@constructive-sdk/cli 0.12.9 → 0.12.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/public/cli/commands/construct-blueprint.js +1 -1
- package/esm/public/cli/commands.js +1 -1
- package/esm/public/orm/input-types.d.ts +2 -2
- package/esm/public/orm/mutation/index.d.ts +1 -1
- package/package.json +3 -3
- package/public/cli/commands/construct-blueprint.js +1 -1
- package/public/cli/commands.js +1 -1
- package/public/orm/input-types.d.ts +2 -2
- package/public/orm/mutation/index.d.ts +1 -1
|
@@ -3,7 +3,7 @@ import { unflattenDotNotation, buildSelectFromPaths } from '../utils';
|
|
|
3
3
|
export default async (argv, prompter, _options) => {
|
|
4
4
|
try {
|
|
5
5
|
if (argv.help || argv.h) {
|
|
6
|
-
console.log('construct-blueprint - Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config
|
|
6
|
+
console.log('construct-blueprint - Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n\nUsage: construct-blueprint [OPTIONS]\n');
|
|
7
7
|
process.exit(0);
|
|
8
8
|
}
|
|
9
9
|
const answers = await prompter.prompt(argv, [
|
|
@@ -334,7 +334,7 @@ const createCommandMap = () => ({
|
|
|
334
334
|
'verify-password': verifyPasswordCmd,
|
|
335
335
|
'verify-totp': verifyTotpCmd,
|
|
336
336
|
});
|
|
337
|
-
const usage = "\ncsdk <command>\n\nCommands:\n context Manage API contexts\n auth Manage authentication\n get-all-record getAllRecord CRUD operations\n org-get-managers-record orgGetManagersRecord CRUD operations\n org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n object object CRUD operations\n app-permission appPermission CRUD operations\n org-permission orgPermission CRUD operations\n app-level-requirement appLevelRequirement CRUD operations\n database database CRUD operations\n schema schema CRUD operations\n table table CRUD operations\n check-constraint checkConstraint CRUD operations\n field field CRUD operations\n foreign-key-constraint foreignKeyConstraint CRUD operations\n full-text-search fullTextSearch CRUD operations\n index index CRUD operations\n policy policy CRUD operations\n primary-key-constraint primaryKeyConstraint CRUD operations\n table-grant tableGrant CRUD operations\n trigger trigger CRUD operations\n unique-constraint uniqueConstraint CRUD operations\n view view CRUD operations\n view-table viewTable CRUD operations\n view-grant viewGrant CRUD operations\n view-rule viewRule CRUD operations\n embedding-chunk embeddingChunk CRUD operations\n table-template-module tableTemplateModule CRUD operations\n secure-table-provision secureTableProvision CRUD operations\n relation-provision relationProvision CRUD operations\n schema-grant schemaGrant CRUD operations\n default-privilege defaultPrivilege CRUD operations\n enum enum CRUD operations\n api-schema apiSchema CRUD operations\n api-module apiModule CRUD operations\n domain domain CRUD operations\n site-metadatum siteMetadatum CRUD operations\n site-module siteModule CRUD operations\n site-theme siteTheme CRUD operations\n trigger-function triggerFunction CRUD operations\n database-transfer databaseTransfer CRUD operations\n api api CRUD operations\n site site CRUD operations\n app app CRUD operations\n connected-accounts-module connectedAccountsModule CRUD operations\n crypto-addresses-module cryptoAddressesModule CRUD operations\n crypto-auth-module cryptoAuthModule CRUD operations\n default-ids-module defaultIdsModule CRUD operations\n denormalized-table-field denormalizedTableField CRUD operations\n emails-module emailsModule CRUD operations\n encrypted-secrets-module encryptedSecretsModule CRUD operations\n invites-module invitesModule CRUD operations\n levels-module levelsModule CRUD operations\n limits-module limitsModule CRUD operations\n membership-types-module membershipTypesModule CRUD operations\n memberships-module membershipsModule CRUD operations\n permissions-module permissionsModule CRUD operations\n phone-numbers-module phoneNumbersModule CRUD operations\n profiles-module profilesModule CRUD operations\n secrets-module secretsModule CRUD operations\n sessions-module sessionsModule CRUD operations\n user-auth-module userAuthModule CRUD operations\n users-module usersModule CRUD operations\n blueprint blueprint CRUD operations\n blueprint-template blueprintTemplate CRUD operations\n database-provision-module databaseProvisionModule CRUD operations\n app-admin-grant appAdminGrant CRUD operations\n app-owner-grant appOwnerGrant CRUD operations\n app-grant appGrant CRUD operations\n org-membership orgMembership CRUD operations\n org-member orgMember CRUD operations\n org-admin-grant orgAdminGrant CRUD operations\n org-owner-grant orgOwnerGrant CRUD operations\n org-grant orgGrant CRUD operations\n org-chart-edge orgChartEdge CRUD operations\n org-chart-edge-grant orgChartEdgeGrant CRUD operations\n org-permission-default orgPermissionDefault CRUD operations\n app-limit appLimit CRUD operations\n