@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26572 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +8 -4
  102. package/dist/index.js +30959 -406
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1597 -3
  105. package/dist/infisical-runtime.contract.js +2788 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1524 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2641 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/projections/check-convex-args-shape.js +10 -6
  117. package/dist/projections/check-convex-args-shape.js.map +1 -1
  118. package/dist/projections/create-evidence.projection.d.ts +6 -6
  119. package/dist/projections/create-evidence.projection.js +2 -3
  120. package/dist/projections/create-evidence.projection.js.map +1 -1
  121. package/dist/projections/index.d.ts +3 -3
  122. package/dist/projections/index.js +10 -6
  123. package/dist/projections/index.js.map +1 -1
  124. package/dist/projections/list-tasks.projection.d.ts +20 -8
  125. package/dist/projections/list-tasks.projection.js +8 -3
  126. package/dist/projections/list-tasks.projection.js.map +1 -1
  127. package/dist/proof-attestation.json +45 -0
  128. package/dist/schemas/component-table-manifest.d.ts +6 -6
  129. package/dist/schemas/component-table-manifest.js +2 -2
  130. package/dist/schemas/component-table-manifest.js.map +1 -1
  131. package/dist/schemas/index.d.ts +2 -2
  132. package/dist/schemas/index.js +1086 -137
  133. package/dist/schemas/index.js.map +1 -1
  134. package/dist/schemas/manifest.d.ts +2010 -120
  135. package/dist/schemas/manifest.js +1084 -135
  136. package/dist/schemas/manifest.js.map +1 -1
  137. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  138. package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
  139. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  140. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  141. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  142. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  145. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  148. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  151. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  154. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  157. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  158. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  159. package/dist/schemas/tables/kernel/config.js.map +1 -1
  160. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  161. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  162. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  163. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  164. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  165. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  166. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  167. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  168. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  170. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  171. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  172. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  173. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  174. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  176. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  177. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  178. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  179. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  180. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  181. package/dist/schemas/tables/kernel/spine.js +1 -0
  182. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  183. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  184. package/dist/schemas/tables/kernel/task.js.map +1 -1
  185. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  187. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  189. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  190. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  191. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  192. package/dist/schemas/tables/mc/identity.js +32 -1
  193. package/dist/schemas/tables/mc/identity.js.map +1 -1
  194. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  195. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  196. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  197. package/dist/schemas/tables/mc/pack.js.map +1 -1
  198. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  199. package/dist/schemas/tables/mc/policy.js +1 -1
  200. package/dist/schemas/tables/mc/policy.js.map +1 -1
  201. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  202. package/dist/schemas/tables/mc/registry.js.map +1 -1
  203. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  204. package/dist/schemas/tables/mc/runtime.js +330 -104
  205. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  206. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  207. package/dist/schemas/tables/mc/tenant.js +2 -1
  208. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  209. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  210. package/dist/schemas/tables/mc/workspace.js +34 -2
  211. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  212. package/dist/sdk-tools.contract.js +26 -1
  213. package/dist/sdk-tools.contract.js.map +1 -1
  214. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  215. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  216. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  218. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  219. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  220. package/dist/tenant-client.contract.d.ts +12 -12
  221. package/dist/tenant-client.contract.js +11 -11
  222. package/dist/tenant-client.contract.js.map +1 -1
  223. package/dist/tool-contracts.js +26 -1
  224. package/dist/tool-contracts.js.map +1 -1
  225. package/package.json +22 -1
  226. package/dist/schemas/tables/identity/agent.js.map +0 -1
  227. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  228. package/dist/schemas/tables/identity/model.js.map +0 -1
  229. package/dist/schemas/tables/identity/platform.js.map +0 -1
  230. package/dist/schemas/tables/identity/project.js.map +0 -1
  231. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -41,7 +41,10 @@ type GatewayAuthContext = {
41
41
  principalId?: string;
42
42
  principalType?: SessionPrincipalType;
43
43
  tenantId?: string;
44
+ tenantSlug?: string;
44
45
  workspaceId?: string;
46
+ workspaceSlug?: string;
47
+ workspaceKey?: string;
45
48
  roles?: string[];
46
49
  membershipId?: string;
47
50
  sessionId?: string;
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";AA6IO,SAAS,wBACd,WAAA,EACQ;AACR,EAAA,MAAM,WAAA,GACJ,OAAO,WAAA,CAAY,WAAA,KAAgB,WAC/B,WAAA,CAAY,WAAA,CAAY,MAAK,GAC7B,EAAA;AACN,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AACxE","file":"gateway.contract.js","sourcesContent":["/**\n * Gateway contract types — shared between Stack's gateway middleware and\n * Lucern's server-core / gateway route handlers.\n *\n * These types describe the authenticated request context that flows from\n * the gateway into Lucern route handlers. The gateway (Stack-side) creates\n * the context; Lucern consumes it read-only.\n *\n * @module @lucern/contracts/src/gateway\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth-session.contract\";\n\n// ---------------------------------------------------------------------------\n// Error codes\n// ---------------------------------------------------------------------------\n\nexport type PlatformApiErrorCode =\n | \"AUTH_REQUIRED\"\n | \"AUTHENTICATION_REQUIRED\"\n | \"AUTH_TOKEN_MISSING\"\n | \"INVALID_REQUEST\"\n | \"IDEMPOTENCY_KEY_REQUIRED\"\n | \"FORBIDDEN\"\n | \"SCOPE_INSUFFICIENT\"\n | \"ENVIRONMENT_MISMATCH\"\n | \"KEY_EXPIRED\"\n | \"KEY_REVOKED\"\n | \"RATE_LIMIT_EXCEEDED\"\n | \"NOT_FOUND\"\n | \"CONFLICT\"\n | \"UPSTREAM_ERROR\"\n | \"INTERNAL_ERROR\";\n\n// ---------------------------------------------------------------------------\n// Gateway scope and environment\n// ---------------------------------------------------------------------------\n\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\nexport type GatewayEnvironment = \"sandbox\" | \"production\";\n\nexport type GatewayAuthMode =\n | \"interactive_user\"\n | \"service_principal\"\n | \"tenant_api_key\"\n | \"session_token\";\n\nexport type KeyLifecycleStatus =\n | \"active\"\n | \"rotating\"\n | \"rotated\"\n | \"expired\"\n | \"revoked\";\n\nexport type CutoverDomain =\n | \"graph\"\n | \"schema\"\n | \"identity\"\n | \"policy\"\n | \"audit\"\n | \"admin\"\n | \"agent\"\n | \"tool\"\n | \"prompt\"\n | \"intelligence\";\n\nexport type CutoverFlagState = \"legacy\" | \"cutover\" | \"disabled\";\n\n// ---------------------------------------------------------------------------\n// Gateway auth context — the canonical authenticated request shape\n// ---------------------------------------------------------------------------\n\n/**\n * Authenticated request context created by the gateway middleware.\n * Lucern route handlers receive this as a read-only parameter.\n *\n * The `convex` field is typed as `unknown` in the contract because Lucern\n * consumers should not use the gateway's Convex client directly — they\n * have their own kernel client. The gateway (Stack-side) narrows this to\n * `ConvexHttpClient` at the construction site.\n */\nexport type GatewayAuthContext = {\n userId: string;\n clerkId?: string;\n convexToken?: string;\n /** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */\n convex: any; // eslint-disable-line @typescript-eslint/no-explicit-any\n authMode: GatewayAuthMode;\n principalId?: string;\n principalType?: SessionPrincipalType;\n tenantId?: string;\n workspaceId?: string;\n roles?: string[];\n membershipId?: string;\n sessionId?: string;\n sessionAuthMode?: SessionAuthMode;\n sessionExpiresAt?: number;\n delegationChain?: SessionDelegationHop[];\n servicePrincipalId?: string;\n servicePrincipalKeyId?: string;\n servicePrincipalTenantId?: string;\n servicePrincipalWorkspaceId?: string;\n requestEnvironment: GatewayEnvironment;\n keyEnvironment?: GatewayEnvironment;\n keyStatus: KeyLifecycleStatus | \"unknown\";\n grantedScopes: Set<string>;\n cutoverDomain: CutoverDomain;\n cutoverState: CutoverFlagState;\n};\n\n// ---------------------------------------------------------------------------\n// Gateway response helpers — portable (no Next.js dependency)\n// ---------------------------------------------------------------------------\n\nexport type GatewayErrorArgs = {\n code: PlatformApiErrorCode;\n message: string;\n status: number;\n correlationId: string;\n policyTraceId?: string;\n invariant?: string;\n suggestion?: string;\n details?: unknown;\n headers?: HeadersInit;\n};\n\nexport type GatewaySuccessArgs = {\n status?: number;\n correlationId: string;\n policyTraceId?: string;\n idempotentReplay?: boolean;\n};\n\nexport function requireActorPrincipalId(\n authContext: GatewayAuthContext\n): string {\n const principalId =\n typeof authContext.principalId === \"string\"\n ? authContext.principalId.trim()\n : \"\";\n if (principalId.length > 0) {\n return principalId;\n }\n throw new Error(\"Access denied: federated principal context required.\");\n}\n"]}
1
+ {"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";AAgJO,SAAS,wBACd,WAAA,EACQ;AACR,EAAA,MAAM,WAAA,GACJ,OAAO,WAAA,CAAY,WAAA,KAAgB,WAC/B,WAAA,CAAY,WAAA,CAAY,MAAK,GAC7B,EAAA;AACN,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AACxE","file":"gateway.contract.js","sourcesContent":["/**\n * Gateway contract types — shared between Stack's gateway middleware and\n * Lucern's server-core / gateway route handlers.\n *\n * These types describe the authenticated request context that flows from\n * the gateway into Lucern route handlers. The gateway (Stack-side) creates\n * the context; Lucern consumes it read-only.\n *\n * @module @lucern/contracts/src/gateway\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth-session.contract\";\n\n// ---------------------------------------------------------------------------\n// Error codes\n// ---------------------------------------------------------------------------\n\nexport type PlatformApiErrorCode =\n | \"AUTH_REQUIRED\"\n | \"AUTHENTICATION_REQUIRED\"\n | \"AUTH_TOKEN_MISSING\"\n | \"INVALID_REQUEST\"\n | \"IDEMPOTENCY_KEY_REQUIRED\"\n | \"FORBIDDEN\"\n | \"SCOPE_INSUFFICIENT\"\n | \"ENVIRONMENT_MISMATCH\"\n | \"KEY_EXPIRED\"\n | \"KEY_REVOKED\"\n | \"RATE_LIMIT_EXCEEDED\"\n | \"NOT_FOUND\"\n | \"CONFLICT\"\n | \"UPSTREAM_ERROR\"\n | \"INTERNAL_ERROR\";\n\n// ---------------------------------------------------------------------------\n// Gateway scope and environment\n// ---------------------------------------------------------------------------\n\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\nexport type GatewayEnvironment = \"sandbox\" | \"production\";\n\nexport type GatewayAuthMode =\n | \"interactive_user\"\n | \"service_principal\"\n | \"tenant_api_key\"\n | \"session_token\";\n\nexport type KeyLifecycleStatus =\n | \"active\"\n | \"rotating\"\n | \"rotated\"\n | \"expired\"\n | \"revoked\";\n\nexport type CutoverDomain =\n | \"graph\"\n | \"schema\"\n | \"identity\"\n | \"policy\"\n | \"audit\"\n | \"admin\"\n | \"agent\"\n | \"tool\"\n | \"prompt\"\n | \"intelligence\";\n\nexport type CutoverFlagState = \"legacy\" | \"cutover\" | \"disabled\";\n\n// ---------------------------------------------------------------------------\n// Gateway auth context — the canonical authenticated request shape\n// ---------------------------------------------------------------------------\n\n/**\n * Authenticated request context created by the gateway middleware.\n * Lucern route handlers receive this as a read-only parameter.\n *\n * The `convex` field is typed as `unknown` in the contract because Lucern\n * consumers should not use the gateway's Convex client directly — they\n * have their own kernel client. The gateway (Stack-side) narrows this to\n * `ConvexHttpClient` at the construction site.\n */\nexport type GatewayAuthContext = {\n userId: string;\n clerkId?: string;\n convexToken?: string;\n /** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */\n convex: any; // eslint-disable-line @typescript-eslint/no-explicit-any\n authMode: GatewayAuthMode;\n principalId?: string;\n principalType?: SessionPrincipalType;\n tenantId?: string;\n tenantSlug?: string;\n workspaceId?: string;\n workspaceSlug?: string;\n workspaceKey?: string;\n roles?: string[];\n membershipId?: string;\n sessionId?: string;\n sessionAuthMode?: SessionAuthMode;\n sessionExpiresAt?: number;\n delegationChain?: SessionDelegationHop[];\n servicePrincipalId?: string;\n servicePrincipalKeyId?: string;\n servicePrincipalTenantId?: string;\n servicePrincipalWorkspaceId?: string;\n requestEnvironment: GatewayEnvironment;\n keyEnvironment?: GatewayEnvironment;\n keyStatus: KeyLifecycleStatus | \"unknown\";\n grantedScopes: Set<string>;\n cutoverDomain: CutoverDomain;\n cutoverState: CutoverFlagState;\n};\n\n// ---------------------------------------------------------------------------\n// Gateway response helpers — portable (no Next.js dependency)\n// ---------------------------------------------------------------------------\n\nexport type GatewayErrorArgs = {\n code: PlatformApiErrorCode;\n message: string;\n status: number;\n correlationId: string;\n policyTraceId?: string;\n invariant?: string;\n suggestion?: string;\n details?: unknown;\n headers?: HeadersInit;\n};\n\nexport type GatewaySuccessArgs = {\n status?: number;\n correlationId: string;\n policyTraceId?: string;\n idempotentReplay?: boolean;\n};\n\nexport function requireActorPrincipalId(\n authContext: GatewayAuthContext\n): string {\n const principalId =\n typeof authContext.principalId === \"string\"\n ? authContext.principalId.trim()\n : \"\";\n if (principalId.length > 0) {\n return principalId;\n }\n throw new Error(\"Access denied: federated principal context required.\");\n}\n"]}
@@ -3,11 +3,11 @@ import { GenericSchema } from 'convex/server';
3
3
 
4
4
  type GeneratedSchemaTables = GenericSchema;
5
5
  declare const KERNEL_SCHEMA_TABLES: GeneratedSchemaTables;
6
- declare const IDENTITY_SCHEMA_TABLES: GeneratedSchemaTables;
6
+ declare const CONTROL_PLANE_SCHEMA_TABLES: GeneratedSchemaTables;
7
7
  declare const MC_SCHEMA_TABLES: GeneratedSchemaTables;
8
8
  declare const DEVELOPER_PACK_SCHEMA_TABLES: GeneratedSchemaTables;
9
9
  declare const EMPTY_SCHEMA_TABLES: GeneratedSchemaTables;
10
- declare const IDENTITY_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
