latticesql 2.2.0 → 2.2.2

package/dist/cli.js

@@ -4935,9 +4935,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4980,9 +4978,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -5028,7 +5024,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -5063,7 +5059,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5501,19 +5497,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5559,14 +5560,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5822,6 +5827,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep5 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep5} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6359,6 +6420,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6373,6 +6441,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or
@@ -7512,20 +7584,6 @@ var css = `
     .grants-panel .grants-title { font-weight: 600; margin-bottom: 6px; }
     .grants-panel .grants-row { display: flex; align-items: center; gap: 8px; padding: 3px 0; cursor: pointer; }
     .grants-panel .grants-row input { accent-color: var(--accent); }
-    /* Deprecation banner: shown when the workspace holds a grandfathered
-       direct database cloud connection (no row-level security). Amber so
-       it reads as a warning, not an error. */
-    .deprecation-banner {
-      display: flex; align-items: center; gap: 12px;
-      padding: 8px 16px; font-size: 13px;
-      background: rgba(234, 179, 8, 0.12); color: var(--text);
-      border-bottom: 1px solid rgba(234, 179, 8, 0.45);
-    }
-    .deprecation-banner button {
-      margin-left: auto; background: transparent; border: none; cursor: pointer;
-      color: var(--text-muted); font-size: 13px; padding: 2px 6px; border-radius: 4px;
-    }
-    .deprecation-banner button:hover { background: rgba(234, 179, 8, 0.18); }
 
     /* Inline create-row at the bottom of every table */
     tr.create-row td { background: var(--surface-2); }
@@ -9016,27 +9074,6 @@ var appJs = `
 
     window.addEventListener('hashchange', renderRoute);
 