org-limit orgLimit CRUD operations\n app-step appStep CRUD operations\n app-achievement appAchievement CRUD operations\n app-level appLevel CRUD operations\n email email CRUD operations\n phone-number phoneNumber CRUD operations\n crypto-address cryptoAddress CRUD operations\n connected-account connectedAccount CRUD operations\n invite invite CRUD operations\n claimed-invite claimedInvite CRUD operations\n org-invite orgInvite CRUD operations\n org-claimed-invite orgClaimedInvite CRUD operations\n audit-log auditLog CRUD operations\n ref ref CRUD operations\n store store CRUD operations\n app-permission-default appPermissionDefault CRUD operations\n role-type roleType CRUD operations\n migrate-file migrateFile CRUD operations\n app-limit-default appLimitDefault CRUD operations\n org-limit-default orgLimitDefault CRUD operations\n membership-type membershipType CRUD operations\n commit commit CRUD operations\n app-membership-default appMembershipDefault CRUD operations\n rls-module rlsModule CRUD operations\n node-type-registry nodeTypeRegistry CRUD operations\n org-membership-default orgMembershipDefault CRUD operations\n sql-action sqlAction CRUD operations\n user user CRUD operations\n ast-migration astMigration CRUD operations\n app-membership appMembership CRUD operations\n hierarchy-module hierarchyModule CRUD operations\n current-user-id currentUserId\n current-ip-address currentIpAddress\n current-user-agent currentUserAgent\n app-permissions-get-padded-mask appPermissionsGetPaddedMask\n org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n steps-achieved stepsAchieved\n rev-parse revParse\n org-is-manager-of orgIsManagerOf\n app-permissions-get-mask appPermissionsGetMask\n org-permissions-get-mask orgPermissionsGetMask\n app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n get-object-at-path getObjectAtPath\n app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n steps-required Reads and enables pagination through a set of `AppLevelRequirement`.\n current-user currentUser\n send-account-deletion-email sendAccountDeletionEmail\n sign-out signOut\n accept-database-transfer acceptDatabaseTransfer\n cancel-database-transfer cancelDatabaseTransfer\n reject-database-transfer rejectDatabaseTransfer\n submit-invite-code submitInviteCode\n submit-org-invite-code submitOrgInviteCode\n check-password checkPassword\n confirm-delete-account confirmDeleteAccount\n set-password setPassword\n verify-email verifyEmail\n freeze-objects freezeObjects\n init-empty-repo initEmptyRepo\n construct-blueprint Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config in data. Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n reset-password resetPassword\n remove-node-at-path removeNodeAtPath\n set-data-at-path setDataAtPath\n set-props-and-commit setPropsAndCommit\n copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n provision-database-with-user provisionDatabaseWithUser\n bootstrap-user bootstrapUser\n set-field-order setFieldOrder\n insert-node-at-path insertNodeAtPath\n update-node-at-path updateNodeAtPath\n set-and-commit setAndCommit\n apply-rls applyRls\n sign-in-one-time-token signInOneTimeToken\n create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n - database_name: Name for the new database (required)\n - owner_id: UUID of the owner user (required)\n - include_invites: Include invite system (default: true)\n - include_groups: Include group-level memberships (default: false)\n - include_levels: Include levels/achievements (default: false)\n - bitlen: Bit length for permission masks (default: 64)\n - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true); -- with invites and groups\n\n extend-token-expires extendTokenExpires\n sign-in signIn\n sign-up signUp\n one-time-token oneTimeToken\n send-verification-email sendVerificationEmail\n forgot-password forgotPassword\n verify-password verifyPassword\n verify-totp verifyTotp\n\n --help, -h Show this help message\n --version, -v Show version\n";
|
|
337
|
+
const usage = "\ncsdk <command>\n\nCommands:\n context Manage API contexts\n auth Manage authentication\n get-all-record getAllRecord CRUD operations\n org-get-managers-record orgGetManagersRecord CRUD operations\n org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n object object CRUD operations\n app-permission appPermission CRUD operations\n org-permission orgPermission CRUD operations\n app-level-requirement appLevelRequirement CRUD operations\n database database CRUD operations\n schema schema CRUD operations\n table table CRUD operations\n check-constraint checkConstraint CRUD operations\n field field CRUD operations\n foreign-key-constraint foreignKeyConstraint CRUD operations\n full-text-search fullTextSearch CRUD operations\n index index CRUD operations\n policy policy CRUD operations\n primary-key-constraint primaryKeyConstraint CRUD operations\n table-grant