pocketbase-zod-schema 0.1.2

package/dist/schema.js

@@ -0,0 +1,396 @@
+import { z } from 'zod';
+
+// src/schema/base.ts
+var baseSchema = {
+  id: z.string().describe("unique id"),
+  collectionId: z.string().describe("collection id"),
+  collectionName: z.string().describe("collection name"),
+  expand: z.record(z.any()).describe("expandable fields")
+};
+var baseSchemaWithTimestamps = {
+  ...baseSchema,
+  created: z.string().describe("creation timestamp"),
+  updated: z.string().describe("last update timestamp")
+};
+var baseImageFileSchema = {
+  ...baseSchema,
+  thumbnailURL: z.string().optional(),
+  imageFiles: z.array(z.string())
+};
+var inputImageFileSchema = {
+  imageFiles: z.array(z.instanceof(File))
+};
+var omitImageFilesSchema = {
+  imageFiles: true
+};
+function textField(options) {
+  let schema = z.string();
+  if (options?.min !== void 0) schema = schema.min(options.min);
+  if (options?.max !== void 0) schema = schema.max(options.max);
+  if (options?.pattern !== void 0) schema = schema.regex(options.pattern);
+  return schema;
+}
+function emailField() {
+  return z.string().email();
+}
+function urlField() {
+  return z.string().url();
+}
+function numberField(options) {
+  let schema = z.number();
+  if (options?.min !== void 0) schema = schema.min(options.min);
+  if (options?.max !== void 0) schema = schema.max(options.max);
+  return schema;
+}
+function boolField() {
+  return z.boolean();
+}
+function dateField() {
+  return z.date();
+}
+function selectField(values) {
+  return z.enum(values);
+}
+function jsonField(schema) {
+  return schema ?? z.record(z.any());
+}
+function fileField() {
+  return z.instanceof(File);
+}
+function filesField(options) {
+  let schema = z.array(z.instanceof(File));
+  if (options?.min !== void 0) schema = schema.min(options.min);
+  if (options?.max !== void 0) schema = schema.max(options.max);
+  return schema;
+}
+function relationField() {
+  return z.string();
+}
+function relationsField(options) {
+  let schema = z.array(z.string());
+  if (options?.min !== void 0) schema = schema.min(options.min);
+  if (options?.max !== void 0) schema = schema.max(options.max);
+  return schema;
+}
+function editorField() {
+  return z.string();
+}
+function geoPointField() {
+  return z.object({
+    lon: z.number(),
+    lat: z.number()
+  });
+}
+function withPermissions(schema, config) {
+  const metadata = {
+    permissions: config
+  };
+  return schema.describe(JSON.stringify(metadata));
+}
+function withIndexes(schema, indexes) {
+  let existingMetadata = {};
+  if (schema.description) {
+    try {
+      existingMetadata = JSON.parse(schema.description);
+    } catch {
+    }
+  }
+  const metadata = {
+    ...existingMetadata,
+    indexes
+  };
+  return schema.describe(JSON.stringify(metadata));
+}
+
+// src/schema/permission-templates.ts
+var PermissionTemplates = {
+  /**
+   * Public access - anyone can perform all operations
+   */
+  public: () => ({
+    listRule: "",
+    viewRule: "",
+    createRule: "",
+    updateRule: "",
+    deleteRule: ""
+  }),
+  /**
+   * Authenticated users only - requires valid authentication for all operations
+   */
+  authenticated: () => ({
+    listRule: '@request.auth.id != ""',
+    viewRule: '@request.auth.id != ""',
+    createRule: '@request.auth.id != ""',
+    updateRule: '@request.auth.id != ""',
+    deleteRule: '@request.auth.id != ""'
+  }),
+  /**
+   * Owner-only access - users can only manage their own records
+   * @param ownerField - Name of the relation field pointing to user (default: 'User')
+   */
+  ownerOnly: (ownerField = "User") => ({
+    listRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    viewRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    createRule: '@request.auth.id != ""',
+    updateRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`,
+    deleteRule: `@request.auth.id != "" && ${ownerField} = @request.auth.id`
+  }),
+  /**
+   * Admin/superuser only access
+   * Assumes a 'role' field exists with 'admin' value
+   * @param roleField - Name of the role field (default: 'role')
+   */
+  adminOnly: (roleField = "role") => ({
+    listRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    viewRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    createRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    updateRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`,
+    deleteRule: `@request.auth.id != "" && @request.auth.${roleField} = "admin"`
+  }),
+  /**
+   * Public read, authenticated write
+   * Anyone can list/view, but only authenticated users can create/update/delete
+   */
+  readPublic: () => ({
+    listRule: "",
+    viewRule: "",
+    createRule: '@request.auth.id != ""',
+    updateRule: '@request.auth.id != ""',
+    deleteRule: '@request.auth.id != ""'
+  }),
+  /**
+   * Locked access - only superusers can perform operations
+   * All rules are set to null (locked)
+   */
+  locked: () => ({
+    listRule: null,
+    viewRule: null,
+    createRule: null,
+    updateRule: null,
+    deleteRule: null
+  }),
+  /**
+   * Read-only authenticated - authenticated users can read, no write access
+   */
+  readOnlyAuthenticated: () => ({
+    listRule: '@request.auth.id != ""',
+    viewRule: '@request.auth.id != ""',
+    createRule: null,
+    updateRule: null,
+    deleteRule: null
+  })
+};
+function resolveTemplate(config) {
+  let baseRules;
+  switch (config.template) {
+    case "public":
+      baseRules = PermissionTemplates.public();
+      break;
+    case "authenticated":
+      baseRules = PermissionTemplates.authenticated();
+      break;
+    case "owner-only":
+      baseRules = PermissionTemplates.ownerOnly(config.ownerField);
+      break;
+    case "admin-only":
+      baseRules = PermissionTemplates.adminOnly(config.roleField);
+      break;
+    case "read-public":
+      baseRules = PermissionTemplates.readPublic();
+      break;
+    case "custom":
+      baseRules = {};
+      break;
+    default: {
+      const _exhaustive = config.template;
+      throw new Error(`Unknown template type: ${_exhaustive}`);
+    }
+  }
+  return {
+    ...baseRules,
+    ...config.customRules
+  };
+}
+function isTemplateConfig(config) {
+  return "template" in config;
+}
+function isPermissionSchema(config) {
+  return "listRule" in config || "viewRule" in config || "createRule" in config || "updateRule" in config || "deleteRule" in config || "manageRule" in config;
+}
+function validatePermissionConfig(config, isAuthCollection = false) {
+  const result = {
+    valid: true,
+    errors: [],
+    warnings: []
+  };
+  let permissions;
+  if (isTemplateConfig(config)) {
+    if (config.template === "owner-only" && !config.ownerField) {
