fix: ensure roles and connections are always resolved from defaults in getConnEnvOptions

[pyramation]

fix: ensure roles and connections are always resolved from defaults in getConnEnvOptions

Summary

Fixes TypeError: Cannot read properties of undefined (reading 'anonymous') when running pgpm admin-users bootstrap --yes.

The root cause was that getConnEnvOptions() returned opts.db directly, which could have roles or connections as undefined if a config file or environment explicitly set them to undefined, bypassing deepmerge's default preservation.

Changes:

1. getConnEnvOptions now explicitly spreads defaults for roles and connections, ensuring they're always defined
2. Added defensive validation in SQL generators (generateCreateBaseRolesSQL, generateCreateUserSQL, generateCreateTestUsersSQL, generateRemoveUserSQL) to throw clear errors if roles/connections are still undefined
3. Added tests for both the merge logic and SQL generator validation

Review & Testing Checklist for Human

• Test the actual command that was failing: Run pgpm admin-users bootstrap --yes in a fresh environment to verify the fix works end-to-end
• Check for per-key undefined edge case: If any config sets roles: { anonymous: undefined } (per-key undefined), the spread operator will still overwrite defaults with undefined. The validation will catch this, but it's not a complete fix for that pattern.
• Verify both packages publish together: To avoid version skew (new @pgpmjs/core with old @pgpmjs/env), ensure both packages are released in the same publish cycle
• Check connection key assumptions: The fix hardcodes app and admin as connection keys. Verify no other connection types exist that would be dropped.

Recommended test plan:

# Test the command that was failing
pgpm admin-users bootstrap --yes

# Verify other admin-users commands still work
pgpm admin-users add --username testuser --password testpass --yes
pgpm admin-users remove --username testuser --yes

Notes

• The defensive validation provides clear error messages pointing users to check their pgpm.config.js or pgpm.json if roles are undefined
• Added jest.config.js to pgpm/env package to enable running the new tests

Link to Devin run: https://app.devin.ai/sessions/3a8e8acb237e4b08bc1878defcf041f0
Requested by: Dan Lynch (@pyramation)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Devin is archived and cannot be woken up. Please unarchive Devin if you want to continue using it.