turbine-orm 0.5.0 → 0.7.1

package/dist/cjs/cli/loader.js

@@ -0,0 +1,129 @@
+"use strict";
+/**
+ * turbine-orm CLI — TypeScript loader registration
+ *
+ * The CLI loads user-supplied config and schema files via dynamic `import()`.
+ * Plain Node has no built-in `.ts` loader, so importing `turbine.config.ts`
+ * blows up with `ERR_UNKNOWN_FILE_EXTENSION` unless we register a TypeScript
+ * loader first.
+ *
+ * Strategy:
+ *   1. If the file we're about to import ends in `.ts` / `.mts` / `.cts`,
+ *      probe whether `tsx/esm` is resolvable from the user's CWD.
+ *   2. If yes, call `module.register('tsx/esm', ...)` ONCE per process.
+ *   3. If no, surface an actionable error telling the user to install `tsx`.
+ *
+ * `tsx` is intentionally NOT a runtime dependency — many projects already
+ * have it, and adding a heavy dev tool to a 1-dependency ORM would be silly.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.needsTsLoader = needsTsLoader;
+exports.canResolveTsx = canResolveTsx;
+exports.registerTsLoader = registerTsLoader;
+exports._resetTsLoaderStateForTests = _resetTsLoaderStateForTests;
+const node_module_1 = require("node:module");
+const node_url_1 = require("node:url");
+/**
+ * Detect whether a config / schema file path needs the tsx ESM loader.
+ * Returns true for `.ts`, `.mts`, and `.cts` files; false for `.js`, `.mjs`,
+ * `.cjs`, `.json`, missing paths, or anything else.
+ */
+function needsTsLoader(filePath) {
+    if (!filePath)
+        return false;
+    return /\.(ts|mts|cts)$/i.test(filePath);
+}
+/**
+ * Probe whether `tsx/esm` is resolvable from the user's current working
+ * directory. Returns true if `tsx` is installed in the user's project.
+ *
+ * Accepts an injected `resolver` so unit tests don't need a real filesystem.
+ */
+function canResolveTsx(resolver) {
+    try {
+        if (resolver) {
+            resolver('tsx/esm');
+            return true;
+        }
+        // Probe relative to the user's CWD, not Turbine's install location.
+        // This way we honour whatever `tsx` version the user has pinned.
+        const userRequire = (0, node_module_1.createRequire)(`${process.cwd()}/`);
+        userRequire.resolve('tsx/esm');
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+let tsLoaderState = null;
+/**
+ * Register the tsx ESM loader so subsequent dynamic imports of `.ts` files
+ * work. Safe to call multiple times — internal flag prevents double registration.
+ *
+ * Returns:
+ *   - 'registered'  loader was successfully registered this call
+ *   - 'already'     a loader was previously registered (idempotent)
+ *   - 'unsupported' Node lacks `module.register()` (Node < 20.6)
+ *   - 'missing'     `tsx` is not installed in the user's project
+ */
+async function registerTsLoader() {
+    if (tsLoaderState === 'registered' || tsLoaderState === 'already') {
+        return 'already';
+    }
+    if (!canResolveTsx()) {
+        tsLoaderState = 'missing';
+        return 'missing';
+    }
+    try {
+        const mod = await Promise.resolve().then(() => __importStar(require('node:module')));
+        const register = mod.register;
+        if (typeof register !== 'function') {
+            tsLoaderState = 'unsupported';
+            return 'unsupported';
+        }
+        register('tsx/esm', (0, node_url_1.pathToFileURL)(`${process.cwd()}/`));
+        tsLoaderState = 'registered';
+        return 'registered';
+    }
+    catch {
+        tsLoaderState = 'missing';
+        return 'missing';
+    }
+}
+/** Reset the loader state — used by unit tests only. */
+function _resetTsLoaderStateForTests() {
+    tsLoaderState = null;
+}

