@zintrust/core 0.1.48 → 0.1.49

package/src/orm/adapters/MySQLProxyAdapter.js

@@ -4,54 +4,53 @@
  *
  * Used in Cloudflare Workers when MYSQL_PROXY_URL is configured.
  */
-import { Env } from '../../config/env.js';
 import { Logger } from '../../config/logger.js';
 import { ErrorFactory } from '../../exceptions/ZintrustError.js';
 import { AdaptersEnum } from '../../migrations/enum/index.js';
-import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
-import { createStatementPayload, getExecMetaWithLastRowId, resolveSqlProxyMode, } from '../adapters/SqlProxyRegistryMode.js';
+import { ensureSignedSettings, isRecord, } from '../adapters/SqlProxyAdapterUtils.js';
+import { SqlProxyHttpAdapterShared } from '../adapters/SqlProxyHttpAdapterShared.js';
+import { createStatementPayload, getExecMetaWithLastRowId, } from '../adapters/SqlProxyRegistryMode.js';
 import { QueryBuilder } from '../QueryBuilder.js';
 const buildProxySettings = () => {
-    const baseUrl = Env.MYSQL_PROXY_URL;
-    const keyId = Env.MYSQL_PROXY_KEY_ID ?? '';
-    const secret = Env.MYSQL_PROXY_SECRET ?? '';
-    const timeoutMs = Env.MYSQL_PROXY_TIMEOUT_MS;
-    return { baseUrl, keyId, secret, timeoutMs };
+    return SqlProxyHttpAdapterShared.buildProxySettingsFromEnv({
+        urlKey: 'MYSQL_PROXY_URL',
+        keyIdKey: 'MYSQL_PROXY_KEY_ID',
+        secretKey: 'MYSQL_PROXY_SECRET',
+        timeoutKey: 'MYSQL_PROXY_TIMEOUT_MS',
+        sharedKeyIdKey: 'ZT_PROXY_KEY_ID',
+        sharedSecretKey: 'ZT_PROXY_SECRET',
+        sharedTimeoutKey: 'ZT_PROXY_TIMEOUT_MS',
+    });
+};
+const buildSignedProxyConfig = (settings) => {
+    return SqlProxyHttpAdapterShared.buildStandardSignedProxyConfig({
+        settings,
+        label: 'MySQL',
+        urlKey: 'MYSQL_PROXY_URL',
+        keyIdKey: 'MYSQL_PROXY_KEY_ID',
+        secretKey: 'MYSQL_PROXY_SECRET',
+    });
 };
-const buildSignedProxyConfig = (settings) => ({
-    settings,
-    missingUrlMessage: 'MySQL proxy URL is missing (MYSQL_PROXY_URL)',
-    missingCredentialsMessage: 'MySQL proxy signing credentials are missing (MYSQL_PROXY_KEY_ID / MYSQL_PROXY_SECRET)',
-    messages: {
-        unauthorized: 'MySQL proxy unauthorized',
-        forbidden: 'MySQL proxy forbidden',
-        rateLimited: 'MySQL proxy rate limited',
-        rejected: 'MySQL proxy rejected request',
-        error: 'MySQL proxy error',
-        timedOut: 'MySQL proxy request timed out',
-    },
-});
 const isQueryResponse = (value) => isRecord(value) && Array.isArray(value['rows']) && typeof value['rowCount'] === 'number';
 const isQueryOneResponse = (value) => isRecord(value) && 'row' in value;
-const requestProxy = async (settings, path, payload) => {
-    const signedProxyConfig = buildSignedProxyConfig(settings);
+const requestProxy = async (state, path, payload) => {
     try {
-        return await requestSignedProxy(signedProxyConfig, path, payload);
+        return await SqlProxyHttpAdapterShared.requestProxy(state.signed, path, payload);
     }
     catch (error) {
         Logger.error('[MySQLProxyAdapter] Proxy request failed', {
             path,
-            baseUrl: settings.baseUrl,
-            timeoutMs: settings.timeoutMs,
-            hasKeyId: (settings.keyId ?? '').trim() !== '',
-            hasSecret: (settings.secret ?? '').trim() !== '',
+            baseUrl: state.settings.baseUrl,
+            timeoutMs: state.settings.timeoutMs,
+            hasKeyId: (state.settings.keyId ?? '').trim() !== '',
+            hasSecret: (state.settings.secret ?? '').trim() !== '',
             error: error instanceof Error ? error.message : String(error),
         });
         throw error;
     }
 };
 const resolveProxyMode = () => {
-    return resolveSqlProxyMode('MYSQL_PROXY_MODE');
+    return SqlProxyHttpAdapterShared.resolveProxyModeFromEnv('MYSQL_PROXY_MODE');
 };
 const requireConnected = (state) => {
     if (!state.connected)
@@ -76,8 +75,8 @@ const createQuery = (state) => async (sql, parameters) => {
     requireConnected(state);
