pocketbase-zod-schema 0.1.2

package/dist/migration/analyzer.js

@@ -0,0 +1,1232 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { z } from 'zod';
+
+// src/migration/analyzer.ts
+
+// src/migration/errors.ts
+var MigrationError = class _MigrationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "MigrationError";
+    Object.setPrototypeOf(this, _MigrationError.prototype);
+  }
+};
+var SchemaParsingError = class _SchemaParsingError extends MigrationError {
+  filePath;
+  originalError;
+  constructor(message, filePath, originalError) {
+    super(message);
+    this.name = "SchemaParsingError";
+    this.filePath = filePath;
+    this.originalError = originalError;
+    Object.setPrototypeOf(this, _SchemaParsingError.prototype);
+  }
+  /**
+   * Creates a formatted error message with file path and original error details
+   */
+  getDetailedMessage() {
+    const parts = [this.message];
+    if (this.filePath) {
+      parts.push(`
+File: ${this.filePath}`);
+    }
+    if (this.originalError) {
+      parts.push(`
+Cause: ${this.originalError.message}`);
+    }
+    return parts.join("");
+  }
+};
+var FileSystemError = class _FileSystemError extends MigrationError {
+  path;
+  operation;
+  code;
+  originalError;
+  constructor(message, path2, operation, code, originalError) {
+    super(message);
+    this.name = "FileSystemError";
+    this.path = path2;
+    this.operation = operation;
+    this.code = code;
+    this.originalError = originalError;
+    Object.setPrototypeOf(this, _FileSystemError.prototype);
+  }
+  /**
+   * Creates a formatted error message with path, operation, and error code details
+   */
+  getDetailedMessage() {
+    const parts = [this.message];
+    if (this.operation) {
+      parts.push(`
+Operation: ${this.operation}`);
+    }
+    if (this.path) {
+      parts.push(`
+Path: ${this.path}`);
+    }
+    if (this.code) {
+      parts.push(`
+Error Code: ${this.code}`);
+    }
+    if (this.originalError) {
+      parts.push(`
+Cause: ${this.originalError.message}`);
+    }
+    return parts.join("");
+  }
+};
+
+// src/schema/permission-templates.ts
+var PermissionTemplates = {
+  /**
+   * Public access - anyone can perform all operations
+   */
+  public: () => ({
+    listRule: "",
+    viewRule: "",
+    createRule: "",
+    updateRule: "",
+    deleteRule: ""
+  }),
+  /**
+   * Authenticated users only - requires valid authentication for all operations
+   */
+  authenticated: () => ({
+    listRule: '@request.auth.id != ""',
+    viewRule: '@request.auth.id != ""',
+    createRule: '@request.auth.id != ""',
+    updateRule: '@request.auth.id != ""',
+    deleteRule: '@request.auth.id != ""'
+  }),
+  /**
+   * Owner-only access - users can only manage their own records
+   * @param ownerField - Name of the relation field pointing to user (default: 'User')
+   */
+  ownerOnly: (ownerField = "User") => ({
+    listRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    viewRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    createRule: '@request.auth.id != ""',
+    updateRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    deleteRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`
+  }),
+  /**
+   * Admin/superuser only access
+   * Assumes a 'role' field exists with 'admin' value
+   * @param roleField - Name of the role field (default: 'role')
+   */
+  adminOnly: (roleField = "role") => ({
+    listRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    viewRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    createRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    updateRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    deleteRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`
+  }),
+  /**
+   * Public read, authenticated write
+   * Anyone can list/view, but only authenticated users can create/update/delete
+   */
+  readPublic: () => ({
+    listRule: "",
+    viewRule: "",
+    createRule: '@request.auth.id != ""',
+    updateRule: '@request.auth.id != ""',
+    deleteRule: '@request.auth.id != ""'
+  }),
+  /**
+   * Locked access - only superusers can perform operations
+   * All rules are set to null (locked)
+   */
+  locked: () => ({
+    listRule: null,
+    viewRule: null,
+    createRule: null,
+    updateRule: null,
+    deleteRule: null
+  }),
+  /**
+   * Read-only authenticated - authenticated users can read, no write access
+   */
+  readOnlyAuthenticated: () => ({
+    listRule: '@request.auth.id != ""',
+    viewRule: '@request.auth.id != ""',
+    createRule: null,
+    updateRule: null,
+    deleteRule: null
+  })
+};
+function resolveTemplate(config) {
+  let baseRules;
+  switch (config.template) {
+    case "public":
+      baseRules = PermissionTemplates.public();
+      break;
