@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26572 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +8 -4
  102. package/dist/index.js +30959 -406
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1597 -3
  105. package/dist/infisical-runtime.contract.js +2788 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1524 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2641 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/projections/check-convex-args-shape.js +10 -6
  117. package/dist/projections/check-convex-args-shape.js.map +1 -1
  118. package/dist/projections/create-evidence.projection.d.ts +6 -6
  119. package/dist/projections/create-evidence.projection.js +2 -3
  120. package/dist/projections/create-evidence.projection.js.map +1 -1
  121. package/dist/projections/index.d.ts +3 -3
  122. package/dist/projections/index.js +10 -6
  123. package/dist/projections/index.js.map +1 -1
  124. package/dist/projections/list-tasks.projection.d.ts +20 -8
  125. package/dist/projections/list-tasks.projection.js +8 -3
  126. package/dist/projections/list-tasks.projection.js.map +1 -1
  127. package/dist/proof-attestation.json +45 -0
  128. package/dist/schemas/component-table-manifest.d.ts +6 -6
  129. package/dist/schemas/component-table-manifest.js +2 -2
  130. package/dist/schemas/component-table-manifest.js.map +1 -1
  131. package/dist/schemas/index.d.ts +2 -2
  132. package/dist/schemas/index.js +1086 -137
  133. package/dist/schemas/index.js.map +1 -1
  134. package/dist/schemas/manifest.d.ts +2010 -120
  135. package/dist/schemas/manifest.js +1084 -135
  136. package/dist/schemas/manifest.js.map +1 -1
  137. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  138. package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
  139. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  140. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  141. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  142. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  145. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  148. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  151. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  154. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  157. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  158. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  159. package/dist/schemas/tables/kernel/config.js.map +1 -1
  160. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  161. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  162. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  163. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  164. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  165. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  166. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  167. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  168. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  170. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  171. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  172. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  173. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  174. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  176. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  177. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  178. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  179. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  180. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  181. package/dist/schemas/tables/kernel/spine.js +1 -0
  182. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  183. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  184. package/dist/schemas/tables/kernel/task.js.map +1 -1
  185. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  187. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  189. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  190. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  191. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  192. package/dist/schemas/tables/mc/identity.js +32 -1
  193. package/dist/schemas/tables/mc/identity.js.map +1 -1
  194. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  195. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  196. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  197. package/dist/schemas/tables/mc/pack.js.map +1 -1
  198. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  199. package/dist/schemas/tables/mc/policy.js +1 -1
  200. package/dist/schemas/tables/mc/policy.js.map +1 -1
  201. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  202. package/dist/schemas/tables/mc/registry.js.map +1 -1
  203. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  204. package/dist/schemas/tables/mc/runtime.js +330 -104
  205. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  206. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  207. package/dist/schemas/tables/mc/tenant.js +2 -1
  208. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  209. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  210. package/dist/schemas/tables/mc/workspace.js +34 -2
  211. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  212. package/dist/sdk-tools.contract.js +26 -1
  213. package/dist/sdk-tools.contract.js.map +1 -1
  214. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  215. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  216. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  218. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  219. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  220. package/dist/tenant-client.contract.d.ts +12 -12
  221. package/dist/tenant-client.contract.js +11 -11
  222. package/dist/tenant-client.contract.js.map +1 -1
  223. package/dist/tool-contracts.js +26 -1
  224. package/dist/tool-contracts.js.map +1 -1
  225. package/package.json +22 -1
  226. package/dist/schemas/tables/identity/agent.js.map +0 -1
  227. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  228. package/dist/schemas/tables/identity/model.js.map +0 -1
  229. package/dist/schemas/tables/identity/platform.js.map +0 -1
  230. package/dist/schemas/tables/identity/project.js.map +0 -1
  231. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -203,7 +203,7 @@ var toolRegistryEntries = defineTable({
203
203
  });
204
204
  var agents = defineTable({
205
205
  name: "agents",
206
- component: "identity",
206
+ component: "control-plane",
207
207
  category: "agent",
208
208
  shape: z.object({
209
209
  "slug": z.string(),
@@ -234,6 +234,7 @@ var apiKeys = defineTable({
234
234
  category: "tenant",
235
235
  shape: z.object({
236
236
  "tenantId": idOf("tenants"),
237
+ "workspaceId": idOf("workspaces").optional(),
237
238
  "keyPrefix": z.enum(["luc", "stk"]),
238
239
  "keyHash": z.string(),
239
240
  "keyHint": z.string(),
@@ -261,7 +262,7 @@ var auditLog = defineTable({
261
262
  shape: z.object({
262
263
  "tenantId": idOf("tenants").optional(),
263
264
  "apiKeyId": idOf("apiKeys").optional(),
264
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
266
  "actorClerkId": z.string(),
266
267
  "details": z.any().optional(),
267
268
  "createdAt": z.number()
@@ -1140,29 +1141,37 @@ var compatibilityShims = defineTable({
1140
1141
  component: "mc",
1141
1142
  category: "runtime",
1142
1143
  shape: z.object({
1143
- "shimId": z.string(),
1144
- "gateId": z.string(),
1145
- "removalDate": z.string(),
1146
