node-type-registry 0.21.0 → 0.23.0

package/esm/blueprint-types.generated.d.ts

@@ -1,6 +1,30 @@
-/** Adds a UUID primary key column with auto-generation default (uuidv7). This is the standard primary key pattern for all tables. */
-export interface DataIdParams {
-    field_name?: string;
+/** Recursive condition type for compound trigger WHEN clauses. Leaf conditions specify {field, op, value?, row?, ref?}. Combinators nest via AND, OR, NOT. */
+export interface TriggerCondition {
+    /** Column name (validated against the table). */
+    field?: string;
+    /** Comparison operator. */
+    op?: '=' | '!=' | '>' | '<' | '>=' | '<=' | 'LIKE' | 'NOT LIKE' | 'IS NULL' | 'IS NOT NULL' | 'IS DISTINCT FROM';
+    /** Comparison value. Type is resolved from the column definition. */
+    value?: any;
+    /** Row reference (default: NEW). */
+    row?: 'NEW' | 'OLD';
+    /** Column reference for field-to-field comparison (alternative to value). */
+    ref?: {
+        field?: string;
+        row?: 'NEW' | 'OLD';
+    };
+    /** Array of conditions combined with AND. */
+    AND?: TriggerCondition[];
+    /** Array of conditions combined with OR. */
+    OR?: TriggerCondition[];
+    /** Negated condition. */
+    NOT?: TriggerCondition;
+}
+/** Creates a derived text field that automatically concatenates multiple source fields via BEFORE INSERT/UPDATE triggers. Used to produce a unified text representation (e.g., embedding_text) from multiple columns on a table. The trigger fires with '_000' prefix to run before Search* triggers alphabetically. */
+export interface DataCompositeFieldParams {
+    target?: string;
+    source_fields: string[];
+    format?: 'labeled' | 'plain';
 }
 /** Adds ownership column for direct user ownership. Enables AuthzDirectOwner authorization. */
 export interface DataDirectOwnerParams {
@@ -14,27 +38,47 @@ export interface DataEntityMembershipParams {
     include_id?: boolean;
     include_user_fk?: boolean;
 }
-/** Combines direct ownership with entity scoping. Adds both owner_id and entity_id columns. Enables AuthzDirectOwner, AuthzEntityMembership, and AuthzOrgHierarchy authorization. Particularly useful for OrgHierarchy where a user owns a row (owner_id) within an entity (entity_id), and managers above can see subordinate-owned records via the hierarchy closure table. */
-export interface DataOwnershipInEntityParams {
-    include_id?: boolean;
-    include_user_fk?: boolean;
+/** Gates a table behind a feature flag backed by the cap tables. Attaches a BEFORE INSERT trigger that checks whether the named feature cap value is > 0. Features are modeled as caps with max=0 (disabled) or max=1 (enabled) in limit_caps / limit_caps_defaults tables. Resolution: COALESCE(per-entity cap, scope default, 0). */
+export interface DataFeatureFlagParams {
+    feature_name: string;
+    scope?: 'app' | 'org';
+    entity_field?: string;
 }
-/** Adds automatic timestamp tracking with created_at and updated_at columns. */
-export interface DataTimestampsParams {
-    include_id?: boolean;
+/** BEFORE INSERT trigger that forces a field to the value of jwt_public.current_user_id(). Prevents clients from spoofing the actor/uploader identity. The field value is always overwritten regardless of what the client provides. */
+export interface DataForceCurrentUserParams {
+    field_name?: string;
 }
-/** Adds user tracking for creates/updates with created_by and updated_by columns. */
-export interface DataPeoplestampsParams {
-    include_id?: boolean;
-    include_user_fk?: boolean;
+/** Adds a UUID primary key column with auto-generation default (uuidv7). This is the standard primary key pattern for all tables. */
+export interface DataIdParams {
+    field_name?: string;
 }
-/** Adds publish state columns (is_published, published_at) for content visibility. Enables AuthzPublishable and AuthzTemporal authorization. */
-export interface DataPublishableParams {
-    include_id?: boolean;
+/** Composition wrapper that creates a vector embedding field with HNSW/IVFFlat index (via SearchVector) and a job trigger with compound conditions (via DataJobTrigger) that fires on INSERT for image files matching mime_type patterns. Designed for storage file tables. */
+export interface DataImageEmbeddingParams {
+    field_name?: string;
+    dimensions?: number;
+    index_method?: 'hnsw' | 'ivfflat';
+    metric?: 'cosine' | 'l2' | 'ip';
+    task_identifier?: string;
+    mime_patterns?: string[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
 }
-/** Adds soft delete support with deleted_at and is_deleted columns. */
-export interface DataSoftDeleteParams {
-    include_id?: boolean;
+/** BEFORE UPDATE trigger that prevents changes to a list of specified fields after INSERT. Raises an exception if any of the listed fields have changed. Unlike FieldImmutable (single-field), this handles multiple fields in a single trigger for efficiency. */
+export interface DataImmutableFieldsParams {
+    fields: string[];
+}
+/** Transforms field values using inflection operations (snake_case, camelCase, slugify, plural, singular, etc). Attaches BEFORE INSERT and BEFORE UPDATE triggers. References fields by name in data jsonb. */
+export interface DataInflectionParams {
+    field_name: string;
+    ops: ('plural' | 'singular' | 'camel' | 'pascal' | 'dashed' | 'slugify' | 'underscore' | 'lower' | 'upper')[];
+}
