node-type-registry 0.33.1 → 0.35.0

package/data/process-image-versions.js

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProcessImageVersions = void 0;
+/**
+ * Image version processing node.
+ *
+ * Composes a JobTrigger that fires when an image file transitions to
+ * status = 'uploaded' (or on INSERT if confirm_upload is not enabled).
+ * The trigger enqueues an image-processing job that generates resized,
+ * cropped, or reformatted variants of the source image.
+ *
+ * The image processing worker is external (Knative function) — this node
+ * only creates the trigger infrastructure. The worker generates the variants
+ * and writes them back to the storage system as new file records linked to
+ * the source file.
+ */
+exports.ProcessImageVersions = {
+    name: 'ProcessImageVersions',
+    slug: 'process_image_versions',
+    category: 'process',
+    display_name: 'Image Versions',
+    description: 'Creates a job trigger for image variant generation. ' +
+        'Fires when an image file is uploaded (status = \'uploaded\') or on INSERT. ' +
+        'The external worker generates resized, cropped, or reformatted versions ' +
+        '(thumbnails, previews, WebP conversions, etc.) and stores them as new ' +
+        'file records linked to the source image.',
+    parameter_schema: {
+        type: 'object',
+        required: ['versions'],
+        properties: {
+            // ── Version definitions ───────────────────────────────────────
+            versions: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    properties: {
+                        name: {
+                            type: 'string',
+                            description: 'Version identifier (e.g., "thumb", "preview", "hero")'
+                        },
+                        width: {
+                            type: 'integer',
+                            description: 'Target width in pixels'
+                        },
+                        height: {
+                            type: 'integer',
+                            description: 'Target height in pixels'
+                        },
+                        fit: {
+                            type: 'string',
+                            enum: ['cover', 'contain', 'fill', 'inside', 'outside'],
+                            description: 'Resize fitting strategy',
+                            default: 'cover'
+                        },
+                        format: {
+                            type: 'string',
+                            enum: ['jpeg', 'png', 'webp', 'avif'],
+                            description: 'Output image format',
+                            default: 'webp'
+                        },
+                        quality: {
+                            type: 'integer',
+                            description: 'Output quality (1-100)',
+                            default: 80
+                        }
+                    },
+                    required: ['name']
+                },
+                description: 'Array of version definitions. Each version specifies dimensions, ' +
+                    'format, and quality for a generated image variant. ' +
+                    'Required — the blueprint must explicitly define what variants to generate.',
+                minItems: 1
+            },
+            // ── MIME scoping ──────────────────────────────────────────────
+            mime_patterns: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'MIME type LIKE patterns to match. Defaults to all image types.',
+                default: ['image/%']
+            },
+            // ── Job routing ───────────────────────────────────────────────
+            task_identifier: {
+                type: 'string',
+                description: 'Job task identifier for the image processing worker',
+                default: 'process_image_versions'
+            },
+            events: {
+                type: 'array',
+                items: { type: 'string', enum: ['INSERT', 'UPDATE'] },
+                description: 'Trigger events that fire the job',
+                default: ['INSERT']
+            },
+            payload_custom: {
+                type: 'object',
+                additionalProperties: { type: 'string', format: 'column-ref' },
+                description: 'Custom payload key-to-column mapping for the job trigger',
+                default: {
+                    file_id: 'id',
