From 9c93e7431853fb91ef8afedb2f2828d37ebec99c Mon Sep 17 00:00:00 2001
From: ordinarthur <@arthurbarre.js@gmail.com>
Date: Thu, 16 Apr 2026 10:15:34 +0200
Subject: [PATCH] replace Supabase with Postgres + Drizzle ORM

- Drop @supabase/supabase-js entirely; add drizzle-orm + postgres (porsager) driver
- New packages/db: schema (pgSchema ordinarthur_os), client factory, migrate runner, drizzle-kit config
- SQL migrations: 0000_init (pgcrypto + schema), 0001_jobs (jobs + job_search_criteria, no RLS)
- Rewrite apps/api db module with DI symbols DB/DB_HANDLE + @InjectDb() decorator
- Rewrite jobs.service.ts with Drizzle queries (upsert via onConflictDoUpdate, arrayOverlaps for stack filter)
- Replace SUPABASE_* env vars with DATABASE_URL in env config + .env.example
- Add docker-compose.yml (Postgres 16-alpine, dev only)
- Add deploy/k8s/postgres.yaml (StatefulSet + PVC), migrate.job.yaml, updated secrets.template.yaml
- Update all docs (README, PLAN, ARCHITECTURE, CLAUDE.md, AGENTS.md, packages/db/README.md)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 AGENTS.md                                 |   6 +-
 ARCHITECTURE.md                           |  47 +-
 CLAUDE.md                                 |   6 +-
 PLAN.md                                   |  12 +-
 README.md                                 |   2 +-
 apps/api/.env.example                     |   7 +-
 apps/api/package.json                     |   4 +-
 apps/api/src/config/env.ts                |   8 +-
 apps/api/src/db/db.module.ts              |  36 +-
 apps/api/src/modules/jobs/jobs.service.ts | 250 +++++---
 apps/pwa/src/routes/index.tsx             |   2 +-
 deploy/k8s/README.md                      |  13 +
 deploy/k8s/backup.cronjob.yaml            |   7 +-
 deploy/k8s/migrate.job.yaml               |  27 +
 deploy/k8s/postgres.yaml                  |  66 ++
 deploy/k8s/secrets.template.yaml          |  37 +-
 docker-compose.yml                        |  35 +
 packages/db/README.md                     |  51 +-
 packages/db/drizzle.config.ts             |  22 +
 packages/db/migrations/0000_init.sql      |  10 +
 packages/db/migrations/0001_jobs.sql      |  51 ++
 packages/db/migrations/0001_schema.sql    |  20 -
 packages/db/migrations/0002_jobs.sql      |  54 --
 packages/db/migrations/meta/_journal.json |  20 +
 packages/db/package.json                  |  22 +-
 packages/db/src/client.ts                 |  31 +
 packages/db/src/index.ts                  |   3 +
 packages/db/src/migrate.ts                |  29 +
 packages/db/src/schema/_schema.ts         |   8 +
 packages/db/src/schema/index.ts           |   2 +
 packages/db/src/schema/jobs.ts            |  67 ++
 packages/db/tsconfig.json                 |  12 +
 pnpm-lock.yaml                            | 746 +++++++++++++++++++---
 33 files changed, 1380 insertions(+), 333 deletions(-)
 create mode 100644 deploy/k8s/migrate.job.yaml
 create mode 100644 deploy/k8s/postgres.yaml
 create mode 100644 docker-compose.yml
 create mode 100644 packages/db/drizzle.config.ts
 create mode 100644 packages/db/migrations/0000_init.sql
 create mode 100644 packages/db/migrations/0001_jobs.sql
 delete mode 100644 packages/db/migrations/0001_schema.sql
 delete mode 100644 packages/db/migrations/0002_jobs.sql
 create mode 100644 packages/db/migrations/meta/_journal.json
 create mode 100644 packages/db/src/client.ts
 create mode 100644 packages/db/src/index.ts
 create mode 100644 packages/db/src/migrate.ts
 create mode 100644 packages/db/src/schema/_schema.ts
 create mode 100644 packages/db/src/schema/index.ts
 create mode 100644 packages/db/src/schema/jobs.ts
 create mode 100644 packages/db/tsconfig.json

diff --git a/AGENTS.md b/AGENTS.md
index 9dcfff0..a7be4e0 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -13,7 +13,7 @@ Avant toute action, lire dans cet ordre :
 - **Single-user.** Bearer token statique, pas de multi-tenant.
 - **Design = portfolio arthurbarre.fr** (cream `#F5F1EA`, ink `#0F0F0F`, accent orange `#FF4A1C`, mono labels, bordures, italique = orange). PAS le violet/cyan du HTML jobs.
 - **FR only** côté IA (prompts + STT lang=fr).
-- **Schéma Postgres dédié `ordinarthur_os`** dans Supabase self-hosted (`supabase.arthurbarre.fr`).
+- **Postgres standalone dans le k3s** (plus de Supabase), schéma dédié `ordinarthur_os`. ORM = **Drizzle** (via `packages/db`).
 
 ## Phases
 
@@ -23,7 +23,7 @@ Voir `PLAN.md`. Implémentation séquentielle Phase 0 → 7. Phase 8 (finance) r
 
 - Monorepo pnpm + Turborepo
 - `apps/pwa` Vite + React + TanStack Router/Query + Tailwind + shadcn
-- `apps/api` NestJS (modules par domaine), `@supabase/supabase-js` (pas d'ORM)
+- `apps/api` NestJS (modules par domaine), Drizzle ORM via `@ordinarthur-os/db`
 - `packages/shared` types + zod DTOs partagés PWA ↔ API
-- `packages/db/migrations` SQL versionné, appliqué manuellement sur Supabase pour l'instant
+- `packages/db` schéma Drizzle + `migrations/` SQL versionnées (runner `pnpm --filter @ordinarthur-os/db migrate`)
 - Pas de fichier `.env` commité, juste `.env.example`
diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
index 42637ff..b143299 100644
--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -12,15 +12,15 @@
                      ┌──────────────┬──────────────────┼────────────────┬──────────────┐
                      ▼              ▼                  ▼                ▼              ▼
               ┌────────────┐  ┌─────────────┐  ┌──────────────┐  ┌────────────┐ ┌────────────┐
-              │ Supabase   │  │ Mistral AI  │  │ Groq Whisper │  │ Google Cal │ │ Telegram   │
-              │ self-host  │  │ (small)     │  │ (STT FR)     │  │ OAuth      │ │ Bot API    │
+              │ Postgres   │  │ Mistral AI  │  │ Groq Whisper │  │ Google Cal │ │ Telegram   │
+              │ (k3s STS)  │  │ (small)     │  │ (STT FR)     │  │ OAuth      │ │ Bot API    │
               │ schema     │  │ function-   │  │              │  │            │ │            │
               │ ordinarthur│  │ calling     │  │              │  │            │ │            │
               │ _os        │  │             │  │              │  │            │ │            │
               └────────────┘  └─────────────┘  └──────────────┘  └────────────┘ └────────────┘
 ```
 
-La PWA ne parle **jamais** directement à Supabase ni aux APIs externes. Tout passe par le BFF NestJS, protégé par bearer token.
+La PWA ne parle **jamais** directement à Postgres ni aux APIs externes. Tout passe par le BFF NestJS, protégé par bearer token. Le service Postgres est en ClusterIP interne au k3s, jamais exposé.
 
 ## 2. Monorepo
 
@@ -52,20 +52,28 @@ ordinarthur-os/
 │           │   ├── ai/         # command, voice, function dispatcher
 │           │   ├── telegram/
 │           │   └── sync/       # replay client_mutations, dedup
-│           ├── db/             # supabase client factory
+│           ├── db/             # Drizzle client factory (@ordinarthur-os/db)
 │           ├── config/         # env schema (zod)
 │           └── main.ts
 │
 ├── packages/
 │   ├── shared/                 # Types + zod DTOs partagés pwa/api
-│   └── db/
-│       └── migrations/         # 0001_schema.sql, 0002_jobs.sql, …
+│   └── db/                     # Drizzle ORM : schema TS + migrations SQL
+│       ├── drizzle.config.ts
+│       ├── src/
+│       │   ├── schema/         # Définitions tables (pgSchema ordinarthur_os)
+│       │   ├── client.ts       # createDb(connectionString)
+│       │   └── migrate.ts      # runner DATABASE_URL-driven
+│       └── migrations/         # 0000_init.sql, 0001_jobs.sql, … + meta/_journal.json
 │
 ├── deploy/
 │   └── k8s/                    # Manifests à aligner sur conf Gitea d'Arthur
+│       ├── namespace.yaml
+│       ├── postgres.yaml       # StatefulSet Postgres 16 + PVC
 │       ├── api.deployment.yaml
 │       ├── pwa.deployment.yaml
 │       ├── ingress.yaml
+│       ├── migrate.job.yaml    # Job one-shot drizzle migrate
 │       ├── secrets.template.yaml
 │       └── backup.cronjob.yaml
 │
@@ -124,6 +132,8 @@ theme: {
 
 ## 4. Schéma Postgres `ordinarthur_os`
 
+Source de vérité : les définitions Drizzle dans [`packages/db/src/schema/`](./packages/db/src/schema/). Le SQL ci-dessous est l'équivalent dénormalisé, à titre de référence — les migrations réelles vivent dans `packages/db/migrations/`.
+
 ```sql
 create schema if not exists ordinarthur_os;
 set search_path to ordinarthur_os;
@@ -283,7 +293,7 @@ create table client_mutations (
 );
 ```
 
-**RLS** : activée partout avec policy unique `using (auth.role() = 'service_role')`. Seul le Nest (avec la service key) peut lire/écrire. La PWA est derrière le bearer Nest.
+**Pas de RLS.** La base n'est jamais exposée : le seul client SQL est le backend NestJS (ClusterIP interne au k3s, credentials Postgres classiques). La PWA est derrière le bearer Nest.
 
 ## 5. API NestJS — routes
 
@@ -427,10 +437,9 @@ spec:
 
 ### Secrets k8s attendus
 
-`ordinarthur-os-secrets` :
+`ordinarthur-os-secrets` (consommé par l'API) :
 - `API_BEARER_TOKEN`
-- `SUPABASE_URL` (`https://supabase.arthurbarre.fr`)
-- `SUPABASE_SERVICE_ROLE_KEY`
+- `DATABASE_URL` (`postgres://<user>:<pwd>@postgres.ordinarthur-os.svc.cluster.local:5432/ordinarthur_os`)
 - `MISTRAL_API_KEY`
 - `GROQ_API_KEY`
 - `GOOGLE_OAUTH_CLIENT_ID`
@@ -440,6 +449,13 @@ spec:
 - `TELEGRAM_WEBHOOK_SECRET`
 - `ICAL_FEED_SECRET`
 
+`ordinarthur-os-db-secrets` (consommé par le StatefulSet Postgres) :
+- `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`
+
+`ordinarthur-os-backup-secrets` (CronJob) :
+- `PGURL` (même valeur que `DATABASE_URL`)
+- `RCLONE_REMOTE` (ex. `b2:ordinarthur-os-backups`)
+
 ### CronJob backup
 
 ```yaml
@@ -462,10 +478,11 @@ spec:
               args:
                 - |
                   pg_dump "$PGURL" --schema=ordinarthur_os --format=c | gzip > /tmp/dump.gz
-                  # upload vers S3/B2 via rclone (à confirmer avec Arthur)
-                  rclone copy /tmp/dump.gz remote:ordinarthur-os-backups/$(date +%F).gz
+                  rclone copy /tmp/dump.gz "$RCLONE_REMOTE/$(date +%F).gz"
 ```
 
+> `PGURL` = même chaîne `postgres://…` que `DATABASE_URL`. Le schéma reste dédié (`--schema=ordinarthur_os`) pour faciliter d'éventuelles restaurations sélectives.
+
 ### Pipeline Gitea (à aligner avec le skill `/deploy` d'Arthur)
 
 ```yaml
@@ -500,7 +517,7 @@ jobs:
 - Bearer token Nest : stocké seulement dans les secrets k8s, jamais dans le bundle PWA → la PWA demande le token à l'utilisateur (écran d'onboarding) et le stocke dans `localStorage` (accès par Arthur uniquement sur son device)
 - Webhook Telegram : vérification de `X-Telegram-Bot-Api-Secret-Token`
 - Feed iCal : path contient un secret rotable (`ICAL_FEED_SECRET`)
-- Supabase : schema dédié + RLS service-role-only
+- Postgres : service ClusterIP interne au k3s, jamais exposé ; credentials via Secret k8s
 - Backups : quotidien, chiffrés au repos côté bucket, rétention 30 jours
 
 ## 10. Observabilité (phase ultérieure)
@@ -519,9 +536,7 @@ jobs:
 NODE_ENV=production
 PORT=3000
 API_BEARER_TOKEN=
-SUPABASE_URL=https://supabase.arthurbarre.fr
-SUPABASE_SERVICE_ROLE_KEY=
-SUPABASE_SCHEMA=ordinarthur_os
+DATABASE_URL=postgres://ordinarthur:changeme@postgres.ordinarthur-os.svc.cluster.local:5432/ordinarthur_os
 MISTRAL_API_KEY=
 MISTRAL_MODEL=mistral-small-latest
 GROQ_API_KEY=
diff --git a/CLAUDE.md b/CLAUDE.md
index 6fc219e..17b0fe9 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -13,7 +13,7 @@ Avant toute action, lire dans cet ordre :
 - **Single-user.** Bearer token statique, pas de multi-tenant.
 - **Design = portfolio arthurbarre.fr** (cream `#F5F1EA`, ink `#0F0F0F`, accent orange `#FF4A1C`, mono labels, bordures, italique = orange). PAS le violet/cyan du HTML jobs.
 - **FR only** côté IA (prompts + STT lang=fr).
-- **Schéma Postgres dédié `ordinarthur_os`** dans Supabase self-hosted (`supabase.arthurbarre.fr`).
+- **Postgres standalone dans le k3s** (plus de Supabase), schéma dédié `ordinarthur_os`. ORM = **Drizzle** (via `packages/db`).
 
