latticesql 1.13.4 → 1.13.6

package/dist/cli.js

@@ -7,7 +7,7 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
 });
 
 // src/cli.ts
-import { resolve as resolve9, dirname as dirname7 } from "path";
+import { resolve as resolve9, dirname as dirname8 } from "path";
 import { readFileSync as readFileSync12 } from "fs";
 import { execSync } from "child_process";
 import { parse as parse2 } from "yaml";
@@ -189,6 +189,23 @@ function saveDbCredential(label, url) {
   creds[label] = url;
   saveCredentials(creds);
 }
+function sanitizeTeamLabel(teamName) {
+  const stripped = teamName.trim().replace(/\s+/g, "-").replace(/[^A-Za-z0-9._-]+/g, "");
+  if (stripped.length === 0) return "team";
+  return stripped.startsWith(".") ? `team-${stripped}` : stripped;
+}
+function saveDbCredentialForTeam(opts) {
+  const base = sanitizeTeamLabel(opts.teamName);
+  let label = `${base}.config`;
+  const creds = loadCredentials();
+  if (label in creds && creds[label] !== opts.cloudUrl) {
+    const shortId = opts.teamId.split("-")[0] ?? opts.teamId.slice(0, 8);
+    label = `${base}-${shortId}.config`;
+  }
+  creds[label] = opts.cloudUrl;
+  saveCredentials(creds);
+  return label;
+}
 var KEYS_SUBDIR = "keys";
 var TOKEN_EXT = ".token";
 function ensureKeysDir() {
@@ -4962,8 +4979,8 @@ async function checkForUpdate(pkgName, currentVersion) {
 // src/gui/server.ts
 import { createServer } from "http";
 import { spawn } from "child_process";
-import { existsSync as existsSync14, mkdirSync as mkdirSync6, readFileSync as readFileSync11, readdirSync as readdirSync6, writeFileSync as writeFileSync6 } from "fs";
-import { basename as basename6, dirname as dirname6, join as join13, resolve as resolve6, sep as sep3 } from "path";
+import { existsSync as existsSync15, mkdirSync as mkdirSync6, readFileSync as readFileSync11, readdirSync as readdirSync6, writeFileSync as writeFileSync7 } from "fs";
+import { basename as basename6, dirname as dirname7, join as join14, resolve as resolve6, sep as sep3 } from "path";
 import { parseDocument as parseDocument2 } from "yaml";
 
 // src/gui/data.ts
@@ -7613,8 +7630,10 @@ var guiAppHtml = `<!doctype html>
       // enters per-team things (cloud URL + team name) in this modal.
       fetchJson('/api/userconfig/identity').then(function (id) {
         var bodyHtml =
-          '<div class="field"><label>Cloud URL</label><input name="cloud_url" placeholder="http://localhost:4317" /></div>' +
-          '<div class="field"><label>Your email</label><input name="email" value="' + escapeHtml(id.email || '') + '" /></div>' +
+          '<div class="field"><label>Cloud URL</label>' +
+            '<input name="cloud_url" placeholder="postgres://postgres.&lt;ref&gt;:password@aws-x-region.pooler.supabase.com:5432/postgres" autocapitalize="off" autocorrect="off" spellcheck="false" />' +
+          '</div>' +
+          '<div class="field"><label>Your email</label><input name="email" value="' + escapeHtml(id.email || '') + '" autocapitalize="off" /></div>' +
           '<div class="field"><label>Your display name</label><input name="user_name" value="' + escapeHtml(id.display_name || '') + '" /></div>' +
           '<div class="field"><label>Team name</label><input name="team_name" /></div>' +
           '<p style="font-size:12px;color:var(--text-muted);margin:0">' +
@@ -7638,12 +7657,14 @@ var guiAppHtml = `<!doctype html>
     function showJoinTeamModal(kind) {
       fetchJson('/api/userconfig/identity').then(function (id) {
         var bodyHtml =
-          '<div class="field"><label>Cloud URL</label><input name="cloud_url" placeholder="http://localhost:4317" /></div>' +
-          '<div class="field"><label>Invite token</label><textarea name="invite_token" placeholder="latinv_..."></textarea></div>' +
-          '<div class="field"><label>Your email</label><input name="email" value="' + escapeHtml(id.email || '') + '" /></div>' +