10
+ declare const CONTROL_PLANE_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
11
11
  declare const KERNEL_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
12
12
  declare const KERNEL_COMPONENT_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
13
13
  declare const STACK_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
@@ -17,4 +17,4 @@ declare const FULL_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
17
17
  declare const TIER_SCHEMA_TABLES: Record<string, GeneratedSchemaTables>;
18
18
  declare const _default: convex_server.SchemaDefinition<GenericSchema, true>;
19
19
 
20
- export { DEVELOPER_PACK_SCHEMA_TABLES, EMPTY_SCHEMA_TABLES, FULL_TIER_SCHEMA_TABLES, IDENTITY_SCHEMA_TABLES, IDENTITY_TIER_SCHEMA_TABLES, KERNEL_COMPONENT_TIER_SCHEMA_TABLES, KERNEL_SCHEMA_TABLES, KERNEL_TIER_SCHEMA_TABLES, MC_SCHEMA_TABLES, MC_TIER_SCHEMA_TABLES, STACK_TIER_SCHEMA_TABLES, STACK_V2_TIER_SCHEMA_TABLES, TIER_SCHEMA_TABLES, _default as default };
20
+ export { CONTROL_PLANE_SCHEMA_TABLES, CONTROL_PLANE_TIER_SCHEMA_TABLES, DEVELOPER_PACK_SCHEMA_TABLES, EMPTY_SCHEMA_TABLES, FULL_TIER_SCHEMA_TABLES, KERNEL_COMPONENT_TIER_SCHEMA_TABLES, KERNEL_SCHEMA_TABLES, KERNEL_TIER_SCHEMA_TABLES, MC_SCHEMA_TABLES, MC_TIER_SCHEMA_TABLES, STACK_TIER_SCHEMA_TABLES, STACK_V2_TIER_SCHEMA_TABLES, TIER_SCHEMA_TABLES, _default as default };
@@ -28,7 +28,7 @@ var KERNEL_SCHEMA_TABLES = {
28
28
  "epistemicContracts": defineTable(v.object({ "beliefNodeId": v.string(), "compositeOf": v.optional(v.array(v.string())), "compositeOperator": v.optional(v.union(v.literal("all"), v.literal("any"), v.literal("majority"))), "condition": v.object({ "evaluator": v.string(), "evaluatorConfig": v.optional(v.union(v.string(), v.number(), v.boolean(), v.null(), v.record(v.string(), v.any()), v.array(v.any()))), "expression": v.string() }), "conditionType": v.union(v.literal("assertion"), v.literal("temporal"), v.literal("evidential"), v.literal("threshold"), v.literal("composite")), "contractId": v.string(), "createdAt": v.number(), "createdBy": v.string(), "deadline": v.optional(v.number()), "description": v.optional(v.string()), "direction": v.union(v.literal("confirms"), v.literal("falsifies")), "evaluationCount": v.optional(v.number()), "evaluationSchedule": v.union(v.literal("on_demand"), v.literal("on_evidence"), v.literal("periodic"), v.literal("event_driven")), "inheritedAt": v.optional(v.number()), "inheritedFromBeliefNodeId": v.optional(v.string()), "inheritedFromContractId": v.optional(v.string()), "lastEvaluatedAt": v.optional(v.number()), "lineageSource": v.union(v.literal("declared"), v.literal("inherited")), "modulation": v.object({ "onConfirmed": v.object({ "ceiling": v.optional(v.number()), "delta": v.number() }), "onDisconfirmed": v.object({ "delta": v.number(), "floor": v.optional(v.number()) }), "onExpired": v.optional(v.object({ "delta": v.number() })), "onPartial": v.optional(v.object({ "delta": v.number(), "threshold": v.number() })) }), "periodicIntervalMs": v.optional(v.number()), "status": v.union(v.literal("active"), v.literal("satisfied"), v.literal("violated"), v.literal("expired"), v.literal("suspended"), v.literal("archived")), "title": v.string(), "topicId": v.optional(v.string()), "updatedAt": v.number() })).index("by_contractId", ["contractId"]).index("by_belief", ["beliefNodeId"]).index("by_status", ["status"]).index("by_evaluator", ["condition.evaluator"]).index("by_topic", ["topicId"]).index("by_schedule", ["evaluationSchedule"]),
29
29
  "epistemicEdges": defineTable(v.object({ "analogyBasis": v.optional(v.string()), "analogyStrength": v.optional(v.number()), "anonymizationClass": v.optional(v.union(v.literal("none"), v.literal("standard"), v.literal("strict"))), "audienceLabel": v.optional(v.string()), "blocking": v.optional(v.boolean()), "causal": v.optional(v.boolean()), "conditionalA": v.optional(v.object({ "a": v.number(), "b": v.number(), "d": v.number(), "u": v.number() })), "conditionalNotA": v.optional(v.object({ "a": v.number(), "b": v.number(), "d": v.number(), "u": v.number() })), "confidence": v.optional(v.number()), "constraint": v.optional(v.string()), "containment": v.optional(v.string()), "context": v.optional(v.string()), "createdAt": v.number(), "createdBy": v.string(), "defeatType": v.optional(v.union(v.literal("rebuts"), v.literal("undercuts"), v.literal("undermines"))), "derivation": v.optional(v.string()), "derivationType": v.optional(v.string()), "disanalogies": v.optional(v.array(v.string())), "domainNamespace": v.optional(v.string()), "edgeTier": v.optional(v.string()), "edgeType": v.union(v.literal("supports"), v.literal("informs"), v.literal("depends_on"), v.literal("derived_from"), v.literal("contains"), v.literal("tests"), v.literal("supersedes"), v.literal("responds_to"), v.literal("belongs_to"), v.literal("relates_to_thesis"), v.literal("works_at"), v.literal("invested_in"), v.literal("competes_with"), v.literal("participates_in"), v.literal("founded_by"), v.literal("evaluates"), v.literal("performs"), v.literal("function_in"), v.literal("impacts"), v.literal("raised_from"), v.literal("mentioned_in"), v.literal("perspective_on"), v.literal("plays_theme"), v.literal("answers"), v.literal("explores"), v.literal("qualifies"), v.literal("based_on"), v.literal("based_on_belief"), v.literal("based_on_question"), v.literal("blocked_by_contradiction"), v.literal("informed_by_theme"), v.literal("same_as"), v.literal("reinforces"), v.literal("parent_of"), v.literal("child_of"), v.literal("falsified_by"), v.literal("exclusive_with"), v.literal("collapses_if"), v.literal("cascade_from"), v.literal("counterfactual_of"), v.literal("cascade_to"), v.literal("mutually_exclusive"), v.literal("correlates_with"), v.literal("amplifies"), v.literal("precondition_for"), v.literal("in_tension_with"), v.literal("strengthened_by"), v.literal("weakened_by"), v.literal("alternative_to"), v.literal("subsumes"), v.literal("validated_by"), v.literal("required_for"), v.literal("blocks"), v.literal("prerequisite_for"), v.literal("parallel_to"), v.literal("corroborates"), v.literal("extends"), v.literal("same_source_as"), v.literal("same_theme_as"), v.literal("assumes"), v.literal("would_predict"), v.literal("analogous_to"), v.literal("independent_of"), v.literal("implements"), v.literal("violates"), v.literal("co_changes_with"), v.literal("migrating_from"), v.literal("migrating_to"), v.literal("scoped_by"), v.literal("about_entity"), v.literal("entity_referenced_in"), v.literal("contradicts"), v.literal("cites"), v.literal("summarizes"), v.literal("related_to"), v.literal("partially_answers"), v.literal("refines"), v.literal("branches_from"), v.literal("extracted_from")), "endDate": v.optional(v.number()), "evidence": v.optional(v.string()), "exportClass": v.optional(v.union(v.literal("internal_only"), v.literal("client_safe"), v.literal("public_safe"), v.literal("restricted"))), "fromLayer": v.optional(v.union(v.literal("L4"), v.literal("L3"), v.literal("L2"), v.literal("L1"), v.literal("ontological"), v.literal("organizational"))), "fromNodeId": v.string(), "fromNodeType": v.optional(v.string()), "globalId": v.string(), "implicit": v.optional(v.boolean()), "interrogation": v.optional(v.string()), "keywords": v.optional(v.array(v.string())), "logicalRole": v.optional(v.union(v.literal("necessary"), v.literal("sufficient"), v.literal("necessary_sufficient"), v.literal("contributory"), v.literal("corroborative"))), "metadata": v.optional(v.record(v.string(), v.any())), "normalization": v.optional(v.string()), "ownerPrincipalId": v.optional(v.string()), "policyTags": v.optional(v.array(v.string())), "predictionFulfilled": v.optional(v.boolean()), "predictionFulfilledAt": v.optional(v.number()), "predictionFulfilledBy": v.optional(v.string()), "projectId": v.optional(v.string()), "propagation": v.optional(v.string()), "reasoningMethod": v.optional(v.union(v.literal("deductive"), v.literal("inductive"), v.literal("abductive"), v.literal("analogical"), v.literal("causal"), v.literal("correlational"), v.literal("testimonial"), v.literal("statistical"), v.literal("implicit"), v.literal("pattern_match"))), "sensitivityTier": v.optional(v.union(v.literal("low"), v.literal("medium"), v.literal("high"), v.literal("restricted"))), "sourceGlobalId": v.optional(v.string()), "startDate": v.optional(v.number()), "surpriseScore": v.optional(v.number()), "targetGlobalId": v.optional(v.string()), "temporalClass": v.optional(v.union(v.literal("structural"), v.literal("cyclical"), v.literal("transient"), v.literal("point_in_time"))), "tenantId": v.optional(v.string()), "toLayer": v.optional(v.union(v.literal("L4"), v.literal("L3"), v.literal("L2"), v.literal("L1"), v.literal("ontological"), v.literal("organizational"))), "toNodeId": v.optional(v.string()), "toNodeType": v.optional(v.string()), "topicId": v.optional(v.string()), "updatedAt": v.optional(v.number()), "validFrom": v.optional(v.number()), "validUntil": v.optional(v.number()), "weight": v.optional(v.number()), "workspaceId": v.optional(v.string()) })).index("by_globalId", ["globalId"]).index("by_from", ["fromNodeId"]).index("by_to", ["toNodeId"]).index("by_from_type", ["fromNodeId", "edgeType"]).index("by_to_type", ["toNodeId", "edgeType"]).index("by_topic", ["topicId"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace", ["tenantId", "workspaceId"]).index("by_audienceLabel", ["audienceLabel"]).index("by_sensitivityTier", ["sensitivityTier"]).index("by_exportClass", ["exportClass"]).index("by_type", ["edgeType"]).index("by_from_to", ["fromNodeId", "toNodeId"]).index("by_fromLayer", ["fromLayer"]).index("by_toLayer", ["toLayer"]).index("by_layer_pair", ["fromLayer", "toLayer"]).index("by_source_global_id", ["sourceGlobalId"]).index("by_target_global_id", ["targetGlobalId"]).index("by_reasoning_method", ["edgeType", "reasoningMethod"]).index("by_logical_role", ["edgeType", "logicalRole"]).index("by_temporal_class", ["temporalClass", "validUntil"]).index("by_surprise", ["edgeType", "surpriseScore"]),
30
30
  "epistemicNodeEmbeddings": defineTable(v.object({ "confidence": v.optional(v.number()), "createdAt": v.number(), "createdBy": v.string(), "embedding": v.array(v.number()), "hasAnswer": v.optional(v.boolean()), "importance": v.optional(v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low"))), "nodeId": v.id("epistemicNodes"), "nodeType": v.union(v.literal("belief"), v.literal("question"), v.literal("evidence"), v.literal("answer"), v.literal("synthesis"), v.literal("theme"), v.literal("source")), "topicId": v.optional(v.string()), "updatedAt": v.optional(v.number()) })).index("by_nodeId", ["nodeId"]).index("by_topicId_type", ["topicId", "nodeType"]).index("by_topicId", ["topicId"]).vectorIndex("by_embedding", { vectorField: "embedding", dimensions: 1024, filterFields: ["nodeType", "createdBy"] }),
31
- "epistemicNodes": defineTable(v.object({ "aiProvider": v.optional(v.string()), "anonymizationClass": v.optional(v.union(v.literal("none"), v.literal("standard"), v.literal("strict"))), "answerQuality": v.optional(v.union(v.literal("definitive"), v.literal("strong"), v.literal("moderate"), v.literal("weak"), v.literal("speculative"), v.literal("unanswered"))), "audienceLabel": v.optional(v.string()), "beliefStatus": v.optional(v.union(v.literal("assumption"), v.literal("hypothesis"), v.literal("belief"), v.literal("fact"))), "beliefType": v.optional(v.string()), "canonicalText": v.string(), "confidence": v.optional(v.number()), "consensusConfidence": v.optional(v.number()), "consensusSource": v.optional(v.string()), "consensusView": v.optional(v.union(v.literal("aligned"), v.literal("ahead_of"), v.literal("contrarian"), v.literal("orthogonal"), v.literal("unknown"))), "content": v.optional(v.string()), "contentHash": v.string(), "contentType": v.optional(v.string()), "createdAt": v.number(), "createdBy": v.string(), "decisionOutcome": v.optional(v.union(v.literal("pending"), v.literal("successful"), v.literal("unsuccessful"), v.literal("mixed"), v.literal("unknown"))), "decisionType": v.optional(v.union(v.literal("invest"), v.literal("pass"), v.literal("follow_on"), v.literal("exit"), v.literal("deep_dive"), v.literal("monitor"), v.literal("deprioritize"), v.literal("thesis_adopt"), v.literal("thesis_revise"), v.literal("thesis_abandon"))), "domain": v.optional(v.string()), "epistemicLayer": v.optional(v.union(v.literal("L4"), v.literal("L3"), v.literal("L2"), v.literal("L1"), v.literal("ontological"), v.literal("organizational"))), "epistemicStatus": v.optional(v.union(v.literal("hypothesis"), v.literal("emerging"), v.literal("established"), v.literal("challenged"), v.literal("assumption"), v.literal("deprecated"))), "exportClass": v.optional(v.union(v.literal("internal_only"), v.literal("client_safe"), v.literal("public_safe"), v.literal("restricted"))), "externalIds": v.optional(v.object({ "crunchbase": v.optional(v.string()), "linkedin": v.optional(v.string()), "pitchbook": v.optional(v.string()), "twitter": v.optional(v.string()), "website": v.optional(v.string()) })), "extractedFromNodeId": v.optional(v.id("epistemicNodes")), "extractionLangfuseTraceId": v.optional(v.string()), "extractionModel": v.optional(v.string()), "extractionPromptName": v.optional(v.string()), "extractionPromptVersion": v.optional(v.number()), "extractionTemperature": v.optional(v.number()), "globalId": v.string(), "groundingConfidence": v.optional(v.number()), "groundingEndOffset": v.optional(v.number()), "groundingMatchedText": v.optional(v.string()), "groundingRejectionReason": v.optional(v.string()), "groundingStartOffset": v.optional(v.number()), "groundingVerified": v.optional(v.boolean()), "informationAsymmetry": v.optional(v.union(v.literal("proprietary"), v.literal("early"), v.literal("common"))), "metadata": v.optional(v.record(v.string(), v.any())), "methodology": v.optional(v.union(v.literal("primary_research"), v.literal("expert_interview"), v.literal("customer_interview"), v.literal("field_observation"), v.literal("proprietary_data"), v.literal("desk_research"), v.literal("regulatory_filing"), v.literal("news_article"), v.literal("academic_paper"), v.literal("ai_synthesis"), v.literal("ai_extraction"))), "nodeType": v.union(v.literal("decision"), v.literal("belief"), v.literal("question"), v.literal("theme"), v.literal("deal"), v.literal("topic"), v.literal("claim"), v.literal("evidence"), v.literal("synthesis"), v.literal("answer"), v.literal("atomic_fact"), v.literal("excerpt"), v.literal("source"), v.literal("company"), v.literal("person"), v.literal("investor"), v.literal("function"), v.literal("value_chain")), "ownerPrincipalId": v.optional(v.string()), "policyTags": v.optional(v.array(v.string())), "predictionMeta": v.optional(v.object({ "actualVsPredicted": v.optional(v.string()), "confidenceAtPrediction": v.optional(v.number()), "expectedBy": v.optional(v.number()), "isPrediction": v.boolean(), "outcome": v.optional(v.union(v.literal("pending"), v.literal("confirmed"), v.literal("disconfirmed"), v.literal("partial"), v.literal("expired"))), "outcomeEvidenceId": v.optional(v.string()), "outcomeRecordedAt": v.optional(v.number()), "registeredAt": v.number() })), "projectId": v.optional(v.string()), "questionPriority": v.optional(v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low"))), "questionType": v.optional(v.union(v.literal("validation"), v.literal("falsification"), v.literal("assumption_probe"), v.literal("prediction_test"), v.literal("counterfactual"), v.literal("discovery"), v.literal("clarification"), v.literal("comparison"), v.literal("causal"), v.literal("mechanism"), v.literal("general"))), "reversibility": v.optional(v.union(v.literal("irreversible"), v.literal("hard_to_reverse"), v.literal("reversible"), v.literal("trivial"))), "sensitivityTier": v.optional(v.union(v.literal("low"), v.literal("medium"), v.literal("high"), v.literal("restricted"))), "sourceType": v.union(v.literal("human"), v.literal("ai_extracted"), v.literal("ai_generated"), v.literal("imported"), v.literal("system"), v.literal("verified"), v.literal("proprietary")), "status": v.union(v.literal("active"), v.literal("superseded"), v.literal("archived"), v.literal("deleted")), "subtype": v.optional(v.string()), "supersededBy": v.optional(v.id("epistemicNodes")), "syncError": v.optional(v.string()), "syncStatus": v.optional(v.union(v.literal("synced"), v.literal("pending_edges"), v.literal("edge_creation_failed"))), "tags": v.optional(v.array(v.string())), "temporalNature": v.optional(v.union(v.literal("factual"), v.literal("forecast"), v.literal("unknown"))), "tenantId": v.optional(v.string()), "themeConviction": v.optional(v.union(v.literal("high"), v.literal("medium"), v.literal("low"), v.literal("negative"))), "title": v.optional(v.string()), "topicId": v.optional(v.string()), "updatedAt": v.number(), "verificationStatus": v.optional(v.union(v.literal("unverified"), v.literal("human_verified"), v.literal("ai_verified"), v.literal("contradicted"), v.literal("outdated"))), "workspaceId": v.optional(v.string()) })).index("by_globalId", ["globalId"]).index("by_contentHash", ["contentHash"]).index("by_nodeType", ["nodeType"]).index("by_subtype", ["nodeType", "subtype"]).index("by_domain", ["domain"]).index("by_topic", ["topicId"]).index("by_topic_type", ["topicId", "nodeType"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace", ["tenantId", "workspaceId"]).index("by_audienceLabel", ["audienceLabel"]).index("by_sensitivityTier", ["sensitivityTier"]).index("by_exportClass", ["exportClass"]).index("by_status", ["status"]).index("by_sourceType", ["sourceType"]).index("by_verification", ["verificationStatus"]).index("by_layer", ["epistemicLayer"]).index("by_layer_type", ["epistemicLayer", "nodeType"]).index("by_syncStatus", ["syncStatus"]).index("by_belief_status", ["nodeType", "beliefStatus"]).index("by_epistemic_status", ["nodeType", "epistemicStatus"]).index("by_temporal_nature", ["nodeType", "temporalNature"]).index("by_methodology", ["nodeType", "methodology"]).index("by_reversibility", ["nodeType", "reversibility"]).index("by_questionType", ["nodeType", "questionType"]).index("by_questionPriority", ["nodeType", "questionPriority"]).searchIndex("search_canonicalText", { searchField: "canonicalText", filterFields: ["nodeType", "topicId", "topicId", "status"] }),
