latticesql 0.5.1 → 0.5.3

package/README.md

@@ -44,6 +44,7 @@ Lattice has no opinions about your schema, your agents, or your file format. You
   - [Lifecycle hooks](#lifecycle-hooks)
   - [Field interpolation](#field-interpolation)
 - [Entity context directories (v0.5+)](#entity-context-directories-v05)
+- [SESSION.md write pattern](#sessionmd-write-pattern)
 - [YAML config (v0.4+)](#yaml-config-v04)
   - [lattice.config.yml reference](#latticeconfigyml-reference)
   - [Init from config](#init-from-config)
@@ -1000,6 +1001,78 @@ See [docs/entity-context.md](./docs/entity-context.md) for the complete referenc
 
 ---
 
+## SESSION.md write pattern
+
+When agents run in a directory-based context system (e.g., one directory per agent with generated Markdown files), SESSION.md provides a **safe write interface** that enforces a clean read/write separation:
+
+```
+READ:  Lattice DB → render() → object MDs (READ ONLY for agents)
+WRITE: Agent → SESSION.md → processor → validates → Lattice DB
+```
+
+All generated context files carry a read-only header so agents know not to edit them directly. SESSION.md is the only writable file in the directory.
+
+### Write entry format
+
+```
+---
+id: 2026-03-25T10:30:00Z-agent-abc123
+type: write
+timestamp: 2026-03-25T10:30:00Z
+op: update
+table: agents
+target: agent-id-here
+reason: Updating status after deployment completed.
+---
+status: active
+last_task: piut-deploy
+===
+```
+
+| Header | Required | Description |
+|--------|----------|-------------|
+| `type` | Yes | Must be `write` |
+| `timestamp` | Yes | ISO 8601 |
+| `op` | Yes | `create`, `update`, or `delete` |
+| `table` | Yes | Target table name |
+| `target` | For update/delete | Record primary key |
+| `reason` | Encouraged | Human-readable reason (audit trail) |
+
+**Body**: `key: value` pairs — one field per line. Field names are validated against the table schema before any write is applied.
+
+### Library support
+
+`latticesql` exports a parser for the SESSION.md write format:
+
+```ts
+import { parseSessionWrites } from 'latticesql';
+
+const result = parseSessionWrites(sessionFileContent);
+// result.entries: SessionWriteEntry[]
+// result.errors:  Array<{ line: number; message: string }>
+
+for (const entry of result.entries) {
+  console.log(entry.op, entry.table, entry.target, entry.fields);
+}
+```
+
+**`SessionWriteEntry`:**
+```ts
+interface SessionWriteEntry {
+  id: string;                       // content-addressed ID
+  timestamp: string;                // ISO 8601
+  op: 'create' | 'update' | 'delete';
+  table: string;
+  target?: string;                  // required for update/delete
+  reason?: string;
+  fields: Record<string, string>;  // empty for delete
+}
+```
+
+The processor is responsible for applying the parsed entries to your DB and validating field names against your schema. The `parseSessionWrites` function is pure — no DB access, no side effects.
+
+---
+
 ## YAML config (v0.4+)
 
 Define your entire schema in a YAML file. Lattice reads it at construction time, creates all tables on `init()`, and wires render functions automatically.

package/dist/cli.js

@@ -503,12 +503,22 @@ var SchemaManager = class {
       }
     }
   }
-  /** Query all rows from a registered table */
+  /**
+   * Query all rows from a table.
+   * Registered tables (via `define()`) are queried directly.
+   * Tables used only in entity contexts (schema managed externally) fall back
+   * to a raw SELECT with optional `deleted_at IS NULL` soft-delete filtering.
+   */
   queryTable(adapter, name) {
-    if (!this._tables.has(name)) {
-      throw new Error(`Unknown table: "${name}"`);
+    if (this._tables.has(name)) {
+      return adapter.all(`SELECT * FROM "${name}"`);
+    }
+    if (this._entityContexts.has(name)) {
+      const cols = adapter.all(`PRAGMA table_info("${name}")`);
+      const hasDeletedAt = cols.some((c) => c.name === "deleted_at");
+      return adapter.all(`SELECT * FROM "${name}"${hasDeletedAt ? " WHERE deleted_at IS NULL" : ""}`);
     }
-    return adapter.all(`SELECT * FROM "${name}"`);
+    throw new Error(`Unknown table: "${name}"`);
   }
   _ensureTable(adapter, name, columns, tableConstraints) {
     const colDefs = Object.entries(columns).map(([col, type]) => `"${col}" ${type}`).join(", ");

