@lucern/contracts 0.3.0-alpha.1 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/dist/api-enums.contract.d.ts +5 -3
  3. package/dist/api-enums.contract.js +14 -12
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/component-boundary.contract.d.ts +14 -0
  6. package/dist/component-boundary.contract.js +174 -0
  7. package/dist/component-boundary.contract.js.map +1 -0
  8. package/dist/component-host-boundary.contract.d.ts +46 -0
  9. package/dist/component-host-boundary.contract.js +60 -0
  10. package/dist/component-host-boundary.contract.js.map +1 -0
  11. package/dist/context-pack.contract.d.ts +5 -3
  12. package/dist/context-pack.contract.js.map +1 -1
  13. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  14. package/dist/{dsl-BgpoVOVQ.d.ts → dsl-DVPthQGY.d.ts} +2 -2
  15. package/dist/dsl.d.ts +2 -2
  16. package/dist/dsl.js +1 -4
  17. package/dist/dsl.js.map +1 -1
  18. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
  19. package/dist/function-registry/beliefs.d.ts +54 -41
  20. package/dist/function-registry/beliefs.js +759 -38
  21. package/dist/function-registry/beliefs.js.map +1 -1
  22. package/dist/function-registry/coding.d.ts +9 -0
  23. package/dist/function-registry/coding.js +811 -39
  24. package/dist/function-registry/coding.js.map +1 -1
  25. package/dist/function-registry/context.d.ts +19 -13
  26. package/dist/function-registry/context.js +750 -42
  27. package/dist/function-registry/context.js.map +1 -1
  28. package/dist/function-registry/contracts.d.ts +6 -0
  29. package/dist/function-registry/contracts.js +715 -35
  30. package/dist/function-registry/contracts.js.map +1 -1
  31. package/dist/function-registry/coordination.d.ts +12 -0
  32. package/dist/function-registry/coordination.js +715 -35
  33. package/dist/function-registry/coordination.js.map +1 -1
  34. package/dist/function-registry/edges.d.ts +165 -0
  35. package/dist/function-registry/edges.js +923 -67
  36. package/dist/function-registry/edges.js.map +1 -1
  37. package/dist/function-registry/evidence.d.ts +44 -33
  38. package/dist/function-registry/evidence.js +769 -47
  39. package/dist/function-registry/evidence.js.map +1 -1
  40. package/dist/function-registry/graph.d.ts +149 -53
  41. package/dist/function-registry/graph.js +831 -42
  42. package/dist/function-registry/graph.js.map +1 -1
  43. package/dist/function-registry/helpers.d.ts +6 -3
  44. package/dist/function-registry/helpers.js +716 -36
  45. package/dist/function-registry/helpers.js.map +1 -1
  46. package/dist/function-registry/identity.d.ts +6 -0
  47. package/dist/function-registry/identity.js +715 -35
  48. package/dist/function-registry/identity.js.map +1 -1
  49. package/dist/function-registry/index.d.ts +5 -3
  50. package/dist/function-registry/index.js +722 -39
  51. package/dist/function-registry/index.js.map +1 -1
  52. package/dist/function-registry/judgments.d.ts +14 -9
  53. package/dist/function-registry/judgments.js +727 -38
  54. package/dist/function-registry/judgments.js.map +1 -1
  55. package/dist/function-registry/legacy.d.ts +4 -0
  56. package/dist/function-registry/legacy.js +715 -35
  57. package/dist/function-registry/legacy.js.map +1 -1
  58. package/dist/function-registry/lenses.d.ts +24 -17
  59. package/dist/function-registry/lenses.js +738 -38
  60. package/dist/function-registry/lenses.js.map +1 -1
  61. package/dist/function-registry/manifest.d.ts +6 -6
  62. package/dist/function-registry/manifest.js +18 -2
  63. package/dist/function-registry/manifest.js.map +1 -1
  64. package/dist/function-registry/nodes.d.ts +412 -0
  65. package/dist/function-registry/nodes.js +5303 -0
  66. package/dist/function-registry/nodes.js.map +1 -0
  67. package/dist/function-registry/ontologies.d.ts +59 -45
  68. package/dist/function-registry/ontologies.js +733 -41
  69. package/dist/function-registry/ontologies.js.map +1 -1
  70. package/dist/function-registry/pipeline.d.ts +19 -13
  71. package/dist/function-registry/pipeline.js +724 -38
  72. package/dist/function-registry/pipeline.js.map +1 -1
  73. package/dist/function-registry/questions.d.ts +64 -49
  74. package/dist/function-registry/questions.js +812 -43
  75. package/dist/function-registry/questions.js.map +1 -1
  76. package/dist/function-registry/tasks.d.ts +24 -17
  77. package/dist/function-registry/tasks.js +776 -44
  78. package/dist/function-registry/tasks.js.map +1 -1
  79. package/dist/function-registry/topics.d.ts +109 -21
  80. package/dist/function-registry/topics.js +797 -39
  81. package/dist/function-registry/topics.js.map +1 -1
  82. package/dist/function-registry/types.d.ts +6 -2
  83. package/dist/function-registry/worktrees.d.ts +94 -41
  84. package/dist/function-registry/worktrees.js +854 -47
  85. package/dist/function-registry/worktrees.js.map +1 -1
  86. package/dist/function-registry-input-audit.d.ts +13 -0
  87. package/dist/function-registry-input-audit.js +166 -0
  88. package/dist/function-registry-input-audit.js.map +1 -0
  89. package/dist/gateway.contract.d.ts +5 -0
  90. package/dist/gateway.contract.js.map +1 -1
  91. package/dist/generated/convexSchemas.d.ts +3 -3
  92. package/dist/generated/convexSchemas.js +38 -18
  93. package/dist/generated/convexSchemas.js.map +1 -1
  94. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  95. package/dist/generated/infisicalRuntimeEnv.js +26572 -0
  96. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  97. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  98. package/dist/generated/lucernGatewayEnv.js +38 -0
  99. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  100. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  101. package/dist/generated/lucernWebPublicEnv.js +32 -0
  102. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  103. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  104. package/dist/generated/lucernWebServerEnv.js +51 -0
  105. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  106. package/dist/generated/schema-manifest.json +1199 -138
  107. package/dist/generated/tableOwnership.d.ts +47 -27
  108. package/dist/generated/tableOwnership.js +66 -26
  109. package/dist/generated/tableOwnership.js.map +1 -1
  110. package/dist/generated/tier-expectations.json +62 -8
  111. package/dist/graph-intelligence.contract.d.ts +506 -0
  112. package/dist/graph-intelligence.contract.js +595 -0
  113. package/dist/graph-intelligence.contract.js.map +1 -0
  114. package/dist/graph-types/index.d.ts +5 -1
  115. package/dist/graph-types/index.js +15 -4
  116. package/dist/graph-types/index.js.map +1 -1
  117. package/dist/index-CM1Pl_vI.d.ts +28 -0
  118. package/dist/index.d.ts +29 -414
  119. package/dist/index.js +34791 -1088
  120. package/dist/index.js.map +1 -1
  121. package/dist/infisical-runtime.contract.d.ts +1768 -0
  122. package/dist/infisical-runtime.contract.js +3093 -0
  123. package/dist/infisical-runtime.contract.js.map +1 -0
  124. package/dist/lens-filter.contract.js +4 -3
  125. package/dist/lens-filter.contract.js.map +1 -1
  126. package/dist/lens-workflow.contract.js +4 -3
  127. package/dist/lens-workflow.contract.js.map +1 -1
  128. package/dist/manifests/edge-policy-manifest.d.ts +2 -0
  129. package/dist/manifests/edge-policy-manifest.data.d.ts +13 -0
  130. package/dist/manifests/edge-policy-manifest.data.js +26 -0
  131. package/dist/manifests/edge-policy-manifest.data.js.map +1 -0
  132. package/dist/manifests/edge-policy-manifest.js +92 -0
  133. package/dist/manifests/edge-policy-manifest.js.map +1 -0
  134. package/dist/manifests/infisical-runtime-manifest.d.ts +1672 -0
  135. package/dist/manifests/infisical-runtime-manifest.js +2948 -0
  136. package/dist/manifests/infisical-runtime-manifest.js.map +1 -0
  137. package/dist/manifests/invariant-manifest.d.ts +65 -0
  138. package/dist/manifests/invariant-manifest.js +18 -0
  139. package/dist/manifests/invariant-manifest.js.map +1 -0
  140. package/dist/manifests/invariants/ast-utils.d.ts +14 -0
  141. package/dist/manifests/invariants/ast-utils.js +54 -0
  142. package/dist/manifests/invariants/ast-utils.js.map +1 -0
  143. package/dist/manifests/invariants/index.d.ts +15 -0
  144. package/dist/manifests/invariants/index.js +183 -0
  145. package/dist/manifests/invariants/index.js.map +1 -0
  146. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +12 -0
  147. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +94 -0
  148. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +1 -0
  149. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +12 -0
  150. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +99 -0
  151. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +1 -0
  152. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +12 -0
  153. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +42 -0
  154. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +1 -0
  155. package/dist/manifests/tenant-client-manifest.d.ts +322 -0
  156. package/dist/manifests/tenant-client-manifest.js +432 -0
  157. package/dist/manifests/tenant-client-manifest.js.map +1 -0
  158. package/dist/mcp-gateway-boundary.contract.d.ts +201 -0
  159. package/dist/mcp-gateway-boundary.contract.js +45 -0
  160. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  161. package/dist/projections/check-convex-args-shape.d.ts +3 -0
  162. package/dist/projections/check-convex-args-shape.js +403 -0
  163. package/dist/projections/check-convex-args-shape.js.map +1 -0
  164. package/dist/projections/create-evidence.projection.d.ts +176 -0
  165. package/dist/projections/create-evidence.projection.js +130 -0
  166. package/dist/projections/create-evidence.projection.js.map +1 -0
  167. package/dist/projections/index.d.ts +102 -0
