postgresdk 0.16.6 → 0.16.7

package/README.md

@@ -163,6 +163,9 @@ export default {
     }
   },
 
+  // SDK endpoint protection (optional)
+  pullToken: "env:POSTGRESDK_PULL_TOKEN",  // Protect /_psdk/* endpoints (if not set, public)
+
   // Test generation (optional)
   tests: {
     generate: true,                      // Generate test files
@@ -515,7 +518,7 @@ export default {
   pull: {
     from: "https://api.myapp.com",
     output: "./src/sdk",
-    token: process.env.API_TOKEN  // Optional auth for protected APIs
+    pullToken: "env:POSTGRESDK_PULL_TOKEN"  // Optional: if server has pullToken set
   }
 };
 ```

package/dist/cli.js

@@ -2242,13 +2242,14 @@ async function initCommand(args) {
         console.log("      DATABASE_URL=postgres://user:pass@localhost:5432/mydb");
         console.log("      API_KEY=your-secret-key");
         console.log("      JWT_SECRET=your-jwt-secret");
+        console.log("      POSTGRESDK_PULL_TOKEN=your-pull-token");
       }
       console.log("   3. Run 'postgresdk generate' to create your SDK");
     } else {
       console.log("   1. Edit postgresdk.config.ts with your API URL in pull.from");
       if (!hasEnv) {
         console.log("   2. Consider creating a .env file if you need authentication:");
-        console.log("      API_TOKEN=your-api-token");
+        console.log("      POSTGRESDK_PULL_TOKEN=your-pull-token");
       }
       console.log("   3. Run 'postgresdk pull' to fetch your SDK");
     }
@@ -2395,6 +2396,21 @@ export default {
   //     audience: "my-api",                    // Optional: validate 'aud' claim
   //   }
   // },
+
+  // ========== SDK ENDPOINT PROTECTION ==========
+
+  /**
+   * Token for protecting /_psdk/* endpoints (SDK distribution and contract endpoints)
+   *
+   * When set, clients must provide this token via Authorization header when pulling SDK.
+   * If not set, /_psdk/* endpoints are publicly accessible.
+   *
+   * This is separate from the main auth strategy (JWT/API key) used for CRUD operations.
+   *
+   * Use "env:" prefix to read from environment variables:
+   *   pullToken: "env:POSTGRESDK_PULL_TOKEN"
+   */
+  // pullToken: "env:POSTGRESDK_PULL_TOKEN",
 };
 `, CONFIG_TEMPLATE_SDK = `/**
  * PostgreSDK Configuration (SDK-Side)
@@ -2420,9 +2436,17 @@ export default {
    * Configuration for pulling SDK from a remote API
    */
   pull: {
-    from: "https://api.myapp.com",     // API URL to pull SDK from
-    output: "./src/sdk",                // Local directory for pulled SDK
-    // token: process.env.API_TOKEN,    // Optional authentication token
+    from: "https://api.myapp.com",        // API URL to pull SDK from
+    output: "./src/sdk",                   // Local directory for pulled SDK
+
+    /**
+     * Authentication token for protected /_psdk/* endpoints
+     * Should match the server's pullToken configuration
+     *
+     * Use "env:" prefix to read from environment variables:
+     *   pullToken: "env:POSTGRESDK_PULL_TOKEN"
+     */
+    // pullToken: "env:POSTGRESDK_PULL_TOKEN",
   },
 };
 `;
@@ -2463,7 +2487,7 @@ async function pullCommand(args) {
   const cliConfig = {
     from: args.find((a) => a.startsWith("--from="))?.split("=")[1],
     output: args.find((a) => a.startsWith("--output="))?.split("=")[1],
-    token: args.find((a) => a.startsWith("--token="))?.split("=")[1]
+    pullToken: args.find((a) => a.startsWith("--pullToken="))?.split("=")[1]
   };
   const config = {
     output: "./src/sdk",
@@ -2479,10 +2503,19 @@ Options:`);
     console.error("                      (then edit postgresdk.config.ts and run 'postgresdk pull')");
     process.exit(1);
   }
+  let resolvedToken = config.pullToken;
+  if (resolvedToken?.startsWith("env:")) {
+    const envVarName = resolvedToken.slice(4);
+    resolvedToken = process.env[envVarName];
+    if (!resolvedToken) {
+      console.error(`❌ Environment variable "${envVarName}" not set (referenced in pullToken config)`);
+      process.exit(1);
+    }
+  }
   console.log(`\uD83D\uDD04 Pulling SDK from ${config.from}`);
   console.log(`\uD83D\uDCC1 Output directory: ${config.output}`);
   try {
-    const headers = config.token ? { Authorization: `Bearer ${config.token}` } : {};
