npm - @hachej/boring-core - Versions diffs - 0.1.0 - Mend

@hachej/boring-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/LICENSE +21 -0
package/README.md +83 -0
package/dist/CoreFront-CDeLdfb0.d.ts +19 -0
package/dist/app/front/index.d.ts +18 -0
package/dist/app/front/index.js +162 -0
package/dist/app/front/styles.css +6 -0
package/dist/app/server/index.d.ts +96 -0
package/dist/app/server/index.js +507 -0
package/dist/app/vite/index.d.ts +10 -0
package/dist/app/vite/index.js +33 -0
package/dist/authHook-vsRhOvnh.d.ts +38 -0
package/dist/chunk-CZ4HIXII.js +2869 -0
package/dist/chunk-H5KU6R6Y.js +68 -0
package/dist/chunk-HSRBZLKT.js +1684 -0
package/dist/chunk-HYNKZSTF.js +18 -0
package/dist/chunk-MLKGABMK.js +9 -0
package/dist/chunk-VTOS4C7B.js +3443 -0
package/dist/connection-CE7z-wBp.d.ts +145 -0
package/dist/front/index.d.ts +458 -0
package/dist/front/index.js +126 -0
package/dist/front/theme.css +168 -0
package/dist/front/top-bar-slot.d.ts +10 -0
package/dist/front/top-bar-slot.js +9 -0
package/dist/index-COZa03RP.d.ts +266 -0
package/dist/migrate-D49JsATX.d.ts +8 -0
package/dist/server/db/index.d.ts +209 -0
package/dist/server/db/index.js +18 -0
package/dist/server/index.d.ts +395 -0
package/dist/server/index.js +136 -0
package/dist/shared/index.d.ts +1 -0
package/dist/shared/index.js +13 -0
package/drizzle/.gitkeep +0 -0
package/drizzle/0000_easy_meggan.sql +53 -0
package/drizzle/0001_groovy_smiling_tiger.sql +14 -0
package/drizzle/0002_busy_iron_man.sql +16 -0
package/drizzle/0003_aspiring_richard_fisk.sql +12 -0
package/drizzle/0004_heavy_lenny_balinger.sql +9 -0
package/drizzle/0005_flimsy_mastermind.sql +17 -0
package/drizzle/0006_happy_callisto.sql +13 -0
package/drizzle/0007_v7_substrate.sql +54 -0
package/drizzle/0008_workspace_sandbox_handles.sql +32 -0
package/drizzle/0009_workspace_runtime_resources.sql +39 -0
package/drizzle/meta/0000_snapshot.json +380 -0
package/drizzle/meta/0001_snapshot.json +471 -0
package/drizzle/meta/0002_snapshot.json +599 -0
package/drizzle/meta/0003_snapshot.json +693 -0
package/drizzle/meta/0004_snapshot.json +753 -0
package/drizzle/meta/0005_snapshot.json +886 -0
package/drizzle/meta/0006_snapshot.json +968 -0
package/drizzle/meta/_journal.json +76 -0
package/drizzle/schema.ts +110 -0
package/package.json +127 -0

