npm - supaschema - Versions diffs - 0.1.0-rc.1 - Mend

supaschema 0.1.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (257) hide show

package/.agents/skills/supaschema/SKILL.md +61 -0
package/.claude/hooks/block-generated-migration-edits.mjs +32 -0
package/.claude/rules/supaschema.md +22 -0
package/.claude/settings.json +16 -0
package/.claude/skills/supaschema/SKILL.md +61 -0
package/.codex/hooks/supaschema-tool-gate.mjs +73 -0
package/.codex/hooks.json +16 -0
package/.codex/rules/supaschema.rules +22 -0
package/AGENTS.md +40 -0
package/LICENSE +661 -0
package/LICENSE-COMMERCIAL.md +35 -0
package/README.md +249 -0
package/benchmarks/README.md +104 -0
package/benchmarks/compare.js +489 -0
package/benchmarks/fixtures/additive/from.sql +8 -0
package/benchmarks/fixtures/additive/manifest.json +1 -0
package/benchmarks/fixtures/additive/to.sql +9 -0
package/benchmarks/fixtures/functions-policies/from.sql +24 -0
package/benchmarks/fixtures/functions-policies/manifest.json +5 -0
package/benchmarks/fixtures/functions-policies/to.sql +24 -0
package/benchmarks/plot-lib.js +234 -0
package/benchmarks/plot-svg.js +339 -0
package/benchmarks/plot.js +154 -0
package/benchmarks/tools/bench-all.sh +49 -0
package/benchmarks/tools/build-project-fixture.mjs +245 -0
package/benchmarks/tools/compare-db.mjs +101 -0
package/benchmarks/tools/compare-fixtures.mjs +84 -0
package/benchmarks/tools/compare-report.mjs +90 -0
package/benchmarks/tools/compare-supabase.mjs +67 -0
package/benchmarks/tools/registry.js +266 -0
package/benchmarks/tools/run-workflow.mjs +77 -0
package/bin/postinstall.mjs +26 -0
package/bin/supaschema +2 -0
package/config-schema.json +208 -0
package/corpus/supabase-style/corpus.json +6 -0
package/corpus/supabase-style/migrations/20260101000000_init.sql +28 -0
package/corpus/supabase-style/migrations/20260102000000_noise.sql +13 -0
package/corpus/supabase-style/migrations/20260103000000_churn.sql +4 -0
package/corpus/supabase-style/migrations/20260104000000_triggers.sql +17 -0
package/corpus/supabase-style/roles.sql +13 -0
package/corpus/supabase-style/tree/functions.sql +26 -0
package/corpus/supabase-style/tree/policies.sql +4 -0
package/corpus/supabase-style/tree/schema.sql +4 -0
package/corpus/supabase-style/tree/tables.sql +20 -0
package/corpus/supabase-style/tree/triggers.sql +3 -0
package/corpus/supabase-style/tree/types.sql +2 -0
package/corpus/supabase-style/tree/views.sql +6 -0
package/dist/audit.d.ts +20 -0
package/dist/audit.d.ts.map +1 -0
package/dist/audit.js +68 -0
package/dist/benchmark-db.d.ts +5 -0
package/dist/benchmark-db.d.ts.map +1 -0
package/dist/benchmark-db.js +71 -0
package/dist/benchmark-fixtures.d.ts +10 -0
package/dist/benchmark-fixtures.d.ts.map +1 -0
package/dist/benchmark-fixtures.js +201 -0
package/dist/benchmark.d.ts +2 -0
package/dist/benchmark.d.ts.map +1 -0
package/dist/benchmark.js +308 -0
package/dist/catalog-comments.d.ts +9 -0
package/dist/catalog-comments.d.ts.map +1 -0
package/dist/catalog-comments.js +194 -0
package/dist/catalog-extras.d.ts +12 -0
package/dist/catalog-extras.d.ts.map +1 -0
package/dist/catalog-extras.js +408 -0
package/dist/catalog-foreign.d.ts +15 -0
package/dist/catalog-foreign.d.ts.map +1 -0
package/dist/catalog-foreign.js +114 -0
package/dist/catalog-tables.d.ts +9 -0
package/dist/catalog-tables.d.ts.map +1 -0
package/dist/catalog-tables.js +114 -0
package/dist/catalog.d.ts +8 -0
package/dist/catalog.d.ts.map +1 -0
package/dist/catalog.js +351 -0
