latticesql 2.1.1 → 2.2.1

package/dist/index.js

@@ -4240,6 +4240,12 @@ function buildAdapter(dbPath, options) {
   return new SQLiteAdapter(sqlitePath, adapterOpts);
 }
 var NOT_DELETED2 = "(deleted_at IS NULL OR deleted_at = '')";
+function rowAclVisibleExists(teamExpr, tableExpr, pkExpr) {
+  return `EXISTS (SELECT 1 FROM "__lattice_row_acl" la WHERE la."team_id" = ${teamExpr} AND la."table_name" = ${tableExpr} AND la."pk" = ${pkExpr} AND (la."owner_user_id" = ? OR la."visibility" = 'everyone' OR (la."visibility" = 'custom' AND EXISTS (SELECT 1 FROM "__lattice_row_grants" lg WHERE lg."team_id" = la."team_id" AND lg."table_name" = la."table_name" AND lg."pk" = la."pk" AND lg."grantee_user_id" = ?))))`;
+}
+function rowAclAbsent(teamExpr, tableExpr, pkExpr) {
+  return `NOT EXISTS (SELECT 1 FROM "__lattice_row_acl" la2 WHERE la2."team_id" = ${teamExpr} AND la2."table_name" = ${tableExpr} AND la2."pk" = ${pkExpr})`;
+}
 var Lattice = class _Lattice {
   _adapter;
   _changelogService;
@@ -4795,9 +4801,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4840,9 +4844,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -4888,7 +4890,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -4923,7 +4925,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5339,6 +5341,140 @@ var Lattice = class _Lattice {
     const rows = await allAsyncOrSync(this._adapter, sql, params);
     return this._decryptRows(table, rows);
   }
+  /**
+   * Row-level-security list read for Lattice Teams (2.2). Returns only the
+   * rows of `table` that `userId` may see in team `teamId`, evaluated
+   * entirely in SQL (indexed, bounded — never "load every row then filter
+   * in JS"). A row is visible iff it has a `__lattice_row_acl` entry owned by
+   * the user or marked 'everyone', or a 'custom' entry with a matching
+   * `__lattice_row_grants` row, OR it has no ACL entry at all and the caller
+   * passes `noAclVisible` (the table default is 'everyone', or the user owns
+   * the table — the pre-2.2 / never-narrowed case). Soft-deleted rows are
+   * excluded by default; results reuse the same decrypt path as `query()`.
+   *
+   * The ACL predicate joins on the table's primary-key column cast to TEXT
+   * (ACL pks are stored as TEXT), so it is correct regardless of the user
+   * table's pk type and works on both SQLite and Postgres. The teams layer's
+   * `listVisibleRows` (src/teams/row-access.ts) is the intended caller.
+   */
+  async queryVisible(table, opts) {
+    const notInit = this._notInitError();
+    if (notInit) return notInit;
+    this._assertIdent(table);
+    if (opts.orderBy) this._assertIdent(table, opts.orderBy);
+    const cols = this._ensureColumnCache(table);
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
+    let softDelete = "";
+    if (cols.has("deleted_at") && opts.deleted !== "any") {
+      softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
+    }
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
+    }
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
+    if (opts.orderBy && cols.has(opts.orderBy)) {
+      const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
+      sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
+    }
+    if (opts.limit !== void 0 && Number.isFinite(opts.limit)) {
+      sql += ` LIMIT ${Math.trunc(opts.limit).toString()}`;
+    }
+    if (opts.offset !== void 0 && Number.isFinite(opts.offset)) {
+      if (opts.limit === void 0 && this.getDialect() === "sqlite") sql += " LIMIT -1";
+      sql += ` OFFSET ${Math.trunc(opts.offset).toString()}`;
+    }
+    const rows = await allAsyncOrSync(this._adapter, sql, params);
+    return this._decryptRows(table, rows);
+  }
+  /**
+   * Visible-row counts for MANY tables in a single round-trip, using the same
+   * ACL predicate as {@link queryVisible} — so dashboard tiles agree with what
+   * the rows view lists and a physical count never reveals the existence or
+   * volume of rows the user can't see. One aggregated
+   * `SELECT (SELECT COUNT(*) …) AS c0, …` statement (no per-table fan-out, so
+   * a session pooler with few slots survives concurrent refreshes), capped at
+   * 50 tables per pass; overflow is logged and skipped (no silent truncation)
+   * and those tables count as absent — the caller renders "—". Soft-deleted
+   * rows are excluded wherever the table carries `deleted_at`, matching the
+   * default rows view.
