supaschema 0.1.0-rc.1

package/dist/sql/parser.js

@@ -0,0 +1,89 @@
+import { diagnostic } from "../diagnostics.js";
+import { sha256 } from "../hash.js";
+const parseCacheLimit = 2000;
+const parseCache = new Map();
+let cachedParser;
+export async function parseSql(sql, file) {
+    return (await parseSqlAst(sql, file)).diagnostics;
+}
+export async function parseSqlAst(sql, file) {
+    const cacheKey = sha256(sql);
+    const cached = parseCache.get(cacheKey);
+    if (cached) {
+        return withLocation(cached, file);
+    }
+    const outcome = await parseUncached(sql);
+    if (parseCache.size >= parseCacheLimit) {
+        parseCache.clear();
+    }
+    parseCache.set(cacheKey, outcome);
+    return withLocation(outcome, file);
+}
+async function parseUncached(sql) {
+    try {
+        const parser = await loadParser();
+        if (!parser) {
+            return {
+                diagnostics: [
+                    diagnostic("SUPA_PARSE_UNAVAILABLE", "warning", "libpg-query did not expose a parser", {}),
+                ],
+            };
+        }
+        return {
+            ast: await parser(sql),
+            diagnostics: [],
+        };
+    }
+    catch (error) {
+        return {
+            diagnostics: [
+                diagnostic("SUPA_PARSE_ERROR", "error", errorMessage(error), {
+                    statement: sql,
+                }),
+            ],
+        };
+    }
+}
+async function loadParser() {
+    if (cachedParser !== undefined && cachedParser !== null) {
+        return cachedParser;
+    }
+    if (cachedParser === null) {
+        return undefined;
+    }
+    const module = (await import("libpg-query"));
+    const parser = findParser(module);
+    cachedParser = parser ?? null;
+    return parser;
+}
+function withLocation(outcome, file) {
+    if (!file || outcome.diagnostics.length === 0) {
+        return outcome;
+    }
+    return {
+        ...outcome,
+        diagnostics: outcome.diagnostics.map((item) => ({ ...item, file })),
+    };
+}
+function findParser(module) {
+    const candidates = [
+        module.parse,
+        module.parseQuery,
+        module.parseSync,
+        module.default?.parse,
+        module.default?.parseQuery,
+        module.default?.parseSync,
+    ];
+    for (const candidate of candidates) {
+        if (typeof candidate === "function") {
+            return candidate;
+        }
+    }
+    return undefined;
+}
+function errorMessage(error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    return String(error);
+}

package/dist/sql/privileges.d.ts

@@ -0,0 +1,33 @@
+import type { SchemaObject } from "../core.js";
+import type { AstNode } from "./ast.js";
+export declare function builtinPublicDefault(kindPhrase: string): string[] | undefined;
+/** A GRANT that restates the built-in default ACL is a semantic no-op. */
+export declare function isBuiltinDefaultGrant(kindPhrase: string, grantee: string, privileges: string[]): boolean;
+export interface GrantObjectInput {
+    grantee: string;
+    kindPhrase: string;
+    ordinal: number;
+    privileges: string[];
+    schema?: string | undefined;
+    targetIdentity: string;
+    targetRendered: string;
+    verb: "GRANT" | "REVOKE";
+    withGrantOption?: boolean;
+    file?: string | undefined;
+}
+export declare function buildGrantObject(input: GrantObjectInput): SchemaObject;
+export interface DefaultPrivilegeObjectInput {
+    forRole?: string | undefined;
+    grantee: string;
+    objectType: string;
+    ordinal: number;
+    privileges: string[];
+    schema?: string | undefined;
+    verb: "GRANT" | "REVOKE";
+    file?: string | undefined;
+}
