palaryn 0.1.0

package/dist/src/storage/postgres.js

@@ -0,0 +1,1555 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PostgresPolicyStore = exports.PostgresBudgetConfigStore = exports.PostgresRateLimitConfigStore = exports.PostgresSubscriptionStore = exports.PostgresUserApiKeyStore = exports.PostgresSessionStore = exports.PostgresWorkspaceMemberStore = exports.PostgresWorkspaceStore = exports.PostgresOAuthAccountStore = exports.PostgresUserStore = exports.PostgresRateLimitStore = exports.PostgresIdempotencyStore = exports.PostgresApprovalStore = exports.PostgresAuditStore = exports.PostgresBudgetStore = void 0;
+exports.initPostgresStorage = initPostgresStorage;
+exports.createPostgresStores = createPostgresStores;
+exports.createPostgresSaaSStores = createPostgresSaaSStores;
+// ---------------------------------------------------------------------------
+// Column whitelists (prevent SQL injection via dynamic column names)
+// ---------------------------------------------------------------------------
+const ALLOWED_USER_COLUMNS = new Set([
+    'email', 'display_name', 'avatar_url', 'password_hash',
+    'status', 'onboarding_completed', 'updated_at',
+]);
+const ALLOWED_OAUTH_ACCOUNT_COLUMNS = new Set([
+    'access_token_encrypted', 'refresh_token_encrypted',
+    'token_expires_at', 'updated_at',
+]);
+const ALLOWED_WORKSPACE_COLUMNS = new Set([
+    'name', 'slug', 'plan', 'settings', 'updated_at',
+]);
+const ALLOWED_SESSION_COLUMNS = new Set([
+    'workspace_id', 'last_active_at',
+]);
+const ALLOWED_USER_API_KEY_COLUMNS = new Set([
+    'name', 'roles', 'tags', 'revoked', 'last_used_at',
+]);
+const ALLOWED_SUBSCRIPTION_COLUMNS = new Set([
+    'workspace_id', 'stripe_customer_id', 'stripe_subscription_id',
+    'plan', 'status', 'current_period_start', 'current_period_end',
+    'cancel_at_period_end', 'updated_at',
+]);
+/**
+ * Filter update entries to only include allowed column names.
+ * Returns entries as [key, value] pairs with only whitelisted keys.
+ */
+function sanitizeUpdateEntries(updates, allowedColumns) {
+    return Object.entries(updates).filter(([key]) => allowedColumns.has(key));
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Fire-and-forget a Postgres query. Errors are logged but never thrown so the
+ * synchronous hot path is never blocked or crashed.
+ */
+function asyncQuery(pool, text, values) {
+    pool.query(text, values).catch((err) => {
+        console.error('[postgres-storage] async query failed:', text.substring(0, 200), err.message);
+    });
+}
+/**
+ * Execute a Postgres query with exponential-backoff retry (up to 3 attempts).
+ * Returns a Promise that resolves when the query succeeds or rejects after
+ * exhausting retries. Use this for writes that must be tracked via flush().
+ */
+function reliableAsyncQuery(pool, text, values) {
+    const maxAttempts = 3;
+    async function attempt(n) {
+        try {
+            await pool.query(text, values);
+        }
+        catch (err) {
+            if (n < maxAttempts) {
+                const delay = Math.pow(2, n) * 100; // 200ms, 400ms
+                await new Promise((r) => setTimeout(r, delay));
+                return attempt(n + 1);
+            }
+            throw new Error(`[postgres-storage] reliable query failed after retries: ${err.message}`);
+        }
+    }
+    return attempt(1);
+}
+/**
+ * Execute a Postgres query synchronously (awaited) with retry (3 attempts, exponential backoff).
+ * Throws on failure. Use for critical writes that must succeed before proceeding.
+ */
+async function syncQuery(pool, text, values) {
+    const maxAttempts = 3;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+        try {
+            await pool.query(text, values);
+            return;
+        }
+        catch (err) {
+            if (attempt === maxAttempts) {
+                throw new Error(`[postgres-storage] query failed after ${maxAttempts} retries: ${err.message}`);
+            }
+            await new Promise(r => setTimeout(r, Math.pow(2, attempt) * 100));
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// 1. PostgresBudgetStore
+// ---------------------------------------------------------------------------
+class PostgresBudgetStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.taskStates = new Map();
+        this.counters = new Map();
+        this.retryCounts = new Map();
+        this._pendingWrites = [];
+    }
+    // -- Table DDL ----------------------------------------------------------
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS budget_task_states (
+        task_id       TEXT PRIMARY KEY,
+        workspace_id  TEXT NOT NULL,
+        actor_id      TEXT NOT NULL,
+        spent_usd     DOUBLE PRECISION NOT NULL DEFAULT 0,
+        steps         INTEGER NOT NULL DEFAULT 0,
+        started_at    TEXT NOT NULL
+      );
+    `);
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS budget_counters (
+        key   TEXT PRIMARY KEY,
+        value DOUBLE PRECISION NOT NULL DEFAULT 0
+      );
+    `);
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS budget_retry_counts (
+        tool_call_id TEXT PRIMARY KEY,
+        count        INTEGER NOT NULL DEFAULT 0
+      );
+    `);
+    }
+    // -- Hydrate cache from Postgres ----------------------------------------
+    async hydrate() {
+        try {
+            const { rows: states } = await this.pool.query('SELECT * FROM budget_task_states');
+            for (const r of states) {
+                this.taskStates.set(r.task_id, {
+                    task_id: r.task_id,
+                    workspace_id: r.workspace_id,
+                    actor_id: r.actor_id,
+                    spent_usd: Number(r.spent_usd),
+                    steps: Number(r.steps),
+                    started_at: r.started_at,
+                });
+            }
+            const { rows: ctrs } = await this.pool.query('SELECT * FROM budget_counters');
+            for (const r of ctrs) {
+                this.counters.set(r.key, Number(r.value));
+            }
+            const { rows: retries } = await this.pool.query('SELECT * FROM budget_retry_counts');
+            for (const r of retries) {
+                this.retryCounts.set(r.tool_call_id, Number(r.count));
+            }
+        }
+        catch (err) {
+            console.error('[PostgresBudgetStore] hydrate failed:', err.message);
+        }
+    }
+    // -- Interface implementation -------------------------------------------
+    getTaskState(taskId) {
+        return this.taskStates.get(taskId);
+    }
+    setTaskState(taskId, state) {
+        this.taskStates.set(taskId, state);
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO budget_task_states (task_id, workspace_id, actor_id, spent_usd, steps, started_at)
+       VALUES ($1, $2, $3, $4, $5, $6)
+       ON CONFLICT (task_id) DO UPDATE SET
+         workspace_id = EXCLUDED.workspace_id,
+         actor_id     = EXCLUDED.actor_id,
+         spent_usd    = EXCLUDED.spent_usd,
+         steps        = EXCLUDED.steps,
