latticesql 3.4.0 → 3.4.1

package/dist/index.cjs

@@ -919,43 +919,57 @@ var init_postgres = __esm({
       },
       {
         warn: "could not register json_extract polyfill:",
-        sql: `CREATE OR REPLACE FUNCTION json_extract(doc text, path text)
-         RETURNS text
-         LANGUAGE sql
-         IMMUTABLE
-         AS $fn$
-           SELECT doc::jsonb #>> string_to_array(regexp_replace(path, '^\\$\\.?', ''), '.')
-         $fn$;`
+        // Create ONLY if absent. `CREATE OR REPLACE` on an existing function requires
+        // ownership, but on a cloud the function is owned by whichever single role
+        // created it first — so every OTHER member's per-connect replace raised "must
+        // be owner of function" and (sharing the render transaction) aborted it,
+        // yielding an empty render. The IF-absent guard makes a present function a
+        // clean no-op for everyone, regardless of who owns it.
+        sql: `DO $do$ BEGIN
+      IF to_regprocedure('json_extract(text, text)') IS NULL THEN
+        CREATE FUNCTION json_extract(doc text, path text)
+          RETURNS text
+          LANGUAGE sql
+          IMMUTABLE
+          AS $fn$
+            SELECT doc::jsonb #>> string_to_array(regexp_replace(path, '^\\$\\.?', ''), '.')
+          $fn$;
+      END IF;
+    END $do$;`
       },
       {
         warn: "could not register strftime polyfill:",
-        sql: `CREATE OR REPLACE FUNCTION strftime(format text, modifier text)
-         RETURNS text
-         LANGUAGE plpgsql
-         IMMUTABLE
-         AS $fn$
-         DECLARE ts timestamptz;
-         BEGIN
-           IF modifier = 'now' THEN
-             ts := now();
-           ELSE
-             ts := modifier::timestamptz;
-           END IF;
-           RETURN to_char(
-             ts AT TIME ZONE 'UTC',
-             replace(replace(replace(replace(replace(replace(replace(replace(
-               format,
-               '%Y', 'YYYY'),
-               '%m', 'MM'),
-               '%d', 'DD'),
-               '%H', 'HH24'),
-               '%M', 'MI'),
-               '%S', 'SS'),
-               '%f', 'MS'),
-               'T', '"T"')
-           );
-         END;
-         $fn$;`
+        sql: `DO $do$ BEGIN
+      IF to_regprocedure('strftime(text, text)') IS NULL THEN
+        CREATE FUNCTION strftime(format text, modifier text)
+          RETURNS text
+          LANGUAGE plpgsql
+          IMMUTABLE
+          AS $fn$
+          DECLARE ts timestamptz;
+          BEGIN
+            IF modifier = 'now' THEN
+              ts := now();
+            ELSE
+              ts := modifier::timestamptz;
+            END IF;
+            RETURN to_char(
+              ts AT TIME ZONE 'UTC',
+              replace(replace(replace(replace(replace(replace(replace(replace(
+                format,
+                '%Y', 'YYYY'),
+                '%m', 'MM'),
+                '%d', 'DD'),
+                '%H', 'HH24'),
+                '%M', 'MI'),
+                '%S', 'SS'),
+                '%f', 'MS'),
+                'T', '"T"')
+            );
+          END;
+          $fn$;
+      END IF;
+    END $do$;`
       }
     ];
   }
@@ -2364,6 +2378,34 @@ var init_engine = __esm({
       setRenderFold(fn) {
         this._foldRows = fn;
       }
+      /**
+       * Incremental scope: is this entity-context table affected by a change to one
+       * of `changed`? Affected when the table itself changed (its own rows / `self`
+       * source / index) OR any of its files SOURCES from a changed table (a cross-
+       * table dependent — e.g. an AGENT.md that lists the agent's tasks must re-render
+       * when `tasks` changes). A `custom` source runs an arbitrary query, so we can't
+       * prove independence — treat it as always-affected (conservative, never stale).
