@nightowlsdev/storage-supabase 0.3.0 → 2.0.0

package/dist/index.cjs

@@ -25,10 +25,19 @@ __export(index_exports, {
   createMastraVectorStore: () => createMastraVectorStore,
   createPostgresFloor: () => createPostgresFloor,
   createSupabaseStorage: () => createSupabaseStorage,
+  ensureAgentVersion: () => ensureAgentVersion,
+  hostOwnedOrgMembershipSql: () => hostOwnedOrgMembershipSql,
+  hostOwnedOrgMigration: () => hostOwnedOrgMigration,
   listAgentVersions: () => listAgentVersions,
+  listTenants: () => listTenants,
+  makeBundleRepo: () => makeBundleRepo,
+  makeBundleWritableRepo: () => makeBundleWritableRepo,
+  makeThreadStore: () => makeThreadStore,
+  makeVersionedRepo: () => makeVersionedRepo,
   nightOwlsPlugin: () => nightOwlsPlugin,
   publishAgentVersion: () => publishAgentVersion,
-  rollbackAgentVersion: () => rollbackAgentVersion
+  rollbackAgentVersion: () => rollbackAgentVersion,
+  supabaseUsageSink: () => supabaseUsageSink
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -146,6 +155,19 @@ function makeEventStore(ctx) {
       const rows = await many(ctx.pool, "select run_id, seq, payload from events where org_id=$1 and run_id=$2 and seq>$3 order by seq", [tenantId, runId, sinceSeq]);
       return rows.map(fromRow);
     },
+    // The full ordered log for a CONTAINER: join events → runs and match the container (the root thread_id, OR a
+    // lane sub-thread `<container>:<slug>`). `seq` is GENERATED ALWAYS (global, monotonic across all runs), so a
+    // plain `order by seq` interleaves every run correctly. Org-scoped (service connection bypasses RLS, so we
+    // enforce tenancy here). split_part is injection-safe; a container id never contains ':'.
+    async listForContainer(tenantId, container) {
+      const rows = await many(
+        ctx.pool,
+        `select e.run_id, e.seq, e.payload, r.thread_id from events e join runs r on r.id = e.run_id
+           where e.org_id = $1 and split_part(r.thread_id, ':', 1) = $2 order by e.seq`,
+        [tenantId, container]
+      );
+      return rows.map((r) => ({ ...fromRow(r), threadId: r.thread_id }));
+    },
     subscribe: makeSubscribe(ctx)
   };
 }
@@ -292,6 +314,34 @@ function makeScratchpadStore(ctx) {
   };
 }
 
+// src/threads.ts
+function makeThreadStore(ctx) {
+  return {
+    async ensure({ id, orgId, userId, projectId }) {
+      await ctx.pool.query(
+        "insert into threads(id, org_id, user_id, project_id) values($1,$2,$3,$4) on conflict (id) do nothing",
+        [id, orgId, userId, projectId ?? null]
+      );
+    }
+  };
+}
+
+// src/agents.ts
+var import_core3 = require("@nightowlsdev/core");
+
+// src/versioning.ts
+async function appendVersion(client, entity, headId, tenantId, insertVersionRow, action, actor, auditAfter) {
+  await client.query("select pg_advisory_xact_lock(hashtext($1), hashtext($2))", [entity.versionTable, headId]);
+  const nextV = (await client.query(`select coalesce(max(version),0)+1 v from ${entity.versionTable} where ${entity.fkColumn}=$1`, [headId])).rows[0].v;
+  const versionRowId = await insertVersionRow(nextV);
+  await client.query(`update ${entity.headTable} set current_version_id=$2 where id=$1`, [headId, versionRowId]);
+  await client.query(
+    "insert into audit_log(org_id, actor, action, entity, entity_id, after) values($1,$2,$3,$4,$5,$6)",
+    [tenantId, actor, action, entity.kind, headId, JSON.stringify({ version: nextV, ...auditAfter })]
+  );
+  return nextV;
+}
+
 // src/subscribe-invalidations.ts
 var INVALIDATE_CHANNEL = "nightowls_agent_invalidate";
 async function listenForInvalidations(ctx, onInvalidate) {
@@ -303,7 +353,7 @@ async function listenForInvalidations(ctx, onInvalidate) {
