@constructive-sdk/cli 0.21.2 → 0.21.3

package/esm/public/orm/mutation/index.d.ts

@@ -6,7 +6,7 @@
 import { OrmClient } from '../client';
 import { QueryBuilder } from '../query-builder';
 import type { InferSelectResult, StrictSelect } from '../select-types';
-import type { SendAccountDeletionEmailInput, SignOutInput, AcceptDatabaseTransferInput, CancelDatabaseTransferInput, RejectDatabaseTransferInput, DisconnectAccountInput, RevokeApiKeyInput, RevokeSessionInput, VerifyPasswordInput, VerifyTotpInput, SubmitAppInviteCodeInput, SubmitOrgInviteCodeInput, CheckPasswordInput, ConfirmDeleteAccountInput, SetPasswordInput, VerifyEmailInput, FreezeObjectsInput, InitEmptyRepoInput, ConstructBlueprintInput, ProvisionNewUserInput, ResetPasswordInput, RemoveNodeAtPathInput, CopyTemplateToBlueprintInput, ProvisionSpatialRelationInput, BootstrapUserInput, SetFieldOrderInput, ProvisionUniqueConstraintInput, ProvisionFullTextSearchInput, ProvisionIndexInput, SetDataAtPathInput, SetPropsAndCommitInput, ProvisionDatabaseWithUserInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, ProvisionRelationInput, ApplyRlsInput, SignInCrossOriginInput, CreateUserDatabaseInput, ExtendTokenExpiresInput, CreateApiKeyInput, SendVerificationEmailInput, ForgotPasswordInput, SignUpInput, RequestCrossOriginTokenInput, SignInInput, ProvisionTableInput, ProvisionBucketInput, SendAccountDeletionEmailPayload, SignOutPayload, AcceptDatabaseTransferPayload, CancelDatabaseTransferPayload, RejectDatabaseTransferPayload, DisconnectAccountPayload, RevokeApiKeyPayload, RevokeSessionPayload, VerifyPasswordPayload, VerifyTotpPayload, SubmitAppInviteCodePayload, SubmitOrgInviteCodePayload, CheckPasswordPayload, ConfirmDeleteAccountPayload, SetPasswordPayload, VerifyEmailPayload, FreezeObjectsPayload, InitEmptyRepoPayload, ConstructBlueprintPayload, ProvisionNewUserPayload, ResetPasswordPayload, RemoveNodeAtPathPayload, CopyTemplateToBlueprintPayload, ProvisionSpatialRelationPayload, BootstrapUserPayload, SetFieldOrderPayload, ProvisionUniqueConstraintPayload, ProvisionFullTextSearchPayload, ProvisionIndexPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, ProvisionDatabaseWithUserPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, ProvisionRelationPayload, ApplyRlsPayload, SignInCrossOriginPayload, CreateUserDatabasePayload, ExtendTokenExpiresPayload, CreateApiKeyPayload, SendVerificationEmailPayload, ForgotPasswordPayload, SignUpPayload, RequestCrossOriginTokenPayload, SignInPayload, ProvisionTablePayload, ProvisionBucketPayload, SendAccountDeletionEmailPayloadSelect, SignOutPayloadSelect, AcceptDatabaseTransferPayloadSelect, CancelDatabaseTransferPayloadSelect, RejectDatabaseTransferPayloadSelect, DisconnectAccountPayloadSelect, RevokeApiKeyPayloadSelect, RevokeSessionPayloadSelect, VerifyPasswordPayloadSelect, VerifyTotpPayloadSelect, SubmitAppInviteCodePayloadSelect, SubmitOrgInviteCodePayloadSelect, CheckPasswordPayloadSelect, ConfirmDeleteAccountPayloadSelect, SetPasswordPayloadSelect, VerifyEmailPayloadSelect, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, ConstructBlueprintPayloadSelect, ProvisionNewUserPayloadSelect, ResetPasswordPayloadSelect, RemoveNodeAtPathPayloadSelect, CopyTemplateToBlueprintPayloadSelect, ProvisionSpatialRelationPayloadSelect, BootstrapUserPayloadSelect, SetFieldOrderPayloadSelect, ProvisionUniqueConstraintPayloadSelect, ProvisionFullTextSearchPayloadSelect, ProvisionIndexPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, ProvisionDatabaseWithUserPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect, ProvisionRelationPayloadSelect, ApplyRlsPayloadSelect, SignInCrossOriginPayloadSelect, CreateUserDatabasePayloadSelect, ExtendTokenExpiresPayloadSelect, CreateApiKeyPayloadSelect, SendVerificationEmailPayloadSelect, ForgotPasswordPayloadSelect, SignUpPayloadSelect, RequestCrossOriginTokenPayloadSelect, SignInPayloadSelect, ProvisionTablePayloadSelect, ProvisionBucketPayloadSelect } from '../input-types';
+import type { SendAccountDeletionEmailInput, SignOutInput, AcceptDatabaseTransferInput, CancelDatabaseTransferInput, RejectDatabaseTransferInput, DisconnectAccountInput, RevokeApiKeyInput, RevokeSessionInput, VerifyPasswordInput, VerifyTotpInput, SubmitAppInviteCodeInput, SubmitOrgInviteCodeInput, CheckPasswordInput, ConfirmDeleteAccountInput, SetPasswordInput, VerifyEmailInput, FreezeObjectsInput, InitEmptyRepoInput, ConstructBlueprintInput, ProvisionNewUserInput, ResetPasswordInput, RemoveNodeAtPathInput, CopyTemplateToBlueprintInput, ProvisionSpatialRelationInput, BootstrapUserInput, SetFieldOrderInput, ProvisionCheckConstraintInput, ProvisionUniqueConstraintInput, ProvisionFullTextSearchInput, ProvisionIndexInput, SetDataAtPathInput, SetPropsAndCommitInput, ProvisionDatabaseWithUserInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, ProvisionRelationInput, ApplyRlsInput, SignInCrossOriginInput, CreateUserDatabaseInput, ExtendTokenExpiresInput, CreateApiKeyInput, SendVerificationEmailInput, ForgotPasswordInput, SignUpInput, RequestCrossOriginTokenInput, SignInInput, ProvisionTableInput, ProvisionBucketInput, SendAccountDeletionEmailPayload, SignOutPayload, AcceptDatabaseTransferPayload, CancelDatabaseTransferPayload, RejectDatabaseTransferPayload, DisconnectAccountPayload