dzql 0.6.16 → 0.6.18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dzql",
-  "version": "0.6.16",
+  "version": "0.6.18",
   "description": "Database-first real-time framework with TypeScript support",
   "repository": {
     "type": "git",

package/src/cli/codegen/client.ts

@@ -15,8 +15,27 @@ export function generateClientSDK(manifest: Manifest): string {
   const subscriptionFunctions = Object.entries(manifest.functions)
     .filter(([_, def]) => def.isSubscription);
 
-  // Generate entity types
-  const typeDefs = generateTypeDefinitions(manifest.entities, manifest.subscribables);
+  // Build a map of custom functions with typed params/returns
+  const typedCustomFunctions = new Map<string, { hasParams: boolean; hasReturns: boolean; returnsScalar: boolean }>();
+  if (manifest.customFunctions) {
+    for (const fn of manifest.customFunctions) {
+      const hasParams = fn.params && Object.keys(fn.params).length > 0;
+      const hasReturns = fn.returns !== undefined;
+      const returnsScalar = typeof fn.returns === 'string';
+      typedCustomFunctions.set(fn.name, { hasParams: !!hasParams, hasReturns, returnsScalar });
+    }
+  }
+
+  // Generate entity types (now with auth, subscribable results, and custom function types)
+  const typeDefs = generateTypeDefinitions(
+    manifest.entities,
+    manifest.subscribables,
+    manifest.auth,
+    manifest.customFunctions
+  );
+
+  // Check if we have auth types
+  const hasAuth = manifest.auth !== undefined;
 
   // Generate API interface with proper types
   const apiMethods = Object.entries(manifest.functions).map(([funcName, def]) => {
@@ -29,18 +48,34 @@ export function generateClientSDK(manifest: Manifest): string {
     // Check if this entity exists in manifest
     const entityExists = manifest.entities[entity];
 
+    // Check if this is a subscribable
+    const subscribableExists = manifest.subscribables?.[entity];
+
     let paramType = 'Record<string, unknown>';
     let returnType = 'unknown';
 
+    // Handle auth functions
+    if (funcName === 'login_user' && hasAuth) {
+      return `  ${funcName}: (params: LoginParams) => Promise<LoginResult>;`;
+    }
+    if (funcName === 'register_user' && hasAuth) {
+      return `  ${funcName}: (params: RegisterParams) => Promise<RegisterResult>;`;
+    }
+
+    // Handle subscriptions
     if (isSubscription) {
-      // subscribe_venue_detail -> VenueDetailParams
+      // subscribe_venue_detail -> VenueDetailParams, VenueDetailResult
       paramType = `${pascalEntity}Params`;
-      return `  ${funcName}: (params: ${paramType}, callback: (data: unknown) => void) => Promise<{ data: unknown; subscription_id: string; schema: unknown; unsubscribe: () => Promise<void> }>;`;
-    } else if (op === 'get' && entityExists) {
+      const resultType = subscribableExists ? `${pascalEntity}Result` : 'unknown';
+      return `  ${funcName}: (params: ${paramType}, callback: (data: ${resultType}) => void) => Promise<{ data: ${resultType}; subscription_id: string; schema: unknown; unsubscribe: () => Promise<void> }>;`;
+    }
+
+    // Handle entity CRUD operations
+    if (op === 'get' && entityExists) {
       // get_venue_detail (subscribable getter) vs get_venues (entity getter)
-      if (manifest.subscribables?.[entity]) {
+      if (subscribableExists) {
         paramType = `${pascalEntity}Params`;
-        returnType = 'unknown';
+        returnType = `${pascalEntity}Result`;
       } else {
         paramType = `${pascalEntity}PK`;
         returnType = `${pascalEntity} | null`;
@@ -58,7 +93,24 @@ export function generateClientSDK(manifest: Manifest): string {
       paramType = `Lookup${pascalEntity}Params`;
       returnType = `${pascalEntity}[]`;
     }
-    // Custom functions and auth functions stay as Record<string, unknown>
+
+    // Handle custom functions with typed params/returns
+    const customFnInfo = typedCustomFunctions.get(funcName);
+    if (customFnInfo) {
+      const pascalFuncName = toPascalCase(funcName);
+      if (customFnInfo.hasParams) {
+        paramType = `${pascalFuncName}Params`;
+      }
+      if (customFnInfo.hasReturns) {
+        if (customFnInfo.returnsScalar) {
+          // Find the scalar type from the manifest
+          const fn = manifest.customFunctions?.find(f => f.name === funcName);
+          returnType = fn?.returns as string || 'unknown';
+        } else {
+          returnType = `${pascalFuncName}Result`;
+        }
+      }
+    }
 