+       */
+      _entityAffected(table, def, changed) {
+        if (changed.has(table)) return true;
+        for (const spec of Object.values(def.files)) {
+          if (this._sourceTouches(spec.source, changed)) return true;
+        }
+        return false;
+      }
+      _sourceTouches(source, changed) {
+        if (source == null || typeof source !== "object") return false;
+        const s2 = source;
+        if (s2.type === "custom") return true;
+        if (typeof s2.table === "string" && changed.has(s2.table)) return true;
+        if (typeof s2.junctionTable === "string" && changed.has(s2.junctionTable)) return true;
+        if (s2.sources != null && typeof s2.sources === "object") {
+          for (const sub of Object.values(s2.sources)) {
+            if (this._sourceTouches(sub, changed)) return true;
+          }
+        }
+        return false;
+      }
       async render(outputDir, opts = {}) {
         const start = Date.now();
         const filesWritten = [];
@@ -2373,6 +2415,7 @@ var init_engine = __esm({
         for (const [name, def] of this._schema.getTables()) {
           if (signal?.aborted) return this._abortedResult(filesWritten, counters, start);
           if (this._skipEmpty && def.render === NOOP_RENDER) continue;
+          if (opts.changedTables && !opts.changedTables.has(name)) continue;
           let rows = await this._schema.queryTable(this._adapter, name, this._readRel);
           if (def.relevanceFilter) {
             const ctx = this._getTaskContext();
@@ -2425,6 +2468,9 @@ var init_engine = __esm({
         }
         for (const [name, def] of this._schema.getMultis()) {
           if (signal?.aborted) return this._abortedResult(filesWritten, counters, start);
+          if (opts.changedTables && def.tables && !def.tables.some((t8) => opts.changedTables?.has(t8))) {
+            continue;
+          }
           const keys = await def.keys();
           const tables = {};
           if (def.tables) {
@@ -2456,16 +2502,22 @@ var init_engine = __esm({
           filesWritten,
           counters,
           throttle,
-          signal
+          signal,
+          opts.changedTables
         );
         if (entityContextManifest === null) {
           return this._abortedResult(filesWritten, counters, start);
         }
         if (this._schema.getEntityContexts().size > 0) {
+          let entityContexts = entityContextManifest;
+          if (opts.changedTables) {
+            const prev = readManifest(outputDir);
+            entityContexts = { ...prev?.entityContexts ?? {}, ...entityContextManifest };
+          }
           writeManifest(outputDir, {
             version: 2,
             generated_at: (/* @__PURE__ */ new Date()).toISOString(),
-            entityContexts: entityContextManifest
+            entityContexts
           });
         }
         const result = {
@@ -2531,12 +2583,14 @@ var init_engine = __esm({
        * partial tree). Progress is reported through `throttle`; abort is observed
        * via `signal`.
        */
-      async _renderEntityContexts(outputDir, filesWritten, counters, throttle, signal) {
+      async _renderEntityContexts(outputDir, filesWritten, counters, throttle, signal, changedTables) {
         const protectedTables = /* @__PURE__ */ new Set();
         for (const [t8, d6] of this._schema.getEntityContexts()) {
           if (d6.protected) protectedTables.add(t8);
         }
-        const entityTables = [...this._schema.getEntityContexts()];
+        const entityTables = [...this._schema.getEntityContexts()].filter(
+          ([table, def]) => !changedTables || this._entityAffected(table, def, changedTables)
+        );
         const tableCount = entityTables.length;
         if (signal?.aborted) return null;
         const renderedEntries = await mapWithConcurrency(
@@ -5236,6 +5290,16 @@ var init_lattice = __esm({
       _autoRenderPending = false;
       _autoRenderInFlight = false;
       _autoRenderDebounceMs = 250;
+      /**
+       * Incremental auto-render scope, accumulated between debounced renders. A write
+       * or a remote (cloud) change records the AFFECTED table here, so the next
+       * auto-render re-renders only that entity (+ its cross-table dependents) instead
+       * of the whole tree. `_pendingRenderAll` forces a full render (the initial
+       * render, or a change with no known table). Captured + reset when a render
+       * starts, so changes during a render re-accumulate and re-trigger.
