sql-guard 0.1.0 → 0.2.0

package/README.md

@@ -78,6 +78,7 @@ export interface Policy {
   allowedFunctions?: string[];
   tableIdentifierMatching?: 'strict' | 'caseInsensitive';
   resolver?: (unqualified: string) => string | null;
+  defaultSchema?: string;
 }
 ```
 
@@ -90,19 +91,47 @@ Defaults and behavior:
 - `allowedFunctions` defaults to `[]`, which means any function call is denied unless allowlisted.
 - `tableIdentifierMatching` defaults to `'strict'` (exact case-sensitive table matching).
 - Set `tableIdentifierMatching: 'caseInsensitive'` to preserve case-insensitive table matching.
-- Unqualified table references in SQL are denied unless you provide `resolver` to map them to `schema.table`.
+- Unqualified table references in SQL are denied unless you provide `defaultSchema` or `resolver` to map them to `schema.table`.
+- `defaultSchema`: when provided, unqualified `allowedTables` entries are auto-qualified with this schema, and unqualified SQL references resolve to it.
+- `resolver`: optional function to map unqualified names to qualified names. Takes precedence over `defaultSchema`.
+- Metadata schemas (`information_schema`, `pg_catalog`) are treated specially and must be explicitly allowlisted even when using `defaultSchema`. Setting `defaultSchema` to a metadata schema name does not grant automatic access.
 - Unqualified function allowlist entries (for example, `lower`) match only unqualified calls (`lower(...)`).
 - Schema-qualified function calls require schema-qualified allowlist entries (`pg_catalog.current_database`).
 
-Strict policy examples:
+Policy examples:
 
 ```ts
+// Explicit schema-qualified tables
 const strictPolicy = {
   allowedTables: ['public.users', 'analytics.events'],
   allowedFunctions: ['lower', 'pg_catalog.current_database'],
   resolver: (unqualified: string) =>
     unqualified === 'users' ? 'public.users' : null,
 };
+
+// Using defaultSchema for simpler configuration
+const defaultSchemaPolicy = {
+  defaultSchema: 'public',
+  allowedTables: ['users', 'orders', 'products'],
+  // Treated as ['public.users', 'public.orders', 'public.products']
+};
+
+// Mixed: defaultSchema + explicit qualified tables
+const mixedPolicy = {
+  defaultSchema: 'public',
+  allowedTables: ['users', 'analytics.events'],
+  // Treated as ['public.users', 'analytics.events']
+};
+
+// Resolver takes precedence over defaultSchema
+const resolverPolicy = {
+  defaultSchema: 'public',
+  allowedTables: ['public.users', 'archive.users'],
+  resolver: (name: string) =>
+    name === 'old_users' ? 'archive.users' : null,
+  // 'users' resolves to 'public.users' via defaultSchema
+  // 'old_users' resolves to 'archive.users' via resolver
+};
 ```
 
 ## Security Model
@@ -151,19 +180,6 @@ This is a guardrail for LLM output. It helps enforce least privilege at the quer
 - `table`
 - `function`
 
-## Publishing
-
-For first time npm publish:
-
-```bash
-npm login
-npm publish --access public
-```
-
-Notes:
-
-- `prepublishOnly` runs typecheck, tests, and build, so publishing requires Bun in your environment.
