schematic-pg 0.1.0

package/dist/api/auth/errors.d.ts

@@ -0,0 +1,6 @@
+export declare class UnauthorizedError extends Error {
+    constructor(message?: string);
+}
+export declare class ForbiddenError extends Error {
+    constructor(message?: string);
+}

package/dist/api/auth/errors.js

@@ -0,0 +1,12 @@
+export class UnauthorizedError extends Error {
+    constructor(message = 'Unauthorized') {
+        super(message);
+        this.name = 'UnauthorizedError';
+    }
+}
+export class ForbiddenError extends Error {
+    constructor(message = 'Forbidden') {
+        super(message);
+        this.name = 'ForbiddenError';
+    }
+}

package/dist/api/auth/jwt-resolver.d.ts

@@ -0,0 +1,7 @@
+import type { AuthResolver } from './types.js';
+export interface JwtResolverOptions {
+    secret?: string;
+    roleClaim?: string;
+    userIdClaim?: string;
+}
+export declare function createJwtResolver(options?: JwtResolverOptions): AuthResolver;

package/dist/api/auth/jwt-resolver.js

@@ -0,0 +1,59 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
+import { UnauthorizedError } from './errors.js';
+const BEARER_PREFIX = 'Bearer ';
+const DEFAULT_ROLE_CLAIM = 'role';
+const DEFAULT_USER_ID_CLAIM = 'sub';
+const JWT_ALGORITHM = 'HS256';
+export function createJwtResolver(options = {}) {
+    const roleClaim = options.roleClaim ?? process.env.JWT_ROLE_CLAIM ?? DEFAULT_ROLE_CLAIM;
+    const userIdClaim = options.userIdClaim ?? process.env.JWT_USER_ID_CLAIM ?? DEFAULT_USER_ID_CLAIM;
+    return async (c) => {
+        const authHeader = c.req.header('Authorization');
+        if (!authHeader?.startsWith(BEARER_PREFIX)) {
+            return null;
+        }
+        const token = authHeader.slice(BEARER_PREFIX.length).trim();
+        if (!token) {
+            return null;
+        }
+        const secret = options.secret ?? process.env.JWT_SECRET;
+        if (!secret) {
+            throw new UnauthorizedError('JWT_SECRET is not configured');
+        }
+        const payload = verifyJwt(token, secret);
+        const role = String(payload[roleClaim] ?? 'PUBLIC');
+        const userId = payload[userIdClaim];
+        if (userId === undefined || userId === null || userId === '') {
+            throw new UnauthorizedError(`JWT missing "${userIdClaim}" claim`);
+        }
+        const user = {
+            id: String(userId),
+            ...payload,
+        };
+        return { role, user };
+    };
+}
+function verifyJwt(token, secret) {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        throw new UnauthorizedError('Invalid JWT format');
+    }
+    const [encodedHeader, encodedPayload, encodedSignature] = parts;
+    const signingInput = `${encodedHeader}.${encodedPayload}`;
+    const expectedSignature = createHmac('sha256', secret).update(signingInput).digest();
+    const actualSignature = base64UrlDecode(encodedSignature);
+    if (expectedSignature.length !== actualSignature.length ||
+        !timingSafeEqual(expectedSignature, actualSignature)) {
+        throw new UnauthorizedError('Invalid JWT signature');
+    }
+    const header = JSON.parse(base64UrlDecode(encodedHeader).toString('utf8'));
+    if (header.alg !== JWT_ALGORITHM) {
+        throw new UnauthorizedError(`Unsupported JWT algorithm "${header.alg ?? 'unknown'}"`);
+    }
+    return JSON.parse(base64UrlDecode(encodedPayload).toString('utf8'));
+}
+function base64UrlDecode(value) {
+    const normalized = value.replace(/-/g, '+').replace(/_/g, '/');
+    const padding = normalized.length % 4 === 0 ? '' : '='.repeat(4 - (normalized.length % 4));
+    return Buffer.from(normalized + padding, 'base64');
+}

