@supabase/pg-delta 1.0.0-alpha.27 → 1.0.0-alpha.29

package/dist/core/catalog.diff.js

@@ -138,19 +138,37 @@ export function diffCatalogs(main, branch, options) {
     changes.push(...diffServers(diffContext, main.servers, branch.servers));
     changes.push(...diffUserMappings(main.userMappings, branch.userMappings));
     changes.push(...diffForeignTables(diffContext, main.foreignTables, branch.foreignTables));
-    // Filter privilege REVOKEs for objects that are being dropped
-    // Avoid emitting redundant REVOKE statements for targets that will no longer exist.
+    // Filter privilege changes for objects that are only being dropped.
+    // Avoid emitting redundant ACL statements for targets that will no longer exist.
     const droppedObjectStableIds = new Set();
+    const createdStableIds = new Set();
     for (const change of changes) {
         if (change.operation === "drop" && change.scope === "object") {
             for (const dep of change.requires) {
                 droppedObjectStableIds.add(dep);
             }
         }
+        if (change.operation === "create" && change.scope === "object") {
+            for (const dep of change.creates) {
+                createdStableIds.add(dep);
+            }
+        }
     }
+    // A pure DROP does not need ACL cleanup: the target object is going away.
+    // A replacement is different: it has both DROP and CREATE for the same stable
+    // id, and its privilege ALTERs describe the ACL state of the newly created
+    // object. Keep all of them, including REVOKE/REVOKE GRANT OPTION generated to
+    // subtract privileges inherited from ALTER DEFAULT PRIVILEGES at create time.
+    const replacementStableIds = new Set([...droppedObjectStableIds].filter((id) => createdStableIds.has(id)));
     let filteredChanges = changes.filter((change) => {
         if (change.operation === "alter" && change.scope === "privilege") {
-            return !droppedObjectStableIds.has(getPrivilegeTargetStableId(change));
+            const targetStableId = getPrivilegeTargetStableId(change);
+            // Checking only privilege creates would keep replacement GRANTs but drop
+            // replacement REVOKEs, so preserve by replacement target stable id instead.
+            if (replacementStableIds.has(targetStableId)) {
+                return true;
+            }
+            return !droppedObjectStableIds.has(targetStableId);
         }
         return true;
     });
@@ -158,6 +176,7 @@ export function diffCatalogs(main, branch, options) {
         changes: filteredChanges,
         mainCatalog: main,
         branchCatalog: branch,
+        diffContext,
     });
     filteredChanges = normalizePostDiffChanges({
         changes: expandedDependencies.changes,

package/dist/core/expand-replace-dependencies.d.ts

@@ -1,5 +1,6 @@
 import type { Catalog } from "./catalog.model.ts";
 import type { Change } from "./change.types.ts";
+import type { ObjectDiffContext } from "./objects/diff-context.ts";
 /**
  * For objects we are replacing (drop + create), ensure that any dependents are also
  * replaced so that destructive drops succeed. Uses dependency edges from pg_depend
@@ -12,9 +13,10 @@ interface ExpandReplaceDependenciesResult {
     changes: Change[];
     replacedTableIds: ReadonlySet<string>;
 }
-export declare function expandReplaceDependencies({ changes, mainCatalog, branchCatalog, }: {
+export declare function expandReplaceDependencies({ changes, mainCatalog, branchCatalog, diffContext, }: {
     changes: Change[];
     mainCatalog: Catalog;
     branchCatalog: Catalog;
+    diffContext?: Pick<ObjectDiffContext, "version" | "currentUser" | "defaultPrivilegeState">;
 }): ExpandReplaceDependenciesResult;
 export {};