package/dist/index.cjs

@@ -31,10 +31,18 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   Lattice: () => Lattice,
+  READ_ONLY_HEADER: () => READ_ONLY_HEADER,
+  applyWriteEntry: () => applyWriteEntry,
+  generateEntryId: () => generateEntryId,
+  generateWriteEntryId: () => generateWriteEntryId,
   manifestPath: () => manifestPath,
   parseConfigFile: () => parseConfigFile,
   parseConfigString: () => parseConfigString,
+  parseMarkdownEntries: () => parseMarkdownEntries,
+  parseSessionMD: () => parseSessionMD,
+  parseSessionWrites: () => parseSessionWrites,
   readManifest: () => readManifest,
+  validateEntryId: () => validateEntryId,
   writeManifest: () => writeManifest
 });
 module.exports = __toCommonJS(index_exports);
@@ -230,12 +238,22 @@ var SchemaManager = class {
       }
     }
   }
-  /** Query all rows from a registered table */
+  /**
+   * Query all rows from a table.
+   * Registered tables (via `define()`) are queried directly.
+   * Tables used only in entity contexts (schema managed externally) fall back
+   * to a raw SELECT with optional `deleted_at IS NULL` soft-delete filtering.
+   */
   queryTable(adapter, name) {
-    if (!this._tables.has(name)) {
-      throw new Error(`Unknown table: "${name}"`);
+    if (this._tables.has(name)) {
+      return adapter.all(`SELECT * FROM "${name}"`);
+    }
+    if (this._entityContexts.has(name)) {
+      const cols = adapter.all(`PRAGMA table_info("${name}")`);
+      const hasDeletedAt = cols.some((c) => c.name === "deleted_at");
+      return adapter.all(`SELECT * FROM "${name}"${hasDeletedAt ? " WHERE deleted_at IS NULL" : ""}`);
     }
-    return adapter.all(`SELECT * FROM "${name}"`);
+    throw new Error(`Unknown table: "${name}"`);
   }
   _ensureTable(adapter, name, columns, tableConstraints) {
     const colDefs = Object.entries(columns).map(([col, type]) => `"${col}" ${type}`).join(", ");
@@ -1503,12 +1521,401 @@ var Lattice = class {
     }
   }
 };
+
+// src/session/parser.ts
+var import_node_crypto3 = require("crypto");
+function generateWriteEntryId(timestamp, agentName, op, table, target) {
+  const payload = `${op}:${table}:${target ?? ""}:${timestamp}`;
+  const hash = (0, import_node_crypto3.createHash)("sha256").update(payload).digest("hex").slice(0, 6);
+  return `${timestamp}-${agentName}-${hash}`;
+}
+function parseSessionWrites(content) {
+  const entries = [];
+  const errors = [];
+  const blocks = splitIntoBlocks(content);
+  for (const block of blocks) {
+    const result = parseBlock(block);
+    if (result === null) continue;
+    if ("error" in result) {
+      errors.push(result.error);
+    } else {
+      entries.push(result.entry);
+    }
+  }
+  return { entries, errors };
+}
+function splitIntoBlocks(content) {
+  const lines = content.split("\n");
+  const blocks = [];
+  let i = 0;
+  while (i < lines.length) {
+    while (i < lines.length && lines[i]?.trim() !== "---") {
+      i++;
+    }
+    if (i >= lines.length) break;
+    const startLine = i + 1;
+    i++;
+    const headerLines = [];
+    while (i < lines.length && lines[i]?.trim() !== "---") {
+      headerLines.push(lines[i] ?? "");
+      i++;
+    }
+    if (i >= lines.length) break;
+    i++;
+    const bodyLines = [];
+    while (i < lines.length && lines[i]?.trim() !== "===") {
+      bodyLines.push(lines[i] ?? "");
+      i++;
+    }
+    if (i < lines.length) i++;
+    blocks.push({ startLine, headerLines, bodyLines });
+  }
+  return blocks;
+}
+var TABLE_NAME_RE = /^[a-zA-Z0-9_]+$/;
+var FIELD_NAME_RE = /^[a-zA-Z0-9_]+$/;
+var KEY_VALUE_RE = /^([^:]+):\s*(.*)$/;
+function parseBlock(block) {
+  const header = {};
+  for (const line2 of block.headerLines) {
+    const m = KEY_VALUE_RE.exec(line2);
+    if (m) {
+      header[m[1].trim()] = m[2].trim();
+    }
+  }
+  if (header["type"] !== "write") return null;
+  const line = block.startLine;
+  const timestamp = header["timestamp"];
+  if (!timestamp) {
+    return { error: { line, message: "Missing required field: timestamp" } };
+  }
+  const rawOp = header["op"];
+  if (!rawOp) {
+    return { error: { line, message: "Missing required field: op" } };
+  }
+  if (rawOp !== "create" && rawOp !== "update" && rawOp !== "delete") {
+    return { error: { line, message: `Invalid op: "${rawOp}". Must be create, update, or delete` } };
+  }
+  const op = rawOp;
+  const table = header["table"];
+  if (!table) {
+    return { error: { line, message: "Missing required field: table" } };
+  }
+  if (!TABLE_NAME_RE.test(table)) {
+    return { error: { line, message: `Invalid table name: "${table}". Only [a-zA-Z0-9_] allowed` } };
+  }
+  const target = header["target"] || void 0;
+  if ((op === "update" || op === "delete") && !target) {
+    return { error: { line, message: `Field "target" is required for op "${op}"` } };
+  }
+  const reason = header["reason"] || void 0;
+  const fields = {};
+  if (op !== "delete") {
+    for (const line2 of block.bodyLines) {
+      const m = KEY_VALUE_RE.exec(line2);
+      if (!m) continue;
+      const key = m[1].trim();
+      const value = m[2].trim();
+      if (!FIELD_NAME_RE.test(key)) continue;
+      fields[key] = value;
+    }
+  }
+  const id = header["id"] ?? generateWriteEntryId(timestamp, "agent", op, table, target);