tableGrant CRUD operations\n trigger trigger CRUD operations\n unique-constraint uniqueConstraint CRUD operations\n view view CRUD operations\n view-table viewTable CRUD operations\n view-grant viewGrant CRUD operations\n view-rule viewRule CRUD operations\n embedding-chunk embeddingChunk CRUD operations\n table-template-module tableTemplateModule CRUD operations\n secure-table-provision secureTableProvision CRUD operations\n relation-provision relationProvision CRUD operations\n schema-grant schemaGrant CRUD operations\n default-privilege defaultPrivilege CRUD operations\n enum enum CRUD operations\n api-schema apiSchema CRUD operations\n api-module apiModule CRUD operations\n domain domain CRUD operations\n site-metadatum siteMetadatum CRUD operations\n site-module siteModule CRUD operations\n site-theme siteTheme CRUD operations\n trigger-function triggerFunction CRUD operations\n database-transfer databaseTransfer CRUD operations\n api api CRUD operations\n site site CRUD operations\n app app CRUD operations\n connected-accounts-module connectedAccountsModule CRUD operations\n crypto-addresses-module cryptoAddressesModule CRUD operations\n crypto-auth-module cryptoAuthModule CRUD operations\n default-ids-module defaultIdsModule CRUD operations\n denormalized-table-field denormalizedTableField CRUD operations\n emails-module emailsModule CRUD operations\n encrypted-secrets-module encryptedSecretsModule CRUD operations\n invites-module invitesModule CRUD operations\n levels-module levelsModule CRUD operations\n limits-module limitsModule CRUD operations\n membership-types-module membershipTypesModule CRUD operations\n memberships-module membershipsModule CRUD operations\n permissions-module permissionsModule CRUD operations\n phone-numbers-module phoneNumbersModule CRUD operations\n profiles-module profilesModule CRUD operations\n secrets-module secretsModule CRUD operations\n sessions-module sessionsModule CRUD operations\n user-auth-module userAuthModule CRUD operations\n users-module usersModule CRUD operations\n blueprint blueprint CRUD operations\n blueprint-template blueprintTemplate CRUD operations\n database-provision-module databaseProvisionModule CRUD operations\n app-admin-grant appAdminGrant CRUD operations\n app-owner-grant appOwnerGrant CRUD operations\n app-grant appGrant CRUD operations\n org-membership orgMembership CRUD operations\n org-member orgMember CRUD operations\n org-admin-grant orgAdminGrant CRUD operations\n org-owner-grant orgOwnerGrant CRUD operations\n org-grant orgGrant CRUD operations\n org-chart-edge orgChartEdge CRUD operations\n org-chart-edge-grant orgChartEdgeGrant CRUD operations\n org-permission-default orgPermissionDefault CRUD operations\n app-limit appLimit CRUD operations\n org-limit orgLimit CRUD operations\n app-step appStep CRUD operations\n app-achievement appAchievement CRUD operations\n app-level appLevel CRUD operations\n email email CRUD operations\n phone-number phoneNumber CRUD operations\n crypto-address cryptoAddress CRUD operations\n connected-account connectedAccount CRUD operations\n invite invite CRUD operations\n claimed-invite claimedInvite CRUD operations\n org-invite orgInvite CRUD operations\n org-claimed-invite orgClaimedInvite CRUD operations\n audit-log auditLog CRUD operations\n ref ref CRUD operations\n store store CRUD operations\n app-permission-default appPermissionDefault CRUD operations\n role-type roleType CRUD operations\n migrate-file migrateFile CRUD operations\n app-limit-default appLimitDefault CRUD operations\n org-limit-default orgLimitDefault CRUD operations\n membership-type membershipType CRUD operations\n commit commit CRUD operations\n app-membership-default appMembershipDefault CRUD operations\n rls-module rlsModule CRUD operations\n node-type-registry nodeTypeRegistry CRUD operations\n org-membership-default orgMembershipDefault CRUD operations\n sql-action sqlAction CRUD operations\n user user CRUD operations\n ast-migration astMigration CRUD operations\n app-membership appMembership CRUD operations\n hierarchy-module hierarchyModule CRUD operations\n current-user-id currentUserId\n current-ip-address currentIpAddress\n current-user-agent currentUserAgent\n app-permissions-get-padded-mask appPermissionsGetPaddedMask\n org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n steps-achieved stepsAchieved\n rev-parse revParse\n org-is-manager-of orgIsManagerOf\n app-permissions-get-mask appPermissionsGetMask\n org-permissions-get-mask orgPermissionsGetMask\n app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n get-object-at-path getObjectAtPath\n app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n steps-required Reads and enables pagination through a set of `AppLevelRequirement`.