@damn-dev/cli 0.19.2 → 0.19.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -3
- package/lib/commands/start.js +1 -1
- package/package.json +1 -1
- package/runtime/apps/backend/dist/resources/coo/WORKSPACE_GUIDE.md +38 -5
- package/runtime/apps/backend/dist/server.cjs +566 -17
- package/runtime/apps/backend/prisma/schema.prisma +44 -0
- package/runtime/apps/frontend/dist/assets/index-CBeNxYSe.js +470 -0
- package/runtime/apps/frontend/dist/assets/index-DWu28oY4.css +1 -0
- package/runtime/apps/frontend/dist/index.html +2 -2
- package/runtime/apps/frontend/dist/sw.js +1 -1
- package/scripts/postinstall.js +3 -3
- package/runtime/apps/frontend/dist/assets/index-B-JJMVpu.js +0 -469
- package/runtime/apps/frontend/dist/assets/index-XcP6o-oq.css +0 -1
|
@@ -786,3 +786,47 @@ model SupportAccessGrant {
|
|
|
786
786
|
|
|
787
787
|
@@index([workspaceId, createdAt])
|
|
788
788
|
}
|
|
789
|
+
|
|
790
|
+
// Tamper-evident audit log — the operator/CISO "Trace" surface. Append-only by
|
|
791
|
+
// discipline + hash-chained per workspace (each row's `hash` covers its content
|
|
792
|
+
// + the previous row's hash), so any tampering with a past row breaks the chain
|
|
793
|
+
// and is detectable. Distinct from AgentEvent (mutable telemetry): this is
|
|
794
|
+
// governance-grade, immutable, exportable. Int autoincrement id = monotonic
|
|
795
|
+
// ordering for the chain. See lib/audit.ts.
|
|
796
|
+
model AuditEvent {
|
|
797
|
+
id Int @id @default(autoincrement())
|
|
798
|
+
workspaceId String
|
|
799
|
+
actorType String // 'user' | 'agent' | 'system'
|
|
800
|
+
actorId String
|
|
801
|
+
actorName String?
|
|
802
|
+
action String // 'shell_exec' | 'config_change' | 'approval_decision' | 'policy_change' | 'agent_invoke' | ...
|
|
803
|
+
category String // 'activity' | 'config' | 'approval' | 'policy' | 'security'
|
|
804
|
+
targetType String?
|
|
805
|
+
targetId String?
|
|
806
|
+
summary String // plain-language one-line for the timeline
|
|
807
|
+
detail String? // JSON: raw payload / scopes / model / cost / decision
|
|
808
|
+
inputHash String?
|
|
809
|
+
outputHash String?
|
|
810
|
+
decision String? // 'allowed' | 'denied' | 'escalated' | 'approved' | 'rejected'
|
|
811
|
+
prevHash String?
|
|
812
|
+
hash String
|
|
813
|
+
createdAt DateTime @default(now())
|
|
814
|
+
|
|
815
|
+
@@index([workspaceId, id])
|
|
816
|
+
@@index([workspaceId, category, id])
|
|
817
|
+
@@index([workspaceId, actorId, id])
|
|
818
|
+
}
|
|
819
|
+
|
|
820
|
+
// The CISO-configurable governance policy — one per workspace, all dimensions in
|
|
821
|
+
// policyJson (validated by the Zod schema in lib/governancePolicy.ts). Seeded
|
|
822
|
+
// from a template at setup; editable by operators anytime. Absent row = the
|
|
823
|
+
// secure Regulated baseline default. See lib/governancePolicy.ts.
|
|
824
|
+
model GovernancePolicy {
|
|
825
|
+
id String @id @default(cuid())
|
|
826
|
+
workspaceId String @unique
|
|
827
|
+
template String @default("regulated")
|
|
828
|
+
policyJson String
|
|
829
|
+
updatedBy String?
|
|
830
|
+
createdAt DateTime @default(now())
|
|
831
|
+
updatedAt DateTime @updatedAt
|
|
832
|
+
}
|