+    case "authenticated":
+      baseRules = PermissionTemplates.authenticated();
+      break;
+    case "owner-only":
+      baseRules = PermissionTemplates.ownerOnly(config.ownerField);
+      break;
+    case "admin-only":
+      baseRules = PermissionTemplates.adminOnly(config.roleField);
+      break;
+    case "read-public":
+      baseRules = PermissionTemplates.readPublic();
+      break;
+    case "custom":
+      baseRules = {};
+      break;
+    default: {
+      const _exhaustive = config.template;
+      throw new Error(`Unknown template type: ${_exhaustive}`);
+    }
+  }
+  return {
+    ...baseRules,
+    ...config.customRules
+  };
+}
+
+// src/migration/rule-validator.ts
+var RuleValidator = class {
+  fields;
+  collectionName;
+  isAuthCollection;
+  constructor(collectionName, fields, isAuthCollection2 = false) {
+    this.collectionName = collectionName;
+    this.fields = new Map(fields.map((f) => [f.name, f]));
+    this.isAuthCollection = isAuthCollection2;
+    this.addSystemFields();
+  }
+  /**
+   * Add system fields that are always available in PocketBase collections
+   * These fields are automatically added by PocketBase and can be referenced in rules
+   */
+  addSystemFields() {
+    const systemFields = [
+      { name: "id", type: "text", required: true, options: {} },
+      { name: "created", type: "date", required: true, options: {} },
+      { name: "updated", type: "date", required: true, options: {} },
+      { name: "collectionId", type: "text", required: true, options: {} },
+      { name: "collectionName", type: "text", required: true, options: {} }
+    ];
+    if (this.isAuthCollection) {
+      systemFields.push(
+        { name: "email", type: "email", required: true, options: {} },
+        { name: "emailVisibility", type: "bool", required: false, options: {} },
+        { name: "verified", type: "bool", required: false, options: {} },
+        { name: "tokenKey", type: "text", required: true, options: {} },
+        { name: "password", type: "text", required: true, options: {} }
+      );
+    }
+    for (const field of systemFields) {
+      if (!this.fields.has(field.name)) {
+        this.fields.set(field.name, field);
+      }
+    }
+  }
+  /**
+   * Validate a rule expression
+   *
+   * @param ruleType - The type of rule being validated
+   * @param expression - The rule expression to validate
+   * @returns Validation result with errors, warnings, and field references
+   */
+  validate(ruleType, expression) {
+    const result = {
+      valid: true,
+      errors: [],
+      warnings: [],
+      fieldReferences: []
+    };
+    if (expression === null) {
+      return result;
+    }
+    if (expression === "") {
+      result.warnings.push(`${ruleType} is public - anyone can perform this operation`);
+      return result;
+    }
+    if (ruleType === "manageRule" && !this.isAuthCollection) {
+      result.valid = false;
+      result.errors.push("manageRule is only valid for auth collections");
+      return result;
+    }
+    const fieldRefs = this.extractFieldReferences(expression);
+    result.fieldReferences = fieldRefs;
+    for (const fieldRef of fieldRefs) {
+      this.validateFieldReference(fieldRef, result);
+    }
+    this.validateRequestReferences(expression, result);
+    this.validateSyntax(expression, result);
+    return result;
+  }
+  /**
+   * Extract field references from expression
+   *
+   * Matches field names that are not @request references.
+   * Handles dot notation for relations: user.email, post.author.name
+   *
+   * @param expression - The rule expression
+   * @returns Array of unique field references
+   */
+  extractFieldReferences(expression) {
+    const refs = [];
+    let cleaned = expression.replace(/"[^"]*"/g, '""').replace(/'[^']*'/g, "''");
+    cleaned = cleaned.replace(/@request\.[a-zA-Z_][a-zA-Z0-9_.]*/g, "");
+    const fieldPattern = /(?:^|[^@\w])([a-zA-Z_][a-zA-Z0-9_]*(?:\.[a-zA-Z_][a-zA-Z0-9_]*)*)(?=[^a-zA-Z0-9_.]|$)/g;
+    let match;
+    while ((match = fieldPattern.exec(cleaned)) !== null) {
+      const ref = match[1];
+      if (!this.isKeyword(ref)) {
+        refs.push(ref);
+      }
+    }
+    return [...new Set(refs)];
+  }
+  /**
+   * Check if a word is a PocketBase keyword
+   *
+   * @param word - The word to check
+   * @returns True if the word is a keyword
+   */
+  isKeyword(word) {
+    const keywords = ["true", "false", "null", "AND", "OR", "NOT", "LIKE", "IN"];
+    return keywords.includes(word.toUpperCase());
+  }
+  /**
+   * Validate a field reference exists in schema
+   *
+   * Checks if the root field exists and validates relation chains.
+   * For nested references, warns about potential issues since we can't
+   * validate across collections without loading related schemas.