+      result.warnings.push("owner-only template without ownerField specified - using default 'User'");
+    }
+    if (config.template === "admin-only" && !config.roleField) {
+      result.warnings.push("admin-only template without roleField specified - using default 'role'");
+    }
+    permissions = resolveTemplate(config);
+  } else {
+    permissions = config;
+  }
+  if (permissions.manageRule !== void 0 && !isAuthCollection) {
+    result.errors.push("manageRule is only valid for auth collections");
+    result.valid = false;
+  }
+  const ruleTypes = ["listRule", "viewRule", "createRule", "updateRule", "deleteRule"];
+  if (isAuthCollection) {
+    ruleTypes.push("manageRule");
+  }
+  for (const ruleType of ruleTypes) {
+    const rule = permissions[ruleType];
+    if (rule !== void 0 && rule !== null && rule !== "") {
+      const ruleValidation = validateRuleExpression(rule);
+      if (!ruleValidation.valid) {
+        result.errors.push(`${ruleType}: ${ruleValidation.errors.join(", ")}`);
+        result.valid = false;
+      }
+      result.warnings.push(...ruleValidation.warnings.map((w) => `${ruleType}: ${w}`));
+    }
+  }
+  return result;
+}
+function validateRuleExpression(expression) {
+  const result = {
+    valid: true,
+    errors: [],
+    warnings: []
+  };
+  if (expression === null || expression === "") {
+    return result;
+  }
+  let parenCount = 0;
+  for (const char of expression) {
+    if (char === "(") parenCount++;
+    if (char === ")") parenCount--;
+    if (parenCount < 0) {
+      result.errors.push("Unbalanced parentheses");
+      result.valid = false;
+      return result;
+    }
+  }
+  if (parenCount !== 0) {
+    result.errors.push("Unbalanced parentheses");
+    result.valid = false;
+  }
+  if (expression.includes("==")) {
+    result.warnings.push("Use '=' instead of '==' for equality comparison");
+  }
+  const requestRefs = expression.match(/@request\.[a-zA-Z_][a-zA-Z0-9_.]*/g) || [];
+  for (const ref of requestRefs) {
+    const isValid = ref.startsWith("@request.auth.") || ref === "@request.method" || ref === "@request.context" || ref.startsWith("@request.body.") || ref.startsWith("@request.query.") || ref.startsWith("@request.headers.");
+    if (!isValid) {
+      result.errors.push(`Invalid @request reference: '${ref}'`);
+      result.valid = false;
+    }
+  }
+  return result;
+}
+function createPermissions(permissions) {
+  return {
+    listRule: permissions.listRule ?? null,
+    viewRule: permissions.viewRule ?? null,
+    createRule: permissions.createRule ?? null,
+    updateRule: permissions.updateRule ?? null,
+    deleteRule: permissions.deleteRule ?? null,
+    manageRule: permissions.manageRule ?? null
+  };
+}
+function mergePermissions(...schemas) {
+  const merged = {
+    listRule: null,
+    viewRule: null,
+    createRule: null,
+    updateRule: null,
+    deleteRule: null,
+    manageRule: null
+  };
+  for (const schema of schemas) {
+    if (schema.listRule !== void 0) merged.listRule = schema.listRule;
+    if (schema.viewRule !== void 0) merged.viewRule = schema.viewRule;
+    if (schema.createRule !== void 0) merged.createRule = schema.createRule;
+    if (schema.updateRule !== void 0) merged.updateRule = schema.updateRule;
+    if (schema.deleteRule !== void 0) merged.deleteRule = schema.deleteRule;
+    if (schema.manageRule !== void 0) merged.manageRule = schema.manageRule;
+  }
+  return merged;
+}
+var StatusEnum = z.enum([
+  "draft",
+  // Initial proposal stage (RequestDraft, ProjectDraft)
+  "active",
+  // Work in progress
+  "complete",
+  // Fully completed project
+  "fail"
+  // Failed project at any stage
+]);
+
+// src/schema/project.ts
+var ProjectInputSchema = z.object({
+  // Required fields
+  title: z.string(),
+  content: z.string(),
+  status: StatusEnum,
+  summary: z.string().optional(),
+  User: z.string().nonempty("User ID is missing"),
+  SubscriberUsers: z.array(z.string())
+}).extend(inputImageFileSchema);
+var ProjectSchema = withPermissions(
+  ProjectInputSchema.omit(omitImageFilesSchema).extend(baseImageFileSchema),
+  {
+    template: "owner-only",
+    ownerField: "User",
+    customRules: {
+      // Override list rule to allow authenticated users to see all projects
+      listRule: '@request.auth.id != ""',
+      // Allow viewing if user is owner OR a subscriber
+      viewRule: '@request.auth.id != "" && (User = @request.auth.id || SubscriberUsers ?= @request.auth.id)'
+    }
+  }
+);
+var UserInputSchema = z.object({
+  name: z.string().min(2, "Name must be longer").optional(),
+  email: z.string().email(),
+  password: z.string().min(8, "Password must be at least 8 characters"),
+  passwordConfirm: z.string(),
+  avatar: z.instanceof(File).optional()
+});
+var UserDatabaseSchema = z.object({
+  name: z.string().min(2, "Name must be longer").optional(),
+  email: z.string().email(),
+  password: z.string().min(8, "Password must be at least 8 characters"),
+  avatar: z.instanceof(File).optional()
+});
+var UserSchema = withIndexes(
+  withPermissions(UserDatabaseSchema.extend(baseSchema), {
+    // Users can list other users (for mentions, user search, etc.)
+    listRule: "id = @request.auth.id",
+    // Users can view their own profile
+    viewRule: "id = @request.auth.id",
+    // Anyone can create an account (sign up)
+    createRule: "",
+    // Users can only update their own profile
+    updateRule: "id = @request.auth.id",
+    // Users can only delete their own account
+    deleteRule: "id = @request.auth.id",
+    // Users can only manage their own account (change email, password, etc.)
+    manageRule: "id = @request.auth.id"
+  }),
+  [
+    // Email should be unique for authentication
+    "CREATE UNIQUE INDEX idx_users_email ON users (email)",
+    // Index on name for user search and sorting
+    "CREATE INDEX idx_users_name ON users (name)"
+  ]
+);
+
+export { PermissionTemplates, ProjectInputSchema, ProjectSchema, UserInputSchema, UserSchema, baseImageFileSchema, baseSchema, baseSchemaWithTimestamps, boolField, createPermissions, dateField, editorField, emailField, fileField, filesField, geoPointField, inputImageFileSchema, isPermissionSchema, isTemplateConfig, jsonField, mergePermissions, numberField, omitImageFilesSchema, relationField, relationsField, resolveTemplate, selectField, textField, urlField, validatePermissionConfig, validateRuleExpression, withIndexes, withPermissions };
+//# sourceMappingURL=schema.js.map
+//# sourceMappingURL=schema.js.map

