@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26572 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +8 -4
  102. package/dist/index.js +30959 -406
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1597 -3
  105. package/dist/infisical-runtime.contract.js +2788 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1524 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2641 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/projections/check-convex-args-shape.js +10 -6
  117. package/dist/projections/check-convex-args-shape.js.map +1 -1
  118. package/dist/projections/create-evidence.projection.d.ts +6 -6
  119. package/dist/projections/create-evidence.projection.js +2 -3
  120. package/dist/projections/create-evidence.projection.js.map +1 -1
  121. package/dist/projections/index.d.ts +3 -3
  122. package/dist/projections/index.js +10 -6
  123. package/dist/projections/index.js.map +1 -1
  124. package/dist/projections/list-tasks.projection.d.ts +20 -8
  125. package/dist/projections/list-tasks.projection.js +8 -3
  126. package/dist/projections/list-tasks.projection.js.map +1 -1
  127. package/dist/proof-attestation.json +45 -0
  128. package/dist/schemas/component-table-manifest.d.ts +6 -6
  129. package/dist/schemas/component-table-manifest.js +2 -2
  130. package/dist/schemas/component-table-manifest.js.map +1 -1
  131. package/dist/schemas/index.d.ts +2 -2
  132. package/dist/schemas/index.js +1086 -137
  133. package/dist/schemas/index.js.map +1 -1
  134. package/dist/schemas/manifest.d.ts +2010 -120
  135. package/dist/schemas/manifest.js +1084 -135
  136. package/dist/schemas/manifest.js.map +1 -1
  137. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  138. package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
  139. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  140. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  141. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  142. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  145. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  148. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  151. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  154. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  157. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  158. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  159. package/dist/schemas/tables/kernel/config.js.map +1 -1
  160. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  161. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  162. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  163. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  164. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  165. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  166. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  167. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  168. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  170. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  171. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  172. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  173. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  174. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  176. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  177. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  178. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  179. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  180. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  181. package/dist/schemas/tables/kernel/spine.js +1 -0
  182. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  183. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  184. package/dist/schemas/tables/kernel/task.js.map +1 -1
  185. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  187. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  189. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  190. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  191. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  192. package/dist/schemas/tables/mc/identity.js +32 -1
  193. package/dist/schemas/tables/mc/identity.js.map +1 -1
  194. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  195. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  196. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  197. package/dist/schemas/tables/mc/pack.js.map +1 -1