  168. package/dist/projections/index.js +352 -0
  169. package/dist/projections/index.js.map +1 -0
  170. package/dist/projections/list-beliefs.projection.d.ts +36 -0
  171. package/dist/projections/list-beliefs.projection.js +54 -0
  172. package/dist/projections/list-beliefs.projection.js.map +1 -0
  173. package/dist/projections/list-tasks.projection.d.ts +44 -0
  174. package/dist/projections/list-tasks.projection.js +57 -0
  175. package/dist/projections/list-tasks.projection.js.map +1 -0
  176. package/dist/projections/modulate-confidence.projection.d.ts +219 -0
  177. package/dist/projections/modulate-confidence.projection.js +148 -0
  178. package/dist/projections/modulate-confidence.projection.js.map +1 -0
  179. package/dist/projections/projection-dsl.d.ts +11 -0
  180. package/dist/projections/projection-dsl.js +8 -0
  181. package/dist/projections/projection-dsl.js.map +1 -0
  182. package/dist/proof-attestation.json +45 -0
  183. package/dist/schema-helpers/enumValidation.js +2 -5
  184. package/dist/schema-helpers/enumValidation.js.map +1 -1
  185. package/dist/schema-helpers/spine/nodes/decision.js +2 -1
  186. package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
  187. package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
  188. package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
  189. package/dist/schemas/component-table-manifest.d.ts +6 -6
  190. package/dist/schemas/component-table-manifest.js +2 -2
  191. package/dist/schemas/component-table-manifest.js.map +1 -1
  192. package/dist/schemas/enums.d.ts +5 -2
  193. package/dist/schemas/enums.js +5 -2
  194. package/dist/schemas/enums.js.map +1 -1
  195. package/dist/schemas/index.d.ts +3 -3
  196. package/dist/schemas/index.js +1129 -139
  197. package/dist/schemas/index.js.map +1 -1
  198. package/dist/schemas/manifest.d.ts +2979 -949
  199. package/dist/schemas/manifest.js +1127 -137
  200. package/dist/schemas/manifest.js.map +1 -1
  201. package/dist/schemas/sl-opinion.d.ts +4 -4
  202. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  203. package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
  204. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  205. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  206. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  207. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  208. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  209. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  210. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  211. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  212. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  213. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  214. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +11 -11
  215. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  216. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  217. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  218. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  219. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  220. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  221. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  222. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  223. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  224. package/dist/schemas/tables/kernel/config.js.map +1 -1
  225. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  226. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  227. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  228. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  229. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  230. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  231. package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
  232. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  233. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  234. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  235. package/dist/schemas/tables/kernel/infra.d.ts +5 -5
  236. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  237. package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
  238. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  239. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  240. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  241. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  242. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  243. package/dist/schemas/tables/kernel/platform.d.ts +13 -13
  244. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  245. package/dist/schemas/tables/kernel/spine.d.ts +5 -4
  246. package/dist/schemas/tables/kernel/spine.js +6 -2
  247. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  248. package/dist/schemas/tables/kernel/task.d.ts +43 -43
  249. package/dist/schemas/tables/kernel/task.js.map +1 -1
  250. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  251. package/dist/schemas/tables/kernel/topic.js +5 -1
  252. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  253. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  254. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  255. package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
  256. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  257. package/dist/schemas/tables/mc/identity.d.ts +44 -4
  258. package/dist/schemas/tables/mc/identity.js +66 -1
  259. package/dist/schemas/tables/mc/identity.js.map +1 -1
  260. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  261. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  262. package/dist/schemas/tables/mc/pack.d.ts +21 -21
  263. package/dist/schemas/tables/mc/pack.js.map +1 -1
  264. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  265. package/dist/schemas/tables/mc/policy.js +1 -1
  266. package/dist/schemas/tables/mc/policy.js.map +1 -1
  267. package/dist/schemas/tables/mc/registry.d.ts +5 -5
  268. package/dist/schemas/tables/mc/registry.js.map +1 -1
  269. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  270. package/dist/schemas/tables/mc/runtime.js +330 -104
  271. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  272. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  273. package/dist/schemas/tables/mc/tenant.js +2 -1
  274. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  275. package/dist/schemas/tables/mc/workspace.d.ts +28 -5
  276. package/dist/schemas/tables/mc/workspace.js +36 -2
  277. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  278. package/dist/sdk-methods.contract.d.ts +2 -2
  279. package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-BNklQDfB.d.ts} +2 -2
  280. package/dist/sdk-tools.contract.d.ts +2 -2
  281. package/dist/sdk-tools.contract.js +672 -24
  282. package/dist/sdk-tools.contract.js.map +1 -1
  283. package/dist/tenant-bootstrap-seed.contract.d.ts +1269 -0
  284. package/dist/tenant-bootstrap-seed.contract.js +751 -0
  285. package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
  286. package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
  287. package/dist/tenant-bootstrap-seed.defaults.js +303 -0
  288. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
  289. package/dist/tenant-client.contract.d.ts +349 -0
  290. package/dist/tenant-client.contract.js +488 -0
  291. package/dist/tenant-client.contract.js.map +1 -0
  292. package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BevD9Ho2.d.ts} +36 -2
  293. package/dist/tool-contracts.d.ts +1 -1
  294. package/dist/tool-contracts.js +673 -25
  295. package/dist/tool-contracts.js.map +1 -1
  296. package/package.json +30 -1
  297. package/dist/index-CV-0_VWJ.d.ts +0 -25
  298. package/dist/schemas/tables/identity/agent.js.map +0 -1
  299. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  300. package/dist/schemas/tables/identity/model.js.map +0 -1
  301. package/dist/schemas/tables/identity/platform.js.map +0 -1
  302. package/dist/schemas/tables/identity/project.js.map +0 -1
  303. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -2,7 +2,10 @@ import { z } from 'zod';
2
2
 
3
3
  // src/schemas/enums.ts
4
4
  var NODE_TYPE = z.enum(["decision", "belief", "question", "theme", "deal", "topic", "claim", "evidence", "synthesis", "answer", "atomic_fact", "excerpt", "source", "company", "person", "investor", "function", "value_chain"]);
5
- var EDGE_TYPE = z.enum(["supports", "informs", "depends_on", "extracted_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme", "answers", "explores", "qualifies", "based_on", "based_on_belief", "based_on_question", "blocked_by_contradiction", "informed_by_theme", "same_as", "reinforces", "parent_of", "child_of", "falsified_by", "exclusive_with", "collapses_if", "cascade_from", "counterfactual_of", "cascade_to", "mutually_exclusive", "correlates_with", "amplifies", "precondition_for", "in_tension_with", "strengthened_by", "weakened_by", "alternative_to", "subsumes", "validated_by", "required_for", "blocks", "prerequisite_for", "parallel_to", "corroborates", "extends", "same_source_as", "same_theme_as", "assumes", "would_predict", "analogous_to", "independent_of", "implements", "violates", "co_changes_with", "migrating_from", "migrating_to", "scoped_by", "about_entity", "entity_referenced_in", "contradicts", "cites", "summarizes", "related_to", "partially_answers", "refines", "branches_from"]);
5