     return `  ${funcName}: (params: ${paramType}) => Promise<${returnType}>;`;
   }).join('\n');

package/src/cli/codegen/manifest.ts

@@ -1,10 +1,12 @@
-import { DomainIR, EntityIR, SubscribableIR } from "../../shared/ir.js";
+import { DomainIR, EntityIR, SubscribableIR, AuthIR, CustomFunctionIR } from "../../shared/ir.js";
 
 export interface Manifest {
   version: string;
   functions: Record<string, FunctionDef>;
   entities: Record<string, EntityIR>;
   subscribables: Record<string, SubscribableIR>;
+  auth?: AuthIR;
+  customFunctions?: CustomFunctionIR[];
 }
 
 export interface FunctionDef {
@@ -18,9 +20,9 @@ export interface FunctionDef {
 
 export function generateManifest(ir: DomainIR): Manifest {
   const functions: Record<string, FunctionDef> = {
-    // Built-in Auth Functions
-    login_user: { schema: 'dzql_v2', name: 'login_user', args: ['p_params'], returnType: 'jsonb' },
-    register_user: { schema: 'dzql_v2', name: 'register_user', args: ['p_params'], returnType: 'jsonb' }
+    // Built-in Auth Functions (individual params, not jsonb)
+    login_user: { schema: 'dzql_v2', name: 'login_user', args: ['p_email', 'p_password'], returnType: 'jsonb' },
+    register_user: { schema: 'dzql_v2', name: 'register_user', args: ['p_email', 'p_password', 'p_options'], returnType: 'jsonb' }
   };
 
   for (const [name, entity] of Object.entries(ir.entities)) {
@@ -90,6 +92,8 @@ export function generateManifest(ir: DomainIR): Manifest {
     version: "2.0.0",
     functions,
     entities: ir.entities, // Pass through for client generator
-    subscribables: ir.subscribables
+    subscribables: ir.subscribables,
+    auth: ir.auth,
+    customFunctions: ir.customFunctions
   };
 }

package/src/cli/codegen/sql.ts

@@ -71,11 +71,40 @@ BEGIN
   RETURN ARRAY[]::text[];
 END;
 $$;
+`;
+}
 
--- === AUTH FUNCTIONS ===
+/**
+ * Generate auth SQL functions.
+ * These depend on the 'users' table existing, so must be applied after schema.
+ */
+export function generateAuthSQL() {
+  return `
+-- === AUTH SYSTEM ===
+-- These functions depend on a 'users' table being created by the domain schema.
+-- The users table must have: id (serial PK), email (text unique), password_hash (text)
+-- Additional columns can be added and will be returned by _profile() automatically.
+
+-- Get user profile (private function)
+-- Returns all user columns except sensitive fields (password_hash, password, secret, token)
+-- This allows the users table to have any additional columns without modifying this function
+CREATE OR REPLACE FUNCTION dzql_v2._profile(p_user_id int)
+RETURNS jsonb
+LANGUAGE sql
+SECURITY DEFINER
+SET search_path = dzql_v2, public
+AS $$
+  SELECT jsonb_build_object('user_id', u.id) || (to_jsonb(u.*) - 'id' - 'password_hash' - 'password' - 'secret' - 'token')
+  FROM users u
+  WHERE id = p_user_id;
+$$;
 
--- Register User
-CREATE OR REPLACE FUNCTION dzql_v2.register_user(p_params jsonb)
+-- Register new user
+-- p_email: User's email address (must be unique)
+-- p_password: User's password (will be hashed)
+-- p_options: Optional JSON object with additional fields to set on the user record
+-- Example: register_user('test@example.com', 'password', '{"name": "Test User"}')
+CREATE OR REPLACE FUNCTION dzql_v2.register_user(p_email text, p_password text, p_options jsonb DEFAULT NULL)
 RETURNS jsonb
 LANGUAGE plpgsql
 SECURITY DEFINER
@@ -83,37 +112,46 @@ SET search_path = dzql_v2, public
 AS $$
 DECLARE
   v_user_id int;
-  v_email text;
-  v_password text;
-  v_name text;
-  v_options jsonb;
+  v_salt text;
+  v_hash text;
+  v_insert_data jsonb;
 BEGIN
-  v_email := p_params->>'email';
-  v_password := p_params->>'password';
-  v_name := COALESCE(p_params->>'name', v_email);
-  v_options := COALESCE(p_params->'options', '{}'::jsonb);
-
-  IF v_email IS NULL OR v_password IS NULL THEN
+  IF p_email IS NULL OR p_password IS NULL THEN
     RAISE EXCEPTION 'validation_error: email and password required';
   END IF;
 