  198. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  199. package/dist/schemas/tables/mc/policy.js +1 -1
  200. package/dist/schemas/tables/mc/policy.js.map +1 -1
  201. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  202. package/dist/schemas/tables/mc/registry.js.map +1 -1
  203. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  204. package/dist/schemas/tables/mc/runtime.js +330 -104
  205. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  206. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  207. package/dist/schemas/tables/mc/tenant.js +2 -1
  208. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  209. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  210. package/dist/schemas/tables/mc/workspace.js +34 -2
  211. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  212. package/dist/sdk-tools.contract.js +26 -1
  213. package/dist/sdk-tools.contract.js.map +1 -1
  214. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  215. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  216. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  218. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  219. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  220. package/dist/tenant-client.contract.d.ts +12 -12
  221. package/dist/tenant-client.contract.js +11 -11
  222. package/dist/tenant-client.contract.js.map +1 -1
  223. package/dist/tool-contracts.js +26 -1
  224. package/dist/tool-contracts.js.map +1 -1
  225. package/package.json +22 -1
  226. package/dist/schemas/tables/identity/agent.js.map +0 -1
  227. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  228. package/dist/schemas/tables/identity/model.js.map +0 -1
  229. package/dist/schemas/tables/identity/platform.js.map +0 -1
  230. package/dist/schemas/tables/identity/project.js.map +0 -1
  231. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -0,0 +1,653 @@
1
+ import { z } from 'zod';
2
+
3
+ // src/schemas/tables/controlPlane/accessControl.ts
4
+
5
+ // src/dsl/defineTable.ts
6
+ function defineTable(spec) {
7
+ return spec;
8
+ }
9
+
10
+ // src/schemas/tables/controlPlane/accessControl.ts
11
+ var permitActorType = z.enum([
12
+ "human",
13
+ "agent",
14
+ "service_principal",
15
+ "external_stakeholder",
16
+ "system"
17
+ ]);
18
+ var permitMembershipStatus = z.enum([
19
+ "active",
20
+ "invited",
21
+ "revoked",
22
+ "suspended",
23
+ "disabled"
24
+ ]);
25
+ var permitDecision = z.enum(["allow", "deny"]);
26
+ var permitAccessReviewStatus = z.enum([
27
+ "open",
28
+ "in_progress",
29
+ "approved",
30
+ "denied",
31
+ "expired",
32
+ "cancelled"
33
+ ]);
34
+ var permitReviewScope = z.enum([
35
+ "tenant",
36
+ "workspace",
37
+ "resource_instance",
38
+ "group",
39
+ "principal",
40
+ "api_key",
41
+ "admin_action"
42
+ ]);
43
+ var permitRecordStatus = z.enum([
44
+ "queued",
45
+ "inflight",
46
+ "completed",
47
+ "failed",
48
+ "skipped",
49
+ "stale"
50
+ ]);
51
+ var permitObjectType = z.enum([
52
+ "resource",
53
+ "role",
54
+ "resource_role",
55
+ "resource_relation",
56
+ "tenant",
57
+ "workspace",
58
+ "principal",
59
+ "membership",
60
+ "group",
61
+ "resource_instance",
62
+ "relationship_tuple",
63
+ "role_assignment"
64
+ ]);
65
+ var permitOutboxOperation = z.enum([
66
+ "upsert",
67
+ "delete",
68
+ "sync",
69
+ "resync",
70
+ "delete_sync",
71
+ "noop"
72
+ ]);
73
+ var permitPolicyBundleStatus = z.enum([
74
+ "draft",
75
+ "validated",
76
+ "enforced",
77
+ "archived"
78
+ ]);
79
+ var permitSyncStatus = z.enum([
80
+ "pending",
81
+ "synced",
82
+ "error",
83
+ "skipped"
84
+ ]);
85
+ var permitAccessReviewSubjectType = z.enum([
86
+ "principal",
87
+ "group",
88
+ "role_assignment",
89
+ "resource_instance"
90
+ ]);
91
+ var permitAttributeType = z.enum([
92
+ "string",
93
+ "number",
94
+ "bool",
95
+ "json",
96
+ "time"
97
+ ]);
98
+ var permitAttributeOperator = z.enum([
99
+ "eq",
100
+ "neq",
101
+ "in",
102
+ "not_in",
103
+ "gt",
104
+ "gte",
105
+ "lt",
106
+ "lte",
107
+ "contains",
108
+ "not_contains",
109
+ "matches"
110
+ ]);
111
+ var permitRoleBindingTarget = z.enum([
112
+ "principal",
113
+ "group"
114
+ ]);
115
+ var permitPrincipals = defineTable({
116
+ name: "permitPrincipals",
117
+ component: "control-plane",
118
+ category: "access-control",
119
+ shape: z.object({
120
+ principalId: z.string(),
121
+ tenantId: z.string(),
122
+ workspaceId: z.optional(z.string()),
123