+          '<div class="field"><label>Cloud URL</label>' +
+            '<input name="cloud_url" placeholder="postgres://postgres.&lt;ref&gt;:password@aws-x-region.pooler.supabase.com:5432/postgres" autocapitalize="off" autocorrect="off" spellcheck="false" />' +
+          '</div>' +
+          '<div class="field"><label>Invite token</label><textarea name="invite_token" placeholder="latinv_..." autocapitalize="off" autocorrect="off" spellcheck="false"></textarea></div>' +
+          '<div class="field"><label>Your email</label><input name="email" value="' + escapeHtml(id.email || '') + '" autocapitalize="off" /></div>' +
           '<div class="field"><label>Your display name</label><input name="name" value="' + escapeHtml(id.display_name || '') + '" /></div>' +
           '<p style="font-size:12px;color:var(--text-muted);margin:0">' +
-          'Email must match the address the invitation was addressed to.' +
+          'Use the same Postgres URL the inviter used (postgres://\u2026). Email must match the address the invitation was addressed to.' +
           '</p>';
         showModal('Join team', bodyHtml, {
           primaryLabel: 'Join',
@@ -9926,7 +9947,7 @@ async function handleDeleteRow(res, ctx, teamId, tableName, pk) {
 }
 
 // src/teams/client.ts
-import { randomUUID } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 
 // src/framework/cloud-connect.ts
 async function probeCloud(targetUrl) {
@@ -10051,6 +10072,7 @@ async function registerDirectViaPostgres(cloudUrl, email, name, teamName) {
 }
 
 // src/teams/direct-ops.ts
+import { randomUUID } from "crypto";
 async function listMembersDirect(db, teamId) {
   const members = await db.query("__lattice_team_members", {
     filters: [{ col: "team_id", op: "eq", val: teamId }]
@@ -10117,6 +10139,293 @@ async function destroyTeamDirect(db) {
   }
   await db.delete("__lattice_team_identity", "singleton");
 }
+async function redeemInviteDirect(cloudUrl, inviteToken, email, name) {
+  if (!isPostgresUrl(cloudUrl)) {
+    throw new Error(
+      `redeemInviteDirect: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
+    );
+  }
+  const db = new Lattice(cloudUrl);
+  try {
+    await db.init();
+    for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {
+      await db.defineLate(table, def);
+    }
+    const invites = await db.query("__lattice_invitations", {
+      filters: [
+        { col: "token_hash", op: "eq", val: hashToken(inviteToken) },
+        { col: "redeemed_at", op: "isNull" }
+      ],
+      limit: 1
+    });
+    const invite = invites[0];
+    if (!invite) {
+      throw new Error("Invitation invalid or already used");
+    }
+    if (invite.expires_at && new Date(invite.expires_at).getTime() < Date.now()) {
+      throw new Error("Invitation expired");
+    }
+    if (invite.invitee_email && invite.invitee_email.toLowerCase() !== email.toLowerCase()) {
+      throw new Error("Invitation is addressed to a different email");
+    }
+    const team = await db.get("__lattice_team", invite.team_id);
+    if (!team || team.deleted_at) {
+      throw new Error("Team no longer exists");
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const userId = await db.insert("__lattice_users", {
+      email,
+      name,
+      created_at: now,
+      updated_at: now
+    });
+    await db.insert("__lattice_team_members", {
+      team_id: invite.team_id,
+      user_id: userId,
+      role: "member",
+      joined_at: now
+    });
+    const { raw, hash } = generateToken();
+    await db.insert("__lattice_api_tokens", {
+      user_id: userId,
+      token_hash: hash,
+      name: `invited:${team.name}`,
+      created_at: now
+    });
+    await db.update("__lattice_invitations", invite.id, {
+      redeemed_at: now,
+      redeemed_by_user_id: userId
+    });
+    return {