-    // Deprecation banner: a grandfathered direct database cloud connection
-    // bypasses the hosted server's row security entirely \u2014 say so up front.
-    // Dismiss hides it for this browser session only.
-    function initDeprecationBanner() {
-      if (sessionStorage.getItem('lattice-direct-banner-dismissed')) return;
-      fetchJson('/api/dbconfig').then(function (d) {
-        if (!d || !d.directCloud) return;
-        var banner = document.getElementById('deprecation-banner');
-        var text = document.getElementById('deprecation-banner-text');
-        if (!banner || !text) return;
-        text.textContent = "Direct database cloud connections are deprecated and don't support row-level security. Migrate to a hosted workspace.";
-        banner.hidden = false;
-        var dismiss = document.getElementById('deprecation-banner-dismiss');
-        if (dismiss) dismiss.addEventListener('click', function () {
-          banner.hidden = true;
-          sessionStorage.setItem('lattice-direct-banner-dismissed', '1');
-        });
-      }).catch(function () { /* dbconfig unavailable (e.g. team-cloud server mode) \u2014 no banner */ });
-    }
-    initDeprecationBanner();
-
     // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
     // Sidebar
     // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
@@ -11437,9 +11474,11 @@ var appJs = `
             headers: { 'content-type': 'application/json' },
             body: JSON.stringify({ share: !isShared }),
           }).then(function () {
-            // The server updated team visibility in place (no DB re-open),
-            // so a light in-place refresh reflects it without a full reload.
-            return dmRefreshPanel(tableName, false);
+            // Rebuild the graph (not just the panel) so the node's share-status
+            // colour (gnode-shared/gnode-private) recolours immediately from the
+            // refreshed entities \u2014 otherwise the swatch stayed stale until a
+            // manual reload. The editor re-shows for the same table.
+            return dmRefreshPanel(tableName, true);
           }).then(function () {
             showToast(isShared ? 'Unshared "' + tableName + '" from workspace' : 'Shared "' + tableName + '" with workspace', {});
           }).catch(function (e) { showToast('Share update failed: ' + e.message, {}); });
@@ -14159,10 +14198,6 @@ var guiAppHtml = `<!doctype html>
       </svg>
     </button>
   </header>
-  <div class="deprecation-banner" id="deprecation-banner" hidden>
-    <span id="deprecation-banner-text"></span>
-    <button id="deprecation-banner-dismiss" title="Dismiss for this session" aria-label="Dismiss">\u2715</button>
-  </div>
   <div class="layout">
     <nav class="sidebar">
       <label class="sidebar-advanced toggle" title="Advanced mode \u2014 row/table editor instead of the file workspace">
@@ -15334,19 +15369,12 @@ async function destroyTeamDirect(db) {
   }
   await db.delete("__lattice_team_identity", "singleton");
 }
-var directDeprecationWarned = false;
 async function openCloud(cloudUrl) {
   if (!isPostgresUrl(cloudUrl)) {
     throw new Error(
       `direct-ops: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
     );
   }
-  if (!directDeprecationWarned) {
-    directDeprecationWarned = true;
-    console.warn(
-      "[teams] Direct postgres:// team-cloud connection is deprecated and does NOT enforce 2.2 row-level security. Migrate to a hosted Lattice Teams server."
-    );
-  }
   const db = new Lattice(cloudUrl);
   await db.init();
   for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {
@@ -15511,7 +15539,7 @@ async function resolveUserIdByEmail(db, email) {
 function isVisibleInTeam(tableName, ctx) {
   if (ctx.shared.has(tableName)) return true;
   const owner = ctx.owners.get(tableName);
-  if (owner === void 0) return true;
+  if (owner === void 0) return ctx.isCreator;
   return owner === ctx.myUserId;
 }
 async function listTeamUsers(db) {
@@ -19331,10 +19359,7 @@ async function dispatchDbConfigRoute(req, res, ctx) {
         // without a local `__lattice_team_connections` row (which doesn't
         // exist when the team cloud itself is the active database).
         teamId: ctx.teamMembership?.teamId ?? null,
-        myUserId: ctx.teamMembership?.myUserId ?? null,
-        // Deprecated direct postgres:// team connection present → the SPA
-        // shows the migrate-to-hosted deprecation banner.
-        directCloud: ctx.directCloud
+        myUserId: ctx.teamMembership?.myUserId ?? null
       });
     });
     return true;
@@ -20793,8 +20818,12 @@ async function buildSchemaContext(d) {
   }
   return lines.join("\n");
 }
-function buildSystemPrompt(schema) {
-  return `${BASE_SYSTEM_PROMPT}
+function buildSystemPrompt(schema, operatorName) {
+  const who = operatorName && operatorName.trim().length > 0 ? `
+
+# Who you are assisting
+You are assisting ${operatorName.trim()}. When the user says "me" / "my", they mean ${operatorName.trim()}; never ask the user for their own name.` : "";
+  return `${BASE_SYSTEM_PROMPT}${who}
 