   client.on("error", (e) => {
     client.removeListener("notification", onNotification);
     console.warn(
-      "[nightowls] agent-cache invalidation LISTEN connection errored \u2014 cross-process eviction paused until restart; the 30s cache TTL still bounds staleness:",
+      "[@nightowlsdev/storage-supabase] agent-cache invalidation LISTEN connection errored \u2014 cross-process eviction paused until restart; the 30s cache TTL still bounds staleness:",
       e instanceof Error ? e.message : e
     );
   });
@@ -327,6 +377,7 @@ async function listenForInvalidations(ctx, onInvalidate) {
 }
 
 // src/agents.ts
+var AGENT_ENTITY = { kind: "agent", versionTable: "agent_versions", headTable: "agents", fkColumn: "agent_id" };
 function rowToVersion(r) {
   return {
     slug: r.slug,
@@ -339,6 +390,18 @@ function rowToVersion(r) {
     modelId: r.model_id
   };
 }
+function auditActor(actor) {
+  switch (actor.type) {
+    case "human":
+      return `user:${actor.userId}`;
+    case "service":
+      return `service:${actor.serviceId}`;
+    case "system":
+      return `system:${actor.reason}`;
+    case "agent":
+      return `agent:${actor.agentSlug}`;
+  }
+}
 function makeAgentRepo(ctx) {
   return {
     async head(tenantId, slug) {
@@ -367,19 +430,32 @@ function makeAgentRepo(ctx) {
     }
   };
 }
+function makeVersionedRepo(ctx) {
+  const read = makeAgentRepo(ctx);
+  return {
+    ...read,
+    async publish(tenantId, slug, content, actor) {
+      const { version } = await publishAgentVersion(ctx, { tenantId, ...content, slug, actor });
+      return { version };
+    },
+    async rollback(tenantId, slug, toVersion, actor) {
+      return rollbackAgentVersion(ctx, { tenantId, slug, toVersion, actor });
+    },
+    async listVersions(tenantId, slug, actor) {
+      (0, import_core3.assertActorMayMutateDefinition)(actor);
+      return listAgentVersions(ctx, tenantId, slug);
+    }
+  };
+}
 async function commitVersion(client, agentId, tenantId, content, action, actor, auditAfter) {
-  const nextV = (await client.query("select coalesce(max(version),0)+1 v from agent_versions where agent_id=$1", [agentId])).rows[0].v;
-  const ver = (await client.query(
-    `insert into agent_versions(agent_id, org_id, version, role, personality, capabilities, skill_names, delegate_slugs, model_id, status)
-     values($1,$2,$3,$4,$5,$6,$7,$8,$9,'published') returning id`,
-    [agentId, tenantId, nextV, content.role, content.personality, JSON.stringify(content.capabilities), JSON.stringify(content.skillNames), JSON.stringify(content.delegateSlugs), content.modelId]
-  )).rows[0];
-  await client.query("update agents set current_version_id=$2 where id=$1", [agentId, ver.id]);
-  await client.query(
-    "insert into audit_log(org_id, actor, action, entity, entity_id, after) values($1,$2,$3,'agent',$4,$5)",
-    [tenantId, actor, action, agentId, JSON.stringify({ version: nextV, ...auditAfter })]
-  );
-  return nextV;
+  return appendVersion(client, AGENT_ENTITY, agentId, tenantId, async (version) => {
+    const ver = (await client.query(
+      `insert into agent_versions(agent_id, org_id, version, role, personality, capabilities, skill_names, delegate_slugs, model_id, status)
+       values($1,$2,$3,$4,$5,$6,$7,$8,$9,'published') returning id`,
+      [agentId, tenantId, version, content.role, content.personality, JSON.stringify(content.capabilities), JSON.stringify(content.skillNames), JSON.stringify(content.delegateSlugs), content.modelId]
+    )).rows[0];
+    return ver.id;
+  }, action, actor, auditAfter);
 }
 async function notifyInvalidate(client, tenantId, slug) {
   try {
@@ -387,7 +463,10 @@ async function notifyInvalidate(client, tenantId, slug) {