+/** BEFORE INSERT trigger that copies specified fields from a parent table via a foreign key. The parent row is looked up through RLS (SECURITY INVOKER), so the insert fails if the caller cannot see the parent. Used by the storage module to inherit owner_id and is_public from buckets to files. */
+export interface DataInheritFromParentParams {
+    parent_fk_field: string;
+    fields: string[];
+    parent_table?: string;
+    parent_schema?: string;
 }
 /** Dynamically creates PostgreSQL triggers that enqueue jobs via app_jobs.add_job() when table rows are inserted, updated, or deleted. Supports configurable payload strategies (full row, row ID, selected fields, or custom mapping), conditional firing via WHEN clauses, watched field changes, and extended job options (queue, priority, delay, max attempts). */
 export interface DataJobTriggerParams {
@@ -49,6 +93,7 @@ export interface DataJobTriggerParams {
     include_meta?: boolean;
     condition_field?: string;
     condition_value?: string;
+    conditions?: TriggerCondition | TriggerCondition[];
     watch_fields?: string[];
     job_key?: string;
     queue_name?: string;
@@ -56,19 +101,12 @@ export interface DataJobTriggerParams {
     run_at_delay?: string;
     max_attempts?: number;
 }
-/** Adds a citext[] tags column with GIN index for efficient array containment queries (@>, &&). Standard tagging pattern for categorization and filtering. */
-export interface DataTagsParams {
-    field_name?: string;
-    default_value?: string;
-    is_required?: boolean;
-}
-/** Adds a status column with B-tree index for efficient equality filtering and sorting. Optionally constrains values via CHECK constraint when allowed_values is provided. */
-export interface DataStatusFieldParams {
-    field_name?: string;
-    type?: string;
-    default_value?: string;
-    is_required?: boolean;
-    allowed_values?: string[];
+/** Declaratively attaches limit-tracking triggers to a table. On INSERT the named limit is incremented; on DELETE it is decremented. Requires a provisioned limits_module for the target scope. */
+export interface DataLimitCounterParams {
+    limit_name: string;
+    scope?: 'app' | 'org';
+    actor_field?: string;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
 }
 /** Adds a JSONB column with optional GIN index for containment queries (@>, ?, ?|, ?&). Standard pattern for semi-structured metadata. */
 export interface DataJsonbParams {
@@ -77,73 +115,75 @@ export interface DataJsonbParams {
     is_required?: boolean;
     create_index?: boolean;
 }
-/** Auto-generates URL-friendly slugs from field values on insert/update. Attaches BEFORE INSERT and BEFORE UPDATE triggers that call inflection.slugify() on the target field. References fields by name in data jsonb. */
-export interface DataSlugParams {
-    field_name: string;
-    source_field_name?: string;
-}
-/** Transforms field values using inflection operations (snake_case, camelCase, slugify, plural, singular, etc). Attaches BEFORE INSERT and BEFORE UPDATE triggers. References fields by name in data jsonb. */
-export interface DataInflectionParams {
-    field_name: string;
-    ops: ('plural' | 'singular' | 'camel' | 'pascal' | 'dashed' | 'slugify' | 'underscore' | 'lower' | 'upper')[];
-}
 /** Restricts which user can modify specific columns in shared objects. Creates an AFTER UPDATE trigger that throws OWNED_PROPS when a non-owner tries to change protected fields. References fields by name in data jsonb. */
 export interface DataOwnedFieldsParams {
     role_key_field_name: string;
     protected_field_names: string[];
 }
-/** BEFORE INSERT trigger that copies specified fields from a parent table via a foreign key. The parent row is looked up through RLS (SECURITY INVOKER), so the insert fails if the caller cannot see the parent. Used by the storage module to inherit owner_id and is_public from buckets to files. */
-export interface DataInheritFromParentParams {
-    parent_fk_field: string;
-    fields: string[];
-    parent_table?: string;
-    parent_schema?: string;
+/** Combines direct ownership with entity scoping. Adds both owner_id and entity_id columns. Enables AuthzDirectOwner, AuthzEntityMembership, and AuthzOrgHierarchy authorization. Particularly useful for OrgHierarchy where a user owns a row (owner_id) within an entity (entity_id), and managers above can see subordinate-owned records via the hierarchy closure table. */
+export interface DataOwnershipInEntityParams {
+    owner_field_name?: string;
+    entity_field_name?: string;
+    include_id?: boolean;
+    include_user_fk?: boolean;
 }
-/** BEFORE INSERT trigger that forces a field to the value of jwt_public.current_user_id(). Prevents clients from spoofing the actor/uploader identity. The field value is always overwritten regardless of what the client provides. */
-export interface DataForceCurrentUserParams {
+/** Adds user tracking for creates/updates with created_by and updated_by columns. */
+export interface DataPeoplestampsParams {
+    created_by_field?: string;
+    updated_by_field?: string;
+    include_id?: boolean;
+    include_user_fk?: boolean;
+}
+/** Adds publish state columns (is_published, published_at) for content visibility. Enables AuthzPublishable and AuthzTemporal authorization. */
+export interface DataPublishableParams {
+    is_published_field?: string;
+    published_at_field?: string;
+    include_id?: boolean;
+}
+/** Auto-generates URL-friendly slugs from field values on insert/update. Attaches BEFORE INSERT and BEFORE UPDATE triggers that call inflection.slugify() on the target field. References fields by name in data jsonb. */