 ## Phases
 
@@ -23,7 +23,7 @@ Voir `PLAN.md`. Implémentation séquentielle Phase 0 → 7. Phase 8 (finance) r
 
 - Monorepo pnpm + Turborepo
 - `apps/pwa` Vite + React + TanStack Router/Query + Tailwind + shadcn
-- `apps/api` NestJS (modules par domaine), `@supabase/supabase-js` (pas d'ORM)
+- `apps/api` NestJS (modules par domaine), Drizzle ORM via `@ordinarthur-os/db`
 - `packages/shared` types + zod DTOs partagés PWA ↔ API
-- `packages/db/migrations` SQL versionné, appliqué manuellement sur Supabase pour l'instant
+- `packages/db` schéma Drizzle + `migrations/` SQL versionnées (runner `pnpm --filter @ordinarthur-os/db migrate`)
 - Pas de fichier `.env` commité, juste `.env.example`
diff --git a/PLAN.md b/PLAN.md
index 8798669..18d5426 100644
--- a/PLAN.md
+++ b/PLAN.md
@@ -16,7 +16,7 @@ Un assistant personnel qui aide Arthur à s'organiser **sans le déresponsabilis
 1. **Self-hosted, open-source**. Pas de Vercel, pas de Next.js. Tout tourne sur le k3s d'Arthur.
 2. **Single-user**. Pas de multi-tenant, pas d'invitations, pas de partage. Bearer token unique pour protéger l'API.
 3. **PWA installable iOS**. Vite + React, pas de SSR. Service worker + mutation queue pour l'offline.
-4. **BFF unique**. La PWA ne parle qu'au NestJS. Le Nest parle à Supabase, Mistral, Groq, Google Calendar, Telegram.
+4. **BFF unique**. La PWA ne parle qu'au NestJS. Le Nest parle à Postgres, Mistral, Groq, Google Calendar, Telegram.
 5. **Design éditorial / Swiss-brutalist** — mirror du portfolio arthurbarre.fr (cream, ink, orange, borders, mono labels).
 
 ## Stack verrouillée
@@ -25,8 +25,8 @@ Un assistant personnel qui aide Arthur à s'organiser **sans le déresponsabilis
 | --- | --- |
 | Monorepo | pnpm workspaces + Turborepo |
 | Frontend | Vite + React 18 + TanStack Router + TanStack Query + Tailwind + shadcn/ui |
-| Backend | NestJS + `@supabase/supabase-js` (pas d'ORM) |
-| DB | Postgres via Supabase self-hosted, schéma dédié `ordinarthur_os` |
+| Backend | NestJS + Drizzle ORM (driver `postgres`) |
+| DB | Postgres 16 standalone (k3s StatefulSet + PVC), schéma dédié `ordinarthur_os` |
 | Auth | Bearer token statique (single-user), middleware Nest |
 | IA LLM | Mistral `mistral-small-latest` (low-cost) via API |
 | STT | Groq `whisper-large-v3-turbo` |
@@ -41,9 +41,9 @@ Un assistant personnel qui aide Arthur à s'organiser **sans le déresponsabilis
 ### Phase 0 — Scaffold (prio immédiate)
 - Monorepo `pnpm-workspace.yaml`, `turbo.json`
 - `apps/pwa` : Vite + React + Tailwind + shadcn + manifest PWA + service worker placeholder + routing TanStack
-- `apps/api` : NestJS + module `health` + middleware bearer + client supabase initialisé
+- `apps/api` : NestJS + module `health` + middleware bearer + client Drizzle initialisé
 - `packages/shared` : types et zod schemas partagés
-- `packages/db` : premier fichier de migration SQL créant le schéma `ordinarthur_os`
+- `packages/db` : schéma Drizzle + premières migrations SQL (`0000_init` crée le schéma `ordinarthur_os`)
 - `deploy/k8s` : manifests génériques (à adapter ensuite à la conf Gitea/Traefik d'Arthur)
 - Design system : composants primitifs (`<Label>`, `<SectionHeader>`, `<GridFrame>`, `<DataChip>`, `<MetaRow>`) qui reproduisent le style arthurbarre.fr
 - Routes `GET /health` et `POST /auth/verify`
@@ -106,7 +106,7 @@ Pour reprendre ce projet avec Claude Code (Sonnet) :
 4. Avant de scaffolder, récupérer de l'utilisateur :
    - Le dossier `/Users/arthurbarre/dev/perso/proxmox` (conf k3s) pour aligner les manifests
    - Le skill `/deploy` ou `/create-deployment` qu'Arthur utilise pour ses autres déploiements Gitea
-   - Les secrets nécessaires : `MISTRAL_API_KEY`, `GROQ_API_KEY`, `TELEGRAM_BOT_TOKEN`, `GOOGLE_OAUTH_CLIENT_ID/SECRET`, `SUPABASE_URL`, `SUPABASE_SERVICE_ROLE_KEY`, `API_BEARER_TOKEN`
+   - Les secrets nécessaires : `MISTRAL_API_KEY`, `GROQ_API_KEY`, `TELEGRAM_BOT_TOKEN`, `GOOGLE_OAUTH_CLIENT_ID/SECRET`, `DATABASE_URL` (+ `POSTGRES_USER`/`POSTGRES_PASSWORD`/`POSTGRES_DB` côté StatefulSet), `API_BEARER_TOKEN`
    - Le choix du stockage backup S3-compatible (B2 / Scaleway / autre)
 5. Attaquer par la Phase 0 (scaffold), puis Phase 1 (jobs) — c'est explicitement prioritaire dans la tête d'Arthur.
 
diff --git a/README.md b/README.md
index afe3233..cdce036 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # ordinarthur-os
 
-Assistant personnel self-hosted d'Arthur Barré. PWA installable + backend NestJS, déployés sur k3s personnel, branchés sur Supabase self-hosted (`supabase.arthurbarre.fr`).
+Assistant personnel self-hosted d'Arthur Barré. PWA installable + backend NestJS, déployés sur k3s personnel, adossés à un Postgres standalone (schéma `ordinarthur_os`) piloté via Drizzle ORM.
 
 **But** : aider Arthur à être rigoureux (todos, projets, agenda, recherche d'emploi, santé) **sans le déresponsabiliser**. Toutes les actions IA passent par une confirmation explicite.
 
diff --git a/apps/api/.env.example b/apps/api/.env.example
index 20fa923..7d615e9 100644
--- a/apps/api/.env.example
+++ b/apps/api/.env.example
@@ -4,10 +4,9 @@ PORT=3000
 # Single-user bearer (génère via `openssl rand -hex 32`)
 API_BEARER_TOKEN=
 
-# Supabase self-hosted
-SUPABASE_URL=https://supabase.arthurbarre.fr
-SUPABASE_SERVICE_ROLE_KEY=
-SUPABASE_SCHEMA=ordinarthur_os
+# Postgres standalone (k3s ou local docker). Le schéma `ordinarthur_os`
+# est géré par Drizzle, pas besoin de `search_path` dans l'URL.
+DATABASE_URL=postgres://ordinarthur:changeme@localhost:5432/ordinarthur_os
 
 # Phase 5+
 MISTRAL_API_KEY=
diff --git a/apps/api/package.json b/apps/api/package.json
index 4159c09..53274a5 100644
--- a/apps/api/package.json
+++ b/apps/api/package.json
@@ -13,8 +13,10 @@
     "@nestjs/common": "^10.4.4",
     "@nestjs/core": "^10.4.4",
     "@nestjs/platform-express": "^10.4.4",
+    "@ordinarthur-os/db": "workspace:*",
     "@ordinarthur-os/shared": "workspace:*",
-    "@supabase/supabase-js": "^2.45.4",
+    "drizzle-orm": "^0.36.4",
+    "postgres": "^3.4.5",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1",
     "zod": "^3.23.8"
diff --git a/apps/api/src/config/env.ts b/apps/api/src/config/env.ts
index 886ac3c..b25207d 100644
--- a/apps/api/src/config/env.ts
+++ b/apps/api/src/config/env.ts
@@ -8,9 +8,11 @@ const EnvSchema = z.object({
 
   API_BEARER_TOKEN: z.string().min(16, "API_BEARER_TOKEN must be at least 16 chars"),
 
-  SUPABASE_URL: z.string().url(),
-  SUPABASE_SERVICE_ROLE_KEY: z.string().min(1),
-  SUPABASE_SCHEMA: z.string().default("ordinarthur_os"),
+  // Postgres standalone (k3s) — pas de Supabase.
+  // Le driver `postgres` impose d'inclure le search_path via
+  // `?options=-c%20search_path%3Dordinarthur_os%2Cpublic` n'est PAS nécessaire
+  // car Drizzle préfixe lui-même le schéma (`pgSchema`).
+  DATABASE_URL: z.string().url(),
 
   MISTRAL_API_KEY: z.string().optional(),
   MISTRAL_MODEL: z.string().default("mistral-small-latest"),
diff --git a/apps/api/src/db/db.module.ts b/apps/api/src/db/db.module.ts
index f5d3958..eccb7b8 100644
--- a/apps/api/src/db/db.module.ts
+++ b/apps/api/src/db/db.module.ts
@@ -1,27 +1,35 @@
-import { Global, Module, Inject } from "@nestjs/common";
-import { createClient, SupabaseClient } from "@supabase/supabase-js";
+import { Global, Inject, Module, type OnApplicationShutdown } from "@nestjs/common";
+import { createDb, type Db, type DbHandle } from "@ordinarthur-os/db";
 import { APP_CONFIG } from "../config/config.module";
 import type { AppConfig } from "../config/env";
 
-export const SUPABASE = Symbol("SUPABASE");
-export type Supabase = SupabaseClient<any, any, any, any, any>;
+export const DB = Symbol("DB");
+export const DB_HANDLE = Symbol("DB_HANDLE");
+export type { Db };
 
 @Global()
 @Module({
   providers: [
     {
-      provide: SUPABASE,
+      provide: DB_HANDLE,
       inject: [APP_CONFIG],
-      useFactory: (config: AppConfig): Supabase =>
-        createClient(config.SUPABASE_URL, config.SUPABASE_SERVICE_ROLE_KEY, {
-          auth: { persistSession: false, autoRefreshToken: false },
-          db: { schema: config.SUPABASE_SCHEMA },
-        }),
+      useFactory: (config: AppConfig): DbHandle => createDb(config.DATABASE_URL),
+    },
+    {
+      provide: DB,
+      inject: [DB_HANDLE],
+      useFactory: (handle: DbHandle): Db => handle.db,
     },
   ],
-  exports: [SUPABASE],
+  exports: [DB, DB_HANDLE],
 })
-export class DbModule {}
+export class DbModule implements OnApplicationShutdown {
+  constructor(@Inject(DB_HANDLE) private readonly handle: DbHandle) {}
 
-// Convenience decorator : `constructor(@InjectSupabase() private db: Supabase) {}`
-export const InjectSupabase = () => Inject(SUPABASE);
+  async onApplicationShutdown() {
+    await this.handle.close();
+  }
+}
+
+/** `constructor(@InjectDb() private db: Db) {}` */
+export const InjectDb = () => Inject(DB);
diff --git a/apps/api/src/modules/jobs/jobs.service.ts b/apps/api/src/modules/jobs/jobs.service.ts
index 71d36cc..e96663a 100644
--- a/apps/api/src/modules/jobs/jobs.service.ts
+++ b/apps/api/src/modules/jobs/jobs.service.ts
@@ -1,4 +1,5 @@
 import { Injectable, NotFoundException } from "@nestjs/common";
+import { schema } from "@ordinarthur-os/db";
 import {
   Job,
   JobIngestDto,
@@ -8,61 +9,60 @@ import {
   JobSearchCriteria,
   JobSearchCriteriaUpsert,
 } from "@ordinarthur-os/shared";
-import { InjectSupabase, type Supabase } from "../../db/db.module";
+import { and, arrayOverlaps, asc, desc, eq, gte, lt, sql } from "drizzle-orm";
+import { InjectDb, type Db } from "../../db/db.module";
 
+const { jobs, jobSearchCriteria } = schema;
 const RETENTION_DAYS = 30;
 
 @Injectable()
 export class JobsService {
-  constructor(@InjectSupabase() private readonly db: Supabase) {}
+  constructor(@InjectDb() private readonly db: Db) {}
 
-  async ingest(jobs: JobIngestDto[]): Promise<JobIngestResponse> {
+  // ---- ingest / list / patch --------------------------------------------
+
+  async ingest(input: JobIngestDto[]): Promise<JobIngestResponse> {
     let inserted = 0;
     let updated = 0;
 