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1147
- "description": z.string(),
1148
- "owner": z.string(),
1149
- "createdAt": z.string(),
1150
- "status": z.enum(["active", "overdue", "removed"]),
1151
- "bridgeType": z.enum(["tool", "agent"]),
1152
- "bridgeTarget": z.object({
1153
- "type": z.enum(["tool", "agent"]),
1154
- "legacyPath": z.string(),
1155
- "harnessPath": z.string()
1144
+ shimId: z.string(),
1145
+ gateId: z.string(),
1146
+ removalDate: z.string(),
1147
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1148
+ description: z.string(),
1149
+ owner: z.string(),
1150
+ createdAt: z.string(),
1151
+ status: z.enum(["active", "overdue", "removed"]),
1152
+ bridgeType: z.enum(["tool", "agent"]),
1153
+ bridgeTarget: z.object({
1154
+ type: z.enum(["tool", "agent"]),
1155
+ legacyPath: z.string(),
1156
+ harnessPath: z.string()
1156
1157
  }),
1157
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1158
- "producesLedgerEntries": z.boolean(),
1159
- "lastAuditedAt": z.number(),
1160
- "metadata": z.record(z.any()).optional()
1158
+ shimBehavior: z.enum([
1159
+ "passthrough_with_logging",
1160
+ "adapter",
1161
+ "feature_flag_gate"
1162
+ ]),
1163
+ producesLedgerEntries: z.boolean(),
1164
+ lastAuditedAt: z.number(),
1165
+ metadata: z.record(z.any()).optional()
1161
1166
  }),
1162
1167
  indices: [
1163
1168
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1164
1169
  { kind: "index", name: "by_status", columns: ["status"] },
1165
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1170
+ {
1171
+ kind: "index",
1172
+ name: "by_bridgeType_status",
1173
+ columns: ["bridgeType", "status"]
1174
+ }
1166
1175
  ]
1167
1176
  });
1168
1177
  var cutoverFlags = defineTable({
@@ -1170,12 +1179,23 @@ var cutoverFlags = defineTable({
1170
1179
  component: "mc",
1171
1180
  category: "runtime",
1172
1181
  shape: z.object({
1173
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1174
- "state": z.enum(["legacy", "cutover", "disabled"]),
1175
- "metadata": z.record(z.any()).optional(),
1176
- "updatedBy": z.string(),
1177
- "createdAt": z.number(),
1178
- "updatedAt": z.number()
1182
+ domain: z.enum([
1183
+ "graph",
1184
+ "schema",
1185
+ "identity",
1186
+ "policy",
1187
+ "audit",
1188
+ "admin",
1189
+ "agent",
1190
+ "tool",
1191
+ "prompt",
1192
+ "intelligence"
1193
+ ]),
1194
+ state: z.enum(["legacy", "cutover", "disabled"]),
1195
+ metadata: z.record(z.any()).optional(),
1196
+ updatedBy: z.string(),
1197
+ createdAt: z.number(),
1198
+ updatedAt: z.number()
1179
1199
  }),
1180
1200
  indices: [
1181
1201
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1187,57 +1207,193 @@ var tenantDeploymentCredentials = defineTable({
1187
1207
  component: "mc",
1188
1208
  category: "runtime",
1189
1209
  shape: z.object({
1190
- "credentialRef": z.string(),
1191
- "tenantId": idOf("tenants"),
1192
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1193
- "environment": z.enum(["dev", "staging", "prod"]),
1194
- "encryptedDeployKey": z.string(),
1195
- "encryptionVersion": z.string(),
1196
- "keyFingerprint": z.string(),
1197
- "keyHint": z.string(),
1198
- "status": z.enum(["active", "revoked"]),
1199
- "rotatedFromCredentialRef": z.string().optional(),
1200
- "revokedAt": z.number().optional(),
1201
- "revokedBy": z.string().optional(),
1202
- "lastUsedAt": z.number().optional(),
1203
- "metadata": z.record(z.any()).optional(),
1204
- "createdBy": z.string(),
1205
- "createdAt": z.number(),
1206
- "updatedAt": z.number()
1210
+ credentialRef: z.string(),
1211
+ tenantId: idOf("tenants"),
1212
+ workspaceId: idOf("workspaces").optional(),
1213
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1214
+ environment: z.enum(["dev", "staging", "prod"]),
1215
+ encryptedDeployKey: z.string(),
1216
+ encryptionVersion: z.string(),
1217
+ keyFingerprint: z.string(),
1218
+ keyHint: z.string(),
1219
+ status: z.enum(["active", "revoked"]),
1220
+ rotatedFromCredentialRef: z.string().optional(),
1221
+ revokedAt: z.number().optional(),
1222
+ revokedBy: z.string().optional(),
1223
+ lastUsedAt: z.number().optional(),
1224
+ metadata: z.record(z.any()).optional(),
1225
+ createdBy: z.string(),
1226
+ createdAt: z.number(),
1227
+ updatedAt: z.number()
1207
1228
  }),
1208
1229
  indices: [
1209
1230
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1210
1231
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1211
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1212
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1213
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1232
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1233
+ {
1234
+ kind: "index",
1235
+ name: "by_tenant_target",
1236
+ columns: ["tenantId", "target"]
1237
+ },
1238
+ {
1239
+ kind: "index",
1240
+ name: "by_tenant_target_environment",
1241
+ columns: ["tenantId", "target", "environment"]
1242
+ },
1243
+ {
1244
+ kind: "index",
1245
+ name: "by_tenant_target_environment_status",
1246
+ columns: ["tenantId", "target", "environment", "status"]
1247
+ },
1248
+ {
1249
+ kind: "index",
1250
+ name: "by_tenant_workspace_target_environment_status",
1251
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1252
+ },
1214
1253
  { kind: "index", name: "by_status", columns: ["status"] }
1215
1254
  ]
1216
1255
  });
1256
+ var permitSyncStates = defineTable({
1257
+ name: "permitSyncStates",
1258
+ component: "mc",
1259
+ category: "runtime",
1260
+ shape: z.object({
1261
+ syncKey: z.string(),
1262
+ objectType: z.enum([
1263
+ "resource",
1264
+ "role",
1265
+ "resource_role",
1266
+ "resource_relation",
1267
+ "tenant",
1268
+ "workspace",
1269
+ "principal",
1270
+ "membership",
1271
+ "group",
1272
+ "resource_instance",
1273
+ "relationship_tuple",
1274
+ "role_assignment"
1275
+ ]),
1276
+ objectId: z.string(),
1277
+ tenantId: idOf("tenants").optional(),
1278
+ workspaceId: idOf("workspaces").optional(),
1279
+ principalId: z.string().optional(),
1280
+ permitTenantKey: z.string().optional(),
1281
+ permitResourceType: z.string().optional(),
1282
+ permitResourceKey: z.string().optional(),
1283
+ desiredPayload: z.record(z.any()),
1284
+ lastAppliedPayloadHash: z.string().optional(),
1285
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1286
+ attemptCount: z.number(),
1287
+ lastError: z.string().optional(),
1288
+ nextAttemptAt: z.number().optional(),
1289
+ lastSyncedAt: z.number().optional(),
1290
+ createdBy: z.string(),
1291
+ updatedBy: z.string().optional(),
1292
+ createdAt: z.number(),
1293
+ updatedAt: z.number()
1294
+ }),
1295
+ indices: [
1296
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1297
+ { kind: "index", name: "by_status", columns: ["status"] },
1298
+ {
1299
+ kind: "index",
1300
+ name: "by_tenant_status",
1301
+ columns: ["tenantId", "status"]
1302
+ },
1303
+ {
1304
+ kind: "index",
1305
+ name: "by_workspace_status",
1306
+ columns: ["workspaceId", "status"]
1307
+ },
1308
+ {
1309
+ kind: "index",
1310
+ name: "by_principal_status",
1311
+ columns: ["principalId", "status"]
1312
+ }
1313
+ ]
1314
+ });
1315
+ var secretSyncDriftReports = defineTable({
1316
+ name: "secretSyncDriftReports",
1317
+ component: "mc",
1318
+ category: "runtime",
1319
+ shape: z.object({
1320
+ reportId: z.string(),
1321
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1322
+ generatedAt: z.number(),
1323
+ recordedAt: z.number(),
1324
+ recordedBy: z.string(),
1325
+ status: z.enum([
1326
+ "in_sync",
1327
+ "drift",
1328
+ "exception",