+ var EDGE_TYPE_VALUES = ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme", "answers", "explores", "qualifies", "based_on", "based_on_belief", "based_on_question", "blocked_by_contradiction", "informed_by_theme", "same_as", "reinforces", "parent_of", "child_of", "falsified_by", "exclusive_with", "collapses_if", "cascade_from", "counterfactual_of", "cascade_to", "mutually_exclusive", "correlates_with", "amplifies", "precondition_for", "in_tension_with", "strengthened_by", "weakened_by", "alternative_to", "subsumes", "validated_by", "required_for", "blocks", "prerequisite_for", "parallel_to", "corroborates", "extends", "same_source_as", "same_theme_as", "assumes", "would_predict", "analogous_to", "independent_of", "implements", "violates", "co_changes_with", "migrating_from", "migrating_to", "scoped_by", "about_entity", "entity_referenced_in", "contradicts", "cites", "summarizes", "related_to", "partially_answers", "refines", "branches_from"];
6
+ var STORAGE_EDGE_TYPE_VALUES = [...EDGE_TYPE_VALUES, "extracted_from"];
7
+ var EDGE_TYPE = z.enum(EDGE_TYPE_VALUES);
8
+ var STORAGE_EDGE_TYPE = z.enum(STORAGE_EDGE_TYPE_VALUES);
6
9
  var TOPIC_STATUS = z.enum(["active", "archived", "watching"]);
7
10
  var TOPIC_VISIBILITY = z.enum(["private", "team", "firm", "external", "public"]);
8
11
 
@@ -207,7 +210,7 @@ var toolRegistryEntries = defineTable({
207
210
  });
208
211
  var agents = defineTable({
209
212
  name: "agents",
210
- component: "identity",
213
+ component: "control-plane",
211
214
  category: "agent",
212
215
  shape: z.object({
213
216
  "slug": z.string(),
@@ -238,6 +241,7 @@ var apiKeys = defineTable({
238
241
  category: "tenant",
239
242
  shape: z.object({
240
243
  "tenantId": idOf("tenants"),
244
+ "workspaceId": idOf("workspaces").optional(),
241
245
  "keyPrefix": z.enum(["luc", "stk"]),
242
246
  "keyHash": z.string(),
243
247
  "keyHint": z.string(),
@@ -265,7 +269,7 @@ var auditLog = defineTable({
265
269
  shape: z.object({
266
270
  "tenantId": idOf("tenants").optional(),
267
271
  "apiKeyId": idOf("apiKeys").optional(),
268
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
272
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
269
273
  "actorClerkId": z.string(),
270
274
  "details": z.any().optional(),
271
275
  "createdAt": z.number()
@@ -1144,29 +1148,37 @@ var compatibilityShims = defineTable({
1144
1148
  component: "mc",
1145
1149
  category: "runtime",
1146
1150
  shape: z.object({
1147
- "shimId": z.string(),
1148
- "gateId": z.string(),
1149
- "removalDate": z.string(),
1150
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1151
- "description": z.string(),
1152
- "owner": z.string(),
1153
- "createdAt": z.string(),
1154
- "status": z.enum(["active", "overdue", "removed"]),
1155
- "bridgeType": z.enum(["tool", "agent"]),
1156
- "bridgeTarget": z.object({
1157
- "type": z.enum(["tool", "agent"]),
1158
- "legacyPath": z.string(),
1159
- "harnessPath": z.string()
1151
+ shimId: z.string(),
1152
+ gateId: z.string(),
1153
+ removalDate: z.string(),
1154
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1155
+ description: z.string(),
1156
+ owner: z.string(),
1157
+ createdAt: z.string(),
1158
+ status: z.enum(["active", "overdue", "removed"]),
1159
+ bridgeType: z.enum(["tool", "agent"]),
1160
+ bridgeTarget: z.object({
1161
+ type: z.enum(["tool", "agent"]),
1162
+ legacyPath: z.string(),
1163
+ harnessPath: z.string()
1160
1164
  }),
1161
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1162
- "producesLedgerEntries": z.boolean(),
1163
- "lastAuditedAt": z.number(),
1164
- "metadata": z.record(z.any()).optional()
1165
+ shimBehavior: z.enum([
1166
+ "passthrough_with_logging",
1167
+ "adapter",
1168
+ "feature_flag_gate"
1169
+ ]),
1170
+ producesLedgerEntries: z.boolean(),
1171
+ lastAuditedAt: z.number(),
1172
+ metadata: z.record(z.any()).optional()
1165
1173
  }),
1166
1174
  indices: [
1167
1175
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1168
1176
  { kind: "index", name: "by_status", columns: ["status"] },
1169
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1177
+ {
1178
+ kind: "index",
1179
+ name: "by_bridgeType_status",
1180
+ columns: ["bridgeType", "status"]
1181
+ }
1170
1182
  ]
1171
1183
  });
1172
1184
  var cutoverFlags = defineTable({
@@ -1174,12 +1186,23 @@ var cutoverFlags = defineTable({
1174
1186
  component: "mc",
1175
1187
  category: "runtime",
1176
1188
  shape: z.object({
1177
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1178
- "state": z.enum(["legacy", "cutover", "disabled"]),
1179
- "metadata": z.record(z.any()).optional(),
1180
- "updatedBy": z.string(),
1181
- "createdAt": z.number(),
1182
- "updatedAt": z.number()
1189
+ domain: z.enum([
1190
+ "graph",
1191
+ "schema",
1192
+ "identity",
1193
+ "policy",
1194
+ "audit",
1195
+ "admin",
1196
+ "agent",
1197
+ "tool",
1198
+ "prompt",
1199
+ "intelligence"
1200
+ ]),
1201
+ state: z.enum(["legacy", "cutover", "disabled"]),
1202
+ metadata: z.record(z.any()).optional(),
1203
+ updatedBy: z.string(),
1204
+ createdAt: z.number(),
1205
+ updatedAt: z.number()
1183
1206
  }),
1184
1207
  indices: [
1185
1208
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1191,57 +1214,193 @@ var tenantDeploymentCredentials = defineTable({
1191
1214
  component: "mc",
1192
1215
  category: "runtime",
1193
1216
  shape: z.object({
1194
- "credentialRef": z.string(),
1195
- "tenantId": idOf("tenants"),
1196
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1197
- "environment": z.enum(["dev", "staging", "prod"]),
1198
- "encryptedDeployKey": z.string(),
1199
- "encryptionVersion": z.string(),
1200
- "keyFingerprint": z.string(),
1201
- "keyHint": z.string(),
1202
- "status": z.enum(["active", "revoked"]),
1203
- "rotatedFromCredentialRef": z.string().optional(),
1204
- "revokedAt": z.number().optional(),
1205
- "revokedBy": z.string().optional(),
1206
- "lastUsedAt": z.number().optional(),
1207
- "metadata": z.record(z.any()).optional(),
1208
- "createdBy": z.string(),
1209
- "createdAt": z.number(),
1210
- "updatedAt": z.number()
1217
+ credentialRef: z.string(),
1218
+ tenantId: idOf("tenants"),
1219
+ workspaceId: idOf("workspaces").optional(),
1220
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1221
+ environment: z.enum(["dev", "staging", "prod"]),
1222
+ encryptedDeployKey: z.string(),
1223
+ encryptionVersion: z.string(),
1224
+ keyFingerprint: z.string(),
1225
+ keyHint: z.string(),
1226
+ status: z.enum(["active", "revoked"]),
1227
+ rotatedFromCredentialRef: z.string().optional(),
1228
+ revokedAt: z.number().optional(),
1229
+ revokedBy: z.string().optional(),
1230
+ lastUsedAt: z.number().optional(),
1231
+ metadata: z.record(z.any()).optional(),
1232
+ createdBy: z.string(),
1233
+ createdAt: z.number(),
1234
+ updatedAt: z.number()
1211
1235
  }),
1212
1236
  indices: [
1213
1237
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1214
1238
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1215
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1216
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1217
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1239
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1240
+ {
1241
+ kind: "index",
1242
+ name: "by_tenant_target",
1243
+ columns: ["tenantId", "target"]
1244
+ },
1245
+ {
1246
+ kind: "index",
1247
+ name: "by_tenant_target_environment",
1248
+ columns: ["tenantId", "target", "environment"]
1249
+ },
1250
+ {
1251
+ kind: "index",
1252
+ name: "by_tenant_target_environment_status",
1253
+ columns: ["tenantId", "target", "environment", "status"]
1254
+ },
1255
+ {
1256
+ kind: "index",
1257
+ name: "by_tenant_workspace_target_environment_status",
1258
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1259
+ },
1218
1260
  { kind: "index", name: "by_status", columns: ["status"] }
1219
1261
  ]
1220
1262
  });
1263
+ var permitSyncStates = defineTable({
1264
+ name: "permitSyncStates",
1265
+ component: "mc",
1266
+ category: "runtime",
1267
+ shape: z.object({
1268
+ syncKey: z.string(),
1269
+ objectType: z.enum([
1270
+ "resource",
1271
+ "role",
1272
+ "resource_role",
1273
+ "resource_relation",
1274
+ "tenant",
1275
+ "workspace",
1276
+ "principal",
1277
+ "membership",
1278
+ "group",
1279
+ "resource_instance",
1280
+ "relationship_tuple",
1281
+ "role_assignment"
1282
+ ]),
1283
+ objectId: z.string(),
1284
+ tenantId: idOf("tenants").optional(),
1285
+ workspaceId: idOf("workspaces").optional(),
1286
+ principalId: z.string().optional(),
1287
+ permitTenantKey: z.string().optional(),
1288
+ permitResourceType: z.string().optional(),
1289
+ permitResourceKey: z.string().optional(),
1290
+ desiredPayload: z.record(z.any()),
1291
+ lastAppliedPayloadHash: z.string().optional(),
1292
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1293
+ attemptCount: z.number(),
1294
+ lastError: z.string().optional(),
1295
+ nextAttemptAt: z.number().optional(),
1296
+ lastSyncedAt: z.number().optional(),
1297
+ createdBy: z.string(),
1298
+ updatedBy: z.string().optional(),
1299
+ createdAt: z.number(),
1300
+ updatedAt: z.number()
1301
+ }),
1302
+ indices: [
1303
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1304
+ { kind: "index", name: "by_status", columns: ["status"] },
1305
+ {
1306
+ kind: "index",
1307
+ name: "by_tenant_status",
1308
+ columns: ["tenantId", "status"]
1309
+ },
1310
+ {
1311
+ kind: "index",
1312
+ name: "by_workspace_status",
1313
+ columns: ["workspaceId", "status"]
1314
+ },
1315
+ {
1316
+ kind: "index",
1317
+ name: "by_principal_status",
1318
+ columns: ["principalId", "status"]
1319
+ }
1320
+ ]
1321
+ });
1322
+ var secretSyncDriftReports = defineTable({
1323
+ name: "secretSyncDriftReports",
1324
+ component: "mc",
1325
+ category: "runtime",
1326
+ shape: z.object({
1327
+ reportId: z.string(),
1328
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1329
+ generatedAt: z.number(),
1330
+ recordedAt: z.number(),
1331
+ recordedBy: z.string(),
1332
+ status: z.enum([
1333
+ "in_sync",
1334