   } catch {
   }
 }
+var SEED_ACTOR = { type: "system", reason: "seed" };
 async function publishAgentVersion(ctx, def) {
+  const actor = def.actor ?? SEED_ACTOR;
+  (0, import_core3.assertActorMayMutateDefinition)(actor);
   const client = await ctx.pool.connect();
   try {
     await client.query("begin");
@@ -396,9 +475,10 @@ async function publishAgentVersion(ctx, def) {
        on conflict (org_id, project_id, slug) do update set slug=excluded.slug returning id`,
       [def.tenantId, def.slug, def.role === "orchestrator"]
     )).rows[0];
-    await commitVersion(client, agent.id, def.tenantId, def, "publish", def.actor ?? "seed", { slug: def.slug });
+    const version = await commitVersion(client, agent.id, def.tenantId, def, "publish", auditActor(actor), { slug: def.slug });
     await client.query("commit");
     await notifyInvalidate(client, def.tenantId, def.slug);
+    return { version };
   } catch (e) {
     await client.query("rollback");
     throw e;
@@ -406,6 +486,41 @@ async function publishAgentVersion(ctx, def) {
     client.release();
   }
 }
+async function ensureAgentVersion(ctx, def) {
+  const actor = def.actor ?? SEED_ACTOR;
+  (0, import_core3.assertActorMayMutateDefinition)(actor);
+  const client = await ctx.pool.connect();
+  try {
+    await client.query("begin");
+    await client.query("select pg_advisory_xact_lock(hashtext($1), hashtext($2))", ["ensure_agent", `${def.tenantId}:${def.slug}`]);
+    const head = (await client.query(
+      `select v.version from agents a join agent_versions v on v.id = a.current_version_id where a.org_id=$1 and a.slug=$2 and a.project_id is null`,
+      [def.tenantId, def.slug]
+    )).rows[0];
+    if (head) {
+      await client.query("commit");
+      return { version: head.version, created: false };
+    }
+    const agent = (await client.query(
+      `insert into agents(org_id, slug, is_orchestrator) values($1,$2,$3)
+       on conflict (org_id, project_id, slug) do update set slug=excluded.slug returning id`,
+      [def.tenantId, def.slug, def.role === "orchestrator"]
+    )).rows[0];
+    const version = await commitVersion(client, agent.id, def.tenantId, def, "publish", auditActor(actor), { slug: def.slug });
+    await client.query("commit");
+    await notifyInvalidate(client, def.tenantId, def.slug);
+    return { version, created: true };
+  } catch (e) {
+    await client.query("rollback");
+    throw e;
+  } finally {
+    client.release();
+  }
+}
+async function listTenants(ctx) {
+  const rows = await many(ctx.pool, "select id::text as id from orgs order by created_at asc");
+  return rows.map((r) => r.id);
+}
 async function listAgentVersions(ctx, tenantId, slug) {
   const rows = await many(
     ctx.pool,
@@ -417,6 +532,8 @@ async function listAgentVersions(ctx, tenantId, slug) {
   return rows.map((r) => ({ version: Number(r.version), role: r.role, modelId: r.model_id, status: r.status, isCurrent: r.is_current }));
 }
 async function rollbackAgentVersion(ctx, args) {
+  const actor = args.actor ?? { type: "system", reason: "rollback" };
+  (0, import_core3.assertActorMayMutateDefinition)(actor);
   const client = await ctx.pool.connect();
   try {
     await client.query("begin");
@@ -435,7 +552,7 @@ async function rollbackAgentVersion(ctx, args) {
       delegateSlugs: target.delegate_slugs ?? [],
       modelId: target.model_id
     };
-    const version = await commitVersion(client, target.agent_id, args.tenantId, content, "rollback", args.actor ?? "rollback", {
+    const version = await commitVersion(client, target.agent_id, args.tenantId, content, "rollback", auditActor(actor), {
       slug: args.slug,
       restoredFrom: args.toVersion
     });