1329
+ "blocked",
1330
+ "not_observed"
1331
+ ]),
1332
+ reportHash: z.string(),
1333
+ manifestHash: z.string().optional(),
1334
+ dryRunReceiptId: z.string().optional(),
1335
+ appliedReceiptId: z.string().optional(),
1336
+ summary: z.object({
1337
+ totalPipelines: z.number(),
1338
+ inSync: z.number(),
1339
+ drift: z.number(),
1340
+ exception: z.number(),
1341
+ blocked: z.number(),
1342
+ notObserved: z.number(),
1343
+ missingKeys: z.number(),
1344
+ valueDriftKeys: z.number(),
1345
+ extraKeys: z.number(),
1346
+ deniedConvexLeakage: z.number(),
1347
+ approvedExceptions: z.number()
1348
+ }),
1349
+ redactedReport: z.record(z.any()),
1350
+ metadata: z.record(z.any()).optional()
1351
+ }),
1352
+ indices: [
1353
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1354
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1355
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1356
+ {
1357
+ kind: "index",
1358
+ name: "by_status_generatedAt",
1359
+ columns: ["status", "generatedAt"]
1360
+ }
1361
+ ]
1362
+ });
1217
1363
  var controlPlaneTenantModelSlotBindings = defineTable({
1218
1364
  name: "controlPlaneTenantModelSlotBindings",
1219
1365
  component: "mc",
1220
1366
  category: "runtime",
1221
1367
  shape: z.object({
1222
- "bindingId": z.string(),
1223
- "tenantId": idOf("tenants"),
1224
- "providerId": z.string(),
1225
- "modelSlotId": z.string(),
1226
- "secretRef": z.string(),
1227
- "status": z.enum(["active", "revoked"]),
1228
- "passThroughOnly": z.boolean(),
1229
- "revokedAt": z.number().optional(),
1230
- "revokedBy": z.string().optional(),
1231
- "metadata": z.record(z.any()).optional(),
1232
- "createdBy": z.string(),
1233
- "createdAt": z.number(),
1234
- "updatedAt": z.number()
1368
+ bindingId: z.string(),
1369
+ tenantId: idOf("tenants"),
1370
+ workspaceId: idOf("workspaces").optional(),
1371
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1372
+ providerId: z.string(),
1373
+ modelSlotId: z.string(),
1374
+ secretRef: z.string(),
1375
+ status: z.enum(["active", "revoked"]),
1376
+ passThroughOnly: z.boolean(),
1377
+ revokedAt: z.number().optional(),
1378
+ revokedBy: z.string().optional(),
1379
+ metadata: z.record(z.any()).optional(),
1380
+ createdBy: z.string(),
1381
+ createdAt: z.number(),
1382
+ updatedAt: z.number()
1235
1383
  }),
1236
1384
  indices: [
1237
1385
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1238
1386
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1239
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1240
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1387
+ {
1388
+ kind: "index",
1389
+ name: "by_tenant_slot",
1390
+ columns: ["tenantId", "modelSlotId"]
1391
+ },
1392
+ {
1393
+ kind: "index",
1394
+ name: "by_tenant_provider_slot",
1395
+ columns: ["tenantId", "providerId", "modelSlotId"]
1396
+ },
1241
1397
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1242
1398
  { kind: "index", name: "by_status", columns: ["status"] }
1243
1399
  ]
@@ -1247,29 +1403,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1247
1403
  component: "mc",
1248
1404
  category: "runtime",
1249
1405
  shape: z.object({
1250
- "secretRef": z.string(),
1251
- "tenantId": idOf("tenants"),
1252
- "providerId": z.string(),
1253
- "label": z.string().optional(),
1254
- "encryptedSecret": z.string(),
1255
- "encryptionVersion": z.string(),
1256
- "secretFingerprint": z.string(),
1257
- "keyHint": z.string(),
1258
- "status": z.enum(["active", "revoked"]),
1259
- "rotatedFromSecretRef": z.string().optional(),
1260
- "revokedAt": z.number().optional(),
1261
- "revokedBy": z.string().optional(),
1262
- "lastUsedAt": z.number().optional(),
1263
- "metadata": z.record(z.any()).optional(),
1264
- "createdBy": z.string(),
1265
- "createdAt": z.number(),
1266
- "updatedAt": z.number()
1406
+ secretRef: z.string(),
1407
+ tenantId: idOf("tenants"),
1408
+ workspaceId: idOf("workspaces").optional(),
1409
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1410
+ providerId: z.string(),
1411
+ label: z.string().optional(),
1412
+ encryptedSecret: z.string().optional(),
1413
+ infisicalPath: z.string().optional(),
1414
+ infisicalSecretKey: z.string().optional(),
1415
+ infisicalProjectId: z.string().optional(),
1416
+ encryptionVersion: z.string(),
1417
+ secretFingerprint: z.string(),
1418
+ keyHint: z.string(),
1419
+ status: z.enum(["active", "revoked"]),
1420
+ rotatedFromSecretRef: z.string().optional(),
1421
+ revokedAt: z.number().optional(),
1422
+ revokedBy: z.string().optional(),
1423
+ lastUsedAt: z.number().optional(),
1424
+ metadata: z.record(z.any()).optional(),
1425
+ createdBy: z.string(),
1426
+ createdAt: z.number(),
1427
+ updatedAt: z.number()
1267
1428
  }),
1268
1429
  indices: [
1269
1430
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1270
1431
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1271
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1272
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1432
+ {
1433
+ kind: "index",
1434
+ name: "by_tenant_provider",
1435
+ columns: ["tenantId", "providerId"]
1436
+ },
1437
+ {
1438
+ kind: "index",
1439
+ name: "by_tenant_provider_status",
1440
+ columns: ["tenantId", "providerId", "status"]
1441
+ },
1273
1442
  { kind: "index", name: "by_status", columns: ["status"] }
1274
1443
  ]
1275
1444
  });
@@ -1278,35 +1447,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1278
1447
  component: "mc",
1279
1448
  category: "runtime",
1280
1449
  shape: z.object({
1281
- "usageId": z.string(),
1282
- "tenantId": idOf("tenants"),
1283
- "providerId": z.string(),
1284
- "modelSlotId": z.string(),
1285
- "secretRef": z.string(),
1286
- "proxyTokenId": z.string(),
1287
- "sessionId": z.string(),
1288
- "principalId": z.string(),
1289
- "workspaceId": z.string().optional(),
1290
- "modelId": z.string().optional(),
1291
- "requestPath": z.string(),
1292
- "status": z.enum(["success", "error"]),
1293
- "responseStatus": z.number().optional(),
1294
- "inputTokens": z.number().optional(),
1295
- "outputTokens": z.number().optional(),
1296
- "tokenCount": z.number().optional(),
1297
- "latencyMs": z.number(),
1298
- "estimatedCostUsd": z.number().optional(),
1299
- "failureCode": z.string().optional(),
1300
- "metadata": z.record(z.any()).optional(),
1301
- "createdAt": z.number(),
1302
- "updatedAt": z.number()
1450
+ usageId: z.string(),
1451
+ tenantId: idOf("tenants"),
1452
+ providerId: z.string(),
1453
+ modelSlotId: z.string(),
1454
+ secretRef: z.string(),
1455
+ proxyTokenId: z.string(),
1456
+ sessionId: z.string(),
1457
+ principalId: z.string(),
1458
+ workspaceId: z.string().optional(),
1459
+ modelId: z.string().optional(),
1460
+ requestPath: z.string(),
1461
+ status: z.enum(["success", "error"]),
1462
+ responseStatus: z.number().optional(),
1463
+ inputTokens: z.number().optional(),
1464
+ outputTokens: z.number().optional(),
1465
+ tokenCount: z.number().optional(),
1466
+ latencyMs: z.number(),
1467
+ estimatedCostUsd: z.number().optional(),
1468
+ failureCode: z.string().optional(),
1469
+ metadata: z.record(z.any()).optional(),
1470
+ createdAt: z.number(),
1471
+ updatedAt: z.number()
1303
1472
  }),
1304
1473
  indices: [
1305
1474
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1306
1475
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1307
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1308
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1309
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1476
