latticesql 3.4.1 → 3.4.3

package/dist/cli.js

@@ -8131,6 +8131,33 @@ async function ownPolyfillsByGroup(db) {
     }
   }
 }
+async function enableGuiAuditRls(db) {
+  if (!isPg(db)) return;
+  const reg = await getAsyncOrSync(db.adapter, `SELECT to_regclass($1) AS reg`, [
+    "_lattice_gui_audit"
+  ]);
+  if (reg?.reg == null) return;
+  await runCloudBootstrapSql(
+    db,
+    `
+ALTER TABLE "_lattice_gui_audit" ENABLE ROW LEVEL SECURITY;
+ALTER TABLE "_lattice_gui_audit" FORCE ROW LEVEL SECURITY;
+DROP POLICY IF EXISTS "lattice_gui_audit_owner" ON "_lattice_gui_audit";
+DROP POLICY IF EXISTS "lattice_gui_audit_sel" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_sel" ON "_lattice_gui_audit" FOR SELECT
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_ins" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_ins" ON "_lattice_gui_audit" FOR INSERT
+  WITH CHECK ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_upd" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_upd" ON "_lattice_gui_audit" FOR UPDATE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_del" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_del" ON "_lattice_gui_audit" FOR DELETE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+`
+  );
+}
 async function installCloudRls(db) {
   if (!isPg(db)) return;
   const schema = await cloudSchema(db);
@@ -8296,6 +8323,18 @@ CREATE TABLE IF NOT EXISTS "__lattice_member_invites" (
 -- bootstrap is now run directly + idempotently, not version-gated).
 ALTER TABLE "__lattice_member_invites" ADD COLUMN IF NOT EXISTS "email" text;
 
+-- Owner-published entity/render LAYOUT (the entities + entityContexts config
+-- blocks), so a joined member \u2014 whose generated config has entities: {} \u2014 can
+-- hydrate the full render layout and produce a complete context tree. This holds
+-- schema CONFIG, not row data, so it is safe to share with members (granted
+-- SELECT). A shared singleton, like __lattice_user_identity: no per-row RLS.
+CREATE TABLE IF NOT EXISTS "__lattice_shared_schema" (
+  "id" TEXT PRIMARY KEY DEFAULT 'singleton',
+  "entities_json" TEXT,
+  "contexts_json" TEXT,
+  "updated_at" TEXT
+);
+
 -- #3.1 \u2014 one-time-use + revocation enforcement. After a member authenticates to
 -- the cloud with their minted credential, the join path calls this to CLAIM the
 -- invite. The single atomic UPDATE stamps redeemed_at and returns true ONLY when
@@ -10173,7 +10212,7 @@ var init_registry = __esm({
 });
 
 // src/gui/ai/lattice-docs.ts
-import { readFileSync as readFileSync13, readdirSync as readdirSync5, existsSync as existsSync17 } from "fs";
+import { readFileSync as readFileSync14, readdirSync as readdirSync5, existsSync as existsSync17 } from "fs";
 import { dirname as dirname8, join as join16 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 function findDocsDir() {
@@ -10233,7 +10272,7 @@ function allSections() {
   }
   for (const f6 of files) {
     try {
-      out.push(...sectionsOf(f6, readFileSync13(join16(dir, f6), "utf8")));
+      out.push(...sectionsOf(f6, readFileSync14(join16(dir, f6), "utf8")));
     } catch {
     }
   }
@@ -54484,6 +54523,25 @@ var css = `
       animation: feedSpin 0.7s linear infinite; vertical-align: middle;
     }
     @keyframes feedSpin { to { transform: rotate(360deg); } }
+    /* Batch-upload progress bar \u2014 pinned to the top of the feed while a
+       multi-file drop drains through the bounded-concurrency queue. */
+    .ingest-progress {
+      position: sticky; top: 0; z-index: 3;
+      display: flex; flex-direction: column; gap: 6px;
+      padding: 8px 10px; border-radius: 8px;
+      background: var(--surface); border: 1px solid rgba(190, 242, 100, 0.22);
+      box-shadow: var(--shadow-1), var(--glow-accent-soft);
+    }
+    .ingest-progress-label { font-size: 12px; font-weight: 500; color: var(--text); }
+    .ingest-progress-track {
+      height: 6px; border-radius: 999px; overflow: hidden; background: var(--border-strong);
+    }
+    .ingest-progress-fill {
+      height: 100%; width: 0%; border-radius: 999px;
+      background: linear-gradient(90deg, var(--accent-deep), var(--accent));
+      box-shadow: 0 0 8px rgba(190, 242, 100, 0.5);
+      transition: width 0.3s ease;
+    }
     .assistant-rail {
       position: relative;
       background:
@@ -61820,6 +61878,63 @@ var appJs = `
     // Browsers can't expose the local path, so we POST the bytes; the
     // server extracts + summarizes, then discards them (path stays null).
     // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+    // Cap how many uploads are in flight at once. A browser allows only ~6
+    // HTTP/1.1 connections per host, so a bulk drop of N files would fire N
+    // upload POSTs in parallel and saturate that budget \u2014 every other data
+    // request (entities, rows, navigation) then queues for minutes behind the
+    // multi-minute ingests and the GUI looks frozen. Holding uploads to a few
+    // at a time leaves connections free for the rest of the app (and eases the
+    // AI rate limit each ingest hits server-side). The realtime/feed streams are
+    // already off this budget \u2014 they share one WebSocket \u2014 so this is the last
+    // place a big batch could starve the connection pool.
+    var INGEST_MAX_CONCURRENCY = 3;
+    // Run a batch of upload thunks with at most \`limit\` in flight, calling
+    // onProgress(done, total) as each settles. One failure never stalls the
+    // batch \u2014 uploadFile surfaces its own error and resolves.
+    function runIngestBatch(thunks, limit, onProgress) {
+      return new Promise(function (resolve) {
+        var total = thunks.length, idx = 0, done = 0;
+        function startNext() {
+          if (idx >= total) return;
+          var thunk = thunks[idx++];
+          Promise.resolve().then(thunk).catch(function () { /* already surfaced */ }).then(function () {
+            done++;
+            if (onProgress) onProgress(done, total);
+            if (done === total) resolve(); else startNext();
+          });
+        }
+        for (var i = 0; i < Math.min(limit, total); i++) startNext();
+      });
+    }
+    // A batch-upload progress bar pinned to the top of the rail feed
+    // ("Analyzing N of M\u2026"). The per-file "Analyzing <name>\u2026" cards still
+    // appear, but only INGEST_MAX_CONCURRENCY at a time; this gives the
+    // whole-batch view that the individual cards can't. Returns
+    // { update(done, total), done() }.
+    function ingestProgress(total) {
+      var feedEl = document.getElementById('rail-feed');
+      if (!feedEl) return { update: function () {}, done: function () {} };
+      railEmptyGone();
+      var wrap = document.createElement('div');
+      wrap.className = 'ingest-progress';
+      wrap.innerHTML =
+        '<div class="ingest-progress-label">Analyzing 0 of ' + total + '\u2026</div>' +
+        '<div class="ingest-progress-track"><div class="ingest-progress-fill"></div></div>';
+      feedEl.insertBefore(wrap, feedEl.firstChild);
+      var label = wrap.querySelector('.ingest-progress-label');
+      var fill = wrap.querySelector('.ingest-progress-fill');
+      return {
+        update: function (n, t) {
+          if (label) label.textContent = 'Analyzing ' + n + ' of ' + t + '\u2026';
+          if (fill) fill.style.width = Math.round((n / t) * 100) + '%';
+        },
+        done: function () {
+          if (fill) fill.style.width = '100%';
+          if (label) label.textContent = 'Analyzed ' + total + ' file' + (total === 1 ? '' : 's');
+          setTimeout(function () { if (wrap.parentNode) wrap.parentNode.removeChild(wrap); }, 2500);
+        },
+      };
+    }
     // Append a transient "Analyzing <file>\u2026" row to the feed so the user sees
     // the ingest is processing in the background; returns a disposer. The real
     // create/link feed events stream in over SSE as the server materializes them.
@@ -61879,7 +61994,14 @@ var appJs = `
         });
         return;
       }
-      for (var i = 0; i < files.length; i++) uploadFile(files[i]);
+      // Multi-file: drain through the bounded-concurrency queue (so a big drop
+      // can't saturate the connection budget) with a batch progress bar.
+      var bar = ingestProgress(files.length);
+      var thunks = [];
+      for (var i = 0; i < files.length; i++) {
+        (function (f) { thunks.push(function () { return uploadFile(f); }); })(files[i]);
+      }
+      runIngestBatch(thunks, INGEST_MAX_CONCURRENCY, bar.update).then(bar.done);
     }
     // Mobile: tapping the handle expands/collapses the bottom drawer.
     function initRailDrawer() {
@@ -62767,6 +62889,87 @@ async function discoverCloudTables(db) {
 // src/gui/server.ts
 init_rls();
 
