@undefineds.co/xpod 0.3.31 → 0.3.32

package/dist/identity/drizzle/AccountRepository.js

@@ -1,130 +1,26 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AccountRepository = void 0;
-const drizzle_orm_1 = require("drizzle-orm");
-const db_1 = require("./db");
+const PodLookupRepository_1 = require("./PodLookupRepository");
 /**
- * Repository for account and pod quota operations.
- *
- * Reads account/pod data from CSS's internal_kv table.
- * Quota limits are stored in identity_account_usage / identity_pod_usage tables.
+ * Reads account/pod ownership data from the CSS identity facts.
+ * Quota values live in identity_usage and are managed by UsageRepository.
  */
 class AccountRepository {
     constructor(db, kvTableName) {
-        this.db = db;
-        this.kvTableName = kvTableName ?? 'internal_kv';
-        this.accountUsageTable = 'identity_account_usage';
-        this.podUsageTable = 'identity_pod_usage';
-    }
-    async getAccountQuota(accountId) {
-        try {
-            const tableId = drizzle_orm_1.sql.identifier([this.accountUsageTable]);
-            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `SELECT storage_limit_bytes FROM ${tableId} WHERE account_id = ${accountId} LIMIT 1`);
-            if (result.rows.length === 0) {
-                return undefined;
-            }
-            const limit = result.rows[0].storage_limit_bytes;
-            return limit != null ? limit : undefined;
-        }
-        catch {
-            // Table might not exist
-            return undefined;
-        }
+        this.podLookupRepo = new PodLookupRepository_1.PodLookupRepository(db, kvTableName);
     }
     async getPodInfo(podId) {
-        // Get pod info from CSS's internal_kv
-        const kvTableId = drizzle_orm_1.sql.identifier([this.kvTableName]);
-        const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-      SELECT key, value FROM ${kvTableId}
-      WHERE key LIKE 'accounts/data/%'
-    `);
-        for (const row of result.rows) {
-            try {
-                const accountId = row.key.replace('accounts/data/', '');
-                const data = typeof row.value === 'string' ? JSON.parse(row.value) : row.value;
-                const podMap = data['**pod**'] || data.pod || {};
-                if (podMap[podId]) {
-                    const pod = podMap[podId];
-                    const podQuota = await this.getPodQuota(podId);
-                    return {
-                        accountId,
-                        baseUrl: typeof pod.baseUrl === 'string' ? pod.baseUrl : undefined,
-                        podQuota,
-                    };
-                }
-            }
-            catch {
-                // Skip malformed entries
-            }
-        }
-        return undefined;
-    }
-    async getPodQuota(podId) {
-        try {
-            const tableId = drizzle_orm_1.sql.identifier([this.podUsageTable]);
-            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `SELECT storage_limit_bytes FROM ${tableId} WHERE pod_id = ${podId} LIMIT 1`);
-            if (result.rows.length === 0) {
-                return undefined;
-            }
-            const limit = result.rows[0].storage_limit_bytes;
-            return limit != null ? limit : undefined;
-        }
-        catch {
-            // Table might not exist
-            return undefined;
-        }
-    }
-    async getQuotaContext(accountId, podId) {
-        const podInfo = await this.getPodInfo(podId);
-        if (!podInfo) {
-            return undefined;
-        }
-        if (podInfo.accountId !== accountId) {
+        const pod = await this.podLookupRepo.findById(podId)
+            ?? await this.podLookupRepo.findByResourceIdentifier(podId);
+        if (!pod) {
             return undefined;
         }
-        const accountQuota = await this.getAccountQuota(accountId);
         return {
-            accountId,
-            podId,
-            baseUrl: podInfo.baseUrl,
-            podQuota: podInfo.podQuota,
-            accountQuota,
+            accountId: pod.accountId,
+            baseUrl: pod.baseUrl,
         };
     }
-    async setAccountQuota(accountId, quota) {
-        const tableId = drizzle_orm_1.sql.identifier([this.accountUsageTable]);
-        if ((0, db_1.isDatabaseSqlite)(this.db)) {
-            await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO ${tableId} (account_id, storage_limit_bytes)