31
+ "epistemicNodes": defineTable(v.object({ "aiProvider": v.optional(v.string()), "anonymizationClass": v.optional(v.union(v.literal("none"), v.literal("standard"), v.literal("strict"))), "answerQuality": v.optional(v.union(v.literal("definitive"), v.literal("strong"), v.literal("moderate"), v.literal("weak"), v.literal("speculative"), v.literal("unanswered"))), "audienceLabel": v.optional(v.string()), "beliefStatus": v.optional(v.union(v.literal("assumption"), v.literal("hypothesis"), v.literal("belief"), v.literal("fact"))), "beliefType": v.optional(v.string()), "canonicalText": v.string(), "confidence": v.optional(v.number()), "consensusConfidence": v.optional(v.number()), "consensusSource": v.optional(v.string()), "consensusView": v.optional(v.union(v.literal("aligned"), v.literal("ahead_of"), v.literal("contrarian"), v.literal("orthogonal"), v.literal("unknown"))), "content": v.optional(v.string()), "contentHash": v.string(), "contentType": v.optional(v.string()), "createdAt": v.number(), "createdBy": v.string(), "decisionOutcome": v.optional(v.union(v.literal("pending"), v.literal("successful"), v.literal("unsuccessful"), v.literal("mixed"), v.literal("unknown"))), "decisionType": v.optional(v.union(v.literal("invest"), v.literal("pass"), v.literal("follow_on"), v.literal("exit"), v.literal("deep_dive"), v.literal("monitor"), v.literal("deprioritize"), v.literal("thesis_adopt"), v.literal("thesis_revise"), v.literal("thesis_abandon"))), "domain": v.optional(v.string()), "epistemicLayer": v.optional(v.union(v.literal("L4"), v.literal("L3"), v.literal("L2"), v.literal("L1"), v.literal("ontological"), v.literal("organizational"))), "epistemicStatus": v.optional(v.union(v.literal("hypothesis"), v.literal("emerging"), v.literal("established"), v.literal("challenged"), v.literal("assumption"), v.literal("deprecated"))), "exportClass": v.optional(v.union(v.literal("internal_only"), v.literal("client_safe"), v.literal("public_safe"), v.literal("restricted"))), "externalIds": v.optional(v.object({ "crunchbase": v.optional(v.string()), "linkedin": v.optional(v.string()), "pitchbook": v.optional(v.string()), "twitter": v.optional(v.string()), "website": v.optional(v.string()) })), "extractedFromNodeId": v.optional(v.id("epistemicNodes")), "extractionLangfuseTraceId": v.optional(v.string()), "extractionModel": v.optional(v.string()), "extractionPromptName": v.optional(v.string()), "extractionPromptVersion": v.optional(v.number()), "extractionTemperature": v.optional(v.number()), "globalId": v.string(), "groundingConfidence": v.optional(v.number()), "groundingEndOffset": v.optional(v.number()), "groundingMatchedText": v.optional(v.string()), "groundingRejectionReason": v.optional(v.string()), "groundingStartOffset": v.optional(v.number()), "groundingVerified": v.optional(v.boolean()), "informationAsymmetry": v.optional(v.union(v.literal("proprietary"), v.literal("early"), v.literal("common"))), "metadata": v.optional(v.record(v.string(), v.any())), "methodology": v.optional(v.union(v.literal("primary_research"), v.literal("expert_interview"), v.literal("customer_interview"), v.literal("field_observation"), v.literal("proprietary_data"), v.literal("desk_research"), v.literal("regulatory_filing"), v.literal("news_article"), v.literal("academic_paper"), v.literal("ai_synthesis"), v.literal("ai_extraction"))), "nodeType": v.union(v.literal("decision"), v.literal("belief"), v.literal("question"), v.literal("theme"), v.literal("deal"), v.literal("topic"), v.literal("claim"), v.literal("evidence"), v.literal("synthesis"), v.literal("answer"), v.literal("atomic_fact"), v.literal("excerpt"), v.literal("source"), v.literal("company"), v.literal("person"), v.literal("investor"), v.literal("function"), v.literal("value_chain")), "ownerPrincipalId": v.optional(v.string()), "policyTags": v.optional(v.array(v.string())), "predictionMeta": v.optional(v.object({ "actualVsPredicted": v.optional(v.string()), "confidenceAtPrediction": v.optional(v.number()), "expectedBy": v.optional(v.number()), "isPrediction": v.boolean(), "outcome": v.optional(v.union(v.literal("pending"), v.literal("confirmed"), v.literal("disconfirmed"), v.literal("partial"), v.literal("expired"))), "outcomeEvidenceId": v.optional(v.string()), "outcomeRecordedAt": v.optional(v.number()), "registeredAt": v.number() })), "projectId": v.optional(v.string()), "questionPriority": v.optional(v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low"))), "questionType": v.optional(v.union(v.literal("validation"), v.literal("falsification"), v.literal("assumption_probe"), v.literal("prediction_test"), v.literal("counterfactual"), v.literal("discovery"), v.literal("clarification"), v.literal("comparison"), v.literal("causal"), v.literal("mechanism"), v.literal("general"))), "reversibility": v.optional(v.union(v.literal("irreversible"), v.literal("hard_to_reverse"), v.literal("reversible"), v.literal("trivial"))), "sensitivityTier": v.optional(v.union(v.literal("low"), v.literal("medium"), v.literal("high"), v.literal("restricted"))), "sourceType": v.union(v.literal("human"), v.literal("ai_extracted"), v.literal("ai_generated"), v.literal("imported"), v.literal("system"), v.literal("verified"), v.literal("proprietary")), "status": v.union(v.literal("active"), v.literal("superseded"), v.literal("archived"), v.literal("deleted")), "subtype": v.optional(v.string()), "supersededBy": v.optional(v.id("epistemicNodes")), "syncError": v.optional(v.string()), "syncStatus": v.optional(v.union(v.literal("synced"), v.literal("pending_edges"), v.literal("edge_creation_failed"))), "tags": v.optional(v.array(v.string())), "temporalNature": v.optional(v.union(v.literal("factual"), v.literal("forecast"), v.literal("unknown"))), "tenantId": v.optional(v.string()), "themeConviction": v.optional(v.union(v.literal("high"), v.literal("medium"), v.literal("low"), v.literal("negative"))), "themeStatus": v.optional(v.union(v.literal("emerging"), v.literal("active"), v.literal("mature"), v.literal("declining"), v.literal("archived"))), "title": v.optional(v.string()), "topicId": v.optional(v.string()), "updatedAt": v.number(), "verificationStatus": v.optional(v.union(v.literal("unverified"), v.literal("human_verified"), v.literal("ai_verified"), v.literal("contradicted"), v.literal("outdated"))), "workspaceId": v.optional(v.string()) })).index("by_globalId", ["globalId"]).index("by_contentHash", ["contentHash"]).index("by_nodeType", ["nodeType"]).index("by_subtype", ["nodeType", "subtype"]).index("by_domain", ["domain"]).index("by_topic", ["topicId"]).index("by_topic_type", ["topicId", "nodeType"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace", ["tenantId", "workspaceId"]).index("by_audienceLabel", ["audienceLabel"]).index("by_sensitivityTier", ["sensitivityTier"]).index("by_exportClass", ["exportClass"]).index("by_status", ["status"]).index("by_sourceType", ["sourceType"]).index("by_verification", ["verificationStatus"]).index("by_layer", ["epistemicLayer"]).index("by_layer_type", ["epistemicLayer", "nodeType"]).index("by_syncStatus", ["syncStatus"]).index("by_belief_status", ["nodeType", "beliefStatus"]).index("by_epistemic_status", ["nodeType", "epistemicStatus"]).index("by_temporal_nature", ["nodeType", "temporalNature"]).index("by_methodology", ["nodeType", "methodology"]).index("by_reversibility", ["nodeType", "reversibility"]).index("by_questionType", ["nodeType", "questionType"]).index("by_questionPriority", ["nodeType", "questionPriority"]).searchIndex("search_canonicalText", { searchField: "canonicalText", filterFields: ["nodeType", "topicId", "topicId", "status"] }),
32
32
  "graphAnalysisCache": defineTable(v.object({ "analysisVersion": v.string(), "analyzedAt": v.number(), "changesSinceRefresh": v.number(), "findings": v.array(v.object({ "category": v.union(v.literal("structural_risk"), v.literal("evidence_gap"), v.literal("reasoning_flaw"), v.literal("staleness"), v.literal("opportunity"), v.literal("propagation_risk"), v.literal("epistemology"), v.literal("temporal"), v.literal("semantic_gap")), "description": v.string(), "detector": v.string(), "id": v.string(), "importance": v.optional(v.number()), "nodeIds": v.array(v.string()), "nodeLabels": v.array(v.string()), "severity": v.union(v.literal("critical"), v.literal("warning"), v.literal("info")), "title": v.string(), "totalCount": v.optional(v.number()) })), "healthScore": v.number(), "isStale": v.boolean(), "killerQueryResults": v.optional(v.object({ "anchoringBias": v.optional(v.array(v.any())), "confirmationBias": v.optional(v.array(v.any())), "contradictionTensions": v.optional(v.array(v.any())), "knowledgeFrontier": v.optional(v.array(v.any())), "minimumFalsificationSet": v.optional(v.union(v.string(), v.number(), v.boolean(), v.null(), v.record(v.string(), v.any()), v.array(v.any()))), "missingQuestions": v.optional(v.array(v.any())), "nonConsensusBeliefs": v.optional(v.array(v.any())), "portfolioConviction": v.optional(v.array(v.any())), "reasoningDepth": v.optional(v.array(v.any())), "sourceConcentration": v.optional(v.array(v.any())), "staleThemes": v.optional(v.array(v.any())) })), "lastGraphChange": v.optional(v.number()), "stats": v.object({ "algebraicConnectivity": v.number(), "averageResilience": v.number(), "beliefs": v.number(), "beliefStatus": v.optional(v.object({ "assumption": v.number(), "belief": v.number(), "fact": v.number(), "hypothesis": v.number() })), "bridgeNodeCount": v.number(), "coherenceScore": v.number(), "communityCount": v.number(), "cycleCount": v.number(), "evidence": v.number(), "evidenceTemporalNature": v.optional(v.object({ "factual": v.number(), "forecast": v.number(), "unknown": v.number() })), "orphanCount": v.number(), "overconfidentCount": v.number(), "propagationRisks": v.number(), "questions": v.number(), "sccCount": v.number(), "temporalDecayCount": v.number(), "tensionPairs": v.number(), "totalEdges": v.number(), "totalNodes": v.number(), "ungroundedCount": v.number() }), "topicId": v.optional(v.string()) })).index("by_topic", ["topicId"]).index("by_topic_stale", ["topicId", "isStale"]).index("by_analyzedAt", ["analyzedAt"]),
33
33
  "graphAnalysisResults": defineTable(v.object({ "analysisText": v.string(), "archivedAt": v.optional(v.number()), "createdAt": v.number(), "customQuery": v.optional(v.string()), "findingId": v.optional(v.string()), "findingSnapshot": v.optional(v.object({ "category": v.string(), "description": v.string(), "nodeIds": v.array(v.string()), "nodeLabels": v.array(v.string()), "severity": v.string(), "title": v.string() })), "mode": v.union(v.literal("explain"), v.literal("query")), "modelId": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("archived"), v.literal("deleted")), "topicId": v.optional(v.string()), "userId": v.string() })).index("by_topicId", ["topicId"]).index("by_topic_user", ["topicId", "userId"]).index("by_topic_finding", ["topicId", "findingId"]).index("by_topic_status", ["topicId", "status"]).index("by_createdAt", ["createdAt"]),
34
34
  "graphSuggestions": defineTable(v.object({ "actedAt": v.optional(v.number()), "analysisResultId": v.id("graphAnalysisResults"), "createdAt": v.number(), "errorMessage": v.optional(v.string()), "payload": v.union(v.string(), v.number(), v.boolean(), v.null(), v.record(v.string(), v.any()), v.array(v.any())), "priority": v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low")), "rationale": v.string(), "resultNodeId": v.optional(v.string()), "secondaryNodeId": v.optional(v.string()), "status": v.union(v.literal("pending"), v.literal("accepted"), v.literal("declined"), v.literal("failed"), v.literal("superseded")), "suggestionHash": v.string(), "suggestionType": v.string(), "targetNodeId": v.optional(v.string()), "title": v.string(), "topicId": v.optional(v.string()), "userId": v.string() })).index("by_analysis", ["analysisResultId"]).index("by_suggestion_hash", ["topicId", "suggestionHash"]).index("by_topicId", ["topicId"]).index("by_topic_user", ["topicId", "userId"]).index("by_topic_status", ["topicId", "status"]).index("by_createdAt", ["createdAt"]),
@@ -59,13 +59,26 @@ var KERNEL_SCHEMA_TABLES = {
59
59
  "worktreeBeliefCluster": defineTable(v.object({ "addedAt": v.number(), "beliefId": v.string(), "cascadeText": v.optional(v.string()), "confidenceDelta": v.optional(v.number()), "counterfactualText": v.optional(v.string()), "dependencyText": v.optional(v.string()), "finalConfidence": v.optional(v.number()), "finalEvidenceCount": v.optional(v.number()), "initialConfidence": v.optional(v.number()), "initialEvidenceCount": v.optional(v.number()), "llmAssessedAt": v.optional(v.number()), "llmCertainty": v.optional(v.number()), "llmEvidenceScores": v.optional(v.string()), "llmReasoning": v.optional(v.string()), "llmValence": v.optional(v.number()), "relationDescription": v.optional(v.string()), "relationType": v.union(v.literal("primary"), v.literal("counterfactual"), v.literal("dependency"), v.literal("cascade"), v.literal("conditional"), v.literal("supporting"), v.literal("contradicting"), v.literal("alternative"), v.literal("prerequisite")), "updatedAt": v.number(), "worktreeId": v.id("worktrees") })).index("by_worktree", ["worktreeId"]).index("by_belief", ["beliefId"]).index("by_worktree_relation", ["worktreeId", "relationType"]),
60
60
