@highstate/backend 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/dist/{chunk-SEPC66ZL.js → chunk-4JUMOKLV.js} +4 -3
  2. package/dist/chunk-4JUMOKLV.js.map +1 -0
  3. package/dist/highstate.manifest.json +3 -3
  4. package/dist/index.js +87 -63
  5. package/dist/index.js.map +1 -1
  6. package/dist/library/worker/main.js +4 -2
  7. package/dist/library/worker/main.js.map +1 -1
  8. package/dist/shared/index.js +1 -1
  9. package/package.json +3 -3
  10. package/prisma/project/main.prisma +1 -1
  11. package/prisma/project/operation.prisma +1 -0
  12. package/src/business/instance-state.ts +61 -27
  13. package/src/database/_generated/project/browser.ts +244 -0
  14. package/src/database/_generated/project/client.ts +5 -30
  15. package/src/database/_generated/project/commonInputTypes.ts +2 -2
  16. package/src/database/_generated/project/enums.ts +3 -1
  17. package/src/database/_generated/project/internal/class.ts +11 -16
  18. package/src/database/_generated/project/internal/prismaNamespace.ts +7 -13
  19. package/src/database/_generated/project/internal/prismaNamespaceBrowser.ts +445 -0
  20. package/src/database/_generated/project/models/ApiKey.ts +21 -21
  21. package/src/database/_generated/project/models/Artifact.ts +31 -31
  22. package/src/database/_generated/project/models/HubModel.ts +11 -11
  23. package/src/database/_generated/project/models/InstanceCustomStatus.ts +23 -23
  24. package/src/database/_generated/project/models/InstanceEvaluationState.ts +15 -15
  25. package/src/database/_generated/project/models/InstanceLock.ts +15 -15
  26. package/src/database/_generated/project/models/InstanceModel.ts +11 -11
  27. package/src/database/_generated/project/models/InstanceOperationState.ts +44 -44
  28. package/src/database/_generated/project/models/InstanceState.ts +206 -206
  29. package/src/database/_generated/project/models/Operation.ts +70 -70
  30. package/src/database/_generated/project/models/OperationLog.ts +2 -2
  31. package/src/database/_generated/project/models/Page.ts +54 -54
  32. package/src/database/_generated/project/models/Secret.ts +44 -44
  33. package/src/database/_generated/project/models/ServiceAccount.ts +40 -40
  34. package/src/database/_generated/project/models/Terminal.ts +62 -62
  35. package/src/database/_generated/project/models/TerminalSession.ts +2 -2
  36. package/src/database/_generated/project/models/TerminalSessionLog.ts +2 -2
  37. package/src/database/_generated/project/models/Trigger.ts +32 -32
  38. package/src/database/_generated/project/models/UnlockMethod.ts +11 -11
  39. package/src/database/_generated/project/models/UserCompositeViewport.ts +17 -17
  40. package/src/database/_generated/project/models/UserProjectViewport.ts +11 -11
  41. package/src/database/_generated/project/models/Worker.ts +2 -2
  42. package/src/database/_generated/project/models/WorkerUnitRegistration.ts +23 -23
  43. package/src/database/_generated/project/models/WorkerVersion.ts +29 -29
  44. package/src/database/_generated/project/models/WorkerVersionLog.ts +2 -2
  45. package/src/database/_generated/project/models.ts +1 -1
  46. package/src/database/_generated/project/pjtg.ts +1 -0
  47. package/src/library/local.ts +4 -3
  48. package/src/library/worker/evaluator.ts +5 -1
  49. package/src/orchestrator/operation-workset.ts +22 -11
  50. package/src/orchestrator/operation.ts +11 -5
  51. package/src/shared/models/project/operation.ts +1 -0
  52. package/dist/chunk-SEPC66ZL.js.map +0 -1
package/dist/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import { AccessError, BackendUnlockMethodNotFoundError, CannotDeleteLastBackendUnlockMethodError, InstanceLockLostError, globalProjectSpace, codebaseLibrary, hostPulumiBackend, codebaseProjectModelStorage, databaseProjectModelStorage, ProjectLockedError, ProjectNotFoundError, BackendError, forSchema, projectOutputSchema, InstanceStateNotFoundError, InstanceLockedError, waitAll, OperationNotFoundError, InputResolver, CannotDeleteLastUnlockMethodError, InvalidInstanceKindError, operationOutputSchema, terminalOutputSchema, toTerminalOutput, terminalDetailsOutputSchema, toTerminalDetailsOutput, serviceAccountOutputSchema, apiKeyOutputSchema, toApiKeyOutput, workerOutputSchema, toWorkerOutput, workerVersionOutputSchema, toWorkerVersionOutput, pageDetailsOutputSchema, toPageOutput, secretOutputSchema, toSecretOutput, artifactOutputSchema, triggerOutputSchema, unlockMethodOutputSchema, pageOutputSchema, toTerminalSessionOutput, extractDigestFromImage, getWorkerIdentity, WorkerVersionNotFoundError, createAsyncBatcher, operationOptionsSchema, finalOperationStatuses, finalInstanceOperationStatuses, diffLibraries, isTransientInstanceOperationStatus, InputHashResolver, PromiseTracker, workerUnitRegistrationEventSchema, terminalSessionOutputSchema, operationEventSchema, projectModelEventSchema, instanceLockEventSchema, instanceStateEventSchema, projectUnlockStateSchema, isVirtualGhostInstance } from './chunk-SEPC66ZL.js';
1
+ import { AccessError, BackendUnlockMethodNotFoundError, CannotDeleteLastBackendUnlockMethodError, InstanceLockLostError, globalProjectSpace, codebaseLibrary, hostPulumiBackend, codebaseProjectModelStorage, databaseProjectModelStorage, ProjectLockedError, ProjectNotFoundError, BackendError, forSchema, projectOutputSchema, InstanceStateNotFoundError, InstanceLockedError, waitAll, OperationNotFoundError, InputResolver, CannotDeleteLastUnlockMethodError, InvalidInstanceKindError, operationOutputSchema, terminalOutputSchema, toTerminalOutput, terminalDetailsOutputSchema, toTerminalDetailsOutput, serviceAccountOutputSchema, apiKeyOutputSchema, toApiKeyOutput, workerOutputSchema, toWorkerOutput, workerVersionOutputSchema, toWorkerVersionOutput, pageDetailsOutputSchema, toPageOutput, secretOutputSchema, toSecretOutput, artifactOutputSchema, triggerOutputSchema, unlockMethodOutputSchema, pageOutputSchema, toTerminalSessionOutput, extractDigestFromImage, getWorkerIdentity, WorkerVersionNotFoundError, createAsyncBatcher, operationOptionsSchema, finalOperationStatuses, finalInstanceOperationStatuses, diffLibraries, isTransientInstanceOperationStatus, InputHashResolver, PromiseTracker, workerUnitRegistrationEventSchema, terminalSessionOutputSchema, operationEventSchema, projectModelEventSchema, instanceLockEventSchema, instanceStateEventSchema, projectUnlockStateSchema, isVirtualGhostInstance } from './chunk-4JUMOKLV.js';
2
2
  import { codebaseConfig, stringArrayType, createProjectLogger, isAbortErrorLike, getCodebaseHighstatePath, resolveMainLocalProject, errorToString, AbortError, waitForAbort, renderTree, runWithRetryOnError } from './chunk-VB4YL327.js';
3
3
  import { __using, __callDispose } from './chunk-I7BWSAN6.js';
4
4
  import { randomBytes, createHash } from 'node:crypto';
@@ -672,8 +672,8 @@ runtime2.makeStrictEnum({
672
672
  runtime2.Extensions.defineExtension;
673
673
 
674
674
  // src/database/_generated/backend/sqlite/client.ts
675
- var __dirname = path4.dirname(fileURLToPath(import.meta.url));
676
- var PrismaClient = getPrismaClientClass(__dirname);
675
+ var __dirname2 = path4.dirname(fileURLToPath(import.meta.url));
676
+ var PrismaClient = getPrismaClientClass(__dirname2);
677
677
  async function migrateDatabase(databaseUrl, schemaPath, masterKey, logger) {
678
678
  logger.info("applying database migrations");
679
679
  const backendIndexPath = resolve("@highstate/backend", import.meta.url);
@@ -1050,8 +1050,8 @@ runtime2.makeStrictEnum({
1050
1050
  runtime2.Extensions.defineExtension;
1051
1051
 
1052
1052
  // src/database/_generated/backend/postgresql/client.ts
1053
- var __dirname2 = path4.dirname(fileURLToPath(import.meta.url));
1054
- var PrismaClient2 = getPrismaClientClass2(__dirname2);
1053
+ var __dirname3 = path4.dirname(fileURLToPath(import.meta.url));
1054
+ var PrismaClient2 = getPrismaClientClass2(__dirname3);
1055
1055
  var config3 = {
1056
1056
  "generator": {
1057
1057
  "name": "client",
@@ -1064,9 +1064,9 @@ var config3 = {
1064
1064
  "fromEnvVar": null
1065
1065
  },
1066
1066
  "config": {
1067
- "generatedFileExtension": "ts",
1068
- "moduleFormat": "esm",
1069
1067
  "importFileExtension": "ts",
1068
+ "moduleFormat": "esm",
1069
+ "generatedFileExtension": "ts",
1070
1070
  "engineType": "client"
1071
1071
  },
1072
1072
  "binaryTargets": [
@@ -1076,21 +1076,17 @@ var config3 = {
1076
1076
  "native": true
1077
1077
  }
1078
1078
  ],
1079
- "previewFeatures": [
1080
- "driverAdapters",
1081
- "queryCompiler"
1082
- ],
1079
+ "previewFeatures": [],
1083
1080
  "sourceFilePath": "/home/exeteres/Projects/personal/highstate/packages/platform/backend/prisma/project/main.prisma",
1084
1081
  "isCustomOutput": true
1085
1082
  },
1086
1083
  "relativePath": "../../../../prisma/project",
1087
- "clientVersion": "6.14.0",
1088
- "engineVersion": "717184b7b35ea05dfa71a3236b7af656013e1e49",
1084
+ "clientVersion": "6.17.1",
1085
+ "engineVersion": "272a37d34178c2894197e17273bf937f25acdeac",
1089
1086
  "datasourceNames": [
1090
1087
  "db"
1091
1088
  ],
1092
1089
  "activeProvider": "sqlite",
1093
- "postinstall": false,
1094
1090
  "inlineDatasources": {
1095
1091
  "db": {
1096
1092
  "url": {
@@ -1099,8 +1095,8 @@ var config3 = {
1099
1095
  }
1100
1096
  }
1101
1097
  },
1102
- "inlineSchema": '/// The API key provides authentication tokens for accessing the platform API.\n///\n/// Each API key impersonates a service account, inheriting its permissions and access scope.\n/// Keys are automatically created for worker versions and can be manually created for\n/// external integrations. The token is a 32-byte random hex string that can be regenerated.\nmodel ApiKey {\n /// The CUIDv2 of the API key.\n id String @id @default(cuid(2))\n\n /// The metadata of the API key managed by the backend.\n ///\n /// [ApiKeyMeta]\n meta Json\n\n /// The ID of the service account impersonated by this API key.\n serviceAccountId String\n\n /// The API token for authentication.\n ///\n /// Should be treated as a secret and only shown once at creation/regeneration.\n token String @unique\n\n /// The time when the API key was created.\n createdAt DateTime @default(now())\n\n /// The time when the API key was last updated.\n updatedAt DateTime @updatedAt\n\n /// The worker version that owns this API key.\n worker WorkerVersion?\n\n /// The service account which this API key impersonates.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n}\n\n/// The artifact represents a file or folder stored in the system.\n///\n/// It can be produced by units or manually uploaded via API by service accounts.\n///\n/// Since different actors can produce the same artifact with the same content and hash,\n/// there is the ownership/usage concept to track which entities produce or use the artifact.\n/// The "ownership" and "usage" are synonymous in this context and often referred to as "usage".\n///\n/// When no usages are present, the artifact will be automatically garbage collected after a certain period.\nmodel Artifact {\n /// The CUIDv2 of the artifact.\n id String @id @default(cuid(2))\n\n /// The metadata of the artifact managed by the backend.\n ///\n /// Since multiple actors can produce the same artifact,\n /// this metadata is the last one provided by any actor.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The SHA256 hash of the artifact content.\n hash String @unique\n\n /// The size of the compressed artifact content in bytes.\n ///\n /// Does not represent the size of the original file or folder,\n /// but the size used to store the artifact in the system.