, RevokeApiKeyPayload, RevokeSessionPayload, VerifyPasswordPayload, VerifyTotpPayload, SubmitAppInviteCodePayload, SubmitOrgInviteCodePayload, CheckPasswordPayload, ConfirmDeleteAccountPayload, SetPasswordPayload, VerifyEmailPayload, FreezeObjectsPayload, InitEmptyRepoPayload, ConstructBlueprintPayload, ProvisionNewUserPayload, ResetPasswordPayload, RemoveNodeAtPathPayload, CopyTemplateToBlueprintPayload, ProvisionSpatialRelationPayload, BootstrapUserPayload, SetFieldOrderPayload, ProvisionCheckConstraintPayload, ProvisionUniqueConstraintPayload, ProvisionFullTextSearchPayload, ProvisionIndexPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, ProvisionDatabaseWithUserPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, ProvisionRelationPayload, ApplyRlsPayload, SignInCrossOriginPayload, CreateUserDatabasePayload, ExtendTokenExpiresPayload, CreateApiKeyPayload, SendVerificationEmailPayload, ForgotPasswordPayload, SignUpPayload, RequestCrossOriginTokenPayload, SignInPayload, ProvisionTablePayload, ProvisionBucketPayload, SendAccountDeletionEmailPayloadSelect, SignOutPayloadSelect, AcceptDatabaseTransferPayloadSelect, CancelDatabaseTransferPayloadSelect, RejectDatabaseTransferPayloadSelect, DisconnectAccountPayloadSelect, RevokeApiKeyPayloadSelect, RevokeSessionPayloadSelect, VerifyPasswordPayloadSelect, VerifyTotpPayloadSelect, SubmitAppInviteCodePayloadSelect, SubmitOrgInviteCodePayloadSelect, CheckPasswordPayloadSelect, ConfirmDeleteAccountPayloadSelect, SetPasswordPayloadSelect, VerifyEmailPayloadSelect, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, ConstructBlueprintPayloadSelect, ProvisionNewUserPayloadSelect, ResetPasswordPayloadSelect, RemoveNodeAtPathPayloadSelect, CopyTemplateToBlueprintPayloadSelect, ProvisionSpatialRelationPayloadSelect, BootstrapUserPayloadSelect, SetFieldOrderPayloadSelect, ProvisionCheckConstraintPayloadSelect, ProvisionUniqueConstraintPayloadSelect, ProvisionFullTextSearchPayloadSelect, ProvisionIndexPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, ProvisionDatabaseWithUserPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect, ProvisionRelationPayloadSelect, ApplyRlsPayloadSelect, SignInCrossOriginPayloadSelect, CreateUserDatabasePayloadSelect, ExtendTokenExpiresPayloadSelect, CreateApiKeyPayloadSelect, SendVerificationEmailPayloadSelect, ForgotPasswordPayloadSelect, SignUpPayloadSelect, RequestCrossOriginTokenPayloadSelect, SignInPayloadSelect, ProvisionTablePayloadSelect, ProvisionBucketPayloadSelect } from '../input-types';
 export interface SendAccountDeletionEmailVariables {
     input: SendAccountDeletionEmailInput;
 }
@@ -63,7 +63,7 @@ export interface InitEmptyRepoVariables {
 }
 /**
  * Variables for constructBlueprint
- * Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Six phases: (0) entity_type_provision for each membership_type entry — provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level indexes/fts/unique_constraints are deferred to phases 3-5 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.
+ * Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Seven phases: (0) entity_type_provision for each membership_type entry — provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints/check_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints, (6) provision_check_constraint() for top-level + deferred check constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level entries are deferred to phases 3-6 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.
  */
 export interface ConstructBlueprintVariables {
     input: ConstructBlueprintInput;
@@ -97,6 +97,13 @@ export interface BootstrapUserVariables {
 export interface SetFieldOrderVariables {
     input: SetFieldOrderInput;
 }
+/**
+ * Variables for provisionCheckConstraint
+ * Creates a check constraint on a table from a $type + data blueprint definition. Supports: CheckOneOf (enum validation via = ANY(ARRAY[...])), CheckGreaterThan (single-column > value or cross-column), CheckLessThan (single-column < value or cross-column), CheckNotEqual (cross-column inequality). Builds AST expressions via ast_helpers and inserts into metaschema_public.check_constraint. Graceful: skips if a constraint with the same name already exists.
+ */
+export interface ProvisionCheckConstraintVariables {
+    input: ProvisionCheckConstraintInput;
+}
 /**
  * Variables for provisionUniqueConstraint
  * Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.
@@ -340,6 +347,11 @@ export declare function createMutationOperations(client: OrmClient): {
     } & StrictSelect<S, SetFieldOrderPayloadSelect>) => QueryBuilder<{
         setFieldOrder: InferSelectResult<SetFieldOrderPayload, S> | null;
     }>;
+    provisionCheckConstraint: <S extends ProvisionCheckConstraintPayloadSelect>(args: ProvisionCheckConstraintVariables, options: {
+        select: S;
+    } & StrictSelect<S, ProvisionCheckConstraintPayloadSelect>) => QueryBuilder<{
+        provisionCheckConstraint: InferSelectResult<ProvisionCheckConstraintPayload, S> | null;
+    }>;
     provisionUniqueConstraint: <S extends ProvisionUniqueConstraintPayloadSelect>(args: ProvisionUniqueConstraintVariables, options: {
         select: S;
     } & StrictSelect<S, ProvisionUniqueConstraintPayloadSelect>) => QueryBuilder<{