package/dist/check-hazards.d.ts +7 -0
package/dist/check-hazards.d.ts.map +1 -0
package/dist/check-hazards.js +83 -0
package/dist/check-reporters.d.ts +8 -0
package/dist/check-reporters.d.ts.map +1 -0
package/dist/check-reporters.js +76 -0
package/dist/check.d.ts +3 -0
package/dist/check.d.ts.map +1 -0
package/dist/check.js +229 -0
package/dist/cli-defaults.d.ts +24 -0
package/dist/cli-defaults.d.ts.map +1 -0
package/dist/cli-defaults.js +65 -0
package/dist/cli-diff.d.ts +13 -0
package/dist/cli-diff.d.ts.map +1 -0
package/dist/cli-diff.js +348 -0
package/dist/cli-reports.d.ts +9 -0
package/dist/cli-reports.d.ts.map +1 -0
package/dist/cli-reports.js +90 -0
package/dist/cli-tools.d.ts +17 -0
package/dist/cli-tools.d.ts.map +1 -0
package/dist/cli-tools.js +136 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +239 -0
package/dist/config-schema-gen.d.ts +2 -0
package/dist/config-schema-gen.d.ts.map +1 -0
package/dist/config-schema-gen.js +11 -0
package/dist/config.d.ts +58 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +132 -0
package/dist/core.d.ts +115 -0
package/dist/core.d.ts.map +1 -0
package/dist/core.js +1 -0
package/dist/corpus.d.ts +26 -0
package/dist/corpus.d.ts.map +1 -0
package/dist/corpus.js +112 -0
package/dist/database-url.d.ts +8 -0
package/dist/database-url.d.ts.map +1 -0
package/dist/database-url.js +74 -0
package/dist/db-admin.d.ts +23 -0
package/dist/db-admin.d.ts.map +1 -0
package/dist/db-admin.js +147 -0
package/dist/diagnostics.d.ts +16 -0
package/dist/diagnostics.d.ts.map +1 -0
package/dist/diagnostics.js +155 -0
package/dist/diff-score.d.ts +12 -0
package/dist/diff-score.d.ts.map +1 -0
package/dist/diff-score.js +339 -0
package/dist/doctor.d.ts +17 -0
package/dist/doctor.d.ts.map +1 -0
package/dist/doctor.js +110 -0
package/dist/hash.d.ts +7 -0
package/dist/hash.d.ts.map +1 -0
package/dist/hash.js +34 -0
package/dist/index.d.ts +24 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +17 -0
package/dist/lineage.d.ts +23 -0
package/dist/lineage.d.ts.map +1 -0
package/dist/lineage.js +61 -0
package/dist/migrations-status.d.ts +35 -0
package/dist/migrations-status.d.ts.map +1 -0
package/dist/migrations-status.js +131 -0
package/dist/plan-order.d.ts +4 -0
package/dist/plan-order.d.ts.map +1 -0
package/dist/plan-order.js +178 -0
package/dist/planner-replace.d.ts +4 -0
package/dist/planner-replace.d.ts.map +1 -0
package/dist/planner-replace.js +76 -0
package/dist/planner-table.d.ts +3 -0
package/dist/planner-table.d.ts.map +1 -0
package/dist/planner-table.js +165 -0
package/dist/planner.d.ts +5 -0
package/dist/planner.d.ts.map +1 -0
package/dist/planner.js +385 -0
package/dist/render-guards.d.ts +12 -0
package/dist/render-guards.d.ts.map +1 -0
package/dist/render-guards.js +159 -0
package/dist/render.d.ts +7 -0
package/dist/render.d.ts.map +1 -0
package/dist/render.js +325 -0
package/dist/selfcheck.d.ts +11 -0
package/dist/selfcheck.d.ts.map +1 -0
package/dist/selfcheck.js +43 -0
package/dist/source-normalize.d.ts +14 -0
package/dist/source-normalize.d.ts.map +1 -0
package/dist/source-normalize.js +420 -0
package/dist/source.d.ts +4 -0
package/dist/source.d.ts.map +1 -0
package/dist/source.js +233 -0
package/dist/sql/ast.d.ts +42 -0
package/dist/sql/ast.d.ts.map +1 -0
package/dist/sql/ast.js +241 -0
package/dist/sql/canonical-nodes.d.ts +5 -0
package/dist/sql/canonical-nodes.d.ts.map +1 -0
package/dist/sql/canonical-nodes.js +101 -0
package/dist/sql/extract-helpers.d.ts +18 -0
package/dist/sql/extract-helpers.d.ts.map +1 -0
