node-type-registry 0.40.0 → 0.42.0

package/authz/authz-member-owner.d.ts

@@ -0,0 +1,2 @@
+import type { NodeTypeDefinition } from '../types';
+export declare const AuthzMemberOwner: NodeTypeDefinition;

package/authz/authz-member-owner.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthzMemberOwner = void 0;
+exports.AuthzMemberOwner = {
+    name: 'AuthzMemberOwner',
+    slug: 'authz_member_owner',
+    category: 'authz',
+    display_name: 'Member Owner',
+    description: 'Compound policy: the row must be owned by the current user (owner_field = current_user_id) AND the current user must be a member of the entity referenced by entity_field. Combines direct ownership with entity membership — the actor can only access rows they own within entities they belong to.',
+    parameter_schema: {
+        type: 'object',
+        properties: {
+            owner_field: {
+                type: 'string',
+                format: 'column-ref',
+                description: 'Column name containing the owner user ID (e.g., owner_id)',
+                default: 'owner_id'
+            },
+            entity_field: {
+                type: 'string',
+                format: 'column-ref',
+                description: 'Column name referencing the entity (e.g., entity_id)',
+                default: 'entity_id'
+            },
+            sel_field: {
+                type: 'string',
+                description: 'SPRT column to select for the entity match',
+                default: 'entity_id'
+            },
+            membership_type: {
+                type: ['integer', 'string'],
+                description: 'Scope: 1=app, 2=org, 3+=dynamic entity types (or string name resolved via membership_types_module)'
+            },
+            entity_type: {
+                type: 'string',
+                description: "Entity type prefix (e.g. 'channel', 'department'). Resolved to membership_type integer via memberships_module lookup."
+            },
+            permission: {
+                type: 'string',
+                description: 'Single permission name to check (resolved to bitstring mask)'
+            },
+            permissions: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'Multiple permission names to check (ORed together into mask)'
+            }
+        },
+        required: ['owner_field', 'entity_field']
+    },
+    tags: ['ownership', 'membership', 'authz']
+};

package/authz/index.d.ts

@@ -9,6 +9,7 @@ export { AuthzEntityMembership } from './authz-entity-membership';
 export { AuthzMemberList } from './authz-member-list';
 export { AuthzNotReadOnly } from './authz-not-read-only';
 export { AuthzOrgHierarchy } from './authz-org-hierarchy';
+export { AuthzMemberOwner } from './authz-member-owner';
 export { AuthzPeerOwnership } from './authz-peer-ownership';
 export { AuthzPublishable } from './authz-publishable';
 export { AuthzRelatedEntityMembership } from './authz-related-entity-membership';

package/authz/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthzTemporal = exports.AuthzRelatedPeerOwnership = exports.AuthzRelatedMemberList = exports.AuthzRelatedEntityMembership = exports.AuthzPublishable = exports.AuthzPeerOwnership = exports.AuthzOrgHierarchy = exports.AuthzNotReadOnly = exports.AuthzMemberList = exports.AuthzEntityMembership = exports.AuthzDirectOwnerAny = exports.AuthzDirectOwner = exports.AuthzFilePath = exports.AuthzDenyAll = exports.AuthzComposite = exports.AuthzAppMembership = exports.AuthzAllowAll = void 0;
+exports.AuthzTemporal = exports.AuthzRelatedPeerOwnership = exports.AuthzRelatedMemberList = exports.AuthzRelatedEntityMembership = exports.AuthzPublishable = exports.AuthzPeerOwnership = exports.AuthzMemberOwner = exports.AuthzOrgHierarchy = exports.AuthzNotReadOnly = exports.AuthzMemberList = exports.AuthzEntityMembership = exports.AuthzDirectOwnerAny = exports.AuthzDirectOwner = exports.AuthzFilePath = exports.AuthzDenyAll = exports.AuthzComposite = exports.AuthzAppMembership = exports.AuthzAllowAll = void 0;
 var authz_allow_all_1 = require("./authz-allow-all");
 Object.defineProperty(exports, "AuthzAllowAll", { enumerable: true, get: function () { return authz_allow_all_1.AuthzAllowAll; } });
 var authz_app_membership_1 = require("./authz-app-membership");
@@ -23,6 +23,8 @@ var authz_not_read_only_1 = require("./authz-not-read-only");
 Object.defineProperty(exports, "AuthzNotReadOnly", { enumerable: true, get: function () { return authz_not_read_only_1.AuthzNotReadOnly; } });
 var authz_org_hierarchy_1 = require("./authz-org-hierarchy");
 Object.defineProperty(exports, "AuthzOrgHierarchy", { enumerable: true, get: function () { return authz_org_hierarchy_1.AuthzOrgHierarchy; } });
+var authz_member_owner_1 = require("./authz-member-owner");
+Object.defineProperty(exports, "AuthzMemberOwner", { enumerable: true, get: function () { return authz_member_owner_1.AuthzMemberOwner; } });
