agentlink-sh 0.26.1 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-7NV5CYOF.js → chunk-DFDS5V5Z.js} +46 -40
- package/dist/{chunk-DM6KG5YU.js → chunk-ILLYV7U7.js} +9 -1
- package/dist/{chunk-4CW46BPC.js → chunk-K5XVJEHP.js} +16 -3
- package/dist/{cloud-ZXVJMV5Q.js → cloud-L4LRFCKV.js} +4 -2
- package/dist/{constants-PWT7TUWD.js → constants-TCRAHGH6.js} +3 -1
- package/dist/{db-DNK3TD5Y.js → db-7M37DHEA.js} +3 -3
- package/dist/index.js +4020 -644
- package/dist/{oauth-JGWRORJM.js → oauth-2QHJGBWP.js} +1 -1
- package/package.json +1 -1
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
loadProjectCredential,
|
|
6
6
|
resolvePoolerDbUrl,
|
|
7
7
|
saveProjectCredential
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-K5XVJEHP.js";
|
|
9
9
|
import {
|
|
10
10
|
ensureGitignorePattern,
|
|
11
11
|
runCommand
|
|
@@ -20,7 +20,7 @@ import {
|
|
|
20
20
|
import {
|
|
21
21
|
pgd,
|
|
22
22
|
sb
|
|
23
|
-
} from "./chunk-
|
|
23
|
+
} from "./chunk-ILLYV7U7.js";
|
|
24
24
|
|
|
25
25
|
// src/db.ts
|
|
26
26
|
import fs3 from "fs";
|
|
@@ -212,7 +212,7 @@ import fs2 from "fs";
|
|
|
212
212
|
import path2 from "path";
|
|
213
213
|
|
|
214
214
|
// src/sql/check_setup.sql
|
|
215
|
-
var check_setup_default = "SELECT jsonb_build_object(\n 'extensions', jsonb_build_object(\n 'pg_net', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net'),\n 'pg_cron', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron'),\n 'vault', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault'),\n 'pgmq', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq'),\n -- pg_graphql must be dropped to enforce schema isolation (reported true when absent)\n 'pg_graphql_dropped', NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_graphql')\n ),\n 'queues', jsonb_build_object(\n 'agentlink_tasks', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n )\n ),\n 'tables', jsonb_build_object(\n 'profiles', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'profiles'\n ),\n 'tenants', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'tenants'\n ),\n 'memberships', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'memberships'\n ),\n 'invitations', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'invitations'\n )\n ),\n 'functions', jsonb_build_object(\n '_internal_admin_get_secret',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_get_secret'\n ),\n '_internal_admin_call_edge_function',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_call_edge_function'\n ),\n 'api._admin_enqueue_task',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_enqueue_task'\n ),\n 'api._admin_queue_read',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_read'\n ),\n 'api._admin_queue_delete',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_delete'\n ),\n 'api._admin_queue_archive',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_archive'\n ),\n 'set_updated_at',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = 'set_updated_at'\n ),\n '_internal_admin_handle_new_user',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_handle_new_user'\n ),\n 'api.profile_get',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'profile_get'\n ),\n 'api.profile_update',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'profile_update'\n ),\n '_hook_before_user_created',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_hook_before_user_created'\n ),\n '_hook_send_email',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_hook_send_email'\n ),\n '_auth_tenant_id',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_tenant_id'\n ),\n '_auth_tenant_role',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_tenant_role'\n ),\n '_auth_has_role',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_has_role'\n ),\n '_auth_is_tenant_member',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_is_tenant_member'\n ),\n 