-  INSERT INTO users (email, password_hash, name)
-  VALUES (v_email, crypt(v_password, gen_salt('bf')), v_name)
-  RETURNING id INTO v_user_id;
+  -- Generate salt and hash password
+  v_salt := gen_salt('bf', 10);
+  v_hash := crypt(p_password, v_salt);
 
-  -- TODO: Handle v_options if needed (e.g. creating orgs)
+  -- Build insert data: options fields + email + password_hash (options cannot override core fields)
+  v_insert_data := jsonb_build_object('email', p_email, 'password_hash', v_hash);
+  IF p_options IS NOT NULL THEN
+    v_insert_data := (p_options - 'id' - 'email' - 'password_hash' - 'password') || v_insert_data;
+  END IF;
 
-  -- Return minimal profile (Token generation happens in Runtime layer)
-  RETURN jsonb_build_object(
-    'user_id', v_user_id,
-    'email', v_email,
-    'name', v_name
-  );
+  -- Dynamic INSERT from JSONB (same pattern as compiled save functions)
+  EXECUTE (
+    SELECT format(
+      'INSERT INTO users (%s) VALUES (%s) RETURNING id',
+      string_agg(quote_ident(key), ', '),
+      string_agg(quote_nullable(value), ', ')
+    )
+    FROM jsonb_each_text(v_insert_data) kv(key, value)
+  ) INTO v_user_id;
+
+  -- Return profile (Token generation happens in Runtime layer)
+  RETURN dzql_v2._profile(v_user_id);
+EXCEPTION
+  WHEN unique_violation THEN
+    RAISE EXCEPTION 'validation_error: Email already exists' USING ERRCODE = '23505';
 END;
 $$;
 
--- Login User
-CREATE OR REPLACE FUNCTION dzql_v2.login_user(p_params jsonb)
+-- Login user
+-- p_email: User's email address
+-- p_password: User's password
+CREATE OR REPLACE FUNCTION dzql_v2.login_user(p_email text, p_password text)
 RETURNS jsonb
 LANGUAGE plpgsql
 SECURITY DEFINER
@@ -122,17 +160,20 @@ AS $$
 DECLARE
   v_user record;
 BEGIN
-  SELECT * INTO v_user FROM users WHERE email = p_params->>'email';
+  SELECT id, email, password_hash
+  INTO v_user
+  FROM users
+  WHERE email = p_email;
 
-  IF v_user IS NULL OR v_user.password_hash != crypt(p_params->>'password', v_user.password_hash) THEN
-    RAISE EXCEPTION 'permission_denied: invalid credentials';
+  IF NOT FOUND THEN
+    RAISE EXCEPTION 'permission_denied: invalid credentials' USING ERRCODE = '28000';
   END IF;
 
-  RETURN jsonb_build_object(
-    'user_id', v_user.id,
-    'email', v_user.email,
-    'name', v_user.name
-  );
+  IF NOT (v_user.password_hash = crypt(p_password, v_user.password_hash)) THEN
+    RAISE EXCEPTION 'permission_denied: invalid credentials' USING ERRCODE = '28000';
+  END IF;
+
+  RETURN dzql_v2._profile(v_user.id);
 END;
 $$;
 `;

package/src/cli/codegen/types.ts

@@ -1,4 +1,4 @@
-import { EntityIR, SubscribableIR } from "../../shared/ir.js";
+import { EntityIR, SubscribableIR, AuthIR, CustomFunctionIR } from "../../shared/ir.js";
 
 const TYPE_MAP: Record<string, string> = {
   'text': 'string',
@@ -19,14 +19,18 @@ const PARAM_TYPE_MAP: Record<string, string> = {
   'integer': 'number',
   'text': 'string',
   'string': 'string',
+  'number': 'number',
   'boolean': 'boolean',
   'date': 'string',
-  'timestamptz': 'string'
+  'timestamptz': 'string',
+  'object': 'Record<string, unknown>'
 };
 
 export function generateTypeDefinitions(
   entities: Record<string, EntityIR>,
-  subscribables?: Record<string, SubscribableIR>
+  subscribables?: Record<string, SubscribableIR>,
+  auth?: AuthIR,
+  customFunctions?: CustomFunctionIR[]
 ): string {
   let output = "";
 
