latticesql 2.1.1 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +2 -0
  2. package/dist/cli.js +1337 -309
  3. package/dist/index.cjs +342 -95
  4. package/dist/index.d.cts +117 -11
  5. package/dist/index.d.ts +117 -11
  6. package/dist/index.js +342 -95
  7. package/package.json +1 -1
package/README.md CHANGED
@@ -2361,6 +2361,8 @@ lattice teams dlq purge --team <name> [--id <id>] # discard without applying
2361
2361
 
2362
2362
  **Per-table ownership + opt-in sharing (v1.14+).** Team members share one physical Postgres, so visibility is enforced at the app layer via a `__lattice_object_owners` table: each table records its creator, and a user sees only the tables they own plus tables explicitly shared to the team. The native `files`/`secrets` objects are owned by the database creator and private by default. Sharing is an explicit, owner-only action (not a side effect of creating a table). The filter gates API access, not just the display.
2363
2363
 
2364
+ **Row-level permissions (v2.2+).** Within a shared table, each row carries an owner (its creator) and a visibility — `private`, `everyone`, or `custom` (an explicit grant list) — enforced for the REST API, the AI assistant, and the cloud sync, so a member never receives the bytes of a row they can't read. Existing shared tables default to `everyone` on upgrade. The hosted Teams server filters the change-log pull per recipient; direct `postgres://` connections (which can't enforce this) are deprecated in favour of a hosted server. See `docs/teams.md`.
2365
+
2364
2366
  **Same flows from the GUI (v1.14+).** The local `lattice gui` drives the entire cloud-workspace lifecycle from **Workspace Settings**: rename (owner-only), invite by email (owner-only), the inline Members list with pending invitees (the owner is always shown as `creator`; your own row offers Leave/Destroy; non-owners can't kick), share/unshare from the Data Model, and sync status. Member admin is resolved from `GET /api/dbconfig` against the active cloud DB, so it works even when the cloud workspace itself is the active database. Identity (display name + email) comes from `~/.lattice/identity.json` and is locked in the Join modal. Leaving a workspace removes the local config + credential and switches you to another database.
2365
2367
 
2366
2368
  **Joining via the GUI is one click (v1.13.7+).** When you click "Join via invite" and the redeem succeeds, the team's cloud URL is automatically saved as a switchable database credential and a sibling YAML config is written to your project directory. The new entry shows up in the database dropdown as `<team-name>.config`. Clicking it opens the SPA with the team's shared tables already populated — no YAML editing, no `db.define()` calls.