+// src/cloud/shared-schema.ts
+init_lattice();
+init_adapter();
+
+// src/gui/config-io.ts
+import { readFileSync as readFileSync13, writeFileSync as writeFileSync6 } from "fs";
+import { parseDocument as parseDocument2 } from "yaml";
+async function execSql(db, sql) {
+  const adapter = db._adapter;
+  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
+  await adapter.runAsync(sql);
+}
+function loadConfigDoc(configPath) {
+  return parseDocument2(readFileSync13(configPath, "utf8"));
+}
+function saveConfigDoc(configPath, doc) {
+  writeFileSync6(configPath, doc.toString(), "utf8");
+}
+
+// src/cloud/shared-schema.ts
+async function publishSharedSchema(db, configPath) {
+  if (db.getDialect() !== "postgres") return;
+  const cfg = loadConfigDoc(configPath).toJSON();
+  const entities = cfg.entities ?? {};
+  if (Object.keys(entities).length === 0) return;
+  await runAsyncOrSync(
+    db.adapter,
+    `INSERT INTO "__lattice_shared_schema" ("id","entities_json","contexts_json","updated_at")
+       VALUES ('singleton', $1, $2, $3)
+       ON CONFLICT ("id") DO UPDATE SET
+         "entities_json" = EXCLUDED."entities_json",
+         "contexts_json" = EXCLUDED."contexts_json",
+         "updated_at"    = EXCLUDED."updated_at"`,
+    [
+      JSON.stringify(entities),
+      JSON.stringify(cfg.entityContexts ?? null),
+      (/* @__PURE__ */ new Date()).toISOString()
+    ]
+  );
+}
+async function hydrateMemberConfigFromCloud(configPath, dbUrl, encryptionKey) {
+  if (!isPostgresUrl(dbUrl)) return false;
+  const existing = loadConfigDoc(configPath).toJSON();
+  if (Object.keys(existing.entities ?? {}).length > 0) return false;
+  try {
+    const peek = new Lattice({ config: configPath }, { encryptionKey });
+    try {
+      await peek.init({ introspectOnly: true });
+      const reg = await getAsyncOrSync(
+        peek.adapter,
+        "SELECT to_regclass('__lattice_shared_schema') AS reg"
+      );
+      if (reg?.reg == null) return false;
+      const row = await getAsyncOrSync(
+        peek.adapter,
+        'SELECT "entities_json","contexts_json" FROM "__lattice_shared_schema" WHERE "id" = $1',
+        ["singleton"]
+      );
+      if (row?.entities_json == null) return false;
+      const entities = JSON.parse(row.entities_json);
+      if (Object.keys(entities).length === 0) return false;
+      const doc = loadConfigDoc(configPath);
+      doc.setIn(["entities"], entities);
+      if (row.contexts_json != null) {
+        const ctx = JSON.parse(row.contexts_json);
+        if (ctx) doc.setIn(["entityContexts"], ctx);
+      }
+      saveConfigDoc(configPath, doc);
+      return true;
+    } finally {
+      peek.close();
+    }
+  } catch (e6) {
+    console.warn(
+      "[hydrateMemberConfigFromCloud] could not hydrate member schema:",
+      e6.message
+    );
+    return false;
+  }
+}
+
 // src/cloud/settings.ts
 init_adapter();
 init_rls();
@@ -62870,7 +63073,7 @@ var MEMBER_READABLE_BOOKKEEPING = [
   {
     name: "_lattice_gui_audit",
     privs: "SELECT, INSERT",
-    why: "the member's own GUI undo/redo log (session-scoped)"
+    why: "GUI undo/redo + version history; RLS (enableGuiAuditRls) scopes reads to entries whose underlying row the member can see"
   },
   {
     name: "__lattice_user_identity",
@@ -62881,6 +63084,11 @@ var MEMBER_READABLE_BOOKKEEPING = [
     name: "__lattice_changelog",
     privs: "SELECT, INSERT",
     why: "per-viewer-RLS-filtered change history for observe()/history (the policy filters reads, so the base grant is safe)"
+  },
+  {
+    name: "__lattice_shared_schema",
+    privs: "SELECT",
+    why: "owner-published entity/render layout (entities + entityContexts) a joined member hydrates its config from so render produces the full context tree"
   }
 ];
 var MEMBER_EXECUTE_FUNCTIONS = [
@@ -63037,6 +63245,7 @@ async function secureCloud(db) {
   await db.ensureObservationSubstrate();
   await enableChangelogRls(db);
   await enableChatPrivacyRls(db);
+  await enableGuiAuditRls(db);
   await convergeLegacyColumnAudience(db);
   const registered = db.getRegisteredTableNames();
   for (const table of registered) {
@@ -63133,21 +63342,6 @@ var FeedBus = class {
 init_fts();
 init_mutations();
 