@@ -450,6 +567,114 @@ async function rollbackAgentVersion(ctx, args) {
   }
 }
 
+// src/bundles.ts
+var import_core4 = require("@nightowlsdev/core");
+var BUNDLE_ENTITY = { kind: "bundle", versionTable: "bundle_versions", headTable: "bundles", fkColumn: "bundle_id" };
+function auditActor2(actor) {
+  switch (actor.type) {
+    case "human":
+      return `user:${actor.userId}`;
+    case "service":
+      return `service:${actor.serviceId}`;
+    case "system":
+      return `system:${actor.reason}`;
+    case "agent":
+      return `agent:${actor.agentSlug}`;
+  }
+}
+function rowToBundleVersion(r) {
+  return { version: Number(r.version), ...r.content };
+}
+function makeBundleRepo(ctx) {
+  return {
+    async head(tenantId, slug) {
+      const r = await one(
+        ctx.pool,
+        `select v.version, v.content from bundles b join bundle_versions v on v.id = b.current_version_id
+         where b.org_id=$1 and b.slug=$2`,
+        [tenantId, slug]
+      );
+      return r ? rowToBundleVersion(r) : null;
+    },
+    async getVersion(tenantId, slug, version) {
+      const r = await one(
+        ctx.pool,
+        `select v.version, v.content from bundles b join bundle_versions v on v.bundle_id = b.id
+         where b.org_id=$1 and b.slug=$2 and v.version=$3`,
+        [tenantId, slug, version]
+      );
+      return r ? rowToBundleVersion(r) : null;
+    },
+    async listSlugs(tenantId) {
+      const rows = await many(ctx.pool, "select slug from bundles where org_id=$1", [tenantId]);
+      return rows.map((r) => r.slug);
+    }
+  };
+}
+async function commitBundle(ctx, tenantId, slug, content, action, actor, auditAfter) {
+  const client = await ctx.pool.connect();
+  try {
+    await client.query("begin");
+    const bundle = (await client.query(
+      `insert into bundles(org_id, slug) values($1,$2)
+       on conflict (org_id, project_id, slug) do update set slug=excluded.slug returning id`,
+      [tenantId, slug]
+    )).rows[0];
+    const version = await appendVersion(client, BUNDLE_ENTITY, bundle.id, tenantId, async (v) => {
+      const row = (await client.query(
+        `insert into bundle_versions(bundle_id, org_id, version, content, status) values($1,$2,$3,$4,'published') returning id`,
+        [bundle.id, tenantId, v, JSON.stringify(content)]
+      )).rows[0];
+      return row.id;
+    }, action, auditActor2(actor), auditAfter);
+    await client.query("commit");
+    return { version };
+  } catch (e) {
+    await client.query("rollback");
+    throw e;
+  } finally {
+    client.release();
+  }
+}
+async function listBundleVersions(ctx, tenantId, slug) {
+  const rows = await many(
+    ctx.pool,
+    `select v.version, v.content, v.status, (v.id = b.current_version_id) as is_current
+     from bundles b join bundle_versions v on v.bundle_id = b.id
+     where b.org_id=$1 and b.slug=$2 order by v.version`,
+    [tenantId, slug]
+  );
+  return rows.map((r) => ({
+    version: Number(r.version),
+    title: r.content?.title ?? "",
+    status: r.status,
+    isCurrent: r.is_current,
+    memberCount: Array.isArray(r.content?.agents) ? r.content.agents.length : 0
+  }));
+}
+function makeBundleWritableRepo(ctx) {
+  const read = makeBundleRepo(ctx);
+  return {
+    ...read,
+    async publish(tenantId, slug, content, actor) {
+      (0, import_core4.assertActorMayMutateDefinition)(actor);
+      return commitBundle(ctx, tenantId, slug, content, "publish", actor, { slug });
+    },
+    async rollback(tenantId, slug, toVersion, actor) {
+      (0, import_core4.assertActorMayMutateDefinition)(actor);
+      const target = await read.getVersion(tenantId, slug, toVersion);