+    const headers = resolvedToken ? { Authorization: `Bearer ${resolvedToken}` } : {};
     const manifestRes = await fetch(`${config.from}/_psdk/sdk/manifest`, { headers });
     if (!manifestRes.ok) {
       throw new Error(`Failed to fetch SDK manifest: ${manifestRes.status} ${manifestRes.statusText}`);
@@ -2815,6 +2848,8 @@ function emitZod(table, opts, enums) {
       return `z.unknown()`;
     if (t === "date" || t.startsWith("timestamp"))
       return `z.string()`;
+    if (t === "vector" || t === "halfvec" || t === "sparsevec" || t === "bit")
+      return `z.array(z.number())`;
     if (t.startsWith("_"))
       return `z.array(${zFor(t.slice(1))})`;
     return `z.string()`;
@@ -2948,6 +2983,7 @@ function emitHonoRoutes(table, _graph, opts) {
   const fileTableName = table.name;
   const Type = pascal(table.name);
   const hasVectorColumns = table.columns.some((c) => isVectorType(c.pgType));
+  const vectorColumns = table.columns.filter((c) => isVectorType(c.pgType)).map((c) => c.name);
   const rawPk = table.pk;
   const pkCols = Array.isArray(rawPk) ? rawPk : rawPk ? [rawPk] : [];
   const safePkCols = pkCols.length ? pkCols : ["id"];
@@ -3008,7 +3044,8 @@ export function register${Type}Routes(app: Hono, deps: { pg: { query: (text: str
     table: "${fileTableName}",
     pkColumns: ${JSON.stringify(safePkCols)},
     softDeleteColumn: ${softDel ? `"${softDel}"` : "null"},
-    includeMethodsDepth: ${opts.includeMethodsDepth}
+    includeMethodsDepth: ${opts.includeMethodsDepth}${vectorColumns.length > 0 ? `,
+    vectorColumns: ${JSON.stringify(vectorColumns)}` : ""}
   };
 ${hasAuth ? `
   // \uD83D\uDD10 Auth: protect all routes for this table
@@ -3990,6 +4027,8 @@ function tsTypeFor(pgType, opts, enums) {
     return "string";
   if (t === "json" || t === "jsonb")
     return "unknown";
+  if (t === "vector" || t === "halfvec" || t === "sparsevec" || t === "bit")
+    return "number[]";
   return "string";
 }
 function isJsonbType2(pgType) {
@@ -4438,9 +4477,18 @@ export async function authMiddleware(c: Context, next: Next) {
 
 // src/emit-router-hono.ts
 init_utils();
-function emitHonoRouter(tables, hasAuth, useJsExtensions) {
+function emitHonoRouter(tables, hasAuth, useJsExtensions, pullToken) {
   const tableNames = tables.map((t) => t.name).sort();
   const ext = useJsExtensions ? ".js" : "";
+  let resolvedPullToken;
+  if (pullToken) {
+    if (pullToken.startsWith("env:")) {
+      const envVarName = pullToken.slice(4);
+      resolvedPullToken = `process.env.${envVarName}`;
+    } else {
+      resolvedPullToken = JSON.stringify(pullToken);
+    }
+  }
   const imports = tableNames.map((name) => {
     const Type = pascal(name);
     return `import { register${Type}Routes } from "./routes/${name}${ext}";`;
@@ -4527,10 +4575,33 @@ export function createRouter(
   }
 ): Hono {
   const router = new Hono();
-  
+
   // Register table routes
 ${registrations}
+${pullToken ? `
+  // \uD83D\uDD10 Protect /_psdk/* endpoints with pullToken
+  router.use("/_psdk/*", async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    const expectedToken = ${resolvedPullToken};
 
+    if (!expectedToken) {
+      // Token not configured in environment - reject request
+      return c.json({ error: "SDK endpoints are protected but token not configured" }, 500);
+    }
+
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return c.json({ error: "Missing or invalid Authorization header" }, 401);
+    }
+
+    const providedToken = authHeader.slice(7); // Remove "Bearer " prefix
+
+    if (providedToken !== expectedToken) {
+      return c.json({ error: "Invalid pull token" }, 401);
+    }
+
+    await next();
+  });
+` : ""}
   // SDK distribution endpoints
   router.get("/_psdk/sdk/manifest", (c) => {
     return c.json({
@@ -4674,6 +4745,7 @@ export interface OperationContext {
   pkColumns: string[];
   softDeleteColumn?: string | null;
   includeMethodsDepth: number;
+  vectorColumns?: string[];
 }
 
 const DEBUG = process.env.SDK_DEBUG === "1" || process.env.SDK_DEBUG === "true";
@@ -4698,6 +4770,30 @@ function prepareParams(params: any[]): any[] {
   });
 }
 
+/**
+ * Parse vector columns in retrieved rows.