+   *
+   * @param fieldRef - The field reference to validate (e.g., "user" or "user.email")
+   * @param result - The validation result to update
+   */
+  validateFieldReference(fieldRef, result) {
+    const parts = fieldRef.split(".");
+    const rootField = parts[0];
+    if (!this.fields.has(rootField)) {
+      result.errors.push(`Field '${rootField}' does not exist in collection '${this.collectionName}'`);
+      result.valid = false;
+      return;
+    }
+    if (parts.length > 1) {
+      const field = this.fields.get(rootField);
+      if (field.type !== "relation") {
+        result.errors.push(`Field '${rootField}' is not a relation field, cannot access nested property '${parts[1]}'`);
+        result.valid = false;
+      } else {
+        result.warnings.push(
+          `Nested field reference '${fieldRef}' - ensure target collection has field '${parts.slice(1).join(".")}'`
+        );
+      }
+    }
+  }
+  /**
+   * Validate @request references
+   *
+   * Checks that @request references follow valid PocketBase patterns:
+   * - @request.auth.* - authenticated user data
+   * - @request.body.* - request body fields
+   * - @request.query.* - query parameters
+   * - @request.headers.* - request headers
+   * - @request.method - HTTP method
+   * - @request.context - execution context
+   *
+   * @param expression - The rule expression
+   * @param result - The validation result to update
+   */
+  validateRequestReferences(expression, result) {
+    const requestRefs = expression.match(/@request\.[a-zA-Z_][a-zA-Z0-9_.]*/g) || [];
+    for (const ref of requestRefs) {
+      const isValid = ref.startsWith("@request.auth.") || ref === "@request.method" || ref === "@request.context" || ref.startsWith("@request.body.") || ref.startsWith("@request.query.") || ref.startsWith("@request.headers.");
+      if (!isValid) {
+        result.errors.push(`Invalid @request reference: '${ref}'`);
+        result.valid = false;
+      }
+    }
+  }
+  /**
+   * Validate basic syntax patterns
+   *
+   * Checks for:
+   * - Balanced parentheses
+   * - Common operator mistakes (== instead of =)
+   *
+   * @param expression - The rule expression
+   * @param result - The validation result to update
+   */
+  validateSyntax(expression, result) {
+    let parenCount = 0;
+    for (const char of expression) {
+      if (char === "(") parenCount++;
+      if (char === ")") parenCount--;
+      if (parenCount < 0) {
+        result.errors.push("Unbalanced parentheses in expression");
+        result.valid = false;
+        return;
+      }
+    }
+    if (parenCount !== 0) {
+      result.errors.push("Unbalanced parentheses in expression");
+      result.valid = false;
+    }
+    if (expression.includes("==")) {
+      result.warnings.push("Use '=' instead of '==' for equality comparison in PocketBase rules");
+    }
+  }
+};
+
+// src/migration/permission-analyzer.ts
+var PermissionAnalyzer = class {
+  /**
+   * Extract permission metadata from Zod schema description
+   *
+   * Zod schemas can have permission metadata attached via the describe() method.
+   * This method parses the description and extracts the permission configuration.
+   *
+   * @param schemaDescription - The Zod schema description string
+   * @returns Permission schema if found, null otherwise
+   *
+   * @example
+   * ```typescript
+   * const analyzer = new PermissionAnalyzer();
+   * const permissions = analyzer.extractPermissions(schema.description);
+   * ```
+   */
+  extractPermissions(schemaDescription) {
+    if (!schemaDescription) {
+      return null;
+    }
+    try {
+      const metadata = JSON.parse(schemaDescription);
+      if (metadata.permissions) {
+        return metadata.permissions;
+      }
+    } catch {
+      return null;
+    }
+    return null;
+  }
+  /**
+   * Resolve template configuration to concrete rules
+   *
+   * Takes either a template configuration or a direct permission schema
+   * and returns a fully resolved permission schema with all rules defined.
+   *
+   * If the input is already a permission schema (has rule properties),
+   * it's returned as-is. Otherwise, the template is resolved using the
+   * template resolver.
+   *
+   * @param config - Template configuration or direct permission schema
+   * @returns Resolved permission schema
+   *
+   * @example
+   * ```typescript
+   * const analyzer = new PermissionAnalyzer();
+   *
+   * // Resolve from template
+   * const permissions = analyzer.resolvePermissions({
+   *   template: 'owner-only',
+   *   ownerField: 'User'
+   * });
+   *
+   * // Or pass direct schema
+   * const permissions = analyzer.resolvePermissions({
+   *   listRule: '@request.auth.id != ""',
+   *   viewRule: '@request.auth.id != ""'
+   * });
+   * ```
+   */
+  resolvePermissions(config) {
+    if ("listRule" in config || "viewRule" in config || "createRule" in config || "updateRule" in config || "deleteRule" in config || "manageRule" in config) {
+      return config;
+    }
+    return resolveTemplate(config);
+  }
+  /**
+   * Validate all rules in a permission schema
+   *
+   * Validates each rule in the permission schema against the collection's
+   * field definitions. Returns a map of validation results keyed by rule type.
+   *
+   * Only validates rules that are defined (not undefined). Undefined rules
+   * are treated as null (locked) by default.