+      if (!target) throw new Error(`cannot roll back bundle ${slug} to v${toVersion}: no such version for this tenant`);
+      const { version: _v, ...content } = target;
+      const { version } = await commitBundle(ctx, tenantId, slug, content, "rollback", actor, { slug, restoredFrom: toVersion });
+      return { version, restoredFrom: toVersion };
+    },
+    async listVersions(tenantId, slug, actor) {
+      (0, import_core4.assertActorMayMutateDefinition)(actor);
+      return listBundleVersions(ctx, tenantId, slug);
+    }
+  };
+}
+
 // src/mastra-store.ts
 var import_pg2 = require("@mastra/pg");
 function createMastraPgStore(opts) {
@@ -461,6 +686,78 @@ function createMastraVectorStore(opts) {
   return new import_pg2.PgVector({ id: "nightowls-vector", connectionString: opts.dbUrl, schemaName: "nightowls" });
 }
 
+// src/usage-sink.ts
+var IDENT = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+var TABLE = /^[a-zA-Z_][a-zA-Z0-9_]*(\.[a-zA-Z_][a-zA-Z0-9_]*)?$/;
+function defaultMap(ev, ctx) {
+  const b = ev.data.breakdown;
+  return {
+    generation_id: ev.data.generationId,
+    run_id: ctx.runId,
+    org_id: ctx.tenantId,
+    agent_slug: ev.data.slug,
+    model_id: ev.data.modelId,
+    input_tokens: b.inputTokens ?? 0,
+    output_tokens: b.outputTokens ?? 0,
+    cost_usd: ev.data.cost.usd
+  };
+}
+function supabaseUsageSink(opts) {
+  const conflict = opts.conflictColumn ?? "generation_id";
+  if (!IDENT.test(conflict)) throw new Error(`supabaseUsageSink: unsafe conflictColumn ${JSON.stringify(conflict)}`);
+  if (!TABLE.test(opts.table)) throw new Error(`supabaseUsageSink: unsafe table ${JSON.stringify(opts.table)}`);
+  const map = opts.map ?? defaultMap;
+  return async (ev, ctx) => {
+    if (ev.type !== "swarm.usage") return;
+    const row = map(ev, ctx);
+    if (!row) return;
+    const cols = Object.keys(row);
+    for (const c of cols) if (!IDENT.test(c)) throw new Error(`supabaseUsageSink: unsafe column ${JSON.stringify(c)}`);
+    const placeholders = cols.map((_c, i) => `$${i + 1}`).join(",");
+    const sql = `insert into ${opts.table}(${cols.join(",")}) values(${placeholders}) on conflict (${conflict}) do nothing`;
+    await opts.pool.query(sql, cols.map((c) => row[c]));
+  };
+}
+
+// src/host-org-source.ts
+var QUALIFIED = /^[a-zA-Z_][a-zA-Z0-9_]*(\.[a-zA-Z_][a-zA-Z0-9_]*)?$/;
+var PLAIN = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assertIdent(v, kind, re) {
+  if (!re.test(v)) throw new Error(`hostOwnedOrgMembership: unsafe ${kind} ${JSON.stringify(v)}`);
+}
+function hostOwnedOrgMembershipSql(opts) {
+  const schema = opts.schema ?? "nightowls";
+  const orgIdColumn = opts.orgIdColumn ?? "organization_id";
+  const userIdColumn = opts.userIdColumn ?? "user_id";
+  const userIdExpr = opts.userIdExpr ?? "(select auth.uid())";
+  assertIdent(schema, "schema", PLAIN);
+  assertIdent(opts.membershipTable, "membershipTable", QUALIFIED);
+  assertIdent(orgIdColumn, "orgIdColumn", PLAIN);
+  assertIdent(userIdColumn, "userIdColumn", PLAIN);
+  if (/;|--|\/\*|\$\$/.test(userIdExpr)) throw new Error(`hostOwnedOrgMembership: unsafe userIdExpr ${JSON.stringify(userIdExpr)}`);
+  return `-- FR-015 \u2014 override ${schema}.is_org_member to read the host membership table ${opts.membershipTable}.
+create or replace function ${schema}.is_org_member(p_org uuid)
+  returns boolean language sql stable set search_path = '' as $$
+  select exists (
+    select 1 from ${opts.membershipTable} m
+    where m.${orgIdColumn} = p_org and m.${userIdColumn} = ${userIdExpr}
+  );
+$$;
+-- The Realtime gate calls is_org_member as the AUTHENTICATED role during a private subscribe, so it must be able
+-- to read the membership table. (No-op if you already granted it.)