+ * pgvector returns vectors as strings (e.g., "[1.5,2.5,3.5]") which need to be
+ * parsed back to number[] to match TypeScript types.
+ */
+function parseVectorColumns(rows: any[], vectorColumns?: string[]): any[] {
+  if (!vectorColumns || vectorColumns.length === 0) return rows;
+
+  return rows.map(row => {
+    const parsed = { ...row };
+    for (const col of vectorColumns) {
+      if (parsed[col] !== null && parsed[col] !== undefined && typeof parsed[col] === 'string') {
+        try {
+          parsed[col] = JSON.parse(parsed[col]);
+        } catch (e) {
+          // If parsing fails, leave as string (shouldn't happen with valid vectors)
+          log.error(\`Failed to parse vector column "\${col}":, e\`);
+        }
+      }
+    }
+    return parsed;
+  });
+}
+
 /**
  * CREATE operation - Insert a new record
  */
@@ -4720,8 +4816,9 @@ export async function createRecord(
 
     log.debug("SQL:", text, "vals:", vals);
     const { rows } = await ctx.pg.query(text, prepareParams(vals));
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
 
-    return { data: rows[0] ?? null, status: rows[0] ? 201 : 500 };
+    return { data: parsedRows[0] ?? null, status: parsedRows[0] ? 201 : 500 };
   } catch (e: any) {
     // Enhanced logging for JSON validation errors
     const errorMsg = e?.message ?? "";
@@ -4760,12 +4857,13 @@ export async function getByPk(
     log.debug(\`GET \${ctx.table} by PK:\`, pkValues, "SQL:", text);
 
     const { rows } = await ctx.pg.query(text, prepareParams(pkValues));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     log.error(\`GET \${ctx.table} error:\`, e?.stack ?? e);
     return { 
@@ -5151,12 +5249,13 @@ export async function listRecords(
     log.debug(\`LIST \${ctx.table} SQL:\`, text, "params:", allParams);
 
     const { rows } = await ctx.pg.query(text, prepareParams(allParams));
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
 
     // Calculate hasMore
     const hasMore = offset + limit < total;
 
     const metadata = {
-      data: rows,
+      data: parsedRows,
       total,
       limit,
       offset,
@@ -5221,12 +5320,13 @@ export async function updateRecord(
 
     log.debug(\`PATCH \${ctx.table} SQL:\`, text, "params:", params);
     const { rows } = await ctx.pg.query(text, prepareParams(params));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     // Enhanced logging for JSON validation errors
     const errorMsg = e?.message ?? "";
@@ -5270,12 +5370,13 @@ export async function deleteRecord(
 
     log.debug(\`DELETE \${ctx.softDeleteColumn ? '(soft)' : ''} \${ctx.table} SQL:\`, text, "pk:", pkValues);
     const { rows } = await ctx.pg.query(text, prepareParams(pkValues));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     log.error(\`DELETE \${ctx.table} error:\`, e?.stack ?? e);
     return { 
@@ -6145,7 +6246,7 @@ async function generate(configPath) {
   if (serverFramework === "hono") {
     files.push({
       path: join(serverDir, "router.ts"),
-      content: emitHonoRouter(Object.values(model.tables), getAuthStrategy(normalizedAuth) !== "none", cfg.useJsExtensions)
+      content: emitHonoRouter(Object.values(model.tables), getAuthStrategy(normalizedAuth) !== "none", cfg.useJsExtensions, cfg.pullToken)
     });
   }
   const { generateUnifiedContract: generateUnifiedContract2, generateUnifiedContractMarkdown: generateUnifiedContractMarkdown2 } = await Promise.resolve().then(() => (init_emit_sdk_contract(), exports_emit_sdk_contract));

package/dist/emit-router-hono.d.ts

@@ -2,4 +2,4 @@ import type { Table } from "./introspect";
 /**
  * Emits the Hono server router file that exports helper functions for route registration
  */
-export declare function emitHonoRouter(tables: Table[], hasAuth: boolean, useJsExtensions?: boolean): string;
+export declare function emitHonoRouter(tables: Table[], hasAuth: boolean, useJsExtensions?: boolean, pullToken?: string): string;

package/dist/index.js

@@ -1986,6 +1986,8 @@ function emitZod(table, opts, enums) {