 var authz_peer_ownership_1 = require("./authz-peer-ownership");
 Object.defineProperty(exports, "AuthzPeerOwnership", { enumerable: true, get: function () { return authz_peer_ownership_1.AuthzPeerOwnership; } });
 var authz_publishable_1 = require("./authz-publishable");

package/blueprint-types.generated.d.ts

@@ -20,13 +20,6 @@ export interface TriggerCondition {
     /** Negated condition. */
     NOT?: TriggerCondition;
 }
-/** Declaratively attaches billing usage-recording triggers to a table. On INSERT the named meter is incremented via record_usage; on DELETE it is decremented (reversal). On UPDATE, if the entity_field changes, the old entity is decremented and the new entity is incremented. Requires a provisioned billing_module for the target database. */
-export interface BillingMeterParams {
-    meter_slug: string;
-    entity_field?: string;
-    quantity?: number;
-    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
-}
 /** Adds a CHECK constraint that validates a column value is greater than a threshold (single-column: column > value) or that one column is greater than another (cross-column: columns[0] > columns[1]). Compiled via AST helpers. */
 export interface CheckGreaterThanParams {
     column?: string;
@@ -106,6 +99,15 @@ export interface DataJsonbParams {
     is_required?: boolean;
     create_index?: boolean;
 }
+/** Adds owner_id and entity_id columns with a compound AuthzMemberOwner policy. The actor must own the row (owner_id = current_user_id()) AND be a member of the entity (entity_id in SPRT). Use for private data within an entity scope — e.g., personal chat threads that belong to the company but only the author can see. */
+export interface DataMemberOwnerParams {
+    owner_field_name?: string;
+    entity_field_name?: string;
+    include_id?: boolean;
+    include_user_fk?: boolean;
+    create_index?: boolean;
+    membership_type?: number;
+}
 /** Restricts which user can modify specific columns in shared objects. Creates an AFTER UPDATE trigger that throws OWNED_PROPS when a non-owner tries to change protected fields. References fields by name in data jsonb. */
 export interface DataOwnedFieldsParams {
     role_key_field_name: string;
@@ -129,8 +131,8 @@ export interface DataPeoplestampsParams {
 }
 /** Adds publish state columns (is_published, published_at) for content visibility. Enables AuthzPublishable and AuthzTemporal authorization. */
 export interface DataPublishableParams {
-    is_published_field?: string;
-    published_at_field?: string;
+    is_published_field_name?: string;
+    published_at_field_name?: string;
     include_id?: boolean;
 }
 /** Creates per-table subscriber tables in subscriptions_public with RLS policies derived from source table SELECT policies. Attaches statement-level triggers to emit changes to subscribers. */
@@ -175,24 +177,82 @@ export type TableOrganizationSettingsParams = {};
 export type TableUserProfilesParams = {};
 /** Creates a user settings table for user-specific configuration. Uses AuthzDirectOwner for access control. */
 export type TableUserSettingsParams = {};
+/** Creates triggers that record events for the referrer (inviter) when their invitees perform actions on a watched table. Resolves the referrer automatically via the invites module's claimed_invites table using the membership_type context. Supports the same compound condition system as EventTracker. Use with achievements to unlock levels and grant credits based on invitee activity. */
+export interface EventReferralParams {
+    event_name: string;
+    events?: ('INSERT' | 'UPDATE' | 'DELETE')[];
+    actor_field?: string;
+    entity_field?: string;
+    max_depth?: number;
+    auto_register_type?: boolean;
+    condition_field?: string;
+    condition_value?: string;
+    conditions?: TriggerCondition | TriggerCondition[];
+    watch_fields?: string[];
+}
+/** Creates triggers that record events via the events module when table rows change. Supports the same compound condition system as JobTrigger (condition_field, watch_fields, or full AND/OR/NOT conditions). Events are recorded to app_events and aggregated automatically. Use with achievements (blueprint-level) to unlock levels and grant credits based on event accumulation. */
+export interface EventTrackerParams {
+    event_name: string;
+    events?: ('INSERT' | 'UPDATE' | 'DELETE')[];
+    count?: number;
+    toggle?: boolean;
+    actor_field?: string;
+    entity_field?: string;
+    auto_register_type?: boolean;
+    condition_field?: string;
+    condition_value?: string;
+    conditions?: TriggerCondition | TriggerCondition[];
+    watch_fields?: string[];
+}