+                    key: 'key',
+                    mime_type: 'mime_type',
+                    bucket_id: 'bucket_id'
+                }
+            },
+            trigger_conditions: {
+                description: 'Additional compound conditions beyond MIME filtering. ' +
+                    'Merged with the auto-generated MIME conditions via AND.',
+                'x-codegen-type': 'TriggerCondition | TriggerCondition[]',
+                oneOf: [
+                    { $ref: '#/$defs/triggerCondition' },
+                    { type: 'array', items: { $ref: '#/$defs/triggerCondition' } }
+                ]
+            },
+            // ── Job options ───────────────────────────────────────────────
+            queue_name: {
+                type: 'string',
+                description: 'Job queue name for image processing tasks',
+                default: 'image_processing'
+            },
+            max_attempts: {
+                type: 'integer',
+                description: 'Maximum number of retry attempts',
+                default: 5
+            },
+            priority: {
+                type: 'integer',
+                description: 'Job priority (lower = higher priority)',
+                default: 0
+            }
+        }
+    },
+    tags: [
+        'images',
+        'processing',
+        'jobs',
+        'resize',
+        'thumbnails',
+        'files'
+    ]
+};

package/data/search-vector.js

@@ -6,7 +6,7 @@ exports.SearchVector = {
     slug: 'search_vector',
     category: 'search',
     display_name: 'Vector Search',
-    description: 'Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), stale tracking strategies (column, null, hash), and automatic job enqueue triggers for embedding generation.',
+    description: 'Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), per-field {field_name}_updated_at timestamp tracking (read-only in GraphQL), and automatic job enqueue triggers for embedding generation.',
     parameter_schema: {
         type: 'object',
         properties: {
@@ -45,11 +45,6 @@ exports.SearchVector = {
                 description: 'Index-specific options. HNSW: {m, ef_construction}. IVFFlat: {lists}.',
                 default: {}
             },
-            include_stale_field: {
-                type: 'boolean',
-                description: 'When stale_strategy is column, adds an embedding_stale boolean field',
-                default: true
-            },
             source_fields: {
                 type: 'array',
                 items: {
@@ -68,16 +63,6 @@ exports.SearchVector = {
                 description: 'Task identifier for the job queue',
                 default: 'generate_embedding'
             },
-            stale_strategy: {
-                type: 'string',
-                enum: [
-                    'column',
-                    'null',
-                    'hash'
-                ],
-                description: 'Strategy for tracking embedding staleness. column: embedding_stale boolean. null: set embedding to NULL. hash: md5 hash of source fields.',
-                default: 'column'
-            },
             chunks: {
                 type: 'object',
                 description: 'Chunking configuration for long-text embedding. Creates an embedding_chunks record that drives automatic text splitting and per-chunk embedding. Omit to skip chunking.',

package/esm/blueprint-types.generated.d.ts

@@ -20,6 +20,41 @@ export interface TriggerCondition {
     /** Negated condition. */
     NOT?: TriggerCondition;
 }
+/** Declaratively attaches billing usage-recording triggers to a table. On INSERT the named meter is incremented via record_usage; on DELETE it is decremented (reversal). On UPDATE, if the entity_field changes, the old entity is decremented and the new entity is incremented. Requires a provisioned billing_module for the target database. */
+export interface BillingMeterParams {
+    meter_slug: string;
+    entity_field?: string;
+    quantity?: number;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
+/** Adds a CHECK constraint that validates a column value is greater than a threshold (single-column: column > value) or that one column is greater than another (cross-column: columns[0] > columns[1]). Compiled via AST helpers. */
+export interface CheckGreaterThanParams {
+    column?: string;
+    value?: number;
+    columns?: string[];
+}
