";
  *   `DropTable(T) + CreateTable(T)` pair. Without this, the apply phase
  *   would try to drop a column that no longer exists in the freshly
  *   recreated table.
+ * - Prunes `DropSequence(S)` changes when `S` is `OWNED BY` a column on a
+ *   table promoted to `DropTable + CreateTable` by the expander. The
+ *   `DROP TABLE` cascade drops the sequence at apply time; emitting an
+ *   explicit `DROP SEQUENCE` in the same drop phase both duplicates the
+ *   cascade and forms an unbreakable `DropSequence ↔ DropTable` cycle on
+ *   the bidirectional pg_depend edges between the sequence and the
+ *   owning column.
  * - Dedupes duplicate `AlterTableAddConstraint` /
  *   `AlterTableValidateConstraint` / `CreateCommentOnConstraint` changes
  *   produced when `diffTables()` and `expandReplaceDependencies()` both

package/dist/core/post-diff-normalization.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { CreateIndex } from "./objects/index/changes/index.create.js";
 import { DropIndex } from "./objects/index/changes/index.drop.js";
+import { DropSequence } from "./objects/sequence/changes/sequence.drop.js";
 import { AlterTableAddConstraint, AlterTableDropColumn, AlterTableDropConstraint, AlterTableSetReplicaIdentity, AlterTableValidateConstraint, } from "./objects/table/changes/table.alter.js";
 import { CreateCommentOnConstraint } from "./objects/table/changes/table.comment.js";
 import { stableId } from "./objects/utils.js";
@@ -7,11 +8,32 @@ function constraintStableId(table, constraintName) {
     return stableId.constraint(table.schema, table.name, constraintName);
 }
 function isSupersededByTableReplacement(change, replacedTableIds) {
-    if (!(change instanceof AlterTableDropColumn) &&
-        !(change instanceof AlterTableDropConstraint)) {
-        return false;
+    if (change instanceof AlterTableDropColumn ||
+        change instanceof AlterTableDropConstraint) {
+        return replacedTableIds.has(change.table.stableId);
     }
-    return replacedTableIds.has(change.table.stableId);
+    // `DropSequence(S)` is superseded when S is OWNED BY a column on a table
+    // that `expandReplaceDependencies` has promoted to `DropTable + CreateTable`
+    // in the same plan. PostgreSQL cascade-drops the OWNED BY sequence as part
+    // of the DROP TABLE, so the explicit DROP SEQUENCE is redundant and — more
+    // importantly — closes an unbreakable `DropSequence ↔ DropTable` cycle in
+    // the drop phase via the bidirectional pg_depend edges between the
+    // sequence and its owning column (`column → sequence` for the DEFAULT
+    // nextval reference, `sequence → column` for the OWNED BY auto-dependency).
+    // The alpha.15 short-circuit in `diffSequences.dropped` only suppresses
+    // `DropSequence` when the owning table itself is gone from `branchTables`;
+    // here the table survives in branch and the replacement is added later by
+    // the expander, so this whole-plan rewrite has to happen post-diff.
+    if (change instanceof DropSequence) {
+        if (!change.sequence.owned_by_schema ||
+            !change.sequence.owned_by_table ||
+            !change.sequence.owned_by_column) {
+            return false;
+        }
+        const ownedByTableId = stableId.table(change.sequence.owned_by_schema, change.sequence.owned_by_table);
+        return replacedTableIds.has(ownedByTableId);
+    }
+    return false;
 }
 /**
  * Drop earlier duplicates of `AlterTableAddConstraint` /
@@ -179,6 +201,13 @@ function restoreReplicaIdentityAfterIndexReplace(changes, branchTables) {
  *   `DropTable(T) + CreateTable(T)` pair. Without this, the apply phase
  *   would try to drop a column that no longer exists in the freshly
  *   recreated table.
+ * - Prunes `DropSequence(S)` changes when `S` is `OWNED BY` a column on a
+ *   table promoted to `DropTable + CreateTable` by the expander. The
+ *   `DROP TABLE` cascade drops the sequence at apply time; emitting an
+ *   explicit `DROP SEQUENCE` in the same drop phase both duplicates the
+ *   cascade and forms an unbreakable `DropSequence ↔ DropTable` cycle on
+ *   the bidirectional pg_depend edges between the sequence and the
+ *   owning column.
  * - Dedupes duplicate `AlterTableAddConstraint` /
  *   `AlterTableValidateConstraint` / `CreateCommentOnConstraint` changes
  *   produced when `diffTables()` and `expandReplaceDependencies()` both

