From 9a0bfbcb987bcb8990a167bd30a2d97a82647c7e Mon Sep 17 00:00:00 2001
From: markmnl <markmnl@fmsg.io>
Date: Wed, 17 Jun 2026 16:33:13 +0800
Subject: [PATCH] fold sql into dd.sql

---
 README.md               |  5 ++---
 api_keys_delegation.sql | 25 -------------------------
 dd.sql                  | 22 ++++++++++++++++++++++
 3 files changed, 24 insertions(+), 28 deletions(-)
 delete mode 100644 api_keys_delegation.sql

diff --git a/README.md b/README.md
index 7ad228e..c0af3cb 100644
--- a/README.md
+++ b/README.md
@@ -111,9 +111,8 @@ X-FMSG-Act-As: @user_bot@example.com
 The requested address must be granted to the authenticated user and must exist
 in fmsgid.
 
-Apply [dd.sql](dd.sql) before enabling API-key auth. Existing
-deployments that already applied the earlier API-key table should apply
-[api_keys_delegation.sql](api_keys_delegation.sql).
+Apply [dd.sql](dd.sql) before enabling API-key auth. The file is idempotent and
+also upgrades deployments that previously applied the earlier API-key table.
 
 To set a custom per-owner grant limit, insert an owner config row:
 
diff --git a/api_keys_delegation.sql b/api_keys_delegation.sql
deleted file mode 100644
index 93f2730..0000000
--- a/api_keys_delegation.sql
+++ /dev/null
@@ -1,25 +0,0 @@
-ALTER TABLE fmsg_api_sub_account
-    ADD COLUMN IF NOT EXISTS grant_type text NOT NULL DEFAULT 'derived_sub_account';
-
-ALTER TABLE fmsg_api_sub_account
-    ADD COLUMN IF NOT EXISTS display_name text;
-
-ALTER TABLE fmsg_api_sub_account
-    DROP CONSTRAINT IF EXISTS fmsg_api_sub_account_sub_addr_key;
-
-DO $$
-BEGIN
-    IF NOT EXISTS (
-        SELECT 1
-        FROM pg_constraint
-        WHERE conname = 'fmsg_api_sub_account_grant_type_check'
-    ) THEN
-        ALTER TABLE fmsg_api_sub_account
-            ADD CONSTRAINT fmsg_api_sub_account_grant_type_check
-            CHECK (grant_type IN ('derived_sub_account', 'delegated_identity'));
-    END IF;
-END $$;
-
-CREATE UNIQUE INDEX IF NOT EXISTS fmsg_api_sub_account_owner_sub_unique
-    ON fmsg_api_sub_account ((lower(owner_addr)), (lower(sub_addr)))
-    WHERE agent <> '';
diff --git a/dd.sql b/dd.sql
index c9f9e2b..735d2f2 100644
--- a/dd.sql
+++ b/dd.sql
@@ -31,6 +31,28 @@ CREATE TABLE IF NOT EXISTS fmsg_api_sub_account (
     CHECK (agent = '' OR agent NOT LIKE '%\_%' ESCAPE '\')
 );
 
+ALTER TABLE fmsg_api_sub_account
+    ADD COLUMN IF NOT EXISTS grant_type text NOT NULL DEFAULT 'derived_sub_account';
+
+ALTER TABLE fmsg_api_sub_account
+    ADD COLUMN IF NOT EXISTS display_name text;
+
+ALTER TABLE fmsg_api_sub_account
+    DROP CONSTRAINT IF EXISTS fmsg_api_sub_account_sub_addr_key;
+
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1
+        FROM pg_constraint
+        WHERE conname = 'fmsg_api_sub_account_grant_type_check'
+    ) THEN
+        ALTER TABLE fmsg_api_sub_account
+            ADD CONSTRAINT fmsg_api_sub_account_grant_type_check
+            CHECK (grant_type IN ('derived_sub_account', 'delegated_identity'));
+    END IF;
+END $$;
+
 CREATE INDEX IF NOT EXISTS fmsg_api_sub_account_owner_idx
     ON fmsg_api_sub_account ((lower(owner_addr)));