package/dist/api/auth/middleware.d.ts

@@ -0,0 +1,4 @@
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../types.js';
+import type { AuthResolver } from './types.js';
+export declare function createAuthMiddleware(resolver?: AuthResolver): MiddlewareHandler<AppEnv>;

package/dist/api/auth/middleware.js

@@ -0,0 +1,10 @@
+import { createJwtResolver } from './jwt-resolver.js';
+import { PUBLIC_ROLE } from './types.js';
+const defaultPublicContext = { role: PUBLIC_ROLE };
+export function createAuthMiddleware(resolver = createJwtResolver()) {
+    return async (c, next) => {
+        const auth = (await resolver(c)) ?? defaultPublicContext;
+        c.set('auth', auth);
+        await next();
+    };
+}

package/dist/api/auth/policy.d.ts

@@ -0,0 +1,7 @@
+import type { WhereInput } from '../../db/where-translator.js';
+import { type NormalizedPolicy, type PolicyOperation } from 'generated/policies.js';
+import type { AuthContext } from './types.js';
+export { ForbiddenError, UnauthorizedError } from './errors.js';
+export declare function assertPolicy(model: string, role: string, operation: PolicyOperation): NormalizedPolicy;
+export declare function resolvePolicyWhere(policy: NormalizedPolicy, auth: AuthContext): WhereInput | undefined;
+export declare function mergeWhere(primary: Record<string, unknown>, policyWhere?: WhereInput): Record<string, unknown>;

package/dist/api/auth/policy.js

@@ -0,0 +1,95 @@
+import { POLICIES } from 'generated/policies.js';
+import { ForbiddenError } from './errors.js';
+import { interpolateTemplate } from './template.js';
+import { PUBLIC_ROLE } from './types.js';
+const SIMPLE_WHERE_PATTERN = /^(\w+)\s*(=|!=|<>|>=|<=|>|<)\s*(.+)$/;
+export { ForbiddenError, UnauthorizedError } from './errors.js';
+export function assertPolicy(model, role, operation) {
+    const policies = POLICIES[model];
+    if (!policies || policies.length === 0) {
+        throw new ForbiddenError(`No policies configured for model "${model}"`);
+    }
+    const policy = findPolicyForRole(policies, role);
+    if (!policy) {
+        throw new ForbiddenError(`Role "${role}" is not allowed to ${operation} ${model}`);
+    }
+    if (!isOperationAllowed(policy, operation)) {
+        throw new ForbiddenError(`Role "${role}" is not allowed to ${operation} ${model}`);
+    }
+    return policy;
+}
+export function resolvePolicyWhere(policy, auth) {
+    if (!policy.where) {
+        return undefined;
+    }
+    const interpolated = interpolateTemplate(policy.where, auth);
+    return parseSimpleWhereClause(interpolated);
+}
+export function mergeWhere(primary, policyWhere) {
+    if (!policyWhere || Object.keys(policyWhere).length === 0) {
+        return primary;
+    }
+    if (!primary || Object.keys(primary).length === 0) {
+        return policyWhere;
+    }
+    return { AND: [primary, policyWhere] };
+}
+function findPolicyForRole(policies, role) {
+    const directMatch = policies.find((policy) => policy.role === role);
+    if (directMatch) {
+        return directMatch;
+    }
+    if (role !== PUBLIC_ROLE) {
+        return policies.find((policy) => policy.role === PUBLIC_ROLE);
+    }
+    return undefined;
+}
+function isOperationAllowed(policy, operation) {
+    if (policy.operations === 'all') {
+        return true;
+    }
+    return policy.operations.includes(operation);
+}
+function parseSimpleWhereClause(clause) {
+    const trimmedClause = clause.trim();
+    const match = trimmedClause.match(SIMPLE_WHERE_PATTERN);
+    if (!match) {
+        throw new ForbiddenError(`Unsupported policy where clause "${clause}". Only simple "field op value" forms are supported.`);
+    }
+    const [, field, operator, rawValue] = match;
+    const value = parseWhereValue(rawValue.trim());
+    if (operator === '=') {
+        return { [field]: value };
+    }
+    if (operator === '!=' || operator === '<>') {
+        return { NOT: { [field]: value } };
+    }
+    const operatorMap = {
+        '>': 'gt',
+        '>=': 'gte',
+        '<': 'lt',
+        '<=': 'lte',
+    };
+    const mappedOperator = operatorMap[operator];
+    if (!mappedOperator) {
+        throw new ForbiddenError(`Unsupported policy where operator "${operator}"`);
+    }
+    return { [field]: { [mappedOperator]: value } };
+}
+function parseWhereValue(rawValue) {
+    if ((rawValue.startsWith("'") && rawValue.endsWith("'")) ||
+        (rawValue.startsWith('"') && rawValue.endsWith('"'))) {
+        return rawValue.slice(1, -1);
+    }
+    if (rawValue === 'true') {
+        return true;
+    }
+    if (rawValue === 'false') {
+        return false;
+    }
+    const numericValue = Number(rawValue);
+    if (!Number.isNaN(numericValue) && rawValue !== '') {
+        return numericValue;
+    }
+    return rawValue;
+}