     const mode = resolveProxyMode();
     const out = mode === 'registry'
-        ? await requestProxy(state.settings, '/zin/mysql/statement', await createStatementPayload(sql, parameters))
-        : await requestProxy(state.settings, '/zin/mysql/query', {
+        ? await requestProxy(state, '/zin/mysql/statement', await createStatementPayload(sql, parameters))
+        : await requestProxy(state, '/zin/mysql/query', {
             sql,
             params: parameters,
         });
@@ -87,13 +86,13 @@ const createQueryOne = (state) => async (sql, parameters) => {
     requireConnected(state);
     const mode = resolveProxyMode();
     if (mode !== 'registry') {
-        const out = await requestProxy(state.settings, '/zin/mysql/queryOne', {
+        const out = await requestProxy(state, '/zin/mysql/queryOne', {
             sql,
             params: parameters,
         });
         return out.row ?? null;
     }
-    const out = await requestProxy(state.settings, '/zin/mysql/statement', await createStatementPayload(sql, parameters));
+    const out = await requestProxy(state, '/zin/mysql/statement', await createStatementPayload(sql, parameters));
     if (isQueryOneResponse(out))
         return out.row ?? null;
     if (isQueryResponse(out))
@@ -123,7 +122,7 @@ const createAdapter = (state) => {
     const ping = createPing(queryOne);
     const adapter = {
         async connect() {
-            ensureSignedSettings(buildSignedProxyConfig(state.settings));
+            ensureSignedSettings(state.signed);
             state.connected = true;
         },
         async disconnect() {
@@ -134,6 +133,25 @@ const createAdapter = (state) => {
         ping,
         transaction: createTransaction(state, () => adapter),
         rawQuery: createRawQuery(state, query),
+        async ensureMigrationsTable() {
+            requireConnected(state);
+            try {
+                await query(`CREATE TABLE IF NOT EXISTS migrations (
+            id INTEGER PRIMARY KEY AUTO_INCREMENT,
+            name VARCHAR(255) NOT NULL,
+            scope VARCHAR(255) NOT NULL DEFAULT 'global',
+            service VARCHAR(255) NOT NULL DEFAULT '',
+            batch INTEGER NOT NULL,
+            status VARCHAR(255) NOT NULL,
+            applied_at DATETIME NULL,
+            created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            UNIQUE(name, scope, service)
+          )`, []);
+            }
+            catch (error) {
+                throw SqlProxyHttpAdapterShared.createProxyNotReachableCliError('MySQL proxy', state.settings.baseUrl, error);
+            }
+        },
         getType() {
             return AdaptersEnum.mysql;
         },
@@ -149,7 +167,8 @@ const createAdapter = (state) => {
 export const MySQLProxyAdapter = Object.freeze({
     create(_config) {
         const settings = buildProxySettings();
-        const state = { connected: false, settings };
+        const signed = buildSignedProxyConfig(settings);
+        const state = { connected: false, settings, signed };
         Logger.info('[MySQLProxyAdapter] Created with runtime settings', {
             baseUrl: settings.baseUrl,
             timeoutMs: settings.timeoutMs,

package/src/orm/adapters/PostgreSQLProxyAdapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PostgreSQLProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/PostgreSQLProxyAdapter.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAaH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AAiH1F,eAAO,MAAM,sBAAsB;oBACjB,cAAc,GAAG,gBAAgB;EAwFjD,CAAC;AAEH,eAAe,sBAAsB,CAAC"}
+{"version":3,"file":"PostgreSQLProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/PostgreSQLProxyAdapter.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAWH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AA4P1F,eAAO,MAAM,sBAAsB;oBACjB,cAAc,GAAG,gBAAgB;EAMjD,CAAC;AAEH,eAAe,sBAAsB,CAAC"}

package/src/orm/adapters/PostgreSQLProxyAdapter.js

@@ -4,40 +4,36 @@
  *
  * Used in Cloudflare Workers when POSTGRES_PROXY_URL is configured.