package/dist/core/expand-replace-dependencies.js

@@ -4,8 +4,12 @@ import { CreateIndex } from "./objects/index/changes/index.create.js";
 import { DropIndex } from "./objects/index/changes/index.drop.js";
 import { CreateMaterializedView } from "./objects/materialized-view/changes/materialized-view.create.js";
 import { DropMaterializedView } from "./objects/materialized-view/changes/materialized-view.drop.js";
+import { buildCreateMaterializedViewChanges } from "./objects/materialized-view/materialized-view.diff.js";
 import { CreateProcedure } from "./objects/procedure/changes/procedure.create.js";
 import { DropProcedure } from "./objects/procedure/changes/procedure.drop.js";
+import { CreateCommentOnRlsPolicy } from "./objects/rls-policy/changes/rls-policy.comment.js";
+import { CreateRlsPolicy } from "./objects/rls-policy/changes/rls-policy.create.js";
+import { DropRlsPolicy } from "./objects/rls-policy/changes/rls-policy.drop.js";
 import { AlterTableAddConstraint } from "./objects/table/changes/table.alter.js";
 import { CreateCommentOnConstraint } from "./objects/table/changes/table.comment.js";
 import { CreateTable } from "./objects/table/changes/table.create.js";
@@ -19,7 +23,8 @@ import { DropRange } from "./objects/type/range/changes/range.drop.js";
 import { stableId } from "./objects/utils.js";
 import { CreateView } from "./objects/view/changes/view.create.js";
 import { DropView } from "./objects/view/changes/view.drop.js";
-export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog, }) {
+import { buildCreateViewChanges } from "./objects/view/view.diff.js";
+export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog, diffContext, }) {
     const createdIds = new Set();
     const droppedIds = new Set();
     for (const change of changes) {
@@ -34,6 +39,15 @@ export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog,
             replaceRoots.add(id);
         }
     }
+    const promotedRlsPolicyIds = new Set();
+    const additions = collectInvalidatedRlsPolicyReplacements({
+        changes,
+        mainCatalog,
+        branchCatalog,
+        createdIds,
+        droppedIds,
+        promotedRlsPolicyIds,
+    });
     // Procedure stableIds are signature-qualified
     // (`procedure:schema.name(argtypes)`), so a function whose parameter types
     // change has different ids in `createdIds` and `droppedIds` and would not
@@ -76,7 +90,7 @@ export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog,
             replaceRoots.add(id);
         }
     }
-    if (replaceRoots.size === 0) {
+    if (replaceRoots.size === 0 && additions.length === 0) {
         return {
             changes,
             replacedTableIds: new Set(),
@@ -92,7 +106,6 @@ export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog,
         }
         list.add(dep.dependent_stable_id);
     }
-    const additions = [];
     const visitedTargets = new Set();
     const visitedRefs = new Set(replaceRoots);
     const queue = [...replaceRoots];
@@ -144,10 +157,14 @@ export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog,
             const replacementChanges = buildReplaceChanges(resolved, {
                 addDrop,
                 addCreate,
+                diffContext,
             });
             if (!replacementChanges)
                 continue;
             additions.push(...replacementChanges);
+            if (resolved.kind === "rls_policy") {
+                promotedRlsPolicyIds.add(targetId);
+            }
             // If we added a DropTable(T) for an existing table, mark T so any
             // pre-existing object-scope AlterTable*(T) changes get dropped below —
             // the DropTable+CreateTable pair supersedes all structural alterations.
@@ -170,10 +187,70 @@ export function expandReplaceDependencies({ changes, mainCatalog, branchCatalog,
         };
     }
     return {
-        changes: [...changes, ...additions],
+        changes: [
+            ...removeSupersededRlsPolicyAlters(changes, promotedRlsPolicyIds),
+            ...additions,
+        ],
         replacedTableIds: tablesReplacedByExpansion,
     };
 }
+function collectInvalidatedRlsPolicyReplacements({ changes, mainCatalog, branchCatalog, createdIds, droppedIds, promotedRlsPolicyIds, }) {
+    // In-place rewrites report stable ids through `invalidates`: the referenced
+    // object keeps its identity, but dependents bound to the old definition must
+    // be torn down first. RLS policy expressions are tracked in pg_depend, so use
+    // those catalog edges to promote only policies that depend on an invalidated
+    // id, without coupling this expansion pass to a concrete table-change class.
+    const invalidatedIds = new Set();
+    for (const change of changes) {
+        for (const invalidatedId of change.invalidates) {
+            invalidatedIds.add(invalidatedId);
+        }
+    }
+    if (invalidatedIds.size === 0)
+        return [];
+    const replacements = [];
+    for (const dep of mainCatalog.depends) {
+        if (!invalidatedIds.has(dep.referenced_stable_id))
+            continue;
+        const targetId = normalizeDependentId(dep.dependent_stable_id);
+        if (!targetId?.startsWith("rlsPolicy:"))