package/dist/api/auth/template.d.ts

@@ -0,0 +1,2 @@
+import type { AuthContext } from './types.js';
+export declare function interpolateTemplate(template: string, auth: AuthContext): string;

package/dist/api/auth/template.js

@@ -0,0 +1,24 @@
+import { ForbiddenError } from './errors.js';
+const TEMPLATE_PATTERN = /\{\{([^}]+)\}\}/g;
+export function interpolateTemplate(template, auth) {
+    const root = { auth };
+    return template.replace(TEMPLATE_PATTERN, (_, rawPath) => {
+        const path = rawPath.trim();
+        const value = resolveAuthPath(root, path);
+        if (value === undefined || value === null) {
+            throw new ForbiddenError(`Missing auth context value for "${path}"`);
+        }
+        return String(value);
+    });
+}
+function resolveAuthPath(root, path) {
+    const segments = path.split('.').filter(Boolean);
+    let current = root;
+    for (const segment of segments) {
+        if (current === null || current === undefined || typeof current !== 'object') {
+            return undefined;
+        }
+        current = current[segment];
+    }
+    return current;
+}

package/dist/api/auth/types.d.ts

@@ -0,0 +1,12 @@
+import type { Context } from 'hono';
+import type { AppEnv } from '../types.js';
+export declare const PUBLIC_ROLE = "PUBLIC";
+export interface AuthUser {
+    id: string;
+    [key: string]: unknown;
+}
+export interface AuthContext {
+    role: string;
+    user?: AuthUser;
+}
+export type AuthResolver = (c: Context<AppEnv>) => Promise<AuthContext | null>;

package/dist/api/auth/types.js

@@ -0,0 +1 @@
+export const PUBLIC_ROLE = 'PUBLIC';

package/dist/api/middleware/db.d.ts

@@ -0,0 +1,8 @@
+import { Pool } from 'pg';
+import type { MiddlewareHandler } from 'hono';
+import type { DbClient } from 'generated/db.js';
+import type { AppEnv } from '../types.js';
+export declare const db: DbClient;
+export declare function createDbMiddleware(options?: {
+    pool?: Pool;
+}): MiddlewareHandler<AppEnv>;

package/dist/api/middleware/db.js

@@ -0,0 +1,12 @@
+import { Pool } from 'pg';
+import { createDbClient } from 'generated/db.js';
+import { getDatabaseUrl } from '../../db/config.js';
+const pool = new Pool({ connectionString: getDatabaseUrl() });
+export const db = createDbClient(pool);
+export function createDbMiddleware(options = {}) {
+    const client = options.pool ? createDbClient(options.pool) : db;
+    return async (c, next) => {
+        c.set('db', client);
+        await next();
+    };
+}