+/** Adds a CHECK constraint that validates a column value is less than a threshold (single-column: column < value) or that one column is less than another (cross-column: columns[0] < columns[1]). Compiled via AST helpers. */
+export interface CheckLessThanParams {
+    column?: string;
+    value?: number;
+    columns?: string[];
+}
+/** Adds a CHECK constraint that validates two columns are not equal (columns[0] != columns[1]). Useful for preventing self-referencing rows. Compiled via AST helpers. */
+export interface CheckNotEqualParams {
+    columns: string[];
+}
+/** Adds a CHECK constraint that validates a column value is one of an allowed set (e.g. tier IN ('free', 'paid', 'custom')). Compiled to column = ANY(ARRAY[...]) via AST helpers. */
+export interface CheckOneOfParams {
+    column: string;
+    values: string[];
+}
+/** Enables bulk mutation smart tags on a table. When provisioned, adds @behavior tags for the selected bulk operations (insert, upsert, update, delete). Requires the graphile-bulk-mutations plugin. */
+export interface DataBulkParams {
+    insert?: boolean;
+    upsert?: boolean;
+    update?: boolean;
+    delete?: boolean;
+}
 /** Creates a derived text field that automatically concatenates multiple source fields via BEFORE INSERT/UPDATE triggers. Used to produce a unified text representation (e.g., embedding_text) from multiple columns on a table. The trigger fires with '_000' prefix to run before Search* triggers alphabetically. */
 export interface DataCompositeFieldParams {
     target?: string;
@@ -38,12 +73,6 @@ export interface DataEntityMembershipParams {
     include_id?: boolean;
     include_user_fk?: boolean;
 }
-/** Gates a table behind a feature flag backed by the cap tables. Attaches a BEFORE INSERT trigger that checks whether the named feature cap value is > 0. Features are modeled as caps with max=0 (disabled) or max=1 (enabled) in limit_caps / limit_caps_defaults tables. Resolution: COALESCE(per-entity cap, scope default, 0). */
-export interface DataFeatureFlagParams {
-    feature_name: string;
-    scope?: 'app' | 'org';
-    entity_field?: string;
-}
 /** BEFORE INSERT trigger that forces a field to the value of jwt_public.current_user_id(). Prevents clients from spoofing the actor/uploader identity. The field value is always overwritten regardless of what the client provides. */
 export interface DataForceCurrentUserParams {
     field_name?: string;
@@ -52,18 +81,6 @@ export interface DataForceCurrentUserParams {
 export interface DataIdParams {
     field_name?: string;
 }
-/** Composition wrapper that creates a vector embedding field with HNSW/IVFFlat index (via SearchVector) and a job trigger with compound conditions (via DataJobTrigger) that fires on INSERT for image files matching mime_type patterns. Designed for storage file tables. */
-export interface DataImageEmbeddingParams {
-    field_name?: string;
-    dimensions?: number;
-    index_method?: 'hnsw' | 'ivfflat';
-    metric?: 'cosine' | 'l2' | 'ip';
-    task_identifier?: string;
-    mime_patterns?: string[];
-    payload_custom?: {
-        [key: string]: unknown;
-    };
-}
 /** BEFORE UPDATE trigger that prevents changes to a list of specified fields after INSERT. Raises an exception if any of the listed fields have changed. Unlike FieldImmutable (single-field), this handles multiple fields in a single trigger for efficiency. */
 export interface DataImmutableFieldsParams {
     fields: string[];
@@ -80,34 +97,6 @@ export interface DataInheritFromParentParams {
     parent_table?: string;
     parent_schema?: string;
 }
-/** Dynamically creates PostgreSQL triggers that enqueue jobs via app_jobs.add_job() when table rows are inserted, updated, or deleted. Supports configurable payload strategies (full row, row ID, selected fields, or custom mapping), conditional firing via WHEN clauses, watched field changes, and extended job options (queue, priority, delay, max attempts). */
-export interface DataJobTriggerParams {
-    task_identifier: string;
-    payload_strategy?: 'row' | 'row_id' | 'fields' | 'custom';
-    payload_fields?: string[];
-    payload_custom?: {
-        [key: string]: unknown;
-    };
-    events?: ('INSERT' | 'UPDATE' | 'DELETE')[];
-    include_old?: boolean;
-    include_meta?: boolean;
-    condition_field?: string;
-    condition_value?: string;
-    conditions?: TriggerCondition | TriggerCondition[];
-    watch_fields?: string[];
-    job_key?: string;