-    // On traite job par job pour distinguer insert vs update.
-    // Volume attendu : ~quelques dizaines/jour, c'est OK.
-    for (const j of jobs) {
-      const { data: existing } = await this.db
-        .from("jobs")
-        .select("id")
-        .eq("source_url", j.source_url)
-        .maybeSingle();
-
-      if (existing) {
-        await this.db
-          .from("jobs")
-          .update({
-            title: j.title,
-            company: j.company ?? null,
-            description: j.description ?? null,
-            location: j.location ?? null,
-            remote_type: j.remote_type ?? null,
-            salary_min: j.salary_min ?? null,
-            salary_max: j.salary_max ?? null,
-            stack: j.stack ?? [],
-            apply_url: j.apply_url ?? null,
-            last_seen_at: new Date().toISOString(),
-          })
-          .eq("id", existing.id);
-        updated++;
-      } else {
-        const { error } = await this.db.from("jobs").insert({
+    // Upsert sur `source_url` (clé de dedup). On insère et, en cas de conflit,
+    // on met à jour les champs mutables + bump `last_seen_at`. `xmax` permet
+    // de savoir si la ligne résulte d'un INSERT (xmax=0) ou d'un UPDATE (xmax≠0).
+    for (const j of input) {
+      const rows = await this.db
+        .insert(jobs)
+        .values({
           source: j.source,
-          source_url: j.source_url,
+          sourceUrl: j.source_url,
           title: j.title,
           company: j.company ?? null,
           description: j.description ?? null,
           location: j.location ?? null,
-          remote_type: j.remote_type ?? null,
-          salary_min: j.salary_min ?? null,
-          salary_max: j.salary_max ?? null,
+          remoteType: j.remote_type ?? null,
+          salaryMin: j.salary_min ?? null,
+          salaryMax: j.salary_max ?? null,
           stack: j.stack ?? [],
-          apply_url: j.apply_url ?? null,
-        });
-        if (error) throw error;
-        inserted++;
-      }
+          applyUrl: j.apply_url ?? null,
+        })
+        .onConflictDoUpdate({
+          target: jobs.sourceUrl,
+          set: {
+            title: j.title,
+            company: j.company ?? null,
+            description: j.description ?? null,
+            location: j.location ?? null,
+            remoteType: j.remote_type ?? null,
+            salaryMin: j.salary_min ?? null,
+            salaryMax: j.salary_max ?? null,
+            stack: j.stack ?? [],
+            applyUrl: j.apply_url ?? null,
+            lastSeenAt: new Date(),
+          },
+        })
+        .returning({ wasUpdate: sql<boolean>`xmax <> 0` });
+
+      if (rows[0]?.wasUpdate) updated++;
+      else inserted++;
     }
 
     const archived = await this.archiveStale();
@@ -71,79 +71,147 @@ export class JobsService {
 
   /** Soft-delete des jobs non revus depuis RETENTION_DAYS jours. */
   private async archiveStale(): Promise<number> {
-    const cutoff = new Date(Date.now() - RETENTION_DAYS * 86400_000).toISOString();
-    const { data, error } = await this.db
-      .from("jobs")
-      .update({ archived: true })
-      .lt("last_seen_at", cutoff)
-      .eq("archived", false)
-      .select("id");
-    if (error) throw error;
-    return data?.length ?? 0;
+    const cutoff = new Date(Date.now() - RETENTION_DAYS * 86400_000);
+    const rows = await this.db
+      .update(jobs)
+      .set({ archived: true })
+      .where(and(lt(jobs.lastSeenAt, cutoff), eq(jobs.archived, false)))
+      .returning({ id: jobs.id });
+    return rows.length;
   }
 
   async list(q: JobListQuery): Promise<Job[]> {
-    let query = this.db.from("jobs").select("*").order("last_seen_at", { ascending: false });
+    const filters = [eq(jobs.archived, q.archived ?? false)];
 
-    if (typeof q.archived === "boolean") query = query.eq("archived", q.archived);
-    else query = query.eq("archived", false); // défaut : non archivés
+    if (q.remote_type) filters.push(eq(jobs.remoteType, q.remote_type));
+    if (q.starred !== undefined) filters.push(eq(jobs.starred, q.starred));
+    if (q.since) filters.push(gte(jobs.lastSeenAt, new Date(q.since)));
+    if (q.stack?.length) filters.push(arrayOverlaps(jobs.stack, q.stack));
 
-    if (q.remote_type) query = query.eq("remote_type", q.remote_type);
-    if (q.starred !== undefined) query = query.eq("starred", q.starred);
-    if (q.since) query = query.gte("last_seen_at", q.since);
-    if (q.stack?.length) query = query.overlaps("stack", q.stack);
+    const rows = await this.db
+      .select()
+      .from(jobs)
+      .where(and(...filters))
+      .orderBy(desc(jobs.lastSeenAt))
+      .limit(500);
 
-    const { data, error } = await query.limit(500);
-    if (error) throw error;
-    return (data ?? []) as Job[];
+    return rows.map(toJobDto);
   }
 
   async patch(id: string, patch: JobPatchDto): Promise<Job> {
-    const { data, error } = await this.db
-      .from("jobs")
-      .update(patch)
-      .eq("id", id)
-      .select("*")
-      .maybeSingle();
-    if (error) throw error;
-    if (!data) throw new NotFoundException(`Job ${id} not found`);
-    return data as Job;
+    const rows = await this.db
+      .update(jobs)
+      .set({
+        ...(patch.starred !== undefined && { starred: patch.starred }),
+        ...(patch.archived !== undefined && { archived: patch.archived }),
+        ...(patch.applied_at !== undefined && {
+          appliedAt: patch.applied_at === null ? null : new Date(patch.applied_at),
+        }),
+        ...(patch.notes !== undefined && { notes: patch.notes }),
+      })
+      .where(eq(jobs.id, id))
+      .returning();
+
+    const row = rows[0];
+    if (!row) throw new NotFoundException(`Job ${id} not found`);
+    return toJobDto(row);
   }
 
   // ---- criteria ----------------------------------------------------------
 
   async listCriteria(activeOnly = false): Promise<JobSearchCriteria[]> {
-    let q = this.db.from("job_search_criteria").select("*").order("created_at", { ascending: true });
-    if (activeOnly) q = q.eq("active", true);
-    const { data, error } = await q;
-    if (error) throw error;
-    return (data ?? []) as JobSearchCriteria[];
+    const rows = await (activeOnly
+      ? this.db
+          .select()
+          .from(jobSearchCriteria)
+          .where(eq(jobSearchCriteria.active, true))
+          .orderBy(asc(jobSearchCriteria.createdAt))
+      : this.db.select().from(jobSearchCriteria).orderBy(asc(jobSearchCriteria.createdAt)));
+
+    return rows.map(toCriteriaDto);
   }
 
   async createCriteria(input: JobSearchCriteriaUpsert): Promise<JobSearchCriteria> {
-    const { data, error } = await this.db
-      .from("job_search_criteria")
-      .insert(input)
-      .select("*")
-      .single();
-    if (error) throw error;
-    return data as JobSearchCriteria;
+    const rows = await this.db
+      .insert(jobSearchCriteria)
+      .values({
+        name: input.name ?? null,
+        titles: input.titles,
+        locations: input.locations,
+        stack: input.stack,
+        remoteTypes: input.remote_types,
+        salaryMin: input.salary_min ?? null,
+        active: input.active,
+      })
+      .returning();
+    return toCriteriaDto(rows[0]!);
   }
 
   async updateCriteria(id: string, input: JobSearchCriteriaUpsert): Promise<JobSearchCriteria> {
-    const { data, error } = await this.db
-      .from("job_search_criteria")
-      .update({ ...input, updated_at: new Date().toISOString() })
-      .eq("id", id)
-      .select("*")
-      .maybeSingle();
-    if (error) throw error;
-    if (!data) throw new NotFoundException(`Criteria ${id} not found`);
-    return data as JobSearchCriteria;
+    const rows = await this.db
+      .update(jobSearchCriteria)
+      .set({
+        name: input.name ?? null,
+        titles: input.titles,
+        locations: input.locations,
+        stack: input.stack,
+        remoteTypes: input.remote_types,
+        salaryMin: input.salary_min ?? null,
+        active: input.active,
+        updatedAt: new Date(),
+      })
+      .where(eq(jobSearchCriteria.id, id))
+      .returning();
+
+    const row = rows[0];
+    if (!row) throw new NotFoundException(`Criteria ${id} not found`);
+    return toCriteriaDto(row);
   }
 
   async deleteCriteria(id: string): Promise<void> {
-    const { error } = await this.db.from("job_search_criteria").delete().eq("id", id);
-    if (error) throw error;
+    await this.db.delete(jobSearchCriteria).where(eq(jobSearchCriteria.id, id));
   }
 }
+
+// ---------------------------------------------------------------------------
+// Mapping row (snake_case en DB, camelCase en drizzle) → DTO (snake_case
+// côté API — la PWA consomme telle quelle).
+// ---------------------------------------------------------------------------
+
+function toJobDto(row: schema.JobRow): Job {
+  return {
+    id: row.id,
+    source: row.source,
+    source_url: row.sourceUrl,
+    title: row.title,
+    company: row.company,
+    description: row.description,
+    location: row.location,
+    remote_type: row.remoteType as Job["remote_type"],
+    salary_min: row.salaryMin,
+    salary_max: row.salaryMax,
+    stack: row.stack,
+    apply_url: row.applyUrl,
+    first_seen_at: row.firstSeenAt.toISOString(),
+    last_seen_at: row.lastSeenAt.toISOString(),
+    archived: row.archived,
+    starred: row.starred,
+    applied_at: row.appliedAt?.toISOString() ?? null,
+    notes: row.notes,
+  };
+}
+
+function toCriteriaDto(row: schema.JobSearchCriteriaRow): JobSearchCriteria {
+  return {
+    id: row.id,
+    name: row.name,
+    titles: row.titles,
+    locations: row.locations,
+    stack: row.stack,
+    remote_types: row.remoteTypes as JobSearchCriteria["remote_types"],
+    salary_min: row.salaryMin,
+    active: row.active,
+    created_at: row.createdAt.toISOString(),
+    updated_at: row.updatedAt.toISOString(),
+  };
+}
diff --git a/apps/pwa/src/routes/index.tsx b/apps/pwa/src/routes/index.tsx
index 0c4b835..06470b5 100644
--- a/apps/pwa/src/routes/index.tsx
+++ b/apps/pwa/src/routes/index.tsx
@@ -46,7 +46,7 @@ function Dashboard() {
           <div className="flex flex-wrap gap-2">
             <DataChip>VITE · REACT</DataChip>
             <DataChip>NESTJS</DataChip>
-            <DataChip>SUPABASE</DataChip>
+            <DataChip>POSTGRES · DRIZZLE</DataChip>
             <DataChip>K3S</DataChip>
           </div>
         </div>
diff --git a/deploy/k8s/README.md b/deploy/k8s/README.md
index b21ef96..3d7645a 100644
--- a/deploy/k8s/README.md
+++ b/deploy/k8s/README.md
@@ -2,12 +2,23 @@
 
 Manifests Kubernetes pour le k3s perso d'Arthur.
 