+ "drift",
1335
+ "exception",
1336
+ "blocked",
1337
+ "not_observed"
1338
+ ]),
1339
+ reportHash: z.string(),
1340
+ manifestHash: z.string().optional(),
1341
+ dryRunReceiptId: z.string().optional(),
1342
+ appliedReceiptId: z.string().optional(),
1343
+ summary: z.object({
1344
+ totalPipelines: z.number(),
1345
+ inSync: z.number(),
1346
+ drift: z.number(),
1347
+ exception: z.number(),
1348
+ blocked: z.number(),
1349
+ notObserved: z.number(),
1350
+ missingKeys: z.number(),
1351
+ valueDriftKeys: z.number(),
1352
+ extraKeys: z.number(),
1353
+ deniedConvexLeakage: z.number(),
1354
+ approvedExceptions: z.number()
1355
+ }),
1356
+ redactedReport: z.record(z.any()),
1357
+ metadata: z.record(z.any()).optional()
1358
+ }),
1359
+ indices: [
1360
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1361
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1362
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1363
+ {
1364
+ kind: "index",
1365
+ name: "by_status_generatedAt",
1366
+ columns: ["status", "generatedAt"]
1367
+ }
1368
+ ]
1369
+ });
1221
1370
  var controlPlaneTenantModelSlotBindings = defineTable({
1222
1371
  name: "controlPlaneTenantModelSlotBindings",
1223
1372
  component: "mc",
1224
1373
  category: "runtime",
1225
1374
  shape: z.object({
1226
- "bindingId": z.string(),
1227
- "tenantId": idOf("tenants"),
1228
- "providerId": z.string(),
1229
- "modelSlotId": z.string(),
1230
- "secretRef": z.string(),
1231
- "status": z.enum(["active", "revoked"]),
1232
- "passThroughOnly": z.boolean(),
1233
- "revokedAt": z.number().optional(),
1234
- "revokedBy": z.string().optional(),
1235
- "metadata": z.record(z.any()).optional(),
1236
- "createdBy": z.string(),
1237
- "createdAt": z.number(),
1238
- "updatedAt": z.number()
1375
+ bindingId: z.string(),
1376
+ tenantId: idOf("tenants"),
1377
+ workspaceId: idOf("workspaces").optional(),
1378
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1379
+ providerId: z.string(),
1380
+ modelSlotId: z.string(),
1381
+ secretRef: z.string(),
1382
+ status: z.enum(["active", "revoked"]),
1383
+ passThroughOnly: z.boolean(),
1384
+ revokedAt: z.number().optional(),
1385
+ revokedBy: z.string().optional(),
1386
+ metadata: z.record(z.any()).optional(),
1387
+ createdBy: z.string(),
1388
+ createdAt: z.number(),
1389
+ updatedAt: z.number()
1239
1390
  }),
1240
1391
  indices: [
1241
1392
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1242
1393
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1243
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1244
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1394
+ {
1395
+ kind: "index",
1396
+ name: "by_tenant_slot",
1397
+ columns: ["tenantId", "modelSlotId"]
1398
+ },
1399
+ {
1400
+ kind: "index",
1401
+ name: "by_tenant_provider_slot",
1402
+ columns: ["tenantId", "providerId", "modelSlotId"]
1403
+ },
1245
1404
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1246
1405
  { kind: "index", name: "by_status", columns: ["status"] }
1247
1406
  ]
@@ -1251,29 +1410,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1251
1410
  component: "mc",
1252
1411
  category: "runtime",
1253
1412
  shape: z.object({
1254
- "secretRef": z.string(),
1255
- "tenantId": idOf("tenants"),
1256
- "providerId": z.string(),
1257
- "label": z.string().optional(),
1258
- "encryptedSecret": z.string(),
1259
- "encryptionVersion": z.string(),
1260
- "secretFingerprint": z.string(),
1261
- "keyHint": z.string(),
1262
- "status": z.enum(["active", "revoked"]),
1263
- "rotatedFromSecretRef": z.string().optional(),
1264
- "revokedAt": z.number().optional(),
1265
- "revokedBy": z.string().optional(),
1266
- "lastUsedAt": z.number().optional(),
1267
- "metadata": z.record(z.any()).optional(),
1268
- "createdBy": z.string(),
1269
- "createdAt": z.number(),
1270
- "updatedAt": z.number()
1413
+ secretRef: z.string(),
1414
+ tenantId: idOf("tenants"),
1415
+ workspaceId: idOf("workspaces").optional(),
1416
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1417
+ providerId: z.string(),
1418
+ label: z.string().optional(),
1419
+ encryptedSecret: z.string().optional(),
1420
+ infisicalPath: z.string().optional(),
1421
+ infisicalSecretKey: z.string().optional(),
1422
+ infisicalProjectId: z.string().optional(),
1423
+ encryptionVersion: z.string(),
1424
+ secretFingerprint: z.string(),
1425
+ keyHint: z.string(),
1426
+ status: z.enum(["active", "revoked"]),
1427
+ rotatedFromSecretRef: z.string().optional(),
1428
+ revokedAt: z.number().optional(),
1429
+ revokedBy: z.string().optional(),
1430
+ lastUsedAt: z.number().optional(),
1431
+ metadata: z.record(z.any()).optional(),
1432
+ createdBy: z.string(),
1433
+ createdAt: z.number(),
1434
+ updatedAt: z.number()
1271
1435
  }),
1272
1436
  indices: [
1273
1437
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1274
1438
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1275
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1276
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1439
+ {
1440
+ kind: "index",
1441
+ name: "by_tenant_provider",
1442
+ columns: ["tenantId", "providerId"]
1443
+ },
1444
+ {
1445
+ kind: "index",
1446
+ name: "by_tenant_provider_status",
1447
+ columns: ["tenantId", "providerId", "status"]
1448
+ },
1277
1449
  { kind: "index", name: "by_status", columns: ["status"] }
1278
1450
  ]
1279
1451
  });
@@ -1282,35 +1454,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1282
1454
  component: "mc",
1283
1455
  category: "runtime",
1284
1456
  shape: z.object({
1285
- "usageId": z.string(),
1286
- "tenantId": idOf("tenants"),
1287
- "providerId": z.string(),
1288
- "modelSlotId": z.string(),
1289
- "secretRef": z.string(),
1290
- "proxyTokenId": z.string(),
1291
- "sessionId": z.string(),
1292
- "principalId": z.string(),
1293
- "workspaceId": z.string().optional(),
1294
- "modelId": z.string().optional(),
1295
- "requestPath": z.string(),
1296
- "status": z.enum(["success", "error"]),
1297
- "responseStatus": z.number().optional(),
1298
- "inputTokens": z.number().optional(),
1299
- "outputTokens": z.number().optional(),
1300
- "tokenCount": z.number().optional(),
1301
- "latencyMs": z.number(),
1302
- "estimatedCostUsd": z.number().optional(),
1303
- "failureCode": z.string().optional(),
1304
- "metadata": z.record(z.any()).optional(),
1305
- "createdAt": z.number(),
1306
- "updatedAt": z.number()
1457
+ usageId: z.string(),
1458
+ tenantId: idOf("tenants"),
1459
+ providerId: z.string(),
1460
+ modelSlotId: z.string(),
1461
+ secretRef: z.string(),
1462
+ proxyTokenId: z.string(),
1463
+ sessionId: z.string(),
1464
+ principalId: z.string(),
1465
+ workspaceId: z.string().optional(),
1466
+ modelId: z.string().optional(),
1467
+ requestPath: z.string(),
1468
+ status: z.enum(["success", "error"]),
1469
+ responseStatus: z.number().optional(),
1470
+ inputTokens: z.number().optional(),
1471
+ outputTokens: z.number().optional(),
1472
+ tokenCount: z.number().optional(),
1473
+ latencyMs: z.number(),
1474
+ estimatedCostUsd: z.number().optional(),
1475
+ failureCode: z.string().optional(),
1476
+ metadata: z.record(z.any()).optional(),
1477
+ createdAt: z.number(),
1478
+ updatedAt: z.number()
1307
1479
  }),
1308
1480
  indices: [
1309
1481
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1310
1482
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1311
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1312
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1313
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1483
+ {
1484
+ kind: "index",
1485
+ name: "by_tenant_provider",
1486
+ columns: ["tenantId", "providerId", "createdAt"]
1487
+ },
1488
+ {
1489
+ kind: "index",
1490
+ name: "by_proxyTokenId",
1491
+ columns: ["proxyTokenId", "createdAt"]
1492
+ },
1493
+ {
1494
+ kind: "index",
1495
+ name: "by_sessionId",
1496
+ columns: ["sessionId", "createdAt"]
1497
+ }
1498
+ ]
1499
+ });
1500
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1501
+ name: "controlPlaneTenantProxyTokenLeases",
1502
+ component: "mc",
1503
+ category: "runtime",
1504
+ shape: z.object({
1505
+ leaseId: z.string(),
1506
+ proxyTokenId: z.string(),
1507
+ tenantId: idOf("tenants"),
1508
+ workspaceId: idOf("workspaces").optional(),
1509
+ environment: z.enum(["dev", "staging", "prod"]),
1510
+ providerId: z.string(),
1511
+ modelSlotId: z.string(),
1512
+ bindingId: z.string(),
1513
+ secretRef: z.string(),
1514
+ sessionId: z.string(),
1515
+ principalId: z.string(),
1516
+ agentSessionId: z.string().optional(),
1517
+ status: z.enum(["active", "revoked"]),
1518
+ expiresAt: z.number(),
1519
+ renewedAt: z.number().optional(),
1520
+ revokedAt: z.number().optional(),
1521
+ revokedBy: z.string().optional(),
1522
+ revokeReason: z.string().optional(),
1523
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1524
+ permitTraceId: z.string().optional(),
1525
+ metadata: z.record(z.any()).optional(),
1526
+ createdAt: z.number(),
1527
+ updatedAt: z.number()
1528
+ }),
1529
+ indices: [
1530
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1531
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1532
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1533
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1534
+ {
1535
+ kind: "index",
1536
+ name: "by_principalId",
1537
+ columns: ["principalId", "createdAt"]
1538
+ },
1539
+ {
1540
+ kind: "index",
1541
+ name: "by_status_expiresAt",
1542
+ columns: ["status", "expiresAt"]
1543
+ }
1314
1544
  ]
1315
1545
  });
1316
1546
  var crossProjectConnections = defineTable({
@@ -1505,7 +1735,7 @@ var epistemicEdges = defineTable({
1505
1735
  "toNodeId": z.string().optional(),
1506
1736
  "sourceGlobalId": z.string().optional(),