+  const entry = {
+    id,
+    timestamp,
+    op,
+    table,
+    fields,
+    ...target !== void 0 ? { target } : {},
+    ...reason !== void 0 ? { reason } : {}
+  };
+  return { entry };
+}
+
+// src/session/entries.ts
+var import_node_crypto4 = require("crypto");
+var VALID_TYPES = /* @__PURE__ */ new Set([
+  "event",
+  "learning",
+  "status",
+  "correction",
+  "discovery",
+  "metric",
+  "handoff",
+  "write"
+]);
+var TYPE_ALIASES = {
+  task_completion: "event",
+  completion: "event",
+  heartbeat: "status",
+  bug: "discovery",
+  fix: "event",
+  deploy: "event",
+  note: "event"
+};
+var FIELD_NAME_RE2 = /^[a-zA-Z0-9_]+$/;
+function parseSessionMD(content, startOffset = 0) {
+  const entries = [];
+  const errors = [];
+  const text = content.slice(startOffset);
+  const lines = text.split("\n");
+  let i = 0;
+  let currentByteOffset = startOffset;
+  while (i < lines.length) {
+    if (lines[i].trim() !== "---") {
+      currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+      i++;
+      continue;
+    }
+    const entryStartLine = i;
+    currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+    i++;
+    const headers = {};
+    let foundHeaderClose = false;
+    while (i < lines.length) {
+      const line = lines[i];
+      currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+      if (line.trim() === "---") {
+        foundHeaderClose = true;
+        i++;
+        break;
+      }
+      const match = line.match(/^(\w+):\s*(.+)$/);
+      if (match) {
+        headers[match[1]] = match[2].trim();
+      }
+      i++;
+    }
+    if (!foundHeaderClose) {
+      errors.push({ line: entryStartLine + 1, message: "Entry header never closed (missing ---)" });
+      break;
+    }
+    const bodyLines = [];
+    while (i < lines.length) {
+      const line = lines[i];
+      if (line.trim() === "===") {
+        currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+        i++;
+        break;
+      }
+      if (line.trim() === "---" && bodyLines.length > 0) {
+        const nextLine = lines[i + 1];
+        if (nextLine && /^\w+:\s*.+$/.test(nextLine)) {
+          break;
+        }
+      }
+      bodyLines.push(line);
+      currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+      i++;
+    }
+    const body = bodyLines.join("\n").trim();
+    const rawType = headers["type"] ?? "";
+    const resolvedType = normalizeType(rawType);
+    if (!resolvedType) {
+      errors.push({ line: entryStartLine + 1, message: `Unknown entry type: ${rawType}` });
+      continue;
+    }
+    if (!headers["timestamp"]) {
+      errors.push({ line: entryStartLine + 1, message: "Missing required header: timestamp" });
+      continue;
+    }
+    if (!body) {
+      errors.push({ line: entryStartLine + 1, message: "Entry has empty body" });
+      continue;
+    }
+    const entryId = headers["id"] ?? generateEntryId(headers["timestamp"], "agent", body);
+    let tags;
+    if (headers["tags"]) {
+      const tagMatch = headers["tags"].match(/^\[(.+)\]$/);
+      if (tagMatch) {
+        tags = tagMatch[1].split(",").map((t) => t.trim());
+      }
+    }
+    let writeFields;
+    if (resolvedType === "write" && headers["op"] !== "delete") {
+      writeFields = {};
+      for (const line of body.split("\n")) {
+        const m = line.match(/^([^:]+):\s*(.*)$/);
+        if (!m) continue;
+        const key = m[1].trim();
+        if (!FIELD_NAME_RE2.test(key)) continue;
+        writeFields[key] = m[2].trim();
+      }
+    }
+    const newEntry = { id: entryId, type: resolvedType, timestamp: headers["timestamp"], body };
+    if (headers["project"]) newEntry.project = headers["project"];
+    if (headers["task"]) newEntry.task = headers["task"];
+    if (tags) newEntry.tags = tags;
+    if (headers["severity"]) newEntry.severity = headers["severity"];
+    if (headers["target_agent"]) newEntry.target_agent = headers["target_agent"];
+    if (headers["target_table"]) newEntry.target_table = headers["target_table"];
+    if (resolvedType === "write") {
+      if (headers["op"]) newEntry.op = headers["op"];
+      if (headers["table"]) newEntry.table = headers["table"];
+      if (headers["target"]) newEntry.target = headers["target"];
+      if (headers["reason"]) newEntry.reason = headers["reason"];
+      newEntry.fields = writeFields ?? {};
+    }
+    entries.push(newEntry);
+  }
+  return { entries, errors, lastOffset: currentByteOffset };
+}
+function parseMarkdownEntries(content, agentName, startOffset = 0) {
+  const entries = [];
+  const errors = [];
+  const text = content.slice(startOffset);
+  const lines = text.split("\n");
+  const headingPattern = /^##\s+([\dT:.Z-]{10,})\s*(?:[—–\-]{1,2}\s*(.+))?$/;
+  let currentByteOffset = startOffset;
+  const entryStarts = [];
+  for (let i = 0; i < lines.length; i++) {
+    const match = lines[i].match(headingPattern);
+    if (match) {
+      entryStarts.push({
+        lineIdx: i,
+        timestamp: match[1],
+        headingType: (match[2] ?? "").trim(),
+        offset: currentByteOffset
+      });
+    }
+    currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+  }
+  for (let e = 0; e < entryStarts.length; e++) {
+    const start = entryStarts[e];
