diff --git a/packages/database-jobs/Makefile b/packages/database-jobs/Makefile index 5bc52142..27f652f9 100644 --- a/packages/database-jobs/Makefile +++ b/packages/database-jobs/Makefile @@ -1,5 +1,5 @@ EXTENSION = pgpm-database-jobs -DATA = sql/pgpm-database-jobs--0.26.0.sql +DATA = sql/pgpm-database-jobs--0.26.1.sql PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/packages/database-jobs/__tests__/__snapshots__/jobs.test.ts.snap b/packages/database-jobs/__tests__/__snapshots__/jobs.test.ts.snap index 46f25498..23879d2a 100644 --- a/packages/database-jobs/__tests__/__snapshots__/jobs.test.ts.snap +++ b/packages/database-jobs/__tests__/__snapshots__/jobs.test.ts.snap @@ -6,6 +6,7 @@ exports[`scheduled jobs schedule jobs 1`] = ` "attempts": 0, "database_id": "5b720132-17d5-424d-9bcb-ee7b17c13d43", "entity_id": null, + "entity_type": null, "id": "1", "is_available": true, "key": null, @@ -13,6 +14,7 @@ exports[`scheduled jobs schedule jobs 1`] = ` "locked_at": null, "locked_by": null, "max_attempts": 25, + "organization_id": null, "payload": { "just": "run it", }, diff --git a/packages/database-jobs/deploy/schemas/app_jobs/procedures/add_job.sql b/packages/database-jobs/deploy/schemas/app_jobs/procedures/add_job.sql index ccd99621..5cf035d1 100644 --- a/packages/database-jobs/deploy/schemas/app_jobs/procedures/add_job.sql +++ b/packages/database-jobs/deploy/schemas/app_jobs/procedures/add_job.sql @@ -14,7 +14,9 @@ CREATE FUNCTION app_jobs.add_job ( run_at timestamptz DEFAULT now(), max_attempts integer DEFAULT 25, priority integer DEFAULT 0, - entity_id uuid DEFAULT NULL + entity_id uuid DEFAULT NULL, + organization_id uuid DEFAULT NULL, + entity_type text DEFAULT NULL ) RETURNS app_jobs.jobs AS $$ @@ -33,6 +35,8 @@ BEGIN database_id, actor_id, entity_id, + organization_id, + entity_type, task_identifier, payload, queue_name, @@ -44,6 +48,8 @@ BEGIN v_database_id, v_actor_id, add_job.entity_id, + add_job.organization_id, + add_job.entity_type, identifier, coalesce(payload, '{}'::json), queue_name, @@ -88,6 +94,8 @@ BEGIN database_id, actor_id, entity_id, + organization_id, + entity_type, task_identifier, payload, queue_name, @@ -98,6 +106,8 @@ BEGIN v_database_id, v_actor_id, add_job.entity_id, + add_job.organization_id, + add_job.entity_type, identifier, payload, queue_name, diff --git a/packages/database-jobs/deploy/schemas/app_jobs/tables/jobs/table.sql b/packages/database-jobs/deploy/schemas/app_jobs/tables/jobs/table.sql index 92933621..e562e591 100644 --- a/packages/database-jobs/deploy/schemas/app_jobs/tables/jobs/table.sql +++ b/packages/database-jobs/deploy/schemas/app_jobs/tables/jobs/table.sql @@ -7,6 +7,8 @@ CREATE TABLE app_jobs.jobs ( database_id uuid, actor_id uuid, entity_id uuid, + organization_id uuid, + entity_type text, queue_name text DEFAULT NULL, task_identifier text NOT NULL, payload json DEFAULT '{}' ::json NOT NULL, @@ -32,6 +34,8 @@ COMMENT ON COLUMN app_jobs.jobs.id IS 'Auto-incrementing job identifier'; COMMENT ON COLUMN app_jobs.jobs.database_id IS 'Database this job belongs to (nullable for system-level jobs without tenant context)'; COMMENT ON COLUMN app_jobs.jobs.actor_id IS 'User who triggered this job, read from JWT claims at enqueue time'; COMMENT ON COLUMN app_jobs.jobs.entity_id IS 'Entity (org/team) this job is scoped to for billing; NULL means platform-level (resolved via database_id → owner_id)'; +COMMENT ON COLUMN app_jobs.jobs.organization_id IS 'Top-level organization for this entity; resolved at enqueue time via get_organization_id(entity_type, entity_id)'; +COMMENT ON COLUMN app_jobs.jobs.entity_type IS 'Entity type prefix (org, team, app, etc.) for interpreting entity_id'; COMMENT ON COLUMN app_jobs.jobs.queue_name IS 'Name of the queue this job belongs to; used for worker routing and concurrency control'; COMMENT ON COLUMN app_jobs.jobs.task_identifier IS 'Identifier for the task type (maps to a worker handler function)'; COMMENT ON COLUMN app_jobs.jobs.payload IS 'JSON payload of arguments passed to the task handler'; diff --git a/packages/database-jobs/package.json b/packages/database-jobs/package.json index 6e7d3efa..245fec79 100644 --- a/packages/database-jobs/package.json +++ b/packages/database-jobs/package.json @@ -35,4 +35,4 @@ "bugs": { "url": "https://github.com/constructive-io/pgpm-modules/issues" } -} +} \ No newline at end of file diff --git a/packages/database-jobs/pgpm-database-jobs.control b/packages/database-jobs/pgpm-database-jobs.control index d1944d01..9f66f563 100644 --- a/packages/database-jobs/pgpm-database-jobs.control +++ b/packages/database-jobs/pgpm-database-jobs.control @@ -1,6 +1,6 @@ # pgpm-database-jobs extension comment = 'pgpm-database-jobs extension' -default_version = '0.26.0' +default_version = '0.26.1' module_pathname = '$libdir/pgpm-database-jobs' requires = 'plpgsql,pgcrypto,pgpm-verify,pgpm-jwt-claims' relocatable = false diff --git a/packages/database-jobs/sql/pgpm-database-jobs--0.26.0.sql b/packages/database-jobs/sql/pgpm-database-jobs--0.26.1.sql similarity index 88% rename from packages/database-jobs/sql/pgpm-database-jobs--0.26.0.sql rename to packages/database-jobs/sql/pgpm-database-jobs--0.26.1.sql index 390c4b7e..3e981788 100644 --- a/packages/database-jobs/sql/pgpm-database-jobs--0.26.0.sql +++ b/packages/database-jobs/sql/pgpm-database-jobs--0.26.1.sql @@ -53,9 +53,7 @@ $EOFCODE$ LANGUAGE plpgsql VOLATILE SECURITY DEFINER; COMMENT ON FUNCTION app_jobs.tg_add_job_with_row IS 'Useful shortcut to create a job on insert or update. Pass the task name as the trigger argument, and the record data will automatically be available on the JSON payload.'; -CREATE FUNCTION app_jobs.json_build_object_apply( - arguments text[] -) RETURNS pg_catalog.json AS $EOFCODE$ +CREATE FUNCTION app_jobs.json_build_object_apply(arguments text[]) RETURNS pg_catalog.json AS $EOFCODE$ DECLARE arg text; _sql text; @@ -195,6 +193,8 @@ CREATE TABLE app_jobs.jobs ( database_id uuid, actor_id uuid, entity_id uuid, + organization_id uuid, + entity_type text, queue_name text DEFAULT NULL, task_identifier text NOT NULL, payload pg_catalog.json DEFAULT '{}'::json NOT NULL, @@ -226,6 +226,10 @@ COMMENT ON COLUMN app_jobs.jobs.actor_id IS 'User who triggered this job, read f COMMENT ON COLUMN app_jobs.jobs.entity_id IS 'Entity (org/team) this job is scoped to for billing; NULL means platform-level (resolved via database_id → owner_id)'; +COMMENT ON COLUMN app_jobs.jobs.organization_id IS 'Top-level organization for this entity; resolved at enqueue time via get_organization_id(entity_type, entity_id)'; + +COMMENT ON COLUMN app_jobs.jobs.entity_type IS 'Entity type prefix (org, team, app, etc.) for interpreting entity_id'; + COMMENT ON COLUMN app_jobs.jobs.queue_name IS 'Name of the queue this job belongs to; used for worker routing and concurrency control'; COMMENT ON COLUMN app_jobs.jobs.task_identifier IS 'Identifier for the task type (maps to a worker handler function)'; @@ -374,10 +378,7 @@ CREATE INDEX job_queues_locked_by_idx ON app_jobs.job_queues (locked_by); GRANT SELECT, INSERT, UPDATE, DELETE ON app_jobs.job_queues TO administrator; -CREATE FUNCTION app_jobs.run_scheduled_job( - id bigint, - job_expiry interval DEFAULT '1 hours' -) RETURNS app_jobs.jobs AS $EOFCODE$ +CREATE FUNCTION app_jobs.run_scheduled_job(id bigint, job_expiry interval DEFAULT '1 hours') RETURNS app_jobs.jobs AS $EOFCODE$ DECLARE j app_jobs.jobs; last_id bigint; @@ -448,13 +449,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION app_jobs.reschedule_jobs( - job_ids bigint[], - run_at timestamptz DEFAULT NULL, - priority int DEFAULT NULL, - attempts int DEFAULT NULL, - max_attempts int DEFAULT NULL -) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ +CREATE FUNCTION app_jobs.reschedule_jobs(job_ids bigint[], run_at timestamptz DEFAULT NULL, priority int DEFAULT NULL, attempts int DEFAULT NULL, max_attempts int DEFAULT NULL) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ UPDATE app_jobs.jobs SET @@ -470,10 +465,7 @@ CREATE FUNCTION app_jobs.reschedule_jobs( *; $EOFCODE$; -CREATE FUNCTION app_jobs.release_scheduled_jobs( - worker_id text, - ids bigint[] DEFAULT NULL -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION app_jobs.release_scheduled_jobs(worker_id text, ids bigint[] DEFAULT NULL) RETURNS void AS $EOFCODE$ DECLARE BEGIN -- clear the scheduled job @@ -489,9 +481,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION app_jobs.release_jobs( - worker_id text -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION app_jobs.release_jobs(worker_id text) RETURNS void AS $EOFCODE$ DECLARE BEGIN -- clear the job @@ -514,10 +504,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION app_jobs.permanently_fail_jobs( - job_ids bigint[], - error_message text DEFAULT NULL -) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ +CREATE FUNCTION app_jobs.permanently_fail_jobs(job_ids bigint[], error_message text DEFAULT NULL) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ UPDATE app_jobs.jobs SET @@ -531,10 +518,7 @@ CREATE FUNCTION app_jobs.permanently_fail_jobs( *; $EOFCODE$; -CREATE FUNCTION app_jobs.get_scheduled_job( - worker_id text, - task_identifiers text[] DEFAULT NULL -) RETURNS app_jobs.scheduled_jobs LANGUAGE plpgsql AS $EOFCODE$ +CREATE FUNCTION app_jobs.get_scheduled_job(worker_id text, task_identifiers text[] DEFAULT NULL) RETURNS app_jobs.scheduled_jobs LANGUAGE plpgsql AS $EOFCODE$ DECLARE v_job_id bigint; v_row app_jobs.scheduled_jobs; @@ -586,11 +570,7 @@ BEGIN END; $EOFCODE$; -CREATE FUNCTION app_jobs.get_job( - worker_id text, - task_identifiers text[] DEFAULT NULL, - job_expiry interval DEFAULT '4 hours' -) RETURNS app_jobs.jobs LANGUAGE plpgsql AS $EOFCODE$ +CREATE FUNCTION app_jobs.get_job(worker_id text, task_identifiers text[] DEFAULT NULL, job_expiry interval DEFAULT '4 hours') RETURNS app_jobs.jobs LANGUAGE plpgsql AS $EOFCODE$ DECLARE v_job_id bigint; v_queue_name text; @@ -645,11 +625,7 @@ BEGIN END; $EOFCODE$; -CREATE FUNCTION app_jobs.fail_job( - worker_id text, - job_id bigint, - error_message text -) RETURNS app_jobs.jobs LANGUAGE plpgsql STRICT AS $EOFCODE$ +CREATE FUNCTION app_jobs.fail_job(worker_id text, job_id bigint, error_message text) RETURNS app_jobs.jobs LANGUAGE plpgsql STRICT AS $EOFCODE$ DECLARE v_row app_jobs.jobs; BEGIN @@ -679,9 +655,7 @@ BEGIN END; $EOFCODE$; -CREATE FUNCTION app_jobs.complete_jobs( - job_ids bigint[] -) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ +CREATE FUNCTION app_jobs.complete_jobs(job_ids bigint[]) RETURNS SETOF app_jobs.jobs LANGUAGE sql AS $EOFCODE$ DELETE FROM app_jobs.jobs WHERE id = ANY (job_ids) AND (locked_by IS NULL @@ -690,10 +664,7 @@ CREATE FUNCTION app_jobs.complete_jobs( *; $EOFCODE$; -CREATE FUNCTION app_jobs.complete_job( - worker_id text, - job_id bigint -) RETURNS app_jobs.jobs LANGUAGE plpgsql AS $EOFCODE$ +CREATE FUNCTION app_jobs.complete_job(worker_id text, job_id bigint) RETURNS app_jobs.jobs LANGUAGE plpgsql AS $EOFCODE$ DECLARE v_row app_jobs.jobs; BEGIN @@ -715,16 +686,7 @@ BEGIN END; $EOFCODE$; -CREATE FUNCTION app_jobs.add_scheduled_job( - identifier text, - payload pg_catalog.json DEFAULT '{}'::json, - schedule_info pg_catalog.json DEFAULT '{}'::json, - job_key text DEFAULT NULL, - queue_name text DEFAULT NULL, - max_attempts int DEFAULT 25, - priority int DEFAULT 0, - entity_id uuid DEFAULT NULL -) RETURNS app_jobs.scheduled_jobs AS $EOFCODE$ +CREATE FUNCTION app_jobs.add_scheduled_job(identifier text, payload pg_catalog.json DEFAULT '{}'::json, schedule_info