-// src/gui/config-io.ts
-import { readFileSync as readFileSync14, writeFileSync as writeFileSync6 } from "fs";
-import { parseDocument as parseDocument2 } from "yaml";
-async function execSql(db, sql) {
-  const adapter = db._adapter;
-  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
-  await adapter.runAsync(sql);
-}
-function loadConfigDoc(configPath) {
-  return parseDocument2(readFileSync14(configPath, "utf8"));
-}
-function saveConfigDoc(configPath, doc) {
-  writeFileSync6(configPath, doc.toString(), "utf8");
-}
-
 // src/gui/schema-ops.ts
 init_parser();
 init_canonical_context();
@@ -64683,6 +64877,7 @@ async function dispatchDbConfigRoute(req, res, ctx) {
         const result = await migrateLatticeData(ctx.db, target);
         await target.rebuildFtsIndexes();
         await secureCloud(target);
+        await publishSharedSchema(target, ctx.configPath);
         target.close();
         const sourceDbPath = parseConfigFile(ctx.configPath).dbPath;
         const backupPath = archiveLocalSqlite(sourceDbPath);
@@ -66541,10 +66736,13 @@ function resolveOutputDirForConfig(configPath) {
 async function openConfig(configPath, outputDir, autoRender = false, realtimeWatchdogMs) {
   healRawDbUrl(configPath);
   const parsed = parseConfigFile(configPath);
+  const encryptionKey = getOrCreateMasterKey();
   if (!/^postgres(ql)?:\/\//i.test(parsed.dbPath) && !parsed.dbPath.startsWith("file:") && parsed.dbPath !== ":memory:") {
     mkdirSync11(dirname14(parsed.dbPath), { recursive: true });
   }
-  const encryptionKey = getOrCreateMasterKey();
+  if (/^postgres(ql)?:\/\//i.test(parsed.dbPath)) {
+    await hydrateMemberConfigFromCloud(configPath, parsed.dbPath, encryptionKey);
+  }
   const db = new Lattice({ config: configPath }, { encryptionKey });
   registerNativeEntities(db);
   db.define("_lattice_gui_meta", {
@@ -66701,16 +66899,27 @@ async function openConfig(configPath, outputDir, autoRender = false, realtimeWat
         await db.ensureObservationSubstrate();
         await enableChangelogRls(db);
         await enableChatPrivacyRls(db);
+        await enableGuiAuditRls(db);
         const access = await reconcileCloudMemberAccess(db);
         convergeWarnings = access.skipped;
         for (const s2 of convergeWarnings) {
           console.warn(`[openConfig] cloud converge could not manage "${s2.table}": ${s2.reason}`);
         }
+        await publishSharedSchema(db, configPath);
       }
     } catch (e6) {
       console.error("[openConfig] cloud bootstrap converge failed:", e6.message);
     }
   }
+  if (memberOpen) {
+    const userTables = db.getRegisteredTableNames().filter((t8) => !t8.startsWith("_") && !discoveredJunctions.has(t8));
+    if (userTables.length === 0) {
+      convergeWarnings.push({
+        table: "(schema)",
+        reason: "No entity layout is configured for this cloud workspace yet \u2014 ask the cloud owner to open the workspace once so it publishes the schema, then reopen. Until then, render produces no context files."
+      });
+    }
+  }
   const validTables = new Set(parsed.tables.map((t8) => t8.name));
   for (const name of db.getRegisteredTableNames()) {
     if (name.startsWith("__lattice_") || name.startsWith("_lattice_")) continue;
@@ -69298,7 +69507,7 @@ function printHelp() {
   );
 }
 function getVersion() {
-  if (true) return "3.4.1";
+  if (true) return "3.4.3";
   try {
     const pkgPath = new URL("../package.json", import.meta.url).pathname;
     const pkg = JSON.parse(readFileSync20(pkgPath, "utf-8"));
@@ -69366,14 +69575,17 @@ function runGenerate(args) {
 }
 async function runRender(args) {
   const outputDir = resolve11(args.output);
+  const configPath = resolve11(args.config);
   let parsed;
   try {
-    parsed = parseConfigFile(resolve11(args.config));
+    parsed = parseConfigFile(configPath);
   } catch (e6) {
     console.error(`Error: ${e6.message}`);
     process.exit(1);
   }
-  const db = new Lattice({ config: resolve11(args.config) });
+  const encryptionKey = getOrCreateMasterKey();
+  await hydrateMemberConfigFromCloud(configPath, parsed.dbPath, encryptionKey);
+  const db = new Lattice({ config: configPath }, { encryptionKey });
   try {
     await db.init();
     const start = Date.now();
@@ -69389,7 +69601,6 @@ async function runRender(args) {
   } finally {
     db.close();
   }
-  void parsed;
 }
 async function runReconcile(args, isDryRun) {
   const outputDir = resolve11(args.output);

package/dist/index.cjs

@@ -47378,6 +47378,33 @@ async function ownPolyfillsByGroup(db) {
     }
   }
 }
+async function enableGuiAuditRls(db) {
+  if (!isPg(db)) return;
+  const reg = await getAsyncOrSync(db.adapter, `SELECT to_regclass($1) AS reg`, [
+    "_lattice_gui_audit"
+  ]);
+  if (reg?.reg == null) return;
+  await runCloudBootstrapSql(
+    db,
+    `
+ALTER TABLE "_lattice_gui_audit" ENABLE ROW LEVEL SECURITY;
+ALTER TABLE "_lattice_gui_audit" FORCE ROW LEVEL SECURITY;
+DROP POLICY IF EXISTS "lattice_gui_audit_owner" ON "_lattice_gui_audit";
+DROP POLICY IF EXISTS "lattice_gui_audit_sel" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_sel" ON "_lattice_gui_audit" FOR SELECT
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_ins" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_ins" ON "_lattice_gui_audit" FOR INSERT
+  WITH CHECK ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_upd" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_upd" ON "_lattice_gui_audit" FOR UPDATE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_del" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_del" ON "_lattice_gui_audit" FOR DELETE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+`
+  );
+}
 async function installCloudRls(db) {
   if (!isPg(db)) return;
   const schema = await cloudSchema(db);
@@ -47543,6 +47570,18 @@ CREATE TABLE IF NOT EXISTS "__lattice_member_invites" (
 -- bootstrap is now run directly + idempotently, not version-gated).
 ALTER TABLE "__lattice_member_invites" ADD COLUMN IF NOT EXISTS "email" text;
 