+ {
1477
+ kind: "index",
1478
+ name: "by_tenant_provider",
1479
+ columns: ["tenantId", "providerId", "createdAt"]
1480
+ },
1481
+ {
1482
+ kind: "index",
1483
+ name: "by_proxyTokenId",
1484
+ columns: ["proxyTokenId", "createdAt"]
1485
+ },
1486
+ {
1487
+ kind: "index",
1488
+ name: "by_sessionId",
1489
+ columns: ["sessionId", "createdAt"]
1490
+ }
1491
+ ]
1492
+ });
1493
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1494
+ name: "controlPlaneTenantProxyTokenLeases",
1495
+ component: "mc",
1496
+ category: "runtime",
1497
+ shape: z.object({
1498
+ leaseId: z.string(),
1499
+ proxyTokenId: z.string(),
1500
+ tenantId: idOf("tenants"),
1501
+ workspaceId: idOf("workspaces").optional(),
1502
+ environment: z.enum(["dev", "staging", "prod"]),
1503
+ providerId: z.string(),
1504
+ modelSlotId: z.string(),
1505
+ bindingId: z.string(),
1506
+ secretRef: z.string(),
1507
+ sessionId: z.string(),
1508
+ principalId: z.string(),
1509
+ agentSessionId: z.string().optional(),
1510
+ status: z.enum(["active", "revoked"]),
1511
+ expiresAt: z.number(),
1512
+ renewedAt: z.number().optional(),
1513
+ revokedAt: z.number().optional(),
1514
+ revokedBy: z.string().optional(),
1515
+ revokeReason: z.string().optional(),
1516
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1517
+ permitTraceId: z.string().optional(),
1518
+ metadata: z.record(z.any()).optional(),
1519
+ createdAt: z.number(),
1520
+ updatedAt: z.number()
1521
+ }),
1522
+ indices: [
1523
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1524
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1525
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1526
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1527
+ {
1528
+ kind: "index",
1529
+ name: "by_principalId",
1530
+ columns: ["principalId", "createdAt"]
1531
+ },
1532
+ {
1533
+ kind: "index",
1534
+ name: "by_status_expiresAt",
1535
+ columns: ["status", "expiresAt"]
1536
+ }
1310
1537
  ]
1311
1538
  });
1312
1539
  var crossProjectConnections = defineTable({
@@ -1648,6 +1875,7 @@ var epistemicNodes = defineTable({
1648
1875
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1649
1876
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1650
1877
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1878
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1651
1879
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1652
1880
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1653
1881
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1798,6 +2026,7 @@ var memberships = defineTable({
1798
2026
  indices: [
1799
2027
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1800
2028
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2029
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1801
2030
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1802
2031
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1803
2032
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1829,6 +2058,36 @@ var principals = defineTable({
1829
2058
  { kind: "index", name: "by_status", columns: ["status"] }
1830
2059
  ]
1831
2060
  });
2061
+ var principalIdentityAliases = defineTable({
2062
+ name: "principalIdentityAliases",
2063
+ component: "mc",
2064
+ category: "identity",
2065
+ shape: z.object({
2066
+ "principalId": z.string(),
2067
+ "principalRefId": idOf("principals").optional(),
2068
+ "provider": z.string(),
2069
+ "providerProjectId": z.string().optional(),
2070
+ "externalSubjectId": z.string(),
2071
+ "tenantId": idOf("tenants").optional(),
2072
+ "workspaceId": idOf("workspaces").optional(),
2073
+ "email": z.string().optional(),
2074
+ "status": z.enum(["active", "revoked"]),
2075
+ "metadata": z.record(z.any()).optional(),
2076
+ "createdBy": z.string(),
2077
+ "revokedAt": z.number().optional(),
2078
+ "revokedBy": z.string().optional(),
2079
+ "createdAt": z.number(),
2080
+ "updatedAt": z.number()
2081
+ }),
2082
+ indices: [
2083
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2084
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2085
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2086
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2087
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2088
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2089
+ ]
2090
+ });
1832
2091
  var rateLimitWindows = defineTable({
1833
2092
  name: "rateLimitWindows",
1834
2093
  component: "mc",
@@ -2418,7 +2677,7 @@ var lensTopicBindings = defineTable({
2418
2677
  });
2419
2678
  var mcpWritePolicy = defineTable({
2420
2679
  name: "mcpWritePolicy",
2421
- component: "identity",
2680
+ component: "control-plane",
2422
2681
  category: "platform",
2423
2682
  shape: z.object({
2424
2683
  "topicId": z.string().optional(),
@@ -2441,7 +2700,7 @@ var mcpWritePolicy = defineTable({
2441
2700
  });
2442
2701
  var platformAudienceGrants = defineTable({
2443
2702
  name: "platformAudienceGrants",
2444
- component: "identity",
2703
+ component: "control-plane",
2445
2704
  category: "platform",
2446
2705
  shape: z.object({
2447
2706
  "tenantId": z.string(),
@@ -2467,7 +2726,7 @@ var platformAudienceGrants = defineTable({
2467
2726
  });
2468
2727
  var platformAudiences = defineTable({
2469
2728
  name: "platformAudiences",
2470
- component: "identity",
2729
+ component: "control-plane",
2471
2730
  category: "platform",
2472
2731
  shape: z.object({
2473
2732
  "tenantId": z.string(),
@@ -2492,7 +2751,7 @@ var platformAudiences = defineTable({
2492
2751
  });
2493
2752
  var platformPolicyDecisionLogs = defineTable({
2494
2753
  name: "platformPolicyDecisionLogs",
2495
- component: "identity",
2754
+ component: "control-plane",
2496
2755
  category: "platform",
2497
2756
  shape: z.object({
2498
2757
  "principalId": z.string(),
@@ -2528,7 +2787,7 @@ var platformPolicyDecisionLogs = defineTable({
2528
2787
  });
2529
2788
  var tenantApiKeys = defineTable({
2530
2789
  name: "tenantApiKeys",
2531
- component: "identity",
2790
+ component: "control-plane",
2532
2791
  category: "platform",
2533
2792
  shape: z.object({
2534
2793
  "tenantId": z.string(),
@@ -2555,7 +2814,7 @@ var tenantApiKeys = defineTable({
2555
2814
  });
2556
2815
  var tenantConfig = defineTable({
2557
2816
  name: "tenantConfig",
2558
- component: "identity",
2817
+ component: "control-plane",
2559
2818
  category: "platform",
2560
2819
  shape: z.object({
2561
2820
  "tenantId": z.string(),
@@ -2574,7 +2833,7 @@ var tenantConfig = defineTable({
2574
2833
  });
2575
2834
  var tenantIntegrations = defineTable({
2576
2835
  name: "tenantIntegrations",
2577
- component: "identity",
2836
+ component: "control-plane",
2578
2837
  category: "platform",
2579
2838
  shape: z.object({
2580
2839
  "tenantId": z.string(),
@@ -2629,7 +2888,7 @@ var tenantIntegrations = defineTable({
2629
2888
  });
2630
2889
  var tenantModelSlotBindings = defineTable({
2631
2890
  name: "tenantModelSlotBindings",
2632
- component: "identity",
2891
+ component: "control-plane",
2633
2892
  category: "platform",
2634
2893
  shape: z.object({
2635
2894
  "bindingId": z.string(),
@@ -2657,7 +2916,7 @@ var tenantModelSlotBindings = defineTable({
2657
2916
  });
2658
2917
  var tenantPolicies = defineTable({
2659
2918
  name: "tenantPolicies",
2660
- component: "identity",
2919
+ component: "control-plane",
2661
2920
  category: "platform",
2662
2921
  shape: z.object({
2663
2922
  "tenantId": z.string(),
@@ -2682,7 +2941,7 @@ var tenantPolicies = defineTable({