+            continue;
+        if (promotedRlsPolicyIds.has(targetId))
+            continue;
+        if (createdIds.has(targetId) && droppedIds.has(targetId))
+            continue;
+        const resolved = resolveObjectForStableId(targetId, mainCatalog, branchCatalog);
+        if (!resolved || resolved.kind !== "rls_policy")
+            continue;
+        const addDrop = !droppedIds.has(targetId);
+        const addCreate = !createdIds.has(targetId);
+        const replacementChanges = buildReplaceChanges(resolved, {
+            addDrop,
+            addCreate,
+        });
+        if (!replacementChanges)
+            continue;
+        replacements.push(...replacementChanges);
+        promotedRlsPolicyIds.add(targetId);
+        for (const change of replacementChanges) {
+            for (const id of change.creates ?? [])
+                createdIds.add(id);
+            for (const id of change.drops ?? [])
+                droppedIds.add(id);
+        }
+    }
+    return replacements;
+}
+function removeSupersededRlsPolicyAlters(changes, promotedRlsPolicyIds) {
+    if (promotedRlsPolicyIds.size === 0)
+        return changes;
+    return changes.filter((change) => {
+        if (change.objectType !== "rls_policy" || change.operation !== "alter") {
+            return true;
+        }
+        return !promotedRlsPolicyIds.has(change.policy.stableId);
+    });
+}
 function isOwnedSequenceColumnDependency(referencedId, dependentId, mainCatalog, branchCatalog) {
     // When a sequence replace root is still OWNED BY the same column, the
     // sequence->column pg_depend edge is bookkeeping for ownership, not a signal
@@ -264,6 +341,11 @@ function resolveObjectForStableId(stableId, mainCatalog, branchCatalog) {
         const branch = branchCatalog.procedures[stableId];
         return main && branch ? { kind: "procedure", main, branch } : null;
     }
+    if (stableId.startsWith("rlsPolicy:")) {
+        const main = mainCatalog.rlsPolicies[stableId];
+        const branch = branchCatalog.rlsPolicies[stableId];
+        return main && branch ? { kind: "rls_policy", main, branch } : null;
+    }
     if (stableId.startsWith("domain:")) {
         const main = mainCatalog.domains[stableId];
         const branch = branchCatalog.domains[stableId];
@@ -293,7 +375,7 @@ function resolveObjectForStableId(stableId, mainCatalog, branchCatalog) {
     return null;
 }
 function buildReplaceChanges(resolved, options) {
-    const { addDrop, addCreate } = options;
+    const { addDrop, addCreate, diffContext } = options;
     if (!addDrop && !addCreate)
         return null;
     switch (resolved.kind) {
@@ -327,7 +409,9 @@ function buildReplaceChanges(resolved, options) {
         case "view":
             return [
                 ...(addDrop ? [new DropView({ view: resolved.main })] : []),
-                ...(addCreate ? [new CreateView({ view: resolved.branch })] : []),
+                ...(addCreate
+                    ? buildCreateViewReplacementChanges(resolved.branch, diffContext)
+                    : []),
             ];
         case "materialized_view":
             return [
@@ -335,7 +419,13 @@ function buildReplaceChanges(resolved, options) {
                     ? [new DropMaterializedView({ materializedView: resolved.main })]
                     : []),
                 ...(addCreate
-                    ? [new CreateMaterializedView({ materializedView: resolved.branch })]
+                    ? diffContext
+                        ? buildCreateMaterializedViewChanges(diffContext, resolved.branch)
+                        : [
+                            new CreateMaterializedView({
+                                materializedView: resolved.branch,
+                            }),
+                        ]
                     : []),
             ];
         case "index":
@@ -373,6 +463,18 @@ function buildReplaceChanges(resolved, options) {
                     ? [new CreateProcedure({ procedure: resolved.branch })]
                     : []),
             ];
+        case "rls_policy":
+            return [
+                ...(addDrop ? [new DropRlsPolicy({ policy: resolved.main })] : []),
+                ...(addCreate
+                    ? [
+                        new CreateRlsPolicy({ policy: resolved.branch }),
+                        ...(resolved.branch.comment !== null
+                            ? [new CreateCommentOnRlsPolicy({ policy: resolved.branch })]
+                            : []),
+                    ]
+                    : []),
+            ];
         case "enum":
             return [
                 ...(addDrop ? [new DropEnum({ enum: resolved.main })] : []),
@@ -401,3 +503,11 @@ function buildReplaceChanges(resolved, options) {
             return null;
     }
 }
+function buildCreateViewReplacementChanges(view, diffContext) {
+    // Dependency-closure replacements synthesize a create without going through
+    // `diffViews`, so replay the same owner/comment/security-label/ACL metadata
+    // that a normal non-alterable view replacement would emit.
+    return diffContext
+        ? buildCreateViewChanges(diffContext, view)
+        : [new CreateView({ view })];
+}