  */
-import { Env } from '../../config/env.js';
 import { ErrorFactory } from '../../exceptions/ZintrustError.js';
 import { AdaptersEnum } from '../../migrations/enum/index.js';
-import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
-import { createStatementPayload, resolveSqlProxyMode } from '../adapters/SqlProxyRegistryMode.js';
+import { isRecord, } from '../adapters/SqlProxyAdapterUtils.js';
+import { SqlProxyHttpAdapterShared } from '../adapters/SqlProxyHttpAdapterShared.js';
+import { createStatementPayload } from '../adapters/SqlProxyRegistryMode.js';
 import { QueryBuilder } from '../QueryBuilder.js';
-const resolveBaseUrl = () => {
-    const explicit = Env.POSTGRES_PROXY_URL.trim();
-    if (explicit !== '')
-        return explicit;
-    const host = Env.POSTGRES_PROXY_HOST || '127.0.0.1';
-    const port = Env.POSTGRES_PROXY_PORT;
-    return `http://${host}:${port}`;
-};
 const buildProxySettings = () => {
-    const baseUrl = resolveBaseUrl();
-    const keyId = Env.POSTGRES_PROXY_KEY_ID ?? '';
-    const secret = Env.POSTGRES_PROXY_SECRET ?? '';
-    const timeoutMs = Env.POSTGRES_PROXY_TIMEOUT_MS;
-    return { baseUrl, keyId, secret, timeoutMs };
+    return SqlProxyHttpAdapterShared.buildProxySettingsFromEnv({
+        urlKey: 'POSTGRES_PROXY_URL',
+        hostKey: 'POSTGRES_PROXY_HOST',
+        portKey: 'POSTGRES_PROXY_PORT',
+        defaultHost: '127.0.0.1',
+        defaultPort: 8790,
+        keyIdKey: 'POSTGRES_PROXY_KEY_ID',
+        secretKey: 'POSTGRES_PROXY_SECRET',
+        timeoutKey: 'POSTGRES_PROXY_TIMEOUT_MS',
+        sharedKeyIdKey: 'ZT_PROXY_KEY_ID',
+        sharedSecretKey: 'ZT_PROXY_SECRET',
+        sharedTimeoutKey: 'ZT_PROXY_TIMEOUT_MS',
+    });
+};
+const buildSignedProxyConfig = (settings) => {
+    return SqlProxyHttpAdapterShared.buildStandardSignedProxyConfig({
+        settings,
+        label: 'PostgreSQL',
+        urlKey: 'POSTGRES_PROXY_URL',
+        keyIdKey: 'POSTGRES_PROXY_KEY_ID',
+        secretKey: 'POSTGRES_PROXY_SECRET',
+    });
 };
-const buildSignedProxyConfig = (settings) => ({
-    settings,
-    missingUrlMessage: 'PostgreSQL proxy URL is missing (POSTGRES_PROXY_URL)',
-    missingCredentialsMessage: 'PostgreSQL proxy signing credentials are missing (POSTGRES_PROXY_KEY_ID / POSTGRES_PROXY_SECRET)',
-    messages: {
-        unauthorized: 'PostgreSQL proxy unauthorized',
-        forbidden: 'PostgreSQL proxy forbidden',
-        rateLimited: 'PostgreSQL proxy rate limited',
-        rejected: 'PostgreSQL proxy rejected request',
-        error: 'PostgreSQL proxy error',
-        timedOut: 'PostgreSQL proxy request timed out',
-    },
-});
 const isQueryResponse = (value) => isRecord(value) && Array.isArray(value['rows']) && typeof value['rowCount'] === 'number';
 const isQueryOneResponse = (value) => isRecord(value) && 'row' in value;
 const normalizeLastInsertId = (value) => {
@@ -79,85 +75,112 @@ const toQueryResult = (out) => {
     const meta = getExecMeta(out);
     return { rows: [], rowCount: meta.changes };
 };
-const requestProxy = async (settings, path, payload) => {
-    return requestSignedProxy(buildSignedProxyConfig(settings), path, payload);
-};
 const resolveProxyMode = () => {
-    return resolveSqlProxyMode('POSTGRES_PROXY_MODE');
+    return SqlProxyHttpAdapterShared.resolveProxyModeFromEnv('POSTGRES_PROXY_MODE');
+};
+const requireConnected = (state) => {
+    if (!state.connected)
+        throw ErrorFactory.createConnectionError('Database not connected');
+};
+const createQuery = (state) => async (sql, parameters) => {
+    requireConnected(state);
+    const mode = resolveProxyMode();
+    const out = mode === 'registry'
+        ? await SqlProxyHttpAdapterShared.requestProxy(state.signed, '/zin/postgres/statement', await createStatementPayload(sql, parameters))