package/dist/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/schema/base.ts","../src/schema/permission-templates.ts","../src/enums.ts","../src/schema/project.ts","../src/schema/user.ts"],"names":["z"],"mappings":";;;AAOO,IAAM,UAAA,GAAa;AAAA,EACxB,EAAA,EAAI,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,WAAW,CAAA;AAAA,EACnC,YAAA,EAAc,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,eAAe,CAAA;AAAA,EACjD,cAAA,EAAgB,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,iBAAiB,CAAA;AAAA,EACrD,MAAA,EAAQ,EAAE,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA,CAAE,SAAS,mBAAmB;AACxD;AAMO,IAAM,wBAAA,GAA2B;AAAA,EACtC,GAAG,UAAA;AAAA,EACH,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,oBAAoB,CAAA;AAAA,EACjD,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,uBAAuB;AACtD;AAMO,IAAM,mBAAA,GAAsB;AAAA,EACjC,GAAG,UAAA;AAAA,EACH,YAAA,EAAc,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,UAAA,EAAY,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAQ;AAChC;AAOO,IAAM,oBAAA,GAAuB;AAAA,EAClC,YAAY,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,UAAA,CAAW,IAAI,CAAC;AACxC;AAMO,IAAM,oBAAA,GAAuB;AAAA,EAClC,UAAA,EAAY;AACd;AAUO,SAAS,UAAU,OAAA,EAA4D;AACpF,EAAA,IAAI,MAAA,GAAS,EAAE,MAAA,EAAO;AACtB,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAS,OAAA,KAAY,MAAA,WAAoB,MAAA,CAAO,KAAA,CAAM,QAAQ,OAAO,CAAA;AACzE,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,UAAA,GAAa;AAC3B,EAAA,OAAO,CAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAM;AAC1B;AAMO,SAAS,QAAA,GAAW;AACzB,EAAA,OAAO,CAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI;AACxB;AAMO,SAAS,YAAY,OAAA,EAA0C;AACpE,EAAA,IAAI,MAAA,GAAS,EAAE,MAAA,EAAO;AACtB,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,SAAA,GAAY;AAC1B,EAAA,OAAO,EAAE,OAAA,EAAQ;AACnB;AAMO,SAAS,SAAA,GAAY;AAC1B,EAAA,OAAO,EAAE,IAAA,EAAK;AAChB;AAOO,SAAS,YAA6C,MAAA,EAAW;AACtE,EAAA,OAAO,CAAA,CAAE,KAAK,MAAM,CAAA;AACtB;AAOO,SAAS,UAAkC,MAAA,EAAY;AAC5D,EAAA,OAAO,MAAA,IAAU,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AACnC;AAOO,SAAS,SAAA,GAAY;AAC1B,EAAA,OAAO,CAAA,CAAE,WAAW,IAAI,CAAA;AAC1B;AAQO,SAAS,WAAW,OAAA,EAA0C;AACnE,EAAA,IAAI,SAAS,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,UAAA,CAAW,IAAI,CAAC,CAAA;AACvC,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,aAAA,GAAgB;AAC9B,EAAA,OAAO,EAAE,MAAA,EAAO;AAClB;AAQO,SAAS,eAAe,OAAA,EAA0C;AACvE,EAAA,IAAI,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA;AAC/B,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAS,GAAA,KAAQ,MAAA,WAAoB,MAAA,CAAO,GAAA,CAAI,QAAQ,GAAG,CAAA;AAC/D,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,WAAA,GAAc;AAC5B,EAAA,OAAO,EAAE,MAAA,EAAO;AAClB;AAMO,SAAS,aAAA,GAAgB;AAC9B,EAAA,OAAO,EAAE,MAAA,CAAO;AAAA,IACd,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,IACd,GAAA,EAAK,EAAE,MAAA;AAAO,GACf,CAAA;AACH;AAuCO,SAAS,eAAA,CACd,QACA,MAAA,EACG;AAGH,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,WAAA,EAAa;AAAA,GACf;AAIA,EAAA,OAAO,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AACjD;AAiCO,SAAS,WAAA,CAAoC,QAAW,OAAA,EAAsB;AAEnF,EAAA,IAAI,mBAAwB,EAAC;AAE7B,EAAA,IAAI,OAAO,WAAA,EAAa;AACtB,IAAA,IAAI;AACF,MAAA,gBAAA,GAAmB,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,WAAW,CAAA;AAAA,IAClD,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,GAAG,gBAAA;AAAA,IACH;AAAA,GACF;AAGA,EAAA,OAAO,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AACjD;;;ACjSO,IAAM,mBAAA,GAAsB;AAAA;AAAA;AAAA;AAAA,EAIjC,QAAQ,OAAyB;AAAA,IAC/B,QAAA,EAAU,EAAA;AAAA,IACV,QAAA,EAAU,EAAA;AAAA,IACV,UAAA,EAAY,EAAA;AAAA,IACZ,UAAA,EAAY,EAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd,CAAA;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,OAAyB;AAAA,IACtC,QAAA,EAAU,wBAAA;AAAA,IACV,QAAA,EAAU,wBAAA;AAAA,IACV,UAAA,EAAY,wBAAA;AAAA,IACZ,UAAA,EAAY,wBAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SAAA,EAAW,CAAC,UAAA,GAAqB,MAAA,MAA8B;AAAA,IAC7D,QAAA,EAAU,6BAA6B,UAAU,CAAA,mBAAA,CAAA;AAAA,IACjD,QAAA,EAAU,6BAA6B,UAAU,CAAA,mBAAA,CAAA;AAAA,IACjD,UAAA,EAAY,wBAAA;AAAA,IACZ,UAAA,EAAY,6BAA6B,UAAU,CAAA,mBAAA,CAAA;AAAA,IACnD,UAAA,EAAY,6BAA6B,UAAU,CAAA,mBAAA;AAAA,GACrD,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAA,EAAW,CAAC,SAAA,GAAoB,MAAA,MAA8B;AAAA,IAC5D,QAAA,EAAU,2CAA2C,SAAS,CAAA,UAAA,CAAA;AAAA,IAC9D,QAAA,EAAU,2CAA2C,SAAS,CAAA,UAAA,CAAA;AAAA,IAC9D,UAAA,EAAY,2CAA2C,SAAS,CAAA,UAAA,CAAA;AAAA,IAChE,UAAA,EAAY,2CAA2C,SAAS,CAAA,UAAA,CAAA;AAAA,IAChE,UAAA,EAAY,2CAA2C,SAAS,CAAA,UAAA;AAAA,GAClE,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAyB;AAAA,IACnC,QAAA,EAAU,EAAA;AAAA,IACV,QAAA,EAAU,EAAA;AAAA,IACV,UAAA,EAAY,wBAAA;AAAA,IACZ,UAAA,EAAY,wBAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QAAQ,OAAyB;AAAA,IAC/B,QAAA,EAAU,IAAA;AAAA,IACV,QAAA,EAAU,IAAA;AAAA,IACV,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd,CAAA;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,OAAyB;AAAA,IAC9C,QAAA,EAAU,wBAAA;AAAA,IACV,QAAA,EAAU,wBAAA;AAAA,IACV,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd;AACF;AAOO,SAAS,gBAAgB,MAAA,EAAoD;AAClF,EAAA,IAAI,SAAA;AAEJ,EAAA,QAAQ,OAAO,QAAA;AAAU,IACvB,KAAK,QAAA;AACH,MAAA,SAAA,GAAY,oBAAoB,MAAA,EAAO;AACvC,MAAA;AAAA,IACF,KAAK,eAAA;AACH,MAAA,SAAA,GAAY,oBAAoB,aAAA,EAAc;AAC9C,MAAA;AAAA,IACF,KAAK,YAAA;AACH,MAAA,SAAA,GAAY,mBAAA,CAAoB,SAAA,CAAU,MAAA,CAAO,UAAU,CAAA;AAC3D,MAAA;AAAA,IACF,KAAK,YAAA;AACH,MAAA,SAAA,GAAY,mBAAA,CAAoB,SAAA,CAAU,MAAA,CAAO,SAAS,CAAA;AAC1D,MAAA;AAAA,IACF,KAAK,aAAA;AACH,MAAA,SAAA,GAAY,oBAAoB,UAAA,EAAW;AAC3C,MAAA;AAAA,IACF,KAAK,QAAA;AACH,MAAA,SAAA,GAAY,EAAC;AACb,MAAA;AAAA,IACF,SAAS;AAEP,MAAA,MAAM,cAAqB,MAAA,CAAO,QAAA;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,WAAW,CAAA,CAAE,CAAA;AAAA,IACzD;AAAA;AAIF,EAAA,OAAO;AAAA,IACL,GAAG,SAAA;AAAA,IACH,GAAG,MAAA,CAAO;AAAA,GACZ;AACF;AAOO,SAAS,iBACd,MAAA,EACoC;AACpC,EAAA,OAAO,UAAA,IAAc,MAAA;AACvB;AAOO,SAAS,mBAAmB,MAAA,EAAiF;AAClH,EAAA,OACE,UAAA,IAAc,MAAA,IACd,UAAA,IAAc,MAAA,IACd,YAAA,IAAgB,UAChB,YAAA,IAAgB,MAAA,IAChB,YAAA,IAAgB,MAAA,IAChB,YAAA,IAAgB,MAAA;AAEpB;AAiBO,SAAS,wBAAA,CACd,MAAA,EACA,gBAAA,GAA4B,KAAA,EACA;AAC5B,EAAA,MAAM,MAAA,GAAqC;AAAA,IACzC,KAAA,EAAO,IAAA;AAAA,IACP,QAAQ,EAAC;AAAA,IACT,UAAU;AAAC,GACb;AAGA,EAAA,IAAI,WAAA;AACJ,EAAA,IAAI,gBAAA,CAAiB,MAAM,CAAA,EAAG;AAE5B,IAAA,IAAI,MAAA,CAAO,QAAA,KAAa,YAAA,IAAgB,CAAC,OAAO,UAAA,EAAY;AAC1D,MAAA,MAAA,CAAO,QAAA,CAAS,KAAK,yEAAyE,CAAA;AAAA,IAChG;AACA,IAAA,IAAI,MAAA,CAAO,QAAA,KAAa,YAAA,IAAgB,CAAC,OAAO,SAAA,EAAW;AACzD,MAAA,MAAA,CAAO,QAAA,CAAS,KAAK,wEAAwE,CAAA;AAAA,IAC/F;AACA,IAAA,WAAA,GAAc,gBAAgB,MAAM,CAAA;AAAA,EACtC,CAAA,MAAO;AACL,IAAA,WAAA,GAAc,MAAA;AAAA,EAChB;AAGA,EAAA,IAAI,WAAA,CAAY,UAAA,KAAe,MAAA,IAAa,CAAC,gBAAA,EAAkB;AAC7D,IAAA,MAAA,CAAO,MAAA,CAAO,KAAK,+CAA+C,CAAA;AAClE,IAAA,MAAA,CAAO,KAAA,GAAQ,KAAA;AAAA,EACjB;AAGA,EAAA,MAAM,YAAwC,CAAC,UAAA,EAAY,UAAA,EAAY,YAAA,EAAc,cAAc,YAAY,CAAA;AAC/G,EAAA,IAAI,gBAAA,EAAkB;AACpB,IAAA,SAAA,CAAU,KAAK,YAAY,CAAA;AAAA,EAC7B;AAEA,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,MAAM,IAAA,GAAO,YAAY,QAAQ,CAAA;AACjC,IAAA,IAAI,IAAA,KAAS,MAAA,IAAa,IAAA,KAAS,IAAA,IAAQ,SAAS,EAAA,EAAI;AACtD,MAAA,MAAM,cAAA,GAAiB,uBAAuB,IAAI,CAAA;AAClD,MAAA,IAAI,CAAC,eAAe,KAAA,EAAO;AACzB,QAAA,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,QAAQ,CAAA,EAAA,EAAK,eAAe,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AACrE,QAAA,MAAA,CAAO,KAAA,GAAQ,KAAA;AAAA,MACjB;AACA,MAAA,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,GAAG,cAAA,CAAe,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,QAAQ,CAAA,EAAA,EAAK,CAAC,EAAE,CAAC,CAAA;AAAA,IACjF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,uBAAuB,UAAA,EAAwD;AAC7F,EAAA,MAAM,MAAA,GAAqC;AAAA,IACzC,KAAA,EAAO,IAAA;AAAA,IACP,QAAQ,EAAC;AAAA,IACT,UAAU;AAAC,GACb;AAGA,EAAA,IAAI,UAAA,KAAe,IAAA,IAAQ,UAAA,KAAe,EAAA,EAAI;AAC5C,IAAA,OAAO,MAAA;AAAA,EACT;AAGA,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,IAAA,IAAI,SAAS,GAAA,EAAK,UAAA,EAAA;AAClB,IAAA,IAAI,SAAS,GAAA,EAAK,UAAA,EAAA;AAClB,IAAA,IAAI,aAAa,CAAA,EAAG;AAClB,MAAA,MAAA,CAAO,MAAA,CAAO,KAAK,wBAAwB,CAAA;AAC3C,MAAA,MAAA,CAAO,KAAA,GAAQ,KAAA;AACf,MAAA,OAAO,MAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,IAAI,eAAe,CAAA,EAAG;AACpB,IAAA,MAAA,CAAO,MAAA,CAAO,KAAK,wBAAwB,CAAA;AAC3C,IAAA,MAAA,CAAO,KAAA,GAAQ,KAAA;AAAA,EACjB;AAGA,EAAA,IAAI,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA,EAAG;AAC7B,IAAA,MAAA,CAAO,QAAA,CAAS,KAAK,iDAAiD,CAAA;AAAA,EACxE;AAGA,EAAA,MAAM,WAAA,GAAc,UAAA,CAAW,KAAA,CAAM,oCAAoC,KAAK,EAAC;AAC/E,EAAA,KAAA,MAAW,OAAO,WAAA,EAAa;AAC7B,IAAA,MAAM,UACJ,GAAA,CAAI,UAAA,CAAW,gBAAgB,CAAA,IAC/B,GAAA,KAAQ,qBACR,GAAA,KAAQ,kBAAA,IACR,IAAI,UAAA,CAAW,gBAAgB,KAC/B,GAAA,CAAI,UAAA,CAAW,iBAAiB,CAAA,IAChC,GAAA,CAAI,WAAW,mBAAmB,CAAA;AAEpC,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,CAAA,6BAAA,EAAgC,GAAG,CAAA,CAAA,CAAG,CAAA;AACzD,MAAA,MAAA,CAAO,KAAA,GAAQ,KAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,kBAAkB,WAAA,EAA0D;AAC1F,EAAA,OAAO;AAAA,IACL,QAAA,EAAU,YAAY,QAAA,IAAY,IAAA;AAAA,IAClC,QAAA,EAAU,YAAY,QAAA,IAAY,IAAA;AAAA,IAClC,UAAA,EAAY,YAAY,UAAA,IAAc,IAAA;AAAA,IACtC,UAAA,EAAY,YAAY,UAAA,IAAc,IAAA;AAAA,IACtC,UAAA,EAAY,YAAY,UAAA,IAAc,IAAA;AAAA,IACtC,UAAA,EAAY,YAAY,UAAA,IAAc;AAAA,GACxC;AACF;AAOO,SAAS,oBAAoB,OAAA,EAAwD;AAC1F,EAAA,MAAM,MAAA,GAA2B;AAAA,IAC/B,QAAA,EAAU,IAAA;AAAA,IACV,QAAA,EAAU,IAAA;AAAA,IACV,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACd;AAEA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,MAAA,CAAO,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,MAAA,CAAO,QAAA;AAC5D,IAAA,IAAI,MAAA,CAAO,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,MAAA,CAAO,QAAA;AAC5D,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,MAAA,CAAO,aAAa,MAAA,CAAO,UAAA;AAChE,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,MAAA,CAAO,aAAa,MAAA,CAAO,UAAA;AAChE,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,MAAA,CAAO,aAAa,MAAA,CAAO,UAAA;AAChE,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,MAAA,CAAO,aAAa,MAAA,CAAO,UAAA;AAAA,EAClE;AAEA,EAAA,OAAO,MAAA;AACT;ACjUO,IAAM,UAAA,GAAaA,EAAE,IAAA,CAAK;AAAA,EAC/B,OAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF,CAAC,CAAA;;;ACHM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,KAAA,EAAOA,EAAE,MAAA,EAAO;AAAA,EAChB,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,EAClB,MAAA,EAAQ,UAAA;AAAA,EACR,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAE7B,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,SAAS,oBAAoB,CAAA;AAAA,EAC9C,eAAA,EAAiBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ;AACrC,CAAC,CAAA,CACA,OAAO,oBAAoB;AAKvB,IAAM,aAAA,GAAgB,eAAA;AAAA,EAC3B,kBAAA,CAAmB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAO,mBAAmB,CAAA;AAAA,EACxE;AAAA,IACE,QAAA,EAAU,YAAA;AAAA,IACV,UAAA,EAAY,MAAA;AAAA,IACZ,WAAA,EAAa;AAAA;AAAA,MAEX,QAAA,EAAU,wBAAA;AAAA;AAAA,MAEV,QAAA,EAAU;AAAA;AACZ;AAEJ;AC3BO,IAAM,eAAA,GAAkBA,EAAE,MAAA,CAAO;AAAA,EACtC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAA,EAAG,qBAAqB,EAAE,QAAA,EAAS;AAAA,EACxD,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAM;AAAA,EACxB,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,wCAAwC,CAAA;AAAA,EACpE,eAAA,EAAiBA,EAAE,MAAA,EAAO;AAAA,EAC1B,MAAA,EAAQA,CAAAA,CAAE,UAAA,CAAW,IAAI,EAAE,QAAA;AAC7B,CAAC;AAGD,IAAM,kBAAA,GAAqBA,EAAE,MAAA,CAAO;AAAA,EAClC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAA,EAAG,qBAAqB,EAAE,QAAA,EAAS;AAAA,EACxD,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAM;AAAA,EACxB,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,wCAAwC,CAAA;AAAA,EACpE,MAAA,EAAQA,CAAAA,CAAE,UAAA,CAAW,IAAI,EAAE,QAAA;AAC7B,CAAC,CAAA;AAIM,IAAM,UAAA,GAAa,WAAA;AAAA,EACxB,eAAA,CAAgB,kBAAA,CAAmB,MAAA,CAAO,UAAU,CAAA,EAAG;AAAA;AAAA,IAErD,QAAA,EAAU,uBAAA;AAAA;AAAA,IAEV,QAAA,EAAU,uBAAA;AAAA;AAAA,IAEV,UAAA,EAAY,EAAA;AAAA;AAAA,IAEZ,UAAA,EAAY,uBAAA;AAAA;AAAA,IAEZ,UAAA,EAAY,uBAAA;AAAA;AAAA,IAEZ,UAAA,EAAY;AAAA,GACb,CAAA;AAAA,EACD;AAAA;AAAA,IAEE,sDAAA;AAAA;AAAA,IAEA;AAAA;AAEJ","file":"schema.js","sourcesContent":["import { z } from \"zod\";\nimport type { PermissionSchema, PermissionTemplateConfig } from \"./permissions\";\n\n/**\n * Base schema fields that PocketBase automatically adds to all records\n * These fields are managed by PocketBase and should not be set manually\n */\nexport const baseSchema = {\n  id: z.string().describe(\"unique id\"),\n  collectionId: z.string().describe(\"collection id\"),\n  collectionName: z.string().describe(\"collection name\"),\n  expand: z.record(z.any()).describe(\"expandable fields\"),\n};\n\n/**\n * Extended base schema with timestamp fields\n * Includes created and updated autodate fields\n */\nexport const baseSchemaWithTimestamps = {\n  ...baseSchema,\n  created: z.string().describe(\"creation timestamp\"),\n  updated: z.string().describe(\"last update timestamp\"),\n};\n\n/**\n * Base schema for image file collections\n * Extends base schema with thumbnail URL and image files array\n */\nexport const baseImageFileSchema = {\n  ...baseSchema,\n  thumbnailURL: z.string().optional(),\n  imageFiles: z.array(z.string()),\n};\n\n/**\n * Input schema for image file uploads\n * Used in forms where users upload File objects\n * Requires Node.js 20+ or browser environment with File API\n */\nexport const inputImageFileSchema = {\n  imageFiles: z.array(z.instanceof(File)),\n};\n\n/**\n * Helper constant for omitting image files from schemas\n * Used with Zod's .omit() method\n */\nexport const omitImageFilesSchema = {\n  imageFiles: true,\n} as const;\n\n// ============================================================================\n// Common PocketBase Field Type Patterns\n// ============================================================================\n\n/**\n * Creates a text field schema with optional constraints\n * @param options - Optional constraints for the text field\n */\nexport function textField(options?: { min?: number; max?: number; pattern?: RegExp }) {\n  let schema = z.string();\n  if (options?.min !