+       */
+      _pendingRenderTables = /* @__PURE__ */ new Set();
+      _pendingRenderAll = true;
       /** Cache of actual table columns (from PRAGMA), populated after init(). */
       _columnCache = /* @__PURE__ */ new Map();
       /** Derived encryption key (from options.encryptionKey via scrypt). */
@@ -6331,7 +6395,7 @@ var init_lattice = __esm({
           `${verb} INTO "${junctionTable}" (${colNames}) VALUES (${placeholders})`,
           Object.values(filtered)
         );
-        this._scheduleAutoRender();
+        this._scheduleAutoRender(junctionTable);
       }
       /**
        * Delete rows from a junction table matching all given conditions.
@@ -6347,7 +6411,7 @@ var init_lattice = __esm({
           `DELETE FROM "${junctionTable}" WHERE ${where}`,
           entries.map(([, v2]) => v2)
         );
-        this._scheduleAutoRender();
+        this._scheduleAutoRender(junctionTable);
       }
       // -------------------------------------------------------------------------
       // Seeding DSL (v0.13+)
@@ -6603,6 +6667,11 @@ var init_lattice = __esm({
       async renderInBackground(outputDir, opts = {}) {
         const notInit = this._notInitError();
         if (notInit) return notInit;
+        if (!opts.changedTables) {
+          this._pendingRenderAll = false;
+          this._pendingRenderTables = /* @__PURE__ */ new Set();
+          this._autoRenderPending = false;
+        }
         return this._renderGuarded(outputDir, opts);
       }
       /**
@@ -6632,9 +6701,12 @@ var init_lattice = __esm({
        * tree when a REMOTE change arrives — notably an owner re-sharing or un-sharing
        * a row, after which the member's per-viewer projection must be recompiled. A
        * no-op when auto-render isn't enabled.
+       *
+       * Pass the CHANGED table so only that entity (+ its cross-table dependents) is
+       * re-rendered instead of the whole tree; omit it to force a full render.
        */
-      requestRender() {
-        this._scheduleAutoRender();
+      requestRender(table) {
+        this._scheduleAutoRender(table);
       }
       /**
        * True while a render is actively writing the context tree + manifest (auto-
@@ -7035,7 +7107,7 @@ var init_lattice = __esm({
             for (const h6 of this._errorHandlers) h6(err instanceof Error ? err : new Error(String(err)));
           }
         }
-        this._scheduleAutoRender();
+        this._scheduleAutoRender(table);
       }
       /**
        * Turn on automatic rendering into `outputDir`. After this, every insert /
@@ -7059,10 +7131,18 @@ var init_lattice = __esm({
         this._autoRenderPending = false;
         return this;
       }
-      _scheduleAutoRender() {
+      _scheduleAutoRender(table) {
         if (!this._autoRenderDir) return;
+        if (table === void 0) this._pendingRenderAll = true;
+        else this._pendingRenderTables.add(table);
         this._autoRenderPending = true;
-        if (this._autoRenderTimer) return;
+        this._armAutoRenderTimer();
+      }
+      /** Arm the debounce timer if not already armed. Does NOT change the render
+       *  scope — used both by `_scheduleAutoRender` and the post-render re-arm so a
+       *  re-arm never escalates a pending incremental render to a full one. */
+      _armAutoRenderTimer() {
+        if (!this._autoRenderDir || this._autoRenderTimer) return;
         this._autoRenderTimer = setTimeout(() => {
           this._autoRenderTimer = void 0;
           void this._runAutoRender();
@@ -7102,10 +7182,15 @@ var init_lattice = __esm({
         }
         if (!this._autoRenderPending) return;
         this._autoRenderPending = false;
+        const renderAll = this._pendingRenderAll;
+        const changed = this._pendingRenderTables;
+        this._pendingRenderAll = false;
+        this._pendingRenderTables = /* @__PURE__ */ new Set();
         this._autoRenderInFlight = true;
         try {
           const prevManifest = readManifest(dir);
-          const result = await this._render.render(dir);
+          const renderOpts = renderAll || changed.size === 0 ? {} : { changedTables: changed };
+          const result = await this._render.render(dir, renderOpts);
           for (const h6 of this._renderHandlers) h6(result);
           const newManifest = readManifest(dir);
           await this._render.cleanup(dir, prevManifest, {}, newManifest);
@@ -7117,7 +7202,7 @@ var init_lattice = __esm({
         }
       }
       _rearmAutoRenderIfPending() {
-        if (this._autoRenderPending) this._scheduleAutoRender();
+        if (this._autoRenderPending) this._armAutoRenderTimer();
       }
       /**
        * Update or remove the embedding for a row.