+         started_at   = EXCLUDED.started_at`, [state.task_id, state.workspace_id, state.actor_id, state.spent_usd, state.steps, state.started_at]));
+    }
+    getCounter(key) {
+        return this.counters.get(key) ?? 0;
+    }
+    incrementCounter(key, amount) {
+        const newVal = (this.counters.get(key) ?? 0) + amount;
+        this.counters.set(key, newVal);
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO budget_counters (key, value) VALUES ($1, $2)
+       ON CONFLICT (key) DO UPDATE SET value = EXCLUDED.value`, [key, newVal]));
+    }
+    getRetryCount(toolCallId) {
+        return this.retryCounts.get(toolCallId) ?? 0;
+    }
+    incrementRetryCount(toolCallId) {
+        const count = (this.retryCounts.get(toolCallId) ?? 0) + 1;
+        this.retryCounts.set(toolCallId, count);
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO budget_retry_counts (tool_call_id, count) VALUES ($1, $2)
+       ON CONFLICT (tool_call_id) DO UPDATE SET count = EXCLUDED.count`, [toolCallId, count]));
+        return count;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    reset() {
+        this.taskStates.clear();
+        this.counters.clear();
+        this.retryCounts.clear();
+        asyncQuery(this.pool, 'TRUNCATE budget_task_states, budget_counters, budget_retry_counts');
+    }
+}
+exports.PostgresBudgetStore = PostgresBudgetStore;
+// ---------------------------------------------------------------------------
+// 2. PostgresAuditStore
+// ---------------------------------------------------------------------------
+class PostgresAuditStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.events = [];
+        this._pendingWrites = [];
+    }
+    // -- Table DDL ----------------------------------------------------------
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS audit_events (
+        event_id      TEXT PRIMARY KEY,
+        event_type    TEXT NOT NULL,
+        timestamp     TEXT NOT NULL,
+        tool_call_id  TEXT NOT NULL,
+        task_id       TEXT NOT NULL,
+        workspace_id  TEXT NOT NULL,
+        actor_id      TEXT NOT NULL,
+        tool_name     TEXT NOT NULL,
+        metadata      JSONB NOT NULL DEFAULT '{}'
+      );
+    `);
+    }
+    // -- Hydrate cache from Postgres ----------------------------------------
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM audit_events ORDER BY timestamp ASC');
+            this.events = rows.map((r) => ({
+                event_id: r.event_id,
+                event_type: r.event_type,
+                timestamp: r.timestamp,
+                tool_call_id: r.tool_call_id,
+                task_id: r.task_id,
+                workspace_id: r.workspace_id,
+                actor_id: r.actor_id,
+                tool_name: r.tool_name,
+                metadata: r.metadata ?? {},
+            }));
+        }
+        catch (err) {
+            console.error('[PostgresAuditStore] hydrate failed:', err.message);
+        }
+    }
+    // -- Interface implementation -------------------------------------------
+    append(event) {
+        this.events.push(event);
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO audit_events (event_id, event_type, timestamp, tool_call_id, task_id, workspace_id, actor_id, tool_name, metadata)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)
+       ON CONFLICT (event_id) DO NOTHING`, [
+            event.event_id,
+            event.event_type,
+            event.timestamp,
+            event.tool_call_id,
+            event.task_id,
+            event.workspace_id,
+            event.actor_id,
+            event.tool_name,
+            JSON.stringify(event.metadata),
+        ]));
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    getByTaskId(taskId) {
+        return this.events
+            .filter((e) => e.task_id === taskId)
+            .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+    }
+    getByToolCallId(toolCallId) {
+        return this.events
+            .filter((e) => e.tool_call_id === toolCallId)
+            .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+    }
+    getByEventType(eventType) {
+        return this.events.filter((e) => e.event_type === eventType);
+    }
+    getAll() {
+        return [...this.events];
+    }
+    clear() {
+        this.events = [];
+        asyncQuery(this.pool, 'TRUNCATE audit_events');
+    }
+}
+exports.PostgresAuditStore = PostgresAuditStore;
+// ---------------------------------------------------------------------------
+// 3. PostgresApprovalStore
+// ---------------------------------------------------------------------------
+class PostgresApprovalStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.approvals = new Map();
+        this.tokenIndex = new Map();
+        this._pendingWrites = [];
+    }
+    // -- Table DDL ----------------------------------------------------------
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS approvals (
+        approval_id   TEXT PRIMARY KEY,
+        data          JSONB NOT NULL,
+        status        TEXT NOT NULL DEFAULT 'pending',
+        workspace_id  TEXT,
+        tool_call_id  TEXT
+      );
+    `);
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS approval_tokens (
+        token        TEXT PRIMARY KEY,
+        approval_id  TEXT NOT NULL
+      );
+    `);
+    }
+    // -- Hydrate cache from Postgres ----------------------------------------
+    async hydrate() {
+        try {
+            const { rows: approvalRows } = await this.pool.query('SELECT * FROM approvals');
+            for (const r of approvalRows) {
+                const approval = r.data;
+                this.approvals.set(r.approval_id, approval);
+            }
+            const { rows: tokenRows } = await this.pool.query('SELECT * FROM approval_tokens');
+            for (const r of tokenRows) {
+                this.tokenIndex.set(r.token, r.approval_id);
+            }
+        }
+        catch (err) {
+            console.error('[PostgresApprovalStore] hydrate failed:', err.message);
+        }
+    }
+    // -- Interface implementation -------------------------------------------
+    save(approvalId, approval) {
+        this.approvals.set(approvalId, approval);
+        const status = approval.status ?? 'pending';
+        const workspaceId = approval.workspace_id ?? null;
+        const toolCallId = approval.tool_call_id ?? null;
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO approvals (approval_id, data, status, workspace_id, tool_call_id)
+       VALUES ($1, $2, $3, $4, $5)
+       ON CONFLICT (approval_id) DO UPDATE SET
+         data         = EXCLUDED.data,
+         status       = EXCLUDED.status,
+         workspace_id = EXCLUDED.workspace_id,
+         tool_call_id = EXCLUDED.tool_call_id`, [approvalId, JSON.stringify(approval), status, workspaceId, toolCallId]));
+    }
+    getById(approvalId) {
+        return this.approvals.get(approvalId);
+    }
+    getByToken(token) {
+        const id = this.tokenIndex.get(token);
+        return id ? this.approvals.get(id) : undefined;
+    }