 /** Declaratively attaches aggregate limit-tracking triggers to a table. On INSERT the named limit is incremented per entity; on DELETE it is decremented. Uses org_limit_aggregates_inc/dec for per-entity (org-level) aggregate limits rather than per-user limits. Requires a provisioned limits_module for the target database. */
-export interface LimitAggregateParams {
+export interface LimitEnforceAggregateParams {
     limit_name: string;
     entity_field?: string;
     events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
 }
+/** Declaratively attaches limit-tracking triggers to a table. On INSERT the named limit is incremented; on DELETE it is decremented. Requires a provisioned limits_module for the target scope. */
+export interface LimitEnforceCounterParams {
+    limit_name: string;
+    scope?: 'app' | 'org';
+    actor_field?: string;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
 /** Gates a table behind a feature flag backed by the cap tables. Attaches a BEFORE INSERT trigger that checks whether the named feature cap value is > 0. Features are modeled as caps with max=0 (disabled) or max=1 (enabled) in limit_caps / limit_caps_defaults tables. Resolution: COALESCE(per-entity cap, scope default, 0). */
-export interface LimitFeatureFlagParams {
+export interface LimitEnforceFeatureParams {
     feature_name: string;
     scope?: 'app' | 'org';
     entity_field?: string;
 }
-/** Declaratively attaches limit-tracking triggers to a table. On INSERT the named limit is incremented; on DELETE it is decremented. Requires a provisioned limits_module for the target scope. */
-export interface LimitCounterParams {
+/** Attaches a BEFORE trigger that calls check_rate_limit() to enforce sliding-window rate limits before allowing mutations. The function checks all three scopes (entity, actor-in-entity, actor) in a single call; which scopes are actually enforced is controlled by what rows exist in rate_window_limits (plan-based config). Requires a provisioned meter_rate_limits_module and billing_module for the target database. */
+export interface LimitEnforceRateParams {
+    meter_slug: string;
+    entity_field?: string;
+    actor_field?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+}
+/** Declaratively attaches billing usage-recording triggers to a table. On INSERT the named meter is incremented via record_usage; on DELETE it is decremented (reversal). On UPDATE, if the entity_field changes, the old entity is decremented and the new entity is incremented. Requires a provisioned billing_module for the target database. */
+export interface LimitTrackUsageParams {
+    meter_slug: string;
+    entity_field?: string;
+    quantity?: number;
+    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
+/** Attaches an AFTER INSERT trigger that checks if the entity's aggregate usage has crossed any warning threshold configured in the limit_warnings table. If a threshold is reached for the first time, enqueues a background job (e.g. email notification). Uses limit_warning_state for one-time dedup per warning/actor/entity triple. Requires a provisioned limits_module with limit_warnings and aggregate limits enabled. */
+export interface LimitWarningAggregateParams {
+    limit_name: string;
+    entity_field?: string;
+}
+/** Attaches an AFTER INSERT trigger that checks if the actor's current usage has crossed any warning threshold configured in the limit_warnings table. If a threshold is reached for the first time, enqueues a background job (e.g. email notification). Uses limit_warning_state for one-time dedup per warning/actor pair. Requires a provisioned limits_module with limit_warnings enabled. */
+export interface LimitWarningCounterParams {
     limit_name: string;
     scope?: 'app' | 'org';
     actor_field?: string;
-    events?: ('INSERT' | 'DELETE' | 'UPDATE')[];
+}
+/** Attaches an AFTER INSERT trigger that checks if the actor's current request count in the active sliding window has crossed any warning threshold configured in the limit_warnings table. If a threshold is reached for the first time, enqueues a background job (e.g. email notification). Uses limit_warning_state for one-time dedup per warning/actor pair. Requires both a limits_module with limit_warnings enabled and a rate_limit_meters_module. */
+export interface LimitWarningRateParams {
+    meter_slug: string;
+    entity_field?: string;
+    actor_field?: string;
 }
 /** Creates a BM25 index on an existing text column using pg_textsearch. Enables statistical relevance ranking with configurable k1 and b parameters. The BM25 index is auto-detected by graphile-search. */
 export interface SearchBm25Params {
@@ -262,6 +322,8 @@ export interface SearchUnifiedParams {
         index_method?: 'hnsw' | 'ivfflat';
         metric?: 'cosine' | 'l2' | 'ip';
         source_fields?: string[];
+        embedding_model?: string;
+        embedding_provider?: string;
         search_score_weight?: number;
         chunks?: {
             content_field_name?: string;