+export declare function buildDefaultPrivilegeObject(input: DefaultPrivilegeObjectInput): SchemaObject;
+export declare function grantObjectsFromAst(node: AstNode, statement: string, ordinal: number, file?: string): SchemaObject[];
+export declare function defaultPrivilegesFromAst(node: AstNode, statement: string, ordinal: number, file?: string): SchemaObject[];
+export declare function commentObjectFromAst(node: AstNode, statement: string, ordinal: number, file?: string): SchemaObject | undefined;
+//# sourceMappingURL=privileges.d.ts.map

package/dist/sql/privileges.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"privileges.d.ts","sourceRoot":"","sources":["../../src/sql/privileges.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAa,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAmGxC,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAK7E;AAED,0EAA0E;AAC1E,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAcT;AAiBD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,GAAG,YAAY,CAqBtE;AAED,MAAM,WAAW,2BAA2B;IAC1C,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,2BAA2B,GAAG,YAAY,CA6B5F;AAED,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,OAAO,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,GACZ,YAAY,EAAE,CAqChB;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,OAAO,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,GACZ,YAAY,EAAE,CAsChB;AAqBD,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,OAAO,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,MAAM,GACZ,YAAY,GAAG,SAAS,CAgB1B"}

package/dist/sql/privileges.js

@@ -0,0 +1,379 @@
+import { sha256 } from "../hash.js";
+import { asRecord, listItems, objectWithArgsIdentity, qualifiedName, rangeVarName, readArray, readBoolean, readString, roleSpecName, stringList, stringValue, typeNameToSql, } from "./ast.js";
+import { formatQualifiedName, normalizeSql, quoteIdent } from "./identifiers.js";
+import { makeObject } from "./statements.js";
+const grantObjectKinds = new Map([
+    ["OBJECT_DATABASE", "DATABASE"],
+    ["OBJECT_DOMAIN", "DOMAIN"],
+    ["OBJECT_FDW", "FOREIGN DATA WRAPPER"],
+    ["OBJECT_FOREIGN_SERVER", "FOREIGN SERVER"],
+    ["OBJECT_FUNCTION", "FUNCTION"],
+    ["OBJECT_LANGUAGE", "LANGUAGE"],
+    ["OBJECT_LARGEOBJECT", "LARGE OBJECT"],
+    ["OBJECT_PROCEDURE", "PROCEDURE"],
+    ["OBJECT_ROUTINE", "ROUTINE"],
+    ["OBJECT_SCHEMA", "SCHEMA"],
+    ["OBJECT_SEQUENCE", "SEQUENCE"],
+    ["OBJECT_TABLE", "TABLE"],
+    ["OBJECT_TABLESPACE", "TABLESPACE"],
+    ["OBJECT_TYPE", "TYPE"],
+]);
+const allInSchemaKinds = new Map([
+    ["OBJECT_FUNCTION", "ALL FUNCTIONS IN SCHEMA"],
+    ["OBJECT_PROCEDURE", "ALL PROCEDURES IN SCHEMA"],
+    ["OBJECT_ROUTINE", "ALL ROUTINES IN SCHEMA"],
+    ["OBJECT_SEQUENCE", "ALL SEQUENCES IN SCHEMA"],
+    ["OBJECT_TABLE", "ALL TABLES IN SCHEMA"],
+]);
+const defaultPrivilegeKinds = new Map([
+    ["OBJECT_FUNCTION", "FUNCTIONS"],
+    ["OBJECT_PROCEDURE", "ROUTINES"],
+    ["OBJECT_ROUTINE", "ROUTINES"],
+    ["OBJECT_SCHEMA", "SCHEMAS"],
+    ["OBJECT_SEQUENCE", "SEQUENCES"],
+    ["OBJECT_TABLE", "TABLES"],
+    ["OBJECT_TYPE", "TYPES"],
+]);
+const fullPrivilegeSets = new Map([
+    ["DATABASE", ["CONNECT", "CREATE", "TEMPORARY"]],
+    ["DOMAIN", ["USAGE"]],
+    ["FOREIGN DATA WRAPPER", ["USAGE"]],
+    ["FOREIGN SERVER", ["USAGE"]],
+    ["FUNCTION", ["EXECUTE"]],
+    ["FUNCTIONS", ["EXECUTE"]],
+    ["LANGUAGE", ["USAGE"]],
+    ["LARGE OBJECT", ["SELECT", "UPDATE"]],
+    ["PROCEDURE", ["EXECUTE"]],
+    ["ROUTINE", ["EXECUTE"]],
+    ["ROUTINES", ["EXECUTE"]],
+    ["SCHEMA", ["CREATE", "USAGE"]],
+    ["SCHEMAS", ["CREATE", "USAGE"]],
+    ["SEQUENCE", ["SELECT", "UPDATE", "USAGE"]],