== undefined) schema = schema.min(options.min);\n  if (options?.max !== undefined) schema = schema.max(options.max);\n  if (options?.pattern !== undefined) schema = schema.regex(options.pattern);\n  return schema;\n}\n\n/**\n * Creates an email field schema\n * Maps to PocketBase 'email' field type\n */\nexport function emailField() {\n  return z.string().email();\n}\n\n/**\n * Creates a URL field schema\n * Maps to PocketBase 'url' field type\n */\nexport function urlField() {\n  return z.string().url();\n}\n\n/**\n * Creates a number field schema with optional constraints\n * @param options - Optional constraints for the number field\n */\nexport function numberField(options?: { min?: number; max?: number }) {\n  let schema = z.number();\n  if (options?.min !== undefined) schema = schema.min(options.min);\n  if (options?.max !== undefined) schema = schema.max(options.max);\n  return schema;\n}\n\n/**\n * Creates a boolean field schema\n * Maps to PocketBase 'bool' field type\n */\nexport function boolField() {\n  return z.boolean();\n}\n\n/**\n * Creates a date field schema\n * Maps to PocketBase 'date' field type\n */\nexport function dateField() {\n  return z.date();\n}\n\n/**\n * Creates a select field schema from enum values\n * Maps to PocketBase 'select' field type\n * @param values - Array of allowed string values\n */\nexport function selectField<T extends [string, ...string[]]>(values: T) {\n  return z.enum(values);\n}\n\n/**\n * Creates a JSON field schema\n * Maps to PocketBase 'json' field type\n * @param schema - Optional Zod schema for the JSON structure\n */\nexport function jsonField<T extends z.ZodTypeAny>(schema?: T) {\n  return schema ?? z.record(z.any());\n}\n\n/**\n * Creates a single file field schema for form input\n * Maps to PocketBase 'file' field type with maxSelect=1\n * Requires Node.js 20+ or browser environment with File API\n */\nexport function fileField() {\n  return z.instanceof(File);\n}\n\n/**\n * Creates a multiple file field schema for form input\n * Maps to PocketBase 'file' field type with maxSelect>1\n * Requires Node.js 20+ or browser environment with File API\n * @param options - Optional constraints for the file field\n */\nexport function filesField(options?: { min?: number; max?: number }) {\n  let schema = z.array(z.instanceof(File));\n  if (options?.min !== undefined) schema = schema.min(options.min);\n  if (options?.max !== undefined) schema = schema.max(options.max);\n  return schema;\n}\n\n/**\n * Creates a single relation field schema\n * Maps to PocketBase 'relation' field type with maxSelect=1\n * Field name should start with uppercase to be detected as relation\n */\nexport function relationField() {\n  return z.string();\n}\n\n/**\n * Creates a multiple relation field schema\n * Maps to PocketBase 'relation' field type with maxSelect>1\n * Field name should contain uppercase to be detected as relation\n * @param options - Optional constraints for the relation field\n */\nexport function relationsField(options?: { min?: number; max?: number }) {\n  let schema = z.array(z.string());\n  if (options?.min !== undefined) schema = schema.min(options.min);\n  if (options?.max !== undefined) schema = schema.max(options.max);\n  return schema;\n}\n\n/**\n * Creates an editor field schema (rich text)\n * Maps to PocketBase 'editor' field type\n */\nexport function editorField() {\n  return z.string();\n}\n\n/**\n * Creates a geo point field schema\n * Maps to PocketBase 'geoPoint' field type\n */\nexport function geoPointField() {\n  return z.object({\n    lon: z.number(),\n    lat: z.number(),\n  });\n}\n\n/**\n * Attach permission metadata to a Zod schema\n *\n * This helper function allows you to define PocketBase API rules alongside your\n * entity schema definitions. The permissions are stored as metadata using Zod's\n * describe() method and will be extracted during migration generation.\n *\n * @param schema - The Zod schema to attach permissions to\n * @param config - Either a PermissionTemplateConfig (for template-based permissions)\n *                 or a PermissionSchema (for custom permissions)\n * @returns The schema with permission metadata attached\n *\n * @example\n * // Using a template\n * const ProjectSchema = withPermissions(\n *   z.object({ title: z.string(), User: z.string() }),\n *   { template: 'owner-only', ownerField: 'User' }\n * );\n *\n * @example\n * // Using custom rules\n * const ProjectSchema = withPermissions(\n *   z.object({ title: z.string() }),\n *   { listRule: '@request.auth.id != \"\"', viewRule: '' }\n * );\n *\n * @example\n * // Using template with custom rule overrides\n * const ProjectSchema = withPermissions(\n *   z.object({ title: z.string(), User: z.string() }),\n *   {\n *     template: 'owner-only',\n *     ownerField: 'User',\n *     customRules: { listRule: '@request.auth.id != \"\"' }\n *   }\n * );\n */\nexport function withPermissions<T extends z.ZodTypeAny>(\n  schema: T,\n  config: PermissionTemplateConfig | PermissionSchema\n): T {\n  // Create metadata object with permissions config directly\n  // The PermissionAnalyzer will handle resolving templates vs direct schemas\n  const metadata = {\n    permissions: config,\n  };\n\n  // Attach permission metadata to schema using Zod's describe() method\n  // The metadata is serialized as JSON and stored in the schema's description\n  return schema.describe(JSON.stringify(metadata)) as T;\n}\n\n/**\n * Attach index definitions to a Zod schema\n *\n * This helper function allows you to define PocketBase indexes alongside your\n * entity schema definitions. The indexes are stored as metadata using Zod's\n * describe() method and will be extracted during migration generation.\n *\n * @param schema - The Zod schema to attach indexes to\n * @param indexes - Array of PocketBase index SQL statements\n * @returns The schema with index metadata attached\n *\n * @example\n * // Define indexes for a user schema\n * const UserSchema = withIndexes(\n *   withPermissions(\n *     z.object({ name: z.string(), email: z.string().email() }),\n *     userPermissions\n *   ),\n *   [\n *     'CREATE UNIQUE INDEX idx_users_email ON users (email)',\n *     'CREATE INDEX idx_users_name ON users (name)'\n *   ]\n * );\n *\n * @example\n * // Single index\n * const ProjectSchema = withIndexes(\n *   ProjectDatabaseSchema,\n *   ['CREATE INDEX idx_projects_status ON projects (status)']\n * );\n */\nexport function withIndexes<T extends z.ZodTypeAny>(schema: T, indexes: string[]): T {\n  // Extract existing metadata if present\n  let existingMetadata: any = {};\n\n  if (schema.description) {\n    try {\n      existingMetadata = JSON.parse(schema.description);\n    } catch {\n      // If description