+        : await SqlProxyHttpAdapterShared.requestProxy(state.signed, '/zin/postgres/query', {
+            sql,
+            params: parameters,
+        });
+    return toQueryResult(out);
+};
+const createQueryOne = (state) => async (sql, parameters) => {
+    requireConnected(state);
+    const mode = resolveProxyMode();
+    if (mode !== 'registry') {
+        const out = await SqlProxyHttpAdapterShared.requestProxy(state.signed, '/zin/postgres/queryOne', {
+            sql,
+            params: parameters,
+        });
+        return out.row ?? null;
+    }
+    const out = await SqlProxyHttpAdapterShared.requestProxy(state.signed, '/zin/postgres/statement', await createStatementPayload(sql, parameters));
+    if (isQueryOneResponse(out))
+        return out.row ?? null;
+    if (isQueryResponse(out))
+        return out.rows[0] ?? null;
+    return null;
+};
+const createPing = (queryOne) => async () => {
+    await queryOne(QueryBuilder.create('').select('1').toSQL(), []);
+};
+const createTransaction = (state, getAdapter) => async (callback) => {
+    requireConnected(state);
+    try {
+        return await callback(getAdapter());
+    }
+    catch (error) {
+        throw ErrorFactory.createTryCatchError('PostgreSQL proxy transaction failed', error);
+    }
+};
+const createRawQuery = (state, query) => async (sql, parameters = []) => {
+    requireConnected(state);
+    const out = await query(sql, parameters);
+    return out.rows;
+};
+const createEnsureMigrationsTable = (state, query) => async () => {
+    requireConnected(state);
+    try {
+        await query(`CREATE TABLE IF NOT EXISTS migrations (
+            id SERIAL PRIMARY KEY,
+            name VARCHAR(255) NOT NULL,
+            scope VARCHAR(255) NOT NULL DEFAULT 'global',
+            service VARCHAR(255) NOT NULL DEFAULT '',
+            batch INTEGER NOT NULL,
+            status VARCHAR(255) NOT NULL,
+            applied_at TIMESTAMP NULL,
+            created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            UNIQUE(name, scope, service)
+          )`, []);
+    }
+    catch (error) {
+        throw SqlProxyHttpAdapterShared.createProxyNotReachableCliError('PostgreSQL proxy', state.settings.baseUrl, error);
+    }
+};
+const createAdapter = (state) => {
+    const query = createQuery(state);
+    const queryOne = createQueryOne(state);
+    const adapter = {
+        async connect() {
+            SqlProxyHttpAdapterShared.ensureSignedProxyConfig(state.signed);
+            state.connected = true;
+        },
+        async disconnect() {
+            state.connected = false;
+        },
+        query,
+        queryOne,
+        ping: createPing(queryOne),
+        transaction: createTransaction(state, () => adapter),
+        rawQuery: createRawQuery(state, query),
+        ensureMigrationsTable: createEnsureMigrationsTable(state, query),
+        getType() {
+            return AdaptersEnum.postgresql;
+        },
+        isConnected() {
+            return state.connected;
+        },
+        getPlaceholder(index) {
+            return `$${index}`;
+        },
+    };
+    return adapter;
 };
 export const PostgreSQLProxyAdapter = Object.freeze({
     create(_config) {
-        let connected = true;
         const settings = buildProxySettings();
-        return {
-            async connect() {
-                ensureSignedSettings(buildSignedProxyConfig(settings));
-                connected = true;
-            },
-            async disconnect() {
-                connected = true;
-            },
-            async query(sql, parameters) {
-                if (!connected)
-                    throw ErrorFactory.createConnectionError('Database not connected');
-                const mode = resolveProxyMode();
-                const out = mode === 'registry'