\n current-user currentUser\n send-account-deletion-email sendAccountDeletionEmail\n sign-out signOut\n accept-database-transfer acceptDatabaseTransfer\n cancel-database-transfer cancelDatabaseTransfer\n reject-database-transfer rejectDatabaseTransfer\n submit-invite-code submitInviteCode\n submit-org-invite-code submitOrgInviteCode\n check-password checkPassword\n confirm-delete-account confirmDeleteAccount\n set-password setPassword\n verify-email verifyEmail\n freeze-objects freezeObjects\n init-empty-repo initEmptyRepo\n construct-blueprint Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n reset-password resetPassword\n remove-node-at-path removeNodeAtPath\n set-data-at-path setDataAtPath\n set-props-and-commit setPropsAndCommit\n copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n provision-database-with-user provisionDatabaseWithUser\n bootstrap-user bootstrapUser\n set-field-order setFieldOrder\n insert-node-at-path insertNodeAtPath\n update-node-at-path updateNodeAtPath\n set-and-commit setAndCommit\n apply-rls applyRls\n sign-in-one-time-token signInOneTimeToken\n create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n - database_name: Name for the new database (required)\n - owner_id: UUID of the owner user (required)\n - include_invites: Include invite system (default: true)\n - include_groups: Include group-level memberships (default: false)\n - include_levels: Include levels/achievements (default: false)\n - bitlen: Bit length for permission masks (default: 64)\n - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true); -- with invites and groups\n\n extend-token-expires extendTokenExpires\n sign-in signIn\n sign-up signUp\n one-time-token oneTimeToken\n send-verification-email sendVerificationEmail\n forgot-password forgotPassword\n verify-password verifyPassword\n verify-totp verifyTotp\n\n --help, -h Show this help message\n --version, -v Show version\n";
|
|
338
338
|
export const commands = async (argv, prompter, options) => {
|
|
339
339
|
if (argv.help || argv.h) {
|
|
340
340
|
console.log(usage);
|
|
@@ -614,7 +614,7 @@ export interface SecureTableProvision {
|
|
|
614
614
|
fields?: Record<string, unknown>[] | null;
|
|
615
615
|
/** Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY['authenticated', 'admin']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY['authenticated']. */
|
|
616
616
|
grantRoles?: string[] | null;
|
|
617
|
-
/** PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to '{}' (no grants). Type safety is enforced by PostgreSQL at INSERT time. */
|
|
617
|
+
/** PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to '{}' (no grants — callers must explicitly specify privileges). Type safety is enforced by PostgreSQL at INSERT time. */
|
|
618
618
|
grantPrivileges?: Record<string, unknown>[] | null;
|
|
619
619
|
/** Policy generator type, e.g. 'AuthzEntityMembership', 'AuthzMembership', 'AuthzAllowAll'. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table. */
|
|
620
620
|
policyType?: string | null;
|
|
@@ -758,7 +758,7 @@ export interface RelationProvision {
|
|
|
758
758
|
nodeData?: Record<string, unknown> | null;
|
|
759
759
|
/** For RelationManyToMany: database roles to grant privileges to on the junction table. Forwarded to secure_table_provision as-is. Supports multiple roles, e.g. ARRAY['authenticated', 'admin']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY['authenticated']. Ignored for RelationBelongsTo/RelationHasOne. */
|
|
760
760
|
grantRoles?: string[] | null;
|
|
761
|
-
/** For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns. Defaults to
|
|
761
|
+
/** For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns. Defaults to '{}' (no grants — callers must explicitly specify privileges). Ignored for RelationBelongsTo/RelationHasOne. */
|
|
762
762
|
grantPrivileges?: Record<string, unknown>[] | null;
|
|
763
763
|
/**
|
|
764
764
|
* For RelationManyToMany: RLS policy type for the junction table. Forwarded to secure_table_provision as-is. The trigger does not interpret or validate this value.
|
|
@@ -48,7 +48,7 @@ export interface InitEmptyRepoVariables {
|
|
|
48
48
|
}
|
|
49
49
|
/**
|
|
50
50
|
* Variables for constructBlueprint
|
|
51
|
-
* Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config
|
|
51
|
+
* Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.
|
|
52
52
|
*/
|
|
53
53
|
export interface ConstructBlueprintVariables {
|
|
54
54
|
input: ConstructBlueprintInput;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@constructive-sdk/cli",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.11",
|
|
4
4
|
"author": "Constructive <developers@constructive.io>",
|
|
5
5
|
"description": "Constructive CLI SDK - Auto-generated GraphQL CLI with ORM client, context management, and interactive prompts",
|
|
6
6
|
"main": "index.js",
|
|
@@ -55,11 +55,11 @@
|
|
|
55
55
|
"yanse": "^0.2.1"
|
|
56
56
|
},
|
|
57
57
|
"devDependencies": {
|
|
58
|
-
"@constructive-io/graphql-codegen": "^4.27.