+    getByToolCallId(toolCallId) {
+        for (const approval of this.approvals.values()) {
+            if (approval.tool_call_id === toolCallId)
+                return approval;
+        }
+        return undefined;
+    }
+    findPending(workspaceId) {
+        const results = [];
+        for (const approval of this.approvals.values()) {
+            if (approval.status !== 'pending')
+                continue;
+            if (workspaceId && approval.workspace_id !== workspaceId)
+                continue;
+            results.push(approval);
+        }
+        return results;
+    }
+    indexToken(token, approvalId) {
+        this.tokenIndex.set(token, approvalId);
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO approval_tokens (token, approval_id) VALUES ($1, $2)
+       ON CONFLICT (token) DO UPDATE SET approval_id = EXCLUDED.approval_id`, [token, approvalId]));
+    }
+    async compareAndSetStatus(approvalId, expectedStatus, approval) {
+        const existing = this.approvals.get(approvalId);
+        if (!existing || existing.status !== expectedStatus)
+            return false;
+        // Update in-memory cache optimistically
+        this.approvals.set(approvalId, approval);
+        // Atomic DB update: only succeeds if status still matches expectedStatus
+        try {
+            const result = await this.pool.query(`UPDATE approvals SET data = $2, status = $3
+         WHERE approval_id = $1 AND status = $4`, [approvalId, JSON.stringify(approval), approval.status, expectedStatus]);
+            if (result.rowCount === 0) {
+                // Another process already changed the status — rollback in-memory
+                this.approvals.set(approvalId, existing);
+                return false;
+            }
+            return true;
+        }
+        catch (err) {
+            // Rollback in-memory on DB error
+            this.approvals.set(approvalId, existing);
+            console.error('[PostgresApprovalStore] compareAndSetStatus failed:', err.message);
+            return false;
+        }
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    clear() {
+        this.approvals.clear();
+        this.tokenIndex.clear();
+        asyncQuery(this.pool, 'TRUNCATE approvals, approval_tokens');
+    }
+}
+exports.PostgresApprovalStore = PostgresApprovalStore;
+// ---------------------------------------------------------------------------
+// 4. PostgresIdempotencyStore
+// ---------------------------------------------------------------------------
+class PostgresIdempotencyStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.entries = new Map();
+        this._pendingWrites = [];
+    }
+    // -- Table DDL ----------------------------------------------------------
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS idempotency_cache (
+        tool_call_id  TEXT PRIMARY KEY,
+        result        JSONB NOT NULL,
+        expires_at    TIMESTAMPTZ NOT NULL
+      );
+    `);
+    }
+    // -- Hydrate cache from Postgres ----------------------------------------
+    async hydrate() {
+        try {
+            const now = new Date().toISOString();
+            const { rows } = await this.pool.query('SELECT * FROM idempotency_cache WHERE expires_at > $1', [now]);
+            for (const r of rows) {
+                this.entries.set(r.tool_call_id, {
+                    result: r.result,
+                    expiresAt: new Date(r.expires_at).getTime(),
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresIdempotencyStore] hydrate failed:', err.message);
+        }
+    }
+    // -- Interface implementation -------------------------------------------
+    async get(toolCallId) {
+        const entry = this.entries.get(toolCallId);
+        if (!entry)
+            return undefined;
+        if (Date.now() > entry.expiresAt) {
+            this.entries.delete(toolCallId);
+            asyncQuery(this.pool, 'DELETE FROM idempotency_cache WHERE tool_call_id = $1', [toolCallId]);
+            return undefined;
+        }
+        return entry.result;
+    }
+    set(toolCallId, result, ttlMs) {
+        const expiresAt = Date.now() + ttlMs;
+        this.entries.set(toolCallId, { result, expiresAt });
+        const expiresAtISO = new Date(expiresAt).toISOString();
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO idempotency_cache (tool_call_id, result, expires_at)
+       VALUES ($1, $2, $3)
+       ON CONFLICT (tool_call_id) DO UPDATE SET
+         result     = EXCLUDED.result,
+         expires_at = EXCLUDED.expires_at`, [toolCallId, JSON.stringify(result), expiresAtISO]));
+        // Evict expired entries from the in-memory cache periodically
+        if (this.entries.size > 10000) {
+            const now = Date.now();
+            for (const [key, val] of this.entries) {
+                if (now > val.expiresAt)
+                    this.entries.delete(key);
+            }
+            // Also purge expired rows from Postgres
+            asyncQuery(this.pool, 'DELETE FROM idempotency_cache WHERE expires_at < NOW()');
+        }
+    }
+    async has(toolCallId) {
+        return (await this.get(toolCallId)) !== undefined;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    clear() {
+        this.entries.clear();
+        asyncQuery(this.pool, 'TRUNCATE idempotency_cache');
+    }
+}
+exports.PostgresIdempotencyStore = PostgresIdempotencyStore;
+// ---------------------------------------------------------------------------
+// 5. PostgresRateLimitStore
+// ---------------------------------------------------------------------------
+class PostgresRateLimitStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.windows = new Map();
+    }
+    // -- Table DDL ----------------------------------------------------------
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS rate_limit_hits (
+        id         SERIAL PRIMARY KEY,
+        key        TEXT NOT NULL,
+        timestamp  TIMESTAMPTZ NOT NULL DEFAULT NOW()
+      );
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_rate_limit_hits_key_ts
+        ON rate_limit_hits (key, timestamp);
+    `);
+    }
+    // -- Hydrate cache from Postgres ----------------------------------------
+    async hydrate() {
+        try {
+            // Only load hits from the last hour (any reasonable upper-bound window)
+            const cutoff = new Date(Date.now() - 3600000).toISOString();
+            const { rows } = await this.pool.query('SELECT key, timestamp FROM rate_limit_hits WHERE timestamp > $1 ORDER BY timestamp ASC', [cutoff]);
+            for (const r of rows) {
+                const ts = new Date(r.timestamp).getTime();
+                const arr = this.windows.get(r.key) || [];
+                arr.push(ts);
+                this.windows.set(r.key, arr);
+            }
+        }
+        catch (err) {
+            console.error('[PostgresRateLimitStore] hydrate failed:', err.message);
+        }
+    }
+    // -- Interface implementation -------------------------------------------
+    hit(key, windowMs, maxRequests) {
+        const now = Date.now();
