stripe-experiment-sync 1.0.8 → 1.0.9-beta.1765909347

package/dist/cli/lib.cjs

@@ -59,6 +59,7 @@ async function loadConfig(options) {
   config.stripeApiKey = options.stripeKey || process.env.STRIPE_API_KEY || "";
   config.ngrokAuthToken = options.ngrokToken || process.env.NGROK_AUTH_TOKEN || "";
   config.databaseUrl = options.databaseUrl || process.env.DATABASE_URL || "";
+  config.enableSigmaSync = options.enableSigmaSync ?? (process.env.ENABLE_SIGMA_SYNC !== void 0 ? process.env.ENABLE_SIGMA_SYNC === "true" : void 0);
   const questions = [];
   if (!config.stripeApiKey) {
     questions.push({
@@ -70,8 +71,8 @@ async function loadConfig(options) {
         if (!input || input.trim() === "") {
           return "Stripe API key is required";
         }
-        if (!input.startsWith("sk_")) {
-          return 'Stripe API key should start with "sk_"';
+        if (!input.startsWith("sk_") && !input.startsWith("rk_")) {
+          return 'Stripe API key should start with "sk_" or "rk_"';
         }
         return true;
       }
@@ -94,18 +95,29 @@ async function loadConfig(options) {
       }
     });
   }
+  if (config.enableSigmaSync === void 0) {
+    questions.push({
+      type: "confirm",
+      name: "enableSigmaSync",
+      message: "Enable Sigma sync? (Requires Sigma access in Stripe API key)",
+      default: false
+    });
+  }
   if (questions.length > 0) {
-    console.log(import_chalk.default.yellow("\nMissing required configuration. Please provide:"));
+    console.log(import_chalk.default.yellow("\nMissing configuration. Please provide:"));
     const answers = await import_inquirer.default.prompt(questions);
     Object.assign(config, answers);
   }
+  if (config.enableSigmaSync === void 0) {
+    config.enableSigmaSync = false;
+  }
   return config;
 }
 
 // package.json
 var package_default = {
   name: "stripe-experiment-sync",
-  version: "1.0.8-beta.1765856228",
+  version: "1.0.9-beta.1765909347",
   private: false,
   description: "Stripe Sync Engine to sync Stripe data to Postgres",
   type: "module",
@@ -145,6 +157,7 @@ var package_default = {
     dotenv: "^16.4.7",
     express: "^4.18.2",
     inquirer: "^12.3.0",
+    papaparse: "5.4.1",
     pg: "^8.16.3",
     "pg-node-migrations": "0.0.8",
     stripe: "^17.7.0",
@@ -156,6 +169,7 @@ var package_default = {
     "@types/express": "^4.17.21",
     "@types/inquirer": "^9.0.7",
     "@types/node": "^24.10.1",
+    "@types/papaparse": "5.3.16",
     "@types/pg": "^8.15.5",
     "@types/ws": "^8.5.13",
     "@types/yesql": "^4.1.4",
@@ -185,14 +199,60 @@ var package_default = {
 };
 
 // src/stripeSync.ts
-var import_stripe2 = __toESM(require("stripe"), 1);
+var import_stripe3 = __toESM(require("stripe"), 1);
 var import_yesql2 = require("yesql");
 
 // src/database/postgres.ts
 var import_pg = __toESM(require("pg"), 1);
 var import_yesql = require("yesql");
+
+// src/database/QueryUtils.ts
+var QueryUtils = class _QueryUtils {
+  constructor() {
+  }
+  static quoteIdent(name) {
+    return `"${name}"`;
+  }
+  static quotedList(names) {
+    return names.map(_QueryUtils.quoteIdent).join(", ");
+  }
+  static buildInsertParts(columns) {
+    const columnsSql = columns.map((c) => _QueryUtils.quoteIdent(c.column)).join(", ");
+    const valuesSql = columns.map((c, i) => {
+      const placeholder = `$${i + 1}`;
+      return `${placeholder}::${c.pgType}`;
+    }).join(", ");
+    const params = columns.map((c) => c.value);
+    return { columnsSql, valuesSql, params };
+  }
+  static buildRawJsonUpsertQuery(schema, table, columns, conflictTarget) {
+    const { columnsSql, valuesSql, params } = _QueryUtils.buildInsertParts(columns);
+    const conflictSql = _QueryUtils.quotedList(conflictTarget);
+    const tsParamIdx = columns.findIndex((c) => c.column === "_last_synced_at") + 1;
+    if (tsParamIdx <= 0) {
+      throw new Error("buildRawJsonUpsertQuery requires _last_synced_at column");
+    }
+    const sql3 = `
+    INSERT INTO ${_QueryUtils.quoteIdent(schema)}.${_QueryUtils.quoteIdent(table)} (${columnsSql})
+    VALUES (${valuesSql})
+    ON CONFLICT (${conflictSql})
+    DO UPDATE SET
+      "_raw_data" = EXCLUDED."_raw_data",
+      "_last_synced_at" = $${tsParamIdx},
+      "_account_id" = EXCLUDED."_account_id"
+    WHERE ${_QueryUtils.quoteIdent(table)}."_last_synced_at" IS NULL
+       OR ${_QueryUtils.quoteIdent(table)}."_last_synced_at" < $${tsParamIdx}
+    RETURNING *
+  `;
+    return { sql: sql3, params };
+  }
+};
+
+// src/database/postgres.ts
 var ORDERED_STRIPE_TABLES = [
+  "exchange_rates_from_usd",
   "subscription_items",
+  "subscription_item_change_events_v2_beta",
   "subscriptions",
   "subscription_schedules",
   "checkout_session_line_items",
@@ -262,7 +322,7 @@ var PostgresClient = class {
     }
     return results.flatMap((it) => it.rows);
   }
-  async upsertManyWithTimestampProtection(entries, table, accountId, syncTimestamp) {
+  async upsertManyWithTimestampProtection(entries, table, accountId, syncTimestamp, upsertOptions) {
     const timestamp = syncTimestamp || (/* @__PURE__ */ new Date()).toISOString();
     if (!entries.length) return [];
     const chunkSize = 5;
@@ -297,20 +357,33 @@ var PostgresClient = class {