\n size Int\n\n /// The chunk size of the artifact content in bytes.\n /// Used to split the artifact into smaller chunks for storage.\n chunkSize Int\n\n /// The time when the artifact first appeared in the system.\n createdAt DateTime @default(now())\n\n /// The time when the artifact was last updated.\n updatedAt DateTime @updatedAt\n\n /// The service accounts using this artifact.\n serviceAccounts ServiceAccount[]\n\n /// The instances using this artifact.\n instances InstanceState[]\n\n /// The terminals using this artifact.\n terminals Terminal[]\n\n /// The pages using this artifact.\n pages Page[]\n}\n\nmodel InstanceCustomStatus {\n /// The ID of the instance state this status belongs to.\n stateId String\n\n /// The ID of the service account which attached this custom status.\n serviceAccountId String\n\n /// The name of the custom status unique within the instance and service account.\n name String\n\n /// The metadata of the custom status managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The status value of the custom status.\n value String\n\n /// The message describing the instance\'s custom status.\n /// \n /// Can be used to provide additional context or information about the status.\n ///\n /// The message will be displayed in the 800x600 ANSI terminal in the UI,\n /// so different TUI elements should be drawn within this area.\n message String?\n\n /// The order of the custom status in the list of statuses.\n ///\n /// Should be values from 0 to 100, where 0 is the highest priority.\n /// By default, the order is 50.\n order Int @default(50)\n\n /// The time when the custom status was first attached to the instance.\n createdAt DateTime @default(now())\n\n /// The time when the custom status was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this custom status belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n /// The service account this custom status belongs to.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n\n @@id([stateId, serviceAccountId, name]) // the name must be unique within the instance and service account\n}\n\nenum InstanceEvaluationStatus {\n /// transient statuses (not persisted in the database)\n evaluating\n\n /// stable statuses\n evaluated\n error\n}\n\n/// The evaluation state tracks the result of evaluating composite instances to produce virtual instances.\n///\n/// Composite instances are template components that generate other instances (virtual instances) when evaluated.\n/// The evaluation process executes the composite\'s create function with resolved inputs to produce a tree\n/// of child instances. These virtual instances exist in the source "virtual" state and can be units\n/// (mapping to Pulumi resources) or other composites (producing more virtual instances recursively).\n///\n/// Evaluation happens automatically after project unlock and library reloads to keep virtual instances\n/// synchronized with their composite definitions. Evaluation state persists the produced instance model\n/// and tracks success/error status with descriptive messages showing the instance tree or error details.\nmodel InstanceEvaluationState {\n /// The ID of the state of the instance.\n stateId String @id\n\n /// The status of the instance evaluation.\n status InstanceEvaluationStatus\n\n /// The message describing the evaluation status.\n /// If the evaluation is failed, this message will contain the error description.\n message String?\n\n /// The model produced by the evaluation.\n ///\n /// Will be `null` if the evaluation is failed.\n ///\n /// Can be set for both: real composite instances and virtual instances produced by the evaluation.\n ///\n /// [InstanceModel]\n model Json?\n\n /// The time when the last evaluation was finished.\n evaluatedAt DateTime @updatedAt\n\n /// The instance this state belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n}\n\nenum InstanceStatus {\n /// The instance is exists in the model (resident or virtual), but not yet deployed or was completely destroyed.\n ///\n /// "attempted", "deployed" and "failed" instances can be transitioned back to "undeployed" after\n /// successful "destroy" operation.\n undeployed\n\n /// The instance is attempted, but not yet fully deployed.\n ///\n /// Normally, this status is very short-lived, and here to indicate that the instance\n /// cannot be safely deleted from the the model until it will be completely destroyed.\n attempted\n\n /// The initial deployment of the instance was successful.\n ///\n /// The transition of "deployed -> failed" is not possible, so consequent failed operations\n /// will not affect this status.\n ///\n /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.\n deployed\n\n /// The initial deployment of the instance failed.\n /// It can still be transitioned to "deployed" by a successful operation\n ///\n /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.\n failed\n}\n\nenum InstanceSource {\n /// The instance is defined in the project model.\n resident\n\n /// The instance is produced by evaluation of composite instance.\n virtual\n}\n\nmodel InstanceState {\n /// The surrogate CUIDv2 primary key of the instance to allow renaming instances.\n id String @id @default(cuid(2))\n\n /// The ID of the instance managed by the system.\n ///\n /// [InstanceId]\n instanceId String @unique\n\n /// The status of the instance.\n status InstanceStatus\n\n /// The source of the instance.\n source InstanceSource\n\n /// The kind of the instance.\n ///\n /// [InstanceKind]\n kind String\n\n /// The ID of the parent instance state, if this instance is a child of another composite instance.\n parentId String?\n\n /// The 32-bit nonce used to invalidate the input hash when secrets are updated.\n inputHashNonce Int?\n\n /// The calculated instance CRC32 input hash at the moment of last operation completion.\n ///\n /// This hash covers:\n /// - the instance\'s configuration (name, args, secret hashes);\n /// - component definition hash;\n /// - the unit\'s source hash (if applicable);\n /// - the input hashes and output hashes of all input instances.\n inputHash Int?\n\n /// The CRC32 of the SHA256 of the output produced by the instance at the moment of last operation completion.\n ///\n /// Does not depend on anything except the instance\'s output.\n outputHash Int?\n\n /// The calculated CRC32 dependency output hash at the moment of last operation completion.\n ///\n /// This hash is calculated as combination of output hashes of all input instances and nothing else.\n ///\n /// The primary use case of this hash is to "short-circuit" execution:\n /// if the outputs of input instances have not changed, dependent instances can skip execution,\n /// even if their input hashes changed due to upstream config changes.\n /// This prevents unnecessary re-execution of the entire dependency graph when only non-output-affecting inputs are modified.\n dependencyOutputHash Int?\n\n /// The mapping of instance output names to artifact IDs passed via them.\n ///\n /// Used to authorize access to artifacts for other instances connected to these outputs.\n ///\n /// [InstanceArtifactIds]\n exportedArtifactIds Json?\n\n /// The snapshot of the instance model at the moment of last non-preview operation start.\n ///\n /// Null if the instance was never operated on.\n ///\n /// [InstanceModel]\n model Json?\n\n /// The snapshot of the resolved inputs at the moment of last non-preview operation start.\n ///\n /// Null if the instance was never operated on.\n ///\n /// [InstanceResolvedInputs]\n resolvedInputs Json?\n\n /// The count of Pulumi resources currently managed by this instance.\n currentResourceCount Int?\n\n /// The status fields produced by the last operation.\n ///\n /// [InstanceStatusFields]\n statusFields Json?\n\n /// The parent instance.\n parent InstanceState? @relation("InstanceHierarchy", fields: [parentId], references: [id])\n\n /// The child instances, if any.\n children InstanceState[] @relation("InstanceHierarchy")\n\n /// The evaluation state of this instance.\n evaluationState InstanceEvaluationState?\n\n /// The operation states associated with this instance.\n operationStates InstanceOperationState[]\n\n /// The secrets associated with this instance.\n secrets Secret[]\n\n /// The terminals associated with this instance.\n terminals Terminal[]\n\n /// The pages associated with this instance.\n pages Page[]\n\n /// The triggers associated with this instance.\n triggers Trigger[]\n\n /// Custom statuses for this instance.\n customStatuses InstanceCustomStatus[]\n\n /// The lock that is currently held on this instance.\n lock InstanceLock?\n\n /// Worker registrations associated with this instance.\n workerRegistrations WorkerUnitRegistration[]\n\n /// The artifacts produced or used by this instance.\n artifacts Artifact[]\n\n /// The operation logs associated with this instance.\n operationLogs OperationLog[]\n\n /// The user viewports associated with this instance.\n userViewports UserCompositeViewport[]\n}\n\nmodel UserProjectViewport {\n /// The opaque ID of the user to which this viewport belongs.\n userId String @id\n\n /// The viewport of the user project managed by the frontend.\n ///\n /// ![unknown]\n viewport Json\n}\n\nmodel UserCompositeViewport {\n /// The opaque ID of the user to which this viewport belongs.\n userId String\n\n /// The ID of the state of the composite instance to which this viewport belongs.\n stateId String\n\n /// The viewport of the user composite instance managed by the frontend.\n ///\n /// ![unknown]\n viewport Json\n\n /// The instance state to which this viewport belongs.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@id([userId, stateId])\n}\n\nmodel InstanceLock {\n /// The ID of the instance state being locked.\n stateId String @id\n\n /// The metadata of the lock managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The CUIDv2 token to ensure ownership of the lock.\n token String\n\n /// The time when the lock was acquired.\n acquiredAt DateTime @default(now())\n\n /// The instance being locked.\n state InstanceState @relation(fields: [stateId], references: [id])\n}\n\ndatasource db {\n provider = "sqlite"\n url = env("HIGHSTATE_MIGRATION_DATABASE_URL")\n}\n\ngenerator client {\n provider = "prisma-client"\n previewFeatures = ["queryCompiler", "driverAdapters"]\n output = "../../src/database/_generated/project"\n moduleFormat = "esm"\n generatedFileExtension = "ts"\n importFileExtension = "ts"\n}\n\ngenerator json {\n provider = "prisma-json-types-generator"\n}\n\n/// The container for project instances. \n///\n/// Only used when "database" project model storage is used.\nmodel InstanceModel {\n /// The ID of the instance in the format of `{type}:{name}`.\n id String @id\n\n /// The model of the instance managed by the backend.\n ///\n /// [InstanceModel]\n model Json\n\n /// The time when the instance model was created.\n createdAt DateTime @default(now())\n\n /// The time when the instance model was last updated.\n updatedAt DateTime @updatedAt\n}\n\n/// The container for project hubs.\n///\n/// Only used when "database" project model storage is used.\nmodel HubModel {\n /// The CUIDv2 of the hub.\n id String @id\n\n /// The model of the hub managed by the backend.\n ///\n /// [HubModel]\n model Json\n\n /// The time when the hub model was created.\n createdAt DateTime @default(now())\n\n /// The time when the hub model was last updated.