+-- Owner-published entity/render LAYOUT (the entities + entityContexts config
+-- blocks), so a joined member \u2014 whose generated config has entities: {} \u2014 can
+-- hydrate the full render layout and produce a complete context tree. This holds
+-- schema CONFIG, not row data, so it is safe to share with members (granted
+-- SELECT). A shared singleton, like __lattice_user_identity: no per-row RLS.
+CREATE TABLE IF NOT EXISTS "__lattice_shared_schema" (
+  "id" TEXT PRIMARY KEY DEFAULT 'singleton',
+  "entities_json" TEXT,
+  "contexts_json" TEXT,
+  "updated_at" TEXT
+);
+
 -- #3.1 \u2014 one-time-use + revocation enforcement. After a member authenticates to
 -- the cloud with their minted credential, the join path calls this to CLAIM the
 -- invite. The single atomic UPDATE stamps redeemed_at and returns true ONLY when
@@ -50471,7 +50510,7 @@ function findDocsDir() {
   }
   for (let i6 = 0; i6 < 8; i6++) {
     const candidate = (0, import_node_path31.join)(dir, "docs");
-    if ((0, import_node_fs28.existsSync)((0, import_node_path31.join)(candidate, "cloud.md"))) {
+    if ((0, import_node_fs29.existsSync)((0, import_node_path31.join)(candidate, "cloud.md"))) {
       _docsDir = candidate;
       return _docsDir;
     }
@@ -50512,13 +50551,13 @@ function allSections() {
   const out = [];
   let files = [];
   try {
-    files = (0, import_node_fs28.readdirSync)(dir).filter((f6) => f6.endsWith(".md"));
+    files = (0, import_node_fs29.readdirSync)(dir).filter((f6) => f6.endsWith(".md"));
   } catch {
     files = [];
   }
   for (const f6 of files) {
     try {
-      out.push(...sectionsOf(f6, (0, import_node_fs28.readFileSync)((0, import_node_path31.join)(dir, f6), "utf8")));
+      out.push(...sectionsOf(f6, (0, import_node_fs29.readFileSync)((0, import_node_path31.join)(dir, f6), "utf8")));
     } catch {
     }
   }
@@ -50560,11 +50599,11 @@ function searchLatticeDocs(query, limit = 4) {
     }))
   };
 }
-var import_node_fs28, import_node_path31, import_node_url2, import_meta5, _docsDir, MAX_SECTION_CHARS, _cache;
+var import_node_fs29, import_node_path31, import_node_url2, import_meta5, _docsDir, MAX_SECTION_CHARS, _cache;
 var init_lattice_docs = __esm({
   "src/gui/ai/lattice-docs.ts"() {
     "use strict";
-    import_node_fs28 = require("fs");
+    import_node_fs29 = require("fs");
     import_node_path31 = require("path");
     import_node_url2 = require("url");
     import_meta5 = {};
@@ -54632,7 +54671,7 @@ var MEMBER_READABLE_BOOKKEEPING = [
   {
     name: "_lattice_gui_audit",
     privs: "SELECT, INSERT",
-    why: "the member's own GUI undo/redo log (session-scoped)"
+    why: "GUI undo/redo + version history; RLS (enableGuiAuditRls) scopes reads to entries whose underlying row the member can see"
   },
   {
     name: "__lattice_user_identity",
@@ -54643,6 +54682,11 @@ var MEMBER_READABLE_BOOKKEEPING = [
     name: "__lattice_changelog",
     privs: "SELECT, INSERT",
     why: "per-viewer-RLS-filtered change history for observe()/history (the policy filters reads, so the base grant is safe)"
+  },
+  {
+    name: "__lattice_shared_schema",
+    privs: "SELECT",
+    why: "owner-published entity/render layout (entities + entityContexts) a joined member hydrates its config from so render produces the full context tree"
   }
 ];
 var MEMBER_EXECUTE_FUNCTIONS = [
@@ -54799,6 +54843,7 @@ async function secureCloud(db) {
   await db.ensureObservationSubstrate();
   await enableChangelogRls(db);
   await enableChatPrivacyRls(db);
+  await enableGuiAuditRls(db);
   await convergeLegacyColumnAudience(db);
   const registered = db.getRegisteredTableNames();
   for (const table of registered) {
@@ -56354,6 +56399,25 @@ var css = `
       animation: feedSpin 0.7s linear infinite; vertical-align: middle;
     }
     @keyframes feedSpin { to { transform: rotate(360deg); } }
+    /* Batch-upload progress bar \u2014 pinned to the top of the feed while a
+       multi-file drop drains through the bounded-concurrency queue. */
+    .ingest-progress {
+      position: sticky; top: 0; z-index: 3;
+      display: flex; flex-direction: column; gap: 6px;
+      padding: 8px 10px; border-radius: 8px;
+      background: var(--surface); border: 1px solid rgba(190, 242, 100, 0.22);
+      box-shadow: var(--shadow-1), var(--glow-accent-soft);
+    }
+    .ingest-progress-label { font-size: 12px; font-weight: 500; color: var(--text); }
+    .ingest-progress-track {
+      height: 6px; border-radius: 999px; overflow: hidden; background: var(--border-strong);
+    }
+    .ingest-progress-fill {
+      height: 100%; width: 0%; border-radius: 999px;
+      background: linear-gradient(90deg, var(--accent-deep), var(--accent));
+      box-shadow: 0 0 8px rgba(190, 242, 100, 0.5);
+      transition: width 0.3s ease;
+    }
     .assistant-rail {
       position: relative;
       background:
@@ -63690,6 +63754,63 @@ var appJs = `
     // Browsers can't expose the local path, so we POST the bytes; the
     // server extracts + summarizes, then discards them (path stays null).
     // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+    // Cap how many uploads are in flight at once. A browser allows only ~6
+    // HTTP/1.1 connections per host, so a bulk drop of N files would fire N
+    // upload POSTs in parallel and saturate that budget \u2014 every other data
+    // request (entities, rows, navigation) then queues for minutes behind the
+    // multi-minute ingests and the GUI looks frozen. Holding uploads to a few
+    // at a time leaves connections free for the rest of the app (and eases the
+    // AI rate limit each ingest hits server-side). The realtime/feed streams are
+    // already off this budget \u2014 they share one WebSocket \u2014 so this is the last
+    // place a big batch could starve the connection pool.
+    var INGEST_MAX_CONCURRENCY = 3;
+    // Run a batch of upload thunks with at most \`limit\` in flight, calling
+    // onProgress(done, total) as each settles. One failure never stalls the
+    // batch \u2014 uploadFile surfaces its own error and resolves.
+    function runIngestBatch(thunks, limit, onProgress) {
+      return new Promise(function (resolve) {
+        var total = thunks.length, idx = 0, done = 0;
+        function startNext() {
+          if (idx >= total) return;
+          var thunk = thunks[idx++];
+          Promise.resolve().then(thunk).catch(function () { /* already surfaced */ }).then(function () {
+            done++;
+            if (onProgress) onProgress(done, total);
+            if (done === total) resolve(); else startNext();
+          });
+        }
+        for (var i = 0; i < Math.min(limit, total); i++) startNext();
+      });
+    }
+    // A batch-upload progress bar pinned to the top of the rail feed
+    // ("Analyzing N of M\u2026"). The per-file "Analyzing <name>\u2026" cards still
+    // appear, but only INGEST_MAX_CONCURRENCY at a time; this gives the
+    // whole-batch view that the individual cards can't. Returns
+    // { update(done, total), done() }.
+    function ingestProgress(total) {
+      var feedEl = document.getElementById('rail-feed');
+      if (!feedEl) return { update: function () {}, done: function () {} };
+      railEmptyGone();
+      var wrap = document.createElement('div');
+      wrap.className = 'ingest-progress';
+      wrap.innerHTML =
+        '<div class="ingest-progress-label">Analyzing 0 of ' + total + '\u2026</div>' +
+        '<div class="ingest-progress-track"><div class="ingest-progress-fill"></div></div>';
+      feedEl.insertBefore(wrap, feedEl.firstChild);
+      var label = wrap.querySelector('.ingest-progress-label');
+      var fill = wrap.querySelector('.ingest-progress-fill');
+      return {
+        update: function (n, t) {
+          if (label) label.textContent = 'Analyzing ' + n + ' of ' + t + '\u2026';
+          if (fill) fill.style.width = Math.round((n / t) * 100) + '%';
+        },
+        done: function () {
+          if (fill) fill.style.width = '100%';
+          if (label) label.textContent = 'Analyzed ' + total + ' file' + (total === 1 ? '' : 's');
+          setTimeout(function () { if (wrap.parentNode) wrap.parentNode.removeChild(wrap); }, 2500);
+        },
+      };
+    }
     // Append a transient "Analyzing <file>\u2026" row to the feed so the user sees
     // the ingest is processing in the background; returns a disposer. The real
     // create/link feed events stream in over SSE as the server materializes them.
@@ -63749,7 +63870,14 @@ var appJs = `
         });
         return;
       }
-      for (var i = 0; i < files.length; i++) uploadFile(files[i]);
+      // Multi-file: drain through the bounded-concurrency queue (so a big drop
+      // can't saturate the connection budget) with a batch progress bar.
+      var bar = ingestProgress(files.length);
+      var thunks = [];
+      for (var i = 0; i < files.length; i++) {
+        (function (f) { thunks.push(function () { return uploadFile(f); }); })(files[i]);
+      }
+      runIngestBatch(thunks, INGEST_MAX_CONCURRENCY, bar.update).then(bar.done);
     }
     // Mobile: tapping the handle expands/collapses the bottom drawer.
     function initRailDrawer() {
@@ -64752,6 +64880,87 @@ init_postgres();
 init_cloud_connect();
 init_rls();
 
