stripe-experiment-sync 1.0.2 → 1.0.6

package/dist/supabase/index.cjs

@@ -0,0 +1,509 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/supabase/index.ts
+var supabase_exports = {};
+__export(supabase_exports, {
+  INSTALLATION_ERROR_SUFFIX: () => INSTALLATION_ERROR_SUFFIX,
+  INSTALLATION_INSTALLED_SUFFIX: () => INSTALLATION_INSTALLED_SUFFIX,
+  INSTALLATION_STARTED_SUFFIX: () => INSTALLATION_STARTED_SUFFIX,
+  STRIPE_SCHEMA_COMMENT_PREFIX: () => STRIPE_SCHEMA_COMMENT_PREFIX,
+  SupabaseDeployClient: () => SupabaseSetupClient,
+  SupabaseSetupClient: () => SupabaseSetupClient,
+  install: () => install,
+  setupFunctionCode: () => setupFunctionCode,
+  uninstall: () => uninstall,
+  webhookFunctionCode: () => webhookFunctionCode,
+  workerFunctionCode: () => workerFunctionCode
+});
+module.exports = __toCommonJS(supabase_exports);
+
+// src/supabase/supabase.ts
+var import_supabase_management_js = require("supabase-management-js");
+
+// raw-ts:/home/runner/work/stripe-sync-engine/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-setup.ts
+var stripe_setup_default = "import { StripeSync, runMigrations } from 'npm:stripe-experiment-sync'\n\nDeno.serve(async (req) => {\n  if (req.method !== 'POST') {\n    return new Response('Method not allowed', { status: 405 })\n  }\n\n  const authHeader = req.headers.get('Authorization')\n  if (!authHeader?.startsWith('Bearer ')) {\n    return new Response('Unauthorized', { status: 401 })\n  }\n\n  let stripeSync = null\n  try {\n    // Get and validate database URL\n    const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n    if (!rawDbUrl) {\n      throw new Error('SUPABASE_DB_URL environment variable is not set')\n    }\n    // Remove sslmode from connection string (not supported by pg in Deno)\n    const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n    await runMigrations({ databaseUrl: dbUrl })\n\n    stripeSync = new StripeSync({\n      poolConfig: { connectionString: dbUrl, max: 2 }, // Need 2 for advisory lock + queries\n      stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY'),\n    })\n\n    // Release any stale advisory locks from previous timeouts\n    await stripeSync.postgresClient.query('SELECT pg_advisory_unlock_all()')\n\n    // Construct webhook URL from SUPABASE_URL (available in all Edge Functions)\n    const supabaseUrl = Deno.env.get('SUPABASE_URL')\n    if (!supabaseUrl) {\n      throw new Error('SUPABASE_URL environment variable is not set')\n    }\n    const webhookUrl = supabaseUrl + '/functions/v1/stripe-webhook'\n\n    const webhook = await stripeSync.findOrCreateManagedWebhook(webhookUrl)\n\n    await stripeSync.postgresClient.pool.end()\n\n    return new Response(\n      JSON.stringify({\n        success: true,\n        message: 'Setup complete',\n        webhookId: webhook.id,\n      }),\n      {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      }\n    )\n  } catch (error) {\n    console.error('Setup error:', error)\n    // Cleanup on error\n    if (stripeSync) {\n      try {\n        await stripeSync.postgresClient.query('SELECT pg_advisory_unlock_all()')\n        await stripeSync.postgresClient.pool.end()\n      } catch (cleanupErr) {\n        console.warn('Cleanup failed:', cleanupErr)\n      }\n    }\n    return new Response(JSON.stringify({ success: false, error: error.message }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n})\n";
+
+// raw-ts:/home/runner/work/stripe-sync-engine/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-webhook.ts
+var stripe_webhook_default = "import { StripeSync } from 'npm:stripe-experiment-sync'\n\nDeno.serve(async (req) => {\n  if (req.method !== 'POST') {\n    return new Response('Method not allowed', { status: 405 })\n  }\n\n  const sig = req.headers.get('stripe-signature')\n  if (!sig) {\n    return new Response('Missing stripe-signature header', { status: 400 })\n  }\n\n  const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n  if (!rawDbUrl) {\n    return new Response(JSON.stringify({ error: 'SUPABASE_DB_URL not set' }), { status: 500 })\n  }\n  const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n  const stripeSync = new StripeSync({\n    poolConfig: { connectionString: dbUrl, max: 1 },\n    stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY')!,\n  })\n\n  try {\n    const rawBody = new Uint8Array(await req.arrayBuffer())\n    await stripeSync.processWebhook(rawBody, sig)\n    return new Response(JSON.stringify({ received: true }), {\n      status: 200,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n    const isSignatureError =\n      error.message?.includes('signature') || error.type === 'StripeSignatureVerificationError'\n    const status = isSignatureError ? 