-        VALUES (${accountId}, ${quota ?? null})
-        ON CONFLICT (account_id) DO UPDATE SET storage_limit_bytes = ${quota ?? null}
-      `);
-        }
-        else {
-            await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO ${tableId} (account_id, storage_limit_bytes)
-        VALUES (${accountId}, ${quota ?? null})
-        ON CONFLICT (account_id) DO UPDATE SET storage_limit_bytes = EXCLUDED.storage_limit_bytes
-      `);
-        }
-    }
-    async setPodQuota(podId, quota) {
-        const tableId = drizzle_orm_1.sql.identifier([this.podUsageTable]);
-        if ((0, db_1.isDatabaseSqlite)(this.db)) {
-            await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO ${tableId} (pod_id, account_id, storage_limit_bytes)
-        VALUES (${podId}, '', ${quota ?? null})
-        ON CONFLICT (pod_id) DO UPDATE SET storage_limit_bytes = ${quota ?? null}
-      `);
-        }
-        else {
-            await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO ${tableId} (pod_id, account_id, storage_limit_bytes)
-        VALUES (${podId}, '', ${quota ?? null})
-        ON CONFLICT (pod_id) DO UPDATE SET storage_limit_bytes = EXCLUDED.storage_limit_bytes
-      `);
-        }
-    }
 }
 exports.AccountRepository = AccountRepository;
 //# sourceMappingURL=AccountRepository.js.map

package/dist/identity/drizzle/AccountRepository.js.map

@@ -1 +1 @@
-{"version":3,"file":"AccountRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/AccountRepository.ts"],"names":[],"mappings":";;;AAAA,6CAAkC;AAClC,6BAA6E;AAe7E;;;;;GAKG;AACH,MAAa,iBAAiB;IAK5B,YACmB,EAAoB,EACrC,WAAoB;QADH,OAAE,GAAF,EAAE,CAAkB;QAGrC,IAAI,CAAC,WAAW,GAAG,WAAW,IAAI,aAAa,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,wBAAwB,CAAC;QAClD,IAAI,CAAC,aAAa,GAAG,oBAAoB,CAAC;IAC5C,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAiB;QAC5C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAC/B,IAAI,CAAC,EAAE,EACP,IAAA,iBAAG,EAAA,mCAAmC,OAAO,uBAAuB,SAAS,UAAU,CACxF,CAAC;YACF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC;YACjD,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;YACxB,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,KAAa;QACnC,sCAAsC;QACtC,MAAM,SAAS,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAgB,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;+BAClC,SAAS;;KAEnC,CAAC,CAAC;QAEH,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBACxD,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;gBAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;gBAEjD,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAA4B,CAAC;oBACrD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;oBAC/C,OAAO;wBACL,SAAS;wBACT,OAAO,EAAE,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;wBAClE,QAAQ;qBACT,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,KAAa;QACrC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAC/B,IAAI,CAAC,EAAE,EACP,IAAA,iBAAG,EAAA,mCAAmC,OAAO,mBAAmB,KAAK,UAAU,CAChF,CAAC;YACF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC;YACjD,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;YACxB,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAiB,EAAE,KAAa;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAC3D,OAAO;YACL,SAAS;YACT,KAAK;YACL,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY;SACb,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAiB,EAAE,KAAc;QAC5D,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzD,IAAI,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;sBACf,OAAO;kBACX,SAAS,KAAK,KAAK,IAAI,IAAI;uEAC0B,KAAK,IAAI,IAAI;OAC7E,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;sBACf,OAAO;kBACX,SAAS,KAAK,KAAK,IAAI,IAAI;;OAEtC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,KAAc;QACpD,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACrD,IAAI,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;sBACf,OAAO;kBACX,KAAK,SAAS,KAAK,IAAI,IAAI;mEACsB,KAAK,IAAI,IAAI;OACzE,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;sBACf,OAAO;kBACX,KAAK,SAAS,KAAK,IAAI,IAAI;;OAEtC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF;AApID,8CAoIC","sourcesContent":["import { sql } from 'drizzle-orm';\nimport { type IdentityDatabase, executeQuery, isDatabaseSqlite } from './db';\n\nexport interface PodQuotaContext {\n  accountId: string;\n  podId: string;\n  baseUrl?: string;\n  podQuota?: number;\n  accountQuota?: number;\n}\n\ninterface InternalKvRow {\n  key: string;\n  value: string;\n}\n\n/**\n * Repository for account and pod quota operations.