+   *
+   * @param collectionName - Name of the collection being validated
+   * @param permissions - Permission schema to validate
+   * @param fields - Collection field definitions
+   * @param isAuthCollection - Whether this is an auth collection (allows manageRule)
+   * @returns Map of validation results by rule type
+   *
+   * @example
+   * ```typescript
+   * const analyzer = new PermissionAnalyzer();
+   * const results = analyzer.validatePermissions(
+   *   'posts',
+   *   { listRule: '@request.auth.id != ""', viewRule: 'author = @request.auth.id' },
+   *   fields,
+   *   false
+   * );
+   *
+   * for (const [ruleType, result] of results) {
+   *   if (!result.valid) {
+   *     console.error(`${ruleType} validation failed:`, result.errors);
+   *   }
+   * }
+   * ```
+   */
+  validatePermissions(collectionName, permissions, fields, isAuthCollection2 = false) {
+    const validator = new RuleValidator(collectionName, fields, isAuthCollection2);
+    const results = /* @__PURE__ */ new Map();
+    const ruleTypes = ["listRule", "viewRule", "createRule", "updateRule", "deleteRule"];
+    if (isAuthCollection2) {
+      ruleTypes.push("manageRule");
+    }
+    for (const ruleType of ruleTypes) {
+      const expression = permissions[ruleType];
+      if (expression !== void 0) {
+        results.set(ruleType, validator.validate(ruleType, expression));
+      }
+    }
+    return results;
+  }
+  /**
+   * Merge permissions with defaults
+   *
+   * Ensures all rule types have a defined value. Undefined rules are set
+   * to null (locked to superusers only), which is the PocketBase default.
+   *
+   * This is useful when generating migrations to ensure all rules are
+   * explicitly set in the collection configuration.
+   *
+   * @param permissions - Permission schema (may have undefined rules)
+   * @returns Permission schema with all rules defined (null if not specified)
+   *
+   * @example
+   * ```typescript
+   * const analyzer = new PermissionAnalyzer();
+   * const merged = analyzer.mergeWithDefaults({
+   *   listRule: '@request.auth.id != ""'
+   *   // other rules undefined
+   * });
+   *
+   * // Result:
+   * // {
+   * //   listRule: '@request.auth.id != ""',
+   * //   viewRule: null,
+   * //   createRule: null,
+   * //   updateRule: null,
+   * //   deleteRule: null,
+   * //   manageRule: null
+   * // }
+   * ```
+   */
+  mergeWithDefaults(permissions) {
+    return {
+      listRule: permissions.listRule ?? null,
+      viewRule: permissions.viewRule ?? null,
+      createRule: permissions.createRule ?? null,
+      updateRule: permissions.updateRule ?? null,
+      deleteRule: permissions.deleteRule ?? null,
+      manageRule: permissions.manageRule ?? null
+    };
+  }
+};
+
+// src/migration/utils/pluralize.ts
+var SPECIAL_CASES = {
+  // Common irregular plurals
+  person: "people",
+  Person: "People",
+  child: "children",
+  Child: "Children",
+  man: "men",
+  Man: "Men",
+  woman: "women",
+  Woman: "Women",
+  tooth: "teeth",
+  Tooth: "Teeth",
+  foot: "feet",
+  Foot: "Feet",
+  mouse: "mice",
+  Mouse: "Mice",
+  goose: "geese",
+  Goose: "Geese",
+  // Words ending in -y
+  category: "categories",
+  Category: "Categories",
+  company: "companies",
+  Company: "Companies",
+  city: "cities",
+  City: "Cities",
+  country: "countries",
+  Country: "Countries",
+  story: "stories",
+  Story: "Stories",
+  party: "parties",
+  Party: "Parties",
+  family: "families",
+  Family: "Families",
+  activity: "activities",
+  Activity: "Activities",
+  priority: "priorities",
+  Priority: "Priorities",
+  // Words ending in -f or -fe
+  life: "lives",
+  Life: "Lives",
+  wife: "wives",
+  Wife: "Wives",
+  knife: "knives",
+  Knife: "Knives",
+  leaf: "leaves",
+  Leaf: "Leaves",
+  shelf: "shelves",
+  Shelf: "Shelves",
+  half: "halves",
+  Half: "Halves",
+  // Words ending in -is
+  analysis: "analyses",
+  Analysis: "Analyses",
+  basis: "bases",
+  Basis: "Bases",
+  crisis: "crises",
+  Crisis: "Crises",
+  thesis: "theses",
+  Thesis: "Theses",
+  // Words ending in -us
+  cactus: "cacti",
+  Cactus: "Cacti",
+  focus: "foci",
+  Focus: "Foci",
+  fungus: "fungi",
+  Fungus: "Fungi",
+  nucleus: "nuclei",
+  Nucleus: "Nuclei",
+  radius: "radii",
+  Radius: "Radii",
+  // Words ending in -on
+  phenomenon: "phenomena",
+  Phenomenon: "Phenomena",
+  criterion: "criteria",
+  Criterion: "Criteria",
+  // Words ending in -um
+  datum: "data",
+  Datum: "Data",
+  medium: "media",
+  Medium: "Media",
+  curriculum: "curricula",
+  Curriculum: "Curricula",
+  // Unchanged plurals
+  sheep: "sheep",
+  Sheep: "Sheep",
+  deer: "deer",
+  Deer: "Deer",
+  fish: "fish",
+  Fish: "Fish",
+  species: "species",
+  Species: "Species",
+  series: "series",
+  Series: "Series"
+};
+function pluralize(singular) {
+  if (SPECIAL_CASES[singular]) {
