Add RLS to Migration framework (closes #32, #36, #37) (#38)

## Summary
- Implements platform-independent row-level security in the Migration
framework — single YAML schema produces native `CREATE POLICY` on
Postgres + trigger-based emulation on SQLite
- Closes NAP Tier 1 blockers: declarative RLS (#32), raw-SQL escape
hatch for SECURITY DEFINER functions (#36), `FORCE ROW LEVEL SECURITY`
(#37)
- 73 new RLS tests passing locally including **9 EXTREME end-to-end
NAP-shape tests** that prove tenant isolation, idempotent re-apply,
drift detection with rename, and 100-row cross-tenant stress against a
real Postgres testcontainer

## What ships
**Core (`Nimblesite.DataProvider.Migration.Core`)**
- `RlsPolicySetDefinition` — `Enabled`, `Forced`, `Policies`
- `RlsPolicyDefinition` — LQL via `UsingLql`/`WithCheckLql`, raw-SQL
escape hatch via `UsingSql`/`WithCheckSql` (#36), `IsPermissive`,
`Operations`, `Roles`
- `RlsOperation` enum — `All`/`Select`/`Insert`/`Update`/`Delete`
- 6 schema operations: `EnableRlsOperation`, `EnableForceRlsOperation`
(#37), `CreateRlsPolicyOperation`, `DropRlsPolicyOperation`,
`DisableRlsOperation`, `DisableForceRlsOperation` — last three
destructive
- `RlsPredicateTranspiler` — substitutes `current_user_id()` per
platform; for `exists(pipeline)` LQL, delegates the inner pipeline to
`LqlStatementConverter` and wraps the transpiled SQL with `EXISTS (...)`
- `SchemaDiff` extended for RLS — emits Enable/Force ops for new RLS
state, `CreatePolicy` for new policies, drops/disable when
`allowDestructive=true`. Forward-only by default; orphan drift cleanup
is opt-in
- YAML round-trippable with `[YamlMember]` aliases for
`using`/`withCheck`/`usingSql`/`withCheckSql`/`permissive`/`forced`
- Error codes: `MIG-E-RLS-EMPTY-PREDICATE`, `-EMPTY-CHECK`,
`-LQL-PARSE`, `-LQL-TRANSPILE`, `-MSSQL-UNSUPPORTED`,
`-RAW-SQL-UNSUPPORTED-ON-PLATFORM`, `-FORCE-UNSUPPORTED-ON-PLATFORM`

**Postgres (`Nimblesite.DataProvider.Migration.Postgres`)**
- Native `CREATE POLICY` with `PERMISSIVE`/`RESTRICTIVE`, `FOR
ALL|SELECT|INSERT|UPDATE|DELETE`, `TO PUBLIC|roles`, `USING`/`WITH
CHECK`
- Inspector reads `pg_class.relrowsecurity` +
`pg_class.relforcerowsecurity` + `pg_policies.qual`/`with_check` into
`RlsPolicySetDefinition`. Predicates round-trip as raw SQL (we don't
attempt SQL→LQL reverse mapping)

**SQLite (`Nimblesite.DataProvider.Migration.SQLite`)**
- `__rls_context` single-row context table auto-generated on first
`EnableRlsOperation`
- Trigger emulation: `BEFORE INSERT/UPDATE/DELETE` triggers with
`RAISE(ABORT, 'RLS-SQLITE: ...')` evaluating predicate against
`NEW`/`OLD` rows
- `{Tbl}_secure` view filtering `SELECT` (SQLite triggers don't
intercept `SELECT`)
- RESTRICTIVE policies emit `MIG-W-RLS-SQLITE-RESTRICTIVE-APPROX`
warning comment
- Inspector reverse-maps `rls_*_{Table}` triggers →
`RlsPolicySetDefinition`