\n updatedAt DateTime @updatedAt\n}\n\nenum OperationStatus {\n // transient statuses\n pending\n running\n failing\n\n // stable statuses\n completed\n failed\n cancelled\n}\n\nenum OperationType {\n update\n preview\n destroy\n recreate\n refresh\n}\n\nenum InstanceOperationStatus {\n // transient statuses\n updating\n processing_triggers\n previewing\n destroying\n refreshing\n pending\n cancelling\n\n // stable statuses\n updated\n previewed\n skipped\n destroyed\n refreshed\n cancelled\n failed\n}\n\nmodel Operation {\n /// The CUIDv2 of the operation.\n id String @id @default(cuid(2))\n\n /// The metadata of the operation.\n ///\n /// [OperationMeta]\n meta Json\n\n /// The type of the operation.\n type OperationType\n\n /// The status of the operation.\n status OperationStatus @default(pending)\n\n /// The options of the operation.\n ///\n /// [OperationOptions]\n options Json\n\n /// The IDs of the instances that were exlicitly requested to operate on.\n ///\n /// [InstanceIds]\n requestedInstanceIds Json\n\n /// The execution phases of the operation.\n ///\n /// [OperationPhase[]]\n phases Json?\n\n /// The time when the operation started.\n startedAt DateTime @default(now())\n\n /// The time when the operation was last updated.\n updatedAt DateTime @updatedAt\n\n /// The time when the operation finished.\n finishedAt DateTime?\n\n /// The operation states associated with this operation.\n operationStates InstanceOperationState[]\n\n /// The logs of the operation.\n logs OperationLog[]\n}\n\nmodel InstanceOperationState {\n /// The ID of the operation this state belongs to.\n operationId String\n\n /// The ID of the instance state affected by the operation.\n stateId String\n\n /// The enum representing the current status of the instance from the operation perspective.\n status InstanceOperationStatus\n\n /// The current count of the Pulumi resources being managed by this instance.\n currentResourceCount Int?\n\n /// The total count of the Pulumi resources that this instance is expected to manage.\n totalResourceCount Int?\n\n /// The snapshot of the instance model at the moment of operation start.\n ///\n /// [InstanceModel]\n model Json\n\n /// The snapshot of the resolved inputs at the moment of operation start.\n ///\n /// [InstanceResolvedInputs]\n resolvedInputs Json\n\n /// The time when the operation on this instance started.\n /// Not populated on create, even if the instance is ready to start immediately.\n startedAt DateTime?\n\n /// The time when the operation on this instance finished.\n finishedAt DateTime?\n\n /// The operation this state belongs to.\n operation Operation @relation(fields: [operationId], references: [id])\n\n /// The instance this state belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@id([operationId, stateId])\n}\n\nmodel OperationLog {\n /// The ULID of the log. Also used to extract the timestamp.\n id String @id\n\n /// The ID of the operation this log belongs to.\n operationId String\n\n /// The ID of the instance state this log produced by.\n /// Can be `null` if the log is not associated with any instance.\n stateId String?\n\n /// Whether this log is a system/runtime message (vs unit output).\n isSystem Boolean @default(false)\n\n /// The content of the log.\n content String\n\n /// The operation this log belongs to.\n operation Operation @relation(fields: [operationId], references: [id])\n\n /// The instance this log produced by.\n /// Can be `null` if the log is not associated with any instance.\n state InstanceState? @relation(fields: [stateId], references: [id])\n}\n\n/// The page provides custom UI content for instances and service accounts.\n///\n/// Pages can be created by units to display instance-specific information or by service accounts.\n/// The content consists of blocks that support markdown text, QR codes with optional content display,\n/// and file attachments (inline or artifact references). Instance pages are explicitly deleted\n/// when instances are destroyed.\nmodel Page {\n /// The CUIDv2 of the page.\n id String @id @default(cuid(2))\n\n /// The metadata of the page managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the instance state that owns this page.\n stateId String?\n\n /// The name of the page within the instance.\n /// Will be null if the page is not owned by an instance.\n name String?\n\n /// The ID of the service account that owns this page.\n serviceAccountId String?\n\n /// The content of the page as an array of blocks.\n ///\n /// Supports markdown, QR codes, and file blocks.\n ///\n /// [PageContent]\n content Json\n\n /// The time when the page was created.\n createdAt DateTime @default(now())\n\n /// The time when the page was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this page belongs to if any.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this page belongs to if any. \n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n /// The artifacts used by this page.\n artifacts Artifact[]\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The secret stores sensitive configuration values for instances, service accounts, and system components.\n///\n/// Secrets can be instance-owned (for unit configuration), service account-owned, or system-level\n/// (like Pulumi passwords). \n///\n/// Secrets persist through normal destroy (recreate) operations\n/// and are only deleted when explicitly forgetting instance state with the deleteSecrets flag or when manually deleted.\n///\n/// Secret updates invalidate instance input hashes via inputHashNonce, triggering re-execution\n/// during operations. But the content of the secrets itself do not contribute to the input hash.\n///\n/// System secrets like Pulumi passwords are created on-demand and persist for the whole project lifetime.\nmodel Secret {\n /// The CUIDv2 of the secret.\n id String @id @default(cuid(2))\n\n /// The metadata of the secret managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the state of the instance owning this secret.\n stateId String?\n\n /// The name of the secret within the instance.\n ///\n /// Will be null if the secret is not owned by an instance.\n name String?\n\n /// The name of the secret within the project if the secret is a system secret.\n systemName String? @unique\n\n /// The ID of the service account owning this secret.\n serviceAccountId String?\n\n /// The content of the secret.\n ///\n /// ![unknown]\n content Json\n\n /// The time when the secret was created.\n createdAt DateTime @default(now())\n\n /// The time when the secret was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this secret belongs to.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this secret belongs to.\n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n @@unique([stateId, name]) // the name must be unique within the instance\n}\n\n/// The service account represents an identity for non-human actors in the system.\n///\n/// Service accounts are automatically created for workers and can be manually created\n/// for external integrations. They define the access scope for resources like artifacts,\n/// secrets, terminals, and pages. Multiple API keys can impersonate the same service account,\n/// allowing different authentication tokens to share the same permissions.\nmodel ServiceAccount {\n /// The CUIDv2 of the service account.\n id String @id @default(cuid(2))\n\n /// The metadata of the service account managed by the backend.\n ///\n /// [ServiceAccountMeta]\n meta Json\n\n /// The time when the service account was created.\n createdAt DateTime @default(now())\n\n /// The time when the service account was last updated.\n updatedAt DateTime @updatedAt\n\n /// The workers using this service account.\n workers Worker[]\n\n /// The artifacts used by this service account.\n artifacts Artifact[]\n\n /// The secrets owned by this service account.\n secrets Secret[]\n\n /// The terminals owned by this service account.\n terminals Terminal[]\n\n /// The pages owned by this service account.\n pages Page[]\n\n /// The instance custom statuses attached by this service account.\n customStatuses InstanceCustomStatus[]\n\n /// The API keys impersonating this service account.\n apiKeys ApiKey[]\n}\n\n/// The terminal status indicates whether a terminal can accept new connections.\nenum TerminalStatus {\n /// The terminal is currently active and can create new sessions.\n active\n\n /// The instance was destroyed and the terminal is no longer available, but here for historical purposes.\n unavailable\n}\n\n/// The terminal provides interactive shell access to infrastructure resources.\n///\n/// Terminals can be created by units (owned by instances) or by service accounts.\n/// Each terminal maintains a specification for creating containers that power the terminal,\n/// including image, command, environment, and mounted files.\n///\n/// Instance-owned terminals are marked unavailable when the instance is destroyed, preserving session history.\n/// Service account terminals persist independently.\nmodel Terminal {\n /// The CUIDv2 of the terminal.\n id String @id @default(cuid(2))\n\n /// The metadata of the terminal managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The status of the terminal.\n status TerminalStatus @default(active)\n\n /// The specification for creating the container that powers this terminal.\n ///\n /// Includes image, command, working directory, environment variables, and files.\n ///\n /// [TerminalSpec]\n spec Json\n\n /// The ID of the instance state owning this terminal.\n stateId String?\n\n /// The name of the terminal within the instance.\n ///\n /// Will be null if the terminal is not owned by an instance.\n name String?\n\n /// The ID of the service account owning this terminal.\n serviceAccountId String?\n\n /// The time when the terminal was created.\n createdAt DateTime @default(now())\n\n /// The time when the terminal was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this terminal belongs to.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this terminal belongs to.\n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n /// The terminal sessions associated with this terminal.\n sessions TerminalSession[]\n\n /// The artifacts used by this terminal.\n artifacts Artifact[]\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The terminal session represents a single interactive connection to a terminal.\n///\n/// Each session tracks when it started and finished. All session output is preserved in logs.\nmodel TerminalSession {\n /// The CUIDv2 of the terminal session.\n id String @id @default(cuid(2))\n\n /// The ID of the terminal this session belongs to.\n terminalId String\n\n /// The time when the terminal session started.\n startedAt DateTime @default(now())\n\n /// The time when the terminal session finished.\n finishedAt DateTime?\n\n /// The terminal this session belongs to.\n terminal Terminal @relation(fields: [terminalId], references: [id], onDelete: Cascade)\n\n /// The logs of the terminal session.\n logs TerminalSessionLog[]\n}\n\n/// The terminal session log captures all input and output from a terminal session.\n///\n/// Logs are stored with ULID identifiers for timestamp ordering.\nmodel TerminalSessionLog {\n /// The ULID of the session log. Also used to extract the timestamp.\n id String @id\n\n /// The ID of the terminal session this log belongs to.\n sessionId String\n\n /// The content of the log.\n content String\n\n /// The terminal session this log belongs to.\n session TerminalSession @relation(fields: [sessionId], references: [id], onDelete: Cascade)\n}\n\n/// The trigger defines automated actions that execute in response to specific events.