-    queue_name?: string;
-    priority?: number;
-    run_at_delay?: string;
-    max_attempts?: number;
-}
-/** Declaratively attaches limit-tracking triggers to a table. On INSERT the named limit is incremented; on DELETE it is decremented. Requires a provisioned limits_module for the target scope. */
-export interface DataLimitCounterParams {
-    limit_name: string;
-    scope?: 'app' | 'org';
-    actor_field?: string;
-    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
-}
 /** Adds a JSONB column with optional GIN index for containment queries (@>, ?, ?|, ?&). Standard pattern for semi-structured metadata. */
 export interface DataJsonbParams {
     field_name?: string;
@@ -140,6 +129,11 @@ export interface DataPublishableParams {
     published_at_field?: string;
     include_id?: boolean;
 }
+/** Creates per-table subscriber tables in subscriptions_public with RLS policies derived from source table SELECT policies. Attaches statement-level triggers to emit changes to subscribers. */
+export interface DataRealtimeParams {
+    operations?: ('INSERT' | 'UPDATE' | 'DELETE')[];
+    subscriber_table_name?: string;
+}
 /** Auto-generates URL-friendly slugs from field values on insert/update. Attaches BEFORE INSERT and BEFORE UPDATE triggers that call inflection.slugify() on the target field. References fields by name in data jsonb. */
 export interface DataSlugParams {
     field_name: string;
@@ -177,6 +171,25 @@ export type TableOrganizationSettingsParams = {};
 export type TableUserProfilesParams = {};
 /** Creates a user settings table for user-specific configuration. Uses AuthzDirectOwner for access control. */
 export type TableUserSettingsParams = {};
+/** Declaratively attaches aggregate limit-tracking triggers to a table. On INSERT the named limit is incremented per entity; on DELETE it is decremented. Uses org_limit_aggregates_inc/dec for per-entity (org-level) aggregate limits rather than per-user limits. Requires a provisioned limits_module for the target database. */
+export interface LimitAggregateParams {
+    limit_name: string;
+    entity_field?: string;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
+/** Gates a table behind a feature flag backed by the cap tables. Attaches a BEFORE INSERT trigger that checks whether the named feature cap value is > 0. Features are modeled as caps with max=0 (disabled) or max=1 (enabled) in limit_caps / limit_caps_defaults tables. Resolution: COALESCE(per-entity cap, scope default, 0). */
+export interface LimitFeatureFlagParams {
+    feature_name: string;
+    scope?: 'app' | 'org';
+    entity_field?: string;
+}
+/** Declaratively attaches limit-tracking triggers to a table. On INSERT the named limit is incremented; on DELETE it is decremented. Requires a provisioned limits_module for the target scope. */
+export interface LimitCounterParams {
+    limit_name: string;
+    scope?: 'app' | 'org';
+    actor_field?: string;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
 /** Creates a BM25 index on an existing text column using pg_textsearch. Enables statistical relevance ranking with configurable k1 and b parameters. The BM25 index is auto-detected by graphile-search. */
 export interface SearchBm25Params {
     field_name: string;
@@ -269,7 +282,7 @@ export interface SearchUnifiedParams {
         boost_recency_decay?: number;
     };
 }
-/** Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), stale tracking strategies (column, null, hash), and automatic job enqueue triggers for embedding generation. */
+/** Adds a vector embedding column with HNSW or IVFFlat index for similarity search. Supports configurable dimensions, distance metrics (cosine, l2, ip), per-field {field_name}_updated_at timestamp tracking (read-only in GraphQL), and automatic job enqueue triggers for embedding generation. */
 export interface SearchVectorParams {
     field_name?: string;
     dimensions?: number;
@@ -278,11 +291,9 @@ export interface SearchVectorParams {
     index_options?: {
         [key: string]: unknown;
     };
-    include_stale_field?: boolean;
     source_fields?: string[];
     enqueue_job?: boolean;
     job_task_name?: string;
-    stale_strategy?: 'column' | 'null' | 'hash';
     chunks?: {
         content_field_name?: string;
         chunk_size?: number;
@@ -295,6 +306,139 @@ export interface SearchVectorParams {
         chunking_task_name?: string;
     };
 }
