node-type-registry 0.43.1 → 0.46.0

package/README.md

@@ -131,6 +131,10 @@ Common issues and solutions for pgpm, PostgreSQL, and testing.
 * [@pgsql/types](https://www.npmjs.com/package/@pgsql/types): **📝 Type definitions** for PostgreSQL AST nodes in TypeScript.
 * [@pgsql/utils](https://www.npmjs.com/package/@pgsql/utils): **🛠️ AST utilities** for constructing and transforming PostgreSQL syntax trees.
 
+### 📚 Documentation & Skills
+
+* [constructive-skills](https://github.com/constructive-io/constructive-skills): **📖 Platform documentation and AI agent skills** — feature catalog, blueprint reference, SDK guides (i18n, billing, limits, events, uploads, security, entities, search, AI), and deployment guides.
+
 ## Credits
 
 **🛠 Built by the [Constructive](https://constructive.io) team — creators of modular Postgres tooling for secure, composable backends. If you like our work, contribute on [GitHub](https://github.com/constructive-io).**

package/data/data-i18n.d.ts

@@ -0,0 +1,2 @@
+import type { NodeTypeDefinition } from '../types';
+export declare const DataI18n: NodeTypeDefinition;

package/data/data-i18n.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataI18n = void 0;
+exports.DataI18n = {
+    name: 'DataI18n',
+    slug: 'data_i18n',
+    category: 'data',
+    display_name: 'Internationalization',
+    description: 'Creates a companion _translations table with lang_code + translatable ' +
+        'fields. Copies SELECT policies and column-ref fields from the base ' +
+        'table. Adds @i18n smart comment so the Graphile i18n plugin discovers ' +
+        'it. Requires i18n_module to be provisioned for the database.',
+    parameter_schema: {
+        type: 'object',
+        properties: {
+            fields: {
+                type: 'array',
+                items: {
+                    type: 'string',
+                    format: 'column-ref'
+                },
+                description: 'Field names on the base table to make translatable. Each field ' +
+                    'is duplicated on the translation table with the same type.'
+            },
+            table_suffix: {
+                type: 'string',
+                description: 'Suffix for the translation table name',
+                default: '_translations'
+            },
+            lang_code_type: {
+                type: 'string',
+                enum: ['citext', 'text'],
+                description: 'Type for the lang_code column',
+                default: 'citext'
+            },
+            copy_mutation_policies: {
+                type: 'boolean',
+                description: 'Whether to also copy INSERT/UPDATE/DELETE policies (not just ' +
+                    'SELECT). Default true — translations should be editable by the ' +
+                    'same users who can edit the base row.',
+                default: true
+            }
+        },
+        required: ['fields']
+    },
+    tags: ['i18n', 'translation', 'schema']
+};

package/data/index.d.ts

@@ -7,6 +7,7 @@ export { DataCompositeField } from './data-composite-field';
 export { DataDirectOwner } from './data-direct-owner';
 export { DataEntityMembership } from './data-entity-membership';
 export { DataForceCurrentUser } from './data-force-current-user';
+export { DataI18n } from './data-i18n';
 export { DataId } from './data-id';
 export { DataImmutableFields } from './data-immutable-fields';
 export { DataInflection } from './data-inflection';