+      user: { id: userId, email, name },
+      raw_token: raw,
+      team: { id: team.id, name: team.name }
+    };
+  } finally {
+    try {
+      db.close();
+    } catch {
+    }
+  }
+}
+async function openCloud(cloudUrl) {
+  if (!isPostgresUrl(cloudUrl)) {
+    throw new Error(
+      `direct-ops: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
+    );
+  }
+  const db = new Lattice(cloudUrl);
+  await db.init();
+  for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {
+    await db.defineLate(table, def);
+  }
+  return db;
+}
+function closeQuiet(db) {
+  try {
+    db.close();
+  } catch {
+  }
+}
+async function appendChangeEnvelopeDirect(db, args) {
+  const existing = await db.query("__lattice_change_log", {
+    filters: [{ col: "team_id", op: "eq", val: args.team_id }],
+    orderBy: "seq",
+    orderDir: "desc",
+    limit: 1
+  });
+  const nextSeq = (existing[0]?.seq ?? 0) + 1;
+  await db.insert("__lattice_change_log", {
+    id: randomUUID(),
+    seq: nextSeq,
+    team_id: args.team_id,
+    table_name: args.table_name,
+    pk: args.pk,
+    op: args.op,
+    payload_json: args.payload_json,
+    owner_user_id: args.owner_user_id,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  return nextSeq;
+}
+async function shareObjectDirect(cloudUrl, teamId, inviterUserId, table, spec) {
+  const db = await openCloud(cloudUrl);
+  try {
+    const existing = await db.query("__lattice_shared_objects", {
+      filters: [
+        { col: "team_id", op: "eq", val: teamId },
+        { col: "table_name", op: "eq", val: table }
+      ],
+      limit: 1
+    });
+    const prior = existing[0];
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    let schemaVersion;
+    let outSpec;
+    if (prior && !prior.deleted_at) {
+      schemaVersion = prior.schema_version + 1;
+      outSpec = { ...spec, schemaVersion };
+      await db.upsert("__lattice_shared_objects", {
+        team_id: teamId,
+        table_name: table,
+        schema_spec_json: JSON.stringify(outSpec),
+        schema_version: schemaVersion,
+        created_by_user_id: prior.created_by_user_id,
+        created_at: prior.created_at,
+        updated_at: now,
+        deleted_at: null
+      });
+    } else {
+      schemaVersion = 1;
+      outSpec = { ...spec, schemaVersion };
+      await db.upsert("__lattice_shared_objects", {
+        team_id: teamId,
+        table_name: table,
+        schema_spec_json: JSON.stringify(outSpec),
+        schema_version: schemaVersion,
+        created_by_user_id: inviterUserId,
+        created_at: prior?.created_at ?? now,
+        updated_at: now,
+        deleted_at: null
+      });
+    }
+    await applySchemaSpec(db, table, outSpec);
+    const seq = await appendChangeEnvelopeDirect(db, {
+      team_id: teamId,
+      table_name: table,
+      pk: null,
+      op: "schema",
+      payload_json: JSON.stringify(outSpec),
+      owner_user_id: null
+    });
+    return { table, schema_version: schemaVersion, seq, schema_spec: outSpec };
+  } finally {
+    closeQuiet(db);
+  }
+}
+async function listSharedObjectsDirect(cloudUrl, teamId) {
+  const db = await openCloud(cloudUrl);
+  try {
+    const rows = await db.query("__lattice_shared_objects", {
+      filters: [
+        { col: "team_id", op: "eq", val: teamId },
+        { col: "deleted_at", op: "isNull" }
+      ]
+    });
+    return rows.map((r) => ({
+      table: r.table_name,
+      schema_version: r.schema_version,
+      created_by_user_id: r.created_by_user_id,
+      created_at: r.created_at,
+      updated_at: r.updated_at,
+      schema_spec: JSON.parse(r.schema_spec_json)
+    }));
+  } finally {
+    closeQuiet(db);
+  }
+}
+async function unshareObjectDirect(cloudUrl, teamId, table) {
+  const db = await openCloud(cloudUrl);
+  try {
+    const existing = await db.query("__lattice_shared_objects", {