-
 ## License
 
 MIT

package/dist/cjs/index.cjs

@@ -2,27 +2,37 @@ var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
+function __accessProp(key) {
+  return this[key];
+}
 var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
   if (entry)
     return entry;
   entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
   __moduleCache.set(from, entry);
   return entry;
 };
+var __moduleCache;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: (newValue) => all[name] = () => newValue
+      set: __exportSetter.bind(all, name)
     });
 };
 
@@ -458,6 +468,13 @@ function parseIdentifierSegment(value) {
   }
   return { value: trimmed };
 }
+function isUnqualifiedName(value) {
+  if (typeof value !== "string") {
+    return false;
+  }
+  const segments = splitQualifiedNameSegments(value.trim());
+  return segments !== null && segments.length === 1;
+}
 function splitQualifiedNameSegments(value) {
   if (!value) {
     return null;
@@ -534,9 +551,21 @@ function normalizeTableReference(ref, policy, mode = policy.tableIdentifierMatch
       };
     }
   }
+  if (policy.defaultSchema) {
+    const schema = normalizeIdentifier(policy.defaultSchema, mode);
+    const name = normalizeIdentifier(ref.name, mode);
+    return {
+      success: true,
+      table: {
+        schema,
+        name,
+        fullyQualified: `${schema}.${name}`
+      }
+    };
+  }
   return {
     success: false,
-    error: `Unqualified table reference '${ref.name}' not allowed without resolver`
+    error: `Unqualified table reference '${ref.name}' not allowed. Provide 'defaultSchema' or 'resolver' in policy.`
   };
 }
 function normalizeIdentifier(ident, mode) {
@@ -811,9 +840,27 @@ function compilePolicy(policy) {
   if (tableIdentifierMatching !== "strict" && tableIdentifierMatching !== "caseInsensitive") {
     return invalidPolicy("Policy 'tableIdentifierMatching' must be either 'strict' or 'caseInsensitive'");
   }
+  const METADATA_SCHEMAS = new Set(["information_schema", "pg_catalog"]);
+  const defaultSchema = policy.defaultSchema?.trim();
+  if (defaultSchema !== undefined) {
+    if (defaultSchema.length === 0) {
+      return invalidPolicy("Policy 'defaultSchema' must be a non-empty string when provided");
+    }
+    if (defaultSchema.includes(".") || !/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(defaultSchema)) {
+      return invalidPolicy("Policy 'defaultSchema' must be a valid SQL identifier without dots");
+    }
+    if (METADATA_SCHEMAS.has(defaultSchema.toLowerCase())) {
+      return invalidPolicy("Policy 'defaultSchema' cannot be a metadata schema (information_schema, pg_catalog). Metadata tables must be explicitly allowlisted.");
+    }
+  }
+  const normalizedDefaultSchema = defaultSchema ? canonicalizeIdentifier(defaultSchema, tableIdentifierMatching) : undefined;
   const allowedTables = new Set;
   for (const table of policy.allowedTables) {
-    const canonical = canonicalizeQualifiedName(table, tableIdentifierMatching);
+    let tableToCanonicalize = table;
+    if (normalizedDefaultSchema && isUnqualifiedName(table)) {
+      tableToCanonicalize = `${normalizedDefaultSchema}.${table}`;
+    }
+    const canonical = canonicalizeQualifiedName(tableToCanonicalize, tableIdentifierMatching);
     if (!canonical) {
       return invalidPolicy(`Policy entry '${String(table)}' is invalid. allowedTables entries must be schema-qualified as 'schema.table'`);
     }
@@ -844,7 +891,8 @@ function compilePolicy(policy) {
       allowedTables,
       allowedFunctionsUnqualified,
       allowedFunctionsQualified,
-      tableIdentifierMatching
+      tableIdentifierMatching,
+      defaultSchema: normalizedDefaultSchema
     }
   };
 }

package/dist/esm/index.js

@@ -411,6 +411,13 @@ function parseIdentifierSegment(value) {
   }
   return { value: trimmed };
 }
+function isUnqualifiedName(value) {
+  if (typeof value !== "string") {
+    return false;
+  }
+  const segments = splitQualifiedNameSegments(value.trim());
+  return segments !== null && segments.length === 1;