400 : 500\n    return new Response(JSON.stringify({ error: error.message }), {\n      status,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } finally {\n    await stripeSync.postgresClient.pool.end()\n  }\n})\n";
+
+// raw-ts:/home/runner/work/stripe-sync-engine/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-worker.ts
+var stripe_worker_default = "/**\n * Stripe Sync Worker\n *\n * Triggered by pg_cron every 10 seconds. Uses pgmq for durable work queue.\n *\n * Flow:\n * 1. Read batch of messages from pgmq (qty=10, vt=60s)\n * 2. If queue empty: enqueue all objects (continuous sync)\n * 3. Process messages in parallel (Promise.all):\n *    - processNext(object)\n *    - Delete message on success\n *    - Re-enqueue if hasMore\n * 4. Return results summary\n *\n * Concurrency:\n * - Multiple workers can run concurrently via overlapping pg_cron triggers.\n * - Each worker processes its batch of messages in parallel (Promise.all).\n * - pgmq visibility timeout prevents duplicate message reads across workers.\n * - processNext() is idempotent (uses internal cursor tracking), so duplicate\n *   processing on timeout/crash is safe.\n */\n\nimport { StripeSync } from 'npm:stripe-experiment-sync'\nimport postgres from 'npm:postgres'\n\nconst QUEUE_NAME = 'stripe_sync_work'\nconst VISIBILITY_TIMEOUT = 60 // seconds\nconst BATCH_SIZE = 10\n\nDeno.serve(async (req) => {\n  const authHeader = req.headers.get('Authorization')\n  if (!authHeader?.startsWith('Bearer ')) {\n    return new Response('Unauthorized', { status: 401 })\n  }\n\n  const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n  if (!rawDbUrl) {\n    return new Response(JSON.stringify({ error: 'SUPABASE_DB_URL not set' }), { status: 500 })\n  }\n  const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n  let sql\n  let stripeSync\n\n  try {\n    sql = postgres(dbUrl, { max: 1, prepare: false })\n  } catch (error) {\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create postgres connection',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    stripeSync = new StripeSync({\n      poolConfig: { connectionString: dbUrl, max: 1 },\n      stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY')!,\n    })\n  } catch (error) {\n    await sql.end()\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create StripeSync',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    // Read batch of messages from queue\n    const messages = await sql`\n      SELECT * FROM pgmq.read(${QUEUE_NAME}::text, ${VISIBILITY_TIMEOUT}::int, ${BATCH_SIZE}::int)\n    `\n\n    // If queue empty, enqueue all objects for continuous sync\n    if (messages.length === 0) {\n      const objects = stripeSync.getSupportedSyncObjects()\n      const msgs = objects.map((object) => JSON.stringify({ object }))\n\n      await sql`\n        SELECT pgmq.send_batch(\n          ${QUEUE_NAME}::text,\n          ${sql.array(msgs)}::jsonb[]\n        )\n      `\n\n      return new Response(JSON.stringify({ enqueued: objects.length, objects }), {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      })\n    }\n\n    // Process messages in parallel\n    const results = await Promise.all(\n      messages.map(async (msg) => {\n        const { object } = msg.message as { object: string }\n\n        try {\n          const result = await stripeSync.processNext(object)\n\n          // Delete message on success (cast to bigint to disambiguate overloaded function)\n          await sql`SELECT pgmq.delete(${QUEUE_NAME}::text, ${msg.msg_id}::bigint)`\n\n          // Re-enqueue if more pages\n          if (result.hasMore) {\n            await sql`SELECT pgmq.send(${QUEUE_NAME}::text, ${sql.json({ object })}::jsonb)`\n          }\n\n          return { object, ...result }\n        } catch (error) {\n          // Log error but continue to next message\n          // Message will become visible again after visibility timeout\n          console.error(`Error processing ${object}:`, error)\n          return {\n            object,\n            processed: 0,\n            hasMore: false,\n            error: error.message,\n            stack: error.stack,\n          }\n        }\n      })\n    )\n\n    return new Response(JSON.stringify({ results }), {\n      status: 200,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } catch (error) {\n    console.error('Worker error:', error)\n    return new Response(JSON.stringify({ error: error.message, stack: error.stack }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } finally {\n    if (sql) await sql.end()\n    if (stripeSync) await stripeSync.postgresClient.pool.end()\n  }\n})\n";
+
+// src/supabase/edge-function-code.ts
+var setupFunctionCode = stripe_setup_default;
+var webhookFunctionCode = stripe_webhook_default;
+var workerFunctionCode = stripe_worker_default;
+
+// package.json
+var package_default = {
+  name: "stripe-experiment-sync",
+  version: "1.0.6",
+  private: false,
+  description: "Stripe Sync Engine to sync Stripe data to Postgres",
+  type: "module",
+  main: "./dist/index.cjs",
+  bin: "./dist/cli/index.cjs",
+  exports: {
+    ".": {
+      types: "./dist/index.d.ts",
+      import: "./dist/index.js",
+      require: "./dist/index.cjs"
+    },
+    "./supabase": {
+      types: "./dist/supabase/index.d.ts",
+      import: "./dist/supabase/index.js",
+      require: "./dist/supabase/index.cjs"
+    }
+  },
+  scripts: {
+    clean: "rimraf dist",
+    prebuild: "npm run clean",
+    build: "tsup src/index.ts src/supabase/index.ts --format esm,cjs --dts --shims && cp -r src/database/migrations dist/migrations",
+    lint: "eslint src --ext .ts",
+    test: "vitest"
+  },
+  files: [
+    "dist"
+  ],
+  dependencies: {
+    pg: "^8.16.3",
+    "pg-node-migrations": "0.0.8",
+    "supabase-management-js": "^0.1.6",
+    ws: "^8.18.0",
+    yesql: "^7.0.0"
+  },
+  peerDependencies: {
+    stripe: "> 11"
+  },
+  devDependencies: {
+    "@types/node": "^24.10.1",
+    "@types/pg": "^8.15.5",
+    "@types/ws": "^8.5.13",
+    "@types/yesql": "^4.1.4",
+    "@vitest/ui": "^4.0.9",
+    vitest: "^3.2.4"
+  },
+  repository: {
+    type: "git",
+    url: "https://github.com/tx-stripe/stripe-sync-engine.git"
+  },
+  homepage: "https://github.com/tx-stripe/stripe-sync-engine#readme",
+  bugs: {
+    url: "https://github.com/tx-stripe/stripe-sync-engine/issues"
+  },
+  keywords: [
+    "stripe",
+    "postgres",
+    "sync",
+    "webhooks",
+    "supabase",
+    "billing",
+    "database",
+    "typescript"
+  ],
+  author: "Supabase <https://supabase.com/>"
+};
+
+// src/supabase/supabase.ts
+var import_stripe = __toESM(require("stripe"), 1);
+var STRIPE_SCHEMA_COMMENT_PREFIX = "stripe-sync";
+var INSTALLATION_STARTED_SUFFIX = "installation:started";
+var INSTALLATION_ERROR_SUFFIX = "installation:error";
+var INSTALLATION_INSTALLED_SUFFIX = "installed";
+var SupabaseSetupClient = class {
+  api;
+  projectRef;
+  projectBaseUrl;
+  constructor(options) {
+    this.api = new import_supabase_management_js.SupabaseManagementAPI({
+      accessToken: options.accessToken,
+      baseUrl: options.managementApiBaseUrl
+    });
+    this.projectRef = options.projectRef;
+    this.projectBaseUrl = options.projectBaseUrl || process.env.SUPABASE_BASE_URL || "supabase.co";
+  }
+  /**
+   * Validate that the project exists and we have access
+   */
+  async validateProject() {
+    const projects = await this.api.getProjects();
+    const project = projects?.find((p) => p.id === this.projectRef);
+    if (!project) {
+      throw new Error(`Project ${this.projectRef} not found or you don't have access`);
+    }
+    return {
+      id: project.id,
+      name: project.name,
+      region: project.region
+    };
+  }
+  /**
+   * Deploy an Edge Function
+   */
+  async deployFunction(name, code) {
+    const functions = await this.api.listFunctions(this.projectRef);
+    const exists = functions?.some((f) => f.slug === name);