@@ -298,6 +360,8 @@ export interface SearchVectorParams {
         [key: string]: unknown;
     };
     source_fields?: string[];
+    embedding_model?: string;
+    embedding_provider?: string;
     enqueue_job?: boolean;
     job_task_name?: string;
     chunks?: {
@@ -327,6 +391,12 @@ export interface JobTriggerParams {
     condition_value?: string;
     conditions?: TriggerCondition | TriggerCondition[];
     watch_fields?: string[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
     job_key?: string;
     queue_name?: string;
     priority?: number;
@@ -341,11 +411,43 @@ export interface ProcessChunksParams {
     chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
     dimensions?: number;
     metric?: 'cosine' | 'l2' | 'ip';
+    embedding_model?: string;
+    embedding_provider?: string;
     chunks_table_name?: string;
     metadata_fields?: string[];
+    search_indexes?: ('fulltext' | 'bm25' | 'trigram')[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
     enqueue_chunking_job?: boolean;
     chunking_task_name?: string;
 }
+/** Creates extraction output fields and a job trigger for file text extraction. Fires when a file is uploaded (status = 'uploaded') or on INSERT. The external worker extracts text/metadata from the file (PDF, DOCX, HTML, etc.) and writes the result back to the configured output fields. Typically used upstream of ProcessFileEmbedding or ProcessChunks. */
+export interface ProcessExtractionParams {
+    text_field?: string;
+    metadata_field?: string;
+    extraction_model?: string;
+    extraction_provider?: string;
+    mime_patterns?: string[];
+    task_identifier?: string;
+    events?: ('INSERT' | 'UPDATE')[];
+    payload_custom?: {
+        [key: string]: unknown;
+    };
+    trigger_conditions?: TriggerCondition | TriggerCondition[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
+    queue_name?: string;
+    max_attempts?: number;
+    priority?: number;
+}
 /** Generic, MIME-scoped embedding node for file tables. Supports two modes: direct (whole-file to single vector, e.g. CLIP for images) when extraction is omitted, or extract (file to text to chunks to per-chunk vectors) when extraction config is provided. Composes SearchVector + JobTrigger + ProcessChunks (enabled by default in extract mode) internally. Multiple instances can coexist on the same table with different MIME scopes, field names, and embedding strategies. */
 export interface ProcessFileEmbeddingParams {
     field_name?: string;
@@ -355,6 +457,8 @@ export interface ProcessFileEmbeddingParams {
     index_options?: {
         [key: string]: unknown;
     };
+    embedding_model?: string;
+    embedding_provider?: string;
     mime_patterns?: string[];
     task_identifier?: string;
     events?: ('INSERT' | 'UPDATE')[];
@@ -362,6 +466,12 @@ export interface ProcessFileEmbeddingParams {
         [key: string]: unknown;
     };
     trigger_conditions?: TriggerCondition | TriggerCondition[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
     extraction?: {
         text_field?: string;
         metadata_field?: string;
@@ -373,6 +483,7 @@ export interface ProcessFileEmbeddingParams {
         chunk_overlap?: number;
         chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
         metadata_fields?: string[];
+        search_indexes?: ('fulltext' | 'bm25' | 'trigram')[];
         enqueue_chunking_job?: boolean;
         chunking_task_name?: string;
     };
@@ -386,6 +497,8 @@ export interface ProcessImageEmbeddingParams {
     index_options?: {
         [key: string]: unknown;
     };
+    embedding_model?: string;
+    embedding_provider?: string;
     mime_patterns?: string[];
     task_identifier?: string;
     events?: ('INSERT' | 'UPDATE')[];
@@ -393,6 +506,12 @@ export interface ProcessImageEmbeddingParams {
         [key: string]: unknown;
     };
     trigger_conditions?: TriggerCondition | TriggerCondition[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
     extraction?: {
         text_field?: string;
         metadata_field?: string;
@@ -409,21 +528,6 @@ export interface ProcessImageEmbeddingParams {
         chunking_task_name?: string;
     };
 }
-/** Creates extraction output fields and a job trigger for file text extraction. Fires when a file is uploaded (status = 'uploaded') or on INSERT. The external worker extracts text/metadata from the file (PDF, DOCX, HTML, etc.) and writes the result back to the configured output fields. Typically used upstream of ProcessFileEmbedding or ProcessChunks. */
-export interface ProcessExtractionParams {
-    text_field?: string;
-    metadata_field?: string;
-    mime_patterns?: string[];
-    task_identifier?: string;
-    events?: ('INSERT' | 'UPDATE')[];
-    payload_custom?: {
-        [key: string]: unknown;
-    };
-    trigger_conditions?: TriggerCondition | TriggerCondition[];
-    queue_name?: string;