package/data/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TableUserSettings = exports.TableUserProfiles = exports.TableOrganizationSettings = exports.SearchVector = exports.SearchUnified = exports.SearchTrgm = exports.SearchSpatialAggregate = exports.SearchSpatial = exports.SearchFullText = exports.SearchBm25 = exports.DataTimestamps = exports.DataTags = exports.DataStatusField = exports.DataSoftDelete = exports.DataSlug = exports.DataRealtime = exports.DataPublishable = exports.DataPeoplestamps = exports.DataOwnershipInEntity = exports.DataOwnedFields = exports.DataMemberOwner = exports.DataJsonb = exports.DataInheritFromParent = exports.DataInflection = exports.DataImmutableFields = exports.DataId = exports.DataForceCurrentUser = exports.DataEntityMembership = exports.DataDirectOwner = exports.DataCompositeField = exports.DataBulk = exports.CheckOneOf = exports.CheckNotEqual = exports.CheckLessThan = exports.CheckGreaterThan = void 0;
+exports.TableUserSettings = exports.TableUserProfiles = exports.TableOrganizationSettings = exports.SearchVector = exports.SearchUnified = exports.SearchTrgm = exports.SearchSpatialAggregate = exports.SearchSpatial = exports.SearchFullText = exports.SearchBm25 = exports.DataTimestamps = exports.DataTags = exports.DataStatusField = exports.DataSoftDelete = exports.DataSlug = exports.DataRealtime = exports.DataPublishable = exports.DataPeoplestamps = exports.DataOwnershipInEntity = exports.DataOwnedFields = exports.DataMemberOwner = exports.DataJsonb = exports.DataInheritFromParent = exports.DataInflection = exports.DataImmutableFields = exports.DataId = exports.DataI18n = exports.DataForceCurrentUser = exports.DataEntityMembership = exports.DataDirectOwner = exports.DataCompositeField = exports.DataBulk = exports.CheckOneOf = exports.CheckNotEqual = exports.CheckLessThan = exports.CheckGreaterThan = void 0;
 var check_greater_than_1 = require("./check-greater-than");
 Object.defineProperty(exports, "CheckGreaterThan", { enumerable: true, get: function () { return check_greater_than_1.CheckGreaterThan; } });
 var check_less_than_1 = require("./check-less-than");
@@ -19,6 +19,8 @@ var data_entity_membership_1 = require("./data-entity-membership");
 Object.defineProperty(exports, "DataEntityMembership", { enumerable: true, get: function () { return data_entity_membership_1.DataEntityMembership; } });
 var data_force_current_user_1 = require("./data-force-current-user");
 Object.defineProperty(exports, "DataForceCurrentUser", { enumerable: true, get: function () { return data_force_current_user_1.DataForceCurrentUser; } });
+var data_i18n_1 = require("./data-i18n");
+Object.defineProperty(exports, "DataI18n", { enumerable: true, get: function () { return data_i18n_1.DataI18n; } });
 var data_id_1 = require("./data-id");
 Object.defineProperty(exports, "DataId", { enumerable: true, get: function () { return data_id_1.DataId; } });
 var data_immutable_fields_1 = require("./data-immutable-fields");

package/esm/data/data-i18n.d.ts

@@ -0,0 +1,2 @@
+import type { NodeTypeDefinition } from '../types';
+export declare const DataI18n: NodeTypeDefinition;

package/esm/data/data-i18n.js

@@ -0,0 +1,44 @@
+export const DataI18n = {
+    name: 'DataI18n',
+    slug: 'data_i18n',
+    category: 'data',
+    display_name: 'Internationalization',
+    description: 'Creates a companion _translations table with lang_code + translatable ' +
+        'fields. Copies SELECT policies and column-ref fields from the base ' +
+        'table. Adds @i18n smart comment so the Graphile i18n plugin discovers ' +
+        'it. Requires i18n_module to be provisioned for the database.',
+    parameter_schema: {
+        type: 'object',
+        properties: {
+            fields: {
+                type: 'array',
+                items: {
+                    type: 'string',
+                    format: 'column-ref'
+                },
+                description: 'Field names on the base table to make translatable. Each field ' +
+                    'is duplicated on the translation table with the same type.'
+            },
+            table_suffix: {
+                type: 'string',
+                description: 'Suffix for the translation table name',
+                default: '_translations'
+            },
+            lang_code_type: {
+                type: 'string',
+                enum: ['citext', 'text'],
+                description: 'Type for the lang_code column',
+                default: 'citext'
+            },
+            copy_mutation_policies: {
+                type: 'boolean',
+                description: 'Whether to also copy INSERT/UPDATE/DELETE policies (not just ' +
+                    'SELECT). Default true — translations should be editable by the ' +
+                    'same users who can edit the base row.',
+                default: true
+            }
+        },
+        required: ['fields']
+    },
+    tags: ['i18n', 'translation', 'schema']
+};

package/esm/data/index.d.ts

@@ -7,6 +7,7 @@ export { DataCompositeField } from './data-composite-field';
 export { DataDirectOwner } from './data-direct-owner';
 export { DataEntityMembership } from './data-entity-membership';
 export { DataForceCurrentUser } from './data-force-current-user';
+export { DataI18n } from './data-i18n';
 export { DataId } from './data-id';
 export { DataImmutableFields } from './data-immutable-fields';
 export { DataInflection } from './data-inflection';

package/esm/data/index.js

@@ -7,6 +7,7 @@ export { DataCompositeField } from './data-composite-field';
 export { DataDirectOwner } from './data-direct-owner';
 export { DataEntityMembership } from './data-entity-membership';
 export { DataForceCurrentUser } from './data-force-current-user';
+export { DataI18n } from './data-i18n';
 export { DataId } from './data-id';
 export { DataImmutableFields } from './data-immutable-fields';
 export { DataInflection } from './data-inflection';