package/dist/core/objects/base.change.d.ts

@@ -39,6 +39,18 @@ export declare abstract class BaseChange {
      * Defaults to an empty array. Override in subclasses that remove objects.
      */
     get drops(): string[];
+    /**
+     * Stable identifiers this change invalidates in place.
+     *
+     * Unlike `drops`, the object keeps its identity. This is an ordering-only
+     * signal for mutations that rewrite an existing object in a way that requires
+     * dependents bound to the old definition to be dropped before the mutation
+     * and rebuilt afterward.
+     *
+     * Defaults to an empty array. Override in subclasses that invalidate
+     * dependents without dropping the object.
+     */
+    get invalidates(): string[];
     /**
      * Stable identifiers this change requires to exist beforehand.
      *

package/dist/core/objects/base.change.js

@@ -31,6 +31,20 @@ export class BaseChange {
     get drops() {
         return [];
     }
+    /**
+     * Stable identifiers this change invalidates in place.
+     *
+     * Unlike `drops`, the object keeps its identity. This is an ordering-only
+     * signal for mutations that rewrite an existing object in a way that requires
+     * dependents bound to the old definition to be dropped before the mutation
+     * and rebuilt afterward.
+     *
+     * Defaults to an empty array. Override in subclasses that invalidate
+     * dependents without dropping the object.
+     */
+    get invalidates() {
+        return [];
+    }
     /**
      * Stable identifiers this change requires to exist beforehand.
      *

package/dist/core/objects/materialized-view/materialized-view.diff.d.ts

@@ -1,6 +1,7 @@
 import type { ObjectDiffContext } from "../diff-context.ts";
 import type { MaterializedViewChange } from "./changes/materialized-view.types.ts";
 import type { MaterializedView } from "./materialized-view.model.ts";
+export declare function buildCreateMaterializedViewChanges(ctx: Pick<ObjectDiffContext, "version" | "currentUser" | "defaultPrivilegeState">, mv: MaterializedView): MaterializedViewChange[];
 /**
  * Diff two sets of materialized views from main and branch catalogs.
  *