+export interface DataSlugParams {
+    field_name: string;
+    source_field_name?: string;
+}
+/** Adds soft delete support with deleted_at and is_deleted columns. */
+export interface DataSoftDeleteParams {
+    deleted_at_field?: string;
+    is_deleted_field?: string;
+    include_id?: boolean;
+}
+/** Adds a status column with B-tree index for efficient equality filtering and sorting. Optionally constrains values via CHECK constraint when allowed_values is provided. */
+export interface DataStatusFieldParams {
     field_name?: string;
+    type?: string;
+    default_value?: string;
+    is_required?: boolean;
+    allowed_values?: string[];
 }
-/** BEFORE UPDATE trigger that prevents changes to a list of specified fields after INSERT. Raises an exception if any of the listed fields have changed. Unlike FieldImmutable (single-field), this handles multiple fields in a single trigger for efficiency. */
-export interface DataImmutableFieldsParams {
-    fields: string[];
+/** Adds a citext[] tags column with GIN index for efficient array containment queries (@>, &&). Standard tagging pattern for categorization and filtering. */
+export interface DataTagsParams {
+    field_name?: string;
+    default_value?: string;
+    is_required?: boolean;
 }
-/** Creates a derived text field that automatically concatenates multiple source fields via BEFORE INSERT/UPDATE triggers. Used to produce a unified text representation (e.g., embedding_text) from multiple columns on a table. The trigger fires with '_000' prefix to run before Search* triggers alphabetically. */
-export interface DataCompositeFieldParams {
-    target?: string;
-    source_fields: string[];
-    format?: 'labeled' | 'plain';
+/** Adds automatic timestamp tracking with created_at and updated_at columns. */
+export interface DataTimestampsParams {
+    created_at_field?: string;
+    updated_at_field?: string;
+    include_id?: boolean;
 }
-/** Creates a user profiles table with standard profile fields (profile_picture, bio, first_name, last_name, tags, desired). Uses AuthzDirectOwner for edit access and AuthzAllowAll for select. */
-export type TableUserProfilesParams = {};
 /** Creates an organization settings table with standard business fields (legal_name, address fields). Uses AuthzEntityMembership for access control. */
 export type TableOrganizationSettingsParams = {};
+/** Creates a user profiles table with standard profile fields (profile_picture, bio, first_name, last_name, tags, desired). Uses AuthzDirectOwner for edit access and AuthzAllowAll for select. */
+export type TableUserProfilesParams = {};
 /** Creates a user settings table for user-specific configuration. Uses AuthzDirectOwner for access control. */
 export type TableUserSettingsParams = {};
-/** Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), stale tracking strategies (column, null, hash), and automatic job enqueue triggers for embedding generation. */
-export interface SearchVectorParams {
-    field_name?: string;
-    dimensions?: number;
-    index_method?: 'hnsw' | 'ivfflat';
-    metric?: 'cosine' | 'l2' | 'ip';
-    index_options?: {
-        [key: string]: unknown;
-    };
-    include_stale_field?: boolean;
-    source_fields?: string[];
-    enqueue_job?: boolean;
-    job_task_name?: string;
-    stale_strategy?: 'column' | 'null' | 'hash';
-    chunks?: {
-        content_field_name?: string;
-        chunk_size?: number;
-        chunk_overlap?: number;
-        chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
-        metadata_fields?: {
-            [key: string]: unknown;
-        };
-        enqueue_chunking_job?: boolean;
-        chunking_task_name?: string;
-    };
+/** Creates a BM25 index on an existing text column using pg_textsearch. Enables statistical relevance ranking with configurable k1 and b parameters. The BM25 index is auto-detected by graphile-search. */
+export interface SearchBm25Params {
+    field_name: string;
+    text_config?: string;
+    k1?: number;
+    b?: number;
+    search_score_weight?: number;
 }
 /** Adds a tsvector column with GIN index and automatic trigger population from source fields. Enables PostgreSQL full-text search with configurable weights and language support. Leverages the existing metaschema full_text_search infrastructure. */
 export interface SearchFullTextParams {
@@ -155,13 +195,31 @@ export interface SearchFullTextParams {
     }[];
     search_score_weight?: number;
 }
-/** Creates a BM25 index on an existing text column using pg_textsearch. Enables statistical relevance ranking with configurable k1 and b parameters. The BM25 index is auto-detected by graphile-search. */
-export interface SearchBm25Params {
-    field_name: string;
-    text_config?: string;
-    k1?: number;
-    b?: number;
-    search_score_weight?: number;
+/** Adds a PostGIS geometry or geography column with a spatial index (GiST or SP-GiST). Supports configurable geometry types (Point, Polygon, etc.), SRID, and dimensionality. The graphile-postgis plugin auto-detects geometry/geography columns by codec type for spatial filtering (ST_Contains, ST_DWithin, bbox operators). */
+export interface SearchSpatialParams {
+    field_name?: string;
+    geometry_type?: 'Point' | 'LineString' | 'Polygon' | 'MultiPoint' | 'MultiLineString' | 'MultiPolygon' | 'GeometryCollection' | 'Geometry';
+    srid?: number;
+    dimension?: 2 | 3 | 4;