+grant select on ${opts.membershipTable} to authenticated;
+`;
+}
+function hostOwnedOrgMigration(opts) {
+  const version = opts.version ?? "host_org_source";
+  assertIdent(version, "version", PLAIN);
+  return {
+    version,
+    name: `host-owned org/membership source (is_org_member \u2192 ${opts.membershipTable})`,
+    sql: hostOwnedOrgMembershipSql(opts)
+  };
+}
+
 // src/migrations/0001_core.ts
 var M0001_CORE = {
   version: "0001_core",
@@ -1587,12 +1884,171 @@ begin
     execute format('alter index nightowls.%I rename to %I', r.indexname, 'nightowls_' || substring(r.indexname from 8));
   end loop;
 end $$;
+
+-- Repoint any function BODY in the (now) nightowls schema that still hardcodes the old 'corale.' schema \u2014
+-- ALTER SCHEMA RENAME does not rewrite dollar-quoted bodies (see the header note). Recreate each via its own
+-- definition with 'corale.' \u2192 'nightowls.'. Generic + idempotent: once rewritten, prosrc no longer matches.
+do $$
+declare r record;
+begin
+  for r in
+    select p.oid
+    from pg_proc p
+    join pg_namespace n on n.oid = p.pronamespace
+    where n.nspname = 'nightowls' and p.prosrc like '%corale.%'
+  loop
+    execute replace(pg_get_functiondef(r.oid), 'corale.', 'nightowls.');
+  end loop;
+end $$;
+`
+  )
+};
+
+// src/migrations/0014_agent_versions_immutable.ts
+var M0014_AGENT_VERSIONS_IMMUTABLE = {
+  version: "0014_agent_versions_immutable",
+  name: "agent_versions: published rows are append-only (no content UPDATE, no DELETE)",
+  sql: (
+    /* sql */
+    `
+-- Guard function: reject any mutation that would rewrite or remove a PUBLISHED agent_versions row.
+create or replace function nightowls.agent_versions_enforce_immutable()
+  returns trigger language plpgsql as $$
+begin
+  if (tg_op = 'DELETE') then
+    if (old.status = 'published') then
+      raise exception 'agent_versions: published version v% of agent % is immutable (DELETE forbidden \u2014 append-only)',
+        old.version, old.agent_id
+        using errcode = 'restrict_violation';
+    end if;
+    return old;
+  end if;
+
+  -- UPDATE: a published row's CONTENT is frozen. Allow the lifecycle status to advance (e.g. archive), but
+  -- forbid changing any identifying/behavior column once published.
+  if (old.status = 'published') then
+    if ( new.agent_id      is distinct from old.agent_id
+      or new.org_id        is distinct from old.org_id
+      or new.version       is distinct from old.version
+      or new.role          is distinct from old.role
+      or new.personality   is distinct from old.personality
+      or new.capabilities  is distinct from old.capabilities
+      or new.skill_names   is distinct from old.skill_names
+      or new.delegate_slugs is distinct from old.delegate_slugs
+      or new.model_id      is distinct from old.model_id
+      or new.model_settings is distinct from old.model_settings
+      or new.guardrails_override is distinct from old.guardrails_override
+      or new.created_at    is distinct from old.created_at ) then
+      raise exception 'agent_versions: published version v% of agent % is immutable (content UPDATE forbidden \u2014 append-only; republish a new version instead)',
+        old.version, old.agent_id
+        using errcode = 'restrict_violation';
+    end if;
+  end if;
+  return new;
+end; $$;
+
+-- Fire BEFORE every UPDATE/DELETE on agent_versions. (No INSERT trigger \u2014 appends are the whole point.)
+drop trigger if exists agent_versions_immutable on nightowls.agent_versions;
+create trigger agent_versions_immutable
+  before update or delete on nightowls.agent_versions
+  for each row execute function nightowls.agent_versions_enforce_immutable();
+`
+  )
+};
+
+// src/migrations/0015_drop_saas_tables.ts
+var M0015_DROP_SAAS_TABLES = {
+  version: "0015_drop_saas_tables",
+  name: "drop SaaS-only tenant_policies + eval_runs (host-owned, not engine schema)",
+  sql: (
+    /* sql */
+    `
+drop table if exists nightowls.tenant_policies cascade;
+drop table if exists nightowls.eval_runs cascade;
+`
+  )
+};
+
+// src/migrations/0016_bundle_versions.ts
+var M0016_BUNDLE_VERSIONS = {
+  version: "0016_bundle_versions",
+  name: "bundles + bundle_versions (append-only bundle definition versioning) + immutability trigger",
+  sql: (
+    /* sql */
+    `
+-- Head pointer (mirrors nightowls.agents). NULLS NOT DISTINCT so the common project_id = NULL case still
+-- collides on (org, slug) \u2014 required for the publish upsert's ON CONFLICT to fire.
