feat: sync metaschema-modules tables from constructive-db

packages/metaschema-modules/Makefile

@@ -1,5 +1,5 @@
 EXTENSION = metaschema-modules
-DATA = sql/metaschema-modules--0.26.3.sql
+DATA = sql/metaschema-modules--0.26.5.sql
 
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)

packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap

@@ -18,6 +18,7 @@ exports[`db_meta_modules should have all expected module tables 1`] = `
     "devices_module",
     "emails_module",
     "events_module",
+    "function_invocation_module",
     "function_module",
     "graph_module",
     "hierarchy_module",
@@ -57,8 +58,8 @@ exports[`db_meta_modules should have all expected module tables 1`] = `
 
 exports[`db_meta_modules should verify all module tables exist in metaschema_modules_public schema 1`] = `
 {
-  "moduleTablesCount": 48,
-  "totalTables": 55,
+  "moduleTablesCount": 49,
+  "totalTables": 56,
 }
 `;
 
@@ -125,13 +126,13 @@ exports[`db_meta_modules should verify emails_module table structure 1`] = `
 
 exports[`db_meta_modules should verify module table structures have database_id foreign keys 1`] = `
 {
-  "constraintCount": 303413,
+  "constraintCount": 303414,
 }
 `;
 
 exports[`db_meta_modules should verify module tables have proper foreign key relationships 1`] = `
 {
-  "constraintCount": 452625,
+  "constraintCount": 452630,
   "foreignTables": [
     "database",
     "field",

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_invocation_module/table.sql

@@ -0,0 +1,67 @@
+-- Deploy schemas/metaschema_modules_public/tables/function_invocation_module/table to pg
+
+-- requires: schemas/metaschema_modules_public/schema
+
+BEGIN;
+
+CREATE TABLE metaschema_modules_public.function_invocation_module (
+    id uuid PRIMARY KEY DEFAULT uuidv7(),
+    database_id uuid NOT NULL,
+
+    -- Schema references (if uuid_nil, resolved from schema name or default)
+    schema_id uuid NOT NULL DEFAULT uuid_nil(),
+    private_schema_id uuid NOT NULL DEFAULT uuid_nil(),
+
+    -- Optional schema name overrides (used when schema IDs are not provided)
+    public_schema_name text,
+    private_schema_name text,
+
+    -- Generated table IDs (populated by the generator)
+    invocations_table_id uuid NOT NULL DEFAULT uuid_nil(),
+    execution_logs_table_id uuid NOT NULL DEFAULT uuid_nil(),
+
+    -- Table names (input to the generator — bare names without scope prefix).
+    -- The trigger prepends the scope prefix automatically.
+    invocations_table_name text NOT NULL DEFAULT 'function_invocations',
+    execution_logs_table_name text NOT NULL DEFAULT 'function_execution_logs',
+
+    -- API routing (get-or-create: if set, schema is added to this API; if NULL, no API is added)
+    api_name text,
+    private_api_name text,
+
+    -- Scope: determines the security level for this module instance.
+    scope text NOT NULL DEFAULT 'app',
+
+    -- Table name prefix. Auto-derived from scope by the trigger when empty.
+    -- Override to create multiple module instances at the same scope.
+    prefix text NOT NULL DEFAULT '',
+
+    -- Entity table for RLS and billing attribution.
+    -- When set, invocations are scoped to the entity (org, app) for billing/metering.
+    entity_table_id uuid NULL,
+
+    -- Configurable security policies (NULL = use defaults based on scope).
+    policies jsonb NULL,
+
+    -- Per-table provisions overrides from blueprint config.
+    -- Keys are table keys (invocations, execution_logs).
+    provisions jsonb NULL,
+
+    -- Default permissions: permission names auto-granted to new members.
+    default_permissions text[] DEFAULT NULL,
+
+    -- Constraints
+    CONSTRAINT function_invocation_module_db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE,
+    CONSTRAINT function_invocation_module_schema_fkey FOREIGN KEY (schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE,
+    CONSTRAINT function_invocation_module_private_schema_fkey FOREIGN KEY (private_schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE,
+    CONSTRAINT function_invocation_module_invocations_table_fkey FOREIGN KEY (invocations_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
+    CONSTRAINT function_invocation_module_logs_table_fkey FOREIGN KEY (execution_logs_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
+    CONSTRAINT function_invocation_module_entity_table_fkey FOREIGN KEY (entity_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE
+);
+
+CREATE INDEX function_invocation_module_database_id_idx ON metaschema_modules_public.function_invocation_module ( database_id );
+
+-- Unique constraint: one function invocation module per database per scope per prefix.
+CREATE UNIQUE INDEX function_invocation_module_unique_scope ON metaschema_modules_public.function_invocation_module ( database_id, scope, prefix );
+
+COMMIT;