+    use_geography?: boolean;
+    index_method?: 'gist' | 'spgist';
+}
+/** Creates a derived/materialized geometry field on the parent table that automatically aggregates geometries from a source (child) table via triggers. When child rows are inserted/updated/deleted, the parent aggregate field is recalculated using the specified PostGIS aggregation function (ST_Union, ST_Collect, ST_ConvexHull, ST_ConcaveHull). Useful for materializing spatial boundaries from collections of points or polygons. */
+export interface SearchSpatialAggregateParams {
+    field_name?: string;
+    source_table_id: string;
+    source_geom_field?: string;
+    source_fk_field: string;
+    aggregate_function?: 'union' | 'collect' | 'convex_hull' | 'concave_hull';
+    geometry_type?: 'Point' | 'LineString' | 'Polygon' | 'MultiPoint' | 'MultiLineString' | 'MultiPolygon' | 'GeometryCollection' | 'Geometry';
+    srid?: number;
+    dimension?: 2 | 3 | 4;
+    use_geography?: boolean;
+    index_method?: 'gist' | 'spgist';
+}
+/** Creates GIN trigram indexes (gin_trgm_ops) on specified text/citext fields for fuzzy LIKE/ILIKE/similarity search. Adds @trgmSearch smart tag for PostGraphile integration. Fields must already exist on the table. */
+export interface SearchTrgmParams {
+    fields: string[];
 }
 /** Composite node type that orchestrates multiple search modalities (full-text search, BM25, embeddings, trigram) on a single table. Configures per-table search score weights, normalization strategy, and recency boost via the @searchConfig smart tag. */
 export interface SearchUnifiedParams {
@@ -211,32 +269,54 @@ export interface SearchUnifiedParams {
         boost_recency_decay?: number;
     };
 }
-/** Adds a PostGIS geometry or geography column with a spatial index (GiST or SP-GiST). Supports configurable geometry types (Point, Polygon, etc.), SRID, and dimensionality. The graphile-postgis plugin auto-detects geometry/geography columns by codec type for spatial filtering (ST_Contains, ST_DWithin, bbox operators). */
-export interface SearchSpatialParams {
+/** Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), stale tracking strategies (column, null, hash), and automatic job enqueue triggers for embedding generation. */
+export interface SearchVectorParams {
     field_name?: string;
-    geometry_type?: 'Point' | 'LineString' | 'Polygon' | 'MultiPoint' | 'MultiLineString' | 'MultiPolygon' | 'GeometryCollection' | 'Geometry';
-    srid?: number;
-    dimension?: 2 | 3 | 4;
-    use_geography?: boolean;
-    index_method?: 'gist' | 'spgist';
+    dimensions?: number;
+    index_method?: 'hnsw' | 'ivfflat';
+    metric?: 'cosine' | 'l2' | 'ip';
+    index_options?: {
+        [key: string]: unknown;
+    };
+    include_stale_field?: boolean;
+    source_fields?: string[];
+    enqueue_job?: boolean;
+    job_task_name?: string;
+    stale_strategy?: 'column' | 'null' | 'hash';
+    chunks?: {
+        content_field_name?: string;
+        chunk_size?: number;
+        chunk_overlap?: number;
+        chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
+        metadata_fields?: {
+            [key: string]: unknown;
+        };
+        enqueue_chunking_job?: boolean;
+        chunking_task_name?: string;
+    };
 }
-/** Creates a derived/materialized geometry field on the parent table that automatically aggregates geometries from a source (child) table via triggers. When child rows are inserted/updated/deleted, the parent aggregate field is recalculated using the specified PostGIS aggregation function (ST_Union, ST_Collect, ST_ConvexHull, ST_ConcaveHull). Useful for materializing spatial boundaries from collections of points or polygons. */
-export interface SearchSpatialAggregateParams {
-    field_name?: string;
-    source_table_id: string;
-    source_geom_field?: string;
-    source_fk_field: string;
-    aggregate_function?: 'union' | 'collect' | 'convex_hull' | 'concave_hull';
-    geometry_type?: 'Point' | 'LineString' | 'Polygon' | 'MultiPoint' | 'MultiLineString' | 'MultiPolygon' | 'GeometryCollection' | 'Geometry';
-    srid?: number;
-    dimension?: 2 | 3 | 4;
-    use_geography?: boolean;
-    index_method?: 'gist' | 'spgist';
+/** Allows all access. Generates TRUE expression. */
+export type AuthzAllowAllParams = {};
+/** App-level membership check (membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. Replaces AuthzMembership for clarity. */
+export interface AuthzAppMembershipParams {
+    membership_type?: number | string;
+    entity_type?: string;
+    permission?: string;
+    permissions?: string[];
+    is_admin?: boolean;
+    is_owner?: boolean;
 }
-/** Creates GIN trigram indexes (gin_trgm_ops) on specified text/citext fields for fuzzy LIKE/ILIKE/similarity search. Adds @trgmSearch smart tag for PostGraphile integration. Fields must already exist on the table. */
-export interface SearchTrgmParams {
-    fields: string[];
+/** Composite authorization policy that combines multiple authorization nodes using boolean logic (AND/OR). The data field contains a JSONB AST with nested authorization nodes. */
+export interface AuthzCompositeParams {
+    BoolExpr?: {
+        boolop?: 'AND_EXPR' | 'OR_EXPR' | 'NOT_EXPR';
+        args?: {
+            [key: string]: unknown;
+        }[];
+    };
 }
+/** Denies all access. Generates FALSE expression. */
+export type AuthzDenyAllParams = {};
 /** Direct equality comparison between a table column and the current user ID. Simplest authorization pattern with no subqueries. */