-                    ? await requestProxy(settings, '/zin/postgres/statement', await createStatementPayload(sql, parameters))
-                    : await requestProxy(settings, '/zin/postgres/query', {
-                        sql,
-                        params: parameters,
-                    });
-                return toQueryResult(out);
-            },
-            async queryOne(sql, parameters) {
-                if (!connected)
-                    throw ErrorFactory.createConnectionError('Database not connected');
-                const mode = resolveProxyMode();
-                if (mode !== 'registry') {
-                    const out = await requestProxy(settings, '/zin/postgres/queryOne', {
-                        sql,
-                        params: parameters,
-                    });
-                    return out.row ?? null;
-                }
-                const out = await requestProxy(settings, '/zin/postgres/statement', await createStatementPayload(sql, parameters));
-                if (isQueryOneResponse(out))
-                    return out.row ?? null;
-                if (isQueryResponse(out))
-                    return out.rows[0] ?? null;
-                return null;
-            },
-            async ping() {
-                if (!connected)
-                    throw ErrorFactory.createConnectionError('Database not connected');
-                await this.queryOne(QueryBuilder.create('').select('1').toSQL(), []);
-            },
-            async transaction(callback) {
-                if (!connected)
-                    throw ErrorFactory.createConnectionError('Database not connected');
-                try {
-                    return await callback(this);
-                }
-                catch (error) {
-                    throw ErrorFactory.createTryCatchError('PostgreSQL proxy transaction failed', error);
-                }
-            },
-            async rawQuery(sql, parameters = []) {
-                if (!connected)
-                    throw ErrorFactory.createConnectionError('Database not connected');
-                const out = await this.query(sql, parameters);
-                return out.rows;
-            },
-            getType() {
-                return AdaptersEnum.postgresql;
-            },
-            isConnected() {
-                return connected;
-            },
-            getPlaceholder(index) {
-                return `$${index}`;
-            },
-        };
+        const signed = buildSignedProxyConfig(settings);
+        const state = { connected: false, settings, signed };
+        return createAdapter(state);
     },
 });
 export default PostgreSQLProxyAdapter;

package/src/orm/adapters/SqlProxyHttpAdapterShared.d.ts

@@ -0,0 +1,30 @@
+import { type ProxySettings, type SignedProxyConfig } from '../adapters/SqlProxyAdapterUtils';
+export type ProxyMode = 'sql' | 'registry';
+export type ProxySettingsBuildInput = {
+    urlKey: string;
+    hostKey?: string;
+    portKey?: string;
+    defaultHost?: string;
+    defaultPort?: number;
+    keyIdKey: string;
+    secretKey: string;
+    timeoutKey: string;
+    sharedKeyIdKey?: string;
+    sharedSecretKey?: string;
+    sharedTimeoutKey?: string;
+};
+export declare const SqlProxyHttpAdapterShared: Readonly<{
+    buildProxySettingsFromEnv: (input: ProxySettingsBuildInput) => ProxySettings;
+    buildStandardSignedProxyConfig: (input: {
+        settings: ProxySettings;
+        label: string;
+        urlKey: string;
+        keyIdKey: string;
+        secretKey: string;
+    }) => SignedProxyConfig;
+    ensureSignedProxyConfig: (signed: SignedProxyConfig) => void;
+    requestProxy: <T>(signed: SignedProxyConfig, path: string, payload: Record<string, unknown>) => Promise<T>;
+    resolveProxyModeFromEnv: (envKey: string) => ProxyMode;