package/esm/module-presets/auth-email-magic.js

@@ -33,26 +33,18 @@ export const PresetAuthEmailMagic = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'limits_module:app',
-        'levels_module:app',
-        'memberships_module:app',
+        ['permissions_module', { scope: 'app' }],
+        ['limits_module', { scope: 'app' }],
+        ['levels_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'app' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
         'session_secrets_module'
     ],
-    includes_notes: {
-        session_secrets_module: 'Stores nonces for magic-link and email-OTP flows. Without it those procedures are not emitted.'
-    },
-    omits_notes: {
-        rate_limits_module: 'Same reasoning as `auth:email` — add later via `auth:hardened`.',
-        connected_accounts_module: 'No OAuth / SSO in this preset.',
-        webauthn_credentials_module: 'No passkeys — add `auth:passkey`.',
-        phone_numbers_module: 'No SMS — add `auth:hardened`.'
-    },
     extends: ['auth:email']
 };

package/esm/module-presets/auth-email.d.ts

@@ -9,9 +9,9 @@ import type { ModulePreset } from './types';
  * `set_password`, `reset_password`, `forgot_password`, `verify_email`,
  * `delete_account`, `my_sessions`, API-key CRUD. Nothing more.
  *
- * Includes `permissions_module:app`, `limits_module:app`, and
- * `levels_module:app` because `memberships_module:app` has NOT NULL
- * foreign keys to the tables they create (grants, caps, levels).
+ * Includes permissions, limits, and levels modules (app scope) because
+ * the app-scoped memberships module has NOT NULL foreign keys to the
+ * tables they create (grants, caps, levels).
  *
  * It deliberately excludes rate limits, connected accounts / identity
  * providers (OAuth), WebAuthn (passkeys), phone numbers (SMS), invites,

package/esm/module-presets/auth-email.js

@@ -8,9 +8,9 @@
  * `set_password`, `reset_password`, `forgot_password`, `verify_email`,
  * `delete_account`, `my_sessions`, API-key CRUD. Nothing more.
  *
- * Includes `permissions_module:app`, `limits_module:app`, and
- * `levels_module:app` because `memberships_module:app` has NOT NULL
- * foreign keys to the tables they create (grants, caps, levels).
+ * Includes permissions, limits, and levels modules (app scope) because
+ * the app-scoped memberships module has NOT NULL foreign keys to the
+ * tables they create (grants, caps, levels).
  *
  * It deliberately excludes rate limits, connected accounts / identity
  * providers (OAuth), WebAuthn (passkeys), phone numbers (SMS), invites,
@@ -44,35 +44,16 @@ export const PresetAuthEmail = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'limits_module:app',
-        'levels_module:app',
-        'memberships_module:app',
+        ['permissions_module', { scope: 'app' }],
+        ['limits_module', { scope: 'app' }],
+        ['levels_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'app' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module'
-    ],
-    includes_notes: {
-        'memberships_module:app': 'Required by `user_auth_module`: every user gets an app-level membership row at sign-up.',
-        membership_types_module: "Required by `memberships_module:app`; defines the 'app' scope.",
-        'permissions_module:app': 'Required by `memberships_module:app`: NOT NULL FK to grants table.',
-        'limits_module:app': 'Required by `memberships_module:app`: NOT NULL FK to caps table.',
-        'levels_module:app': 'Required by `memberships_module:app`: NOT NULL FK to levels table.',
-        emails_module: 'Required by the `user_auth_module` insert trigger (`RAISE EXCEPTION REQUIRES emails_module`).',
-        config_secrets_user_module: 'Required for password hashing; referenced by `set_password`, `verify_password`, and reset flows.',
-        user_state_module: 'API-key storage (`create_api_key`, `revoke_api_key`, `my_api_keys`).'
-    },
-    omits_notes: {
-        rate_limits_module: 'Omitted intentionally; throttle_* helpers are null-safe and the auth procs compile without it. Add later via `auth:hardened`.',
-        connected_accounts_module: 'No OAuth / SSO in this preset — add `auth:sso`.',
-        identity_providers_module: 'No OAuth provider configs without connected_accounts.',
-        webauthn_credentials_module: 'No passkeys — add `auth:passkey`.',
-        phone_numbers_module: 'No SMS login — add `auth:hardened` or the SMS-only refactor path.',
-        'memberships_module:org': 'No org/team structure — move to `b2b` when you need one.',
-        invites_module: 'Self-serve signup only.',
-        session_secrets_module: 'No magic-link / email-OTP nonces; add `auth:email+magic`.'
-    }
+    ]
 };