+    const nextStart = entryStarts[e + 1];
+    const bodyStartLine = start.lineIdx + 1;
+    const bodyEndLine = nextStart ? nextStart.lineIdx : lines.length;
+    const bodyLines = lines.slice(bodyStartLine, bodyEndLine);
+    let bodyType = null;
+    const filteredBody = [];
+    for (const line of bodyLines) {
+      const typeMatch = line.match(/^\*\*type:\*\*\s*(.+)/i);
+      if (typeMatch && !bodyType) {
+        bodyType = typeMatch[1].trim();
+      } else {
+        filteredBody.push(line);
+      }
+    }
+    const body = filteredBody.join("\n").trim();
+    if (!body) {
+      errors.push({ line: start.lineIdx + 1, message: "Markdown entry has empty body" });
+      continue;
+    }
+    const rawType = bodyType ?? start.headingType ?? "event";
+    const resolvedType = normalizeType(rawType) ?? "event";
+    const id = generateEntryId(start.timestamp, agentName, body);
+    entries.push({
+      id,
+      type: resolvedType,
+      timestamp: start.timestamp,
+      body
+    });
+  }
+  return { entries, errors, lastOffset: currentByteOffset };
+}
+function generateEntryId(timestamp, agentName, body) {
+  const hash = (0, import_node_crypto4.createHash)("sha256").update(body).digest("hex").slice(0, 6);
+  return `${timestamp}-${agentName.toLowerCase()}-${hash}`;
+}
+function validateEntryId(id, body) {
+  const parts = id.split("-");
+  if (parts.length < 4) return false;
+  const hash = parts[parts.length - 1];
+  if (hash.length !== 6) return false;
+  const expectedHash = (0, import_node_crypto4.createHash)("sha256").update(body).digest("hex").slice(0, 6);
+  return hash === expectedHash;
+}
+function normalizeType(raw) {
+  const lower = raw.toLowerCase().trim();
+  if (VALID_TYPES.has(lower)) return lower;
+  const normalized = lower.replace(/-/g, "_");
+  if (TYPE_ALIASES[normalized]) return TYPE_ALIASES[normalized];
+  for (const alias of Object.keys(TYPE_ALIASES)) {
+    if (normalized.startsWith(alias)) return TYPE_ALIASES[alias];
+  }
+  return null;
+}
+
+// src/session/apply.ts
+var TABLE_NAME_RE2 = /^[a-zA-Z0-9_]+$/;
+var FIELD_NAME_RE3 = /^[a-zA-Z0-9_]+$/;
+function applyWriteEntry(db, entry) {
+  const { op, table, target, fields } = entry;
+  if (!TABLE_NAME_RE2.test(table)) {
+    return { ok: false, reason: `Invalid table name: "${table}". Only [a-zA-Z0-9_] allowed` };
+  }
+  const tableExists = db.prepare("SELECT 1 FROM sqlite_master WHERE type='table' AND name=?").get(table);
+  if (!tableExists) {
+    return { ok: false, reason: `Unknown table: "${table}"` };
+  }
+  const columnRows = db.prepare(`PRAGMA table_info("${table}")`).all();
+  const knownColumns = new Set(columnRows.map((r) => r.name));
+  for (const fieldName of Object.keys(fields)) {
+    if (!FIELD_NAME_RE3.test(fieldName)) {
+      return { ok: false, reason: `Invalid field name: "${fieldName}". Only [a-zA-Z0-9_] allowed` };
+    }
+    if (!knownColumns.has(fieldName)) {
+      return { ok: false, reason: `Unknown field "${fieldName}" in table "${table}"` };
+    }
+  }
+  try {
+    let recordId;
+    if (op === "create") {
+      const id = fields["id"] ?? crypto.randomUUID();
+      const allFields = { ...fields, id };
+      const cols = Object.keys(allFields).map((c) => `"${c}"`).join(", ");
+      const placeholders = Object.keys(allFields).map(() => "?").join(", ");
+      db.prepare(`INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`).run(...Object.values(allFields));
+      recordId = id;
+    } else if (op === "update") {
+      if (!target) {
+        return { ok: false, reason: 'Field "target" is required for op "update"' };
+      }
+      const pkCol = columnRows.find((r) => r.name === "id") ? "id" : columnRows[0]?.name ?? "id";
+      const setCols = Object.keys(fields).map((c) => `"${c}" = ?`).join(", ");
+      db.prepare(`UPDATE "${table}" SET ${setCols} WHERE "${pkCol}" = ?`).run(...Object.values(fields), target);
+      recordId = target;
+    } else {
+      if (!target) {
+        return { ok: false, reason: 'Field "target" is required for op "delete"' };
+      }
+      const pkCol = columnRows.find((r) => r.name === "id") ? "id" : columnRows[0]?.name ?? "id";
+      if (knownColumns.has("deleted_at")) {
+        db.prepare(`UPDATE "${table}" SET deleted_at = datetime('now') WHERE "${pkCol}" = ?`).run(target);
+      } else {
+        db.prepare(`DELETE FROM "${table}" WHERE "${pkCol}" = ?`).run(target);
+      }
+      recordId = target;
+    }
+    return { ok: true, table, recordId };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `DB error: ${message}` };
+  }
+}
+
+// src/session/constants.ts
+var READ_ONLY_HEADER = `<!-- READ ONLY \u2014 generated by lattice-sync. Do not edit directly.
+     To update data in Lattice: write entries to SESSION.md in this directory.
+     Format: type: write | op: create/update/delete | table: <name> | target: <id>
+     See agents/shared/SESSION-FORMAT.md for the full spec. -->
+
+`;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Lattice,
+  READ_ONLY_HEADER,
+  applyWriteEntry,
+  generateEntryId,
+  generateWriteEntryId,
   manifestPath,
   parseConfigFile,
   parseConfigString,
+  parseMarkdownEntries,
+  parseSessionMD,
+  parseSessionWrites,
   readManifest,
+  validateEntryId,
   writeManifest
 });