@@ -47282,6 +47367,17 @@ CREATE TRIGGER "${trg}" AFTER INSERT OR UPDATE OR DELETE ON ${q3}
   FOR EACH ROW EXECUTE FUNCTION "${trg}"();
 `;
 }
+async function ownPolyfillsByGroup(db) {
+  if (!isPg(db)) return;
+  for (const sig of ["json_extract(text, text)", "strftime(text, text)"]) {
+    try {
+      const reg = await getAsyncOrSync(db.adapter, `SELECT to_regprocedure($1) AS reg`, [sig]);
+      if (reg?.reg == null) continue;
+      await runAsyncOrSync(db.adapter, `ALTER FUNCTION ${sig} OWNER TO "${MEMBER_GROUP}"`);
+    } catch {
+    }
+  }
+}
 async function installCloudRls(db) {
   if (!isPg(db)) return;
   const schema = await cloudSchema(db);
@@ -47315,6 +47411,24 @@ CREATE POLICY "lattice_changelog_ins" ON "__lattice_changelog" FOR INSERT WITH C
 `
   );
 }
+async function enableChatPrivacyRls(db) {
+  if (!isPg(db)) return;
+  for (const t8 of ["chat_threads", "chat_messages"]) {
+    const reg = await getAsyncOrSync(db.adapter, `SELECT to_regclass($1) AS reg`, [t8]);
+    if (reg?.reg == null) continue;
+    const q3 = `"${t8}"`;
+    await runCloudBootstrapSql(
+      db,
+      `
+ALTER TABLE ${q3} ENABLE ROW LEVEL SECURITY;
+ALTER TABLE ${q3} FORCE ROW LEVEL SECURITY;
+DROP POLICY IF EXISTS "lattice_chat_owner" ON ${q3};
+CREATE POLICY "lattice_chat_owner" ON ${q3} AS RESTRICTIVE FOR SELECT
+  USING ("owner_user_id" IS NOT NULL AND "owner_user_id" = session_user);
+`
+    );
+  }
+}
 async function enableRlsForTable(db, table, pkCols) {
   if (!isPg(db)) return;
   const schema = await cloudSchema(db);
@@ -54680,9 +54794,11 @@ async function secureCloud(db) {
   if (db.getDialect() !== "postgres") return;
   await registerPostgresPolyfills((sql) => runAsyncOrSync(db.adapter, sql));
   await installCloudRls(db);
+  await ownPolyfillsByGroup(db);
   await installCloudSettings(db);
   await db.ensureObservationSubstrate();
   await enableChangelogRls(db);
+  await enableChatPrivacyRls(db);
   await convergeLegacyColumnAudience(db);
   const registered = db.getRegisteredTableNames();
   for (const table of registered) {
@@ -57728,12 +57844,17 @@ var appJs = `
         fetchJson('/api/gui-meta/columns').catch(function () { return {}; }),
         fetchJson('/api/system-tables').catch(function () { return { tables: [] }; }),
         fetchJson('/api/workspaces').catch(function () { return null; }),
+        fetchJson('/api/dbconfig').catch(function () { return {}; }),
       ]).then(function (results) {
         state.entities = results[0];
         state.iconOverrides = results[1] || {};
         state.columnMeta = results[2] || {};
         state.systemTables = (results[3] && results[3].tables) || [];
         renderWsSwitcher(results[4]);
+        // Re-point the header logo at the NEW workspace's mark \u2014 the switch path
+        // must refresh branding the way boot does (the etag cache-busts the
+        // <img>), else the previous workspace's logo stays until a hard refresh.
