npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.26 → 1.0.0-alpha.27 - Mend

@supabase/pg-delta 1.0.0-alpha.26 → 1.0.0-alpha.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/src/core/catalog.filter.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Prune a catalog to the objects that match a Filter DSL expression.
+ *
+ * The Filter DSL is defined over Change objects, so the catalog is
+ * diffed against an empty baseline first to materialize one CREATE
+ * change per object. The filter then evaluates against the same shape
+ * it would at plan time, and the surviving stableIds drive the prune.
+ *
+ * Dependency cascade is not applied. A scoped snapshot is partial by
+ * design: out-of-scope owners, roles, and types must exist on the
+ * target DB at apply time. Cascading would expand the filter beyond
+ * what the caller asked for and, in practice, collapse schema-scoped
+ * exports whose kept objects reference cluster-scoped owners.
+ */
+import { diffCatalogs } from "./catalog.diff.ts";
+import { Catalog, createEmptyCatalog } from "./catalog.model.ts";
+import { compileFilterDSL, type FilterDSL } from "./integrations/filter/dsl.ts";
+export async function filterCatalog(
+  catalog: Catalog,
+  filter: FilterDSL,
+): Promise<Catalog> {
+  if (
+    typeof filter === "object" &&
+    filter !== null &&
+    (filter as Record<string, unknown>).cascade === true
+  ) {
+    throw new Error(
+      "Filter DSL `cascade: true` is not supported by catalog-export: " +
+        "scoped snapshots are intentionally partial. Out-of-scope owners, " +
+        "roles, and types must exist on the target DB at apply time.",
+    );
+  }
+  const empty = await createEmptyCatalog(catalog.version, catalog.currentUser);
+  const changes = diffCatalogs(empty, catalog);
+  const filterFn = compileFilterDSL(filter);
+  const keep = new Set<string>();
+  for (const change of changes) {
+    if (!filterFn(change)) continue;
+    for (const id of change.creates ?? []) keep.add(id);
+  }
+  return pruneCatalog(catalog, keep);
+}
+function filterRecord<T>(
+  record: Record<string, T>,
+  keep: ReadonlySet<string>,
+): Record<string, T> {
+  return Object.fromEntries(
+    Object.entries(record).filter(([id]) => keep.has(id)),
+  );
+}
+function pruneCatalog(catalog: Catalog, keep: ReadonlySet<string>): Catalog {
+  const tables = filterRecord(catalog.tables, keep);
+  const materializedViews = filterRecord(catalog.materializedViews, keep);
+  return new Catalog({
+    aggregates: filterRecord(catalog.aggregates, keep),
+    collations: filterRecord(catalog.collations, keep),
+    compositeTypes: filterRecord(catalog.compositeTypes, keep),
+    domains: filterRecord(catalog.domains, keep),
+    enums: filterRecord(catalog.enums, keep),
+    extensions: filterRecord(catalog.extensions, keep),
+    procedures: filterRecord(catalog.procedures, keep),
+    indexes: filterRecord(catalog.indexes, keep),
+    materializedViews,
+    subscriptions: filterRecord(catalog.subscriptions, keep),
+    publications: filterRecord(catalog.publications, keep),
+    rlsPolicies: filterRecord(catalog.rlsPolicies, keep),
+    roles: filterRecord(catalog.roles, keep),
+    schemas: filterRecord(catalog.schemas, keep),
+    sequences: filterRecord(catalog.sequences, keep),
+    tables,
+    triggers: filterRecord(catalog.triggers, keep),
+    eventTriggers: filterRecord(catalog.eventTriggers, keep),
+    rules: filterRecord(catalog.rules, keep),
+    ranges: filterRecord(catalog.ranges, keep),
+    views: filterRecord(catalog.views, keep),
+    foreignDataWrappers: filterRecord(catalog.foreignDataWrappers, keep),
+    servers: filterRecord(catalog.servers, keep),
+    userMappings: filterRecord(catalog.userMappings, keep),
+    foreignTables: filterRecord(catalog.foreignTables, keep),