+// src/cloud/shared-schema.ts
+init_lattice();
+init_adapter();
+
+// src/gui/config-io.ts
+var import_node_fs28 = require("fs");
+var import_yaml4 = require("yaml");
+async function execSql(db, sql) {
+  const adapter = db._adapter;
+  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
+  await adapter.runAsync(sql);
+}
+function loadConfigDoc(configPath) {
+  return (0, import_yaml4.parseDocument)((0, import_node_fs28.readFileSync)(configPath, "utf8"));
+}
+function saveConfigDoc(configPath, doc) {
+  (0, import_node_fs28.writeFileSync)(configPath, doc.toString(), "utf8");
+}
+
+// src/cloud/shared-schema.ts
+async function publishSharedSchema(db, configPath) {
+  if (db.getDialect() !== "postgres") return;
+  const cfg = loadConfigDoc(configPath).toJSON();
+  const entities = cfg.entities ?? {};
+  if (Object.keys(entities).length === 0) return;
+  await runAsyncOrSync(
+    db.adapter,
+    `INSERT INTO "__lattice_shared_schema" ("id","entities_json","contexts_json","updated_at")
+       VALUES ('singleton', $1, $2, $3)
+       ON CONFLICT ("id") DO UPDATE SET
+         "entities_json" = EXCLUDED."entities_json",
+         "contexts_json" = EXCLUDED."contexts_json",
+         "updated_at"    = EXCLUDED."updated_at"`,
+    [
+      JSON.stringify(entities),
+      JSON.stringify(cfg.entityContexts ?? null),
+      (/* @__PURE__ */ new Date()).toISOString()
+    ]
+  );
+}
+async function hydrateMemberConfigFromCloud(configPath, dbUrl, encryptionKey) {
+  if (!isPostgresUrl(dbUrl)) return false;
+  const existing = loadConfigDoc(configPath).toJSON();
+  if (Object.keys(existing.entities ?? {}).length > 0) return false;
+  try {
+    const peek = new Lattice({ config: configPath }, { encryptionKey });
+    try {
+      await peek.init({ introspectOnly: true });
+      const reg = await getAsyncOrSync(
+        peek.adapter,
+        "SELECT to_regclass('__lattice_shared_schema') AS reg"
+      );
+      if (reg?.reg == null) return false;
+      const row = await getAsyncOrSync(
+        peek.adapter,
+        'SELECT "entities_json","contexts_json" FROM "__lattice_shared_schema" WHERE "id" = $1',
+        ["singleton"]
+      );
+      if (row?.entities_json == null) return false;
+      const entities = JSON.parse(row.entities_json);
+      if (Object.keys(entities).length === 0) return false;
+      const doc = loadConfigDoc(configPath);
+      doc.setIn(["entities"], entities);
+      if (row.contexts_json != null) {
+        const ctx = JSON.parse(row.contexts_json);
+        if (ctx) doc.setIn(["entityContexts"], ctx);
+      }
+      saveConfigDoc(configPath, doc);
+      return true;
+    } finally {
+      peek.close();
+    }
+  } catch (e6) {
+    console.warn(
+      "[hydrateMemberConfigFromCloud] could not hydrate member schema:",
+      e6.message
+    );
+    return false;
+  }
+}
+
 // src/gui/meta-gen.ts
 init_assistant_routes();
 init_chat();
@@ -64840,21 +65049,6 @@ var FeedBus = class {
 init_fts();
 init_mutations();
 