pg_catalog.json DEFAULT '{}'::json, job_key text DEFAULT NULL, queue_name text DEFAULT NULL, max_attempts int DEFAULT 25, priority int DEFAULT 0, entity_id uuid DEFAULT NULL) RETURNS app_jobs.scheduled_jobs AS $EOFCODE$ DECLARE v_job app_jobs.scheduled_jobs; v_database_id uuid; @@ -812,16 +774,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE SECURITY DEFINER; -CREATE FUNCTION app_jobs.add_job( - identifier text, - payload pg_catalog.json DEFAULT '{}'::json, - job_key text DEFAULT NULL, - queue_name text DEFAULT NULL, - run_at timestamptz DEFAULT now(), - max_attempts int DEFAULT 25, - priority int DEFAULT 0, - entity_id uuid DEFAULT NULL -) RETURNS app_jobs.jobs AS $EOFCODE$ +CREATE FUNCTION app_jobs.add_job(identifier text, payload pg_catalog.json DEFAULT '{}'::json, job_key text DEFAULT NULL, queue_name text DEFAULT NULL, run_at timestamptz DEFAULT now(), max_attempts int DEFAULT 25, priority int DEFAULT 0, entity_id uuid DEFAULT NULL, organization_id uuid DEFAULT NULL, entity_type text DEFAULT NULL) RETURNS app_jobs.jobs AS $EOFCODE$ DECLARE v_job app_jobs.jobs; v_database_id uuid; @@ -837,6 +790,8 @@ BEGIN database_id, actor_id, entity_id, + organization_id, + entity_type, task_identifier, payload, queue_name, @@ -848,6 +803,8 @@ BEGIN v_database_id, v_actor_id, add_job.entity_id, + add_job.organization_id, + add_job.entity_type, identifier, coalesce(payload, '{}'::json), queue_name, @@ -892,6 +849,8 @@ BEGIN database_id, actor_id, entity_id, + organization_id, + entity_type, task_identifier, payload, queue_name, @@ -902,6 +861,8 @@ BEGIN v_database_id, v_actor_id, add_job.entity_id, + add_job.organization_id, + add_job.entity_type, identifier, payload, queue_name, @@ -915,9 +876,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE SECURITY DEFINER; -CREATE FUNCTION app_jobs.remove_job( - job_key text -) RETURNS app_jobs.jobs LANGUAGE plpgsql STRICT AS $EOFCODE$ +CREATE FUNCTION app_jobs.remove_job(job_key text) RETURNS app_jobs.jobs LANGUAGE plpgsql STRICT AS $EOFCODE$ DECLARE v_job app_jobs.jobs; BEGIN @@ -942,9 +901,7 @@ BEGIN END; $EOFCODE$; -CREATE FUNCTION app_jobs.force_unlock_workers( - worker_ids text[] -) RETURNS void LANGUAGE sql VOLATILE AS $EOFCODE$ +CREATE FUNCTION app_jobs.force_unlock_workers(worker_ids text[]) RETURNS void LANGUAGE sql VOLATILE AS $EOFCODE$ UPDATE app_jobs.jobs SET locked_at = NULL, locked_by = NULL WHERE locked_by = ANY (worker_ids); diff --git a/packages/metaschema-modules/Makefile b/packages/metaschema-modules/Makefile index 9f0f6cf5..f92ca4ec 100644 --- a/packages/metaschema-modules/Makefile +++ b/packages/metaschema-modules/Makefile @@ -1,5 +1,5 @@ EXTENSION = metaschema-modules -DATA = sql/metaschema-modules--0.26.0.sql +DATA = sql/metaschema-modules--0.26.1.sql PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap b/packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap index 2cedd053..ebfe3afa 100644 --- a/packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap +++ b/packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap @@ -115,7 +115,7 @@ exports[`db_meta_modules should verify module table structures have database_id exports[`db_meta_modules should verify module tables have proper foreign key relationships 1`] = ` { - "constraintCount": 394604, + "constraintCount": 396560, "foreignTables": [ "database", "field", diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/agent_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/agent_module/table.sql index 2f53b0f2..c4ae0822 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/agent_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/agent_module/table.sql @@ -35,6 +35,12 @@ CREATE TABLE metaschema_modules_public.agent_module ( -- Multi-tenant scope membership_type int DEFAULT NULL, + -- Module key discriminator: allows multiple agent modules per scope. + -- 'default' is omitted from table names, any other value becomes + -- an infix: {prefix}_{key}_agent_thread. + -- Max 16 chars, lowercase snake_case. + key text NOT NULL DEFAULT 'default', + -- Entity table for RLS (NULL for app-level, entity table for entity-scoped) entity_table_id uuid NULL, @@ -69,9 +75,9 @@ CREATE TABLE metaschema_modules_public.agent_module ( CREATE INDEX agent_module_database_id_idx ON metaschema_modules_public.agent_module ( database_id ); --- Unique constraint on (database_id, membership_type) using COALESCE to handle NULLs. --- NULL membership_type = app-level, non-NULL = entity-scoped. --- Only one agent module per scope. -CREATE UNIQUE INDEX agent_module_unique_scope ON metaschema_modules_public.agent_module ( database_id, COALESCE(membership_type, -1) ); +-- Unique constraint on (database_id, membership_type, key) using COALESCE to handle NULLs. +-- NULL membership_type = app-level, non-NULL = entity-scoped. key discriminates +-- multiple agent modules for the same scope (e.g. 'support' + 'internal'). +CREATE UNIQUE INDEX agent_module_unique_scope ON metaschema_modules_public.agent_module ( database_id, COALESCE(membership_type, -1), key ); COMMIT; diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/config_secrets_user_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/config_secrets_user_module/table.sql index 690d3356..3213f873 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/config_secrets_user_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/config_secrets_user_module/table.sql @@ -12,11 +12,15 @@ CREATE TABLE metaschema_modules_public.config_secrets_user_module ( schema_id uuid NOT NULL DEFAULT uuid_nil(), table_id uuid NOT NULL DEFAULT uuid_nil(), table_name text NOT NULL DEFAULT 'user_secrets', + + -- Config definitions table ID (populated by the generator) + config_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), -- CONSTRAINT db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY (schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE, - CONSTRAINT table_fkey FOREIGN KEY (table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE + CONSTRAINT table_fkey FOREIGN KEY (table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, + CONSTRAINT config_defs_table_fkey FOREIGN KEY (config_definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE ); CREATE INDEX config_secrets_user_module_database_id_idx ON metaschema_modules_public.config_secrets_user_module ( database_id ); diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/entity_type_provision/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/entity_type_provision/table.sql index ebbe5dd3..112f00fc 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/entity_type_provision/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/entity_type_provision/table.sql @@ -135,6 +135,12 @@ CREATE TABLE metaschema_modules_public.entity_type_provision ( out_execution_logs_table_id uuid DEFAULT NULL, + out_secret_definitions_table_id uuid DEFAULT NULL, + + out_requirements_table_id uuid DEFAULT NULL, + + out_config_requirements_table_id uuid DEFAULT NULL, + out_graph_module_id uuid DEFAULT NULL, out_graphs_table_id uuid DEFAULT NULL, @@ -328,12 +334,13 @@ COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.storage IS 'Optional JSON array of storage module definitions. Presence triggers provisioning (same inference model as namespaces, functions, agents). Each element provisions a separate storage module with its own tables - ({prefix}_{storage_key}_buckets/files), RLS policies, and feature flags. + ({prefix}_{key}_buckets/files), RLS policies, and feature flags. NULL = do not provision storage. ''[{}]'' = provision one default storage module. Each array element recognizes (all optional): - - storage_key (text) module discriminator, max 16 chars, lowercase snake_case. + - key (text) module discriminator, max 16 chars, lowercase snake_case. Defaults to ''default'' (omitted from table names). Non-default keys become infixes: {prefix}_{key}_buckets. + (storage_key accepted for backward compat) - upload_url_expiry_seconds (integer) presigned PUT URL expiry override - download_url_expiry_seconds (integer) presigned GET URL expiry override - default_max_file_size (bigint) global max file size in bytes for this module @@ -353,7 +360,7 @@ COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.storage IS Example (single module, backward compat): storage := ''[{"buckets": [{"name": "documents"}]}]''::jsonb Example (multi-module): - storage := ''[{"has_path_shares": true, "buckets": [{"name": "documents"}]}, {"storage_key": "fn", "has_custom_keys": true, "buckets": [{"name": "functions"}]}]''::jsonb'; + storage := ''[{"has_path_shares": true, "buckets": [{"name": "documents"}]}, {"key": "fn", "has_custom_keys": true, "buckets": [{"name": "functions"}]}]''::jsonb'; COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.out_storage_module_id IS 'Output: the UUID of the storage_module row created for this entity type. Populated by the trigger when storage is non-NULL and non-empty.'; diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_module/table.sql index c4d72345..ee11c67c 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_module/table.sql @@ -20,11 +20,19 @@ CREATE TABLE metaschema_modules_public.function_module ( definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), invocations_table_id uuid NOT NULL DEFAULT uuid_nil(), execution_logs_table_id uuid NOT NULL DEFAULT uuid_nil(), + secret_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), + requirements_table_id uuid NOT NULL DEFAULT uuid_nil(), + config_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), + config_requirements_table_id uuid NOT NULL DEFAULT uuid_nil(), - -- Table names (input to the generator) + -- Table names (input to the generator — bare names without scope prefix). + -- The trigger prepends the scope prefix automatically. definitions_table_name text NOT NULL DEFAULT 'function_definitions', invocations_table_name text NOT NULL DEFAULT 'function_invocations', execution_logs_table_name text NOT NULL DEFAULT 'function_execution_logs', + secret_definitions_table_name text NOT NULL DEFAULT 'secret_definitions', + requirements_table_name text NOT NULL DEFAULT 'function_secret_requirements', + config_requirements_table_name text NOT NULL DEFAULT 'function_config_requirements', -- API routing (get-or-create: if set, schema is added to this API; if NULL, no API is added) api_name text, @@ -33,6 +41,18 @@ CREATE TABLE metaschema_modules_public.function_module ( -- Multi-tenant function identity membership_type int DEFAULT NULL, -- NULL = database-root (AuthzMembership via app_sprt), non-NULL = entity-scoped (AuthzEntityMembership) + -- Scope prefix for table naming. Auto-derived from membership_type when + -- NULL: NULL/1 → 'app', 2 → 'org'. Can be overridden explicitly. + -- The trigger prepends this to all bare table names + -- (e.g. prefix='app' + 'function_definitions' → 'app_function_definitions'). + prefix text NULL, + + -- Module key discriminator: allows multiple function modules per scope. + -- 'default' is omitted from table names, any other value becomes + -- an infix: {prefix}_{key}_function_definitions. + -- Max 16 chars, lowercase snake_case. + key text NOT NULL DEFAULT 'default', + -- Entity table for RLS (NULL for app-level functions, entity table for entity-scoped functions) entity_table_id uuid NULL, @@ -43,7 +63,7 @@ CREATE TABLE metaschema_modules_public.function_module ( policies jsonb NULL, -- Per-table provisions overrides from blueprint config. - -- Keys are table keys (definitions, invocations, execution_logs). + -- Keys are table