+      filters: [
+        { col: "team_id", op: "eq", val: teamId },
+        { col: "table_name", op: "eq", val: table },
+        { col: "deleted_at", op: "isNull" }
+      ],
+      limit: 1
+    });
+    const row = existing[0];
+    if (!row) return;
+    await db.upsert("__lattice_shared_objects", {
+      team_id: teamId,
+      table_name: table,
+      schema_spec_json: row.schema_spec_json,
+      schema_version: row.schema_version,
+      created_by_user_id: row.created_by_user_id,
+      created_at: row.created_at,
+      updated_at: (/* @__PURE__ */ new Date()).toISOString(),
+      deleted_at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    await appendChangeEnvelopeDirect(db, {
+      team_id: teamId,
+      table_name: table,
+      pk: null,
+      op: "unshare",
+      payload_json: null,
+      owner_user_id: null
+    });
+  } finally {
+    closeQuiet(db);
+  }
+}
+async function meDirect(cloudUrl, bearerToken) {
+  const db = await openCloud(cloudUrl);
+  try {
+    const tokens = await db.query("__lattice_api_tokens", {
+      filters: [{ col: "token_hash", op: "eq", val: hashToken(bearerToken) }],
+      limit: 1
+    });
+    const tok = tokens[0];
+    if (!tok || tok.revoked_at) throw new Error("Unauthorized");
+    const user = await db.get("__lattice_users", tok.user_id);
+    if (!user || user.deleted_at) throw new Error("Unauthorized");
+    return { user: { id: user.id, email: user.email, name: user.name } };
+  } finally {
+    closeQuiet(db);
+  }
+}
+async function linkRowDirect(local, cloudUrl, teamId, myUserId, table, pk) {
+  const cloud = await openCloud(cloudUrl);
+  let seq;
+  try {
+    await cloud.upsert("__lattice_row_links", {
+      team_id: teamId,
+      table_name: table,
+      pk,
+      owner_user_id: myUserId,
+      linked_at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    seq = await appendChangeEnvelopeDirect(cloud, {
+      team_id: teamId,
+      table_name: table,
+      pk,
+      op: "link",
+      payload_json: JSON.stringify({ owner_user_id: myUserId }),
+      owner_user_id: myUserId
+    });
+  } finally {
+    closeQuiet(cloud);
+  }
+  await local.upsert("__lattice_local_links", {
+    team_id: teamId,
+    table_name: table,
+    pk,
+    owner_user_id: myUserId,
+    linked_at: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  return { owner_user_id: myUserId, seq };
+}
+async function unlinkRowDirect(local, cloudUrl, teamId, table, pk) {
+  const cloud = await openCloud(cloudUrl);
+  try {
+    await cloud.delete("__lattice_row_links", { team_id: teamId, table_name: table, pk });
+    await appendChangeEnvelopeDirect(cloud, {
+      team_id: teamId,
+      table_name: table,
+      pk,
+      op: "unlink",
+      payload_json: null,
+      owner_user_id: null
+    });
+  } finally {
+    closeQuiet(cloud);
+  }
+  try {
+    await local.delete("__lattice_local_links", { team_id: teamId, table_name: table, pk });
+  } catch {
+  }
+}
 
 // src/teams/client.ts
 var TeamsClient = class {
@@ -10160,6 +10469,9 @@ var TeamsClient = class {
     });
   }
   async redeemInvite(cloudUrl, inviteToken, email, name) {
+    if (isPostgresUrl(cloudUrl)) {
+      return redeemInviteDirect(cloudUrl, inviteToken, email, name);
+    }
     return this.fetchUnauthed(cloudUrl, "POST", "/api/auth/redeem-invite", {
       invite_token: inviteToken,
       email,
@@ -10315,6 +10627,9 @@ var TeamsClient = class {
     );
   }
   async me(cloudUrl, token) {
+    if (isPostgresUrl(cloudUrl)) {
+      return meDirect(cloudUrl, token);
+    }
     return this.fetchAuthed(cloudUrl, token, "GET", "/api/auth/me");
   }
   // ── Object sharing (Phase 3) ────────────────────────────────────────────
@@ -10323,7 +10638,15 @@ var TeamsClient = class {
    * `schema_version` and replaces the stored spec — useful for evolving
    * shared schemas additively.