+    ["SEQUENCES", ["SELECT", "UPDATE", "USAGE"]],
+    ["TABLE", ["DELETE", "INSERT", "REFERENCES", "SELECT", "TRIGGER", "TRUNCATE", "UPDATE"]],
+    ["TABLES", ["DELETE", "INSERT", "REFERENCES", "SELECT", "TRIGGER", "TRUNCATE", "UPDATE"]],
+    ["TABLESPACE", ["CREATE"]],
+    ["TYPE", ["USAGE"]],
+    ["TYPES", ["USAGE"]],
+]);
+// PostgreSQL's built-in default ACL (acldefault): PUBLIC implicitly holds
+// EXECUTE on routines and USAGE on types/domains/languages. pg_dump only
+// dumps ACL deltas against these defaults; both supaschema lanes do the
+// same so an explicit grant on one object does not surface the materialized
+// default entries as drift.
+const builtinPublicDefaults = new Map([
+    ["DOMAIN", ["USAGE"]],
+    ["FUNCTION", ["EXECUTE"]],
+    ["FUNCTIONS", ["EXECUTE"]],
+    ["LANGUAGE", ["USAGE"]],
+    ["PROCEDURE", ["EXECUTE"]],
+    ["ROUTINE", ["EXECUTE"]],
+    ["ROUTINES", ["EXECUTE"]],
+    ["TYPE", ["USAGE"]],
+    ["TYPES", ["USAGE"]],
+]);
+export function builtinPublicDefault(kindPhrase) {
+    const lookupKey = kindPhrase.startsWith("ALL ")
+        ? (kindPhrase.split(" ")[1] ?? kindPhrase)
+        : kindPhrase;
+    return builtinPublicDefaults.get(lookupKey);
+}
+/** A GRANT that restates the built-in default ACL is a semantic no-op. */
+export function isBuiltinDefaultGrant(kindPhrase, grantee, privileges) {
+    if (grantee !== "PUBLIC") {
+        return false;
+    }
+    const defaults = builtinPublicDefault(kindPhrase);
+    if (!defaults) {
+        return false;
+    }
+    const normalized = normalizePrivileges([...privileges].sort(), kindPhrase);
+    return (normalized.join(",") === "ALL" ||
+        normalized.join(",") === defaults.join(",") ||
+        normalizePrivileges(defaults, kindPhrase).join(",") === normalized.join(","));
+}
+function normalizePrivileges(privileges, kindPhrase) {
+    const lookupKey = kindPhrase.startsWith("ALL ")
+        ? (kindPhrase.split(" ")[1] ?? kindPhrase)
+        : kindPhrase;
+    const fullSet = fullPrivilegeSets.get(lookupKey);
+    if (!fullSet) {
+        return privileges;
+    }
+    const granted = new Set(privileges);
+    if (granted.has("ALL") || fullSet.every((privilege) => granted.has(privilege))) {
+        return ["ALL"];
+    }
+    return privileges;
+}
+export function buildGrantObject(input) {
+    const keyword = input.verb === "GRANT" ? "TO" : "FROM";
+    const suffix = input.withGrantOption ? " WITH GRANT OPTION" : "";
+    const privileges = normalizePrivileges(input.privileges, input.kindPhrase);
+    const canonicalSql = `${input.verb} ${privileges.join(", ")} ON ${input.kindPhrase} ${input.targetRendered} ${keyword} ${renderRole(input.grantee)}${suffix}`;
+    const ref = {
+        kind: "grant",
+        name: `${input.verb.toLowerCase()}:${input.kindPhrase.toLowerCase().replaceAll(" ", "-")}:${input.targetIdentity}:${input.grantee}`,
+    };
+    if (input.schema) {
+        ref.schema = input.schema;
+    }
+    return makeObject(ref, canonicalSql, input.ordinal, input.file, {
+        grantee: input.grantee,
+        kindPhrase: input.kindPhrase,
+        privileges,
+        target: input.targetRendered,
+        targetIdentity: input.targetIdentity,
+        verb: input.verb,
+        withGrantOption: input.withGrantOption === true,
+    });
+}
+export function buildDefaultPrivilegeObject(input) {
+    // The identity deliberately excludes FOR ROLE: a statement without it
+    // records under whichever role executes the migration, so the executor
+    // role cannot be part of cross-lane identity. forRole stays in metadata
+    // for excludedGrantRoles filtering and SQL rendering.