 export interface AuthzDirectOwnerParams {
     entity_field: string;
@@ -245,8 +325,10 @@ export interface AuthzDirectOwnerParams {
 export interface AuthzDirectOwnerAnyParams {
     entity_fields: string[];
 }
-/** Membership check that verifies the user has membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. */
-export interface AuthzMembershipParams {
+/** Membership check scoped by a field on the row through the SPRT table. Verifies user has membership in the entity referenced by the row. */
+export interface AuthzEntityMembershipParams {
+    entity_field: string;
+    sel_field?: string;
     membership_type?: number | string;
     entity_type?: string;
     permission?: string;
@@ -254,9 +336,25 @@ export interface AuthzMembershipParams {
     is_admin?: boolean;
     is_owner?: boolean;
 }
-/** Membership check scoped by a field on the row through the SPRT table. Verifies user has membership in the entity referenced by the row. */
-export interface AuthzEntityMembershipParams {
-    entity_field: string;
+/** Check if current user is in an array column on the same row. */
+export interface AuthzMemberListParams {
+    array_field: string;
+}
+/** Restrictive policy that blocks read-only members from mutations. Checks actor_id + is_read_only IS NOT TRUE on the SPRT. Designed to run as a restrictive counterpart after a permissive AuthzEntityMembership policy has already verified membership. */
+export interface AuthzNotReadOnlyParams {
+    entity_field: string;
+    membership_type?: number | string;
+}
+/** Organizational hierarchy visibility using closure table. Managers can see subordinate data or subordinates can see manager data. */
+export interface AuthzOrgHierarchyParams {
+    direction: 'up' | 'down';
+    entity_field?: string;
+    anchor_field: string;
+    max_depth?: number;
+}
+/** Peer visibility through shared entity membership. Authorizes access to user-owned rows when the owner and current user are both members of the same entity. Self-joins the SPRT table to find peers. */
+export interface AuthzPeerOwnershipParams {
+    owner_field: string;
     membership_type?: number | string;
     entity_type?: string;
     permission?: string;
@@ -264,9 +362,17 @@ export interface AuthzEntityMembershipParams {
     is_admin?: boolean;
     is_owner?: boolean;
 }
+/** Published state access control. Restricts access to records that are published. */
+export interface AuthzPublishableParams {
+    is_published_field?: string;
+    published_at_field?: string;
+    require_published_at?: boolean;
+}
 /** JOIN-based membership verification through related tables. Joins SPRT table with another table to verify membership. */
 export interface AuthzRelatedEntityMembershipParams {
     entity_field: string;
+    sel_field?: string;
+    sprt_join_field?: string;
     membership_type?: number | string;
     entity_type?: string;
     obj_table_id?: string;
@@ -279,30 +385,6 @@ export interface AuthzRelatedEntityMembershipParams {
     is_admin?: boolean;
     is_owner?: boolean;
 }
-/** Organizational hierarchy visibility using closure table. Managers can see subordinate data or subordinates can see manager data. */
-export interface AuthzOrgHierarchyParams {
-    direction: 'up' | 'down';
-    entity_field?: string;
-    anchor_field: string;
-    max_depth?: number;
-}
-/** Time-window based access control. Restricts access based on valid_from and/or valid_until timestamps. At least one of valid_from_field or valid_until_field must be provided. */
-export interface AuthzTemporalParams {
-    valid_from_field?: string;
-    valid_until_field?: string;
-    valid_from_inclusive?: boolean;
-    valid_until_inclusive?: boolean;
-}
-/** Published state access control. Restricts access to records that are published. */
-export interface AuthzPublishableParams {
-    is_published_field?: string;
-    published_at_field?: string;
-    require_published_at?: boolean;
-}
-/** Check if current user is in an array column on the same row. */
-export interface AuthzMemberListParams {
-    array_field: string;
-}
 /** Array membership check in a related table. */
 export interface AuthzRelatedMemberListParams {
     owned_schema: string;
@@ -311,34 +393,6 @@ export interface AuthzRelatedMemberListParams {
     owned_table_ref_key: string;
     this_object_key: string;
 }
-/** Allows all access. Generates TRUE expression. */
-export type AuthzAllowAllParams = {};
-/** Denies all access. Generates FALSE expression. */
-export type AuthzDenyAllParams = {};
-/** Composite authorization policy that combines multiple authorization nodes using boolean logic (AND/OR). The data field contains a JSONB AST with nested authorization nodes. */
-export interface AuthzCompositeParams {
-    BoolExpr?: {
-        boolop?: 'AND_EXPR' | 'OR_EXPR' | 'NOT_EXPR';
-        args?: {
-            [key: string]: unknown;
-        }[];
-    };
-}
-/** Restrictive policy that blocks read-only members from mutations. Checks actor_id + is_read_only IS NOT TRUE on the SPRT. Designed to run as a restrictive counterpart after a permissive AuthzEntityMembership policy has already verified membership. */
-export interface AuthzNotReadOnlyParams {
-    entity_field: string;
-    membership_type?: number | string;
-}
-/** Peer visibility through shared entity membership. Authorizes access to user-owned rows when the owner and current user are both members of the same entity. Self-joins the SPRT table to find peers. */