+create table nightowls.bundles (
+  id uuid primary key default gen_random_uuid(),
+  org_id uuid not null references nightowls.orgs(id) on delete cascade,
+  project_id uuid, slug text not null, current_version_id uuid,
+  created_at timestamptz not null default now(),
+  unique nulls not distinct (org_id, project_id, slug)
+);
+
+-- Append-only versions (mirrors nightowls.agent_versions; the whole bundle content is a single jsonb snapshot).
+create table nightowls.bundle_versions (
+  id uuid primary key default gen_random_uuid(),
+  bundle_id uuid not null references nightowls.bundles(id) on delete cascade,
+  org_id uuid not null references nightowls.orgs(id) on delete cascade,
+  version integer not null,
+  content jsonb not null,
+  status text not null default 'draft' check (status in ('draft','published','archived')),
+  created_by uuid, created_at timestamptz not null default now(),
+  unique (bundle_id, version)
+);
+alter table nightowls.bundles add constraint bundles_current_version_fk
+  foreign key (current_version_id) references nightowls.bundle_versions(id);
+
+-- RLS + org indexes (mirrors 0001's per-table pattern for the new tables). The adapter uses the service role
+-- (RLS-exempt), so this is defense-in-depth for any future direct authenticated-client read: enable RLS, add an
+-- org-scoped SELECT policy (writes stay service-role-only, like every other definition table), and index org_id.
+alter table nightowls.bundles enable row level security;
+alter table nightowls.bundle_versions enable row level security;
+create policy org_read_bundles on nightowls.bundles
+  for select to authenticated using ((select nightowls.is_org_member(org_id)));
+create policy org_read_bundle_versions on nightowls.bundle_versions
+  for select to authenticated using ((select nightowls.is_org_member(org_id)));
+create index bundles_org_idx on nightowls.bundles (org_id);
+create index bundle_versions_org_idx on nightowls.bundle_versions (org_id);
+
+-- Published-row immutability (mirrors 0014): once status='published', the content + identity columns are frozen
+-- and the row may not be DELETEd. The lifecycle status may still advance (e.g. \u2192 'archived'), which doesn't
+-- rewrite history. No INSERT trigger \u2014 appends are the whole point.
+create or replace function nightowls.bundle_versions_enforce_immutable()
+  returns trigger language plpgsql as $$
+begin
+  if (tg_op = 'DELETE') then
+    if (old.status = 'published') then
+      raise exception 'bundle_versions: published version v% of bundle % is immutable (DELETE forbidden \u2014 append-only)',
+        old.version, old.bundle_id using errcode = 'restrict_violation';
+    end if;
+    return old;
+  end if;
+
+  -- UPDATE: a published row's content + identity is frozen; allow only the lifecycle status to advance.
