latticesql 2.2.0 → 2.2.1

package/dist/cli.js

@@ -4935,9 +4935,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4980,9 +4978,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -5028,7 +5024,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -5063,7 +5059,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5501,19 +5497,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5559,14 +5560,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5822,6 +5827,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep5 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep5} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6359,6 +6420,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6373,6 +6441,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or
@@ -21168,15 +21240,19 @@ function collapseSameRole(msgs) {
   }
   return out;
 }
-async function rehydrateHistory(db, threadId, clientHistory) {
+async function rehydrateHistory(db, threadId, clientHistory, ownerUserId) {
   if (!threadId || !rehydrateEnabled()) return clientHistory;
   let rows;
   try {
+    const filters = [
+      { col: "thread_id", op: "eq", val: threadId },
+      { col: "deleted_at", op: "isNull" }
+    ];
+    if (ownerUserId != null) {
+      filters.push({ col: "owner_user_id", op: "eq", val: ownerUserId });
+    }
     rows = await db.query("chat_messages", {
-      filters: [
-        { col: "thread_id", op: "eq", val: threadId },
-        { col: "deleted_at", op: "isNull" }
-      ],
+      filters,
       limit: 1e3
     });
   } catch {
@@ -21248,13 +21324,18 @@ async function rehydrateHistory(db, threadId, clientHistory) {
   }
   return merged;
 }
-async function ensureThread(db, threadId, title) {
+async function ensureThread(db, threadId, title, ownerUserId) {
   if (threadId) {
     const existing = await db.get("chat_threads", threadId);
-    if (existing && !existing.deleted_at) return threadId;
+    const ownsIt = ownerUserId == null || (existing?.owner_user_id ?? null) === ownerUserId;
+    if (existing && !existing.deleted_at && ownsIt) return threadId;
   }
   const id = crypto.randomUUID();
-  await db.insert("chat_threads", { id, title: title.slice(0, 60) || "Chat" });
+  await db.insert("chat_threads", {
+    id,
+    title: title.slice(0, 60) || "Chat",
+    owner_user_id: ownerUserId
+  });
   return id;
 }
 var REHYDRATE_MAX_TURNS = 6;
@@ -21262,20 +21343,28 @@ var REHYDRATE_MAX_BYTES = 24e3;
 function rehydrateEnabled() {
   return process.env.LATTICE_CHAT_REHYDRATE !== "false";
 }
-async function persistMessage(db, threadId, role, text, turns, startedAt) {
+async function persistMessage(db, threadId, role, text, ownerUserId, turns, startedAt) {
   const payload = turns && turns.length > 0 ? { text, turns } : { text };
   if (startedAt) payload.startedAt = startedAt;
   await db.insert("chat_messages", {
     id: crypto.randomUUID(),
     thread_id: threadId,
+    // Mirror the owning member onto each message so a message read can be
+    // filtered independently of the thread join. NULL on local DBs.
+    owner_user_id: ownerUserId,
     role,
     content_json: JSON.stringify(payload),
     source: role === "user" ? "gui" : "ai"
   });
 }
 async function dispatchChatRoute(req, res, ctx) {
+  const owner = ctx.team ? ctx.team.myUserId : null;
   if (ctx.method === "GET" && ctx.pathname === "/api/chat/threads") {
-    const rows = await ctx.db.query("chat_threads", { limit: 100 });
+    const filters = [
+      { col: "deleted_at", op: "isNull" }
+    ];
+    if (owner != null) filters.push({ col: "owner_user_id", op: "eq", val: owner });
+    const rows = await ctx.db.query("chat_threads", { filters, limit: 100 });
     const threads = rows.filter((r) => !r.deleted_at).map((r) => ({
       id: asStr(r.id),
       title: asStr(r.title, "Chat"),
@@ -21287,7 +21376,19 @@ async function dispatchChatRoute(req, res, ctx) {
   const msgMatch = /^\/api\/chat\/threads\/([^/]+)\/messages$/.exec(ctx.pathname);
   if (ctx.method === "GET" && msgMatch) {
     const threadId2 = decodeURIComponent(msgMatch[1] ?? "");
-    const rows = await ctx.db.query("chat_messages", { limit: 1e3 });
+    if (owner != null) {
+      const thread = await ctx.db.get("chat_threads", threadId2);
+      if (!thread || thread.deleted_at || (thread.owner_user_id ?? null) !== owner) {
+        sendJson4(res, { messages: [] });
+        return true;
+      }
+    }
+    const msgFilters = [{ col: "thread_id", op: "eq", val: threadId2 }];
+    if (owner != null) msgFilters.push({ col: "owner_user_id", op: "eq", val: owner });
+    const rows = await ctx.db.query("chat_messages", {
+      filters: msgFilters,
+      limit: 1e3
+    });
     const messages = rows.filter((r) => r.thread_id === threadId2 && !r.deleted_at).map((r) => {
       let text = "";
       let turns2;
@@ -21341,11 +21442,11 @@ async function dispatchChatRoute(req, res, ctx) {
     return true;
   }
   const requestedThread = typeof body.threadId === "string" ? body.threadId : null;
-  const history = await rehydrateHistory(ctx.db, requestedThread, mapHistory(body.history));
+  const history = await rehydrateHistory(ctx.db, requestedThread, mapHistory(body.history), owner);
   let threadId = "";
   try {
-    threadId = await ensureThread(ctx.db, requestedThread, message);
-    await persistMessage(ctx.db, threadId, "user", message);
+    threadId = await ensureThread(ctx.db, requestedThread, message, owner);
+    await persistMessage(ctx.db, threadId, "user", message, owner);
   } catch (e) {
     console.warn("[chat] persist user message failed:", e.message);
   }
@@ -21432,7 +21533,15 @@ async function dispatchChatRoute(req, res, ctx) {
       ...t.toolCalls.length > 0 ? { toolCalls: t.toolCalls } : {}
     })).filter((t) => t.text.length > 0 || t.tools.length > 0 || (t.events?.length ?? 0) > 0);
     try {
-      await persistMessage(ctx.db, threadId, "assistant", assistantText, cleanTurns, turnStartedAt);
+      await persistMessage(
+        ctx.db,
+        threadId,
+        "assistant",
+        assistantText,
+        owner,
+        cleanTurns,
+        turnStartedAt
+      );
     } catch (e) {
       console.warn("[chat] persist assistant message failed:", e.message);
     }