@@ -49,6 +53,7 @@ export type FilterValue<T> = T | FilterOperators<T>;
 
 `;
 
+  // --- Entity Types ---
   for (const [name, entity] of Object.entries(entities)) {
     const pascalName = toPascalCase(name);
 
@@ -106,17 +111,109 @@ export type FilterValue<T> = T | FilterOperators<T>;
 }\n\n`;
   }
 
-  // --- Subscribable Params ---
+  // --- Subscribable Params and Result Types ---
   if (subscribables) {
     for (const [name, sub] of Object.entries(subscribables)) {
       const pascalName = toPascalCase(name);
 
+      // Params interface
       output += `export interface ${pascalName}Params {\n`;
       for (const [paramName, paramType] of Object.entries(sub.params)) {
         const tsType = PARAM_TYPE_MAP[paramType as string] || 'any';
         output += `  ${paramName}: ${tsType};\n`;
       }
       output += `}\n\n`;
+
+      // Result interface (extends root entity with includes)
+      const rootEntity = sub.root?.entity;
+      const rootEntityPascal = rootEntity ? toPascalCase(rootEntity) : null;
+
+      if (rootEntityPascal && entities[rootEntity]) {
+        output += `export interface ${pascalName}Result extends ${rootEntityPascal} {\n`;
+
+        // Add includes as optional fields
+        if (sub.includes) {
+          for (const [includeKey, includeIR] of Object.entries(sub.includes)) {
+            const includeEntity = includeIR.entity;
+            const includeEntityPascal = toPascalCase(includeEntity);
+
+            // Determine if it's an array (one-to-many) or single (many-to-one)
+            // For now, assume arrays unless the include key matches a FK pattern
+            const isArray = !includeKey.endsWith('_id') && includeKey !== rootEntity;
+            const includeType = isArray ? `${includeEntityPascal}[]` : includeEntityPascal;
+
+            output += `  ${includeKey}?: ${includeType};\n`;
+          }
+        }
+
+        output += `}\n\n`;
+      }
+    }
+  }
+
+  // --- Auth Types ---
+  if (auth) {
+    // AuthUser interface
+    output += `export interface AuthUser {\n`;
+    for (const [fieldName, fieldType] of Object.entries(auth.userFields)) {
+      const tsType = PARAM_TYPE_MAP[fieldType] || fieldType;
+      output += `  ${fieldName}: ${tsType};\n`;
+    }
+    output += `}\n\n`;
+
+    // LoginParams interface
+    output += `export interface LoginParams {\n`;
+    for (const [paramName, paramType] of Object.entries(auth.loginParams)) {
+      const tsType = PARAM_TYPE_MAP[paramType] || paramType;
+      output += `  ${paramName}: ${tsType};\n`;
+    }
+    output += `}\n\n`;
+
+    // LoginResult interface
+    output += `export interface LoginResult extends AuthUser {\n`;
+    output += `  token: string;\n`;
+    output += `}\n\n`;
+
+    // RegisterParams interface
+    output += `export interface RegisterParams {\n`;
+    for (const [paramName, paramType] of Object.entries(auth.registerParams)) {
+      const tsType = PARAM_TYPE_MAP[paramType] || paramType;
+      // options is optional (p_options jsonb DEFAULT NULL)
+      const optional = paramName === 'options' ? '?' : '';
+      output += `  ${paramName}${optional}: ${tsType};\n`;
+    }
+    output += `}\n\n`;
+
+    // RegisterResult interface
+    output += `export interface RegisterResult extends AuthUser {\n`;
+    output += `  token: string;\n`;
+    output += `}\n\n`;
+  }
+
+  // --- Custom Function Types ---
+  if (customFunctions) {
+    for (const fn of customFunctions) {
+      const pascalName = toPascalCase(fn.name);
+
+      // Generate params interface if params are defined
+      if (fn.params && Object.keys(fn.params).length > 0) {
+        output += `export interface ${pascalName}Params {\n`;
+        for (const [paramName, paramType] of Object.entries(fn.params)) {
+          const tsType = PARAM_TYPE_MAP[paramType] || paramType;
+          output += `  ${paramName}: ${tsType};\n`;
+        }
+        output += `}\n\n`;
+      }
+
+      // Generate result interface if returns is an object
+      if (fn.returns && typeof fn.returns === 'object') {
+        output += `export interface ${pascalName}Result {\n`;
+        for (const [fieldName, fieldType] of Object.entries(fn.returns)) {
+          const tsType = PARAM_TYPE_MAP[fieldType] || fieldType;
+          output += `  ${fieldName}: ${tsType};\n`;
+        }
+        output += `}\n\n`;
+      }
     }
   }
 