  "worktrees": defineTable(v.object({ "beliefFocus": v.optional(v.string()), "beliefRefinement": v.optional(v.object({ "checklist": v.optional(v.object({ "hasMeasurableCriteria": v.boolean(), "hasSpecificClaim": v.boolean(), "hasTestability": v.boolean(), "hasTimeframe": v.boolean() })), "isRefined": v.boolean(), "measurableCriteria": v.optional(v.string()), "originalText": v.optional(v.string()), "refinedAt": v.optional(v.number()), "refinedBy": v.optional(v.string()), "refinedText": v.optional(v.string()), "testingCriteria": v.optional(v.string()), "timeframe": v.optional(v.string()) })), "beliefRefinements": v.optional(v.array(v.any())), "blocks": v.optional(v.array(v.id("worktrees"))), "branchThesis": v.optional(v.object({ "approvedAt": v.optional(v.number()), "approvedBy": v.optional(v.string()), "content": v.string(), "generatedAt": v.optional(v.number()), "generationMetadata": v.optional(v.object({ "langfuseTraceId": v.optional(v.string()), "modelUsed": v.string(), "promptName": v.string() })), "memoContent": v.optional(v.string()), "status": v.union(v.literal("ai_draft"), v.literal("user_draft"), v.literal("final")) })), "campaign": v.optional(v.number()), "chatId": v.optional(v.string()), "clusterStatus": v.optional(v.object({ "conditionalsByType": v.optional(v.object({ "cascades": v.number(), "counterfactuals": v.number(), "dependencies": v.number(), "other": v.number() })), "hasCascades": v.boolean(), "hasCounterfactuals": v.boolean(), "hasDependencies": v.boolean(), "mappingCompletedAt": v.optional(v.number()), "mappingCompletedBy": v.optional(v.string()), "totalConditionals": v.number() })), "confidenceImpact": v.optional(v.union(v.literal("high"), v.literal("medium"), v.literal("low"))), "createdAt": v.optional(v.number()), "createdBy": v.string(), "decisionGate": v.optional(v.object({ "decidedAt": v.optional(v.number()), "decidedBy": v.optional(v.string()), "goCriteria": v.array(v.string()), "noGoSignals": v.array(v.string()), "verdict": v.optional(v.union(v.literal("go"), v.literal("no_go"), v.literal("pivot"), v.literal("pending"))), "verdictRationale": v.optional(v.string()) })), "decisionsReached": v.optional(v.array(v.string())), "dependsOn": v.optional(v.array(v.id("worktrees"))), "dismissedReason": v.optional(v.string()), "durationWeeks": v.number(), "endDate": v.number(), "endingConfidence": v.optional(v.object({ "beliefConfidences": v.array(v.object({ "beliefId": v.string(), "confidence": v.number() })), "overall": v.number() })), "epistemicChain": v.optional(v.object({ "capturedAt": v.number(), "capturedBy": v.string(), "clusterEdges": v.array(v.object({ "createdAt": v.optional(v.number()), "edgeId": v.optional(v.string()), "edgeType": v.string(), "sourceId": v.string(), "targetId": v.string(), "weight": v.optional(v.number()) })), "confidenceHistory": v.optional(v.array(v.object({ "beliefId": v.string(), "recentChanges": v.array(v.object({ "confidence": v.optional(v.string()), "timestamp": v.optional(v.number()), "trigger": v.optional(v.string()) })) }))), "evidence": v.array(v.object({ "createdAt": v.optional(v.number()), "id": v.string(), "sourceType": v.optional(v.string()), "text": v.string(), "verificationStatus": v.optional(v.string()), "verified": v.boolean() })), "outcome": v.object({ "confidenceChange": v.number(), "endingConfidence": v.number(), "startingConfidence": v.number(), "summary": v.string(), "verdict": v.string() }), "primaryBelief": v.optional(v.object({ "confidenceScore": v.optional(v.number()), "criticality": v.optional(v.string()), "endingConfidence": v.number(), "endingConfidenceLabel": v.optional(v.string()), "id": v.string(), "startingConfidence": v.number(), "startingConfidenceLabel": v.optional(v.string()), "status": v.optional(v.string()), "text": v.string() })), "questions": v.array(v.object({ "answer": v.optional(v.string()), "answeredAt": v.optional(v.number()), "answeredBy": v.optional(v.string()), "answerStatus": v.optional(v.string()), "evidenceCount": v.number(), "id": v.string(), "priority": v.optional(v.string()), "status": v.string(), "text": v.string() })), "relatedBeliefs": v.optional(v.array(v.object({ "confidence": v.optional(v.string()), "confidenceScore": v.optional(v.number()), "id": v.string(), "text": v.optional(v.string()) }))), "tasksCompleted": v.optional(v.number()), "topicId": v.optional(v.string()), "totalTasks": v.optional(v.number()), "worktreeId": v.id("worktrees") })), "epistemicOrigin": v.optional(v.string()), "evidenceReviewState": v.optional(v.object({ "evidenceGaps": v.array(v.string()), "evidenceQuestionMapping": v.optional(v.array(v.object({ "coverageNote": v.optional(v.string()), "evidenceId": v.string(), "questionIds": v.array(v.string()) }))), "existingEvidenceReviewed": v.boolean(), "reviewCompletedAt": v.optional(v.number()), "reviewCompletedBy": v.optional(v.string()), "strengthAreas": v.array(v.string()) })), "evidenceSignals": v.optional(v.array(v.object({ "collected": v.boolean(), "notes": v.optional(v.string()), "progress": v.optional(v.string()), "signal": v.string() }))), "gate": v.optional(v.string()), "generatedAt": v.optional(v.number()), "generatedBy": v.optional(v.string()), "hypothesis": v.optional(v.string()), "index": v.number(), "keyFindings": v.optional(v.array(v.string())), "keyQuestions": v.optional(v.array(v.object({ "answer": v.optional(v.string()), "answerConfidence": v.optional(v.union(v.literal("high"), v.literal("medium"), v.literal("low"))), "linkedQuestionId": v.optional(v.string()), "question": v.string(), "status": v.union(v.literal("open"), v.literal("answered"), v.literal("forked")) }))), "lane": v.optional(v.string()), "laneOrderInCampaign": v.optional(v.number()), "linkedCallIds": v.optional(v.array(v.string())), "linkedDeepResearchIds": v.optional(v.array(v.string())), "linkedDocumentIds": v.optional(v.array(v.string())), "linkedEvidenceIds": v.optional(v.array(v.string())), "linkedNewsIds": v.optional(v.array(v.string())), "linkedPrimerIds": v.optional(v.array(v.string())), "metadata": v.optional(v.any()), "name": v.string(), "nextSteps": v.optional(v.array(v.string())), "notes": v.optional(v.array(v.object({ "content": v.string(), "createdAt": v.number(), "createdBy": v.string(), "id": v.string(), "linkedBeliefId": v.optional(v.string()), "linkedQuestionId": v.optional(v.string()), "linkedTaskId": v.optional(v.string()) }))), "objective": v.string(), "orderInLane": v.optional(v.number()), "outcome": v.optional(v.object({ "confidenceChange": v.number(), "summary": v.string(), "verdict": v.union(v.literal("validated"), v.literal("invalidated"), v.literal("forked"), v.literal("inconclusive")), "whatChanged": v.string() })), "phase": v.optional(v.string()), "phaseHistory": v.optional(v.array(v.object({ "completedAt": v.optional(v.number()), "completedBy": v.optional(v.string()), "enteredAt": v.number(), "pausedAt": v.optional(v.number()), "phase": v.string(), "resumedAt": v.optional(v.number()) }))), "priority": v.optional(v.number()), "questionsCoverage": v.optional(v.object({ "clusterNodesCovered": v.number(), "coveragePercent": v.number(), "gapsIdentified": v.optional(v.array(v.string())), "totalQuestions": v.number() })), "rationale": v.optional(v.string()), "researchEfficiency": v.optional(v.object({ "clusterCoverage": v.number(), "efficiencyScore": v.number(), "questionsPerTask": v.number(), "totalTasks": v.number() })), "retrospective": v.optional(v.object({ "confidenceChange": v.number(), "lessonsLearned": v.array(v.string()), "whatDidnt": v.array(v.string()), "whatWorked": v.array(v.string()) })), "sourceProposalId": v.optional(v.string()), "startDate": v.number(), "startingConfidence": v.optional(v.object({ "beliefConfidences": v.array(v.object({ "beliefId": v.string(), "confidence": v.number() })), "overall": v.number() })), "status": v.union(v.literal("suggested"), v.literal("planning"), v.literal("active"), v.literal("paused"), v.literal("completed"), v.literal("dismissed"), v.literal("abandoned")), "synthesisState": v.optional(v.object({ "originalBeliefIds": v.array(v.string()), "synthesisComplete": v.boolean(), "synthesisCompletedAt": v.optional(v.number()), "synthesisCompletedBy": v.optional(v.string()), "synthesisRationale": v.optional(v.string()), "synthesizedBeliefIds": v.array(v.string()) })), "targetBeliefIds": v.array(v.string()), "targetBranch": v.optional(v.string()), "targetQuestionIds": v.array(v.string()), "tasks": v.optional(v.union(v.string(), v.number(), v.boolean(), v.null(), v.record(v.string(), v.any()), v.array(v.any()))), "thesisReportId": v.optional(v.string()), "topicId": v.optional(v.string()), "triggerReason": v.optional(v.string()), "updatedAt": v.optional(v.number()), "userId": v.optional(v.string()), "worktreeScope": v.optional(v.union(v.literal("belief"), v.literal("branch"))), "worktreeType": v.optional(v.string()) })).index("by_topicId", ["topicId"]).index("by_topicId_status", ["topicId", "status"]).index("by_topicId_index", ["topicId", "index"]).index("by_worktreeType", ["topicId", "worktreeType"]).index("by_topicId_priority", ["topicId", "priority"]).index("by_topicId_campaign_lane_order", ["topicId", "campaign", "laneOrderInCampaign", "orderInLane"]).index("by_topicId_lane_order", ["topicId", "lane", "orderInLane"]).index("by_topicId_branch", ["topicId", "targetBranch"]).index("by_topicId_scope", ["topicId", "worktreeScope"])
61
61
  };
62
- var IDENTITY_SCHEMA_TABLES = {
62
+ var CONTROL_PLANE_SCHEMA_TABLES = {
63
63
  "agents": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "displayName": v.optional(v.string()), "groupIds": v.optional(v.array(v.string())), "permittedPackKeys": v.optional(v.array(v.string())), "permittedToolNames": v.optional(v.array(v.string())), "principalId": v.string(), "principalType": v.literal("service"), "roles": v.array(v.string()), "slug": v.string(), "status": v.union(v.literal("active"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.string(), "updatedAt": v.number(), "workspaceId": v.string() })).index("by_slug", ["slug"]).index("by_principalId", ["principalId"]).index("by_tenantId", ["tenantId"]).index("by_status", ["status"]),
64
64
  "mcpWritePolicy": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "enabled": v.boolean(), "maxWritesPerSession": v.optional(v.number()), "permission": v.union(v.literal("allow"), v.literal("deny"), v.literal("review_required")), "rationale": v.optional(v.string()), "role": v.string(), "toolCategory": v.string(), "topicId": v.optional(v.string()), "updatedAt": v.number() })).index("by_topicId", ["topicId"]).index("by_role", ["role"]).index("by_topicId_role", ["topicId", "role"]).index("by_enabled", ["enabled"]),
65
65
  "modelCallLogs": defineTable(v.object({ "cost": v.optional(v.number()), "durationMs": v.optional(v.number()), "error": v.optional(v.string()), "inputTokens": v.optional(v.number()), "modelKey": v.string(), "outputTokens": v.optional(v.number()), "provider": v.string(), "sessionId": v.optional(v.string()), "slot": v.string(), "success": v.boolean(), "timestamp": v.number(), "traceId": v.optional(v.string()), "userId": v.optional(v.string()) })).index("by_slot", ["slot"]).index("by_model", ["modelKey"]).index("by_timestamp", ["timestamp"]).index("by_user", ["userId"]),
66
66
  "modelFunctionSlots": defineTable(v.object({ "category": v.string(), "createdAt": v.number(), "description": v.string(), "enabled": v.boolean(), "isDefault": v.boolean(), "maxTokens": v.optional(v.number()), "modelKey": v.string(), "notes": v.optional(v.string()), "promptName": v.optional(v.string()), "requiredCapabilities": v.optional(v.array(v.string())), "slot": v.string(), "temperature": v.optional(v.number()), "updatedAt": v.number() })).index("by_slot", ["slot"]).index("by_category", ["category"]).index("by_enabled", ["enabled"]),
67
67
  "modelRegistry": defineTable(v.object({ "capabilities": v.array(v.string()), "contextWindow": v.number(), "createdAt": v.number(), "defaultTemperature": v.number(), "enabled": v.boolean(), "inputCostPer1M": v.number(), "key": v.string(), "maxOutputTokens": v.number(), "modelId": v.string(), "name": v.string(), "notes": v.optional(v.string()), "outputCostPer1M": v.number(), "provider": v.string(), "recommended": v.boolean(), "updatedAt": v.number() })).index("by_key", ["key"]).index("by_provider", ["provider"]).index("by_enabled", ["enabled"]),
68
68
  "modelSlotConfigs": defineTable(v.object({ "createdAt": v.number(), "enabled": v.boolean(), "maxTokens": v.optional(v.number()), "modelKey": v.string(), "notes": v.optional(v.string()), "slot": v.string(), "temperature": v.optional(v.number()), "updatedAt": v.number() })).index("by_slot", ["slot"]),
69
+ "permitAccessReviewItems": defineTable(v.object({ "createdAt": v.number(), "decisionAt": v.optional(v.number()), "itemKey": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "rationale": v.optional(v.string()), "relation": v.optional(v.string()), "resourceKey": v.optional(v.string()), "resourceType": v.optional(v.string()), "reviewerId": v.optional(v.string()), "reviewKey": v.string(), "role": v.optional(v.string()), "status": v.union(v.literal("open"), v.literal("approved"), v.literal("revoked"), v.literal("changed"), v.literal("deferred")), "subjectId": v.string(), "subjectType": v.union(v.literal("principal"), v.literal("group"), v.literal("role_assignment"), v.literal("resource_instance")), "tenantId": v.string(), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_reviewKey", ["reviewKey"]).index("by_tenant_reviewKey", ["tenantId", "reviewKey"]).index("by_tenant_itemKey", ["tenantId", "itemKey"]).index("by_subject", ["subjectType", "subjectId"]).index("by_status", ["status"]),
70
+ "permitAccessReviews": defineTable(v.object({ "createdAt": v.number(), "dueAt": v.optional(v.number()), "justification": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "outcome": v.optional(v.union(v.literal("allow"), v.literal("deny"))), "policyBundleId": v.optional(v.string()), "rationale": v.optional(v.string()), "requestedAt": v.number(), "requestedBy": v.string(), "resourceKey": v.optional(v.string()), "resourceType": v.optional(v.string()), "reviewedAt": v.optional(v.number()), "reviewedBy": v.optional(v.string()), "reviewKey": v.string(), "scope": v.union(v.literal("tenant"), v.literal("workspace"), v.literal("resource_instance"), v.literal("group"), v.literal("principal"), v.literal("api_key"), v.literal("admin_action")), "status": v.union(v.literal("open"), v.literal("in_progress"), v.literal("approved"), v.literal("denied"), v.literal("expired"), v.literal("cancelled")), "subjectId": v.string(), "subjectType": v.union(v.literal("principal"), v.literal("group"), v.literal("role_assignment"), v.literal("resource_instance")), "tenantId": v.string(), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_tenant_status", ["tenantId", "status"]).index("by_tenant_reviewKey", ["tenantId", "reviewKey"]).index("by_subject", ["subjectType", "subjectId"]).index("by_tenant_subject", ["tenantId", "subjectType", "subjectId"]).index("by_outcome", ["outcome"]).index("by_workspace_status", ["workspaceId", "status"]),
71
+ "permitAttributeBindings": defineTable(v.object({ "attributeName": v.string(), "attributeOperator": v.union(v.literal("eq"), v.literal("neq"), v.literal("in"), v.literal("not_in"), v.literal("gt"), v.literal("gte"), v.literal("lt"), v.literal("lte"), v.literal("contains"), v.literal("not_contains"), v.literal("matches")), "attributeType": v.union(v.literal("string"), v.literal("number"), v.literal("bool"), v.literal("json"), v.literal("time")), "attributeValue": v.any(), "createdAt": v.number(), "createdBy": v.string(), "expiresAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "source": v.optional(v.string()), "sourceRef": v.optional(v.string()), "status": v.union(v.literal("queued"), v.literal("inflight"), v.literal("completed"), v.literal("failed"), v.literal("skipped"), v.literal("stale")), "targetId": v.string(), "targetType": v.union(v.literal("principal"), v.literal("group")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenant_target", ["tenantId", "targetType", "targetId"]).index("by_tenant_target_attribute", ["tenantId", "targetType", "targetId", "attributeName"]).index("by_tenant_name", ["tenantId", "attributeName"]).index("by_tenant_status", ["tenantId", "status"]),
72
+ "permitGroupMemberships": defineTable(v.object({ "addedBy": v.optional(v.string()), "childGroupId": v.optional(v.string()), "createdAt": v.number(), "expiresAt": v.optional(v.number()), "groupId": v.string(), "memberId": v.string(), "memberType": v.union(v.literal("principal"), v.literal("group")), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.optional(v.string()), "revocationReason": v.optional(v.string()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenant_principal", ["tenantId", "principalId"]).index("by_tenant_member", ["tenantId", "memberType", "memberId"]).index("by_tenant_member_group", ["tenantId", "memberType", "memberId", "groupId"]).index("by_tenant_group", ["tenantId", "groupId"]).index("by_member_group", ["memberType", "memberId", "groupId"]).index("by_tenant_status", ["tenantId", "status"]).index("by_workspace_principal", ["workspaceId", "principalId"]),
73
+ "permitGroups": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "description": v.optional(v.string()), "groupId": v.string(), "groupKey": v.string(), "groupName": v.string(), "groupType": v.union(v.literal("tenant"), v.literal("workspace"), v.literal("external"), v.literal("system"), v.literal("dynamic")), "metadata": v.optional(v.record(v.string(), v.any())), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_groupId", ["tenantId", "groupId"]).index("by_tenant_groupKey", ["tenantId", "groupKey"]).index("by_tenant_status", ["tenantId", "status"]),
74
+ "permitPolicyBundles": defineTable(v.object({ "bundleKey": v.string(), "createdAt": v.number(), "createdBy": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "policyHash": v.optional(v.string()), "policyPayload": v.record(v.string(), v.any()), "retiredAt": v.optional(v.number()), "reviewedBy": v.optional(v.string()), "status": v.union(v.literal("draft"), v.literal("validated"), v.literal("enforced"), v.literal("archived")), "tenantId": v.string(), "updatedAt": v.number(), "version": v.number(), "workspaceId": v.optional(v.string()) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_bundleKey", ["tenantId", "bundleKey"]).index("by_tenant_bundle_version", ["tenantId", "bundleKey", "version"]).index("by_tenant_status", ["tenantId", "status"]),