-    max_attempts?: number;
-    priority?: number;
-}
 /** Creates a job trigger for image variant generation. Fires when an image file is uploaded (status = 'uploaded') or on INSERT. The external worker generates resized, cropped, or reformatted versions (thumbnails, previews, WebP conversions, etc.) and stores them as new file records linked to the source image. */
 export interface ProcessImageVersionsParams {
     versions: {
@@ -441,6 +545,12 @@ export interface ProcessImageVersionsParams {
         [key: string]: unknown;
     };
     trigger_conditions?: TriggerCondition | TriggerCondition[];
+    entity_field?: string;
+    entity_lookup?: {
+        obj_table: string;
+        obj_schema?: string;
+        obj_field: string;
+    };
     queue_name?: string;
     max_attempts?: number;
     priority?: number;
@@ -510,6 +620,16 @@ export interface AuthzOrgHierarchyParams {
     anchor_field: string;
     max_depth?: number;
 }
+/** Compound policy: the row must be owned by the current user (owner_field = current_user_id) AND the current user must be a member of the entity referenced by entity_field. Combines direct ownership with entity membership — the actor can only access rows they own within entities they belong to. */
+export interface AuthzMemberOwnerParams {
+    owner_field: string;
+    entity_field: string;
+    sel_field?: string;
+    membership_type?: number | string;
+    entity_type?: string;
+    permission?: string;
+    permissions?: string[];
+}
 /** Peer visibility through shared entity membership. Authorizes access to user-owned rows when the owner and current user are both members of the same entity. Self-joins the SPRT table to find peers. */
 export interface AuthzPeerOwnershipParams {
     owner_field: string;
@@ -696,7 +816,7 @@ export interface BlueprintField {
 /** An RLS policy entry for a blueprint table. Uses $type to match the blueprint JSON convention. */
 export interface BlueprintPolicy {
     /** Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll"). */
-    $type: 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal';
+    $type: 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzMemberOwner' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal';
     /** Privileges this policy applies to (e.g., ["select"], ["insert", "update", "delete"]). */
     privileges?: string[];
     /** Whether this policy is permissive (true) or restrictive (false). Defaults to true. */
@@ -793,7 +913,7 @@ export interface BlueprintTableUniqueConstraint {
     /** Optional schema name override. */
     schema_name?: string;
 }
-/** A bucket seed entry for storage_config.buckets[]. Creates an initial bucket row in the {prefix}_buckets table during entity type provisioning. Only used for app-level storage (not entity-scoped). */
+/** A bucket seed entry for storage.buckets[]. Creates an initial bucket row in the {prefix}_buckets table during entity type provisioning. Only used for app-level storage (not entity-scoped). */
 export interface BlueprintBucketSeed {
     /** Bucket key name (e.g., "avatars", "documents"). Becomes the key column value. */
     name: string;
@@ -869,6 +989,74 @@ export interface BlueprintAchievement {
     /** Entity prefix to scope this achievement to (e.g., "org", "app"). Used to resolve the correct events_module. Defaults to "app". */
     entity_prefix?: string;
 }
+/** Namespace module configuration. When used at the top level of a blueprint, the scope field controls whether namespaces are app-level ("app", default) or org-level ("org"). When used inside entity_types[], scope is inherited from the entity type. Provisions a namespaces table with computed-name proxy, rename trigger, and entity-scoped RLS. */
+export interface BlueprintNamespaceConfig {
+    /** Namespace scope. "app" (default) creates app-level namespaces (membership_type = NULL). "org" creates per-org namespaces. Only used at the top level of a blueprint definition — entity-scoped namespaces inherit scope from the entity type. */
+    scope?: 'app' | 'org';
+    /** Module discriminator for multi-module namespaces. Defaults to "default" (omitted from table names). Non-default keys appear as an infix: {prefix}_{key}_namespaces. */
+    key?: string;
+    /** RLS policy overrides for the namespaces table. NULL = apply defaults from apply_namespace_security(). */
+    policies?: BlueprintPolicy[];
+    /** Per-table overrides for namespace tables. Each key targets a specific table (namespaces, namespace_events) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision. */
+    provisions?: {
+        namespaces?: BlueprintEntityTableProvision;
+        namespace_events?: BlueprintEntityTableProvision;
+    };
+}