package/dist/api/middleware/errors.d.ts

@@ -0,0 +1,5 @@
+import type { ErrorHandler } from 'hono';
+export declare const handleError: ErrorHandler;
+export declare function notFoundResponse(c: {
+    json: (body: unknown, status: number) => Response;
+}): Response;

package/dist/api/middleware/errors.js

@@ -0,0 +1,27 @@
+import { ForbiddenError, UnauthorizedError } from '../auth/errors.js';
+import { DatabaseError, ForeignKeyConstraintError, UniqueConstraintError, } from '../../db/errors.js';
+export const handleError = (error, c) => {
+    if (error instanceof UnauthorizedError) {
+        return c.json({ error: error.message }, 401);
+    }
+    if (error instanceof ForbiddenError) {
+        return c.json({ error: error.message }, 403);
+    }
+    if (error instanceof UniqueConstraintError) {
+        return c.json({ error: error.message }, 409);
+    }
+    if (error instanceof ForeignKeyConstraintError) {
+        return c.json({ error: error.message }, 400);
+    }
+    if (error instanceof DatabaseError) {
+        return c.json({ error: error.message }, 500);
+    }
+    if (error instanceof Error && error.message.includes('returned no rows')) {
+        return c.json({ error: 'Not found' }, 404);
+    }
+    console.error(error);
+    return c.json({ error: 'Internal server error' }, 500);
+};
+export function notFoundResponse(c) {
+    return c.json({ error: 'Not found' }, 404);
+}