package/dist/server/index.js ADDED Viewed

@@ -0,0 +1,136 @@
+import {
+  MailDeliveryError,
+  WorkspaceRuntimeSandboxHandleStore,
+  authHook,
+  buildRuntimeConfigPayload,
+  coreConfigSchema,
+  createAuth,
+  createCoreApp,
+  createDrizzleIdempotencyStore,
+  createIdempotencyMiddleware,
+  createMailTransport,
+  createPostSignupHook,
+  loadConfig,
+  registerInviteRoutes,
+  registerMemberRoutes,
+  registerRoutes,
+  registerSettingsRoutes,
+  registerWorkspaceRoutes,
+  renderMagicLink,
+  renderResetPassword,
+  renderVerifyEmail,
+  renderWelcome,
+  renderWorkspaceInvite,
+  requireWorkspaceMember,
+  validateConfig,
+  validatePasswordStrength
+} from "../chunk-CZ4HIXII.js";
+import {
+  createDatabase,
+  runMigrations
+} from "../chunk-HSRBZLKT.js";
+import "../chunk-H5KU6R6Y.js";
+import "../chunk-MLKGABMK.js";
+// src/server/security/safeRedirect.ts
+var DANGEROUS_CHARS = /[\0\r\n<>"'`]/;
+function safeRedirect(url, config) {
+  if (!url || typeof url !== "string") return "/";
+  if (DANGEROUS_CHARS.test(url)) return "/";
+  const trimmed = url.trim();
+  if (!trimmed) return "/";
+  if (trimmed.startsWith("//")) return "/";
+  if (trimmed.startsWith("/") && !trimmed.startsWith("//")) {
+    return trimmed;
+  }
+  let parsed;
+  try {
+    parsed = new URL(trimmed);
+  } catch {
+    return "/";
+  }
+  if (parsed.protocol === "javascript:" || parsed.protocol === "data:") {
+    return "/";
+  }
+  const urlOrigin = parsed.origin;
+  const allowed = config.cors.origins.some((origin) => {
+    const normalizedOrigin = origin.replace(/\/$/, "");
+    return normalizedOrigin === urlOrigin;
+  });
+  if (!allowed) return "/";
+  return trimmed;
+}
+// src/server/migrations.ts
+async function runCoreMigrationsFromEnv(options = {}) {
+  const config = await loadConfig(options.loadConfigOptions);
+  await runMigrations(config);
+  options.log?.log("migrations complete");
+}
+// src/server/provisioner/fsProvisioner.ts
+import { promises as fs } from "fs";
+import path from "path";
+function assertValidWorkspaceId(workspaceId) {
+  if (workspaceId.length === 0 || workspaceId === "." || workspaceId === ".." || workspaceId.includes("\0") || workspaceId.includes("/") || workspaceId.includes("\\")) {
+    throw new Error(`Invalid workspaceId for filesystem provisioning: ${workspaceId}`);
+  }
+}
+function resolveWorkspaceDir(root, workspaceId) {
+  assertValidWorkspaceId(workspaceId);
+  const resolved = path.resolve(root, workspaceId);
+  const relative = path.relative(root, resolved);
+  if (relative === "" || relative.startsWith("..") || path.isAbsolute(relative)) {
+    throw new Error(`Path traversal detected: ${workspaceId} resolves outside rootDir`);
+  }
+  return resolved;
+}
+function createFsProvisioner(opts) {
+  if (!path.isAbsolute(opts.rootDir)) {
+    throw new Error(`FsProvisioner rootDir must be absolute, got: ${opts.rootDir}`);
+  }
+  const root = path.resolve(opts.rootDir);
+  return {
+    async provision(ctx) {
+      const resolved = resolveWorkspaceDir(root, ctx.workspaceId);
+      await fs.mkdir(resolved, { recursive: true, mode: 448 });
+      return { volumePath: resolved };
+    },
+    async destroy(workspaceId) {
+      const resolved = resolveWorkspaceDir(root, workspaceId);
+      await fs.rm(resolved, { recursive: true, force: true });
+    }
+  };
+}
+export {
+  MailDeliveryError,
+  WorkspaceRuntimeSandboxHandleStore,
+  authHook,
+  buildRuntimeConfigPayload,
+  coreConfigSchema,
+  createAuth,
+  createCoreApp,
+  createDatabase,
+  createDrizzleIdempotencyStore,
+  createFsProvisioner,
+  createIdempotencyMiddleware,
+  createMailTransport,
+  createPostSignupHook,
+  loadConfig,
+  registerInviteRoutes,
+  registerMemberRoutes,
+  registerRoutes,
+  registerSettingsRoutes,
+  registerWorkspaceRoutes,
+  renderMagicLink,
+  renderResetPassword,
+  renderVerifyEmail,
+  renderWelcome,
+  renderWorkspaceInvite,
+  requireWorkspaceMember,
+  runCoreMigrationsFromEnv,
+  runMigrations,
+  safeRedirect,
+  validateConfig,
+  validatePasswordStrength
+};

package/dist/shared/index.d.ts ADDED Viewed

@@ -0,0 +1 @@

+ export { g as CapabilitiesResponse, h as ConfigFetchError, i as ConfigValidationError, j as CoreCapabilities, C as CoreConfig, E as ERROR_CODES, k as ErrorCode, H as HttpError, J as JsonValue, M as MemberRole, l as RateLimitEndpointOverride, R as RuntimeConfig, m as SessionPayload, S as SessionState, U as User, W as Workspace, b as WorkspaceInvite, a as WorkspaceMember, c as WorkspaceRuntime } from '../index-COZa03RP.js';