+        applyWorkspaceLogo((results[5] || {}).logoEtag);
         renderSidebar();
         // renderWsSwitcher set cloudMode from the new workspace's kind; re-render
         // the composer so the Private-mode toggle reflects local vs cloud (it is
@@ -66384,6 +66505,7 @@ function activeCloudCoords(configPath) {
 init_assistant_routes();
 
 // src/gui/chat-routes.ts
+init_adapter();
 init_assistant_routes();
 init_chat();
 init_user_config();
@@ -66409,6 +66531,15 @@ function sendJson3(res, body, status = 200) {
 function asStr(v2, fallback = "") {
   return typeof v2 === "string" ? v2 : fallback;
 }
+function isCloudChat(db) {
+  return db.getDialect() === "postgres";
+}
+async function resolveChatOwnerId(db) {
+  if (!isCloudChat(db)) return null;
+  const row = await getAsyncOrSync(db.adapter, "SELECT session_user AS u");
+  const u2 = row?.u;
+  return typeof u2 === "string" && u2.length > 0 ? u2 : null;
+}
 function readJson3(req) {
   return new Promise((resolve12, reject) => {
     let raw = "";
@@ -66601,12 +66732,20 @@ async function persistMessage(db, threadId, role, text, ownerUserId, turns, star
   });
 }
 async function dispatchChatRoute(req, res, ctx) {
+  const ownerUserId = await resolveChatOwnerId(ctx.db);
+  const cloud = isCloudChat(ctx.db);
+  const ownedByMe = (r6) => !cloud || r6.owner_user_id != null && r6.owner_user_id === ownerUserId;
   if (ctx.method === "GET" && ctx.pathname === "/api/chat/threads") {
+    if (cloud && ownerUserId == null) {
+      sendJson3(res, { threads: [] });
+      return true;
+    }
     const filters = [
       { col: "deleted_at", op: "isNull" }
     ];
+    if (ownerUserId != null) filters.push({ col: "owner_user_id", op: "eq", val: ownerUserId });
     const rows = await ctx.db.query("chat_threads", { filters, limit: 100 });
-    const threads = rows.filter((r6) => !r6.deleted_at).map((r6) => ({
+    const threads = rows.filter((r6) => !r6.deleted_at && ownedByMe(r6)).map((r6) => ({
       id: asStr(r6.id),
       title: asStr(r6.title, "Chat"),
       created_at: asStr(r6.created_at)
@@ -66617,12 +66756,19 @@ async function dispatchChatRoute(req, res, ctx) {
   const msgMatch = /^\/api\/chat\/threads\/([^/]+)\/messages$/.exec(ctx.pathname);
   if (ctx.method === "GET" && msgMatch) {
     const threadId2 = decodeURIComponent(msgMatch[1] ?? "");
-    const msgFilters = [{ col: "thread_id", op: "eq", val: threadId2 }];
+    if (cloud && ownerUserId == null) {
+      sendJson3(res, { messages: [] });
+      return true;
+    }
+    const msgFilters = [
+      { col: "thread_id", op: "eq", val: threadId2 }
+    ];
+    if (ownerUserId != null) msgFilters.push({ col: "owner_user_id", op: "eq", val: ownerUserId });
     const rows = await ctx.db.query("chat_messages", {
       filters: msgFilters,
       limit: 1e3
     });
-    const messages = rows.filter((r6) => r6.thread_id === threadId2 && !r6.deleted_at).map((r6) => {
+    const messages = rows.filter((r6) => r6.thread_id === threadId2 && !r6.deleted_at && ownedByMe(r6)).map((r6) => {
       let text = "";
       let turns2;
       let startedAt;
@@ -66675,12 +66821,21 @@ async function dispatchChatRoute(req, res, ctx) {
     return true;
   }
   const requestedThread = typeof body.threadId === "string" ? body.threadId : null;
+  if (cloud && ownerUserId == null) {
+    sendJson3(res, { error: "Could not resolve your cloud identity; chat is disabled." }, 500);
+    return true;
+  }
   const activeContext = parseActiveContext(body.activeContext, ctx.validTables);
-  const history = await rehydrateHistory(ctx.db, requestedThread, mapHistory(body.history), null);
+  const history = await rehydrateHistory(
+    ctx.db,
+    requestedThread,
+    mapHistory(body.history),
+    ownerUserId
+  );
   let threadId = "";
   try {