2682
2941
  });
2683
2942
  var tenantProviderSecrets = defineTable({
2684
2943
  name: "tenantProviderSecrets",
2685
- component: "identity",
2944
+ component: "control-plane",
2686
2945
  category: "platform",
2687
2946
  shape: z.object({
2688
2947
  "secretRef": z.string(),
@@ -2713,7 +2972,7 @@ var tenantProviderSecrets = defineTable({
2713
2972
  });
2714
2973
  var tenantProxyGatewayUsage = defineTable({
2715
2974
  name: "tenantProxyGatewayUsage",
2716
- component: "identity",
2975
+ component: "control-plane",
2717
2976
  category: "platform",
2718
2977
  shape: z.object({
2719
2978
  "usageId": z.string(),
@@ -2748,7 +3007,7 @@ var tenantProxyGatewayUsage = defineTable({
2748
3007
  });
2749
3008
  var tenantProxyTokenMints = defineTable({
2750
3009
  name: "tenantProxyTokenMints",
2751
- component: "identity",
3010
+ component: "control-plane",
2752
3011
  category: "platform",
2753
3012
  shape: z.object({
2754
3013
  "proxyTokenId": z.string(),
@@ -2771,7 +3030,7 @@ var tenantProxyTokenMints = defineTable({
2771
3030
  });
2772
3031
  var tenantSandboxAuditEvents = defineTable({
2773
3032
  name: "tenantSandboxAuditEvents",
2774
- component: "identity",
3033
+ component: "control-plane",
2775
3034
  category: "platform",
2776
3035
  shape: z.object({
2777
3036
  "eventId": z.string(),
@@ -2805,7 +3064,7 @@ var tenantSandboxAuditEvents = defineTable({
2805
3064
  });
2806
3065
  var tenantSecrets = defineTable({
2807
3066
  name: "tenantSecrets",
2808
- component: "identity",
3067
+ component: "control-plane",
2809
3068
  category: "platform",
2810
3069
  shape: z.object({
2811
3070
  "tenantId": z.string(),
@@ -2827,7 +3086,7 @@ var tenantSecrets = defineTable({
2827
3086
  });
2828
3087
  var toolAcls = defineTable({
2829
3088
  name: "toolAcls",
2830
- component: "identity",
3089
+ component: "control-plane",
2831
3090
  category: "platform",
2832
3091
  shape: z.object({
2833
3092
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2842,7 +3101,7 @@ var toolAcls = defineTable({
2842
3101
  });
2843
3102
  var toolRegistry = defineTable({
2844
3103
  name: "toolRegistry",
2845
- component: "identity",
3104
+ component: "control-plane",
2846
3105
  category: "platform",
2847
3106
  shape: z.object({
2848
3107
  "toolName": z.string(),
@@ -2923,7 +3182,7 @@ var tenantMethodologyAssignments = defineTable({
2923
3182
  });
2924
3183
  var modelCallLogs = defineTable({
2925
3184
  name: "modelCallLogs",
2926
- component: "identity",
3185
+ component: "control-plane",
2927
3186
  category: "model",
2928
3187
  shape: z.object({
2929
3188
  "slot": z.string(),
@@ -2949,7 +3208,7 @@ var modelCallLogs = defineTable({
2949
3208
  });
2950
3209
  var modelFunctionSlots = defineTable({
2951
3210
  name: "modelFunctionSlots",
2952
- component: "identity",
3211
+ component: "control-plane",
2953
3212
  category: "model",
2954
3213
  shape: z.object({
2955
3214
  "slot": z.string(),
@@ -2974,7 +3233,7 @@ var modelFunctionSlots = defineTable({
2974
3233
  });
2975
3234
  var modelRegistry = defineTable({
2976
3235
  name: "modelRegistry",
2977
- component: "identity",
3236
+ component: "control-plane",
2978
3237
  category: "model",
2979
3238
  shape: z.object({
2980
3239
  "key": z.string(),
@@ -3001,7 +3260,7 @@ var modelRegistry = defineTable({
3001
3260
  });
3002
3261
  var modelSlotConfigs = defineTable({
3003
3262
  name: "modelSlotConfigs",
3004
- component: "identity",
3263
+ component: "control-plane",
3005
3264
  category: "model",
3006
3265
  shape: z.object({
3007
3266
  "slot": z.string(),
@@ -3388,7 +3647,7 @@ var policyDecisionLogs = defineTable({
3388
3647
  "workspaceId": idOf("workspaces").optional(),
3389
3648
  "resourceType": z.string(),
3390
3649
  "resourceId": z.string(),
3391
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3650
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3392
3651
  "decision": z.enum(["allow", "deny"]),
3393
3652
  "reasonCode": z.string(),
3394
3653
  "policyVersion": z.string(),
@@ -3450,7 +3709,7 @@ var controlPlaneToolAcls = defineTable({
3450
3709
  });
3451
3710
  var projectGrants = defineTable({
3452
3711
  name: "projectGrants",
3453
- component: "identity",
3712
+ component: "control-plane",
3454
3713
  category: "project",
3455
3714
  shape: z.object({
3456
3715
  "projectId": z.string().optional(),
@@ -3482,9 +3741,648 @@ var projectGrants = defineTable({
3482
3741
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3483
3742
  ]
3484
3743
  });
3744
+ var permitActorType = z.enum([
3745
+ "human",
3746
+ "agent",
3747
+ "service_principal",
3748
+ "external_stakeholder",
3749
+ "system"
3750
+ ]);
3751
+ var permitMembershipStatus = z.enum([
3752
+ "active",
3753
+ "invited",
3754
+ "revoked",
3755
+ "suspended",
3756
+ "disabled"
3757
+ ]);
3758
+ var permitDecision = z.enum(["allow", "deny"]);
3759
+ var permitAccessReviewStatus = z.enum([
3760
+ "open",
3761
+ "in_progress",
3762
+ "approved",
3763
+ "denied",
3764
+ "expired",
3765
+ "cancelled"
3766
+ ]);
3767
+ var permitReviewScope = z.enum([
3768
+ "tenant",
3769
+ "workspace",
3770
+ "resource_instance",
3771
+ "group",
3772
+ "principal",
3773
+ "api_key",
3774
+ "admin_action"
3775
+ ]);
3776
+ var permitRecordStatus = z.enum([
3777
+ "queued",
3778
+ "inflight",
3779
+ "completed",
3780
+ "failed",
3781
+ "skipped",
3782
+ "stale"
3783
+ ]);
3784
+ var permitObjectType = z.enum([
3785
+ "resource",
3786
+ "role",
3787
+ "resource_role",
3788
+ "resource_relation",
3789
+ "tenant",
3790
+ "workspace",
3791
+ "principal",
3792
+ "membership",
3793
+ "group",
3794
+ "resource_instance",
3795
+ "relationship_tuple",
3796
+ "role_assignment"
3797
+ ]);
3798
+ var permitOutboxOperation = z.enum([
3799
+ "upsert",
3800
+ "delete",
3801
+ "sync",
3802
+ "resync",
3803
+ "delete_sync",
3804
+ "noop"
3805
+ ]);
3806
+ var permitPolicyBundleStatus = z.enum([
3807
+ "draft",
3808
+ "validated",
3809
+ "enforced",
3810
+ "archived"
3811
+ ]);
3812
+ var permitSyncStatus = z.enum([
3813
+ "pending",
3814
+ "synced",
3815
+ "error",
3816
+ "skipped"
3817
+ ]);
3818
+ var permitAccessReviewSubjectType = z.enum([
3819
+ "principal",
3820
+ "group",
3821
+ "role_assignment",
3822
+ "resource_instance"
3823
+ ]);
3824
+ var permitAttributeType = z.enum([
3825
+ "string",
3826
+ "number",
3827
+ "bool",
3828
+ "json",
3829
+ "time"
3830
+ ]);
3831
+ var permitAttributeOperator = z.enum([
3832
+ "eq",
3833
+ "neq",
3834
+ "in",
3835
+ "not_in",
3836
+ "gt",
3837
+ "gte",
3838
+ "lt",
3839
+ "lte",
3840
+ "contains",
3841
+ "not_contains",
3842
+ "matches"
3843
+ ]);
3844
+ var permitRoleBindingTarget = z.enum([
3845
+ "principal",
3846
+ "group"
3847
+ ]);
3848
+ var permitPrincipals = defineTable({
3849
+ name: "permitPrincipals",
3850
+ component: "control-plane",
3851
+ category: "access-control",
3852
+ shape: z.object({
3853
+ principalId: z.string(),
3854
+ tenantId: z.string(),
3855
+ workspaceId: z.optional(z.string()),
3856
+ principalType: permitActorType,
3857
+ status: permitMembershipStatus,
3858
+ displayName: z.string().optional(),
3859
+ metadata: z.record(z.any()).optional(),
3860
+ createdBy: z.string(),
3861
+ createdAt: z.number(),
3862
+ updatedAt: z.number(),
3863
+ updatedBy: z.string().optional(),
3864
+ lastSeenAt: z.number().optional()
3865
+ }),
3866
+ indices: [
3867
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3868
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3869
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3870