75
+ "permitPolicyDecisionReceipts": defineTable(v.object({ "action": v.string(), "audienceClass": v.optional(v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public"))), "audienceKey": v.optional(v.string()), "audienceMode": v.optional(v.string()), "createdAt": v.number(), "createdBy": v.optional(v.string()), "decision": v.union(v.literal("allow"), v.literal("deny")), "expiresAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "policyBundleId": v.optional(v.string()), "policyVersion": v.string(), "principalId": v.string(), "reasonCode": v.string(), "requestId": v.optional(v.string()), "resourceId": v.string(), "resourceType": v.string(), "subjectId": v.optional(v.string()), "subjectType": v.optional(v.union(v.literal("principal"), v.literal("group"), v.literal("role_assignment"), v.literal("resource_instance"))), "tenantId": v.optional(v.string()), "traceId": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_principal_createdAt", ["principalId", "createdAt"]).index("by_tenant_createdAt", ["tenantId", "createdAt"]).index("by_resource", ["resourceType", "resourceId"]).index("by_decision_createdAt", ["decision", "createdAt"]).index("by_traceId", ["traceId"]).index("by_action", ["action"]),
76
+ "permitPrincipalAliases": defineTable(v.object({ "alias": v.string(), "aliasKind": v.string(), "createdAt": v.number(), "createdBy": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.string(), "provider": v.string(), "providerProjectId": v.optional(v.string()), "providerSubjectId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_principalId", ["principalId"]).index("by_tenant_provider_subject", ["tenantId", "provider", "providerSubjectId"]).index("by_tenant_provider_alias", ["tenantId", "provider", "alias"]).index("by_tenant_alias", ["tenantId", "alias"]).index("by_tenant_provider_status", ["tenantId", "provider", "status"]),
77
+ "permitPrincipals": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "displayName": v.optional(v.string()), "lastSeenAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.string(), "principalType": v.union(v.literal("human"), v.literal("agent"), v.literal("service_principal"), v.literal("external_stakeholder"), v.literal("system")), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_principalId", ["tenantId", "principalId"]).index("by_tenant_status", ["tenantId", "status"]).index("by_tenant_principalType_status", ["tenantId", "principalType", "status"]),
78
+ "permitProjectionOutbox": defineTable(v.object({ "attemptCount": v.number(), "createdAt": v.number(), "lastError": v.optional(v.string()), "lastHandledAt": v.optional(v.number()), "nextAttemptAt": v.optional(v.number()), "objectId": v.string(), "objectType": v.union(v.literal("resource"), v.literal("role"), v.literal("resource_role"), v.literal("resource_relation"), v.literal("tenant"), v.literal("workspace"), v.literal("principal"), v.literal("membership"), v.literal("group"), v.literal("resource_instance"), v.literal("relationship_tuple"), v.literal("role_assignment")), "operation": v.union(v.literal("upsert"), v.literal("delete"), v.literal("sync"), v.literal("resync"), v.literal("delete_sync"), v.literal("noop")), "payload": v.record(v.string(), v.any()), "permitResourceKey": v.optional(v.string()), "permitResourceType": v.optional(v.string()), "permitTenantKey": v.optional(v.string()), "principalId": v.optional(v.string()), "status": v.union(v.literal("queued"), v.literal("inflight"), v.literal("completed"), v.literal("failed"), v.literal("skipped"), v.literal("stale")), "syncKey": v.string(), "tenantId": v.optional(v.string()), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_syncKey", ["syncKey"]).index("by_status", ["status"]).index("by_tenantId", ["tenantId"]).index("by_tenant_status", ["tenantId", "status"]).index("by_objectType", ["objectType", "status"]),
79
+ "permitRelationshipTuples": defineTable(v.object({ "attributes": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "createdBy": v.string(), "lastSeenAt": v.optional(v.number()), "object": v.string(), "relation": v.string(), "resourceKey": v.optional(v.string()), "resourceType": v.optional(v.string()), "status": v.union(v.literal("queued"), v.literal("inflight"), v.literal("completed"), v.literal("failed"), v.literal("skipped"), v.literal("stale")), "subject": v.string(), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenant_subject", ["tenantId", "subject"]).index("by_tenant_object", ["tenantId", "object"]).index("by_tenant_relation", ["tenantId", "relation"]).index("by_tenant_relation_subject", ["tenantId", "relation", "subject"]).index("by_tenant_status", ["tenantId", "status"]),
80
+ "permitResourceInstances": defineTable(v.object({ "attributes": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "createdBy": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "ownerPrincipalId": v.optional(v.string()), "resourceId": v.string(), "resourceKey": v.string(), "resourceType": v.string(), "status": v.union(v.literal("active"), v.literal("deleted"), v.literal("archived")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenant_resource_type", ["tenantId", "resourceType"]).index("by_tenant_resource_key", ["tenantId", "resourceType", "resourceKey"]).index("by_workspaceId", ["workspaceId"]).index("by_status", ["status"]).index("by_tenant_status", ["tenantId", "status"]).index("by_ownerPrincipalId", ["ownerPrincipalId"]),
81
+ "permitRoleAssignments": defineTable(v.object({ "attributes": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "expiresAt": v.optional(v.number()), "grantedBy": v.optional(v.string()), "resourceInstanceId": v.optional(v.string()), "resourceKey": v.string(), "resourceType": v.string(), "revokedBy": v.optional(v.string()), "role": v.string(), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked"), v.literal("suspended"), v.literal("disabled")), "targetId": v.string(), "targetType": v.union(v.literal("principal"), v.literal("group")), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenant_target", ["tenantId", "targetType", "targetId"]).index("by_tenant_resource", ["tenantId", "resourceType", "resourceKey"]).index("by_tenant_role", ["tenantId", "role", "status"]).index("by_status", ["status"]).index("by_workspace_resource", ["workspaceId", "resourceType", "resourceKey"]),
69
82
  "platformAudienceGrants": defineTable(v.object({ "audienceClass": v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public")), "audienceKey": v.string(), "createdAt": v.number(), "expiresAt": v.optional(v.number()), "grantedBy": v.optional(v.string()), "groupId": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked"), v.literal("expired")), "tenantId": v.string(), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_tenant_principal", ["tenantId", "principalId"]).index("by_tenant_group", ["tenantId", "groupId"]).index("by_tenant_audienceKey", ["tenantId", "audienceKey"]).index("by_principal_status", ["principalId", "status"]).index("by_group_status", ["groupId", "status"]),
70
83
  "platformAudiences": defineTable(v.object({ "audienceClass": v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public")), "audienceKey": v.string(), "audienceLabel": v.string(), "createdAt": v.number(), "createdBy": v.optional(v.string()), "description": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "status": v.union(v.literal("active"), v.literal("disabled"), v.literal("archived")), "tenantId": v.string(), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_audienceKey", ["tenantId", "audienceKey"]).index("by_tenant_workspace_audienceKey", ["tenantId", "workspaceId", "audienceKey"]).index("by_tenant_status", ["tenantId", "status"]),
71
84
  "platformPolicyDecisionLogs": defineTable(v.object({ "action": v.union(v.literal("read"), v.literal("summarize"), v.literal("export"), v.literal("mutate"), v.literal("admin"), v.literal("comment"), v.literal("escalate"), v.literal("resolve"), v.literal("vote")), "audienceClass": v.optional(v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public"))), "audienceKey": v.optional(v.string()), "audienceMode": v.optional(v.string()), "createdAt": v.number(), "decision": v.union(v.literal("allow"), v.literal("deny")), "metadata": v.optional(v.record(v.string(), v.any())), "packKey": v.optional(v.string()), "policyBundleId": v.optional(v.string()), "policyVersion": v.string(), "principalId": v.string(), "reasonCode": v.string(), "resourceId": v.string(), "resourceType": v.string(), "tenantId": v.optional(v.string()), "topicId": v.optional(v.string()), "traceId": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_principal_createdAt", ["principalId", "createdAt"]).index("by_tenant_createdAt", ["tenantId", "createdAt"]).index("by_pack_createdAt", ["packKey", "createdAt"]).index("by_audienceKey_createdAt", ["audienceKey", "createdAt"]).index("by_audienceClass_createdAt", ["audienceClass", "createdAt"]).index("by_decision_createdAt", ["decision", "createdAt"]).index("by_traceId", ["traceId"]).index("by_topicId", ["topicId"]).index("by_topic_createdAt", ["topicId", "createdAt"]),
@@ -75,6 +88,7 @@ var IDENTITY_SCHEMA_TABLES = {
75
88
  "tenantConfig": defineTable(v.object({ "authPolicyMode": v.union(v.literal("open"), v.literal("invite_only"), v.literal("sso_required")), "defaultModelSlotOverrides": v.record(v.string(), v.string()), "defaultSessionTTL": v.number(), "defaultTopicVisibility": v.union(v.literal("private"), v.literal("tenant"), v.literal("public")), "featureFlags": v.record(v.string(), v.boolean()), "maxWorkspaceCount": v.number(), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.string() })).index("by_tenantId", ["tenantId"]),
76
89
  "tenantIntegrations": defineTable(v.object({ "capabilities": v.array(v.union(v.literal("search"), v.literal("deep_research"), v.literal("scrape"), v.literal("summarize"), v.literal("generate"))), "category": v.union(v.literal("search"), v.literal("scraper"), v.literal("llm"), v.literal("analysis"), v.literal("custom")), "config": v.object({ "apiBaseUrl": v.string(), "authHeaderName": v.optional(v.string()), "authType": v.union(v.literal("api_key"), v.literal("bearer"), v.literal("basic"), v.literal("none")), "credentialSecretName": v.optional(v.string()), "customHeaders": v.optional(v.record(v.string(), v.any())), "defaultParams": v.optional(v.record(v.string(), v.any())), "timeout": v.optional(v.number()) }), "createdAt": v.number(), "createdBy": v.optional(v.string()), "description": v.optional(v.string()), "displayName": v.string(), "endpoints": v.optional(v.object({ "deepResearch": v.optional(v.object({ "async": v.optional(v.boolean()), "method": v.optional(v.string()), "path": v.string(), "pollIntervalMs": v.optional(v.number()), "pollPath": v.optional(v.string()), "resultPath": v.optional(v.string()) })), "scrape": v.optional(v.object({ "method": v.optional(v.string()), "path": v.string(), "resultPath": v.optional(v.string()) })), "search": v.optional(v.object({ "method": v.optional(v.string()), "path": v.string(), "queryParamName": v.optional(v.string()), "resultPath": v.optional(v.string()) })) })), "integrationKey": v.string(), "lastError": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "status": v.union(v.literal("active"), v.literal("disabled"), v.literal("error")), "tenantId": v.string(), "updatedAt": v.number(), "usageCount": v.optional(v.number()) })).index("by_tenant", ["tenantId"]).index("by_tenant_key", ["tenantId", "integrationKey"]).index("by_tenant_status", ["tenantId", "status"]),
77
90
  "tenantModelSlotBindings": defineTable(v.object({ "bindingId": v.string(), "createdAt": v.number(), "createdBy": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlotId": v.string(), "passThroughOnly": v.boolean(), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.string(), "updatedAt": v.number() })).index("by_bindingId", ["bindingId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_slot", ["tenantId", "modelSlotId"]).index("by_tenant_provider_slot", ["tenantId", "providerId", "modelSlotId"]).index("by_secretRef", ["secretRef"]).index("by_status", ["status"]),
91
+ "tenantPermitSyncStates": defineTable(v.object({ "attemptCount": v.number(), "createdAt": v.number(), "createdBy": v.string(), "desiredPayload": v.record(v.string(), v.any()), "lastAppliedPayloadHash": v.optional(v.string()), "lastError": v.optional(v.string()), "lastSyncedAt": v.optional(v.number()), "nextAttemptAt": v.optional(v.number()), "objectId": v.string(), "objectType": v.union(v.literal("resource"), v.literal("role"), v.literal("resource_role"), v.literal("resource_relation"), v.literal("tenant"), v.literal("workspace"), v.literal("principal"), v.literal("membership"), v.literal("group"), v.literal("resource_instance"), v.literal("relationship_tuple"), v.literal("role_assignment")), "permitResourceKey": v.optional(v.string()), "permitResourceType": v.optional(v.string()), "permitTenantKey": v.optional(v.string()), "principalId": v.optional(v.string()), "status": v.union(v.literal("pending"), v.literal("synced"), v.literal("error"), v.literal("skipped")), "syncKey": v.string(), "tenantId": v.optional(v.string()), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_syncKey", ["syncKey"]).index("by_status", ["status"]).index("by_tenant_status", ["tenantId", "status"]).index("by_workspace_status", ["workspaceId", "status"]).index("by_principal_status", ["principalId", "status"]),
78
92
  "tenantPolicies": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "description": v.optional(v.string()), "groupBindings": v.array(v.string()), "permissions": v.array(v.object({ "actions": v.array(v.string()), "resource": v.string() })), "roleName": v.string(), "tenantId": v.string(), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.string()) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_roleName", ["tenantId", "roleName"]),
79
93
  "tenantProviderSecrets": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "encryptedSecret": v.string(), "encryptionVersion": v.string(), "keyHint": v.string(), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromSecretRef": v.optional(v.string()), "secretFingerprint": v.string(), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("rotated"), v.literal("revoked")), "tenantId": v.string(), "updatedAt": v.number() })).index("by_secretRef", ["secretRef"]).index("by_tenantId", ["tenantId"]).index("by_tenant_provider", ["tenantId", "providerId"]).index("by_tenant_provider_status", ["tenantId", "providerId", "status"]).index("by_status", ["status"]),
80
94
  "tenantProxyGatewayUsage": defineTable(v.object({ "createdAt": v.number(), "estimatedCostUsd": v.optional(v.number()), "failureCode": v.optional(v.string()), "inputTokens": v.optional(v.number()), "latencyMs": v.number(), "metadata": v.optional(v.record(v.string(), v.any())), "modelId": v.optional(v.string()), "modelSlotId": v.string(), "outputTokens": v.optional(v.number()), "principalId": v.string(), "providerId": v.string(), "proxyTokenId": v.string(), "requestPath": v.string(), "responseStatus": v.optional(v.number()), "secretRef": v.string(), "sessionId": v.string(), "status": v.union(v.literal("success"), v.literal("error")), "tenantId": v.string(), "tokenCount": v.optional(v.number()), "updatedAt": v.number(), "usageId": v.string(), "workspaceId": v.optional(v.string()) })).index("by_usageId", ["usageId"]).index("by_tenantId", ["tenantId", "createdAt"]).index("by_tenant_provider", ["tenantId", "providerId", "createdAt"]).index("by_proxyTokenId", ["proxyTokenId", "createdAt"]),
@@ -87,17 +101,19 @@ var IDENTITY_SCHEMA_TABLES = {
87
101
  };
88
102
  var MC_SCHEMA_TABLES = {
89
103