+        const cutoff = now - windowMs;
+        // Prune expired timestamps and add current hit (identical to InMemory)
+        let timestamps = this.windows.get(key) || [];
+        timestamps = timestamps.filter((t) => t > cutoff);
+        timestamps.push(now);
+        this.windows.set(key, timestamps);
+        const current = timestamps.length;
+        const allowed = current <= maxRequests;
+        const resetAt = timestamps.length > 0 ? timestamps[0] + windowMs : now + windowMs;
+        // Async: persist the hit to Postgres
+        asyncQuery(this.pool, 'INSERT INTO rate_limit_hits (key, timestamp) VALUES ($1, $2)', [key, new Date(now).toISOString()]);
+        // Async: prune old rows from Postgres periodically
+        if (current === 1) {
+            // First hit in this window -- good time to clean up old entries for this key
+            asyncQuery(this.pool, 'DELETE FROM rate_limit_hits WHERE key = $1 AND timestamp < $2', [key, new Date(cutoff).toISOString()]);
+        }
+        return { allowed, current, limit: maxRequests, resetAt };
+    }
+    reset() {
+        this.windows.clear();
+        asyncQuery(this.pool, 'TRUNCATE rate_limit_hits');
+    }
+}
+exports.PostgresRateLimitStore = PostgresRateLimitStore;
+// ---------------------------------------------------------------------------
+// 6. PostgresUserStore
+// ---------------------------------------------------------------------------
+class PostgresUserStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.users = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS users (
+        id                    TEXT PRIMARY KEY,
+        email                 TEXT UNIQUE NOT NULL,
+        display_name          TEXT NOT NULL,
+        avatar_url            TEXT,
+        password_hash         TEXT,
+        status                TEXT NOT NULL DEFAULT 'active',
+        onboarding_completed  BOOLEAN NOT NULL DEFAULT FALSE,
+        created_at            TEXT NOT NULL,
+        updated_at            TEXT NOT NULL
+      );
+    `);
+        // Migration: add password_hash for databases created before this column existed
+        await pool.query(`ALTER TABLE users ADD COLUMN IF NOT EXISTS password_hash TEXT`).catch(() => { });
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM users');
+            for (const r of rows) {
+                this.users.set(r.id, {
+                    id: r.id, email: r.email, display_name: r.display_name,
+                    avatar_url: r.avatar_url || undefined,
+                    password_hash: r.password_hash || undefined,
+                    status: r.status,
+                    onboarding_completed: r.onboarding_completed,
+                    created_at: r.created_at, updated_at: r.updated_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresUserStore] hydrate failed:', err.message);
+        }
+    }
+    create(user) {
+        this.users.set(user.id, { ...user });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO users (id, email, display_name, avatar_url, password_hash, status, onboarding_completed, created_at, updated_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)
+       ON CONFLICT (id) DO NOTHING`, [user.id, user.email, user.display_name, user.avatar_url || null, user.password_hash || null,
+            user.status, user.onboarding_completed, user.created_at, user.updated_at]));
+    }
+    getById(id) {
+        const u = this.users.get(id);
+        return u ? { ...u } : undefined;
+    }
+    getByEmail(email) {
+        for (const u of this.users.values()) {
+            if (u.email === email)
+                return { ...u };
+        }
+        return undefined;
+    }
+    update(id, updates) {
+        const u = this.users.get(id);
+        if (!u)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_USER_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(u, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE users SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...u };
+    }
+    delete(id) {
+        const existed = this.users.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM users WHERE id = $1', [id]));
+        return existed;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    list() {
+        return Array.from(this.users.values()).map(u => ({ ...u }));
+    }
+}
+exports.PostgresUserStore = PostgresUserStore;
+// ---------------------------------------------------------------------------
+// 7. PostgresOAuthAccountStore
+// ---------------------------------------------------------------------------
+class PostgresOAuthAccountStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.accounts = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS oauth_accounts (
+        id                      TEXT PRIMARY KEY,
+        user_id                 TEXT NOT NULL,
+        provider                TEXT NOT NULL,
+        provider_user_id        TEXT NOT NULL,
+        provider_email          TEXT NOT NULL,
+        access_token_encrypted  TEXT,
+        refresh_token_encrypted TEXT,
+        token_expires_at        TEXT,
+        created_at              TEXT NOT NULL,
+        updated_at              TEXT NOT NULL,
+        UNIQUE(provider, provider_user_id)
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM oauth_accounts');
+            for (const r of rows) {
+                this.accounts.set(r.id, {
+                    id: r.id, user_id: r.user_id, provider: r.provider,
+                    provider_user_id: r.provider_user_id, provider_email: r.provider_email,
+                    access_token_encrypted: r.access_token_encrypted || undefined,
+                    refresh_token_encrypted: r.refresh_token_encrypted || undefined,
+                    token_expires_at: r.token_expires_at || undefined,
+                    created_at: r.created_at, updated_at: r.updated_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresOAuthAccountStore] hydrate failed:', err.message);
+        }
+    }
+    create(account) {
+        this.accounts.set(account.id, { ...account });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO oauth_accounts (id, user_id, provider, provider_user_id, provider_email, access_token_encrypted, refresh_token_encrypted, token_expires_at, created_at, updated_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
+       ON CONFLICT (id) DO NOTHING`, [account.id, account.user_id, account.provider, account.provider_user_id, account.provider_email,
+            account.access_token_encrypted || null, account.refresh_token_encrypted || null,
+            account.token_expires_at || null, account.created_at, account.updated_at]));
+    }
+    getById(id) {
+        const a = this.accounts.get(id);
+        return a ? { ...a } : undefined;
+    }
+    getByProvider(provider, providerUserId) {
+        for (const a of this.accounts.values()) {
+            if (a.provider === provider && a.provider_user_id === providerUserId)
+                return { ...a };
+        }
+        return undefined;
+    }
+    getByUserId(userId) {
+        const results = [];
