@constructive-sdk/cli 0.12.18 → 0.12.19

package/esm/public/orm/models/index.d.ts

@@ -94,19 +94,18 @@ export { ClaimedInviteModel } from './claimedInvite';
 export { OrgInviteModel } from './orgInvite';
 export { OrgClaimedInviteModel } from './orgClaimedInvite';
 export { AuditLogModel } from './auditLog';
+export { AppPermissionDefaultModel } from './appPermissionDefault';
 export { RefModel } from './ref';
 export { StoreModel } from './store';
-export { AppPermissionDefaultModel } from './appPermissionDefault';
 export { RoleTypeModel } from './roleType';
+export { MigrateFileModel } from './migrateFile';
 export { AppLimitDefaultModel } from './appLimitDefault';
 export { OrgLimitDefaultModel } from './orgLimitDefault';
-export { MigrateFileModel } from './migrateFile';
 export { MembershipTypeModel } from './membershipType';
-export { CommitModel } from './commit';
 export { AppMembershipDefaultModel } from './appMembershipDefault';
-export { RlsModuleModel } from './rlsModule';
-export { NodeTypeRegistryModel } from './nodeTypeRegistry';
+export { CommitModel } from './commit';
 export { OrgMembershipDefaultModel } from './orgMembershipDefault';
+export { RlsModuleModel } from './rlsModule';
 export { SqlActionModel } from './sqlAction';
 export { UserModel } from './user';
 export { AstMigrationModel } from './astMigration';

package/esm/public/orm/models/index.js

@@ -94,19 +94,18 @@ export { ClaimedInviteModel } from './claimedInvite';
 export { OrgInviteModel } from './orgInvite';
 export { OrgClaimedInviteModel } from './orgClaimedInvite';
 export { AuditLogModel } from './auditLog';
+export { AppPermissionDefaultModel } from './appPermissionDefault';
 export { RefModel } from './ref';
 export { StoreModel } from './store';
-export { AppPermissionDefaultModel } from './appPermissionDefault';
 export { RoleTypeModel } from './roleType';
+export { MigrateFileModel } from './migrateFile';
 export { AppLimitDefaultModel } from './appLimitDefault';
 export { OrgLimitDefaultModel } from './orgLimitDefault';
-export { MigrateFileModel } from './migrateFile';
 export { MembershipTypeModel } from './membershipType';
-export { CommitModel } from './commit';
 export { AppMembershipDefaultModel } from './appMembershipDefault';
-export { RlsModuleModel } from './rlsModule';
-export { NodeTypeRegistryModel } from './nodeTypeRegistry';
+export { CommitModel } from './commit';
 export { OrgMembershipDefaultModel } from './orgMembershipDefault';
+export { RlsModuleModel } from './rlsModule';
 export { SqlActionModel } from './sqlAction';
 export { UserModel } from './user';
 export { AstMigrationModel } from './astMigration';

package/esm/public/orm/mutation/index.d.ts

@@ -160,7 +160,7 @@ export interface OneTimeTokenVariables {
 }
 /**
  * Variables for provisionTable
- * Composable table provisioning: creates or finds a table, then applies N nodes (Data* modules), creates fields, enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).
+ * Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).
  */
 export interface ProvisionTableVariables {
     input: ProvisionTableInput;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@constructive-sdk/cli",
-  "version": "0.12.18",
+  "version": "0.12.19",
   "author": "Constructive <developers@constructive.io>",
   "description": "Constructive CLI SDK - Auto-generated GraphQL CLI with ORM client, context management, and interactive prompts",
   "main": "index.js",
@@ -55,11 +55,11 @@
     "yanse": "^0.2.1"
   },
   "devDependencies": {
-    "@constructive-io/graphql-codegen": "^4.28.2",
+    "@constructive-io/graphql-codegen": "^4.28.3",
     "@types/node": "^22.19.11",
     "makage": "^0.3.0",
     "tsx": "^4.19.0",
     "typescript": "^5.9.3"
   },
-  "gitHead": "f1a0d4315e0f23ba6b8299a7dc2ddceab465d24d"
+  "gitHead": "d1cfd698f829c6fae346a5004f735acd44519bb7"
 }