           const prepared = (0, import_yesql.pg)(upsertSql, { useNullForMissing: true })(cleansed);
           queries.push(this.pool.query(prepared.text, prepared.values));
         } else {
-          const rawData = JSON.stringify(entry);
-          const upsertSql = `
-            INSERT INTO "${this.config.schema}"."${table}" ("_raw_data", "_last_synced_at", "_account_id")
-            VALUES ($1::jsonb, $2, $3)
-            ON CONFLICT (id)
-            DO UPDATE SET
-              "_raw_data" = EXCLUDED."_raw_data",
-              "_last_synced_at" = $2,
-              "_account_id" = EXCLUDED."_account_id"
-            WHERE "${table}"."_last_synced_at" IS NULL
-               OR "${table}"."_last_synced_at" < $2
-            RETURNING *
-          `;
-          queries.push(this.pool.query(upsertSql, [rawData, timestamp, accountId]));
+          const conflictTarget = upsertOptions?.conflictTarget ?? ["id"];
+          const extraColumns = upsertOptions?.extraColumns ?? [];
+          if (!conflictTarget.length) {
+            throw new Error(`Invalid upsert config for ${table}: conflictTarget must be non-empty`);
+          }
+          const columns = [
+            { column: "_raw_data", pgType: "jsonb", value: JSON.stringify(entry) },
+            ...extraColumns.map((c) => ({
+              column: c.column,
+              pgType: c.pgType,
+              value: entry[c.entryKey]
+            })),
+            { column: "_last_synced_at", pgType: "timestamptz", value: timestamp },
+            { column: "_account_id", pgType: "text", value: accountId }
+          ];
+          for (const c of columns) {
+            if (c.value === void 0) {
+              throw new Error(`Missing required value for ${table}.${c.column}`);
+            }
+          }
+          const { sql: upsertSql, params } = QueryUtils.buildRawJsonUpsertQuery(
+            this.config.schema,
+            table,
+            columns,
+            conflictTarget
+          );
+          queries.push(this.pool.query(upsertSql, params));
         }
       });
       results.push(...await Promise.all(queries));
@@ -710,7 +783,12 @@ var PostgresClient = class {
     } else {
       await this.query(
         `UPDATE "${this.config.schema}"."_sync_obj_runs"
-         SET cursor = $4, updated_at = now()
+         SET cursor = CASE
+           WHEN cursor IS NULL THEN $4
+           WHEN (cursor COLLATE "C") < ($4::text COLLATE "C") THEN $4
+           ELSE cursor
+         END,
+         updated_at = now()
          WHERE "_account_id" = $1 AND run_started_at = $2 AND object = $3`,
         [accountId, runStartedAt, object, cursor]
       );
@@ -721,10 +799,17 @@ var PostgresClient = class {
    * This considers completed, error, AND running runs to ensure recovery syncs
    * don't re-process data that was already synced before a crash.
    * A 'running' status with a cursor means the process was killed mid-sync.
+   *
+   * Handles two cursor formats:
+   * - Numeric: compared as bigint for correct ordering
+   * - Composite cursors: compared as strings with COLLATE "C"
    */
   async getLastCompletedCursor(accountId, object) {
     const result = await this.query(
-      `SELECT MAX(o.cursor::bigint)::text as cursor
+      `SELECT CASE
+         WHEN BOOL_OR(o.cursor !~ '^\\d+$') THEN MAX(o.cursor COLLATE "C")
+         ELSE MAX(CASE WHEN o.cursor ~ '^\\d+$' THEN o.cursor::bigint END)::text
+       END as cursor
        FROM "${this.config.schema}"."_sync_obj_runs" o
        WHERE o."_account_id" = $1
          AND o.object = $2
@@ -1009,6 +1094,269 @@ function hashApiKey(apiKey) {
   return (0, import_crypto.createHash)("sha256").update(apiKey).digest("hex");
 }
 
+// src/sigma/sigmaApi.ts
+var import_papaparse = __toESM(require("papaparse"), 1);
+var import_stripe2 = __toESM(require("stripe"), 1);
+var STRIPE_FILES_BASE = "https://files.stripe.com/v1";
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function parseCsvObjects(csv) {
+  const input = csv.replace(/^\uFEFF/, "");
+  const parsed = import_papaparse.default.parse(input, {
+    header: true,
+    skipEmptyLines: "greedy"
+  });
+  if (parsed.errors.length > 0) {
+    throw new Error(`Failed to parse Sigma CSV: ${parsed.errors[0]?.message ?? "unknown error"}`);
+  }
+  return parsed.data.filter((row) => row && Object.keys(row).length > 0).map(
+    (row) => Object.fromEntries(
+      Object.entries(row).map(([k, v]) => [k, v == null || v === "" ? null : String(v)])
+    )
+  );
+}
+function normalizeSigmaTimestampToIso(value) {
+  const v = value.trim();
+  if (!v) return null;
+  const hasExplicitTz = /z$|[+-]\d{2}:?\d{2}$/i.test(v);
+  const isoish = v.includes("T") ? v : v.replace(" ", "T");
+  const candidate = hasExplicitTz ? isoish : `${isoish}Z`;
+  const d = new Date(candidate);
+  if (Number.isNaN(d.getTime())) return null;
+  return d.toISOString();
+}
+async function fetchStripeText(url, apiKey, options) {
+  const res = await fetch(url, {
+    ...options,
+    headers: {
+      ...options.headers ?? {},
+      Authorization: `Bearer ${apiKey}`
+    }
+  });
+  const text = await res.text();
+  if (!res.ok) {
+    throw new Error(`Sigma file download error (${res.status}) for ${url}: ${text}`);
+  }
+  return text;
+}
+async function runSigmaQueryAndDownloadCsv(params) {