\n///\n/// Triggers are created by units to perform actions at defined points in the instance lifecycle\n/// or on schedule. The spec field determines the trigger type and behavior - currently supporting\n/// before-destroy triggers, with planned support for additional types like cron scheduling.\n/// Triggers are deleted along with their instance.\nmodel Trigger {\n /// The CUIDv2 of the trigger.\n id String @id @default(cuid(2))\n\n /// The metadata of the trigger managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the instance state this trigger belongs to.\n stateId String\n\n /// The name of the trigger within the instance.\n name String\n\n /// The specification of the trigger describing its type and behavior.\n ///\n /// [TriggerSpec]\n spec Json\n\n /// The time when the trigger was created.\n createdAt DateTime @default(now())\n\n /// The time when the trigger was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this trigger belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The unlock method type determines how users authenticate to decrypt project databases.\nenum UnlockMethodType {\n /// The password is used to unlock the project.\n password\n\n /// The passkey (via WebAuthn) is used to unlock the project.\n passkey\n}\n\n/// The unlock method enables decryption of project databases through user authentication.\n///\n/// Each project database is encrypted with a master key, which is then encrypted for each\n/// unlock method\'s recipient using AGE encryption. Users authenticate (password or passkey)\n/// to decrypt their specific AGE identity, which then decrypts the master key.\n///\n/// Multiple unlock methods can exist per project, allowing different authentication paths\n/// to the same encrypted database. When unlock methods are added/removed, the master key\n/// is re-encrypted for the new set of recipients.\n///\n/// The encryptedIdentity contains the AGE identity encrypted with the user\'s authentication\n/// method (password-derived key or WebAuthn), while the recipient is the public key\n/// corresponding to that identity.\nmodel UnlockMethod {\n /// The CUIDv2 of the unlock method.\n id String @id @default(cuid(2))\n\n /// The metadata of the unlock method managed by the backend.\n /// \n /// [UnlockMethodMeta]\n meta Json\n\n /// The type of unlock method.\n type UnlockMethodType\n\n /// The AGE identity encrypted and armored also with AGE.\n encryptedIdentity String\n\n /// The AGE recipient for this unlock method.\n recipient String @unique\n\n /// The time when the unlock method was created.\n createdAt DateTime @default(now())\n\n /// The time when the unlock method was last updated.\n updatedAt DateTime @updatedAt\n}\n\n/// The worker represents a containerized application that extends unit capabilities beyond Pulumi execution.\n///\n/// Workers enable units to perform runtime operations after Pulumi program completion,\n/// such as attaching custom statuses, monitoring resources, or triggering unit reconfigurations.\n/// Since Pulumi programs cannot affect instances after execution, workers bypass this limitation\n/// by providing persistent runtime behavior.\n///\n/// The worker identity (fully qualified image name) indicates the same publisher/party and services as natural authentication mechanism.\n/// All versions of a worker share the same service account, meaning they operate over\n/// the same resources and have the same access scope within the platform.\nmodel Worker {\n /// The CUIDv2 of the worker.\n id String @id @default(cuid(2))\n\n /// The identity of the worker derived from the container image.\n ///\n /// This is the fully qualified image name without the tag or digest.\n /// The format is `{<registry>/}[<namespace>/]<name>`.\n ///\n /// For example: `ghcr.io/highstate/worker` or `docker.io/library/ubuntu`.\n identity String @unique\n\n /// The ID of the service account this worker uses.\n serviceAccountId String @unique\n\n /// The time this worker first appeared in the system.\n createdAt DateTime @default(now())\n\n /// The service account impersonating this worker.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n\n /// The versions of this worker.\n versions WorkerVersion[]\n}\n\nenum WorkerVersionStatus {\n /// The status is unknown.\n unknown\n\n /// The worker is being started by one of the runtimes.\n starting\n\n /// The worker is running and serving registrations.\n running\n\n /// The worker is being stopping (after was starting/running and was disabled).\n stopping\n\n /// The worker is stopped and not serving registrations.\n stopped\n\n /// The worker failed to start/crashed more than the allowed number of times.\n error\n}\n\n/// The worker version represents a specific container image digest of a worker.\n///\n/// Each version corresponds to an immutable container image identified by its SHA256 digest.\n/// Versions are automatically created when units reference new image digests and deleted\n/// when no longer referenced by any unit registrations.\n///\n/// Each version has its own API key for isolation, but all versions of a worker\n/// share the same service account and thus the same access scope within the platform.\n/// The runtime starts containers when registrations exist and stops them when removed.\nmodel WorkerVersion {\n /// The CUIDv2 of the worker version.\n id String @id @default(cuid(2))\n\n /// The metadata of the worker version managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The current status of the worker version reported by the runtime.\n status WorkerVersionStatus @default(unknown)\n\n /// Whether this worker version is enabled and will be launched when project is unclocked.\n enabled Boolean @default(true)\n\n /// The ID of the runtime where this worker version currently runs.\n runtimeId String?\n\n /// The ID of the worker this version belongs to.\n workerId String\n\n /// The digest of the worker version used to identify it.\n /// The format is raw SHA256 digest without the `sha256:` prefix in lowercase hex.\n digest String @unique\n\n /// The ID of the API key this worker version uses.\n apiKeyId String @unique\n\n /// The time this worker version was created.\n createdAt DateTime @default(now())\n\n /// The time this worker version was last updated.\n updatedAt DateTime @updatedAt\n\n /// The worker this version belongs to.\n worker Worker @relation(fields: [workerId], references: [id])\n\n /// The API key this worker version uses.\n apiKey ApiKey @relation(fields: [apiKeyId], references: [id])\n\n /// The unit registrations for this worker version.\n unitRegistrations WorkerUnitRegistration[]\n\n /// The logs produced by this worker version.\n logs WorkerVersionLog[]\n}\n\n/// The worker unit registration tracks which unit instances require specific worker versions.\n///\n/// Units declare worker dependencies through their outputs, creating registrations that\n/// trigger the runtime to start corresponding worker containers. Each registration\n/// includes parameters passed to the worker for unit-specific configuration.\n///\n/// Registrations are managed during operation execution - created when units declare workers\n/// and removed when units are destroyed. Worker versions without registrations are garbage collected.\nmodel WorkerUnitRegistration {\n /// The ID of the state of the unit instance requesting the registration.\n stateId String\n\n /// The name of the worker within the instance.\n name String\n\n /// The parameters of the registration passed by the unit.\n ///\n /// [WorkerUnitRegistrationParams]\n params Json\n\n /// The ID of the worker version this registration currently uses.\n workerVersionId String\n\n /// The time this registration was created.\n createdAt DateTime @default(now())\n\n /// The time this registration was last updated.\n updatedAt DateTime @updatedAt\n\n /// The unit instance requesting the registration.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n /// The worker version this registration currently uses.\n workerVersion WorkerVersion @relation(fields: [workerVersionId], references: [id])\n\n @@id([stateId, name]) // the registration is identified by the instance and name\n}\n\n/// The worker version log captures output from running worker containers.\n///\n/// Logs include both worker-generated output and system messages from the runtime.\n/// The ULID identifier provides timestamp ordering. Logs are deleted with the worker version.\nmodel WorkerVersionLog {\n /// The ULID of the worker log. Also used to extract the timestamp.\n id String @id @default(ulid())\n\n /// The ID of the worker version that produced this log.\n workerVersionId String\n\n /// The log content.\n content String\n\n /// Whether this log is a system/runtime message (vs worker output).\n isSystem Boolean @default(false)\n\n /// The worker version that produced this log.\n workerVersion WorkerVersion @relation(fields: [workerVersionId], references: [id], onDelete: Cascade)\n}\n',
1103
- "inlineSchemaHash": "11cad30382aa59cca87fc517a4ffa6f6cde4018e210593376c17a546ad074de0",
1098
+ "inlineSchema": '/// The API key provides authentication tokens for accessing the platform API.\n///\n/// Each API key impersonates a service account, inheriting its permissions and access scope.\n/// Keys are automatically created for worker versions and can be manually created for\n/// external integrations. The token is a 32-byte random hex string that can be regenerated.\nmodel ApiKey {\n /// The CUIDv2 of the API key.\n id String @id @default(cuid(2))\n\n /// The metadata of the API key managed by the backend.\n ///\n /// [ApiKeyMeta]\n meta Json\n\n /// The ID of the service account impersonated by this API key.\n serviceAccountId String\n\n /// The API token for authentication.\n ///\n /// Should be treated as a secret and only shown once at creation/regeneration.\n token String @unique\n\n /// The time when the API key was created.\n createdAt DateTime @default(now())\n\n /// The time when the API key was last updated.\n updatedAt DateTime @updatedAt\n\n /// The worker version that owns this API key.\n worker WorkerVersion?\n\n /// The service account which this API key impersonates.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n}\n\n/// The artifact represents a file or folder stored in the system.\n///\n/// It can be produced by units or manually uploaded via API by service accounts.\n///\n/// Since different actors can produce the same artifact with the same content and hash,\n/// there is the ownership/usage concept to track which entities produce or use the artifact.\n/// The "ownership" and "usage" are synonymous in this context and often referred to as "usage".\n///\n/// When no usages are present, the artifact will be automatically garbage collected after a certain period.\nmodel Artifact {\n /// The CUIDv2 of the artifact.\n id String @id @default(cuid(2))\n\n /// The metadata of the artifact managed by the backend.\n ///\n /// Since multiple actors can produce the same artifact,\n /// this metadata is the last one provided by any actor.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The SHA256 hash of the artifact content.\n hash String @unique\n\n /// The size of the compressed artifact content in bytes.\n ///\n /// Does not represent the size of the original file or folder,\n /// but the size used to store the artifact in the system.\n size Int\n\n /// The chunk size of the artifact content in bytes.\n /// Used to split the artifact into smaller chunks for storage.