package/public/cli/commands/provision-table.js

@@ -5,7 +5,7 @@ const utils_1 = require("../utils");
 exports.default = async (argv, prompter, _options) => {
     try {
         if (argv.help || argv.h) {
-            console.log('provision-table - Composable table provisioning: creates or finds a table, then applies N nodes (Data* modules), creates fields, enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n\nUsage: provision-table [OPTIONS]\n');
+            console.log('provision-table - Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n\nUsage: provision-table [OPTIONS]\n');
             process.exit(0);
         }
         const answers = await prompter.prompt(argv, [

package/public/cli/commands.js

@@ -103,19 +103,18 @@ const claimed_invite_1 = __importDefault(require("./commands/claimed-invite"));
 const org_invite_1 = __importDefault(require("./commands/org-invite"));
 const org_claimed_invite_1 = __importDefault(require("./commands/org-claimed-invite"));
 const audit_log_1 = __importDefault(require("./commands/audit-log"));
+const app_permission_default_1 = __importDefault(require("./commands/app-permission-default"));
 const ref_1 = __importDefault(require("./commands/ref"));
 const store_1 = __importDefault(require("./commands/store"));
-const app_permission_default_1 = __importDefault(require("./commands/app-permission-default"));
 const role_type_1 = __importDefault(require("./commands/role-type"));
+const migrate_file_1 = __importDefault(require("./commands/migrate-file"));
 const app_limit_default_1 = __importDefault(require("./commands/app-limit-default"));
 const org_limit_default_1 = __importDefault(require("./commands/org-limit-default"));
-const migrate_file_1 = __importDefault(require("./commands/migrate-file"));
 const membership_type_1 = __importDefault(require("./commands/membership-type"));
-const commit_1 = __importDefault(require("./commands/commit"));
 const app_membership_default_1 = __importDefault(require("./commands/app-membership-default"));
-const rls_module_1 = __importDefault(require("./commands/rls-module"));
-const node_type_registry_1 = __importDefault(require("./commands/node-type-registry"));
+const commit_1 = __importDefault(require("./commands/commit"));
 const org_membership_default_1 = __importDefault(require("./commands/org-membership-default"));
+const rls_module_1 = __importDefault(require("./commands/rls-module"));
 const sql_action_1 = __importDefault(require("./commands/sql-action"));
 const user_1 = __importDefault(require("./commands/user"));
 const ast_migration_1 = __importDefault(require("./commands/ast-migration"));
@@ -276,19 +275,18 @@ const createCommandMap = () => ({
     'org-invite': org_invite_1.default,
     'org-claimed-invite': org_claimed_invite_1.default,
     'audit-log': audit_log_1.default,
+    'app-permission-default': app_permission_default_1.default,
     ref: ref_1.default,
     store: store_1.default,
-    'app-permission-default': app_permission_default_1.default,
     'role-type': role_type_1.default,
+    'migrate-file': migrate_file_1.default,
     'app-limit-default': app_limit_default_1.default,
     'org-limit-default': org_limit_default_1.default,
-    'migrate-file': migrate_file_1.default,
     'membership-type': membership_type_1.default,
-    commit: commit_1.default,
     'app-membership-default': app_membership_default_1.default,
-    'rls-module': rls_module_1.default,
-    'node-type-registry': node_type_registry_1.default,
+    commit: commit_1.default,
     'org-membership-default': org_membership_default_1.default,
+    'rls-module': rls_module_1.default,
     'sql-action': sql_action_1.default,
     user: user_1.default,
     'ast-migration': ast_migration_1.default,
@@ -356,7 +354,7 @@ const createCommandMap = () => ({
     'verify-password': verify_password_1.default,
     'verify-totp': verify_totp_1.default,
 });
-const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  role-type            roleType CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  migrate-file         migrateFile CRUD operations\n  membership-type      membershipType CRUD operations\n  commit               commit CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  node-type-registry   nodeTypeRegistry CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then applies N nodes (Data* modules), creates fields, enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
+const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  role-type            roleType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  membership-type      membershipType CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  commit               commit CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
 const commands = async (argv, prompter, options) => {
     if (argv.help || argv.h) {
         console.log(usage);

