diff --git a/packages/node-type-registry/src/module-presets/auth-hardened.ts b/packages/node-type-registry/src/module-presets/auth-hardened.ts
index ffbfeb32c..59dd9877e 100644
--- a/packages/node-type-registry/src/module-presets/auth-hardened.ts
+++ b/packages/node-type-registry/src/module-presets/auth-hardened.ts
@@ -49,7 +49,8 @@ export const PresetAuthHardened: ModulePreset = {
     'identity_providers_module',
     'webauthn_credentials_module',
     'webauthn_auth_module',
-    'phone_numbers_module'
+    'phone_numbers_module',
+    'devices_module'
   ],
   includes_notes: {
     rate_limits_module: 'Throttling for sign-in, password reset, sign-up, and IP-based gates.',
@@ -58,7 +59,8 @@ export const PresetAuthHardened: ModulePreset = {
     webauthn_credentials_module: 'Per-user passkey storage.',
     webauthn_auth_module: 'Passkey challenge + assertion runtime.',
     session_secrets_module: 'Nonces for magic links, email OTP, and WebAuthn challenges.',
-    phone_numbers_module: 'SMS sign-in / MFA support.'
+    phone_numbers_module: 'SMS sign-in / MFA support.',
+    devices_module: 'Device tracking and trusted-device MFA bypass.'
   },
   omits_notes: {
     'memberships_module:org': 'No orgs / teams — use `b2b` when you need multi-tenancy.',
diff --git a/packages/node-type-registry/src/module-presets/b2b-storage.ts b/packages/node-type-registry/src/module-presets/b2b-storage.ts
index 6a463e17f..19d1b16a6 100644
--- a/packages/node-type-registry/src/module-presets/b2b-storage.ts
+++ b/packages/node-type-registry/src/module-presets/b2b-storage.ts
@@ -61,10 +61,12 @@ export const PresetB2bStorage: ModulePreset = {
     'hierarchy_module:org',
     'invites_module:app',
     'invites_module:org',
-    'storage_module'
+    'storage_module',
+    'devices_module'
   ],
   includes_notes: {
-    storage_module: 'File upload infrastructure: app_buckets + app_files tables with RLS. Entity-type storage scopes layered on top via `has_storage=true`.'
+    storage_module: 'File upload infrastructure: app_buckets + app_files tables with RLS. Entity-type storage scopes layered on top via `has_storage=true`.',
+    devices_module: 'Device tracking and trusted-device MFA bypass.'
   },
   omits_notes: {
     crypto_addresses_module: 'Not a web3 preset.'
diff --git a/packages/node-type-registry/src/module-presets/b2b.ts b/packages/node-type-registry/src/module-presets/b2b.ts
index 28f92105a..6d6c69ea6 100644
--- a/packages/node-type-registry/src/module-presets/b2b.ts
+++ b/packages/node-type-registry/src/module-presets/b2b.ts
@@ -62,7 +62,8 @@ export const PresetB2b: ModulePreset = {
     'profiles_module:org',
     'hierarchy_module:org',
     'invites_module:app',
-    'invites_module:org'
+    'invites_module:org',
+    'devices_module'
   ],
   includes_notes: {
     'memberships_module:org': 'Org-scoped membership rows — every user in an org gets one.',
@@ -76,7 +77,8 @@ export const PresetB2b: ModulePreset = {
     'profiles_module:org': 'Org-scoped user profile (per org a user belongs to).',
     'hierarchy_module:org': 'Nested org structures (parent / child orgs).',
     'invites_module:app': 'App-level invites (rare — usually platform admin adds another admin).',
-    'invites_module:org': 'Org-level invites (the common case — invite a teammate into a workspace).'
+    'invites_module:org': 'Org-level invites (the common case — invite a teammate into a workspace).',
+    devices_module: 'Device tracking and trusted-device MFA bypass.'
   },
   omits_notes: {
     storage_module: 'Add separately if you need file uploads tied to orgs.',