package/dist/index.d.cts

@@ -866,4 +866,134 @@ declare function parseConfigFile(configPath: string): ParsedConfig;
  */
 declare function parseConfigString(yamlContent: string, configDir: string): ParsedConfig;
 
-export { type AuditEvent, type BelongsToRelation, type BelongsToSource, type BuiltinTemplateName, type CleanupOptions, type CleanupResult, type CountOptions, type CustomSource, type EntityContextDefinition, type EntityContextManifestEntry, type EntityFileSource, type EntityFileSpec, type Filter, type FilterOp, type HasManyRelation, type HasManySource, type InitOptions, Lattice, type LatticeConfig, type LatticeConfigInput, type LatticeEntityDef, type LatticeEntityRenderSpec, type LatticeFieldDef, type LatticeFieldType, type LatticeManifest, type LatticeOptions, type ManyToManySource, type Migration, type MultiTableDefinition, type ParsedConfig, type PkLookup, type PrimaryKey, type QueryOptions, type ReconcileOptions, type ReconcileResult, type Relation, type RenderHooks, type RenderResult, type RenderSpec, type Row, type SecurityOptions, type SelfSource, type StopFn, type SyncResult, type TableDefinition, type TemplateRenderSpec, type WatchOptions, type WritebackDefinition, manifestPath, parseConfigFile, parseConfigString, readManifest, writeManifest };
+type SessionWriteOp = 'create' | 'update' | 'delete';
+interface SessionWriteEntry {
+    id: string;
+    timestamp: string;
+    op: SessionWriteOp;
+    table: string;
+    target?: string;
+    reason?: string;
+    fields: Record<string, string>;
+}
+interface SessionWriteParseResult {
+    entries: SessionWriteEntry[];
+    errors: Array<{
+        line: number;
+        message: string;
+    }>;
+}
+/**
+ * Generate a deterministic entry ID from the given parameters.
+ * Uses sha256 of `{op}:{table}:{target ?? ''}:{timestamp}` with the format
+ * `{timestamp}-{agentName}-{6-char-hash}`.
+ */
+declare function generateWriteEntryId(timestamp: string, agentName: string, op: string, table: string, target?: string): string;
+/**
+ * Parse all `type: write` entries from a SESSION.md file.
+ * Non-write entries are silently skipped.
+ */
+declare function parseSessionWrites(content: string): SessionWriteParseResult;
+
+/**
+ * A single parsed SESSION.md entry. Covers all entry types:
+ * event, learning, status, correction, discovery, metric, handoff, write.
+ *
+ * When `type === 'write'`, the op/table/target/reason/fields fields are set.
+ */
+interface SessionEntry {
+    id: string;
+    type: string;
+    timestamp: string;
+    body: string;
+    project?: string;
+    task?: string;
+    tags?: string[];
+    severity?: string;
+    target_agent?: string;
+    target_table?: string;
+    /** Only present when type === 'write' */
+    op?: 'create' | 'update' | 'delete';
+    table?: string;
+    target?: string;
+    reason?: string;
+    fields?: Record<string, string>;
+}
+interface ParseError {
+    line: number;
+    message: string;
+}
+interface ParseResult {
+    entries: SessionEntry[];
+    errors: ParseError[];
+    /** Byte offset after the last fully parsed entry — used for incremental parsing. */
+    lastOffset: number;
+}
+/**
+ * Parse SESSION.md YAML-delimited entries starting at `startOffset` bytes.
+ *
+ * Each entry looks like:
+ * ```
+ * ---
+ * id: 2026-03-12T15:30:42Z-cortex-a1b2c3
+ * type: event
+ * timestamp: 2026-03-12T15:30:42Z
+ * ---
+ * Entry body text here.
+ * ===
+ * ```
+ */
+declare function parseSessionMD(content: string, startOffset?: number): ParseResult;
+/**
+ * Parse free-form Markdown SESSION.md entries. Agents sometimes write entries
+ * as `## {timestamp} — {description}` headings rather than YAML blocks.
+ *
+ * Runs alongside `parseSessionMD`; the two parsers are merged by caller.
+ */
+declare function parseMarkdownEntries(content: string, agentName: string, startOffset?: number): ParseResult;
+/**
+ * Generate a content-addressed entry ID.
+ * Format: `{timestamp}-{agentName}-{6-char-sha256-prefix}`
+ */
+declare function generateEntryId(timestamp: string, agentName: string, body: string): string;
+/**
+ * Validate that an entry ID's hash suffix matches its body.
+ */
+declare function validateEntryId(id: string, body: string): boolean;
+
+type ApplyWriteResult = {
+    ok: true;
+    table: string;
+    recordId: string;
+} | {
+    ok: false;
+    reason: string;
+};
+/**
+ * Apply a SESSION.md write entry to a better-sqlite3 database.
+ *
+ * Validates:
+ * - Table and field names match `[a-zA-Z0-9_]` (SQL injection prevention)
+ * - Table exists in `sqlite_master`
+ * - All field names are present in the table schema (`PRAGMA table_info`)
+ * - `target` is provided for `update` and `delete` ops
+ *
+ * For `delete`: uses a soft-delete (`deleted_at = datetime('now')`) if the
+ * column exists, otherwise performs a hard `DELETE`.
+ *
+ * Returns `{ ok: true, table, recordId }` on success, or
+ * `{ ok: false, reason }` if validation or the DB operation fails.
+ * The caller is responsible for logging and audit events.
+ */
+declare function applyWriteEntry(db: Database.Database, entry: SessionWriteEntry): ApplyWriteResult;
+
+/**
+ * Read-only header prepended to all Lattice-generated context files.
+ *
+ * Directs agents to SESSION.md for writes rather than editing generated files
+ * directly. Include at the top of every rendered markdown context file so
+ * agents see it at the start of their context window.
+ */
+declare const READ_ONLY_HEADER = "<!-- READ ONLY \u2014 generated by lattice-sync. Do not edit directly.\n     To update data in Lattice: write entries to SESSION.md in this directory.\n     Format: type: write | op: create/update/delete | table: <name> | target: <id>\n     See agents/shared/SESSION-FORMAT.md for the full spec. -->\n\n";
+
+export { type ApplyWriteResult, type AuditEvent, type BelongsToRelation, type BelongsToSource, type BuiltinTemplateName, type CleanupOptions, type CleanupResult, type CountOptions, type CustomSource, type EntityContextDefinition, type EntityContextManifestEntry, type EntityFileSource, type EntityFileSpec, type Filter, type FilterOp, type HasManyRelation, type HasManySource, type InitOptions, Lattice, type LatticeConfig, type LatticeConfigInput, type LatticeEntityDef, type LatticeEntityRenderSpec, type LatticeFieldDef, type LatticeFieldType, type LatticeManifest, type LatticeOptions, type ManyToManySource, type Migration, type MultiTableDefinition, type ParseError, type ParseResult, type ParsedConfig, type PkLookup, type PrimaryKey, type QueryOptions, READ_ONLY_HEADER, type ReconcileOptions, type ReconcileResult, type Relation, type RenderHooks, type RenderResult, type RenderSpec, type Row, type SecurityOptions, type SelfSource, type SessionEntry, type SessionWriteEntry, type SessionWriteOp, type SessionWriteParseResult, type StopFn, type SyncResult, type TableDefinition, type TemplateRenderSpec, type WatchOptions, type WritebackDefinition, applyWriteEntry, generateEntryId, generateWriteEntryId, manifestPath, parseConfigFile, parseConfigString, parseMarkdownEntries, parseSessionMD, parseSessionWrites, readManifest, validateEntryId, writeManifest };