package/public/cli/executor.d.ts

@@ -91,19 +91,18 @@ export declare function getClient(contextName?: string): {
     orgInvite: import("../orm").OrgInviteModel;
     orgClaimedInvite: import("../orm").OrgClaimedInviteModel;
     auditLog: import("../orm").AuditLogModel;
+    appPermissionDefault: import("../orm").AppPermissionDefaultModel;
     ref: import("../orm").RefModel;
     store: import("../orm").StoreModel;
-    appPermissionDefault: import("../orm").AppPermissionDefaultModel;
     roleType: import("../orm").RoleTypeModel;
+    migrateFile: import("../orm").MigrateFileModel;
     appLimitDefault: import("../orm").AppLimitDefaultModel;
     orgLimitDefault: import("../orm").OrgLimitDefaultModel;
-    migrateFile: import("../orm").MigrateFileModel;
     membershipType: import("../orm").MembershipTypeModel;
-    commit: import("../orm").CommitModel;
     appMembershipDefault: import("../orm").AppMembershipDefaultModel;
-    rlsModule: import("../orm").RlsModuleModel;
-    nodeTypeRegistry: import("../orm").NodeTypeRegistryModel;
+    commit: import("../orm").CommitModel;
     orgMembershipDefault: import("../orm").OrgMembershipDefaultModel;
+    rlsModule: import("../orm").RlsModuleModel;
     sqlAction: import("../orm").SqlActionModel;
     user: import("../orm").UserModel;
     astMigration: import("../orm").AstMigrationModel;

package/public/orm/index.d.ts

@@ -90,19 +90,18 @@ import { ClaimedInviteModel } from './models/claimedInvite';
 import { OrgInviteModel } from './models/orgInvite';
 import { OrgClaimedInviteModel } from './models/orgClaimedInvite';
 import { AuditLogModel } from './models/auditLog';
+import { AppPermissionDefaultModel } from './models/appPermissionDefault';
 import { RefModel } from './models/ref';
 import { StoreModel } from './models/store';
-import { AppPermissionDefaultModel } from './models/appPermissionDefault';
 import { RoleTypeModel } from './models/roleType';
+import { MigrateFileModel } from './models/migrateFile';
 import { AppLimitDefaultModel } from './models/appLimitDefault';
 import { OrgLimitDefaultModel } from './models/orgLimitDefault';
-import { MigrateFileModel } from './models/migrateFile';
 import { MembershipTypeModel } from './models/membershipType';
-import { CommitModel } from './models/commit';
 import { AppMembershipDefaultModel } from './models/appMembershipDefault';
-import { RlsModuleModel } from './models/rlsModule';
-import { NodeTypeRegistryModel } from './models/nodeTypeRegistry';
+import { CommitModel } from './models/commit';
 import { OrgMembershipDefaultModel } from './models/orgMembershipDefault';
+import { RlsModuleModel } from './models/rlsModule';
 import { SqlActionModel } from './models/sqlAction';
 import { UserModel } from './models/user';
 import { AstMigrationModel } from './models/astMigration';
@@ -231,19 +230,18 @@ export declare function createClient(config: OrmClientConfig): {
     orgInvite: OrgInviteModel;
     orgClaimedInvite: OrgClaimedInviteModel;
     auditLog: AuditLogModel;
+    appPermissionDefault: AppPermissionDefaultModel;
     ref: RefModel;
     store: StoreModel;
-    appPermissionDefault: AppPermissionDefaultModel;
     roleType: RoleTypeModel;
+    migrateFile: MigrateFileModel;
     appLimitDefault: AppLimitDefaultModel;
     orgLimitDefault: OrgLimitDefaultModel;
-    migrateFile: MigrateFileModel;
     membershipType: MembershipTypeModel;
-    commit: CommitModel;
     appMembershipDefault: AppMembershipDefaultModel;
-    rlsModule: RlsModuleModel;
-    nodeTypeRegistry: NodeTypeRegistryModel;
+    commit: CommitModel;
     orgMembershipDefault: OrgMembershipDefaultModel;
+    rlsModule: RlsModuleModel;
     sqlAction: SqlActionModel;
     user: UserModel;
     astMigration: AstMigrationModel;