+    createProxyNotReachableCliError: (label: string, baseUrl: string, error: unknown) => Error;
+}>;
+//# sourceMappingURL=SqlProxyHttpAdapterShared.d.ts.map

package/src/orm/adapters/SqlProxyHttpAdapterShared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlProxyHttpAdapterShared.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/SqlProxyHttpAdapterShared.ts"],"names":[],"mappings":"AAEA,OAAO,EAGL,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACvB,MAAM,oCAAoC,CAAC;AAG5C,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,UAAU,CAAC;AAE3C,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAmFF,eAAO,MAAM,yBAAyB;uCA9DI,uBAAuB,KAAG,aAAa;4CAalC;QAC7C,QAAQ,EAAE,aAAa,CAAC;QACxB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;KACnB,KAAG,iBAAiB;sCAmBoB,iBAAiB,KAAG,IAAI;mBAIrC,CAAC,UACnB,iBAAiB,QACnB,MAAM,WACH,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC/B,OAAO,CAAC,CAAC,CAAC;sCAI4B,MAAM,KAAG,SAAS;6CAIX,MAAM,WAAW,MAAM,SAAS,OAAO,KAAG,KAAK;EAe7F,CAAC"}

package/src/orm/adapters/SqlProxyHttpAdapterShared.js

@@ -0,0 +1,64 @@
+import { Env } from '../../config/env.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { ensureSignedSettings, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
+import { resolveSqlProxyMode } from '../adapters/SqlProxyRegistryMode.js';
+const resolveBaseUrl = (input) => {
+    const explicit = Env.get(input.urlKey, '').trim();
+    if (explicit !== '')
+        return explicit;
+    if (input.hostKey === undefined ||
+        input.portKey === undefined ||
+        input.defaultPort === undefined) {
+        return '';
+    }
+    const defaultHost = input.defaultHost ?? '127.0.0.1';
+    const rawHost = Env.get(input.hostKey, defaultHost);
+    const host = typeof rawHost === 'string' && rawHost.trim() !== '' ? rawHost : defaultHost;
+    const port = Env.getInt(input.portKey, input.defaultPort);
+    return `http://${host}:${port}`;
+};
+const buildProxySettingsFromEnv = (input) => {
+    const baseUrl = resolveBaseUrl(input);
+    const keyId = Env.get(input.keyIdKey, Env.get(input.sharedKeyIdKey ?? 'ZT_PROXY_KEY_ID', ''));
+    const secret = Env.get(input.secretKey, Env.get(input.sharedSecretKey ?? 'ZT_PROXY_SECRET', ''));
+    const timeoutMs = Env.getInt(input.timeoutKey, Env.getInt(input.sharedTimeoutKey ?? 'ZT_PROXY_TIMEOUT_MS', 30000));
+    return { baseUrl, keyId, secret, timeoutMs };
+};
+const buildStandardSignedProxyConfig = (input) => {
+    const { settings, label } = input;
+    const prefix = `${label} proxy`;
+    return {
+        settings,
+        missingUrlMessage: `${label} proxy URL is missing (${input.urlKey})`,
+        missingCredentialsMessage: `${label} proxy signing credentials are missing (${input.keyIdKey} / ${input.secretKey})`,
+        messages: {
+            unauthorized: `${prefix} unauthorized`,
+            forbidden: `${prefix} forbidden`,
+            rateLimited: `${prefix} rate limited`,
+            rejected: `${prefix} rejected request`,
+            error: `${prefix} error`,
+            timedOut: `${prefix} request timed out`,
+        },
+    };
+};
+const ensureSignedProxyConfig = (signed) => {
+    ensureSignedSettings(signed);
+};
+const requestProxy = async (signed, path, payload) => {
+    return requestSignedProxy(signed, path, payload);
+};
+const resolveProxyModeFromEnv = (envKey) => {
+    return resolveSqlProxyMode(envKey);
+};
+const createProxyNotReachableCliError = (label, baseUrl, error) => {
+    const msg = error instanceof Error ? error.message : String(error);
+    return ErrorFactory.createCliError(`${label} is enabled but the proxy server is not reachable at ${baseUrl}. Start the proxy stack (e.g. \`zin cp up\` or \`docker compose -f docker-compose.proxy.yml up -d\`) and re-run \`zin migrate\`.`, { error: msg, baseUrl });
+};
+export const SqlProxyHttpAdapterShared = Object.freeze({