+    return SPECIAL_CASES[singular];
+  }
+  if (singular.length > 3 && singular.endsWith("s") && !singular.endsWith("ss")) {
+    return singular;
+  }
+  const lowerSingular = singular.toLowerCase();
+  let plural;
+  if (/(?:s|ss|sh|ch|x|z)$/.test(lowerSingular)) {
+    plural = singular + "es";
+  } else if (/[^aeiou]y$/.test(lowerSingular)) {
+    plural = singular.slice(0, -1) + "ies";
+  } else if (/[^aeiou]o$/.test(lowerSingular)) {
+    plural = singular + "es";
+  } else if (/fe?$/.test(lowerSingular)) {
+    if (lowerSingular.endsWith("fe")) {
+      plural = singular.slice(0, -2) + "ves";
+    } else {
+      plural = singular.slice(0, -1) + "ves";
+    }
+  } else {
+    plural = singular + "s";
+  }
+  return plural;
+}
+function toCollectionName(entityName) {
+  return pluralize(entityName);
+}
+function isSingleRelationField(fieldName, zodType) {
+  let unwrappedType = zodType;
+  if (zodType instanceof z.ZodOptional) {
+    unwrappedType = zodType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodNullable) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodDefault) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (!(unwrappedType instanceof z.ZodString)) {
+    return false;
+  }
+  const startsWithUppercase = /^[A-Z]/.test(fieldName);
+  const commonStringFields = ["Title", "Name", "Description", "Content", "Summary", "Status", "Type"];
+  const isCommonField = commonStringFields.includes(fieldName);
+  return startsWithUppercase && !isCommonField;
+}
+function isMultipleRelationField(fieldName, zodType) {
+  let unwrappedType = zodType;
+  if (zodType instanceof z.ZodOptional) {
+    unwrappedType = zodType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodNullable) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodDefault) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (!(unwrappedType instanceof z.ZodArray)) {
+    return false;
+  }
+  const elementType = unwrappedType._def.type;
+  if (!(elementType instanceof z.ZodString)) {
+    return false;
+  }
+  const hasUppercase = /[A-Z]/.test(fieldName);
+  return hasUppercase;
+}
+function resolveTargetCollection(fieldName) {
+  const matches = fieldName.match(/[A-Z][a-z]+/g);
+  if (!matches || matches.length === 0) {
+    return pluralize(fieldName);
+  }
+  const entityName = matches[matches.length - 1];
+  return pluralize(entityName);
+}
+function isRelationField(fieldName, zodType) {
+  return isSingleRelationField(fieldName, zodType) || isMultipleRelationField(fieldName, zodType);
+}
+function getMaxSelect(fieldName, zodType) {
+  if (isSingleRelationField(fieldName, zodType)) {
+    return 1;
+  }
+  if (isMultipleRelationField(fieldName, zodType)) {
+    let unwrappedType = zodType;
+    if (zodType instanceof z.ZodOptional) {
+      unwrappedType = zodType._def.innerType;
+    }
+    if (unwrappedType instanceof z.ZodNullable) {
+      unwrappedType = unwrappedType._def.innerType;
+    }
+    if (unwrappedType instanceof z.ZodDefault) {
+      unwrappedType = unwrappedType._def.innerType;
+    }
+    if (unwrappedType instanceof z.ZodArray) {
+      const arrayDef = unwrappedType._def;
+      if (arrayDef.maxLength) {
+        return arrayDef.maxLength.value;
+      }
+      return 999;
+    }
+  }
+  return 1;
+}
+function getMinSelect(fieldName, zodType) {
+  if (!isMultipleRelationField(fieldName, zodType)) {
+    return void 0;
+  }
+  let unwrappedType = zodType;
+  if (zodType instanceof z.ZodOptional) {
+    unwrappedType = zodType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodNullable) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodDefault) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodArray) {
+    const arrayDef = unwrappedType._def;
+    if (arrayDef.minLength) {
+      return arrayDef.minLength.value;
+    }
+  }
+  return void 0;
+}
+function mapZodStringType(zodType) {
+  const checks = zodType._def.checks || [];
+  const hasEmail = checks.some((check) => check.kind === "email");
+  if (hasEmail) {
+    return "email";
+  }
+  const hasUrl = checks.some((check) => check.kind === "url");
+  if (hasUrl) {
+    return "url";
+  }
+  const hasDatetime = checks.some((check) => check.kind === "datetime");
+  if (hasDatetime) {
+    return "date";
+  }
+  return "text";
+}
+function mapZodNumberType(_zodType) {
+  return "number";
+}
+function mapZodBooleanType(_zodType) {
+  return "bool";
+}
+function mapZodEnumType(_zodType) {
+  return "select";
+}
+function mapZodArrayType(zodType, _fieldName) {
+  const elementType = zodType._def.type;
+  if (elementType instanceof z.ZodType) {
+    const typeName = elementType._def.typeName;
+    if (typeName === "ZodType" && elementType._def?.innerType?.name === "File") {
+      return "file";
+    }
+  }
+  if (elementType._def?.typeName === "ZodType") {
+    const checks = elementType._def?.checks || [];