  "agentRegistryEntries": defineTable(v.object({ "agentDefinitionId": v.string(), "agentKey": v.string(), "createdAt": v.number(), "createdBy": v.string(), "description": v.string(), "displayName": v.string(), "exampleInvocations": v.array(v.object({ "expectedOutput": v.optional(v.record(v.string(), v.any())), "input": v.record(v.string(), v.any()) })), "executionAdapter": v.union(v.literal("convex_mutation"), v.literal("convex_action"), v.literal("http_callback"), v.literal("mcp_tool"), v.literal("sdk_invocation"), v.literal("external_observed")), "guardrails": v.optional(v.object({ "allowedOrigins": v.optional(v.array(v.string())), "allowNetworkEgress": v.optional(v.boolean()), "heartbeatIntervalMs": v.optional(v.number()), "isolationMode": v.optional(v.union(v.literal("direct"), v.literal("sandbox"))), "maxExecutionMs": v.optional(v.number()), "maxToolCalls": v.optional(v.number()) })), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlot": v.optional(v.string()), "outputSchema": v.optional(v.record(v.string(), v.any())), "parameterSchema": v.record(v.string(), v.any()), "promptName": v.optional(v.string()), "promptReleaseChannel": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "requiredModelCapabilities": v.optional(v.array(v.string())), "runtimeConfig": v.optional(v.object({ "auditMode": v.optional(v.union(v.literal("harness"), v.literal("master_control"))), "callbackUrl": v.optional(v.string()), "entryPoint": v.optional(v.string()), "modelRouting": v.optional(v.union(v.literal("model_machine"), v.literal("tenant_proxy"), v.literal("bring_your_own"))) })), "scopeRequirements": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("deprecated"), v.literal("disabled")), "systemPrompt": v.optional(v.string()), "tenantId": v.id("tenants"), "toolIds": v.optional(v.array(v.string())), "updatedAt": v.number(), "version": v.string(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_agentDefinitionId", ["agentDefinitionId"]).index("by_tenant_agentDefinitionId", ["tenantId", "agentDefinitionId"]).index("by_tenant_agentDefinitionId_version", ["tenantId", "agentDefinitionId", "version"]).index("by_tenant_agentKey", ["tenantId", "agentKey"]).index("by_tenant_agentKey_version", ["tenantId", "agentKey", "version"]).index("by_workspace_agentKey_version", ["workspaceId", "agentKey", "version"]).index("by_tenant_status", ["tenantId", "status"]),
90
- "apiKeys": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "expiresAt": v.optional(v.number()), "keyHash": v.string(), "keyHint": v.string(), "keyPrefix": v.union(v.literal("luc"), v.literal("stk")), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked"), v.literal("expired")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_tenantId", ["tenantId"]).index("by_keyHash", ["keyHash"]).index("by_tenant_prefix", ["tenantId", "keyPrefix"]).index("by_status", ["status"]),
91
- "auditLog": defineTable(v.object({ "action": v.union(v.literal("key_created"), v.literal("key_revoked"), v.literal("key_expired"), v.literal("key_used"), v.literal("tenant_secret_created"), v.literal("tenant_secret_rotated"), v.literal("tenant_secret_revoked"), v.literal("tenant_slot_binding_upserted"), v.literal("tenant_slot_binding_revoked"), v.literal("proxy_token_minted"), v.literal("proxy_request_recorded"), v.literal("tenant_created"), v.literal("tenant_updated"), v.literal("tenant_suspended"), v.literal("tenant_archived"), v.literal("tenant_reactivated"), v.literal("principal_created"), v.literal("principal_updated"), v.literal("principal_suspended"), v.literal("membership_created"), v.literal("membership_updated"), v.literal("membership_revoked"), v.literal("group_created"), v.literal("group_updated"), v.literal("group_deleted"), v.literal("group_member_added"), v.literal("group_member_removed"), v.literal("workspace_created"), v.literal("workspace_updated"), v.literal("workspace_archived"), v.literal("workspace_deployment_set"), v.literal("workspace_deployment_removed"), v.literal("service_key_created"), v.literal("service_key_rotated"), v.literal("service_key_revoked"), v.literal("service_key_used"), v.literal("service_key_auth_failed"), v.literal("session_created"), v.literal("session_validated"), v.literal("session_revoked"), v.literal("session_cascade_revoked"), v.literal("session_expired"), v.literal("sandbox_created"), v.literal("sandbox_secret_injected"), v.literal("sandbox_execution_started"), v.literal("sandbox_execution_completed"), v.literal("sandbox_limit_violated"), v.literal("policy_created"), v.literal("policy_updated"), v.literal("policy_enforced"), v.literal("policy_archived"), v.literal("agent_registered"), v.literal("agent_updated"), v.literal("tool_registered"), v.literal("tool_updated"), v.literal("pack_entitled"), v.literal("pack_installed"), v.literal("pack_enabled"), v.literal("pack_disabled"), v.literal("pack_entitlement_revoked"), v.literal("pack_upgraded"), v.literal("pack_upgrade_committed"), v.literal("pack_upgrade_rolled_back"), v.literal("pack_group_assigned"), v.literal("pack_group_unassigned"), v.literal("methodology_pack_created"), v.literal("methodology_pack_updated"), v.literal("methodology_pack_assigned"), v.literal("methodology_pack_removed"), v.literal("pack_assigned_to_group"), v.literal("pack_revoked_from_group"), v.literal("pack_ontology_materialized"), v.literal("pack_ontology_topic_bound"), v.literal("cutover_flag_set"), v.literal("cutover_flag_cleared")), "actorClerkId": v.string(), "apiKeyId": v.optional(v.id("apiKeys")), "createdAt": v.number(), "details": v.optional(v.any()), "tenantId": v.optional(v.id("tenants")) })).index("by_tenantId", ["tenantId", "createdAt"]).index("by_apiKeyId", ["apiKeyId", "createdAt"]).index("by_action", ["action", "createdAt"]),
104
+ "apiKeys": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "expiresAt": v.optional(v.number()), "keyHash": v.string(), "keyHint": v.string(), "keyPrefix": v.union(v.literal("luc"), v.literal("stk")), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked"), v.literal("expired")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_tenantId", ["tenantId"]).index("by_keyHash", ["keyHash"]).index("by_tenant_prefix", ["tenantId", "keyPrefix"]).index("by_status", ["status"]),
105
+ "auditLog": defineTable(v.object({ "action": v.union(v.literal("key_created"), v.literal("key_revoked"), v.literal("key_expired"), v.literal("key_used"), v.literal("tenant_secret_created"), v.literal("tenant_secret_rotated"), v.literal("tenant_secret_revoked"), v.literal("tenant_slot_binding_upserted"), v.literal("tenant_slot_binding_revoked"), v.literal("proxy_token_minted"), v.literal("proxy_token_lease_issued"), v.literal("proxy_token_lease_renewed"), v.literal("proxy_token_lease_revoked"), v.literal("proxy_request_recorded"), v.literal("tenant_created"), v.literal("tenant_updated"), v.literal("tenant_suspended"), v.literal("tenant_archived"), v.literal("tenant_reactivated"), v.literal("principal_created"), v.literal("principal_updated"), v.literal("principal_suspended"), v.literal("principal_identity_alias_upserted"), v.literal("principal_identity_alias_revoked"), v.literal("membership_created"), v.literal("membership_updated"), v.literal("membership_revoked"), v.literal("group_created"), v.literal("group_updated"), v.literal("group_deleted"), v.literal("group_member_added"), v.literal("group_member_removed"), v.literal("workspace_created"), v.literal("workspace_updated"), v.literal("workspace_archived"), v.literal("workspace_deployment_set"), v.literal("workspace_deployment_removed"), v.literal("deployment_host_registered"), v.literal("deployment_host_revoked"), v.literal("service_key_created"), v.literal("service_key_rotated"), v.literal("service_key_revoked"), v.literal("service_key_used"), v.literal("service_key_auth_failed"), v.literal("session_created"), v.literal("session_validated"), v.literal("session_revoked"), v.literal("session_cascade_revoked"), v.literal("session_expired"), v.literal("sandbox_created"), v.literal("sandbox_secret_injected"), v.literal("sandbox_execution_started"), v.literal("sandbox_execution_completed"), v.literal("sandbox_limit_violated"), v.literal("policy_created"), v.literal("policy_updated"), v.literal("policy_enforced"), v.literal("policy_archived"), v.literal("permit_sync_enqueued"), v.literal("permit_sync_succeeded"), v.literal("permit_sync_failed"), v.literal("permit_sync_skipped"), v.literal("agent_registered"), v.literal("agent_updated"), v.literal("tool_registered"), v.literal("tool_updated"), v.literal("pack_entitled"), v.literal("pack_installed"), v.literal("pack_enabled"), v.literal("pack_disabled"), v.literal("pack_entitlement_revoked"), v.literal("pack_upgraded"), v.literal("pack_upgrade_committed"), v.literal("pack_upgrade_rolled_back"), v.literal("pack_group_assigned"), v.literal("pack_group_unassigned"), v.literal("methodology_pack_created"), v.literal("methodology_pack_updated"), v.literal("methodology_pack_assigned"), v.literal("methodology_pack_removed"), v.literal("pack_assigned_to_group"), v.literal("pack_revoked_from_group"), v.literal("pack_ontology_materialized"), v.literal("pack_ontology_topic_bound"), v.literal("cutover_flag_set"), v.literal("cutover_flag_cleared")), "actorClerkId": v.string(), "apiKeyId": v.optional(v.id("apiKeys")), "createdAt": v.number(), "details": v.optional(v.any()), "tenantId": v.optional(v.id("tenants")) })).index("by_tenantId", ["tenantId", "createdAt"]).index("by_apiKeyId", ["apiKeyId", "createdAt"]).index("by_action", ["action", "createdAt"]),
92
106
  "compatibilityShims": defineTable(v.object({ "bridgeTarget": v.object({ "harnessPath": v.string(), "legacyPath": v.string(), "type": v.union(v.literal("tool"), v.literal("agent")) }), "bridgeType": v.union(v.literal("tool"), v.literal("agent")), "createdAt": v.string(), "description": v.string(), "gateId": v.string(), "lastAuditedAt": v.number(), "metadata": v.optional(v.record(v.string(), v.any())), "owner": v.string(), "producesLedgerEntries": v.boolean(), "removalDate": v.string(), "removalPriority": v.union(v.literal("P1"), v.literal("P2"), v.literal("P3")), "shimBehavior": v.union(v.literal("passthrough_with_logging"), v.literal("adapter"), v.literal("feature_flag_gate")), "shimId": v.string(), "status": v.union(v.literal("active"), v.literal("overdue"), v.literal("removed")) })).index("by_shimId", ["shimId"]).index("by_status", ["status"]).index("by_bridgeType_status", ["bridgeType", "status"]),
93
- "controlPlaneTenantModelSlotBindings": defineTable(v.object({ "bindingId": v.string(), "createdAt": v.number(), "createdBy": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlotId": v.string(), "passThroughOnly": v.boolean(), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_bindingId", ["bindingId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_slot", ["tenantId", "modelSlotId"]).index("by_tenant_provider_slot", ["tenantId", "providerId", "modelSlotId"]).index("by_secretRef", ["secretRef"]).index("by_status", ["status"]),
94
- "controlPlaneTenantProviderSecrets": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "encryptedSecret": v.string(), "encryptionVersion": v.string(), "keyHint": v.string(), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromSecretRef": v.optional(v.string()), "secretFingerprint": v.string(), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_secretRef", ["secretRef"]).index("by_tenantId", ["tenantId"]).index("by_tenant_provider", ["tenantId", "providerId"]).index("by_tenant_provider_status", ["tenantId", "providerId", "status"]).index("by_status", ["status"]),
107
+ "controlPlaneTenantModelSlotBindings": defineTable(v.object({ "bindingId": v.string(), "createdAt": v.number(), "createdBy": v.string(), "environment": v.optional(v.union(v.literal("dev"), v.literal("staging"), v.literal("prod"))), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlotId": v.string(), "passThroughOnly": v.boolean(), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_bindingId", ["bindingId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_slot", ["tenantId", "modelSlotId"]).index("by_tenant_provider_slot", ["tenantId", "providerId", "modelSlotId"]).index("by_secretRef", ["secretRef"]).index("by_status", ["status"]),
108
+ "controlPlaneTenantProviderSecrets": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "encryptedSecret": v.optional(v.string()), "encryptionVersion": v.string(), "environment": v.optional(v.union(v.literal("dev"), v.literal("staging"), v.literal("prod"))), "infisicalPath": v.optional(v.string()), "infisicalProjectId": v.optional(v.string()), "infisicalSecretKey": v.optional(v.string()), "keyHint": v.string(), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromSecretRef": v.optional(v.string()), "secretFingerprint": v.string(), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_secretRef", ["secretRef"]).index("by_tenantId", ["tenantId"]).index("by_tenant_provider", ["tenantId", "providerId"]).index("by_tenant_provider_status", ["tenantId", "providerId", "status"]).index("by_status", ["status"]),
95
109
  "controlPlaneTenantProxyGatewayUsage": defineTable(v.object({ "createdAt": v.number(), "estimatedCostUsd": v.optional(v.number()), "failureCode": v.optional(v.string()), "inputTokens": v.optional(v.number()), "latencyMs": v.number(), "metadata": v.optional(v.record(v.string(), v.any())), "modelId": v.optional(v.string()), "modelSlotId": v.string(), "outputTokens": v.optional(v.number()), "principalId": v.string(), "providerId": v.string(), "proxyTokenId": v.string(), "requestPath": v.string(), "responseStatus": v.optional(v.number()), "secretRef": v.string(), "sessionId": v.string(), "status": v.union(v.literal("success"), v.literal("error")), "tenantId": v.id("tenants"), "tokenCount": v.optional(v.number()), "updatedAt": v.number(), "usageId": v.string(), "workspaceId": v.optional(v.string()) })).index("by_usageId", ["usageId"]).index("by_tenantId", ["tenantId", "createdAt"]).index("by_tenant_provider", ["tenantId", "providerId", "createdAt"]).index("by_proxyTokenId", ["proxyTokenId", "createdAt"]).index("by_sessionId", ["sessionId", "createdAt"]),
110
+ "controlPlaneTenantProxyTokenLeases": defineTable(v.object({ "agentSessionId": v.optional(v.string()), "bindingId": v.string(), "createdAt": v.number(), "environment": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "expiresAt": v.number(), "leaseId": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlotId": v.string(), "permitDecisionLogId": v.optional(v.id("policyDecisionLogs")), "permitTraceId": v.optional(v.string()), "principalId": v.string(), "providerId": v.string(), "proxyTokenId": v.string(), "renewedAt": v.optional(v.number()), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "revokeReason": v.optional(v.string()), "secretRef": v.string(), "sessionId": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_leaseId", ["leaseId"]).index("by_proxyTokenId", ["proxyTokenId"]).index("by_tenantId", ["tenantId", "createdAt"]).index("by_sessionId", ["sessionId", "createdAt"]).index("by_principalId", ["principalId", "createdAt"]).index("by_status_expiresAt", ["status", "expiresAt"]),
96
111
  "controlPlaneToolAcls": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "role": v.string(), "tenantId": v.id("tenants"), "toolName": v.string(), "updatedAt": v.number() })).index("by_tenant_role", ["tenantId", "role"]).index("by_tenant_toolName", ["tenantId", "toolName"]),
97
112
  "cutoverFlags": defineTable(v.object({ "createdAt": v.number(), "domain": v.union(v.literal("graph"), v.literal("schema"), v.literal("identity"), v.literal("policy"), v.literal("audit"), v.literal("admin"), v.literal("agent"), v.literal("tool"), v.literal("prompt"), v.literal("intelligence")), "metadata": v.optional(v.record(v.string(), v.any())), "state": v.union(v.literal("legacy"), v.literal("cutover"), v.literal("disabled")), "updatedAt": v.number(), "updatedBy": v.string() })).index("by_domain", ["domain"]).index("by_state", ["state"]),
113
+ "deploymentHosts": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "deploymentName": v.optional(v.string()), "deploymentUrl": v.optional(v.string()), "environment": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "host": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "source": v.union(v.literal("vercel_preview"), v.literal("vercel_production"), v.literal("vercel_custom_environment"), v.literal("custom_domain"), v.literal("manual")), "status": v.union(v.literal("active"), v.literal("revoked")), "target": v.union(v.literal("kernelDeployment"), v.literal("appDeployment")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "vercelEnvironment": v.optional(v.union(v.literal("development"), v.literal("preview"), v.literal("staging"), v.literal("production"))), "vercelProjectId": v.optional(v.string()), "vercelProjectName": v.optional(v.string()), "workspaceId": v.id("workspaces") })).index("by_host", ["host"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace_environment", ["tenantId", "workspaceId", "environment"]).index("by_workspace_status", ["workspaceId", "status"]).index("by_status", ["status"]),
98
114
  "groupMemberships": defineTable(v.object({ "addedBy": v.optional(v.string()), "createdAt": v.number(), "groupId": v.id("groups"), "principalId": v.string(), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_groupId", ["groupId"]).index("by_principalId", ["principalId"]).index("by_principal_group", ["principalId", "groupId"]).index("by_status", ["status"]),
99
115