    */
-  async shareObject(cloudUrl, token, teamId, table, schemaSpec) {
+  async shareObject(cloudUrl, token, teamId, table, schemaSpec, inviterUserId) {
+    if (isPostgresUrl(cloudUrl)) {
+      if (!inviterUserId) {
+        throw new Error(
+          "shareObject: inviterUserId is required for direct-Postgres cloud URLs (read it from __lattice_team_connections.my_user_id)"
+        );
+      }
+      return shareObjectDirect(cloudUrl, teamId, inviterUserId, table, schemaSpec);
+    }
     return this.fetchAuthed(
       cloudUrl,
       token,
@@ -10338,6 +10661,10 @@ var TeamsClient = class {
    * row and appends an `unshare` envelope to the change log.
    */
   async unshareObject(cloudUrl, token, teamId, table) {
+    if (isPostgresUrl(cloudUrl)) {
+      await unshareObjectDirect(cloudUrl, teamId, table);
+      return;
+    }
     await this.fetchAuthed(
       cloudUrl,
       token,
@@ -10346,6 +10673,9 @@ var TeamsClient = class {
     );
   }
   async listSharedObjects(cloudUrl, token, teamId) {
+    if (isPostgresUrl(cloudUrl)) {
+      return listSharedObjectsDirect(cloudUrl, teamId);
+    }
     const r = await this.fetchAuthed(
       cloudUrl,
       token,
@@ -10485,6 +10815,18 @@ var TeamsClient = class {
     if (!snapshot) {
       throw new Error(`Row not found in local table "${table}" with pk "${pk}"`);
     }
+    if (isPostgresUrl(connection.cloud_url)) {
+      const result2 = await linkRowDirect(
+        this.local,
+        connection.cloud_url,
+        connection.team_id,
+        connection.my_user_id,
+        table,
+        pk
+      );
+      this.ensureWriteHook(table);
+      return result2;
+    }
     const result = await this.fetchAuthed(
       connection.cloud_url,
       connection.api_token,
@@ -10510,6 +10852,10 @@ var TeamsClient = class {
    */
   async unlinkRow(connection, table, pk) {
     await this.ensureLocalTables();
+    if (isPostgresUrl(connection.cloud_url)) {
+      await unlinkRowDirect(this.local, connection.cloud_url, connection.team_id, table, pk);
+      return;
+    }
     await this.fetchAuthed(
       connection.cloud_url,
       connection.api_token,
@@ -10585,7 +10931,7 @@ var TeamsClient = class {
       if (conn.my_user_id !== link.owner_user_id) continue;
       const now = (/* @__PURE__ */ new Date()).toISOString();
       await this.local.insert("__lattice_team_outbox", {
-        id: randomUUID(),
+        id: randomUUID2(),
         team_id: link.team_id,
         table_name: ctx.table,
         pk: ctx.pk,
@@ -10611,6 +10957,9 @@ var TeamsClient = class {
    */
   async drainOutbox(connection) {
     await this.ensureLocalTables();
+    if (isPostgresUrl(connection.cloud_url)) {
+      return { pushed: 0, failed: 0 };
+    }
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const rows = await this.local.query("__lattice_team_outbox", {
       filters: [
@@ -10671,6 +11020,9 @@ var TeamsClient = class {
    */
   async pullChanges(connection, batchSize = 500) {
     await this.ensureLocalTables();
+    if (isPostgresUrl(connection.cloud_url)) {
+      return { applied: 0, last_seq: 0, dlq_count: 0 };
+    }
     const connRow = await this.local.get(
       "__lattice_team_connections",
       connection.team_id
@@ -10694,7 +11046,7 @@ var TeamsClient = class {
             totalApplied++;
           } catch (e) {
             await this.local.insert("__lattice_team_dlq", {