package/dist/cjs/cli/migrate.js

@@ -27,15 +27,19 @@ exports.createMigration = createMigration;
 exports.migrateUp = migrateUp;
 exports.migrateDown = migrateDown;
 exports.migrateStatus = migrateStatus;
+const node_crypto_1 = require("node:crypto");
 const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const pg_1 = __importDefault(require("pg"));
+const errors_js_1 = require("../errors.js");
+const query_js_1 = require("../query.js");
 // ---------------------------------------------------------------------------
 // Tracking table management
 // ---------------------------------------------------------------------------
 const TRACKING_TABLE = '_turbine_migrations';
+const QUOTED_TRACKING_TABLE = (0, query_js_1.quoteIdent)(TRACKING_TABLE);
 const CREATE_TRACKING_TABLE = `
-  CREATE TABLE IF NOT EXISTS ${TRACKING_TABLE} (
+  CREATE TABLE IF NOT EXISTS ${QUOTED_TRACKING_TABLE} (
     id SERIAL PRIMARY KEY,
     name TEXT NOT NULL UNIQUE,
     checksum TEXT NOT NULL,
@@ -47,7 +51,7 @@ async function ensureTrackingTable(client) {
 }
 async function getAppliedMigrations(client) {
     await ensureTrackingTable(client);
-    const result = await client.query(`SELECT id, name, applied_at, checksum FROM ${TRACKING_TABLE} ORDER BY id ASC`);
+    const result = await client.query(`SELECT id, name, applied_at, checksum FROM ${QUOTED_TRACKING_TABLE} ORDER BY id ASC`);
     return result.rows;
 }
 // ---------------------------------------------------------------------------
@@ -155,30 +159,45 @@ function parseMigrationSQL(filePath) {
     return parseMigrationContent(content);
 }
 /**
- * Simple checksum for a migration file (for drift detection).
+ * SHA-256 checksum for migration drift detection.
+ * Returns a hex-encoded hash of the file content.
  */
 function checksum(content) {
-    let hash = 0;
-    for (let i = 0; i < content.length; i++) {
-        const chr = content.charCodeAt(i);
-        hash = ((hash << 5) - hash + chr) | 0;
-    }
-    return Math.abs(hash).toString(36);
+    return (0, node_crypto_1.createHash)('sha256').update(content, 'utf-8').digest('hex');
+}
+/** Detect legacy djb2 checksums (short alphanumeric strings, pre-v0.6) */
+function isLegacyChecksum(hash) {
+    return hash.length < 64;
 }
 // ---------------------------------------------------------------------------
 // Commands
 // ---------------------------------------------------------------------------
 /**
  * Create a new migration file.
+ * If `autoContent` is provided, the UP/DOWN sections are pre-populated with the given SQL.
  */
-function createMigration(migrationsDir, name) {
+function createMigration(migrationsDir, name, autoContent) {
     (0, node_fs_1.mkdirSync)(migrationsDir, { recursive: true });
     const now = new Date();
     const ts = formatTimestamp(now);
     const safeName = sanitizeName(name);
     const filename = `${ts}_${safeName}.sql`;
     const filePath = (0, node_path_1.join)(migrationsDir, filename);
-    const template = `-- Migration: ${name}
+    let template;
+    if (autoContent) {
+        template = `-- Migration: ${name} (auto-generated from schema diff)
+-- Created: ${now.toISOString()}
+-- Review this file before running: npx turbine migrate up
+
+-- UP
+${autoContent.up}
+
+-- DOWN
+${autoContent.down}
+`;
+    }
+    else {
+        template = `-- Migration: ${name}
 -- Created: ${now.toISOString()}
 