+ principalType: permitActorType,
124
+ status: permitMembershipStatus,
125
+ displayName: z.string().optional(),
126
+ metadata: z.record(z.any()).optional(),
127
+ createdBy: z.string(),
128
+ createdAt: z.number(),
129
+ updatedAt: z.number(),
130
+ updatedBy: z.string().optional(),
131
+ lastSeenAt: z.number().optional()
132
+ }),
133
+ indices: [
134
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
135
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
136
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
137
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
138
+ {
139
+ kind: "index",
140
+ name: "by_tenant_principalType_status",
141
+ columns: ["tenantId", "principalType", "status"]
142
+ }
143
+ ]
144
+ });
145
+ var permitPrincipalAliases = defineTable({
146
+ name: "permitPrincipalAliases",
147
+ component: "control-plane",
148
+ category: "access-control",
149
+ shape: z.object({
150
+ principalId: z.string(),
151
+ tenantId: z.string(),
152
+ workspaceId: z.optional(z.string()),
153
+ provider: z.string(),
154
+ providerSubjectId: z.string(),
155
+ providerProjectId: z.string().optional(),
156
+ alias: z.string(),
157
+ aliasKind: z.string(),
158
+ status: permitMembershipStatus,
159
+ metadata: z.record(z.any()).optional(),
160
+ createdBy: z.string(),
161
+ createdAt: z.number(),
162
+ updatedAt: z.number(),
163
+ revokedBy: z.string().optional(),
164
+ revokedAt: z.number().optional(),
165
+ updatedBy: z.string().optional()
166
+ }),
167
+ indices: [
168
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
169
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
170
+ {
171
+ kind: "index",
172
+ name: "by_tenant_provider_alias",
173
+ columns: ["tenantId", "provider", "alias"]
174
+ },
175
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
176
+ {
177
+ kind: "index",
178
+ name: "by_tenant_provider_status",
179
+ columns: ["tenantId", "provider", "status"]
180
+ }
181
+ ]
182
+ });
183
+ var permitGroups = defineTable({
184
+ name: "permitGroups",
185
+ component: "control-plane",
186
+ category: "access-control",
187
+ shape: z.object({
188
+ tenantId: z.string(),
189
+ workspaceId: z.optional(z.string()),
190
+ groupId: z.string(),
191
+ groupKey: z.string(),
192
+ groupName: z.string(),
193
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
194
+ status: permitMembershipStatus,
195
+ description: z.string().optional(),
196
+ metadata: z.record(z.any()).optional(),
197
+ createdBy: z.string(),
198
+ createdAt: z.number(),
199
+ updatedAt: z.number(),
200
+ updatedBy: z.string().optional()
201
+ }),
202
+ indices: [
203
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
204
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
205
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
206
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
207
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
208
+ ]
209
+ });
210
+ var permitGroupMemberships = defineTable({
211
+ name: "permitGroupMemberships",
212
+ component: "control-plane",
213
+ category: "access-control",
214
+ shape: z.object({
215
+ tenantId: z.string(),
216
+ workspaceId: z.optional(z.string()),
217
+ groupId: z.string(),
218
+ memberType: z.enum(["principal", "group"]),
219
+ memberId: z.string(),
220
+ principalId: z.string().optional(),
221
+ childGroupId: z.string().optional(),
222
+ status: permitMembershipStatus,
223
+ addedBy: z.string().optional(),
224
+ revokedBy: z.string().optional(),
225
+ expiresAt: z.number().optional(),
226
+ revocationReason: z.string().optional(),
227
+ metadata: z.record(z.any()).optional(),
228
+ createdAt: z.number(),
229
+ updatedAt: z.number(),
230
+ updatedBy: z.string().optional()
231
+ }),
232
+ indices: [
233
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
234
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
235
+ {
236
+ kind: "index",
237
+ name: "by_tenant_member_group",
238
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
239
+ },
240
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
241
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
242
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
243
+ {
244
+ kind: "index",
245
+ name: "by_workspace_principal",
246
+ columns: ["workspaceId", "principalId"]
247
+ }
248
+ ]
249
+ });
250
+ var permitResourceInstances = defineTable({
251
+ name: "permitResourceInstances",
252
+ component: "control-plane",
253
+ category: "access-control",