\n chunkSize Int\n\n /// The time when the artifact first appeared in the system.\n createdAt DateTime @default(now())\n\n /// The time when the artifact was last updated.\n updatedAt DateTime @updatedAt\n\n /// The service accounts using this artifact.\n serviceAccounts ServiceAccount[]\n\n /// The instances using this artifact.\n instances InstanceState[]\n\n /// The terminals using this artifact.\n terminals Terminal[]\n\n /// The pages using this artifact.\n pages Page[]\n}\n\nmodel InstanceCustomStatus {\n /// The ID of the instance state this status belongs to.\n stateId String\n\n /// The ID of the service account which attached this custom status.\n serviceAccountId String\n\n /// The name of the custom status unique within the instance and service account.\n name String\n\n /// The metadata of the custom status managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The status value of the custom status.\n value String\n\n /// The message describing the instance\'s custom status.\n /// \n /// Can be used to provide additional context or information about the status.\n ///\n /// The message will be displayed in the 800x600 ANSI terminal in the UI,\n /// so different TUI elements should be drawn within this area.\n message String?\n\n /// The order of the custom status in the list of statuses.\n ///\n /// Should be values from 0 to 100, where 0 is the highest priority.\n /// By default, the order is 50.\n order Int @default(50)\n\n /// The time when the custom status was first attached to the instance.\n createdAt DateTime @default(now())\n\n /// The time when the custom status was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this custom status belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n /// The service account this custom status belongs to.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n\n @@id([stateId, serviceAccountId, name]) // the name must be unique within the instance and service account\n}\n\nenum InstanceEvaluationStatus {\n /// transient statuses (not persisted in the database)\n evaluating\n\n /// stable statuses\n evaluated\n error\n}\n\n/// The evaluation state tracks the result of evaluating composite instances to produce virtual instances.\n///\n/// Composite instances are template components that generate other instances (virtual instances) when evaluated.\n/// The evaluation process executes the composite\'s create function with resolved inputs to produce a tree\n/// of child instances. These virtual instances exist in the source "virtual" state and can be units\n/// (mapping to Pulumi resources) or other composites (producing more virtual instances recursively).\n///\n/// Evaluation happens automatically after project unlock and library reloads to keep virtual instances\n/// synchronized with their composite definitions. Evaluation state persists the produced instance model\n/// and tracks success/error status with descriptive messages showing the instance tree or error details.\nmodel InstanceEvaluationState {\n /// The ID of the state of the instance.\n stateId String @id\n\n /// The status of the instance evaluation.\n status InstanceEvaluationStatus\n\n /// The message describing the evaluation status.\n /// If the evaluation is failed, this message will contain the error description.\n message String?\n\n /// The model produced by the evaluation.\n ///\n /// Will be `null` if the evaluation is failed.\n ///\n /// Can be set for both: real composite instances and virtual instances produced by the evaluation.\n ///\n /// [InstanceModel]\n model Json?\n\n /// The time when the last evaluation was finished.\n evaluatedAt DateTime @updatedAt\n\n /// The instance this state belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n}\n\nenum InstanceStatus {\n /// The instance is exists in the model (resident or virtual), but not yet deployed or was completely destroyed.\n ///\n /// "attempted", "deployed" and "failed" instances can be transitioned back to "undeployed" after\n /// successful "destroy" operation.\n undeployed\n\n /// The instance is attempted, but not yet fully deployed.\n ///\n /// Normally, this status is very short-lived, and here to indicate that the instance\n /// cannot be safely deleted from the the model until it will be completely destroyed.\n attempted\n\n /// The initial deployment of the instance was successful.\n ///\n /// The transition of "deployed -> failed" is not possible, so consequent failed operations\n /// will not affect this status.\n ///\n /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.\n deployed\n\n /// The initial deployment of the instance failed.\n /// It can still be transitioned to "deployed" by a successful operation\n ///\n /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.\n failed\n}\n\nenum InstanceSource {\n /// The instance is defined in the project model.\n resident\n\n /// The instance is produced by evaluation of composite instance.\n virtual\n}\n\nmodel InstanceState {\n /// The surrogate CUIDv2 primary key of the instance to allow renaming instances.\n id String @id @default(cuid(2))\n\n /// The ID of the instance managed by the system.\n ///\n /// [InstanceId]\n instanceId String @unique\n\n /// The status of the instance.\n status InstanceStatus\n\n /// The source of the instance.\n source InstanceSource\n\n /// The kind of the instance.\n ///\n /// [InstanceKind]\n kind String\n\n /// The ID of the parent instance state, if this instance is a child of another composite instance.\n parentId String?\n\n /// The 32-bit nonce used to invalidate the input hash when secrets are updated.\n inputHashNonce Int?\n\n /// The calculated instance CRC32 input hash at the moment of last operation completion.\n ///\n /// This hash covers:\n /// - the instance\'s configuration (name, args, secret hashes);\n /// - component definition hash;\n /// - the unit\'s source hash (if applicable);\n /// - the input hashes and output hashes of all input instances.\n inputHash Int?\n\n /// The CRC32 of the SHA256 of the output produced by the instance at the moment of last operation completion.\n ///\n /// Does not depend on anything except the instance\'s output.\n outputHash Int?\n\n /// The calculated CRC32 dependency output hash at the moment of last operation completion.\n ///\n /// This hash is calculated as combination of output hashes of all input instances and nothing else.\n ///\n /// The primary use case of this hash is to "short-circuit" execution:\n /// if the outputs of input instances have not changed, dependent instances can skip execution,\n /// even if their input hashes changed due to upstream config changes.\n /// This prevents unnecessary re-execution of the entire dependency graph when only non-output-affecting inputs are modified.\n dependencyOutputHash Int?\n\n /// The mapping of instance output names to artifact IDs passed via them.\n ///\n /// Used to authorize access to artifacts for other instances connected to these outputs.\n ///\n /// [InstanceArtifactIds]\n exportedArtifactIds Json?\n\n /// The snapshot of the instance model at the moment of last non-preview operation start.\n ///\n /// Null if the instance was never operated on.\n ///\n /// [InstanceModel]\n model Json?\n\n /// The snapshot of the resolved inputs at the moment of last non-preview operation start.\n ///\n /// Null if the instance was never operated on.\n ///\n /// [InstanceResolvedInputs]\n resolvedInputs Json?\n\n /// The count of Pulumi resources currently managed by this instance.\n currentResourceCount Int?\n\n /// The status fields produced by the last operation.\n ///\n /// [InstanceStatusFields]\n statusFields Json?\n\n /// The parent instance.\n parent InstanceState? @relation("InstanceHierarchy", fields: [parentId], references: [id])\n\n /// The child instances, if any.\n children InstanceState[] @relation("InstanceHierarchy")\n\n /// The evaluation state of this instance.\n evaluationState InstanceEvaluationState?\n\n /// The operation states associated with this instance.\n operationStates InstanceOperationState[]\n\n /// The secrets associated with this instance.\n secrets Secret[]\n\n /// The terminals associated with this instance.\n terminals Terminal[]\n\n /// The pages associated with this instance.\n pages Page[]\n\n /// The triggers associated with this instance.\n triggers Trigger[]\n\n /// Custom statuses for this instance.\n customStatuses InstanceCustomStatus[]\n\n /// The lock that is currently held on this instance.\n lock InstanceLock?\n\n /// Worker registrations associated with this instance.\n workerRegistrations WorkerUnitRegistration[]\n\n /// The artifacts produced or used by this instance.\n artifacts Artifact[]\n\n /// The operation logs associated with this instance.\n operationLogs OperationLog[]\n\n /// The user viewports associated with this instance.\n userViewports UserCompositeViewport[]\n}\n\nmodel UserProjectViewport {\n /// The opaque ID of the user to which this viewport belongs.\n userId String @id\n\n /// The viewport of the user project managed by the frontend.\n ///\n /// ![unknown]\n viewport Json\n}\n\nmodel UserCompositeViewport {\n /// The opaque ID of the user to which this viewport belongs.\n userId String\n\n /// The ID of the state of the composite instance to which this viewport belongs.\n stateId String\n\n /// The viewport of the user composite instance managed by the frontend.\n ///\n /// ![unknown]\n viewport Json\n\n /// The instance state to which this viewport belongs.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@id([userId, stateId])\n}\n\nmodel InstanceLock {\n /// The ID of the instance state being locked.\n stateId String @id\n\n /// The metadata of the lock managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The CUIDv2 token to ensure ownership of the lock.\n token String\n\n /// The time when the lock was acquired.\n acquiredAt DateTime @default(now())\n\n /// The instance being locked.\n state InstanceState @relation(fields: [stateId], references: [id])\n}\n\ndatasource db {\n provider = "sqlite"\n url = env("HIGHSTATE_MIGRATION_DATABASE_URL")\n}\n\ngenerator client {\n provider = "prisma-client"\n engineType = "client"\n output = "../../src/database/_generated/project"\n moduleFormat = "esm"\n generatedFileExtension = "ts"\n importFileExtension = "ts"\n}\n\ngenerator json {\n provider = "prisma-json-types-generator"\n}\n\n/// The container for project instances. \n///\n/// Only used when "database" project model storage is used.\nmodel InstanceModel {\n /// The ID of the instance in the format of `{type}:{name}`.\n id String @id\n\n /// The model of the instance managed by the backend.\n ///\n /// [InstanceModel]\n model Json\n\n /// The time when the instance model was created.\n createdAt DateTime @default(now())\n\n /// The time when the instance model was last updated.\n updatedAt DateTime @updatedAt\n}\n\n/// The container for project hubs.\n///\n/// Only used when "database" project model storage is used.\nmodel HubModel {\n /// The CUIDv2 of the hub.\n id String @id\n\n /// The model of the hub managed by the backend.\n ///\n /// [HubModel]\n model Json\n\n /// The time when the hub model was created.\n createdAt DateTime @default(now())\n\n /// The time when the hub model was last updated.