'api.tenant_select',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_select'\n ),\n 'api.tenant_list',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_list'\n ),\n 'api.tenant_create',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_create'\n ),\n 'api.invitation_create',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'invitation_create'\n ),\n 'api.invitation_accept',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'invitation_accept'\n ),\n 'api.membership_list',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'membership_list'\n )\n ),\n 'triggers', jsonb_build_object(\n 'trg_profiles_updated_at',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n ),\n 'trg_auth_users_new_user',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n ),\n 'trg_tenants_updated_at',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n )\n ),\n 'secrets', jsonb_build_object(\n 'SUPABASE_URL',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL'),\n 'SUPABASE_PUBLISHABLE_KEY',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_PUBLISHABLE_KEY'),\n 'SUPABASE_SECRET_KEY',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_SECRET_KEY')\n ),\n 'api_schema', EXISTS (\n SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api'\n ),\n 'api_schema_anon_usage',\n has_schema_privilege('anon', 'api', 'USAGE'),\n 'ready', (\n EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq')\n AND NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_graphql')\n AND EXISTS (SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api')\n AND has_schema_privilege('anon', 'api', 'USAGE')\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_get_secret'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_call_edge_function'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_enqueue_task'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_read'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_delete'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_archive'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'profiles'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'tenants'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'memberships'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'invitations'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = 'set_updated_at'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_handle_new_user'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'profile_get'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'profile_update'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_hook_before_user_created'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_hook_send_email'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_id'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_role'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_has_role'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_is_tenant_member'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_select'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_list'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_create'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'invitation_create'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'invitation_accept'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'membership_list'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n )\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL')\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_PUBLISHABLE_KEY')\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_SECRET_KEY')\n )\n) AS setup_status;\n";
|
|
215
|
+