+## Stack
+
+- `postgres.yaml` — StatefulSet Postgres 16 + PVC 5 Gi (single-user, faible volume).
+- `api.deployment.yaml` / `pwa.deployment.yaml` — services applicatifs.
+- `ingress.yaml` — routage Traefik TLS vers `os.arthurbarre.fr` et `api.os.arthurbarre.fr`.
+- `migrate.job.yaml` — job one-shot `drizzle-orm` pour appliquer les migrations.
+- `backup.cronjob.yaml` — `pg_dump` quotidien vers un bucket S3-compatible via `rclone`.
+
 ## Ordre d'application initial
 
 ```bash
 kubectl apply -f namespace.yaml
 # Copier secrets.template.yaml -> secrets.yaml, remplir, puis :
 kubectl apply -f secrets.yaml
+kubectl apply -f postgres.yaml
+# Attendre que le pod postgres soit Ready.
+kubectl apply -f migrate.job.yaml        # crée le schéma ordinarthur_os + tables
 kubectl apply -f api.deployment.yaml
 kubectl apply -f pwa.deployment.yaml
 kubectl apply -f ingress.yaml
@@ -20,5 +31,7 @@ kubectl apply -f backup.cronjob.yaml
 - Cluster issuer cert-manager (`letsencrypt-prod` ?)
 - Entrée Traefik (`websecure` ?)
 - DNS : `os.arthurbarre.fr` et `api.os.arthurbarre.fr` doivent pointer sur l'IP du load-balancer k3s
+- StorageClass du PVC postgres (k3s fournit `local-path` par défaut — OK pour single-node)
 - Bucket S3-compatible pour les backups (B2 / Scaleway / autre)
 - Image registry : Gitea CR (défaut) — credentials pull peuvent nécessiter un `imagePullSecrets`
+- Image pour le `migrate.job` : soit re-utiliser l'image API et `node ./node_modules/.../migrate.ts` via tsx, soit builder une image dédiée `ordinarthur-os-migrate` qui embarque `packages/db` compilé.
diff --git a/deploy/k8s/backup.cronjob.yaml b/deploy/k8s/backup.cronjob.yaml
index d72db44..b9a4236 100644
--- a/deploy/k8s/backup.cronjob.yaml
+++ b/deploy/k8s/backup.cronjob.yaml
@@ -1,6 +1,7 @@
-# Backup quotidien du schéma ordinarthur_os.
-# `PGURL` et `RCLONE_REMOTE` à fournir via secret séparé `ordinarthur-os-backup-secrets`
-# (voir secrets.template.yaml — à splitter quand le bucket S3 est choisi avec Arthur).
+# Backup quotidien du Postgres ordinarthur-os.
+# Secrets dans `ordinarthur-os-backup-secrets` :
+#   PGURL            → chaîne `postgres://…` (copie de DATABASE_URL)
+#   RCLONE_REMOTE    → ex. `b2:ordinarthur-os-backups`
 apiVersion: batch/v1
 kind: CronJob
 metadata:
diff --git a/deploy/k8s/migrate.job.yaml b/deploy/k8s/migrate.job.yaml
new file mode 100644
index 0000000..8ff4f74
--- /dev/null
+++ b/deploy/k8s/migrate.job.yaml
@@ -0,0 +1,27 @@
+# Job one-shot qui applique les migrations Drizzle.
+# À rejouer manuellement après chaque déploiement qui contient une migration :
+#   kubectl -n ordinarthur-os delete job ordinarthur-os-migrate --ignore-not-found
+#   kubectl -n ordinarthur-os apply -f migrate.job.yaml
+#
+# (Peut aussi être branché dans le pipeline Gitea pour être auto-déclenché.)
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: ordinarthur-os-migrate
+  namespace: ordinarthur-os
+spec:
+  backoffLimit: 2
+  ttlSecondsAfterFinished: 86400
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: migrate
+          image: gitea.arthurbarre.fr/arthurbarre/ordinarthur-os-migrate:latest
+          imagePullPolicy: Always
+          envFrom:
+            - secretRef: { name: ordinarthur-os-secrets }
+          command: ["node", "dist/migrate.js"]
+          resources:
+            requests: { cpu: 50m, memory: 128Mi }
+            limits:   { cpu: 300m, memory: 256Mi }
diff --git a/deploy/k8s/postgres.yaml b/deploy/k8s/postgres.yaml
new file mode 100644
index 0000000..b72be98
--- /dev/null
+++ b/deploy/k8s/postgres.yaml
@@ -0,0 +1,66 @@
+# Postgres standalone pour ordinarthur-os.
+# Single-user, faible volume → 1 replica + PVC. Backup via backup.cronjob.yaml.
+#
+# Secrets attendus dans `ordinarthur-os-db-secrets` (cf. secrets.template.yaml) :
+#   POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB
+#
+# `DATABASE_URL` consommé par l'API est injecté depuis `ordinarthur-os-secrets`
+# et doit pointer vers `postgres.ordinarthur-os.svc.cluster.local:5432/<POSTGRES_DB>`.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: ordinarthur-os
+spec:
+  clusterIP: None
+  selector: { app: postgres }
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: ordinarthur-os
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector: { matchLabels: { app: postgres } }
+  template:
+    metadata: { labels: { app: postgres } }
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+              name: postgres
+          envFrom:
+            - secretRef: { name: ordinarthur-os-db-secrets }
+          env:
+            - { name: PGDATA, value: /var/lib/postgresql/data/pgdata }
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+          readinessProbe:
+            exec: { command: ["pg_isready", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)"] }
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            exec: { command: ["pg_isready", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)"] }
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          resources:
+            requests: { cpu: 50m, memory: 128Mi }
+            limits:   { cpu: 1000m, memory: 512Mi }
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests: { storage: 5Gi }
+        # storageClassName: à définir selon le cluster (local-path par défaut sur k3s)
diff --git a/deploy/k8s/secrets.template.yaml b/deploy/k8s/secrets.template.yaml
index d343038..4a6a7a8 100644
--- a/deploy/k8s/secrets.template.yaml
+++ b/deploy/k8s/secrets.template.yaml
@@ -1,6 +1,7 @@
 # NE PAS COMMITER LES VRAIES VALEURS.
-# Ce fichier est un template — appliquer une copie remplie via :
+# Deux Secrets sont attendus côté cluster — dupliquer, remplir, puis :
 #   kubectl -n ordinarthur-os apply -f secrets.yaml
+---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,9 +10,9 @@ metadata:
 type: Opaque
 stringData:
   API_BEARER_TOKEN: ""
-  SUPABASE_URL: "https://supabase.arthurbarre.fr"
-  SUPABASE_SERVICE_ROLE_KEY: ""
-  SUPABASE_SCHEMA: "ordinarthur_os"
+  # Postgres standalone dans le cluster (cf. postgres.yaml).
+  # Format : postgres://<user>:<password>@postgres.ordinarthur-os.svc.cluster.local:5432/<db>
+  DATABASE_URL: ""
   MISTRAL_API_KEY: ""
   MISTRAL_MODEL: "mistral-small-latest"
   GROQ_API_KEY: ""
@@ -22,3 +23,31 @@ stringData:
   ICAL_FEED_SECRET: ""
   TELEGRAM_BOT_TOKEN: ""
   TELEGRAM_WEBHOOK_SECRET: ""
+---
+# Credentials consommés par le StatefulSet postgres.
+# Les mêmes valeurs doivent composer DATABASE_URL ci-dessus.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ordinarthur-os-db-secrets
+  namespace: ordinarthur-os
+type: Opaque
+stringData:
+  POSTGRES_USER: "ordinarthur"
+  POSTGRES_PASSWORD: ""
+  POSTGRES_DB: "ordinarthur_os"
+---
+# Credentials du CronJob de backup (bucket S3-compatible à choisir avec Arthur).
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ordinarthur-os-backup-secrets
+  namespace: ordinarthur-os
+type: Opaque
+stringData:
+  # Même valeur que DATABASE_URL (utilisable par pg_dump).
+  PGURL: ""
+  # rclone remote name + bucket, ex. "b2:ordinarthur-os-backups"
+  RCLONE_REMOTE: ""
+  # Contenu d'un rclone.conf — monté ensuite côté cronjob si besoin.
+  RCLONE_CONFIG: ""
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e49b58b
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,35 @@
+# Compose dev-only pour ordinarthur-os.
+# Pas destiné à la prod (la prod tourne sur k3s via deploy/k8s/postgres.yaml).
+#
+# Usage :
+#   docker compose up -d                         # lance Postgres sur :5432
+#   pnpm --filter @ordinarthur-os/db migrate     # applique les migrations
+#   docker compose logs -f postgres              # suivre les logs
+#   docker compose down                          # stop (garde le volume)
+#   docker compose down -v                       # stop + wipe data
+#
+# Les credentials matchent `apps/api/.env.example` pour que `DATABASE_URL`
+# fonctionne sans config supplémentaire.
+
+services:
+  postgres:
+    image: postgres:16-alpine
+    container_name: ordinarthur-os-postgres
+    restart: unless-stopped
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_USER: ordinarthur
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_DB: ordinarthur_os
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ordinarthur -d ordinarthur_os"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+volumes:
+  postgres-data:
+    name: ordinarthur-os-postgres-data
diff --git a/packages/db/README.md b/packages/db/README.md
index 44e2e7f..a3fd126 100644
--- a/packages/db/README.md
+++ b/packages/db/README.md
@@ -1,15 +1,46 @@
 # @ordinarthur-os/db
 
-Migrations SQL versionnées pour le schéma `ordinarthur_os` sur Supabase self-hosted.
+Schéma Postgres + migrations versionnées pour ordinarthur-os, via [Drizzle ORM](https://orm.drizzle.team).
 
-Pas d'outil de migration automatique pour l'instant : appliquer manuellement via le SQL editor de Supabase, dans l'ordre numérique. Chaque fichier doit être idempotent autant que possible (`create … if not exists`).
+La base tourne dans le cluster k3s d'Arthur (cf. [`deploy/k8s/postgres.yaml`](../../deploy/k8s/postgres.yaml)). Plus de Supabase — l'API NestJS parle directement à Postgres.
 
-## Ordre
+## Arbo
 
-- `0001_schema.sql` — création du schéma + RLS service-role-only (Phase 0)
-- `0002_jobs.sql` — tables `jobs`, `job_search_criteria` (Phase 1)
-- `0003_todos.sql` — table `todos` + `client_mutations` (Phase 2)
-- `0004_projects.sql` — `projects`, `project_steps`, `project_ideas` (Phase 3)
-- `0005_agenda.sql` — `calendar_events`, `google_oauth_tokens` (Phase 4)
-- `0006_ai.sql` — `ai_actions` (Phase 5)
-- `0007_health.sql` — `daily_checkins` (Phase 7)
+- `src/schema/` — définitions Drizzle (TypeScript). Une table = un fichier, réexporté depuis `schema/index.ts`.
+- `src/client.ts` — factory `createDb(connectionString)` utilisée par l'API.
+- `src/migrate.ts` — runner des migrations (consomme `DATABASE_URL`).
+- `drizzle.config.ts` — config drizzle-kit.
+- `migrations/` — SQL versionné (`0000_init.sql`, `0001_jobs.sql`, …) + `meta/_journal.json` exploité par le runner.
+
+## Commandes
+
+Depuis la racine du monorepo :
+
+```bash
+# 0. Lancer le Postgres de dev (cf. docker-compose.yml à la racine).
+docker compose up -d
+
+# 1. Générer un diff SQL à partir du schéma TS (nouvelle migration).
+pnpm --filter @ordinarthur-os/db generate
+
+# 2. Appliquer les migrations pendantes sur la base pointée par DATABASE_URL.
+#    Le .env de apps/api suffit : le script lit process.env.DATABASE_URL.
+pnpm --filter @ordinarthur-os/db migrate
+
+# 3. Ouvrir Drizzle Studio (inspection UI).
+pnpm --filter @ordinarthur-os/db studio
+```
+
+## Convention migrations
+
+- `0000_init.sql` — extension `pgcrypto` + création du schéma `ordinarthur_os`. Idempotent (à ne PAS régénérer via drizzle-kit).
+- `0001_jobs.sql` — tables `jobs` + `job_search_criteria` (Phase 1).
+- `0002_todos.sql` — `todos` + `client_mutations` (Phase 2).
+- `0003_projects.sql` — `projects`, `project_steps`, `project_ideas` (Phase 3).
+- `0004_agenda.sql` — `calendar_events`, `google_oauth_tokens` (Phase 4).
+- `0005_ai.sql` — `ai_actions` (Phase 5).
+- `0006_health.sql` — `daily_checkins` (Phase 7).
+
+## Plus de RLS
+
+Contrairement au setup Supabase initial, la DB n'est **pas** exposée publiquement : le seul consommateur est l'API NestJS, protégée par bearer token. On ne déploie donc aucune policy RLS — c'est du pur isolement réseau (service ClusterIP interne) + contrôle d'accès Postgres classique.
diff --git a/packages/db/drizzle.config.ts b/packages/db/drizzle.config.ts
new file mode 100644
index 0000000..d0ae67d
--- /dev/null
+++ b/packages/db/drizzle.config.ts
@@ -0,0 +1,22 @@
+import type { Config } from "drizzle-kit";
+
+/**
+ * Config drizzle-kit.
+ *
+ * Usage :
+ *   - `pnpm --filter @ordinarthur-os/db generate` → génère un SQL diff dans `migrations/`
+ *   - `pnpm --filter @ordinarthur-os/db migrate`  → applique les migrations pendantes
+ *
+ * `DATABASE_URL` attendu au format `postgres://user:pass@host:5432/dbname`.