\n *\n * Reads account/pod data from CSS's internal_kv table.\n * Quota limits are stored in identity_account_usage / identity_pod_usage tables.\n */\nexport class AccountRepository {\n  private readonly kvTableName: string;\n  private readonly accountUsageTable: string;\n  private readonly podUsageTable: string;\n\n  public constructor(\n    private readonly db: IdentityDatabase,\n    kvTableName?: string,\n  ) {\n    this.kvTableName = kvTableName ?? 'internal_kv';\n    this.accountUsageTable = 'identity_account_usage';\n    this.podUsageTable = 'identity_pod_usage';\n  }\n\n  public async getAccountQuota(accountId: string): Promise<number | undefined> {\n    try {\n      const tableId = sql.identifier([this.accountUsageTable]);\n      const result = await executeQuery<{ storage_limit_bytes: number | null }>(\n        this.db,\n        sql`SELECT storage_limit_bytes FROM ${tableId} WHERE account_id = ${accountId} LIMIT 1`,\n      );\n      if (result.rows.length === 0) {\n        return undefined;\n      }\n      const limit = result.rows[0].storage_limit_bytes;\n      return limit != null ? limit : undefined;\n    } catch {\n      // Table might not exist\n      return undefined;\n    }\n  }\n\n  public async getPodInfo(podId: string): Promise<{ accountId: string; podQuota?: number; baseUrl?: string } | undefined> {\n    // Get pod info from CSS's internal_kv\n    const kvTableId = sql.identifier([this.kvTableName]);\n    const result = await executeQuery<InternalKvRow>(this.db, sql`\n      SELECT key, value FROM ${kvTableId}\n      WHERE key LIKE 'accounts/data/%'\n    `);\n\n    for (const row of result.rows) {\n      try {\n        const accountId = row.key.replace('accounts/data/', '');\n        const data = typeof row.value === 'string' ? JSON.parse(row.value) : row.value;\n        const podMap = data['**pod**'] || data.pod || {};\n\n        if (podMap[podId]) {\n          const pod = podMap[podId] as Record<string, unknown>;\n          const podQuota = await this.getPodQuota(podId);\n          return {\n            accountId,\n            baseUrl: typeof pod.baseUrl === 'string' ? pod.baseUrl : undefined,\n            podQuota,\n          };\n        }\n      } catch {\n        // Skip malformed entries\n      }\n    }\n\n    return undefined;\n  }\n\n  private async getPodQuota(podId: string): Promise<number | undefined> {\n    try {\n      const tableId = sql.identifier([this.podUsageTable]);\n      const result = await executeQuery<{ storage_limit_bytes: number | null }>(\n        this.db,\n        sql`SELECT storage_limit_bytes FROM ${tableId} WHERE pod_id = ${podId} LIMIT 1`,\n      );\n      if (result.rows.length === 0) {\n        return undefined;\n      }\n      const limit = result.rows[0].storage_limit_bytes;\n      return limit != null ? limit : undefined;\n    } catch {\n      // Table might not exist\n      return undefined;\n    }\n  }\n\n  public async getQuotaContext(accountId: string, podId: string): Promise<PodQuotaContext | undefined> {\n    const podInfo = await this.getPodInfo(podId);\n    if (!podInfo) {\n      return undefined;\n    }\n    if (podInfo.accountId !== accountId) {\n      return undefined;\n    }\n    const accountQuota = await this.getAccountQuota(accountId);\n    return {\n      accountId,\n      podId,\n      baseUrl: podInfo.baseUrl,\n      podQuota: podInfo.podQuota,\n      accountQuota,\n    };\n  }\n\n  public async setAccountQuota(accountId: string, quota?: number): Promise<void> {\n    const tableId = sql.identifier([this.accountUsageTable]);\n    if (isDatabaseSqlite(this.db)) {\n      await executeQuery(this.db, sql`\n        INSERT INTO ${tableId} (account_id, storage_limit_bytes)\n        VALUES (${accountId}, ${quota ?? null})\n        ON CONFLICT (account_id) DO UPDATE SET storage_limit_bytes = ${quota ?? null}\n      `);\n    } else {\n      await executeQuery(this.db, sql`\n        INSERT INTO ${tableId} (account_id, storage_limit_bytes)\n        VALUES (${accountId}, ${quota ?? null})\n        ON CONFLICT (account_id) DO UPDATE SET storage_limit_bytes = EXCLUDED.storage_limit_bytes\n      `);\n    }\n  }\n\n  public async setPodQuota(podId: string, quota?: number): Promise<void> {\n    const tableId = sql.identifier([this.podUsageTable]);\n    if (isDatabaseSqlite(this.db)) {\n      await executeQuery(this.db, sql`\n        INSERT INTO ${tableId} (pod_id, account_id, storage_limit_bytes)\n        VALUES (${podId}, '', ${quota ?? null})\n        ON CONFLICT (pod_id) DO UPDATE SET storage_limit_bytes = ${quota ?? null}\n      `);\n    } else {\n      await executeQuery(this.db, sql`\n        INSERT INTO ${tableId} (pod_id, account_id, storage_limit_bytes)\n        VALUES (${podId}, '', ${quota ?? null})\n        ON CONFLICT (pod_id) DO UPDATE SET storage_limit_bytes = EXCLUDED.storage_limit_bytes\n      `);\n    }\n  }\n}\n"]}