package/esm/module-presets/auth-hardened.js

@@ -30,13 +30,14 @@ export const PresetAuthHardened = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'limits_module:app',
-        'levels_module:app',
-        'memberships_module:app',
+        ['permissions_module', { scope: 'app' }],
+        ['limits_module', { scope: 'app' }],
+        ['levels_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'app' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
@@ -49,21 +50,5 @@ export const PresetAuthHardened = {
         'phone_numbers_module',
         'devices_module'
     ],
-    includes_notes: {
-        rate_limits_module: 'Throttling for sign-in, password reset, sign-up, and IP-based gates.',
-        connected_accounts_module: 'OAuth / SSO linkage.',
-        identity_providers_module: 'OAuth provider configs (required for `connected_accounts_module`).',
-        webauthn_credentials_module: 'Per-user passkey storage.',
-        webauthn_auth_module: 'Passkey challenge + assertion runtime.',
-        session_secrets_module: 'Nonces for magic links, email OTP, and WebAuthn challenges.',
-        phone_numbers_module: 'SMS sign-in / MFA support.',
-        devices_module: 'Device tracking and trusted-device MFA bypass.'
-    },
-    omits_notes: {
-        'memberships_module:org': 'No orgs / teams — use `b2b` when you need multi-tenancy.',
-        invites_module: 'No invite flow — add via `b2b`.',
-        storage_module: 'Add separately if you need file uploads.',
-        crypto_addresses_module: 'Not a web3 preset; omit unless doing wallet sign-in.'
-    },
     extends: ['auth:email', 'auth:email+magic', 'auth:sso', 'auth:passkey']
 };

package/esm/module-presets/auth-passkey.js

@@ -31,13 +31,14 @@ export const PresetAuthPasskey = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'limits_module:app',
-        'levels_module:app',
-        'memberships_module:app',
+        ['permissions_module', { scope: 'app' }],
+        ['limits_module', { scope: 'app' }],
+        ['levels_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'app' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
@@ -45,15 +46,5 @@ export const PresetAuthPasskey = {
         'webauthn_credentials_module',
         'webauthn_auth_module'
     ],
-    includes_notes: {
-        webauthn_credentials_module: 'Per-user WebAuthn credential storage. Without it, passkey registration does not compile.',
-        webauthn_auth_module: 'Runtime challenge + assertion flow.',
-        session_secrets_module: 'Challenge nonces for registration and assertion.'
-    },
-    omits_notes: {
-        rate_limits_module: 'Add via `auth:hardened` for production.',
-        connected_accounts_module: 'No OAuth / SSO — add via `auth:hardened`.',
-        phone_numbers_module: 'No SMS.'
-    },
     extends: ['auth:email']
 };

package/esm/module-presets/auth-sso.d.ts

@@ -6,7 +6,7 @@ import type { ModulePreset } from './types';
  * `(provider, external_id)`) and `identity_providers_module` (the provider
  * config: URLs, client_id, encrypted client_secret, scopes, PKCE/nonce
  * knobs). The generator then emits `sign_in_identity` / `sign_up_identity`
- * procedures which rely on `config_secrets_user_module` to decrypt the client
+ * procedures which rely on `config_secrets_module` to decrypt the client
  * secret at auth time.
  *
  * Password fallback stays on by default (break-glass for admins); flip the