254
+ shape: z.object({
255
+ tenantId: z.string(),
256
+ workspaceId: z.optional(z.string()),
257
+ resourceType: z.string(),
258
+ resourceKey: z.string(),
259
+ resourceId: z.string(),
260
+ status: z.enum(["active", "deleted", "archived"]),
261
+ attributes: z.record(z.any()).optional(),
262
+ ownerPrincipalId: z.string().optional(),
263
+ metadata: z.record(z.any()).optional(),
264
+ createdBy: z.string(),
265
+ updatedBy: z.string().optional(),
266
+ createdAt: z.number(),
267
+ updatedAt: z.number()
268
+ }),
269
+ indices: [
270
+ {
271
+ kind: "index",
272
+ name: "by_tenant_resource_type",
273
+ columns: ["tenantId", "resourceType"]
274
+ },
275
+ {
276
+ kind: "index",
277
+ name: "by_tenant_resource_key",
278
+ columns: ["tenantId", "resourceType", "resourceKey"]
279
+ },
280
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
281
+ { kind: "index", name: "by_status", columns: ["status"] },
282
+ {
283
+ kind: "index",
284
+ name: "by_tenant_status",
285
+ columns: ["tenantId", "status"]
286
+ },
287
+ {
288
+ kind: "index",
289
+ name: "by_ownerPrincipalId",
290
+ columns: ["ownerPrincipalId"]
291
+ }
292
+ ]
293
+ });
294
+ var permitRoleAssignments = defineTable({
295
+ name: "permitRoleAssignments",
296
+ component: "control-plane",
297
+ category: "access-control",
298
+ shape: z.object({
299
+ tenantId: z.string(),
300
+ workspaceId: z.optional(z.string()),
301
+ role: z.string(),
302
+ targetType: permitRoleBindingTarget,
303
+ targetId: z.string(),
304
+ resourceType: z.string(),
305
+ resourceKey: z.string(),
306
+ resourceInstanceId: z.string().optional(),
307
+ status: permitMembershipStatus,
308
+ expiresAt: z.number().optional(),
309
+ attributes: z.record(z.any()).optional(),
310
+ grantedBy: z.string().optional(),
311
+ updatedBy: z.string().optional(),
312
+ revokedBy: z.string().optional(),
313
+ createdAt: z.number(),
314
+ updatedAt: z.number()
315
+ }),
316
+ indices: [
317
+ {
318
+ kind: "index",
319
+ name: "by_tenant_target",
320
+ columns: ["tenantId", "targetType", "targetId"]
321
+ },
322
+ {
323
+ kind: "index",
324
+ name: "by_tenant_resource",
325
+ columns: ["tenantId", "resourceType", "resourceKey"]
326
+ },
327
+ {
328
+ kind: "index",
329
+ name: "by_tenant_role",
330
+ columns: ["tenantId", "role", "status"]
331
+ },
332
+ { kind: "index", name: "by_status", columns: ["status"] },
333
+ {
334
+ kind: "index",
335
+ name: "by_workspace_resource",
336
+ columns: ["workspaceId", "resourceType", "resourceKey"]
337
+ }
338
+ ]
339
+ });
340
+ var permitRelationshipTuples = defineTable({
341
+ name: "permitRelationshipTuples",
342
+ component: "control-plane",
343
+ category: "access-control",
344
+ shape: z.object({
345
+ tenantId: z.string(),
346
+ workspaceId: z.optional(z.string()),
347
+ relation: z.string(),
348
+ subject: z.string(),
349
+ object: z.string(),
350
+ resourceType: z.string().optional(),
351
+ resourceKey: z.string().optional(),
352
+ status: permitRecordStatus,
353
+ attributes: z.record(z.any()).optional(),
354
+ createdBy: z.string(),
355
+ createdAt: z.number(),
356
+ updatedAt: z.number(),
357
+ lastSeenAt: z.number().optional(),
358
+ updatedBy: z.string().optional()
359
+ }),
360
+ indices: [
361
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
362
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
363
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
364
+ {
365
+ kind: "index",
366
+ name: "by_tenant_relation_subject",
367
+ columns: ["tenantId", "relation", "subject"]
368
+ },
369
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
370
+ ]
371
+ });
372
+ var permitAttributeBindings = defineTable({
373
+ name: "permitAttributeBindings",
374
+ component: "control-plane",
375
+ category: "access-control",
376
+ shape: z.object({
377
+ tenantId: z.string(),
378
+ workspaceId: z.optional(z.string()),
379
+ targetType: permitRoleBindingTarget,
380
+ targetId: z.string(),
381
+ attributeName: z.string(),
382
+ attributeType: permitAttributeType,
383
+ attributeOperator: permitAttributeOperator,
384
+ attributeValue: z.any(),
385
+ status: permitRecordStatus,
386
+ source: z.string().optional(),
387
+ sourceRef: z.string().optional(),
388
+ metadata: z.record(z.any()).optional(),
389
+ createdAt: z.number(),
390
+ updatedAt: z.number(),
391
+ createdBy: z.string(),
392
+ updatedBy: z.string().optional(),
393
+ expiresAt: z.number().optional()
394
+ }),
395
+ indices: [