package/dist/index.d.ts

@@ -866,4 +866,134 @@ declare function parseConfigFile(configPath: string): ParsedConfig;
  */
 declare function parseConfigString(yamlContent: string, configDir: string): ParsedConfig;
 
-export { type AuditEvent, type BelongsToRelation, type BelongsToSource, type BuiltinTemplateName, type CleanupOptions, type CleanupResult, type CountOptions, type CustomSource, type EntityContextDefinition, type EntityContextManifestEntry, type EntityFileSource, type EntityFileSpec, type Filter, type FilterOp, type HasManyRelation, type HasManySource, type InitOptions, Lattice, type LatticeConfig, type LatticeConfigInput, type LatticeEntityDef, type LatticeEntityRenderSpec, type LatticeFieldDef, type LatticeFieldType, type LatticeManifest, type LatticeOptions, type ManyToManySource, type Migration, type MultiTableDefinition, type ParsedConfig, type PkLookup, type PrimaryKey, type QueryOptions, type ReconcileOptions, type ReconcileResult, type Relation, type RenderHooks, type RenderResult, type RenderSpec, type Row, type SecurityOptions, type SelfSource, type StopFn, type SyncResult, type TableDefinition, type TemplateRenderSpec, type WatchOptions, type WritebackDefinition, manifestPath, parseConfigFile, parseConfigString, readManifest, writeManifest };
+type SessionWriteOp = 'create' | 'update' | 'delete';
+interface SessionWriteEntry {
+    id: string;
+    timestamp: string;
+    op: SessionWriteOp;
+    table: string;
+    target?: string;
+    reason?: string;
+    fields: Record<string, string>;
+}
+interface SessionWriteParseResult {
+    entries: SessionWriteEntry[];
+    errors: Array<{
+        line: number;
+        message: string;
+    }>;
+}
+/**
+ * Generate a deterministic entry ID from the given parameters.
+ * Uses sha256 of `{op}:{table}:{target ?? ''}:{timestamp}` with the format
+ * `{timestamp}-{agentName}-{6-char-hash}`.
+ */
+declare function generateWriteEntryId(timestamp: string, agentName: string, op: string, table: string, target?: string): string;
+/**
+ * Parse all `type: write` entries from a SESSION.md file.
+ * Non-write entries are silently skipped.
+ */
+declare function parseSessionWrites(content: string): SessionWriteParseResult;
+
+/**
+ * A single parsed SESSION.md entry. Covers all entry types:
+ * event, learning, status, correction, discovery, metric, handoff, write.
+ *
+ * When `type === 'write'`, the op/table/target/reason/fields fields are set.
+ */
+interface SessionEntry {
+    id: string;
+    type: string;
+    timestamp: string;
+    body: string;
+    project?: string;
+    task?: string;
+    tags?: string[];
+    severity?: string;
+    target_agent?: string;
+    target_table?: string;
+    /** Only present when type === 'write' */
+    op?: 'create' | 'update' | 'delete';
+    table?: string;
+    target?: string;
+    reason?: string;
+    fields?: Record<string, string>;
+}
+interface ParseError {
+    line: number;
+    message: string;
+}
+interface ParseResult {
+    entries: SessionEntry[];
+    errors: ParseError[];
+    /** Byte offset after the last fully parsed entry — used for incremental parsing. */
+    lastOffset: number;
+}
+/**
+ * Parse SESSION.md YAML-delimited entries starting at `startOffset` bytes.
+ *
+ * Each entry looks like:
+ * ```
+ * ---
+ * id: 2026-03-12T15:30:42Z-cortex-a1b2c3
+ * type: event
+ * timestamp: 2026-03-12T15:30:42Z
+ * ---
+ * Entry body text here.
+ * ===
+ * ```
+ */
+declare function parseSessionMD(content: string, startOffset?: number): ParseResult;
+/**
+ * Parse free-form Markdown SESSION.md entries. Agents sometimes write entries
+ * as `## {timestamp} — {description}` headings rather than YAML blocks.
+ *
+ * Runs alongside `parseSessionMD`; the two parsers are merged by caller.
+ */
+declare function parseMarkdownEntries(content: string, agentName: string, startOffset?: number): ParseResult;
+/**
+ * Generate a content-addressed entry ID.
+ * Format: `{timestamp}-{agentName}-{6-char-sha256-prefix}`
+ */
+declare function generateEntryId(timestamp: string, agentName: string, body: string): string;
+/**
+ * Validate that an entry ID's hash suffix matches its body.
+ */
+declare function validateEntryId(id: string, body: string): boolean;
+
+type ApplyWriteResult = {
+    ok: true;
+    table: string;
+    recordId: string;
+} | {
+    ok: false;
+    reason: string;
+};
+/**
+ * Apply a SESSION.md write entry to a better-sqlite3 database.
+ *
+ * Validates:
+ * - Table and field names match `[a-zA-Z0-9_]` (SQL injection prevention)
+ * - Table exists in `sqlite_master`
+ * - All field names are present in the table schema (`PRAGMA table_info`)
+ * - `target` is provided for `update` and `delete` ops
+ *
+ * For `delete`: uses a soft-delete (`deleted_at = datetime('now')`) if the
+ * column exists, otherwise performs a hard `DELETE`.
+ *
+ * Returns `{ ok: true, table, recordId }` on success, or
+ * `{ ok: false, reason }` if validation or the DB operation fails.
+ * The caller is responsible for logging and audit events.
+ */
+declare function applyWriteEntry(db: Database.Database, entry: SessionWriteEntry): ApplyWriteResult;
+
+/**
+ * Read-only header prepended to all Lattice-generated context files.
+ *
+ * Directs agents to SESSION.md for writes rather than editing generated files
+ * directly. Include at the top of every rendered markdown context file so
+ * agents see it at the start of their context window.
+ */
+declare const READ_ONLY_HEADER = "<!-- READ ONLY \u2014 generated by lattice-sync. Do not edit directly.\n     To update data in Lattice: write entries to SESSION.md in this directory.\n     Format: type: write | op: create/update/delete | table: <name> | target: <id>\n     See agents/shared/SESSION-FORMAT.md for the full spec. -->\n\n";
+
+export { type ApplyWriteResult, type AuditEvent, type BelongsToRelation, type BelongsToSource, type BuiltinTemplateName, type CleanupOptions, type CleanupResult, type CountOptions, type CustomSource, type EntityContextDefinition, type EntityContextManifestEntry, type EntityFileSource, type EntityFileSpec, type Filter, type FilterOp, type HasManyRelation, type HasManySource, type InitOptions, Lattice, type LatticeConfig, type LatticeConfigInput, type LatticeEntityDef, type LatticeEntityRenderSpec, type LatticeFieldDef, type LatticeFieldType, type LatticeManifest, type LatticeOptions, type ManyToManySource, type Migration, type MultiTableDefinition, type ParseError, type ParseResult, type ParsedConfig, type PkLookup, type PrimaryKey, type QueryOptions, READ_ONLY_HEADER, type ReconcileOptions, type ReconcileResult, type Relation, type RenderHooks, type RenderResult, type RenderSpec, type Row, type SecurityOptions, type SelfSource, type SessionEntry, type SessionWriteEntry, type SessionWriteOp, type SessionWriteParseResult, type StopFn, type SyncResult, type TableDefinition, type TemplateRenderSpec, type WatchOptions, type WritebackDefinition, applyWriteEntry, generateEntryId, generateWriteEntryId, manifestPath, parseConfigFile, parseConfigString, parseMarkdownEntries, parseSessionMD, parseSessionWrites, readManifest, validateEntryId, writeManifest };