 -- UP
@@ -187,6 +206,7 @@ function createMigration(migrationsDir, name) {
 -- DOWN
 -- Write your rollback SQL here
 `;
+    }
     (0, node_fs_1.writeFileSync)(filePath, template, 'utf-8');
     return {
         filename,
@@ -201,17 +221,16 @@ function createMigration(migrationsDir, name) {
 /** Fixed lock ID for Turbine migrations — prevents concurrent migrate runs */
 const MIGRATION_LOCK_ID = 8_347_291; // arbitrary but stable
 async function acquireLock(client) {
-    const result = await client.query(`SELECT pg_try_advisory_lock($1)`, [MIGRATION_LOCK_ID]);
+    const result = await client.query(`SELECT pg_try_advisory_lock($1)`, [
+        MIGRATION_LOCK_ID,
+    ]);
     return result.rows[0]?.pg_try_advisory_lock ?? false;
 }
 async function releaseLock(client) {
     await client.query(`SELECT pg_advisory_unlock($1)`, [MIGRATION_LOCK_ID]);
 }
-// ---------------------------------------------------------------------------
-// Checksum validation
-// ---------------------------------------------------------------------------
 /**
- * Validate that applied migration files have not been modified since they were run.
+ * Validate that applied migration files have not been modified or deleted since they were run.
  * Returns an array of mismatched migrations (empty if all are clean).
  */
 async function validateChecksums(client, migrationsDir) {
@@ -221,15 +240,31 @@ async function validateChecksums(client, migrationsDir) {
     const mismatches = [];
     for (const migration of applied) {
         const file = fileMap.get(migration.name);
-        if (!file)
-            continue; // file deleted — not a checksum issue
+        if (!file) {
+            mismatches.push({
+                name: migration.name,
+                expected: migration.checksum,
+                actual: '',
+                type: 'missing',
+            });
+            continue;
+        }
         const content = (0, node_fs_1.readFileSync)(file.path, 'utf-8');
         const currentHash = checksum(content);
         if (currentHash !== migration.checksum) {
+            // Auto-upgrade legacy djb2 checksums to SHA-256 without flagging as modified
+            if (isLegacyChecksum(migration.checksum)) {
+                await client.query(`UPDATE ${QUOTED_TRACKING_TABLE} SET checksum = $1 WHERE name = $2`, [
+                    currentHash,
+                    migration.name,
+                ]);
+                continue;
+            }
             mismatches.push({
                 name: migration.name,
                 expected: migration.checksum,
                 actual: currentHash,
+                type: 'modified',
             });
         }
     }
@@ -241,37 +276,57 @@ async function validateChecksums(client, migrationsDir) {
  * Features:
  * - Idempotent: running twice is safe (already-applied migrations are skipped)
  * - Advisory lock: prevents concurrent migration runs
- * - Checksum validation: detects modified migration files
+ * - Checksum validation: detects modified migration files (BLOCKING — use
+ *   `allowDrift: true` to bypass when intentionally rewriting history)
  * - Each migration runs in its own transaction
+ *
+ * Throws `MigrationError` if any applied migration has been modified or deleted
+ * on disk, listing the offending files. Pass `{ allowDrift: true }` to bypass
+ * this check (the CLI exposes this as `--allow-drift`).
  */
 async function migrateUp(connectionString, migrationsDir, options) {
     const client = new pg_1.default.Client({ connectionString });
     await client.connect();
+    // Treat `force` as an alias for `allowDrift` for backwards compatibility.
+    const allowDrift = options?.allowDrift === true || options?.force === true;
     try {
         // Acquire advisory lock to prevent concurrent migrations
         const gotLock = await acquireLock(client);
         if (!gotLock) {
-            return {
-                applied: [],
-                errors: [{
-                        file: { filename: '', path: '', name: '', timestamp: '' },
-                        error: 'Could not acquire migration lock — another migration is already running',
-                    }],
-            };
+            throw new errors_js_1.MigrationError('[turbine] Could not acquire migration lock — another migration is already running');
         }
         try {
             await ensureTrackingTable(client);
-            // Validate checksums of already-applied migrations
-            const mismatches = await validateChecksums(client, migrationsDir);
-            if (mismatches.length > 0) {
-                const names = mismatches.map((m) => m.name).join(', ');
-                return {
-                    applied: [],
-                    errors: [{
-                            file: { filename: '', path: '', name: '', timestamp: '' },
-                            error: `Checksum mismatch: migration file(s) modified after application: ${names}. This is dangerous — applied migrations should be immutable. Use --force to skip this check.`,
-                        }],
-                };
+            // Validate checksums of already-applied migrations.
+            // Drift = an APPLIED migration's on-disk file has changed (or been deleted)
+            // since it was run. Either situation means the database state and the
+            // migration history no longer agree, so we BLOCK the run by default.
+            // Users can pass `allowDrift: true` (CLI: `--allow-drift`) to force past
+            // the block when they are intentionally rewriting history.
+            if (!allowDrift) {
+                const mismatches = await validateChecksums(client, migrationsDir);
+                if (mismatches.length > 0) {
+                    const modified = mismatches.filter((m) => m.type === 'modified');
+                    const missing = mismatches.filter((m) => m.type === 'missing');
+                    const lines = [
+                        '[turbine] Migration drift detected — refusing to apply pending migrations.',
+                        '',
+                        'Applied migrations should be immutable. The following files no longer match their applied state:',
+                        '',
+                    ];
+                    for (const m of modified) {
+                        lines.push(`  - ${m.name}.sql  (modified on disk)`);
+                    }
+                    for (const m of missing) {
+                        lines.push(`  - ${m.name}.sql  (deleted from disk)`);
+                    }
+                    lines.push('');
+                    lines.push('Fix one of these:');
+                    lines.push('  1. Restore the file(s) to their original content, OR');
+                    lines.push('  2. Roll back the affected migrations with `npx turbine migrate down`, OR');
+                    lines.push('  3. Pass `--allow-drift` to bypass this check (advanced — make sure you know what you are doing).');
+                    throw new errors_js_1.MigrationError(lines.join('\n'));
+                }
             }
             const applied = await getAppliedMigrations(client);
             const appliedNames = new Set(applied.map((m) => m.name));
@@ -293,7 +348,7 @@ async function migrateUp(connectionString, migrationsDir, options) {
                 try {
                     await client.query('BEGIN');
                     await client.query(up);
-                    await client.query(`INSERT INTO ${TRACKING_TABLE} (name, checksum) VALUES ($1, $2) ON CONFLICT (name) DO NOTHING`, [file.name, hash]);
+                    await client.query(`INSERT INTO ${QUOTED_TRACKING_TABLE} (name, checksum) VALUES ($1, $2) ON CONFLICT (name) DO NOTHING`, [file.name, hash]);
                     await client.query('COMMIT');
                     results.push(file);
                 }
@@ -329,13 +384,7 @@ async function migrateDown(connectionString, migrationsDir, options) {
     try {
         const gotLock = await acquireLock(client);
         if (!gotLock) {
-            return {
-                rolledBack: [],
-                errors: [{
-                        file: { filename: '', path: '', name: '', timestamp: '' },
-                        error: 'Could not acquire migration lock — another migration is already running',
-                    }],
-            };
+            throw new errors_js_1.MigrationError('[turbine] Could not acquire migration lock — another migration is already running');
         }
         try {
             await ensureTrackingTable(client);
@@ -353,7 +402,7 @@ async function migrateDown(connectionString, migrationsDir, options) {
                 const file = fileMap.get(migration.name);
                 if (!file) {
                     errors.push({
-                        file: { filename: migration.name + '.sql', path: '', name: migration.name, timestamp: '' },
+                        file: { filename: `${migration.name}.sql`, path: '', name: migration.name, timestamp: '' },
                         error: `Migration file not found for "${migration.name}"`,
                     });
                     continue;
@@ -366,7 +415,7 @@ async function migrateDown(connectionString, migrationsDir, options) {
                 try {
                     await client.query('BEGIN');
                     await client.query(down);
-                    await client.query(`DELETE FROM ${TRACKING_TABLE} WHERE name = $1`, [migration.name]);
+                    await client.query(`DELETE FROM ${QUOTED_TRACKING_TABLE} WHERE name = $1`, [migration.name]);
                     await client.query('COMMIT');
                     results.push(file);
                 }