396
+ {
397
+ kind: "index",
398
+ name: "by_tenant_target",
399
+ columns: ["tenantId", "targetType", "targetId"]
400
+ },
401
+ {
402
+ kind: "index",
403
+ name: "by_tenant_target_attribute",
404
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
405
+ },
406
+ {
407
+ kind: "index",
408
+ name: "by_tenant_name",
409
+ columns: ["tenantId", "attributeName"]
410
+ },
411
+ {
412
+ kind: "index",
413
+ name: "by_tenant_status",
414
+ columns: ["tenantId", "status"]
415
+ }
416
+ ]
417
+ });
418
+ var permitPolicyBundles = defineTable({
419
+ name: "permitPolicyBundles",
420
+ component: "control-plane",
421
+ category: "access-control",
422
+ shape: z.object({
423
+ tenantId: z.string(),
424
+ workspaceId: z.optional(z.string()),
425
+ bundleKey: z.string(),
426
+ version: z.number(),
427
+ status: permitPolicyBundleStatus,
428
+ policyHash: z.string().optional(),
429
+ policyPayload: z.record(z.any()),
430
+ metadata: z.record(z.any()).optional(),
431
+ createdBy: z.string(),
432
+ reviewedBy: z.string().optional(),
433
+ createdAt: z.number(),
434
+ updatedAt: z.number(),
435
+ retiredAt: z.number().optional()
436
+ }),
437
+ indices: [
438
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
439
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
440
+ {
441
+ kind: "index",
442
+ name: "by_tenant_bundleKey",
443
+ columns: ["tenantId", "bundleKey"]
444
+ },
445
+ {
446
+ kind: "index",
447
+ name: "by_tenant_bundle_version",
448
+ columns: ["tenantId", "bundleKey", "version"]
449
+ },
450
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
451
+ ]
452
+ });
453
+ var permitProjectionOutbox = defineTable({
454
+ name: "permitProjectionOutbox",
455
+ component: "control-plane",
456
+ category: "access-control",
457
+ shape: z.object({
458
+ syncKey: z.string(),
459
+ objectType: permitObjectType,
460
+ objectId: z.string(),
461
+ operation: permitOutboxOperation,
462
+ payload: z.record(z.any()),
463
+ status: permitRecordStatus,
464
+ attemptCount: z.number(),
465
+ nextAttemptAt: z.number().optional(),
466
+ lastError: z.string().optional(),
467
+ tenantId: z.string().optional(),
468
+ workspaceId: z.optional(z.string()),
469
+ principalId: z.string().optional(),
470
+ permitTenantKey: z.string().optional(),
471
+ permitResourceType: z.string().optional(),
472
+ permitResourceKey: z.string().optional(),
473
+ createdAt: z.number(),
474
+ updatedAt: z.number(),
475
+ lastHandledAt: z.number().optional()
476
+ }),
477
+ indices: [
478
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
479
+ { kind: "index", name: "by_status", columns: ["status"] },
480
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
481
+ {
482
+ kind: "index",
483
+ name: "by_tenant_status",
484
+ columns: ["tenantId", "status"]
485
+ },
486
+ {
487
+ kind: "index",
488
+ name: "by_objectType",
489
+ columns: ["objectType", "status"]
490
+ }
491
+ ]
492
+ });
493
+ var tenantPermitSyncStates = defineTable({
494
+ name: "tenantPermitSyncStates",
495
+ component: "control-plane",
496
+ category: "access-control",
497
+ shape: z.object({
498
+ syncKey: z.string(),
499
+ objectType: permitObjectType,
500
+ objectId: z.string(),
501
+ tenantId: z.string().optional(),
502
+ workspaceId: z.string().optional(),
503
+ principalId: z.string().optional(),
504
+ permitTenantKey: z.string().optional(),
505
+ permitResourceType: z.string().optional(),
506
+ permitResourceKey: z.string().optional(),
507
+ desiredPayload: z.record(z.any()),
508
+ lastAppliedPayloadHash: z.string().optional(),
509
+ status: permitSyncStatus,
510
+ attemptCount: z.number(),
511
+ lastError: z.string().optional(),
512
+ nextAttemptAt: z.number().optional(),
513
+ lastSyncedAt: z.number().optional(),
514
+ createdBy: z.string(),
515
+ updatedBy: z.string().optional(),
516
+ createdAt: z.number(),
517
+ updatedAt: z.number()
518
+ }),
519
+ indices: [
520
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
521
+ { kind: "index", name: "by_status", columns: ["status"] },
522
+ {
523
+ kind: "index",
524
+ name: "by_tenant_status",
525
+ columns: ["tenantId", "status"]
526
+ },
527
+ {
528
+ kind: "index",
529
+ name: "by_workspace_status",
530
+ columns: ["workspaceId", "status"]
531
+ },
532
+ {
533
+ kind: "index",
534
+ name: "by_principal_status",
535
+ columns: ["principalId", "status"]
536
+ }
537
+ ]
538
+ });
539
+ var permitPolicyDecisionReceipts = defineTable({
540