package/dist/sql/extract-helpers.js +127 -0
package/dist/sql/extract.d.ts +13 -0
package/dist/sql/extract.d.ts.map +1 -0
package/dist/sql/extract.js +323 -0
package/dist/sql/facts.d.ts +34 -0
package/dist/sql/facts.d.ts.map +1 -0
package/dist/sql/facts.js +392 -0
package/dist/sql/identifiers.d.ts +13 -0
package/dist/sql/identifiers.d.ts.map +1 -0
package/dist/sql/identifiers.js +83 -0
package/dist/sql/normalize-deparse.d.ts +25 -0
package/dist/sql/normalize-deparse.d.ts.map +1 -0
package/dist/sql/normalize-deparse.js +96 -0
package/dist/sql/object-hash.d.ts +5 -0
package/dist/sql/object-hash.d.ts.map +1 -0
package/dist/sql/object-hash.js +24 -0
package/dist/sql/parser.d.ts +8 -0
package/dist/sql/parser.d.ts.map +1 -0
package/dist/sql/parser.js +89 -0
package/dist/sql/privileges.d.ts +33 -0
package/dist/sql/privileges.d.ts.map +1 -0
package/dist/sql/privileges.js +379 -0
package/dist/sql/split.d.ts +3 -0
package/dist/sql/split.d.ts.map +1 -0
package/dist/sql/split.js +182 -0
package/dist/sql/statements.d.ts +17 -0
package/dist/sql/statements.d.ts.map +1 -0
package/dist/sql/statements.js +284 -0
package/dist/sql/table-constraints.d.ts +15 -0
package/dist/sql/table-constraints.d.ts.map +1 -0
package/dist/sql/table-constraints.js +304 -0
package/dist/sql/table-shape.d.ts +38 -0
package/dist/sql/table-shape.d.ts.map +1 -0
package/dist/sql/table-shape.js +287 -0
package/dist/sync.d.ts +27 -0
package/dist/sync.d.ts.map +1 -0
package/dist/sync.js +86 -0
package/dist/typegen-model.d.ts +78 -0
package/dist/typegen-model.d.ts.map +1 -0
package/dist/typegen-model.js +338 -0
package/dist/typegen-views.d.ts +7 -0
package/dist/typegen-views.d.ts.map +1 -0
package/dist/typegen-views.js +92 -0
package/dist/typegen-zod.d.ts +3 -0
package/dist/typegen-zod.d.ts.map +1 -0
package/dist/typegen-zod.js +149 -0
package/dist/typegen.d.ts +4 -0
package/dist/typegen.d.ts.map +1 -0
package/dist/typegen.js +184 -0
package/dist/validators.d.ts +3 -0
package/dist/validators.d.ts.map +1 -0
package/dist/validators.js +104 -0
package/dist/verify-environment.d.ts +5 -0
package/dist/verify-environment.d.ts.map +1 -0
package/dist/verify-environment.js +92 -0
package/dist/verify.d.ts +3 -0
package/dist/verify.d.ts.map +1 -0
package/dist/verify.js +261 -0
package/docs/benchmarks/additive-correctness.svg +86 -0
package/docs/benchmarks/additive-latency.svg +60 -0
package/docs/benchmarks/functions-policies-correctness.svg +86 -0
package/docs/benchmarks/functions-policies-latency.svg +60 -0
package/docs/benchmarks/realistic-correctness.svg +86 -0
package/docs/benchmarks/realistic-latency.svg +60 -0
package/docs/benchmarks/scaling-latency.svg +106 -0
package/docs/benchmarks/workflow-latency.svg +98 -0
package/docs/benchmarks/xl-correctness.svg +86 -0
package/docs/benchmarks/xl-latency.svg +60 -0
package/docs/benchmarks/xxl-correctness.svg +86 -0
package/docs/benchmarks/xxl-latency.svg +66 -0
package/docs/case-study-anilize.md +51 -0
package/docs/ci-gate.md +44 -0
package/docs/ci.md +68 -0
package/docs/commands.md +35 -0
package/docs/config.md +72 -0
package/docs/corpus.md +33 -0
package/docs/diagnostics.md +77 -0
package/docs/hints.md +92 -0
package/docs/release.md +19 -0
package/docs/support-matrix.md +57 -0
package/examples/postgres/schemas/001_app.sql +17 -0
package/examples/supabase/schemas/001_app.sql +13 -0
package/examples/supabase/schemas-next/001_app.sql +21 -0
package/examples/supabase/supaschema.config.json +15 -0
package/package.json +99 -0