-export interface AuthzPeerOwnershipParams {
-    owner_field: string;
-    membership_type?: number | string;
-    entity_type?: string;
-    permission?: string;
-    permissions?: string[];
-    is_admin?: boolean;
-    is_owner?: boolean;
-}
 /** Peer visibility through shared entity membership via a related table. Like AuthzPeerOwnership but the owning user is resolved through a FK JOIN to a related table. Combines SPRT self-join with object table JOIN. */
 export interface AuthzRelatedPeerOwnershipParams {
     entity_field: string;
@@ -355,6 +409,13 @@ export interface AuthzRelatedPeerOwnershipParams {
     is_admin?: boolean;
     is_owner?: boolean;
 }
+/** Time-window based access control. Restricts access based on valid_from and/or valid_until timestamps. At least one of valid_from_field or valid_until_field must be provided. */
+export interface AuthzTemporalParams {
+    valid_from_field?: string;
+    valid_until_field?: string;
+    valid_from_inclusive?: boolean;
+    valid_until_inclusive?: boolean;
+}
 /** Creates a foreign key field on the source table referencing the target table. Auto-derives the FK field name from the target table name using inflection (e.g., projects derives project_id). delete_action is required and must be explicitly provided by the caller. */
 export interface RelationBelongsToParams {
     source_table_id: string;
@@ -363,16 +424,16 @@ export interface RelationBelongsToParams {
     delete_action: 'c' | 'r' | 'n' | 'd' | 'a';
     is_required?: boolean;
 }
-/** Creates a foreign key field with a unique constraint on the source table referencing the target table. Enforces 1:1 cardinality. Auto-derives the FK field name from the target table name using inflection. delete_action is required and must be explicitly provided by the caller. */
-export interface RelationHasOneParams {
+/** Creates a foreign key field on the target table referencing the source table. Inverse of RelationBelongsTo — same FK, different perspective. "projects has many tasks" creates tasks.project_id. Auto-derives the FK field name from the source table name using inflection. delete_action is required and must be explicitly provided by the caller. */
+export interface RelationHasManyParams {
     source_table_id: string;
     target_table_id: string;
     field_name?: string;
     delete_action: 'c' | 'r' | 'n' | 'd' | 'a';
     is_required?: boolean;
 }
-/** Creates a foreign key field on the target table referencing the source table. Inverse of RelationBelongsTo — same FK, different perspective. "projects has many tasks" creates tasks.project_id. Auto-derives the FK field name from the source table name using inflection. delete_action is required and must be explicitly provided by the caller. */
-export interface RelationHasManyParams {
+/** Creates a foreign key field with a unique constraint on the source table referencing the target table. Enforces 1:1 cardinality. Auto-derives the FK field name from the target table name using inflection. delete_action is required and must be explicitly provided by the caller. */
+export interface RelationHasOneParams {
     source_table_id: string;
     target_table_id: string;
     field_name?: string;
@@ -416,11 +477,21 @@ export interface RelationSpatialParams {
     operator: 'st_contains' | 'st_within' | 'st_intersects' | 'st_covers' | 'st_coveredby' | 'st_overlaps' | 'st_touches' | 'st_dwithin';
     param_name?: string;
 }
-/** Simple column selection from a single source table. Projects all or specific fields. */
-export interface ViewTableProjectionParams {
+/** View with GROUP BY and aggregate functions. Useful for summary/reporting views. */
+export interface ViewAggregatedParams {
     source_table_id: string;
-    field_ids?: string[];
-    field_names?: string[];
+    group_by_fields: string[];
+    aggregates: {
+        function: 'COUNT' | 'SUM' | 'AVG' | 'MIN' | 'MAX';
+        field?: string;
+        alias: string;
+    }[];
+}
+/** Advanced view using composite AST for the query. Use when other node types are insufficient (CTEs, UNIONs, complex subqueries, etc.). */
+export interface ViewCompositeParams {
+    query_ast: {
+        [key: string]: unknown;
+    };
 }
 /** Table projection with an Authz* filter baked into the view definition. The view only returns records matching the filter. */
 export interface ViewFilteredTableParams {
@@ -445,21 +516,11 @@ export interface ViewJoinedTablesParams {
     }[];
     field_ids?: string[];
 }
-/** View with GROUP BY and aggregate functions. Useful for summary/reporting views. */
-export interface ViewAggregatedParams {
+/** Simple column selection from a single source table. Projects all or specific fields. */
+export interface ViewTableProjectionParams {
     source_table_id: string;
-    group_by_fields: string[];
-    aggregates: {
-        function: 'COUNT' | 'SUM' | 'AVG' | 'MIN' | 'MAX';
-        field?: string;
-        alias: string;
-    }[];
-}
-/** Advanced view using composite AST for the query. Use when other node types are insufficient (CTEs, UNIONs, complex subqueries, etc.). */
-export interface ViewCompositeParams {
-    query_ast: {
-        [key: string]: unknown;
-    };
+    field_ids?: string[];
+    field_names?: string[];
 }
 /** A custom field (column) to add to a blueprint table. */
 export interface BlueprintField {
@@ -477,7 +538,7 @@ export interface BlueprintField {
 /** An RLS policy entry for a blueprint table. Uses $type to match the blueprint JSON convention. */