-// src/gui/config-io.ts
-var import_node_fs29 = require("fs");
-var import_yaml4 = require("yaml");
-async function execSql(db, sql) {
-  const adapter = db._adapter;
-  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
-  await adapter.runAsync(sql);
-}
-function loadConfigDoc(configPath) {
-  return (0, import_yaml4.parseDocument)((0, import_node_fs29.readFileSync)(configPath, "utf8"));
-}
-function saveConfigDoc(configPath, doc) {
-  (0, import_node_fs29.writeFileSync)(configPath, doc.toString(), "utf8");
-}
-
 // src/gui/schema-ops.ts
 init_parser();
 init_canonical_context();
@@ -66043,6 +66237,7 @@ async function dispatchDbConfigRoute(req, res, ctx) {
         const result = await migrateLatticeData(ctx.db, target);
         await target.rebuildFtsIndexes();
         await secureCloud(target);
+        await publishSharedSchema(target, ctx.configPath);
         target.close();
         const sourceDbPath = parseConfigFile(ctx.configPath).dbPath;
         const backupPath = archiveLocalSqlite(sourceDbPath);
@@ -67751,10 +67946,13 @@ function resolveOutputDirForConfig(configPath) {
 async function openConfig(configPath, outputDir, autoRender = false, realtimeWatchdogMs) {
   healRawDbUrl(configPath);
   const parsed = parseConfigFile(configPath);
+  const encryptionKey = getOrCreateMasterKey();
   if (!/^postgres(ql)?:\/\//i.test(parsed.dbPath) && !parsed.dbPath.startsWith("file:") && parsed.dbPath !== ":memory:") {
     (0, import_node_fs35.mkdirSync)((0, import_node_path38.dirname)(parsed.dbPath), { recursive: true });
   }
-  const encryptionKey = getOrCreateMasterKey();
+  if (/^postgres(ql)?:\/\//i.test(parsed.dbPath)) {
+    await hydrateMemberConfigFromCloud(configPath, parsed.dbPath, encryptionKey);
+  }
   const db = new Lattice({ config: configPath }, { encryptionKey });
   registerNativeEntities(db);
   db.define("_lattice_gui_meta", {
@@ -67911,16 +68109,27 @@ async function openConfig(configPath, outputDir, autoRender = false, realtimeWat
         await db.ensureObservationSubstrate();
         await enableChangelogRls(db);
         await enableChatPrivacyRls(db);
+        await enableGuiAuditRls(db);
         const access = await reconcileCloudMemberAccess(db);
         convergeWarnings = access.skipped;
         for (const s2 of convergeWarnings) {
           console.warn(`[openConfig] cloud converge could not manage "${s2.table}": ${s2.reason}`);
         }
+        await publishSharedSchema(db, configPath);
       }
     } catch (e6) {
       console.error("[openConfig] cloud bootstrap converge failed:", e6.message);
     }
   }
+  if (memberOpen) {
+    const userTables = db.getRegisteredTableNames().filter((t8) => !t8.startsWith("_") && !discoveredJunctions.has(t8));
+    if (userTables.length === 0) {
+      convergeWarnings.push({
+        table: "(schema)",
+        reason: "No entity layout is configured for this cloud workspace yet \u2014 ask the cloud owner to open the workspace once so it publishes the schema, then reopen. Until then, render produces no context files."
+      });
+    }
+  }
   const validTables = new Set(parsed.tables.map((t8) => t8.name));
   for (const name of db.getRegisteredTableNames()) {
     if (name.startsWith("__lattice_") || name.startsWith("_lattice_")) continue;

package/dist/index.js

@@ -47371,6 +47371,33 @@ async function ownPolyfillsByGroup(db) {
     }
   }
 }
+async function enableGuiAuditRls(db) {
+  if (!isPg(db)) return;
+  const reg = await getAsyncOrSync(db.adapter, `SELECT to_regclass($1) AS reg`, [
+    "_lattice_gui_audit"
+  ]);
+  if (reg?.reg == null) return;
+  await runCloudBootstrapSql(
+    db,
+    `
+ALTER TABLE "_lattice_gui_audit" ENABLE ROW LEVEL SECURITY;
+ALTER TABLE "_lattice_gui_audit" FORCE ROW LEVEL SECURITY;
+DROP POLICY IF EXISTS "lattice_gui_audit_owner" ON "_lattice_gui_audit";
+DROP POLICY IF EXISTS "lattice_gui_audit_sel" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_sel" ON "_lattice_gui_audit" FOR SELECT
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_ins" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_ins" ON "_lattice_gui_audit" FOR INSERT
+  WITH CHECK ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_upd" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_upd" ON "_lattice_gui_audit" FOR UPDATE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+DROP POLICY IF EXISTS "lattice_gui_audit_del" ON "_lattice_gui_audit";
+CREATE POLICY "lattice_gui_audit_del" ON "_lattice_gui_audit" FOR DELETE
+  USING ("row_id" IS NULL OR lattice_row_visible("table_name", "row_id"));
+`
+  );
+}
 async function installCloudRls(db) {
   if (!isPg(db)) return;
   const schema = await cloudSchema(db);
@@ -47536,6 +47563,18 @@ CREATE TABLE IF NOT EXISTS "__lattice_member_invites" (
 -- bootstrap is now run directly + idempotently, not version-gated).
 ALTER TABLE "__lattice_member_invites" ADD COLUMN IF NOT EXISTS "email" text;
 
+-- Owner-published entity/render LAYOUT (the entities + entityContexts config
+-- blocks), so a joined member \u2014 whose generated config has entities: {} \u2014 can
+-- hydrate the full render layout and produce a complete context tree. This holds
+-- schema CONFIG, not row data, so it is safe to share with members (granted
+-- SELECT). A shared singleton, like __lattice_user_identity: no per-row RLS.
+CREATE TABLE IF NOT EXISTS "__lattice_shared_schema" (
+  "id" TEXT PRIMARY KEY DEFAULT 'singleton',
+  "entities_json" TEXT,
+  "contexts_json" TEXT,
+  "updated_at" TEXT
+);
+
 -- #3.1 \u2014 one-time-use + revocation enforcement. After a member authenticates to
 -- the cloud with their minted credential, the join path calls this to CLAIM the
 -- invite. The single atomic UPDATE stamps redeemed_at and returns true ONLY when
@@ -50452,7 +50491,7 @@ var init_registry = __esm({
 });
 