 # Current database
 ${schema}`;
@@ -20809,7 +20838,7 @@ async function* runChat(opts) {
     ...opts.history ?? [],
     { role: "user", content: opts.userMessage }
   ];
-  const system = buildSystemPrompt(await buildSchemaContext(opts.dispatch));
+  const system = buildSystemPrompt(await buildSchemaContext(opts.dispatch), opts.operatorName);
   let loop = 0;
   try {
     for (; loop < MAX_TOOL_LOOPS; loop++) {
@@ -21168,15 +21197,19 @@ function collapseSameRole(msgs) {
   }
   return out;
 }
-async function rehydrateHistory(db, threadId, clientHistory) {
+async function rehydrateHistory(db, threadId, clientHistory, ownerUserId) {
   if (!threadId || !rehydrateEnabled()) return clientHistory;
   let rows;
   try {
+    const filters = [
+      { col: "thread_id", op: "eq", val: threadId },
+      { col: "deleted_at", op: "isNull" }
+    ];
+    if (ownerUserId != null) {
+      filters.push({ col: "owner_user_id", op: "eq", val: ownerUserId });
+    }
     rows = await db.query("chat_messages", {
-      filters: [
-        { col: "thread_id", op: "eq", val: threadId },
-        { col: "deleted_at", op: "isNull" }
-      ],
+      filters,
       limit: 1e3
     });
   } catch {
@@ -21248,13 +21281,18 @@ async function rehydrateHistory(db, threadId, clientHistory) {
   }
   return merged;
 }
-async function ensureThread(db, threadId, title) {
+async function ensureThread(db, threadId, title, ownerUserId) {
   if (threadId) {
     const existing = await db.get("chat_threads", threadId);
-    if (existing && !existing.deleted_at) return threadId;
+    const ownsIt = ownerUserId == null || (existing?.owner_user_id ?? null) === ownerUserId;
+    if (existing && !existing.deleted_at && ownsIt) return threadId;
   }
   const id = crypto.randomUUID();
-  await db.insert("chat_threads", { id, title: title.slice(0, 60) || "Chat" });
+  await db.insert("chat_threads", {
+    id,
+    title: title.slice(0, 60) || "Chat",
+    owner_user_id: ownerUserId
+  });
   return id;
 }
 var REHYDRATE_MAX_TURNS = 6;
@@ -21262,20 +21300,28 @@ var REHYDRATE_MAX_BYTES = 24e3;
 function rehydrateEnabled() {
   return process.env.LATTICE_CHAT_REHYDRATE !== "false";
 }
-async function persistMessage(db, threadId, role, text, turns, startedAt) {
+async function persistMessage(db, threadId, role, text, ownerUserId, turns, startedAt) {
   const payload = turns && turns.length > 0 ? { text, turns } : { text };
   if (startedAt) payload.startedAt = startedAt;
   await db.insert("chat_messages", {
     id: crypto.randomUUID(),
     thread_id: threadId,
+    // Mirror the owning member onto each message so a message read can be
+    // filtered independently of the thread join. NULL on local DBs.
+    owner_user_id: ownerUserId,
     role,
     content_json: JSON.stringify(payload),
     source: role === "user" ? "gui" : "ai"
   });
 }
 async function dispatchChatRoute(req, res, ctx) {
+  const owner = ctx.team ? ctx.team.myUserId : null;
   if (ctx.method === "GET" && ctx.pathname === "/api/chat/threads") {
-    const rows = await ctx.db.query("chat_threads", { limit: 100 });
+    const filters = [
+      { col: "deleted_at", op: "isNull" }
+    ];
+    if (owner != null) filters.push({ col: "owner_user_id", op: "eq", val: owner });
+    const rows = await ctx.db.query("chat_threads", { filters, limit: 100 });
     const threads = rows.filter((r) => !r.deleted_at).map((r) => ({
       id: asStr(r.id),
       title: asStr(r.title, "Chat"),
@@ -21287,7 +21333,19 @@ async function dispatchChatRoute(req, res, ctx) {
   const msgMatch = /^\/api\/chat\/threads\/([^/]+)\/messages$/.exec(ctx.pathname);
   if (ctx.method === "GET" && msgMatch) {
     const threadId2 = decodeURIComponent(msgMatch[1] ?? "");
-    const rows = await ctx.db.query("chat_messages", { limit: 1e3 });
+    if (owner != null) {
+      const thread = await ctx.db.get("chat_threads", threadId2);
+      if (!thread || thread.deleted_at || (thread.owner_user_id ?? null) !== owner) {
+        sendJson4(res, { messages: [] });
+        return true;
+      }
+    }
+    const msgFilters = [{ col: "thread_id", op: "eq", val: threadId2 }];
+    if (owner != null) msgFilters.push({ col: "owner_user_id", op: "eq", val: owner });
+    const rows = await ctx.db.query("chat_messages", {
+      filters: msgFilters,
+      limit: 1e3
+    });
     const messages = rows.filter((r) => r.thread_id === threadId2 && !r.deleted_at).map((r) => {
       let text = "";
       let turns2;
@@ -21341,11 +21399,11 @@ async function dispatchChatRoute(req, res, ctx) {
     return true;
   }
   const requestedThread = typeof body.threadId === "string" ? body.threadId : null;
-  const history = await rehydrateHistory(ctx.db, requestedThread, mapHistory(body.history));
+  const history = await rehydrateHistory(ctx.db, requestedThread, mapHistory(body.history), owner);
   let threadId = "";
   try {
-    threadId = await ensureThread(ctx.db, requestedThread, message);
-    await persistMessage(ctx.db, threadId, "user", message);
+    threadId = await ensureThread(ctx.db, requestedThread, message, owner);
+    await persistMessage(ctx.db, threadId, "user", message, owner);
   } catch (e) {
     console.warn("[chat] persist user message failed:", e.message);
   }
@@ -21391,6 +21449,9 @@ async function dispatchChatRoute(req, res, ctx) {
       history,
       userMessage: message,
       temperature,
+      // Give the assistant the operator's name so it addresses them and
+      // resolves "me"/"my" without asking for a name it already has.
+      operatorName: readIdentity().display_name,
       // Capture each executed tool call (capped) for cross-turn replay memory.
       onToolRecord: (rec) => {
         turns[turns.length - 1]?.toolCalls.push(rec);
@@ -21432,7 +21493,15 @@ async function dispatchChatRoute(req, res, ctx) {
       ...t.toolCalls.length > 0 ? { toolCalls: t.toolCalls } : {}
     })).filter((t) => t.text.length > 0 || t.tools.length > 0 || (t.events?.length ?? 0) > 0);
     try {
-      await persistMessage(ctx.db, threadId, "assistant", assistantText, cleanTurns, turnStartedAt);
+      await persistMessage(
+        ctx.db,
+        threadId,
+        "assistant",
+        assistantText,
+        owner,
+        cleanTurns,
+        turnStartedAt
+      );
     } catch (e) {
       console.warn("[chat] persist assistant message failed:", e.message);
     }
@@ -21964,6 +22033,10 @@ async function attachBlob(srcPath, latticeRoot) {
 }
 