+  const pollTimeoutMs = params.pollTimeoutMs ?? 5 * 60 * 1e3;
+  const pollIntervalMs = params.pollIntervalMs ?? 2e3;
+  const stripe = new import_stripe2.default(params.apiKey);
+  const created = await stripe.rawRequest("POST", "/v1/sigma/query_runs", {
+    sql: params.sql
+  });
+  const queryRunId = created.id;
+  const start = Date.now();
+  let current = created;
+  while (current.status === "running") {
+    if (Date.now() - start > pollTimeoutMs) {
+      throw new Error(`Sigma query run timed out after ${pollTimeoutMs}ms: ${queryRunId}`);
+    }
+    await sleep2(pollIntervalMs);
+    current = await stripe.rawRequest(
+      "GET",
+      `/v1/sigma/query_runs/${queryRunId}`,
+      {}
+    );
+  }
+  if (current.status !== "succeeded") {
+    throw new Error(
+      `Sigma query run did not succeed (status=${current.status}) id=${queryRunId} error=${JSON.stringify(
+        current.error
+      )}`
+    );
+  }
+  const fileId = current.result?.file;
+  if (!fileId) {
+    throw new Error(`Sigma query run succeeded but result.file is missing (id=${queryRunId})`);
+  }
+  const csv = await fetchStripeText(
+    `${STRIPE_FILES_BASE}/files/${fileId}/contents`,
+    params.apiKey,
+    { method: "GET" }
+  );
+  return { queryRunId, fileId, csv };
+}
+
+// src/sigma/sigmaIngestionConfigs.ts
+var SIGMA_INGESTION_CONFIGS = {
+  subscription_item_change_events_v2_beta: {
+    sigmaTable: "subscription_item_change_events_v2_beta",
+    destinationTable: "subscription_item_change_events_v2_beta",
+    pageSize: 1e4,
+    cursor: {
+      version: 1,
+      columns: [
+        { column: "event_timestamp", type: "timestamp" },
+        { column: "event_type", type: "string" },
+        { column: "subscription_item_id", type: "string" }
+      ]
+    },
+    upsert: {
+      conflictTarget: ["_account_id", "event_timestamp", "event_type", "subscription_item_id"],
+      extraColumns: [
+        { column: "event_timestamp", pgType: "timestamptz", entryKey: "event_timestamp" },
+        { column: "event_type", pgType: "text", entryKey: "event_type" },
+        { column: "subscription_item_id", pgType: "text", entryKey: "subscription_item_id" }
+      ]
+    }
+  },
+  exchange_rates_from_usd: {
+    sigmaTable: "exchange_rates_from_usd",
+    destinationTable: "exchange_rates_from_usd",
+    pageSize: 1e4,
+    cursor: {
+      version: 1,
+      columns: [
+        { column: "date", type: "string" },
+        { column: "sell_currency", type: "string" }
+      ]
+    },
+    upsert: {
+      conflictTarget: ["_account_id", "date", "sell_currency"],
+      extraColumns: [
+        { column: "date", pgType: "date", entryKey: "date" },
+        { column: "sell_currency", pgType: "text", entryKey: "sell_currency" }
+      ]
+    }
+  }
+};
+
+// src/sigma/sigmaIngestion.ts
+var SIGMA_CURSOR_DELIM = "";
+function escapeSigmaSqlStringLiteral(value) {
+  return value.replace(/'/g, "''");
+}
+function formatSigmaTimestampForSqlLiteral(date) {
+  return date.toISOString().replace("T", " ").replace("Z", "");
+}
+function decodeSigmaCursorValues(spec, cursor) {
+  const prefix = `v${spec.version}${SIGMA_CURSOR_DELIM}`;
+  if (!cursor.startsWith(prefix)) {
+    throw new Error(
+      `Unrecognized Sigma cursor format (expected prefix ${JSON.stringify(prefix)}): ${cursor}`
+    );
+  }
+  const parts = cursor.split(SIGMA_CURSOR_DELIM);
+  const expected = 1 + spec.columns.length;
+  if (parts.length !== expected) {
+    throw new Error(`Malformed Sigma cursor: expected ${expected} parts, got ${parts.length}`);
+  }
+  return parts.slice(1);
+}
+function encodeSigmaCursor(spec, values) {
+  if (values.length !== spec.columns.length) {
+    throw new Error(
+      `Cannot encode Sigma cursor: expected ${spec.columns.length} values, got ${values.length}`
+    );
+  }
+  for (const v of values) {
+    if (v.includes(SIGMA_CURSOR_DELIM)) {
+      throw new Error("Cannot encode Sigma cursor: value contains delimiter character");
+    }
+  }
+  return [`v${spec.version}`, ...values].join(SIGMA_CURSOR_DELIM);
+}
+function sigmaSqlLiteralForCursorValue(spec, rawValue) {
+  switch (spec.type) {
+    case "timestamp": {
+      const d = new Date(rawValue);
+      if (Number.isNaN(d.getTime())) {
+        throw new Error(`Invalid timestamp cursor value for ${spec.column}: ${rawValue}`);
+      }
+      return `timestamp '${formatSigmaTimestampForSqlLiteral(d)}'`;
+    }
+    case "number": {
+      if (!/^-?\d+(\.\d+)?$/.test(rawValue)) {
+        throw new Error(`Invalid numeric cursor value for ${spec.column}: ${rawValue}`);
+      }
+      return rawValue;
+    }
+    case "string":
+      return `'${escapeSigmaSqlStringLiteral(rawValue)}'`;
+  }
+}
+function buildSigmaCursorWhereClause(spec, cursorValues) {
+  if (cursorValues.length !== spec.columns.length) {
+    throw new Error(
+      `Cannot build Sigma cursor predicate: expected ${spec.columns.length} values, got ${cursorValues.length}`
+    );
+  }
+  const cols = spec.columns.map((c) => c.column);
+  const lits = spec.columns.map((c, i) => sigmaSqlLiteralForCursorValue(c, cursorValues[i] ?? ""));
+  const ors = [];
+  for (let i = 0; i < cols.length; i++) {
+    const ands = [];
+    for (let j = 0; j < i; j++) {
+      ands.push(`${cols[j]} = ${lits[j]}`);