       return `z.unknown()`;
     if (t === "date" || t.startsWith("timestamp"))
       return `z.string()`;
+    if (t === "vector" || t === "halfvec" || t === "sparsevec" || t === "bit")
+      return `z.array(z.number())`;
     if (t.startsWith("_"))
       return `z.array(${zFor(t.slice(1))})`;
     return `z.string()`;
@@ -2119,6 +2121,7 @@ function emitHonoRoutes(table, _graph, opts) {
   const fileTableName = table.name;
   const Type = pascal(table.name);
   const hasVectorColumns = table.columns.some((c) => isVectorType(c.pgType));
+  const vectorColumns = table.columns.filter((c) => isVectorType(c.pgType)).map((c) => c.name);
   const rawPk = table.pk;
   const pkCols = Array.isArray(rawPk) ? rawPk : rawPk ? [rawPk] : [];
   const safePkCols = pkCols.length ? pkCols : ["id"];
@@ -2179,7 +2182,8 @@ export function register${Type}Routes(app: Hono, deps: { pg: { query: (text: str
     table: "${fileTableName}",
     pkColumns: ${JSON.stringify(safePkCols)},
     softDeleteColumn: ${softDel ? `"${softDel}"` : "null"},
-    includeMethodsDepth: ${opts.includeMethodsDepth}
+    includeMethodsDepth: ${opts.includeMethodsDepth}${vectorColumns.length > 0 ? `,
+    vectorColumns: ${JSON.stringify(vectorColumns)}` : ""}
   };
 ${hasAuth ? `
   // \uD83D\uDD10 Auth: protect all routes for this table
@@ -3161,6 +3165,8 @@ function tsTypeFor(pgType, opts, enums) {
     return "string";
   if (t === "json" || t === "jsonb")
     return "unknown";
+  if (t === "vector" || t === "halfvec" || t === "sparsevec" || t === "bit")
+    return "number[]";
   return "string";
 }
 function isJsonbType2(pgType) {
@@ -3609,9 +3615,18 @@ export async function authMiddleware(c: Context, next: Next) {
 
 // src/emit-router-hono.ts
 init_utils();
-function emitHonoRouter(tables, hasAuth, useJsExtensions) {
+function emitHonoRouter(tables, hasAuth, useJsExtensions, pullToken) {
   const tableNames = tables.map((t) => t.name).sort();
   const ext = useJsExtensions ? ".js" : "";
+  let resolvedPullToken;
+  if (pullToken) {
+    if (pullToken.startsWith("env:")) {
+      const envVarName = pullToken.slice(4);
+      resolvedPullToken = `process.env.${envVarName}`;
+    } else {
+      resolvedPullToken = JSON.stringify(pullToken);
+    }
+  }
   const imports = tableNames.map((name) => {
     const Type = pascal(name);
     return `import { register${Type}Routes } from "./routes/${name}${ext}";`;
@@ -3698,10 +3713,33 @@ export function createRouter(
   }
 ): Hono {
   const router = new Hono();
-  
+
   // Register table routes
 ${registrations}
+${pullToken ? `
+  // \uD83D\uDD10 Protect /_psdk/* endpoints with pullToken
+  router.use("/_psdk/*", async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    const expectedToken = ${resolvedPullToken};
+
+    if (!expectedToken) {
+      // Token not configured in environment - reject request
+      return c.json({ error: "SDK endpoints are protected but token not configured" }, 500);
+    }
+
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return c.json({ error: "Missing or invalid Authorization header" }, 401);
+    }
 
+    const providedToken = authHeader.slice(7); // Remove "Bearer " prefix
+
+    if (providedToken !== expectedToken) {
+      return c.json({ error: "Invalid pull token" }, 401);
+    }
+
+    await next();
+  });
+` : ""}
   // SDK distribution endpoints
   router.get("/_psdk/sdk/manifest", (c) => {
     return c.json({
@@ -3845,6 +3883,7 @@ export interface OperationContext {
   pkColumns: string[];
   softDeleteColumn?: string | null;
   includeMethodsDepth: number;
+  vectorColumns?: string[];
 }
 
 const DEBUG = process.env.SDK_DEBUG === "1" || process.env.SDK_DEBUG === "true";
@@ -3869,6 +3908,30 @@ function prepareParams(params: any[]): any[] {
   });
 }
 
+/**
+ * Parse vector columns in retrieved rows.
+ * pgvector returns vectors as strings (e.g., "[1.5,2.5,3.5]") which need to be
+ * parsed back to number[] to match TypeScript types.