+    if (exists) {
+      await this.api.updateFunction(this.projectRef, name, {
+        body: code,
+        verify_jwt: false
+      });
+    } else {
+      await this.api.createFunction(this.projectRef, {
+        slug: name,
+        name,
+        body: code,
+        verify_jwt: false
+      });
+    }
+  }
+  /**
+   * Set secrets for Edge Functions
+   */
+  async setSecrets(secrets) {
+    await this.api.createSecrets(this.projectRef, secrets);
+  }
+  /**
+   * Run SQL against the database
+   */
+  async runSQL(sql) {
+    return await this.api.runQuery(this.projectRef, sql);
+  }
+  /**
+   * Setup pg_cron job to invoke worker function
+   */
+  async setupPgCronJob() {
+    const serviceRoleKey = await this.getServiceRoleKey();
+    const escapedServiceRoleKey = serviceRoleKey.replace(/'/g, "''");
+    const sql = `
+      -- Enable extensions
+      CREATE EXTENSION IF NOT EXISTS pg_cron;
+      CREATE EXTENSION IF NOT EXISTS pg_net;
+      CREATE EXTENSION IF NOT EXISTS pgmq;
+
+      -- Create pgmq queue for sync work (idempotent)
+      SELECT pgmq.create('stripe_sync_work')
+      WHERE NOT EXISTS (
+        SELECT 1 FROM pgmq.list_queues() WHERE queue_name = 'stripe_sync_work'
+      );
+
+      -- Store service role key in vault for pg_cron to use
+      -- Delete existing secret if it exists, then create new one
+      DELETE FROM vault.secrets WHERE name = 'stripe_sync_service_role_key';
+      SELECT vault.create_secret('${escapedServiceRoleKey}', 'stripe_sync_service_role_key');
+
+      -- Delete existing jobs if they exist
+      SELECT cron.unschedule('stripe-sync-worker') WHERE EXISTS (
+        SELECT 1 FROM cron.job WHERE jobname = 'stripe-sync-worker'
+      );
+      SELECT cron.unschedule('stripe-sync-scheduler') WHERE EXISTS (
+        SELECT 1 FROM cron.job WHERE jobname = 'stripe-sync-scheduler'
+      );
+
+      -- Create job to invoke worker every 10 seconds
+      -- Worker reads from pgmq, enqueues objects if empty, and processes sync work
+      SELECT cron.schedule(
+        'stripe-sync-worker',
+        '10 seconds',
+        $$
+        SELECT net.http_post(
+          url := 'https://${this.projectRef}.${this.projectBaseUrl}/functions/v1/stripe-worker',
+          headers := jsonb_build_object(
+            'Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'stripe_sync_service_role_key')
+          )
+        )
+        $$
+      );
+    `;
+    await this.runSQL(sql);
+  }
+  /**
+   * Get the webhook URL for this project
+   */
+  getWebhookUrl() {
+    return `https://${this.projectRef}.${this.projectBaseUrl}/functions/v1/stripe-webhook`;
+  }
+  /**
+   * Get the service role key for this project (needed to invoke Edge Functions)
+   */
+  async getServiceRoleKey() {
+    const apiKeys = await this.api.getProjectApiKeys(this.projectRef);
+    const serviceRoleKey = apiKeys?.find((k) => k.name === "service_role");
+    if (!serviceRoleKey) {
+      throw new Error("Could not find service_role API key");
+    }
+    return serviceRoleKey.api_key;
+  }
+  /**
+   * Get the anon key for this project (needed for Realtime subscriptions)
+   */
+  async getAnonKey() {
+    const apiKeys = await this.api.getProjectApiKeys(this.projectRef);
+    const anonKey = apiKeys?.find((k) => k.name === "anon");
+    if (!anonKey) {
+      throw new Error("Could not find anon API key");
+    }
+    return anonKey.api_key;
+  }
+  /**
+   * Get the project URL
+   */
+  getProjectUrl() {
+    return `https://${this.projectRef}.${this.projectBaseUrl}`;
+  }
+  /**
+   * Invoke an Edge Function
+   */
+  async invokeFunction(name, serviceRoleKey) {
+    const url = `https://${this.projectRef}.${this.projectBaseUrl}/functions/v1/${name}`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${serviceRoleKey}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      return { success: false, error: `${response.status}: ${text}` };
+    }
+    const result = await response.json();
+    if (result.success === false) {
+      return { success: false, error: result.error };
+    }
+    return { success: true };
+  }
+  /**
+   * Check if stripe-sync is installed in the database.