+    const scope = input.schema ? `in ${input.schema}` : "";
+    const privileges = normalizePrivileges(input.privileges, input.objectType);
+    const clauses = [
+        "ALTER DEFAULT PRIVILEGES",
+        input.forRole ? `FOR ROLE ${renderRole(input.forRole)}` : "",
+        input.schema ? `IN SCHEMA ${quoteIdent(input.schema)}` : "",
+        `${input.verb} ${privileges.join(", ")} ON ${input.objectType}`,
+        `${input.verb === "GRANT" ? "TO" : "FROM"} ${renderRole(input.grantee)}`,
+    ].filter(Boolean);
+    const ref = {
+        kind: "default-privilege",
+        name: `${input.verb.toLowerCase()}:${scope || "global"}:${input.objectType.toLowerCase()}:${input.grantee}`,
+    };
+    if (input.schema) {
+        ref.schema = input.schema;
+    }
+    return makeObject(ref, clauses.join(" "), input.ordinal, input.file, {
+        forRole: input.forRole,
+        grantee: input.grantee,
+        objectType: input.objectType,
+        privileges,
+        schema: input.schema,
+        verb: input.verb,
+    });
+}
+export function grantObjectsFromAst(node, statement, ordinal, file) {
+    const isGrant = readBoolean(node.is_grant);
+    const verb = isGrant ? "GRANT" : "REVOKE";
+    const objtype = readString(node.objtype) ?? "OBJECT_TABLE";
+    const allInSchema = readString(node.targtype) === "ACL_TARGET_ALL_IN_SCHEMA";
+    const kindPhrase = allInSchema ? allInSchemaKinds.get(objtype) : grantObjectKinds.get(objtype);
+    const privileges = grantPrivileges(node.privileges);
+    const grantees = readArray(node.grantees)
+        .map((item) => roleSpecName(item))
+        .filter((role) => role !== undefined);
+    const targets = readArray(node.objects)
+        .map((item) => grantTarget(item, objtype, allInSchema))
+        .filter((target) => target !== undefined);
+    if (!kindPhrase || grantees.length === 0 || targets.length === 0) {
+        return [fallbackPrivilegeObject("grant", statement, ordinal, file)];
+    }
+    const withGrantOption = isGrant && readBoolean(node.grant_option);
+    const objects = [];
+    for (const target of targets) {
+        for (const grantee of grantees) {
+            objects.push(buildGrantObject({
+                file,
+                grantee,
+                kindPhrase,
+                ordinal: ordinal + objects.length,
+                privileges,
+                schema: target.schema,
+                targetIdentity: target.identity,
+                targetRendered: target.rendered,
+                verb,
+                withGrantOption,
+            }));
+        }
+    }
+    return objects;
+}
+export function defaultPrivilegesFromAst(node, statement, ordinal, file) {
+    const action = asRecord(node.action);
+    if (!action) {
+        return [fallbackPrivilegeObject("default-privilege", statement, ordinal, file)];
+    }
+    const isGrant = readBoolean(action.is_grant);
+    const verb = isGrant ? "GRANT" : "REVOKE";
+    const objectType = defaultPrivilegeKinds.get(readString(action.objtype) ?? "OBJECT_TABLE");
+    const privileges = grantPrivileges(action.privileges);
+    const grantees = readArray(action.grantees)
+        .map((item) => roleSpecName(item))
+        .filter((role) => role !== undefined);