\n updatedAt DateTime @updatedAt\n}\n\nenum OperationStatus {\n // transient statuses\n pending\n running\n failing\n cancelling\n\n // stable statuses\n completed\n failed\n cancelled\n}\n\nenum OperationType {\n update\n preview\n destroy\n recreate\n refresh\n}\n\nenum InstanceOperationStatus {\n // transient statuses\n updating\n processing_triggers\n previewing\n destroying\n refreshing\n pending\n cancelling\n\n // stable statuses\n updated\n previewed\n skipped\n destroyed\n refreshed\n cancelled\n failed\n}\n\nmodel Operation {\n /// The CUIDv2 of the operation.\n id String @id @default(cuid(2))\n\n /// The metadata of the operation.\n ///\n /// [OperationMeta]\n meta Json\n\n /// The type of the operation.\n type OperationType\n\n /// The status of the operation.\n status OperationStatus @default(pending)\n\n /// The options of the operation.\n ///\n /// [OperationOptions]\n options Json\n\n /// The IDs of the instances that were exlicitly requested to operate on.\n ///\n /// [InstanceIds]\n requestedInstanceIds Json\n\n /// The execution phases of the operation.\n ///\n /// [OperationPhase[]]\n phases Json?\n\n /// The time when the operation started.\n startedAt DateTime @default(now())\n\n /// The time when the operation was last updated.\n updatedAt DateTime @updatedAt\n\n /// The time when the operation finished.\n finishedAt DateTime?\n\n /// The operation states associated with this operation.\n operationStates InstanceOperationState[]\n\n /// The logs of the operation.\n logs OperationLog[]\n}\n\nmodel InstanceOperationState {\n /// The ID of the operation this state belongs to.\n operationId String\n\n /// The ID of the instance state affected by the operation.\n stateId String\n\n /// The enum representing the current status of the instance from the operation perspective.\n status InstanceOperationStatus\n\n /// The current count of the Pulumi resources being managed by this instance.\n currentResourceCount Int?\n\n /// The total count of the Pulumi resources that this instance is expected to manage.\n totalResourceCount Int?\n\n /// The snapshot of the instance model at the moment of operation start.\n ///\n /// [InstanceModel]\n model Json\n\n /// The snapshot of the resolved inputs at the moment of operation start.\n ///\n /// [InstanceResolvedInputs]\n resolvedInputs Json\n\n /// The time when the operation on this instance started.\n /// Not populated on create, even if the instance is ready to start immediately.\n startedAt DateTime?\n\n /// The time when the operation on this instance finished.\n finishedAt DateTime?\n\n /// The operation this state belongs to.\n operation Operation @relation(fields: [operationId], references: [id])\n\n /// The instance this state belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@id([operationId, stateId])\n}\n\nmodel OperationLog {\n /// The ULID of the log. Also used to extract the timestamp.\n id String @id\n\n /// The ID of the operation this log belongs to.\n operationId String\n\n /// The ID of the instance state this log produced by.\n /// Can be `null` if the log is not associated with any instance.\n stateId String?\n\n /// Whether this log is a system/runtime message (vs unit output).\n isSystem Boolean @default(false)\n\n /// The content of the log.\n content String\n\n /// The operation this log belongs to.\n operation Operation @relation(fields: [operationId], references: [id])\n\n /// The instance this log produced by.\n /// Can be `null` if the log is not associated with any instance.\n state InstanceState? @relation(fields: [stateId], references: [id])\n}\n\n/// The page provides custom UI content for instances and service accounts.\n///\n/// Pages can be created by units to display instance-specific information or by service accounts.\n/// The content consists of blocks that support markdown text, QR codes with optional content display,\n/// and file attachments (inline or artifact references). Instance pages are explicitly deleted\n/// when instances are destroyed.\nmodel Page {\n /// The CUIDv2 of the page.\n id String @id @default(cuid(2))\n\n /// The metadata of the page managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the instance state that owns this page.\n stateId String?\n\n /// The name of the page within the instance.\n /// Will be null if the page is not owned by an instance.\n name String?\n\n /// The ID of the service account that owns this page.\n serviceAccountId String?\n\n /// The content of the page as an array of blocks.\n ///\n /// Supports markdown, QR codes, and file blocks.\n ///\n /// [PageContent]\n content Json\n\n /// The time when the page was created.\n createdAt DateTime @default(now())\n\n /// The time when the page was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this page belongs to if any.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this page belongs to if any. \n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n /// The artifacts used by this page.\n artifacts Artifact[]\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The secret stores sensitive configuration values for instances, service accounts, and system components.\n///\n/// Secrets can be instance-owned (for unit configuration), service account-owned, or system-level\n/// (like Pulumi passwords). \n///\n/// Secrets persist through normal destroy (recreate) operations\n/// and are only deleted when explicitly forgetting instance state with the deleteSecrets flag or when manually deleted.\n///\n/// Secret updates invalidate instance input hashes via inputHashNonce, triggering re-execution\n/// during operations. But the content of the secrets itself do not contribute to the input hash.\n///\n/// System secrets like Pulumi passwords are created on-demand and persist for the whole project lifetime.\nmodel Secret {\n /// The CUIDv2 of the secret.\n id String @id @default(cuid(2))\n\n /// The metadata of the secret managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the state of the instance owning this secret.\n stateId String?\n\n /// The name of the secret within the instance.\n ///\n /// Will be null if the secret is not owned by an instance.\n name String?\n\n /// The name of the secret within the project if the secret is a system secret.\n systemName String? @unique\n\n /// The ID of the service account owning this secret.\n serviceAccountId String?\n\n /// The content of the secret.\n ///\n /// ![unknown]\n content Json\n\n /// The time when the secret was created.\n createdAt DateTime @default(now())\n\n /// The time when the secret was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this secret belongs to.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this secret belongs to.\n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n @@unique([stateId, name]) // the name must be unique within the instance\n}\n\n/// The service account represents an identity for non-human actors in the system.\n///\n/// Service accounts are automatically created for workers and can be manually created\n/// for external integrations. They define the access scope for resources like artifacts,\n/// secrets, terminals, and pages. Multiple API keys can impersonate the same service account,\n/// allowing different authentication tokens to share the same permissions.\nmodel ServiceAccount {\n /// The CUIDv2 of the service account.\n id String @id @default(cuid(2))\n\n /// The metadata of the service account managed by the backend.\n ///\n /// [ServiceAccountMeta]\n meta Json\n\n /// The time when the service account was created.\n createdAt DateTime @default(now())\n\n /// The time when the service account was last updated.\n updatedAt DateTime @updatedAt\n\n /// The workers using this service account.\n workers Worker[]\n\n /// The artifacts used by this service account.\n artifacts Artifact[]\n\n /// The secrets owned by this service account.\n secrets Secret[]\n\n /// The terminals owned by this service account.\n terminals Terminal[]\n\n /// The pages owned by this service account.\n pages Page[]\n\n /// The instance custom statuses attached by this service account.\n customStatuses InstanceCustomStatus[]\n\n /// The API keys impersonating this service account.\n apiKeys ApiKey[]\n}\n\n/// The terminal status indicates whether a terminal can accept new connections.\nenum TerminalStatus {\n /// The terminal is currently active and can create new sessions.\n active\n\n /// The instance was destroyed and the terminal is no longer available, but here for historical purposes.\n unavailable\n}\n\n/// The terminal provides interactive shell access to infrastructure resources.\n///\n/// Terminals can be created by units (owned by instances) or by service accounts.\n/// Each terminal maintains a specification for creating containers that power the terminal,\n/// including image, command, environment, and mounted files.\n///\n/// Instance-owned terminals are marked unavailable when the instance is destroyed, preserving session history.\n/// Service account terminals persist independently.\nmodel Terminal {\n /// The CUIDv2 of the terminal.\n id String @id @default(cuid(2))\n\n /// The metadata of the terminal managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The status of the terminal.\n status TerminalStatus @default(active)\n\n /// The specification for creating the container that powers this terminal.\n ///\n /// Includes image, command, working directory, environment variables, and files.\n ///\n /// [TerminalSpec]\n spec Json\n\n /// The ID of the instance state owning this terminal.\n stateId String?\n\n /// The name of the terminal within the instance.\n ///\n /// Will be null if the terminal is not owned by an instance.\n name String?\n\n /// The ID of the service account owning this terminal.\n serviceAccountId String?\n\n /// The time when the terminal was created.\n createdAt DateTime @default(now())\n\n /// The time when the terminal was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this terminal belongs to.\n state InstanceState? @relation(fields: [stateId], references: [id])\n\n /// The service account this terminal belongs to.\n serviceAccount ServiceAccount? @relation(fields: [serviceAccountId], references: [id])\n\n /// The terminal sessions associated with this terminal.\n sessions TerminalSession[]\n\n /// The artifacts used by this terminal.\n artifacts Artifact[]\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The terminal session represents a single interactive connection to a terminal.\n///\n/// Each session tracks when it started and finished. All session output is preserved in logs.\nmodel TerminalSession {\n /// The CUIDv2 of the terminal session.\n id String @id @default(cuid(2))\n\n /// The ID of the terminal this session belongs to.\n terminalId String\n\n /// The time when the terminal session started.\n startedAt DateTime @default(now())\n\n /// The time when the terminal session finished.\n finishedAt DateTime?\n\n /// The terminal this session belongs to.\n terminal Terminal @relation(fields: [terminalId], references: [id], onDelete: Cascade)\n\n /// The logs of the terminal session.\n logs TerminalSessionLog[]\n}\n\n/// The terminal session log captures all input and output from a terminal session.\n///\n/// Logs are stored with ULID identifiers for timestamp ordering.\nmodel TerminalSessionLog {\n /// The ULID of the session log. Also used to extract the timestamp.\n id String @id\n\n /// The ID of the terminal session this log belongs to.\n sessionId String\n\n /// The content of the log.\n content String\n\n /// The terminal session this log belongs to.\n session TerminalSession @relation(fields: [sessionId], references: [id], onDelete: Cascade)\n}\n\n/// The trigger defines automated actions that execute in response to specific events.