+    buildProxySettingsFromEnv,
+    buildStandardSignedProxyConfig,
+    ensureSignedProxyConfig,
+    requestProxy,
+    resolveProxyModeFromEnv,
+    createProxyNotReachableCliError,
+});

package/src/orm/adapters/SqlServerProxyAdapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SqlServerProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/SqlServerProxyAdapter.ts"],"names":[],"mappings":"AACA;;GAEG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AAwO1E,wBAAgB,2BAA2B,IAAI,gBAAgB,CAI9D"}
+{"version":3,"file":"SqlServerProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/SqlServerProxyAdapter.ts"],"names":[],"mappings":"AACA;;GAEG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AA2P1E,wBAAgB,2BAA2B,IAAI,gBAAgB,CAK9D"}

package/src/orm/adapters/SqlServerProxyAdapter.js

@@ -2,46 +2,40 @@
 /**
  * SQL Server Proxy Adapter (HTTP)
  */
-import { Env } from '../../config/env.js';
 import { ErrorFactory } from '../../exceptions/ZintrustError.js';
 import { AdaptersEnum } from '../../migrations/enum/index.js';
 import { QueryBuilder } from '../QueryBuilder.js';
-import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
-import { createStatementPayload, getExecMetaWithLastRowId, resolveSqlProxyMode, } from '../adapters/SqlProxyRegistryMode.js';
+import { ensureSignedSettings, isRecord, } from '../adapters/SqlProxyAdapterUtils.js';
+import { SqlProxyHttpAdapterShared } from '../adapters/SqlProxyHttpAdapterShared.js';
+import { createStatementPayload, getExecMetaWithLastRowId, } from '../adapters/SqlProxyRegistryMode.js';
 const resolveProxyMode = () => {
-    return resolveSqlProxyMode('SQLSERVER_PROXY_MODE');
-};
-const resolveBaseUrl = () => {
-    const explicit = Env.get('SQLSERVER_PROXY_URL', '').trim();
-    if (explicit !== '')
-        return explicit;
-    const host = Env.get('SQLSERVER_PROXY_HOST', '127.0.0.1');
-    const port = Env.getInt('SQLSERVER_PROXY_PORT', 8793);
-    return `http://${host}:${port}`;
+    return SqlProxyHttpAdapterShared.resolveProxyModeFromEnv('SQLSERVER_PROXY_MODE');
 };
 const buildProxySettings = () => {
-    const baseUrl = resolveBaseUrl();
-    const keyId = Env.get('SQLSERVER_PROXY_KEY_ID', '');
-    const secret = Env.get('SQLSERVER_PROXY_SECRET', '');
-    const timeoutMs = Env.getInt('SQLSERVER_PROXY_TIMEOUT_MS', Env.ZT_PROXY_TIMEOUT_MS ?? 30000);
-    return { baseUrl, keyId, secret, timeoutMs };
+    return SqlProxyHttpAdapterShared.buildProxySettingsFromEnv({
+        urlKey: 'SQLSERVER_PROXY_URL',
+        hostKey: 'SQLSERVER_PROXY_HOST',
+        portKey: 'SQLSERVER_PROXY_PORT',
+        defaultHost: '127.0.0.1',
+        defaultPort: 8793,
+        keyIdKey: 'SQLSERVER_PROXY_KEY_ID',
+        secretKey: 'SQLSERVER_PROXY_SECRET',
+        timeoutKey: 'SQLSERVER_PROXY_TIMEOUT_MS',
+        sharedTimeoutKey: 'ZT_PROXY_TIMEOUT_MS',
+    });
+};
+const buildSignedProxyConfig = (settings) => {
+    return SqlProxyHttpAdapterShared.buildStandardSignedProxyConfig({
+        settings,
+        label: 'SQL Server',
+        urlKey: 'SQLSERVER_PROXY_URL',
+        keyIdKey: 'SQLSERVER_PROXY_KEY_ID',
+        secretKey: 'SQLSERVER_PROXY_SECRET',
+    });
 };
-const buildSignedProxyConfig = (settings) => ({
-    settings,
-    missingUrlMessage: 'SQL Server proxy URL is missing (SQLSERVER_PROXY_URL)',
-    missingCredentialsMessage: 'SQL Server proxy signing credentials are missing (SQLSERVER_PROXY_KEY_ID / SQLSERVER_PROXY_SECRET)',
-    messages: {
-        unauthorized: 'SQL Server proxy unauthorized',
-        forbidden: 'SQL Server proxy forbidden',
-        rateLimited: 'SQL Server proxy rate limited',
-        rejected: 'SQL Server proxy rejected request',
-        error: 'SQL Server proxy error',
-        timedOut: 'SQL Server proxy request timed out',
-    },
-});