var check_setup_default = "SELECT jsonb_build_object(\n 'extensions', jsonb_build_object(\n 'pg_net', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net'),\n 'pg_cron', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron'),\n 'vault', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault'),\n 'pgmq', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq'),\n -- pg_graphql must be dropped to enforce schema isolation (reported true when absent)\n 'pg_graphql_dropped', NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_graphql')\n ),\n 'queues', jsonb_build_object(\n 'agentlink_tasks', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n )\n ),\n 'tables', jsonb_build_object(\n 'profiles', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'profiles'\n ),\n 'tenants', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'tenants'\n ),\n 'memberships', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'memberships'\n ),\n 'invitations', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'invitations'\n ),\n 'roles', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'roles'\n ),\n 'permissions', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'permissions'\n ),\n 'role_permissions', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'role_permissions'\n ),\n 'session_tenants', EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'session_tenants'\n )\n ),\n 'functions', jsonb_build_object(\n '_internal_admin_get_secret',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_get_secret'\n ),\n '_internal_admin_call_edge_function',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_call_edge_function'\n ),\n 'api._admin_enqueue_task',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_enqueue_task'\n ),\n 'api._admin_queue_read',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_read'\n ),\n 'api._admin_queue_delete',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_delete'\n ),\n 'api._admin_queue_archive',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = '_admin_queue_archive'\n ),\n 'set_updated_at',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = 'set_updated_at'\n ),\n '_internal_admin_handle_new_user',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_internal_admin_handle_new_user'\n ),\n 'api.profile_get',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'profile_get'\n ),\n 'api.profile_update',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'profile_update'\n ),\n '_hook_before_user_created',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_hook_before_user_created'\n ),\n '_hook_custom_access_token',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_hook_custom_access_token'\n ),\n '_hook_send_email',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_hook_send_email'\n ),\n '_auth_tenant_id',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_tenant_id'\n ),\n '_auth_tenant_role',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_tenant_role'\n ),\n '_auth_has_role',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_has_role'\n ),\n '_auth_has_permission',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_has_permission'\n ),\n '_auth_is_tenant_member',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public'\n AND routine_name = '_auth_is_tenant_member'\n ),\n 'api.tenant_select',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_select'\n ),\n 'api.tenant_list',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_list'\n ),\n 'api.tenant_create',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'tenant_create'\n ),\n 'api.invitation_create',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'invitation_create'\n ),\n 'api.invitation_accept',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'invitation_accept'\n ),\n 'api.membership_list',\n EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api'\n AND routine_name = 'membership_list'\n )\n ),\n 'triggers', jsonb_build_object(\n 'trg_profiles_updated_at',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n ),\n 'trg_auth_users_new_user',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n ),\n 'trg_tenants_updated_at',\n EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n )\n ),\n 'secrets', jsonb_build_object(\n 'SUPABASE_URL',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL'),\n 'SUPABASE_PUBLISHABLE_KEY',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_PUBLISHABLE_KEY'),\n 'SUPABASE_SECRET_KEY',\n EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_SECRET_KEY')\n ),\n 'api_schema', EXISTS (\n SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api'\n ),\n 'api_schema_anon_usage',\n has_schema_privilege('anon', 'api', 'USAGE'),\n 'ready', (\n EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault')\n AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq')\n AND NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_graphql')\n AND EXISTS (SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api')\n AND has_schema_privilege('anon', 'api', 'USAGE')\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_get_secret'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_call_edge_function'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_enqueue_task'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_read'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_delete'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = '_admin_queue_archive'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'profiles'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'tenants'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'memberships'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'invitations'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'roles'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'permissions'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'role_permissions'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.tables\n WHERE table_schema = 'public' AND table_name = 'session_tenants'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = 'set_updated_at'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_internal_admin_handle_new_user'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'profile_get'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'profile_update'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_hook_before_user_created'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_hook_custom_access_token'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_hook_send_email'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_id'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_role'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_has_role'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_has_permission'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'public' AND routine_name = '_auth_is_tenant_member'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_select'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_list'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'tenant_create'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'invitation_create'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'invitation_accept'\n )\n AND EXISTS (\n SELECT 1 FROM information_schema.routines\n WHERE routine_schema = 'api' AND routine_name = 'membership_list'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n )\n AND EXISTS (\n SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n )\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL')\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_PUBLISHABLE_KEY')\n AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_SECRET_KEY')\n )\n) AS setup_status;\n";
|
|
216
216
|
|
|
217
217
|
// src/sql.ts
|
|
218
218
|
function upsertSecret(value, name) {
|
|
@@ -295,39 +295,6 @@ function runSQL(sql, dbUrl) {
|
|
|
295
295
|
child.stdin.end();
|
|
296
296
|
});
|
|
297
297
|
}
|
|
298
|
-
function writeMigrationTemplates(projectDir, templates, baseTimestamp, options) {
|
|
299
|
-
const dryRun = options?.dryRun ?? false;
|