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3871
+ {
3872
+ kind: "index",
3873
+ name: "by_tenant_principalType_status",
3874
+ columns: ["tenantId", "principalType", "status"]
3875
+ }
3876
+ ]
3877
+ });
3878
+ var permitPrincipalAliases = defineTable({
3879
+ name: "permitPrincipalAliases",
3880
+ component: "control-plane",
3881
+ category: "access-control",
3882
+ shape: z.object({
3883
+ principalId: z.string(),
3884
+ tenantId: z.string(),
3885
+ workspaceId: z.optional(z.string()),
3886
+ provider: z.string(),
3887
+ providerSubjectId: z.string(),
3888
+ providerProjectId: z.string().optional(),
3889
+ alias: z.string(),
3890
+ aliasKind: z.string(),
3891
+ status: permitMembershipStatus,
3892
+ metadata: z.record(z.any()).optional(),
3893
+ createdBy: z.string(),
3894
+ createdAt: z.number(),
3895
+ updatedAt: z.number(),
3896
+ revokedBy: z.string().optional(),
3897
+ revokedAt: z.number().optional(),
3898
+ updatedBy: z.string().optional()
3899
+ }),
3900
+ indices: [
3901
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3902
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3903
+ {
3904
+ kind: "index",
3905
+ name: "by_tenant_provider_alias",
3906
+ columns: ["tenantId", "provider", "alias"]
3907
+ },
3908
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3909
+ {
3910
+ kind: "index",
3911
+ name: "by_tenant_provider_status",
3912
+ columns: ["tenantId", "provider", "status"]
3913
+ }
3914
+ ]
3915
+ });
3916
+ var permitGroups = defineTable({
3917
+ name: "permitGroups",
3918
+ component: "control-plane",
3919
+ category: "access-control",
3920
+ shape: z.object({
3921
+ tenantId: z.string(),
3922
+ workspaceId: z.optional(z.string()),
3923
+ groupId: z.string(),
3924
+ groupKey: z.string(),
3925
+ groupName: z.string(),
3926
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3927
+ status: permitMembershipStatus,
3928
+ description: z.string().optional(),
3929
+ metadata: z.record(z.any()).optional(),
3930
+ createdBy: z.string(),
3931
+ createdAt: z.number(),
3932
+ updatedAt: z.number(),
3933
+ updatedBy: z.string().optional()
3934
+ }),
3935
+ indices: [
3936
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3937
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3938
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3939
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3940
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3941
+ ]
3942
+ });
3943
+ var permitGroupMemberships = defineTable({
3944
+ name: "permitGroupMemberships",
3945
+ component: "control-plane",
3946
+ category: "access-control",
3947
+ shape: z.object({
3948
+ tenantId: z.string(),
3949
+ workspaceId: z.optional(z.string()),
3950
+ groupId: z.string(),
3951
+ memberType: z.enum(["principal", "group"]),
3952
+ memberId: z.string(),
3953
+ principalId: z.string().optional(),
3954
+ childGroupId: z.string().optional(),
3955
+ status: permitMembershipStatus,
3956
+ addedBy: z.string().optional(),
3957
+ revokedBy: z.string().optional(),
3958
+ expiresAt: z.number().optional(),
3959
+ revocationReason: z.string().optional(),
3960
+ metadata: z.record(z.any()).optional(),
3961
+ createdAt: z.number(),
3962
+ updatedAt: z.number(),
3963
+ updatedBy: z.string().optional()
3964
+ }),
3965
+ indices: [
3966
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
3967
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
3968
+ {
3969
+ kind: "index",
3970
+ name: "by_tenant_member_group",
3971
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
3972
+ },
3973
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
3974
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
3975
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3976
+ {
3977
+ kind: "index",
3978
+ name: "by_workspace_principal",
3979
+ columns: ["workspaceId", "principalId"]
3980
+ }
3981
+ ]
3982
+ });
3983
+ var permitResourceInstances = defineTable({
3984
+ name: "permitResourceInstances",
3985
+ component: "control-plane",
3986
+ category: "access-control",
3987
+ shape: z.object({
3988
+ tenantId: z.string(),
3989
+ workspaceId: z.optional(z.string()),
3990
+ resourceType: z.string(),
3991
+ resourceKey: z.string(),
3992
+ resourceId: z.string(),
3993
+ status: z.enum(["active", "deleted", "archived"]),
3994
+ attributes: z.record(z.any()).optional(),
3995
+ ownerPrincipalId: z.string().optional(),
3996
+ metadata: z.record(z.any()).optional(),
3997
+ createdBy: z.string(),
3998
+ updatedBy: z.string().optional(),
3999
+ createdAt: z.number(),
4000
+ updatedAt: z.number()
4001
+ }),
4002
+ indices: [
4003
+ {
4004
+ kind: "index",
4005
+ name: "by_tenant_resource_type",
4006
+ columns: ["tenantId", "resourceType"]
4007
+ },
4008
+ {
4009
+ kind: "index",
4010
+ name: "by_tenant_resource_key",
4011
+ columns: ["tenantId", "resourceType", "resourceKey"]
4012
+ },
4013
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4014
+ { kind: "index", name: "by_status", columns: ["status"] },
4015
+ {
4016
+ kind: "index",
4017
+ name: "by_tenant_status",
4018
+ columns: ["tenantId", "status"]
4019
+ },
4020
+ {
4021
+ kind: "index",
4022
+ name: "by_ownerPrincipalId",
4023
+ columns: ["ownerPrincipalId"]
4024
+ }
4025
+ ]
4026
+ });
4027
+ var permitRoleAssignments = defineTable({
4028
+ name: "permitRoleAssignments",
4029
+ component: "control-plane",
4030
+ category: "access-control",
4031
+ shape: z.object({
4032
+ tenantId: z.string(),
4033
+ workspaceId: z.optional(z.string()),
4034
+ role: z.string(),
4035
+ targetType: permitRoleBindingTarget,
4036
+ targetId: z.string(),
4037
+ resourceType: z.string(),
4038
+ resourceKey: z.string(),
4039
+ resourceInstanceId: z.string().optional(),
4040
+ status: permitMembershipStatus,
4041
+ expiresAt: z.number().optional(),
4042
+ attributes: z.record(z.any()).optional(),
4043
+ grantedBy: z.string().optional(),
4044
+ updatedBy: z.string().optional(),
4045
+ revokedBy: z.string().optional(),
4046
+ createdAt: z.number(),
4047
+ updatedAt: z.number()
4048
+ }),
4049
+ indices: [
4050
+ {
4051
+ kind: "index",
4052
+ name: "by_tenant_target",
4053
+ columns: ["tenantId", "targetType", "targetId"]
4054
+ },
4055
+ {
4056
+ kind: "index",
4057
+ name: "by_tenant_resource",
4058
+ columns: ["tenantId", "resourceType", "resourceKey"]
4059
+ },
4060
+ {
4061
+ kind: "index",
4062
+ name: "by_tenant_role",
4063
+ columns: ["tenantId", "role", "status"]
4064
+ },
4065
+ { kind: "index", name: "by_status", columns: ["status"] },
4066
+ {
4067
+ kind: "index",
4068
+ name: "by_workspace_resource",
4069
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4070
+ }
4071
+ ]
4072
+ });
4073
+ var permitRelationshipTuples = defineTable({
4074
+ name: "permitRelationshipTuples",
4075
+ component: "control-plane",
4076
+ category: "access-control",
4077
+ shape: z.object({
4078
+ tenantId: z.string(),
4079
+ workspaceId: z.optional(z.string()),
4080
+ relation: z.string(),
4081
+ subject: z.string(),
4082
+ object: z.string(),
4083
+ resourceType: z.string().optional(),
4084
+ resourceKey: z.string().optional(),
4085
+ status: permitRecordStatus,
4086
+ attributes: z.record(z.any()).optional(),
4087
+ createdBy: z.string(),
4088
+ createdAt: z.number(),
4089
+ updatedAt: z.number(),
4090
+ lastSeenAt: z.number().optional(),
4091
+ updatedBy: z.string().optional()
4092
+ }),
4093
+ indices: [
4094
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4095
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4096