package/esm/public/orm/mutation/index.js

@@ -314,6 +314,18 @@ export function createMutationOperations(client) {
                 },
             ], connectionFieldsMap, 'SetFieldOrderPayload'),
         }),
+        provisionCheckConstraint: (args, options) => new QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'ProvisionCheckConstraint',
+            fieldName: 'provisionCheckConstraint',
+            ...buildCustomDocument('mutation', 'ProvisionCheckConstraint', 'provisionCheckConstraint', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'ProvisionCheckConstraintInput!',
+                },
+            ], connectionFieldsMap, 'ProvisionCheckConstraintPayload'),
+        }),
         provisionUniqueConstraint: (args, options) => new QueryBuilder({
             client,
             operation: 'mutation',

package/objects/orm/client.js

@@ -20,7 +20,7 @@ class FetchAdapter {
     constructor(endpoint, headers, fetchFn) {
         this.endpoint = endpoint;
         this.headers = headers ?? {};
-        this.fetchFn = fetchFn ?? (0, runtime_1.createFetch)();
+        this.fetchFn = (fetchFn ?? (0, runtime_1.createFetch)()).bind(globalThis);
     }
     async execute(document, variables) {
         const response = await this.fetchFn(this.endpoint, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@constructive-sdk/cli",
-  "version": "0.21.2",
+  "version": "0.21.3",
   "author": "Constructive <developers@constructive.io>",
   "description": "Constructive CLI SDK - Auto-generated GraphQL CLI with ORM client, context management, and interactive prompts",
   "main": "index.js",
@@ -56,11 +56,11 @@
     "yanse": "^0.2.1"
   },
   "devDependencies": {
-    "@constructive-io/graphql-codegen": "^4.40.2",
+    "@constructive-io/graphql-codegen": "^4.40.3",
     "@types/node": "^22.19.11",
     "makage": "^0.3.0",
     "tsx": "^4.19.0",
     "typescript": "^5.9.3"
   },
-  "gitHead": "d43f1d7e38cc39a71b4f8d2cafb39f46df12e31a"
+  "gitHead": "a4774481064e5cc16ca64f83cd705931e2b58250"
 }