|
300
|
-
const migrationsDir = path2.join(projectDir, "supabase", "migrations");
|
|
301
|
-
if (!dryRun) fs2.mkdirSync(migrationsDir, { recursive: true });
|
|
302
|
-
const createdVersions = [];
|
|
303
|
-
const createdFilenames = [];
|
|
304
|
-
const base = baseTimestamp ?? /* @__PURE__ */ new Date();
|
|
305
|
-
let offsetSeconds = 0;
|
|
306
|
-
const existingFiles = fs2.existsSync(migrationsDir) ? fs2.readdirSync(migrationsDir) : [];
|
|
307
|
-
for (const [name, content] of Object.entries(templates)) {
|
|
308
|
-
const existing = existingFiles.find((f) => f.endsWith(`_agentlink_${name}.sql`));
|
|
309
|
-
if (existing) continue;
|
|
310
|
-
const ts = new Date(base.getTime() + offsetSeconds * 1e3);
|
|
311
|
-
const version = ts.toISOString().replace(/\D/g, "").slice(0, 14);
|
|
312
|
-
const filename = `${version}_agentlink_${name}.sql`;
|
|
313
|
-
if (!dryRun) fs2.writeFileSync(path2.join(migrationsDir, filename), content);
|
|
314
|
-
createdVersions.push(version);
|
|
315
|
-
createdFilenames.push(filename);
|
|
316
|
-
offsetSeconds++;
|
|
317
|
-
}
|
|
318
|
-
return { createdVersions, createdFilenames };
|
|
319
|
-
}
|
|
320
|
-
async function repairMigrations(projectDir, versions, local = true, env) {
|
|
321
|
-
const localFlag = local ? " --local" : "";
|
|
322
|
-
for (const version of versions) {
|
|
323
|
-
await runCommand(
|
|
324
|
-
`${sb()} migration repair ${version} --status applied${localFlag}`,
|
|
325
|
-
projectDir,
|
|
326
|
-
void 0,
|
|
327
|
-
env
|
|
328
|
-
);
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
298
|
function updateConfigToml(projectDir, options) {
|
|
332
299
|
const dryRun = options?.dryRun ?? false;
|
|
333
300
|
const configPath = path2.join(projectDir, "supabase", "config.toml");
|
|
@@ -372,6 +339,7 @@ sql_paths = [${seedPath}]
|
|
|
372
339
|
}
|
|
373
340
|
patches.push(...updateConfigTomlSendEmailHook(projectDir, { dryRun }));
|
|
374
341
|
patches.push(...updateConfigTomlBeforeUserCreatedHook(projectDir, { dryRun }));
|
|
342
|
+
patches.push(...updateConfigTomlCustomAccessTokenHook(projectDir, { dryRun }));
|
|
375
343
|
patches.push(...updateConfigTomlAuthEmailConfirmations(projectDir, { dryRun }));
|
|
376
344
|
patches.push(...renameInternalEdgeFunctionSections(projectDir, { dryRun }));
|
|
377
345
|
return patches;
|
|
@@ -450,7 +418,19 @@ sql_paths = ["./seed.sql", "./seeds/local-secrets.seed.sql"]
|
|
|
450
418
|
[auth]
|
|
451
419
|
enabled = true
|
|
452
420
|
site_url = "http://127.0.0.1:3000"
|
|
453
|
-
|
|
421
|
+
# Wildcards cover the full canonical auth flow:
|
|
422
|
+
# /auth/confirm \u2014 single PKCE callback for signup, magiclink, recovery, email_change
|
|
423
|
+
# /auth/update-password \u2014 recovery destination after confirm exchange
|
|
424
|
+
# /accept-invite \u2014 workspace invitation acceptance
|
|
425
|
+
# /auth/check-inbox \u2014 pending state (no PKCE redirect ever lands here, but allowing
|
|
426
|
+
# the prefix prevents accidental denies during dev)
|
|
427
|
+
additional_redirect_urls = [
|
|
428
|
+
"http://127.0.0.1:3000/**",
|
|
429
|
+
"http://localhost:3000/**",
|
|
430
|
+
"http://127.0.0.1:5173/**",
|
|
431
|
+
"http://localhost:5173/**",
|
|
432
|
+
"https://127.0.0.1:3000/**",
|
|
433
|
+
]
|
|
454
434
|
jwt_expiry = 3600
|
|
455
435
|
enable_refresh_token_rotation = true
|
|
456
436
|
refresh_token_reuse_interval = 10
|
|
@@ -479,6 +459,10 @@ uri = "pg-functions://postgres/public/_hook_send_email"
|
|
|
479
459
|
enabled = true
|
|
480
460
|
uri = "pg-functions://postgres/public/_hook_before_user_created"
|
|
481
461
|
|
|
462
|
+
[auth.hook.custom_access_token]
|
|
463
|
+
enabled = true
|
|
464
|
+
uri = "pg-functions://postgres/public/_hook_custom_access_token"
|
|
465
|
+
|
|
482
466
|
[functions.internal-queue-worker]
|
|
483
467
|
enabled = true
|
|
484
468
|
verify_jwt = false
|
|