|
|
58
|
+
"@constructive-io/graphql-codegen": "^4.27.2",
|
|
59
59
|
"@types/node": "^22.19.11",
|
|
60
60
|
"makage": "^0.3.0",
|
|
61
61
|
"tsx": "^4.19.0",
|
|
62
62
|
"typescript": "^5.9.3"
|
|
63
63
|
},
|
|
64
|
-
"gitHead": "
|
|
64
|
+
"gitHead": "d28ce4f65863707e369e579f68c222b1d56c6ea3"
|
|
65
65
|
}
|
|
@@ -5,7 +5,7 @@ const utils_1 = require("../utils");
|
|
|
5
5
|
exports.default = async (argv, prompter, _options) => {
|
|
6
6
|
try {
|
|
7
7
|
if (argv.help || argv.h) {
|
|
8
|
-
console.log('construct-blueprint - Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config
|
|
8
|
+
console.log('construct-blueprint - Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n\nUsage: construct-blueprint [OPTIONS]\n');
|
|
9
9
|
process.exit(0);
|
|
10
10
|
}
|
|
11
11
|
const answers = await prompter.prompt(argv, [
|
package/public/cli/commands.js
CHANGED
|
@@ -340,7 +340,7 @@ const createCommandMap = () => ({
|
|
|
340
340
|
'verify-password': verify_password_1.default,
|
|
341
341
|
'verify-totp': verify_totp_1.default,
|
|
342
342
|
});
|
|
343
|
-
const usage = "\ncsdk <command>\n\nCommands:\n context Manage API contexts\n auth Manage authentication\n get-all-record getAllRecord CRUD operations\n org-get-managers-record orgGetManagersRecord CRUD operations\n org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n object object CRUD operations\n app-permission appPermission CRUD operations\n org-permission orgPermission CRUD operations\n app-level-requirement appLevelRequirement CRUD operations\n database database CRUD operations\n schema schema CRUD operations\n table table CRUD operations\n check-constraint checkConstraint CRUD operations\n field field CRUD operations\n foreign-key-constraint foreignKeyConstraint CRUD operations\n full-text-search fullTextSearch CRUD operations\n index index CRUD operations\n policy policy CRUD operations\n primary-key-constraint primaryKeyConstraint CRUD operations\n table-grant tableGrant CRUD operations\n trigger trigger CRUD operations\n unique-constraint uniqueConstraint CRUD operations\n view view CRUD operations\n view-table viewTable CRUD operations\n view-grant viewGrant CRUD operations\n view-rule viewRule CRUD operations\n embedding-chunk embeddingChunk CRUD operations\n table-template-module tableTemplateModule CRUD operations\n secure-table-provision secureTableProvision CRUD operations\n relation-provision relationProvision CRUD operations\n schema-grant schemaGrant CRUD operations\n default-privilege defaultPrivilege CRUD operations\n enum enum CRUD operations\n api-schema apiSchema CRUD operations\n api-module apiModule CRUD operations\n domain domain CRUD operations\n site-metadatum siteMetadatum CRUD operations\n site-module siteModule CRUD operations\n site-theme siteTheme CRUD operations\n trigger-function triggerFunction CRUD operations\n database-transfer databaseTransfer CRUD operations\n api api CRUD operations\n site site CRUD operations\n app app CRUD operations\n connected-accounts-module connectedAccountsModule CRUD operations\n crypto-addresses-module cryptoAddressesModule CRUD operations\n crypto-auth-module cryptoAuthModule CRUD operations\n default-ids-module defaultIdsModule CRUD operations\n denormalized-table-field denormalizedTableField CRUD operations\n emails-module emailsModule CRUD operations\n encrypted-secrets-module encryptedSecretsModule CRUD operations\n invites-module invitesModule CRUD operations\n levels-module levelsModule CRUD operations\n limits-module limitsModule CRUD operations\n membership-types-module membershipTypesModule CRUD operations\n memberships-module membershipsModule CRUD operations\n permissions-module permissionsModule CRUD operations\n phone-numbers-module phoneNumbersModule CRUD operations\n profiles-module profilesModule CRUD operations\n secrets-module secretsModule CRUD operations\n sessions-module sessionsModule CRUD operations\n user-auth-module userAuthModule CRUD operations\n users-module usersModule CRUD operations\n blueprint blueprint CRUD operations\n blueprint-template blueprintTemplate CRUD operations\n database-provision-module databaseProvisionModule CRUD operations\n app-admin-grant appAdminGrant CRUD operations\n app-owner-grant appOwnerGrant CRUD operations\n app-grant appGrant CRUD operations\n org-membership orgMembership CRUD operations\n org-member orgMember CRUD operations\n org-admin-grant orgAdminGrant CRUD operations\n org-owner-grant orgOwnerGrant CRUD operations\n org-grant orgGrant CRUD operations\n org-chart-edge orgChartEdge CRUD operations\n org-chart-edge-grant orgChartEdgeGrant CRUD operations\n org-permission-default orgPermissionDefault CRUD operations\n app-limit appLimit CRUD operations\n org-limit orgLimit CRUD operations\n app-step appStep CRUD operations\n app-achievement appAchievement CRUD operations\n app-level appLevel CRUD operations\n email email CRUD operations\n phone-number phoneNumber CRUD