package/dist/shared/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+import {
+  ConfigFetchError,
+  ConfigValidationError,
+  ERROR_CODES,
+  HttpError
+} from "../chunk-H5KU6R6Y.js";
+import "../chunk-MLKGABMK.js";
+export {
+  ConfigFetchError,
+  ConfigValidationError,
+  ERROR_CODES,
+  HttpError
+};

package/drizzle/.gitkeep ADDED Viewed

File without changes

package/drizzle/0000_easy_meggan.sql ADDED Viewed

@@ -0,0 +1,53 @@
+CREATE TABLE "accounts" (
+	"id" uuid DEFAULT pg_catalog.gen_random_uuid() PRIMARY KEY NOT NULL,
+	"account_id" text NOT NULL,
+	"provider_id" text NOT NULL,
+	"user_id" uuid NOT NULL,
+	"access_token" text,
+	"refresh_token" text,
+	"id_token" text,
+	"access_token_expires_at" timestamp,
+	"refresh_token_expires_at" timestamp,
+	"scope" text,
+	"password" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "sessions" (
+	"id" uuid DEFAULT pg_catalog.gen_random_uuid() PRIMARY KEY NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"token" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	"ip_address" text,
+	"user_agent" text,
+	"user_id" uuid NOT NULL,
+	CONSTRAINT "sessions_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE "users" (
+	"id" uuid DEFAULT pg_catalog.gen_random_uuid() PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"email" text NOT NULL,
+	"email_verified" boolean DEFAULT false NOT NULL,
+	"image" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "users_email_unique" UNIQUE("email")
+);
+--> statement-breakpoint
+CREATE TABLE "verification_tokens" (
+	"id" uuid DEFAULT pg_catalog.gen_random_uuid() PRIMARY KEY NOT NULL,
+	"identifier" text NOT NULL,
+	"value" text NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "accounts" ADD CONSTRAINT "accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "sessions" ADD CONSTRAINT "sessions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "accounts_userId_idx" ON "accounts" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "sessions_userId_idx" ON "sessions" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "verification_tokens_identifier_idx" ON "verification_tokens" USING btree ("identifier");

package/drizzle/0001_groovy_smiling_tiger.sql ADDED Viewed

@@ -0,0 +1,14 @@
+CREATE TABLE "user_settings" (
+	"user_id" uuid NOT NULL,
+	"app_id" text NOT NULL,
+	"display_name" text DEFAULT '' NOT NULL,
+	"email" text DEFAULT '' NOT NULL,
+	"settings" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "user_settings_user_id_app_id_pk" PRIMARY KEY("user_id","app_id")
+);
+--> statement-breakpoint
+ALTER TABLE "accounts" ALTER COLUMN "updated_at" SET DEFAULT now();--> statement-breakpoint
+ALTER TABLE "sessions" ALTER COLUMN "updated_at" SET DEFAULT now();--> statement-breakpoint
+ALTER TABLE "user_settings" ADD CONSTRAINT "user_settings_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "user_settings_user_id_idx" ON "user_settings" USING btree ("user_id");

package/drizzle/0002_busy_iron_man.sql ADDED Viewed

@@ -0,0 +1,16 @@
+CREATE TABLE "workspaces" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"app_id" text NOT NULL,
+	"name" text NOT NULL,
+	"created_by" uuid NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"deleted_at" timestamp,
+	"is_default" boolean DEFAULT false NOT NULL,
+	"machine_id" text,
+	"volume_id" text,
+	"fly_region" text
+);
+--> statement-breakpoint
+ALTER TABLE "workspaces" ADD CONSTRAINT "workspaces_created_by_users_id_fk" FOREIGN KEY ("created_by") REFERENCES "public"."users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "workspaces_created_by_idx" ON "workspaces" USING btree ("created_by");--> statement-breakpoint
+CREATE UNIQUE INDEX "idx_workspaces_default_per_user_app" ON "workspaces" USING btree ("created_by","app_id") WHERE "workspaces"."is_default" = true;