1507
1737
  "targetGlobalId": z.string().optional(),
1508
- "edgeType": EDGE_TYPE,
1738
+ "edgeType": STORAGE_EDGE_TYPE,
1509
1739
  "edgeTier": z.string().optional(),
1510
1740
  "domainNamespace": z.string().optional(),
1511
1741
  "constraint": z.string().optional(),
@@ -1643,6 +1873,7 @@ var epistemicNodes = defineTable({
1643
1873
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1644
1874
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1645
1875
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1876
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1646
1877
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1647
1878
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1648
1879
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1793,6 +2024,7 @@ var memberships = defineTable({
1793
2024
  indices: [
1794
2025
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1795
2026
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2027
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1796
2028
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1797
2029
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1798
2030
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1824,6 +2056,36 @@ var principals = defineTable({
1824
2056
  { kind: "index", name: "by_status", columns: ["status"] }
1825
2057
  ]
1826
2058
  });
2059
+ var principalIdentityAliases = defineTable({
2060
+ name: "principalIdentityAliases",
2061
+ component: "mc",
2062
+ category: "identity",
2063
+ shape: z.object({
2064
+ "principalId": z.string(),
2065
+ "principalRefId": idOf("principals").optional(),
2066
+ "provider": z.string(),
2067
+ "providerProjectId": z.string().optional(),
2068
+ "externalSubjectId": z.string(),
2069
+ "tenantId": idOf("tenants").optional(),
2070
+ "workspaceId": idOf("workspaces").optional(),
2071
+ "email": z.string().optional(),
2072
+ "status": z.enum(["active", "revoked"]),
2073
+ "metadata": z.record(z.any()).optional(),
2074
+ "createdBy": z.string(),
2075
+ "revokedAt": z.number().optional(),
2076
+ "revokedBy": z.string().optional(),
2077
+ "createdAt": z.number(),
2078
+ "updatedAt": z.number()
2079
+ }),
2080
+ indices: [
2081
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2082
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2083
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2084
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2085
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2086
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2087
+ ]
2088
+ });
1827
2089
  var rateLimitWindows = defineTable({
1828
2090
  name: "rateLimitWindows",
1829
2091
  component: "mc",
@@ -1848,6 +2110,40 @@ var rateLimitWindows = defineTable({
1848
2110
  { kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
1849
2111
  ]
1850
2112
  });
2113
+ var oauthDeviceCodes = defineTable({
2114
+ name: "oauthDeviceCodes",
2115
+ component: "mc",
2116
+ category: "identity",
2117
+ shape: z.object({
2118
+ "deviceCodeHash": z.string(),
2119
+ "userCode": z.string(),
2120
+ "clientId": z.string(),
2121
+ "scope": z.string(),
2122
+ "status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
2123
+ "expiresAt": z.number(),
2124
+ "intervalSeconds": z.number(),
2125
+ "lastPolledAt": z.number().optional(),
2126
+ "slowDownCount": z.number().optional(),
2127
+ "clerkUserId": z.string().optional(),
2128
+ "tenantId": idOf("tenants").optional(),
2129
+ "workspaceId": z.string().optional(),
2130
+ "principalId": z.string().optional(),
2131
+ "role": z.string().optional(),
2132
+ "scopes": z.array(z.string()).optional(),
2133
+ "sessionId": z.string().optional(),
2134
+ "approvedAt": z.number().optional(),
2135
+ "deniedAt": z.number().optional(),
2136
+ "consumedAt": z.number().optional(),
2137
+ "createdAt": z.number(),
2138
+ "updatedAt": z.number()
2139
+ }),
2140
+ indices: [
2141
+ { kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
2142
+ { kind: "index", name: "by_userCode", columns: ["userCode"] },
2143
+ { kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
2144
+ { kind: "index", name: "by_sessionId", columns: ["sessionId"] }
2145
+ ]
2146
+ });
1851
2147
  var servicePrincipalKeys = defineTable({
1852
2148
  name: "servicePrincipalKeys",
1853
2149
  component: "mc",
@@ -2379,7 +2675,7 @@ var lensTopicBindings = defineTable({
2379
2675
  });
2380
2676
  var mcpWritePolicy = defineTable({
2381
2677
  name: "mcpWritePolicy",
2382
- component: "identity",
2678
+ component: "control-plane",
2383
2679
  category: "platform",
2384
2680
  shape: z.object({
2385
2681
  "topicId": z.string().optional(),
@@ -2402,7 +2698,7 @@ var mcpWritePolicy = defineTable({
2402
2698
  });
2403
2699
  var platformAudienceGrants = defineTable({
2404
2700
  name: "platformAudienceGrants",
2405
- component: "identity",
2701
+ component: "control-plane",
2406
2702
  category: "platform",
2407
2703
  shape: z.object({
2408
2704
  "tenantId": z.string(),
@@ -2428,7 +2724,7 @@ var platformAudienceGrants = defineTable({
2428
2724
  });
2429
2725
  var platformAudiences = defineTable({
2430
2726
  name: "platformAudiences",
2431
- component: "identity",
2727
+ component: "control-plane",
2432
2728
  category: "platform",
2433
2729
  shape: z.object({
2434
2730
  "tenantId": z.string(),
@@ -2453,7 +2749,7 @@ var platformAudiences = defineTable({
2453
2749
  });
2454
2750
  var platformPolicyDecisionLogs = defineTable({
2455
2751
  name: "platformPolicyDecisionLogs",
2456
- component: "identity",
2752
+ component: "control-plane",
2457
2753
  category: "platform",
2458
2754
  shape: z.object({
2459
2755
  "principalId": z.string(),
@@ -2489,7 +2785,7 @@ var platformPolicyDecisionLogs = defineTable({
2489
2785
  });
2490
2786
  var tenantApiKeys = defineTable({
2491
2787
  name: "tenantApiKeys",
2492
- component: "identity",
2788
+ component: "control-plane",
2493
2789
  category: "platform",
2494
2790
  shape: z.object({
2495
2791
  "tenantId": z.string(),
@@ -2516,7 +2812,7 @@ var tenantApiKeys = defineTable({
2516
2812
  });
2517
2813
  var tenantConfig = defineTable({
2518
2814
  name: "tenantConfig",
2519
- component: "identity",
2815
+ component: "control-plane",
2520
2816
  category: "platform",
2521
2817
  shape: z.object({
2522
2818
  "tenantId": z.string(),
@@ -2535,7 +2831,7 @@ var tenantConfig = defineTable({
2535
2831
  });
2536
2832
  var tenantIntegrations = defineTable({
2537
2833
  name: "tenantIntegrations",
2538
- component: "identity",
2834
+ component: "control-plane",
2539
2835
  category: "platform",
2540
2836
  shape: z.object({
2541
2837
  "tenantId": z.string(),
@@ -2590,7 +2886,7 @@ var tenantIntegrations = defineTable({
2590
2886
  });
2591
2887
  var tenantModelSlotBindings = defineTable({
2592
2888
  name: "tenantModelSlotBindings",
2593
- component: "identity",
2889
+ component: "control-plane",
2594
2890
  category: "platform",
2595
2891
  shape: z.object({
2596
2892
  "bindingId": z.string(),
@@ -2618,7 +2914,7 @@ var tenantModelSlotBindings = defineTable({
2618
2914
  });
2619
2915
  var tenantPolicies = defineTable({
2620
2916
  name: "tenantPolicies",
2621
- component: "identity",
2917
+ component: "control-plane",
2622
2918
  category: "platform",
2623
2919
  shape: z.object({
2624
2920
  "tenantId": z.string(),
@@ -2643,7 +2939,7 @@ var tenantPolicies = defineTable({
2643
2939
  });
2644
2940
  var tenantProviderSecrets = defineTable({
2645
2941
  name: "tenantProviderSecrets",
2646
- component: "identity",
2942
+ component: "control-plane",
2647
2943
  category: "platform",
2648
2944
  shape: z.object({
2649
2945
  "secretRef": z.string(),
@@ -2674,7 +2970,7 @@ var tenantProviderSecrets = defineTable({
2674
2970
  });
2675
2971
  var tenantProxyGatewayUsage = defineTable({
2676
2972
  name: "tenantProxyGatewayUsage",
2677
- component: "identity",
2973
+ component: "control-plane",
2678
2974
  category: "platform",
2679
2975
  shape: z.object({
2680
2976
  "usageId": z.string(),
@@ -2709,7 +3005,7 @@ var tenantProxyGatewayUsage = defineTable({
2709
3005
  });
2710
3006
  var tenantProxyTokenMints = defineTable({
2711
3007
  name: "tenantProxyTokenMints",
2712
- component: "identity",
3008
+ component: "control-plane",
2713
3009
  category: "platform",
2714
3010
  shape: z.object({
2715
3011
  "proxyTokenId": z.string(),
@@ -2732,7 +3028,7 @@ var tenantProxyTokenMints = defineTable({
2732
3028
  });
2733
3029
  var tenantSandboxAuditEvents = defineTable({
2734
3030
  name: "tenantSandboxAuditEvents",
2735
- component: "identity",
3031
+ component: "control-plane",
2736
3032
  category: "platform",
2737
3033
  shape: z.object({
2738
3034
  "eventId": z.string(),
@@ -2766,7 +3062,7 @@ var tenantSandboxAuditEvents = defineTable({
2766
3062
  });
2767
3063
  var tenantSecrets = defineTable({
2768
3064
  name: "tenantSecrets",
2769
- component: "identity",
3065
+ component: "control-plane",
2770
3066
  category: "platform",
2771
3067
  shape: z.object({
2772
3068
  "tenantId": z.string(),
@@ -2788,7 +3084,7 @@ var tenantSecrets = defineTable({
2788
3084
  });
2789
3085
  var toolAcls = defineTable({
2790
3086
  name: "toolAcls",
2791
- component: "identity",
3087
+ component: "control-plane",
2792
3088
  category: "platform",
2793
3089
  shape: z.object({
2794
3090
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2803,7 +3099,7 @@ var toolAcls = defineTable({
2803
3099
  });
2804
3100
  var toolRegistry = defineTable({
2805
3101
  name: "toolRegistry",
2806
- component: "identity",
3102
+ component: "control-plane",
2807
3103
  category: "platform",
2808
3104
  shape: z.object({
2809
3105
  "toolName": z.string(),
@@ -2884,7 +3180,7 @@ var tenantMethodologyAssignments = defineTable({