package/dist/api/middleware/validate.d.ts

@@ -0,0 +1,23 @@
+import type { ValidationTargets } from 'hono';
+import type { ZodSchema } from 'zod';
+export declare function validateJson<T extends ZodSchema>(schema: T): import("hono").MiddlewareHandler<import("hono").Env, string, {
+    in: (undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? true : false) extends true ? {
+        json?: ([T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never] extends [any] ? T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [never] ? {} : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [object] ? undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? ((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined) | (((Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined> extends infer T_3 ? { [K_2 in keyof T_3]: ([Exclude<T_3[K_2], undefined>] extends [string] ? [string & Exclude<T_3[K_2], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_3[K_2], undefined>>] ? false : true : false) extends true ? T_3[K_2] : ([unknown] extends [T_3[K_2]] ? false : undefined extends T_3[K_2] ? true : false) extends true ? T_3[K_2] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_2 ? { [K_1 in keyof T_2]: T_2[K_1]; } : never) extends infer T_1 ? { [K in keyof T_1]: T_1[K]; } : never) : (((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) extends infer T_6 ? { [K_5 in keyof T_6]: ([Exclude<T_6[K_5], undefined>] extends [string] ? [string & Exclude<T_6[K_5], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_6[K_5], undefined>>] ? false : true : false) extends true ? T_6[K_5] : ([unknown] extends [T_6[K_5]] ? false : undefined extends T_6[K_5] ? true : false) extends true ? T_6[K_5] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_5 ? { [K_4 in keyof T_5]: T_5[K_4]; } : never) extends infer T_4 ? { [K_3 in keyof T_4]: T_4[K_3]; } : never : {}) | undefined;
+    } : {
+        json: [T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never] extends [any] ? T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [never] ? {} : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [object] ? undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? ((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined) | (((Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined> extends infer T_9 ? { [K_2 in keyof T_9]: ([Exclude<T_9[K_2], undefined>] extends [string] ? [string & Exclude<T_9[K_2], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_9[K_2], undefined>>] ? false : true : false) extends true ? T_9[K_2] : ([unknown] extends [T_9[K_2]] ? false : undefined extends T_9[K_2] ? true : false) extends true ? T_9[K_2] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_8 ? { [K_1 in keyof T_8]: T_8[K_1]; } : never) extends infer T_7 ? { [K in keyof T_7]: T_7[K]; } : never) : (((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) extends infer T_12 ? { [K_5 in keyof T_12]: ([Exclude<T_12[K_5], undefined>] extends [string] ? [string & Exclude<T_12[K_5], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_12[K_5], undefined>>] ? false : true : false) extends true ? T_12[K_5] : ([unknown] extends [T_12[K_5]] ? false : undefined extends T_12[K_5] ? true : false) extends true ? T_12[K_5] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_11 ? { [K_4 in keyof T_11]: T_11[K_4]; } : never) extends infer T_10 ? { [K_3 in keyof T_10]: T_10[K_3]; } : never : {};
+    };
+    out: {
+        json: T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").output<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").infer<T> : never;
+    };
+}, Response>;
+export declare function validateParam<T extends ZodSchema>(schema: T): import("hono").MiddlewareHandler<import("hono").Env, string, {
+    in: (undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? true : false) extends true ? {
+        param?: ([T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never] extends [Record<string, string>] ? Record<string, string> & (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [never] ? {} : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [object] ? undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? ((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined) | (((Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined> extends infer T_3 ? { [K_2 in keyof T_3]: ([Exclude<T_3[K_2], undefined>] extends [string] ? [string & Exclude<T_3[K_2], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_3[K_2], undefined>>] ? false : true : false) extends true ? T_3[K_2] : ([unknown] extends [T_3[K_2]] ? false : undefined extends T_3[K_2] ? true : false) extends true ? T_3[K_2] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_2 ? { [K_1 in keyof T_2]: T_2[K_1]; } : never) extends infer T_1 ? { [K in keyof T_1]: T_1[K]; } : never) : (((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) extends infer T_6 ? { [K_5 in keyof T_6]: ([Exclude<T_6[K_5], undefined>] extends [string] ? [string & Exclude<T_6[K_5], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_6[K_5], undefined>>] ? false : true : false) extends true ? T_6[K_5] : ([unknown] extends [T_6[K_5]] ? false : undefined extends T_6[K_5] ? true : false) extends true ? T_6[K_5] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_5 ? { [K_4 in keyof T_5]: T_5[K_4]; } : never) extends infer T_4 ? { [K_3 in keyof T_4]: T_4[K_3]; } : never : {}) | undefined;
+    } : {
+        param: [T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never] extends [Record<string, string>] ? Record<string, string> & (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [never] ? {} : [Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, undefined>] extends [object] ? undefined extends (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) ? ((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined) | (((Exclude<T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never, (T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) & undefined> extends infer T_9 ? { [K_2 in keyof T_9]: ([Exclude<T_9[K_2], undefined>] extends [string] ? [string & Exclude<T_9[K_2], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_9[K_2], undefined>>] ? false : true : false) extends true ? T_9[K_2] : ([unknown] extends [T_9[K_2]] ? false : undefined extends T_9[K_2] ? true : false) extends true ? T_9[K_2] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_8 ? { [K_1 in keyof T_8]: T_8[K_1]; } : never) extends infer T_7 ? { [K in keyof T_7]: T_7[K]; } : never) : (((T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").input<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").input<T> : never) extends infer T_12 ? { [K_5 in keyof T_12]: ([Exclude<T_12[K_5], undefined>] extends [string] ? [string & Exclude<T_12[K_5], undefined>] extends [import("hono/utils/types").UnionToIntersection<string & Exclude<T_12[K_5], undefined>>] ? false : true : false) extends true ? T_12[K_5] : ([unknown] extends [T_12[K_5]] ? false : undefined extends T_12[K_5] ? true : false) extends true ? T_12[K_5] : Target extends "form" ? T$1 | T$1[] : Target extends "query" ? string | string[] : Target extends "param" ? string : Target extends "header" ? string : Target extends "cookie" ? string : unknown; } : never) extends infer T_11 ? { [K_4 in keyof T_11]: T_11[K_4]; } : never) extends infer T_10 ? { [K_3 in keyof T_10]: T_10[K_3]; } : never : {};
+    };
+    out: {
+        param: T extends import("zod/v3").ZodType<any, import("zod/v3").ZodTypeDef, any> ? import("zod/v3").output<T> : T extends import("zod/v4/core").$ZodType<unknown, unknown, import("zod/v4/core").$ZodTypeInternals<unknown, unknown>> ? import("zod").infer<T> : never;
+    };
+}, Response>;
+export type ValidationTarget = keyof ValidationTargets;