+        for (const a of this.accounts.values()) {
+            if (a.user_id === userId)
+                results.push({ ...a });
+        }
+        return results;
+    }
+    update(id, updates) {
+        const a = this.accounts.get(id);
+        if (!a)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_OAUTH_ACCOUNT_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(a, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE oauth_accounts SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...a };
+    }
+    delete(id) {
+        const existed = this.accounts.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM oauth_accounts WHERE id = $1', [id]));
+        return existed;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+}
+exports.PostgresOAuthAccountStore = PostgresOAuthAccountStore;
+// ---------------------------------------------------------------------------
+// 8. PostgresWorkspaceStore
+// ---------------------------------------------------------------------------
+class PostgresWorkspaceStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.workspaces = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS workspaces (
+        id              TEXT PRIMARY KEY,
+        name            TEXT NOT NULL,
+        slug            TEXT UNIQUE NOT NULL,
+        owner_user_id   TEXT NOT NULL,
+        plan            TEXT NOT NULL DEFAULT 'free',
+        settings        JSONB NOT NULL DEFAULT '{}',
+        created_at      TEXT NOT NULL,
+        updated_at      TEXT NOT NULL
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM workspaces');
+            for (const r of rows) {
+                this.workspaces.set(r.id, {
+                    id: r.id, name: r.name, slug: r.slug, owner_user_id: r.owner_user_id,
+                    plan: r.plan, settings: r.settings || {},
+                    created_at: r.created_at, updated_at: r.updated_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresWorkspaceStore] hydrate failed:', err.message);
+        }
+    }
+    create(workspace) {
+        this.workspaces.set(workspace.id, { ...workspace });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO workspaces (id, name, slug, owner_user_id, plan, settings, created_at, updated_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+       ON CONFLICT (id) DO NOTHING`, [workspace.id, workspace.name, workspace.slug, workspace.owner_user_id,
+            workspace.plan, JSON.stringify(workspace.settings), workspace.created_at, workspace.updated_at]));
+    }
+    getById(id) {
+        const w = this.workspaces.get(id);
+        return w ? { ...w } : undefined;
+    }
+    getBySlug(slug) {
+        for (const w of this.workspaces.values()) {
+            if (w.slug === slug)
+                return { ...w };
+        }
+        return undefined;
+    }
+    getByOwner(userId) {
+        const results = [];
+        for (const w of this.workspaces.values()) {
+            if (w.owner_user_id === userId)
+                results.push({ ...w });
+        }
+        return results;
+    }
+    update(id, updates) {
+        const w = this.workspaces.get(id);
+        if (!w)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_WORKSPACE_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(w, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(key === 'settings' ? JSON.stringify(val) : val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE workspaces SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...w };
+    }
+    delete(id) {
+        const existed = this.workspaces.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM workspaces WHERE id = $1', [id]));
+        return existed;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+    list() {
+        return Array.from(this.workspaces.values()).map(w => ({ ...w }));
+    }
+}
+exports.PostgresWorkspaceStore = PostgresWorkspaceStore;
+// ---------------------------------------------------------------------------
+// 9. PostgresWorkspaceMemberStore
+// ---------------------------------------------------------------------------
+class PostgresWorkspaceMemberStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.members = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS workspace_members (
+        id              TEXT PRIMARY KEY,
+        workspace_id    TEXT NOT NULL,
+        user_id         TEXT NOT NULL,
+        role            TEXT NOT NULL DEFAULT 'member',
+        joined_at       TEXT NOT NULL,
+        UNIQUE(workspace_id, user_id)
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM workspace_members');
+            for (const r of rows) {
+                this.members.set(r.id, {
+                    id: r.id, workspace_id: r.workspace_id, user_id: r.user_id,
+                    role: r.role, joined_at: r.joined_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresWorkspaceMemberStore] hydrate failed:', err.message);
+        }
+    }
+    create(member) {
+        this.members.set(member.id, { ...member });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO workspace_members (id, workspace_id, user_id, role, joined_at)
+       VALUES ($1, $2, $3, $4, $5)
+       ON CONFLICT (id) DO NOTHING`, [member.id, member.workspace_id, member.user_id, member.role, member.joined_at]));
+    }
+    getById(id) {
+        const m = this.members.get(id);
+        return m ? { ...m } : undefined;
+    }
+    getByWorkspace(workspaceId) {
+        const results = [];
+        for (const m of this.members.values()) {
+            if (m.workspace_id === workspaceId)
+                results.push({ ...m });
+        }
+        return results;
+    }
+    getByUser(userId) {
+        const results = [];
+        for (const m of this.members.values()) {
+            if (m.user_id === userId)
+                results.push({ ...m });
+        }
+        return results;
+    }
+    getByWorkspaceAndUser(workspaceId, userId) {
+        for (const m of this.members.values()) {
+            if (m.workspace_id === workspaceId && m.user_id === userId)
+                return { ...m };
+        }
+        return undefined;
+    }
+    update(id, updates) {
+        const m = this.members.get(id);
+        if (!m)
+            return undefined;
+        Object.assign(m, updates);
+        if (updates.role) {
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'UPDATE workspace_members SET role = $1 WHERE id = $2', [updates.role, id]));
+        }
+        return { ...m };
+    }
+    delete(id) {
+        const existed = this.members.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM workspace_members WHERE id = $1', [id]));
+        return existed;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+}
+exports.PostgresWorkspaceMemberStore = PostgresWorkspaceMemberStore;
+// ---------------------------------------------------------------------------
+// 10. PostgresSessionStore
+// ---------------------------------------------------------------------------
+class PostgresSessionStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.sessions = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS sessions (