package/public/cli/commands/api-setting.js

@@ -21,6 +21,7 @@ const fieldSchema = {
     enableConnectionFilter: 'boolean',
     enableLtree: 'boolean',
     enableLlm: 'boolean',
+    enableRealtime: 'boolean',
     options: 'json',
 };
 const usage = '\napi-setting <command>\n\nCommands:\n  list                  List apiSetting records\n  find-first            Find first matching apiSetting record\n  get                   Get a apiSetting by ID\n  create                Create a new apiSetting\n  update                Update an existing apiSetting\n  delete                Delete a apiSetting\n\nList Options:\n  --limit <n>           Max number of records to return (forward pagination)\n  --last <n>            Number of records from the end (backward pagination)\n  --after <cursor>      Cursor for forward pagination\n  --before <cursor>     Cursor for backward pagination\n  --offset <n>          Number of records to skip\n  --select <fields>     Comma-separated list of fields to return\n  --where.<field>.<op>  Filter (dot-notation, e.g. --where.name.equalTo foo)\n  --condition.<f>.<op>  Condition filter (dot-notation)\n  --orderBy <values>    Comma-separated ordering values (e.g. NAME_ASC,CREATED_AT_DESC)\n\nFind-First Options:\n  --select <fields>     Comma-separated list of fields to return\n  --where.<field>.<op>  Filter (dot-notation, e.g. --where.status.equalTo active)\n  --condition.<f>.<op>  Condition filter (dot-notation)\n\n  --help, -h            Show this help message\n';
@@ -77,6 +78,7 @@ async function handleList(argv, _prompter) {
             enableConnectionFilter: true,
             enableLtree: true,
             enableLlm: true,
+            enableRealtime: true,
             options: true,
         };
         const findManyArgs = (0, utils_1.parseFindManyArgs)(argv, defaultSelect);
@@ -107,6 +109,7 @@ async function handleFindFirst(argv, _prompter) {
             enableConnectionFilter: true,
             enableLtree: true,
             enableLlm: true,
+            enableRealtime: true,
             options: true,
         };
         const findFirstArgs = (0, utils_1.parseFindFirstArgs)(argv, defaultSelect);
@@ -149,6 +152,7 @@ async function handleGet(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })
@@ -241,6 +245,13 @@ async function handleCreate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'boolean',
+                name: 'enableRealtime',
+                message: 'enableRealtime',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'json',
                 name: 'options',
@@ -266,6 +277,7 @@ async function handleCreate(argv, prompter) {
                 enableConnectionFilter: cleanedData.enableConnectionFilter,
                 enableLtree: cleanedData.enableLtree,
                 enableLlm: cleanedData.enableLlm,
+                enableRealtime: cleanedData.enableRealtime,
                 options: cleanedData.options,
             },
             select: {
@@ -281,6 +293,7 @@ async function handleCreate(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })
@@ -379,6 +392,13 @@ async function handleUpdate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'boolean',
+                name: 'enableRealtime',
+                message: 'enableRealtime',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'json',
                 name: 'options',
@@ -407,6 +427,7 @@ async function handleUpdate(argv, prompter) {
                 enableConnectionFilter: cleanedData.enableConnectionFilter,
                 enableLtree: cleanedData.enableLtree,
                 enableLlm: cleanedData.enableLlm,
+                enableRealtime: cleanedData.enableRealtime,
                 options: cleanedData.options,
             },
             select: {
@@ -422,6 +443,7 @@ async function handleUpdate(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })

package/public/cli/commands/construct-blueprint.js

@@ -5,7 +5,7 @@ const utils_1 = require("../utils");
 exports.default = async (argv, prompter, _options) => {
     try {
         if (argv.help || argv.h) {
-            console.log('construct-blueprint - Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Six phases: (0) entity_type_provision for each membership_type entry \u2014 provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level indexes/fts/unique_constraints are deferred to phases 3-5 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.\n\nUsage: construct-blueprint [OPTIONS]\n');
+            console.log('construct-blueprint - Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Seven phases: (0) entity_type_provision for each membership_type entry \u2014 provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints/check_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints, (6) provision_check_constraint() for top-level + deferred check constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level entries are deferred to phases 3-6 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.\n\nUsage: construct-blueprint [OPTIONS]\n');
             process.exit(0);
         }
         const answers = await prompter.prompt(argv, [