+    const { forRoles, schemas } = defaultPrivilegeScope(node.options);
+    if (!objectType || grantees.length === 0) {
+        return [fallbackPrivilegeObject("default-privilege", statement, ordinal, file)];
+    }
+    const roleScopes = forRoles.length > 0 ? forRoles : [undefined];
+    const schemaScopes = schemas.length > 0 ? schemas : [undefined];
+    const objects = [];
+    for (const forRole of roleScopes) {
+        for (const schema of schemaScopes) {
+            for (const grantee of grantees) {
+                objects.push(buildDefaultPrivilegeObject({
+                    file,
+                    forRole,
+                    grantee,
+                    objectType,
+                    ordinal: ordinal + objects.length,
+                    privileges,
+                    schema,
+                    verb,
+                }));
+            }
+        }
+    }
+    return objects;
+}
+const commentObjectKinds = new Map([
+    ["OBJECT_COLUMN", "column"],
+    ["OBJECT_DOMAIN", "domain"],
+    ["OBJECT_EXTENSION", "extension"],
+    ["OBJECT_FOREIGN_TABLE", "foreign table"],
+    ["OBJECT_FUNCTION", "function"],
+    ["OBJECT_INDEX", "index"],
+    ["OBJECT_MATVIEW", "materialized view"],
+    ["OBJECT_POLICY", "policy"],
+    ["OBJECT_PROCEDURE", "procedure"],
+    ["OBJECT_SCHEMA", "schema"],
+    ["OBJECT_SEQUENCE", "sequence"],
+    ["OBJECT_TABCONSTRAINT", "constraint"],
+    ["OBJECT_TABLE", "table"],
+    ["OBJECT_TRIGGER", "trigger"],
+    ["OBJECT_TYPE", "type"],
+    ["OBJECT_VIEW", "view"],
+]);
+export function commentObjectFromAst(node, statement, ordinal, file) {
+    const objtype = readString(node.objtype);
+    const kindWord = objtype ? commentObjectKinds.get(objtype) : undefined;
+    if (!kindWord) {
+        return undefined;
+    }
+    const target = commentTarget(node.object, objtype ?? "");
+    if (!target) {
+        return undefined;
+    }
+    const descriptor = `${kindWord} ${target.identity}`;
+    const ref = { kind: "comment", name: sha256(descriptor).slice(0, 16) };
+    if (target.schema) {
+        ref.schema = target.schema;
+    }
+    return makeObject(ref, statement, ordinal, file, { descriptor });
+}
+function commentTarget(object, objtype) {
+    if (objtype === "OBJECT_FUNCTION" || objtype === "OBJECT_PROCEDURE") {
+        const identity = objectWithArgsIdentity(object);
+        if (!identity) {
+            return undefined;
+        }
+        return {
+            identity: `${identity.schema}.${identity.name}(${identity.signature})`,
+            schema: identity.schema,
+        };
+    }
+    if (objtype === "OBJECT_TYPE" || objtype === "OBJECT_DOMAIN") {
+        const typeNode = asRecord(object);
+        const named = qualifiedName(asRecord(typeNode?.TypeName)?.names ?? typeNode?.names);
+        if (named) {
+            return { identity: `${named.schema}.${named.name}`, schema: named.schema };
+        }
+        return { identity: normalizeSql(typeNameToSql(object)) };
+    }
+    // Parse-tree identifier parts are already canonical (unquoted names are
+    // folded, quoted case is preserved); lowercasing here would corrupt quoted
+    // mixed-case identities and break cross-lane comment parity.