+    depends: catalog.depends.filter(
+      (d) =>
+        keep.has(d.dependent_stable_id) && keep.has(d.referenced_stable_id),
+    ),
+    indexableObjects: { ...tables, ...materializedViews },
+    version: catalog.version,
+    currentUser: catalog.currentUser,
+  });
+}

package/src/core/catalog.model.ts CHANGED Viewed

@@ -182,8 +182,10 @@ let _pg1516Baseline: Catalog | null = null;
 let _pg17Baseline: Catalog | null = null;
 async function loadBaselineJson(): Promise<Record<string, unknown>> {
-  const mod =
-    await import("./fixtures/empty-catalogs/postgres-15-16-baseline.json");
+  const mod = await import(
+    "./fixtures/empty-catalogs/postgres-15-16-baseline.json",
+    { with: { type: "json" } }
+  );
   return mod.default as Record<string, unknown>;
 }
@@ -447,6 +449,8 @@ function normalizeCatalog(catalog: Catalog): Catalog {
       options: redactSensitiveOptionPairs(server.options),
       comment: server.comment,
       privileges: server.privileges,
+      wrapper_handler: server.wrapper_handler,
+      wrapper_validator: server.wrapper_validator,
     });
   });
@@ -455,6 +459,8 @@ function normalizeCatalog(catalog: Catalog): Catalog {
       user: mapping.user,
       server: mapping.server,
       options: redactSensitiveOptionPairs(mapping.options),
+      wrapper_handler: mapping.wrapper_handler,
+      wrapper_validator: mapping.wrapper_validator,
     });
   });
@@ -470,6 +476,8 @@ function normalizeCatalog(catalog: Catalog): Catalog {
         options: redactSensitiveOptionPairs(foreignTable.options),
         comment: foreignTable.comment,
         privileges: foreignTable.privileges,
+        wrapper_handler: foreignTable.wrapper_handler,
+        wrapper_validator: foreignTable.wrapper_validator,
       }),
   );

package/src/core/integrations/supabase.test.ts CHANGED Viewed

@@ -55,6 +55,86 @@ function fdwPrivilegeChange(fdw: { name: string; owner: string }): Change {
   } as unknown as Change;
 }
+function serverChange(
+  operation: "create" | "alter" | "drop",
+  server: {
+    name: string;
+    owner: string;
+    foreign_data_wrapper: string;
+    wrapper_handler: string | null;
+    wrapper_validator: string | null;
+  },
+): Change {
+  return {
+    objectType: "server",
+    operation,
+    scope: "object",
+    server: {
+      type: null,
+      version: null,
+      options: null,
+      comment: null,
+      privileges: [],
+      ...server,
+    },
+    requires: [],
+    creates: [],
+    drops: [],
+  } as unknown as Change;
+}
+function foreignTableChange(
+  operation: "create" | "alter" | "drop",
+  foreignTable: {
+    schema: string;
+    name: string;
+    owner: string;
+    server: string;
+    wrapper_handler: string | null;
+    wrapper_validator: string | null;
+  },
+): Change {
+  return {
+    objectType: "foreign_table",
+    operation,
+    scope: "object",
+    foreignTable: {
+      options: null,
+      comment: null,
+      columns: [],
+      privileges: [],
+      security_labels: [],
+      ...foreignTable,
+    },
+    requires: [],
+    creates: [],
+    drops: [],
+  } as unknown as Change;
+}
+function userMappingChange(
+  operation: "create" | "alter" | "drop",
+  userMapping: {
+    user: string;
+    server: string;
+    wrapper_handler: string | null;
+    wrapper_validator: string | null;
+  },
+): Change {
+  return {
+    objectType: "user_mapping",
+    operation,
+    scope: "object",
+    userMapping: {
+      options: null,
+      ...userMapping,
+    },
+    requires: [],
+    creates: [],
+    drops: [],
+  } as unknown as Change;
+}
 function serverPrivilegeChange(server: {
   name: string;
   owner: string;
@@ -71,6 +151,33 @@ function serverPrivilegeChange(server: {
   } as unknown as Change;
 }
+/**
+ * Build a synthetic trigger change shaped like what `flattenChange` consumes.