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/function_module/table.sql

@@ -18,15 +18,11 @@ CREATE TABLE metaschema_modules_public.function_module (
 
     -- Generated table IDs (populated by the generator)
     definitions_table_id uuid NOT NULL DEFAULT uuid_nil(),
-    invocations_table_id uuid NOT NULL DEFAULT uuid_nil(),
-    execution_logs_table_id uuid NOT NULL DEFAULT uuid_nil(),
     secret_definitions_table_id uuid NOT NULL DEFAULT uuid_nil(),
 
     -- Table names (input to the generator — bare names without scope prefix).
     -- The trigger prepends the scope prefix automatically.
     definitions_table_name text NOT NULL DEFAULT 'function_definitions',
-    invocations_table_name text NOT NULL DEFAULT 'function_invocations',
-    execution_logs_table_name text NOT NULL DEFAULT 'function_execution_logs',
     secret_definitions_table_name text NOT NULL DEFAULT 'secret_definitions',
 
     -- API routing (get-or-create: if set, schema is added to this API; if NULL, no API is added)
@@ -51,7 +47,7 @@ CREATE TABLE metaschema_modules_public.function_module (
     policies jsonb NULL,
 
     -- Per-table provisions overrides from blueprint config.
-    -- Keys are table keys (definitions, invocations, execution_logs, secret_definitions).
+    -- Keys are table keys (definitions, secret_definitions).
     -- When a key is present, the module trigger skips default security for that table;
     -- secure_table_provision applies the custom grants/policies instead.
     provisions jsonb NULL,
@@ -65,8 +61,6 @@ CREATE TABLE metaschema_modules_public.function_module (
     CONSTRAINT function_module_schema_fkey FOREIGN KEY (schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE,
     CONSTRAINT function_module_private_schema_fkey FOREIGN KEY (private_schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE,
     CONSTRAINT function_module_definitions_table_fkey FOREIGN KEY (definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
-    CONSTRAINT function_module_invocations_table_fkey FOREIGN KEY (invocations_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
-    CONSTRAINT function_module_execution_logs_table_fkey FOREIGN KEY (execution_logs_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
     CONSTRAINT function_module_secret_defs_table_fkey FOREIGN KEY (secret_definitions_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
     CONSTRAINT function_module_entity_table_fkey FOREIGN KEY (entity_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE
 );

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/memberships_module/table.sql

@@ -64,8 +64,10 @@ CREATE TABLE metaschema_modules_public.memberships_module (
 
     member_profiles_table_id uuid NULL,
 
-    -- 
-
+    -- Audit tables for permission defaults (created by memberships_module when has_permissions=true)
+    permission_default_permissions_table_id uuid NULL,
+    permission_default_grants_table_id uuid NULL,
+
     -- API routing (configurable per-module)
     api_name text DEFAULT 'admin',
     private_api_name text DEFAULT NULL,

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/merkle_store_module/table.sql

@@ -34,6 +34,11 @@ CREATE TABLE metaschema_modules_public.merkle_store_module (
     -- RLS through metaschema_public.database ownership.
     scope text NOT NULL DEFAULT 'app',
 
+    -- Function name prefix override: NULL (default) inherits from `prefix`;
+    -- '' (empty string) generates unprefixed function names (e.g., get_all instead of function_graph_get_all);
+    -- any other value is used as-is. Tables always keep their prefix regardless of this setting.
+    function_prefix text DEFAULT NULL,
+
     -- Timestamps
     created_at timestamptz NOT NULL DEFAULT now(),
 

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/notifications_module/table.sql