-              id: randomUUID(),
+              id: randomUUID2(),
               team_id: connection.team_id,
               envelope_json: JSON.stringify(env),
               error: e.message,
@@ -10836,6 +11188,23 @@ var TeamsHttpError = class extends Error {
 };
 
 // src/gui/teams-routes.ts
+import { existsSync as existsSync12, writeFileSync as writeFileSync5 } from "fs";
+import { dirname as dirname5, join as join12 } from "path";
+function writeTeamConfigYaml(activeConfigPath, credentialLabel, teamName) {
+  const projectDir = dirname5(activeConfigPath);
+  const yamlPath = join12(projectDir, `${credentialLabel}.yml`);
+  if (existsSync12(yamlPath)) return yamlPath;
+  const yaml = `# Joined-team config \u2014 managed by lattice gui. Edit entities: to add
+# locally-projected tables of the team's shared data; the cloud DB at
+# ${credentialLabel} is the authoritative source.
+db: \${LATTICE_DB:${credentialLabel}}
+
+# Team: ${teamName.replace(/[\r\n]/g, " ")}
+entities: {}
+`;
+  writeFileSync5(yamlPath, yaml, "utf8");
+  return yamlPath;
+}
 function sendJson2(res, body, status = 200) {
   res.writeHead(status, {
     "content-type": "application/json; charset=utf-8",
@@ -11008,7 +11377,8 @@ async function dispatchTeamSubroute(req, res, ctx, teamId, subpath) {
       conn.api_token,
       teamId,
       table,
-      spec
+      spec,
+      conn.my_user_id
     );
     sendJson2(res, result);
     return;
@@ -11060,7 +11430,19 @@ async function handleJoin(req, res, ctx) {
     my_user_id: result.user.id,
     api_token: result.raw_token
   });
-  sendJson2(res, { ok: true, team: result.team, user: result.user });
+  const credentialLabel = saveDbCredentialForTeam({
+    teamName: result.team.name,
+    teamId: result.team.id,
+    cloudUrl
+  });
+  const configYamlPath = writeTeamConfigYaml(ctx.configPath, credentialLabel, result.team.name);
+  sendJson2(res, {
+    ok: true,
+    team: result.team,
+    user: result.user,
+    credential_label: credentialLabel,
+    config_path: configYamlPath
+  });
 }
 async function handleRegisterAndCreate(req, res, ctx) {
   const body = await readJson2(req);
@@ -11108,8 +11490,8 @@ async function handleLeave(res, ctx, teamId) {
 }
 
 // src/gui/userconfig-routes.ts
-import { existsSync as existsSync12, readdirSync as readdirSync5 } from "fs";
-import { basename as basename4, dirname as dirname5, join as join12 } from "path";
+import { existsSync as existsSync13, readdirSync as readdirSync5 } from "fs";
+import { basename as basename4, dirname as dirname6, join as join13 } from "path";
 function sendJson3(res, body, status = 200) {
   res.writeHead(status, {
     "content-type": "application/json; charset=utf-8",
@@ -11161,12 +11543,12 @@ async function upsertIdentityRow(db, identity) {
   }
 }
 function listProjectConfigs(activeConfigPath) {
-  const dir = dirname5(activeConfigPath);
+  const dir = dirname6(activeConfigPath);
   const out = [];
-  if (!existsSync12(dir)) return out;
+  if (!existsSync13(dir)) return out;
   for (const fname of readdirSync5(dir)) {
     if (!fname.endsWith(".yml") && !fname.endsWith(".yaml")) continue;
-    const full = join12(dir, fname);
+    const full = join13(dir, fname);
     try {
       const parsed = parseConfigFile(full);
       out.push({
@@ -11231,12 +11613,12 @@ async function dispatchUserConfigRoute(req, res, ctx) {
 }
 