+   */
+  async countVisibleMany(specs, opts) {
+    const out = /* @__PURE__ */ new Map();
+    const notInit = this._notInitError();
+    if (notInit) return notInit;
+    if (specs.length === 0) return out;
+    const VISIBLE_COUNT_CAP = 50;
+    let bounded = specs;
+    if (bounded.length > VISIBLE_COUNT_CAP) {
+      const dropped = bounded.length - VISIBLE_COUNT_CAP;
+      console.warn(
+        `[lattice] visible-count pass capped at ${String(VISIBLE_COUNT_CAP)} tables; ${String(dropped)} table(s) report no count this pass`
+      );
+      bounded = bounded.slice(0, VISIBLE_COUNT_CAP);
+    }
+    const selects = [];
+    const params = [];
+    for (const [i, spec] of bounded.entries()) {
+      this._assertIdent(spec.table);
+      const cols = this._ensureColumnCache(spec.table);
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
+      const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
+      }
+      selects.push(
+        `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
+      );
+    }
+    const row = await getAsyncOrSync(this._adapter, `SELECT ${selects.join(", ")}`, params);
+    if (!row) return out;
+    for (const [i, spec] of bounded.entries()) {
+      const raw = row[`c${String(i)}`];
+      const n = typeof raw === "bigint" ? Number(raw) : Number(raw);
+      if (Number.isFinite(n) && n >= 0) out.set(spec.table, n);
+    }
+    return out;
+  }
+  /**
+   * Hosted-sync change-log pull, filtered per recipient for 2.2 row-level
+   * security (the hosted server's sole enforcement mechanism). Returns
+   * `__lattice_change_log` rows with seq > `since` for team `teamId` that
+   * `userId` is permitted to receive:
+   *   - targeted envelopes (`recipient_user_id = userId`), plus
+   *   - broadcast envelopes (`recipient_user_id IS NULL`) that are either
+   *     table-level (`pk IS NULL` — schema / unshare, delivered to all) or
+   *     whose row is currently visible to the user via `__lattice_row_acl` /
+   *     `__lattice_row_grants` (or has no ACL entry and the table defaults to
+   *     'everyone').
+   * Ordered by seq, capped at `limit`. Raw SQL because the predicate needs
+   * OR / EXISTS that the `query()` API can't express; bounded by the seq
+   * window and indexed ACL point-lookups. Mirrors {@link queryVisible}'s
+   * visibility logic so a member never pulls the bytes of a row they can't see.
+   */
+  async listChangesForRecipient(teamId, since, userId, limit) {
+    const notInit = this._notInitError();
+    if (notInit) return notInit;
+    const sql = `SELECT cl.* FROM "__lattice_change_log" cl WHERE cl."team_id" = ? AND cl."seq" > ? AND (cl."recipient_user_id" = ? OR (cl."recipient_user_id" IS NULL AND (cl."pk" IS NULL OR ${rowAclVisibleExists('cl."team_id"', 'cl."table_name"', 'cl."pk"')} OR (${rowAclAbsent('cl."team_id"', 'cl."table_name"', 'cl."pk"')} AND EXISTS (SELECT 1 FROM "__lattice_shared_objects" so WHERE so."team_id" = cl."team_id" AND so."table_name" = cl."table_name" AND so."deleted_at" IS NULL AND so."default_row_visibility" = 'everyone'))))) ORDER BY cl."seq" ASC LIMIT ${Math.trunc(limit).toString()}`;
+    const params = [teamId, since, userId, userId, userId];
+    return allAsyncOrSync(this._adapter, sql, params);
+  }
   async count(table, opts = {}) {
     const notInit = this._notInitError();
     if (notInit) return notInit;
@@ -5557,6 +5693,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep2 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep2} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6497,6 +6689,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6511,6 +6710,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or
@@ -7060,7 +7263,13 @@ var CLOUD_INTERNAL_TABLE_DEFS = {
       // Client-generated idempotency key for offline replay: a queued edit
       // carries a stable edit_id, so re-sending it after a reconnect is a
       // no-op rather than a duplicate write. Nullable + additive.