package/public/cli/commands/database-setting.js

@@ -20,6 +20,7 @@ const fieldSchema = {
     enableConnectionFilter: 'boolean',
     enableLtree: 'boolean',
     enableLlm: 'boolean',
+    enableRealtime: 'boolean',
     options: 'json',
 };
 const usage = '\ndatabase-setting <command>\n\nCommands:\n  list                  List databaseSetting records\n  find-first            Find first matching databaseSetting record\n  get                   Get a databaseSetting by ID\n  create                Create a new databaseSetting\n  update                Update an existing databaseSetting\n  delete                Delete a databaseSetting\n\nList Options:\n  --limit <n>           Max number of records to return (forward pagination)\n  --last <n>            Number of records from the end (backward pagination)\n  --after <cursor>      Cursor for forward pagination\n  --before <cursor>     Cursor for backward pagination\n  --offset <n>          Number of records to skip\n  --select <fields>     Comma-separated list of fields to return\n  --where.<field>.<op>  Filter (dot-notation, e.g. --where.name.equalTo foo)\n  --condition.<f>.<op>  Condition filter (dot-notation)\n  --orderBy <values>    Comma-separated ordering values (e.g. NAME_ASC,CREATED_AT_DESC)\n\nFind-First Options:\n  --select <fields>     Comma-separated list of fields to return\n  --where.<field>.<op>  Filter (dot-notation, e.g. --where.status.equalTo active)\n  --condition.<f>.<op>  Condition filter (dot-notation)\n\n  --help, -h            Show this help message\n';
@@ -75,6 +76,7 @@ async function handleList(argv, _prompter) {
             enableConnectionFilter: true,
             enableLtree: true,
             enableLlm: true,
+            enableRealtime: true,
             options: true,
         };
         const findManyArgs = (0, utils_1.parseFindManyArgs)(argv, defaultSelect);
@@ -104,6 +106,7 @@ async function handleFindFirst(argv, _prompter) {
             enableConnectionFilter: true,
             enableLtree: true,
             enableLlm: true,
+            enableRealtime: true,
             options: true,
         };
         const findFirstArgs = (0, utils_1.parseFindFirstArgs)(argv, defaultSelect);
@@ -145,6 +148,7 @@ async function handleGet(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })
@@ -231,6 +235,13 @@ async function handleCreate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'boolean',
+                name: 'enableRealtime',
+                message: 'enableRealtime',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'json',
                 name: 'options',
@@ -255,6 +266,7 @@ async function handleCreate(argv, prompter) {
                 enableConnectionFilter: cleanedData.enableConnectionFilter,
                 enableLtree: cleanedData.enableLtree,
                 enableLlm: cleanedData.enableLlm,
+                enableRealtime: cleanedData.enableRealtime,
                 options: cleanedData.options,
             },
             select: {
@@ -269,6 +281,7 @@ async function handleCreate(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })
@@ -361,6 +374,13 @@ async function handleUpdate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'boolean',
+                name: 'enableRealtime',
+                message: 'enableRealtime',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'json',
                 name: 'options',
@@ -388,6 +408,7 @@ async function handleUpdate(argv, prompter) {
                 enableConnectionFilter: cleanedData.enableConnectionFilter,
                 enableLtree: cleanedData.enableLtree,
                 enableLlm: cleanedData.enableLlm,
+                enableRealtime: cleanedData.enableRealtime,
                 options: cleanedData.options,
             },
             select: {
@@ -402,6 +423,7 @@ async function handleUpdate(argv, prompter) {
                 enableConnectionFilter: true,
                 enableLtree: true,
                 enableLlm: true,
+                enableRealtime: true,
                 options: true,
             },
         })

package/public/cli/commands/provision-check-constraint.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation provisionCheckConstraint
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/public/cli/commands/provision-check-constraint.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const executor_1 = require("../executor");
+const utils_1 = require("../utils");
+exports.default = async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log('provision-check-constraint - Creates a check constraint on a table from a $type + data blueprint definition. Supports: CheckOneOf (enum validation via = ANY(ARRAY[...])), CheckGreaterThan (single-column > value or cross-column), CheckLessThan (single-column < value or cross-column), CheckNotEqual (cross-column inequality). Builds AST expressions via ast_helpers and inserts into metaschema_public.check_constraint. Graceful: skips if a constraint with the same name already exists.\n\nUsage: provision-check-constraint [OPTIONS]\n');
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = (0, executor_1.getClient)();
+        const parsedAnswers = (0, utils_1.unflattenDotNotation)(answers);
+        const selectFields = (0, utils_1.buildSelectFromPaths)(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .provisionCheckConstraint(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: provisionCheckConstraint');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/public/cli/commands.js