## Test plan
**73 new RLS tests, all green locally:**
- [x] 8 YAML round-trip (`RlsYamlSerializerTests`)
- [x] 13 transpiler unit — per-platform `current_user_id` substitution,
`exists()` subquery wrapping, parse/transpile error paths
(`RlsPredicateTranspilerTests`)
- [x] 7 error code shape (`RlsErrorCodesTests`)
- [x] 11 Postgres DDL string-shape (`PostgresRlsDdlTests`)
- [x] 8 SchemaDiff RLS unit (`SchemaDiffRlsTests`)
- [x] 8 SQLite RLS DDL + inspector E2E (`SqliteRlsMigrationTests`)
- [x] 6 Postgres RLS E2E with real testcontainer + NOBYPASSRLS app role
(`PostgresRlsE2ETests`) — cross-user blocked, INSERT WITH CHECK
enforced, inspector round-trip, schema diff add/drop
- [x] **9 EXTREME NAP-shape E2E** (`PostgresRlsNapShapeTests`) — 4
tenant tables × 2 policies all FORCE'd, cross-tenant isolation, admin
role sees everything, idempotent re-apply emits ZERO ops, drift rename
drops 4 + creates 4, OR-combination predicates round-trip,
`DropForceRls` requires `allowDestructive`, 100-row stress with exact
per-tenant counts

**Local CI dry-run all green:**
- [x] `make fmt-check` (csharpier 434 files + cargo fmt)
- [x] `make lint` (analyzers + clippy + eslint)
- [x] `dotnet build DataProvider.sln -c Debug` — 0 warnings, 0 errors
- [x] `make _test_dotnet` for Migration tests — 363/363 pass, coverage
77.99% (ratcheted from 74% → 77%)
- [x] `cd Lql/lql-lsp-rust && cargo build`

## NAP integration
NapSupport2 has been notified via TMC. Local nupkgs packed at
`/tmp/nap-rls-nuget` as `0.1.0-rls.preview1` so NAP can pin against
their feed while this lands on main. Comments posted on issues #32 / #36
/ #37.

## Out of scope
- CREATE FUNCTION / CREATE ROLE / GRANT (#33/#34/#35) — NAP's bootstrap
retains these
- SQL Server implementation — `MIG-E-RLS-MSSQL-UNSUPPORTED` until
`Nimblesite.DataProvider.Migration.SqlServer` ships

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Author: MelbourneDeveloper

Lql/Nimblesite.Lql.Core/Parsing/LqlToAstVisitor.cs

@@ -355,6 +355,19 @@ private static string ProcessComparisonToSql(
             {
                 return ProcessCaseExpressionToSql(expr.caseExpr(), lambdaScope);
             }
+
+            // expr matched the `IDENT '(' argList? ')'` branch — a bare
+            // function call (e.g. is_member(u, t)) used as a boolean predicate
+            // inside a lambda body without an explicit comparison operator.
+            // GitHub issue #40: NAP needs SECURITY DEFINER fn calls to
+            // survive LQL transpilation; rewriting via exists() loses
+            // SECURITY DEFINER semantics. Emit the call verbatim so RLS
+            // policy bodies can call user-defined Postgres functions.
+            if (expr.IDENT() != null && expr.ChildCount >= 3)
+            {
+                return ProcessFnCallExprToSql(expr, lambdaScope);
+            }
+
             // No fallback - fail hard if expr type is not handled
             throw new SqlErrorException(
                 CreateSqlErrorStatic(
@@ -706,6 +719,101 @@ context as ParserRuleContext
         );
     }
 