 export interface BlueprintPolicy {
     /** Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll"). */
-    $type: 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzMembership' | 'AuthzEntityMembership' | 'AuthzRelatedEntityMembership' | 'AuthzOrgHierarchy' | 'AuthzTemporal' | 'AuthzPublishable' | 'AuthzMemberList' | 'AuthzRelatedMemberList' | 'AuthzAllowAll' | 'AuthzDenyAll' | 'AuthzComposite' | 'AuthzNotReadOnly' | 'AuthzPeerOwnership' | 'AuthzRelatedPeerOwnership';
+    $type: 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal';
     /** Privileges this policy applies to (e.g., ["select"], ["insert", "update", "delete"]). */
     privileges?: string[];
     /** Whether this policy is permissive (true) or restrictive (false). Defaults to true. */
@@ -601,11 +662,10 @@ export interface BlueprintStorageConfig {
     default_max_file_size?: number;
     /** CORS allowed origins for the storage module. */
     allowed_origins?: string[];
-    /** Per-table overrides for storage tables. Each key targets a specific storage table (files, buckets, upload_requests) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision targeting the corresponding table. When a key includes policies[], those REPLACE the default storage policies for that table; tables without a key still get defaults. */
+    /** Per-table overrides for storage tables. Each key targets a specific storage table (files, buckets) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision targeting the corresponding table. When a key includes policies[], those REPLACE the default storage policies for that table; tables without a key still get defaults. */
     provisions?: {
         files?: BlueprintEntityTableProvision;
         buckets?: BlueprintEntityTableProvision;
-        upload_requests?: BlueprintEntityTableProvision;
     };
 }
 /** Override object for the entity table created by a BlueprintEntityType. Shape mirrors BlueprintTable / secure_table_provision vocabulary. When supplied, policies[] replaces the default entity-table policies entirely. */
@@ -644,7 +704,7 @@ export interface BlueprintEntityType {
     has_profiles?: boolean;
     /** Whether to provision a levels module for this entity type. Defaults to false. */
     has_levels?: boolean;
-    /** Whether to provision a storage module (buckets, files, upload_requests tables) for this entity type. Defaults to false. */
+    /** Whether to provision a storage module (buckets, files tables) for this entity type. Defaults to false. */
     has_storage?: boolean;
     /** Whether to provision entity-scoped invite tables ({prefix}_invites, {prefix}_claimed_invites) and a submit_{prefix}_invite_code() function. Defaults to false. */
     has_invites?: boolean;
@@ -656,139 +716,148 @@ export interface BlueprintEntityType {
     storage?: BlueprintStorageConfig;
 }
 /** String shorthand -- just the node type name. */
-export type BlueprintNodeShorthand = 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzMembership' | 'AuthzEntityMembership' | 'AuthzRelatedEntityMembership' | 'AuthzOrgHierarchy' | 'AuthzTemporal' | 'AuthzPublishable' | 'AuthzMemberList' | 'AuthzRelatedMemberList' | 'AuthzAllowAll' | 'AuthzDenyAll' | 'AuthzComposite' | 'AuthzNotReadOnly' | 'AuthzPeerOwnership' | 'AuthzRelatedPeerOwnership' | 'DataId' | 'DataDirectOwner' | 'DataEntityMembership' | 'DataOwnershipInEntity' | 'DataTimestamps' | 'DataPeoplestamps' | 'DataPublishable' | 'DataSoftDelete' | 'SearchVector' | 'SearchFullText' | 'SearchBm25' | 'SearchUnified' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'DataJobTrigger' | 'DataTags' | 'DataStatusField' | 'DataJsonb' | 'SearchTrgm' | 'DataSlug' | 'DataInflection' | 'DataOwnedFields' | 'DataInheritFromParent' | 'DataForceCurrentUser' | 'DataImmutableFields' | 'DataCompositeField' | 'TableUserProfiles' | 'TableOrganizationSettings' | 'TableUserSettings';
+export type BlueprintNodeShorthand = 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal' | 'DataCompositeField' | 'DataDirectOwner' | 'DataEntityMembership' | 'DataFeatureFlag' | 'DataForceCurrentUser' | 'DataId' | 'DataImageEmbedding' | 'DataImmutableFields' | 'DataInflection' | 'DataInheritFromParent' | 'DataJobTrigger' | 'DataLimitCounter' | 'DataJsonb' | 'DataOwnedFields' | 'DataOwnershipInEntity' | 'DataPeoplestamps' | 'DataPublishable' | 'DataSlug' | 'DataSoftDelete' | 'DataStatusField' | 'DataTags' | 'DataTimestamps' | 'SearchBm25' | 'SearchFullText' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'SearchTrgm' | 'SearchUnified' | 'SearchVector' | 'TableOrganizationSettings' | 'TableUserProfiles' | 'TableUserSettings';
 /** Object form -- { $type, data } with typed parameters. */
 export type BlueprintNodeObject = {
+    $type: 'AuthzAllowAll';
+    data?: Record<string, never>;
+} | {
+    $type: 'AuthzAppMembership';
+    data: AuthzAppMembershipParams;
+} | {
+    $type: 'AuthzComposite';
+    data: AuthzCompositeParams;
+} | {
+    $type: 'AuthzDenyAll';
+    data?: Record<string, never>;
+} | {
     $type: 'AuthzDirectOwner';
     data: AuthzDirectOwnerParams;
 } | {
     $type: 'AuthzDirectOwnerAny';
     data: AuthzDirectOwnerAnyParams;
-} | {
-    $type: 'AuthzMembership';
-    data: AuthzMembershipParams;
 } | {
     $type: 'AuthzEntityMembership';
     data: AuthzEntityMembershipParams;
 } | {
-    $type: 'AuthzRelatedEntityMembership';
-    data: AuthzRelatedEntityMembershipParams;
+    $type: 'AuthzMemberList';