package/dist/index.js

@@ -189,12 +189,22 @@ var SchemaManager = class {
       }
     }
   }
-  /** Query all rows from a registered table */
+  /**
+   * Query all rows from a table.
+   * Registered tables (via `define()`) are queried directly.
+   * Tables used only in entity contexts (schema managed externally) fall back
+   * to a raw SELECT with optional `deleted_at IS NULL` soft-delete filtering.
+   */
   queryTable(adapter, name) {
-    if (!this._tables.has(name)) {
-      throw new Error(`Unknown table: "${name}"`);
+    if (this._tables.has(name)) {
+      return adapter.all(`SELECT * FROM "${name}"`);
+    }
+    if (this._entityContexts.has(name)) {
+      const cols = adapter.all(`PRAGMA table_info("${name}")`);
+      const hasDeletedAt = cols.some((c) => c.name === "deleted_at");
+      return adapter.all(`SELECT * FROM "${name}"${hasDeletedAt ? " WHERE deleted_at IS NULL" : ""}`);
     }
-    return adapter.all(`SELECT * FROM "${name}"`);
+    throw new Error(`Unknown table: "${name}"`);
   }
   _ensureTable(adapter, name, columns, tableConstraints) {
     const colDefs = Object.entries(columns).map(([col, type]) => `"${col}" ${type}`).join(", ");
@@ -1462,11 +1472,400 @@ var Lattice = class {
     }
   }
 };
+
+// src/session/parser.ts
+import { createHash as createHash2 } from "crypto";
+function generateWriteEntryId(timestamp, agentName, op, table, target) {
+  const payload = `${op}:${table}:${target ?? ""}:${timestamp}`;
+  const hash = createHash2("sha256").update(payload).digest("hex").slice(0, 6);
+  return `${timestamp}-${agentName}-${hash}`;
+}
+function parseSessionWrites(content) {
+  const entries = [];
+  const errors = [];
+  const blocks = splitIntoBlocks(content);
+  for (const block of blocks) {
+    const result = parseBlock(block);
+    if (result === null) continue;
+    if ("error" in result) {
+      errors.push(result.error);
+    } else {
+      entries.push(result.entry);
+    }
+  }
+  return { entries, errors };
+}
+function splitIntoBlocks(content) {
+  const lines = content.split("\n");
+  const blocks = [];
+  let i = 0;
+  while (i < lines.length) {
+    while (i < lines.length && lines[i]?.trim() !== "---") {
+      i++;
+    }
+    if (i >= lines.length) break;
+    const startLine = i + 1;
+    i++;
+    const headerLines = [];
+    while (i < lines.length && lines[i]?.trim() !== "---") {
+      headerLines.push(lines[i] ?? "");
+      i++;
+    }
+    if (i >= lines.length) break;
+    i++;
+    const bodyLines = [];
+    while (i < lines.length && lines[i]?.trim() !== "===") {
+      bodyLines.push(lines[i] ?? "");
+      i++;
+    }
+    if (i < lines.length) i++;
+    blocks.push({ startLine, headerLines, bodyLines });
+  }
+  return blocks;
+}
+var TABLE_NAME_RE = /^[a-zA-Z0-9_]+$/;
+var FIELD_NAME_RE = /^[a-zA-Z0-9_]+$/;
+var KEY_VALUE_RE = /^([^:]+):\s*(.*)$/;
+function parseBlock(block) {
+  const header = {};
+  for (const line2 of block.headerLines) {
+    const m = KEY_VALUE_RE.exec(line2);
+    if (m) {
+      header[m[1].trim()] = m[2].trim();
+    }
+  }
+  if (header["type"] !== "write") return null;
+  const line = block.startLine;
+  const timestamp = header["timestamp"];
+  if (!timestamp) {
+    return { error: { line, message: "Missing required field: timestamp" } };
+  }
+  const rawOp = header["op"];
+  if (!rawOp) {
+    return { error: { line, message: "Missing required field: op" } };
+  }
+  if (rawOp !== "create" && rawOp !== "update" && rawOp !== "delete") {
+    return { error: { line, message: `Invalid op: "${rawOp}". Must be create, update, or delete` } };
+  }
+  const op = rawOp;
+  const table = header["table"];
+  if (!table) {
+    return { error: { line, message: "Missing required field: table" } };
+  }
+  if (!TABLE_NAME_RE.test(table)) {
+    return { error: { line, message: `Invalid table name: "${table}". Only [a-zA-Z0-9_] allowed` } };
+  }
+  const target = header["target"] || void 0;
+  if ((op === "update" || op === "delete") && !target) {
+    return { error: { line, message: `Field "target" is required for op "${op}"` } };
+  }
+  const reason = header["reason"] || void 0;
+  const fields = {};
+  if (op !== "delete") {
+    for (const line2 of block.bodyLines) {
+      const m = KEY_VALUE_RE.exec(line2);
+      if (!m) continue;
+      const key = m[1].trim();
+      const value = m[2].trim();
+      if (!FIELD_NAME_RE.test(key)) continue;
+      fields[key] = value;
+    }
+  }
+  const id = header["id"] ?? generateWriteEntryId(timestamp, "agent", op, table, target);
+  const entry = {
+    id,
+    timestamp,
+    op,
+    table,
+    fields,
+    ...target !== void 0 ? { target } : {},
+    ...reason !== void 0 ? { reason } : {}
+  };
+  return { entry };
+}
+
+// src/session/entries.ts
+import { createHash as createHash3 } from "crypto";
+var VALID_TYPES = /* @__PURE__ */ new Set([
+  "event",
+  "learning",
+  "status",
+  "correction",
+  "discovery",
+  "metric",
+  "handoff",
+  "write"
+]);
+var TYPE_ALIASES = {
+  task_completion: "event",
+  completion: "event",
+  heartbeat: "status",
+  bug: "discovery",
+  fix: "event",
+  deploy: "event",
+  note: "event"
+};
+var FIELD_NAME_RE2 = /^[a-zA-Z0-9_]+$/;
+function parseSessionMD(content, startOffset = 0) {
+  const entries = [];
+  const errors = [];
+  const text = content.slice(startOffset);
+  const lines = text.split("\n");
+  let i = 0;
+  let currentByteOffset = startOffset;
+  while (i < lines.length) {
+    if (lines[i].trim() !== "---") {
+      currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+      i++;
+      continue;
+    }
+    const entryStartLine = i;
+    currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+    i++;
+    const headers = {};
+    let foundHeaderClose = false;
+    while (i < lines.length) {
+      const line = lines[i];
+      currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+      if (line.trim() === "---") {
+        foundHeaderClose = true;
+        i++;
+        break;
+      }
+      const match = line.match(/^(\w+):\s*(.+)$/);
+      if (match) {
+        headers[match[1]] = match[2].trim();
+      }
+      i++;
+    }
+    if (!foundHeaderClose) {
+      errors.push({ line: entryStartLine + 1, message: "Entry header never closed (missing ---)" });
+      break;
+    }
+    const bodyLines = [];
+    while (i < lines.length) {
+      const line = lines[i];
+      if (line.trim() === "===") {
+        currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+        i++;
+        break;
+      }
+      if (line.trim() === "---" && bodyLines.length > 0) {
+        const nextLine = lines[i + 1];
+        if (nextLine && /^\w+:\s*.+$/.test(nextLine)) {
+          break;
+        }
+      }
+      bodyLines.push(line);
+      currentByteOffset += Buffer.byteLength(line + "\n", "utf-8");
+      i++;
+    }
+    const body = bodyLines.join("\n").trim();
+    const rawType = headers["type"] ?? "";
+    const resolvedType = normalizeType(rawType);
+    if (!resolvedType) {
+      errors.push({ line: entryStartLine + 1, message: `Unknown entry type: ${rawType}` });
+      continue;
+    }
+    if (!headers["timestamp"]) {
+      errors.push({ line: entryStartLine + 1, message: "Missing required header: timestamp" });
+      continue;
+    }
+    if (!body) {
+      errors.push({ line: entryStartLine + 1, message: "Entry has empty body" });
+      continue;
+    }
+    const entryId = headers["id"] ?? generateEntryId(headers["timestamp"], "agent", body);
+    let tags;
+    if (headers["tags"]) {
+      const tagMatch = headers["tags"].match(/^\[(.+)\]$/);
+      if (tagMatch) {