package/dist/api/middleware/validate.js

@@ -0,0 +1,13 @@
+import { zValidator } from '@hono/zod-validator';
+function validationHook(result, c) {
+    if (!result.success) {
+        const message = result.error.issues[0]?.message ?? 'Validation failed';
+        return c.json({ error: message }, 400);
+    }
+}
+export function validateJson(schema) {
+    return zValidator('json', schema, validationHook);
+}
+export function validateParam(schema) {
+    return zValidator('param', schema, validationHook);
+}

package/dist/api/types.d.ts

@@ -0,0 +1,8 @@
+import type { DbClient } from 'generated/db.js';
+import type { AuthContext } from './auth/types.js';
+export type AppEnv = {
+    Variables: {
+        db: DbClient;
+        auth: AuthContext;
+    };
+};

package/dist/api/types.js

@@ -0,0 +1 @@
+export {};

package/dist/api/utils/route-naming.d.ts

@@ -0,0 +1,3 @@
+export declare function toRouteBasePath(modelName: string): string;
+export declare function toRouteFileName(modelName: string): string;
+export declare function toRouteImportName(basePath: string): string;

package/dist/api/utils/route-naming.js

@@ -0,0 +1,25 @@
+import { pluralize } from '../../db/utils/naming.js';
+function toKebabCase(value) {
+    return value.replace(/([a-z0-9])([A-Z])/g, '$1-$2').toLowerCase();
+}
+export function toRouteBasePath(modelName) {
+    const camel = modelName.charAt(0).toLowerCase() + modelName.slice(1);
+    return pluralize(toKebabCase(camel));
+}
+export function toRouteFileName(modelName) {
+    return `${toRouteBasePath(modelName)}.ts`;
+}
+function segmentToCamelCase(segment, capitalizeFirst) {
+    const kebabCamel = segment.replace(/-([a-z])/g, (_, char) => char.toUpperCase());
+    if (!capitalizeFirst) {
+        return kebabCamel;
+    }
+    return kebabCamel.charAt(0).toUpperCase() + kebabCamel.slice(1);
+}
+export function toRouteImportName(basePath) {
+    const segments = basePath.split('/');
+    const camel = segments
+        .map((segment, index) => segmentToCamelCase(segment, index > 0))
+        .join('');
+    return `${camel}Router`;
+}

package/dist/api-generator/app-generator.d.ts

@@ -0,0 +1,11 @@
+import type { Schema } from '../schema-dsl/ast.js';
+export interface AppGeneratorOptions {
+    customRoutesDir?: string;
+}
+export declare class AppGenerator {
+    private readonly schema;
+    private readonly options;
+    constructor(schema: Schema, options?: AppGeneratorOptions);
+    generate(): string;
+}
+export declare function generateAppFile(schema: Schema, options?: AppGeneratorOptions): string;