is not JSON, ignore it\n    }\n  }\n\n  // Merge indexes with existing metadata\n  const metadata = {\n    ...existingMetadata,\n    indexes,\n  };\n\n  // Attach metadata to schema using Zod's describe() method\n  return schema.describe(JSON.stringify(metadata)) as T;\n}\n","import type { PermissionSchema, PermissionTemplateConfig, RuleExpression } from \"./permissions\";\n\n/**\n * Predefined permission templates for common access control patterns\n */\nexport const PermissionTemplates = {\n  /**\n   * Public access - anyone can perform all operations\n   */\n  public: (): PermissionSchema => ({\n    listRule: \"\",\n    viewRule: \"\",\n    createRule: \"\",\n    updateRule: \"\",\n    deleteRule: \"\",\n  }),\n\n  /**\n   * Authenticated users only - requires valid authentication for all operations\n   */\n  authenticated: (): PermissionSchema => ({\n    listRule: '@request.auth.id != \"\"',\n    viewRule: '@request.auth.id != \"\"',\n    createRule: '@request.auth.id != \"\"',\n    updateRule: '@request.auth.id != \"\"',\n    deleteRule: '@request.auth.id != \"\"',\n  }),\n\n  /**\n   * Owner-only access - users can only manage their own records\n   * @param ownerField - Name of the relation field pointing to user (default: 'User')\n   */\n  ownerOnly: (ownerField: string = \"User\"): PermissionSchema => ({\n    listRule: `@request.auth.id != \"\" && ${ownerField} = @request.auth.id`,\n    viewRule: `@request.auth.id != \"\" && ${ownerField} = @request.auth.id`,\n    createRule: '@request.auth.id != \"\"',\n    updateRule: `@request.auth.id != \"\" && ${ownerField} = @request.auth.id`,\n    deleteRule: `@request.auth.id != \"\" && ${ownerField} = @request.auth.id`,\n  }),\n\n  /**\n   * Admin/superuser only access\n   * Assumes a 'role' field exists with 'admin' value\n   * @param roleField - Name of the role field (default: 'role')\n   */\n  adminOnly: (roleField: string = \"role\"): PermissionSchema => ({\n    listRule: `@request.auth.id != \"\" && @request.auth.${roleField} = \"admin\"`,\n    viewRule: `@request.auth.id != \"\" && @request.auth.${roleField} = \"admin\"`,\n    createRule: `@request.auth.id != \"\" && @request.auth.${roleField} = \"admin\"`,\n    updateRule: `@request.auth.id != \"\" && @request.auth.${roleField} = \"admin\"`,\n    deleteRule: `@request.auth.id != \"\" && @request.auth.${roleField} = \"admin\"`,\n  }),\n\n  /**\n   * Public read, authenticated write\n   * Anyone can list/view, but only authenticated users can create/update/delete\n   */\n  readPublic: (): PermissionSchema => ({\n    listRule: \"\",\n    viewRule: \"\",\n    createRule: '@request.auth.id != \"\"',\n    updateRule: '@request.auth.id != \"\"',\n    deleteRule: '@request.auth.id != \"\"',\n  }),\n\n  /**\n   * Locked access - only superusers can perform operations\n   * All rules are set to null (locked)\n   */\n  locked: (): PermissionSchema => ({\n    listRule: null,\n    viewRule: null,\n    createRule: null,\n    updateRule: null,\n    deleteRule: null,\n  }),\n\n  /**\n   * Read-only authenticated - authenticated users can read, no write access\n   */\n  readOnlyAuthenticated: (): PermissionSchema => ({\n    listRule: '@request.auth.id != \"\"',\n    viewRule: '@request.auth.id != \"\"',\n    createRule: null,\n    updateRule: null,\n    deleteRule: null,\n  }),\n};\n\n/**\n * Resolve template configuration to concrete permission schema\n * @param config - Template configuration or direct permission schema\n * @returns Resolved permission schema with all rules defined\n */\nexport function resolveTemplate(config: PermissionTemplateConfig): PermissionSchema {\n  let baseRules: PermissionSchema;\n\n  switch (config.template) {\n    case \"public\":\n      baseRules = PermissionTemplates.public();\n      break;\n    case \"authenticated\":\n      baseRules = PermissionTemplates.authenticated();\n      break;\n    case \"owner-only\":\n      baseRules = PermissionTemplates.ownerOnly(config.ownerField);\n      break;\n    case \"admin-only\":\n      baseRules = PermissionTemplates.adminOnly(config.roleField);\n      break;\n    case \"read-public\":\n      baseRules = PermissionTemplates.readPublic();\n      break;\n    case \"custom\":\n      baseRules = {};\n      break;\n    default: {\n      // Exhaustive check - TypeScript will error if we miss a template type\n      const _exhaustive: never = config.template;\n      throw new Error(`Unknown template type: ${_exhaustive}`);\n    }\n  }\n\n  // Merge with custom rules if provided (custom rules override template rules)\n  return {\n    ...baseRules,\n    ...config.customRules,\n  };\n}\n\n/**\n * Check if a configuration is a template config or direct permission schema\n * @param config - Configuration to check\n * @returns True if it's a template configuration\n */\nexport function isTemplateConfig(\n  config: PermissionTemplateConfig | PermissionSchema\n): config is PermissionTemplateConfig {\n  return \"template\" in config;\n}\n\n/**\n * Check if a configuration is a direct permission schema\n * @param config - Configuration to check\n * @returns True if it's a direct permission schema\n */\nexport function isPermissionSchema(config: PermissionTemplateConfig | PermissionSchema): config is PermissionSchema {\n  return (\n    \"listRule\" in config ||\n    \"viewRule\" in config ||\n    \"createRule\" in config ||\n    \"updateRule\" in config ||\n    \"deleteRule\" in config ||\n    \"manageRule\" in config\n  );\n}\n\n/**\n * Validation result for permission configuration\n */\nexport interface PermissionValidationResult {\n  valid: boolean;\n  errors: string[];\n  warnings: string[];\n}\n\n/**\n * Validate a permission configuration\n * @param config - Permission configuration to validate\n * @param isAuthCollection - Whether this is for an auth collection\n * @returns Validation result\n */\nexport function validatePermissionConfig(\n  config: PermissionTemplateConfig | PermissionSchema,\n  isAuthCollection: boolean = false\n): PermissionValidationResult {\n  const result: PermissionValidationResult = {\n    valid: true,\n    errors: [],\n    warnings: [],\n  };\n\n  // Resolve to permission schema\n  let permissions: PermissionSchema;\n  if (isTemplateConfig(config)) {\n    // Validate template config\n    if (config.template === \"owner-only\" && !config.ownerField) {\n      result.warnings.push(\"owner-only template without ownerField specified - using default 'User'\");\n    }\n    if (config.template === \"admin-only\" && !config.roleField) {\n      result.warnings.push(\"admin-only template without roleField specified - using default 'role'\");\n    }\n    permissions = resolveTemplate(config);\n  } else {\n    permissions = config;\n  }\n\n  // Validate manageRule usage\n  if (permissions.manageRule !