+        id              TEXT PRIMARY KEY,
+        user_id         TEXT NOT NULL,
+        workspace_id    TEXT,
+        ip_address      TEXT,
+        user_agent      TEXT,
+        expires_at      TEXT NOT NULL,
+        last_active_at  TEXT NOT NULL,
+        created_at      TEXT NOT NULL
+      );
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_sessions_user_id ON sessions (user_id);
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM sessions');
+            const now = Date.now();
+            for (const r of rows) {
+                if (new Date(r.expires_at).getTime() <= now)
+                    continue;
+                this.sessions.set(r.id, {
+                    id: r.id, user_id: r.user_id, workspace_id: r.workspace_id || undefined,
+                    ip_address: r.ip_address || undefined, user_agent: r.user_agent || undefined,
+                    expires_at: r.expires_at, last_active_at: r.last_active_at, created_at: r.created_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresSessionStore] hydrate failed:', err.message);
+        }
+    }
+    create(session) {
+        this.sessions.set(session.id, { ...session });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO sessions (id, user_id, workspace_id, ip_address, user_agent, expires_at, last_active_at, created_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+       ON CONFLICT (id) DO NOTHING`, [session.id, session.user_id, session.workspace_id || null, session.ip_address || null,
+            session.user_agent || null, session.expires_at, session.last_active_at, session.created_at]));
+    }
+    getById(id) {
+        const s = this.sessions.get(id);
+        if (!s)
+            return undefined;
+        if (new Date(s.expires_at).getTime() <= Date.now()) {
+            this.sessions.delete(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM sessions WHERE id = $1', [id]));
+            return undefined;
+        }
+        return { ...s };
+    }
+    getByUserId(userId) {
+        const now = Date.now();
+        const results = [];
+        for (const s of this.sessions.values()) {
+            if (s.user_id === userId && new Date(s.expires_at).getTime() > now) {
+                results.push({ ...s });
+            }
+        }
+        return results;
+    }
+    update(id, updates) {
+        const s = this.sessions.get(id);
+        if (!s)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_SESSION_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(s, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE sessions SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...s };
+    }
+    delete(id) {
+        const existed = this.sessions.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM sessions WHERE id = $1', [id]));
+        return existed;
+    }
+    deleteExpired() {
+        const now = Date.now();
+        let count = 0;
+        for (const [id, s] of this.sessions) {
+            if (new Date(s.expires_at).getTime() <= now) {
+                this.sessions.delete(id);
+                count++;
+            }
+        }
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `DELETE FROM sessions WHERE expires_at < $1`, [new Date().toISOString()]));
+        return count;
+    }
+    deleteByUserId(userId) {
+        let count = 0;
+        for (const [id, s] of this.sessions) {
+            if (s.user_id === userId) {
+                this.sessions.delete(id);
+                count++;
+            }
+        }
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM sessions WHERE user_id = $1', [userId]));
+        return count;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+}
+exports.PostgresSessionStore = PostgresSessionStore;
+// ---------------------------------------------------------------------------
+// 11. PostgresUserApiKeyStore
+// ---------------------------------------------------------------------------
+class PostgresUserApiKeyStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.keys = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS user_api_keys (
+        id              TEXT PRIMARY KEY,
+        key_hash        TEXT UNIQUE NOT NULL,
+        key_prefix      TEXT NOT NULL,
+        user_id         TEXT NOT NULL,
+        workspace_id    TEXT NOT NULL,
+        name            TEXT NOT NULL,
+        roles           JSONB NOT NULL DEFAULT '[]',
+        tags            JSONB NOT NULL DEFAULT '[]',
+        revoked         BOOLEAN NOT NULL DEFAULT FALSE,
+        last_used_at    TEXT,
+        created_at      TEXT NOT NULL
+      );
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_user_api_keys_workspace ON user_api_keys (workspace_id);
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_user_api_keys_hash ON user_api_keys (key_hash);
+    `);
+        // Migration: add tags column for existing tables
+        await pool.query(`
+      ALTER TABLE user_api_keys ADD COLUMN IF NOT EXISTS tags JSONB NOT NULL DEFAULT '[]';
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM user_api_keys');
+            for (const r of rows) {
+                this.keys.set(r.id, {
+                    id: r.id, key_hash: r.key_hash, key_prefix: r.key_prefix,
+                    user_id: r.user_id, workspace_id: r.workspace_id, name: r.name,
+                    roles: r.roles || [], tags: r.tags || [], revoked: r.revoked,
+                    last_used_at: r.last_used_at || undefined, created_at: r.created_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresUserApiKeyStore] hydrate failed:', err.message);
+        }
+    }
+    create(apiKey) {
+        this.keys.set(apiKey.id, { ...apiKey });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO user_api_keys (id, key_hash, key_prefix, user_id, workspace_id, name, roles, tags, revoked, last_used_at, created_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
+       ON CONFLICT (id) DO NOTHING`, [apiKey.id, apiKey.key_hash, apiKey.key_prefix, apiKey.user_id, apiKey.workspace_id,
+            apiKey.name, JSON.stringify(apiKey.roles), JSON.stringify(apiKey.tags || []),
+            apiKey.revoked, apiKey.last_used_at || null, apiKey.created_at]));
+    }
+    getById(id) {
+        const k = this.keys.get(id);
+        return k ? { ...k } : undefined;
+    }
+    getByKeyHash(keyHash) {
+        for (const k of this.keys.values()) {
+            if (k.key_hash === keyHash)
+                return { ...k };
+        }
+        return undefined;
+    }
+    verifyToken(token) {
+        const crypto = require('crypto');
+        const unsaltedHash = crypto.createHash('sha256').update(token).digest('hex');
+        for (const k of this.keys.values()) {
+            if (k.key_hash.includes(':')) {
+                const colonIndex = k.key_hash.indexOf(':');
+                const salt = k.key_hash.slice(0, colonIndex);
+                const expectedHash = k.key_hash.slice(colonIndex + 1);
+                const computedHash = crypto.createHash('sha256').update(salt + token).digest('hex');