+/** Dynamically creates PostgreSQL triggers that enqueue jobs via app_jobs.add_job() when table rows are inserted, updated, or deleted. Supports configurable payload strategies (full row, row ID, selected fields, or custom mapping), conditional firing via WHEN clauses, watched field changes, and extended job options (queue, priority, delay, max attempts). */
+export interface JobTriggerParams {
+    task_identifier: string;
+    payload_strategy?: 'row' | 'row_id' | 'fields' | 'custom';
+    payload_fields?: string[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    events?: ('INSERT' | 'UPDATE' | 'DELETE')[];
+    include_old?: boolean;
+    include_meta?: boolean;
+    condition_field?: string;
+    condition_value?: string;
+    conditions?: TriggerCondition | TriggerCondition[];
+    watch_fields?: string[];
+    job_key?: string;
+    queue_name?: string;
+    priority?: number;
+    run_at_delay?: string;
+    max_attempts?: number;
+}
+/** Creates a chunked-embedding child table for any parent table. Provisions the chunks table with content, chunk_index, embedding vector, metadata, HNSW index, inherited RLS, and optional job trigger for automatic text splitting. Composed internally by ProcessFileEmbedding (enabled by default in extract mode) but can also be used standalone. */
+export interface ProcessChunksParams {
+    content_field_name?: string;
+    chunk_size?: number;
+    chunk_overlap?: number;
+    chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
+    dimensions?: number;
+    metric?: 'cosine' | 'l2' | 'ip';
+    chunks_table_name?: string;
+    metadata_fields?: string[];
+    enqueue_chunking_job?: boolean;
+    chunking_task_name?: string;
+}
+/** Generic, MIME-scoped embedding node for file tables. Supports two modes: direct (whole-file to single vector, e.g. CLIP for images) when extraction is omitted, or extract (file to text to chunks to per-chunk vectors) when extraction config is provided. Composes SearchVector + JobTrigger + ProcessChunks (enabled by default in extract mode) internally. Multiple instances can coexist on the same table with different MIME scopes, field names, and embedding strategies. */
+export interface ProcessFileEmbeddingParams {
+    field_name?: string;
+    dimensions?: number;
+    index_method?: 'hnsw' | 'ivfflat';
+    metric?: 'cosine' | 'l2' | 'ip';
+    index_options?: {
+        [key: string]: unknown;
+    };
+    mime_patterns?: string[];
+    task_identifier?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    trigger_conditions?: TriggerCondition | TriggerCondition[];
+    extraction?: {
+        text_field?: string;
+        metadata_field?: string;
+    };
+    include_chunks?: boolean;
+    chunks?: {
+        content_field_name?: string;
+        chunk_size?: number;
+        chunk_overlap?: number;
+        chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
+        metadata_fields?: string[];
+        enqueue_chunking_job?: boolean;
+        chunking_task_name?: string;
+    };
+}
+/** Image-specific preset of ProcessFileEmbedding. Delegates to ProcessFileEmbedding with image-oriented defaults: dimensions=512 (CLIP), mime_patterns=['image/%'], task_identifier='process_image_embedding', direct mode (no extraction). Accepts all ProcessFileEmbedding parameters — any overrides are forwarded through. */
+export interface ProcessImageEmbeddingParams {
+    field_name?: string;
+    dimensions?: number;
+    index_method?: 'hnsw' | 'ivfflat';
+    metric?: 'cosine' | 'l2' | 'ip';
+    index_options?: {
+        [key: string]: unknown;
+    };
+    mime_patterns?: string[];
+    task_identifier?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    trigger_conditions?: TriggerCondition | TriggerCondition[];
+    extraction?: {
+        text_field?: string;
+        metadata_field?: string;
+    };
+    chunks?: {
+        content_field_name?: string;
+        chunk_size?: number;
+        chunk_overlap?: number;
+        chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
+        metadata_fields?: {
+            [key: string]: unknown;
+        };
+        enqueue_chunking_job?: boolean;
+        chunking_task_name?: string;
+    };
+}
+/** Creates extraction output fields and a job trigger for file text extraction. Fires when a file is uploaded (status = 'uploaded') or on INSERT. The external worker extracts text/metadata from the file (PDF, DOCX, HTML, etc.) and writes the result back to the configured output fields. Typically used upstream of ProcessFileEmbedding or ProcessChunks. */