package/dist/core/sort/cycle-breakers.js CHANGED Viewed

@@ -66,6 +66,32 @@ export function tryBreakCycleByChangeInjection(cycleNodeIndexes, phaseChanges) {
     const pubColBroken = tryBreakPublicationColumnCycle(cycleNodeIndexes, phaseChanges);
     if (pubColBroken)
         return pubColBroken;
+    // ─── Branch C: Publication ↔ dropped FK chain ↔ constraint drop ──────
+    // Triggered when publication membership is being removed for tables in
+    // the same drop phase as a FK chain, and the chain ends at a separately
+    // emitted `AlterTableDropConstraint` on a table that is also being
+    // removed from the publication.
+    //
+    // Example (4-change cycle):
+    //   AlterPublicationDropTables(p, [labs, posts, post_attachments])
+    //   DropTable(post_attachments)
+    //   DropTable(posts)
+    //   AlterTableDropConstraint(labs.unique_lab_id)
+    //
+    // Cycle:
+    //   publication:p → table:post_attachments
+    //   post_attachments.post_id_fkey → column:posts.id
+    //   posts.lab_id_fkey → constraint:labs.unique_lab_id
+    //   constraint:labs.unique_lab_id → table:labs
+    //
+    // Fix: inject explicit FK drops for the FK constraints claimed by the
+    // DropTables in the cycle, including FKs that point at the terminal
+    // dropped constraint. The publication and terminal constraint changes
+    // stay unchanged; only the intermediate FK ownership is reassigned from
+    // DropTable to dedicated AlterTableDropConstraint changes.
+    const pubFkConstraintBroken = tryBreakPublicationFkConstraintDropCycle(cycleNodeIndexes, phaseChanges);
+    if (pubFkConstraintBroken)
+        return pubFkConstraintBroken;
     // No known pattern. Returning null lets sortPhaseChanges throw the
     // formatted CycleError with full diagnostic — better a clear bug
     // report than silently shipping a broken plan.
@@ -90,6 +116,19 @@ function tryBreakFkCycle(cycleNodeIndexes, phaseChanges) {
         cycleDropTables.push(change);
     }
     const cycleTableIds = new Set(cycleDropTables.map((change) => change.table.stableId));
+    return injectFkConstraintDropsForDropTables({
+        phaseChanges,
+        dropTables: cycleDropTables,
+        shouldInject: (fk, tableId) => isCrossCycleFkConstraint(fk, tableId, cycleTableIds),
+    });
+}
+/**
+ * Shared FK-drop injection used by Branch A and Branch C. The caller owns
+ * the cycle-specific matcher; this helper only handles the mechanical
+ * rewrite: add dedicated `AlterTableDropConstraint` changes and rebuild
+ * affected `DropTable`s with updated `externallyDroppedConstraints`.
+ */
+function injectFkConstraintDropsForDropTables({ phaseChanges, dropTables, shouldInject, }) {
     // For each DropTable in the cycle, find every FK whose referenced table
     // is also in the cycle. Each such FK becomes one injected
     // `AlterTableDropConstraint` and one entry on the source table's
@@ -100,11 +139,13 @@ function tryBreakFkCycle(cycleNodeIndexes, phaseChanges) {
     const injectedDropsByTableId = new Map();
     const updatedExternalsByTableId = new Map();
     let didMutate = false;
-    for (const dropTable of cycleDropTables) {
+    for (const dropTable of dropTables) {
         const tableId = dropTable.table.stableId;
         const existingExternals = new Set(dropTable.externallyDroppedConstraints);
         let tableMutated = false;
-        for (const fk of iterCrossCycleFkConstraints(dropTable.table.constraints, tableId, cycleTableIds)) {
+        for (const fk of iterFkConstraints(dropTable.table.constraints)) {
+            if (!shouldInject(fk, tableId))
+                continue;
             // Skip if a same-table `AlterTableDropConstraint` is already in the
             // change list — could happen if a previous breaker iteration
             // injected one, or the diff layer emitted one explicitly.
@@ -159,31 +200,37 @@ function tryBreakFkCycle(cycleNodeIndexes, phaseChanges) {
     return rewritten;
 }
 /**
- * Yield FK constraints on `constraints` whose referenced table is also a
- * member of the cycle (i.e. an FK strictly between two cycle DropTables).
+ * Yield FK constraints on `constraints`.
  *
- * Self-referencing FKs are skipped — they create a self-loop in the
- * dependency graph which the existing sort-phase handler resolves on its
- * own; injecting an `AlterTableDropConstraint` for a self-FK would just
- * add noise.
+ * Partition clones are skipped because PostgreSQL drops them when the
+ * parent constraint is dropped.
  */
-function* iterCrossCycleFkConstraints(constraints, ownTableId, cycleTableIds) {
+function* iterFkConstraints(constraints) {