keys (definitions, invocations, execution_logs, secret_definitions, requirements). -- When a key is present, the module trigger skips default security for that table; -- secure_table_provision applies the custom grants/policies instead. provisions jsonb NULL, @@ -55,14 +75,18 @@ CREATE TABLE metaschema_modules_public.function_module ( CONSTRAINT function_module_definitions_table_fkey FOREIGN KEY (definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, CONSTRAINT function_module_invocations_table_fkey FOREIGN KEY (invocations_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, CONSTRAINT function_module_execution_logs_table_fkey FOREIGN KEY (execution_logs_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, + CONSTRAINT function_module_secret_defs_table_fkey FOREIGN KEY (secret_definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, + CONSTRAINT function_module_requirements_table_fkey FOREIGN KEY (requirements_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, + CONSTRAINT function_module_config_defs_table_fkey FOREIGN KEY (config_definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, + CONSTRAINT function_module_config_reqs_table_fkey FOREIGN KEY (config_requirements_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, CONSTRAINT function_module_entity_table_fkey FOREIGN KEY (entity_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE ); CREATE INDEX function_module_database_id_idx ON metaschema_modules_public.function_module ( database_id ); --- Unique constraint on (database_id, membership_type) using COALESCE to handle NULLs. --- NULL membership_type = app-level, non-NULL = entity-scoped. --- Only one function module per scope. -CREATE UNIQUE INDEX function_module_unique_scope ON metaschema_modules_public.function_module ( database_id, COALESCE(membership_type, -1) ); +-- Unique constraint on (database_id, membership_type, key) using COALESCE to handle NULLs. +-- NULL membership_type = app-level, non-NULL = entity-scoped. key discriminates +-- multiple function modules for the same scope (e.g. 'webhooks' + 'automations'). +CREATE UNIQUE INDEX function_module_unique_scope ON metaschema_modules_public.function_module ( database_id, COALESCE(membership_type, -1), key ); COMMIT; diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/memberships_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/memberships_module/table.sql index 519e9751..9dc86683 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/memberships_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/memberships_module/table.sql @@ -50,6 +50,9 @@ CREATE TABLE metaschema_modules_public.memberships_module ( prefix text NULL, + -- Populated by memberships_module generator when get_organization_id is created + get_org_fn text NULL, + -- actor_mask_check text NOT NULL DEFAULT '', diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/merkle_store_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/merkle_store_module/table.sql index a90f5e2a..fd0f3426 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/merkle_store_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/merkle_store_module/table.sql @@ -8,11 +8,13 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( id uuid PRIMARY KEY DEFAULT uuidv7(), database_id uuid NOT NULL, - -- Schema reference (if uuid_nil, resolved from public_schema_name or default) + -- Schema references (if uuid_nil, resolved from schema name or default) schema_id uuid NOT NULL DEFAULT uuid_nil(), + private_schema_id uuid NOT NULL DEFAULT uuid_nil(), - -- Optional schema name override (used when schema_id is not provided) + -- Optional schema name overrides (used when schema IDs are not provided) public_schema_name text, + private_schema_name text, -- Generated table IDs (populated by BEFORE INSERT trigger) object_table_id uuid NOT NULL DEFAULT uuid_nil(), @@ -24,8 +26,9 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( -- Stored normalized (no trailing underscore); underscore added at generation time prefix text NOT NULL DEFAULT '', - -- API name (if set, schema is added to this API; if NULL, no API is added) + -- API routing (get-or-create: if set, schema is added to this API; if NULL, no API is added) api_name text, + private_api_name text, -- Scope field name (column used for multi-tenant isolation) scope_field text NOT NULL DEFAULT 'scope_id', @@ -36,6 +39,7 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( -- Constraints CONSTRAINT db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY (schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE, + CONSTRAINT private_schema_fkey FOREIGN KEY (private_schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE, CONSTRAINT object_table_fkey FOREIGN KEY (object_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, CONSTRAINT store_table_fkey FOREIGN KEY (store_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, CONSTRAINT commit_table_fkey FOREIGN KEY (commit_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE, @@ -46,5 +50,6 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( ); CREATE INDEX merkle_store_module_database_id_idx ON metaschema_modules_public.merkle_store_module ( database_id ); +CREATE INDEX merkle_store_module_private_schema_id_idx ON metaschema_modules_public.merkle_store_module ( private_schema_id ); COMMIT; diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/namespace_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/namespace_module/table.sql index 6e0c2f8b..29ffd082 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/namespace_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/namespace_module/table.sql @@ -31,6 +31,12 @@ CREATE TABLE metaschema_modules_public.namespace_module ( -- Multi-tenant namespace identity membership_type int DEFAULT NULL, -- NULL = database-root (AuthzMembership via app_sprt), non-NULL = entity-scoped (AuthzEntityMembership) + -- Module key discriminator: allows multiple namespace modules per scope. + -- 'default' is omitted from table names, any other value becomes + -- an infix: {prefix}_{key}_namespaces. + -- Max 16 chars, lowercase snake_case. + key text NOT NULL DEFAULT 'default', + -- Entity table for RLS (NULL for app-level namespaces, entity table for entity-scoped namespaces) entity_table_id uuid NULL, @@ -57,9 +63,9 @@ CREATE TABLE metaschema_modules_public.namespace_module ( CREATE INDEX namespace_module_database_id_idx ON metaschema_modules_public.namespace_module ( database_id ); --- Unique constraint on (database_id, membership_type) using COALESCE to handle NULLs. --- NULL membership_type = app-level, non-NULL = entity-scoped. --- Only one namespace module per scope (unlike storage_module which has storage_key). -CREATE UNIQUE INDEX namespace_module_unique_scope ON metaschema_modules_public.namespace_module ( database_id, COALESCE(membership_type, -1) ); +-- Unique constraint on (database_id, membership_type, key) using COALESCE to handle NULLs. +-- NULL membership_type = app-level, non-NULL = entity-scoped. key discriminates +-- multiple namespace modules for the same scope (e.g. 'config' + 'content'). +CREATE UNIQUE INDEX namespace_module_unique_scope ON metaschema_modules_public.namespace_module ( database_id, COALESCE(membership_type, -1), key ); COMMIT; diff --git a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/storage_module/table.sql b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/storage_module/table.sql index 4a1611a8..dd3041bf 100644 --- a/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/storage_module/table.sql +++ b/packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/storage_module/table.sql @@ -23,11 +23,11 @@ CREATE TABLE metaschema_modules_public.storage_module ( -- Multi-tenant storage identity membership_type int DEFAULT NULL, -- NULL = global gate (AuthzMembership via app_sprt), non-NULL = entity-scoped (AuthzEntityMembership) - -- Storage module discriminator: allows multiple storage modules per entity type. + -- Module key discriminator: allows multiple storage modules per entity type. -- 'default' is omitted from table names (backward compat), any other value becomes - -- an infix: {prefix}_{storage_key}_{buckets|files}. + -- an infix: {prefix}_{key}_{buckets|files}. -- Max 16 chars, lowercase snake_case, cannot be 'buckets'/'files'/'bucket'/'file'. - storage_key text NOT NULL DEFAULT 'default', + key text NOT NULL DEFAULT 'default', -- Configurable security policies (NULL = use defaults based on membership_type). -- When provided, replaces the default policy set in apply_storage_security. @@ -100,9 +100,9 @@ CREATE TABLE metaschema_modules_public.storage_module ( CREATE INDEX storage_module_database_id_idx ON metaschema_modules_public.storage_module ( database_id ); --- Unique constraint on (database_id, membership_type, storage_key) using COALESCE to handle NULLs. --- NULL membership_type = app-level, non-NULL = entity-scoped. storage_key discriminates +-- Unique constraint on (database_id, membership_type, key) using COALESCE to handle NULLs. +-- NULL membership_type = app-level, non-NULL = entity-scoped. key discriminates -- multiple storage modules for the same entity type (e.g. 'default' + 'fn'). -CREATE UNIQUE INDEX storage_module_unique_scope ON metaschema_modules_public.storage_module ( database_id, COALESCE(membership_type, -1), storage_key ); +CREATE UNIQUE INDEX storage_module_unique_scope ON metaschema_modules_public.storage_module ( database_id, COALESCE(membership_type, -1), key ); COMMIT; diff --git a/packages/metaschema-modules/metaschema-modules.control b/packages/metaschema-modules/metaschema-modules.control index 5afb7d6d..1320071b 100644 --- a/packages/metaschema-modules/metaschema-modules.control +++ b/packages/metaschema-modules/metaschema-modules.control @@ -1,6 +1,6 @@ # metaschema-modules extension comment = 'metaschema-modules extension' -default_version = '0.26.0' +default_version = '0.26.1' module_pathname = '$libdir/metaschema-modules' requires = 'plpgsql,uuid-ossp,metaschema-schema,services,pgpm-verify' relocatable = false diff --git a/packages/metaschema-modules/package.json b/packages/metaschema-modules/package.json index 3840a9bf..a0c343cd 100644 --- a/packages/metaschema-modules/package.json +++ b/packages/metaschema-modules/package.json @@ -35,4 +35,4 @@ "bugs": { "url": "https://github.com/constructive-io/pgpm-modules/issues" } -} +} \ No newline at end of file diff --git a/packages/metaschema-modules/pgpm.plan b/packages/metaschema-modules/pgpm.plan index 2194b61c..aa0f5293 100644 --- a/packages/metaschema-modules/pgpm.plan +++ b/packages/metaschema-modules/pgpm.plan @@ -60,3 +60,4 @@ schemas/metaschema_modules_public/tables/merkle_store_module/table [schemas/meta schemas/metaschema_modules_public/tables/graph_module/table [schemas/metaschema_modules_public/schema schemas/metaschema_modules_public/tables/merkle_store_module/table] 2026-05-21T01:00:00Z devin # add graph_module config table for FBP graph utilities on top of merkle store schemas/metaschema_modules_public/tables/namespace_module/table [schemas/metaschema_modules_public/schema] 2026-05-21T02:00:00Z devin # add namespace_module config table for entity-aware namespace provisioning schemas/metaschema_modules_public/tables/function_module/table [schemas/metaschema_modules_public/schema] 2026-05-21T03:00:00Z devin # add function_module config table for entity-aware function definitions + diff --git a/packages/metaschema-modules/sql/metaschema-modules--0.26.0.sql b/packages/metaschema-modules/sql/metaschema-modules--0.26.1.sql