 // src/gui/ingest-routes.ts
+function fileSlug(name, id) {
+  const base = slugify(name.replace(/\.[^./\\]+$/, "")) || "file";
+  return `${base}-${id.slice(0, 8)}`;
+}
 var MIME_BY_EXT = {
   ".pdf": "application/pdf",
   ".png": "image/png",
@@ -22331,8 +22404,10 @@ async function dispatchIngestRoute(req, res, ctx) {
     } finally {
       await rm(tmp, { force: true }).catch(() => void 0);
     }
+    const fileId = crypto.randomUUID();
     const { id: id2 } = await createRow(mctx, "files", {
-      id: crypto.randomUUID(),
+      id: fileId,
+      slug: fileSlug(name2, fileId),
       original_name: name2,
       mime: mime2,
       size_bytes: buf.length,
@@ -22383,8 +22458,10 @@ async function dispatchIngestRoute(req, res, ctx) {
         console.warn("[ingest] url crawl failed:", e.message);
       }
     }
+    const textFileId = crypto.randomUUID();
     const { id: id2 } = await createRow(mctx, "files", {
-      id: crypto.randomUUID(),
+      id: textFileId,
+      slug: fileSlug(title, textFileId),
       original_name: title,
       mime: mime2,
       size_bytes: Buffer.byteLength(content, "utf8"),
@@ -22418,8 +22495,10 @@ async function dispatchIngestRoute(req, res, ctx) {
   }
   const name = basename10(abs);
   const mime = mimeFor(name);
+  const localFileId = crypto.randomUUID();
   const { id } = await createRow(mctx, "files", {
-    id: crypto.randomUUID(),
+    id: localFileId,
+    slug: fileSlug(name, localFileId),
     path: abs,
     original_name: name,
     mime,
@@ -22956,13 +23035,6 @@ async function openConfig(configPath, outputDir, autoRender = false) {
       if (!isVisibleInTeam(name, teamContext)) validTables.delete(name);
     }
   }
-  let directTeamConnection = false;
-  try {
-    const conns = await teamsClient.listConnections();
-    directTeamConnection = conns.some((c) => isPostgresUrl(c.cloud_url));
-  } catch (e) {
-    console.warn("[openConfig] could not check for direct team connections:", e.message);
-  }
   let realtime = null;
   if (db.getDialect() === "postgres") {
     try {
@@ -23003,7 +23075,6 @@ async function openConfig(configPath, outputDir, autoRender = false) {
     teamsClient,
     validTables,
     teamContext,
-    directTeamConnection,
     junctionTables,
     entityContextByTable,
     manifest,
@@ -25099,7 +25170,6 @@ data: ${JSON.stringify(data)}
               teamId: active.teamContext.teamId,
               myUserId: active.teamContext.myUserId
             } : null,
-            directCloud: active.directTeamConnection,
             swap: async () => {
               const next = await openConfig(active.configPath, active.outputDir, autoRender);
               await disposeActive(active);