+                const a = Buffer.from(computedHash, 'hex');
+                const b = Buffer.from(expectedHash, 'hex');
+                if (a.length === b.length && crypto.timingSafeEqual(a, b)) {
+                    return { ...k };
+                }
+            }
+            else {
+                if (k.key_hash === unsaltedHash)
+                    return { ...k };
+            }
+        }
+        return undefined;
+    }
+    getByWorkspace(workspaceId) {
+        const results = [];
+        for (const k of this.keys.values()) {
+            if (k.workspace_id === workspaceId)
+                results.push({ ...k });
+        }
+        return results;
+    }
+    getByUser(userId) {
+        const results = [];
+        for (const k of this.keys.values()) {
+            if (k.user_id === userId)
+                results.push({ ...k });
+        }
+        return results;
+    }
+    update(id, updates) {
+        const k = this.keys.get(id);
+        if (!k)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_USER_API_KEY_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(k, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(key === 'roles' || key === 'tags' ? JSON.stringify(val) : val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE user_api_keys SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...k };
+    }
+    delete(id) {
+        const existed = this.keys.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM user_api_keys WHERE id = $1', [id]));
+        return existed;
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+}
+exports.PostgresUserApiKeyStore = PostgresUserApiKeyStore;
+// ---------------------------------------------------------------------------
+// 12. PostgresSubscriptionStore
+// ---------------------------------------------------------------------------
+class PostgresSubscriptionStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.subscriptions = new Map();
+        this._pendingWrites = [];
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS subscriptions (
+        id                      TEXT PRIMARY KEY,
+        workspace_id            TEXT NOT NULL,
+        stripe_customer_id      TEXT NOT NULL,
+        stripe_subscription_id  TEXT,
+        plan                    TEXT NOT NULL,
+        status                  TEXT NOT NULL DEFAULT 'active',
+        current_period_start    TEXT,
+        current_period_end      TEXT,
+        cancel_at_period_end    BOOLEAN NOT NULL DEFAULT FALSE,
+        created_at              TEXT NOT NULL,
+        updated_at              TEXT NOT NULL
+      );
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_workspace ON subscriptions (workspace_id);
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_stripe_customer ON subscriptions (stripe_customer_id);
+    `);
+        await pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_stripe_subscription ON subscriptions (stripe_subscription_id);
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM subscriptions');
+            for (const r of rows) {
+                this.subscriptions.set(r.id, {
+                    id: r.id, workspace_id: r.workspace_id,
+                    stripe_customer_id: r.stripe_customer_id,
+                    stripe_subscription_id: r.stripe_subscription_id || undefined,
+                    plan: r.plan, status: r.status,
+                    current_period_start: r.current_period_start || undefined,
+                    current_period_end: r.current_period_end || undefined,
+                    cancel_at_period_end: r.cancel_at_period_end ?? undefined,
+                    created_at: r.created_at, updated_at: r.updated_at,
+                });
+            }
+        }
+        catch (err) {
+            console.error('[PostgresSubscriptionStore] hydrate failed:', err.message);
+        }
+    }
+    create(subscription) {
+        this.subscriptions.set(subscription.id, { ...subscription });
+        this._pendingWrites.push(reliableAsyncQuery(this.pool, `INSERT INTO subscriptions (id, workspace_id, stripe_customer_id, stripe_subscription_id, plan, status, current_period_start, current_period_end, cancel_at_period_end, created_at, updated_at)
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
+       ON CONFLICT (id) DO NOTHING`, [subscription.id, subscription.workspace_id, subscription.stripe_customer_id,
+            subscription.stripe_subscription_id || null, subscription.plan, subscription.status,
+            subscription.current_period_start || null, subscription.current_period_end || null,
+            subscription.cancel_at_period_end ?? false, subscription.created_at, subscription.updated_at]));
+    }
+    getById(id) {
+        const s = this.subscriptions.get(id);
+        return s ? { ...s } : undefined;
+    }
+    getByWorkspace(workspaceId) {
+        for (const s of this.subscriptions.values()) {
+            if (s.workspace_id === workspaceId)
+                return { ...s };
+        }
+        return undefined;
+    }
+    getByStripeCustomerId(customerId) {
+        for (const s of this.subscriptions.values()) {
+            if (s.stripe_customer_id === customerId)
+                return { ...s };
+        }
+        return undefined;
+    }
+    getByStripeSubscriptionId(subscriptionId) {
+        for (const s of this.subscriptions.values()) {
+            if (s.stripe_subscription_id === subscriptionId)
+                return { ...s };
+        }
+        return undefined;
+    }
+    update(id, updates) {
+        const s = this.subscriptions.get(id);
+        if (!s)
+            return undefined;
+        const safeEntries = sanitizeUpdateEntries(updates, ALLOWED_SUBSCRIPTION_COLUMNS);
+        const safeUpdates = Object.fromEntries(safeEntries);
+        Object.assign(s, safeUpdates);
+        const setClauses = [];
+        const vals = [];
+        let idx = 1;
+        for (const [key, val] of safeEntries) {
+            setClauses.push(`${key} = $${idx}`);
+            vals.push(val);
+            idx++;
+        }
+        if (setClauses.length > 0) {
+            vals.push(id);
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, `UPDATE subscriptions SET ${setClauses.join(', ')} WHERE id = $${idx}`, vals));
+        }
+        return { ...s };
+    }
+    delete(id) {
+        const existed = this.subscriptions.delete(id);
+        if (existed)
+            this._pendingWrites.push(reliableAsyncQuery(this.pool, 'DELETE FROM subscriptions WHERE id = $1', [id]));
+        return existed;
+    }
+    list() {
+        return Array.from(this.subscriptions.values()).map(s => ({ ...s }));
+    }
+    async flush() {
+        const writes = this._pendingWrites;
+        this._pendingWrites = [];
+        await Promise.all(writes);
+    }
+}
+exports.PostgresSubscriptionStore = PostgresSubscriptionStore;
+// ---------------------------------------------------------------------------
+// Per-Workspace Rate Limit & Budget Config Stores
+// ---------------------------------------------------------------------------
+class PostgresRateLimitConfigStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.configs = new Map();
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS workspace_rate_limit_configs (
+        workspace_id TEXT PRIMARY KEY,
+        config       JSONB NOT NULL
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM workspace_rate_limit_configs');
+            for (const r of rows) {
+                this.configs.set(r.workspace_id, r.config);
+            }
+        }
+        catch (err) {
+            console.error('[PostgresRateLimitConfigStore] hydrate failed:', err.message);
+        }
+    }
+    getByWorkspaceId(workspaceId) {
+        return this.configs.get(workspaceId);
+    }
+    set(workspaceId, config) {
+        this.configs.set(workspaceId, config);
+        asyncQuery(this.pool, `INSERT INTO workspace_rate_limit_configs (workspace_id, config) VALUES ($1, $2)
+       ON CONFLICT (workspace_id) DO UPDATE SET config = EXCLUDED.config`, [workspaceId, JSON.stringify(config)]);
+    }
+    delete(workspaceId) {
+        const existed = this.configs.delete(workspaceId);
+        asyncQuery(this.pool, `DELETE FROM workspace_rate_limit_configs WHERE workspace_id = $1`, [workspaceId]);
+        return existed;
+    }
+    list() {
+        return new Map(this.configs);
+    }
+    clear() {
+        this.configs.clear();
+        asyncQuery(this.pool, `DELETE FROM workspace_rate_limit_configs`);
+    }
+}
+exports.PostgresRateLimitConfigStore = PostgresRateLimitConfigStore;
+class PostgresBudgetConfigStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.configs = new Map();
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS workspace_budget_configs (
+        workspace_id TEXT PRIMARY KEY,
+        config       JSONB NOT NULL
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM workspace_budget_configs');
+            for (const r of rows) {
+                this.configs.set(r.workspace_id, r.config);
+            }
+        }
+        catch (err) {
+            console.error('[PostgresBudgetConfigStore] hydrate failed:', err.message);
+        }
+    }
+    getByWorkspaceId(workspaceId) {
+        return this.configs.get(workspaceId);
+    }
+    set(workspaceId, config) {
+        this.configs.set(workspaceId, config);
+        asyncQuery(this.pool, `INSERT INTO workspace_budget_configs (workspace_id, config) VALUES ($1, $2)
+       ON CONFLICT (workspace_id) DO UPDATE SET config = EXCLUDED.config`, [workspaceId, JSON.stringify(config)]);
+    }
+    delete(workspaceId) {
+        const existed = this.configs.delete(workspaceId);
+        asyncQuery(this.pool, `DELETE FROM workspace_budget_configs WHERE workspace_id = $1`, [workspaceId]);
+        return existed;
+    }
+    list() {
+        return new Map(this.configs);
+    }
+    clear() {
+        this.configs.clear();
+        asyncQuery(this.pool, `DELETE FROM workspace_budget_configs`);
+    }
+}
+exports.PostgresBudgetConfigStore = PostgresBudgetConfigStore;
+class PostgresPolicyStore {
+    constructor(pool) {
+        this.pool = pool;
+        this.policies = new Map();
+    }
+    static async createTables(pool) {
+        await pool.query(`
+      CREATE TABLE IF NOT EXISTS workspace_policies (
+        workspace_id TEXT PRIMARY KEY,
+        policy       JSONB NOT NULL
+      );
+    `);
+    }
+    async hydrate() {
+        try {
+            const { rows } = await this.pool.query('SELECT * FROM workspace_policies');
+            for (const r of rows) {
+                this.policies.set(r.workspace_id, r.policy);
+            }
+        }
+        catch (err) {
+            console.error('[PostgresPolicyStore] hydrate failed:', err.message);
+        }
+    }
+    getByWorkspaceId(workspaceId) {
+        return this.policies.get(workspaceId);
+    }
+    set(workspaceId, policy) {
+        this.policies.set(workspaceId, policy);
+        asyncQuery(this.pool, `INSERT INTO workspace_policies (workspace_id, policy) VALUES ($1, $2)
+       ON CONFLICT (workspace_id) DO UPDATE SET policy = EXCLUDED.policy`, [workspaceId, JSON.stringify(policy)]);
+    }
+    delete(workspaceId) {
+        const existed = this.policies.delete(workspaceId);
+        asyncQuery(this.pool, `DELETE FROM workspace_policies WHERE workspace_id = $1`, [workspaceId]);
+        return existed;
+    }
+    list() {
+        return new Map(this.policies);
+    }
+    clear() {
+        this.policies.clear();
+        asyncQuery(this.pool, `DELETE FROM workspace_policies`);
+    }
+}
+exports.PostgresPolicyStore = PostgresPolicyStore;
+// ---------------------------------------------------------------------------
+// Top-level initialisation
+// ---------------------------------------------------------------------------
+/**
+ * Creates all Postgres tables required by the storage backends.
+ * Call once at startup before using any Postgres store.
+ */
+async function initPostgresStorage(pool) {
+    await PostgresBudgetStore.createTables(pool);
+    await PostgresAuditStore.createTables(pool);
+    await PostgresApprovalStore.createTables(pool);
+    await PostgresIdempotencyStore.createTables(pool);
+    await PostgresRateLimitStore.createTables(pool);
+    // SaaS tables
+    await PostgresUserStore.createTables(pool);
+    await PostgresOAuthAccountStore.createTables(pool);
+    await PostgresWorkspaceStore.createTables(pool);
+    await PostgresWorkspaceMemberStore.createTables(pool);
+    await PostgresSessionStore.createTables(pool);
+    await PostgresUserApiKeyStore.createTables(pool);
+    await PostgresSubscriptionStore.createTables(pool);
+    // Per-workspace config tables
+    await PostgresRateLimitConfigStore.createTables(pool);
+    await PostgresBudgetConfigStore.createTables(pool);
+    await PostgresPolicyStore.createTables(pool);
+}
+/**
+ * Creates all Postgres store instances.
+ * Call initPostgresStorage() first to ensure tables exist.
+ */
+function createPostgresStores(pool) {
+    return {
+        budgetStore: new PostgresBudgetStore(pool),
+        auditStore: new PostgresAuditStore(pool),
+        approvalStore: new PostgresApprovalStore(pool),
+        idempotencyStore: new PostgresIdempotencyStore(pool),
+        rateLimitStore: new PostgresRateLimitStore(pool),
+    };
+}
+/**
+ * Creates SaaS-specific Postgres store instances.
+ * Call initPostgresStorage() first to ensure tables exist.
+ */
+function createPostgresSaaSStores(pool) {
+    return {
+        userStore: new PostgresUserStore(pool),
+        oauthAccountStore: new PostgresOAuthAccountStore(pool),
+        workspaceStore: new PostgresWorkspaceStore(pool),
+        workspaceMemberStore: new PostgresWorkspaceMemberStore(pool),
+        sessionStore: new PostgresSessionStore(pool),
+        userApiKeyStore: new PostgresUserApiKeyStore(pool),
+        subscriptionStore: new PostgresSubscriptionStore(pool),
+        rateLimitConfigStore: new PostgresRateLimitConfigStore(pool),
+        budgetConfigStore: new PostgresBudgetConfigStore(pool),
+        policyStore: new PostgresPolicyStore(pool),
+    };
+}
+//# sourceMappingURL=postgres.js.map