package/dist/api-generator/app-generator.js

@@ -0,0 +1,79 @@
+import path from 'node:path';
+import { PACKAGE_NAME } from '../constants.js';
+import { discoverCustomRoutes } from './custom-route-scanner.js';
+import { getRouteMountEntries } from './route-generator.js';
+const DEFAULT_CUSTOM_ROUTES_DIR = path.resolve('src/routes');
+export class AppGenerator {
+    schema;
+    options;
+    constructor(schema, options = {}) {
+        this.schema = schema;
+        this.options = options;
+    }
+    generate() {
+        const mounts = getRouteMountEntries(this.schema);
+        const generatedImports = mounts
+            .map((entry) => `import ${entry.importName} from './routes/${entry.fileName.replace(/\.ts$/, '.js')}';`)
+            .join('\n');
+        const generatedRoutes = mounts
+            .map((entry) => `  app.route('/${entry.basePath}', ${entry.importName});`)
+            .join('\n');
+        const customRoutesDir = this.options.customRoutesDir ?? DEFAULT_CUSTOM_ROUTES_DIR;
+        const customMounts = discoverCustomRoutes(customRoutesDir);
+        const customImports = customMounts
+            .map((entry) => `import ${entry.importName} from '${entry.importPath}';`)
+            .join('\n');
+        const customRoutes = customMounts
+            .map((entry) => `  app.route('/${entry.basePath}', ${entry.importName});`)
+            .join('\n');
+        const routeImports = [generatedImports, customImports].filter(Boolean).join('\n');
+        const routeMounts = [generatedRoutes, customRoutes].filter(Boolean).join('\n');
+        return [
+            '// Auto-generated by AppGenerator. Do not edit manually.',
+            "import { pathToFileURL } from 'node:url';",
+            "import { Pool } from 'pg';",
+            "import { Hono } from 'hono';",
+            "import { logger } from 'hono/logger';",
+            "import { prettyJSON } from 'hono/pretty-json';",
+            "import { serve } from '@hono/node-server';",
+            routeImports,
+            `import { createAuthMiddleware } from '${PACKAGE_NAME}/api/auth/middleware';`,
+            `import { createJwtResolver } from '${PACKAGE_NAME}/api/auth/jwt-resolver';`,
+            `import type { AuthResolver } from '${PACKAGE_NAME}/api/auth/types';`,
+            `import { createDbMiddleware } from '${PACKAGE_NAME}/api/middleware/db';`,
+            `import { handleError } from '${PACKAGE_NAME}/api/middleware/errors';`,
+            `import type { AppEnv } from '${PACKAGE_NAME}/api/types';`,
+            '',
+            'export interface CreateAppOptions {',
+            '  pool?: Pool;',
+            '  authResolver?: AuthResolver;',
+            '}',
+            '',
+            'export function createApp(options: CreateAppOptions = {}): Hono<AppEnv> {',
+            '  const app = new Hono<AppEnv>();',
+            '  app.use(logger());',
+            '  app.use(prettyJSON());',
+            '  app.use(createDbMiddleware({ pool: options.pool }));',
+            '  app.use(createAuthMiddleware(options.authResolver ?? createJwtResolver()));',
+            '  app.onError(handleError);',
+            '',
+            routeMounts,
+            '',
+            '  return app;',
+            '}',
+            '',
+            'const isMain = import.meta.url === pathToFileURL(process.argv[1] ?? \'\').href;',
+            '',
+            'if (isMain) {',
+            '  const port = Number(process.env.PORT ?? 3000);',
+            '  serve({ fetch: createApp().fetch, port }, () => {',
+            '    console.log(`Server running at http://localhost:${port}`);',
+            '  });',
+            '}',
+            '',
+        ].join('\n');
+    }
+}
+export function generateAppFile(schema, options) {
+    return new AppGenerator(schema, options).generate();
+}

package/dist/api-generator/custom-route-scanner.d.ts

@@ -0,0 +1,6 @@
+export interface CustomRouteMountEntry {
+    basePath: string;
+    importName: string;
+    importPath: string;
+}
+export declare function discoverCustomRoutes(customRoutesDir: string): CustomRouteMountEntry[];