-    threadId = await ensureThread(ctx.db, requestedThread, message, null);
-    await persistMessage(ctx.db, threadId, "user", message, null);
+    threadId = await ensureThread(ctx.db, requestedThread, message, ownerUserId);
+    await persistMessage(ctx.db, threadId, "user", message, ownerUserId);
   } catch (e6) {
     console.warn("[chat] persist user message failed:", e6.message);
   }
@@ -66752,7 +66907,7 @@ async function dispatchChatRoute(req, res, ctx) {
         threadId,
         "assistant",
         assistantText,
-        null,
+        ownerUserId,
         cleanTurns,
         turnStartedAt,
         assistantMsgId
@@ -67751,9 +67906,11 @@ async function openConfig(configPath, outputDir, autoRender = false, realtimeWat
       if (await cloudRlsInstalled(db) && await canManageRoles(db)) {
         await registerPostgresPolyfills((sql) => runAsyncOrSync(db.adapter, sql));
         await installCloudRls(db);
+        await ownPolyfillsByGroup(db);
         await installCloudSettings(db);
         await db.ensureObservationSubstrate();
         await enableChangelogRls(db);
+        await enableChatPrivacyRls(db);
         const access = await reconcileCloudMemberAccess(db);
         convergeWarnings = access.skipped;
         for (const s2 of convergeWarnings) {
@@ -67915,11 +68072,22 @@ function startBackgroundRender(active) {
     active.eagerRenderWired = true;
     let lastFire = 0;
     let trailing;
+    const pendingTables = /* @__PURE__ */ new Set();
+    let pendingFull = false;
     const fire = () => {
       lastFire = Date.now();
-      active.db.requestRender();
+      if (pendingFull || pendingTables.size === 0) {
+        pendingFull = false;
+        pendingTables.clear();
+        active.db.requestRender();
+        return;
+      }
+      for (const t8 of pendingTables) active.db.requestRender(t8);
+      pendingTables.clear();
     };
-    active.realtime.subscribePayload(() => {
+    active.realtime.subscribePayload((payload) => {
+      if (payload.table_name) pendingTables.add(payload.table_name);
+      else pendingFull = true;
       const since = Date.now() - lastFire;
       if (since >= EAGER_RERENDER_MIN_INTERVAL_MS) {
         fire();

package/dist/index.d.cts

@@ -1816,6 +1816,16 @@ type RenderProgressCallback = (event: RenderProgress) => void;
 interface RenderOptions {
     onProgress?: RenderProgressCallback;
     signal?: AbortSignal;
+    /**
+     * Incremental render scope. When set, ONLY the entity-context tables affected
+     * by a change to one of these tables are re-rendered — the changed table itself
+     * plus any entity context that SOURCES from it (cross-table dependents) — and
+     * every other table's manifest entry + rendered files are left untouched. Used
+     * by the auto-render that fires on a single write or a single remote (cloud)
+     * change, so a one-row edit re-renders one entity instead of the whole tree.
+     * Omitted → a full render of everything (initial open, explicit `render()`).
+     */
+    changedTables?: ReadonlySet<string>;
 }
 /**
  * Coalesces high-frequency `table-progress` events down to ≤ ~5/sec per table,
@@ -1903,6 +1913,16 @@ declare class Lattice {
     private _autoRenderPending;
     private _autoRenderInFlight;
     private _autoRenderDebounceMs;
+    /**
+     * Incremental auto-render scope, accumulated between debounced renders. A write
+     * or a remote (cloud) change records the AFFECTED table here, so the next
+     * auto-render re-renders only that entity (+ its cross-table dependents) instead
+     * of the whole tree. `_pendingRenderAll` forces a full render (the initial
+     * render, or a change with no known table). Captured + reset when a render
+     * starts, so changes during a render re-accumulate and re-trigger.