+ */
+export default {
+  schema: "./src/schema/index.ts",
+  out: "./migrations",
+  dialect: "postgresql",
+  schemaFilter: ["ordinarthur_os"],
+  dbCredentials: {
+    url: process.env.DATABASE_URL ?? "",
+  },
+  strict: true,
+  verbose: true,
+} satisfies Config;
diff --git a/packages/db/migrations/0000_init.sql b/packages/db/migrations/0000_init.sql
new file mode 100644
index 0000000..5d7a98f
--- /dev/null
+++ b/packages/db/migrations/0000_init.sql
@@ -0,0 +1,10 @@
+-- 0000_init.sql — Phase 0
+-- Pose le socle: extension pgcrypto + schéma dédié.
+-- Ces instructions sont idempotentes et sûres à ré-exécuter.
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE SCHEMA IF NOT EXISTS "ordinarthur_os";
+
+COMMENT ON SCHEMA "ordinarthur_os" IS
+  'Assistant personnel single-user d''Arthur. Accès applicatif exclusivement via l''API NestJS.';
diff --git a/packages/db/migrations/0001_jobs.sql b/packages/db/migrations/0001_jobs.sql
new file mode 100644
index 0000000..90b69a8
--- /dev/null
+++ b/packages/db/migrations/0001_jobs.sql
@@ -0,0 +1,51 @@
+-- 0001_jobs.sql — Phase 1
+-- Tables jobs + job_search_criteria.
+
+CREATE TABLE IF NOT EXISTS "ordinarthur_os"."jobs" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+  "source" text NOT NULL,
+  "source_url" text NOT NULL,
+  "title" text NOT NULL,
+  "company" text,
+  "description" text,
+  "location" text,
+  "remote_type" text,
+  "salary_min" integer,
+  "salary_max" integer,
+  "stack" text[] DEFAULT '{}'::text[] NOT NULL,
+  "apply_url" text,
+  "first_seen_at" timestamp with time zone DEFAULT now() NOT NULL,
+  "last_seen_at" timestamp with time zone DEFAULT now() NOT NULL,
+  "archived" boolean DEFAULT false NOT NULL,
+  "starred" boolean DEFAULT false NOT NULL,
+  "applied_at" timestamp with time zone,
+  "notes" text,
+  CONSTRAINT "jobs_source_url_unique" UNIQUE("source_url"),
+  CONSTRAINT "jobs_remote_type_check"
+    CHECK ("remote_type" IS NULL OR "remote_type" IN ('remote','hybrid','onsite'))
+);
+
+CREATE INDEX IF NOT EXISTS "jobs_last_seen_idx"
+  ON "ordinarthur_os"."jobs" ("last_seen_at" DESC);
+CREATE INDEX IF NOT EXISTS "jobs_archived_idx"
+  ON "ordinarthur_os"."jobs" ("archived");
+CREATE INDEX IF NOT EXISTS "jobs_remote_type_idx"
+  ON "ordinarthur_os"."jobs" ("remote_type");
+CREATE INDEX IF NOT EXISTS "jobs_stack_gin"
+  ON "ordinarthur_os"."jobs" USING gin ("stack");
+
+CREATE TABLE IF NOT EXISTS "ordinarthur_os"."job_search_criteria" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+  "name" text,
+  "titles" text[] DEFAULT '{}'::text[] NOT NULL,
+  "locations" text[] DEFAULT '{}'::text[] NOT NULL,
+  "stack" text[] DEFAULT '{}'::text[] NOT NULL,
+  "remote_types" text[] DEFAULT '{}'::text[] NOT NULL,
+  "salary_min" integer,
+  "active" boolean DEFAULT true NOT NULL,
+  "created_at" timestamp with time zone DEFAULT now() NOT NULL,
+  "updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS "job_criteria_active_idx"
+  ON "ordinarthur_os"."job_search_criteria" ("active");
diff --git a/packages/db/migrations/0001_schema.sql b/packages/db/migrations/0001_schema.sql
deleted file mode 100644
index a98f3a1..0000000
--- a/packages/db/migrations/0001_schema.sql
+++ /dev/null
@@ -1,20 +0,0 @@
--- 0001_schema.sql — Phase 0
--- Crée le schéma dédié `ordinarthur_os`. Les tables métier arrivent dans
--- les migrations suivantes (0002+). On pose ici uniquement le socle.
-
-create schema if not exists ordinarthur_os;
-
--- pgcrypto pour gen_random_uuid()
-create extension if not exists pgcrypto;
-
-comment on schema ordinarthur_os is
-  'Assistant personnel single-user d''Arthur. Accès via service_role uniquement.';
-
--- Helper appliqué à chaque table créée dans les migrations suivantes :
---
---   alter table ordinarthur_os.<t> enable row level security;
---   create policy "<t>_service_role" on ordinarthur_os.<t>
---     for all using (auth.role() = 'service_role')
---             with check (auth.role() = 'service_role');
---
--- (Repris explicitement dans chaque migration de table.)
diff --git a/packages/db/migrations/0002_jobs.sql b/packages/db/migrations/0002_jobs.sql
deleted file mode 100644
index 91690cd..0000000
--- a/packages/db/migrations/0002_jobs.sql
+++ /dev/null
@@ -1,54 +0,0 @@
--- 0002_jobs.sql — Phase 1
--- Tables: jobs, job_search_criteria
-set search_path to ordinarthur_os, public;
-
-create table if not exists ordinarthur_os.jobs (
-  id uuid primary key default gen_random_uuid(),
-  source text not null,                 -- 'Indeed','WeLoveDevs',...
-  source_url text not null unique,      -- clé de dedup
-  title text not null,
-  company text,
-  description text,
-  location text,
-  remote_type text check (remote_type in ('remote','hybrid','onsite')),
-  salary_min int,
-  salary_max int,
-  stack text[] not null default '{}',
-  apply_url text,
-  first_seen_at timestamptz not null default now(),
-  last_seen_at  timestamptz not null default now(),
-  archived boolean not null default false,
-  starred boolean not null default false,
-  applied_at timestamptz,
-  notes text
-);
-create index if not exists jobs_last_seen_idx on ordinarthur_os.jobs(last_seen_at desc);
-create index if not exists jobs_archived_idx on ordinarthur_os.jobs(archived);
-create index if not exists jobs_remote_type_idx on ordinarthur_os.jobs(remote_type);
-create index if not exists jobs_stack_gin on ordinarthur_os.jobs using gin (stack);
-
-alter table ordinarthur_os.jobs enable row level security;
-drop policy if exists jobs_service_role on ordinarthur_os.jobs;
-create policy jobs_service_role on ordinarthur_os.jobs
-  for all using (auth.role() = 'service_role')
-          with check (auth.role() = 'service_role');
-
-create table if not exists ordinarthur_os.job_search_criteria (
-  id uuid primary key default gen_random_uuid(),
-  name text,
-  titles text[] not null default '{}',
-  locations text[] not null default '{}',
-  stack text[] not null default '{}',
-  remote_types text[] not null default '{}',
-  salary_min int,
-  active boolean not null default true,
-  created_at timestamptz not null default now(),
-  updated_at timestamptz not null default now()
-);
-create index if not exists job_criteria_active_idx on ordinarthur_os.job_search_criteria(active);
-
-alter table ordinarthur_os.job_search_criteria enable row level security;
-drop policy if exists job_criteria_service_role on ordinarthur_os.job_search_criteria;
-create policy job_criteria_service_role on ordinarthur_os.job_search_criteria
-  for all using (auth.role() = 'service_role')
-          with check (auth.role() = 'service_role');
diff --git a/packages/db/migrations/meta/_journal.json b/packages/db/migrations/meta/_journal.json
new file mode 100644
index 0000000..6b43780
--- /dev/null
+++ b/packages/db/migrations/meta/_journal.json
@@ -0,0 +1,20 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1744848000000,
+      "tag": "0000_init",
+      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "7",
+      "when": 1744848060000,
+      "tag": "0001_jobs",
+      "breakpoints": true
+    }
+  ]
+}
diff --git a/packages/db/package.json b/packages/db/package.json
index 1ae2488..7a34af9 100644
--- a/packages/db/package.json
+++ b/packages/db/package.json
@@ -2,7 +2,27 @@
   "name": "@ordinarthur-os/db",
   "version": "0.0.0",
   "private": true,
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./schema": "./src/schema/index.ts"
+  },
   "scripts": {
-    "migrate:print": "ls migrations"
+    "generate": "drizzle-kit generate",
+    "migrate": "tsx src/migrate.ts",
+    "studio": "drizzle-kit studio",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "drizzle-orm": "^0.36.4",
+    "postgres": "^3.4.5"
+  },
+  "devDependencies": {
+    "@types/node": "^20.16.10",
+    "drizzle-kit": "^0.28.1",
+    "tsx": "^4.19.2",
+    "typescript": "^5.5.4"
   }
 }
diff --git a/packages/db/src/client.ts b/packages/db/src/client.ts
new file mode 100644
index 0000000..5bab7c5
--- /dev/null
+++ b/packages/db/src/client.ts
@@ -0,0 +1,31 @@
+import { drizzle, type PostgresJsDatabase } from "drizzle-orm/postgres-js";
+import postgres, { type Sql } from "postgres";
+import * as schema from "./schema";
+
+export type Db = PostgresJsDatabase<typeof schema>;
+
+export interface DbHandle {
+  db: Db;
+  sql: Sql;
+  close: () => Promise<void>;
+}
+
+/**
+ * Crée un client Drizzle connecté à Postgres.
+ *
+ * - `max` à 10 connexions (single-user, trafic très faible).
+ * - `prepare: false` pour éviter les conflits avec les prepared statements côté
+ *   pool k3s (pas indispensable ici mais sans coût mesurable).
+ */
+export function createDb(connectionString: string): DbHandle {
+  const sql = postgres(connectionString, {
+    max: 10,
+    prepare: false,
+  });
+  const db = drizzle(sql, { schema });
+  return {
+    db,
+    sql,
+    close: () => sql.end({ timeout: 5 }),
+  };
+}
diff --git a/packages/db/src/index.ts b/packages/db/src/index.ts
new file mode 100644
index 0000000..e4f3cdc
--- /dev/null
+++ b/packages/db/src/index.ts
@@ -0,0 +1,3 @@
+export * as schema from "./schema";
+export { appSchema } from "./schema";
+export { createDb, type Db, type DbHandle } from "./client";
diff --git a/packages/db/src/migrate.ts b/packages/db/src/migrate.ts
new file mode 100644
index 0000000..06bdb07
--- /dev/null
+++ b/packages/db/src/migrate.ts
@@ -0,0 +1,29 @@
+/**
+ * Exécute les migrations Drizzle pendantes.
+ *
+ *   DATABASE_URL=postgres://... pnpm --filter @ordinarthur-os/db migrate
+ */
+import { migrate } from "drizzle-orm/postgres-js/migrator";
+import { createDb } from "./client";
+
+async function main() {
+  const url = process.env.DATABASE_URL;
+  if (!url) {
+    console.error("[migrate] DATABASE_URL manquant");
+    process.exit(1);
+  }
+
+  const { db, close } = createDb(url);
+  try {
+    console.log("[migrate] application des migrations…");
+    await migrate(db, { migrationsFolder: new URL("../migrations", import.meta.url).pathname });
+    console.log("[migrate] ✓ à jour");
+  } finally {
+    await close();
+  }
+}
+
+main().catch((err) => {
+  console.error("[migrate] échec:", err);
+  process.exit(1);
+});
diff --git a/packages/db/src/schema/_schema.ts b/packages/db/src/schema/_schema.ts
new file mode 100644
index 0000000..2664224
--- /dev/null
+++ b/packages/db/src/schema/_schema.ts
@@ -0,0 +1,8 @@
+import { pgSchema } from "drizzle-orm/pg-core";
+
+/**
+ * Schéma Postgres dédié. Toutes les tables métier vivent ici.
+ * L'extension pgcrypto (pour gen_random_uuid()) et le schéma lui-même sont
+ * créés par la première migration SQL (cf. packages/db/migrations/0000_init.sql).
+ */
+export const appSchema = pgSchema("ordinarthur_os");
diff --git a/packages/db/src/schema/index.ts b/packages/db/src/schema/index.ts
new file mode 100644
index 0000000..b33ccd2
--- /dev/null
+++ b/packages/db/src/schema/index.ts
@@ -0,0 +1,2 @@
+export { appSchema } from "./_schema";
+export * from "./jobs";
diff --git a/packages/db/src/schema/jobs.ts b/packages/db/src/schema/jobs.ts
new file mode 100644
index 0000000..8378cf6
--- /dev/null
+++ b/packages/db/src/schema/jobs.ts
@@ -0,0 +1,67 @@
+import { sql } from "drizzle-orm";
+import { boolean, index, integer, text, timestamp, uuid } from "drizzle-orm/pg-core";
+import { appSchema } from "./_schema";
+
+// ---------------------------------------------------------------------------
+// jobs
+// ---------------------------------------------------------------------------
+
+export const jobs = appSchema.table(
+  "jobs",
+  {
+    id: uuid("id").primaryKey().default(sql`gen_random_uuid()`),
+    source: text("source").notNull(), // 'Indeed','WeLoveDevs',...
+    sourceUrl: text("source_url").notNull().unique(), // clé de dedup
+    title: text("title").notNull(),
+    company: text("company"),
+    description: text("description"),
+    location: text("location"),
+    // 'remote' | 'hybrid' | 'onsite' — contraint côté applicatif (zod)
+    remoteType: text("remote_type"),
+    salaryMin: integer("salary_min"),