operations\n crypto-address cryptoAddress CRUD operations\n connected-account connectedAccount CRUD operations\n invite invite CRUD operations\n claimed-invite claimedInvite CRUD operations\n org-invite orgInvite CRUD operations\n org-claimed-invite orgClaimedInvite CRUD operations\n audit-log auditLog CRUD operations\n ref ref CRUD operations\n store store CRUD operations\n app-permission-default appPermissionDefault CRUD operations\n role-type roleType CRUD operations\n migrate-file migrateFile CRUD operations\n app-limit-default appLimitDefault CRUD operations\n org-limit-default orgLimitDefault CRUD operations\n membership-type membershipType CRUD operations\n commit commit CRUD operations\n app-membership-default appMembershipDefault CRUD operations\n rls-module rlsModule CRUD operations\n node-type-registry nodeTypeRegistry CRUD operations\n org-membership-default orgMembershipDefault CRUD operations\n sql-action sqlAction CRUD operations\n user user CRUD operations\n ast-migration astMigration CRUD operations\n app-membership appMembership CRUD operations\n hierarchy-module hierarchyModule CRUD operations\n current-user-id currentUserId\n current-ip-address currentIpAddress\n current-user-agent currentUserAgent\n app-permissions-get-padded-mask appPermissionsGetPaddedMask\n org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n steps-achieved stepsAchieved\n rev-parse revParse\n org-is-manager-of orgIsManagerOf\n app-permissions-get-mask appPermissionsGetMask\n org-permissions-get-mask orgPermissionsGetMask\n app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n get-object-at-path getObjectAtPath\n app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n steps-required Reads and enables pagination through a set of `AppLevelRequirement`.\n current-user currentUser\n send-account-deletion-email sendAccountDeletionEmail\n sign-out signOut\n accept-database-transfer acceptDatabaseTransfer\n cancel-database-transfer cancelDatabaseTransfer\n reject-database-transfer rejectDatabaseTransfer\n submit-invite-code submitInviteCode\n submit-org-invite-code submitOrgInviteCode\n check-password checkPassword\n confirm-delete-account confirmDeleteAccount\n set-password setPassword\n verify-email verifyEmail\n freeze-objects freezeObjects\n init-empty-repo initEmptyRepo\n construct-blueprint Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config in data. Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n reset-password resetPassword\n remove-node-at-path removeNodeAtPath\n set-data-at-path setDataAtPath\n set-props-and-commit setPropsAndCommit\n copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n provision-database-with-user provisionDatabaseWithUser\n bootstrap-user bootstrapUser\n set-field-order setFieldOrder\n insert-node-at-path insertNodeAtPath\n update-node-at-path updateNodeAtPath\n set-and-commit setAndCommit\n apply-rls applyRls\n sign-in-one-time-token signInOneTimeToken\n create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n - database_name: Name for the new database (required)\n - owner_id: UUID of the owner user (required)\n - include_invites: Include invite system (default: true)\n - include_groups: Include group-level memberships (default: false)\n - include_levels: Include levels/achievements (default: false)\n - bitlen: Bit length for permission masks (default: 64)\n - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true); -- with invites and groups\n\n extend-token-expires extendTokenExpires\n sign-in signIn\n sign-up signUp\n one-time-token oneTimeToken\n send-verification-email sendVerificationEmail\n forgot-password forgotPassword\n verify-password verifyPassword\n verify-totp verifyTotp\n\n --help, -h Show this help message\n --version, -v Show version\n";
|
|
343
|
+
const usage = "\ncsdk <command>\n\nCommands:\n context Manage API contexts\n auth Manage authentication\n get-all-record getAllRecord CRUD operations\n org-get-managers-record orgGetManagersRecord CRUD operations\n org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n object object CRUD operations\n app-permission appPermission CRUD operations\n org-permission orgPermission CRUD operations\n app-level-requirement appLevelRequirement CRUD operations\n database database CRUD operations\n schema schema CRUD operations\n table table CRUD operations\n check-constraint checkConstraint CRUD operations\n field field CRUD operations\n foreign-key-constraint foreignKeyConstraint CRUD operations\n full-text-search fullTextSearch CRUD operations\n index index CRUD operations\n policy policy CRUD operations\n primary-key-constraint primaryKeyConstraint CRUD operations\n table-grant tableGrant CRUD operations\n trigger trigger CRUD operations\n unique-constraint uniqueConstraint CRUD operations\n view view CRUD operations\n view-table viewTable CRUD operations\n view-grant viewGrant CRUD operations\n view-rule viewRule CRUD operations\n embedding-chunk embeddingChunk