package/dist/check-hazards.js ADDED Viewed

@@ -0,0 +1,83 @@
+import { diagnostic } from "./diagnostics.js";
+import { asRecord, qualifiedName, readString } from "./sql/ast.js";
+export function newEnumAdditionState() {
+    return new Map();
+}
+export function recordEnumAdditions(statement, state) {
+    if (statement.tag !== "AlterEnumStmt") {
+        return;
+    }
+    const node = asRecord(statement.node.AlterEnumStmt);
+    const name = qualifiedName(node?.typeName);
+    const newValue = readString(node?.newVal);
+    if (!name || newValue === undefined) {
+        return;
+    }
+    for (const key of [`${name.schema}.${name.name}`, name.name]) {
+        const values = state.get(key) ?? new Set();
+        values.add(newValue);
+        state.set(key, values);
+    }
+}
+export function enumValueUseDiagnostics(statement, state, config) {
+    if (state.size === 0 || statement.tag === "AlterEnumStmt") {
+        return [];
+    }
+    const uses = [];
+    collectEnumValueUses(statement.node, state, uses);
+    if (uses.length === 0) {
+        return [];
+    }
+    const severity = config.transactionMode === "per-migration" ? "error" : "warning";
+    return uses.map((use) => diagnostic("SUPA_CHECK_ENUM_VALUE_USE_SAME_TRANSACTION", severity, `enum value ${use} is added and used in the same migration; PostgreSQL cannot use a value added in the same transaction`, {
+        hint: "Move the usage to a follow-up migration, or run the runner without transaction wrapping and set transactionMode to per-statement.",
+        statement: statement.text,
+    }));
+}
+function collectEnumValueUses(value, state, uses) {
+    if (Array.isArray(value)) {
+        for (const item of value) {
+            collectEnumValueUses(item, state, uses);
+        }
+        return;
+    }
+    const record = asRecord(value);
+    if (!record) {
+        return;
+    }
+    const typeCast = asRecord(record.TypeCast);
+    if (typeCast) {
+        const typeName = asRecord(asRecord(typeCast.typeName)?.TypeName) ?? asRecord(typeCast.typeName);
+        const name = qualifiedName(typeName?.names);
+        const literal = castStringLiteral(typeCast.arg);
+        if (name && literal !== undefined) {
+            const added = state.get(`${name.schema}.${name.name}`) ??
+                (name.schema === "public" ? state.get(name.name) : undefined);
+            if (added?.has(literal)) {
+                uses.push(`'${literal}'::${name.schema}.${name.name}`);
+            }
+        }
+    }
+    for (const child of Object.values(record)) {
+        if (child && typeof child === "object") {
+            collectEnumValueUses(child, state, uses);
+        }
+    }
+}
+function castStringLiteral(arg) {
+    const constant = asRecord(asRecord(arg)?.A_Const);
+    return readString(asRecord(constant?.sval)?.sval);
+}
+export function escalateNontransactional(diagnostics, config) {
+    const escalate = config.adapter === "supabase-auto" || config.transactionMode === "per-migration";
+    if (!escalate) {
+        return diagnostics;
+    }
+    return diagnostics.map((item) => {
+        if (item.code === "SUPA_CHECK_NONTRANSACTIONAL_INDEX" ||
+            item.code === "SUPA_CHECK_NONTRANSACTIONAL_REFRESH") {
+            return { ...item, severity: "error" };
+        }
+        return item;
+    });
+}

package/dist/check-reporters.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { Diagnostic } from "./core.js";
+export type CheckReporter = "text" | "github" | "sarif" | "json";
+export interface FileDiagnostics {
+    diagnostics: Diagnostic[];
+    file: string;
+}
+export declare function renderCheckReport(reporter: CheckReporter, files: FileDiagnostics[]): string;
+//# sourceMappingURL=check-reporters.d.ts.map

package/dist/check-reporters.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"check-reporters.d.ts","sourceRoot":"","sources":["../src/check-reporters.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAG5C,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;AAEjE,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,MAAM,CAe3F"}

package/dist/check-reporters.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { formatDiagnostics } from "./diagnostics.js";
+export function renderCheckReport(reporter, files) {
+    switch (reporter) {
+        case "github":
+            return renderGithub(files);
+        case "sarif":
+            return renderSarif(files);
+        case "json":
+            return `${JSON.stringify(files.map((entry) => ({ diagnostics: entry.diagnostics, file: entry.file })), null, 2)}\n`;
+        default:
+            return renderText(files);
+    }
+}
+function renderText(files) {
+    const lines = [];
+    for (const entry of files) {
+        if (entry.diagnostics.length === 0) {
+            continue;
+        }
+        if (files.length > 1) {
+            lines.push(`${entry.file}:`);
+        }
+        lines.push(formatDiagnostics(entry.diagnostics));
+    }
+    return lines.length > 0 ? `${lines.join("\n")}\n` : "";
+}
+function renderGithub(files) {
+    const lines = [];
+    for (const entry of files) {
+        for (const item of entry.diagnostics) {
+            const level = item.severity === "error" ? "error" : "warning";
+            const message = escapeGithubData(`${item.code}: ${item.message}${item.hint ? ` (${item.hint})` : ""}`);
+            lines.push(`::${level} file=${escapeGithubProperty(entry.file)},title=${item.code}::${message}`);
+        }
+    }
+    return lines.length > 0 ? `${lines.join("\n")}\n` : "";
+}
+function renderSarif(files) {
+    const results = files.flatMap((entry) => entry.diagnostics.map((item) => ({
+        level: item.severity === "error" ? "error" : "warning",
+        locations: [
+            {
+                physicalLocation: {
+                    artifactLocation: { uri: entry.file },
+                },
+            },
+        ],
+        message: { text: `${item.message}${item.hint ? ` (${item.hint})` : ""}` },
+        ruleId: item.code,
+    })));
+    const sarif = {
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        runs: [
+            {
+                results,
+                tool: {
+                    driver: {
+                        informationUri: "https://github.com/jmclaughlin724/supaschema",
+                        name: "supaschema",
+                        rules: [...new Set(results.map((result) => result.ruleId))].map((code) => ({
+                            id: code,
+                        })),
+                    },
+                },
+            },
+        ],
+        version: "2.1.0",
+    };
+    return `${JSON.stringify(sarif, null, 2)}\n`;
+}
+function escapeGithubData(value) {
+    return value.replace(/%/g, "%25").replace(/\r/g, "%0D").replace(/\n/g, "%0A");
+}
+function escapeGithubProperty(value) {
+    return escapeGithubData(value).replace(/:/g, "%3A").replace(/,/g, "%2C");
+}