@@ -209,6 +209,7 @@ const copy_template_to_blueprint_1 = __importDefault(require("./commands/copy-te
 const provision_spatial_relation_1 = __importDefault(require("./commands/provision-spatial-relation"));
 const bootstrap_user_1 = __importDefault(require("./commands/bootstrap-user"));
 const set_field_order_1 = __importDefault(require("./commands/set-field-order"));
+const provision_check_constraint_1 = __importDefault(require("./commands/provision-check-constraint"));
 const provision_unique_constraint_1 = __importDefault(require("./commands/provision-unique-constraint"));
 const provision_full_text_search_1 = __importDefault(require("./commands/provision-full-text-search"));
 const provision_index_1 = __importDefault(require("./commands/provision-index"));
@@ -431,6 +432,7 @@ const createCommandMap = () => ({
     'provision-spatial-relation': provision_spatial_relation_1.default,
     'bootstrap-user': bootstrap_user_1.default,
     'set-field-order': set_field_order_1.default,
+    'provision-check-constraint': provision_check_constraint_1.default,
     'provision-unique-constraint': provision_unique_constraint_1.default,
     'provision-full-text-search': provision_full_text_search_1.default,
     'provision-index': provision_index_1.default,
@@ -454,7 +456,7 @@ const createCommandMap = () => ({
     'provision-table': provision_table_1.default,
     'provision-bucket': provision_bucket_1.default,
 });
-const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  object               object CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  spatial-relation     spatialRelation CRUD operations\n  partition            partition CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  session-secrets-module sessionSecretsModule CRUD operations\n  identity-providers-module identityProvidersModule CRUD operations\n  realtime-module      realtimeModule CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  function             function CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  cors-setting         corsSetting CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  api-setting          apiSetting CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  entity-type-provision entityTypeProvision CRUD operations\n  webauthn-credentials-module webauthnCredentialsModule CRUD operations\n  webauthn-auth-module webauthnAuthModule CRUD operations\n  notifications-module notificationsModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-member-profile   orgMemberProfile CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  app-limit-credit     appLimitCredit CRUD operations\n  app-limit-credit-code-item appLimitCreditCodeItem CRUD operations\n  app-limit-credit-redemption appLimitCreditRedemption CRUD operations\n  org-limit            orgLimit CRUD operations\n  org-limit-credit     orgLimitCredit CRUD operations\n  org-limit-aggregate  orgLimitAggregate CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  webauthn-credential  webauthnCredential CRUD operations\n  app-invite           appInvite CRUD operations\n  app-claimed-invite   appClaimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  agent-thread         agentThread CRUD operations\n  agent-message        agentMessage CRUD operations\n  agent-task           agentTask CRUD operations\n  role-type            roleType CRUD operations\n  identity-provider    identityProvider CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  app-limit-credit-code appLimitCreditCode CRUD operations\n  app-limit-caps-default appLimitCapsDefault CRUD operations\n  org-limit-caps-default orgLimitCapsDefault CRUD operations\n  app-limit-cap        appLimitCap CRUD operations\n  org-limit-cap        orgLimitCap CRUD operations\n  membership-type      membershipType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  devices-module       devicesModule CRUD operations\n  node-type-registry   nodeTypeRegistry CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  user-connected-account userConnectedAccount CRUD operations\n  commit               commit CRUD operations\n  pubkey-setting       pubkeySetting CRUD operations\n  rate-limits-module   rateLimitsModule CRUD operations\n  usage-snapshot       usageSnapshot CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-setting          rlsSetting CRUD operations\n  app-limit-event      appLimitEvent CRUD operations\n  org-limit-event      orgLimitEvent CRUD operations\n  rls-module           rlsModule CRUD operations\n  database-setting     databaseSetting CRUD operations\n  plans-module         plansModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  billing-module       billingModule CRUD operations\n  ast-migration        astMigration CRUD operations\n  user                 user CRUD operations\n  org-membership-setting orgMembershipSetting CRUD operations\n  webauthn-setting     webauthnSetting CRUD operations\n  app-membership       appMembership CRUD operations\n  billing-provider-module billingProviderModule CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-user-agent   currentUserAgent\n  current-ip-address   currentIpAddress\n  require-step-up      requireStepUp\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  resolve-blueprint-field Resolves a field_name within a given table_id to a field_id. Throws if no match is found. Used by construct_blueprint to translate user-authored field names (e.g. \"location\") into field UUIDs for downstream provisioning procedures. table_id must already be resolved (via resolve_blueprint_table) before calling this.\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  disconnect-account   disconnectAccount\n  revoke-api-key       revokeApiKey\n  revoke-session       revokeSession\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n  submit-app-invite-code submitAppInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Six phases: (0) entity_type_provision for each membership_type entry \u2014 provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level indexes/fts/unique_constraints are deferred to phases 3-5 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.\n  provision-new-user   provisionNewUser\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  provision-spatial-relation Idempotent provisioner for metaschema_public.spatial_relation. Inserts a row declaring a spatial predicate between two geometry/geography columns (owner and target). Called from construct_blueprint when a relation entry has $type=RelationSpatial. Graceful: re-running with the same (source_table_id, name) returns the existing id without modifying the row. Operator whitelist and st_dwithin \u2194 param_name pairing are enforced by the spatial_relation table CHECKs. Both fields must already exist \u2014 this is a metadata-only insert.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-cross-origin signInCrossOrigin\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  create-api-key       createApiKey\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  sign-up              signUp\n  request-cross-origin-token requestCrossOriginToken\n  sign-in              signIn\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  provision-bucket     Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