+   *
+   * Uses the Supabase Management API to run SQL queries.
+   * Uses duck typing (schema + migrations table) combined with comment validation.
+   * Throws error for legacy installations to prevent accidental corruption.
+   *
+   * @param schema The schema name to check (defaults to 'stripe')
+   * @returns true if properly installed with comment marker, false if not installed
+   * @throws Error if legacy installation detected (schema exists without comment)
+   */
+  async isInstalled(schema = "stripe") {
+    try {
+      const schemaCheck = await this.runSQL(
+        `SELECT EXISTS (
+          SELECT 1 FROM information_schema.schemata
+          WHERE schema_name = '${schema}'
+        ) as schema_exists`
+      );
+      const schemaExists = schemaCheck[0]?.rows?.[0]?.schema_exists === true;
+      if (!schemaExists) {
+        return false;
+      }
+      const migrationsCheck = await this.runSQL(
+        `SELECT EXISTS (
+          SELECT 1 FROM information_schema.tables
+          WHERE table_schema = '${schema}' AND table_name IN ('migrations', '_migrations')
+        ) as table_exists`
+      );
+      const migrationsTableExists = migrationsCheck[0]?.rows?.[0]?.table_exists === true;
+      if (!migrationsTableExists) {
+        return false;
+      }
+      const commentCheck = await this.runSQL(
+        `SELECT obj_description(oid, 'pg_namespace') as comment
+         FROM pg_namespace
+         WHERE nspname = '${schema}'`
+      );
+      const comment = commentCheck[0]?.rows?.[0]?.comment;
+      if (!comment || !comment.includes(STRIPE_SCHEMA_COMMENT_PREFIX)) {
+        throw new Error(
+          `Legacy installation detected: Schema '${schema}' and migrations table exist, but missing stripe-sync comment marker. This may be a legacy installation or manually created schema. Please contact support or manually drop the schema before proceeding.`
+        );
+      }
+      if (comment.includes(INSTALLATION_STARTED_SUFFIX)) {
+        return false;
+      }
+      if (comment.includes(INSTALLATION_ERROR_SUFFIX)) {
+        throw new Error(
+          `Installation failed: Schema '${schema}' exists but installation encountered an error. Comment: ${comment}. Please uninstall and install again.`
+        );
+      }
+      return true;
+    } catch (error) {
+      if (error instanceof Error && (error.message.includes("Legacy installation detected") || error.message.includes("Installation failed"))) {
+        throw error;
+      }
+      return false;
+    }
+  }
+  /**
+   * Update installation progress comment on the stripe schema
+   */
+  async updateInstallationComment(message) {
+    const escapedMessage = message.replace(/'/g, "''");
+    await this.runSQL(`COMMENT ON SCHEMA stripe IS '${escapedMessage}'`);
+  }
+  /**
+   * Delete an Edge Function
+   */
+  async deleteFunction(name) {
+    try {
+      await this.api.deleteFunction(this.projectRef, name);
+    } catch (err) {
+      console.warn(`Could not delete function ${name}:`, err);
+    }
+  }
+  /**
+   * Delete a secret
+   */
+  async deleteSecret(name) {
+    try {
+      await this.api.deleteSecrets(this.projectRef, [name]);
+    } catch (err) {
+      console.warn(`Could not delete secret ${name}:`, err);
+    }
+  }
+  /**
+   * Uninstall stripe-sync from a Supabase project
+   * Removes all Edge Functions, secrets, database resources, and Stripe webhooks
+   */
+  async uninstall(stripeSecretKey) {
+    const stripe = new import_stripe.default(stripeSecretKey, { apiVersion: "2025-05-28.basil" });
+    try {
+      try {
+        const webhookResult = await this.runSQL(`
+          SELECT id FROM stripe._managed_webhooks WHERE id IS NOT NULL
+        `);
+        const webhookIds = webhookResult[0]?.rows?.map((r) => r.id) || [];
+        for (const webhookId of webhookIds) {
+          try {
+            await stripe.webhookEndpoints.del(webhookId);
+          } catch (err) {