package/esm/module-presets/auth-sso.js

@@ -5,7 +5,7 @@
  * `(provider, external_id)`) and `identity_providers_module` (the provider
  * config: URLs, client_id, encrypted client_secret, scopes, PKCE/nonce
  * knobs). The generator then emits `sign_in_identity` / `sign_up_identity`
- * procedures which rely on `config_secrets_user_module` to decrypt the client
+ * procedures which rely on `config_secrets_module` to decrypt the client
  * secret at auth time.
  *
  * Password fallback stays on by default (break-glass for admins); flip the
@@ -26,7 +26,7 @@ export const PresetAuthSso = {
         'encrypted client secrets) and `connected_accounts_module` (the junction mapping a ' +
         'Constructive user to a `(provider, external_id)` pair). The generator emits ' +
         '`sign_in_identity` and `sign_up_identity` procedures which decrypt the client secret ' +
-        'through `config_secrets_user_module` at auth time. Keep password flows as break-glass, or ' +
+        'through `config_secrets_module` at auth time. Keep password flows as break-glass, or ' +
         'disable them via `app_settings_auth` toggles for strictly-SSO deployments.',
     good_for: [
         'B2B apps where end users sign in via their employer IdP',
@@ -40,29 +40,19 @@ export const PresetAuthSso = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'limits_module:app',
-        'levels_module:app',
-        'memberships_module:app',
+        ['permissions_module', { scope: 'app' }],
+        ['limits_module', { scope: 'app' }],
+        ['levels_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'app' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
         'connected_accounts_module',
         'identity_providers_module'
     ],
-    includes_notes: {
-        connected_accounts_module: 'Junction table for (user, provider, external_id). Without it, `sign_in_identity` does not compile.',
-        identity_providers_module: 'Provider config table (URLs, client_id, encrypted client_secret, scopes, PKCE knobs).',
-        config_secrets_user_module: 'Required by `auth:email` already; also used by SSO to decrypt the provider client_secret at auth time.'
-    },
-    omits_notes: {
-        webauthn_credentials_module: 'No passkeys — add `auth:passkey` or move to `auth:hardened`.',
-        rate_limits_module: 'Omitted; add via `auth:hardened` for production.',
-        session_secrets_module: "Not required for authorization-code OAuth; add if you also want magic-link flows. PKCE doesn't require it for stateless OAuth flows today.",
-        phone_numbers_module: 'No SMS in this preset.'
-    },
     extends: ['auth:email']
 };

package/esm/module-presets/b2b-storage.js

@@ -18,7 +18,7 @@ export const PresetB2bStorage = {
         '`app_buckets` and `app_files` tables with full RLS: AuthzPublishable for public reads, ' +
         'AuthzAppMembership for member access, AuthzDirectOwner for uploader-only modify/delete. ' +
         'Entity-type provisioning with a non-empty `storage` array adds per-scope storage tables ' +
-        'automatically (multiple modules per entity via storage_key). Choose this when your B2B ' +
+        'automatically (multiple modules per entity via key). Choose this when your B2B ' +
         'app needs file uploads, avatars, attachments, or any object storage tied to workspaces.',
     good_for: [
         'B2B SaaS with file uploads (documents, avatars, attachments)',
@@ -32,17 +32,18 @@ export const PresetB2bStorage = {
     modules: [
         'users_module',
         'membership_types_module',
-        'permissions_module:app',
-        'permissions_module:org',
-        'limits_module:app',
-        'limits_module:org',
-        'levels_module:app',
-        'levels_module:org',
-        'memberships_module:app',
-        'memberships_module:org',
+        ['permissions_module', { scope: 'app' }],
+        ['permissions_module', { scope: 'org' }],
+        ['limits_module', { scope: 'app' }],
+        ['limits_module', { scope: 'org' }],
+        ['levels_module', { scope: 'app' }],
+        ['levels_module', { scope: 'org' }],
+        ['memberships_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'org' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
@@ -53,20 +54,13 @@ export const PresetB2bStorage = {
         'webauthn_credentials_module',
         'webauthn_auth_module',
         'phone_numbers_module',
-        'profiles_module:app',
-        'profiles_module:org',
-        'hierarchy_module:org',
-        'invites_module:app',
-        'invites_module:org',
+        ['profiles_module', { scope: 'app' }],
+        ['profiles_module', { scope: 'org' }],
+        ['hierarchy_module', { scope: 'org' }],
+        ['invites_module', { scope: 'app' }],
+        ['invites_module', { scope: 'org' }],
         'storage_module',
         'devices_module'
     ],
-    includes_notes: {
-        storage_module: 'File upload infrastructure: app_buckets + app_files tables with RLS. Entity-type storage scopes layered on top via the `storage` array (array-only format, supports multiple modules per entity via storage_key).',
-        devices_module: 'Device tracking and trusted-device MFA bypass.'
-    },
-    omits_notes: {
-        crypto_addresses_module: 'Not a web3 preset.'
-    },
     extends: ['b2b']
 };