+    salaryMax: integer("salary_max"),
+    stack: text("stack").array().notNull().default(sql`'{}'::text[]`),
+    applyUrl: text("apply_url"),
+    firstSeenAt: timestamp("first_seen_at", { withTimezone: true }).notNull().defaultNow(),
+    lastSeenAt: timestamp("last_seen_at", { withTimezone: true }).notNull().defaultNow(),
+    archived: boolean("archived").notNull().default(false),
+    starred: boolean("starred").notNull().default(false),
+    appliedAt: timestamp("applied_at", { withTimezone: true }),
+    notes: text("notes"),
+  },
+  (t) => ({
+    lastSeenIdx: index("jobs_last_seen_idx").on(t.lastSeenAt.desc()),
+    archivedIdx: index("jobs_archived_idx").on(t.archived),
+    remoteTypeIdx: index("jobs_remote_type_idx").on(t.remoteType),
+    stackGin: index("jobs_stack_gin").using("gin", t.stack),
+  }),
+);
+
+export type JobRow = typeof jobs.$inferSelect;
+export type JobInsert = typeof jobs.$inferInsert;
+
+// ---------------------------------------------------------------------------
+// job_search_criteria
+// ---------------------------------------------------------------------------
+
+export const jobSearchCriteria = appSchema.table(
+  "job_search_criteria",
+  {
+    id: uuid("id").primaryKey().default(sql`gen_random_uuid()`),
+    name: text("name"),
+    titles: text("titles").array().notNull().default(sql`'{}'::text[]`),
+    locations: text("locations").array().notNull().default(sql`'{}'::text[]`),
+    stack: text("stack").array().notNull().default(sql`'{}'::text[]`),
+    remoteTypes: text("remote_types").array().notNull().default(sql`'{}'::text[]`),
+    salaryMin: integer("salary_min"),
+    active: boolean("active").notNull().default(true),
+    createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
+    updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(),
+  },
+  (t) => ({
+    activeIdx: index("job_criteria_active_idx").on(t.active),
+  }),
+);
+
+export type JobSearchCriteriaRow = typeof jobSearchCriteria.$inferSelect;
+export type JobSearchCriteriaInsert = typeof jobSearchCriteria.$inferInsert;
diff --git a/packages/db/tsconfig.json b/packages/db/tsconfig.json
new file mode 100644
index 0000000..b79b767
--- /dev/null
+++ b/packages/db/tsconfig.json
@@ -0,0 +1,12 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "target": "ES2022",
+    "outDir": "dist",
+    "declaration": true,
+    "noEmit": true
+  },
+  "include": ["src", "drizzle.config.ts"]
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 43bde34..c29a359 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -26,12 +26,18 @@ importers:
       '@nestjs/platform-express':
         specifier: ^10.4.4
         version: 10.4.22(@nestjs/common@10.4.22(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.22)
+      '@ordinarthur-os/db':
+        specifier: workspace:*
+        version: link:../../packages/db
       '@ordinarthur-os/shared':
         specifier: workspace:*
         version: link:../../packages/shared
-      '@supabase/supabase-js':
-        specifier: ^2.45.4
-        version: 2.103.2
+      drizzle-orm:
+        specifier: ^0.36.4
+        version: 0.36.4(@types/react@18.3.28)(postgres@3.4.9)(react@18.3.1)
+      postgres:
+        specifier: ^3.4.5
+        version: 3.4.9
       reflect-metadata:
         specifier: ^0.2.2
         version: 0.2.2
@@ -116,7 +122,27 @@ importers:
         specifier: ^0.20.5
         version: 0.20.5(vite@5.4.21(@types/node@20.19.39)(terser@5.46.1))(workbox-build@7.4.0(@types/babel__core@7.20.5))(workbox-window@7.4.0)
 
-  packages/db: {}
+  packages/db:
+    dependencies:
+      drizzle-orm:
+        specifier: ^0.36.4
+        version: 0.36.4(@types/react@18.3.28)(postgres@3.4.9)(react@18.3.1)
+      postgres:
+        specifier: ^3.4.5
+        version: 3.4.9
+    devDependencies:
+      '@types/node':
+        specifier: ^20.16.10
+        version: 20.19.39
+      drizzle-kit:
+        specifier: ^0.28.1
+        version: 0.28.1
+      tsx:
+        specifier: ^4.19.2
+        version: 4.21.0
+      typescript:
+        specifier: ^5.5.4
+        version: 5.9.3
 
   packages/shared:
     dependencies:
@@ -688,6 +714,23 @@ packages:
     resolution: {integrity: sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==}
     engines: {node: '>=12'}
 
+  '@drizzle-team/brocli@0.10.2':
+    resolution: {integrity: sha512-z33Il7l5dKjUgGULTqBsQBQwckHh5AbIuxhdsIxDDiZAzBOrZO6q9ogcWC65kU382AfynTfgNumVcNIjuIua6w==}
+
+  '@esbuild-kit/core-utils@3.3.2':
+    resolution: {integrity: sha512-sPRAnw9CdSsRmEtnsl2WXWdyquogVpB3yZ3dgwJfe8zrOzTsV7cJvmwrKVa+0ma5BoiGJ+BoqkMvawbayKUsqQ==}
+    deprecated: 'Merged into tsx: https://tsx.is'
+
+  '@esbuild-kit/esm-loader@2.6.5':
+    resolution: {integrity: sha512-FxEMIkJKnodyA1OaCUoEvbYRkoZlLZ4d/eXFu9Fh8CbBBgP5EmZxrfTRyN0qpXZ4vOvqnE5YdRdcrmUUXuU+dA==}
+    deprecated: 'Merged into tsx: https://tsx.is'
+
+  '@esbuild/aix-ppc64@0.19.12':
+    resolution: {integrity: sha512-bmoCYyWdEL3wDQIVbcyzRyeKLgk2WtWLTWz1ZIAZF/EGbNOwSA6ew3PftJ1PqMiOOGu0OyFMzG53L0zqIpPeNA==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [aix]
+
   '@esbuild/aix-ppc64@0.21.5':
     resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
     engines: {node: '>=12'}
@@ -700,6 +743,18 @@ packages:
     cpu: [ppc64]
     os: [aix]
 
+  '@esbuild/android-arm64@0.18.20':
+    resolution: {integrity: sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+
+  '@esbuild/android-arm64@0.19.12':
+    resolution: {integrity: sha512-P0UVNGIienjZv3f5zq0DP3Nt2IE/3plFzuaS96vihvD0Hd6H/q4WXUGpCxD/E8YrSXfNyRPbpTq+T8ZQioSuPA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+
   '@esbuild/android-arm64@0.21.5':
     resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
     engines: {node: '>=12'}
@@ -712,6 +767,18 @@ packages:
     cpu: [arm64]
     os: [android]
 
+  '@esbuild/android-arm@0.18.20':
+    resolution: {integrity: sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+
+  '@esbuild/android-arm@0.19.12':
+    resolution: {integrity: sha512-qg/Lj1mu3CdQlDEEiWrlC4eaPZ1KztwGJ9B6J+/6G+/4ewxJg7gqj8eVYWvao1bXrqGiW2rsBZFSX3q2lcW05w==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+
   '@esbuild/android-arm@0.21.5':
     resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
     engines: {node: '>=12'}
@@ -724,6 +791,18 @@ packages:
     cpu: [arm]
     os: [android]
 
+  '@esbuild/android-x64@0.18.20':
+    resolution: {integrity: sha512-8GDdlePJA8D6zlZYJV/jnrRAi6rOiNaCC/JclcXpB+KIuvfBN4owLtgzY2bsxnx666XjJx2kDPUmnTtR8qKQUg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+
+  '@esbuild/android-x64@0.19.12':
+    resolution: {integrity: sha512-3k7ZoUW6Q6YqhdhIaq/WZ7HwBpnFBlW905Fa4s4qWJyiNOgT1dOqDiVAQFwBH7gBRZr17gLrlFCRzF6jFh7Kew==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+
   '@esbuild/android-x64@0.21.5':
     resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
     engines: {node: '>=12'}
@@ -736,6 +815,18 @@ packages:
     cpu: [x64]
     os: [android]
 
+  '@esbuild/darwin-arm64@0.18.20':
+    resolution: {integrity: sha512-bxRHW5kHU38zS2lPTPOyuyTm+S+eobPUnTNkdJEfAddYgEcll4xkT8DB9d2008DtTbl7uJag2HuE5NZAZgnNEA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@esbuild/darwin-arm64@0.19.12':
+    resolution: {integrity: sha512-B6IeSgZgtEzGC42jsI+YYu9Z3HKRxp8ZT3cqhvliEHovq8HSX2YX8lNocDn79gCKJXOSaEot9MVYky7AKjCs8g==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+
   '@esbuild/darwin-arm64@0.21.5':
     resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
     engines: {node: '>=12'}
@@ -748,6 +839,18 @@ packages:
     cpu: [arm64]
     os: [darwin]
 
+  '@esbuild/darwin-x64@0.18.20':
+    resolution: {integrity: sha512-pc5gxlMDxzm513qPGbCbDukOdsGtKhfxD1zJKXjCCcU7ju50O7MeAZ8c4krSJcOIJGFR+qx21yMMVYwiQvyTyQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@esbuild/darwin-x64@0.19.12':
+    resolution: {integrity: sha512-hKoVkKzFiToTgn+41qGhsUJXFlIjxI/jSYeZf3ugemDYZldIXIxhvwN6erJGlX4t5h417iFuheZ7l+YVn05N3A==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+
   '@esbuild/darwin-x64@0.21.5':
     resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
     engines: {node: '>=12'}
@@ -760,6 +863,18 @@ packages:
     cpu: [x64]
     os: [darwin]
 
+  '@esbuild/freebsd-arm64@0.18.20':
+    resolution: {integrity: sha512-yqDQHy4QHevpMAaxhhIwYPMv1NECwOvIpGCZkECn8w2WFHXjEwrBn3CeNIYsibZ/iZEUemj++M26W3cNR5h+Tw==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@esbuild/freebsd-arm64@0.19.12':
+    resolution: {integrity: sha512-4aRvFIXmwAcDBw9AueDQ2YnGmz5L6obe5kmPT8Vd+/+x/JMVKCgdcRwH6APrbpNXsPz+K653Qg8HB/oXvXVukA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+
   '@esbuild/freebsd-arm64@0.21.5':
     resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
     engines: {node: '>=12'}
@@ -772,6 +887,18 @@ packages:
     cpu: [arm64]
     os: [freebsd]
 
+  '@esbuild/freebsd-x64@0.18.20':
+    resolution: {integrity: sha512-tgWRPPuQsd3RmBZwarGVHZQvtzfEBOreNuxEMKFcd5DaDn2PbBxfwLcj4+aenoh7ctXcbXmOQIn8HI6mCSw5MQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@esbuild/freebsd-x64@0.19.12':
+    resolution: {integrity: sha512-EYoXZ4d8xtBoVN7CEwWY2IN4ho76xjYXqSXMNccFSx2lgqOG/1TBPW0yPx1bJZk94qu3tX0fycJeeQsKovA8gg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+
   '@esbuild/freebsd-x64@0.21.5':
     resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
     engines: {node: '>=12'}
@@ -784,6 +911,18 @@ packages:
     cpu: [x64]
     os: [freebsd]
 
+  '@esbuild/linux-arm64@0.18.20':
+    resolution: {integrity: sha512-2YbscF+UL7SQAVIpnWvYwM+3LskyDmPhe31pE7/aoTMFKKzIc9lLbyGUpmmb8a8AixOL61sQ/mFh3jEjHYFvdA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@esbuild/linux-arm64@0.19.12':
+    resolution: {integrity: sha512-EoTjyYyLuVPfdPLsGVVVC8a0p1BFFvtpQDB/YLEhaXyf/5bczaGeN15QkR+O4S5LeJ92Tqotve7i1jn35qwvdA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+
   '@esbuild/linux-arm64@0.21.5':
     resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
     engines: {node: '>=12'}
@@ -796,6 +935,18 @@ packages:
     cpu: [arm64]
     os: [linux]
 
+  '@esbuild/linux-arm@0.18.20':
+    resolution: {integrity: sha512-/5bHkMWnq1EgKr1V+Ybz3s1hWXok7mDFUMQ4cG10AfW3wL02PSZi5kFpYKrptDsgb2WAJIvRcDm+qIvXf/apvg==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+
+  '@esbuild/linux-arm@0.19.12':
+    resolution: {integrity: sha512-J5jPms//KhSNv+LO1S1TX1UWp1ucM6N6XuL6ITdKWElCu8wXP72l9MM0zDTzzeikVyqFE6U8YAV9/tFyj0ti+w==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+
   '@esbuild/linux-arm@0.21.5':
     resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
     engines: {node: '>=12'}
@@ -808,6 +959,18 @@ packages:
     cpu: [arm]
     os: [linux]
 
+  '@esbuild/linux-ia32@0.18.20':
+    resolution: {integrity: sha512-P4etWwq6IsReT0E1KHU40bOnzMHoH73aXp96Fs8TIT6z9Hu8G6+0SHSw9i2isWrD2nbx2qo5yUqACgdfVGx7TA==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+
+  '@esbuild/linux-ia32@0.19.12':
+    resolution: {integrity: sha512-Thsa42rrP1+UIGaWz47uydHSBOgTUnwBwNq59khgIwktK6x60Hivfbux9iNR0eHCHzOLjLMLfUMLCypBkZXMHA==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+
   '@esbuild/linux-ia32@0.21.5':
     resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
     engines: {node: '>=12'}
@@ -820,6 +983,18 @@ packages:
     cpu: [ia32]
     os: [linux]
 
+  '@esbuild/linux-loong64@0.18.20':
+    resolution: {integrity: sha512-nXW8nqBTrOpDLPgPY9uV+/1DjxoQ7DoB2N8eocyq8I9XuqJ7BiAMDMf9n1xZM9TgW0J8zrquIb/A7s3BJv7rjg==}
+    engines: {node: '>=12'}
+    cpu: [loong64]
+    os: [linux]
+
+  '@esbuild/linux-loong64@0.19.12':
+    resolution: {integrity: sha512-LiXdXA0s3IqRRjm6rV6XaWATScKAXjI4R4LoDlvO7+yQqFdlr1Bax62sRwkVvRIrwXxvtYEHHI4dm50jAXkuAA==}
+    engines: {node: '>=12'}
+    cpu: [loong64]
+    os: [linux]
+
   '@esbuild/linux-loong64@0.21.5':
     resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
     engines: {node: '>=12'}
@@ -832,6 +1007,18 @@ packages:
     cpu: [loong64]
     os: [linux]
 
+  '@esbuild/linux-mips64el@0.18.20':