@@ -529,6 +513,22 @@ uri = "pg-functions://postgres/public/_hook_before_user_created"
|
|
|
529
513
|
}
|
|
530
514
|
return [];
|
|
531
515
|
}
|
|
516
|
+
function updateConfigTomlCustomAccessTokenHook(projectDir, options) {
|
|
517
|
+
const dryRun = options?.dryRun ?? false;
|
|
518
|
+
const configPath = path2.join(projectDir, "supabase", "config.toml");
|
|
519
|
+
let content = fs2.readFileSync(configPath, "utf-8");
|
|
520
|
+
if (!content.includes("[auth.hook.custom_access_token]")) {
|
|
521
|
+
content = content.trimEnd() + `
|
|
522
|
+
|
|
523
|
+
[auth.hook.custom_access_token]
|
|
524
|
+
enabled = true
|
|
525
|
+
uri = "pg-functions://postgres/public/_hook_custom_access_token"
|
|
526
|
+
`;
|
|
527
|
+
if (!dryRun) fs2.writeFileSync(configPath, content);
|
|
528
|
+
return ["auth.hook.custom_access_token: add section"];
|
|
529
|
+
}
|
|
530
|
+
return [];
|
|
531
|
+
}
|
|
532
532
|
function updateConfigTomlAuthEmailConfirmations(projectDir, options) {
|
|
533
533
|
const dryRun = options?.dryRun ?? false;
|
|
534
534
|
const configPath = path2.join(projectDir, "supabase", "config.toml");
|
|
@@ -788,11 +788,19 @@ async function dbApply(options) {
|
|
|
788
788
|
}
|
|
789
789
|
const dbUrl = await resolveDbUrl(options.cwd, options.dbUrl);
|
|
790
790
|
if (!options.quiet) console.log("Applying schemas...");
|
|
791
|
-
await runCommand(
|
|
791
|
+
const applyOutput = await runCommand(
|
|
792
792
|
`${pgd()} declarative apply --path ./supabase/schemas/ --target ${JSON.stringify(dbUrl)}`,
|
|
793
793
|
options.cwd,
|
|
794
794
|
options.quiet ? void 0 : (line) => console.log(line)
|
|
795
795
|
);
|
|
796
|
+
if (/^Stuck after \d+ round/m.test(applyOutput)) {
|
|
797
|
+
if (options.quiet) {
|
|
798
|
+
console.error(applyOutput);
|
|
799
|
+
}
|
|
800
|
+
throw new Error(
|
|
801
|
+
"pg-delta declarative apply did not complete cleanly \u2014 some statements failed and the database state is inconsistent with supabase/schemas/. Fix the errors listed above (typically duplicate definitions or unresolved references) and re-run."
|
|
802
|
+
);
|
|
803
|
+
}
|
|
796
804
|
if (!options.skipTypes) {
|
|
797
805
|
if (!options.quiet) console.log("\nGenerating types...");
|
|
798
806
|
try {
|
|
@@ -1038,8 +1046,6 @@ export {
|
|
|
1038
1046
|
cloudSeedSQL,
|
|
1039
1047
|
parseSupabaseStatus,
|
|
1040
1048
|
runSQL,
|
|
1041
|
-
writeMigrationTemplates,
|
|
1042
|
-
repairMigrations,
|
|
1043
1049
|
updateConfigToml,
|
|
1044
1050
|
migrateRenamedEdgeFunctionDirs,
|
|
1045
1051
|
writeConfigToml,
|
|
@@ -53,6 +53,8 @@ var AUTH_CONFIG = {
|
|
|
53
53
|
hook_send_email_uri: "pg-functions://postgres/public/_hook_send_email",
|
|
54
54
|
hook_before_user_created_enabled: true,
|
|
55
55
|
hook_before_user_created_uri: "pg-functions://postgres/public/_hook_before_user_created",
|
|
56
|
+
hook_custom_access_token_enabled: true,
|
|
57
|
+
hook_custom_access_token_uri: "pg-functions://postgres/public/_hook_custom_access_token",
|
|
56
58
|
external_email_enabled: true,
|
|
57
59
|
enable_signup: true,
|
|
58
60
|
jwt_exp: 3600,
|
|
@@ -65,6 +67,11 @@ var AUTH_CONFIG = {
|
|
|
65
67
|
var AUTH_CONFIG_DEV_OVERRIDES = {
|
|
66
68
|
mailer_autoconfirm: true
|
|
67
69
|
};
|
|
70
|
+
var RESEND_SMTP = {
|
|
71
|
+
host: "smtp.resend.com",
|
|
72
|
+
port: "465",
|
|
73
|
+
user: "resend"
|
|
74
|
+
};
|
|
68
75
|
|
|
69
76
|
export {
|
|
70
77
|
SUPPORTED_SUPABASE_CLI,
|
|
@@ -77,5 +84,6 @@ export {
|
|
|
77
84
|
pgd,
|
|
78
85
|
POSTGREST_CONFIG,
|
|
79
86
|
AUTH_CONFIG,
|
|
80
|
-
AUTH_CONFIG_DEV_OVERRIDES
|
|
87
|
+
AUTH_CONFIG_DEV_OVERRIDES,
|
|
88
|
+
RESEND_SMTP
|
|
81
89
|
};
|
|
@@ -13,7 +13,7 @@ import {
|
|
|
13
13
|
} from "./chunk-MHI6VJ75.js";
|
|
14
14
|
import {
|
|
15
15
|
sb
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-ILLYV7U7.js";
|
|
17
17
|
|
|
18
18
|
// src/cloud.ts
|
|
19
19
|
import fs from "fs";