== undefined && !isAuthCollection) {\n    result.errors.push(\"manageRule is only valid for auth collections\");\n    result.valid = false;\n  }\n\n  // Validate rule expressions\n  const ruleTypes: (keyof PermissionSchema)[] = [\"listRule\", \"viewRule\", \"createRule\", \"updateRule\", \"deleteRule\"];\n  if (isAuthCollection) {\n    ruleTypes.push(\"manageRule\");\n  }\n\n  for (const ruleType of ruleTypes) {\n    const rule = permissions[ruleType];\n    if (rule !== undefined && rule !== null && rule !== \"\") {\n      const ruleValidation = validateRuleExpression(rule);\n      if (!ruleValidation.valid) {\n        result.errors.push(`${ruleType}: ${ruleValidation.errors.join(\", \")}`);\n        result.valid = false;\n      }\n      result.warnings.push(...ruleValidation.warnings.map((w) => `${ruleType}: ${w}`));\n    }\n  }\n\n  return result;\n}\n\n/**\n * Validate a single rule expression for basic syntax\n * @param expression - Rule expression to validate\n * @returns Validation result\n */\nexport function validateRuleExpression(expression: RuleExpression): PermissionValidationResult {\n  const result: PermissionValidationResult = {\n    valid: true,\n    errors: [],\n    warnings: [],\n  };\n\n  // Null and empty string are always valid\n  if (expression === null || expression === \"\") {\n    return result;\n  }\n\n  // Check for balanced parentheses\n  let parenCount = 0;\n  for (const char of expression) {\n    if (char === \"(\") parenCount++;\n    if (char === \")\") parenCount--;\n    if (parenCount < 0) {\n      result.errors.push(\"Unbalanced parentheses\");\n      result.valid = false;\n      return result;\n    }\n  }\n  if (parenCount !== 0) {\n    result.errors.push(\"Unbalanced parentheses\");\n    result.valid = false;\n  }\n\n  // Check for common mistakes\n  if (expression.includes(\"==\")) {\n    result.warnings.push(\"Use '=' instead of '==' for equality comparison\");\n  }\n\n  // Check for valid @request references\n  const requestRefs = expression.match(/@request\\.[a-zA-Z_][a-zA-Z0-9_.]*/g) || [];\n  for (const ref of requestRefs) {\n    const isValid =\n      ref.startsWith(\"@request.auth.\") ||\n      ref === \"@request.method\" ||\n      ref === \"@request.context\" ||\n      ref.startsWith(\"@request.body.\") ||\n      ref.startsWith(\"@request.query.\") ||\n      ref.startsWith(\"@request.headers.\");\n\n    if (!isValid) {\n      result.errors.push(`Invalid @request reference: '${ref}'`);\n      result.valid = false;\n    }\n  }\n\n  return result;\n}\n\n/**\n * Create a custom permission schema with type safety\n * @param permissions - Partial permission schema\n * @returns Complete permission schema with null defaults\n */\nexport function createPermissions(permissions: Partial<PermissionSchema>): PermissionSchema {\n  return {\n    listRule: permissions.listRule ?? null,\n    viewRule: permissions.viewRule ?? null,\n    createRule: permissions.createRule ?? null,\n    updateRule: permissions.updateRule ?? null,\n    deleteRule: permissions.deleteRule ?? null,\n    manageRule: permissions.manageRule ?? null,\n  };\n}\n\n/**\n * Merge multiple permission schemas, with later schemas taking precedence\n * @param schemas - Permission schemas to merge\n * @returns Merged permission schema\n */\nexport function mergePermissions(...schemas: Partial<PermissionSchema>[]): PermissionSchema {\n  const merged: PermissionSchema = {\n    listRule: null,\n    viewRule: null,\n    createRule: null,\n    updateRule: null,\n    deleteRule: null,\n    manageRule: null,\n  };\n\n  for (const schema of schemas) {\n    if (schema.listRule !== undefined) merged.listRule = schema.listRule;\n    if (schema.viewRule !== undefined) merged.viewRule = schema.viewRule;\n    if (schema.createRule !== undefined) merged.createRule = schema.createRule;\n    if (schema.updateRule !== undefined) merged.updateRule = schema.updateRule;\n    if (schema.deleteRule !== undefined) merged.deleteRule = schema.deleteRule;\n    if (schema.manageRule !== undefined) merged.manageRule = schema.manageRule;\n  }\n\n  return merged;\n}\n","import { z } from \"zod\";\n\nexport const StatusEnum = z.enum([\n  \"draft\", // Initial proposal stage (RequestDraft, ProjectDraft)\n  \"active\", // Work in progress\n  \"complete\", // Fully completed project\n  \"fail\", // Failed project at any stage\n]);\nexport type StatusEnumType = z.infer<typeof StatusEnum>;\n","import { z } from \"zod\";\nimport { StatusEnum } from \"../enums\";\nimport { baseImageFileSchema, inputImageFileSchema, omitImageFilesSchema, withPermissions } from \"./base\";\n\nexport const ProjectInputSchema = z\n  .object({\n    // Required fields\n    title: z.string(),\n    content: z.string(),\n    status: StatusEnum,\n    summary: z.string().optional(),\n\n    User: z.string().nonempty(\"User ID is missing\"),\n    SubscriberUsers: z.array(z.string()),\n  })\n  .extend(inputImageFileSchema);\n\n// Apply permissions using template with custom overrides\n// Uses 'owner-only' template but allows all authenticated users to list projects\n// This allows users to see all projects but only manage their own\nexport const ProjectSchema = withPermissions(\n  ProjectInputSchema.omit(omitImageFilesSchema).extend(baseImageFileSchema),\n  {\n    template: \"owner-only\",\n    ownerField: \"User\",\n    customRules: {\n      // Override list rule to allow authenticated users to see all projects\n      listRule: '@request.auth.id != \"\"',\n      // Allow viewing if user is owner OR a subscriber\n      viewRule: '@request.auth.id != \"\" && (User = @request.auth.id || SubscriberUsers ?= @request.auth.id)',\n    },\n  }\n);\n","import { z } from \"zod\";\nimport { baseSchema, withIndexes, withPermissions } from \"./base\";\n\n/** -- User Collections -- */\n// Input schema for forms (includes passwordConfirm for validation)\nexport const UserInputSchema = z.object({\n  name: z.string().min(2, \"Name must be longer\").optional(),\n  email: z.string().email(),\n  password: z.string().min(8, \"Password must be at least 8 characters\"),\n  passwordConfirm: z.string(),\n  avatar: z.instanceof(File).optional(),\n});\n\n// Database schema (excludes passwordConfirm, includes avatar as file field)\nconst UserDatabaseSchema = z.object({\n  name: z.string().min(2, \"Name must be longer\").optional(),\n  email: z.string().email(),\n  password: z.string().min(8, \"Password must be at least 8 characters\"),\n  avatar: z.instanceof(File).optional(),\n});\n\n// Apply permissions and indexes for auth collection\n// Users can view all profiles, but only manage their own\nexport const UserSchema = withIndexes(\n  withPermissions(UserDatabaseSchema.extend(baseSchema), {\n    // Users can list other users (for mentions, user search, etc.)\n    listRule: \"id = @request.auth.id\",\n    // Users can view their own profile\n    viewRule: \"id = @request.auth.id\",\n    // Anyone can create an account (sign up)\n    createRule: \"\",\n    // Users can only update their own profile\n    updateRule: \"id = @request.auth.id\",\n    // Users can only delete their own account\n    deleteRule: \"id = @request.auth.id\",\n    // Users can only manage their own account (change email, password, etc.)\n    manageRule: \"id = @request.auth.id\",\n  }),\n  [\n    // Email should be unique for authentication\n    \"CREATE UNIQUE INDEX idx_users_email ON users (email)\",\n    // Index on name for user search and sorting\n    \"CREATE INDEX idx_users_name ON users (name)\",\n  ]\n);\n"]}