CRUD operations\n table-template-module tableTemplateModule CRUD operations\n secure-table-provision secureTableProvision CRUD operations\n relation-provision relationProvision CRUD operations\n schema-grant schemaGrant CRUD operations\n default-privilege defaultPrivilege CRUD operations\n enum enum CRUD operations\n api-schema apiSchema CRUD operations\n api-module apiModule CRUD operations\n domain domain CRUD operations\n site-metadatum siteMetadatum CRUD operations\n site-module siteModule CRUD operations\n site-theme siteTheme CRUD operations\n trigger-function triggerFunction CRUD operations\n database-transfer databaseTransfer CRUD operations\n api api CRUD operations\n site site CRUD operations\n app app CRUD operations\n connected-accounts-module connectedAccountsModule CRUD operations\n crypto-addresses-module cryptoAddressesModule CRUD operations\n crypto-auth-module cryptoAuthModule CRUD operations\n default-ids-module defaultIdsModule CRUD operations\n denormalized-table-field denormalizedTableField CRUD operations\n emails-module emailsModule CRUD operations\n encrypted-secrets-module encryptedSecretsModule CRUD operations\n invites-module invitesModule CRUD operations\n levels-module levelsModule CRUD operations\n limits-module limitsModule CRUD operations\n membership-types-module membershipTypesModule CRUD operations\n memberships-module membershipsModule CRUD operations\n permissions-module permissionsModule CRUD operations\n phone-numbers-module phoneNumbersModule CRUD operations\n profiles-module profilesModule CRUD operations\n secrets-module secretsModule CRUD operations\n sessions-module sessionsModule CRUD operations\n user-auth-module userAuthModule CRUD operations\n users-module usersModule CRUD operations\n blueprint blueprint CRUD operations\n blueprint-template blueprintTemplate CRUD operations\n database-provision-module databaseProvisionModule CRUD operations\n app-admin-grant appAdminGrant CRUD operations\n app-owner-grant appOwnerGrant CRUD operations\n app-grant appGrant CRUD operations\n org-membership orgMembership CRUD operations\n org-member orgMember CRUD operations\n org-admin-grant orgAdminGrant CRUD operations\n org-owner-grant orgOwnerGrant CRUD operations\n org-grant orgGrant CRUD operations\n org-chart-edge orgChartEdge CRUD operations\n org-chart-edge-grant orgChartEdgeGrant CRUD operations\n org-permission-default orgPermissionDefault CRUD operations\n app-limit appLimit CRUD operations\n org-limit orgLimit CRUD operations\n app-step appStep CRUD operations\n app-achievement appAchievement CRUD operations\n app-level appLevel CRUD operations\n email email CRUD operations\n phone-number phoneNumber CRUD operations\n crypto-address cryptoAddress CRUD operations\n connected-account connectedAccount CRUD operations\n invite invite CRUD operations\n claimed-invite claimedInvite CRUD operations\n org-invite orgInvite CRUD operations\n org-claimed-invite orgClaimedInvite CRUD operations\n audit-log auditLog CRUD operations\n ref ref CRUD operations\n store store CRUD operations\n app-permission-default appPermissionDefault CRUD operations\n role-type roleType CRUD operations\n migrate-file migrateFile CRUD operations\n app-limit-default appLimitDefault CRUD operations\n org-limit-default orgLimitDefault CRUD operations\n membership-type membershipType CRUD operations\n commit commit CRUD operations\n app-membership-default appMembershipDefault CRUD operations\n rls-module rlsModule CRUD operations\n node-type-registry nodeTypeRegistry CRUD operations\n org-membership-default orgMembershipDefault CRUD operations\n sql-action sqlAction CRUD operations\n user user CRUD operations\n ast-migration astMigration CRUD operations\n app-membership appMembership CRUD operations\n hierarchy-module hierarchyModule CRUD operations\n current-user-id currentUserId\n current-ip-address currentIpAddress\n current-user-agent currentUserAgent\n app-permissions-get-padded-mask appPermissionsGetPaddedMask\n org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n steps-achieved stepsAchieved\n rev-parse revParse\n org-is-manager-of orgIsManagerOf\n app-permissions-get-mask appPermissionsGetMask\n org-permissions-get-mask orgPermissionsGetMask\n app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n get-object-at-path getObjectAtPath\n app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n steps-required Reads and enables pagination through a set of `AppLevelRequirement`.\n current-user currentUser\n send-account-deletion-email sendAccountDeletionEmail\n sign-out signOut\n accept-database-transfer acceptDatabaseTransfer\n cancel-database-transfer cancelDatabaseTransfer\n reject-database-transfer rejectDatabaseTransfer\n submit-invite-code submitInviteCode\n submit-org-invite-code submitOrgInviteCode\n check-password checkPassword\n confirm-delete-account confirmDeleteAccount\n set-password setPassword\n verify-email verifyEmail\n freeze-objects freezeObjects\n init-empty-repo initEmptyRepo\n construct-blueprint Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.