package/drizzle/0003_aspiring_richard_fisk.sql ADDED Viewed

@@ -0,0 +1,12 @@
+CREATE TABLE "workspace_members" (
+	"workspace_id" uuid NOT NULL,
+	"user_id" uuid NOT NULL,
+	"role" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "workspace_members_workspace_id_user_id_pk" PRIMARY KEY("workspace_id","user_id"),
+	CONSTRAINT "workspace_members_role_check" CHECK ("workspace_members"."role" IN ('owner', 'editor', 'viewer'))
+);
+--> statement-breakpoint
+ALTER TABLE "workspace_members" ADD CONSTRAINT "workspace_members_workspace_id_workspaces_id_fk" FOREIGN KEY ("workspace_id") REFERENCES "public"."workspaces"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "workspace_members" ADD CONSTRAINT "workspace_members_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE restrict ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "workspace_members_user_id_idx" ON "workspace_members" USING btree ("user_id");

package/drizzle/0004_heavy_lenny_balinger.sql ADDED Viewed

@@ -0,0 +1,9 @@
+CREATE TABLE "workspace_settings" (
+	"workspace_id" uuid NOT NULL,
+	"key" text NOT NULL,
+	"value" "bytea" NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "workspace_settings_workspace_id_key_pk" PRIMARY KEY("workspace_id","key")
+);
+--> statement-breakpoint
+ALTER TABLE "workspace_settings" ADD CONSTRAINT "workspace_settings_workspace_id_workspaces_id_fk" FOREIGN KEY ("workspace_id") REFERENCES "public"."workspaces"("id") ON DELETE no action ON UPDATE no action;

package/drizzle/0005_flimsy_mastermind.sql ADDED Viewed

@@ -0,0 +1,17 @@
+CREATE TABLE "workspace_invites" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"workspace_id" uuid NOT NULL,
+	"email" text NOT NULL,
+	"token_hash" text NOT NULL,
+	"role" text NOT NULL,
+	"expires_at" timestamp DEFAULT now() + interval '7 days' NOT NULL,
+	"accepted_at" timestamp,
+	"created_by" uuid,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "workspace_invites_role_check" CHECK ("workspace_invites"."role" IN ('owner', 'editor', 'viewer'))
+);
+--> statement-breakpoint
+ALTER TABLE "workspace_invites" ADD CONSTRAINT "workspace_invites_workspace_id_workspaces_id_fk" FOREIGN KEY ("workspace_id") REFERENCES "public"."workspaces"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "workspace_invites" ADD CONSTRAINT "workspace_invites_created_by_users_id_fk" FOREIGN KEY ("created_by") REFERENCES "public"."users"("id") ON DELETE restrict ON UPDATE no action;--> statement-breakpoint
+CREATE UNIQUE INDEX "workspace_invites_token_hash_idx" ON "workspace_invites" USING btree ("token_hash");--> statement-breakpoint
+CREATE INDEX "workspace_invites_workspace_id_idx" ON "workspace_invites" USING btree ("workspace_id");

package/drizzle/0006_happy_callisto.sql ADDED Viewed

@@ -0,0 +1,13 @@
+CREATE TABLE "workspace_runtimes" (
+	"workspace_id" uuid PRIMARY KEY NOT NULL,
+	"sprite_url" text,
+	"sprite_name" text,
+	"state" text DEFAULT 'pending' NOT NULL,
+	"last_error" text,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	"provisioning_step" text,
+	"step_started_at" timestamp,
+	CONSTRAINT "workspace_runtimes_state_check" CHECK ("workspace_runtimes"."state" IN ('pending', 'provisioning', 'ready', 'error'))
+);
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes" ADD CONSTRAINT "workspace_runtimes_workspace_id_workspaces_id_fk" FOREIGN KEY ("workspace_id") REFERENCES "public"."workspaces"("id") ON DELETE no action ON UPDATE no action;