+export interface ProcessExtractionParams {
+    text_field?: string;
+    metadata_field?: string;
+    mime_patterns?: string[];
+    task_identifier?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    trigger_conditions?: TriggerCondition | TriggerCondition[];
+    queue_name?: string;
+    max_attempts?: number;
+    priority?: number;
+}
+/** Creates a job trigger for image variant generation. Fires when an image file is uploaded (status = 'uploaded') or on INSERT. The external worker generates resized, cropped, or reformatted versions (thumbnails, previews, WebP conversions, etc.) and stores them as new file records linked to the source image. */
+export interface ProcessImageVersionsParams {
+    versions: {
+        name: string;
+        width?: number;
+        height?: number;
+        fit?: 'cover' | 'contain' | 'fill' | 'inside' | 'outside';
+        format?: 'jpeg' | 'png' | 'webp' | 'avif';
+        quality?: number;
+    }[];
+    mime_patterns?: string[];
+    task_identifier?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    trigger_conditions?: TriggerCondition | TriggerCondition[];
+    queue_name?: string;
+    max_attempts?: number;
+    priority?: number;
+}
 /** Allows all access. Generates TRUE expression. */
 export type AuthzAllowAllParams = {};
 /** App-level membership check (hardcoded membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. For entity-scoped checks (org, channel, etc.), use AuthzEntityMembership instead. */
@@ -315,6 +459,16 @@ export interface AuthzCompositeParams {
 }
 /** Denies all access. Generates FALSE expression. */
 export type AuthzDenyAllParams = {};
+/** Path-scoped file sharing via ltree containment. Grants access when a path_shares row matches the current user, bucket, and an ancestor path with the required permission. */
+export interface AuthzFilePathParams {
+    shares_schema: string;
+    shares_table: string;
+    files_schema?: string;
+    files_table: string;
+    permission_field: string;
+    bucket_field?: string;
+    path_field?: string;
+}
 /** Direct equality comparison between a table column and the current user ID. Simplest authorization pattern with no subqueries. */
 export interface AuthzDirectOwnerParams {
     entity_field: string;
@@ -536,7 +690,7 @@ export interface BlueprintField {
 /** An RLS policy entry for a blueprint table. Uses $type to match the blueprint JSON convention. */
 export interface BlueprintPolicy {
     /** Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll"). */
-    $type: 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal';
+    $type: 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal';
     /** Privileges this policy applies to (e.g., ["select"], ["insert", "update", "delete"]). */
     privileges?: string[];
     /** Whether this policy is permissive (true) or restrictive (false). Defaults to true. */
@@ -660,6 +814,10 @@ export interface BlueprintStorageConfig {
     default_max_file_size?: number;
     /** CORS allowed origins for the storage module. */
     allowed_origins?: string[];
+    /** Enable deferred upload confirmation via HeadObject. When true, creates SECURITY DEFINER status transition functions (confirm_uploaded, mark_processed) and an AFTER INSERT trigger that enqueues a storage:confirm_upload job. The job verifies the file exists in S3 before transitioning status from requested to uploaded. Defaults to false. */
+    has_confirm_upload?: boolean;
+    /** Delay before the first upload confirmation attempt (PostgreSQL interval string, e.g. "30 seconds"). Only used when has_confirm_upload is true. Defaults to "30 seconds". */
+    confirm_upload_delay?: string;
     /** Per-table overrides for storage tables. Each key targets a specific storage table (files, buckets) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision targeting the corresponding table. When a key includes policies[], those REPLACE the default storage policies for that table; tables without a key still get defaults. */
     provisions?: {
         files?: BlueprintEntityTableProvision;
@@ -714,7 +872,7 @@ export interface BlueprintEntityType {
     storage?: BlueprintStorageConfig;
 }
 /** String shorthand -- just the node type name. */