+{"version":3,"file":"AccountRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/AccountRepository.ts"],"names":[],"mappings":";;;AACA,+DAA4D;AAE5D;;;GAGG;AACH,MAAa,iBAAiB;IAG5B,YACE,EAAoB,EACpB,WAAoB;QAEpB,IAAI,CAAC,aAAa,GAAG,IAAI,yCAAmB,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAChE,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,KAAa;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;eAC/C,MAAM,IAAI,CAAC,aAAa,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;QAC9D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAC;IACJ,CAAC;CACF;AArBD,8CAqBC","sourcesContent":["import type { IdentityDatabase } from './db';\nimport { PodLookupRepository } from './PodLookupRepository';\n\n/**\n * Reads account/pod ownership data from the CSS identity facts.\n * Quota values live in identity_usage and are managed by UsageRepository.\n */\nexport class AccountRepository {\n  private readonly podLookupRepo: PodLookupRepository;\n\n  public constructor(\n    db: IdentityDatabase,\n    kvTableName?: string,\n  ) {\n    this.podLookupRepo = new PodLookupRepository(db, kvTableName);\n  }\n\n  public async getPodInfo(podId: string): Promise<{ accountId: string; baseUrl?: string } | undefined> {\n    const pod = await this.podLookupRepo.findById(podId)\n      ?? await this.podLookupRepo.findByResourceIdentifier(podId);\n    if (!pod) {\n      return undefined;\n    }\n    return {\n      accountId: pod.accountId,\n      baseUrl: pod.baseUrl,\n    };\n  }\n}\n"]}

package/dist/identity/drizzle/AccountRoleRepository.d.ts

@@ -6,18 +6,18 @@ export interface AccountRoleContext {
 }
 export declare class AccountRoleRepository {
     private readonly db;
-    private readonly ready;
     private readonly logger;
     constructor(db: IdentityDatabase);
     findByAccountId(accountId: string): Promise<AccountRoleContext | undefined>;
     findByWebId(webId: string): Promise<AccountRoleContext | undefined>;
     findByWebIdLoose(webId: string): Promise<AccountRoleContext | undefined>;
     addRoles(accountId: string, roles: string[]): Promise<void>;
-    private ensureSchema;
-    private fetchRoles;
-    private getAccountPayloadById;
+    private getAccountById;
     private loadAllAccounts;
+    private loadIdentityStoreAccounts;
+    private loadInternalKvAccounts;
     private loadFileAccountMap;
+    private updateAccountRecord;
+    private toJsonSql;
     private isTableMissing;
-    private isDuplicateDefinitionError;
 }

package/dist/identity/drizzle/AccountRoleRepository.js

@@ -10,6 +10,8 @@ const drizzle_orm_1 = require("drizzle-orm");
 const global_logger_factory_1 = require("global-logger-factory");
 const db_1 = require("./db");
 const ACCOUNT_DATA_DIR = node_path_1.default.resolve('.internal', 'accounts', 'data');
+const IDENTITY_STORE_TABLE = 'identity_store';
+const INTERNAL_KV_TABLE = 'internal_kv';
 function resolveWebIds(payload) {
     const candidates = new Set();
     const possibleKeys = ['webId', 'webid', 'primaryWebId', 'primary_webid'];
@@ -38,39 +40,87 @@ function resolveWebIds(payload) {
             }
         }
     }
-    return [...candidates];
+    const webIdLink = payload['**webIdLink**'] ?? payload.webIdLink;
+    if (webIdLink && typeof webIdLink === 'object') {
+        for (const entry of Object.values(webIdLink)) {
+            if (!entry || typeof entry !== 'object') {
+                continue;
+            }
+            const webId = entry.webId;
+            if (typeof webId === 'string' && webId.trim().length > 0) {
+                candidates.add(webId.trim());
+            }
+        }
+    }
+    const podMap = payload['**pod**'] ?? payload.pod;
+    if (podMap && typeof podMap === 'object') {
+        for (const pod of Object.values(podMap)) {
+            if (!pod || typeof pod !== 'object') {
+                continue;
+            }
+            const owner = pod['**owner**'] ?? pod.owner;