package/dist/index.cjs

@@ -4935,9 +4935,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4980,9 +4978,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -5028,7 +5024,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -5063,7 +5059,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5501,19 +5497,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5559,14 +5560,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5822,6 +5827,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep2 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep2} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6762,6 +6823,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6776,6 +6844,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or
@@ -8024,19 +8096,12 @@ async function destroyTeamDirect(db) {
   }
   await db.delete("__lattice_team_identity", "singleton");
 }
-var directDeprecationWarned = false;
 async function openCloud(cloudUrl) {
   if (!isPostgresUrl(cloudUrl)) {
     throw new Error(
       `direct-ops: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
     );
   }
-  if (!directDeprecationWarned) {
-    directDeprecationWarned = true;
-    console.warn(
-      "[teams] Direct postgres:// team-cloud connection is deprecated and does NOT enforce 2.2 row-level security. Migrate to a hosted Lattice Teams server."
-    );
-  }
   const db = new Lattice(cloudUrl);
   await db.init();
   for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {

package/dist/index.d.cts

@@ -2111,6 +2111,31 @@ declare class Lattice {
      * - `Record` → matches every PK column; all must be present in the object.
      */
     private _pkWhere;
+    private static readonly _PK_SEP;
+    /**
+     * The primary-key columns of `table` that PHYSICALLY exist, in declared
+     * order. Empty when the table has no Lattice-addressable key — e.g. a table
+     * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+     * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+     * ACL is possible, so the row-perm SQL must not reference a pk column).
+     */
+    private _resolvedPkCols;
+    /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+    private _serializeRowPk;
+    /**
+     * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+     * row addressed by lookup keys its change-log entry identically to the way
+     * {@link _serializeRowPk} keyed it at insert time.
+     */
+    private _serializePkLookup;
+    /**
+     * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+     * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+     * caller must then avoid referencing a pk column at all. Dialect-aware tab
+     * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+     * {@link _PK_SEP}.
+     */
+    private _pkSqlExpr;
     /**
      * Convert Filter objects into SQL clause strings and bound params.
      * An `in` filter with an empty array is silently ignored (produces no clause).