+    }
+    ands.push(`${cols[i]} > ${lits[i]}`);
+    ors.push(`(${ands.join(" AND ")})`);
+  }
+  return ors.join(" OR ");
+}
+function buildSigmaQuery(config, cursor) {
+  const select = config.select === void 0 || config.select === "*" ? "*" : config.select.join(", ");
+  const whereParts = [];
+  if (config.additionalWhere) {
+    whereParts.push(`(${config.additionalWhere})`);
+  }
+  if (cursor) {
+    const values = decodeSigmaCursorValues(config.cursor, cursor);
+    const predicate = buildSigmaCursorWhereClause(config.cursor, values);
+    whereParts.push(`(${predicate})`);
+  }
+  const whereClause = whereParts.length > 0 ? `WHERE ${whereParts.join(" AND ")}` : "";
+  const orderBy = config.cursor.columns.map((c) => c.column).join(", ");
+  return [
+    `SELECT ${select} FROM ${config.sigmaTable}`,
+    whereClause,
+    `ORDER BY ${orderBy} ASC`,
+    `LIMIT ${config.pageSize}`
+  ].filter(Boolean).join(" ");
+}
+function defaultSigmaRowToEntry(config, row) {
+  const out = { ...row };
+  for (const col of config.cursor.columns) {
+    const raw = row[col.column];
+    if (raw == null) {
+      throw new Error(`Sigma row missing required cursor column: ${col.column}`);
+    }
+    if (col.type === "timestamp") {
+      const normalized = normalizeSigmaTimestampToIso(raw);
+      if (!normalized) {
+        throw new Error(`Sigma row has invalid timestamp for ${col.column}: ${raw}`);
+      }
+      out[col.column] = normalized;
+    } else if (col.type === "string") {
+      const v = raw.trim();
+      if (!v) {
+        throw new Error(`Sigma row has empty string for required cursor column: ${col.column}`);
+      }
+      out[col.column] = v;
+    } else {
+      const v = raw.trim();
+      if (!v) {
+        throw new Error(`Sigma row has empty value for required cursor column: ${col.column}`);
+      }
+      out[col.column] = v;
+    }
+  }
+  return out;
+}
+function sigmaCursorFromEntry(config, entry) {
+  const values = config.cursor.columns.map((c) => {
+    const raw = entry[c.column];
+    if (raw == null) {
+      throw new Error(`Cannot build cursor: entry missing ${c.column}`);
+    }
+    return String(raw);
+  });
+  return encodeSigmaCursor(config.cursor, values);
+}
+
 // src/stripeSync.ts
 function getUniqueIds(entries, key) {
   const set = new Set(
@@ -1019,7 +1367,7 @@ function getUniqueIds(entries, key) {
 var StripeSync = class {
   constructor(config) {
     this.config = config;
-    const baseStripe = new import_stripe2.default(config.stripeSecretKey, {
+    const baseStripe = new import_stripe3.default(config.stripeSecretKey, {
       // https://github.com/stripe/stripe-node#configuration
       // @ts-ignore
       apiVersion: config.stripeApiVersion,
@@ -1420,6 +1768,17 @@ var StripeSync = class {
       listFn: (p) => this.stripe.checkout.sessions.list(p),
       upsertFn: (items, id) => this.upsertCheckoutSessions(items, id),
       supportsCreatedFilter: true
+    },
+    // Sigma-backed resources
+    subscription_item_change_events_v2_beta: {
+      order: 18,
+      supportsCreatedFilter: false,
+      sigma: SIGMA_INGESTION_CONFIGS.subscription_item_change_events_v2_beta
+    },
+    exchange_rates_from_usd: {
+      order: 19,
+      supportsCreatedFilter: false,
+      sigma: SIGMA_INGESTION_CONFIGS.exchange_rates_from_usd
     }
   };
   async processEvent(event) {
@@ -1452,7 +1811,13 @@ var StripeSync = class {
    * Order is determined by the `order` field in resourceRegistry.
    */
   getSupportedSyncObjects() {
-    return Object.entries(this.resourceRegistry).sort(([, a], [, b]) => a.order - b.order).map(([key]) => key);
+    const all = Object.entries(this.resourceRegistry).sort(([, a], [, b]) => a.order - b.order).map(([key]) => key);
+    if (!this.config.enableSigmaSync) {
+      return all.filter(
+        (o) => o !== "subscription_item_change_events_v2_beta" && o !== "exchange_rates_from_usd"
+      );
+    }
+    return all;
   }
   // Event handler methods
   async handleChargeEvent(event, accountId) {
@@ -1531,7 +1896,7 @@ var StripeSync = class {
       );
       await this.upsertProducts([product], accountId, this.getSyncTimestamp(event, refetched));
     } catch (err) {
-      if (err instanceof import_stripe2.default.errors.StripeAPIError && err.code === "resource_missing") {
+      if (err instanceof import_stripe3.default.errors.StripeAPIError && err.code === "resource_missing") {
         const product = event.data.object;
         await this.deleteProduct(product.id);
       } else {
@@ -1551,7 +1916,7 @@ var StripeSync = class {
       );
       await this.upsertPrices([price], accountId, false, this.getSyncTimestamp(event, refetched));
     } catch (err) {
-      if (err instanceof import_stripe2.default.errors.StripeAPIError && err.code === "resource_missing") {
+      if (err instanceof import_stripe3.default.errors.StripeAPIError && err.code === "resource_missing") {
         const price = event.data.object;
         await this.deletePrice(price.id);
       } else {
@@ -1571,7 +1936,7 @@ var StripeSync = class {
       );
       await this.upsertPlans([plan], accountId, false, this.getSyncTimestamp(event, refetched));
     } catch (err) {