+}
 function splitQualifiedNameSegments(value) {
   if (!value) {
     return null;
@@ -487,9 +494,21 @@ function normalizeTableReference(ref, policy, mode = policy.tableIdentifierMatch
       };
     }
   }
+  if (policy.defaultSchema) {
+    const schema = normalizeIdentifier(policy.defaultSchema, mode);
+    const name = normalizeIdentifier(ref.name, mode);
+    return {
+      success: true,
+      table: {
+        schema,
+        name,
+        fullyQualified: `${schema}.${name}`
+      }
+    };
+  }
   return {
     success: false,
-    error: `Unqualified table reference '${ref.name}' not allowed without resolver`
+    error: `Unqualified table reference '${ref.name}' not allowed. Provide 'defaultSchema' or 'resolver' in policy.`
   };
 }
 function normalizeIdentifier(ident, mode) {
@@ -764,9 +783,27 @@ function compilePolicy(policy) {
   if (tableIdentifierMatching !== "strict" && tableIdentifierMatching !== "caseInsensitive") {
     return invalidPolicy("Policy 'tableIdentifierMatching' must be either 'strict' or 'caseInsensitive'");
   }
+  const METADATA_SCHEMAS = new Set(["information_schema", "pg_catalog"]);
+  const defaultSchema = policy.defaultSchema?.trim();
+  if (defaultSchema !== undefined) {
+    if (defaultSchema.length === 0) {
+      return invalidPolicy("Policy 'defaultSchema' must be a non-empty string when provided");
+    }
+    if (defaultSchema.includes(".") || !/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(defaultSchema)) {
+      return invalidPolicy("Policy 'defaultSchema' must be a valid SQL identifier without dots");
+    }
+    if (METADATA_SCHEMAS.has(defaultSchema.toLowerCase())) {
+      return invalidPolicy("Policy 'defaultSchema' cannot be a metadata schema (information_schema, pg_catalog). Metadata tables must be explicitly allowlisted.");
+    }
+  }
+  const normalizedDefaultSchema = defaultSchema ? canonicalizeIdentifier(defaultSchema, tableIdentifierMatching) : undefined;
   const allowedTables = new Set;
   for (const table of policy.allowedTables) {
-    const canonical = canonicalizeQualifiedName(table, tableIdentifierMatching);
+    let tableToCanonicalize = table;
+    if (normalizedDefaultSchema && isUnqualifiedName(table)) {
+      tableToCanonicalize = `${normalizedDefaultSchema}.${table}`;
+    }
+    const canonical = canonicalizeQualifiedName(tableToCanonicalize, tableIdentifierMatching);
     if (!canonical) {
       return invalidPolicy(`Policy entry '${String(table)}' is invalid. allowedTables entries must be schema-qualified as 'schema.table'`);
     }
@@ -797,7 +834,8 @@ function compilePolicy(policy) {
       allowedTables,
       allowedFunctionsUnqualified,
       allowedFunctionsQualified,
-      tableIdentifierMatching
+      tableIdentifierMatching,
+      defaultSchema: normalizedDefaultSchema
     }
   };
 }

package/dist/normalize/identifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identifier.d.ts","sourceRoot":"","sources":["../../src/normalize/identifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,uBAAoE,GACzE,mBAAmB,CAmDrB;AAcD;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,eAAe,EAC3B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,EAC/B,IAAI,GAAE,uBAAkC,GACvC,OAAO,CAcT"}
+{"version":3,"file":"identifier.d.ts","sourceRoot":"","sources":["../../src/normalize/identifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,uBAAoE,GACzE,mBAAmB,CAiErB;AAcD;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,eAAe,EAC3B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,EAC/B,IAAI,GAAE,uBAAkC,GACvC,OAAO,CAcT"}

package/dist/normalize/qualified-name.d.ts

@@ -6,4 +6,18 @@ export interface QualifiedNameParts {
 }
 export declare function parseQualifiedName(value: unknown, mode?: TableIdentifierMatching): QualifiedNameParts | null;
 export declare function canonicalizeIdentifier(value: string, mode: TableIdentifierMatching): string;
+/**
+ * Check if a table name is unqualified (has no schema prefix).
+ * Uses quote-aware parsing to correctly handle quoted identifiers with dots.