     for (const constraint of constraints) {
         if (constraint.constraint_type !== "f")
             continue;
         if (constraint.is_partition_clone)
             continue;
-        if (!constraint.foreign_key_schema || !constraint.foreign_key_table) {
-            continue;
-        }
-        const referencedId = stableId.table(constraint.foreign_key_schema, constraint.foreign_key_table);
-        if (referencedId === ownTableId)
-            continue;
-        if (!cycleTableIds.has(referencedId))
-            continue;
         yield constraint;
     }
 }
+/**
+ * True when `constraint` references another DropTable in the cycle.
+ *
+ * Self-referencing FKs are skipped — they create a self-loop in the
+ * dependency graph which the existing sort-phase handler resolves on its
+ * own; injecting an `AlterTableDropConstraint` for a self-FK would just
+ * add noise.
+ */
+function isCrossCycleFkConstraint(constraint, ownTableId, cycleTableIds) {
+    if (!constraint.foreign_key_schema || !constraint.foreign_key_table) {
+        return false;
+    }
+    const referencedId = stableId.table(constraint.foreign_key_schema, constraint.foreign_key_table);
+    if (referencedId === ownTableId)
+        return false;
+    return cycleTableIds.has(referencedId);
+}
 /**
  * True iff `phaseChanges` already contains an explicit
  * `AlterTableDropConstraint(table, constraint)` for the given pair —
@@ -267,3 +314,78 @@ function tryBreakPublicationColumnCycle(cycleNodeIndexes, phaseChanges) {
     });
     return rewritten;
 }
+/**
+ * Branch C worker — break a publication membership removal cycle where
+ * dropped tables form a FK chain ending at a separately dropped referenced
+ * constraint.
+ */
+function tryBreakPublicationFkConstraintDropCycle(cycleNodeIndexes, phaseChanges) {
+    let pubChange = null;
+    let terminalConstraintDrop = null;
+    const dropTables = [];
+    for (const nodeIndex of cycleNodeIndexes) {
+        const change = phaseChanges[nodeIndex];
+        if (change instanceof AlterPublicationDropTables) {
+            if (pubChange !== null)
+                return null;
+            pubChange = change;
+        }
+        else if (change instanceof AlterTableDropConstraint) {
+            if (terminalConstraintDrop !== null)
+                return null;
+            terminalConstraintDrop = change;
+        }
+        else if (change instanceof DropTable) {
+            dropTables.push(change);
+        }
+        else {
+            return null;
+        }
+    }
+    if (pubChange === null ||
+        terminalConstraintDrop === null ||
+        dropTables.length === 0) {
+        return null;
+    }
+    const publicationTableIds = new Set(pubChange.tables.map((table) => stableId.table(table.schema, table.name)));
+    if (!publicationTableIds.has(terminalConstraintDrop.table.stableId)) {
+        return null;
+    }
+    for (const dropTable of dropTables) {
+        if (!publicationTableIds.has(dropTable.table.stableId))
+            return null;
+    }
+    const cycleDropTableIds = new Set(dropTables.map((change) => change.table.stableId));
+    let hasFkToTerminalConstraint = false;
+    for (const dropTable of dropTables) {
+        for (const fk of iterFkConstraints(dropTable.table.constraints)) {
+            if (fkReferencesConstraint(fk, terminalConstraintDrop)) {
+                hasFkToTerminalConstraint = true;
+                break;
+            }
+        }
+        if (hasFkToTerminalConstraint)
+            break;
+    }
+    if (!hasFkToTerminalConstraint)
+        return null;
+    return injectFkConstraintDropsForDropTables({
+        phaseChanges,
+        dropTables,
+        shouldInject: (fk, tableId) => isCrossCycleFkConstraint(fk, tableId, cycleDropTableIds) ||
+            fkReferencesConstraint(fk, terminalConstraintDrop),
+    });
+}
+function fkReferencesConstraint(fk, constraintDrop) {
+    if (fk.foreign_key_schema !== constraintDrop.table.schema ||
+        fk.foreign_key_table !== constraintDrop.table.name ||
+        fk.foreign_key_columns === null) {
+        return false;
+    }
+    return sameOrderedStrings(fk.foreign_key_columns, constraintDrop.constraint.key_columns);
+}
+function sameOrderedStrings(left, right) {
+    if (left.length !== right.length)
+        return false;
+    return left.every((value, index) => value === right[index]);
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/pg-delta",
-  "version": "1.0.0-alpha.22",
+  "version": "1.0.0-alpha.24",
   "description": "PostgreSQL migrations made easy",
   "type": "module",
   "sideEffects": false,