+            if (!owner || typeof owner !== 'object') {
+                continue;
+            }
+            for (const entry of Object.values(owner)) {
+                if (!entry || typeof entry !== 'object') {
+                    continue;
+                }
+                const webId = entry.webId;
+                if (typeof webId === 'string' && webId.trim().length > 0) {
+                    candidates.add(webId.trim());
+                }
+            }
+        }
+    }
+    return Array.from(candidates);
+}
+function resolveRoles(payload) {
+    const roles = payload.roles;
+    if (!Array.isArray(roles)) {
+        return [];
+    }
+    return Array.from(new Set(roles
+        .map((role) => typeof role === 'string' ? role.trim() : '')
+        .filter((role) => role.length > 0)));
+}
+function parsePayload(value) {
+    if (!value) {
+        return undefined;
+    }
+    if (typeof value === 'string') {
+        try {
+            const parsed = JSON.parse(value);
+            return parsed && typeof parsed === 'object' ? parsed : undefined;
+        }
+        catch {
+            return undefined;
+        }
+    }
+    return typeof value === 'object' ? value : undefined;
 }
 class AccountRoleRepository {
     constructor(db) {
         this.db = db;
         this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
-        this.ready = this.ensureSchema();
     }
     async findByAccountId(accountId) {
-        await this.ready;
-        const payload = await this.getAccountPayloadById(accountId);
-        if (!payload) {
-            const rolesFallback = await this.fetchRoles(accountId);
-            if (rolesFallback.length === 0) {
-                return undefined;
-            }
-            return { accountId, roles: rolesFallback };
+        const record = await this.getAccountById(accountId);
+        if (!record) {
+            return undefined;
         }
-        const [webId] = resolveWebIds(payload);
-        const roles = await this.fetchRoles(accountId);
-        return { accountId, webId, roles };
+        const [webId] = resolveWebIds(record.payload);
+        return { accountId, webId, roles: resolveRoles(record.payload) };
     }
     async findByWebId(webId) {
-        await this.ready;
         const accounts = await this.loadAllAccounts();
-        for (const { id, payload } of accounts) {
+        for (const { id, payload } of accounts.values()) {
             const knownWebIds = resolveWebIds(payload);
             if (knownWebIds.includes(webId)) {
-                const roles = await this.fetchRoles(id);
                 return {
                     accountId: id,
                     webId,
-                    roles,
+                    roles: resolveRoles(payload),
                 };
             }
         }
@@ -80,100 +130,131 @@ class AccountRoleRepository {
         return this.findByWebId(webId);
     }
     async addRoles(accountId, roles) {
-        await this.ready;
         const unique = Array.from(new Set(roles.map((role) => role.trim()).filter((role) => role.length > 0)));
         if (unique.length === 0) {
             return;
         }
-        for (const role of unique) {
-            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO identity_account_role (account_id, role)
-        VALUES (${accountId}, ${role})
-        ON CONFLICT (account_id, role) DO NOTHING
-      `);
+        const record = await this.getAccountById(accountId);
+        if (!record) {
+            this.logger.warn(`Cannot add roles for unknown account ${accountId}`);
+            return;
         }
+        const nextRoles = Array.from(new Set([...resolveRoles(record.payload), ...unique]));
+        await this.updateAccountRecord(record, { ...record.payload, roles: nextRoles });
     }
-    async ensureSchema() {
-        try {
-            if ((0, db_1.isDatabaseSqlite)(this.db)) {
-                // SQLite syntax
-                await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-          CREATE TABLE IF NOT EXISTS identity_account_role (
-            account_id TEXT NOT NULL,
-            role TEXT NOT NULL,
-            created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
-            PRIMARY KEY (account_id, role)
-          )
-        `);
-            }
-            else {
-                // PostgreSQL syntax
-                await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-          CREATE TABLE IF NOT EXISTS identity_account_role (