+     */
+    private _pendingRenderTables;
+    private _pendingRenderAll;
     /** Cache of actual table columns (from PRAGMA), populated after init(). */
     private readonly _columnCache;
     /** Derived encryption key (from options.encryptionKey via scrypt). */
@@ -2323,8 +2343,11 @@ declare class Lattice {
      * tree when a REMOTE change arrives — notably an owner re-sharing or un-sharing
      * a row, after which the member's per-viewer projection must be recompiled. A
      * no-op when auto-render isn't enabled.
+     *
+     * Pass the CHANGED table so only that entity (+ its cross-table dependents) is
+     * re-rendered instead of the whole tree; omit it to force a full render.
      */
-    requestRender(): void;
+    requestRender(table?: string): void;
     /**
      * True while a render is actively writing the context tree + manifest (auto-
      * render OR a guarded background render). The file-loopback watcher checks this
@@ -2483,6 +2506,10 @@ declare class Lattice {
     /** Turn off automatic rendering and cancel any pending render. */
     disableAutoRender(): this;
     private _scheduleAutoRender;
+    /** Arm the debounce timer if not already armed. Does NOT change the render
+     *  scope — used both by `_scheduleAutoRender` and the post-render re-arm so a
+     *  re-arm never escalates a pending incremental render to a full one. */
+    private _armAutoRenderTimer;
     /**
      * Shared single-flight render path used by {@link renderInBackground}.
      *

package/dist/index.d.ts

@@ -1816,6 +1816,16 @@ type RenderProgressCallback = (event: RenderProgress) => void;
 interface RenderOptions {
     onProgress?: RenderProgressCallback;
     signal?: AbortSignal;
+    /**
+     * Incremental render scope. When set, ONLY the entity-context tables affected
+     * by a change to one of these tables are re-rendered — the changed table itself
+     * plus any entity context that SOURCES from it (cross-table dependents) — and
+     * every other table's manifest entry + rendered files are left untouched. Used
+     * by the auto-render that fires on a single write or a single remote (cloud)
+     * change, so a one-row edit re-renders one entity instead of the whole tree.
+     * Omitted → a full render of everything (initial open, explicit `render()`).
+     */
+    changedTables?: ReadonlySet<string>;
 }
 /**
  * Coalesces high-frequency `table-progress` events down to ≤ ~5/sec per table,
@@ -1903,6 +1913,16 @@ declare class Lattice {
     private _autoRenderPending;
     private _autoRenderInFlight;
     private _autoRenderDebounceMs;
+    /**
+     * Incremental auto-render scope, accumulated between debounced renders. A write
+     * or a remote (cloud) change records the AFFECTED table here, so the next
+     * auto-render re-renders only that entity (+ its cross-table dependents) instead
+     * of the whole tree. `_pendingRenderAll` forces a full render (the initial
+     * render, or a change with no known table). Captured + reset when a render
+     * starts, so changes during a render re-accumulate and re-trigger.
+     */
+    private _pendingRenderTables;
+    private _pendingRenderAll;
     /** Cache of actual table columns (from PRAGMA), populated after init(). */
     private readonly _columnCache;
     /** Derived encryption key (from options.encryptionKey via scrypt). */
@@ -2323,8 +2343,11 @@ declare class Lattice {
      * tree when a REMOTE change arrives — notably an owner re-sharing or un-sharing
      * a row, after which the member's per-viewer projection must be recompiled. A
      * no-op when auto-render isn't enabled.
+     *
+     * Pass the CHANGED table so only that entity (+ its cross-table dependents) is
+     * re-rendered instead of the whole tree; omit it to force a full render.
      */
-    requestRender(): void;
+    requestRender(table?: string): void;
     /**
      * True while a render is actively writing the context tree + manifest (auto-
      * render OR a guarded background render). The file-loopback watcher checks this
@@ -2483,6 +2506,10 @@ declare class Lattice {
     /** Turn off automatic rendering and cancel any pending render. */
     disableAutoRender(): this;
     private _scheduleAutoRender;
+    /** Arm the debounce timer if not already armed. Does NOT change the render
+     *  scope — used both by `_scheduleAutoRender` and the post-render re-arm so a
+     *  re-arm never escalates a pending incremental render to a full one. */
+    private _armAutoRenderTimer;
     /**
      * Shared single-flight render path used by {@link renderInBackground}.
      *