package/dist/index.d.ts

@@ -2111,6 +2111,31 @@ declare class Lattice {
      * - `Record` → matches every PK column; all must be present in the object.
      */
     private _pkWhere;
+    private static readonly _PK_SEP;
+    /**
+     * The primary-key columns of `table` that PHYSICALLY exist, in declared
+     * order. Empty when the table has no Lattice-addressable key — e.g. a table
+     * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+     * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+     * ACL is possible, so the row-perm SQL must not reference a pk column).
+     */
+    private _resolvedPkCols;
+    /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+    private _serializeRowPk;
+    /**
+     * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+     * row addressed by lookup keys its change-log entry identically to the way
+     * {@link _serializeRowPk} keyed it at insert time.
+     */
+    private _serializePkLookup;
+    /**
+     * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+     * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+     * caller must then avoid referencing a pk column at all. Dialect-aware tab
+     * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+     * {@link _PK_SEP}.
+     */
+    private _pkSqlExpr;
     /**
      * Convert Filter objects into SQL clause strings and bound params.
      * An `in` filter with an empty array is silently ignored (produces no clause).

package/dist/index.js

@@ -4801,9 +4801,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders})`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     await this._appendChangelog(table, pkValue, "insert", rowWithPk, null);
     this._sanitizer.emitAudit(table, "insert", pkValue);
     await this._fireWriteHooks(table, "insert", rowWithPk, pkValue);
@@ -4846,9 +4844,7 @@ var Lattice = class _Lattice {
       `INSERT INTO "${table}" (${cols}) VALUES (${placeholders}) ON CONFLICT(${conflictCols}) DO UPDATE SET ${updateCols}`,
       values
     );
-    const pkCol = pkCols[0] ?? "id";
-    const rawPk = rowWithPk[pkCol];
-    const pkValue = rawPk != null ? String(rawPk) : "";
+    const pkValue = this._serializeRowPk(table, rowWithPk);
     this._sanitizer.emitAudit(table, "update", pkValue);
     this._scheduleAutoRender();
     return pkValue;
@@ -4894,7 +4890,7 @@ var Lattice = class _Lattice {
     }
     const values = [...Object.values(encrypted), ...pkParams];
     await runAsyncOrSync(this._adapter, `UPDATE "${table}" SET ${setCols} WHERE ${clause}`, values);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(table, auditId, "update", sanitized, previousValues);
     this._sanitizer.emitAudit(table, "update", auditId);
     await this._fireWriteHooks(table, "update", sanitized, auditId, Object.keys(sanitized));
@@ -4929,7 +4925,7 @@ var Lattice = class _Lattice {
       previousRow = await getAsyncOrSync(this._adapter, `SELECT * FROM "${table}" WHERE ${clause}`, params) ?? null;
     }
     await runAsyncOrSync(this._adapter, `DELETE FROM "${table}" WHERE ${clause}`, params);
-    const auditId = typeof id === "string" ? id : JSON.stringify(id);
+    const auditId = this._serializePkLookup(table, id);
     await this._appendChangelog(
       table,
       auditId,
@@ -5367,19 +5363,24 @@ var Lattice = class _Lattice {
     this._assertIdent(table);
     if (opts.orderBy) this._assertIdent(table, opts.orderBy);
     const cols = this._ensureColumnCache(table);
-    const pkCol = this._schema.getPrimaryKey(table)[0] ?? "id";
+    const pkExpr = this._pkSqlExpr(this._resolvedPkCols(table));
     let softDelete = "";
     if (cols.has("deleted_at") && opts.deleted !== "any") {
       softDelete = opts.deleted === "only" ? `t."deleted_at" IS NOT NULL AND ` : `t."deleted_at" IS NULL AND `;
     }
-    const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${rowAclVisibleExists("?", "?", pkExpr)}`;