+    /// <summary>
+    /// Process an expr that matched the <c>IDENT '(' argList? ')'</c> branch
+    /// (a function call) into SQL text. Lambda-scope-aware so qualified
+    /// idents like <c>p.tenant_id</c> strip the <c>p.</c> prefix when
+    /// <c>p</c> is bound. Implements GitHub issue #40 — RLS policies must
+    /// be able to call user-defined SECURITY DEFINER functions verbatim.
+    /// </summary>
+    private static string ProcessFnCallExprToSql(
+        LqlParser.ExprContext expr,
+        HashSet<string>? lambdaScope
+    )
+    {
+        var fnName = expr.IDENT().GetText();
+        var args = expr.argList();
+        if (args == null)
+        {
+            return $"{fnName}()";
+        }
+        var argTexts = args.arg().Select(a => ProcessFnCallArgToSql(a, lambdaScope)).ToList();
+        return $"{fnName}({string.Join(", ", argTexts)})";
+    }
+
+    private static string ProcessFnCallArgToSql(
+        LqlParser.ArgContext arg,
+        HashSet<string>? lambdaScope
+    )
+    {
+        // arg grammar matches `columnAlias` first when the arg is a
+        // qualified identifier like c.tenant_id. The columnAlias rule
+        // itself wraps qualifiedIdent / IDENT / arithmeticExpr / functionCall.
+        // Walk through to find the actual shape and apply lambda-scope
+        // stripping for qualified idents.
+        if (arg.columnAlias() != null)
+        {
+            var ca = arg.columnAlias();
+            if (ca.qualifiedIdent() != null)
+            {
+                return ProcessQualifiedIdentifierToSql(ca.qualifiedIdent(), lambdaScope);
+            }
+            if (ca.arithmeticExpr() != null)
+            {
+                return ProcessArithmeticExpressionToSql(ca.arithmeticExpr(), lambdaScope);
+            }
+            if (ca.functionCall() != null)
+            {
+                return ExtractFunctionCall(ca.functionCall());
+            }
+            if (ca.IDENT() != null && ca.IDENT().Length > 0)
+            {
+                return ca.IDENT()[0].GetText();
+            }
+        }
+        if (arg.arithmeticExpr() != null)
+        {
+            return ProcessArithmeticExpressionToSql(arg.arithmeticExpr(), lambdaScope);
+        }
+        if (arg.functionCall() != null)
+        {
+            return ExtractFunctionCall(arg.functionCall());
+        }
+        if (arg.expr() != null)
+        {
+            var inner = arg.expr();
+            if (inner.IDENT() != null && inner.ChildCount >= 3)
+            {
+                return ProcessFnCallExprToSql(inner, lambdaScope);
+            }
+            if (inner.qualifiedIdent() != null)
+            {
+                return ProcessQualifiedIdentifierToSql(inner.qualifiedIdent(), lambdaScope);
+            }
+            if (inner.IDENT() != null)
+            {
+                return inner.IDENT().GetText();
+            }
+            if (inner.STRING() != null)
+            {
+                return inner.STRING().GetText();
+            }
+            if (inner.INT() != null)
+            {
+                return inner.INT().GetText();
+            }
+            if (inner.DECIMAL() != null)
+            {
+                return inner.DECIMAL().GetText();
+            }
+        }
+        if (arg.comparison() != null)
+        {
+            return ProcessComparisonToSql(arg.comparison(), lambdaScope);
+        }
+        return ExtractIdentifier(arg);
+    }
+
     /// <summary>
     /// Processes a qualified identifier to SQL text, removing lambda variable prefixes.
     /// </summary>