package/dist/index.cjs

@@ -4935,9 +4935,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4980,9 +4978,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -5028,7 +5024,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -5063,7 +5059,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5501,19 +5497,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5559,14 +5560,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5822,6 +5827,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep2 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep2} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6762,6 +6823,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6776,6 +6844,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or

package/dist/index.d.cts

@@ -2111,6 +2111,31 @@ declare class Lattice {
      * - `Record` → matches every PK column; all must be present in the object.
      */
     private _pkWhere;
+    private static readonly _PK_SEP;
+    /**
+     * The primary-key columns of `table` that PHYSICALLY exist, in declared
+     * order. Empty when the table has no Lattice-addressable key — e.g. a table
+     * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+     * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+     * ACL is possible, so the row-perm SQL must not reference a pk column).
+     */
+    private _resolvedPkCols;
+    /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+    private _serializeRowPk;
+    /**
+     * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+     * row addressed by lookup keys its change-log entry identically to the way
+     * {@link _serializeRowPk} keyed it at insert time.
+     */
+    private _serializePkLookup;
+    /**
+     * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+     * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+     * caller must then avoid referencing a pk column at all. Dialect-aware tab
+     * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+     * {@link _PK_SEP}.
+     */
+    private _pkSqlExpr;
     /**
      * Convert Filter objects into SQL clause strings and bound params.
      * An `in` filter with an empty array is silently ignored (produces no clause).

package/dist/index.d.ts

@@ -2111,6 +2111,31 @@ declare class Lattice {
      * - `Record` → matches every PK column; all must be present in the object.
      */
     private _pkWhere;
+    private static readonly _PK_SEP;
+    /**
+     * The primary-key columns of `table` that PHYSICALLY exist, in declared
+     * order. Empty when the table has no Lattice-addressable key — e.g. a table
+     * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+     * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+     * ACL is possible, so the row-perm SQL must not reference a pk column).
+     */
+    private _resolvedPkCols;
+    /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+    private _serializeRowPk;
+    /**
+     * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+     * row addressed by lookup keys its change-log entry identically to the way
+     * {@link _serializeRowPk} keyed it at insert time.
+     */
+    private _serializePkLookup;
+    /**
+     * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+     * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+     * caller must then avoid referencing a pk column at all. Dialect-aware tab
+     * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+     * {@link _PK_SEP}.
+     */
+    private _pkSqlExpr;
     /**
      * Convert Filter objects into SQL clause strings and bound params.
      * An `in` filter with an empty array is silently ignored (produces no clause).

package/dist/index.js

@@ -4801,9 +4801,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4846,9 +4844,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -4894,7 +4890,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -4929,7 +4925,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5367,19 +5363,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5425,14 +5426,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5688,6 +5693,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep2 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep2} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6628,6 +6689,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6642,6 +6710,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "latticesql",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "Persistent structured memory for AI agent systems — pluggable SQLite or Postgres backend, LLM context bridge",
   "type": "module",
   "main": "./dist/index.js",