package/esm/module-presets/b2b.js

@@ -15,11 +15,11 @@ export const PresetB2b = {
     display_name: 'B2B SaaS (orgs + invites + permissions)',
     summary: '`auth:hardened` + orgs, invites, fine-grained permissions, levels, profiles, hierarchy.',
     description: 'Everything in `auth:hardened`, plus the full org/team/permission stack at both app and ' +
-        'org membership scopes. You get: `memberships_module:org` for org-scoped memberships, ' +
-        '`permissions_module:app/:org` for fine-grained RBAC, `limits_module:app/:org` for per-scope ' +
-        'quota enforcement, `levels_module:app/:org` for role bundles, `profiles_module:app/:org` ' +
-        'for per-scope user display info, `hierarchy_module:org` for nested org structures, and ' +
-        '`invites_module:app/:org` for invite flows at either scope. Choose this when the app has ' +
+        'org membership scopes. You get: memberships at org scope, permissions at app and org ' +
+        'scopes for fine-grained RBAC, limits at app and org scopes for per-scope quota ' +
+        'enforcement, levels at app and org scopes for role bundles, profiles at app and org ' +
+        'scopes for per-scope user display info, hierarchy at org scope for nested org structures, ' +
+        'and invites at app and org scopes for invite flows. Choose this when the app has ' +
         'the concept of a "workspace" / "team" / "tenant" that users belong to and act within.',
     good_for: [
         'B2B SaaS with multi-tenant workspaces / teams',
@@ -34,11 +34,12 @@ export const PresetB2b = {
     modules: [
         'users_module',
         'membership_types_module',
-        'memberships_module:app',
-        'memberships_module:org',
+        ['memberships_module', { scope: 'app' }],
+        ['memberships_module', { scope: 'org' }],
         'sessions_module',
         'user_state_module',
-        'config_secrets_user_module',
+        'user_credentials_module',
+        'config_secrets_module',
         'emails_module',
         'rls_module',
         'user_auth_module',
@@ -49,37 +50,18 @@ export const PresetB2b = {
         'webauthn_credentials_module',
         'webauthn_auth_module',
         'phone_numbers_module',
-        'permissions_module:app',
-        'permissions_module:org',
-        'limits_module:app',
-        'limits_module:org',
-        'levels_module:app',
-        'levels_module:org',
-        'profiles_module:app',
-        'profiles_module:org',
-        'hierarchy_module:org',
-        'invites_module:app',
-        'invites_module:org',
+        ['permissions_module', { scope: 'app' }],
+        ['permissions_module', { scope: 'org' }],
+        ['limits_module', { scope: 'app' }],
+        ['limits_module', { scope: 'org' }],
+        ['levels_module', { scope: 'app' }],
+        ['levels_module', { scope: 'org' }],
+        ['profiles_module', { scope: 'app' }],
+        ['profiles_module', { scope: 'org' }],
+        ['hierarchy_module', { scope: 'org' }],
+        ['invites_module', { scope: 'app' }],
+        ['invites_module', { scope: 'org' }],
         'devices_module'
     ],
-    includes_notes: {
-        'memberships_module:org': 'Org-scoped membership rows — every user in an org gets one.',
-        'permissions_module:app': 'App-wide permission grants (e.g. platform admins).',
-        'permissions_module:org': 'Org-scoped permission grants (per-workspace admins, members, viewers, ...).',
-        'limits_module:app': 'App-level quotas (e.g. max users per plan).',
-        'limits_module:org': 'Org-level quotas (e.g. per-workspace API call caps).',
-        'levels_module:app': 'Role/level bundles at the app scope.',
-        'levels_module:org': 'Role/level bundles at the org scope (admin / member / viewer, etc.).',
-        'profiles_module:app': 'App-scoped user profile (one per user).',
-        'profiles_module:org': 'Org-scoped user profile (per org a user belongs to).',
-        'hierarchy_module:org': 'Nested org structures (parent / child orgs).',
-        'invites_module:app': 'App-level invites (rare — usually platform admin adds another admin).',
-        'invites_module:org': 'Org-level invites (the common case — invite a teammate into a workspace).',
-        devices_module: 'Device tracking and trusted-device MFA bypass.'
-    },
-    omits_notes: {
-        storage_module: 'Add separately if you need file uploads tied to orgs.',
-        crypto_addresses_module: 'Not a web3 preset.'
-    },
     extends: ['auth:hardened']
 };

package/esm/module-presets/full.d.ts

@@ -3,7 +3,7 @@ import type { ModulePreset } from './types';
  * `full` — install every standard module.
  *
  * This is the maximalist preset: every module Constructive ships, including
- * `storage_module:full` for file uploads with all feature flags and
+ * `storage_module` with all feature flags enabled and
  * `crypto_addresses_module` for wallet-based sign-in.
  *
  * Usage logging modules (compute_log, inference_log, transfer_log,