+/** Function module configuration. When used at the top level of a blueprint, the scope field controls whether functions are app-level ("app", default) or org-level ("org"). When used inside entity_types[], scope is inherited from the entity type. Provisions function_definitions, function_invocations (partitioned, 12-month retention), and function_execution_logs tables. */
+export interface BlueprintFunctionConfig {
+    /** Function scope. "app" (default) creates app-level functions (membership_type = NULL). "org" creates per-org functions. Only used at the top level of a blueprint definition — entity-scoped functions inherit scope from the entity type. */
+    scope?: 'app' | 'org';
+    /** Module discriminator for multi-module functions. Defaults to "default" (omitted from table names). Non-default keys appear as an infix: {prefix}_{key}_function_definitions. */
+    key?: string;
+    /** RLS policy overrides for the function tables. NULL = apply defaults from apply_function_security(). */
+    policies?: BlueprintPolicy[];
+    /** Per-table overrides for function tables. Each key targets a specific table (definitions, invocations, execution_logs) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision. */
+    provisions?: {
+        definitions?: BlueprintEntityTableProvision;
+        invocations?: BlueprintEntityTableProvision;
+        execution_logs?: BlueprintEntityTableProvision;
+    };
+}
+/** Agent module configuration. When used at the top level of a blueprint, the scope field controls whether agents are app-level ("app", default) or org-level ("org"). When used inside entity_types[], scope is inherited from the entity type. Provisions thread, message, task, prompt tables (and optionally knowledge with vector embeddings). */
+export interface BlueprintAgentConfig {
+    /** Agent scope. "app" (default) creates app-level agent tables (membership_type = NULL). "org" creates per-org agent tables. Only used at the top level of a blueprint definition — entity-scoped agents inherit scope from the entity type. */
+    scope?: 'app' | 'org';
+    /** Module discriminator for multi-module agents. Defaults to "default" (omitted from table names). Non-default keys appear as an infix: {prefix}_{key}_agent_thread. */
+    key?: string;
+    /** API name for the agent module. Used in GraphQL naming. Defaults to "agent". */
+    api_name?: string;
+    /** Whether to provision the agent_knowledge table with vector embeddings, tags, and trigger_phrases. Also inferred when a "knowledge" key is present. Defaults to false. */
+    has_knowledge?: boolean;
+    /** Knowledge configuration overrides. Set has_chunks to false to disable the chunking pipeline. Controls vector dimensions, chunking strategy, embedding model/provider, and text search indexes for the agent_knowledge table. Presence implies has_knowledge = true. */
+    knowledge?: {
+        has_chunks?: boolean;
+        dimensions?: number;
+        chunk_size?: number;
+        chunk_overlap?: number;
+        chunk_strategy?: 'fixed' | 'sentence' | 'paragraph' | 'semantic';
+        embedding_model?: string;
+        embedding_provider?: string;
+        search_indexes?: ('fulltext' | 'bm25' | 'trigram')[];
+    };
+    /** RLS policy overrides for the agent tables. NULL = apply defaults from apply_agent_security(). */
+    policies?: BlueprintPolicy[];
+    /** Per-table overrides for agent tables. Each key targets a specific table (thread, message, task, prompt, knowledge) and uses the same shape as table_provision: { nodes, fields, grants, use_rls, policies }. Fanned out to secure_table_provision. */
+    provisions?: {
+        thread?: BlueprintEntityTableProvision;
+        message?: BlueprintEntityTableProvision;
+        task?: BlueprintEntityTableProvision;
+        prompt?: BlueprintEntityTableProvision;
+        knowledge?: BlueprintEntityTableProvision;
+    };
+}
+/** Graph module configuration. Presence triggers permission registration (manage_graphs, execute_graphs). The graph module requires a merkle_store_module_id dependency, so entity_type_provision only registers permissions here — the graph module itself must be provisioned separately. */
+export interface BlueprintGraphConfig {
+    /** Module discriminator for multi-module graphs. Defaults to "default". */
+    key?: string;
+    /** RLS policy overrides for the graph tables. NULL = apply defaults from apply_graph_security(). */
+    policies?: BlueprintPolicy[];
+}
 /** Override object for the entity table created by a BlueprintEntityType. Shape mirrors BlueprintTable / secure_table_provision vocabulary. When supplied, policies[] replaces the default entity-table policies entirely. */
 export interface BlueprintEntityTableProvision {
     /** Whether to enable RLS on the entity table. Forwarded to secure_table_provision. Defaults to true. */
@@ -913,11 +1101,19 @@ export interface BlueprintEntityType {
     skip_entity_policies?: boolean;