-      edit_id: "TEXT"
+      edit_id: "TEXT",
+      // Per-recipient targeting for 2.2 hard row-level sync. NULL =
+      // broadcast (delivered to every member, then filtered at pull time
+      // against __lattice_row_acl); non-null = targeted to exactly this
+      // user (the grant / revoke / delete fan-out). Nullable + additive,
+      // same precedent as client_ts / edit_id.
+      recipient_user_id: "TEXT"
     },
     render: () => "",
     outputFile: ".lattice-teams/change-log.md"
@@ -7076,6 +7285,44 @@ var CLOUD_INTERNAL_TABLE_DEFS = {
     primaryKey: ["team_id", "table_name", "pk"],
     render: () => "",
     outputFile: ".lattice-teams/row-links.md"
+  },
+  // Per-row access control for a team cloud (2.2 row-level permissions).
+  // Mirrors __lattice_object_owners at row granularity: each shared row
+  // has an owner (its creator) and a visibility. Enforcement is at the
+  // application layer (see src/teams/row-access.ts) — every member shares
+  // the same physical DB, so a row a user can't see must be filtered out
+  // before its bytes reach them. Kept out-of-band (never injected into
+  // user tables) so the user's own schema stays untouched.
+  __lattice_row_acl: {
+    columns: {
+      team_id: "TEXT NOT NULL",
+      table_name: "TEXT NOT NULL",
+      pk: "TEXT NOT NULL",
+      owner_user_id: "TEXT NOT NULL",
+      // 'private' = owner only · 'everyone' = all team members ·
+      // 'custom' = the explicit grant list in __lattice_row_grants.
+      visibility: "TEXT NOT NULL CHECK (visibility IN ('private', 'everyone', 'custom'))",
+      created_at: "TEXT NOT NULL",
+      updated_at: "TEXT NOT NULL"
+    },
+    primaryKey: ["team_id", "table_name", "pk"],
+    render: () => "",
+    outputFile: ".lattice-teams/row-acl.md"
+  },
+  // Explicit per-row grant list, consulted only when the owning row's
+  // __lattice_row_acl.visibility = 'custom'. One row per (row, grantee).
+  __lattice_row_grants: {
+    columns: {
+      team_id: "TEXT NOT NULL",
+      table_name: "TEXT NOT NULL",
+      pk: "TEXT NOT NULL",
+      grantee_user_id: "TEXT NOT NULL",
+      granted_by_user_id: "TEXT NOT NULL",
+      granted_at: "TEXT NOT NULL"
+    },
+    primaryKey: ["team_id", "table_name", "pk", "grantee_user_id"],
+    render: () => "",
+    outputFile: ".lattice-teams/row-grants.md"
   }
 };
 var LOCAL_INTERNAL_TABLE_DEFS = {
@@ -7176,6 +7423,48 @@ async function installCloudInternalTriggers(db) {
   };
   await db.migrate([migration]);
 }
+async function installRowPermsSchema(db) {
+  const migrations = [
+    {
+      // 01 — per-table default visibility for newly-created rows. Born
+      // 'private' unless the table owner opts the table into 'everyone';
+      // the backfill (06) flips already-shared tables to preserve pre-2.2
+      // visibility. No IF NOT EXISTS: the version guard runs this exactly
+      // once, which is what SQLite's ADD COLUMN needs (it has no
+      // IF NOT EXISTS form).