-    const params = [opts.teamId, table, opts.userId, opts.userId];
-    if (opts.noAclVisible) {
-      sql += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-      params.push(opts.teamId, table);
+    const params = [];
+    let visClause;
+    if (pkExpr) {
+      visClause = rowAclVisibleExists("?", "?", pkExpr);
+      params.push(opts.teamId, table, opts.userId, opts.userId);
+      if (opts.noAclVisible) {
+        visClause += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+        params.push(opts.teamId, table);
+      }
+    } else {
+      visClause = opts.noAclVisible ? "1=1" : "1=0";
     }
-    sql += `)`;
+    let sql = `SELECT t.* FROM "${table}" t WHERE ${softDelete}(${visClause})`;
     if (opts.orderBy && cols.has(opts.orderBy)) {
       const dir = opts.orderDir === "desc" ? "DESC" : "ASC";
       sql += ` ORDER BY t."${opts.orderBy}" ${dir}`;
@@ -5425,14 +5426,18 @@ var Lattice = class _Lattice {
     for (const [i, spec] of bounded.entries()) {
       this._assertIdent(spec.table);
       const cols = this._ensureColumnCache(spec.table);
-      const pkCol = this._schema.getPrimaryKey(spec.table)[0] ?? "id";
+      const pkExpr = this._pkSqlExpr(this._resolvedPkCols(spec.table));
       const softDelete = cols.has("deleted_at") ? `t."deleted_at" IS NULL AND ` : "";
-      const pkExpr = `CAST(t."${pkCol}" AS TEXT)`;
-      let predicate = rowAclVisibleExists("?", "?", pkExpr);
-      params.push(opts.teamId, spec.table, opts.userId, opts.userId);
-      if (spec.noAclVisible) {
-        predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
-        params.push(opts.teamId, spec.table);
+      let predicate;
+      if (pkExpr) {
+        predicate = rowAclVisibleExists("?", "?", pkExpr);
+        params.push(opts.teamId, spec.table, opts.userId, opts.userId);
+        if (spec.noAclVisible) {
+          predicate += ` OR ${rowAclAbsent("?", "?", pkExpr)}`;
+          params.push(opts.teamId, spec.table);
+        }
+      } else {
+        predicate = spec.noAclVisible ? "1=1" : "1=0";
       }
       selects.push(
         `(SELECT COUNT(*) FROM "${spec.table}" t WHERE ${softDelete}(${predicate})) AS c${String(i)}`
@@ -5688,6 +5693,62 @@ var Lattice = class _Lattice {
     const params = pkCols.map((col) => id[col]);
     return { clause: clauses.join(" AND "), params };
   }
+  // ── Composite-key serialization for the row-level-permission layer ───────
+  // The row ACL (`__lattice_row_acl`/`__lattice_row_grants`) and the
+  // change-log key each row by a single TEXT `pk`. For a table whose primary
+  // key spans several columns (e.g. a junction table `(project_id,
+  // meeting_id)` with no `id`), that key must encode EVERY pk column, and the
+  // write side (what we store) must match the read side (the SQL that
+  // reconstructs it from row columns). These three helpers are the single
+  // source of truth for both. A single-column key serializes to the bare
+  // value (so all pre-2.2.1 single-`id` ACL data stays valid).
+  static _PK_SEP = "	";
+  /**
+   * The primary-key columns of `table` that PHYSICALLY exist, in declared
+   * order. Empty when the table has no Lattice-addressable key — e.g. a table
+   * reached via raw SQL whose PK metadata defaulted to `['id']` but that has
+   * no `id` column. Callers treat an empty result as "unkeyable" (no per-row
+   * ACL is possible, so the row-perm SQL must not reference a pk column).
+   */
+  _resolvedPkCols(table) {
+    const cols = this._ensureColumnCache(table);
+    return this._schema.getPrimaryKey(table).filter((c) => cols.has(c));
+  }
+  /** Canonical ACL / change-log `pk` string for a row. Matches {@link _pkSqlExpr}. */
+  _serializeRowPk(table, row) {
+    const pkCols = this._resolvedPkCols(table);
+    const cols = pkCols.length > 0 ? pkCols : ["id"];