 // src/gui/dbconfig-routes.ts
-import { readFileSync as readFileSync10, writeFileSync as writeFileSync5 } from "fs";
+import { readFileSync as readFileSync10, writeFileSync as writeFileSync6 } from "fs";
 import { basename as basename5, isAbsolute as isAbsolute2, relative as relative2, resolve as resolve5 } from "path";
 import { parseDocument } from "yaml";
 
 // src/framework/cloud-migration.ts
-import { existsSync as existsSync13, renameSync as renameSync2, unlinkSync as unlinkSync4 } from "fs";
+import { existsSync as existsSync14, renameSync as renameSync2, unlinkSync as unlinkSync4 } from "fs";
 
 // src/framework/native-entities.ts
 var NATIVE_ENTITY_DEFS = {
@@ -11343,14 +11725,14 @@ async function openTargetLatticeForMigration(configPath, targetUrl, encryptionKe
   return target;
 }
 function archiveLocalSqlite(dbPath) {
-  if (!existsSync13(dbPath)) {
+  if (!existsSync14(dbPath)) {
     throw new Error(`archiveLocalSqlite: source file does not exist: ${dbPath}`);
   }
   const backupPath = `${dbPath}.local-bak`;
   const siblings = ["", "-shm", "-wal"];
   for (const suffix of siblings) {
     const stale = `${dbPath}.local-bak${suffix}`;
-    if (existsSync13(stale)) {
+    if (existsSync14(stale)) {
       try {
         unlinkSync4(stale);
       } catch {
@@ -11359,7 +11741,7 @@ function archiveLocalSqlite(dbPath) {
   }
   for (const suffix of siblings) {
     const src = `${dbPath}${suffix}`;
-    if (!existsSync13(src)) continue;
+    if (!existsSync14(src)) continue;
     const dest = `${dbPath}.local-bak${suffix}`;
     renameSync2(src, dest);
   }
@@ -11528,7 +11910,7 @@ async function detectTeamEnabled(db) {
 function rewriteDbLine(configPath, newValue) {
   const doc = parseDocument(readFileSync10(configPath, "utf8"));
   doc.set("db", newValue);
-  writeFileSync5(configPath, doc.toString(), "utf8");
+  writeFileSync6(configPath, doc.toString(), "utf8");
 }
 function parseSaveBody(body) {
   const type = body.type;
@@ -11999,9 +12381,9 @@ function readRowContext(outputDir, locator, secretCols) {
     throw new Error(`Path traversal detected: slug "${slug}" escapes output directory`);
   }
   return fileNames.map((filename) => {
-    const absPath = join13(entityDir, filename);
-    const relPath = join13(directoryRoot, slug, filename);
-    if (!existsSync14(absPath)) return { name: filename, path: relPath, content: "" };
+    const absPath = join14(entityDir, filename);
+    const relPath = join14(directoryRoot, slug, filename);
+    if (!existsSync15(absPath)) return { name: filename, path: relPath, content: "" };
     let content = readFileSync11(absPath, "utf8");
     for (const col of secretCols) {
       const re = new RegExp(`^(${col}):.*$`, "gm");
@@ -12012,7 +12394,7 @@ function readRowContext(outputDir, locator, secretCols) {
 }
 async function openConfig(configPath, outputDir) {
   const parsed = parseConfigFile(configPath);
-  mkdirSync6(dirname6(parsed.dbPath), { recursive: true });
+  mkdirSync6(dirname7(parsed.dbPath), { recursive: true });
   const encryptionKey = getOrCreateMasterKey();
   const db = new Lattice({ config: configPath }, { encryptionKey });
   registerNativeEntities(db);
@@ -12096,11 +12478,11 @@ async function openConfig(configPath, outputDir) {
   };
 }
 function listConfigs(activeConfigPath) {
-  const dir = dirname6(activeConfigPath);
+  const dir = dirname7(activeConfigPath);
   const entries = [];