+      version: "internal:row-perms:01-default-row-visibility:v1",
+      sql: `ALTER TABLE "__lattice_shared_objects" ADD COLUMN "default_row_visibility" TEXT NOT NULL DEFAULT 'private' CHECK ("default_row_visibility" IN ('private', 'everyone'))`
+    },
+    {
+      // 02-05 — indexes. One CREATE INDEX per migration (single-statement
+      // for the SQLite path). IF NOT EXISTS is valid in both dialects.
+      version: "internal:row-perms:02-idx-change-log-team-seq:v1",
+      sql: `CREATE INDEX IF NOT EXISTS "idx_lattice_change_log_team_seq" ON "__lattice_change_log" ("team_id", "seq")`
+    },
+    {
+      version: "internal:row-perms:03-idx-change-log-team-recipient-seq:v1",
+      sql: `CREATE INDEX IF NOT EXISTS "idx_lattice_change_log_team_recipient_seq" ON "__lattice_change_log" ("team_id", "recipient_user_id", "seq")`
+    },
+    {
+      version: "internal:row-perms:04-idx-change-log-team-table-pk:v1",
+      sql: `CREATE INDEX IF NOT EXISTS "idx_lattice_change_log_team_table_pk" ON "__lattice_change_log" ("team_id", "table_name", "pk")`
+    },
+    {
+      version: "internal:row-perms:05-idx-row-grants-grantee:v1",
+      sql: `CREATE INDEX IF NOT EXISTS "idx_lattice_row_grants_grantee" ON "__lattice_row_grants" ("team_id", "grantee_user_id", "table_name", "pk")`
+    },
+    {
+      // 06 — upgrade backfill. Every already-shared table defaults to
+      // 'everyone' so pre-2.2 rows stay visible to all members (nothing
+      // disappears on upgrade). Pre-2.2 rows have no __lattice_row_acl
+      // entry; resolveRowAcl() folds in this table default, so they read
+      // as 'everyone' until an owner narrows an individual row. Runs once.
+      version: "internal:row-perms:06-backfill-shared-defaults:v1",
+      sql: `UPDATE "__lattice_shared_objects" SET "default_row_visibility" = 'everyone' WHERE "deleted_at" IS NULL`
+    }
+  ];
+  await db.migrate(migrations);
+}
 
 // src/teams/schema-spec.ts
 function renderColumnType(spec, dialect) {
@@ -7531,7 +7820,8 @@ async function appendChangeEnvelope(db, entry) {
     owner_user_id: entry.owner_user_id ?? null,
     created_at: now,
     client_ts: entry.client_ts ?? now,
-    edit_id: entry.edit_id ?? null
+    edit_id: entry.edit_id ?? null,
+    recipient_user_id: entry.recipient_user_id ?? null
   });
   return seq;
 }
@@ -7571,7 +7861,14 @@ async function shareObject(db, teamId, createdByUserId, table, spec) {
       created_by_user_id: createdByUserId,
       created_at: prior?.created_at ?? now,
       updated_at: now,
-      deleted_at: null
+      deleted_at: null,
+      // 2.2: a freshly-shared table defaults to 'everyone' so the existing
+      // "share a table → every member sees its rows" contract is preserved.
+      // The owner can narrow the table default (or individual rows) afterward.
+      // Re-share (the branch above) intentionally omits this so an owner's
+      // earlier choice survives a schema bump (the upsert only sets the
+      // columns it lists).