-      if (err instanceof import_stripe2.default.errors.StripeAPIError && err.code === "resource_missing") {
+      if (err instanceof import_stripe3.default.errors.StripeAPIError && err.code === "resource_missing") {
         const plan = event.data.object;
         await this.deletePlan(plan.id);
       } else {
@@ -1818,10 +2183,10 @@ var StripeSync = class {
     let cursor = null;
     if (!params?.created) {
       if (objRun?.cursor) {
-        cursor = parseInt(objRun.cursor);
+        cursor = objRun.cursor;
       } else {
         const lastCursor = await this.postgresClient.getLastCompletedCursor(accountId, resourceName);
-        cursor = lastCursor ? parseInt(lastCursor) : null;
+        cursor = lastCursor ?? null;
       }
     }
     const result = await this.fetchOnePage(
@@ -1876,9 +2241,18 @@ var StripeSync = class {
       throw new Error(`Unsupported object type for processNext: ${object}`);
     }
     try {
+      if (config.sigma) {
+        return await this.fetchOneSigmaPage(
+          accountId,
+          resourceName,
+          runStartedAt,
+          cursor,
+          config.sigma
+        );
+      }
       const listParams = { limit };
       if (config.supportsCreatedFilter) {
-        const created = params?.created ?? (cursor ? { gte: cursor } : void 0);
+        const created = params?.created ?? (cursor && /^\d+$/.test(cursor) ? { gte: Number.parseInt(cursor, 10) } : void 0);
         if (created) {
           listParams.created = created;
         }
@@ -1923,6 +2297,97 @@ var StripeSync = class {
       throw error;
     }
   }
+  async getSigmaFallbackCursorFromDestination(accountId, sigmaConfig) {
+    const cursorCols = sigmaConfig.cursor.columns;
+    const selectCols = cursorCols.map((c) => `"${c.column}"`).join(", ");
+    const orderBy = cursorCols.map((c) => `"${c.column}" DESC`).join(", ");
+    const result = await this.postgresClient.query(
+      `SELECT ${selectCols}
+       FROM "stripe"."${sigmaConfig.destinationTable}"
+       WHERE "_account_id" = $1
+       ORDER BY ${orderBy}
+       LIMIT 1`,
+      [accountId]
+    );
+    if (result.rows.length === 0) return null;
+    const row = result.rows[0];
+    const entryForCursor = {};
+    for (const c of cursorCols) {
+      const v = row[c.column];
+      if (v == null) {
+        throw new Error(
+          `Sigma fallback cursor query returned null for ${sigmaConfig.destinationTable}.${c.column}`
+        );
+      }
+      if (c.type === "timestamp") {
+        const d = v instanceof Date ? v : new Date(String(v));
+        if (Number.isNaN(d.getTime())) {
+          throw new Error(
+            `Sigma fallback cursor query returned invalid timestamp for ${sigmaConfig.destinationTable}.${c.column}: ${String(
+              v
+            )}`
+          );
+        }
+        entryForCursor[c.column] = d.toISOString();
+      } else {
+        entryForCursor[c.column] = String(v);
+      }
+    }
+    return sigmaCursorFromEntry(sigmaConfig, entryForCursor);
+  }
+  async fetchOneSigmaPage(accountId, resourceName, runStartedAt, cursor, sigmaConfig) {
+    if (!this.config.stripeSecretKey) {
+      throw new Error("Sigma sync requested but stripeSecretKey is not configured.");
+    }
+    if (resourceName !== sigmaConfig.destinationTable) {
+      throw new Error(
+        `Sigma sync config mismatch: resourceName=${resourceName} destinationTable=${sigmaConfig.destinationTable}`
+      );
+    }
+    const effectiveCursor = cursor ?? await this.getSigmaFallbackCursorFromDestination(accountId, sigmaConfig);
+    const sigmaSql = buildSigmaQuery(sigmaConfig, effectiveCursor);
+    this.config.logger?.info(
+      { object: resourceName, pageSize: sigmaConfig.pageSize, hasCursor: Boolean(effectiveCursor) },
+      "Sigma sync: running query"
+    );
+    const { queryRunId, fileId, csv } = await runSigmaQueryAndDownloadCsv({
+      apiKey: this.config.stripeSecretKey,
+      sql: sigmaSql,
+      logger: this.config.logger
+    });
+    const rows = parseCsvObjects(csv);
+    if (rows.length === 0) {
+      await this.postgresClient.completeObjectSync(accountId, runStartedAt, resourceName);
+      return { processed: 0, hasMore: false, runStartedAt };
+    }
+    const entries = rows.map(
+      (row) => defaultSigmaRowToEntry(sigmaConfig, row)
+    );
+    this.config.logger?.info(
+      { object: resourceName, rows: entries.length, queryRunId, fileId },
+      "Sigma sync: upserting rows"
+    );
+    await this.postgresClient.upsertManyWithTimestampProtection(
+      entries,
+      resourceName,
+      accountId,
+      void 0,
+      sigmaConfig.upsert
+    );
+    await this.postgresClient.incrementObjectProgress(
+      accountId,
+      runStartedAt,
+      resourceName,
+      entries.length
+    );
+    const newCursor = sigmaCursorFromEntry(sigmaConfig, entries[entries.length - 1]);
+    await this.postgresClient.updateObjectCursor(accountId, runStartedAt, resourceName, newCursor);
+    const hasMore = rows.length === sigmaConfig.pageSize;
+    if (!hasMore) {
+      await this.postgresClient.completeObjectSync(accountId, runStartedAt, resourceName);
+    }
+    return { processed: entries.length, hasMore, runStartedAt };
+  }
   /**
    * Process all pages for all (or specified) object types until complete.