package/src/cli/compiler/ir.ts

@@ -12,7 +12,8 @@ import type {
   IncludeIR,
   CustomFunctionIR,
   ManyToManyIR,
-  GraphRuleIR
+  GraphRuleIR,
+  AuthIR
 } from "../../shared/ir.js";
 
 /**
@@ -224,14 +225,68 @@ export function generateIR(domain: DomainConfig): DomainIR {
       customFunctions.push({
         name: fn.name,
         sql: fn.sql,
-        args: fn.args || ['p_user_id', 'p_params']
+        args: fn.args || ['p_user_id', 'p_params'],
+        params: fn.params,
+        returns: fn.returns
       });
     }
   }
 
+  // --- AUTH CONFIG ---
+  // Generate default auth config based on users entity if not provided
+  let auth: AuthIR | undefined;
+
+  if (domain.auth) {
+    // Use explicit auth config
+    auth = {
+      userFields: domain.auth.userFields || {},
+      loginParams: domain.auth.loginParams || { email: 'string', password: 'string' },
+      registerParams: domain.auth.registerParams || { email: 'string', password: 'string', options: 'object' }
+    };
+  } else if (entities['users']) {
+    // Derive auth config from users entity
+    const usersEntity = entities['users'];
+    const hiddenFields = new Set(usersEntity.hidden || []);
+    hiddenFields.add('password_hash');
+    hiddenFields.add('password');
+
+    // Map user columns to TypeScript types (excluding hidden fields)
+    const userFields: Record<string, string> = {
+      user_id: 'number'  // Always include user_id
+    };
+
+    for (const col of usersEntity.columns) {
+      if (!hiddenFields.has(col.name) && col.name !== 'id') {
+        userFields[col.name] = mapPgTypeToTsType(col.type);
+      }
+    }
+
+    auth = {
+      userFields,
+      loginParams: { email: 'string', password: 'string' },
+      registerParams: { email: 'string', password: 'string', options: 'object' }
+    };
+  }
+
   return {
     entities,
     subscribables,
-    customFunctions
+    customFunctions,
+    auth
   };
 }
+
+/**
+ * Maps PostgreSQL column type to TypeScript type string
+ */
+function mapPgTypeToTsType(pgType: string): string {
+  const lower = pgType.toLowerCase();
+  if (lower.includes('int') || lower.includes('serial') || lower.includes('decimal') || lower.includes('numeric')) {
+    return 'number';
+  }
+  if (lower.includes('bool')) {
+    return 'boolean';
+  }
+  // Default to string for text, timestamps, etc.
+  return 'string';
+}

package/src/cli/index.ts

@@ -2,7 +2,7 @@
 import { loadDomain } from "./compiler/loader.js";
 import { analyzeDomain } from "./compiler/analyzer.js";
 import { generateIR } from "./compiler/ir.js";
-import { generateCoreSQL, generateEntitySQL, generateSchemaSQL } from "./codegen/sql.js";
+import { generateCoreSQL, generateAuthSQL, generateEntitySQL, generateSchemaSQL } from "./codegen/sql.js";
 import { generateSubscribableSQL, generateComputeAffectedKeysFunction } from "./codegen/subscribable_sql.js";
 import { generateManifest } from "./codegen/manifest.js";
 import { generateSubscribableStore } from "./codegen/subscribable_store.js";
@@ -107,10 +107,14 @@ async function main() {
       writeFileSync(resolve(dbDir, `000_core.sql`), coreSQL);
       const timestamp = new Date().toISOString().replace(/[:.-]/g, '');
 