2884
3180
  });
2885
3181
  var modelCallLogs = defineTable({
2886
3182
  name: "modelCallLogs",
2887
- component: "identity",
3183
+ component: "control-plane",
2888
3184
  category: "model",
2889
3185
  shape: z.object({
2890
3186
  "slot": z.string(),
@@ -2910,7 +3206,7 @@ var modelCallLogs = defineTable({
2910
3206
  });
2911
3207
  var modelFunctionSlots = defineTable({
2912
3208
  name: "modelFunctionSlots",
2913
- component: "identity",
3209
+ component: "control-plane",
2914
3210
  category: "model",
2915
3211
  shape: z.object({
2916
3212
  "slot": z.string(),
@@ -2935,7 +3231,7 @@ var modelFunctionSlots = defineTable({
2935
3231
  });
2936
3232
  var modelRegistry = defineTable({
2937
3233
  name: "modelRegistry",
2938
- component: "identity",
3234
+ component: "control-plane",
2939
3235
  category: "model",
2940
3236
  shape: z.object({
2941
3237
  "key": z.string(),
@@ -2962,7 +3258,7 @@ var modelRegistry = defineTable({
2962
3258
  });
2963
3259
  var modelSlotConfigs = defineTable({
2964
3260
  name: "modelSlotConfigs",
2965
- component: "identity",
3261
+ component: "control-plane",
2966
3262
  category: "model",
2967
3263
  shape: z.object({
2968
3264
  "slot": z.string(),
@@ -3349,7 +3645,7 @@ var policyDecisionLogs = defineTable({
3349
3645
  "workspaceId": idOf("workspaces").optional(),
3350
3646
  "resourceType": z.string(),
3351
3647
  "resourceId": z.string(),
3352
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3648
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3353
3649
  "decision": z.enum(["allow", "deny"]),
3354
3650
  "reasonCode": z.string(),
3355
3651
  "policyVersion": z.string(),
@@ -3411,7 +3707,7 @@ var controlPlaneToolAcls = defineTable({
3411
3707
  });
3412
3708
  var projectGrants = defineTable({
3413
3709
  name: "projectGrants",
3414
- component: "identity",
3710
+ component: "control-plane",
3415
3711
  category: "project",
3416
3712
  shape: z.object({
3417
3713
  "projectId": z.string().optional(),
@@ -3443,9 +3739,648 @@ var projectGrants = defineTable({
3443
3739
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3444
3740
  ]
3445
3741
  });
3742
+ var permitActorType = z.enum([
3743
+ "human",
3744
+ "agent",
3745
+ "service_principal",
3746
+ "external_stakeholder",
3747
+ "system"
3748
+ ]);
3749
+ var permitMembershipStatus = z.enum([
3750
+ "active",
3751
+ "invited",
3752
+ "revoked",
3753
+ "suspended",
3754
+ "disabled"
3755
+ ]);
3756
+ var permitDecision = z.enum(["allow", "deny"]);
3757
+ var permitAccessReviewStatus = z.enum([
3758
+ "open",
3759
+ "in_progress",
3760
+ "approved",
3761
+ "denied",
3762
+ "expired",
3763
+ "cancelled"
3764
+ ]);
3765
+ var permitReviewScope = z.enum([
3766
+ "tenant",
3767
+ "workspace",
3768
+ "resource_instance",
3769
+ "group",
3770
+ "principal",
3771
+ "api_key",
3772
+ "admin_action"
3773
+ ]);
3774
+ var permitRecordStatus = z.enum([
3775
+ "queued",
3776
+ "inflight",
3777
+ "completed",
3778
+ "failed",
3779
+ "skipped",
3780
+ "stale"
3781
+ ]);
3782
+ var permitObjectType = z.enum([
3783
+ "resource",
3784
+ "role",
3785
+ "resource_role",
3786
+ "resource_relation",
3787
+ "tenant",
3788
+ "workspace",
3789
+ "principal",
3790
+ "membership",
3791
+ "group",
3792
+ "resource_instance",
3793
+ "relationship_tuple",
3794
+ "role_assignment"
3795
+ ]);
3796
+ var permitOutboxOperation = z.enum([
3797
+ "upsert",
3798
+ "delete",
3799
+ "sync",
3800
+ "resync",
3801
+ "delete_sync",
3802
+ "noop"
3803
+ ]);
3804
+ var permitPolicyBundleStatus = z.enum([
3805
+ "draft",
3806
+ "validated",
3807
+ "enforced",
3808
+ "archived"
3809
+ ]);
3810
+ var permitSyncStatus = z.enum([
3811
+ "pending",
3812
+ "synced",
3813
+ "error",
3814
+ "skipped"
3815
+ ]);
3816
+ var permitAccessReviewSubjectType = z.enum([
3817
+ "principal",
3818
+ "group",
3819
+ "role_assignment",
3820
+ "resource_instance"
3821
+ ]);
3822
+ var permitAttributeType = z.enum([
3823
+ "string",
3824
+ "number",
3825
+ "bool",
3826
+ "json",
3827
+ "time"
3828
+ ]);
3829
+ var permitAttributeOperator = z.enum([
3830
+ "eq",
3831
+ "neq",
3832
+ "in",
3833
+ "not_in",
3834
+ "gt",
3835
+ "gte",
3836
+ "lt",
3837
+ "lte",
3838
+ "contains",
3839
+ "not_contains",
3840
+ "matches"
3841
+ ]);
3842
+ var permitRoleBindingTarget = z.enum([
3843
+ "principal",
3844
+ "group"
3845
+ ]);
3846
+ var permitPrincipals = defineTable({
3847
+ name: "permitPrincipals",
3848
+ component: "control-plane",
3849
+ category: "access-control",
3850
+ shape: z.object({
3851
+ principalId: z.string(),
3852
+ tenantId: z.string(),
3853
+ workspaceId: z.optional(z.string()),
3854
+ principalType: permitActorType,
3855
+ status: permitMembershipStatus,
3856
+ displayName: z.string().optional(),
3857
+ metadata: z.record(z.any()).optional(),
3858
+ createdBy: z.string(),
3859
+ createdAt: z.number(),
3860
+ updatedAt: z.number(),
3861
+ updatedBy: z.string().optional(),
3862
+ lastSeenAt: z.number().optional()
3863
+ }),
3864
+ indices: [
3865
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3866
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3867
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3868
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3869
+ {
3870
+ kind: "index",
3871
+ name: "by_tenant_principalType_status",
3872
+ columns: ["tenantId", "principalType", "status"]
3873
+ }
3874
+ ]
3875
+ });
3876
+ var permitPrincipalAliases = defineTable({
3877
+ name: "permitPrincipalAliases",
3878
+ component: "control-plane",
3879
+ category: "access-control",
3880
+ shape: z.object({
3881
+ principalId: z.string(),
3882
+ tenantId: z.string(),
3883
+ workspaceId: z.optional(z.string()),
3884
+ provider: z.string(),
3885
+ providerSubjectId: z.string(),
3886
+ providerProjectId: z.string().optional(),
3887
+ alias: z.string(),
3888
+ aliasKind: z.string(),
3889
+ status: permitMembershipStatus,
3890
+ metadata: z.record(z.any()).optional(),
3891
+ createdBy: z.string(),
3892
+ createdAt: z.number(),
3893
+ updatedAt: z.number(),
3894
+ revokedBy: z.string().optional(),
3895
+ revokedAt: z.number().optional(),
3896
+ updatedBy: z.string().optional()
3897
+ }),
3898
+ indices: [
3899
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3900
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3901
+ {
3902
+ kind: "index",
3903
+ name: "by_tenant_provider_alias",
3904
+ columns: ["tenantId", "provider", "alias"]
3905
+ },
3906
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3907
+ {
3908
+ kind: "index",
3909
+ name: "by_tenant_provider_status",
3910
+ columns: ["tenantId", "provider", "status"]
3911
+ }
3912
+ ]
3913
+ });
3914
+ var permitGroups = defineTable({
3915
+ name: "permitGroups",
3916
+ component: "control-plane",
3917
+ category: "access-control",
3918
+ shape: z.object({
3919
+ tenantId: z.string(),
3920
+ workspaceId: z.optional(z.string()),
3921
+ groupId: z.string(),
3922
+ groupKey: z.string(),
3923
+ groupName: z.string(),
3924
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3925
+ status: permitMembershipStatus,
3926
+ description: z.string().optional(),
3927
+ metadata: z.record(z.any()).optional(),
3928
+ createdBy: z.string(),
3929
+ createdAt: z.number(),
3930
+ updatedAt: z.number(),
3931
+ updatedBy: z.string().optional()
3932
+ }),
3933
+ indices: [
3934
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3935
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3936
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3937
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3938
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3939
+ ]
3940
+ });
3941
+ var permitGroupMemberships = defineTable({
3942
+ name: "permitGroupMemberships",
3943
+ component: "control-plane",
3944
+ category: "access-control",
3945
+ shape: z.object({
3946
+ tenantId: z.string(),
3947
+ workspaceId: z.optional(z.string()),
3948
+ groupId: z.string(),
3949
+ memberType: z.enum(["principal", "group"]),
3950
+ memberId: z.string(),
3951
+ principalId: z.string().optional(),
3952
+ childGroupId: z.string().optional(),
3953
+ status: permitMembershipStatus,
3954
+ addedBy: z.string().optional(),
3955
+ revokedBy: z.string().optional(),
3956
+ expiresAt: z.number().optional(),
3957
+ revocationReason: z.string().optional(),
3958
+ metadata: z.record(z.any()).optional(),
3959
+ createdAt: z.number(),
3960
+ updatedAt: z.number(),
3961
+ updatedBy: z.string().optional()
3962
+ }),
3963
+ indices: [
3964
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
3965
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
3966
+ {
3967
+ kind: "index",
3968
+ name: "by_tenant_member_group",
3969
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
3970
+ },
3971
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
3972
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
3973
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3974
+ {
3975
+ kind: "index",
3976
+ name: "by_workspace_principal",
3977
+ columns: ["workspaceId", "principalId"]
3978
+ }
3979
+ ]
3980
+ });
3981
+ var permitResourceInstances = defineTable({
3982
+ name: "permitResourceInstances",
3983
+ component: "control-plane",
3984
+ category: "access-control",
3985
+ shape: z.object({
3986
+ tenantId: z.string(),
3987
+ workspaceId: z.optional(z.string()),
3988
+ resourceType: z.string(),
3989
+ resourceKey: z.string(),
3990
+ resourceId: z.string(),
3991
+ status: z.enum(["active", "deleted", "archived"]),
3992
+ attributes: z.record(z.any()).optional(),
3993
+ ownerPrincipalId: z.string().optional(),
3994
+ metadata: z.record(z.any()).optional(),
3995
+ createdBy: z.string(),
3996
+ updatedBy: z.string().optional(),
3997
+ createdAt: z.number(),
3998
+ updatedAt: z.number()
3999
+ }),