package/dist/check.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { CheckOptions, Diagnostic } from "./core.js";
+export declare function checkMigrationSql(sql: string, options?: CheckOptions): Promise<Diagnostic[]>;
+//# sourceMappingURL=check.d.ts.map

package/dist/check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../src/check.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAiC1D,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,UAAU,EAAE,CAAC,CA4BvB"}

package/dist/check.js ADDED Viewed

@@ -0,0 +1,229 @@
+import { enumValueUseDiagnostics, escalateNontransactional, newEnumAdditionState, recordEnumAdditions, } from "./check-hazards.js";
+import { resolveConfig } from "./config.js";
+import { diagnostic } from "./diagnostics.js";
+import { asRecord, astStatements, readArray, readBoolean, readString, stringList, } from "./sql/ast.js";
+import { deparseFidelityDiagnostics } from "./sql/normalize-deparse.js";
+import { parseSqlAst } from "./sql/parser.js";
+import { runConfiguredValidators } from "./validators.js";
+const guardedCreateChecks = [
+    { code: "SUPA_CHECK_CREATE_SCHEMA_GUARD", kind: "SCHEMA", tag: "CreateSchemaStmt" },
+    { code: "SUPA_CHECK_CREATE_EXTENSION_GUARD", kind: "EXTENSION", tag: "CreateExtensionStmt" },
+    { code: "SUPA_CHECK_CREATE_TABLE_GUARD", kind: "TABLE", tag: "CreateStmt" },
+    { code: "SUPA_CHECK_CREATE_SEQUENCE_GUARD", kind: "SEQUENCE", tag: "CreateSeqStmt" },
+    { code: "SUPA_CHECK_CREATE_INDEX_GUARD", kind: "INDEX", tag: "IndexStmt" },
+];
+const volatileDefaultFunctions = new Set([
+    "clock_timestamp",
+    "gen_random_uuid",
+    "nextval",
+    "random",
+    "timeofday",
+    "uuid_generate_v1",
+    "uuid_generate_v4",
+]);
+export async function checkMigrationSql(sql, options = {}) {
+    const config = resolveConfig(options.config);
+    const diagnostics = [];
+    if (options.parse ?? true) {
+        const parsed = await parseSqlAst(sql);
+        diagnostics.push(...parsed.diagnostics);
+        if (parsed.ast !== undefined) {
+            const statements = astStatements(parsed.ast, sql);
+            const enumAdditions = newEnumAdditionState();
+            for (const [index, statement] of statements.entries()) {
+                diagnostics.push(...escalateNontransactional(checkStatement(statement, statements[index - 1]), config), ...enumValueUseDiagnostics(statement, enumAdditions, config));
+                recordEnumAdditions(statement, enumAdditions);
+            }
+            diagnostics.push(...(await deparseFidelityDiagnostics(sql)));
+        }
+    }
+    const validatorOptions = {};
+    if (options.config !== undefined) {
+        validatorOptions.config = options.config;
+    }
+    if (options.cwd !== undefined) {
+        validatorOptions.cwd = options.cwd;
+    }
+    diagnostics.push(...(await runConfiguredValidators(sql, validatorOptions)));
+    return diagnostics;
+}
+function checkStatement(statement, previous) {
+    const diagnostics = [];
+    const node = asRecord(statement.node[statement.tag]);
+    if (!node) {
+        return diagnostics;
+    }
+    switch (statement.tag) {
+        case "DropStmt":
+            diagnostics.push(...checkDropStatement(node, statement.text));
+            break;
+        case "VariableSetStmt":
+            if (readString(node.name) === "search_path") {
+                diagnostics.push(diagnostic("SUPA_CHECK_SEARCH_PATH", "error", "migrations must not depend on session search_path", {
+                    hint: "Use schema-qualified object references and function-level SET search_path where needed.",
+                    statement: statement.text,
+                }));
+            }
+            break;
+        case "ViewStmt":
+            if (!readBoolean(node.replace)) {
+                diagnostics.push(diagnostic("SUPA_CHECK_CREATE_VIEW_REPLACE", "error", "VIEW creation must use OR REPLACE", {
+                    statement: statement.text,