+      default_row_visibility: "everyone"
     });
   }
   await applySchemaSpec(db, table, outSpec);
@@ -7665,88 +7962,26 @@ async function destroyTeamDirect(db) {
   }
   await db.delete("__lattice_team_identity", "singleton");
 }
-async function redeemInviteDirect(cloudUrl, inviteToken, email, name) {
-  if (!isPostgresUrl(cloudUrl)) {
-    throw new Error(
-      `redeemInviteDirect: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
-    );
-  }
-  const db = new Lattice(cloudUrl);
-  try {
-    await db.init();
-    for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {
-      await db.defineLate(table, def);
-    }
-    await installCloudInternalTriggers(db);
-    const invites = await db.query("__lattice_invitations", {
-      filters: [
-        { col: "token_hash", op: "eq", val: hashToken(inviteToken) },
-        { col: "redeemed_at", op: "isNull" }
-      ],
-      limit: 1
-    });
-    const invite = invites[0];
-    if (!invite) {
-      throw new Error("Invitation invalid or already used");
-    }
-    if (invite.expires_at && new Date(invite.expires_at).getTime() < Date.now()) {
-      throw new Error("Invitation expired");
-    }
-    if (invite.invitee_email && invite.invitee_email.toLowerCase() !== email.toLowerCase()) {
-      throw new Error("Invitation is addressed to a different email");
-    }
-    const team = await db.get("__lattice_team", invite.team_id);
-    if (!team || team.deleted_at) {
-      throw new Error("Team no longer exists");
-    }
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    const userId = await db.insert("__lattice_users", {
-      email,
-      name,
-      created_at: now,
-      updated_at: now
-    });
-    await db.insert("__lattice_team_members", {
-      team_id: invite.team_id,
-      user_id: userId,
-      role: "member",
-      joined_at: now
-    });
-    const { raw, hash } = generateToken();
-    await db.insert("__lattice_api_tokens", {
-      user_id: userId,
-      token_hash: hash,
-      name: `invited:${team.name}`,
-      created_at: now
-    });
-    await db.update("__lattice_invitations", invite.id, {
-      redeemed_at: now,
-      redeemed_by_user_id: userId
-    });
-    return {
-      user: { id: userId, email, name },
-      raw_token: raw,
-      team: { id: team.id, name: team.name }
-    };
-  } finally {
-    try {
-      db.close();
-    } catch {
-    }
-  }
-}
+var directDeprecationWarned = false;
 async function openCloud(cloudUrl) {
   if (!isPostgresUrl(cloudUrl)) {
     throw new Error(
       `direct-ops: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
     );
   }
+  if (!directDeprecationWarned) {
+    directDeprecationWarned = true;
+    console.warn(
+      "[teams] Direct postgres:// team-cloud connection is deprecated and does NOT enforce 2.2 row-level security. Migrate to a hosted Lattice Teams server."
+    );
+  }
   const db = new Lattice(cloudUrl);
   await db.init();
   for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {
     await db.defineLate(table, def);
   }
   await installCloudInternalTriggers(db);
+  await installRowPermsSchema(db);
   return db;
 }
 function closeQuiet(db) {
@@ -7857,6 +8092,7 @@ async function unlinkRowDirect(local, cloudUrl, teamId, table, pk) {
 }
 
 // src/teams/client.ts
+var DIRECT_CLOUD_DEPRECATION_MESSAGE = "Direct postgres:// team-cloud connections are deprecated and do not support row-level security. Create or join a workspace through a hosted Lattice Teams server (an http(s):// URL) instead. Existing direct connections continue to work but should be migrated.";
 var TeamsClient = class {
   constructor(local) {
     this.local = local;
@@ -7889,6 +8125,9 @@ var TeamsClient = class {
    * members join via `redeemInvite`). Returns the new user + bearer
    * token + team summary so the caller can immediately save a
    * connection.
+   *
+   * @param teamName The workspace display name (stored as `team_name` for
+   * backward compatibility — a cloud IS a workspace with members).