+    const isFileInstance = checks.some(
+      (check) => check.kind === "instanceof" || elementType._def?.innerType?.name === "File"
+    );
+    if (isFileInstance) {
+      return "file";
+    }
+  }
+  if (elementType instanceof z.ZodString) {
+    return "relation";
+  }
+  return "json";
+}
+function mapZodDateType(_zodType) {
+  return "date";
+}
+function mapZodRecordType(_zodType) {
+  return "json";
+}
+function mapZodTypeToPocketBase(zodType, fieldName) {
+  let unwrappedType = zodType;
+  if (zodType instanceof z.ZodOptional) {
+    unwrappedType = zodType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodNullable) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodDefault) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType._def?.typeName === "ZodEffects") {
+    const effect = unwrappedType._def?.effect;
+    if (effect?.type === "refinement") {
+      const fileFieldNames = ["avatar", "image", "file", "attachment", "photo", "picture", "document", "upload"];
+      if (fileFieldNames.some((name) => fieldName.toLowerCase().includes(name))) {
+        return "file";
+      }
+    }
+  }
+  if (unwrappedType._def?.typeName === "ZodType") {
+    const checks = unwrappedType._def?.checks || [];
+    const innerType = unwrappedType._def?.innerType;
+    if (innerType?.name === "File" || checks.some((check) => check.kind === "instanceof")) {
+      return "file";
+    }
+  }
+  if (unwrappedType instanceof z.ZodString) {
+    return mapZodStringType(unwrappedType);
+  }
+  if (unwrappedType instanceof z.ZodNumber) {
+    return mapZodNumberType();
+  }
+  if (unwrappedType instanceof z.ZodBoolean) {
+    return mapZodBooleanType();
+  }
+  if (unwrappedType instanceof z.ZodEnum) {
+    return mapZodEnumType();
+  }
+  if (unwrappedType instanceof z.ZodArray) {
+    return mapZodArrayType(unwrappedType);
+  }
+  if (unwrappedType instanceof z.ZodDate) {
+    return mapZodDateType();
+  }
+  if (unwrappedType instanceof z.ZodRecord || unwrappedType instanceof z.ZodObject) {
+    return mapZodRecordType();
+  }
+  return "text";
+}
+function extractFieldOptions(zodType) {
+  const options = {};
+  let unwrappedType = zodType;
+  if (zodType instanceof z.ZodOptional) {
+    unwrappedType = zodType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodNullable) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  if (unwrappedType instanceof z.ZodDefault) {
+    unwrappedType = unwrappedType._def.innerType;
+  }
+  const checks = unwrappedType._def?.checks || [];
+  if (unwrappedType instanceof z.ZodString) {
+    for (const check of checks) {
+      if (check.kind === "min") {
+        options.min = check.value;
+      }
+      if (check.kind === "max") {
+        options.max = check.value;
+      }
+      if (check.kind === "regex") {
+        options.pattern = check.regex.source;
+      }
+    }
+  }
+  if (unwrappedType instanceof z.ZodNumber) {
+    for (const check of checks) {
+      if (check.kind === "min") {
+        options.min = check.value;
+      }
+      if (check.kind === "max") {
+        options.max = check.value;
+      }
+    }
+  }
+  if (unwrappedType instanceof z.ZodEnum) {
+    options.values = unwrappedType._def.values;
+  }
+  if (unwrappedType instanceof z.ZodArray) {
+    const arrayChecks = unwrappedType._def?.checks || [];
+    for (const check of arrayChecks) {
+      if (check.kind === "min") {
+        options.minSelect = check.value;
+      }
+      if (check.kind === "max") {
+        options.maxSelect = check.value;
+      }
+    }
+  }
+  return options;
+}
+function isFieldRequired(zodType) {
+  if (zodType instanceof z.ZodOptional) {
+    return false;
+  }
+  if (zodType instanceof z.ZodDefault) {
+    return false;
+  }
+  if (zodType instanceof z.ZodNullable) {
+    return false;
+  }
+  return true;
+}
+
+// src/migration/analyzer.ts
+var DEFAULT_CONFIG = {
+  workspaceRoot: process.cwd(),
+  excludePatterns: [
+    "base.ts",
+    "index.ts",
+    "permissions.ts",
+    "permission-templates.ts",
+    "base.js",
+    "index.js",
+    "permissions.js",
+    "permission-templates.js"
+  ],
+  includeExtensions: [".ts", ".js"],
+  schemaPatterns: ["Schema", "InputSchema"],
+  useCompiledFiles: true
+};
+function mergeConfig(config) {
+  return {
+    ...DEFAULT_CONFIG,
+    ...config,
+    excludePatterns: config.excludePatterns || DEFAULT_CONFIG.excludePatterns,
+    includeExtensions: config.includeExtensions || DEFAULT_CONFIG.includeExtensions,
+    schemaPatterns: config.schemaPatterns || DEFAULT_CONFIG.schemaPatterns
+  };
+}
+function resolveSchemaDir(config) {
+  const workspaceRoot = config.workspaceRoot || process.cwd();
+  if (path.isAbsolute(config.schemaDir)) {
+    return config.schemaDir;
+  }
+  return path.join(workspaceRoot, config.schemaDir);
+}
+function discoverSchemaFiles(config) {