-      // Combine entity SQL with custom functions
-      const schemaContent = customFunctionSQL.length > 0
-        ? entitySQL.join('\n') + '\n\n-- Custom Functions\n' + customFunctionSQL.join('\n\n')
-        : entitySQL.join('\n');
+      // Combine entity SQL with auth functions and custom functions
+      // Auth functions must come after schema (they depend on users table)
+      const authSQL = generateAuthSQL();
+      let schemaContent = entitySQL.join('\n');
+      schemaContent += '\n\n-- Auth Functions\n' + authSQL;
+      if (customFunctionSQL.length > 0) {
+        schemaContent += '\n\n-- Custom Functions\n' + customFunctionSQL.join('\n\n');
+      }
       writeFileSync(resolve(dbDir, `${timestamp}_schema.sql`), schemaContent);
 
       if (customFunctionSQL.length > 0) {

package/src/runtime/server.ts

@@ -53,8 +53,8 @@ export async function handleRequest(
   try {
     // Construct params array based on manifest definition
     // args: ["p_user_id", "p_data"] -> [$1, $2]
-    // args: ["p_params"] -> [$2] (since $2 is the data param)
-    // We map: p_user_id -> userId ($1), p_data/p_pk/p_params -> params ($2)
+    // args: ["p_email", "p_password"] -> extract from params object
+    // We map: p_user_id -> userId, p_data/p_pk/p_params -> params (jsonb), individual args -> params[key]
 
     const dbParams = [];
     const sqlArgs = [];
@@ -66,8 +66,16 @@ export async function handleRequest(
             dbParams.push(userId);
             sqlArgs.push(`$${dbParams.length}`);
         } else if (arg === 'p_data' || arg === 'p_pk' || arg === 'p_query' || arg === 'p_params') {
+            // Pass entire params object as jsonb
             dbParams.push(params);
             sqlArgs.push(`$${dbParams.length}`);
+        } else if (arg.startsWith('p_')) {
+            // Individual param: extract from params object by field name
+            // e.g., p_email -> params.email, p_password -> params.password, p_options -> params.options
+            const fieldName = arg.slice(2); // Remove 'p_' prefix
+            const value = params?.[fieldName];
+            dbParams.push(value !== undefined ? value : null);
+            sqlArgs.push(`$${dbParams.length}`);
         } else {
             // Unknown arg? Pass null
             dbParams.push(null);

package/src/shared/ir.ts

@@ -100,6 +100,20 @@ export interface CustomFunctionConfig {
   name: string;
   sql: string;
   args?: string[];
+  /** Parameter types for TypeScript generation: { paramName: 'number' | 'string' | ... } */
+  params?: Record<string, string>;
+  /** Return type: either an object shape or a scalar type name */
+  returns?: Record<string, string> | string;
+}
+
+/** Auth configuration for TypeScript type generation */
+export interface AuthConfig {
+  /** Fields returned by auth functions (user profile shape) */
+  userFields?: Record<string, string>;
+  /** Login function parameter types */
+  loginParams?: Record<string, string>;
+  /** Register function parameter types */
+  registerParams?: Record<string, string>;
 }
 
 /** Complete domain configuration as provided in domain file */
@@ -107,6 +121,7 @@ export interface DomainConfig {
   entities: Record<string, EntityConfig>;
   subscribables?: Record<string, SubscribableConfig>;
   customFunctions?: CustomFunctionConfig[];
+  auth?: AuthConfig;
 }
 
 // ============================================
@@ -191,10 +206,25 @@ export interface CustomFunctionIR {
   name: string;
   sql: string;
   args?: string[];  // For manifest allowlist
+  /** Parameter types for TypeScript generation */
+  params?: Record<string, string>;
+  /** Return type: either an object shape or a scalar type name */
+  returns?: Record<string, string> | string;
+}
+
+/** Auth IR for TypeScript type generation */
+export interface AuthIR {
+  /** Fields returned by auth functions (user profile shape) */
+  userFields: Record<string, string>;
+  /** Login function parameter types */
+  loginParams: Record<string, string>;
+  /** Register function parameter types */
+  registerParams: Record<string, string>;
 }
 
 export interface DomainIR {
   entities: Record<string, EntityIR>;
   subscribables: Record<string, SubscribableIR>;
   customFunctions: CustomFunctionIR[];
+  auth?: AuthIR;
 }