package/dist/core/objects/materialized-view/materialized-view.diff.js

@@ -8,6 +8,63 @@ import { CreateMaterializedView } from "./changes/materialized-view.create.js";
 import { DropMaterializedView } from "./changes/materialized-view.drop.js";
 import { GrantMaterializedViewPrivileges, RevokeGrantOptionMaterializedViewPrivileges, RevokeMaterializedViewPrivileges, } from "./changes/materialized-view.privilege.js";
 import { CreateSecurityLabelOnMaterializedView, DropSecurityLabelOnMaterializedView, } from "./changes/materialized-view.security-label.js";
+export function buildCreateMaterializedViewChanges(ctx, mv) {
+    const changes = [
+        new CreateMaterializedView({
+            materializedView: mv,
+        }),
+    ];
+    // OWNER: If the materialized view should be owned by someone other than the current user,
+    // emit ALTER MATERIALIZED VIEW ... OWNER TO after creation
+    if (mv.owner !== ctx.currentUser) {
+        changes.push(new AlterMaterializedViewChangeOwner({
+            materializedView: mv,
+            owner: mv.owner,
+        }));
+    }
+    // Materialized view comment on creation
+    if (mv.comment !== null) {
+        changes.push(new CreateCommentOnMaterializedView({
+            materializedView: mv,
+        }));
+    }
+    // Column comments on creation
+    for (const col of mv.columns) {
+        if (col.comment !== null) {
+            changes.push(new CreateCommentOnMaterializedViewColumn({
+                materializedView: mv,
+                column: col,
+            }));
+        }
+    }
+    // Security labels on the matview itself (columns of matviews are not
+    // supported targets of SECURITY LABEL, so we only label the relation).
+    for (const label of mv.security_labels) {
+        changes.push(new CreateSecurityLabelOnMaterializedView({
+            materializedView: mv,
+            securityLabel: label,
+        }));
+    }
+    // PRIVILEGES: For created objects, compare against default privileges state
+    // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
+    // so objects are created with the default privileges state in effect.
+    // We compare default privileges against desired privileges to generate REVOKE/GRANT statements
+    // needed to reach the final desired state.
+    const effectiveDefaults = ctx.defaultPrivilegeState.getEffectiveDefaults(ctx.currentUser, "materialized_view", mv.schema ?? "");
+    const creatorFilteredDefaults = mv.owner !== ctx.currentUser
+        ? effectiveDefaults.filter((p) => p.grantee !== ctx.currentUser)
+        : effectiveDefaults;
+    const desiredPrivileges = mv.privileges;
+    // Filter out owner privileges - owner always has ALL privileges implicitly
+    // and shouldn't be compared. Use the materialized view owner as the reference.
+    const privilegeResults = diffPrivileges(creatorFilteredDefaults, desiredPrivileges, mv.owner);
+    changes.push(...emitColumnPrivilegeChanges(privilegeResults, mv, mv, "materializedView", {
+        Grant: GrantMaterializedViewPrivileges,
+        Revoke: RevokeMaterializedViewPrivileges,
+        RevokeGrantOption: RevokeGrantOptionMaterializedViewPrivileges,
+    }, effectiveDefaults, ctx.version));
+    return changes;
+}
 /**
  * Diff two sets of materialized views from main and branch catalogs.
  *
@@ -20,62 +77,7 @@ export function diffMaterializedViews(ctx, main, branch) {
     const { created, dropped, altered } = diffObjects(main, branch);
     const changes = [];
     for (const materializedViewId of created) {
-        const mv = branch[materializedViewId];
-        changes.push(new CreateMaterializedView({
-            materializedView: mv,
-        }));
-        // OWNER: If the materialized view should be owned by someone other than the current user,
-        // emit ALTER MATERIALIZED VIEW ... OWNER TO after creation