package/public/orm/index.js

@@ -113,19 +113,18 @@ const claimedInvite_1 = require("./models/claimedInvite");
 const orgInvite_1 = require("./models/orgInvite");
 const orgClaimedInvite_1 = require("./models/orgClaimedInvite");
 const auditLog_1 = require("./models/auditLog");
+const appPermissionDefault_1 = require("./models/appPermissionDefault");
 const ref_1 = require("./models/ref");
 const store_1 = require("./models/store");
-const appPermissionDefault_1 = require("./models/appPermissionDefault");
 const roleType_1 = require("./models/roleType");
+const migrateFile_1 = require("./models/migrateFile");
 const appLimitDefault_1 = require("./models/appLimitDefault");
 const orgLimitDefault_1 = require("./models/orgLimitDefault");
-const migrateFile_1 = require("./models/migrateFile");
 const membershipType_1 = require("./models/membershipType");
-const commit_1 = require("./models/commit");
 const appMembershipDefault_1 = require("./models/appMembershipDefault");
-const rlsModule_1 = require("./models/rlsModule");
-const nodeTypeRegistry_1 = require("./models/nodeTypeRegistry");
+const commit_1 = require("./models/commit");
 const orgMembershipDefault_1 = require("./models/orgMembershipDefault");
+const rlsModule_1 = require("./models/rlsModule");
 const sqlAction_1 = require("./models/sqlAction");
 const user_1 = require("./models/user");
 const astMigration_1 = require("./models/astMigration");
@@ -262,19 +261,18 @@ function createClient(config) {
         orgInvite: new orgInvite_1.OrgInviteModel(client),
         orgClaimedInvite: new orgClaimedInvite_1.OrgClaimedInviteModel(client),
         auditLog: new auditLog_1.AuditLogModel(client),
+        appPermissionDefault: new appPermissionDefault_1.AppPermissionDefaultModel(client),
         ref: new ref_1.RefModel(client),
         store: new store_1.StoreModel(client),
-        appPermissionDefault: new appPermissionDefault_1.AppPermissionDefaultModel(client),
         roleType: new roleType_1.RoleTypeModel(client),
+        migrateFile: new migrateFile_1.MigrateFileModel(client),
         appLimitDefault: new appLimitDefault_1.AppLimitDefaultModel(client),
         orgLimitDefault: new orgLimitDefault_1.OrgLimitDefaultModel(client),
-        migrateFile: new migrateFile_1.MigrateFileModel(client),
         membershipType: new membershipType_1.MembershipTypeModel(client),
-        commit: new commit_1.CommitModel(client),
         appMembershipDefault: new appMembershipDefault_1.AppMembershipDefaultModel(client),
-        rlsModule: new rlsModule_1.RlsModuleModel(client),
-        nodeTypeRegistry: new nodeTypeRegistry_1.NodeTypeRegistryModel(client),
+        commit: new commit_1.CommitModel(client),
         orgMembershipDefault: new orgMembershipDefault_1.OrgMembershipDefaultModel(client),
+        rlsModule: new rlsModule_1.RlsModuleModel(client),
         sqlAction: new sqlAction_1.SqlActionModel(client),
         user: new user_1.UserModel(client),
         astMigration: new astMigration_1.AstMigrationModel(client),