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4097
+ {
4098
+ kind: "index",
4099
+ name: "by_tenant_relation_subject",
4100
+ columns: ["tenantId", "relation", "subject"]
4101
+ },
4102
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4103
+ ]
4104
+ });
4105
+ var permitAttributeBindings = defineTable({
4106
+ name: "permitAttributeBindings",
4107
+ component: "control-plane",
4108
+ category: "access-control",
4109
+ shape: z.object({
4110
+ tenantId: z.string(),
4111
+ workspaceId: z.optional(z.string()),
4112
+ targetType: permitRoleBindingTarget,
4113
+ targetId: z.string(),
4114
+ attributeName: z.string(),
4115
+ attributeType: permitAttributeType,
4116
+ attributeOperator: permitAttributeOperator,
4117
+ attributeValue: z.any(),
4118
+ status: permitRecordStatus,
4119
+ source: z.string().optional(),
4120
+ sourceRef: z.string().optional(),
4121
+ metadata: z.record(z.any()).optional(),
4122
+ createdAt: z.number(),
4123
+ updatedAt: z.number(),
4124
+ createdBy: z.string(),
4125
+ updatedBy: z.string().optional(),
4126
+ expiresAt: z.number().optional()
4127
+ }),
4128
+ indices: [
4129
+ {
4130
+ kind: "index",
4131
+ name: "by_tenant_target",
4132
+ columns: ["tenantId", "targetType", "targetId"]
4133
+ },
4134
+ {
4135
+ kind: "index",
4136
+ name: "by_tenant_target_attribute",
4137
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4138
+ },
4139
+ {
4140
+ kind: "index",
4141
+ name: "by_tenant_name",
4142
+ columns: ["tenantId", "attributeName"]
4143
+ },
4144
+ {
4145
+ kind: "index",
4146
+ name: "by_tenant_status",
4147
+ columns: ["tenantId", "status"]
4148
+ }
4149
+ ]
4150
+ });
4151
+ var permitPolicyBundles = defineTable({
4152
+ name: "permitPolicyBundles",
4153
+ component: "control-plane",
4154
+ category: "access-control",
4155
+ shape: z.object({
4156
+ tenantId: z.string(),
4157
+ workspaceId: z.optional(z.string()),
4158
+ bundleKey: z.string(),
4159
+ version: z.number(),
4160
+ status: permitPolicyBundleStatus,
4161
+ policyHash: z.string().optional(),
4162
+ policyPayload: z.record(z.any()),
4163
+ metadata: z.record(z.any()).optional(),
4164
+ createdBy: z.string(),
4165
+ reviewedBy: z.string().optional(),
4166
+ createdAt: z.number(),
4167
+ updatedAt: z.number(),
4168
+ retiredAt: z.number().optional()
4169
+ }),
4170
+ indices: [
4171
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4172
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4173
+ {
4174
+ kind: "index",
4175
+ name: "by_tenant_bundleKey",
4176
+ columns: ["tenantId", "bundleKey"]
4177
+ },
4178
+ {
4179
+ kind: "index",
4180
+ name: "by_tenant_bundle_version",
4181
+ columns: ["tenantId", "bundleKey", "version"]
4182
+ },
4183
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4184
+ ]
4185
+ });
4186
+ var permitProjectionOutbox = defineTable({
4187
+ name: "permitProjectionOutbox",
4188
+ component: "control-plane",
4189
+ category: "access-control",
4190
+ shape: z.object({
4191
+ syncKey: z.string(),
4192
+ objectType: permitObjectType,
4193
+ objectId: z.string(),
4194
+ operation: permitOutboxOperation,
4195
+ payload: z.record(z.any()),
4196
+ status: permitRecordStatus,
4197
+ attemptCount: z.number(),
4198
+ nextAttemptAt: z.number().optional(),
4199
+ lastError: z.string().optional(),
4200
+ tenantId: z.string().optional(),
4201
+ workspaceId: z.optional(z.string()),
4202
+ principalId: z.string().optional(),
4203
+ permitTenantKey: z.string().optional(),
4204
+ permitResourceType: z.string().optional(),
4205
+ permitResourceKey: z.string().optional(),
4206
+ createdAt: z.number(),
4207
+ updatedAt: z.number(),
4208
+ lastHandledAt: z.number().optional()
4209
+ }),
4210
+ indices: [
4211
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4212
+ { kind: "index", name: "by_status", columns: ["status"] },
4213
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4214
+ {
4215
+ kind: "index",
4216
+ name: "by_tenant_status",
4217
+ columns: ["tenantId", "status"]
4218
+ },
4219
+ {
4220
+ kind: "index",
4221
+ name: "by_objectType",
4222
+ columns: ["objectType", "status"]
4223
+ }
4224
+ ]
4225
+ });
4226
+ var tenantPermitSyncStates = defineTable({
4227
+ name: "tenantPermitSyncStates",
4228
+ component: "control-plane",
4229
+ category: "access-control",
4230
+ shape: z.object({
4231
+ syncKey: z.string(),
4232
+ objectType: permitObjectType,
4233
+ objectId: z.string(),
4234
+ tenantId: z.string().optional(),
4235
+ workspaceId: z.string().optional(),
4236
+ principalId: z.string().optional(),
4237
+ permitTenantKey: z.string().optional(),
4238
+ permitResourceType: z.string().optional(),
4239
+ permitResourceKey: z.string().optional(),
4240
+ desiredPayload: z.record(z.any()),
4241
+ lastAppliedPayloadHash: z.string().optional(),
4242
+ status: permitSyncStatus,
4243
+ attemptCount: z.number(),
4244
+ lastError: z.string().optional(),
4245
+ nextAttemptAt: z.number().optional(),
4246
+ lastSyncedAt: z.number().optional(),
4247
+ createdBy: z.string(),
4248
+ updatedBy: z.string().optional(),
4249
+ createdAt: z.number(),
4250
+ updatedAt: z.number()
4251
+ }),
4252
+ indices: [
4253
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4254
+ { kind: "index", name: "by_status", columns: ["status"] },
4255
+ {
4256
+ kind: "index",
4257
+ name: "by_tenant_status",
4258
+ columns: ["tenantId", "status"]
4259
+ },
4260
+ {
4261
+ kind: "index",
4262
+ name: "by_workspace_status",
4263
+ columns: ["workspaceId", "status"]
4264
+ },
4265
+ {
4266
+ kind: "index",
4267
+ name: "by_principal_status",
4268
+ columns: ["principalId", "status"]
4269
+ }
4270
+ ]
4271
+ });
4272
+ var permitPolicyDecisionReceipts = defineTable({
4273
+ name: "permitPolicyDecisionReceipts",
4274
+ component: "control-plane",
4275
+ category: "access-control",
4276
+ shape: z.object({
4277
+ tenantId: z.string().optional(),
4278
+ workspaceId: z.string().optional(),
4279
+ principalId: z.string(),
4280
+ subjectType: permitAccessReviewSubjectType.optional(),
4281
+ subjectId: z.string().optional(),
4282
+ resourceType: z.string(),
4283
+ resourceId: z.string(),
4284
+ action: z.string(),
4285
+ decision: permitDecision,
4286
+ reasonCode: z.string(),
4287
+ policyBundleId: z.string().optional(),
4288
+ policyVersion: z.string(),
4289
+ traceId: z.string().optional(),
4290
+ requestId: z.string().optional(),
4291
+ audienceMode: z.string().optional(),
4292
+ audienceKey: z.string().optional(),
4293
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4294
+ metadata: z.record(z.any()).optional(),
4295
+ createdAt: z.number(),
4296
+ expiresAt: z.number().optional(),
4297
+ createdBy: z.string().optional()
4298
+ }),
4299
+ indices: [
4300
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4301
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4302
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4303
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4304
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4305
+ { kind: "index", name: "by_action", columns: ["action"] }
4306
+ ]
4307
+ });
4308
+ var permitAccessReviews = defineTable({
4309
+ name: "permitAccessReviews",
4310
+ component: "control-plane",
4311
+ category: "access-control",
4312
+ shape: z.object({
4313
+ tenantId: z.string(),
4314
+ workspaceId: z.optional(z.string()),
4315
+ reviewKey: z.string(),
4316
+ scope: permitReviewScope,
4317
+ status: permitAccessReviewStatus,
4318
+ subjectType: permitAccessReviewSubjectType,
4319
+ subjectId: z.string(),
4320
+ resourceType: z.string().optional(),
4321