package/drizzle/0007_v7_substrate.sql ADDED Viewed

@@ -0,0 +1,54 @@
+-- Migration 0007: v7 substrate (boring-ui-v2-19jh)
+-- State widening, provisioner columns, invite breaker columns, idempotency_keys, drop Fly columns
+-- 1. Narrow workspace_runtimes state check to pending | ready | error
+ALTER TABLE "workspace_runtimes"
+  DROP CONSTRAINT "workspace_runtimes_state_check";
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD CONSTRAINT "workspace_runtimes_state_check"
+    CHECK ("workspace_runtimes"."state" IN ('pending', 'ready', 'error'));
+--> statement-breakpoint
+-- 2. Add filesystem driver result + provision/destroy disambiguation columns
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN "volume_path" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN "last_error_op" text;
+--> statement-breakpoint
+-- 3. Add invite secondary rate-limit columns
+ALTER TABLE "workspace_invites"
+  ADD COLUMN "failed_attempts" integer NOT NULL DEFAULT 0;
+--> statement-breakpoint
+ALTER TABLE "workspace_invites"
+  ADD COLUMN "locked_until" timestamp;
+--> statement-breakpoint
+-- 4. Drop SQL default on workspace_invites.expires_at
+ALTER TABLE "workspace_invites"
+  ALTER COLUMN "expires_at" DROP DEFAULT;
+--> statement-breakpoint
+-- 5. Drop Fly-specific columns from workspaces
+ALTER TABLE "workspaces"
+  DROP COLUMN "machine_id";
+--> statement-breakpoint
+ALTER TABLE "workspaces"
+  DROP COLUMN "volume_id";
+--> statement-breakpoint
+ALTER TABLE "workspaces"
+  DROP COLUMN "fly_region";
+--> statement-breakpoint
+-- 6. Create idempotency_keys table
+CREATE TABLE "idempotency_keys" (
+  "key" text PRIMARY KEY,
+  "scope" text NOT NULL,
+  "response_status" integer NOT NULL,
+  "response_body" jsonb NOT NULL,
+  "created_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX "idempotency_keys_created_at_idx" ON "idempotency_keys" USING btree ("created_at");

package/drizzle/0008_workspace_sandbox_handles.sql ADDED Viewed

@@ -0,0 +1,32 @@
+-- Migration 0008: workspace-scoped sandbox handles
+-- Adds DB-backed sandbox identity to workspace_runtimes.
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "volume_path" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "last_error_op" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_provider" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_id" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_status" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_snapshot_id" text;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_created_at" timestamp;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_last_used_at" timestamp;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_last_seen_at" timestamp;
+--> statement-breakpoint
+ALTER TABLE "workspace_runtimes"
+  ADD COLUMN IF NOT EXISTS "sandbox_expires_at" timestamp;

package/drizzle/0009_workspace_runtime_resources.sql ADDED Viewed

@@ -0,0 +1,39 @@
+-- Migration 0009: provider-agnostic workspace runtime resources
+-- Adds a generic resource table for sandbox/session/volume/snapshot handles.
+CREATE TABLE IF NOT EXISTS "workspace_runtime_resources" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+  "workspace_id" uuid NOT NULL REFERENCES "workspaces"("id") ON DELETE cascade,
+  "kind" text NOT NULL,
+  "purpose" text DEFAULT 'main' NOT NULL,
+  "provider" text NOT NULL,
+  "handle_kind" text NOT NULL,
+  "stable_key" text,
+  "provider_resource_id" text,
+  "parent_resource_id" uuid,
+  "state" text NOT NULL,
+  "persistence_mode" text NOT NULL,
+  "config" jsonb DEFAULT '{}'::jsonb NOT NULL,
+  "provider_meta" jsonb DEFAULT '{}'::jsonb NOT NULL,
+  "last_error" text,
+  "last_error_code" text,
+  "created_at" timestamp DEFAULT now() NOT NULL,
+  "updated_at" timestamp DEFAULT now() NOT NULL,
+  "last_seen_at" timestamp,
+  "last_used_at" timestamp,
+  "expires_at" timestamp,
+  "generation" integer DEFAULT 0 NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX IF NOT EXISTS "workspace_runtime_resources_active_idx"
+  ON "workspace_runtime_resources" USING btree ("workspace_id", "kind", "purpose", "provider")
+  WHERE "state" <> 'deleted';
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "workspace_runtime_resources_workspace_kind_idx"
+  ON "workspace_runtime_resources" USING btree ("workspace_id", "kind");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "workspace_runtime_resources_provider_stable_key_idx"
+  ON "workspace_runtime_resources" USING btree ("provider", "stable_key");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "workspace_runtime_resources_provider_resource_id_idx"
+  ON "workspace_runtime_resources" USING btree ("provider", "provider_resource_id");