+            console.warn(`Could not delete Stripe webhook ${webhookId}:`, err);
+          }
+        }
+      } catch (err) {
+        console.warn("Could not query/delete webhooks:", err);
+      }
+      await this.deleteFunction("stripe-setup");
+      await this.deleteFunction("stripe-webhook");
+      await this.deleteFunction("stripe-worker");
+      await this.deleteSecret("STRIPE_SECRET_KEY");
+      try {
+        await this.runSQL(`
+          SELECT cron.unschedule('stripe-sync-worker')
+          WHERE EXISTS (
+            SELECT 1 FROM cron.job WHERE jobname = 'stripe-sync-worker'
+          )
+        `);
+      } catch (err) {
+        console.warn("Could not unschedule pg_cron job:", err);
+      }
+      try {
+        await this.runSQL(`
+          DELETE FROM vault.secrets
+          WHERE name = 'stripe_sync_service_role_key'
+        `);
+      } catch (err) {
+        console.warn("Could not delete vault secret:", err);
+      }
+      await this.runSQL(`DROP SCHEMA IF EXISTS stripe CASCADE`);
+    } catch (error) {
+      throw new Error(`Uninstall failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+  async install(stripeKey) {
+    const trimmedStripeKey = stripeKey.trim();
+    if (!trimmedStripeKey.startsWith("sk_") && !trimmedStripeKey.startsWith("rk_")) {
+      throw new Error('Stripe key should start with "sk_" or "rk_"');
+    }
+    try {
+      await this.validateProject();
+      await this.runSQL(`CREATE SCHEMA IF NOT EXISTS stripe`);
+      await this.updateInstallationComment(
+        `${STRIPE_SCHEMA_COMMENT_PREFIX} v${package_default.version} ${INSTALLATION_STARTED_SUFFIX}`
+      );
+      await this.deployFunction("stripe-setup", setupFunctionCode);
+      await this.deployFunction("stripe-webhook", webhookFunctionCode);
+      await this.deployFunction("stripe-worker", workerFunctionCode);
+      await this.setSecrets([{ name: "STRIPE_SECRET_KEY", value: trimmedStripeKey }]);
+      const serviceRoleKey = await this.getServiceRoleKey();
+      const setupResult = await this.invokeFunction("stripe-setup", serviceRoleKey);
+      if (!setupResult.success) {
+        throw new Error(`Setup failed: ${setupResult.error}`);
+      }
+      try {
+        await this.setupPgCronJob();
+      } catch {
+      }
+      await this.updateInstallationComment(
+        `${STRIPE_SCHEMA_COMMENT_PREFIX} v${package_default.version} ${INSTALLATION_INSTALLED_SUFFIX}`
+      );
+    } catch (error) {
+      await this.updateInstallationComment(
+        `${STRIPE_SCHEMA_COMMENT_PREFIX} v${package_default.version} ${INSTALLATION_ERROR_SUFFIX} - ${error instanceof Error ? error.message : String(error)}`
+      );
+      throw error;
+    }
+  }
+};
+async function install(params) {
+  const { supabaseAccessToken, supabaseProjectRef, stripeKey } = params;
+  const client = new SupabaseSetupClient({
+    accessToken: supabaseAccessToken,
+    projectRef: supabaseProjectRef,
+    projectBaseUrl: params.baseProjectUrl,
+    managementApiBaseUrl: params.baseManagementApiUrl
+  });
+  await client.install(stripeKey);
+}
+async function uninstall(params) {
+  const { supabaseAccessToken, supabaseProjectRef, stripeKey } = params;
+  const trimmedStripeKey = stripeKey.trim();
+  if (!trimmedStripeKey.startsWith("sk_") && !trimmedStripeKey.startsWith("rk_")) {
+    throw new Error('Stripe key should start with "sk_" or "rk_"');
+  }
+  const client = new SupabaseSetupClient({
+    accessToken: supabaseAccessToken,
+    projectRef: supabaseProjectRef
+  });
+  await client.uninstall(trimmedStripeKey);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  INSTALLATION_ERROR_SUFFIX,
+  INSTALLATION_INSTALLED_SUFFIX,
+  INSTALLATION_STARTED_SUFFIX,
+  STRIPE_SCHEMA_COMMENT_PREFIX,
+  SupabaseDeployClient,
+  SupabaseSetupClient,
+  install,
+  setupFunctionCode,
+  uninstall,
+  webhookFunctionCode,
+  workerFunctionCode
+});

package/dist/supabase/index.d.cts