+        tags = tagMatch[1].split(",").map((t) => t.trim());
+      }
+    }
+    let writeFields;
+    if (resolvedType === "write" && headers["op"] !== "delete") {
+      writeFields = {};
+      for (const line of body.split("\n")) {
+        const m = line.match(/^([^:]+):\s*(.*)$/);
+        if (!m) continue;
+        const key = m[1].trim();
+        if (!FIELD_NAME_RE2.test(key)) continue;
+        writeFields[key] = m[2].trim();
+      }
+    }
+    const newEntry = { id: entryId, type: resolvedType, timestamp: headers["timestamp"], body };
+    if (headers["project"]) newEntry.project = headers["project"];
+    if (headers["task"]) newEntry.task = headers["task"];
+    if (tags) newEntry.tags = tags;
+    if (headers["severity"]) newEntry.severity = headers["severity"];
+    if (headers["target_agent"]) newEntry.target_agent = headers["target_agent"];
+    if (headers["target_table"]) newEntry.target_table = headers["target_table"];
+    if (resolvedType === "write") {
+      if (headers["op"]) newEntry.op = headers["op"];
+      if (headers["table"]) newEntry.table = headers["table"];
+      if (headers["target"]) newEntry.target = headers["target"];
+      if (headers["reason"]) newEntry.reason = headers["reason"];
+      newEntry.fields = writeFields ?? {};
+    }
+    entries.push(newEntry);
+  }
+  return { entries, errors, lastOffset: currentByteOffset };
+}
+function parseMarkdownEntries(content, agentName, startOffset = 0) {
+  const entries = [];
+  const errors = [];
+  const text = content.slice(startOffset);
+  const lines = text.split("\n");
+  const headingPattern = /^##\s+([\dT:.Z-]{10,})\s*(?:[—–\-]{1,2}\s*(.+))?$/;
+  let currentByteOffset = startOffset;
+  const entryStarts = [];
+  for (let i = 0; i < lines.length; i++) {
+    const match = lines[i].match(headingPattern);
+    if (match) {
+      entryStarts.push({
+        lineIdx: i,
+        timestamp: match[1],
+        headingType: (match[2] ?? "").trim(),
+        offset: currentByteOffset
+      });
+    }
+    currentByteOffset += Buffer.byteLength(lines[i] + "\n", "utf-8");
+  }
+  for (let e = 0; e < entryStarts.length; e++) {
+    const start = entryStarts[e];
+    const nextStart = entryStarts[e + 1];
+    const bodyStartLine = start.lineIdx + 1;
+    const bodyEndLine = nextStart ? nextStart.lineIdx : lines.length;
+    const bodyLines = lines.slice(bodyStartLine, bodyEndLine);
+    let bodyType = null;
+    const filteredBody = [];
+    for (const line of bodyLines) {
+      const typeMatch = line.match(/^\*\*type:\*\*\s*(.+)/i);
+      if (typeMatch && !bodyType) {
+        bodyType = typeMatch[1].trim();
+      } else {
+        filteredBody.push(line);
+      }
+    }
+    const body = filteredBody.join("\n").trim();
+    if (!body) {
+      errors.push({ line: start.lineIdx + 1, message: "Markdown entry has empty body" });
+      continue;
+    }
+    const rawType = bodyType ?? start.headingType ?? "event";
+    const resolvedType = normalizeType(rawType) ?? "event";
+    const id = generateEntryId(start.timestamp, agentName, body);
+    entries.push({
+      id,
+      type: resolvedType,
+      timestamp: start.timestamp,
+      body
+    });
+  }
+  return { entries, errors, lastOffset: currentByteOffset };
+}
+function generateEntryId(timestamp, agentName, body) {
+  const hash = createHash3("sha256").update(body).digest("hex").slice(0, 6);
+  return `${timestamp}-${agentName.toLowerCase()}-${hash}`;
+}
+function validateEntryId(id, body) {
+  const parts = id.split("-");
+  if (parts.length < 4) return false;
+  const hash = parts[parts.length - 1];
+  if (hash.length !== 6) return false;
+  const expectedHash = createHash3("sha256").update(body).digest("hex").slice(0, 6);
+  return hash === expectedHash;
+}
+function normalizeType(raw) {
+  const lower = raw.toLowerCase().trim();
+  if (VALID_TYPES.has(lower)) return lower;
+  const normalized = lower.replace(/-/g, "_");
+  if (TYPE_ALIASES[normalized]) return TYPE_ALIASES[normalized];
+  for (const alias of Object.keys(TYPE_ALIASES)) {
+    if (normalized.startsWith(alias)) return TYPE_ALIASES[alias];
+  }
+  return null;
+}
+
+// src/session/apply.ts
+var TABLE_NAME_RE2 = /^[a-zA-Z0-9_]+$/;
+var FIELD_NAME_RE3 = /^[a-zA-Z0-9_]+$/;
+function applyWriteEntry(db, entry) {
+  const { op, table, target, fields } = entry;
+  if (!TABLE_NAME_RE2.test(table)) {
+    return { ok: false, reason: `Invalid table name: "${table}". Only [a-zA-Z0-9_] allowed` };
+  }
+  const tableExists = db.prepare("SELECT 1 FROM sqlite_master WHERE type='table' AND name=?").get(table);
+  if (!tableExists) {
+    return { ok: false, reason: `Unknown table: "${table}"` };
+  }
+  const columnRows = db.prepare(`PRAGMA table_info("${table}")`).all();
+  const knownColumns = new Set(columnRows.map((r) => r.name));
+  for (const fieldName of Object.keys(fields)) {
+    if (!FIELD_NAME_RE3.test(fieldName)) {
+      return { ok: false, reason: `Invalid field name: "${fieldName}". Only [a-zA-Z0-9_] allowed` };
+    }
+    if (!knownColumns.has(fieldName)) {
+      return { ok: false, reason: `Unknown field "${fieldName}" in table "${table}"` };
+    }
+  }
+  try {
+    let recordId;
+    if (op === "create") {
+      const id = fields["id"] ?? crypto.randomUUID();
+      const allFields = { ...fields, id };
+      const cols = Object.keys(allFields).map((c) => `"${c}"`).join(", ");
+      const placeholders = Object.keys(allFields).map(() => "?").join(", ");
+      db.prepare(`INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`).run(...Object.values(allFields));
+      recordId = id;
+    } else if (op === "update") {
+      if (!target) {
+        return { ok: false, reason: 'Field "target" is required for op "update"' };
+      }
+      const pkCol = columnRows.find((r) => r.name === "id") ? "id" : columnRows[0]?.name ?? "id";
+      const setCols = Object.keys(fields).map((c) => `"${c}" = ?`).join(", ");
+      db.prepare(`UPDATE "${table}" SET ${setCols} WHERE "${pkCol}" = ?`).run(...Object.values(fields), target);
+      recordId = target;
+    } else {
+      if (!target) {
+        return { ok: false, reason: 'Field "target" is required for op "delete"' };
+      }
+      const pkCol = columnRows.find((r) => r.name === "id") ? "id" : columnRows[0]?.name ?? "id";
+      if (knownColumns.has("deleted_at")) {
+        db.prepare(`UPDATE "${table}" SET deleted_at = datetime('now') WHERE "${pkCol}" = ?`).run(target);
+      } else {
+        db.prepare(`DELETE FROM "${table}" WHERE "${pkCol}" = ?`).run(target);
+      }
+      recordId = target;
+    }
+    return { ok: true, table, recordId };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `DB error: ${message}` };
+  }
+}
+
+// src/session/constants.ts
+var READ_ONLY_HEADER = `<!-- READ ONLY \u2014 generated by lattice-sync. Do not edit directly.
+     To update data in Lattice: write entries to SESSION.md in this directory.
+     Format: type: write | op: create/update/delete | table: <name> | target: <id>
+     See agents/shared/SESSION-FORMAT.md for the full spec. -->
+
+`;
 export {
   Lattice,
+  READ_ONLY_HEADER,
+  applyWriteEntry,
+  generateEntryId,
+  generateWriteEntryId,
   manifestPath,
   parseConfigFile,
   parseConfigString,
+  parseMarkdownEntries,
+  parseSessionMD,
+  parseSessionWrites,
   readManifest,
+  validateEntryId,
   writeManifest
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "latticesql",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "description": "Persistent structured memory for AI agent systems — SQLite ↔ LLM context bridge",
   "type": "module",
   "main": "./dist/index.js",