similarity index 92% rename from packages/metaschema-modules/sql/metaschema-modules--0.26.0.sql rename to packages/metaschema-modules/sql/metaschema-modules--0.26.1.sql index 1ade7ee4..17ed0125 100644 --- a/packages/metaschema-modules/sql/metaschema-modules--0.26.0.sql +++ b/packages/metaschema-modules/sql/metaschema-modules--0.26.1.sql @@ -37,11 +37,11 @@ CREATE TABLE metaschema_modules_public.connected_accounts_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -70,11 +70,11 @@ CREATE TABLE metaschema_modules_public.crypto_addresses_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -109,19 +109,19 @@ CREATE TABLE metaschema_modules_public.crypto_auth_module ( ON DELETE CASCADE, CONSTRAINT secrets_table_fkey FOREIGN KEY(secrets_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT session_credentials_table_fkey FOREIGN KEY(session_credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -161,11 +161,11 @@ CREATE TABLE metaschema_modules_public.denormalized_table_field ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT ref_table_fkey FOREIGN KEY(ref_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT field_fkey FOREIGN KEY(field_id) @@ -193,11 +193,11 @@ CREATE TABLE metaschema_modules_public.emails_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -217,6 +217,7 @@ CREATE TABLE metaschema_modules_public.config_secrets_user_module ( schema_id uuid NOT NULL DEFAULT uuid_nil(), table_id uuid NOT NULL DEFAULT uuid_nil(), table_name text NOT NULL DEFAULT 'user_secrets', + config_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), CONSTRAINT db_fkey FOREIGN KEY(database_id) REFERENCES metaschema_public.database (id) @@ -227,7 +228,11 @@ CREATE TABLE metaschema_modules_public.config_secrets_user_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT config_defs_table_fkey + FOREIGN KEY(config_definitions_table_id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -254,23 +259,23 @@ CREATE TABLE metaschema_modules_public.invites_module ( ON DELETE CASCADE, CONSTRAINT invites_table_fkey FOREIGN KEY(invites_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT emails_table_fkey FOREIGN KEY(emails_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT claimed_invites_table_fkey FOREIGN KEY(claimed_invites_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -319,7 +324,7 @@ CREATE TABLE metaschema_modules_public.events_module ( tg_check_achievements text NOT NULL DEFAULT '', grant_achievement text NOT NULL DEFAULT '', tg_achievement_reward text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text DEFAULT '12 months', premake int NOT NULL DEFAULT 2, prefix text NULL, @@ -340,39 +345,39 @@ CREATE TABLE metaschema_modules_public.events_module ( ON DELETE CASCADE, CONSTRAINT events_table_fkey FOREIGN KEY(events_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT event_aggregates_table_fkey FOREIGN KEY(event_aggregates_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT event_types_table_fkey FOREIGN KEY(event_types_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT levels_table_fkey FOREIGN KEY(levels_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT level_requirements_table_fkey FOREIGN KEY(level_requirements_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT level_grants_table_fkey FOREIGN KEY(level_grants_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT achievement_rewards_table_fkey FOREIGN KEY(achievement_rewards_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT actor_table_fkey FOREIGN KEY(actor_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -425,59 +430,59 @@ CREATE TABLE metaschema_modules_public.limits_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT default_table_fkey FOREIGN KEY(default_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT actor_table_fkey FOREIGN KEY(actor_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT aggregate_table_fkey FOREIGN KEY(aggregate_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limit_credits_table_fkey FOREIGN KEY(limit_credits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT events_table_fkey FOREIGN KEY(events_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT credit_codes_table_fkey FOREIGN KEY(credit_codes_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT credit_code_items_table_fkey FOREIGN KEY(credit_code_items_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT credit_redemptions_table_fkey FOREIGN KEY(credit_redemptions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limit_caps_table_fkey FOREIGN KEY(limit_caps_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limit_caps_defaults_table_fkey FOREIGN KEY(limit_caps_defaults_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limit_warnings_table_fkey FOREIGN KEY(limit_warnings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limit_warning_state_table_fkey FOREIGN KEY(limit_warning_state_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -499,7 +504,7 @@ CREATE TABLE metaschema_modules_public.membership_types_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -534,6 +539,7 @@ CREATE TABLE metaschema_modules_public.memberships_module ( entity_table_id uuid NULL, entity_table_owner_id uuid NULL, prefix text NULL, + get_org_fn text NULL, actor_mask_check text NOT NULL DEFAULT '', actor_perm_check text NOT NULL DEFAULT '', entity_ids_by_mask text NULL, @@ -554,31 +560,31 @@ CREATE TABLE metaschema_modules_public.memberships_module ( ON DELETE CASCADE, CONSTRAINT memberships_table_fkey FOREIGN KEY(memberships_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT membership_defaults_table_fkey FOREIGN KEY(membership_defaults_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT membership_settings_table_fkey FOREIGN KEY(membership_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT members_table_fkey FOREIGN KEY(members_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT grants_table_fkey FOREIGN KEY(grants_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sprt_table_fkey FOREIGN KEY(sprt_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_owner_fkey FOREIGN KEY(entity_table_owner_id) @@ -586,23 +592,23 @@ CREATE TABLE metaschema_modules_public.memberships_module ( ON DELETE CASCADE, CONSTRAINT actor_table_fkey FOREIGN KEY(actor_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT limits_table_fkey FOREIGN KEY(limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT default_limits_table_fkey FOREIGN KEY(default_limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT permissions_table_fkey FOREIGN KEY(permissions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT default_permissions_table_fkey FOREIGN KEY(default_permissions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -640,19 +646,19 @@ CREATE TABLE metaschema_modules_public.permissions_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT default_table_fkey FOREIGN KEY(default_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT actor_table_fkey FOREIGN KEY(actor_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -672,11 +678,11 @@ CREATE TABLE metaschema_modules_public.phone_numbers_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -725,39 +731,39 @@ CREATE TABLE metaschema_modules_public.profiles_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT profile_permissions_table_fkey FOREIGN KEY(profile_permissions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT profile_grants_table_fkey FOREIGN KEY(profile_grants_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT profile_definition_grants_table_fkey FOREIGN KEY(profile_definition_grants_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT profile_templates_table_fkey FOREIGN KEY(profile_templates_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT actor_table_fkey FOREIGN KEY(actor_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT permissions_table_fkey FOREIGN KEY(permissions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT memberships_table_fkey FOREIGN KEY(memberships_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT profiles_module_unique UNIQUE (database_id, membership_type) @@ -783,15 +789,15 @@ CREATE TABLE metaschema_modules_public.rls_module ( ON DELETE CASCADE, CONSTRAINT session_credentials_table_fkey FOREIGN KEY(session_credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -831,7 +837,7 @@ CREATE TABLE metaschema_modules_public.user_state_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -859,19 +865,19 @@ CREATE TABLE metaschema_modules_public.sessions_module ( ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT session_credentials_table_fkey FOREIGN KEY(session_credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT auth_settings_table_fkey FOREIGN KEY(auth_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -920,27 +926,27 @@ CREATE TABLE metaschema_modules_public.user_auth_module ( ON DELETE CASCADE, CONSTRAINT email_table_fkey FOREIGN KEY(emails_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT secrets_table_fkey FOREIGN KEY(secrets_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT encrypted_table_fkey FOREIGN KEY(encrypted_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT session_credentials_table_fkey FOREIGN KEY(session_credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -976,11 +982,11 @@ CREATE TABLE metaschema_modules_public.users_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT type_table_fkey FOREIGN KEY(type_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -1021,23 +1027,23 @@ CREATE TABLE metaschema_modules_public.hierarchy_module ( ON DELETE CASCADE, CONSTRAINT chart_edges_table_fkey FOREIGN KEY(chart_edges_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT hierarchy_sprt_table_fkey FOREIGN KEY(hierarchy_sprt_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT chart_edge_grants_table_fkey FOREIGN KEY(chart_edge_grants_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT hierarchy_module_database_unique UNIQUE (database_id) @@ -1063,7 +1069,7 @@ CREATE TABLE metaschema_modules_public.secure_table_provision ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -1130,11 +1136,11 @@ CREATE TABLE metaschema_modules_public.relation_provision ( ON DELETE CASCADE, CONSTRAINT source_table_fkey FOREIGN KEY(source_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT target_table_fkey FOREIGN KEY(target_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -1457,7 +1463,7 @@ CREATE TABLE metaschema_modules_public.storage_module ( buckets_table_name text NOT NULL DEFAULT 'app_buckets', files_table_name text NOT NULL DEFAULT 'app_files', membership_type int DEFAULT NULL, - storage_key text NOT NULL DEFAULT 'default', + key text NOT NULL DEFAULT 'default', policies jsonb NULL, provisions jsonb NULL, entity_table_id uuid NULL, @@ -1496,29 +1502,29 @@ CREATE TABLE metaschema_modules_public.storage_module ( ON DELETE CASCADE, CONSTRAINT buckets_table_fkey FOREIGN KEY(buckets_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT files_table_fkey FOREIGN KEY(files_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT path_shares_table_fkey FOREIGN KEY(path_shares_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT file_events_table_fkey FOREIGN KEY(file_events_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); CREATE INDEX storage_module_database_id_idx ON metaschema_modules_public.storage_module (database_id); -CREATE UNIQUE INDEX storage_module_unique_scope ON metaschema_modules_public.storage_module (database_id, (COALESCE(membership_type, -1)), storage_key); +CREATE UNIQUE INDEX