@@ -0,0 +1,115 @@
+declare const STRIPE_SCHEMA_COMMENT_PREFIX = "stripe-sync";
+declare const INSTALLATION_STARTED_SUFFIX = "installation:started";
+declare const INSTALLATION_ERROR_SUFFIX = "installation:error";
+declare const INSTALLATION_INSTALLED_SUFFIX = "installed";
+interface DeployClientOptions {
+    accessToken: string;
+    projectRef: string;
+    projectBaseUrl?: string;
+    managementApiBaseUrl?: string;
+}
+interface ProjectInfo {
+    id: string;
+    name: string;
+    region: string;
+}
+declare class SupabaseSetupClient {
+    private api;
+    private projectRef;
+    private projectBaseUrl;
+    constructor(options: DeployClientOptions);
+    /**
+     * Validate that the project exists and we have access
+     */
+    validateProject(): Promise<ProjectInfo>;
+    /**
+     * Deploy an Edge Function
+     */
+    deployFunction(name: string, code: string): Promise<void>;
+    /**
+     * Set secrets for Edge Functions
+     */
+    setSecrets(secrets: {
+        name: string;
+        value: string;
+    }[]): Promise<void>;
+    /**
+     * Run SQL against the database
+     */
+    runSQL(sql: string): Promise<unknown>;
+    /**
+     * Setup pg_cron job to invoke worker function
+     */
+    setupPgCronJob(): Promise<void>;
+    /**
+     * Get the webhook URL for this project
+     */
+    getWebhookUrl(): string;
+    /**
+     * Get the service role key for this project (needed to invoke Edge Functions)
+     */
+    getServiceRoleKey(): Promise<string>;
+    /**
+     * Get the anon key for this project (needed for Realtime subscriptions)
+     */
+    getAnonKey(): Promise<string>;
+    /**
+     * Get the project URL
+     */
+    getProjectUrl(): string;
+    /**
+     * Invoke an Edge Function
+     */
+    invokeFunction(name: string, serviceRoleKey: string): Promise<{
+        success: boolean;
+        error?: string;
+    }>;
+    /**
+     * Check if stripe-sync is installed in the database.
+     *
+     * Uses the Supabase Management API to run SQL queries.
+     * Uses duck typing (schema + migrations table) combined with comment validation.
+     * Throws error for legacy installations to prevent accidental corruption.
+     *
+     * @param schema The schema name to check (defaults to 'stripe')
+     * @returns true if properly installed with comment marker, false if not installed
+     * @throws Error if legacy installation detected (schema exists without comment)
+     */
+    isInstalled(schema?: string): Promise<boolean>;
+    /**
+     * Update installation progress comment on the stripe schema
+     */
+    updateInstallationComment(message: string): Promise<void>;
+    /**
+     * Delete an Edge Function
+     */
+    deleteFunction(name: string): Promise<void>;
+    /**
+     * Delete a secret
+     */
+    deleteSecret(name: string): Promise<void>;
+    /**
+     * Uninstall stripe-sync from a Supabase project
+     * Removes all Edge Functions, secrets, database resources, and Stripe webhooks
+     */
+    uninstall(stripeSecretKey: string): Promise<void>;
+    install(stripeKey: string): Promise<void>;
+}
+declare function install(params: {
+    supabaseAccessToken: string;
+    supabaseProjectRef: string;
+    stripeKey: string;
+    baseProjectUrl?: string;
+    baseManagementApiUrl?: string;
+}): Promise<void>;
+declare function uninstall(params: {
+    supabaseAccessToken: string;
+    supabaseProjectRef: string;
+    stripeKey: string;
+}): Promise<void>;
+
+declare const setupFunctionCode: string;
+declare const webhookFunctionCode: string;
+declare const workerFunctionCode: string;
+
+export { type DeployClientOptions, INSTALLATION_ERROR_SUFFIX, INSTALLATION_INSTALLED_SUFFIX, INSTALLATION_STARTED_SUFFIX, type ProjectInfo, STRIPE_SCHEMA_COMMENT_PREFIX, SupabaseSetupClient as SupabaseDeployClient, SupabaseSetupClient, install, setupFunctionCode, uninstall, webhookFunctionCode, workerFunctionCode };