+    resolution: {integrity: sha512-d5NeaXZcHp8PzYy5VnXV3VSd2D328Zb+9dEq5HE6bw6+N86JVPExrA6O68OPwobntbNJ0pzCpUFZTo3w0GyetQ==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+
+  '@esbuild/linux-mips64el@0.19.12':
+    resolution: {integrity: sha512-fEnAuj5VGTanfJ07ff0gOA6IPsvrVHLVb6Lyd1g2/ed67oU1eFzL0r9WL7ZzscD+/N6i3dWumGE1Un4f7Amf+w==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+
   '@esbuild/linux-mips64el@0.21.5':
     resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
     engines: {node: '>=12'}
@@ -844,6 +1031,18 @@ packages:
     cpu: [mips64el]
     os: [linux]
 
+  '@esbuild/linux-ppc64@0.18.20':
+    resolution: {integrity: sha512-WHPyeScRNcmANnLQkq6AfyXRFr5D6N2sKgkFo2FqguP44Nw2eyDlbTdZwd9GYk98DZG9QItIiTlFLHJHjxP3FA==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@esbuild/linux-ppc64@0.19.12':
+    resolution: {integrity: sha512-nYJA2/QPimDQOh1rKWedNOe3Gfc8PabU7HT3iXWtNUbRzXS9+vgB0Fjaqr//XNbd82mCxHzik2qotuI89cfixg==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+
   '@esbuild/linux-ppc64@0.21.5':
     resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
     engines: {node: '>=12'}
@@ -856,6 +1055,18 @@ packages:
     cpu: [ppc64]
     os: [linux]
 
+  '@esbuild/linux-riscv64@0.18.20':
+    resolution: {integrity: sha512-WSxo6h5ecI5XH34KC7w5veNnKkju3zBRLEQNY7mv5mtBmrP/MjNBCAlsM2u5hDBlS3NGcTQpoBvRzqBcRtpq1A==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@esbuild/linux-riscv64@0.19.12':
+    resolution: {integrity: sha512-2MueBrlPQCw5dVJJpQdUYgeqIzDQgw3QtiAHUC4RBz9FXPrskyyU3VI1hw7C0BSKB9OduwSJ79FTCqtGMWqJHg==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+
   '@esbuild/linux-riscv64@0.21.5':
     resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
     engines: {node: '>=12'}
@@ -868,6 +1079,18 @@ packages:
     cpu: [riscv64]
     os: [linux]
 
+  '@esbuild/linux-s390x@0.18.20':
+    resolution: {integrity: sha512-+8231GMs3mAEth6Ja1iK0a1sQ3ohfcpzpRLH8uuc5/KVDFneH6jtAJLFGafpzpMRO6DzJ6AvXKze9LfFMrIHVQ==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+
+  '@esbuild/linux-s390x@0.19.12':
+    resolution: {integrity: sha512-+Pil1Nv3Umes4m3AZKqA2anfhJiVmNCYkPchwFJNEJN5QxmTs1uzyy4TvmDrCRNT2ApwSari7ZIgrPeUx4UZDg==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+
   '@esbuild/linux-s390x@0.21.5':
     resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
     engines: {node: '>=12'}
@@ -880,6 +1103,18 @@ packages:
     cpu: [s390x]
     os: [linux]
 
+  '@esbuild/linux-x64@0.18.20':
+    resolution: {integrity: sha512-UYqiqemphJcNsFEskc73jQ7B9jgwjWrSayxawS6UVFZGWrAAtkzjxSqnoclCXxWtfwLdzU+vTpcNYhpn43uP1w==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+
+  '@esbuild/linux-x64@0.19.12':
+    resolution: {integrity: sha512-B71g1QpxfwBvNrfyJdVDexenDIt1CiDN1TIXLbhOw0KhJzE78KIFGX6OJ9MrtC0oOqMWf+0xop4qEU8JrJTwCg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+
   '@esbuild/linux-x64@0.21.5':
     resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
     engines: {node: '>=12'}
@@ -898,6 +1133,18 @@ packages:
     cpu: [arm64]
     os: [netbsd]
 
+  '@esbuild/netbsd-x64@0.18.20':
+    resolution: {integrity: sha512-iO1c++VP6xUBUmltHZoMtCUdPlnPGdBom6IrO4gyKPFFVBKioIImVooR5I83nTew5UOYrk3gIJhbZh8X44y06A==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+
+  '@esbuild/netbsd-x64@0.19.12':
+    resolution: {integrity: sha512-3ltjQ7n1owJgFbuC61Oj++XhtzmymoCihNFgT84UAmJnxJfm4sYCiSLTXZtE00VWYpPMYc+ZQmB6xbSdVh0JWA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+
   '@esbuild/netbsd-x64@0.21.5':
     resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
     engines: {node: '>=12'}
@@ -916,6 +1163,18 @@ packages:
     cpu: [arm64]
     os: [openbsd]
 
+  '@esbuild/openbsd-x64@0.18.20':
+    resolution: {integrity: sha512-e5e4YSsuQfX4cxcygw/UCPIEP6wbIL+se3sxPdCiMbFLBWu0eiZOJ7WoD+ptCLrmjZBK1Wk7I6D/I3NglUGOxg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+
+  '@esbuild/openbsd-x64@0.19.12':
+    resolution: {integrity: sha512-RbrfTB9SWsr0kWmb9srfF+L933uMDdu9BIzdA7os2t0TXhCRjrQyCeOt6wVxr79CKD4c+p+YhCj31HBkYcXebw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+
   '@esbuild/openbsd-x64@0.21.5':
     resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
     engines: {node: '>=12'}
@@ -934,6 +1193,18 @@ packages:
     cpu: [arm64]
     os: [openharmony]
 
+  '@esbuild/sunos-x64@0.18.20':
+    resolution: {integrity: sha512-kDbFRFp0YpTQVVrqUd5FTYmWo45zGaXe0X8E1G/LKFC0v8x0vWrhOWSLITcCn63lmZIxfOMXtCfti/RxN/0wnQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+
+  '@esbuild/sunos-x64@0.19.12':
+    resolution: {integrity: sha512-HKjJwRrW8uWtCQnQOz9qcU3mUZhTUQvi56Q8DPTLLB+DawoiQdjsYq+j+D3s9I8VFtDr+F9CjgXKKC4ss89IeA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+
   '@esbuild/sunos-x64@0.21.5':
     resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
     engines: {node: '>=12'}
@@ -946,6 +1217,18 @@ packages:
     cpu: [x64]
     os: [sunos]
 
+  '@esbuild/win32-arm64@0.18.20':
+    resolution: {integrity: sha512-ddYFR6ItYgoaq4v4JmQQaAI5s7npztfV4Ag6NrhiaW0RrnOXqBkgwZLofVTlq1daVTQNhtI5oieTvkRPfZrePg==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@esbuild/win32-arm64@0.19.12':
+    resolution: {integrity: sha512-URgtR1dJnmGvX864pn1B2YUYNzjmXkuJOIqG2HdU62MVS4EHpU2946OZoTMnRUHklGtJdJZ33QfzdjGACXhn1A==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+
   '@esbuild/win32-arm64@0.21.5':
     resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
     engines: {node: '>=12'}
@@ -958,6 +1241,18 @@ packages:
     cpu: [arm64]
     os: [win32]
 
+  '@esbuild/win32-ia32@0.18.20':
+    resolution: {integrity: sha512-Wv7QBi3ID/rROT08SABTS7eV4hX26sVduqDOTe1MvGMjNd3EjOz4b7zeexIR62GTIEKrfJXKL9LFxTYgkyeu7g==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+
+  '@esbuild/win32-ia32@0.19.12':
+    resolution: {integrity: sha512-+ZOE6pUkMOJfmxmBZElNOx72NKpIa/HFOMGzu8fqzQJ5kgf6aTGrcJaFsNiVMH4JKpMipyK+7k0n2UXN7a8YKQ==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+
   '@esbuild/win32-ia32@0.21.5':
     resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
     engines: {node: '>=12'}
@@ -970,6 +1265,18 @@ packages:
     cpu: [ia32]
     os: [win32]
 
+  '@esbuild/win32-x64@0.18.20':
+    resolution: {integrity: sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+
+  '@esbuild/win32-x64@0.19.12':
+    resolution: {integrity: sha512-T1QyPSDCyMXaO3pzBkF96E8xMkiRYbUEZADd29SyPGabqxMViNoii+NcK7eWJAEoU6RZyEm5lVSIjTmcdoB9HA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+
   '@esbuild/win32-x64@0.21.5':
     resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
     engines: {node: '>=12'}
@@ -1272,33 +1579,6 @@ packages:
     cpu: [x64]
     os: [win32]
 
-  '@supabase/auth-js@2.103.2':
-    resolution: {integrity: sha512-gHCp8J7TJ3ZrNsT5NiJt8Sa5SK7QnotUtxkBEaJ/vuimZ6MsWn6p4JWoDc01uZBmJTiISH3gQqTF2/S+kglDIw==}
-    engines: {node: '>=20.0.0'}
-
-  '@supabase/functions-js@2.103.2':
-    resolution: {integrity: sha512-VescBNuZPVcoFpH3R44YbLDDFPZnMtzBHuY1cNyL75h8Vlw9YBHv9qztVgDalKRoeA9wNQhuHqawXdTgCobhIQ==}
-    engines: {node: '>=20.0.0'}
-
-  '@supabase/phoenix@0.4.0':
-    resolution: {integrity: sha512-RHSx8bHS02xwfHdAbX5Lpbo6PXbgyf7lTaXTlwtFDPwOIw64NnVRwFAXGojHhjtVYI+PEPNSWwkL90f4agN3bw==}
-
-  '@supabase/postgrest-js@2.103.2':
-    resolution: {integrity: sha512-Qi9Dn0azoI/RhaVnZsggeQg6MY+7jg3jHVPt2vlh9nojMjOBniTbBeSrdSSEdufpbwXxPne3Z13OPva1VmC9CA==}
-    engines: {node: '>=20.0.0'}
-
-  '@supabase/realtime-js@2.103.2':
-    resolution: {integrity: sha512-zj/JruFaSJScdtq0W2cI+WbLuQmwYBD8i++0YFlzwyAeeZy9RwEAfjT1mkvhBNHPCy2V4LIsE4F0rAHSGR8AOg==}
-    engines: {node: '>=20.0.0'}
-
-  '@supabase/storage-js@2.103.2':
-    resolution: {integrity: sha512-d40lZ29EyWJ4cOTtSBH4myaRuYSa9kOdt+NFkUmR+a3SAy2VpbdI1/nE3QWIrdifOa4pxTo8RXGC3BngPMVhRw==}
-    engines: {node: '>=20.0.0'}
-
-  '@supabase/supabase-js@2.103.2':
-    resolution: {integrity: sha512-GlC5me7/WlyS1ZCpwLoCm7ezggRWxyMxfckDhtnJvGanoVZAOnCKSqrNkjmDF8aufdh/kOoXRc/P3zJ/eUKMTg==}
-    engines: {node: '>=20.0.0'}
-
   '@surma/rollup-plugin-off-main-thread@2.2.3':
     resolution: {integrity: sha512-lR8q/9W7hZpMWweNiAKU7NQerBnzQQLvi8qnTDU/fxItPhtZVMbPV3lbCwjhIlNBe9Bbr5V+KHshvWmVSG9cxQ==}
 
@@ -1503,9 +1783,6 @@ packages:
   '@types/trusted-types@2.0.7':
     resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==}
 
-  '@types/ws@8.18.1':
-    resolution: {integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==}
-
   '@vitejs/plugin-react@4.7.0':
     resolution: {integrity: sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==}
     engines: {node: ^14.18.0 || >=16.0.0}
@@ -1990,6 +2267,102 @@ packages:
   dlv@1.1.3:
     resolution: {integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==}
 
+  drizzle-kit@0.28.1:
+    resolution: {integrity: sha512-JimOV+ystXTWMgZkLHYHf2w3oS28hxiH1FR0dkmJLc7GHzdGJoJAQtQS5DRppnabsRZwE2U1F6CuezVBgmsBBQ==}
+    hasBin: true
+
+  drizzle-orm@0.36.4:
+    resolution: {integrity: sha512-1OZY3PXD7BR00Gl61UUOFihslDldfH4NFRH2MbP54Yxi0G/PKn4HfO65JYZ7c16DeP3SpM3Aw+VXVG9j6CRSXA==}
+    peerDependencies:
+      '@aws-sdk/client-rds-data': '>=3'
+      '@cloudflare/workers-types': '>=3'
+      '@electric-sql/pglite': '>=0.2.0'
+      '@libsql/client': '>=0.10.0'
+      '@libsql/client-wasm': '>=0.10.0'
+      '@neondatabase/serverless': '>=0.10.0'
+      '@op-engineering/op-sqlite': '>=2'
+      '@opentelemetry/api': ^1.4.1
+      '@planetscale/database': '>=1'
+      '@prisma/client': '*'
+      '@tidbcloud/serverless': '*'
+      '@types/better-sqlite3': '*'
+      '@types/pg': '*'
+      '@types/react': '>=18'
+      '@types/sql.js': '*'
+      '@vercel/postgres': '>=0.8.0'
+      '@xata.io/client': '*'
+      better-sqlite3: '>=7'
+      bun-types: '*'
+      expo-sqlite: '>=14.0.0'
+      knex: '*'
+      kysely: '*'
+      mysql2: '>=2'
+      pg: '>=8'
+      postgres: '>=3'
+      prisma: '*'
+      react: '>=18'
+      sql.js: '>=1'
+      sqlite3: '>=5'
+    peerDependenciesMeta:
+      '@aws-sdk/client-rds-data':
+        optional: true
+      '@cloudflare/workers-types':
+        optional: true
+      '@electric-sql/pglite':
+        optional: true
+      '@libsql/client':
+        optional: true
+      '@libsql/client-wasm':
+        optional: true
+      '@neondatabase/serverless':
+        optional: true
+      '@op-engineering/op-sqlite':
+        optional: true
+      '@opentelemetry/api':
+        optional: true
+      '@planetscale/database':
+        optional: true
+      '@prisma/client':
+        optional: true
+      '@tidbcloud/serverless':
+        optional: true
+      '@types/better-sqlite3':
+        optional: true
+      '@types/pg':
+        optional: true
+      '@types/react':
+        optional: true
+      '@types/sql.js':
+        optional: true
+      '@vercel/postgres':
+        optional: true
+      '@xata.io/client':
+        optional: true
+      better-sqlite3:
+        optional: true
+      bun-types:
+        optional: true
+      expo-sqlite:
+        optional: true
+      knex:
+        optional: true
+      kysely:
+        optional: true
+      mysql2:
+        optional: true
+      pg:
+        optional: true
+      postgres:
+        optional: true
+      prisma:
+        optional: true
+      react:
+        optional: true
+      sql.js:
+        optional: true
+      sqlite3:
+        optional: true
+
   dunder-proto@1.0.1:
     resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
     engines: {node: '>= 0.4'}
@@ -2052,6 +2425,21 @@ packages:
     resolution: {integrity: sha512-w+5mJ3GuFL+NjVtJlvydShqE1eN3h3PbI7/5LAsYJP/2qtuMXjfL2LpHSRqo4b4eSF5K/DH1JXKUAHSB2UW50g==}
     engines: {node: '>= 0.4'}
 
+  esbuild-register@3.6.0:
+    resolution: {integrity: sha512-H2/S7Pm8a9CL1uhp9OvjwrBh5Pvx0H8qVOxNu8Wed9Y7qv56MPtq+GGM8RJpq6glYJn9Wspr8uw7l55uyinNeg==}
+    peerDependencies:
+      esbuild: '>=0.12 <1'
+
+  esbuild@0.18.20:
+    resolution: {integrity: sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA==}
+    engines: {node: '>=12'}
+    hasBin: true
+
+  esbuild@0.19.12:
+    resolution: {integrity: sha512-aARqgq8roFBj054KvQr5f1sFu0D65G+miZRCuJyJ0G13Zwx7vRar5Zhn2tkQNzIXcBrNVsv/8stehpj+GAjgbg==}
+    engines: {node: '>=12'}
+    hasBin: true
+
   esbuild@0.21.5:
     resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
     engines: {node: '>=12'}
@@ -2316,10 +2704,6 @@ packages:
     resolution: {integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==}
     engines: {node: '>= 0.8'}
 
-  iceberg-js@0.8.1:
-    resolution: {integrity: sha512-1dhVQZXhcHje7798IVM+xoo/1ZdVfzOMIc8/rgVSijRK38EDqOJoGula9N/8ZI5RD8QTxNQtK/Gozpr+qUqRRA==}
-    engines: {node: '>=20.0.0'}
-
   iconv-lite@0.4.24:
     resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==}
     engines: {node: '>=0.10.0'}
@@ -2903,6 +3287,10 @@ packages:
     resolution: {integrity: sha512-7a70Nsot+EMX9fFU3064K/kdHWZqGVY+BADLyXc8Dfv+mTLLVl6JzJpPaCZ2kQL9gIJvKXSLMHhqdRRjwQeFtw==}
     engines: {node: ^10 || ^12 || >=14}
 
+  postgres@3.4.9:
+    resolution: {integrity: sha512-GD3qdB0x1z9xgFI6cdRD6xu2Sp2WCOEoe3mtnyB5Ee0XrrL5Pe+e4CCnJrRMnL1zYtRDZmQQVbvOttLnKDLnaw==}
+    engines: {node: '>=12'}
+
   prettier@3.8.3:
     resolution: {integrity: sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==}
     engines: {node: '>=14'}
@@ -3670,18 +4058,6 @@ packages:
     resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
     engines: {node: '>=12'}
 
-  ws@8.20.0:
-    resolution: {integrity: sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==}
-    engines: {node: '>=10.0.0'}
-    peerDependencies:
-      bufferutil: ^4.0.1
-      utf-8-validate: '>=5.0.2'
-    peerDependenciesMeta:
-      bufferutil:
-        optional: true
-      utf-8-validate:
-        optional: true
-
   xtend@4.0.2:
     resolution: {integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==}
     engines: {node: '>=0.4'}
@@ -4425,102 +4801,213 @@ snapshots:
     dependencies:
       '@jridgewell/trace-mapping': 0.3.9
 
+  '@drizzle-team/brocli@0.10.2': {}
+
+  '@esbuild-kit/core-utils@3.3.2':
+    dependencies:
+      esbuild: 0.18.20
+      source-map-support: 0.5.21
+
+  '@esbuild-kit/esm-loader@2.6.5':
+    dependencies:
+      '@esbuild-kit/core-utils': 3.3.2
+      get-tsconfig: 4.14.0
+
+  '@esbuild/aix-ppc64@0.19.12':
+    optional: true
+
   '@esbuild/aix-ppc64@0.21.5':
     optional: true
 
   '@esbuild/aix-ppc64@0.27.7':
     optional: true
 
+  '@esbuild/android-arm64@0.18.20':
+    optional: true
+
+  '@esbuild/android-arm64@0.19.12':
+    optional: true
+
   '@esbuild/android-arm64@0.21.5':
     optional: true
 
   '@esbuild/android-arm64@0.27.7':
     optional: true
 
+  '@esbuild/android-arm@0.18.20':
+    optional: true
+
+  '@esbuild/android-arm@0.19.12':
+    optional: true
+
   '@esbuild/android-arm@0.21.5':
     optional: true
 
   '@esbuild/android-arm@0.27.7':
     optional: true
 
+  '@esbuild/android-x64@0.18.20':
+    optional: true
+
+  '@esbuild/android-x64@0.19.12':
+    optional: true
+
   '@esbuild/android-x64@0.21.5':
     optional: true
 
   '@esbuild/android-x64@0.27.7':
     optional: true
 
+  '@esbuild/darwin-arm64@0.18.20':
+    optional: true
+
+  '@esbuild/darwin-arm64@0.19.12':
+    optional: true
+
   '@esbuild/darwin-arm64@0.21.5':
     optional: true
 
   '@esbuild/darwin-arm64@0.27.7':
     optional: true
 
+  '@esbuild/darwin-x64@0.18.20':
+    optional: true
+
+  '@esbuild/darwin-x64@0.19.12':
+    optional: true
+
   '@esbuild/darwin-x64@0.21.5':
     optional: true
 
   '@esbuild/darwin-x64@0.27.7':
     optional: true
 
+  '@esbuild/freebsd-arm64@0.18.20':
+    optional: true
+
+  '@esbuild/freebsd-arm64@0.19.12':
+    optional: true
+
   '@esbuild/freebsd-arm64@0.21.5':
     optional: true
 
   '@esbuild/freebsd-arm64@0.27.7':
     optional: true
 
+  '@esbuild/freebsd-x64@0.18.20':
+    optional: true
+
+  '@esbuild/freebsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/freebsd-x64@0.21.5':
     optional: true
 
   '@esbuild/freebsd-x64@0.27.7':
     optional: true
 
+  '@esbuild/linux-arm64@0.18.20':
+    optional: true
+
+  '@esbuild/linux-arm64@0.19.12':
+    optional: true
+
   '@esbuild/linux-arm64@0.21.5':
     optional: true
 
   '@esbuild/linux-arm64@0.27.7':
     optional: true
 
+  '@esbuild/linux-arm@0.18.20':
+    optional: true
+
+  '@esbuild/linux-arm@0.19.12':
+    optional: true
+
   '@esbuild/linux-arm@0.21.5':
     optional: true
 
   '@esbuild/linux-arm@0.27.7':
     optional: true
 
+  '@esbuild/linux-ia32@0.18.20':
+    optional: true
+
+  '@esbuild/linux-ia32@0.19.12':
+    optional: true
+
   '@esbuild/linux-ia32@0.21.5':
     optional: true
 
   '@esbuild/linux-ia32@0.27.7':
     optional: true
 
+  '@esbuild/linux-loong64@0.18.20':
+    optional: true
+
+  '@esbuild/linux-loong64@0.19.12':
+    optional: true
+
   '@esbuild/linux-loong64@0.21.5':
     optional: true
 
   '@esbuild/linux-loong64@0.27.7':
     optional: true
 
+  '@esbuild/linux-mips64el@0.18.20':
+    optional: true
+
+  '@esbuild/linux-mips64el@0.19.12':
+    optional: true
+
   '@esbuild/linux-mips64el@0.21.5':
     optional: true
 
   '@esbuild/linux-mips64el@0.27.7':
     optional: true
 
+  '@esbuild/linux-ppc64@0.18.20':
+    optional: true
+
+  '@esbuild/linux-ppc64@0.19.12':
+    optional: true
+
   '@esbuild/linux-ppc64@0.21.5':
     optional: true
 
   '@esbuild/linux-ppc64@0.27.7':
     optional: true
 
+  '@esbuild/linux-riscv64@0.18.20':
+    optional: true
+
+  '@esbuild/linux-riscv64@0.19.12':
+    optional: true
+
   '@esbuild/linux-riscv64@0.21.5':
     optional: true
 
   '@esbuild/linux-riscv64@0.27.7':
     optional: true
 
+  '@esbuild/linux-s390x@0.18.20':
+    optional: true
+
+  '@esbuild/linux-s390x@0.19.12':
+    optional: true
+
   '@esbuild/linux-s390x@0.21.5':
     optional: true
 
   '@esbuild/linux-s390x@0.27.7':
     optional: true
 
+  '@esbuild/linux-x64@0.18.20':
+    optional: true
+
+  '@esbuild/linux-x64@0.19.12':
+    optional: true
+
   '@esbuild/linux-x64@0.21.5':
     optional: true
 
@@ -4530,6 +5017,12 @@ snapshots:
   '@esbuild/netbsd-arm64@0.27.7':
     optional: true
 
+  '@esbuild/netbsd-x64@0.18.20':
+    optional: true
+
+  '@esbuild/netbsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/netbsd-x64@0.21.5':
     optional: true
 
@@ -4539,6 +5032,12 @@ snapshots:
   '@esbuild/openbsd-arm64@0.27.7':
     optional: true
 
+  '@esbuild/openbsd-x64@0.18.20':
+    optional: true
+
+  '@esbuild/openbsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/openbsd-x64@0.21.5':
     optional: true
 
@@ -4548,24 +5047,48 @@ snapshots:
   '@esbuild/openharmony-arm64@0.27.7':
     optional: true
 
+  '@esbuild/sunos-x64@0.18.20':
+    optional: true
+
+  '@esbuild/sunos-x64@0.19.12':
+    optional: true
+
   '@esbuild/sunos-x64@0.21.5':
     optional: true
 
   '@esbuild/sunos-x64@0.27.7':
     optional: true
 
+  '@esbuild/win32-arm64@0.18.20':
+    optional: true
+
+  '@esbuild/win32-arm64@0.19.12':
+    optional: true
+
   '@esbuild/win32-arm64@0.21.5':
     optional: true
 
   '@esbuild/win32-arm64@0.27.7':
     optional: true
 
+  '@esbuild/win32-ia32@0.18.20':
+    optional: true
+
+  '@esbuild/win32-ia32@0.19.12':
+    optional: true
+
   '@esbuild/win32-ia32@0.21.5':
     optional: true
 
   '@esbuild/win32-ia32@0.27.7':
     optional: true
 
+  '@esbuild/win32-x64@0.18.20':
+    optional: true
+
+  '@esbuild/win32-x64@0.19.12':
+    optional: true
+
   '@esbuild/win32-x64@0.21.5':
     optional: true
 
@@ -4855,46 +5378,6 @@ snapshots:
   '@rollup/rollup-win32-x64-msvc@4.60.1':
     optional: true
 
-  '@supabase/auth-js@2.103.2':
-    dependencies:
-      tslib: 2.8.1
-
-  '@supabase/functions-js@2.103.2':
-    dependencies:
-      tslib: 2.8.1
-
-  '@supabase/phoenix@0.4.0': {}
-
-  '@supabase/postgrest-js@2.103.2':
-    dependencies:
-      tslib: 2.8.1
-
-  '@supabase/realtime-js@2.103.2':
-    dependencies:
-      '@supabase/phoenix': 0.4.0
-      '@types/ws': 8.18.1
-      tslib: 2.8.1
-      ws: 8.20.0
-    transitivePeerDependencies:
-      - bufferutil
-      - utf-8-validate
-
-  '@supabase/storage-js@2.103.2':
-    dependencies:
-      iceberg-js: 0.8.1
-      tslib: 2.8.1
-
-  '@supabase/supabase-js@2.103.2':
-    dependencies:
-      '@supabase/auth-js': 2.103.2
-      '@supabase/functions-js': 2.103.2
-      '@supabase/postgrest-js': 2.103.2
-      '@supabase/realtime-js': 2.103.2
-      '@supabase/storage-js': 2.103.2
-    transitivePeerDependencies:
-      - bufferutil
-      - utf-8-validate
-
   '@surma/rollup-plugin-off-main-thread@2.2.3':
     dependencies:
       ejs: 3.1.10
@@ -5136,10 +5619,6 @@ snapshots:
 
   '@types/trusted-types@2.0.7': {}
 
-  '@types/ws@8.18.1':
-    dependencies:
-      '@types/node': 20.19.39
-
   '@vitejs/plugin-react@4.7.0(vite@5.4.21(@types/node@20.19.39)(terser@5.46.1))':
     dependencies:
       '@babel/core': 7.29.0
@@ -5657,6 +6136,21 @@ snapshots:
 
   dlv@1.1.3: {}
 
+  drizzle-kit@0.28.1:
+    dependencies:
+      '@drizzle-team/brocli': 0.10.2
+      '@esbuild-kit/esm-loader': 2.6.5
+      esbuild: 0.19.12
+      esbuild-register: 3.6.0(esbuild@0.19.12)
+    transitivePeerDependencies:
+      - supports-color
+
+  drizzle-orm@0.36.4(@types/react@18.3.28)(postgres@3.4.9)(react@18.3.1):
+    optionalDependencies:
+      '@types/react': 18.3.28
+      postgres: 3.4.9
+      react: 18.3.1
+
   dunder-proto@1.0.1:
     dependencies:
       call-bind-apply-helpers: 1.0.2
@@ -5768,6 +6262,64 @@ snapshots:
       is-date-object: 1.1.0
       is-symbol: 1.1.1
 
+  esbuild-register@3.6.0(esbuild@0.19.12):
+    dependencies:
+      debug: 4.4.3
+      esbuild: 0.19.12
+    transitivePeerDependencies:
+      - supports-color
+
+  esbuild@0.18.20:
+    optionalDependencies:
+      '@esbuild/android-arm': 0.18.20
+      '@esbuild/android-arm64': 0.18.20
+      '@esbuild/android-x64': 0.18.20
+      '@esbuild/darwin-arm64': 0.18.20
+      '@esbuild/darwin-x64': 0.18.20
+      '@esbuild/freebsd-arm64': 0.18.20
+      '@esbuild/freebsd-x64': 0.18.20
+      '@esbuild/linux-arm': 0.18.20
+      '@esbuild/linux-arm64': 0.18.20
+      '@esbuild/linux-ia32': 0.18.20
+      '@esbuild/linux-loong64': 0.18.20
+      '@esbuild/linux-mips64el': 0.18.20
+      '@esbuild/linux-ppc64': 0.18.20
+      '@esbuild/linux-riscv64': 0.18.20
+      '@esbuild/linux-s390x': 0.18.20
+      '@esbuild/linux-x64': 0.18.20
+      '@esbuild/netbsd-x64': 0.18.20
+      '@esbuild/openbsd-x64': 0.18.20
+      '@esbuild/sunos-x64': 0.18.20
+      '@esbuild/win32-arm64': 0.18.20
+      '@esbuild/win32-ia32': 0.18.20
+      '@esbuild/win32-x64': 0.18.20
+
+  esbuild@0.19.12:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.19.12
+      '@esbuild/android-arm': 0.19.12
+      '@esbuild/android-arm64': 0.19.12
+      '@esbuild/android-x64': 0.19.12
+      '@esbuild/darwin-arm64': 0.19.12
+      '@esbuild/darwin-x64': 0.19.12
+      '@esbuild/freebsd-arm64': 0.19.12
+      '@esbuild/freebsd-x64': 0.19.12
+      '@esbuild/linux-arm': 0.19.12
+      '@esbuild/linux-arm64': 0.19.12
+      '@esbuild/linux-ia32': 0.19.12
+      '@esbuild/linux-loong64': 0.19.12
+      '@esbuild/linux-mips64el': 0.19.12
+      '@esbuild/linux-ppc64': 0.19.12
+      '@esbuild/linux-riscv64': 0.19.12
+      '@esbuild/linux-s390x': 0.19.12
+      '@esbuild/linux-x64': 0.19.12
+      '@esbuild/netbsd-x64': 0.19.12
+      '@esbuild/openbsd-x64': 0.19.12
+      '@esbuild/sunos-x64': 0.19.12
+      '@esbuild/win32-arm64': 0.19.12
+      '@esbuild/win32-ia32': 0.19.12
+      '@esbuild/win32-x64': 0.19.12
+
   esbuild@0.21.5:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.21.5
@@ -6121,8 +6673,6 @@ snapshots:
       statuses: 2.0.2
       toidentifier: 1.0.1
 
-  iceberg-js@0.8.1: {}
-
   iconv-lite@0.4.24:
     dependencies:
       safer-buffer: 2.1.2
@@ -6650,6 +7200,8 @@ snapshots:
       picocolors: 1.1.1
       source-map-js: 1.2.1
 
+  postgres@3.4.9: {}
+
   prettier@3.8.3: {}
 
   pretty-bytes@5.6.0: {}
@@ -7610,8 +8162,6 @@ snapshots:
       string-width: 5.1.2
       strip-ansi: 7.2.0
 
-  ws@8.20.0: {}
-
   xtend@4.0.2: {}
 
   yallist@3.1.1: {}