+ resourceKey: z.string().optional(),
4322
+ outcome: z.enum(["allow", "deny"]).optional(),
4323
+ requestedBy: z.string(),
4324
+ reviewedBy: z.string().optional(),
4325
+ requestedAt: z.number(),
4326
+ reviewedAt: z.number().optional(),
4327
+ dueAt: z.number().optional(),
4328
+ justification: z.string().optional(),
4329
+ rationale: z.string().optional(),
4330
+ policyBundleId: z.string().optional(),
4331
+ metadata: z.record(z.any()).optional(),
4332
+ createdAt: z.number(),
4333
+ updatedAt: z.number()
4334
+ }),
4335
+ indices: [
4336
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4337
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4338
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4339
+ {
4340
+ kind: "index",
4341
+ name: "by_tenant_subject",
4342
+ columns: ["tenantId", "subjectType", "subjectId"]
4343
+ },
4344
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4345
+ {
4346
+ kind: "index",
4347
+ name: "by_workspace_status",
4348
+ columns: ["workspaceId", "status"]
4349
+ }
4350
+ ]
4351
+ });
4352
+ var permitAccessReviewItems = defineTable({
4353
+ name: "permitAccessReviewItems",
4354
+ component: "control-plane",
4355
+ category: "access-control",
4356
+ shape: z.object({
4357
+ reviewKey: z.string(),
4358
+ itemKey: z.string(),
4359
+ tenantId: z.string(),
4360
+ workspaceId: z.string().optional(),
4361
+ subjectType: permitAccessReviewSubjectType,
4362
+ subjectId: z.string(),
4363
+ resourceType: z.string().optional(),
4364
+ resourceKey: z.string().optional(),
4365
+ role: z.string().optional(),
4366
+ relation: z.string().optional(),
4367
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4368
+ reviewerId: z.string().optional(),
4369
+ decisionAt: z.number().optional(),
4370
+ rationale: z.string().optional(),
4371
+ metadata: z.record(z.any()).optional(),
4372
+ createdAt: z.number(),
4373
+ updatedAt: z.number()
4374
+ }),
4375
+ indices: [
4376
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4377
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4378
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4379
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4380
+ { kind: "index", name: "by_status", columns: ["status"] }
4381
+ ]
4382
+ });
3485
4383
  var reasoningPermissions = defineTable({
3486
4384
  name: "reasoningPermissions",
3487
- component: "identity",
4385
+ component: "control-plane",
3488
4386
  category: "epistemic",
3489
4387
  shape: z.object({
3490
4388
  "topicId": z.string().optional(),
@@ -3731,7 +4629,7 @@ var topics = defineTable({
3731
4629
  });
3732
4630
  var users = defineTable({
3733
4631
  name: "users",
3734
- component: "identity",
4632
+ component: "control-plane",
3735
4633
  category: "user",
3736
4634
  shape: z.object({
3737
4635
  "clerkId": z.string(),
@@ -3845,7 +4743,6 @@ var workspaces = defineTable({
3845
4743
  "deployments": z.record(z.object({
3846
4744
  "url": z.string(),
3847
4745
  "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
3848
- "encryptedDeployKey": z.string().optional(),
3849
4746
  "credentialRef": z.string().optional()
3850
4747
  })).optional(),
3851
4748
  "metadata": z.record(z.any()).optional(),
@@ -3860,6 +4757,39 @@ var workspaces = defineTable({
3860
4757
  { kind: "index", name: "by_status", columns: ["status"] }
3861
4758
  ]
3862
4759
  });
4760
+ var deploymentHosts = defineTable({
4761
+ name: "deploymentHosts",
4762
+ component: "mc",
4763
+ category: "workspace",
4764
+ shape: z.object({
4765
+ "host": z.string(),
4766
+ "tenantId": idOf("tenants"),
4767
+ "workspaceId": idOf("workspaces"),
4768
+ "environment": z.enum(["dev", "staging", "prod"]),
4769
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4770
+ "deploymentUrl": z.string().optional(),
4771
+ "deploymentName": z.string().optional(),
4772
+ "vercelProjectName": z.string().optional(),
4773
+ "vercelProjectId": z.string().optional(),
4774
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4775
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4776
+ "status": z.enum(["active", "revoked"]),
4777
+ "metadata": z.record(z.any()).optional(),
4778
+ "createdBy": z.string(),
4779
+ "createdAt": z.number(),
4780
+ "updatedAt": z.number(),
4781
+ "revokedAt": z.number().optional(),
4782
+ "revokedBy": z.string().optional()
4783
+ }),
4784
+ indices: [
4785
+ { kind: "index", name: "by_host", columns: ["host"] },
4786
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4787
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4788
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4789
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4790
+ { kind: "index", name: "by_status", columns: ["status"] }
4791
+ ]
4792
+ });
3863
4793
  var worktreeBeliefCluster = defineTable({
3864
4794
  name: "worktreeBeliefCluster",
3865
4795
  component: "kernel",
@@ -4224,9 +5154,23 @@ var KERNEL_TABLE_CONTRACTS = [
4224
5154
  worktreeBeliefCluster,
4225
5155
  worktrees
4226
5156
  ];
4227
- var IDENTITY_TABLE_CONTRACTS = [
5157
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4228
5158
  agents,
4229
5159
  reasoningPermissions,
5160
+ permitAccessReviewItems,
5161
+ permitAccessReviews,
5162
+ permitAttributeBindings,
5163
+ permitGroups,
5164
+ permitGroupMemberships,
5165
+ permitPolicyBundles,
5166
+ permitPolicyDecisionReceipts,
5167
+ permitPrincipalAliases,
5168
+ permitPrincipals,
5169
+ permitProjectionOutbox,
5170
+ permitRelationshipTuples,
5171
+ permitResourceInstances,
5172
+ permitRoleAssignments,
5173
+ tenantPermitSyncStates,
4230
5174
  modelCallLogs,
4231
5175
  modelFunctionSlots,
4232
5176
  modelRegistry,
@@ -4256,6 +5200,7 @@ var MC_TABLE_CONTRACTS = [
4256
5200
  memberships,
4257
5201
  oauthDeviceCodes,
4258
5202
  principals,
5203
+ principalIdentityAliases,
4259
5204
  rateLimitWindows,
4260
5205
  servicePrincipalKeys,
4261
5206
  userSessions,
@@ -4271,29 +5216,33 @@ var MC_TABLE_CONTRACTS = [
4271
5216
  policyDecisionLogs,
4272
5217
  policySimulations,
4273
5218
  controlPlaneToolAcls,
5219
+ permitSyncStates,
4274
5220
  agentRegistryEntries,
4275
5221
  toolCatalog,
4276
5222
  toolRegistryEntries,
4277
5223
  compatibilityShims,
4278
5224
  cutoverFlags,
4279
5225
  tenantDeploymentCredentials,
5226
+ secretSyncDriftReports,
4280
5227
  controlPlaneTenantModelSlotBindings,
4281
5228
  controlPlaneTenantProviderSecrets,
4282
5229
  controlPlaneTenantProxyGatewayUsage,
5230
+ controlPlaneTenantProxyTokenLeases,
4283
5231
  apiKeys,
4284
5232
  auditLog,
4285
5233
  tenants,
4286
- workspaces
5234
+ workspaces,
5235
+ deploymentHosts
4287
5236
  ];
4288
5237
  var TABLE_CONTRACTS_BY_COMPONENT = {
4289
5238
  kernel: KERNEL_TABLE_CONTRACTS,
4290
- identity: IDENTITY_TABLE_CONTRACTS,
5239
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4291
5240
  mc: MC_TABLE_CONTRACTS,
4292
5241
  "developer-pack": []
4293
5242
  };
4294
5243
  var ALL_TABLE_CONTRACTS = [
4295
5244
  ...KERNEL_TABLE_CONTRACTS,
4296
- ...IDENTITY_TABLE_CONTRACTS,
5245
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4297
5246
  ...MC_TABLE_CONTRACTS
4298
5247
  ];
4299
5248
  function listTableContractsByName(name) {
@@ -4305,6 +5254,6 @@ function getTableContract(name, component) {
4305
5254
  );
4306
5255
  }
4307
5256
 
4308
- export { ALL_TABLE_CONTRACTS, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
5257
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
4309
5258
  //# sourceMappingURL=manifest.js.map
4310
5259
  //# sourceMappingURL=manifest.js.map