package/dist/api-generator/custom-route-scanner.js

@@ -0,0 +1,42 @@
+import { existsSync, readdirSync, statSync } from 'node:fs';
+import path from 'node:path';
+import { toRouteImportName } from '../api/utils/route-naming.js';
+function isRouteFile(filename) {
+    return (filename.endsWith('.ts') &&
+        !filename.endsWith('.test.ts') &&
+        !filename.endsWith('.d.ts') &&
+        !filename.startsWith('_'));
+}
+function isSkippedDir(dirname) {
+    return dirname.startsWith('_');
+}
+function scanDirectory(customRoutesDir, relativeDir, entries) {
+    const absoluteDir = relativeDir ? path.join(customRoutesDir, relativeDir) : customRoutesDir;
+    for (const entry of readdirSync(absoluteDir)) {
+        const entryRelativePath = relativeDir ? `${relativeDir}/${entry}` : entry;
+        const absolutePath = path.join(customRoutesDir, entryRelativePath);
+        if (statSync(absolutePath).isDirectory()) {
+            if (!isSkippedDir(entry)) {
+                scanDirectory(customRoutesDir, entryRelativePath, entries);
+            }
+            continue;
+        }
+        if (!isRouteFile(entry)) {
+            continue;
+        }
+        const basePath = entryRelativePath.replace(/\.ts$/, '').replace(/\\/g, '/');
+        entries.push({
+            basePath,
+            importName: toRouteImportName(basePath),
+            importPath: `../src/routes/${basePath}.js`,
+        });
+    }
+}
+export function discoverCustomRoutes(customRoutesDir) {
+    if (!existsSync(customRoutesDir)) {
+        return [];
+    }
+    const entries = [];
+    scanDirectory(customRoutesDir, '', entries);
+    return entries.sort((left, right) => left.basePath.localeCompare(right.basePath));
+}

package/dist/api-generator/generate-api-cli.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/api-generator/generate-api-cli.js

@@ -0,0 +1,28 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import path from 'node:path';
+import { parse } from '../schema-dsl/index.js';
+import { generateApiFiles } from './index.js';
+const DEFAULT_SCHEMA_PATH = path.resolve('app.schema');
+const DEFAULT_CUSTOM_ROUTES_DIR = path.resolve('src/routes');
+const OUTPUT_DIR = path.resolve('generated');
+const ROUTES_DIR = path.join(OUTPUT_DIR, 'routes');
+const SCHEMAS_DIR = path.join(OUTPUT_DIR, 'schemas');
+async function main() {
+    const schemaPath = process.argv[2] ?? DEFAULT_SCHEMA_PATH;
+    const source = await readFile(schemaPath, 'utf8');
+    const schema = parse(source);
+    const files = generateApiFiles(schema, { customRoutesDir: DEFAULT_CUSTOM_ROUTES_DIR });
+    await mkdir(ROUTES_DIR, { recursive: true });
+    await mkdir(SCHEMAS_DIR, { recursive: true });
+    await writeFile(path.join(OUTPUT_DIR, 'app.ts'), files.app, 'utf8');
+    await writeFile(path.join(OUTPUT_DIR, 'policies.ts'), files.policies, 'utf8');
+    await writeFile(path.join(SCHEMAS_DIR, 'validation.ts'), files.validation, 'utf8');
+    for (const [fileName, content] of files.routes) {
+        await writeFile(path.join(ROUTES_DIR, fileName), content, 'utf8');
+    }
+    console.log(`Generated API files in ${OUTPUT_DIR}`);
+}
+main().catch((error) => {
+    console.error(error instanceof Error ? error.message : error);
+    process.exit(1);
+});

package/dist/api-generator/index.d.ts

@@ -0,0 +1,11 @@
+import type { Schema } from '../schema-dsl/ast.js';
+export interface GeneratedApiFiles {
+    app: string;
+    policies: string;
+    validation: string;
+    routes: Map<string, string>;
+}
+export interface GenerateApiFilesOptions {
+    customRoutesDir?: string;
+}
+export declare function generateApiFiles(schema: Schema, options?: GenerateApiFilesOptions): GeneratedApiFiles;