package/dist/types-BbTgmg6H.d.cts

@@ -0,0 +1,91 @@
+import { A as APIRuleType } from './permissions-ZHafVSIx.cjs';
+
+/**
+ * Shared types for migration tool
+ */
+type PocketBaseFieldType = "text" | "email" | "url" | "number" | "bool" | "date" | "select" | "relation" | "file" | "json" | "editor" | "geoPoint" | "autodate";
+
+interface FieldDefinition {
+    name: string;
+    type: PocketBaseFieldType;
+    required: boolean;
+    unique?: boolean;
+    options?: Record<string, any>;
+    relation?: {
+        collection: string;
+        cascadeDelete?: boolean;
+        maxSelect?: number;
+        minSelect?: number;
+    };
+}
+interface CollectionSchema {
+    name: string;
+    type: "base" | "auth";
+    fields: FieldDefinition[];
+    indexes?: string[];
+    rules?: {
+        listRule?: string | null;
+        viewRule?: string | null;
+        createRule?: string | null;
+        updateRule?: string | null;
+        deleteRule?: string | null;
+        manageRule?: string | null;
+    };
+    permissions?: {
+        listRule?: string | null;
+        viewRule?: string | null;
+        createRule?: string | null;
+        updateRule?: string | null;
+        deleteRule?: string | null;
+        manageRule?: string | null;
+    };
+}
+interface SchemaDefinition {
+    collections: Map<string, CollectionSchema>;
+}
+interface SchemaSnapshot {
+    version: string;
+    timestamp: string;
+    collections: Map<string, CollectionSchema>;
+}
+interface FieldChange {
+    property: string;
+    oldValue: any;
+    newValue: any;
+}
+interface FieldModification {
+    fieldName: string;
+    currentDefinition: any;
+    newDefinition: FieldDefinition;
+    changes: FieldChange[];
+}
+interface RuleUpdate {
+    ruleType: "listRule" | "viewRule" | "createRule" | "updateRule" | "deleteRule" | "manageRule";
+    oldValue: string | null;
+    newValue: string | null;
+}
+/**
+ * Permission change tracking for migrations
+ */
+interface PermissionChange {
+    ruleType: APIRuleType;
+    oldValue: string | null;
+    newValue: string | null;
+}
+interface CollectionModification {
+    collection: string;
+    fieldsToAdd: FieldDefinition[];
+    fieldsToRemove: any[];
+    fieldsToModify: FieldModification[];
+    indexesToAdd: string[];
+    indexesToRemove: string[];
+    rulesToUpdate: RuleUpdate[];
+    permissionsToUpdate: PermissionChange[];
+}
+interface SchemaDiff {
+    collectionsToCreate: CollectionSchema[];
+    collectionsToDelete: any[];
+    collectionsToModify: CollectionModification[];
+}
+
+export type { CollectionSchema as C, FieldDefinition as F, PocketBaseFieldType as P, RuleUpdate as R, SchemaDefinition as S, SchemaSnapshot as a, FieldChange as b, FieldModification as c, PermissionChange as d, CollectionModification as e, SchemaDiff as f };

package/dist/types-z1Dkjg8m.d.ts

@@ -0,0 +1,91 @@
+import { A as APIRuleType } from './permissions-ZHafVSIx.js';
+
+/**
+ * Shared types for migration tool
+ */
+type PocketBaseFieldType = "text" | "email" | "url" | "number" | "bool" | "date" | "select" | "relation" | "file" | "json" | "editor" | "geoPoint" | "autodate";
+
+interface FieldDefinition {
+    name: string;
+    type: PocketBaseFieldType;
+    required: boolean;
+    unique?: boolean;
+    options?: Record<string, any>;
+    relation?: {
+        collection: string;
+        cascadeDelete?: boolean;
+        maxSelect?: number;
+        minSelect?: number;
+    };
+}
+interface CollectionSchema {
+    name: string;
+    type: "base" | "auth";
+    fields: FieldDefinition[];
+    indexes?: string[];
+    rules?: {
+        listRule?: string | null;
+        viewRule?: string | null;
+        createRule?: string | null;
+        updateRule?: string | null;
+        deleteRule?: string | null;
+        manageRule?: string | null;
+    };
+    permissions?: {
+        listRule?: string | null;
+        viewRule?: string | null;
+        createRule?: string | null;
+        updateRule?: string | null;
+        deleteRule?: string | null;
+        manageRule?: string | null;
+    };
+}
+interface SchemaDefinition {
+    collections: Map<string, CollectionSchema>;
+}
+interface SchemaSnapshot {
+    version: string;
+    timestamp: string;
+    collections: Map<string, CollectionSchema>;
+}
+interface FieldChange {
+    property: string;
+    oldValue: any;
+    newValue: any;
+}
+interface FieldModification {
+    fieldName: string;
+    currentDefinition: any;
+    newDefinition: FieldDefinition;
+    changes: FieldChange[];
+}
+interface RuleUpdate {
+    ruleType: "listRule" | "viewRule" | "createRule" | "updateRule" | "deleteRule" | "manageRule";
+    oldValue: string | null;
+    newValue: string | null;
+}
+/**
+ * Permission change tracking for migrations
+ */
+interface PermissionChange {
+    ruleType: APIRuleType;
+    oldValue: string | null;
+    newValue: string | null;
+}
+interface CollectionModification {
+    collection: string;
+    fieldsToAdd: FieldDefinition[];
+    fieldsToRemove: any[];
+    fieldsToModify: FieldModification[];
+    indexesToAdd: string[];
+    indexesToRemove: string[];
+    rulesToUpdate: RuleUpdate[];
+    permissionsToUpdate: PermissionChange[];
+}
+interface SchemaDiff {
+    collectionsToCreate: CollectionSchema[];
+    collectionsToDelete: any[];
+    collectionsToModify: CollectionModification[];
+}
+
+export type { CollectionSchema as C, FieldDefinition as F, PocketBaseFieldType as P, RuleUpdate as R, SchemaDefinition as S, SchemaSnapshot as a, FieldChange as b, FieldModification as c, PermissionChange as d, CollectionModification as e, SchemaDiff as f };

package/dist/types.cjs

@@ -0,0 +1,4 @@
+'use strict';
+
+//# sourceMappingURL=types.cjs.map
+//# sourceMappingURL=types.cjs.map

package/dist/types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"types.cjs","sourcesContent":[]}