-        if (mv.owner !== ctx.currentUser) {
-            changes.push(new AlterMaterializedViewChangeOwner({
-                materializedView: mv,
-                owner: mv.owner,
-            }));
-        }
-        // Note: RLS (row_security, force_row_security) is a non-alterable property for materialized views.
-        // If RLS needs to be enabled, the materialized view must be dropped and recreated, which is
-        // handled in the "altered" section when non-alterable properties change.
-        // Materialized view comment on creation
-        if (mv.comment !== null) {
-            changes.push(new CreateCommentOnMaterializedView({
-                materializedView: mv,
-            }));
-        }
-        // Column comments on creation
-        for (const col of mv.columns) {
-            if (col.comment !== null) {
-                changes.push(new CreateCommentOnMaterializedViewColumn({
-                    materializedView: mv,
-                    column: col,
-                }));
-            }
-        }
-        // Security labels on the matview itself (columns of matviews are not
-        // supported targets of SECURITY LABEL, so we only label the relation).
-        for (const label of mv.security_labels) {
-            changes.push(new CreateSecurityLabelOnMaterializedView({
-                materializedView: mv,
-                securityLabel: label,
-            }));
-        }
-        // PRIVILEGES: For created objects, compare against default privileges state
-        // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
-        // so objects are created with the default privileges state in effect.
-        // We compare default privileges against desired privileges to generate REVOKE/GRANT statements
-        // needed to reach the final desired state.
-        const effectiveDefaults = ctx.defaultPrivilegeState.getEffectiveDefaults(ctx.currentUser, "materialized_view", mv.schema ?? "");
-        const creatorFilteredDefaults = mv.owner !== ctx.currentUser
-            ? effectiveDefaults.filter((p) => p.grantee !== ctx.currentUser)
-            : effectiveDefaults;
-        const desiredPrivileges = mv.privileges;
-        // Filter out owner privileges - owner always has ALL privileges implicitly
-        // and shouldn't be compared. Use the materialized view owner as the reference.
-        const privilegeResults = diffPrivileges(creatorFilteredDefaults, desiredPrivileges, mv.owner);
-        changes.push(...emitColumnPrivilegeChanges(privilegeResults, mv, mv, "materializedView", {
-            Grant: GrantMaterializedViewPrivileges,
-            Revoke: RevokeMaterializedViewPrivileges,
-            RevokeGrantOption: RevokeGrantOptionMaterializedViewPrivileges,
-        }, effectiveDefaults, ctx.version));
+        changes.push(...buildCreateMaterializedViewChanges(ctx, branch[materializedViewId]));
     }
     for (const materializedViewId of dropped) {
         changes.push(new DropMaterializedView({ materializedView: main[materializedViewId] }));
@@ -101,9 +103,7 @@ export function diffMaterializedViews(ctx, main, branch) {
         const nonAlterablePropsChanged = hasNonAlterableChanges(mainMaterializedView, branchMaterializedView, NON_ALTERABLE_FIELDS, { options: deepEqual });
         if (nonAlterablePropsChanged) {
             // Replace the entire materialized view (drop + create)
-            changes.push(new DropMaterializedView({ materializedView: mainMaterializedView }), new CreateMaterializedView({
-                materializedView: branchMaterializedView,
-            }));
+            changes.push(new DropMaterializedView({ materializedView: mainMaterializedView }), ...buildCreateMaterializedViewChanges(ctx, branchMaterializedView));
         }
         else {
             // Only alterable properties changed - check each one