+ * The flattener emits keys `trigger/schema`, `trigger/table_name`,
+ * `trigger/function_schema`, etc. by walking the nested `trigger` model.
+ */
+function triggerChange(
+  operation: "create" | "alter" | "drop",
+  trigger: {
+    schema: string;
+    name: string;
+    table_name: string;
+    function_schema: string;
+    function_name: string;
+    owner: string;
+  },
+): Change {
+  return {
+    objectType: "trigger",
+    operation,
+    scope: "object",
+    trigger,
+    requires: [],
+    creates: [],
+    drops: [],
+  } as unknown as Change;
+}
 describe("supabase integration filter — foreign data wrappers", () => {
   // Regression for CLI-1470. Wasm-based foreign data wrappers on Supabase
   // (e.g. `clerk`, `clerk_oauth`) are provisioned at project creation by
@@ -128,6 +235,35 @@ describe("supabase integration filter — foreign data wrappers", () => {
     expect(evaluatePattern(filter, change)).toBe(true);
   });
+  // `postgres_fdw` (and other contrib FDWs) install their handler/validator
+  // into `extensions` on Supabase, but they ARE available in the local image,
+  // so a user-created `postgres_fdw` wrapper must roundtrip. Only the Wasm
+  // `wasm_fdw_handler` / `wasm_fdw_validator` functions identify the
+  // platform-managed wrappers that local Docker cannot provision.
+  test("preserves user FDW whose handler is extensions.postgres_fdw_handler", () => {
+    const change = fdwChange("create", {
+      name: "postgres_fdw",
+      owner: "postgres",
+      handler: "extensions.postgres_fdw_handler",
+      validator: "extensions.postgres_fdw_validator",
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  // The Wasm discriminator must be an exact function-name match, not a
+  // prefix: a user function whose name merely starts with `wasm_fdw_handler`
+  // (e.g. `wasm_fdw_handler_custom`) is not the platform `wrappers` handler
+  // and must roundtrip.
+  test("preserves user FDW whose handler extends the wasm_fdw_handler prefix", () => {
+    const change = fdwChange("create", {
+      name: "custom_wasm",
+      owner: "postgres",
+      handler: "extensions.wasm_fdw_handler_custom",
+      validator: "extensions.wasm_fdw_validator_custom",
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
   test("preserves user FDW with no handler/validator", () => {
     const change = fdwChange("create", {
       name: "user_fdw_bare",
@@ -196,3 +332,202 @@ describe("supabase integration filter — foreign data wrapper / server ACLs", (
     expect(evaluatePattern(filter, change)).toBe(true);
   });
 });
+describe("supabase integration filter — Wasm FDW dependents", () => {
+  const wasmWrapper = {
+    wrapper_handler: "extensions.wasm_fdw_handler",
+    wrapper_validator: "extensions.wasm_fdw_validator",
+  } as const;
+  const userWrapper = {
+    wrapper_handler: "public.postgres_fdw_handler",
+    wrapper_validator: "public.postgres_fdw_validator",
+  } as const;
+  // `postgres_fdw` installs its handler/validator into `extensions` on
+  // Supabase, but the contrib FDW IS available locally, so user-owned
+  // servers / foreign tables / user mappings built on it must roundtrip.
+  // Keying suppression on the bare `extensions.*` namespace would wrongly
+  // drop them; only the Wasm `wasm_fdw_*` functions mark platform wrappers.