    *
@@ -2051,6 +2516,12 @@ var StripeSync = class {
             case "checkout_sessions":
               results.checkoutSessions = result;
               break;
+            case "subscription_item_change_events_v2_beta":
+              results.subscriptionItemChangeEventsV2Beta = result;
+              break;
+            case "exchange_rates_from_usd":
+              results.exchangeRatesFromUsd = result;
+              break;
           }
         }
       }
@@ -3644,14 +4115,14 @@ Creating ngrok tunnel for port ${port}...`));
 // src/supabase/supabase.ts
 var import_supabase_management_js = require("supabase-management-js");
 
-// raw-ts:/Users/lfdepombo/src/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-setup.ts
+// raw-ts:/home/runner/work/sync-engine/sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-setup.ts
 var stripe_setup_default = "import { StripeSync, runMigrations } from 'npm:stripe-experiment-sync'\n\nDeno.serve(async (req) => {\n  if (req.method !== 'POST') {\n    return new Response('Method not allowed', { status: 405 })\n  }\n\n  const authHeader = req.headers.get('Authorization')\n  if (!authHeader?.startsWith('Bearer ')) {\n    return new Response('Unauthorized', { status: 401 })\n  }\n\n  let stripeSync = null\n  try {\n    // Get and validate database URL\n    const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n    if (!rawDbUrl) {\n      throw new Error('SUPABASE_DB_URL environment variable is not set')\n    }\n    // Remove sslmode from connection string (not supported by pg in Deno)\n    const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n    await runMigrations({ databaseUrl: dbUrl })\n\n    stripeSync = new StripeSync({\n      poolConfig: { connectionString: dbUrl, max: 2 }, // Need 2 for advisory lock + queries\n      stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY'),\n    })\n\n    // Release any stale advisory locks from previous timeouts\n    await stripeSync.postgresClient.query('SELECT pg_advisory_unlock_all()')\n\n    // Construct webhook URL from SUPABASE_URL (available in all Edge Functions)\n    const supabaseUrl = Deno.env.get('SUPABASE_URL')\n    if (!supabaseUrl) {\n      throw new Error('SUPABASE_URL environment variable is not set')\n    }\n    const webhookUrl = supabaseUrl + '/functions/v1/stripe-webhook'\n\n    const webhook = await stripeSync.findOrCreateManagedWebhook(webhookUrl)\n\n    await stripeSync.postgresClient.pool.end()\n\n    return new Response(\n      JSON.stringify({\n        success: true,\n        message: 'Setup complete',\n        webhookId: webhook.id,\n      }),\n      {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      }\n    )\n  } catch (error) {\n    console.error('Setup error:', error)\n    // Cleanup on error\n    if (stripeSync) {\n      try {\n        await stripeSync.postgresClient.query('SELECT pg_advisory_unlock_all()')\n        await stripeSync.postgresClient.pool.end()\n      } catch (cleanupErr) {\n        console.warn('Cleanup failed:', cleanupErr)\n      }\n    }\n    return new Response(JSON.stringify({ success: false, error: error.message }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n})\n";
 
-// raw-ts:/Users/lfdepombo/src/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-webhook.ts
+// raw-ts:/home/runner/work/sync-engine/sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-webhook.ts
 var stripe_webhook_default = "import { StripeSync } from 'npm:stripe-experiment-sync'\n\nDeno.serve(async (req) => {\n  if (req.method !== 'POST') {\n    return new Response('Method not allowed', { status: 405 })\n  }\n\n  const sig = req.headers.get('stripe-signature')\n  if (!sig) {\n    return new Response('Missing stripe-signature header', { status: 400 })\n  }\n\n  const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n  if (!rawDbUrl) {\n    return new Response(JSON.stringify({ error: 'SUPABASE_DB_URL not set' }), { status: 500 })\n  }\n  const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n  const stripeSync = new StripeSync({\n    poolConfig: { connectionString: dbUrl, max: 1 },\n    stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY')!,\n  })\n\n  try {\n    const rawBody = new Uint8Array(await req.arrayBuffer())\n    await stripeSync.processWebhook(rawBody, sig)\n    return new Response(JSON.stringify({ received: true }), {\n      status: 200,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n    const isSignatureError =\n      error.message?.includes('signature') || error.type === 'StripeSignatureVerificationError'\n    const status = isSignatureError ? 400 : 500\n    return new Response(JSON.stringify({ error: error.message }), {\n      status,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } finally {\n    await stripeSync.postgresClient.pool.end()\n  }\n})\n";
 
-// raw-ts:/Users/lfdepombo/src/stripe-sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-worker.ts
-var stripe_worker_default = "/**\n * Stripe Sync Worker\n *\n * Triggered by pg_cron every 10 seconds. Uses pgmq for durable work queue.\n *\n * Flow:\n * 1. Read batch of messages from pgmq (qty=10, vt=60s)\n * 2. If queue empty: enqueue all objects (continuous sync)\n * 3. Process messages in parallel (Promise.all):\n *    - processNext(object)\n *    - Delete message on success\n *    - Re-enqueue if hasMore\n * 4. Return results summary\n *\n * Concurrency:\n * - Multiple workers can run concurrently via overlapping pg_cron triggers.\n * - Each worker processes its batch of messages in parallel (Promise.all).\n * - pgmq visibility timeout prevents duplicate message reads across workers.\n * - processNext() is idempotent (uses internal cursor tracking), so duplicate\n *   processing on timeout/crash is safe.