package/src/core/catalog.model.ts CHANGED Viewed

@@ -267,6 +267,7 @@ export async function createEmptyCatalog(
     owner: currentUser,
     comment: "standard public schema",
     privileges: [],
+    security_labels: [],
   });
   return new Catalog({

package/src/core/integrations/filter/dsl.test.ts CHANGED Viewed

@@ -41,6 +41,16 @@ const membershipChange = {
   requires: [],
 } as unknown as Change;
+const securityLabelChange = {
+  objectType: "schema",
+  operation: "create",
+  scope: "security_label",
+  schema: { name: "labeled" },
+  securityLabel: { provider: "dummy", label: "classified" },
+  requires: ["schema:labeled"],
+  creates: ["security_label:schema:labeled:dummy"],
+} as unknown as Change;
 describe("evaluatePattern", () => {
   describe("bare key matching (top-level properties)", () => {
     test("objectType match", () => {
@@ -242,6 +252,23 @@ describe("evaluatePattern", () => {
     });
   });
+  describe("security label matching", () => {
+    test("provider matches security label changes", () => {
+      expect(
+        evaluatePattern(
+          { scope: "security_label", provider: "dummy" },
+          securityLabelChange,
+        ),
+      ).toBe(true);
+      expect(
+        evaluatePattern(
+          { scope: "security_label", provider: "other" },
+          securityLabelChange,
+        ),
+      ).toBe(false);
+    });
+  });
   describe("composition patterns", () => {
     test("not negates a pattern", () => {
       expect(

package/src/core/integrations/filter/flatten.ts CHANGED Viewed

@@ -105,6 +105,22 @@ export function flattenChange(change: Change): Record<string, FlatValue> {
           flat[`${prefix}/${subKey}`] = flatVal;
         }
       }
+    } else if (
+      key === "securityLabel" &&
+      value &&
+      typeof value === "object" &&
+      !Array.isArray(value)
+    ) {
+      // Security labels are change-level metadata, so expose provider/label as
+      // bare keys for filters like { scope: "security_label", provider: "..." }.
+      for (const [subKey, subValue] of Object.entries(
+        value as Record<string, unknown>,
+      )) {
+        const flatVal = toFlatValue(subValue);
+        if (flatVal !== undefined) {
+          flat[subKey] = flatVal;
+        }
+      }
     } else {
       const flatVal = toFlatValue(value);
       if (flatVal !== undefined) {