+  const extensionsPgFdwWrapper = {
+    wrapper_handler: "extensions.postgres_fdw_handler",
+    wrapper_validator: "extensions.postgres_fdw_validator",
+  } as const;
+  test("suppresses CREATE SERVER bound to extensions.* Wasm FDW", () => {
+    const change = serverChange("create", {
+      name: "clerk_oauth_server",
+      owner: "postgres",
+      foreign_data_wrapper: "clerk_oauth",
+      ...wasmWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("suppresses DROP FOREIGN TABLE bound to extensions.* Wasm FDW", () => {
+    const change = foreignTableChange("drop", {
+      schema: "public",
+      name: "clerk_oauth",
+      owner: "postgres",
+      server: "clerk_oauth_server",
+      ...wasmWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("suppresses ALTER FOREIGN TABLE bound to extensions.* Wasm FDW", () => {
+    const change = foreignTableChange("alter", {
+      schema: "public",
+      name: "clerk_oauth",
+      owner: "postgres",
+      server: "clerk_oauth_server",
+      ...wasmWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("suppresses DROP USER MAPPING bound to extensions.* Wasm FDW", () => {
+    const change = userMappingChange("drop", {
+      user: "postgres",
+      server: "clerk_server",
+      ...wasmWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("suppresses CREATE USER MAPPING when only wrapper validator is in extensions", () => {
+    const change = userMappingChange("create", {
+      user: "postgres",
+      server: "clerk_server",
+      wrapper_handler: null,
+      wrapper_validator: "extensions.wasm_fdw_validator",
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("preserves CREATE SERVER bound to user postgres_fdw wrapper", () => {
+    const change = serverChange("create", {
+      name: "live_risk_server",
+      owner: "postgres",
+      foreign_data_wrapper: "postgres_fdw",
+      ...userWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  test("preserves server ACL when postgres_fdw handler lives in extensions", () => {
+    const change = serverPrivilegeChange({
+      name: "user_server",
+      owner: "postgres",
+    });
+    (change as unknown as { server: Record<string, unknown> }).server = {
+      name: "user_server",
+      owner: "postgres",
+      wrapper_handler: "extensions.postgres_fdw_handler",
+      wrapper_validator: "extensions.postgres_fdw_validator",
+    };
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  test("preserves CREATE FOREIGN TABLE on user postgres_fdw server", () => {
+    const change = foreignTableChange("create", {
+      schema: "live_risk",
+      name: "devices",
+      owner: "postgres",
+      server: "live_risk_server",
+      ...userWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  test("preserves CREATE SERVER when postgres_fdw handler lives in extensions", () => {
+    const change = serverChange("create", {
+      name: "user_pg_server",
+      owner: "postgres",
+      foreign_data_wrapper: "postgres_fdw",
+      ...extensionsPgFdwWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  test("preserves CREATE FOREIGN TABLE when postgres_fdw handler lives in extensions", () => {
+    const change = foreignTableChange("create", {
+      schema: "user_fdw_test",
+      name: "remote_row",
+      owner: "postgres",
+      server: "user_pg_server",
+      ...extensionsPgFdwWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  test("preserves CREATE USER MAPPING when postgres_fdw handler lives in extensions", () => {
+    const change = userMappingChange("create", {
+      user: "postgres",
+      server: "user_pg_server",
+      ...extensionsPgFdwWrapper,
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+  // Exact-match guard at the dependent level too: a server bound to a wrapper
+  // whose handler merely shares the `wasm_fdw_handler` prefix must roundtrip.