 const isQueryResponse = (value) => isRecord(value) && Array.isArray(value['rows']) && typeof value['rowCount'] === 'number';
 const isQueryOneResponse = (value) => isRecord(value) && 'row' in value;
-const requestProxy = async (settings, path, payload) => requestSignedProxy(buildSignedProxyConfig(settings), path, payload);
+const requestProxy = async (signed, path, payload) => SqlProxyHttpAdapterShared.requestProxy(signed, path, payload);
 const requireConnected = (state) => {
     if (!state.connected)
         throw ErrorFactory.createConnectionError('Database not connected');
@@ -61,8 +55,8 @@ const createQuery = (state) => async (sql, parameters) => {
     requireConnected(state);
     const mode = resolveProxyMode();
     const out = mode === 'registry'
-        ? await requestProxy(state.settings, '/zin/sqlserver/statement', await createStatementPayload(sql, parameters))
-        : await requestProxy(state.settings, '/zin/sqlserver/query', {
+        ? await requestProxy(state.signed, '/zin/sqlserver/statement', await createStatementPayload(sql, parameters))
+        : await requestProxy(state.signed, '/zin/sqlserver/query', {
             sql,
             params: parameters,
         });
@@ -72,13 +66,13 @@ const createQueryOne = (state) => async (sql, parameters) => {
     requireConnected(state);
     const mode = resolveProxyMode();
     if (mode !== 'registry') {
-        const out = await requestProxy(state.settings, '/zin/sqlserver/queryOne', {
+        const out = await requestProxy(state.signed, '/zin/sqlserver/queryOne', {
             sql,
             params: parameters,
         });
         return out.row ?? null;
     }
-    const out = await requestProxy(state.settings, '/zin/sqlserver/statement', await createStatementPayload(sql, parameters));
+    const out = await requestProxy(state.signed, '/zin/sqlserver/statement', await createStatementPayload(sql, parameters));
     if (isQueryOneResponse(out))
         return out.row ?? null;
     if (isQueryResponse(out))
@@ -123,7 +117,7 @@ const createAdapter = (state) => {
     const queryOne = createQueryOne(state);
     const adapter = {
         async connect() {
-            ensureSignedSettings(buildSignedProxyConfig(state.settings));
+            ensureSignedSettings(state.signed);
             state.connected = true;
         },
         async disconnect() {
@@ -135,6 +129,28 @@ const createAdapter = (state) => {
         ping: createPing(query),
         transaction: createTransaction(state, () => adapter),
         rawQuery: createRawQuery(query),
+        async ensureMigrationsTable() {
+            requireConnected(state);
+            try {
+                await query(`IF OBJECT_ID(N'migrations', N'U') IS NULL
+BEGIN
+  CREATE TABLE migrations (
+    id INT IDENTITY(1,1) PRIMARY KEY,
+    name NVARCHAR(255) NOT NULL,
+    scope NVARCHAR(255) NOT NULL DEFAULT 'global',
+    service NVARCHAR(255) NOT NULL DEFAULT '',
+    batch INT NOT NULL,
+    status NVARCHAR(255) NOT NULL,
+    applied_at DATETIME2 NULL,
+    created_at DATETIME2 NOT NULL DEFAULT SYSUTCDATETIME(),
+    CONSTRAINT UQ_migrations_name_scope_service UNIQUE (name, scope, service)
+  );
+END`, []);
+            }
+            catch (error) {
+                throw SqlProxyHttpAdapterShared.createProxyNotReachableCliError('SQL Server proxy', state.settings.baseUrl, error);
+            }
+        },
         getType() {
             return AdaptersEnum.sqlserver;
         },
@@ -149,6 +165,7 @@ const createAdapter = (state) => {
 };
 export function createSqlServerProxyAdapter() {
     const settings = buildProxySettings();
-    const state = { connected: false, inTransaction: false, settings };
+    const signed = buildSignedProxyConfig(settings);
+    const state = { connected: false, inTransaction: false, settings, signed };
     return createAdapter(state);
 }