+  const normalizedConfig = typeof config === "string" ? { schemaDir: config } : config;
+  const mergedConfig = mergeConfig(normalizedConfig);
+  const schemaDir = resolveSchemaDir(normalizedConfig);
+  try {
+    if (!fs.existsSync(schemaDir)) {
+      throw new FileSystemError(`Schema directory not found: ${schemaDir}`, schemaDir, "access", "ENOENT");
+    }
+    const files = fs.readdirSync(schemaDir);
+    const schemaFiles = files.filter((file) => {
+      const hasValidExtension = mergedConfig.includeExtensions.some((ext) => file.endsWith(ext));
+      if (!hasValidExtension) return false;
+      const isExcluded = mergedConfig.excludePatterns.some((pattern) => {
+        if (pattern.includes("*")) {
+          const regex = new RegExp("^" + pattern.replace(/\*/g, ".*") + "$");
+          return regex.test(file);
+        }
+        return file === pattern;
+      });
+      if (isExcluded) return false;
+      return true;
+    });
+    return schemaFiles.map((file) => {
+      const ext = mergedConfig.includeExtensions.find((ext2) => file.endsWith(ext2)) || ".ts";
+      return path.join(schemaDir, file.replace(new RegExp(`\\${ext}$`), ""));
+    });
+  } catch (error) {
+    if (error instanceof FileSystemError) {
+      throw error;
+    }
+    const fsError = error;
+    if (fsError.code === "EACCES" || fsError.code === "EPERM") {
+      throw new FileSystemError(
+        `Permission denied reading schema directory: ${schemaDir}`,
+        schemaDir,
+        "read",
+        fsError.code,
+        error
+      );
+    }
+    throw new FileSystemError(
+      `Failed to read schema directory: ${schemaDir}`,
+      schemaDir,
+      "read",
+      fsError.code,
+      error
+    );
+  }
+}
+async function importSchemaModule(filePath, config) {
+  try {
+    let importPath = filePath;
+    if (config?.pathTransformer) {
+      importPath = config.pathTransformer(filePath);
+    }
+    if (!importPath.endsWith(".js")) {
+      importPath = `${importPath}.js`;
+    }
+    const fileUrl = new URL(`file://${path.resolve(importPath)}`);
+    const module = await import(fileUrl.href);
+    return module;
+  } catch (error) {
+    throw new SchemaParsingError(
+      `Failed to import schema module. Make sure the schema files are compiled to JavaScript.`,
+      filePath,
+      error
+    );
+  }
+}
+function getCollectionNameFromFile(filePath) {
+  const filename = path.basename(filePath).replace(/\.(ts|js)$/, "");
+  return toCollectionName(filename);
+}
+function extractSchemaDefinitions(module, patterns = ["Schema", "InputSchema"]) {
+  const result = {};
+  for (const [key, value] of Object.entries(module)) {
+    if (value instanceof z.ZodObject) {
+      if (patterns.includes("InputSchema") && key.endsWith("InputSchema")) {
+        result.inputSchema = value;
+      } else if (patterns.includes("Schema") && key.endsWith("Schema") && !key.endsWith("InputSchema")) {
+        result.schema = value;
+      }
+    }
+  }
+  return result;
+}
+function selectSchemaForCollection(schemas) {
+  if (schemas.schema) {
+    return schemas.schema;
+  }
+  if (schemas.inputSchema) {
+    return schemas.inputSchema;
+  }
+  return null;
+}
+function extractFieldDefinitions(zodSchema, excludeFields) {
+  const shape = zodSchema.shape;
+  const fields = [];
+  const baseFields = ["id", "collectionId", "collectionName", "created", "updated", "expand"];
+  const defaultExcludeFields = ["thumbnailURL", "imageFiles"];
+  const allExclusions = /* @__PURE__ */ new Set([...baseFields, ...defaultExcludeFields, ...excludeFields || []]);
+  for (const [fieldName, zodType] of Object.entries(shape)) {
+    if (!allExclusions.has(fieldName)) {
+      fields.push({ name: fieldName, zodType });
+    }
+  }
+  return fields;
+}
+function isAuthCollection(fields) {
+  const fieldNames = fields.map((f) => f.name.toLowerCase());
+  const hasEmail = fieldNames.includes("email");
+  const hasPassword = fieldNames.includes("password");
+  return hasEmail && hasPassword;
+}
+function buildFieldDefinition(fieldName, zodType) {
+  const fieldType = mapZodTypeToPocketBase(zodType, fieldName);
+  const required = isFieldRequired(zodType);
+  const options = extractFieldOptions(zodType);
+  const fieldDef = {
+    name: fieldName,
+    type: fieldType,
+    required,
+    options
+  };
+  if (isRelationField(fieldName, zodType)) {
+    fieldDef.type = "relation";
+    const targetCollection = resolveTargetCollection(fieldName);
+    const maxSelect = getMaxSelect(fieldName, zodType);
+    const minSelect = getMinSelect(fieldName, zodType);
+    fieldDef.relation = {
+      collection: targetCollection,
+      maxSelect,
+      minSelect,
+      cascadeDelete: false
+      // Default to false, can be configured later
+    };
+  }
+  return fieldDef;
+}
+function extractIndexes(schema) {
+  const schemaDescription = schema.description;