4000
+ indices: [
4001
+ {
4002
+ kind: "index",
4003
+ name: "by_tenant_resource_type",
4004
+ columns: ["tenantId", "resourceType"]
4005
+ },
4006
+ {
4007
+ kind: "index",
4008
+ name: "by_tenant_resource_key",
4009
+ columns: ["tenantId", "resourceType", "resourceKey"]
4010
+ },
4011
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4012
+ { kind: "index", name: "by_status", columns: ["status"] },
4013
+ {
4014
+ kind: "index",
4015
+ name: "by_tenant_status",
4016
+ columns: ["tenantId", "status"]
4017
+ },
4018
+ {
4019
+ kind: "index",
4020
+ name: "by_ownerPrincipalId",
4021
+ columns: ["ownerPrincipalId"]
4022
+ }
4023
+ ]
4024
+ });
4025
+ var permitRoleAssignments = defineTable({
4026
+ name: "permitRoleAssignments",
4027
+ component: "control-plane",
4028
+ category: "access-control",
4029
+ shape: z.object({
4030
+ tenantId: z.string(),
4031
+ workspaceId: z.optional(z.string()),
4032
+ role: z.string(),
4033
+ targetType: permitRoleBindingTarget,
4034
+ targetId: z.string(),
4035
+ resourceType: z.string(),
4036
+ resourceKey: z.string(),
4037
+ resourceInstanceId: z.string().optional(),
4038
+ status: permitMembershipStatus,
4039
+ expiresAt: z.number().optional(),
4040
+ attributes: z.record(z.any()).optional(),
4041
+ grantedBy: z.string().optional(),
4042
+ updatedBy: z.string().optional(),
4043
+ revokedBy: z.string().optional(),
4044
+ createdAt: z.number(),
4045
+ updatedAt: z.number()
4046
+ }),
4047
+ indices: [
4048
+ {
4049
+ kind: "index",
4050
+ name: "by_tenant_target",
4051
+ columns: ["tenantId", "targetType", "targetId"]
4052
+ },
4053
+ {
4054
+ kind: "index",
4055
+ name: "by_tenant_resource",
4056
+ columns: ["tenantId", "resourceType", "resourceKey"]
4057
+ },
4058
+ {
4059
+ kind: "index",
4060
+ name: "by_tenant_role",
4061
+ columns: ["tenantId", "role", "status"]
4062
+ },
4063
+ { kind: "index", name: "by_status", columns: ["status"] },
4064
+ {
4065
+ kind: "index",
4066
+ name: "by_workspace_resource",
4067
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4068
+ }
4069
+ ]
4070
+ });
4071
+ var permitRelationshipTuples = defineTable({
4072
+ name: "permitRelationshipTuples",
4073
+ component: "control-plane",
4074
+ category: "access-control",
4075
+ shape: z.object({
4076
+ tenantId: z.string(),
4077
+ workspaceId: z.optional(z.string()),
4078
+ relation: z.string(),
4079
+ subject: z.string(),
4080
+ object: z.string(),
4081
+ resourceType: z.string().optional(),
4082
+ resourceKey: z.string().optional(),
4083
+ status: permitRecordStatus,
4084
+ attributes: z.record(z.any()).optional(),
4085
+ createdBy: z.string(),
4086
+ createdAt: z.number(),
4087
+ updatedAt: z.number(),
4088
+ lastSeenAt: z.number().optional(),
4089
+ updatedBy: z.string().optional()
4090
+ }),
4091
+ indices: [
4092
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4093
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4094
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4095
+ {
4096
+ kind: "index",
4097
+ name: "by_tenant_relation_subject",
4098
+ columns: ["tenantId", "relation", "subject"]
4099
+ },
4100
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4101
+ ]
4102
+ });
4103
+ var permitAttributeBindings = defineTable({
4104
+ name: "permitAttributeBindings",
4105
+ component: "control-plane",
4106
+ category: "access-control",
4107
+ shape: z.object({
4108
+ tenantId: z.string(),
4109
+ workspaceId: z.optional(z.string()),
4110
+ targetType: permitRoleBindingTarget,
4111
+ targetId: z.string(),
4112
+ attributeName: z.string(),
4113
+ attributeType: permitAttributeType,
4114
+ attributeOperator: permitAttributeOperator,
4115
+ attributeValue: z.any(),
4116
+ status: permitRecordStatus,
4117
+ source: z.string().optional(),
4118
+ sourceRef: z.string().optional(),
4119
+ metadata: z.record(z.any()).optional(),
4120
+ createdAt: z.number(),
4121
+ updatedAt: z.number(),
4122
+ createdBy: z.string(),
4123
+ updatedBy: z.string().optional(),
4124
+ expiresAt: z.number().optional()
4125
+ }),
4126
+ indices: [
4127
+ {
4128
+ kind: "index",
4129
+ name: "by_tenant_target",
4130
+ columns: ["tenantId", "targetType", "targetId"]
4131
+ },
4132
+ {
4133
+ kind: "index",
4134
+ name: "by_tenant_target_attribute",
4135
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4136
+ },
4137
+ {
4138
+ kind: "index",
4139
+ name: "by_tenant_name",
4140
+ columns: ["tenantId", "attributeName"]
4141
+ },
4142
+ {
4143
+ kind: "index",
4144
+ name: "by_tenant_status",
4145
+ columns: ["tenantId", "status"]
4146
+ }
4147
+ ]
4148
+ });
4149
+ var permitPolicyBundles = defineTable({
4150
+ name: "permitPolicyBundles",
4151
+ component: "control-plane",
4152
+ category: "access-control",
4153
+ shape: z.object({
4154
+ tenantId: z.string(),
4155
+ workspaceId: z.optional(z.string()),
4156
+ bundleKey: z.string(),
4157
+ version: z.number(),
4158
+ status: permitPolicyBundleStatus,
4159
+ policyHash: z.string().optional(),
4160
+ policyPayload: z.record(z.any()),
4161
+ metadata: z.record(z.any()).optional(),
4162
+ createdBy: z.string(),
4163
+ reviewedBy: z.string().optional(),
4164
+ createdAt: z.number(),
4165
+ updatedAt: z.number(),
4166
+ retiredAt: z.number().optional()
4167
+ }),
4168
+ indices: [
4169
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4170
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4171
+ {
4172
+ kind: "index",
4173
+ name: "by_tenant_bundleKey",
4174
+ columns: ["tenantId", "bundleKey"]
4175
+ },
4176
+ {
4177
+ kind: "index",
4178
+ name: "by_tenant_bundle_version",
4179
+ columns: ["tenantId", "bundleKey", "version"]
4180
+ },
4181
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4182
+ ]
4183
+ });
4184
+ var permitProjectionOutbox = defineTable({
4185
+ name: "permitProjectionOutbox",
4186
+ component: "control-plane",
4187
+ category: "access-control",
4188
+ shape: z.object({
4189
+ syncKey: z.string(),
4190
+ objectType: permitObjectType,
4191
+ objectId: z.string(),
4192
+ operation: permitOutboxOperation,
4193
+ payload: z.record(z.any()),
4194
+ status: permitRecordStatus,
4195
+ attemptCount: z.number(),
4196
+ nextAttemptAt: z.number().optional(),
4197
+ lastError: z.string().optional(),
4198
+ tenantId: z.string().optional(),
4199
+ workspaceId: z.optional(z.string()),
4200
+ principalId: z.string().optional(),
4201
+ permitTenantKey: z.string().optional(),
4202
+ permitResourceType: z.string().optional(),
4203
+ permitResourceKey: z.string().optional(),
4204
+ createdAt: z.number(),
4205
+ updatedAt: z.number(),
4206
+ lastHandledAt: z.number().optional()
4207
+ }),
4208
+ indices: [
4209
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4210
+ { kind: "index", name: "by_status", columns: ["status"] },
4211
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4212
+ {
4213
+ kind: "index",
4214
+ name: "by_tenant_status",
4215
+ columns: ["tenantId", "status"]
4216
+ },
4217
+ {
4218
+ kind: "index",
4219
+ name: "by_objectType",
4220
+ columns: ["objectType", "status"]
4221
+ }
4222
+ ]
4223
+ });
4224
+ var tenantPermitSyncStates = defineTable({
4225
+ name: "tenantPermitSyncStates",
4226
+ component: "control-plane",
4227
+ category: "access-control",
4228
+ shape: z.object({
4229
+ syncKey: z.string(),
4230
+ objectType: permitObjectType,
4231
+ objectId: z.string(),
4232
+ tenantId: z.string().optional(),
4233
+ workspaceId: z.string().optional(),
4234
+ principalId: z.string().optional(),
4235
+ permitTenantKey: z.string().optional(),
4236
+ permitResourceType: z.string().optional(),
4237
+ permitResourceKey: z.string().optional(),
4238
+ desiredPayload: z.record(z.any()),
4239
+ lastAppliedPayloadHash: z.string().optional(),
4240
+ status: permitSyncStatus,
4241
+ attemptCount: z.number(),
4242
+ lastError: z.string().optional(),
4243
+ nextAttemptAt: z.number().optional(),
4244
+ lastSyncedAt: z.number().optional(),
4245
+ createdBy: z.string(),
4246
+ updatedBy: z.string().optional(),
4247
+ createdAt: z.number(),
4248
+ updatedAt: z.number()
4249
+ }),
4250
+ indices: [
4251
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4252
+ { kind: "index", name: "by_status", columns: ["status"] },
4253
+ {
4254
+ kind: "index",
4255
+ name: "by_tenant_status",
4256
+ columns: ["tenantId", "status"]
4257
+ },
4258
+ {
4259
+ kind: "index",
4260
+ name: "by_workspace_status",
4261
+ columns: ["workspaceId", "status"]
4262
+ },
4263
+ {
4264
+ kind: "index",
4265
+ name: "by_principal_status",
4266
+ columns: ["principalId", "status"]
4267
+ }
4268
+ ]
4269
+ });
4270
+ var permitPolicyDecisionReceipts = defineTable({
4271
+ name: "permitPolicyDecisionReceipts",
4272
+ component: "control-plane",
4273
+ category: "access-control",
4274
+ shape: z.object({
4275
+ tenantId: z.string().optional(),
4276
+ workspaceId: z.string().optional(),
4277
+ principalId: z.string(),
4278
+ subjectType: permitAccessReviewSubjectType.optional(),
4279
+ subjectId: z.string().optional(),
4280
+ resourceType: z.string(),
4281
+ resourceId: z.string(),
4282
+ action: z.string(),
4283
+ decision: permitDecision,
4284
+ reasonCode: z.string(),
4285
+ policyBundleId: z.string().optional(),
4286
+ policyVersion: z.string(),
4287
+ traceId: z.string().optional(),
4288
+ requestId: z.string().optional(),
4289
+ audienceMode: z.string().optional(),
4290
+ audienceKey: z.string().optional(),
4291
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4292
+ metadata: z.record(z.any()).optional(),
4293
+ createdAt: z.number(),
4294
+ expiresAt: z.number().optional(),
4295
+ createdBy: z.string().optional()
4296
+ }),
4297
+ indices: [
4298
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4299
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4300
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4301