   for (const fname of readdirSync6(dir)) {
     if (!fname.endsWith(".yml") && !fname.endsWith(".yaml")) continue;
-    const full = join13(dir, fname);
+    const full = join14(dir, fname);
     try {
       const parsed = parseConfigFile(full);
       entries.push({
@@ -12123,14 +12505,14 @@ function loadConfigDoc(configPath) {
   return parseDocument2(readFileSync11(configPath, "utf8"));
 }
 function saveConfigDoc(configPath, doc) {
-  writeFileSync6(configPath, doc.toString(), "utf8");
+  writeFileSync7(configPath, doc.toString(), "utf8");
 }
 function createBlankConfig(activeConfigPath, dbName) {
-  const dir = dirname6(activeConfigPath);
+  const dir = dirname7(activeConfigPath);
   const slug = dbName.toLowerCase().replace(/[^a-z0-9_-]+/g, "-").replace(/^-+|-+$/g, "");
   if (!slug) throw new Error("Database name must contain at least one alphanumeric character");
-  const configPath = join13(dir, `${slug}.config.yml`);
-  if (existsSync14(configPath)) throw new Error(`Config already exists: ${slug}.config.yml`);
+  const configPath = join14(dir, `${slug}.config.yml`);
+  if (existsSync15(configPath)) throw new Error(`Config already exists: ${slug}.config.yml`);
   const yaml = `db: ./data/${slug}.db
 
 entities:
@@ -12142,8 +12524,8 @@ entities:
       deleted_at: { type: text }
     outputFile: ITEMS.md
 `;
-  writeFileSync6(configPath, yaml, "utf8");
-  mkdirSync6(join13(dir, "data"), { recursive: true });
+  writeFileSync7(configPath, yaml, "utf8");
+  mkdirSync6(join14(dir, "data"), { recursive: true });
   return configPath;
 }
 async function registerTeamCloudTables(db) {
@@ -12521,7 +12903,7 @@ async function startGuiServer(options) {
             return;
           }
           const newPath = resolve6(body.path);
-          if (!existsSync14(newPath)) {
+          if (!existsSync15(newPath)) {
             sendJson5(res, { error: `Config not found: ${newPath}` }, 400);
             return;
           }
@@ -12723,6 +13105,7 @@ async function startGuiServer(options) {
           const handled = await dispatchTeamsGuiRoute(req, res, {
             db: active.db,
             client: active.teamsClient,
+            configPath: active.configPath,
             pathname,
             method,
             validTables: active.validTables
@@ -12780,13 +13163,13 @@ async function startGuiServer(options) {
 }
 
 // src/gui/discover-output-dir.ts
-import { existsSync as existsSync15 } from "fs";
-import { join as join14, resolve as resolve7 } from "path";
+import { existsSync as existsSync16 } from "fs";
+import { join as join15, resolve as resolve7 } from "path";
 function discoverOutputDir(explicitOutput, explicit) {
   if (explicit) return explicitOutput;
   const candidates = ["./context", ".", "./generated"];
   for (const dir of candidates) {
-    if (existsSync15(join14(resolve7(dir), ".lattice", "manifest.json"))) return dir;
+    if (existsSync16(join15(resolve7(dir), ".lattice", "manifest.json"))) return dir;
   }
   return explicitOutput;
 }
@@ -13504,7 +13887,7 @@ function runGenerate(args) {
     console.error('Error: config must have an "entities" key');
     process.exit(1);
   }
-  const configDir2 = dirname7(configPath);
+  const configDir2 = dirname8(configPath);
   const outDir = resolve9(args.out);
   try {
     const result = generateAll({ config, configDir: configDir2, outDir, scaffold: args.scaffold });