fix: change BlueprintPolicy.policy_type to $type to match SQL convention

The construct_blueprint SQL procedure reads policy type via:
  v_policy_type := v_policy_entry->>'\';

But the TypeScript BlueprintPolicy interface used 'policy_type' which
doesn't match the blueprint JSON convention used by nodes and relations.

Updated buildBlueprintPolicy in generate-types.ts to always use the
static definition with $type (skipping the introspection-driven path
which derives from the DB column name). Regenerated types.

Author: pyramation

graphql/node-type-registry/src/blueprint-types.generated.ts

@@ -683,18 +683,18 @@ export interface BlueprintField {
   /** Comment/description for this field. */
   description?: string;
 }
-/** An RLS policy entry for a blueprint table. */
+/** An RLS policy entry for a blueprint table. Uses $type to match the blueprint JSON convention. */
 export interface BlueprintPolicy {
   /** Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll"). */
-  policy_type: "AuthzDirectOwner" | "AuthzDirectOwnerAny" | "AuthzMembership" | "AuthzEntityMembership" | "AuthzRelatedEntityMembership" | "AuthzOrgHierarchy" | "AuthzTemporal" | "AuthzPublishable" | "AuthzMemberList" | "AuthzRelatedMemberList" | "AuthzAllowAll" | "AuthzDenyAll" | "AuthzComposite" | "AuthzPeerOwnership" | "AuthzRelatedPeerOwnership";
+  $type: "AuthzDirectOwner" | "AuthzDirectOwnerAny" | "AuthzMembership" | "AuthzEntityMembership" | "AuthzRelatedEntityMembership" | "AuthzOrgHierarchy" | "AuthzTemporal" | "AuthzPublishable" | "AuthzMemberList" | "AuthzRelatedMemberList" | "AuthzAllowAll" | "AuthzDenyAll" | "AuthzComposite" | "AuthzPeerOwnership" | "AuthzRelatedPeerOwnership";
+  /** Privileges this policy applies to (e.g., ["select"], ["insert", "update", "delete"]). */
+  privileges?: string[];
+  /** Whether this policy is permissive (true) or restrictive (false). Defaults to true. */
+  permissive?: boolean;
   /** Role for this policy. Defaults to "authenticated". */
   policy_role?: string;
-  /** Whether this policy is permissive (true) or restrictive (false). */
-  permissive?: boolean;
   /** Optional custom name for this policy. */
   policy_name?: string;
-  /** Privileges this policy applies to. */
-  privileges?: string[];
   /** Policy-specific data (structure varies by policy type). */
   data?: Record<string, unknown>;
 }
@@ -767,6 +767,22 @@ export interface BlueprintTableIndex {
   /** Optional schema name override. */
   schema_name?: string;
 }
+/** A unique constraint definition within a blueprint (top-level, requires table_name). */
+export interface BlueprintUniqueConstraint {
+  /** Table name this unique constraint belongs to. */
+  table_name: string;
+  /** Optional schema name for disambiguation (falls back to top-level default). */
+  schema_name?: string;
+  /** Column names that form the unique constraint. */
+  columns: string[];
+}
+/** A unique constraint nested inside a table definition (table_name not required). */
+export interface BlueprintTableUniqueConstraint {
+  /** Column names that form the unique constraint. */
+  columns: string[];
+  /** Optional schema name override. */
+  schema_name?: string;
+}
 /**
  * ===========================================================================
  * Node types -- discriminated union for nodes[] entries
@@ -946,22 +962,6 @@ export type BlueprintRelation = {
  * ===========================================================================
  */
 ;
-/** A unique constraint definition within a blueprint (top-level, requires table_name). */
-export interface BlueprintUniqueConstraint {
-  /** Table name this unique constraint belongs to. */
-  table_name: string;
-  /** Optional schema name for disambiguation (falls back to top-level default). */
-  schema_name?: string;
-  /** Column names that form the unique constraint. */
-  columns: string[];
-}
-/** A unique constraint nested inside a table definition (table_name not required). */
-export interface BlueprintTableUniqueConstraint {
-  /** Column names that form the unique constraint. */
-  columns: string[];
-  /** Optional schema name override. */
-  schema_name?: string;
-}
 /** A table definition within a blueprint. */
 export interface BlueprintTable {
   /** The PostgreSQL table name to create. */

graphql/node-type-registry/src/codegen/generate-types.ts

@@ -324,38 +324,27 @@ function buildBlueprintField(
 
 function buildBlueprintPolicy(
   authzNodes: NodeTypeDefinition[],
-  meta?: MetaTableInfo[]
+  _meta?: MetaTableInfo[]
 ): t.ExportNamedDeclaration {
+  // BlueprintPolicy represents the blueprint JSON shape (not the DB table).
+  // The SQL procedure reads $type (not policy_type) from the JSONB:
+  //   v_policy_type := v_policy_entry->>'$type';
+  // So we always use the static definition with $type.
   const policyTypeAnnotation =
     authzNodes.length > 0
       ? strUnion(authzNodes.map((nt) => nt.name))
       : t.tsStringKeyword();
 
-  const table = meta && findTable(meta, 'metaschema_public', 'policy');
-  if (table) {
-    return deriveInterfaceFromTable(
-      table,
-      'BlueprintPolicy',
-      'An RLS policy entry for a blueprint table. Derived from _meta.',
-      {
-        // policy_type gets a typed union of known Authz* node names
-        policy_type: policyTypeAnnotation,
-        // data is untyped JSONB — use Record<string, unknown>
-        data: recordType(t.tsStringKeyword(), t.tsUnknownKeyword()),
-      },
-    );
-  }
-  // Static fallback
   return addJSDoc(
     exportInterface('BlueprintPolicy', [
-      addJSDoc(requiredProp('policy_type', policyTypeAnnotation), 'Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll").'),
+      addJSDoc(requiredProp('$type', policyTypeAnnotation), 'Authz* policy type name (e.g., "AuthzDirectOwner", "AuthzAllowAll").'),
+      addJSDoc(optionalProp('privileges', t.tsArrayType(t.tsStringKeyword())), 'Privileges this policy applies to (e.g., ["select"], ["insert", "update", "delete"]).'),
+      addJSDoc(optionalProp('permissive', t.tsBooleanKeyword()), 'Whether this policy is permissive (true) or restrictive (false). Defaults to true.'),
       addJSDoc(optionalProp('policy_role', t.tsStringKeyword()), 'Role for this policy. Defaults to "authenticated".'),
-      addJSDoc(optionalProp('permissive', t.tsBooleanKeyword()), 'Whether this policy is permissive (true) or restrictive (false).'),
       addJSDoc(optionalProp('policy_name', t.tsStringKeyword()), 'Optional custom name for this policy.'),
-      addJSDoc(optionalProp('privileges', t.tsArrayType(t.tsStringKeyword())), 'Privileges this policy applies to.'),
       addJSDoc(optionalProp('data', recordType(t.tsStringKeyword(), t.tsUnknownKeyword())), 'Policy-specific data (structure varies by policy type).'),
     ]),
-    'An RLS policy entry for a blueprint table.'
+    'An RLS policy entry for a blueprint table. Uses $type to match the blueprint JSON convention.'
   );
 }