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4302
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4303
+ { kind: "index", name: "by_action", columns: ["action"] }
4304
+ ]
4305
+ });
4306
+ var permitAccessReviews = defineTable({
4307
+ name: "permitAccessReviews",
4308
+ component: "control-plane",
4309
+ category: "access-control",
4310
+ shape: z.object({
4311
+ tenantId: z.string(),
4312
+ workspaceId: z.optional(z.string()),
4313
+ reviewKey: z.string(),
4314
+ scope: permitReviewScope,
4315
+ status: permitAccessReviewStatus,
4316
+ subjectType: permitAccessReviewSubjectType,
4317
+ subjectId: z.string(),
4318
+ resourceType: z.string().optional(),
4319
+ resourceKey: z.string().optional(),
4320
+ outcome: z.enum(["allow", "deny"]).optional(),
4321
+ requestedBy: z.string(),
4322
+ reviewedBy: z.string().optional(),
4323
+ requestedAt: z.number(),
4324
+ reviewedAt: z.number().optional(),
4325
+ dueAt: z.number().optional(),
4326
+ justification: z.string().optional(),
4327
+ rationale: z.string().optional(),
4328
+ policyBundleId: z.string().optional(),
4329
+ metadata: z.record(z.any()).optional(),
4330
+ createdAt: z.number(),
4331
+ updatedAt: z.number()
4332
+ }),
4333
+ indices: [
4334
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4335
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4336
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4337
+ {
4338
+ kind: "index",
4339
+ name: "by_tenant_subject",
4340
+ columns: ["tenantId", "subjectType", "subjectId"]
4341
+ },
4342
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4343
+ {
4344
+ kind: "index",
4345
+ name: "by_workspace_status",
4346
+ columns: ["workspaceId", "status"]
4347
+ }
4348
+ ]
4349
+ });
4350
+ var permitAccessReviewItems = defineTable({
4351
+ name: "permitAccessReviewItems",
4352
+ component: "control-plane",
4353
+ category: "access-control",
4354
+ shape: z.object({
4355
+ reviewKey: z.string(),
4356
+ itemKey: z.string(),
4357
+ tenantId: z.string(),
4358
+ workspaceId: z.string().optional(),
4359
+ subjectType: permitAccessReviewSubjectType,
4360
+ subjectId: z.string(),
4361
+ resourceType: z.string().optional(),
4362
+ resourceKey: z.string().optional(),
4363
+ role: z.string().optional(),
4364
+ relation: z.string().optional(),
4365
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4366
+ reviewerId: z.string().optional(),
4367
+ decisionAt: z.number().optional(),
4368
+ rationale: z.string().optional(),
4369
+ metadata: z.record(z.any()).optional(),
4370
+ createdAt: z.number(),
4371
+ updatedAt: z.number()
4372
+ }),
4373
+ indices: [
4374
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4375
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4376
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4377
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4378
+ { kind: "index", name: "by_status", columns: ["status"] }
4379
+ ]
4380
+ });
3446
4381
  var reasoningPermissions = defineTable({
3447
4382
  name: "reasoningPermissions",
3448
- component: "identity",
4383
+ component: "control-plane",
3449
4384
  category: "epistemic",
3450
4385
  shape: z.object({
3451
4386
  "topicId": z.string().optional(),
@@ -3680,6 +4615,7 @@ var topics = defineTable({
3680
4615
  "updatedAt": z.number()
3681
4616
  }),
3682
4617
  indices: [
4618
+ { kind: "index", name: "by_globalId", columns: ["globalId"] },
3683
4619
  { kind: "index", name: "by_parent", columns: ["parentTopicId"] },
3684
4620
  { kind: "index", name: "by_type", columns: ["type"] },
3685
4621
  { kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
@@ -3691,7 +4627,7 @@ var topics = defineTable({
3691
4627
  });
3692
4628
  var users = defineTable({
3693
4629
  name: "users",
3694
- component: "identity",
4630
+ component: "control-plane",
3695
4631
  category: "user",
3696
4632
  shape: z.object({
3697
4633
  "clerkId": z.string(),
@@ -3804,7 +4740,8 @@ var workspaces = defineTable({
3804
4740
  "defaultProjectVisibility": z.enum(["private", "team", "firm", "external", "public"]).optional(),
3805
4741
  "deployments": z.record(z.object({
3806
4742
  "url": z.string(),
3807
- "encryptedDeployKey": z.string()
4743
+ "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
4744
+ "credentialRef": z.string().optional()
3808
4745
  })).optional(),
3809
4746
  "metadata": z.record(z.any()).optional(),
3810
4747
  "createdBy": z.string().optional(),
@@ -3818,6 +4755,39 @@ var workspaces = defineTable({
3818
4755
  { kind: "index", name: "by_status", columns: ["status"] }
3819
4756
  ]
3820
4757
  });
4758
+ var deploymentHosts = defineTable({
4759
+ name: "deploymentHosts",
4760
+ component: "mc",
4761
+ category: "workspace",
4762
+ shape: z.object({
4763
+ "host": z.string(),
4764
+ "tenantId": idOf("tenants"),
4765
+ "workspaceId": idOf("workspaces"),
4766
+ "environment": z.enum(["dev", "staging", "prod"]),
4767
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4768
+ "deploymentUrl": z.string().optional(),
4769
+ "deploymentName": z.string().optional(),
4770
+ "vercelProjectName": z.string().optional(),
4771
+ "vercelProjectId": z.string().optional(),
4772
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4773
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4774
+ "status": z.enum(["active", "revoked"]),
4775
+ "metadata": z.record(z.any()).optional(),
4776
+ "createdBy": z.string(),
4777
+ "createdAt": z.number(),
4778
+ "updatedAt": z.number(),
4779
+ "revokedAt": z.number().optional(),
4780
+ "revokedBy": z.string().optional()
4781
+ }),
4782
+ indices: [
4783
+ { kind: "index", name: "by_host", columns: ["host"] },
4784
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4785
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4786
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4787
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4788
+ { kind: "index", name: "by_status", columns: ["status"] }
4789
+ ]
4790
+ });
3821
4791
  var worktreeBeliefCluster = defineTable({
3822
4792
  name: "worktreeBeliefCluster",
3823
4793
  component: "kernel",
@@ -4182,9 +5152,23 @@ var KERNEL_TABLE_CONTRACTS = [
4182
5152
  worktreeBeliefCluster,
4183
5153
  worktrees
4184
5154
  ];
4185
- var IDENTITY_TABLE_CONTRACTS = [
5155
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4186
5156
  agents,
4187
5157
  reasoningPermissions,
5158
+ permitAccessReviewItems,
5159
+ permitAccessReviews,
5160
+ permitAttributeBindings,
5161
+ permitGroups,
5162
+ permitGroupMemberships,
5163
+ permitPolicyBundles,
5164
+ permitPolicyDecisionReceipts,
5165
+ permitPrincipalAliases,
5166
+ permitPrincipals,
5167
+ permitProjectionOutbox,
5168
+ permitRelationshipTuples,
5169
+ permitResourceInstances,
5170
+ permitRoleAssignments,
5171
+ tenantPermitSyncStates,
4188
5172
  modelCallLogs,
4189
5173
  modelFunctionSlots,
4190
5174
  modelRegistry,
@@ -4212,7 +5196,9 @@ var MC_TABLE_CONTRACTS = [
4212
5196
  groupMemberships,
4213
5197
  groups,
4214
5198
  memberships,
5199
+ oauthDeviceCodes,
4215
5200
  principals,
5201
+ principalIdentityAliases,
4216
5202
  rateLimitWindows,
4217
5203
  servicePrincipalKeys,
4218
5204
  userSessions,
@@ -4228,29 +5214,33 @@ var MC_TABLE_CONTRACTS = [
4228
5214
  policyDecisionLogs,
4229
5215
  policySimulations,
4230
5216
  controlPlaneToolAcls,
5217
+ permitSyncStates,
4231
5218
  agentRegistryEntries,
4232
5219
  toolCatalog,
4233
5220
  toolRegistryEntries,
4234
5221
  compatibilityShims,
4235
5222
  cutoverFlags,
4236
5223
  tenantDeploymentCredentials,
5224
+ secretSyncDriftReports,
4237
5225
  controlPlaneTenantModelSlotBindings,
4238
5226
  controlPlaneTenantProviderSecrets,
4239
5227
  controlPlaneTenantProxyGatewayUsage,
5228
+ controlPlaneTenantProxyTokenLeases,
4240
5229
  apiKeys,
4241
5230
  auditLog,
4242
5231
  tenants,
4243
- workspaces
5232
+ workspaces,
5233
+ deploymentHosts
4244
5234
  ];
4245
5235
  var TABLE_CONTRACTS_BY_COMPONENT = {
4246
5236
  kernel: KERNEL_TABLE_CONTRACTS,
4247
- identity: IDENTITY_TABLE_CONTRACTS,
5237
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4248
5238
  mc: MC_TABLE_CONTRACTS,
4249
5239
  "developer-pack": []
4250
5240
  };
4251
5241
  var ALL_TABLE_CONTRACTS = [
4252
5242
  ...KERNEL_TABLE_CONTRACTS,
4253
- ...IDENTITY_TABLE_CONTRACTS,
5243
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4254
5244
  ...MC_TABLE_CONTRACTS
4255
5245
  ];
4256
5246
  function listTableContractsByName(name) {
@@ -4263,8 +5253,8 @@ function getTableContract(name, component) {
4263
5253
  }
4264
5254
  var ComponentTableManifestSchema = z.object({
4265
5255
  manifestVersion: z.string(),
4266
- componentName: z.enum(["kernel", "identity"]),
4267
- tier: z.enum(["K", "I"]),
5256
+ componentName: z.enum(["kernel", "control-plane"]),
5257
+ tier: z.enum(["K", "CP"]),
4268
5258
  packageVersion: z.string(),
4269
5259
  tables: z.array(
4270
5260
  z.object({
@@ -4293,6 +5283,6 @@ var SLOpinionInputSchema = z.object({
4293
5283
  }
4294
5284
  );
4295
5285
 
4296
- export { ALL_TABLE_CONTRACTS, ComponentTableManifestSchema, EDGE_TYPE, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, NODE_TYPE, SLOpinionInputSchema, TABLE_CONTRACTS_BY_COMPONENT, TOPIC_STATUS, TOPIC_VISIBILITY, getTableContract, listTableContractsByName };
5286
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, ComponentTableManifestSchema, EDGE_TYPE, EDGE_TYPE_VALUES, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, NODE_TYPE, SLOpinionInputSchema, STORAGE_EDGE_TYPE, STORAGE_EDGE_TYPE_VALUES, TABLE_CONTRACTS_BY_COMPONENT, TOPIC_STATUS, TOPIC_VISIBILITY, getTableContract, listTableContractsByName };
4297
5287
  //# sourceMappingURL=index.js.map
4298
5288
  //# sourceMappingURL=index.js.map