-            account_id TEXT NOT NULL,
-            role TEXT NOT NULL,
-            created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-            PRIMARY KEY (account_id, role)
-          )
-        `);
-            }
-        }
-        catch (error) {
-            if (!this.isDuplicateDefinitionError(error)) {
-                throw error;
+    async getAccountById(accountId) {
+        const accounts = await this.loadAllAccounts();
+        return accounts.get(accountId);
+    }
+    async loadAllAccounts() {
+        const accounts = new Map();
+        await this.loadIdentityStoreAccounts(accounts);
+        await this.loadInternalKvAccounts(accounts);
+        for (const [id, payload] of await this.loadFileAccountMap()) {
+            if (!accounts.has(id)) {
+                accounts.set(id, { id, payload, source: 'file' });
             }
-            this.logger.debug('identity_account_role schema already present, skipping creation.');
         }
+        return accounts;
     }
-    async fetchRoles(accountId) {
-        const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-      SELECT role
-      FROM identity_account_role
-      WHERE account_id = ${accountId}
-    `);
-        return result.rows.map((row) => {
-            const value = typeof row.role === 'string' ? row.role.trim() : '';
-            return value;
-        }).filter((value) => value.length > 0);
-    }
-    async getAccountPayloadById(accountId) {
+    async loadIdentityStoreAccounts(accounts) {
+        const tableId = drizzle_orm_1.sql.identifier([IDENTITY_STORE_TABLE]);
+        let rows = [];
         try {
-            const accountResult = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        SELECT payload
-        FROM identity_account
-        WHERE id = ${accountId}
-        LIMIT 1
+            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
+        SELECT container, id, payload
+        FROM ${tableId}
+        WHERE container IN ('account', 'pod', 'owner', 'webIdLink')
       `);
-            if (accountResult.rows.length > 0) {
-                const payload = accountResult.rows[0]?.payload;
-                if (payload && typeof payload === 'object') {
-                    return payload;
-                }
-            }
+            rows = result.rows;
         }
         catch (error) {
             if (!this.isTableMissing(error)) {
                 throw error;
             }
+            return;
+        }
+        const podAccountIds = new Map();
+        const webIdsByAccount = new Map();
+        for (const row of rows) {
+            if (!row.id || !row.container) {
+                continue;
+            }
+            const payload = parsePayload(row.payload);
+            if (!payload) {
+                continue;
+            }
+            if (row.container === 'account') {
+                accounts.set(row.id, { id: row.id, payload, source: 'identity-store' });
+            }
+            else if (row.container === 'pod') {
+                const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;
+                if (accountId) {
+                    podAccountIds.set(row.id, accountId);
+                }
+            }
+        }
+        for (const row of rows) {
+            const payload = parsePayload(row.payload);
+            if (!row.container || !payload) {
+                continue;
+            }
+            if (row.container === 'webIdLink') {
+                const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;
+                const webId = typeof payload.webId === 'string' ? payload.webId : undefined;
+                if (accountId && webId) {
+                    appendWebId(webIdsByAccount, accountId, webId);
+                }
+            }
+            else if (row.container === 'owner') {
+                const podId = typeof payload.podId === 'string' ? payload.podId : undefined;
+                const webId = typeof payload.webId === 'string' ? payload.webId : undefined;
+                const accountId = podId ? podAccountIds.get(podId) : undefined;
+                if (accountId && webId) {
+                    appendWebId(webIdsByAccount, accountId, webId);
+                }
+            }
+        }
+        for (const [accountId, webIds] of webIdsByAccount) {
+            const record = accounts.get(accountId);