+const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  object               object CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  spatial-relation     spatialRelation CRUD operations\n  partition            partition CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  session-secrets-module sessionSecretsModule CRUD operations\n  identity-providers-module identityProvidersModule CRUD operations\n  realtime-module      realtimeModule CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  function             function CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  cors-setting         corsSetting CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  api-setting          apiSetting CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  entity-type-provision entityTypeProvision CRUD operations\n  webauthn-credentials-module webauthnCredentialsModule CRUD operations\n  webauthn-auth-module webauthnAuthModule CRUD operations\n  notifications-module notificationsModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-member-profile   orgMemberProfile CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  app-limit-credit     appLimitCredit CRUD operations\n  app-limit-credit-code-item appLimitCreditCodeItem CRUD operations\n  app-limit-credit-redemption appLimitCreditRedemption CRUD operations\n  org-limit            orgLimit CRUD operations\n  org-limit-credit     orgLimitCredit CRUD operations\n  org-limit-aggregate  orgLimitAggregate CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  webauthn-credential  webauthnCredential CRUD operations\n  app-invite           appInvite CRUD operations\n  app-claimed-invite   appClaimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  agent-thread         agentThread CRUD operations\n  agent-message        agentMessage CRUD operations\n  agent-task           agentTask CRUD operations\n  role-type            roleType CRUD operations\n  identity-provider    identityProvider CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  app-limit-credit-code appLimitCreditCode CRUD operations\n  app-limit-caps-default appLimitCapsDefault CRUD operations\n  org-limit-caps-default orgLimitCapsDefault CRUD operations\n  app-limit-cap        appLimitCap CRUD operations\n  org-limit-cap        orgLimitCap CRUD operations\n  membership-type      membershipType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  devices-module       devicesModule CRUD operations\n  node-type-registry   nodeTypeRegistry CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  user-connected-account userConnectedAccount CRUD operations\n  commit               commit CRUD operations\n  pubkey-setting       pubkeySetting CRUD operations\n  rate-limits-module   rateLimitsModule CRUD operations\n  usage-snapshot       usageSnapshot CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-setting          rlsSetting CRUD operations\n  app-limit-event      appLimitEvent CRUD operations\n  org-limit-event      orgLimitEvent CRUD operations\n  rls-module           rlsModule CRUD operations\n  database-setting     databaseSetting CRUD operations\n  plans-module         plansModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  billing-module       billingModule CRUD operations\n  ast-migration        astMigration CRUD operations\n  user                 user CRUD operations\n  org-membership-setting orgMembershipSetting CRUD operations\n  webauthn-setting     webauthnSetting CRUD operations\n  app-membership       appMembership CRUD operations\n  billing-provider-module billingProviderModule CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-user-agent   currentUserAgent\n  current-ip-address   currentIpAddress\n  require-step-up      requireStepUp\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  resolve-blueprint-field Resolves a field_name within a given table_id to a field_id. Throws if no match is found. Used by construct_blueprint to translate user-authored field names (e.g. \"location\") into field UUIDs for downstream provisioning procedures. table_id must already be resolved (via resolve_blueprint_table) before calling this.\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  disconnect-account   disconnectAccount\n  revoke-api-key       revokeApiKey\n  revoke-session       revokeSession\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n  submit-app-invite-code submitAppInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Seven phases: (0) entity_type_provision for each membership_type entry \u2014 provisions entity tables, membership modules, and security, (1) provision_table() for each table with nodes[], fields[], policies[], and grants (table-level indexes/fts/unique_constraints/check_constraints are deferred), (2) provision_relation() for each relation, (3) provision_index() for top-level + deferred indexes, (4) provision_full_text_search() for top-level + deferred FTS, (5) provision_unique_constraint() for top-level + deferred unique constraints, (6) provision_check_constraint() for top-level + deferred check constraints. Phase 0 entity tables are added to the table_map so subsequent phases can reference them by name. Table-level entries are deferred to phases 3-6 so they can reference columns created by relations in phase 2. Returns the construction record ID on success, NULL on failure.\n  provision-new-user   provisionNewUser\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  provision-spatial-relation Idempotent provisioner for metaschema_public.spatial_relation. Inserts a row declaring a spatial predicate between two geometry/geography columns (owner and target). Called from construct_blueprint when a relation entry has $type=RelationSpatial. Graceful: re-running with the same (source_table_id, name) returns the existing id without modifying the row. Operator whitelist and st_dwithin \u2194 param_name pairing are enforced by the spatial_relation table CHECKs. Both fields must already exist \u2014 this is a metadata-only insert.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-check-constraint Creates a check constraint on a table from a $type + data blueprint definition. Supports: CheckOneOf (enum validation via = ANY(ARRAY[...])), CheckGreaterThan (single-column > value or cross-column), CheckLessThan (single-column < value or cross-column), CheckNotEqual (cross-column inequality). Builds AST expressions via ast_helpers and inserts into metaschema_public.check_constraint. Graceful: skips if a constraint with the same name already exists.\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-cross-origin signInCrossOrigin\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  create-api-key       createApiKey\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  sign-up              signUp\n  request-cross-origin-token requestCrossOriginToken\n  sign-in              signIn\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  provision-bucket     Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
 const commands = async (argv, prompter, options) => {
     if (argv.help || argv.h) {
         console.log(usage);