+  if (!schemaDescription) {
+    return void 0;
+  }
+  try {
+    const metadata = JSON.parse(schemaDescription);
+    if (metadata.indexes && Array.isArray(metadata.indexes)) {
+      return metadata.indexes;
+    }
+  } catch {
+  }
+  return void 0;
+}
+function convertZodSchemaToCollectionSchema(collectionName, zodSchema) {
+  const rawFields = extractFieldDefinitions(zodSchema);
+  const collectionType = isAuthCollection(rawFields) ? "auth" : "base";
+  const fields = rawFields.map(({ name, zodType }) => buildFieldDefinition(name, zodType));
+  const indexes = extractIndexes(zodSchema) || [];
+  const permissionAnalyzer = new PermissionAnalyzer();
+  let permissions = void 0;
+  const schemaDescription = zodSchema.description;
+  const extractedPermissions = permissionAnalyzer.extractPermissions(schemaDescription);
+  if (extractedPermissions) {
+    const resolvedPermissions = permissionAnalyzer.resolvePermissions(extractedPermissions);
+    const validationResults = permissionAnalyzer.validatePermissions(
+      collectionName,
+      resolvedPermissions,
+      fields,
+      collectionType === "auth"
+    );
+    for (const [ruleType, result] of validationResults) {
+      if (!result.valid) {
+        console.error(`[${collectionName}] Permission validation failed for ${ruleType}:`);
+        result.errors.forEach((error) => console.error(`  - ${error}`));
+      }
+      if (result.warnings.length > 0) {
+        console.warn(`[${collectionName}] Permission warnings for ${ruleType}:`);
+        result.warnings.forEach((warning) => console.warn(`  - ${warning}`));
+      }
+    }
+    permissions = permissionAnalyzer.mergeWithDefaults(resolvedPermissions);
+  }
+  const collectionSchema = {
+    name: collectionName,
+    type: collectionType,
+    fields,
+    indexes,
+    rules: {
+      listRule: null,
+      viewRule: null,
+      createRule: null,
+      updateRule: null,
+      deleteRule: null
+    },
+    permissions
+  };
+  return collectionSchema;
+}
+async function buildSchemaDefinition(config) {
+  const normalizedConfig = typeof config === "string" ? { schemaDir: config } : config;
+  const mergedConfig = mergeConfig(normalizedConfig);
+  const collections = /* @__PURE__ */ new Map();
+  const schemaFiles = discoverSchemaFiles(normalizedConfig);
+  if (schemaFiles.length === 0) {
+    const schemaDir = resolveSchemaDir(normalizedConfig);
+    throw new SchemaParsingError(
+      `No schema files found in ${schemaDir}. Make sure you have schema files in the directory.`,
+      schemaDir
+    );
+  }
+  for (const filePath of schemaFiles) {
+    try {
+      let importPath = filePath;
+      if (normalizedConfig.pathTransformer) {
+        importPath = normalizedConfig.pathTransformer(filePath);
+      } else if (mergedConfig.useCompiledFiles) {
+        importPath = filePath.replace(/\/src\//, "/dist/");
+      }
+      const module = await importSchemaModule(importPath, normalizedConfig);
+      const schemas = extractSchemaDefinitions(module, mergedConfig.schemaPatterns);
+      const zodSchema = selectSchemaForCollection(schemas);
+      if (!zodSchema) {
+        console.warn(`No valid schema found in ${filePath}, skipping...`);
+        continue;
+      }
+      const collectionName = getCollectionNameFromFile(filePath);
+      const collectionSchema = convertZodSchemaToCollectionSchema(collectionName, zodSchema);
+      collections.set(collectionName, collectionSchema);
+    } catch (error) {
+      if (error instanceof SchemaParsingError) {
+        throw error;
+      }
+      throw new SchemaParsingError(
+        `Error processing schema file: ${error instanceof Error ? error.message : String(error)}`,
+        filePath,
+        error
+      );
+    }
+  }
+  return { collections };
+}
+async function parseSchemaFiles(config) {
+  return buildSchemaDefinition(config);
+}
+var SchemaAnalyzer = class {
+  config;
+  constructor(config) {
+    this.config = mergeConfig(config);
+  }
+  /**
+   * Discovers schema files in the configured directory
+   */
+  discoverSchemaFiles() {
+    return discoverSchemaFiles(this.config);
+  }
+  /**
+   * Parses all schema files and returns a SchemaDefinition
+   */
+  async parseSchemaFiles() {
+    return buildSchemaDefinition(this.config);
+  }
+  /**
+   * Converts a single Zod schema to a CollectionSchema
+   */
+  convertZodSchemaToCollectionSchema(name, schema) {
+    return convertZodSchemaToCollectionSchema(name, schema);
+  }
+};
+
+export { SchemaAnalyzer, buildFieldDefinition, buildSchemaDefinition, convertZodSchemaToCollectionSchema, discoverSchemaFiles, extractFieldDefinitions, extractIndexes, extractSchemaDefinitions, getCollectionNameFromFile, importSchemaModule, isAuthCollection, parseSchemaFiles, selectSchemaForCollection };
+//# sourceMappingURL=analyzer.js.map
+//# sourceMappingURL=analyzer.js.map