+ */
+function parseVectorColumns(rows: any[], vectorColumns?: string[]): any[] {
+  if (!vectorColumns || vectorColumns.length === 0) return rows;
+
+  return rows.map(row => {
+    const parsed = { ...row };
+    for (const col of vectorColumns) {
+      if (parsed[col] !== null && parsed[col] !== undefined && typeof parsed[col] === 'string') {
+        try {
+          parsed[col] = JSON.parse(parsed[col]);
+        } catch (e) {
+          // If parsing fails, leave as string (shouldn't happen with valid vectors)
+          log.error(\`Failed to parse vector column "\${col}":, e\`);
+        }
+      }
+    }
+    return parsed;
+  });
+}
+
 /**
  * CREATE operation - Insert a new record
  */
@@ -3891,8 +3954,9 @@ export async function createRecord(
 
     log.debug("SQL:", text, "vals:", vals);
     const { rows } = await ctx.pg.query(text, prepareParams(vals));
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
 
-    return { data: rows[0] ?? null, status: rows[0] ? 201 : 500 };
+    return { data: parsedRows[0] ?? null, status: parsedRows[0] ? 201 : 500 };
   } catch (e: any) {
     // Enhanced logging for JSON validation errors
     const errorMsg = e?.message ?? "";
@@ -3931,12 +3995,13 @@ export async function getByPk(
     log.debug(\`GET \${ctx.table} by PK:\`, pkValues, "SQL:", text);
 
     const { rows } = await ctx.pg.query(text, prepareParams(pkValues));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     log.error(\`GET \${ctx.table} error:\`, e?.stack ?? e);
     return { 
@@ -4322,12 +4387,13 @@ export async function listRecords(
     log.debug(\`LIST \${ctx.table} SQL:\`, text, "params:", allParams);
 
     const { rows } = await ctx.pg.query(text, prepareParams(allParams));
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
 
     // Calculate hasMore
     const hasMore = offset + limit < total;
 
     const metadata = {
-      data: rows,
+      data: parsedRows,
       total,
       limit,
       offset,
@@ -4392,12 +4458,13 @@ export async function updateRecord(
 
     log.debug(\`PATCH \${ctx.table} SQL:\`, text, "params:", params);
     const { rows } = await ctx.pg.query(text, prepareParams(params));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     // Enhanced logging for JSON validation errors
     const errorMsg = e?.message ?? "";
@@ -4441,12 +4508,13 @@ export async function deleteRecord(
 
     log.debug(\`DELETE \${ctx.softDeleteColumn ? '(soft)' : ''} \${ctx.table} SQL:\`, text, "pk:", pkValues);
     const { rows } = await ctx.pg.query(text, prepareParams(pkValues));
-    
-    if (!rows[0]) {
+    const parsedRows = parseVectorColumns(rows, ctx.vectorColumns);
+
+    if (!parsedRows[0]) {
       return { data: null, status: 404 };
     }
-    
-    return { data: rows[0], status: 200 };
+
+    return { data: parsedRows[0], status: 200 };
   } catch (e: any) {
     log.error(\`DELETE \${ctx.table} error:\`, e?.stack ?? e);
     return { 
@@ -5316,7 +5384,7 @@ async function generate(configPath) {
   if (serverFramework === "hono") {
     files.push({
       path: join(serverDir, "router.ts"),
-      content: emitHonoRouter(Object.values(model.tables), getAuthStrategy(normalizedAuth) !== "none", cfg.useJsExtensions)
+      content: emitHonoRouter(Object.values(model.tables), getAuthStrategy(normalizedAuth) !== "none", cfg.useJsExtensions, cfg.pullToken)
     });
   }
   const { generateUnifiedContract: generateUnifiedContract2, generateUnifiedContractMarkdown: generateUnifiedContractMarkdown2 } = await Promise.resolve().then(() => (init_emit_sdk_contract(), exports_emit_sdk_contract));

package/dist/types.d.ts

@@ -29,6 +29,7 @@ export interface Config {
     serverFramework?: "hono" | "express" | "fastify";
     apiPathPrefix?: string;
     auth?: AuthConfigInput;
+    pullToken?: string;
     pull?: PullConfig;
     useJsExtensions?: boolean;
     useJsExtensionsClient?: boolean;
@@ -41,6 +42,6 @@ export interface Config {
 export interface PullConfig {
     from: string;
     output?: string;
-    token?: string;
+    pullToken?: string;
 }
 export declare function normalizeAuthConfig(input: AuthConfigInput | undefined): AuthConfig | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresdk",
-  "version": "0.16.6",
+  "version": "0.16.7",
   "description": "Generate a typed server/client SDK from a Postgres schema (includes, Zod, Hono).",
   "type": "module",
   "bin": {