+    data: AuthzMemberListParams;
+} | {
+    $type: 'AuthzNotReadOnly';
+    data: AuthzNotReadOnlyParams;
 } | {
     $type: 'AuthzOrgHierarchy';
     data: AuthzOrgHierarchyParams;
 } | {
-    $type: 'AuthzTemporal';
-    data: AuthzTemporalParams;
+    $type: 'AuthzPeerOwnership';
+    data: AuthzPeerOwnershipParams;
 } | {
     $type: 'AuthzPublishable';
     data: AuthzPublishableParams;
 } | {
-    $type: 'AuthzMemberList';
-    data: AuthzMemberListParams;
+    $type: 'AuthzRelatedEntityMembership';
+    data: AuthzRelatedEntityMembershipParams;
 } | {
     $type: 'AuthzRelatedMemberList';
     data: AuthzRelatedMemberListParams;
 } | {
-    $type: 'AuthzAllowAll';
-    data?: Record<string, never>;
+    $type: 'AuthzRelatedPeerOwnership';
+    data: AuthzRelatedPeerOwnershipParams;
 } | {
-    $type: 'AuthzDenyAll';
-    data?: Record<string, never>;
+    $type: 'AuthzTemporal';
+    data: AuthzTemporalParams;
 } | {
-    $type: 'AuthzComposite';
-    data: AuthzCompositeParams;
+    $type: 'DataCompositeField';
+    data: DataCompositeFieldParams;
 } | {
-    $type: 'AuthzNotReadOnly';
-    data: AuthzNotReadOnlyParams;
+    $type: 'DataDirectOwner';
+    data: DataDirectOwnerParams;
 } | {
-    $type: 'AuthzPeerOwnership';
-    data: AuthzPeerOwnershipParams;
+    $type: 'DataEntityMembership';
+    data: DataEntityMembershipParams;
 } | {
-    $type: 'AuthzRelatedPeerOwnership';
-    data: AuthzRelatedPeerOwnershipParams;
+    $type: 'DataFeatureFlag';
+    data: DataFeatureFlagParams;
+} | {
+    $type: 'DataForceCurrentUser';
+    data: DataForceCurrentUserParams;
 } | {
     $type: 'DataId';
     data: DataIdParams;
 } | {
-    $type: 'DataDirectOwner';
-    data: DataDirectOwnerParams;
+    $type: 'DataImageEmbedding';
+    data: DataImageEmbeddingParams;
 } | {
-    $type: 'DataEntityMembership';
-    data: DataEntityMembershipParams;
+    $type: 'DataImmutableFields';
+    data: DataImmutableFieldsParams;
+} | {
+    $type: 'DataInflection';
+    data: DataInflectionParams;
+} | {
+    $type: 'DataInheritFromParent';
+    data: DataInheritFromParentParams;
+} | {
+    $type: 'DataJobTrigger';
+    data: DataJobTriggerParams;
+} | {
+    $type: 'DataLimitCounter';
+    data: DataLimitCounterParams;
+} | {
+    $type: 'DataJsonb';
+    data: DataJsonbParams;
+} | {
+    $type: 'DataOwnedFields';
+    data: DataOwnedFieldsParams;
 } | {
     $type: 'DataOwnershipInEntity';
     data: DataOwnershipInEntityParams;
-} | {
-    $type: 'DataTimestamps';
-    data: DataTimestampsParams;
 } | {
     $type: 'DataPeoplestamps';
     data: DataPeoplestampsParams;
 } | {
     $type: 'DataPublishable';
     data: DataPublishableParams;
+} | {
+    $type: 'DataSlug';
+    data: DataSlugParams;
 } | {
     $type: 'DataSoftDelete';
     data: DataSoftDeleteParams;
 } | {
-    $type: 'SearchVector';
-    data: SearchVectorParams;
+    $type: 'DataStatusField';
+    data: DataStatusFieldParams;
 } | {
-    $type: 'SearchFullText';
-    data: SearchFullTextParams;
+    $type: 'DataTags';
+    data: DataTagsParams;
+} | {
+    $type: 'DataTimestamps';
+    data: DataTimestampsParams;
 } | {
     $type: 'SearchBm25';
     data: SearchBm25Params;
 } | {
-    $type: 'SearchUnified';
-    data: SearchUnifiedParams;
+    $type: 'SearchFullText';
+    data: SearchFullTextParams;
 } | {
     $type: 'SearchSpatial';
     data: SearchSpatialParams;
 } | {
     $type: 'SearchSpatialAggregate';
     data: SearchSpatialAggregateParams;
-} | {
-    $type: 'DataJobTrigger';
-    data: DataJobTriggerParams;
-} | {
-    $type: 'DataTags';
-    data: DataTagsParams;
-} | {
-    $type: 'DataStatusField';
-    data: DataStatusFieldParams;
-} | {
-    $type: 'DataJsonb';
-    data: DataJsonbParams;
 } | {
     $type: 'SearchTrgm';
     data: SearchTrgmParams;
 } | {
-    $type: 'DataSlug';
-    data: DataSlugParams;
-} | {
-    $type: 'DataInflection';
-    data: DataInflectionParams;
-} | {
-    $type: 'DataOwnedFields';
-    data: DataOwnedFieldsParams;
-} | {
-    $type: 'DataInheritFromParent';
-    data: DataInheritFromParentParams;
-} | {
-    $type: 'DataForceCurrentUser';
-    data: DataForceCurrentUserParams;
-} | {
-    $type: 'DataImmutableFields';
-    data: DataImmutableFieldsParams;
+    $type: 'SearchUnified';
+    data: SearchUnifiedParams;
 } | {
-    $type: 'DataCompositeField';
-    data: DataCompositeFieldParams;
+    $type: 'SearchVector';
+    data: SearchVectorParams;
 } | {
-    $type: 'TableUserProfiles';
+    $type: 'TableOrganizationSettings';
     data?: Record<string, never>;
 } | {
-    $type: 'TableOrganizationSettings';
+    $type: 'TableUserProfiles';
     data?: Record<string, never>;
 } | {
     $type: 'TableUserSettings';
@@ -804,18 +873,18 @@ export type BlueprintRelation = {
     source_schema_name?: string;
     target_schema_name?: string;
 } & Partial<RelationBelongsToParams> | {
-    $type: 'RelationHasOne';
+    $type: 'RelationHasMany';
     source_table: string;
     target_table: string;
     source_schema_name?: string;
     target_schema_name?: string;
-} & Partial<RelationHasOneParams> | {
-    $type: 'RelationHasMany';
+} & Partial<RelationHasManyParams> | {
+    $type: 'RelationHasOne';
     source_table: string;
     target_table: string;
     source_schema_name?: string;
     target_schema_name?: string;
-} & Partial<RelationHasManyParams> | {
+} & Partial<RelationHasOneParams> | {
     $type: 'RelationManyToMany';
     source_table: string;
     target_table: string;