\n///\n/// Triggers are created by units to perform actions at defined points in the instance lifecycle\n/// or on schedule. The spec field determines the trigger type and behavior - currently supporting\n/// before-destroy triggers, with planned support for additional types like cron scheduling.\n/// Triggers are deleted along with their instance.\nmodel Trigger {\n /// The CUIDv2 of the trigger.\n id String @id @default(cuid(2))\n\n /// The metadata of the trigger managed by the backend.\n ///\n /// [GlobalCommonObjectMeta]\n meta Json\n\n /// The ID of the instance state this trigger belongs to.\n stateId String\n\n /// The name of the trigger within the instance.\n name String\n\n /// The specification of the trigger describing its type and behavior.\n ///\n /// [TriggerSpec]\n spec Json\n\n /// The time when the trigger was created.\n createdAt DateTime @default(now())\n\n /// The time when the trigger was last updated.\n updatedAt DateTime @updatedAt\n\n /// The instance this trigger belongs to.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n @@unique([stateId, name]) // the name is unique within the instance\n}\n\n/// The unlock method type determines how users authenticate to decrypt project databases.\nenum UnlockMethodType {\n /// The password is used to unlock the project.\n password\n\n /// The passkey (via WebAuthn) is used to unlock the project.\n passkey\n}\n\n/// The unlock method enables decryption of project databases through user authentication.\n///\n/// Each project database is encrypted with a master key, which is then encrypted for each\n/// unlock method\'s recipient using AGE encryption. Users authenticate (password or passkey)\n/// to decrypt their specific AGE identity, which then decrypts the master key.\n///\n/// Multiple unlock methods can exist per project, allowing different authentication paths\n/// to the same encrypted database. When unlock methods are added/removed, the master key\n/// is re-encrypted for the new set of recipients.\n///\n/// The encryptedIdentity contains the AGE identity encrypted with the user\'s authentication\n/// method (password-derived key or WebAuthn), while the recipient is the public key\n/// corresponding to that identity.\nmodel UnlockMethod {\n /// The CUIDv2 of the unlock method.\n id String @id @default(cuid(2))\n\n /// The metadata of the unlock method managed by the backend.\n /// \n /// [UnlockMethodMeta]\n meta Json\n\n /// The type of unlock method.\n type UnlockMethodType\n\n /// The AGE identity encrypted and armored also with AGE.\n encryptedIdentity String\n\n /// The AGE recipient for this unlock method.\n recipient String @unique\n\n /// The time when the unlock method was created.\n createdAt DateTime @default(now())\n\n /// The time when the unlock method was last updated.\n updatedAt DateTime @updatedAt\n}\n\n/// The worker represents a containerized application that extends unit capabilities beyond Pulumi execution.\n///\n/// Workers enable units to perform runtime operations after Pulumi program completion,\n/// such as attaching custom statuses, monitoring resources, or triggering unit reconfigurations.\n/// Since Pulumi programs cannot affect instances after execution, workers bypass this limitation\n/// by providing persistent runtime behavior.\n///\n/// The worker identity (fully qualified image name) indicates the same publisher/party and services as natural authentication mechanism.\n/// All versions of a worker share the same service account, meaning they operate over\n/// the same resources and have the same access scope within the platform.\nmodel Worker {\n /// The CUIDv2 of the worker.\n id String @id @default(cuid(2))\n\n /// The identity of the worker derived from the container image.\n ///\n /// This is the fully qualified image name without the tag or digest.\n /// The format is `{<registry>/}[<namespace>/]<name>`.\n ///\n /// For example: `ghcr.io/highstate/worker` or `docker.io/library/ubuntu`.\n identity String @unique\n\n /// The ID of the service account this worker uses.\n serviceAccountId String @unique\n\n /// The time this worker first appeared in the system.\n createdAt DateTime @default(now())\n\n /// The service account impersonating this worker.\n serviceAccount ServiceAccount @relation(fields: [serviceAccountId], references: [id])\n\n /// The versions of this worker.\n versions WorkerVersion[]\n}\n\nenum WorkerVersionStatus {\n /// The status is unknown.\n unknown\n\n /// The worker is being started by one of the runtimes.\n starting\n\n /// The worker is running and serving registrations.\n running\n\n /// The worker is being stopping (after was starting/running and was disabled).\n stopping\n\n /// The worker is stopped and not serving registrations.\n stopped\n\n /// The worker failed to start/crashed more than the allowed number of times.\n error\n}\n\n/// The worker version represents a specific container image digest of a worker.\n///\n/// Each version corresponds to an immutable container image identified by its SHA256 digest.\n/// Versions are automatically created when units reference new image digests and deleted\n/// when no longer referenced by any unit registrations.\n///\n/// Each version has its own API key for isolation, but all versions of a worker\n/// share the same service account and thus the same access scope within the platform.\n/// The runtime starts containers when registrations exist and stops them when removed.\nmodel WorkerVersion {\n /// The CUIDv2 of the worker version.\n id String @id @default(cuid(2))\n\n /// The metadata of the worker version managed by the backend.\n ///\n /// [CommonObjectMeta]\n meta Json\n\n /// The current status of the worker version reported by the runtime.\n status WorkerVersionStatus @default(unknown)\n\n /// Whether this worker version is enabled and will be launched when project is unclocked.\n enabled Boolean @default(true)\n\n /// The ID of the runtime where this worker version currently runs.\n runtimeId String?\n\n /// The ID of the worker this version belongs to.\n workerId String\n\n /// The digest of the worker version used to identify it.\n /// The format is raw SHA256 digest without the `sha256:` prefix in lowercase hex.\n digest String @unique\n\n /// The ID of the API key this worker version uses.\n apiKeyId String @unique\n\n /// The time this worker version was created.\n createdAt DateTime @default(now())\n\n /// The time this worker version was last updated.\n updatedAt DateTime @updatedAt\n\n /// The worker this version belongs to.\n worker Worker @relation(fields: [workerId], references: [id])\n\n /// The API key this worker version uses.\n apiKey ApiKey @relation(fields: [apiKeyId], references: [id])\n\n /// The unit registrations for this worker version.\n unitRegistrations WorkerUnitRegistration[]\n\n /// The logs produced by this worker version.\n logs WorkerVersionLog[]\n}\n\n/// The worker unit registration tracks which unit instances require specific worker versions.\n///\n/// Units declare worker dependencies through their outputs, creating registrations that\n/// trigger the runtime to start corresponding worker containers. Each registration\n/// includes parameters passed to the worker for unit-specific configuration.\n///\n/// Registrations are managed during operation execution - created when units declare workers\n/// and removed when units are destroyed. Worker versions without registrations are garbage collected.\nmodel WorkerUnitRegistration {\n /// The ID of the state of the unit instance requesting the registration.\n stateId String\n\n /// The name of the worker within the instance.\n name String\n\n /// The parameters of the registration passed by the unit.\n ///\n /// [WorkerUnitRegistrationParams]\n params Json\n\n /// The ID of the worker version this registration currently uses.\n workerVersionId String\n\n /// The time this registration was created.\n createdAt DateTime @default(now())\n\n /// The time this registration was last updated.\n updatedAt DateTime @updatedAt\n\n /// The unit instance requesting the registration.\n state InstanceState @relation(fields: [stateId], references: [id])\n\n /// The worker version this registration currently uses.\n workerVersion WorkerVersion @relation(fields: [workerVersionId], references: [id])\n\n @@id([stateId, name]) // the registration is identified by the instance and name\n}\n\n/// The worker version log captures output from running worker containers.\n///\n/// Logs include both worker-generated output and system messages from the runtime.\n/// The ULID identifier provides timestamp ordering. Logs are deleted with the worker version.\nmodel WorkerVersionLog {\n /// The ULID of the worker log. Also used to extract the timestamp.\n id String @id @default(ulid())\n\n /// The ID of the worker version that produced this log.\n workerVersionId String\n\n /// The log content.\n content String\n\n /// Whether this log is a system/runtime message (vs worker output).\n isSystem Boolean @default(false)\n\n /// The worker version that produced this log.\n workerVersion WorkerVersion @relation(fields: [workerVersionId], references: [id], onDelete: Cascade)\n}\n',
1099
+ "inlineSchemaHash": "fc5ea844a808f0d7f4166fedc540677a419261e61b6e3707c9a567599945adab",
1104
1100
  "copyEngine": true,
1105
1101
  "runtimeDataModel": {
1106
1102
  "models": {},
@@ -1113,8 +1109,7 @@ config3.runtimeDataModel = JSON.parse('{"models":{"ApiKey":{"fields":[{"name":"i
1113
1109
  config3.engineWasm = void 0;
1114
1110
  async function decodeBase64AsWasm3(wasmBase64) {
1115
1111
  const { Buffer: Buffer2 } = await import('node:buffer');
1116
- const base64Data = wasmBase64.replace("data:application/wasm;base64,", "");
1117
- const wasmArray = new Uint8Array(Buffer2.from(base64Data, "base64"));
1112
+ const wasmArray = Buffer2.from(wasmBase64, "base64");
1118
1113
  return new WebAssembly.Module(wasmArray);
1119
1114
  }
1120
1115
  config3.compilerWasm = {
@@ -1128,7 +1123,6 @@ function getPrismaClientClass3(dirname5) {
1128
1123
  config3.dirname = dirname5;
1129
1124
  return runtime2.getPrismaClient(config3);
1130
1125
  }
1131
- runtime2.Public.validator;
1132
1126
  runtime2.Extensions.getExtensionContext;
1133
1127
  ({
1134
1128
  DbNull: runtime2.objectEnumValues.classes.DbNull,
@@ -1144,8 +1138,8 @@ runtime2.makeStrictEnum({
1144
1138
  runtime2.Extensions.defineExtension;
1145
1139
 
1146
1140
  // src/database/_generated/project/client.ts
1147
- var __dirname3 = path4.dirname(fileURLToPath(import.meta.url));
1148
- var PrismaClient3 = getPrismaClientClass3(__dirname3);
1141
+ globalThis["__dirname"] = path4.dirname(fileURLToPath(import.meta.url));
1142
+ var PrismaClient3 = getPrismaClientClass3(__dirname);
1149
1143
 
1150
1144
  // src/database/local/project.ts
1151
1145
  var LocalProjectDatabaseBackend = class _LocalProjectDatabaseBackend {
@@ -1376,6 +1370,25 @@ var InstanceStateService = class {
1376
1370
  * @param options Configuration options for terminal and secret handling.
1377
1371
  */
1378
1372
  async forgetInstanceState(projectId, instanceId, { deleteSecrets = false, clearTerminalData = false } = {}) {
1373
+ await this.forgetInstanceStates(projectId, [instanceId], {
1374
+ deleteSecrets,
1375
+ clearTerminalData
1376
+ });
1377
+ }
1378
+ /**
1379
+ * Forgets states for multiple instances in a single transaction.
1380
+ *
1381
+ * The transaction ensures the operation is all-or-nothing.
1382
+ * Side effects are still performed after commit.
1383
+ *
1384
+ * @param projectId The ID of the project containing the instances.