+  test("preserves CREATE SERVER when wrapper handler extends the wasm_fdw_handler prefix", () => {
+    const change = serverChange("create", {
+      name: "custom_wasm_server",
+      owner: "postgres",
+      foreign_data_wrapper: "custom_wasm",
+      wrapper_handler: "extensions.wasm_fdw_handler_custom",
+      wrapper_validator: "extensions.wasm_fdw_validator_custom",
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+});
+describe("supabase integration filter — pgmq queue triggers", () => {
+  // Regression for the pgmq-1.4.4 cloud projects. `pgmq.create('<name>')`
+  // materializes `pgmq.q_<name>` and `pgmq.a_<name>` at runtime — they are
+  // NOT created by `CREATE EXTENSION pgmq`. On a healthy install the trigger
+  // extractor's `extension_table_oids` join already drops these via the
+  // `pg_depend deptype='e'` row that newer pgmq versions record, but on
+  // pgmq 1.4.4 that row is never recorded, so user triggers on the queue
+  // tables leak into the diff and break `supabase db reset` with
+  // `relation "pgmq.q_<name>" does not exist`. The filter must drop them
+  // at the supabase-integration level too, regardless of pg_depend state.
+  test("suppresses CREATE trigger on pgmq.q_<name> calling a public function", () => {
+    const change = triggerChange("create", {
+      schema: "pgmq",
+      name: "after_insert_processed_milestones_queue",
+      table_name: "q_processed_milestones_queue",
+      function_schema: "public",
+      function_name: "move_data_from_queue",
+      owner: "postgres",
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("suppresses DROP trigger on pgmq.a_<name> calling a public function", () => {
+    const change = triggerChange("drop", {
+      schema: "pgmq",
+      name: "after_insert_archive",
+      table_name: "a_processed_milestones_queue",
+      function_schema: "public",
+      function_name: "archive_handler",
+      owner: "postgres",
+    });
+    expect(evaluatePattern(filter, change)).toBe(false);
+  });
+  test("preserves CREATE trigger on auth.users calling a public function", () => {
+    const change = triggerChange("create", {
+      schema: "auth",
+      name: "on_auth_user_created",
+      table_name: "users",
+      function_schema: "public",
+      function_name: "handle_new_user",
+      owner: "supabase_auth_admin",
+    });
+    expect(evaluatePattern(filter, change)).toBe(true);
+  });
+});

package/src/core/integrations/supabase.ts CHANGED Viewed

@@ -125,6 +125,30 @@ export const supabase: IntegrationDSL = {
               "trigger/function_schema": [...SUPABASE_SYSTEM_SCHEMAS],
             },
           },
+          // Defensive fallback for dynamically-created pgmq queue /
+          // archive tables. `pgmq.q_<name>` and `pgmq.a_<name>` are
+          // materialized by `select pgmq.create('<name>')`, NOT by
+          // `CREATE EXTENSION pgmq`, so emitting a user trigger against
+          // them fails locally with
+          // `relation "pgmq.q_<name>" does not exist`. On a healthy
+          // install the trigger extractor's `extension_table_oids` join
+          // (packages/pg-delta/src/core/objects/trigger/trigger.model.ts)
+          // already drops these via the `pg_depend deptype='e'` row pgmq
+          // records during `pgmq.create()`; this rule covers projects
+          // where that row is missing (older pgmq, manual table
+          // rewrites, `pg_dump`/restore that loses extension deps, ...).
+          // pgmq 1.4.4 — the version Supabase Cloud currently ships —
+          // does not record the dependency at all.
+          {
+            not: {
+              and: [
+                { "trigger/schema": "pgmq" },
+                {
+                  "trigger/table_name": { op: "regex", value: "^[qa]_" },
+                },
+              ],
+            },
+          },
         ],
       },
       // Exclude system objects
@@ -185,15 +209,25 @@ export const supabase: IntegrationDSL = {
               ],
             },
             // Platform-managed foreign data wrappers — Wasm-based FDWs
-            // (e.g. `clerk`, `clerk_oauth`) whose handler/validator live in
-            // the `extensions` schema. `CREATE FOREIGN DATA WRAPPER`
-            // requires superuser, and Supabase Cloud provisions these via
-            // `supabase_admin` at project creation; replaying the DDL
-            // against a local image fails because the local environment
-            // has no equivalent pre-step. We can't rely on the FDW owner
-            // alone — after a dump/restore the owner is often rewritten
-            // away from `supabase_admin` — so match on the function
-            // reference instead.