-export type BlueprintNodeShorthand = 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal' | 'DataCompositeField' | 'DataDirectOwner' | 'DataEntityMembership' | 'DataFeatureFlag' | 'DataForceCurrentUser' | 'DataId' | 'DataImageEmbedding' | 'DataImmutableFields' | 'DataInflection' | 'DataInheritFromParent' | 'DataJobTrigger' | 'DataLimitCounter' | 'DataJsonb' | 'DataOwnedFields' | 'DataOwnershipInEntity' | 'DataPeoplestamps' | 'DataPublishable' | 'DataSlug' | 'DataSoftDelete' | 'DataStatusField' | 'DataTags' | 'DataTimestamps' | 'SearchBm25' | 'SearchFullText' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'SearchTrgm' | 'SearchUnified' | 'SearchVector' | 'TableOrganizationSettings' | 'TableUserProfiles' | 'TableUserSettings';
+export type BlueprintNodeShorthand = 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal' | 'CheckGreaterThan' | 'CheckLessThan' | 'CheckNotEqual' | 'CheckOneOf' | 'LimitAggregate' | 'BillingMeter' | 'DataBulk' | 'ProcessChunks' | 'DataCompositeField' | 'DataDirectOwner' | 'DataEntityMembership' | 'ProcessFileEmbedding' | 'LimitFeatureFlag' | 'DataForceCurrentUser' | 'DataId' | 'ProcessImageEmbedding' | 'DataImmutableFields' | 'DataInflection' | 'DataInheritFromParent' | 'JobTrigger' | 'LimitCounter' | 'DataJsonb' | 'DataOwnedFields' | 'ProcessExtraction' | 'ProcessImageVersions' | 'DataOwnershipInEntity' | 'DataPeoplestamps' | 'DataPublishable' | 'DataRealtime' | 'DataSlug' | 'DataSoftDelete' | 'DataStatusField' | 'DataTags' | 'DataTimestamps' | 'SearchBm25' | 'SearchFullText' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'SearchTrgm' | 'SearchUnified' | 'SearchVector' | 'TableOrganizationSettings' | 'TableUserProfiles' | 'TableUserSettings';
 /** Object form -- { $type, data } with typed parameters. */
 export type BlueprintNodeObject = {
     $type: 'AuthzAllowAll';
@@ -728,6 +886,9 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'AuthzDenyAll';
     data?: Record<string, never>;
+} | {
+    $type: 'AuthzFilePath';
+    data: AuthzFilePathParams;
 } | {
     $type: 'AuthzDirectOwner';
     data: AuthzDirectOwnerParams;
@@ -764,6 +925,30 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'AuthzTemporal';
     data: AuthzTemporalParams;
+} | {
+    $type: 'CheckGreaterThan';
+    data: CheckGreaterThanParams;
+} | {
+    $type: 'CheckLessThan';
+    data: CheckLessThanParams;
+} | {
+    $type: 'CheckNotEqual';
+    data: CheckNotEqualParams;
+} | {
+    $type: 'CheckOneOf';
+    data: CheckOneOfParams;
+} | {
+    $type: 'LimitAggregate';
+    data: LimitAggregateParams;
+} | {
+    $type: 'BillingMeter';
+    data: BillingMeterParams;
+} | {
+    $type: 'DataBulk';
+    data: DataBulkParams;
+} | {
+    $type: 'ProcessChunks';
+    data: ProcessChunksParams;
 } | {
     $type: 'DataCompositeField';
     data: DataCompositeFieldParams;
@@ -774,8 +959,11 @@ export type BlueprintNodeObject = {
     $type: 'DataEntityMembership';
     data: DataEntityMembershipParams;
 } | {
-    $type: 'DataFeatureFlag';
-    data: DataFeatureFlagParams;
+    $type: 'ProcessFileEmbedding';
+    data: ProcessFileEmbeddingParams;
+} | {
+    $type: 'LimitFeatureFlag';
+    data: LimitFeatureFlagParams;
 } | {
     $type: 'DataForceCurrentUser';
     data: DataForceCurrentUserParams;
@@ -783,8 +971,8 @@ export type BlueprintNodeObject = {
     $type: 'DataId';
     data: DataIdParams;
 } | {
-    $type: 'DataImageEmbedding';
-    data: DataImageEmbeddingParams;
+    $type: 'ProcessImageEmbedding';
+    data: ProcessImageEmbeddingParams;
 } | {
     $type: 'DataImmutableFields';
     data: DataImmutableFieldsParams;
@@ -795,17 +983,23 @@ export type BlueprintNodeObject = {
     $type: 'DataInheritFromParent';
     data: DataInheritFromParentParams;
 } | {
-    $type: 'DataJobTrigger';
-    data: DataJobTriggerParams;
+    $type: 'JobTrigger';
+    data: JobTriggerParams;
 } | {
-    $type: 'DataLimitCounter';
-    data: DataLimitCounterParams;
+    $type: 'LimitCounter';
+    data: LimitCounterParams;
 } | {
     $type: 'DataJsonb';
     data: DataJsonbParams;
 } | {
     $type: 'DataOwnedFields';
     data: DataOwnedFieldsParams;
+} | {
+    $type: 'ProcessExtraction';
+    data: ProcessExtractionParams;
+} | {
+    $type: 'ProcessImageVersions';
+    data: ProcessImageVersionsParams;
 } | {
     $type: 'DataOwnershipInEntity';
     data: DataOwnershipInEntityParams;
@@ -815,6 +1009,9 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'DataPublishable';
     data: DataPublishableParams;
+} | {
+    $type: 'DataRealtime';
+    data: DataRealtimeParams;
 } | {
     $type: 'DataSlug';
     data: DataSlugParams;