  "groups": defineTable(v.object({ "createdAt": v.number(), "description": v.optional(v.string()), "groupKey": v.string(), "groupType": v.union(v.literal("internal"), v.literal("external"), v.literal("system")), "metadata": v.optional(v.record(v.string(), v.any())), "name": v.string(), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenantId_groupKey", ["tenantId", "groupKey"]),
100
- "memberships": defineTable(v.object({ "createdAt": v.number(), "grantedBy": v.optional(v.string()), "principalId": v.string(), "principalRefId": v.optional(v.id("principals")), "role": v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent")), "source": v.union(v.literal("manual"), v.literal("sso"), v.literal("bootstrap"), v.literal("api"), v.literal("scim")), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principalId", ["principalId"]).index("by_principal_tenant", ["principalId", "tenantId"]).index("by_workspace_principal", ["workspaceId", "principalId"]).index("by_tenant_role", ["tenantId", "role"]).index("by_status", ["status"]),
116
+ "memberships": defineTable(v.object({ "createdAt": v.number(), "grantedBy": v.optional(v.string()), "principalId": v.string(), "principalRefId": v.optional(v.id("principals")), "role": v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent")), "source": v.union(v.literal("manual"), v.literal("sso"), v.literal("bootstrap"), v.literal("api"), v.literal("scim")), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principalId", ["principalId"]).index("by_principal_tenant", ["principalId", "tenantId"]).index("by_principal_tenant_workspace", ["principalId", "tenantId", "workspaceId"]).index("by_workspace_principal", ["workspaceId", "principalId"]).index("by_tenant_role", ["tenantId", "role"]).index("by_status", ["status"]),
101
117
  "methodologyPacks": defineTable(v.object({ "createdAt": v.number(), "description": v.string(), "enforcementLevel": v.union(v.literal("strict"), v.literal("guided"), v.literal("advisory")), "name": v.string(), "packId": v.string(), "phases": v.array(v.object({ "description": v.string(), "gate": v.optional(v.string()), "instructions": v.string(), "name": v.string(), "requiredTools": v.array(v.string()), "title": v.string() })), "principles": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("draft"), v.literal("archived")), "updatedAt": v.number(), "version": v.string() })).index("by_packId", ["packId"]).index("by_status", ["status"]),
102
118
  "oauthDeviceCodes": defineTable(v.object({ "approvedAt": v.optional(v.number()), "clerkUserId": v.optional(v.string()), "clientId": v.string(), "consumedAt": v.optional(v.number()), "createdAt": v.number(), "deniedAt": v.optional(v.number()), "deviceCodeHash": v.string(), "expiresAt": v.number(), "intervalSeconds": v.number(), "lastPolledAt": v.optional(v.number()), "principalId": v.optional(v.string()), "role": v.optional(v.string()), "scope": v.string(), "scopes": v.optional(v.array(v.string())), "sessionId": v.optional(v.string()), "slowDownCount": v.optional(v.number()), "status": v.union(v.literal("pending"), v.literal("approved"), v.literal("denied"), v.literal("expired"), v.literal("consumed")), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "userCode": v.string(), "workspaceId": v.optional(v.string()) })).index("by_deviceCodeHash", ["deviceCodeHash"]).index("by_userCode", ["userCode"]).index("by_status_expiresAt", ["status", "expiresAt"]).index("by_sessionId", ["sessionId"]),
103
119
  "packAssignments": defineTable(v.object({ "assignedBy": v.string(), "createdAt": v.number(), "groupId": v.id("groups"), "packKey": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_groupId", ["groupId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_packKey", ["tenantId", "packKey"]).index("by_group_packKey", ["groupId", "packKey"]).index("by_status", ["status"]),
@@ -106,24 +122,27 @@ var MC_SCHEMA_TABLES = {
106
122
  "packGroupAssignments": defineTable(v.object({ "assignedBy": v.string(), "createdAt": v.number(), "groupId": v.id("groups"), "packKey": v.string(), "packVersion": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("disabled")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_groupId", ["groupId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_packKey", ["tenantId", "packKey"]).index("by_group_packKey", ["groupId", "packKey"]),
107
123
  "packInstallations": defineTable(v.object({ "candidateVersion": v.optional(v.string()), "componentStatus": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "disabledBy": v.optional(v.string()), "enabledBy": v.optional(v.string()), "healthStatus": v.union(v.literal("unknown"), v.literal("healthy"), v.literal("degraded"), v.literal("failing")), "installedBy": v.optional(v.string()), "installScope": v.optional(v.union(v.literal("tenant"), v.literal("workspace"))), "installStatus": v.optional(v.union(v.literal("installing"), v.literal("installed"), v.literal("partial_failure"), v.literal("uninstalling"))), "lastError": v.optional(v.string()), "lastHealthCheckAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "packKey": v.string(), "packVersion": v.string(), "runtimeState": v.union(v.literal("registered"), v.literal("validated"), v.literal("installed"), v.literal("enabled"), v.literal("degraded"), v.literal("disabled"), v.literal("removed")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "upgradeCompletedAt": v.optional(v.number()), "upgradeStartedAt": v.optional(v.number()), "versionWindowState": v.optional(v.union(v.literal("none"), v.literal("prepared"), v.literal("canary"), v.literal("committed"), v.literal("rolled_back"))), "workspaceId": v.optional(v.id("workspaces")) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_packKey", ["packKey"]).index("by_packKey_version", ["packKey", "packVersion"]).index("by_tenant_packKey", ["tenantId", "packKey"]).index("by_tenant_workspace_packKey", ["tenantId", "workspaceId", "packKey"]).index("by_tenant_runtimeState", ["tenantId", "runtimeState"]).index("by_workspace_runtimeState", ["workspaceId", "runtimeState"]).index("by_tenant_healthStatus", ["tenantId", "healthStatus"]).index("by_workspace_healthStatus", ["workspaceId", "healthStatus"]),
108
124
  "packVersions": defineTable(v.object({ "agentManifest": v.optional(v.array(v.string())), "configSnapshot": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "lensManifest": v.optional(v.array(v.object({ "description": v.optional(v.string()), "filterCriteria": v.optional(v.any()), "lensKey": v.string(), "metadata": v.optional(v.any()), "name": v.string(), "perspectiveType": v.string(), "promptTemplates": v.array(v.object({ "key": v.string(), "metadata": v.optional(v.any()), "phase": v.optional(v.string()), "promptRef": v.string(), "required": v.optional(v.boolean()), "role": v.optional(v.string()), "version": v.optional(v.string()) })), "questionTemplates": v.optional(v.array(v.object({ "key": v.string(), "linkedBeliefKey": v.optional(v.string()), "metadata": v.optional(v.any()), "priority": v.optional(v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low"))), "text": v.string() }))), "taskTemplates": v.array(v.object({ "description": v.optional(v.string()), "key": v.string(), "metadata": v.optional(v.any()), "phase": v.optional(v.string()), "priority": v.optional(v.union(v.literal("critical"), v.literal("high"), v.literal("medium"), v.literal("low"))), "title": v.string() })), "topicTypeAffinity": v.optional(v.array(v.string())), "workflowTemplates": v.array(v.object({ "description": v.optional(v.string()), "key": v.string(), "metadata": v.optional(v.any()), "name": v.string(), "steps": v.array(v.object({ "description": v.optional(v.string()), "key": v.string(), "metadata": v.optional(v.any()), "promptTemplateKey": v.optional(v.string()), "taskTemplateKeys": v.optional(v.array(v.string())), "title": v.string() })) })) }))), "methodologyManifest": v.optional(v.array(v.string())), "ontologySnapshot": v.optional(v.object({ "edgeTypes": v.array(v.object({ "constraintSeverity": v.optional(v.union(v.literal("warn"), v.literal("info"))), "description": v.optional(v.string()), "label": v.string(), "sourceTypes": v.optional(v.array(v.string())), "targetTypes": v.optional(v.array(v.string())), "value": v.string() })), "entityTypes": v.array(v.object({ "description": v.optional(v.string()), "label": v.string(), "schema": v.optional(v.any()), "subtypes": v.optional(v.array(v.object({ "description": v.optional(v.string()), "label": v.string(), "value": v.string() }))), "value": v.string() })), "ontologyKey": v.string(), "topicBindings": v.optional(v.array(v.object({ "autoBindNewTopics": v.boolean(), "topicType": v.string() }))), "version": v.string() })), "packKey": v.string(), "promptManifest": v.optional(v.array(v.string())), "publishedAt": v.optional(v.number()), "releasedBy": v.string(), "releaseNotes": v.optional(v.string()), "status": v.union(v.literal("draft"), v.literal("published"), v.literal("deprecated")), "toolManifest": v.array(v.object({ "category": v.optional(v.union(v.literal("read"), v.literal("write"), v.literal("admin"), v.literal("system"))), "description": v.optional(v.string()), "executionAdapter": v.optional(v.union(v.literal("convex_mutation"), v.literal("convex_action"), v.literal("http_callback"), v.literal("mcp_tool"), v.literal("sdk_invocation"), v.literal("external_observed"))), "handlerRef": v.optional(v.string()), "parameterSchema": v.optional(v.record(v.string(), v.any())), "requiredAction": v.optional(v.union(v.literal("read"), v.literal("mutate"), v.literal("admin"), v.literal("summarize"), v.literal("export"), v.literal("create"), v.literal("delete"), v.literal("grant"), v.literal("revoke"))), "requiredRole": v.optional(v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent"))), "returnSchema": v.optional(v.record(v.string(), v.any())), "safetyMetadata": v.optional(v.object({ "idempotent": v.boolean(), "readOnly": v.boolean(), "sideEffectLevel": v.union(v.literal("none"), v.literal("low"), v.literal("high")) })), "surfaces": v.optional(v.array(v.union(v.literal("mcp"), v.literal("chat"), v.literal("voice"), v.literal("sprint"), v.literal("api"), v.literal("sdk"), v.literal("cli")))), "toolName": v.string(), "toolVersion": v.string() })), "topicIds": v.optional(v.array(v.string())), "version": v.string() })).index("by_packKey", ["packKey"]).index("by_packKey_version", ["packKey", "version"]).index("by_status", ["status"]).index("by_publishedAt", ["publishedAt"]),
125
+ "permitSyncStates": defineTable(v.object({ "attemptCount": v.number(), "createdAt": v.number(), "createdBy": v.string(), "desiredPayload": v.record(v.string(), v.any()), "lastAppliedPayloadHash": v.optional(v.string()), "lastError": v.optional(v.string()), "lastSyncedAt": v.optional(v.number()), "nextAttemptAt": v.optional(v.number()), "objectId": v.string(), "objectType": v.union(v.literal("resource"), v.literal("role"), v.literal("resource_role"), v.literal("resource_relation"), v.literal("tenant"), v.literal("workspace"), v.literal("principal"), v.literal("membership"), v.literal("group"), v.literal("resource_instance"), v.literal("relationship_tuple"), v.literal("role_assignment")), "permitResourceKey": v.optional(v.string()), "permitResourceType": v.optional(v.string()), "permitTenantKey": v.optional(v.string()), "principalId": v.optional(v.string()), "status": v.union(v.literal("pending"), v.literal("synced"), v.literal("error"), v.literal("skipped")), "syncKey": v.string(), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "updatedBy": v.optional(v.string()), "workspaceId": v.optional(v.id("workspaces")) })).index("by_syncKey", ["syncKey"]).index("by_status", ["status"]).index("by_tenant_status", ["tenantId", "status"]).index("by_workspace_status", ["workspaceId", "status"]).index("by_principal_status", ["principalId", "status"]),
109
126
  "policyBundles": defineTable(v.object({ "bundleKey": v.string(), "createdAt": v.number(), "createdBy": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "policyHash": v.optional(v.string()), "rules": v.record(v.string(), v.any()), "scope": v.union(v.literal("platform"), v.literal("tenant"), v.literal("workspace")), "status": v.union(v.literal("draft"), v.literal("validated"), v.literal("enforced"), v.literal("archived")), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "version": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_bundle_key", ["bundleKey"]).index("by_bundle_key_version", ["bundleKey", "version"]).index("by_scope_status", ["scope", "status"]).index("by_tenant_status", ["tenantId", "status"]).index("by_workspace_status", ["workspaceId", "status"]),
110
- "policyDecisionLogs": defineTable(v.object({ "action": v.union(v.literal("read"), v.literal("summarize"), v.literal("export"), v.literal("mutate"), v.literal("admin"), v.literal("comment"), v.literal("escalate"), v.literal("resolve"), v.literal("vote")), "audienceClass": v.optional(v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public"))), "audienceKey": v.optional(v.string()), "audienceMode": v.optional(v.string()), "createdAt": v.number(), "decision": v.union(v.literal("allow"), v.literal("deny")), "metadata": v.optional(v.record(v.string(), v.any())), "packKey": v.optional(v.string()), "policyBundleId": v.optional(v.id("policyBundles")), "policyVersion": v.string(), "principalId": v.string(), "reasonCode": v.string(), "resourceId": v.string(), "resourceType": v.string(), "tenantId": v.optional(v.id("tenants")), "traceId": v.optional(v.string()), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principal_createdAt", ["principalId", "createdAt"]).index("by_tenant_createdAt", ["tenantId", "createdAt"]).index("by_pack_createdAt", ["packKey", "createdAt"]).index("by_audienceKey_createdAt", ["audienceKey", "createdAt"]).index("by_decision_createdAt", ["decision", "createdAt"]).index("by_traceId", ["traceId"]),
127
+ "policyDecisionLogs": defineTable(v.object({ "action": v.union(v.literal("read"), v.literal("summarize"), v.literal("export"), v.literal("mutate"), v.literal("admin"), v.literal("comment"), v.literal("escalate"), v.literal("resolve"), v.literal("vote"), v.literal("route"), v.literal("invoke"), v.literal("manage"), v.literal("deploy"), v.literal("promote"), v.literal("rollback"), v.literal("audit"), v.literal("read_ref"), v.literal("fetch_value"), v.literal("rotate"), v.literal("administer"), v.literal("mint"), v.literal("delegate"), v.literal("revoke")), "audienceClass": v.optional(v.union(v.literal("internal"), v.literal("restricted_external"), v.literal("public"))), "audienceKey": v.optional(v.string()), "audienceMode": v.optional(v.string()), "createdAt": v.number(), "decision": v.union(v.literal("allow"), v.literal("deny")), "metadata": v.optional(v.record(v.string(), v.any())), "packKey": v.optional(v.string()), "policyBundleId": v.optional(v.id("policyBundles")), "policyVersion": v.string(), "principalId": v.string(), "reasonCode": v.string(), "resourceId": v.string(), "resourceType": v.string(), "tenantId": v.optional(v.id("tenants")), "traceId": v.optional(v.string()), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principal_createdAt", ["principalId", "createdAt"]).index("by_tenant_createdAt", ["tenantId", "createdAt"]).index("by_pack_createdAt", ["packKey", "createdAt"]).index("by_audienceKey_createdAt", ["audienceKey", "createdAt"]).index("by_decision_createdAt", ["decision", "createdAt"]).index("by_traceId", ["traceId"]),
111
128
  "policySimulations": defineTable(v.object({ "actorPrincipalId": v.string(), "createdAt": v.number(), "input": v.record(v.string(), v.any()), "metadata": v.optional(v.record(v.string(), v.any())), "result": v.record(v.string(), v.any()), "simulationKey": v.string(), "tenantId": v.optional(v.id("tenants")), "workspaceId": v.optional(v.id("workspaces")) })).index("by_simulation_key", ["simulationKey"]).index("by_tenant_createdAt", ["tenantId", "createdAt"]).index("by_workspace_createdAt", ["workspaceId", "createdAt"]).index("by_actor_createdAt", ["actorPrincipalId", "createdAt"]),
129
+ "principalIdentityAliases": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "email": v.optional(v.string()), "externalSubjectId": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.string(), "principalRefId": v.optional(v.id("principals")), "provider": v.string(), "providerProjectId": v.optional(v.string()), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_provider_subject", ["provider", "externalSubjectId"]).index("by_provider_project_subject", ["provider", "providerProjectId", "externalSubjectId"]).index("by_principalId", ["principalId"]).index("by_principal_status", ["principalId", "status"]).index("by_tenant_provider_subject", ["tenantId", "provider", "externalSubjectId"]).index("by_workspace_provider_subject", ["workspaceId", "provider", "externalSubjectId"]),