+                }));
+            }
+            break;
+        case "CreateFunctionStmt":
+            diagnostics.push(...checkFunctionStatement(node, statement.text));
+            break;
+        case "CreateEnumStmt":
+        case "CompositeTypeStmt":
+        case "CreateRangeStmt":
+        case "CreateDomainStmt":
+            diagnostics.push(diagnostic("SUPA_CHECK_CREATE_TYPE_GUARD", "error", "TYPE and DOMAIN creation must be wrapped in a catalog guard", { statement: statement.text }));
+            break;
+        case "CreateTableAsStmt":
+            if (readString(node.objtype) === "OBJECT_MATVIEW" &&
+                !readBoolean(node.if_not_exists) &&
+                !readBoolean(asRecord(node.into)?.if_not_exists)) {
+                diagnostics.push(diagnostic("SUPA_CHECK_CREATE_MATERIALIZED_VIEW_GUARD", "error", "MATERIALIZED VIEW creation must use IF NOT EXISTS or a catalog guard", { statement: statement.text }));
+            }
+            break;
+        case "CreatePolicyStmt":
+            if (!previousDrops(previous, "OBJECT_POLICY")) {
+                diagnostics.push(diagnostic("SUPA_CHECK_POLICY_REPLACEMENT", "error", "CREATE POLICY has no OR REPLACE form and must be preceded by DROP POLICY IF EXISTS", { statement: statement.text }));
+            }
+            break;
+        case "CreateTrigStmt":
+            if (!readBoolean(node.replace) && !previousDrops(previous, "OBJECT_TRIGGER")) {
+                diagnostics.push(diagnostic("SUPA_CHECK_CREATE_TRIGGER_REPLACEMENT", "error", "CREATE TRIGGER must be preceded by DROP TRIGGER IF EXISTS", { statement: statement.text }));
+            }
+            break;
+        case "IndexStmt":
+            if (readBoolean(node.concurrent)) {
+                diagnostics.push(diagnostic("SUPA_CHECK_NONTRANSACTIONAL_INDEX", "warning", "CREATE INDEX CONCURRENTLY cannot run inside a transaction block", {
+                    hint: "Run this migration with transaction wrapping disabled.",
+                    statement: statement.text,
+                }));
+            }
+            break;
+        case "RefreshMatViewStmt":
+            if (readBoolean(node.concurrent)) {
+                diagnostics.push(diagnostic("SUPA_CHECK_NONTRANSACTIONAL_REFRESH", "warning", "REFRESH MATERIALIZED VIEW CONCURRENTLY cannot run inside a transaction block", {
+                    hint: "Run this migration with transaction wrapping disabled.",
+                    statement: statement.text,
+                }));
+            }
+            break;
+        case "AlterTableStmt":
+            diagnostics.push(...checkAlterTableStatement(node, statement.text));
+            break;
+        case "InsertStmt":
+            if (asRecord(node.onConflictClause) === undefined) {
+                diagnostics.push(diagnostic("SUPA_CHECK_INSERT_ON_CONFLICT", "error", "INSERT statements in migrations must use ON CONFLICT for replay safety", { statement: statement.text }));
+            }
+            break;
+        case "UpdateStmt":
+        case "DeleteStmt":
+            diagnostics.push(diagnostic("SUPA_CHECK_DML_REVIEW", "warning", "data-modifying statements in migrations require explicit idempotency review", { statement: statement.text }));
+            break;
+        default:
+            break;
+    }
+    for (const guarded of guardedCreateChecks) {
+        if (statement.tag === guarded.tag && !readBoolean(node.if_not_exists)) {
+            diagnostics.push(diagnostic(guarded.code, "error", `${guarded.kind} creation must use IF NOT EXISTS or a catalog guard`, { statement: statement.text }));
+        }
+    }
+    return diagnostics;
+}
+function checkDropStatement(node, text) {
+    const diagnostics = [];
+    if (readString(node.behavior) === "DROP_CASCADE") {
+        diagnostics.push(diagnostic("SUPA_CHECK_CASCADE", "error", "implicit CASCADE is forbidden", {
+            hint: "Drop dependent objects explicitly in dependency order.",