storage_module_unique_scope ON metaschema_modules_public.storage_module (database_id, (COALESCE(membership_type, -1)), key); CREATE TABLE metaschema_modules_public.entity_type_provision ( id uuid PRIMARY KEY DEFAULT uuidv7(), @@ -1557,6 +1563,9 @@ CREATE TABLE metaschema_modules_public.entity_type_provision ( out_definitions_table_id uuid DEFAULT NULL, out_invocations_table_id uuid DEFAULT NULL, out_execution_logs_table_id uuid DEFAULT NULL, + out_secret_definitions_table_id uuid DEFAULT NULL, + out_requirements_table_id uuid DEFAULT NULL, + out_config_requirements_table_id uuid DEFAULT NULL, out_graph_module_id uuid DEFAULT NULL, out_graphs_table_id uuid DEFAULT NULL, out_agent_module_id uuid DEFAULT NULL, @@ -1693,12 +1702,13 @@ COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.out_installed_ COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.storage IS 'Optional JSON array of storage module definitions. Presence triggers provisioning (same inference model as namespaces, functions, agents). Each element provisions a separate storage module with its own tables - ({prefix}_{storage_key}_buckets/files), RLS policies, and feature flags. + ({prefix}_{key}_buckets/files), RLS policies, and feature flags. NULL = do not provision storage. ''[{}]'' = provision one default storage module. Each array element recognizes (all optional): - - storage_key (text) module discriminator, max 16 chars, lowercase snake_case. + - key (text) module discriminator, max 16 chars, lowercase snake_case. Defaults to ''default'' (omitted from table names). Non-default keys become infixes: {prefix}_{key}_buckets. + (storage_key accepted for backward compat) - upload_url_expiry_seconds (integer) presigned PUT URL expiry override - download_url_expiry_seconds (integer) presigned GET URL expiry override - default_max_file_size (bigint) global max file size in bytes for this module @@ -1718,7 +1728,7 @@ COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.storage IS 'Op Example (single module, backward compat): storage := ''[{"buckets": [{"name": "documents"}]}]''::jsonb Example (multi-module): - storage := ''[{"has_path_shares": true, "buckets": [{"name": "documents"}]}, {"storage_key": "fn", "has_custom_keys": true, "buckets": [{"name": "functions"}]}]''::jsonb'; + storage := ''[{"has_path_shares": true, "buckets": [{"name": "documents"}]}, {"key": "fn", "has_custom_keys": true, "buckets": [{"name": "functions"}]}]''::jsonb'; COMMENT ON COLUMN metaschema_modules_public.entity_type_provision.out_storage_module_id IS 'Output: the UUID of the storage_module row created for this entity type. Populated by the trigger when storage is non-NULL and non-empty.'; @@ -1790,15 +1800,15 @@ CREATE TABLE metaschema_modules_public.rate_limits_module ( ON DELETE CASCADE, CONSTRAINT rate_limit_settings_table_fkey FOREIGN KEY(rate_limit_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT ip_rate_limits_table_fkey FOREIGN KEY(ip_rate_limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT rate_limits_table_fkey FOREIGN KEY(rate_limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT rate_limits_module_database_id_uniq UNIQUE (database_id) @@ -1830,11 +1840,11 @@ CREATE TABLE metaschema_modules_public.devices_module ( ON DELETE CASCADE, CONSTRAINT user_devices_table_fkey FOREIGN KEY(user_devices_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT device_settings_table_fkey FOREIGN KEY(device_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT devices_module_database_id_uniq UNIQUE (database_id) @@ -1863,11 +1873,11 @@ CREATE TABLE metaschema_modules_public.session_secrets_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -1897,11 +1907,11 @@ CREATE TABLE metaschema_modules_public.webauthn_credentials_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -1946,27 +1956,27 @@ CREATE TABLE metaschema_modules_public.webauthn_auth_module ( ON DELETE CASCADE, CONSTRAINT users_table_fkey FOREIGN KEY(users_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT credentials_table_fkey FOREIGN KEY(credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT sessions_table_fkey FOREIGN KEY(sessions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT session_credentials_table_fkey FOREIGN KEY(session_credentials_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT session_secrets_table_fkey FOREIGN KEY(session_secrets_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT auth_settings_table_fkey FOREIGN KEY(auth_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -1985,7 +1995,7 @@ CREATE TABLE metaschema_modules_public.identity_providers_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -2033,35 +2043,35 @@ CREATE TABLE metaschema_modules_public.notifications_module ( ON DELETE CASCADE, CONSTRAINT notifications_table_fkey FOREIGN KEY(notifications_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT read_state_table_fkey FOREIGN KEY(read_state_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT preferences_table_fkey FOREIGN KEY(preferences_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT channels_table_fkey FOREIGN KEY(channels_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT delivery_log_table_fkey FOREIGN KEY(delivery_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT owner_table_fkey FOREIGN KEY(owner_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT user_settings_table_fkey FOREIGN KEY(user_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT organization_settings_table_fkey FOREIGN KEY(organization_settings_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT schema_fkey FOREIGN KEY(schema_id) @@ -2132,19 +2142,19 @@ CREATE TABLE metaschema_modules_public.plans_module ( ON DELETE CASCADE, CONSTRAINT plans_table_fkey FOREIGN KEY(plans_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT plan_limits_table_fkey FOREIGN KEY(plan_limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT plan_pricing_table_fkey FOREIGN KEY(plan_pricing_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT plan_overrides_table_fkey FOREIGN KEY(plan_overrides_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT plans_module_database_id_unique UNIQUE (database_id) @@ -2185,27 +2195,27 @@ CREATE TABLE metaschema_modules_public.billing_module ( ON DELETE CASCADE, CONSTRAINT meters_table_fkey FOREIGN KEY(meters_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT plan_subscriptions_table_fkey FOREIGN KEY(plan_subscriptions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT ledger_table_fkey FOREIGN KEY(ledger_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT balances_table_fkey FOREIGN KEY(balances_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT meter_credits_table_fkey FOREIGN KEY(meter_credits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT meter_sources_table_fkey FOREIGN KEY(meter_sources_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT billing_module_database_id_unique UNIQUE (database_id) @@ -2248,35 +2258,35 @@ CREATE TABLE metaschema_modules_public.billing_provider_module ( ON DELETE CASCADE, CONSTRAINT billing_customers_table_fkey FOREIGN KEY(billing_customers_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT billing_products_table_fkey FOREIGN KEY(billing_products_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT billing_prices_table_fkey FOREIGN KEY(billing_prices_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT billing_subscriptions_table_fkey FOREIGN KEY(billing_subscriptions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT billing_webhook_events_table_fkey FOREIGN KEY(billing_webhook_events_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT products_table_fkey FOREIGN KEY(products_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT prices_table_fkey FOREIGN KEY(prices_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT subscriptions_table_fkey FOREIGN KEY(subscriptions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT billing_provider_module_database_id_unique UNIQUE (database_id) @@ -2295,7 +2305,7 @@ CREATE TABLE metaschema_modules_public.realtime_module ( source_registry_table_id uuid NOT NULL DEFAULT uuid_nil(), retention_hours int NOT NULL DEFAULT 168, premake int NOT NULL DEFAULT 7, - "interval" text NOT NULL DEFAULT '1 day', + interval text NOT NULL DEFAULT '1 day', notify_channel text NULL, CONSTRAINT db_fkey FOREIGN KEY(database_id) @@ -2315,15 +2325,15 @@ CREATE TABLE metaschema_modules_public.realtime_module ( ON DELETE CASCADE, CONSTRAINT change_log_table_fkey FOREIGN KEY(change_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT listener_node_table_fkey FOREIGN KEY(listener_node_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT source_registry_table_fkey FOREIGN KEY(source_registry_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -2370,15 +2380,15 @@ CREATE TABLE metaschema_modules_public.rate_limit_meters_module ( ON DELETE CASCADE, CONSTRAINT rate_limit_state_table_fkey FOREIGN KEY(rate_limit_state_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT rate_limit_overrides_table_fkey FOREIGN KEY(rate_limit_overrides_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT rate_window_limits_table_fkey FOREIGN KEY(rate_window_limits_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT rate_limit_meters_module_database_id_unique UNIQUE (database_id) @@ -2408,7 +2418,7 @@ CREATE TABLE metaschema_modules_public.config_secrets_org_module ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -2429,7 +2439,7 @@ CREATE TABLE metaschema_modules_public.inference_log_module ( inference_log_table_name text NOT NULL DEFAULT '', usage_daily_table_id uuid NOT NULL DEFAULT uuid_nil(), usage_daily_table_name text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text NOT NULL DEFAULT '12 months', premake int NOT NULL DEFAULT 2, scope text NOT NULL DEFAULT 'app', @@ -2450,11 +2460,11 @@ CREATE TABLE metaschema_modules_public.inference_log_module ( ON DELETE CASCADE, CONSTRAINT inference_log_table_fkey FOREIGN KEY(inference_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT usage_daily_table_fkey FOREIGN KEY(usage_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT inference_log_module_database_id_prefix_unique UNIQUE NULLS NOT DISTINCT (database_id, prefix) @@ -2471,7 +2481,7 @@ CREATE TABLE metaschema_modules_public.compute_log_module ( compute_log_table_name text NOT NULL DEFAULT '', usage_daily_table_id uuid NOT NULL DEFAULT uuid_nil(), usage_daily_table_name text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text NOT NULL DEFAULT '12 months', premake int NOT NULL DEFAULT 2, scope text NOT NULL DEFAULT 'app', @@ -2492,11 +2502,11 @@ CREATE TABLE metaschema_modules_public.compute_log_module ( ON DELETE CASCADE, CONSTRAINT compute_log_table_fkey FOREIGN KEY(compute_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT usage_daily_table_fkey FOREIGN KEY(usage_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT compute_log_module_database_id_prefix_unique UNIQUE NULLS NOT DISTINCT (database_id, prefix) @@ -2513,7 +2523,7 @@ CREATE TABLE metaschema_modules_public.transfer_log_module ( transfer_log_table_name text NOT NULL DEFAULT '', usage_daily_table_id uuid NOT NULL DEFAULT uuid_nil(), usage_daily_table_name text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text NOT NULL DEFAULT '12 months', premake int NOT NULL DEFAULT 2, scope text NOT NULL DEFAULT 'app', @@ -2534,11 +2544,11 @@ CREATE TABLE metaschema_modules_public.transfer_log_module ( ON DELETE CASCADE, CONSTRAINT transfer_log_table_fkey FOREIGN