+ *
+ * Examples:
+ * - `users` → true (unqualified)
+ * - `"audit.log"` → true (unqualified, dot is inside identifier)
+ * - `public.users` → false (qualified)
+ * - `"public"."users"` → false (qualified)
+ *
+ * @param value The table name to check
+ * @returns True if the name is unqualified (single segment)
+ */
+export declare function isUnqualifiedName(value: unknown): boolean;
 //# sourceMappingURL=qualified-name.d.ts.map

package/dist/normalize/qualified-name.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"qualified-name.d.ts","sourceRoot":"","sources":["../../src/normalize/qualified-name.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE/D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,EACd,IAAI,GAAE,uBAAkC,GACvC,kBAAkB,GAAG,IAAI,CA2B3B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,uBAAuB,GAC5B,MAAM,CAGR"}
+{"version":3,"file":"qualified-name.d.ts","sourceRoot":"","sources":["../../src/normalize/qualified-name.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE/D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,EACd,IAAI,GAAE,uBAAkC,GACvC,kBAAkB,GAAG,IAAI,CA2B3B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,uBAAuB,GAC5B,MAAM,CAGR;AA6BD;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAOzD"}

package/dist/policy/compile-policy.d.ts

@@ -5,6 +5,7 @@ export interface CompiledPolicy {
     allowedFunctionsUnqualified: Set<string>;
     allowedFunctionsQualified: Set<string>;
     tableIdentifierMatching: TableIdentifierMatching;
+    defaultSchema?: string;
 }
 type CompilePolicyResult = {
     success: true;

package/dist/policy/compile-policy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compile-policy.d.ts","sourceRoot":"","sources":["../../src/policy/compile-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3B,2BAA2B,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,yBAAyB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,uBAAuB,EAAE,uBAAuB,CAAC;CAClD;AAED,KAAK,mBAAmB,GACpB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,cAAc,CAAA;CAAE,GAC3C;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,SAAS,EAAE,SAAS,CAAC,cAAc,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAAC;AAElF,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAwDjE;AA2BD,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,IAAI,GAAE,uBAAkC,GACvC,MAAM,GAAG,IAAI,CAGf"}
+{"version":3,"file":"compile-policy.d.ts","sourceRoot":"","sources":["../../src/policy/compile-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3B,2BAA2B,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,yBAAyB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,KAAK,mBAAmB,GACpB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,cAAc,CAAA;CAAE,GAC3C;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,SAAS,EAAE,SAAS,CAAC,cAAc,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAAC;AAElF,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAuFjE;AA2BD,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,IAAI,GAAE,uBAAkC,GACvC,MAAM,GAAG,IAAI,CAGf"}

package/dist/types/public.d.ts

@@ -97,6 +97,19 @@ export interface Policy {
      * ```
      */
     resolver?: (unqualified: string) => string | null;
+    /**
+     * Default schema to use for unqualified table references.
+     * When provided, entries in `allowedTables` without a schema qualifier are
+     * automatically prefixed with this schema. Also used to resolve unqualified
+     * table references in SQL (unless a resolver is provided that returns non-null).
+     *
+     * @example
+     * ```typescript
+     * defaultSchema: 'public',
+     * allowedTables: ['users', 'orders'] // treated as ['public.users', 'public.orders']
+     * ```
+     */
+    defaultSchema?: string;
 }
 /**
  * Result of validating a SQL query against a policy.