package/src/core/objects/aggregate/aggregate.diff.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import {
   filterPublicBuiltInDefaults,
 } from "../base.privilege-diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import { deepEqual, hasNonAlterableChanges } from "../utils.ts";
 import type { Aggregate } from "./aggregate.model.ts";
 import { AlterAggregateChangeOwner } from "./changes/aggregate.alter.ts";
@@ -19,6 +20,10 @@ import {
   RevokeAggregatePrivileges,
   RevokeGrantOptionAggregatePrivileges,
 } from "./changes/aggregate.privilege.ts";
+import {
+  CreateSecurityLabelOnAggregate,
+  DropSecurityLabelOnAggregate,
+} from "./changes/aggregate.security-label.ts";
 import type { AggregateChange } from "./changes/aggregate.types.ts";
 export function diffAggregates(
@@ -51,6 +56,14 @@ export function diffAggregates(
     if (aggregate.comment !== null) {
       changes.push(new CreateCommentOnAggregate({ aggregate }));
     }
+    for (const label of aggregate.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnAggregate({
+          aggregate,
+          securityLabel: label,
+        }),
+      );
+    }
     // PRIVILEGES: For created objects, compare against default privileges state
     // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
@@ -182,6 +195,26 @@ export function diffAggregates(
       }
     }
+    // SECURITY LABELS
+    changes.push(
+      ...diffSecurityLabels<
+        CreateSecurityLabelOnAggregate | DropSecurityLabelOnAggregate
+      >(
+        mainAggregate.security_labels,
+        branchAggregate.security_labels,
+        (securityLabel) =>
+          new CreateSecurityLabelOnAggregate({
+            aggregate: branchAggregate,
+            securityLabel,
+          }),
+        (securityLabel) =>
+          new DropSecurityLabelOnAggregate({
+            aggregate: mainAggregate,
+            securityLabel,
+          }),
+      ),
+    );
     // PRIVILEGES
     // Filter out PUBLIC's built-in default EXECUTE privilege from main catalog
     // (PostgreSQL grants it automatically, so we shouldn't compare it)

package/src/core/objects/aggregate/aggregate.model.ts CHANGED Viewed

@@ -6,6 +6,10 @@ import {
   type PrivilegeProps,
   privilegePropsSchema,
 } from "../base.privilege-diff.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const AggregateKindSchema = z.enum([
   "n", // normal aggregate
@@ -75,6 +79,7 @@ const aggregatePropsSchema = z.object({
   owner: z.string(),
   comment: z.string().nullable(),
   privileges: z.array(privilegePropsSchema),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 type AggregatePrivilegeProps = PrivilegeProps;
@@ -122,6 +127,7 @@ export class Aggregate extends BasePgModel {
   public readonly owner: AggregateProps["owner"];
   public readonly comment: AggregateProps["comment"];
   public readonly privileges: AggregatePrivilegeProps[];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: AggregateProps) {
     super();
@@ -168,6 +174,7 @@ export class Aggregate extends BasePgModel {
     this.owner = props.owner;
     this.comment = props.comment;
     this.privileges = props.privileges;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `aggregate:${string}` {
@@ -224,6 +231,7 @@ export class Aggregate extends BasePgModel {
       owner: this.owner,
       comment: this.comment,
       privileges: this.privileges,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -294,7 +302,20 @@ select
       )
       from lateral aclexplode(COALESCE(p.proacl, acldefault('f', p.proowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
-  ) as privileges
+  ) as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = p.oid
+        and sl.classoid = 'pg_proc'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_proc p
   inner join pg_catalog.pg_aggregate a on a.aggfnoid = p.oid

package/src/core/objects/aggregate/changes/aggregate.base.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import type { Aggregate } from "../aggregate.model.ts";
 abstract class BaseAggregateChange extends BaseChange {
   abstract readonly aggregate: Aggregate;
-  abstract readonly scope: "object" | "comment" | "privilege";
+  abstract readonly scope:
+    | "object"
+    | "comment"
+    | "privilege"
+    | "security_label";
   readonly objectType: "aggregate" = "aggregate";
 }

package/src/core/objects/aggregate/changes/aggregate.security-label.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Aggregate } from "../aggregate.model.ts";
+import {
+  CreateAggregateChange,
+  DropAggregateChange,
+} from "./aggregate.base.ts";
+export type SecurityLabelAggregate =
+  | CreateSecurityLabelOnAggregate
+  | DropSecurityLabelOnAggregate;
+function aggregateIdentity(a: Aggregate): string {
+  return `${a.schema}.${a.name}(${a.identityArguments})`;
+}
+export class CreateSecurityLabelOnAggregate extends CreateAggregateChange {
+  public readonly aggregate: Aggregate;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    aggregate: Aggregate;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.aggregate = props.aggregate;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.aggregate.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON AGGREGATE",
+      aggregateIdentity(this.aggregate),
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnAggregate extends DropAggregateChange {
+  public readonly aggregate: Aggregate;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    aggregate: Aggregate;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.aggregate = props.aggregate;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+      this.aggregate.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON AGGREGATE",
+      aggregateIdentity(this.aggregate),
+      "IS NULL",
+    ].join(" ");
+  }
+}