KEY(transfer_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT usage_daily_table_fkey FOREIGN KEY(usage_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT transfer_log_module_database_id_prefix_unique UNIQUE NULLS NOT DISTINCT (database_id, prefix) @@ -2555,7 +2565,7 @@ CREATE TABLE metaschema_modules_public.storage_log_module ( storage_log_table_name text NOT NULL DEFAULT '', usage_daily_table_id uuid NOT NULL DEFAULT uuid_nil(), usage_daily_table_name text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text NOT NULL DEFAULT '12 months', premake int NOT NULL DEFAULT 2, scope text NOT NULL DEFAULT 'app', @@ -2576,11 +2586,11 @@ CREATE TABLE metaschema_modules_public.storage_log_module ( ON DELETE CASCADE, CONSTRAINT storage_log_table_fkey FOREIGN KEY(storage_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT usage_daily_table_fkey FOREIGN KEY(usage_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT storage_log_module_database_id_prefix_unique UNIQUE NULLS NOT DISTINCT (database_id, prefix) @@ -2601,7 +2611,7 @@ CREATE TABLE metaschema_modules_public.db_usage_module ( query_stats_log_table_name text NOT NULL DEFAULT '', query_stats_daily_table_id uuid NOT NULL DEFAULT uuid_nil(), query_stats_daily_table_name text NOT NULL DEFAULT '', - "interval" text NOT NULL DEFAULT '1 month', + interval text NOT NULL DEFAULT '1 month', retention text NOT NULL DEFAULT '12 months', premake int NOT NULL DEFAULT 2, scope text NOT NULL DEFAULT 'app', @@ -2620,19 +2630,19 @@ CREATE TABLE metaschema_modules_public.db_usage_module ( ON DELETE CASCADE, CONSTRAINT table_stats_log_table_fkey FOREIGN KEY(table_stats_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT table_stats_daily_table_fkey FOREIGN KEY(table_stats_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT query_stats_log_table_fkey FOREIGN KEY(query_stats_log_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT query_stats_daily_table_fkey FOREIGN KEY(query_stats_daily_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT db_usage_module_database_id_prefix_unique UNIQUE NULLS NOT DISTINCT (database_id, prefix) @@ -2658,6 +2668,7 @@ CREATE TABLE metaschema_modules_public.agent_module ( has_knowledge boolean NOT NULL DEFAULT false, api_name text DEFAULT 'agent', membership_type int DEFAULT NULL, + key text NOT NULL DEFAULT 'default', entity_table_id uuid NULL, policies jsonb NULL, knowledge_config jsonb NULL, @@ -2677,45 +2688,48 @@ CREATE TABLE metaschema_modules_public.agent_module ( ON DELETE CASCADE, CONSTRAINT agent_module_thread_table_fkey FOREIGN KEY(thread_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT agent_module_message_table_fkey FOREIGN KEY(message_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT agent_module_task_table_fkey FOREIGN KEY(task_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT agent_module_prompts_table_fkey FOREIGN KEY(prompts_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT agent_module_knowledge_table_fkey FOREIGN KEY(knowledge_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT agent_module_entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); CREATE INDEX agent_module_database_id_idx ON metaschema_modules_public.agent_module (database_id); -CREATE UNIQUE INDEX agent_module_unique_scope ON metaschema_modules_public.agent_module (database_id, (COALESCE(membership_type, -1))); +CREATE UNIQUE INDEX agent_module_unique_scope ON metaschema_modules_public.agent_module (database_id, (COALESCE(membership_type, -1)), key); CREATE TABLE metaschema_modules_public.merkle_store_module ( id uuid PRIMARY KEY DEFAULT uuidv7(), database_id uuid NOT NULL, schema_id uuid NOT NULL DEFAULT uuid_nil(), + private_schema_id uuid NOT NULL DEFAULT uuid_nil(), public_schema_name text, + private_schema_name text, object_table_id uuid NOT NULL DEFAULT uuid_nil(), store_table_id uuid NOT NULL DEFAULT uuid_nil(), commit_table_id uuid NOT NULL DEFAULT uuid_nil(), ref_table_id uuid NOT NULL DEFAULT uuid_nil(), prefix text NOT NULL DEFAULT '', api_name text, + private_api_name text, scope_field text NOT NULL DEFAULT 'scope_id', created_at timestamptz NOT NULL DEFAULT now(), CONSTRAINT db_fkey @@ -2726,21 +2740,25 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( FOREIGN KEY(schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE, + CONSTRAINT private_schema_fkey + FOREIGN KEY(private_schema_id) + REFERENCES metaschema_public.schema (id) + ON DELETE CASCADE, CONSTRAINT object_table_fkey FOREIGN KEY(object_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT store_table_fkey FOREIGN KEY(store_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT commit_table_fkey FOREIGN KEY(commit_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT ref_table_fkey FOREIGN KEY(ref_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT merkle_store_module_database_prefix_unique UNIQUE (database_id, prefix) @@ -2748,6 +2766,8 @@ CREATE TABLE metaschema_modules_public.merkle_store_module ( CREATE INDEX merkle_store_module_database_id_idx ON metaschema_modules_public.merkle_store_module (database_id); +CREATE INDEX merkle_store_module_private_schema_id_idx ON metaschema_modules_public.merkle_store_module (private_schema_id); + CREATE TABLE metaschema_modules_public.graph_module ( id uuid PRIMARY KEY DEFAULT uuidv7(), database_id uuid NOT NULL, @@ -2786,19 +2806,19 @@ CREATE TABLE metaschema_modules_public.graph_module ( ON DELETE CASCADE, CONSTRAINT graphs_table_fkey FOREIGN KEY(graphs_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT executions_table_fkey FOREIGN KEY(executions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT outputs_table_fkey FOREIGN KEY(outputs_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT graph_module_entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT graph_module_database_merkle_unique UNIQUE (database_id, merkle_store_module_id) @@ -2820,6 +2840,7 @@ CREATE TABLE metaschema_modules_public.namespace_module ( api_name text, private_api_name text, membership_type int DEFAULT NULL, + key text NOT NULL DEFAULT 'default', entity_table_id uuid NULL, policies jsonb NULL, provisions jsonb NULL, @@ -2837,21 +2858,21 @@ CREATE TABLE metaschema_modules_public.namespace_module ( ON DELETE CASCADE, CONSTRAINT namespace_module_namespaces_table_fkey FOREIGN KEY(namespaces_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT namespace_module_events_table_fkey FOREIGN KEY(namespace_events_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT namespace_module_entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); CREATE INDEX namespace_module_database_id_idx ON metaschema_modules_public.namespace_module (database_id); -CREATE UNIQUE INDEX namespace_module_unique_scope ON metaschema_modules_public.namespace_module (database_id, (COALESCE(membership_type, -1))); +CREATE UNIQUE INDEX namespace_module_unique_scope ON metaschema_modules_public.namespace_module (database_id, (COALESCE(membership_type, -1)), key); CREATE TABLE metaschema_modules_public.function_module ( id uuid PRIMARY KEY DEFAULT uuidv7(), @@ -2863,12 +2884,21 @@ CREATE TABLE metaschema_modules_public.function_module ( definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), invocations_table_id uuid NOT NULL DEFAULT uuid_nil(), execution_logs_table_id uuid NOT NULL DEFAULT uuid_nil(), + secret_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), + requirements_table_id uuid NOT NULL DEFAULT uuid_nil(), + config_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(), + config_requirements_table_id uuid NOT NULL DEFAULT uuid_nil(), definitions_table_name text NOT NULL DEFAULT 'function_definitions', invocations_table_name text NOT NULL DEFAULT 'function_invocations', execution_logs_table_name text NOT NULL DEFAULT 'function_execution_logs', + secret_definitions_table_name text NOT NULL DEFAULT 'secret_definitions', + requirements_table_name text NOT NULL DEFAULT 'function_secret_requirements', + config_requirements_table_name text NOT NULL DEFAULT 'function_config_requirements', api_name text, private_api_name text, membership_type int DEFAULT NULL, + prefix text NULL, + key text NOT NULL DEFAULT 'default', entity_table_id uuid NULL, policies jsonb NULL, provisions jsonb NULL, @@ -2886,22 +2916,38 @@ CREATE TABLE metaschema_modules_public.function_module ( ON DELETE CASCADE, CONSTRAINT function_module_definitions_table_fkey FOREIGN KEY(definitions_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT function_module_invocations_table_fkey FOREIGN KEY(invocations_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT function_module_execution_logs_table_fkey FOREIGN KEY(execution_logs_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT function_module_secret_defs_table_fkey + FOREIGN KEY(secret_definitions_table_id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT function_module_requirements_table_fkey + FOREIGN KEY(requirements_table_id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT function_module_config_defs_table_fkey + FOREIGN KEY(config_definitions_table_id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT function_module_config_reqs_table_fkey + FOREIGN KEY(config_requirements_table_id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT function_module_entity_table_fkey FOREIGN KEY(entity_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); CREATE INDEX function_module_database_id_idx ON metaschema_modules_public.function_module (database_id); -CREATE UNIQUE INDEX function_module_unique_scope ON metaschema_modules_public.function_module (database_id, (COALESCE(membership_type, -1))); \ No newline at end of file +CREATE UNIQUE INDEX function_module_unique_scope ON metaschema_modules_public.function_module (database_id, (COALESCE(membership_type, -1)), key); \ No newline at end of file diff --git a/packages/metaschema-modules/verify/schemas/metaschema_modules_public/tables/namespace_module/table.sql b/packages/metaschema-modules/verify/schemas/metaschema_modules_public/tables/namespace_module/table.sql index ee614746..5dbc2e9a 100644 --- a/packages/metaschema-modules/verify/schemas/metaschema_modules_public/tables/namespace_module/table.sql +++ b/packages/metaschema-modules/verify/schemas/metaschema_modules_public/tables/namespace_module/table.sql @@ -3,11 +3,9 @@ BEGIN; SELECT id, database_id, schema_id, private_schema_id, - public_schema_name, private_schema_name, namespaces_table_id, namespace_events_table_id, namespaces_table_name, namespace_events_table_name, - api_name, private_api_name, - entity_table_id, policies, provisions + membership_type, entity_table_id, policies FROM metaschema_modules_public.namespace_module WHERE false; diff --git a/packages/metaschema-schema/Makefile b/packages/metaschema-schema/Makefile index f7734bad..0da07181 100644 --- a/packages/metaschema-schema/Makefile +++ b/packages/metaschema-schema/Makefile @@ -1,5 +1,5 @@ EXTENSION = metaschema-schema -DATA = sql/metaschema-schema--0.26.0.sql +DATA = sql/metaschema-schema--0.26.1.sql PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/packages/metaschema-schema/deploy/schemas/metaschema_public/tables/partition/table.sql b/packages/metaschema-schema/deploy/schemas/metaschema_public/tables/partition/table.sql new file mode 100644 index 00000000..b0e726e2 --- /dev/null +++ b/packages/metaschema-schema/deploy/schemas/metaschema_public/tables/partition/table.sql @@ -0,0 +1,44 @@ +-- Deploy schemas/metaschema_public/tables/partition/table to pg + +-- requires: schemas/metaschema_public/schema +-- requires: schemas/metaschema_public/tables/database/table +-- requires: schemas/metaschema_public/tables/table/table +-- requires: schemas/metaschema_public/tables/field/table + +BEGIN; + +CREATE TABLE metaschema_public.partition ( + id uuid PRIMARY KEY DEFAULT uuid_generate_v4(), + database_id uuid NOT NULL, + table_id uuid NOT NULL, + strategy text NOT NULL CHECK (strategy IN ('range', 'list', 'hash')), + partition_key_id uuid NOT NULL, + "interval" text, + retention text, + retention_keep_table boolean NOT NULL DEFAULT true, + premake int NOT NULL DEFAULT 2, + naming_pattern text NOT NULL DEFAULT '{parent}_{bounds}', + is_parented boolean NOT NULL DEFAULT false, + + CONSTRAINT partition_database_fkey + FOREIGN KEY (database_id) + REFERENCES metaschema_public.database (id) + ON DELETE CASCADE, + + CONSTRAINT partition_table_fkey + FOREIGN KEY (table_id) + REFERENCES metaschema_public.table (id) + ON DELETE CASCADE, + + CONSTRAINT partition_key_field_fkey + FOREIGN KEY (partition_key_id) + REFERENCES metaschema_public.field (id), + + CONSTRAINT partition_table_unique + UNIQUE (table_id) +); + +CREATE INDEX partition_database_id_idx + ON metaschema_public.partition (database_id); + +COMMIT; diff --git a/packages/metaschema-schema/metaschema-schema.control b/packages/metaschema-schema/metaschema-schema.control index 308d71ed..f6f36010 100644 --- a/packages/metaschema-schema/metaschema-schema.control +++ b/packages/metaschema-schema/metaschema-schema.control @@ -1,6 +1,6 @@ # metaschema-schema extension comment = 'metaschema-schema extension' -default_version = '0.26.0' +default_version = '0.26.1' module_pathname = '$libdir/metaschema-schema' requires = 'citext,hstore,pgpm-inflection,pgpm-database-jobs,pgpm-types,pgcrypto,plpgsql,postgis,uuid-ossp,pgpm-verify' relocatable = false diff --git a/packages/metaschema-schema/package.json b/packages/metaschema-schema/package.json index 707691bd..f1674f3d 100644 --- a/packages/metaschema-schema/package.json +++ b/packages/metaschema-schema/package.json @@ -37,4 +37,4 @@ "bugs": { "url": "https://github.com/constructive-io/pgpm-modules/issues" } -} +} \ No newline at end of file diff --git a/packages/metaschema-schema/pgpm.plan b/packages/metaschema-schema/pgpm.plan index 34f12ae2..11b59439 100644 --- a/packages/metaschema-schema/pgpm.plan +++ b/packages/metaschema-schema/pgpm.plan @@ -34,3 +34,4 @@ schemas/metaschema_public/tables/embedding_chunks/table [schemas/metaschema_publ schemas/metaschema_public/tables/spatial_relation/table [schemas/metaschema_public/schema schemas/metaschema_public/tables/database/table schemas/metaschema_public/tables/table/table schemas/metaschema_public/tables/field/table schemas/metaschema_public/types/object_category] 2026-04-17T00:00:00Z devin # add schemas/metaschema_public/tables/spatial_relation/table schemas/metaschema_public/tables/function/table [schemas/metaschema_public/schema schemas/metaschema_public/tables/database/table schemas/metaschema_public/tables/schema/table] 2026-05-09T00:00:00Z devin # add metaschema_public.function table for tracking generated SQL functions +schemas/metaschema_public/tables/partition/table [schemas/metaschema_public/schema schemas/metaschema_public/tables/database/table schemas/metaschema_public/tables/table/table schemas/metaschema_public/tables/field/table] 2026-05-26T00:00:00Z Constructive # add metaschema_public.partition table for pg_partman lifecycle config diff --git a/packages/metaschema-schema/revert/schemas/metaschema_public/tables/partition/table.sql b/packages/metaschema-schema/revert/schemas/metaschema_public/tables/partition/table.sql new file mode 100644 index 00000000..976337d0 --- /dev/null +++ b/packages/metaschema-schema/revert/schemas/metaschema_public/tables/partition/table.sql @@ -0,0 +1,7 @@ +-- Revert schemas/metaschema_public/tables/partition/table from pg + +BEGIN; + +DROP TABLE metaschema_public.partition; + +COMMIT; diff --git a/packages/metaschema-schema/sql/metaschema-schema--0.26.0.sql b/packages/metaschema-schema/sql/metaschema-schema--0.26.1.sql similarity index 90% rename from packages/metaschema-schema/sql/metaschema-schema--0.26.0.sql rename to packages/metaschema-schema/sql/metaschema-schema--0.26.1.sql index c5781558..552d78f9 100644 --- a/packages/metaschema-schema/sql/metaschema-schema--0.26.0.sql +++ b/packages/metaschema-schema/sql/metaschema-schema--0.26.1.sql @@ -70,7 +70,7 @@ ALTER TABLE metaschema_public.schema CREATE INDEX schema_database_id_idx ON metaschema_public.schema (database_id); -CREATE TABLE metaschema_public.table ( +CREATE TABLE metaschema_public."table" ( id uuid PRIMARY KEY DEFAULT uuidv7(), database_id uuid NOT NULL DEFAULT uuid_nil(), schema_id uuid NOT NULL, @@ -102,14 +102,14 @@ CREATE TABLE metaschema_public.table ( UNIQUE (database_id, schema_id, name) ); -ALTER TABLE metaschema_public.table +ALTER TABLE metaschema_public."table" ADD COLUMN inherits_id uuid NULL - REFERENCES metaschema_public.table (id); + REFERENCES metaschema_public."table" (id); -CREATE INDEX table_schema_id_idx ON metaschema_public.table (schema_id); +CREATE INDEX table_schema_id_idx ON metaschema_public."table" (schema_id); -CREATE INDEX table_database_id_idx ON metaschema_public.table (database_id); +CREATE INDEX table_database_id_idx ON metaschema_public."table" (database_id); CREATE TABLE metaschema_public.check_constraint ( id uuid PRIMARY KEY DEFAULT uuidv7(), @@ -130,7 +130,7 @@ CREATE TABLE metaschema_public.check_constraint ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name), CHECK (field_ids <> '{}') @@ -140,9 +140,7 @@ CREATE INDEX check_constraint_table_id_idx ON metaschema_public.check_constraint CREATE INDEX check_constraint_database_id_idx ON metaschema_public.check_constraint (database_id); -CREATE FUNCTION metaschema_private.database_name_hash( - name text -) RETURNS bytea AS $EOFCODE$ +CREATE FUNCTION metaschema_private.database_name_hash(name text) RETURNS bytea AS $EOFCODE$ SELECT DECODE(MD5(LOWER(inflection.plural (name))), 'hex'); $EOFCODE$ LANGUAGE sql IMMUTABLE; @@ -178,7 +176,7 @@ CREATE TABLE metaschema_public.field ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name) ); @@ -203,7 +201,7 @@ CREATE TABLE metaschema_public.foreign_key_constraint ( smart_tags jsonb, type text, field_ids uuid[] NOT NULL, - ref_table_id uuid NOT NULL REFERENCES metaschema_public.table (id) + ref_table_id uuid NOT NULL REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, ref_field_ids uuid[] NOT NULL, delete_action char(1) DEFAULT 'c', @@ -218,7 +216,7 @@ CREATE TABLE metaschema_public.foreign_key_constraint ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name), CHECK (field_ids <> '{}'), @@ -243,7 +241,7 @@ CREATE TABLE metaschema_public.full_text_search ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CHECK ( cardinality(field_ids) = cardinality(weights) @@ -279,7 +277,7 @@ CREATE TABLE metaschema_public.index ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (database_id, name) ); @@ -310,7 +308,7 @@ CREATE TABLE metaschema_public.policy ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name) ); @@ -337,7 +335,7 @@ CREATE TABLE metaschema_public.primary_key_constraint ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name), CHECK (field_ids <> '{}') @@ -380,7 +378,7 @@ CREATE TABLE metaschema_public.table_grant ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE ); @@ -390,14 +388,12 @@ CREATE INDEX table_grant_database_id_idx ON metaschema_public.table_grant (datab CREATE UNIQUE INDEX table_grant_unique_idx ON metaschema_public.table_grant (table_id, privilege, grantee_name, (COALESCE(field_ids, CAST('{}' AS uuid[])))); -CREATE FUNCTION metaschema_private.table_name_hash( - name text -) RETURNS bytea AS $EOFCODE$ +CREATE FUNCTION metaschema_private.table_name_hash(name text) RETURNS bytea AS $EOFCODE$ SELECT DECODE(MD5(LOWER(inflection.plural (name))), 'hex'); $EOFCODE$ LANGUAGE sql IMMUTABLE; -CREATE UNIQUE INDEX databases_table_unique_name_idx ON metaschema_public.table (database_id, schema_id, (metaschema_private.table_name_hash(name))); +CREATE UNIQUE INDEX databases_table_unique_name_idx ON metaschema_public."table" (database_id, schema_id, (metaschema_private.table_name_hash(name))); CREATE TABLE metaschema_public.trigger_function ( id uuid PRIMARY KEY DEFAULT uuidv7(), @@ -431,7 +427,7 @@ CREATE TABLE metaschema_public.trigger ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name) ); @@ -459,7 +455,7 @@ CREATE TABLE metaschema_public.unique_constraint ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (table_id, name), CHECK (field_ids <> '{}') @@ -496,7 +492,7 @@ CREATE TABLE metaschema_public.view ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (schema_id, name) ); @@ -518,7 +514,7 @@ CREATE TABLE metaschema_public.view_table ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, UNIQUE (view_id, table_id) ); @@ -610,7 +606,7 @@ CREATE TABLE metaschema_public.enum ( name text NOT NULL, label text, description text, - "values" text[] NOT NULL DEFAULT '{}', + values text[] NOT NULL DEFAULT '{}', smart_tags jsonb, category metaschema_public.object_category NOT NULL DEFAULT 'app', module text NULL, @@ -657,11 +653,11 @@ CREATE TABLE metaschema_public.embedding_chunks ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT chunks_table_fkey FOREIGN KEY(chunks_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE SET NULL, CONSTRAINT embedding_field_fkey FOREIGN KEY(embedding_field_id) @@ -712,7 +708,7 @@ CREATE TABLE metaschema_public.spatial_relation ( ON DELETE CASCADE, CONSTRAINT table_fkey FOREIGN KEY(table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT field_fkey FOREIGN KEY(field_id) @@ -720,7 +716,7 @@ CREATE TABLE metaschema_public.spatial_relation ( ON DELETE CASCADE, CONSTRAINT ref_table_fkey FOREIGN KEY(ref_table_id) - REFERENCES metaschema_public.table (id) + REFERENCES metaschema_public."table" (id) ON DELETE CASCADE, CONSTRAINT ref_field_fkey FOREIGN KEY(ref_field_id) @@ -764,4 +760,33 @@ CREATE TABLE metaschema_public.function ( CREATE INDEX function_database_id_idx ON metaschema_public.function (database_id); -CREATE INDEX function_schema_id_idx ON metaschema_public.function (schema_id); \ No newline at end of file +CREATE INDEX function_schema_id_idx ON metaschema_public.function (schema_id); + +CREATE TABLE metaschema_public.partition ( + id uuid PRIMARY KEY DEFAULT uuid_generate_v4(), + database_id uuid NOT NULL, + table_id uuid NOT NULL, + strategy text NOT NULL CHECK (strategy IN ('range', 'list', 'hash')), + partition_key_id uuid NOT NULL, + interval text, + retention text, + retention_keep_table boolean NOT NULL DEFAULT true, + premake int NOT NULL DEFAULT 2, + naming_pattern text NOT NULL DEFAULT '{parent}_{bounds}', + is_parented boolean NOT NULL DEFAULT false, + CONSTRAINT partition_database_fkey + FOREIGN KEY(database_id) + REFERENCES metaschema_public.database (id) + ON DELETE CASCADE, + CONSTRAINT partition_table_fkey + FOREIGN KEY(table_id) + REFERENCES metaschema_public."table" (id) + ON DELETE CASCADE, + CONSTRAINT partition_key_field_fkey + FOREIGN KEY(partition_key_id) + REFERENCES metaschema_public.field (id), + CONSTRAINT partition_table_unique + UNIQUE (table_id) +); + +CREATE INDEX partition_database_id_idx ON metaschema_public.partition (database_id); \ No newline at end of file diff --git a/packages/metaschema-schema/verify/schemas/metaschema_public/tables/partition/table.sql b/packages/metaschema-schema/verify/schemas/metaschema_public/tables/partition/table.sql new file mode 100644 index 00000000..a37df684 --- /dev/null +++ b/packages/metaschema-schema/verify/schemas/metaschema_public/tables/partition/table.sql @@ -0,0 +1,7 @@ +-- Verify schemas/metaschema_public/tables/partition/table on pg + +BEGIN; + +SELECT verify_table ('metaschema_public.partition'); + +ROLLBACK; diff --git a/packages/object-tree/Makefile b/packages/object-tree/Makefile index 20ed0470..8cf8de6e 100644 --- a/packages/object-tree/Makefile +++ b/packages/object-tree/Makefile @@ -1,5 +1,5 @@ EXTENSION = object-tree -DATA = sql/object-tree--0.26.0.sql +DATA = sql/object-tree--0.26.1.sql PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/packages/object-tree/object-tree.control b/packages/object-tree/object-tree.control index 3cf576ba..0d18ea0f 100644 --- a/packages/object-tree/object-tree.control +++ b/packages/object-tree/object-tree.control @@ -1,6 +1,6 @@ # object-tree extension comment = 'object-tree extension - git-like version control for database objects' -default_version = '0.26.0' +default_version = '0.26.1' module_pathname = '$libdir/object-tree' requires = 'plpgsql,pgcrypto,object-store,pgpm-verify' relocatable = false diff --git a/packages/object-tree/package.json b/packages/object-tree/package.json index a03de0ee..1d388cba 100644 --- a/packages/object-tree/package.json +++ b/packages/object-tree/package.json @@ -38,4 +38,4 @@ "bugs": { "url": "https://github.com/constructive-io/pgpm-modules/issues" } -} +} \ No newline at end of file diff --git a/packages/object-tree/sql/object-tree--0.26.0.sql b/packages/object-tree/sql/object-tree--0.26.1.sql similarity index 90% rename from packages/object-tree/sql/object-tree--0.26.0.sql rename to packages/object-tree/sql/object-tree--0.26.1.sql index 0b27cdac..3270a125 100644 --- a/packages/object-tree/sql/object-tree--0.26.0.sql +++ b/packages/object-tree/sql/object-tree--0.26.1.sql @@ -69,11 +69,7 @@ COMMENT ON COLUMN object_tree_public.ref.id IS 'The primary unique identifier fo COMMENT ON COLUMN object_tree_public.ref.name IS 'The name of the ref or branch'; -CREATE FUNCTION object_tree_public.rev_parse( - s_id uuid, - store_id uuid, - refname text DEFAULT 'main' -) RETURNS uuid AS $EOFCODE$ +CREATE FUNCTION object_tree_public.rev_parse(s_id uuid, store_id uuid, refname text DEFAULT 'main') RETURNS uuid AS $EOFCODE$ DECLARE tree_id uuid; commit_id uuid; @@ -106,12 +102,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql STABLE; -CREATE FUNCTION object_tree_public.get_object_at_path( - s_id uuid, - store_id uuid, - path text[], - refname text DEFAULT 'main' -) RETURNS object_store_public.object AS $EOFCODE$ +CREATE FUNCTION object_tree_public.get_object_at_path(s_id uuid, store_id uuid, path text[], refname text DEFAULT 'main') RETURNS object_store_public.object AS $EOFCODE$ DECLARE tree_id uuid; obj object_store_public.object; @@ -123,10 +114,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql STABLE; -CREATE FUNCTION object_tree_public.init_empty_repo( - s_id uuid, - store_id uuid -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION object_tree_public.init_empty_repo(s_id uuid, store_id uuid) RETURNS void AS $EOFCODE$ DECLARE vtree_id uuid; vcommit_id uuid; @@ -156,15 +144,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION object_tree_public.set_and_commit( - s_id uuid, - store_id uuid, - refname text, - path text[], - data jsonb, - kids uuid[], - ktree text[] -) RETURNS uuid AS $EOFCODE$ +CREATE FUNCTION object_tree_public.set_and_commit(s_id uuid, store_id uuid, refname text, path text[], data jsonb, kids uuid[], ktree text[]) RETURNS uuid AS $EOFCODE$ DECLARE hash uuid; @@ -224,13 +204,7 @@ RETURN hash; END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION object_tree_public.set_props_and_commit( - s_id uuid, - store_id uuid, - refname text, - path text[], - data jsonb -) RETURNS uuid AS $EOFCODE$ +CREATE FUNCTION object_tree_public.set_props_and_commit(s_id uuid, store_id uuid, refname text, path text[], data jsonb) RETURNS uuid AS $EOFCODE$ DECLARE hash uuid; diff --git a/packages/partman/Makefile b/packages/partman/Makefile index 12beba90..9ce7a6d8 100644 --- a/packages/partman/Makefile +++ b/packages/partman/Makefile @@ -1,5 +1,5 @@ EXTENSION = pgpm-partman -DATA = sql/pgpm-partman--0.26.0.sql +DATA = sql/pgpm-partman--0.26.1.sql PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/packages/partman/deploy/extensions/pg_partman.sql b/packages/partman/deploy/extensions/pg_partman.sql index 10a63c13..5739af4e 100644 --- a/packages/partman/deploy/extensions/pg_partman.sql +++ b/packages/partman/deploy/extensions/pg_partman.sql @@ -7,6 +7,13 @@ BEGIN END; $$; -GRANT USAGE ON SCHEMA partman TO authenticated; +-- pg_partman 5.x core functions run as SECURITY INVOKER, so the authenticated +-- role needs explicit grants to call create_parent and manage part_config. +-- USAGE+CREATE on schema: create_parent creates template tables here. +-- EXECUTE on functions: call partman.create_parent etc. +-- Table access: read/write part_config for retention settings. +GRANT USAGE, CREATE ON SCHEMA partman TO authenticated; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA partman TO authenticated; +GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA partman TO authenticated; ALTER DEFAULT PRIVILEGES IN SCHEMA partman GRANT EXECUTE ON FUNCTIONS TO authenticated; +ALTER DEFAULT PRIVILEGES IN SCHEMA partman GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO authenticated; diff --git a/packages/partman/deploy/schemas/partman/procedures/create_parent_with_retention.sql b/packages/partman/deploy/schemas/partman/procedures/create_parent_with_retention.sql index c8da2da3..0b507249 100644 --- a/packages/partman/deploy/schemas/partman/procedures/create_parent_with_retention.sql +++ b/packages/partman/deploy/schemas/partman/procedures/create_parent_with_retention.sql @@ -30,6 +30,16 @@ BEGIN END IF; END; $$ -LANGUAGE 'plpgsql' VOLATILE; +LANGUAGE 'plpgsql' VOLATILE SECURITY DEFINER; + +-- SECURITY DEFINER justification: +-- pg_partman 5.x create_parent runs as SECURITY INVOKER and internally +-- executes "ALTER TABLE ... OWNER TO postgres" which requires SET ROLE. +-- The authenticated role cannot SET ROLE to postgres. +-- This function only performs DDL (creating partitions/templates) and +-- writes to part_config (a system config table). It does NOT access any +-- user-data tables, so RLS is irrelevant. This follows the same pattern +-- as metaschema_private.create_database_trigger which is also SECURITY +-- DEFINER for trigger-fired DDL that needs superuser privileges. COMMIT; diff --git a/packages/partman/deploy/schemas/partman/procedures/run_maintenance_by_id.sql b/packages/partman/deploy/schemas/partman/procedures/run_maintenance_by_id.sql index cdf0ad40..9d9bffe0 100644 --- a/packages/partman/deploy/schemas/partman/procedures/run_maintenance_by_id.sql +++ b/packages/partman/deploy/schemas/partman/procedures/run_maintenance_by_id.sql @@ -29,6 +29,10 @@ BEGIN ); END; $$ -LANGUAGE 'plpgsql' VOLATILE; +LANGUAGE 'plpgsql' VOLATILE SECURITY DEFINER; + +-- SECURITY DEFINER justification: same as create_parent_with_retention. +-- partman.run_maintenance internally creates new partition tables and +-- sets their owner to postgres, requiring SET ROLE. No user-data access. COMMIT; diff --git a/packages/partman/package.json b/packages/partman/package.json index a156acb9..6f74672e 100644 --- a/packages/partman/package.json +++ b/packages/partman/package.json @@ -32,4 +32,4 @@ "bugs": { "url": "https://github.com/constructive-io/pgpm-modules/issues" } -} +} \ No newline at end of file diff --git a/packages/partman/pgpm-partman.control b/packages/partman/pgpm-partman.control index cd0b2fa1..64a9c151 100644 --- a/packages/partman/pgpm-partman.control +++ b/packages/partman/pgpm-partman.control @@ -1,6 +1,6 @@ # pgpm-partman extension comment = 'pg_partman wrapper - installs pg_partman into partman schema' -default_version = '0.26.0' +default_version = '0.26.1' module_pathname = '$libdir/pgpm-partman' requires = 'plpgsql,metaschema-schema' relocatable = false diff --git a/packages/partman/sql/pgpm-partman--0.26.0.sql b/packages/partman/sql/pgpm-partman--0.26.1.sql similarity index 71% rename from packages/partman/sql/pgpm-partman--0.26.0.sql rename to packages/partman/sql/pgpm-partman--0.26.1.sql index ecbcc651..90bda43a 100644 --- a/packages/partman/sql/pgpm-partman--0.26.0.sql +++ b/packages/partman/sql/pgpm-partman--0.26.1.sql @@ -6,22 +6,19 @@ BEGIN END; $EOFCODE$; -GRANT USAGE ON SCHEMA partman TO authenticated; +GRANT USAGE, CREATE ON SCHEMA partman TO authenticated; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA partman TO authenticated; +GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA partman TO authenticated; + ALTER DEFAULT PRIVILEGES IN SCHEMA partman GRANT EXECUTE ON FUNCTIONS TO authenticated; -CREATE FUNCTION partman.create_parent_with_retention( - v_parent_table text, - v_control text, - v_type text DEFAULT 'range', - partition_interval text DEFAULT '1 day', - v_premake int DEFAULT 2, - v_retention text DEFAULT NULL, - v_retention_keep_table boolean DEFAULT true -) RETURNS void AS $EOFCODE$ +ALTER DEFAULT PRIVILEGES IN SCHEMA partman + GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO authenticated; + +CREATE FUNCTION partman.create_parent_with_retention(v_parent_table text, v_control text, v_type text DEFAULT 'range', partition_interval text DEFAULT '1 day', v_premake int DEFAULT 2, v_retention text DEFAULT NULL, v_retention_keep_table boolean DEFAULT true) RETURNS void AS $EOFCODE$ BEGIN PERFORM partman.create_parent( p_parent_table := v_parent_table, @@ -38,17 +35,9 @@ BEGIN WHERE parent_table = v_parent_table; END IF; END; -$EOFCODE$ LANGUAGE plpgsql VOLATILE; +$EOFCODE$ LANGUAGE plpgsql VOLATILE SECURITY DEFINER; -CREATE FUNCTION partman.create_parent_by_id( - v_table_id uuid, - v_control text, - v_type text DEFAULT 'range', - partition_interval text DEFAULT '1 day', - v_premake int DEFAULT 2, - v_retention text DEFAULT NULL, - v_retention_keep_table boolean DEFAULT true -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION partman.create_parent_by_id(v_table_id uuid, v_control text, v_type text DEFAULT 'range', partition_interval text DEFAULT '1 day', v_premake int DEFAULT 2, v_retention text DEFAULT NULL, v_retention_keep_table boolean DEFAULT true) RETURNS void AS $EOFCODE$ DECLARE v_parent_table text; BEGIN @@ -74,9 +63,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION partman.remove_parent_by_id( - v_table_id uuid -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION partman.remove_parent_by_id(v_table_id uuid) RETURNS void AS $EOFCODE$ DECLARE v_parent_table text; BEGIN @@ -95,9 +82,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql VOLATILE; -CREATE FUNCTION partman.verify_parent_by_id( - v_table_id uuid -) RETURNS boolean AS $EOFCODE$ +CREATE FUNCTION partman.verify_parent_by_id(v_table_id uuid) RETURNS boolean AS $EOFCODE$ DECLARE v_parent_table text; v_found boolean; @@ -121,10 +106,7 @@ BEGIN END; $EOFCODE$ LANGUAGE plpgsql STABLE; -CREATE FUNCTION partman.run_maintenance_by_id( - v_table_id uuid DEFAULT NULL, - v_analyze boolean DEFAULT true -) RETURNS void AS $EOFCODE$ +CREATE FUNCTION partman.run_maintenance_by_id(v_table_id uuid DEFAULT NULL, v_analyze boolean DEFAULT true) RETURNS void AS $EOFCODE$ DECLARE v_parent_table text; BEGIN @@ -145,4 +127,4 @@ BEGIN p_analyze := v_analyze ); END; -$EOFCODE$ LANGUAGE plpgsql VOLATILE; \ No newline at end of file +$EOFCODE$ LANGUAGE plpgsql VOLATILE SECURITY DEFINER; \ No newline at end of file