+            if (!record) {
+                continue;
+            }
+            record.payload = {
+                ...record.payload,
+                webIdLink: Object.fromEntries(Array.from(webIds).map((webId, index) => [
+                    `webid-${index}`,
+                    { accountId, webId },
+                ])),
+            };
         }
-        const files = await this.loadFileAccountMap();
-        return files.get(accountId);
     }
-    async loadAllAccounts() {
+    async loadInternalKvAccounts(accounts) {
+        const tableId = drizzle_orm_1.sql.identifier([INTERNAL_KV_TABLE]);
         try {
-            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `SELECT id, payload FROM identity_account`);
-            return result.rows.map((row) => ({
-                id: row.id,
-                payload: (row.payload ?? {}),
-            }));
+            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
+        SELECT key, value
+        FROM ${tableId}
+        WHERE key LIKE 'accounts/data/%'
+           OR key LIKE '/.internal/accounts/data/%'
+      `);
+            for (const row of result.rows) {
+                if (!row.key) {
+                    continue;
+                }
+                const accountId = extractAccountIdFromKey(row.key);
+                const payload = parsePayload(row.value);
+                if (!accountId || !payload || accounts.has(accountId)) {
+                    continue;
+                }
+                accounts.set(accountId, { id: accountId, payload, source: 'internal-kv', key: row.key });
+            }
         }
         catch (error) {
             if (!this.isTableMissing(error)) {
                 throw error;
             }
         }
-        const files = await this.loadFileAccountMap();
-        return Array.from(files.entries()).map(([id, payload]) => ({ id, payload }));
     }
     async loadFileAccountMap() {
         const map = new Map();
@@ -206,28 +287,54 @@ class AccountRoleRepository {
         }
         return map;
     }
-    isTableMissing(error) {
-        if (!error || typeof error !== 'object') {
-            return false;
+    async updateAccountRecord(record, payload) {
+        if (record.source === 'identity-store') {
+            const tableId = drizzle_orm_1.sql.identifier([IDENTITY_STORE_TABLE]);
+            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
+        UPDATE ${tableId}
+        SET payload = ${this.toJsonSql(payload)}
+        WHERE container = 'account' AND id = ${record.id}
+      `);
+            return;
         }
-        const code = error.code;
-        if (code === '42P01') {
-            return true;
+        if (record.source === 'internal-kv' && record.key) {
+            const tableId = drizzle_orm_1.sql.identifier([INTERNAL_KV_TABLE]);
+            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
+        UPDATE ${tableId}
+        SET value = ${JSON.stringify(payload)}
+        WHERE key = ${record.key}
+      `);
         }
-        const message = error.message ?? '';
-        return /does not exist/u.test(message);
     }
-    isDuplicateDefinitionError(error) {
+    toJsonSql(payload) {
+        const serialized = JSON.stringify(payload);
+        return (0, db_1.isDatabaseSqlite)(this.db) ? (0, drizzle_orm_1.sql) `${serialized}` : (0, drizzle_orm_1.sql) `${serialized}::jsonb`;
+    }
+    isTableMissing(error) {
         if (!error || typeof error !== 'object') {
             return false;
         }
         const code = error.code;
-        if (code && ['23505', '42P07', '42710'].includes(code)) {
+        if (code === '42P01') {
             return true;
         }
         const message = error.message ?? '';
-        return /already exists/u.test(message);
+        return /does not exist|no such table/u.test(message);
     }
 }
 exports.AccountRoleRepository = AccountRoleRepository;
+function appendWebId(target, accountId, webId) {
+    const values = target.get(accountId) ?? new Set();
+    values.add(webId);
+    target.set(accountId, values);
+}
+function extractAccountIdFromKey(key) {
+    const marker = 'accounts/data/';
+    const index = key.indexOf(marker);
+    if (index < 0) {
+        return undefined;
+    }
+    const accountId = key.slice(index + marker.length).replace(/\.json$/u, '');
+    return accountId || undefined;
+}
 //# sourceMappingURL=AccountRoleRepository.js.map