 // src/gui/ai/lattice-docs.ts
-import { readFileSync as readFileSync16, readdirSync as readdirSync5, existsSync as existsSync20 } from "fs";
+import { readFileSync as readFileSync17, readdirSync as readdirSync5, existsSync as existsSync20 } from "fs";
 import { dirname as dirname8, join as join25 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 function findDocsDir() {
@@ -50512,7 +50551,7 @@ function allSections() {
   }
   for (const f6 of files) {
     try {
-      out.push(...sectionsOf(f6, readFileSync16(join25(dir, f6), "utf8")));
+      out.push(...sectionsOf(f6, readFileSync17(join25(dir, f6), "utf8")));
     } catch {
     }
   }
@@ -54450,7 +54489,7 @@ var MEMBER_READABLE_BOOKKEEPING = [
   {
     name: "_lattice_gui_audit",
     privs: "SELECT, INSERT",
-    why: "the member's own GUI undo/redo log (session-scoped)"
+    why: "GUI undo/redo + version history; RLS (enableGuiAuditRls) scopes reads to entries whose underlying row the member can see"
   },
   {
     name: "__lattice_user_identity",
@@ -54461,6 +54500,11 @@ var MEMBER_READABLE_BOOKKEEPING = [
     name: "__lattice_changelog",
     privs: "SELECT, INSERT",
     why: "per-viewer-RLS-filtered change history for observe()/history (the policy filters reads, so the base grant is safe)"
+  },
+  {
+    name: "__lattice_shared_schema",
+    privs: "SELECT",
+    why: "owner-published entity/render layout (entities + entityContexts) a joined member hydrates its config from so render produces the full context tree"
   }
 ];
 var MEMBER_EXECUTE_FUNCTIONS = [
@@ -54617,6 +54661,7 @@ async function secureCloud(db) {
   await db.ensureObservationSubstrate();
   await enableChangelogRls(db);
   await enableChatPrivacyRls(db);
+  await enableGuiAuditRls(db);
   await convergeLegacyColumnAudience(db);
   const registered = db.getRegisteredTableNames();
   for (const table of registered) {
@@ -56179,6 +56224,25 @@ var css = `
       animation: feedSpin 0.7s linear infinite; vertical-align: middle;
     }
     @keyframes feedSpin { to { transform: rotate(360deg); } }
+    /* Batch-upload progress bar \u2014 pinned to the top of the feed while a
+       multi-file drop drains through the bounded-concurrency queue. */
+    .ingest-progress {
+      position: sticky; top: 0; z-index: 3;
+      display: flex; flex-direction: column; gap: 6px;
+      padding: 8px 10px; border-radius: 8px;
+      background: var(--surface); border: 1px solid rgba(190, 242, 100, 0.22);
+      box-shadow: var(--shadow-1), var(--glow-accent-soft);
+    }
+    .ingest-progress-label { font-size: 12px; font-weight: 500; color: var(--text); }
+    .ingest-progress-track {
+      height: 6px; border-radius: 999px; overflow: hidden; background: var(--border-strong);
+    }
+    .ingest-progress-fill {
+      height: 100%; width: 0%; border-radius: 999px;
+      background: linear-gradient(90deg, var(--accent-deep), var(--accent));
+      box-shadow: 0 0 8px rgba(190, 242, 100, 0.5);
+      transition: width 0.3s ease;
+    }
     .assistant-rail {
       position: relative;
       background:
@@ -63515,6 +63579,63 @@ var appJs = `
     // Browsers can't expose the local path, so we POST the bytes; the
     // server extracts + summarizes, then discards them (path stays null).
     // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+    // Cap how many uploads are in flight at once. A browser allows only ~6
+    // HTTP/1.1 connections per host, so a bulk drop of N files would fire N
+    // upload POSTs in parallel and saturate that budget \u2014 every other data
+    // request (entities, rows, navigation) then queues for minutes behind the
+    // multi-minute ingests and the GUI looks frozen. Holding uploads to a few
+    // at a time leaves connections free for the rest of the app (and eases the
+    // AI rate limit each ingest hits server-side). The realtime/feed streams are
+    // already off this budget \u2014 they share one WebSocket \u2014 so this is the last
+    // place a big batch could starve the connection pool.
+    var INGEST_MAX_CONCURRENCY = 3;
+    // Run a batch of upload thunks with at most \`limit\` in flight, calling
+    // onProgress(done, total) as each settles. One failure never stalls the
+    // batch \u2014 uploadFile surfaces its own error and resolves.
+    function runIngestBatch(thunks, limit, onProgress) {
+      return new Promise(function (resolve) {
+        var total = thunks.length, idx = 0, done = 0;
+        function startNext() {
+          if (idx >= total) return;
+          var thunk = thunks[idx++];
+          Promise.resolve().then(thunk).catch(function () { /* already surfaced */ }).then(function () {
+            done++;
+            if (onProgress) onProgress(done, total);
+            if (done === total) resolve(); else startNext();
+          });
+        }
+        for (var i = 0; i < Math.min(limit, total); i++) startNext();
+      });
+    }
+    // A batch-upload progress bar pinned to the top of the rail feed
+    // ("Analyzing N of M\u2026"). The per-file "Analyzing <name>\u2026" cards still
+    // appear, but only INGEST_MAX_CONCURRENCY at a time; this gives the
+    // whole-batch view that the individual cards can't. Returns
+    // { update(done, total), done() }.
+    function ingestProgress(total) {
+      var feedEl = document.getElementById('rail-feed');
+      if (!feedEl) return { update: function () {}, done: function () {} };
+      railEmptyGone();
+      var wrap = document.createElement('div');
+      wrap.className = 'ingest-progress';
+      wrap.innerHTML =
+        '<div class="ingest-progress-label">Analyzing 0 of ' + total + '\u2026</div>' +
+        '<div class="ingest-progress-track"><div class="ingest-progress-fill"></div></div>';
+      feedEl.insertBefore(wrap, feedEl.firstChild);
+      var label = wrap.querySelector('.ingest-progress-label');
+      var fill = wrap.querySelector('.ingest-progress-fill');
+      return {
+        update: function (n, t) {
+          if (label) label.textContent = 'Analyzing ' + n + ' of ' + t + '\u2026';
+          if (fill) fill.style.width = Math.round((n / t) * 100) + '%';
+        },
+        done: function () {
+          if (fill) fill.style.width = '100%';
+          if (label) label.textContent = 'Analyzed ' + total + ' file' + (total === 1 ? '' : 's');
+          setTimeout(function () { if (wrap.parentNode) wrap.parentNode.removeChild(wrap); }, 2500);
+        },
+      };
+    }
     // Append a transient "Analyzing <file>\u2026" row to the feed so the user sees
     // the ingest is processing in the background; returns a disposer. The real
     // create/link feed events stream in over SSE as the server materializes them.
@@ -63574,7 +63695,14 @@ var appJs = `
         });
         return;
       }
-      for (var i = 0; i < files.length; i++) uploadFile(files[i]);
+      // Multi-file: drain through the bounded-concurrency queue (so a big drop
+      // can't saturate the connection budget) with a batch progress bar.
+      var bar = ingestProgress(files.length);
+      var thunks = [];
+      for (var i = 0; i < files.length; i++) {
+        (function (f) { thunks.push(function () { return uploadFile(f); }); })(files[i]);
+      }
+      runIngestBatch(thunks, INGEST_MAX_CONCURRENCY, bar.update).then(bar.done);
     }
     // Mobile: tapping the handle expands/collapses the bottom drawer.
     function initRailDrawer() {
@@ -64576,6 +64704,87 @@ init_postgres();
 init_cloud_connect();
 init_rls();
 