     /** Override for the entity table. Shape mirrors BlueprintTable / secure_table_provision vocabulary. When supplied, its policies[] replaces the five default entity-table policies; is_visible becomes a no-op. When NULL (default), the five default policies are applied (gated by is_visible). */
     table_provision?: BlueprintEntityTableProvision;
-    /** Storage configuration (array-only). A non-empty array enables storage provisioning. Each entry creates a separate storage module with its own tables ({prefix}_{storage_key}_buckets/files). Controls RLS policies, bucket seeding, and module-level settings. */
+    /** Storage module configuration array. Presence triggers provisioning (same inference model as namespaces, functions, agents). Each entry provisions a separate storage module with its own tables, RLS, and settings. Each entry may specify a storage_key for multi-module support (defaults to "default"). */
     storage?: BlueprintStorageConfig[];
+    /** Namespace module configuration array. Presence triggers provisioning. Each entry provisions a namespace_module with its own tables, computed-name proxy, and entity-scoped RLS. Registers manage_namespaces permission bit. "[{}]" = provision one default namespace module. */
+    namespaces?: BlueprintNamespaceConfig[];
+    /** Function module configuration array. Presence triggers provisioning. Each entry provisions function_definitions, function_invocations (partitioned), and function_execution_logs tables. Registers manage_functions + invoke_functions permission bits. "[{}]" = provision one default function module. */
+    functions?: BlueprintFunctionConfig[];
+    /** Agent module configuration array. Presence triggers provisioning. Each entry provisions thread, message, task, prompt tables (and optionally knowledge with vector embeddings). "[{}]" = provision one default agent module. */
+    agents?: BlueprintAgentConfig[];
+    /** Graph module configuration array. Presence triggers permission registration (manage_graphs, execute_graphs). Graph module requires a merkle_store_module_id dependency, so entity_type_provision only registers permissions here. "[{}]" = register default graph permissions. */
+    graphs?: BlueprintGraphConfig[];
 }
 /** String shorthand -- just the node type name. */
-export type BlueprintNodeShorthand = 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal' | 'CheckGreaterThan' | 'CheckLessThan' | 'CheckNotEqual' | 'CheckOneOf' | 'LimitAggregate' | 'BillingMeter' | 'DataBulk' | 'ProcessChunks' | 'DataCompositeField' | 'DataDirectOwner' | 'DataEntityMembership' | 'ProcessFileEmbedding' | 'LimitFeatureFlag' | 'DataForceCurrentUser' | 'DataId' | 'ProcessImageEmbedding' | 'DataImmutableFields' | 'DataInflection' | 'DataInheritFromParent' | 'JobTrigger' | 'LimitCounter' | 'DataJsonb' | 'DataOwnedFields' | 'ProcessExtraction' | 'ProcessImageVersions' | 'DataOwnershipInEntity' | 'DataPeoplestamps' | 'DataPublishable' | 'DataRealtime' | 'DataSlug' | 'DataSoftDelete' | 'DataStatusField' | 'DataTags' | 'DataTimestamps' | 'SearchBm25' | 'SearchFullText' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'SearchTrgm' | 'SearchUnified' | 'SearchVector' | 'TableOrganizationSettings' | 'TableUserProfiles' | 'TableUserSettings';
+export type BlueprintNodeShorthand = 'AuthzAllowAll' | 'AuthzAppMembership' | 'AuthzComposite' | 'AuthzDenyAll' | 'AuthzFilePath' | 'AuthzDirectOwner' | 'AuthzDirectOwnerAny' | 'AuthzEntityMembership' | 'AuthzMemberList' | 'AuthzNotReadOnly' | 'AuthzOrgHierarchy' | 'AuthzMemberOwner' | 'AuthzPeerOwnership' | 'AuthzPublishable' | 'AuthzRelatedEntityMembership' | 'AuthzRelatedMemberList' | 'AuthzRelatedPeerOwnership' | 'AuthzTemporal' | 'CheckGreaterThan' | 'CheckLessThan' | 'CheckNotEqual' | 'CheckOneOf' | 'DataBulk' | 'DataCompositeField' | 'DataDirectOwner' | 'DataEntityMembership' | 'DataForceCurrentUser' | 'DataId' | 'DataImmutableFields' | 'DataInflection' | 'DataInheritFromParent' | 'DataJsonb' | 'DataMemberOwner' | 'DataOwnedFields' | 'DataOwnershipInEntity' | 'DataPeoplestamps' | 'DataPublishable' | 'DataRealtime' | 'DataSlug' | 'DataSoftDelete' | 'DataStatusField' | 'DataTags' | 'DataTimestamps' | 'SearchBm25' | 'SearchFullText' | 'SearchSpatial' | 'SearchSpatialAggregate' | 'SearchTrgm' | 'SearchUnified' | 'SearchVector' | 'TableOrganizationSettings' | 'TableUserProfiles' | 'TableUserSettings' | 'EventReferral' | 'EventTracker' | 'JobTrigger' | 'LimitEnforceAggregate' | 'LimitEnforceCounter' | 'LimitEnforceFeature' | 'LimitEnforceRate' | 'LimitTrackUsage' | 'LimitWarningAggregate' | 'LimitWarningCounter' | 'LimitWarningRate' | 'ProcessChunks' | 'ProcessExtraction' | 'ProcessFileEmbedding' | 'ProcessImageEmbedding' | 'ProcessImageVersions';
 /** Object form -- { $type, data } with typed parameters. */
 export type BlueprintNodeObject = {
     $type: 'AuthzAllowAll';
@@ -952,6 +1148,9 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'AuthzOrgHierarchy';