package/public/cli/executor.d.ts

@@ -392,6 +392,11 @@ export declare function getClient(contextName?: string): {
         } & import("../orm").StrictSelect<S, import("../orm/input-types").SetFieldOrderPayloadSelect>) => import("../orm").QueryBuilder<{
             setFieldOrder: import("../orm").InferSelectResult<import("../orm/input-types").SetFieldOrderPayload, S> | null;
         }>;
+        provisionCheckConstraint: <S extends import("../orm/input-types").ProvisionCheckConstraintPayloadSelect>(args: import("../orm/mutation").ProvisionCheckConstraintVariables, options: {
+            select: S;
+        } & import("../orm").StrictSelect<S, import("../orm/input-types").ProvisionCheckConstraintPayloadSelect>) => import("../orm").QueryBuilder<{
+            provisionCheckConstraint: import("../orm").InferSelectResult<import("../orm/input-types").ProvisionCheckConstraintPayload, S> | null;
+        }>;
         provisionUniqueConstraint: <S extends import("../orm/input-types").ProvisionUniqueConstraintPayloadSelect>(args: import("../orm/mutation").ProvisionUniqueConstraintVariables, options: {
             select: S;
         } & import("../orm").StrictSelect<S, import("../orm/input-types").ProvisionUniqueConstraintPayloadSelect>) => import("../orm").QueryBuilder<{

package/public/orm/client.js

@@ -20,7 +20,7 @@ class FetchAdapter {
     constructor(endpoint, headers, fetchFn) {
         this.endpoint = endpoint;
         this.headers = headers ?? {};
-        this.fetchFn = fetchFn ?? (0, runtime_1.createFetch)();
+        this.fetchFn = (fetchFn ?? (0, runtime_1.createFetch)()).bind(globalThis);
     }
     async execute(document, variables) {
         const response = await this.fetchFn(this.endpoint, {

package/public/orm/index.d.ts

@@ -572,6 +572,11 @@ export declare function createClient(config: OrmClientConfig): {
         } & import("./select-types").StrictSelect<S, import("./input-types").SetFieldOrderPayloadSelect>) => import("./query-builder").QueryBuilder<{
             setFieldOrder: import("./select-types").InferSelectResult<import("./input-types").SetFieldOrderPayload, S> | null;
         }>;
+        provisionCheckConstraint: <S extends import("./input-types").ProvisionCheckConstraintPayloadSelect>(args: import("./mutation").ProvisionCheckConstraintVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").ProvisionCheckConstraintPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            provisionCheckConstraint: import("./select-types").InferSelectResult<import("./input-types").ProvisionCheckConstraintPayload, S> | null;
+        }>;
         provisionUniqueConstraint: <S extends import("./input-types").ProvisionUniqueConstraintPayloadSelect>(args: import("./mutation").ProvisionUniqueConstraintVariables, options: {
             select: S;
         } & import("./select-types").StrictSelect<S, import("./input-types").ProvisionUniqueConstraintPayloadSelect>) => import("./query-builder").QueryBuilder<{