    */
   async register(cloudUrl, email, name, teamName) {
     return this.fetchUnauthed(cloudUrl, "POST", "/api/auth/register", {
@@ -7899,7 +8138,7 @@ var TeamsClient = class {
   }
   async redeemInvite(cloudUrl, inviteToken, email, name) {
     if (isPostgresUrl(cloudUrl)) {
-      return redeemInviteDirect(cloudUrl, inviteToken, email, name);
+      throw new Error(DIRECT_CLOUD_DEPRECATION_MESSAGE);
     }
     return this.fetchUnauthed(cloudUrl, "POST", "/api/auth/redeem-invite", {
       invite_token: inviteToken,
@@ -7910,9 +8149,11 @@ var TeamsClient = class {
   // ── High-level orchestration (v1.13+) ───────────────────────────────────
   // Wraps the multi-step flows the GUI's Database panel + library
   // consumers both need: connecting to an existing cloud DB (with
-  // optional team join), and upgrading a non-team cloud into a team
-  // cloud. The HTTP routes in src/gui/dbconfig-routes.ts are thin
-  // shells over these methods.
+  // optional team join), and initializing a fresh cloud DB's owner so
+  // its members + per-table sharing surface exists. A cloud workspace IS
+  // a workspace with members — there is no separate "team" to convert to.
+  // The HTTP routes in src/gui/dbconfig-routes.ts are thin shells over
+  // these methods.
   /**
    * Connect a local project to an existing cloud DB by URL. Probes
    * the target for team status first; if it's a teams DB, the caller
@@ -7961,15 +8202,18 @@ var TeamsClient = class {
     return { probe };
   }
   /**
-   * Upgrade an already-connected cloud DB to a team DB. Two paths
-   * depending on the cloud URL's scheme:
+   * Initialize a fresh cloud DB's owner: register the first member (who
+   * becomes owner) so the cloud's members + per-table sharing surface
+   * exists. This is NOT a "convert a cloud into a team" step — a cloud
+   * workspace IS a workspace with members; this just bootstraps the owner
+   * the first time a cloud is opened. The hosted server path is the only
+   * supported one:
    *
    *   - `http(s)://…` — POST to the cloud's `/api/auth/register` endpoint
-   *     (`lattice serve --team-cloud` is fronting the Postgres).
-   *   - `postgres(ql)://…` — drive the same INSERT sequence directly
-   *     against the cloud Postgres via {@link registerDirectViaPostgres}.
-   *     The HTTP path can't be used here because the browser's Fetch
-   *     API refuses URLs with embedded credentials.
+   *     (a hosted `lattice serve` teams server is fronting the Postgres).
+   *   - `postgres(ql)://…` — rejected: direct postgres:// owner bootstrap
+   *     is deprecated. Row-level security is enforced by the hosted server,
+   *     so it is the only supported connection method for new workspaces.
    *
    * On success writes the bearer token to `~/.lattice/keys/<label>.token`
    * **and** persists the local `__lattice_team_connections` row so the
@@ -7979,8 +8223,11 @@ var TeamsClient = class {
    * the token file, leaving GUI authenticated calls with no
    * `cloud_url` + `my_user_id` + `api_token_encrypted` row to read.
    */
-  async upgradeToTeamCloud(opts) {
-    const reg = isPostgresUrl(opts.cloudUrl) ? await registerDirectViaPostgres(opts.cloudUrl, opts.email, opts.displayName, opts.teamName) : await this.register(opts.cloudUrl, opts.email, opts.displayName, opts.teamName);
+  async registerCloudOwner(opts) {
+    if (isPostgresUrl(opts.cloudUrl)) {
+      throw new Error(DIRECT_CLOUD_DEPRECATION_MESSAGE);
+    }
+    const reg = await this.register(opts.cloudUrl, opts.email, opts.displayName, opts.teamName);
     writeToken(opts.label, reg.raw_token);
     await this.saveConnection({
       team_id: reg.team.id,
@@ -8013,7 +8260,7 @@ var TeamsClient = class {
     }
     try {
       const displayName = opts.displayName?.trim() ? opts.displayName : opts.email;
-      await this.upgradeToTeamCloud({
+      await this.registerCloudOwner({
         label: opts.label,
         cloudUrl: opts.cloudUrl,
         teamName: opts.workspaceName,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "latticesql",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "description": "Persistent structured memory for AI agent systems — pluggable SQLite or Postgres backend, LLM context bridge",
   "type": "module",
   "main": "./dist/index.js",