     data: AuthzOrgHierarchyParams;
+} | {
+    $type: 'AuthzMemberOwner';
+    data: AuthzMemberOwnerParams;
 } | {
     $type: 'AuthzPeerOwnership';
     data: AuthzPeerOwnershipParams;
@@ -982,18 +1181,9 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'CheckOneOf';
     data: CheckOneOfParams;
-} | {
-    $type: 'LimitAggregate';
-    data: LimitAggregateParams;
-} | {
-    $type: 'BillingMeter';
-    data: BillingMeterParams;
 } | {
     $type: 'DataBulk';
     data: DataBulkParams;
-} | {
-    $type: 'ProcessChunks';
-    data: ProcessChunksParams;
 } | {
     $type: 'DataCompositeField';
     data: DataCompositeFieldParams;
@@ -1003,21 +1193,12 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'DataEntityMembership';
     data: DataEntityMembershipParams;
-} | {
-    $type: 'ProcessFileEmbedding';
-    data: ProcessFileEmbeddingParams;
-} | {
-    $type: 'LimitFeatureFlag';
-    data: LimitFeatureFlagParams;
 } | {
     $type: 'DataForceCurrentUser';
     data: DataForceCurrentUserParams;
 } | {
     $type: 'DataId';
     data: DataIdParams;
-} | {
-    $type: 'ProcessImageEmbedding';
-    data: ProcessImageEmbeddingParams;
 } | {
     $type: 'DataImmutableFields';
     data: DataImmutableFieldsParams;
@@ -1027,24 +1208,15 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'DataInheritFromParent';
     data: DataInheritFromParentParams;
-} | {
-    $type: 'JobTrigger';
-    data: JobTriggerParams;
-} | {
-    $type: 'LimitCounter';
-    data: LimitCounterParams;
 } | {
     $type: 'DataJsonb';
     data: DataJsonbParams;
+} | {
+    $type: 'DataMemberOwner';
+    data: DataMemberOwnerParams;
 } | {
     $type: 'DataOwnedFields';
     data: DataOwnedFieldsParams;
-} | {
-    $type: 'ProcessExtraction';
-    data: ProcessExtractionParams;
-} | {
-    $type: 'ProcessImageVersions';
-    data: ProcessImageVersionsParams;
 } | {
     $type: 'DataOwnershipInEntity';
     data: DataOwnershipInEntityParams;
@@ -1102,6 +1274,54 @@ export type BlueprintNodeObject = {
 } | {
     $type: 'TableUserSettings';
     data?: Record<string, never>;
+} | {
+    $type: 'EventReferral';
+    data: EventReferralParams;
+} | {
+    $type: 'EventTracker';
+    data: EventTrackerParams;
+} | {
+    $type: 'JobTrigger';
+    data: JobTriggerParams;
+} | {
+    $type: 'LimitEnforceAggregate';
+    data: LimitEnforceAggregateParams;
+} | {
+    $type: 'LimitEnforceCounter';
+    data: LimitEnforceCounterParams;
+} | {
+    $type: 'LimitEnforceFeature';
+    data: LimitEnforceFeatureParams;
+} | {
+    $type: 'LimitEnforceRate';
+    data: LimitEnforceRateParams;
+} | {
+    $type: 'LimitTrackUsage';
+    data: LimitTrackUsageParams;
+} | {
+    $type: 'LimitWarningAggregate';
+    data: LimitWarningAggregateParams;
+} | {
+    $type: 'LimitWarningCounter';
+    data: LimitWarningCounterParams;
+} | {
+    $type: 'LimitWarningRate';
+    data: LimitWarningRateParams;
+} | {
+    $type: 'ProcessChunks';
+    data: ProcessChunksParams;
+} | {
+    $type: 'ProcessExtraction';
+    data: ProcessExtractionParams;
+} | {
+    $type: 'ProcessFileEmbedding';
+    data: ProcessFileEmbeddingParams;
+} | {
+    $type: 'ProcessImageEmbedding';
+    data: ProcessImageEmbeddingParams;
+} | {
+    $type: 'ProcessImageVersions';
+    data: ProcessImageVersionsParams;
 };
 /** A node entry in a blueprint table. Either a string shorthand or a typed object. */
 export type BlueprintNode = BlueprintNodeShorthand | BlueprintNodeObject;
@@ -1183,4 +1403,10 @@ export interface BlueprintDefinition {
     storage?: BlueprintStorageConfig[];
     /** Achievement definitions. Each entry creates a level with requirements and optional rewards in the events_module. Requires events_module to be provisioned (e.g., via entity_types[].has_levels = true or modules includes events_module). */
     achievements?: BlueprintAchievement[];
+    /** Top-level namespace configuration array (Phase 0.6). Each entry has an optional scope ("app" or "org"). App-scoped (default) creates namespace_module with membership_type = NULL. Org-scoped creates per-org namespaces. For entity-scoped namespaces, use entity_types[].namespaces instead. */
+    namespaces?: BlueprintNamespaceConfig[];
+    /** Top-level function configuration array (Phase 0.6). Each entry has an optional scope ("app" or "org"). App-scoped (default) creates function_module with membership_type = NULL. Org-scoped creates per-org functions. For entity-scoped functions, use entity_types[].functions instead. */
+    functions?: BlueprintFunctionConfig[];
+    /** Top-level agent configuration array (Phase 0.6). Each entry has an optional scope ("app" or "org"). App-scoped (default) creates agent_module with membership_type = NULL. Org-scoped creates per-org agents. For entity-scoped agents, use entity_types[].agents instead. */
+    agents?: BlueprintAgentConfig[];
 }