+    return cols.map((c) => {
+      const v = row[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * Canonical `pk` string for a {@link PkLookup} used by update/delete, so a
+   * row addressed by lookup keys its change-log entry identically to the way
+   * {@link _serializeRowPk} keyed it at insert time.
+   */
+  _serializePkLookup(table, id) {
+    if (typeof id === "string") return id;
+    const pkCols = this._resolvedPkCols(table);
+    if (pkCols.length === 0) return JSON.stringify(id);
+    return pkCols.map((c) => {
+      const v = id[c];
+      return v != null ? String(v) : "";
+    }).join(_Lattice._PK_SEP);
+  }
+  /**
+   * SQL expression reconstructing {@link _serializeRowPk} from a row aliased
+   * `t`. Returns null when the table is unkeyable (no pk columns present) — the
+   * caller must then avoid referencing a pk column at all. Dialect-aware tab
+   * separator: SQLite `char(9)`, Postgres `chr(9)` (both = U+0009), matching
+   * {@link _PK_SEP}.
+   */
+  _pkSqlExpr(pkCols) {
+    if (pkCols.length === 0) return null;
+    const sep2 = this.getDialect() === "postgres" ? "chr(9)" : "char(9)";
+    return pkCols.map((c) => `CAST(t."${c}" AS TEXT)`).join(` || ${sep2} || `);
+  }
   /**
    * Convert Filter objects into SQL clause strings and bound params.
    * An `in` filter with an empty array is silently ignored (produces no clause).
@@ -6628,6 +6689,13 @@ var NATIVE_ENTITY_DEFS = {
     columns: {
       id: "TEXT PRIMARY KEY",
       title: "TEXT",
+      // Cloud user id of the member who started the thread (the operator's
+      // `teamContext.myUserId`). A chat is PRIVATE to its author — on a team
+      // cloud the chat routes only ever return threads whose owner matches the
+      // requesting member. NULL on local single-user databases (no team
+      // context) and on pre-2.2.1 threads, which the routes treat as the local
+      // operator's own (visible only when there is no team context).
+      owner_user_id: "TEXT",
       created_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       updated_at: "TEXT NOT NULL DEFAULT (datetime('now'))",
       deleted_at: "TEXT"
@@ -6642,6 +6710,10 @@ var NATIVE_ENTITY_DEFS = {
       // Soft reference to chat_threads.id. Kept as a plain column (no FK)
       // to match the generic, dialect-agnostic native-entity style.
       thread_id: "TEXT",
+      // Cloud user id of the member the message belongs to — mirrors the
+      // owning thread's owner_user_id so a message read can be filtered
+      // independently of the thread join. NULL on local DBs / pre-2.2.1 rows.
+      owner_user_id: "TEXT",
       // user | assistant | tool | feed | system
       role: "TEXT NOT NULL DEFAULT 'user'",
       // JSON payload: text, tool_use / tool_result blocks, attachments, or
@@ -7890,19 +7962,12 @@ async function destroyTeamDirect(db) {
   }
   await db.delete("__lattice_team_identity", "singleton");
 }
-var directDeprecationWarned = false;
 async function openCloud(cloudUrl) {
   if (!isPostgresUrl(cloudUrl)) {
     throw new Error(
       `direct-ops: cloudUrl must be a postgres:// URL (got ${cloudUrl.slice(0, 12)}\u2026)`
     );
   }
-  if (!directDeprecationWarned) {
-    directDeprecationWarned = true;
-    console.warn(
-      "[teams] Direct postgres:// team-cloud connection is deprecated and does NOT enforce 2.2 row-level security. Migrate to a hosted Lattice Teams server."
-    );
-  }
   const db = new Lattice(cloudUrl);
   await db.init();
   for (const [table, def] of Object.entries(CLOUD_INTERNAL_TABLE_DEFS)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "latticesql",
-  "version": "2.2.0",
+  "version": "2.2.2",
   "description": "Persistent structured memory for AI agent systems — pluggable SQLite or Postgres backend, LLM context bridge",
   "type": "module",
   "main": "./dist/index.js",