\n reset-password resetPassword\n remove-node-at-path removeNodeAtPath\n set-data-at-path setDataAtPath\n set-props-and-commit setPropsAndCommit\n copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n provision-database-with-user provisionDatabaseWithUser\n bootstrap-user bootstrapUser\n set-field-order setFieldOrder\n insert-node-at-path insertNodeAtPath\n update-node-at-path updateNodeAtPath\n set-and-commit setAndCommit\n apply-rls applyRls\n sign-in-one-time-token signInOneTimeToken\n create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n - database_name: Name for the new database (required)\n - owner_id: UUID of the owner user (required)\n - include_invites: Include invite system (default: true)\n - include_groups: Include group-level memberships (default: false)\n - include_levels: Include levels/achievements (default: false)\n - bitlen: Bit length for permission masks (default: 64)\n - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true); -- with invites and groups\n\n extend-token-expires extendTokenExpires\n sign-in signIn\n sign-up signUp\n one-time-token oneTimeToken\n send-verification-email sendVerificationEmail\n forgot-password forgotPassword\n verify-password verifyPassword\n verify-totp verifyTotp\n\n --help, -h Show this help message\n --version, -v Show version\n";
|
|
344
344
|
const commands = async (argv, prompter, options) => {
|
|
345
345
|
if (argv.help || argv.h) {
|
|
346
346
|
console.log(usage);
|
|
@@ -614,7 +614,7 @@ export interface SecureTableProvision {
|
|
|
614
614
|
fields?: Record<string, unknown>[] | null;
|
|
615
615
|
/** Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY['authenticated', 'admin']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY['authenticated']. */
|
|
616
616
|
grantRoles?: string[] | null;
|
|
617
|
-
/** PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to '{}' (no grants). Type safety is enforced by PostgreSQL at INSERT time. */
|
|
617
|
+
/** PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to '{}' (no grants — callers must explicitly specify privileges). Type safety is enforced by PostgreSQL at INSERT time. */
|
|
618
618
|
grantPrivileges?: Record<string, unknown>[] | null;
|
|
619
619
|
/** Policy generator type, e.g. 'AuthzEntityMembership', 'AuthzMembership', 'AuthzAllowAll'. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table. */
|
|
620
620
|
policyType?: string | null;
|
|
@@ -758,7 +758,7 @@ export interface RelationProvision {
|
|
|
758
758
|
nodeData?: Record<string, unknown> | null;
|
|
759
759
|
/** For RelationManyToMany: database roles to grant privileges to on the junction table. Forwarded to secure_table_provision as-is. Supports multiple roles, e.g. ARRAY['authenticated', 'admin']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY['authenticated']. Ignored for RelationBelongsTo/RelationHasOne. */
|
|
760
760
|
grantRoles?: string[] | null;
|
|
761
|
-
/** For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns. Defaults to
|
|
761
|
+
/** For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb] for full access, or ARRAY['["update",["name","bio"]]'::jsonb] for column-level grants. "*" means all columns. Defaults to '{}' (no grants — callers must explicitly specify privileges). Ignored for RelationBelongsTo/RelationHasOne. */
|
|
762
762
|
grantPrivileges?: Record<string, unknown>[] | null;
|
|
763
763
|
/**
|
|
764
764
|
* For RelationManyToMany: RLS policy type for the junction table. Forwarded to secure_table_provision as-is. The trigger does not interpret or validate this value.
|
|
@@ -48,7 +48,7 @@ export interface InitEmptyRepoVariables {
|
|
|
48
48
|
}
|
|
49
49
|
/**
|
|
50
50
|
* Variables for constructBlueprint
|
|
51
|
-
* Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config
|
|
51
|
+
* Executes a draft blueprint definition. Four phases: (1) create tables with nodes[], fields, and policies[], (2) create relations between tables, (3) create indexes on table fields (supports BTREE, HNSW, GIN, GIST, BM25, etc.), (4) create full-text search configurations with weighted multi-field TSVector support. nodes[] entries can be strings or {$type, data} objects. Relations use $type for relation_type with junction config as top-level fields (node_type, policy_type, grant_roles, grant_privileges, policy_data, policy_permissive, source_field_name, target_field_name, node_data). Indexes reference table_ref + column name(s) and are resolved to field_ids. Full-text searches reference table_ref + tsvector field + source fields with weights/langs. Builds a ref_map of local ref names to created table UUIDs. Updates blueprint status to constructed (or failed with error_details). Returns the ref_map.
|
|
52
52
|
*/
|
|
53
53
|
export interface ConstructBlueprintVariables {
|
|
54
54
|
input: ConstructBlueprintInput;
|