package/dist/core/objects/table/changes/table.alter.d.ts

@@ -285,6 +285,7 @@ export declare class AlterTableAlterColumnType extends AlterTableChange {
         previousColumn?: ColumnProps;
     });
     get requires(): `column:${string}.${string}.${string}`[];
+    get invalidates(): `column:${string}.${string}.${string}`[];
     serialize(_options?: SerializeOptions): string;
 }
 /**

package/dist/core/objects/table/changes/table.alter.js

@@ -452,6 +452,14 @@ export class AlterTableAlterColumnType extends AlterTableChange {
             stableId.column(this.table.schema, this.table.name, this.column.name),
         ];
     }
+    get invalidates() {
+        // ALTER COLUMN ... TYPE rewrites the column in place. The column keeps its
+        // identity, but anything bound to its old type (views, rules, etc.) must be
+        // dropped before the rewrite and rebuilt after, so report it as invalidated.
+        return [
+            stableId.column(this.table.schema, this.table.name, this.column.name),
+        ];
+    }
     serialize(_options) {
         // previousColumn is optional so direct serializer tests/fixtures can keep
         // emitting canonical ALTER TYPE SQL without forcing a USING expression.

package/dist/core/objects/view/view.diff.d.ts

@@ -1,6 +1,7 @@
 import type { ObjectDiffContext } from "../diff-context.ts";
 import type { ViewChange } from "./changes/view.types.ts";
 import type { View } from "./view.model.ts";
+export declare function buildCreateViewChanges(ctx: Pick<ObjectDiffContext, "version" | "currentUser" | "defaultPrivilegeState">, view: View): ViewChange[];
 /**
  * Diff two sets of views from main and branch catalogs.
  *

package/dist/core/objects/view/view.diff.js

@@ -9,6 +9,39 @@ import { CreateView } from "./changes/view.create.js";
 import { DropView } from "./changes/view.drop.js";
 import { GrantViewPrivileges, RevokeGrantOptionViewPrivileges, RevokeViewPrivileges, } from "./changes/view.privilege.js";
 import { CreateSecurityLabelOnView, DropSecurityLabelOnView, } from "./changes/view.security-label.js";
+export function buildCreateViewChanges(ctx, view) {
+    const changes = [new CreateView({ view })];
+    // OWNER: If the view should be owned by someone other than the current user,
+    // emit ALTER VIEW ... OWNER TO after creation
+    if (view.owner !== ctx.currentUser) {
+        changes.push(new AlterViewChangeOwner({ view, owner: view.owner }));
+    }
+    if (view.comment !== null) {
+        changes.push(new CreateCommentOnView({ view }));
+    }
+    for (const label of view.security_labels) {
+        changes.push(new CreateSecurityLabelOnView({ view, securityLabel: label }));
+    }
+    // PRIVILEGES: For created objects, compare against default privileges state
+    // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
+    // so objects are created with the default privileges state in effect.
+    // We compare default privileges against desired privileges to generate REVOKE/GRANT statements
+    // needed to reach the final desired state.
+    const effectiveDefaults = ctx.defaultPrivilegeState.getEffectiveDefaults(ctx.currentUser, "view", view.schema ?? "");
+    const creatorFilteredDefaults = view.owner !== ctx.currentUser
+        ? effectiveDefaults.filter((p) => p.grantee !== ctx.currentUser)
+        : effectiveDefaults;
+    const desiredPrivileges = view.privileges;
+    // Filter out owner privileges - owner always has ALL privileges implicitly
+    // and shouldn't be compared. Use the view owner as the reference.
+    const privilegeResults = diffPrivileges(creatorFilteredDefaults, desiredPrivileges, view.owner);
+    changes.push(...emitColumnPrivilegeChanges(privilegeResults, view, view, "view", {
+        Grant: GrantViewPrivileges,
+        Revoke: RevokeViewPrivileges,
+        RevokeGrantOption: RevokeGrantOptionViewPrivileges,
+    }, effectiveDefaults, ctx.version));
+    return changes;
+}
 /**
  * Diff two sets of views from main and branch catalogs.
  *
@@ -20,40 +53,8 @@ import { CreateSecurityLabelOnView, DropSecurityLabelOnView, } from "./changes/v
 export function diffViews(ctx, main, branch) {
     const { created, dropped, altered } = diffObjects(main, branch);
     const changes = [];
-    const appendCreateViewChanges = (view) => {
-        changes.push(new CreateView({ view }));
-        // OWNER: If the view should be owned by someone other than the current user,
-        // emit ALTER VIEW ... OWNER TO after creation
-        if (view.owner !== ctx.currentUser) {
-            changes.push(new AlterViewChangeOwner({ view, owner: view.owner }));
-        }
-        if (view.comment !== null) {
-            changes.push(new CreateCommentOnView({ view }));
-        }
-        for (const label of view.security_labels) {
-            changes.push(new CreateSecurityLabelOnView({ view, securityLabel: label }));
-        }
-        // PRIVILEGES: For created objects, compare against default privileges state
-        // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
-        // so objects are created with the default privileges state in effect.
-        // We compare default privileges against desired privileges to generate REVOKE/GRANT statements
-        // needed to reach the final desired state.
-        const effectiveDefaults = ctx.defaultPrivilegeState.getEffectiveDefaults(ctx.currentUser, "view", view.schema ?? "");
-        const creatorFilteredDefaults = view.owner !== ctx.currentUser
-            ? effectiveDefaults.filter((p) => p.grantee !== ctx.currentUser)
-            : effectiveDefaults;
-        const desiredPrivileges = view.privileges;
-        // Filter out owner privileges - owner always has ALL privileges implicitly
-        // and shouldn't be compared. Use the view owner as the reference.
-        const privilegeResults = diffPrivileges(creatorFilteredDefaults, desiredPrivileges, view.owner);
-        changes.push(...emitColumnPrivilegeChanges(privilegeResults, view, view, "view", {
-            Grant: GrantViewPrivileges,
-            Revoke: RevokeViewPrivileges,
-            RevokeGrantOption: RevokeGrantOptionViewPrivileges,
-        }, effectiveDefaults, ctx.version));
-    };
     for (const viewId of created) {
-        appendCreateViewChanges(branch[viewId]);
+        changes.push(...buildCreateViewChanges(ctx, branch[viewId]));
     }
     for (const viewId of dropped) {
         changes.push(new DropView({ view: main[viewId] }));
@@ -83,7 +84,7 @@ export function diffViews(ctx, main, branch) {
         // NON_ALTERABLE_FIELDS - a position change always implies a definition change.
         if (!deepEqual(normalizeColumns(mainView.columns), normalizeColumns(branchView.columns))) {
             changes.push(new DropView({ view: mainView }));
-            appendCreateViewChanges(branchView);
+            changes.push(...buildCreateViewChanges(ctx, branchView));
         }
         else if (nonAlterablePropsChanged) {
             // Replace the entire view using CREATE OR REPLACE to avoid drop when possible