+  if (old.status = 'published') then
+    if ( new.bundle_id  is distinct from old.bundle_id
+      or new.org_id     is distinct from old.org_id
+      or new.version    is distinct from old.version
+      or new.content    is distinct from old.content
+      or new.created_at is distinct from old.created_at ) then
+      raise exception 'bundle_versions: published version v% of bundle % is immutable (content UPDATE forbidden \u2014 append-only; republish a new version instead)',
+        old.version, old.bundle_id using errcode = 'restrict_violation';
+    end if;
+  end if;
+  return new;
+end; $$;
+
+drop trigger if exists bundle_versions_immutable on nightowls.bundle_versions;
+create trigger bundle_versions_immutable before update or delete on nightowls.bundle_versions
+  for each row execute function nightowls.bundle_versions_enforce_immutable();
 `
   )
 };
 
 // src/migrations/index.ts
-var MIGRATIONS = [M0001_CORE, M0002_MASTRA, M0003_FOLLOWUPS, M0004_MEMORY_VECTOR, M0005_THREAD_TEXT_IDS, M0006_SCRATCHPAD, M0007_SCRATCHPAD_ENTRIES, M0008_FLOOR, M0009_SCRATCHPAD_REALTIME, M0010_PRESENCE_REALTIME, M0011_BROADCAST_ALLOWLIST, M0012_THREAD_SCOPED_RESOURCE, M0013_RENAME_SCHEMA];
+var MIGRATIONS = [M0001_CORE, M0002_MASTRA, M0003_FOLLOWUPS, M0004_MEMORY_VECTOR, M0005_THREAD_TEXT_IDS, M0006_SCRATCHPAD, M0007_SCRATCHPAD_ENTRIES, M0008_FLOOR, M0009_SCRATCHPAD_REALTIME, M0010_PRESENCE_REALTIME, M0011_BROADCAST_ALLOWLIST, M0012_THREAD_SCOPED_RESOURCE, M0013_RENAME_SCHEMA, M0014_AGENT_VERSIONS_IMMUTABLE, M0015_DROP_SAAS_TABLES, M0016_BUNDLE_VERSIONS];
 
 // src/plugin.ts
 var nightOwlsPlugin = {
@@ -1744,12 +2200,22 @@ function createPostgresFloor(pool, opts = {}) {
 function createSupabaseStorage(opts) {
   const ctx = makeCtx(opts);
   let invalidationSub = null;
+  const versionedAgents = makeVersionedRepo(ctx);
+  const writableBundles = makeBundleWritableRepo(ctx);
   return {
-    agents: makeAgentRepo(ctx),
+    agents: versionedAgents,
+    agentsWritable: versionedAgents,
+    bundles: writableBundles,
+    bundlesWritable: writableBundles,
     runs: makeRunStore(ctx),
     events: makeEventStore(ctx),
     messages: makeMessageStore(ctx),
+    // FR-009: the engine ensures this thread row at run start, so a host no longer hand-writes raw SQL against
+    // `nightowls.threads`, and `messages.append` cannot throw `unknown thread` through the supported path.
+    threads: makeThreadStore(ctx),
     scratchpad: makeScratchpadStore(ctx),
+    // FR-016: enumerate the engine's tenants for idempotent per-tenant crew backfill (pairs with ensureAgentVersion).
+    listTenants: () => listTenants(ctx),
     // Record the suspended run in the tenant-scoped followup index so `runs.findSuspended` (the resume
     // authz gate) can resolve it. RE-OPEN on conflict (reset `answered_at`): Mastra REUSES the same
     // `toolCallId` when an agent asks AGAIN after a resume, so the engine's `followupId = runId:toolCallId`
@@ -1766,10 +2232,11 @@ function createSupabaseStorage(opts) {
     // Mark a followup answered so `findSuspended` (which filters `answered_at is null`) stops returning
     // it — closes the replay window once a resume begins. Tenant-scoped + idempotent.
     markFollowupAnswered: async (followupId, tenantId) => {
-      await ctx.pool.query("update followups set answered_at = now() where id=$1 and org_id=$2 and answered_at is null", [
+      const r = await ctx.pool.query("update followups set answered_at = now() where id=$1 and org_id=$2 and answered_at is null", [
         followupId,
         tenantId
       ]);
+      return (r.rowCount ?? 0) > 0;
     },
     // R12: cross-process cache invalidation via Postgres LISTEN. The engine wires this to
     // `rowCache.invalidate`; a `publishAgentVersion` elsewhere NOTIFYs the key and every instance evicts
@@ -1818,8 +2285,17 @@ function createSupabaseStorage(opts) {
   createMastraVectorStore,
   createPostgresFloor,
   createSupabaseStorage,
+  ensureAgentVersion,
+  hostOwnedOrgMembershipSql,
+  hostOwnedOrgMigration,
   listAgentVersions,
+  listTenants,
+  makeBundleRepo,
+  makeBundleWritableRepo,
+  makeThreadStore,
+  makeVersionedRepo,
   nightOwlsPlugin,
   publishAgentVersion,
-  rollbackAgentVersion
+  rollbackAgentVersion,
+  supabaseUsageSink
 });