|
|
@@ -77,7 +77,7 @@ async function refreshIfNeeded(entry) {
|
|
|
77
77
|
}
|
|
78
78
|
if (!entry.refresh_token) return null;
|
|
79
79
|
try {
|
|
80
|
-
const { refreshOAuthToken } = await import("./oauth-
|
|
80
|
+
const { refreshOAuthToken } = await import("./oauth-2QHJGBWP.js");
|
|
81
81
|
const tokens = await refreshOAuthToken(entry.refresh_token);
|
|
82
82
|
return {
|
|
83
83
|
...entry,
|
|
@@ -313,7 +313,7 @@ async function ensureAccessToken(opts = {}) {
|
|
|
313
313
|
]
|
|
314
314
|
});
|
|
315
315
|
if (method === "oauth") {
|
|
316
|
-
const { oauthLogin } = await import("./oauth-
|
|
316
|
+
const { oauthLogin } = await import("./oauth-2QHJGBWP.js");
|
|
317
317
|
const tokens = await oauthLogin({ organizationSlug: orgSlug });
|
|
318
318
|
process.env.SUPABASE_ACCESS_TOKEN = tokens.access_token;
|
|
319
319
|
let derivedOrg;
|
|
@@ -586,6 +586,18 @@ async function updateAuthConfig(projectRef, config) {
|
|
|
586
586
|
throw new Error(`Failed to update auth config (${res.status}): ${body}`);
|
|
587
587
|
}
|
|
588
588
|
}
|
|
589
|
+
async function getAuthConfig(projectRef) {
|
|
590
|
+
try {
|
|
591
|
+
const res = await authenticatedFetch(
|
|
592
|
+
`https://api.supabase.com/v1/projects/${projectRef}/config/auth`,
|
|
593
|
+
{ method: "GET" }
|
|
594
|
+
);
|
|
595
|
+
if (!res.ok) return null;
|
|
596
|
+
return await res.json();
|
|
597
|
+
} catch {
|
|
598
|
+
return null;
|
|
599
|
+
}
|
|
600
|
+
}
|
|
589
601
|
async function waitForProjectReady(ref, spinner, timeoutMs = 3e5) {
|
|
590
602
|
const start = Date.now();
|
|
591
603
|
while (Date.now() - start < timeoutMs) {
|
|
@@ -771,6 +783,7 @@ export {
|
|
|
771
783
|
runCloudSQL,
|
|
772
784
|
updatePostgrestConfig,
|
|
773
785
|
updateAuthConfig,
|
|
786
|
+
getAuthConfig,
|
|
774
787
|
waitForProjectReady,
|
|
775
788
|
waitForDatabaseReady,
|
|
776
789
|
fetchPoolerUrl,
|
|
@@ -9,6 +9,7 @@ import {
|
|
|
9
9
|
ensureAccessToken,
|
|
10
10
|
fetchPoolerUrl,
|
|
11
11
|
getApiKeys,
|
|
12
|
+
getAuthConfig,
|
|
12
13
|
getProject,
|
|
13
14
|
getProjectOrg,
|
|
14
15
|
listOrganizations,
|
|
@@ -35,10 +36,10 @@ import {
|
|
|
35
36
|
updatePostgrestConfig,
|
|
36
37
|
waitForDatabaseReady,
|
|
37
38
|
waitForProjectReady
|
|
38
|
-
} from "./chunk-
|
|
39
|
+
} from "./chunk-K5XVJEHP.js";
|
|
39
40
|
import "./chunk-IV5ZSOKF.js";
|
|
40
41
|
import "./chunk-MHI6VJ75.js";
|
|
41
|
-
import "./chunk-
|
|
42
|
+
import "./chunk-ILLYV7U7.js";
|
|
42
43
|
export {
|
|
43
44
|
authenticatedFetch,
|
|
44
45
|
clearOrgCredential,
|
|
@@ -49,6 +50,7 @@ export {
|
|
|
49
50
|
ensureAccessToken,
|
|
50
51
|
fetchPoolerUrl,
|
|
51
52
|
getApiKeys,
|
|
53
|
+
getAuthConfig,
|
|
52
54
|
getProject,
|
|
53
55
|
getProjectOrg,
|
|
54
56
|
listOrganizations,
|
|
@@ -5,19 +5,21 @@ import {
|
|
|
5
5
|
OAUTH_CLIENT_ID,
|
|
6
6
|
OAUTH_CLIENT_SECRET,
|
|
7
7
|
POSTGREST_CONFIG,
|
|
8
|
+
RESEND_SMTP,
|
|
8
9
|
SUPPORTED_PGDELTA,
|
|
9
10
|
SUPPORTED_SUPABASE_CLI,
|
|
10
11
|
pgd,
|
|
11
12
|
pgdeltaBin,
|
|
12
13
|
sb,
|
|
13
14
|
supabaseBin
|
|
14
|
-
} from "./chunk-
|
|
15
|
+
} from "./chunk-ILLYV7U7.js";
|
|
15
16
|
export {
|
|
16
17
|
AUTH_CONFIG,
|
|
17
18
|
AUTH_CONFIG_DEV_OVERRIDES,
|
|
18
19
|
OAUTH_CLIENT_ID,
|
|
19
20
|
OAUTH_CLIENT_SECRET,
|
|
20
21
|
POSTGREST_CONFIG,
|
|
22
|
+
RESEND_SMTP,
|
|
21
23
|
SUPPORTED_PGDELTA,
|
|
22
24
|
SUPPORTED_SUPABASE_CLI,
|
|
23
25
|
pgd,
|
|
@@ -11,11 +11,11 @@ import {
|
|
|
11
11
|
readEnvValue,
|
|
12
12
|
resolveDbMode,
|
|
13
13
|
resolveDbUrl
|
|
14
|
-
} from "./chunk-
|
|
15
|
-
import "./chunk-
|
|
14
|
+
} from "./chunk-DFDS5V5Z.js";
|
|
15
|
+
import "./chunk-K5XVJEHP.js";
|
|
16
16
|
import "./chunk-IV5ZSOKF.js";
|
|
17
17
|
import "./chunk-MHI6VJ75.js";
|
|
18
|
-
import "./chunk-
|
|
18
|
+
import "./chunk-ILLYV7U7.js";
|
|
19
19
|
export {
|
|
20
20
|
dbApply,
|
|
21
21
|
dbBackup,
|