\n */\n\nimport { StripeSync } from 'npm:stripe-experiment-sync'\nimport postgres from 'npm:postgres'\n\nconst QUEUE_NAME = 'stripe_sync_work'\nconst VISIBILITY_TIMEOUT = 60 // seconds\nconst BATCH_SIZE = 10\n\nDeno.serve(async (req) => {\n  const authHeader = req.headers.get('Authorization')\n  if (!authHeader?.startsWith('Bearer ')) {\n    return new Response('Unauthorized', { status: 401 })\n  }\n\n  const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n  if (!rawDbUrl) {\n    return new Response(JSON.stringify({ error: 'SUPABASE_DB_URL not set' }), { status: 500 })\n  }\n  const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n  let sql\n  let stripeSync\n\n  try {\n    sql = postgres(dbUrl, { max: 1, prepare: false })\n  } catch (error) {\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create postgres connection',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    stripeSync = new StripeSync({\n      poolConfig: { connectionString: dbUrl, max: 1 },\n      stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY')!,\n    })\n  } catch (error) {\n    await sql.end()\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create StripeSync',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    // Read batch of messages from queue\n    const messages = await sql`\n      SELECT * FROM pgmq.read(${QUEUE_NAME}::text, ${VISIBILITY_TIMEOUT}::int, ${BATCH_SIZE}::int)\n    `\n\n    // If queue empty, enqueue all objects for continuous sync\n    if (messages.length === 0) {\n      // Create sync run to make enqueued work visible (status='pending')\n      const { objects } = await stripeSync.joinOrCreateSyncRun('worker')\n      const msgs = objects.map((object) => JSON.stringify({ object }))\n\n      await sql`\n        SELECT pgmq.send_batch(\n          ${QUEUE_NAME}::text,\n          ${sql.array(msgs)}::jsonb[]\n        )\n      `\n\n      return new Response(JSON.stringify({ enqueued: objects.length, objects }), {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      })\n    }\n\n    // Process messages in parallel\n    const results = await Promise.all(\n      messages.map(async (msg) => {\n        const { object } = msg.message as { object: string }\n\n        try {\n          const result = await stripeSync.processNext(object)\n\n          // Delete message on success (cast to bigint to disambiguate overloaded function)\n          await sql`SELECT pgmq.delete(${QUEUE_NAME}::text, ${msg.msg_id}::bigint)`\n\n          // Re-enqueue if more pages\n          if (result.hasMore) {\n            await sql`SELECT pgmq.send(${QUEUE_NAME}::text, ${sql.json({ object })}::jsonb)`\n          }\n\n          return { object, ...result }\n        } catch (error) {\n          // Log error but continue to next message\n          // Message will become visible again after visibility timeout\n          console.error(`Error processing ${object}:`, error)\n          return {\n            object,\n            processed: 0,\n            hasMore: false,\n            error: error.message,\n            stack: error.stack,\n          }\n        }\n      })\n    )\n\n    return new Response(JSON.stringify({ results }), {\n      status: 200,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } catch (error) {\n    console.error('Worker error:', error)\n    return new Response(JSON.stringify({ error: error.message, stack: error.stack }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } finally {\n    if (sql) await sql.end()\n    if (stripeSync) await stripeSync.postgresClient.pool.end()\n  }\n})\n";
+// raw-ts:/home/runner/work/sync-engine/sync-engine/packages/sync-engine/src/supabase/edge-functions/stripe-worker.ts
+var stripe_worker_default = "/**\n * Stripe Sync Worker\n *\n * Triggered by pg_cron every 10 seconds. Uses pgmq for durable work queue.\n *\n * Flow:\n * 1. Read batch of messages from pgmq (qty=10, vt=60s)\n * 2. If queue empty: enqueue all objects (continuous sync)\n * 3. Process messages in parallel (Promise.all):\n *    - processNext(object)\n *    - Delete message on success\n *    - Re-enqueue if hasMore\n * 4. Return results summary\n *\n * Concurrency:\n * - Multiple workers can run concurrently via overlapping pg_cron triggers.\n * - Each worker processes its batch of messages in parallel (Promise.all).\n * - pgmq visibility timeout prevents duplicate message reads across workers.\n * - processNext() is idempotent (uses internal cursor tracking), so duplicate\n *   processing on timeout/crash is safe.\n */\n\nimport { StripeSync } from 'npm:stripe-experiment-sync'\nimport postgres from 'npm:postgres'\n\nconst QUEUE_NAME = 'stripe_sync_work'\nconst VISIBILITY_TIMEOUT = 60 // seconds\nconst BATCH_SIZE = 10\n\nDeno.serve(async (req) => {\n  const authHeader = req.headers.get('Authorization')\n  if (!authHeader?.startsWith('Bearer ')) {\n    return new Response('Unauthorized', { status: 401 })\n  }\n\n  const rawDbUrl = Deno.env.get('SUPABASE_DB_URL')\n  if (!rawDbUrl) {\n    return new Response(JSON.stringify({ error: 'SUPABASE_DB_URL not set' }), { status: 500 })\n  }\n  const dbUrl = rawDbUrl.replace(/[?&]sslmode=[^&]*/g, '').replace(/[?&]$/, '')\n\n  let sql\n  let stripeSync\n\n  try {\n    sql = postgres(dbUrl, { max: 1, prepare: false })\n  } catch (error) {\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create postgres connection',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    stripeSync = new StripeSync({\n      poolConfig: { connectionString: dbUrl, max: 1 },\n      stripeSecretKey: Deno.env.get('STRIPE_SECRET_KEY')!,\n      enableSigmaSync: (Deno.env.get('ENABLE_SIGMA_SYNC') ?? 