+    const parts = stringList(object);
+    if (parts.length === 0) {
+        const single = stringValue(object) ?? readString(object);
+        return single ? { identity: single } : undefined;
+    }
+    if (objtype === "OBJECT_SCHEMA") {
+        return { identity: parts.join(".") };
+    }
+    if (parts.length >= 2) {
+        return { identity: parts.join("."), schema: parts[0] ?? "" };
+    }
+    return { identity: `public.${parts[0] ?? ""}`, schema: "public" };
+}
+function grantPrivileges(value) {
+    const privileges = readArray(value)
+        .map((item) => readString(asRecord(asRecord(item)?.AccessPriv)?.priv_name))
+        .filter((name) => name !== undefined)
+        .map((name) => name.toUpperCase())
+        .sort((left, right) => left.localeCompare(right));
+    return privileges.length > 0 ? privileges : ["ALL"];
+}
+function grantTarget(value, objtype, allInSchema) {
+    if (allInSchema || objtype === "OBJECT_SCHEMA") {
+        const schema = stringValue(value) ?? readString(asRecord(value)?.sval);
+        if (!schema) {
+            return undefined;
+        }
+        return { identity: schema, rendered: quoteIdent(schema), schema };
+    }
+    if (objtype === "OBJECT_FUNCTION" ||
+        objtype === "OBJECT_PROCEDURE" ||
+        objtype === "OBJECT_ROUTINE") {
+        const identity = objectWithArgsIdentity(value);
+        if (!identity) {
+            return undefined;
+        }
+        return {
+            identity: `${identity.schema}.${identity.name}(${identity.signature})`,
+            rendered: `${formatQualifiedName(identity.schema, identity.name)}(${identity.signature})`,
+            schema: identity.schema,
+        };
+    }
+    const range = rangeVarName(value);
+    if (range) {
+        return {
+            identity: `${range.schema}.${range.name}`,
+            rendered: formatQualifiedName(range.schema, range.name),
+            schema: range.schema,
+        };
+    }
+    const named = qualifiedName(value);
+    if (named) {
+        return {
+            identity: `${named.schema}.${named.name}`,
+            rendered: formatQualifiedName(named.schema, named.name),
+            schema: named.schema,
+        };
+    }
+    return undefined;
+}
+function defaultPrivilegeScope(options) {
+    const forRoles = [];
+    const schemas = [];
+    for (const item of readArray(options)) {
+        const defElem = asRecord(asRecord(item)?.DefElem);
+        const name = readString(defElem?.defname);
+        if (name === "roles") {
+            for (const role of listItems(defElem?.arg)) {
+                const roleName = roleSpecName(role);
+                if (roleName) {
+                    forRoles.push(roleName);
+                }
+            }
+        }
+        if (name === "schemas") {
+            for (const schema of stringList(defElem?.arg)) {
+                schemas.push(schema.toLowerCase());
+            }
+        }
+    }
+    return { forRoles, schemas };
+}
+function renderRole(role) {
+    return role === "PUBLIC" ? "PUBLIC" : quoteIdent(role);
+}
+function fallbackPrivilegeObject(kind, statement, ordinal, file) {
+    const name = sha256(normalizeSql(statement)).slice(0, 16);
+    return makeObject({ kind, name }, statement, ordinal, file);
+}

package/dist/sql/split.d.ts

@@ -0,0 +1,3 @@
+export declare function splitSqlStatements(sql: string): string[];
+export declare function splitTopLevel(input: string, separator?: string): string[];
+//# sourceMappingURL=split.d.ts.map

package/dist/sql/split.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"split.d.ts","sourceRoot":"","sources":["../../src/sql/split.ts"],"names":[],"mappings":"AAAA,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAwFxD;AA0BD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,EAAE,CAqEtE"}