+ name: "permitPolicyDecisionReceipts",
541
+ component: "control-plane",
542
+ category: "access-control",
543
+ shape: z.object({
544
+ tenantId: z.string().optional(),
545
+ workspaceId: z.string().optional(),
546
+ principalId: z.string(),
547
+ subjectType: permitAccessReviewSubjectType.optional(),
548
+ subjectId: z.string().optional(),
549
+ resourceType: z.string(),
550
+ resourceId: z.string(),
551
+ action: z.string(),
552
+ decision: permitDecision,
553
+ reasonCode: z.string(),
554
+ policyBundleId: z.string().optional(),
555
+ policyVersion: z.string(),
556
+ traceId: z.string().optional(),
557
+ requestId: z.string().optional(),
558
+ audienceMode: z.string().optional(),
559
+ audienceKey: z.string().optional(),
560
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
561
+ metadata: z.record(z.any()).optional(),
562
+ createdAt: z.number(),
563
+ expiresAt: z.number().optional(),
564
+ createdBy: z.string().optional()
565
+ }),
566
+ indices: [
567
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
568
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
569
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
570
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
571
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
572
+ { kind: "index", name: "by_action", columns: ["action"] }
573
+ ]
574
+ });
575
+ var permitAccessReviews = defineTable({
576
+ name: "permitAccessReviews",
577
+ component: "control-plane",
578
+ category: "access-control",
579
+ shape: z.object({
580
+ tenantId: z.string(),
581
+ workspaceId: z.optional(z.string()),
582
+ reviewKey: z.string(),
583
+ scope: permitReviewScope,
584
+ status: permitAccessReviewStatus,
585
+ subjectType: permitAccessReviewSubjectType,
586
+ subjectId: z.string(),
587
+ resourceType: z.string().optional(),
588
+ resourceKey: z.string().optional(),
589
+ outcome: z.enum(["allow", "deny"]).optional(),
590
+ requestedBy: z.string(),
591
+ reviewedBy: z.string().optional(),
592
+ requestedAt: z.number(),
593
+ reviewedAt: z.number().optional(),
594
+ dueAt: z.number().optional(),
595
+ justification: z.string().optional(),
596
+ rationale: z.string().optional(),
597
+ policyBundleId: z.string().optional(),
598
+ metadata: z.record(z.any()).optional(),
599
+ createdAt: z.number(),
600
+ updatedAt: z.number()
601
+ }),
602
+ indices: [
603
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
604
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
605
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
606
+ {
607
+ kind: "index",
608
+ name: "by_tenant_subject",
609
+ columns: ["tenantId", "subjectType", "subjectId"]
610
+ },
611
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
612
+ {
613
+ kind: "index",
614
+ name: "by_workspace_status",
615
+ columns: ["workspaceId", "status"]
616
+ }
617
+ ]
618
+ });
619
+ var permitAccessReviewItems = defineTable({
620
+ name: "permitAccessReviewItems",
621
+ component: "control-plane",
622
+ category: "access-control",
623
+ shape: z.object({
624
+ reviewKey: z.string(),
625
+ itemKey: z.string(),
626
+ tenantId: z.string(),
627
+ workspaceId: z.string().optional(),
628
+ subjectType: permitAccessReviewSubjectType,
629
+ subjectId: z.string(),
630
+ resourceType: z.string().optional(),
631
+ resourceKey: z.string().optional(),
632
+ role: z.string().optional(),
633
+ relation: z.string().optional(),
634
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
635
+ reviewerId: z.string().optional(),
636
+ decisionAt: z.number().optional(),
637
+ rationale: z.string().optional(),
638
+ metadata: z.record(z.any()).optional(),
639
+ createdAt: z.number(),
640
+ updatedAt: z.number()
641
+ }),
642
+ indices: [
643
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
644
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
645
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
646
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
647
+ { kind: "index", name: "by_status", columns: ["status"] }
648
+ ]
649
+ });
650
+
651
+ export { permitAccessReviewItems, permitAccessReviews, permitAttributeBindings, permitGroupMemberships, permitGroups, permitPolicyBundles, permitPolicyDecisionReceipts, permitPrincipalAliases, permitPrincipals, permitProjectionOutbox, permitRelationshipTuples, permitResourceInstances, permitRoleAssignments, tenantPermitSyncStates };
652
+ //# sourceMappingURL=accessControl.js.map
653
+ //# sourceMappingURL=accessControl.js.map