112
130
  "principals": defineTable(v.object({ "clerkId": v.optional(v.string()), "createdAt": v.number(), "displayName": v.optional(v.string()), "email": v.optional(v.string()), "groupIds": v.optional(v.array(v.id("groups"))), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.string(), "principalType": v.union(v.literal("user"), v.literal("group"), v.literal("service"), v.literal("external_viewer")), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("suspended"), v.literal("disabled")), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principalId", ["principalId"]).index("by_clerkId", ["clerkId"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_status", ["status"]),
113
131
  "rateLimitWindows": defineTable(v.object({ "createdAt": v.number(), "keyId": v.optional(v.string()), "limit": v.number(), "principalId": v.string(), "requestCount": v.number(), "tenantId": v.optional(v.id("tenants")), "tier": v.union(v.literal("free"), v.literal("developer"), v.literal("partner")), "updatedAt": v.number(), "windowEndMs": v.number(), "windowStartMs": v.number(), "windowType": v.union(v.literal("minute"), v.literal("hour")) })).index("by_principal_window", ["principalId", "windowType", "windowStartMs"]).index("by_window_type_start", ["windowType", "windowStartMs"]).index("by_window_end", ["windowEndMs"]).index("by_tier_window_end", ["tier", "windowEndMs"]),
132
+ "secretSyncDriftReports": defineTable(v.object({ "appliedReceiptId": v.optional(v.string()), "dryRunReceiptId": v.optional(v.string()), "generatedAt": v.number(), "manifestHash": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "recordedAt": v.number(), "recordedBy": v.string(), "redactedReport": v.record(v.string(), v.any()), "reportHash": v.string(), "reportId": v.string(), "source": v.union(v.literal("infisical_manifest"), v.literal("manual"), v.literal("ci")), "status": v.union(v.literal("in_sync"), v.literal("drift"), v.literal("exception"), v.literal("blocked"), v.literal("not_observed")), "summary": v.object({ "approvedExceptions": v.number(), "blocked": v.number(), "deniedConvexLeakage": v.number(), "drift": v.number(), "exception": v.number(), "extraKeys": v.number(), "inSync": v.number(), "missingKeys": v.number(), "notObserved": v.number(), "totalPipelines": v.number(), "valueDriftKeys": v.number() }) })).index("by_reportId", ["reportId"]).index("by_reportHash", ["reportHash"]).index("by_generatedAt", ["generatedAt"]).index("by_status_generatedAt", ["status", "generatedAt"]),
114
133
  "servicePrincipalKeys": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "environment": v.union(v.literal("sandbox"), v.literal("production")), "expiresAt": v.number(), "keyId": v.string(), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "principalId": v.string(), "rateLimitTier": v.optional(v.union(v.literal("free"), v.literal("developer"), v.literal("partner"))), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedToKeyId": v.optional(v.string()), "rotationGracePeriod": v.optional(v.number()), "scopes": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("rotating"), v.literal("rotated"), v.literal("expired"), v.literal("revoked")), "tenantId": v.id("tenants"), "tokenHash": v.string(), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_keyId", ["keyId"]).index("by_tokenHash", ["tokenHash"]).index("by_principalId", ["principalId"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_status", ["status"]).index("by_principal_status", ["principalId", "status"]),
115
- "tenantDeploymentCredentials": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "credentialRef": v.string(), "encryptedDeployKey": v.string(), "encryptionVersion": v.string(), "environment": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "keyFingerprint": v.string(), "keyHint": v.string(), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromCredentialRef": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked")), "target": v.union(v.literal("kernelDeployment"), v.literal("appDeployment")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_credentialRef", ["credentialRef"]).index("by_tenantId", ["tenantId"]).index("by_tenant_target", ["tenantId", "target"]).index("by_tenant_target_environment", ["tenantId", "target", "environment"]).index("by_tenant_target_environment_status", ["tenantId", "target", "environment", "status"]).index("by_status", ["status"]),
134
+ "tenantDeploymentCredentials": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "credentialRef": v.string(), "encryptedDeployKey": v.string(), "encryptionVersion": v.string(), "environment": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "keyFingerprint": v.string(), "keyHint": v.string(), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromCredentialRef": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked")), "target": v.union(v.literal("kernelDeployment"), v.literal("appDeployment")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_credentialRef", ["credentialRef"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_target", ["tenantId", "target"]).index("by_tenant_target_environment", ["tenantId", "target", "environment"]).index("by_tenant_target_environment_status", ["tenantId", "target", "environment", "status"]).index("by_tenant_workspace_target_environment_status", ["tenantId", "workspaceId", "target", "environment", "status"]).index("by_status", ["status"]),
116
135
  "tenantMethodologyAssignments": defineTable(v.object({ "assignedAt": v.number(), "assignedBy": v.string(), "isDefault": v.boolean(), "methodologyPackId": v.id("methodologyPacks"), "tenantId": v.id("tenants") })).index("by_tenantId", ["tenantId"]).index("by_methodologyPackId", ["methodologyPackId"]),
117
136
  "tenants": defineTable(v.object({ "appDeployment": v.optional(v.object({ "devId": v.string(), "devUrl": v.string(), "prodId": v.optional(v.string()), "prodUrl": v.optional(v.string()), "stagingId": v.optional(v.string()), "stagingUrl": v.optional(v.string()) })), "createdAt": v.number(), "kernelDeployment": v.optional(v.object({ "devId": v.string(), "devUrl": v.string(), "prodId": v.optional(v.string()), "prodUrl": v.optional(v.string()), "stagingId": v.optional(v.string()), "stagingUrl": v.optional(v.string()) })), "lucernDeployment": v.optional(v.object({ "devId": v.string(), "devUrl": v.string(), "prodId": v.optional(v.string()), "prodUrl": v.optional(v.string()), "stagingId": v.optional(v.string()), "stagingUrl": v.optional(v.string()) })), "metadata": v.optional(v.any()), "name": v.string(), "ownerClerkId": v.string(), "ownerEmail": v.optional(v.string()), "slug": v.string(), "status": v.union(v.literal("provisioning"), v.literal("active"), v.literal("suspended"), v.literal("archived")), "tier": v.union(v.literal("free"), v.literal("developer"), v.literal("team"), v.literal("enterprise")), "updatedAt": v.number() })).index("by_slug", ["slug"]).index("by_status", ["status"]).index("by_ownerClerkId", ["ownerClerkId"]),
118
137
  "toolCatalog": defineTable(v.object({ "category": v.union(v.literal("read"), v.literal("write"), v.literal("admin"), v.literal("system")), "createdAt": v.number(), "description": v.string(), "distribution": v.union(v.literal("base"), v.literal("pack_only")), "executionAdapter": v.optional(v.union(v.literal("convex_mutation"), v.literal("convex_action"), v.literal("http_callback"), v.literal("mcp_tool"), v.literal("sdk_invocation"), v.literal("external_observed"))), "handlerRef": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "parameterSchema": v.optional(v.record(v.string(), v.any())), "requiredAction": v.union(v.literal("read"), v.literal("mutate"), v.literal("admin"), v.literal("summarize"), v.literal("export"), v.literal("create"), v.literal("delete"), v.literal("grant"), v.literal("revoke")), "requiredRole": v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent")), "returnSchema": v.optional(v.record(v.string(), v.any())), "safetyMetadata": v.optional(v.object({ "idempotent": v.boolean(), "readOnly": v.boolean(), "sideEffectLevel": v.union(v.literal("none"), v.literal("low"), v.literal("high")) })), "status": v.union(v.literal("active"), v.literal("deprecated"), v.literal("draft")), "surfaces": v.array(v.union(v.literal("mcp"), v.literal("chat"), v.literal("voice"), v.literal("sprint"), v.literal("api"), v.literal("sdk"), v.literal("cli"))), "toolName": v.string(), "updatedAt": v.number(), "version": v.string() })).index("by_toolName", ["toolName"]).index("by_status", ["status"]).index("by_distribution", ["distribution"]).index("by_distribution_status", ["distribution", "status"]).index("by_category", ["category"]).index("by_requiredRole", ["requiredRole"]),
119
138
  "toolRegistryEntries": defineTable(v.object({ "approvalGateId": v.optional(v.string()), "category": v.optional(v.union(v.literal("read"), v.literal("write"), v.literal("admin"), v.literal("system"))), "createdAt": v.number(), "createdBy": v.string(), "description": v.string(), "exampleInvocations": v.array(v.object({ "expectedOutput": v.optional(v.record(v.string(), v.any())), "input": v.record(v.string(), v.any()) })), "executionAdapter": v.union(v.literal("convex_mutation"), v.literal("convex_action"), v.literal("http_callback"), v.literal("mcp_tool"), v.literal("sdk_invocation"), v.literal("external_observed")), "gateClassification": v.union(v.literal("core"), v.literal("shimmed")), "isCore": v.optional(v.boolean()), "metadata": v.optional(v.record(v.string(), v.any())), "parameterSchema": v.record(v.string(), v.any()), "requiredAction": v.optional(v.union(v.literal("read"), v.literal("mutate"), v.literal("admin"), v.literal("summarize"), v.literal("export"), v.literal("create"), v.literal("delete"), v.literal("grant"), v.literal("revoke"))), "requiredRole": v.optional(v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent"))), "safetyMetadata": v.object({ "idempotent": v.boolean(), "readOnly": v.boolean(), "sideEffectLevel": v.union(v.literal("none"), v.literal("low"), v.literal("high")) }), "scopeRequirements": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("deprecated"), v.literal("disabled")), "surfaces": v.optional(v.array(v.union(v.literal("mcp"), v.literal("chat"), v.literal("voice"), v.literal("sprint"), v.literal("api"), v.literal("sdk"), v.literal("cli")))), "tenantId": v.id("tenants"), "toolId": v.string(), "toolName": v.string(), "updatedAt": v.number(), "version": v.string(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_toolId", ["toolId"]).index("by_tenant_toolId", ["tenantId", "toolId"]).index("by_tenant_toolId_version", ["tenantId", "toolId", "version"]).index("by_tenant_toolName", ["tenantId", "toolName"]).index("by_tenant_toolName_version", ["tenantId", "toolName", "version"]).index("by_workspace_toolName_version", ["workspaceId", "toolName", "version"]).index("by_tenant_gateClassification", ["tenantId", "gateClassification"]).index("by_tenant_status", ["tenantId", "status"]),
120
139
  "userSessions": defineTable(v.object({ "apiKeyId": v.id("apiKeys"), "authMode": v.optional(v.union(v.literal("interactive_user"), v.literal("service_principal"), v.literal("tenant_api_key"), v.literal("session_token"))), "clerkUserId": v.string(), "createdAt": v.number(), "delegationChain": v.optional(v.array(v.object({ "authMode": v.optional(v.union(v.literal("interactive_user"), v.literal("service_principal"), v.literal("tenant_api_key"), v.literal("session_token"))), "delegatedAt": v.optional(v.number()), "principalId": v.string(), "principalType": v.union(v.literal("human"), v.literal("service"), v.literal("agent")), "reason": v.optional(v.string()), "sessionId": v.optional(v.string()) }))), "jwtExpiresAt": v.optional(v.number()), "jwtIssuedAt": v.optional(v.number()), "lastActivityAt": v.number(), "lastValidatedAt": v.optional(v.number()), "principalId": v.optional(v.string()), "principalType": v.optional(v.union(v.literal("human"), v.literal("service"), v.literal("agent"))), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "revokeReason": v.optional(v.string()), "role": v.optional(v.string()), "scopes": v.optional(v.array(v.string())), "sessionExpiresAt": v.optional(v.number()), "sessionId": v.string(), "sessionType": v.union(v.literal("user"), v.literal("agent")), "sourceSessionId": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("expired"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.string()) })).index("by_sessionId", ["sessionId"]).index("by_sourceSessionId", ["sourceSessionId"]).index("by_tenantId", ["tenantId"]).index("by_clerkUserId", ["clerkUserId"]).index("by_status", ["status"]),
121
- "workspaces": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.optional(v.string()), "defaultProjectVisibility": v.optional(v.union(v.literal("private"), v.literal("team"), v.literal("firm"), v.literal("external"), v.literal("public"))), "deployments": v.optional(v.record(v.string(), v.object({ "credentialRef": v.optional(v.string()), "encryptedDeployKey": v.optional(v.string()), "target": v.optional(v.union(v.literal("kernelDeployment"), v.literal("appDeployment"))), "url": v.string() }))), "key": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "name": v.string(), "slug": v.string(), "status": v.union(v.literal("active"), v.literal("archived")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_tenantId", ["tenantId"]).index("by_tenantId_key", ["tenantId", "key"]).index("by_tenantId_slug", ["tenantId", "slug"]).index("by_status", ["status"])
140
+ "workspaces": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.optional(v.string()), "defaultProjectVisibility": v.optional(v.union(v.literal("private"), v.literal("team"), v.literal("firm"), v.literal("external"), v.literal("public"))), "deployments": v.optional(v.record(v.string(), v.object({ "credentialRef": v.optional(v.string()), "target": v.optional(v.union(v.literal("kernelDeployment"), v.literal("appDeployment"))), "url": v.string() }))), "key": v.string(), "metadata": v.optional(v.record(v.string(), v.any())), "name": v.string(), "slug": v.string(), "status": v.union(v.literal("active"), v.literal("archived")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_tenantId", ["tenantId"]).index("by_tenantId_key", ["tenantId", "key"]).index("by_tenantId_slug", ["tenantId", "slug"]).index("by_status", ["status"])
122
141
  };
123
142
  var DEVELOPER_PACK_SCHEMA_TABLES = {};
124
143
  var EMPTY_SCHEMA_TABLES = {};
125
- var IDENTITY_TIER_SCHEMA_TABLES = {
126
- ...IDENTITY_SCHEMA_TABLES
144
+ var CONTROL_PLANE_TIER_SCHEMA_TABLES = {
145
+ ...CONTROL_PLANE_SCHEMA_TABLES
127
146
  };
128
147
  var KERNEL_TIER_SCHEMA_TABLES = {
129
148
  ...KERNEL_SCHEMA_TABLES
@@ -131,7 +150,7 @@ var KERNEL_TIER_SCHEMA_TABLES = {
131
150
  var KERNEL_COMPONENT_TIER_SCHEMA_TABLES = {};
132
151
  var STACK_TIER_SCHEMA_TABLES = {
133
152
  ...KERNEL_SCHEMA_TABLES,
134
- ...IDENTITY_SCHEMA_TABLES,
153
+ ...CONTROL_PLANE_SCHEMA_TABLES,
135
154
  ...DEVELOPER_PACK_SCHEMA_TABLES
136
155
  };
137
156
  var STACK_V2_TIER_SCHEMA_TABLES = {
@@ -142,12 +161,12 @@ var MC_TIER_SCHEMA_TABLES = {
142
161
  };
143
162
  var FULL_TIER_SCHEMA_TABLES = {
144
163
  ...MC_SCHEMA_TABLES,
145
- ...IDENTITY_SCHEMA_TABLES,
164
+ ...CONTROL_PLANE_SCHEMA_TABLES,
146
165
  ...KERNEL_SCHEMA_TABLES,
147
166
  ...DEVELOPER_PACK_SCHEMA_TABLES
148
167
  };
149
168
  var TIER_SCHEMA_TABLES = {
150
- identity: IDENTITY_TIER_SCHEMA_TABLES,
169
+ "control-plane": CONTROL_PLANE_TIER_SCHEMA_TABLES,
151
170
  kernel: KERNEL_TIER_SCHEMA_TABLES,
152
171
  "kernel-component": KERNEL_COMPONENT_TIER_SCHEMA_TABLES,
153
172
  stack: STACK_TIER_SCHEMA_TABLES,
@@ -157,6 +176,6 @@ var TIER_SCHEMA_TABLES = {
157
176
  };
158
177
  var convexSchemas_default = defineSchema(FULL_TIER_SCHEMA_TABLES);
159
178
 
160
- export { DEVELOPER_PACK_SCHEMA_TABLES, EMPTY_SCHEMA_TABLES, FULL_TIER_SCHEMA_TABLES, IDENTITY_SCHEMA_TABLES, IDENTITY_TIER_SCHEMA_TABLES, KERNEL_COMPONENT_TIER_SCHEMA_TABLES, KERNEL_SCHEMA_TABLES, KERNEL_TIER_SCHEMA_TABLES, MC_SCHEMA_TABLES, MC_TIER_SCHEMA_TABLES, STACK_TIER_SCHEMA_TABLES, STACK_V2_TIER_SCHEMA_TABLES, TIER_SCHEMA_TABLES, convexSchemas_default as default };
179
+ export { CONTROL_PLANE_SCHEMA_TABLES, CONTROL_PLANE_TIER_SCHEMA_TABLES, DEVELOPER_PACK_SCHEMA_TABLES, EMPTY_SCHEMA_TABLES, FULL_TIER_SCHEMA_TABLES, KERNEL_COMPONENT_TIER_SCHEMA_TABLES, KERNEL_SCHEMA_TABLES, KERNEL_TIER_SCHEMA_TABLES, MC_SCHEMA_TABLES, MC_TIER_SCHEMA_TABLES, STACK_TIER_SCHEMA_TABLES, STACK_V2_TIER_SCHEMA_TABLES, TIER_SCHEMA_TABLES, convexSchemas_default as default };
161
180
  //# sourceMappingURL=convexSchemas.js.map
162
181
  //# sourceMappingURL=convexSchemas.js.map