+            statement: text,
+        }));
+    }
+    if (!readBoolean(node.missing_ok)) {
+        diagnostics.push(diagnostic("SUPA_CHECK_DROP_IF_EXISTS", "error", "DROP statements must use IF EXISTS", {
+            statement: text,
+        }));
+    }
+    return diagnostics;
+}
+function checkFunctionStatement(node, text) {
+    const diagnostics = [];
+    if (!readBoolean(node.replace)) {
+        diagnostics.push(diagnostic("SUPA_CHECK_CREATE_ROUTINE_REPLACE", "error", "FUNCTION and PROCEDURE creation must use OR REPLACE", { statement: text }));
+    }
+    let securityDefiner = false;
+    let setsSearchPath = false;
+    for (const item of readArray(node.options)) {
+        const defElem = asRecord(asRecord(item)?.DefElem);
+        const name = readString(defElem?.defname);
+        if (name === "security" && readBoolean(defElem?.arg)) {
+            securityDefiner = true;
+        }
+        if (name === "set") {
+            const setStmt = asRecord(asRecord(defElem?.arg)?.VariableSetStmt);
+            if (readString(setStmt?.name) === "search_path") {
+                setsSearchPath = true;
+            }
+        }
+    }
+    if (securityDefiner && !setsSearchPath) {
+        diagnostics.push(diagnostic("SUPA_CHECK_SECURITY_DEFINER_SEARCH_PATH", "warning", "SECURITY DEFINER functions should set a safe function-local search_path", { statement: text }));
+    }
+    return diagnostics;
+}
+function checkAlterTableStatement(node, text) {
+    const diagnostics = [];
+    for (const item of readArray(node.cmds)) {
+        const command = asRecord(asRecord(item)?.AlterTableCmd);
+        const subtype = readString(command?.subtype);
+        if (subtype === "AT_AddConstraint") {
+            diagnostics.push(diagnostic("SUPA_CHECK_ADD_CONSTRAINT_GUARD", "error", "ADD CONSTRAINT must be wrapped in a catalog guard", { statement: text }));
+        }
+        if (subtype === "AT_AlterColumnType") {
+            diagnostics.push(diagnostic("SUPA_CHECK_ALTER_COLUMN_TYPE_REWRITE", "warning", "ALTER COLUMN TYPE can rewrite the table under an ACCESS EXCLUSIVE lock", {
+                hint: "Verify the rewrite window is acceptable for populated tables.",
+                statement: text,
+            }));
+        }
+        if (subtype === "AT_SetNotNull") {
+            diagnostics.push(diagnostic("SUPA_CHECK_SET_NOT_NULL_SCAN", "warning", "SET NOT NULL scans the full table unless a validated CHECK constraint already proves it", { statement: text }));
+        }
+        if (subtype === "AT_AddColumn") {
+            const columnDef = asRecord(asRecord(command?.def)?.ColumnDef);
+            if (columnDef && hasVolatileDefault(columnDef)) {
+                diagnostics.push(diagnostic("SUPA_CHECK_VOLATILE_DEFAULT_REWRITE", "warning", "ADD COLUMN with a volatile default rewrites the whole table", {
+                    hint: "Add the column without a default, backfill in batches, then set the default.",
+                    statement: text,
+                }));
+            }
+        }
+    }
+    return diagnostics;
+}
+function hasVolatileDefault(columnDef) {
+    for (const item of readArray(columnDef.constraints)) {
+        const constraint = asRecord(asRecord(item)?.Constraint);
+        if (readString(constraint?.contype) !== "CONSTR_DEFAULT") {
+            continue;
+        }
+        const funcCall = asRecord(asRecord(constraint?.raw_expr)?.FuncCall);
+        const names = stringList(funcCall?.funcname);
+        const callee = names.at(-1);
+        if (callee && volatileDefaultFunctions.has(callee.toLowerCase())) {
+            return true;
+        }
+    }
+    return false;
+}
+function previousDrops(previous, removeType) {
+    if (previous?.tag !== "DropStmt") {
+        return false;
+    }
+    const node = asRecord(previous.node.DropStmt);
+    return readString(node?.removeType) === removeType && readBoolean(node?.missing_ok);
+}