+            // (e.g. `clerk`, `clerk_oauth`) provisioned via the `wrappers`
+            // extension. Supabase Cloud creates these as
+            // `CREATE FOREIGN DATA WRAPPER clerk_oauth HANDLER
+            // extensions.wasm_fdw_handler VALIDATOR
+            // extensions.wasm_fdw_validator` at project creation; replaying
+            // the DDL against a local image fails because the local
+            // environment has no equivalent pre-step. We can't rely on the
+            // FDW owner alone — after a dump/restore the owner is often
+            // rewritten away from `supabase_admin` — so match on the shared
+            // Wasm handler/validator (`extensions.wasm_fdw_handler` /
+            // `extensions.wasm_fdw_validator`) instead.
+            //
+            // Matching the bare `extensions.*` namespace would be too broad:
+            // contrib FDWs like `postgres_fdw` also install their
+            // handler/validator into `extensions` on Supabase, and those ARE
+            // available in the local image, so a user-created `postgres_fdw`
+            // wrapper (and its servers/foreign tables/user mappings) must
+            // still roundtrip. Keying on the `wasm_fdw_*` function names
+            // targets only the platform Wasm wrappers.
             {
               and: [
                 { objectType: "foreign_data_wrapper" },
@@ -202,13 +236,70 @@ export const supabase: IntegrationDSL = {
                     {
                       "foreign_data_wrapper/handler": {
                         op: "regex",
-                        value: "^extensions\\.",
+                        value: "^extensions\\.wasm_fdw_handler$",
                       },
                     },
                     {
                       "foreign_data_wrapper/validator": {
                         op: "regex",
-                        value: "^extensions\\.",
+                        value: "^extensions\\.wasm_fdw_validator$",
+                      },
+                    },
+                  ],
+                },
+              ],
+            },
+            // Platform-managed Wasm FDW dependents (CLI-1470 follow-up).
+            // Suppressing the wrapper DDL alone leaves `CREATE SERVER` /
+            // `CREATE FOREIGN TABLE` / `CREATE USER MAPPING` that reference
+            // a wrapper local Docker never provisions (`clerk_oauth`, etc.).
+            // Match on the parent wrapper's Wasm handler/validator
+            // (`extensions.wasm_fdw_handler` / `extensions.wasm_fdw_validator`,
+            // joined at extract time) — the same discriminator used for the
+            // wrapper itself above. A bare `extensions.*` match would also
+            // drop user-created `postgres_fdw` servers/foreign tables/user
+            // mappings (whose handler installs into `extensions` but which
+            // the local image CAN provision), so keep it scoped to the Wasm
+            // function names. Server _privilege_ scope is excluded here —
+            // `GRANT/REVOKE ON SERVER` does not require superuser and remains
+            // user-declarative state (see CLI-1469 companion test).
+            {
+              and: [
+                { objectType: "server" },
+                { not: { scope: "privilege" } },
+                {
+                  or: [
+                    {
+                      "{server,foreign_table,user_mapping}/wrapper_handler": {
+                        op: "regex",
+                        value: "^extensions\\.wasm_fdw_handler$",
+                      },
+                    },
+                    {
+                      "{server,foreign_table,user_mapping}/wrapper_validator": {
+                        op: "regex",
+                        value: "^extensions\\.wasm_fdw_validator$",
+                      },
+                    },
+                  ],
+                },
+              ],
+            },
+            {
+              and: [
+                { objectType: ["foreign_table", "user_mapping"] },
+                {
+                  or: [
+                    {
+                      "{server,foreign_table,user_mapping}/wrapper_handler": {
+                        op: "regex",
+                        value: "^extensions\\.wasm_fdw_handler$",
+                      },
+                    },
+                    {
+                      "{server,foreign_table,user_mapping}/wrapper_validator": {
+                        op: "regex",
+                        value: "^extensions\\.wasm_fdw_validator$",
                       },
                     },
                   ],