Lql/Nimblesite.Lql.Tests/LqlFnCallInLambdaTests.cs

@@ -0,0 +1,119 @@
+using Nimblesite.Lql.Postgres;
+using Nimblesite.Sql.Model;
+using Xunit;
+
+namespace Nimblesite.Lql.Tests;
+
+// Coverage for ProcessFnCallExprToSql + ProcessFnCallArgToSql added in
+// LqlToAstVisitor for GitHub issues #40/#41 (NAP RLS bare fn calls in
+// lambda bodies, e.g. exists(parent |> filter(fn(p) => p.id = id and
+// is_member(app_user_id(), p.tenant_id)))).
+
+/// <summary>
+/// Targeted unit tests for the bare-function-call branch of LQL's lambda
+/// body and its argument-shape handling. These shapes are not exercised by
+/// the file-based fixture tests but are required for RLS predicates that
+/// call SECURITY DEFINER functions.
+/// </summary>
+public sealed class LqlFnCallInLambdaTests
+{
+    private static string ToPg(string lql)
+    {
+        var stmt = LqlStatementConverter.ToStatement(lql);
+        Assert.True(
+            stmt is Outcome.Result<LqlStatement, SqlError>.Ok<LqlStatement, SqlError>,
+            stmt is Outcome.Result<LqlStatement, SqlError>.Error<LqlStatement, SqlError> e
+                ? e.Value.Message
+                : "expected Ok"
+        );
+        var ok = (Outcome.Result<LqlStatement, SqlError>.Ok<LqlStatement, SqlError>)stmt;
+        var result = ok.Value.ToPostgreSql();
+        Assert.True(
+            result is Outcome.Result<string, SqlError>.Ok<string, SqlError>,
+            result is Outcome.Result<string, SqlError>.Error<string, SqlError> e2
+                ? e2.Value.Message
+                : "expected transpile Ok"
+        );
+        return ((Outcome.Result<string, SqlError>.Ok<string, SqlError>)result).Value;
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_NoArgs_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => some_fn())");
+        Assert.Contains("some_fn()", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_StringArgs_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => is_member('a', 'b'))");
+        Assert.Contains("is_member('a', 'b')", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_QualifiedIdentArg_StripsLambdaPrefix()
+    {
+        // x is the lambda var -> x.tenant_id should emit as 'tenant_id'.
+        var sql = ToPg("t |> filter(fn(x) => is_member('u', x.tenant_id))");
+        Assert.Contains("is_member('u', tenant_id)", sql, StringComparison.Ordinal);
+        Assert.DoesNotContain("x.tenant_id", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_NestedFnCallArg_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => is_member(app_user_id(), app_tenant_id()))");
+        // Outer fn is emitted via ProcessFnCallExprToSql (lowercase preserved).
+        // Nested fn args go through ExtractFunctionCall which uppercases the
+        // function name -- Postgres treats unquoted names as case-insensitive
+        // so APP_USER_ID() and app_user_id() resolve to the same function.
+        Assert.Contains("is_member(", sql, StringComparison.Ordinal);
+        Assert.Contains("APP_USER_ID()", sql, StringComparison.Ordinal);
+        Assert.Contains("APP_TENANT_ID()", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_AndCombinationWithBareFnCall_ParsesAndEmits()
+    {
+        // The right-hand side of AND is a bare fn call -- must not raise
+        // 'Unsupported expr type in comparison'.
+        var sql = ToPg(
+            "t |> filter(fn(x) => x.id = '00000000-0000-0000-0000-000000000000' and is_member('u', x.tenant_id))"
+        );
+        Assert.Contains("AND", sql, StringComparison.Ordinal);
+        Assert.Contains("is_member(", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_OrCombinationWithBareFnCall_ParsesAndEmits()
+    {
+        var sql = ToPg(
+            "t |> filter(fn(x) => x.id = '00000000-0000-0000-0000-000000000000' or is_member('u', x.tenant_id))"
+        );
+        Assert.Contains("OR", sql, StringComparison.Ordinal);
+        Assert.Contains("is_member(", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_IntArg_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => has_role(42))");
+        Assert.Contains("has_role(42)", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_DecimalArg_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => has_balance(1.5))");
+        Assert.Contains("has_balance(1.5)", sql, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void Lambda_BareFnCall_IdentArg_PassesThrough()
+    {
+        var sql = ToPg("t |> filter(fn(x) => some_fn(other_col))");
+        Assert.Contains("some_fn(", sql, StringComparison.Ordinal);
+        Assert.Contains("other_col", sql, StringComparison.Ordinal);
+    }
+}