package/dist/core/sort/cycle-breakers.js

@@ -351,9 +351,14 @@ function tryBreakPublicationFkConstraintDropCycle(cycleNodeIndexes, phaseChanges
     if (!publicationTableIds.has(terminalConstraintDrop.table.stableId)) {
         return null;
     }
-    for (const dropTable of dropTables) {
-        if (!publicationTableIds.has(dropTable.table.stableId))
-            return null;
+    // At least one dropped table must be a publication member — that's the
+    // publication → DropTable edge that pulls the publication change into the
+    // cycle (the back-edge is the terminal constraint's table, checked above).
+    // Don't require ALL of them: publications like supabase_realtime commonly
+    // contain only a subset of tables, so intermediate FK-chain tables may not
+    // be members (Sentry SUPABASE-API-7RS / CLI-1605).
+    if (!dropTables.some((dropTable) => publicationTableIds.has(dropTable.table.stableId))) {
+        return null;
     }
     const cycleDropTableIds = new Set(dropTables.map((change) => change.table.stableId));
     let hasFkToTerminalConstraint = false;

package/dist/core/sort/graph-builder.js

@@ -119,6 +119,12 @@ export function buildGraphData(phaseChanges, options) {
             for (const droppedId of changeItem.drops ?? []) {
                 createdIds.add(droppedId);
             }
+            // In-place mutations keep the object identity but invalidate
+            // dependents, so for drop-phase ordering they behave like producers of
+            // the invalidated ids without changing Change.drops.
+            for (const invalidatedId of changeItem.invalidates) {
+                createdIds.add(invalidatedId);
+            }
         }
         return createdIds;
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/pg-delta",
-  "version": "1.0.0-alpha.27",
+  "version": "1.0.0-alpha.29",
   "description": "PostgreSQL migrations made easy",
   "keywords": [
     "diff",
@@ -79,7 +79,7 @@
   },
   "dependencies": {
     "@stricli/core": "^1.2.4",
-    "@supabase/pg-topo": "^1.0.0-alpha.1",
+    "@supabase/pg-topo": "^1.0.0-alpha.2",
     "@ts-safeql/sql-tag": "^0.2.0",
     "chalk": "^5.6.2",
     "debug": "^4.3.7",