package/dist/types/public.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"public.d.ts","sourceRoot":"","sources":["../../src/types/public.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,oBAAY,SAAS;IACnB,0CAA0C;IAC1C,WAAW,gBAAgB;IAC3B,8EAA8E;IAC9E,uBAAuB,4BAA4B;IACnD,wDAAwD;IACxD,iBAAiB,sBAAsB;IACvC,yEAAyE;IACzE,qBAAqB,0BAA0B;IAC/C,qDAAqD;IACrD,oBAAoB,yBAAyB;IAC7C,+EAA+E;IAC/E,wBAAwB,6BAA6B;IACrD,sCAAsC;IACtC,cAAc,mBAAmB;CAClC;AAED;;;;;GAKG;AACH,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,iBAAiB,CAAC;AAEnE;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,MAAM;IACrB;;;;OAIG;IACH,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAC;IAElE;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAElD;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;CACnD;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,EAAE,EAAE,OAAO,CAAC;IACZ,uEAAuE;IACvE,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,wBAAwB;IACxB,IAAI,EAAE,OAAO,GAAG,WAAW,GAAG,UAAU,GAAG,OAAO,GAAG,aAAa,GAAG,QAAQ,CAAC;IAC9E,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IASzC,2DAA2D;aAC3C,IAAI,EAAE,SAAS;IAC/B,kDAAkD;aAClC,UAAU,EAAE,SAAS,EAAE;IAXzC;;;;;OAKG;gBAED,OAAO,EAAE,MAAM;IACf,2DAA2D;IAC3C,IAAI,EAAE,SAAS;IAC/B,kDAAkD;IAClC,UAAU,EAAE,SAAS,EAAE;CAK1C"}
+{"version":3,"file":"public.d.ts","sourceRoot":"","sources":["../../src/types/public.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,oBAAY,SAAS;IACnB,0CAA0C;IAC1C,WAAW,gBAAgB;IAC3B,8EAA8E;IAC9E,uBAAuB,4BAA4B;IACnD,wDAAwD;IACxD,iBAAiB,sBAAsB;IACvC,yEAAyE;IACzE,qBAAqB,0BAA0B;IAC/C,qDAAqD;IACrD,oBAAoB,yBAAyB;IAC7C,+EAA+E;IAC/E,wBAAwB,6BAA6B;IACrD,sCAAsC;IACtC,cAAc,mBAAmB;CAClC;AAED;;;;;GAKG;AACH,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,iBAAiB,CAAC;AAEnE;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,MAAM;IACrB;;;;OAIG;IACH,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAC;IAElE;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAElD;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAElD;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,EAAE,EAAE,OAAO,CAAC;IACZ,uEAAuE;IACvE,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,wBAAwB;IACxB,IAAI,EAAE,OAAO,GAAG,WAAW,GAAG,UAAU,GAAG,OAAO,GAAG,aAAa,GAAG,QAAQ,CAAC;IAC9E,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IASzC,2DAA2D;aAC3C,IAAI,EAAE,SAAS;IAC/B,kDAAkD;aAClC,UAAU,EAAE,SAAS,EAAE;IAXzC;;;;;OAKG;gBAED,OAAO,EAAE,MAAM;IACf,2DAA2D;IAC3C,IAAI,EAAE,SAAS;IAC/B,kDAAkD;IAClC,UAAU,EAAE,SAAS,EAAE;CAK1C"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sql-guard",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Validate AI-generated PostgreSQL queries against explicit table allowlists",
   "type": "module",
   "sideEffects": false,
@@ -43,8 +43,36 @@
     "security",
     "llm",
     "guard",
-    "allowlist"
+    "allowlist",
+    "validation",
+    "postgresql",
+    "postgres",
+    "ast",
+    "parser",
+    "sanitize",
+    "injection",
+    "prevent",
+    "ai",
+    "chatgpt",
+    "codegen",
+    "database",
+    "query",
+    "policy",
+    "whitelist",
+    "rbac",
+    "least-privilege"
   ],
-  "author": "",
-  "license": "MIT"
+  "author": "Nur Zaman",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nur-zaman/sql-guard.git"
+  },
+  "bugs": {
+    "url": "https://github.com/nur-zaman/sql-guard/issues"
+  },
+  "homepage": "https://github.com/nur-zaman/sql-guard#readme",
+  "engines": {
+    "node": ">=18"
+  }
 }