package/dist/cli-defaults.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { SupaschemaConfig } from "./config.js";
+import type { MigrationPlan } from "./core.js";
+export interface ResolvedSources {
+    from: string;
+    notice: string | undefined;
+    to: string;
+}
+export declare function defaultTreeSource(config: SupaschemaConfig): string;
+export declare function resolveMigrationsDir(flagValue: string | undefined, config: SupaschemaConfig): string;
+/**
+ * Zero-flag source resolution: --to defaults to the declarative tree from
+ * config.schemaPaths, --from defaults to the resolved database (the applied
+ * state) and falls back to git:HEAD when no database URL resolves. The
+ * notice names every defaulted lane so the chosen sources are never silent.
+ */
+export declare function resolveSourceDefaults(options: {
+    from?: string;
+    to?: string;
+}, config: SupaschemaConfig, resolveDbUrl: () => Promise<string | undefined>): Promise<ResolvedSources>;
+export declare function defaultMigrationName(plan: MigrationPlan): string;
+export declare function migrationNameSlug(value: string): string;
+export declare function migrationFiles(directory: string): Promise<string[]>;
+export declare function latestMigrationFile(directory: string): Promise<string | undefined>;
+//# sourceMappingURL=cli-defaults.d.ts.map

package/dist/cli-defaults.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli-defaults.d.ts","sourceRoot":"","sources":["../src/cli-defaults.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG/C,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAElE;AAED,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,MAAM,EAAE,gBAAgB,GACvB,MAAM,CAER;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,EAAE,CAAC,EAAE,MAAM,CAAA;CAAE,EACvC,MAAM,EAAE,gBAAgB,EACxB,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAC9C,OAAO,CAAC,eAAe,CAAC,CAe1B;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAOhE;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMvD;AAED,wBAAsB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAczE;AAED,wBAAsB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAGxF"}

package/dist/cli-defaults.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { readdir } from "node:fs/promises";
+import { join } from "node:path";
+import { redactSecrets } from "./diagnostics.js";
+export function defaultTreeSource(config) {
+    return `dir:${config.schemaPaths[0] ?? "supabase/schemas"}`;
+}
+export function resolveMigrationsDir(flagValue, config) {
+    return flagValue ?? config.migrationsDir;
+}
+/**
+ * Zero-flag source resolution: --to defaults to the declarative tree from
+ * config.schemaPaths, --from defaults to the resolved database (the applied
+ * state) and falls back to git:HEAD when no database URL resolves. The
+ * notice names every defaulted lane so the chosen sources are never silent.
+ */
+export async function resolveSourceDefaults(options, config, resolveDbUrl) {
+    const defaulted = [];
+    const to = options.to ?? defaultTreeSource(config);
+    if (options.to === undefined) {
+        defaulted.push(`--to ${to}`);
+    }
+    let from = options.from;
+    if (from === undefined) {
+        const databaseUrl = await resolveDbUrl();
+        from = databaseUrl === undefined ? "git:HEAD" : `database:${databaseUrl}`;
+        defaulted.push(`--from ${redactSecrets(from)}`);
+    }
+    const notice = defaulted.length > 0 ? `defaults: ${defaulted.join(" · ")} (flags override)\n` : undefined;
+    return { from, notice, to };
+}
+export function defaultMigrationName(plan) {
+    const first = plan.operations[0];
+    if (plan.operations.length === 1 && first) {
+        const name = first.ref.name ?? first.key;
+        return migrationNameSlug(`${first.kind}_${first.ref.kind}_${name}`);
+    }
+    return "schema_diff";
+}
+export function migrationNameSlug(value) {
+    return value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/gu, "_")
+        .replace(/^_+|_+$/gu, "")
+        .slice(0, 60);
+}
+export async function migrationFiles(directory) {
+    let entries;
+    try {
+        entries = await readdir(directory);
+    }
+    catch (error) {
+        if (error instanceof Error && "code" in error && error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    }
+    return entries
+        .filter((entry) => entry.endsWith(".sql"))
+        .sort((left, right) => left.localeCompare(right))
+        .map((entry) => join(directory, entry));
+}
+export async function latestMigrationFile(directory) {
+    const files = await migrationFiles(directory);
+    return files.at(-1);
+}

package/dist/cli-diff.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { Command } from "commander";
+import type { SupaschemaConfig } from "./config.js";
+import type { Diagnostic, MigrationPlan, SchemaModel } from "./core.js";
+export interface DiffCommandContext {
+    cliVersion: string;
+    loadCliConfig: () => Promise<SupaschemaConfig>;
+    printDiagnostics: (diagnostics: Diagnostic[]) => void;
+    resolveCliDatabaseUrl: (explicit?: string) => Promise<string | undefined>;
+}
+export declare function registerDiffCommands(program: Command, context: DiffCommandContext): void;
+export declare function filterModel(model: SchemaModel, schemaFilter: string | undefined): SchemaModel;
+export declare function renderPlanSummary(plan: MigrationPlan): string;
+//# sourceMappingURL=cli-diff.d.ts.map

package/dist/cli-diff.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli-diff.d.ts","sourceRoot":"","sources":["../src/cli-diff.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQzC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAuBxE,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC/C,gBAAgB,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;IACtD,qBAAqB,EAAE,CAAC,QAAQ,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;CAC3E;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,GAAG,IAAI,CA6DxF;AAmQD,wBAAgB,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,WAAW,CAW7F;AAiDD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAiC7D"}