@@ -19,6 +19,7 @@ CREATE TABLE metaschema_modules_public.notifications_module (
     preferences_table_id uuid,
     channels_table_id uuid,
     delivery_log_table_id uuid,
+    suppressions_table_id uuid,
 
     owner_table_id uuid NOT NULL DEFAULT uuid_nil(),
 
@@ -51,6 +52,7 @@ CREATE TABLE metaschema_modules_public.notifications_module (
     CONSTRAINT preferences_table_fkey FOREIGN KEY (preferences_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
     CONSTRAINT channels_table_fkey FOREIGN KEY (channels_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
     CONSTRAINT delivery_log_table_fkey FOREIGN KEY (delivery_log_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
+    CONSTRAINT suppressions_table_fkey FOREIGN KEY (suppressions_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
     CONSTRAINT owner_table_fkey FOREIGN KEY (owner_table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
     CONSTRAINT user_settings_table_fkey FOREIGN KEY (user_settings_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
     CONSTRAINT organization_settings_table_fkey FOREIGN KEY (organization_settings_table_id) REFERENCES metaschema_public.table (id) ON DELETE SET NULL,
@@ -65,6 +67,7 @@ COMMENT ON CONSTRAINT read_state_table_fkey ON metaschema_modules_public.notific
 COMMENT ON CONSTRAINT preferences_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName preferencesTableByPreferencesTableId\n@omit manyToMany';
 COMMENT ON CONSTRAINT channels_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName channelsTableByChannelsTableId\n@omit manyToMany';
 COMMENT ON CONSTRAINT delivery_log_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName deliveryLogTableByDeliveryLogTableId\n@omit manyToMany';
+COMMENT ON CONSTRAINT suppressions_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName suppressionsTableBySuppressionsTableId';
 COMMENT ON CONSTRAINT owner_table_fkey ON metaschema_modules_public.notifications_module IS E'@omit manyToMany';
 COMMENT ON CONSTRAINT user_settings_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName userSettingsTableByUserSettingsTableId\n@omit manyToMany';
 COMMENT ON CONSTRAINT organization_settings_table_fkey ON metaschema_modules_public.notifications_module IS E'@fieldName organizationSettingsTableByOrganizationSettingsTableId\n@omit manyToMany';

packages/metaschema-modules/metaschema-modules.control

@@ -1,6 +1,6 @@
 # metaschema-modules extension
 comment = 'metaschema-modules extension'
-default_version = '0.26.3'
+default_version = '0.26.5'
 module_pathname = '$libdir/metaschema-modules'
 requires = 'plpgsql,uuid-ossp,metaschema-schema,services,pgpm-verify'
 relocatable = false

packages/metaschema-modules/pgpm.plan

@@ -60,6 +60,7 @@ schemas/metaschema_modules_public/tables/merkle_store_module/table [schemas/meta
 schemas/metaschema_modules_public/tables/graph_module/table [schemas/metaschema_modules_public/schema schemas/metaschema_modules_public/tables/merkle_store_module/table] 2026-05-21T01:00:00Z devin <devin@cognition.ai> # add graph_module config table for FBP graph utilities on top of merkle store
 schemas/metaschema_modules_public/tables/namespace_module/table [schemas/metaschema_modules_public/schema] 2026-05-21T02:00:00Z devin <devin@cognition.ai> # add namespace_module config table for entity-aware namespace provisioning
 schemas/metaschema_modules_public/tables/function_module/table [schemas/metaschema_modules_public/schema] 2026-05-21T03:00:00Z devin <devin@cognition.ai> # add function_module config table for entity-aware function definitions
+schemas/metaschema_modules_public/tables/function_invocation_module/table [schemas/metaschema_modules_public/schema] 2026-06-08T00:00:00Z devin <devin@cognition.ai> # add function_invocation_module config table for entity-scoped invocations and execution logs
 schemas/metaschema_modules_public/tables/config_secrets_module/table [schemas/metaschema_modules_public/schema] 2026-05-29T00:00:00Z devin <devin@cognition.ai> # add entity-aware config_secrets_module (replaces config_secrets_user_module + config_secrets_org_module)
 schemas/metaschema_modules_public/tables/user_credentials_module/table [schemas/metaschema_modules_public/schema] 2026-05-30T00:00:00Z devin <devin@cognition.ai> # add user_credentials_module for per-user bcrypt credential store (split from config_secrets_module)
 schemas/metaschema_modules_public/tables/user_settings_module/table [schemas/metaschema_modules_public/schema] 2026-05-28T00:00:00Z devin <devin@cognition.ai> # add user_settings_module for extensible per-user preferences (1:1 with users)

packages/metaschema-modules/revert/schemas/metaschema_modules_public/tables/function_invocation_module/table.sql

@@ -0,0 +1,7 @@
+-- Revert schemas/metaschema_modules_public/tables/function_invocation_module/table from pg
+
+BEGIN;
+
+DROP TABLE IF EXISTS metaschema_modules_public.function_invocation_module;
+
+COMMIT;