package/dist/cjs/cli/ui.js

@@ -24,9 +24,7 @@ exports.redactUrl = redactUrl;
 // ---------------------------------------------------------------------------
 // ANSI escape codes
 // ---------------------------------------------------------------------------
-const isColorSupported = process.env['NO_COLOR'] == null &&
-    process.env['TERM'] !== 'dumb' &&
-    (process.stdout.isTTY ?? false);
+const isColorSupported = process.env.NO_COLOR == null && process.env.TERM !== 'dumb' && (process.stdout.isTTY ?? false);
 function code(open, close) {
     if (!isColorSupported)
         return (s) => s;
@@ -113,9 +111,7 @@ function table(headers, rows) {
         return ` ${(0, exports.bold)(h)}${' '.repeat(Math.max(0, w - stripAnsi(h).length))} `;
     })
         .join((0, exports.dim)(exports.symbols.vertLine));
-    const separator = colWidths
-        .map((w) => exports.symbols.line.repeat(w + 2))
-        .join((0, exports.dim)(exports.symbols.line));
+    const separator = colWidths.map((w) => exports.symbols.line.repeat(w + 2)).join((0, exports.dim)(exports.symbols.line));
     const bodyLines = rows.map((row) => row
         .map((cell, i) => {
         const w = colWidths[i];
@@ -195,7 +191,7 @@ function info(msg) {
     console.log(`  ${(0, exports.blue)(exports.symbols.info)} ${msg}`);
 }
 function label(key, value) {
-    console.log(`  ${(0, exports.dim)(key + ':')} ${value}`);
+    console.log(`  ${(0, exports.dim)(`${key}:`)} ${value}`);
 }
 function newline() {
     console.log('');
@@ -209,7 +205,7 @@ function divider() {
 // ---------------------------------------------------------------------------
 function banner() {
     console.log('');
-    console.log(`  ${(0, exports.bold)((0, exports.cyan)('turbine'))} ${(0, exports.dim)('by')} ${(0, exports.bold)('BataData')}`);
+    console.log(`  ${(0, exports.bold)((0, exports.cyan)('turbine-orm'))}`);
     console.log(`  ${(0, exports.dim)('TypeScript ORM with json_agg nested queries')}`);
     console.log('');
 }
@@ -226,7 +222,7 @@ function elapsed(startMs) {
 // Strip ANSI codes (for width calculation)
 // ---------------------------------------------------------------------------
 function stripAnsi(s) {
-    // eslint-disable-next-line no-control-regex
+    // biome-ignore lint/suspicious/noControlCharactersInRegex: ANSI escape codes require control characters
     return s.replace(/\x1b\[[0-9;]*m/g, '');
 }
 // ---------------------------------------------------------------------------