+// src/cloud/shared-schema.ts
+init_lattice();
+init_adapter();
+
+// src/gui/config-io.ts
+import { readFileSync as readFileSync16, writeFileSync as writeFileSync5 } from "fs";
+import { parseDocument as parseDocument2 } from "yaml";
+async function execSql(db, sql) {
+  const adapter = db._adapter;
+  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
+  await adapter.runAsync(sql);
+}
+function loadConfigDoc(configPath) {
+  return parseDocument2(readFileSync16(configPath, "utf8"));
+}
+function saveConfigDoc(configPath, doc) {
+  writeFileSync5(configPath, doc.toString(), "utf8");
+}
+
+// src/cloud/shared-schema.ts
+async function publishSharedSchema(db, configPath) {
+  if (db.getDialect() !== "postgres") return;
+  const cfg = loadConfigDoc(configPath).toJSON();
+  const entities = cfg.entities ?? {};
+  if (Object.keys(entities).length === 0) return;
+  await runAsyncOrSync(
+    db.adapter,
+    `INSERT INTO "__lattice_shared_schema" ("id","entities_json","contexts_json","updated_at")
+       VALUES ('singleton', $1, $2, $3)
+       ON CONFLICT ("id") DO UPDATE SET
+         "entities_json" = EXCLUDED."entities_json",
+         "contexts_json" = EXCLUDED."contexts_json",
+         "updated_at"    = EXCLUDED."updated_at"`,
+    [
+      JSON.stringify(entities),
+      JSON.stringify(cfg.entityContexts ?? null),
+      (/* @__PURE__ */ new Date()).toISOString()
+    ]
+  );
+}
+async function hydrateMemberConfigFromCloud(configPath, dbUrl, encryptionKey) {
+  if (!isPostgresUrl(dbUrl)) return false;
+  const existing = loadConfigDoc(configPath).toJSON();
+  if (Object.keys(existing.entities ?? {}).length > 0) return false;
+  try {
+    const peek = new Lattice({ config: configPath }, { encryptionKey });
+    try {
+      await peek.init({ introspectOnly: true });
+      const reg = await getAsyncOrSync(
+        peek.adapter,
+        "SELECT to_regclass('__lattice_shared_schema') AS reg"
+      );
+      if (reg?.reg == null) return false;
+      const row = await getAsyncOrSync(
+        peek.adapter,
+        'SELECT "entities_json","contexts_json" FROM "__lattice_shared_schema" WHERE "id" = $1',
+        ["singleton"]
+      );
+      if (row?.entities_json == null) return false;
+      const entities = JSON.parse(row.entities_json);
+      if (Object.keys(entities).length === 0) return false;
+      const doc = loadConfigDoc(configPath);
+      doc.setIn(["entities"], entities);
+      if (row.contexts_json != null) {
+        const ctx = JSON.parse(row.contexts_json);
+        if (ctx) doc.setIn(["entityContexts"], ctx);
+      }
+      saveConfigDoc(configPath, doc);
+      return true;
+    } finally {
+      peek.close();
+    }
+  } catch (e6) {
+    console.warn(
+      "[hydrateMemberConfigFromCloud] could not hydrate member schema:",
+      e6.message
+    );
+    return false;
+  }
+}
+
 // src/gui/meta-gen.ts
 init_assistant_routes();
 init_chat();
@@ -64664,21 +64873,6 @@ var FeedBus = class {
 init_fts();
 init_mutations();
 
-// src/gui/config-io.ts
-import { readFileSync as readFileSync17, writeFileSync as writeFileSync5 } from "fs";
-import { parseDocument as parseDocument2 } from "yaml";
-async function execSql(db, sql) {
-  const adapter = db._adapter;
-  if (!adapter.runAsync) throw new Error("Adapter does not support runAsync");
-  await adapter.runAsync(sql);
-}
-function loadConfigDoc(configPath) {
-  return parseDocument2(readFileSync17(configPath, "utf8"));
-}
-function saveConfigDoc(configPath, doc) {
-  writeFileSync5(configPath, doc.toString(), "utf8");
-}
-
 // src/gui/schema-ops.ts
 init_parser();
 init_canonical_context();
@@ -65867,6 +66061,7 @@ async function dispatchDbConfigRoute(req, res, ctx) {
         const result = await migrateLatticeData(ctx.db, target);
         await target.rebuildFtsIndexes();
         await secureCloud(target);
+        await publishSharedSchema(target, ctx.configPath);
         target.close();
         const sourceDbPath = parseConfigFile(ctx.configPath).dbPath;
         const backupPath = archiveLocalSqlite(sourceDbPath);
@@ -67575,10 +67770,13 @@ function resolveOutputDirForConfig(configPath) {
 async function openConfig(configPath, outputDir, autoRender = false, realtimeWatchdogMs) {
   healRawDbUrl(configPath);
   const parsed = parseConfigFile(configPath);
+  const encryptionKey = getOrCreateMasterKey();
   if (!/^postgres(ql)?:\/\//i.test(parsed.dbPath) && !parsed.dbPath.startsWith("file:") && parsed.dbPath !== ":memory:") {
     mkdirSync10(dirname13(parsed.dbPath), { recursive: true });
   }
-  const encryptionKey = getOrCreateMasterKey();
+  if (/^postgres(ql)?:\/\//i.test(parsed.dbPath)) {
+    await hydrateMemberConfigFromCloud(configPath, parsed.dbPath, encryptionKey);
+  }
   const db = new Lattice({ config: configPath }, { encryptionKey });
   registerNativeEntities(db);
   db.define("_lattice_gui_meta", {
@@ -67735,16 +67933,27 @@ async function openConfig(configPath, outputDir, autoRender = false, realtimeWat
         await db.ensureObservationSubstrate();
         await enableChangelogRls(db);
         await enableChatPrivacyRls(db);
+        await enableGuiAuditRls(db);
         const access = await reconcileCloudMemberAccess(db);
         convergeWarnings = access.skipped;
         for (const s2 of convergeWarnings) {
           console.warn(`[openConfig] cloud converge could not manage "${s2.table}": ${s2.reason}`);
         }
+        await publishSharedSchema(db, configPath);
       }
     } catch (e6) {
       console.error("[openConfig] cloud bootstrap converge failed:", e6.message);
     }
   }
+  if (memberOpen) {
+    const userTables = db.getRegisteredTableNames().filter((t8) => !t8.startsWith("_") && !discoveredJunctions.has(t8));
+    if (userTables.length === 0) {
+      convergeWarnings.push({
+        table: "(schema)",
+        reason: "No entity layout is configured for this cloud workspace yet \u2014 ask the cloud owner to open the workspace once so it publishes the schema, then reopen. Until then, render produces no context files."
+      });
+    }
+  }
   const validTables = new Set(parsed.tables.map((t8) => t8.name));
   for (const name of db.getRegisteredTableNames()) {
     if (name.startsWith("__lattice_") || name.startsWith("_lattice_")) continue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "latticesql",
-  "version": "3.4.1",
+  "version": "3.4.3",
   "description": "Persistent structured memory for AI agent systems — pluggable SQLite or Postgres backend, LLM context bridge",
   "type": "module",
   "main": "./dist/index.js",