* fix(deps): bump drizzle-orm to 0.45.2 (GHSA-gpj5-g38j-94v9)
Resolves Dependabot alert #98. Drizzle ORM <0.45.2 improperly escaped
quoted SQL identifiers, allowing SQL injection via untrusted input
passed to APIs like sql.identifier() or .as().
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(mcp): adopt native SDK types after @modelcontextprotocol/sdk 1.25.3 bump
Replace hand-written schema/annotation shapes with the SDK's exported
Tool, JSONRPCResultResponse, and Tool['annotations'] types so changes
upstream flow through automatically.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* refactor(types): use drizzle $inferSelect for row types
Replace hand-written interfaces that duplicated schema shape with
typeof table.$inferSelect aliases for webhook, workflow, and
workspaceFiles rows. Also simplify metadata insert/update to use
.returning() instead of field-by-field copies.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(uploads): fall through to INSERT if restore-deleted row races a hard delete
If a hard delete races between the initial SELECT and the restore UPDATE,
.returning() yields no row. Previously the function would return undefined
and silently violate the Promise<FileMetadataRecord> contract. Now the
function falls through to the INSERT path, which already handles
uniqueness races via the 23505 catch.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore(uploads): align metadata.ts with global standards
Replace dynamic uuid import with generateId() per @sim/utils/id
convention, narrow the error catch off `any`, and convert the inline
comment to TSDoc.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
45bf396968