1385
+ * @param instanceIds The IDs of the instances whose states are to be forgotten.
1386
+ * @param options Configuration options for terminal and secret handling.
1387
+ */
1388
+ async forgetInstanceStates(projectId, instanceIds, { deleteSecrets = false, clearTerminalData = false } = {}) {
1389
+ if (instanceIds.length === 0) {
1390
+ return;
1391
+ }
1379
1392
  const database = await this.database.forProject(projectId);
1380
1393
  const project = await this.database.backend.project.findUnique({
1381
1394
  where: { id: projectId },
@@ -1384,34 +1397,41 @@ var InstanceStateService = class {
1384
1397
  if (!project) {
1385
1398
  throw new ProjectNotFoundError(projectId);
1386
1399
  }
1400
+ const uniqueInstanceIds = Array.from(new Set(instanceIds));
1387
1401
  const unitInstancesToCleanup = [];
1388
1402
  const updatedStateIds = [];
1389
1403
  await database.$transaction(async (tx) => {
1390
- const state = await tx.instanceState.findUnique({
1391
- where: { instanceId },
1392
- select: {
1393
- id: true,
1394
- kind: true,
1395
- instanceId: true,
1396
- lock: { select: { stateId: true } }
1404
+ for (const instanceId of uniqueInstanceIds) {
1405
+ const state = await tx.instanceState.findUnique({
1406
+ where: { instanceId },
1407
+ select: {
1408
+ id: true,
1409
+ kind: true,
1410
+ instanceId: true,
1411
+ lock: { select: { stateId: true } }
1412
+ }
1413
+ });
1414
+ if (!state) {
1415
+ throw new InstanceStateNotFoundError(projectId, instanceId);
1397
1416
  }
1398
- });
1399
- if (!state) {
1400
- throw new InstanceStateNotFoundError(projectId, instanceId);
1401
- }
1402
- if (state.lock) {
1403
- throw new InstanceLockedError(projectId, instanceId);
1417
+ if (state.lock) {
1418
+ throw new InstanceLockedError(projectId, instanceId);
1419
+ }
1420
+ await this.processInstanceDeletion(
1421
+ tx,
1422
+ projectId,
1423
+ state,
1424
+ { deleteSecrets, clearTerminalData },
1425
+ unitInstancesToCleanup,
1426
+ updatedStateIds
1427
+ );
1404
1428
  }
1405
- await this.processInstanceDeletion(
1406
- tx,
1407
- projectId,
1408
- state,
1409
- { deleteSecrets, clearTerminalData },
1410
- unitInstancesToCleanup,
1411
- updatedStateIds
1412
- );
1413
1429
  });
1414
- for (const updatedStateId of updatedStateIds) {
1430
+ const uniqueUpdatedStateIds = Array.from(new Set(updatedStateIds));
1431
+ const uniqueUnitInstancesToCleanup = Array.from(
1432
+ new Map(unitInstancesToCleanup.map((item) => [item.id, item])).values()
1433
+ );
1434
+ for (const updatedStateId of uniqueUpdatedStateIds) {
1415
1435
  void this.pubsubManager.publish(["instance-state", projectId], {
1416
1436
  type: "patched",
1417
1437
  stateId: updatedStateId,
@@ -1437,8 +1457,8 @@ var InstanceStateService = class {
1437
1457
  await waitAll([
1438
1458
  this.workerService.cleanupWorkerUsageAndSync(projectId),
1439
1459
  this.artifactService.collectGarbage(projectId),
1440
- ...unitInstancesToCleanup.map(async ({ id, instanceId: instanceId2 }) => {
1441
- const [instanceType, instanceName] = parseInstanceId(instanceId2);
1460
+ ...uniqueUnitInstancesToCleanup.map(async ({ id, instanceId }) => {
1461
+ const [instanceType, instanceName] = parseInstanceId(instanceId);
1442
1462
  await this.runnerBackend.deleteState({
1443
1463
  projectId: project.id,
1444
1464
  stateId: id,
@@ -1450,7 +1470,7 @@ var InstanceStateService = class {
1450
1470
  ]);
1451
1471
  } catch (error) {
1452
1472
  this.logger.warn(
1453
- { error, projectId, instanceId },
1473
+ { error, projectId, instanceIds: uniqueInstanceIds },
1454
1474
  "failed to perform side effects after forgetting instance state"
1455
1475
  );
1456
1476
  }
@@ -1504,7 +1524,7 @@ var InstanceStateService = class {
1504
1524
  unitInstancesToCleanup.push({ id: state.id, instanceId: state.instanceId });
1505
1525
  }
1506
1526
  updatedStateIds.push(state.id);
1507
- this.logger.info({ projectId }, `marked state "%s" as deleted`, state.id);
1527
+ this.logger.info({ projectId }, `marked state "%s" as undeployed`, state.id);
1508
1528
  if (state.kind === "composite") {
1509
1529
  const childStates = await tx.instanceState.findMany({
1510
1530
  where: {
@@ -5276,9 +5296,7 @@ var LocalLibraryBackend = class _LocalLibraryBackend {
5276
5296
  }
5277
5297
  }
5278
5298
  async resolveLibraryPackageForPath(path5) {
5279
- const existingPackage = Array.from(this.packages.values()).find(
5280
- (pkg) => path5.startsWith(pkg.rootPath)
5281
- );
5299
+ const existingPackage = Array.from(this.packages.values()).filter((pkg) => path5 === pkg.rootPath || path5.startsWith(`${pkg.rootPath}/`)).toSorted((a, b) => b.rootPath.length - a.rootPath.length).at(0);
5282
5300
  if (existingPackage) {
5283
5301
  return existingPackage;
5284
5302
  }
@@ -8159,10 +8177,10 @@ var OperationWorkset = class {
8159
8177
  this.operationId,
8160
8178
  options
8161
8179
  );
8180
+ Object.assign(state, patch);
8162
8181
  if (state.parentInstanceId && this.currentPhase !== "preview") {
8163
8182
  await this.recalculateCompositeInstanceState(state.parentInstanceId);
8164
8183
  }
8165
- Object.assign(state, patch);
8166
8184
  }
8167
8185
  getAffectedCompositeChildren(instanceId) {
8168
8186
  if (this.currentPhase === "destroy") {
@@ -8174,28 +8192,29 @@ var OperationWorkset = class {
8174
8192
  const state = this.context.getState(instanceId);
8175
8193
  let currentResourceCount = 0;
8176
8194
  let totalResourceCount = 0;
8177
- let knownTotatalResourceCount = 0;
8195
+ let knownTotalResourceCount = 0;
8178
8196
  const children = this.context.getStateChildIds(instanceId);
8179
8197
  for (const childId of children) {
8180
8198
  const child = this.context.getState(childId);
8181
- if (child?.lastOperationState?.currentResourceCount) {
8199
+ if (child?.lastOperationState?.currentResourceCount != null) {
8182
8200
  currentResourceCount += child.lastOperationState.currentResourceCount;
8183
8201
  }
8184
- if (child?.lastOperationState?.totalResourceCount) {
8202
+ if (child?.lastOperationState?.totalResourceCount != null) {
8185
8203
  totalResourceCount += child.lastOperationState.totalResourceCount;
8186
- knownTotatalResourceCount += 1;
8204
+ knownTotalResourceCount += 1;
8187
8205
  }
8188
8206
  }
8189
- const averageTotalResourceCount = knownTotatalResourceCount > 0 ? Math.round(totalResourceCount / knownTotatalResourceCount) : 0;
8190
- const notKnownTotalResourceCount = children.length - knownTotatalResourceCount;
8207
+ const averageTotalResourceCount = knownTotalResourceCount > 0 ? Math.round(totalResourceCount / knownTotalResourceCount) : 0;
8208
+ const notKnownTotalResourceCount = children.length - knownTotalResourceCount;
8191
8209
  totalResourceCount += notKnownTotalResourceCount * averageTotalResourceCount;
8192
8210
  const finalTotalResourceCount = this.currentPhase === "destroy" && state.lastOperationState?.totalResourceCount ? (
8193
8211
  // do not override totalResourceCount with lower values when destroying instances
8194
- Math.min(totalResourceCount, state.lastOperationState.totalResourceCount)
8212
+ Math.max(totalResourceCount, state.lastOperationState.totalResourceCount)
8195
8213
  ) : totalResourceCount;
8196
8214
  await this.updateState(instanceId, {
8197
8215
  operationState: {
8198
- status: this.getTransientStatusByOperationPhase(),
8216
+ status: !state.lastOperationState?.status || // do not override final statuses
8217
+ isTransientInstanceOperationStatus(state.lastOperationState.status) ? this.getTransientStatusByOperationPhase() : state.lastOperationState.status,
8199
8218
  currentResourceCount,
8200
8219
  totalResourceCount: finalTotalResourceCount
8201
8220
  }
@@ -8328,9 +8347,17 @@ var RuntimeOperation = class {
8328
8347
  unlockToken = createId();
8329
8348
  cancel() {
8330
8349
  this.workset.cancel();
8350
+ this.tryMarkOperationCancelling();
8331
8351
  }
8332
8352
  cancelInstance(instanceId) {
8333
8353
  this.workset.cancelInstance(instanceId);
8354
+ this.tryMarkOperationCancelling();
8355
+ }
8356
+ tryMarkOperationCancelling() {
8357
+ if (this.operation.status === "pending" || this.operation.status === "running") {
8358
+ this.operation.status = "cancelling";
8359
+ this.promiseTracker.track(this.updateOperation({ status: this.operation.status }));
8360
+ }
8334
8361
  }
8335
8362
  async operateSafe() {
8336
8363
  try {
@@ -8958,10 +8985,6 @@ ${errors.join("\n")}`
8958
8985
  if (unfinishedStates.length === 0) {
8959
8986
  return;
8960
8987
  }
8961
- this.logger.warn(
8962
- "finalizing %d unfinished operation states before shutting down",
8963
- unfinishedStates.length
8964
- );
8965
8988
  for (const state of unfinishedStates) {
8966
8989
  await this.workset.updateState(state.instanceId, {
8967
8990
  operationState: {
@@ -8972,6 +8995,7 @@ ${errors.join("\n")}`
8972
8995
  status: state.status === "deployed" ? "deployed" : "failed"
8973
8996
  }
8974
8997
  });
8998
+ this.logger.warn(`finalized operation state for unfinished instance "%s"`, state.instanceId);
8975
8999
  }
8976
9000
  }
8977
9001
  /**