'false') === 'true',\n    })\n  } catch (error) {\n    await sql.end()\n    return new Response(\n      JSON.stringify({\n        error: 'Failed to create StripeSync',\n        details: error.message,\n        stack: error.stack,\n      }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n\n  try {\n    // Read batch of messages from queue\n    const messages = await sql`\n      SELECT * FROM pgmq.read(${QUEUE_NAME}::text, ${VISIBILITY_TIMEOUT}::int, ${BATCH_SIZE}::int)\n    `\n\n    // If queue empty, enqueue all objects for continuous sync\n    if (messages.length === 0) {\n      // Create sync run to make enqueued work visible (status='pending')\n      const { objects } = await stripeSync.joinOrCreateSyncRun('worker')\n      const msgs = objects.map((object) => JSON.stringify({ object }))\n\n      await sql`\n        SELECT pgmq.send_batch(\n          ${QUEUE_NAME}::text,\n          ${sql.array(msgs)}::jsonb[]\n        )\n      `\n\n      return new Response(JSON.stringify({ enqueued: objects.length, objects }), {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      })\n    }\n\n    // Process messages in parallel\n    const results = await Promise.all(\n      messages.map(async (msg) => {\n        const { object } = msg.message as { object: string }\n\n        try {\n          const result = await stripeSync.processNext(object)\n\n          // Delete message on success (cast to bigint to disambiguate overloaded function)\n          await sql`SELECT pgmq.delete(${QUEUE_NAME}::text, ${msg.msg_id}::bigint)`\n\n          // Re-enqueue if more pages\n          if (result.hasMore) {\n            await sql`SELECT pgmq.send(${QUEUE_NAME}::text, ${sql.json({ object })}::jsonb)`\n          }\n\n          return { object, ...result }\n        } catch (error) {\n          // Log error but continue to next message\n          // Message will become visible again after visibility timeout\n          console.error(`Error processing ${object}:`, error)\n          return {\n            object,\n            processed: 0,\n            hasMore: false,\n            error: error.message,\n            stack: error.stack,\n          }\n        }\n      })\n    )\n\n    return new Response(JSON.stringify({ results }), {\n      status: 200,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } catch (error) {\n    console.error('Worker error:', error)\n    return new Response(JSON.stringify({ error: error.message, stack: error.stack }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  } finally {\n    if (sql) await sql.end()\n    if (stripeSync) await stripeSync.postgresClient.pool.end()\n  }\n})\n";
 
 // src/supabase/edge-function-code.ts
 var setupFunctionCode = stripe_setup_default;
@@ -3659,7 +4130,7 @@ var webhookFunctionCode = stripe_webhook_default;
 var workerFunctionCode = stripe_worker_default;
 
 // src/supabase/supabase.ts
-var import_stripe3 = __toESM(require("stripe"), 1);
+var import_stripe4 = __toESM(require("stripe"), 1);
 var STRIPE_SCHEMA_COMMENT_PREFIX = "stripe-sync";
 var INSTALLATION_STARTED_SUFFIX = "installation:started";
 var INSTALLATION_ERROR_SUFFIX = "installation:error";
@@ -3919,7 +4390,7 @@ var SupabaseSetupClient = class {
    * Removes all Edge Functions, secrets, database resources, and Stripe webhooks
    */
   async uninstall(stripeSecretKey) {
-    const stripe = new import_stripe3.default(stripeSecretKey, { apiVersion: "2025-02-24.acacia" });
+    const stripe = new import_stripe4.default(stripeSecretKey, { apiVersion: "2025-02-24.acacia" });
     try {
       try {
         const webhookResult = await this.runSQL(`
@@ -3958,6 +4429,17 @@ var SupabaseSetupClient = class {
       } catch (err) {
         console.warn("Could not delete vault secret:", err);
       }
+      try {
+        await this.runSQL(`
+          SELECT pg_terminate_backend(pid)
+          FROM pg_stat_activity
+          WHERE datname = current_database()
+            AND pid != pg_backend_pid()
+            AND query ILIKE '%stripe.%'
+        `);
+      } catch (err) {
+        console.warn("Could not terminate connections:", err);
+      }
       await this.runSQL(`DROP SCHEMA IF EXISTS stripe CASCADE`);
     } catch (error) {
       throw new Error(`Uninstall failed: ${error instanceof Error ? error.message : String(error)}`);
@@ -4054,7 +4536,9 @@ var VALID_SYNC_OBJECTS = [
   "credit_note",
   "early_fraud_warning",
   "refund",
-  "checkout_sessions"
+  "checkout_sessions",
+  "subscription_item_change_events_v2_beta",
+  "exchange_rates_from_usd"
 ];
 async function backfillCommand(options, entityName) {
   let stripeSync = null;
@@ -4083,8 +4567,8 @@ async function backfillCommand(options, entityName) {
             if (!input || input.trim() === "") {
               return "Stripe API key is required";
             }
-            if (!input.startsWith("sk_")) {
-              return 'Stripe API key should start with "sk_"';
+            if (!input.startsWith("sk_") && !input.startsWith("rk_")) {
+              return 'Stripe API key should start with "sk_" or "rk_"';
             }
             return true;
           }
@@ -4141,6 +4625,7 @@ async function backfillCommand(options, entityName) {
     stripeSync = new StripeSync({
       databaseUrl: config.databaseUrl,
       stripeSecretKey: config.stripeApiKey,
+      enableSigmaSync: process.env.ENABLE_SIGMA_SYNC === "true",
       stripeApiVersion: process.env.STRIPE_API_VERSION || "2020-08-27",
       autoExpandLists: process.env.AUTO_EXPAND_LISTS === "true",
       backfillRelatedEntities: process.env.BACKFILL_RELATED_ENTITIES !== "false",
@@ -4304,6 +4789,7 @@ Mode: ${modeLabel}`));
     stripeSync = new StripeSync({
       databaseUrl: config.databaseUrl,
       stripeSecretKey: config.stripeApiKey,
+      enableSigmaSync: config.enableSigmaSync,
       stripeApiVersion: process.env.STRIPE_API_VERSION || "2020-08-27",
       autoExpandLists: process.env.AUTO_EXPAND_LISTS === "true",
       backfillRelatedEntities: process.env.BACKFILL_RELATED_ENTITIES !== "false",
@@ -4451,7 +4937,8 @@ async function installCommand(options) {
           mask: "*",
           validate: (input) => {
             if (!input.trim()) return "Stripe key is required";
-            if (!input.startsWith("sk_")) return 'Stripe key should start with "sk_"';
+            if (!input.startsWith("sk_") && !input.startsWith("rk_"))
+              return 'Stripe key should start with "sk_" or "rk_"';
             return true;
           }
         });
@@ -4521,7 +5008,8 @@ async function uninstallCommand(options) {
           mask: "*",
           validate: (input) => {
             if (!input.trim()) return "Stripe key is required";
-            if (!input.startsWith("sk_")) return 'Stripe key should start with "sk_"';
+            if (!input.startsWith("sk_") && !input.startsWith("rk_"))
+              return 'Stripe key should start with "sk_" or "rk_"';
             return true;
           }
         });