@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api-enums.contract.d.ts +5 -3
- package/dist/api-enums.contract.js +14 -12
- package/dist/api-enums.contract.js.map +1 -1
- package/dist/component-boundary.contract.d.ts +1 -1
- package/dist/component-boundary.contract.js +45 -26
- package/dist/component-boundary.contract.js.map +1 -1
- package/dist/component-host-boundary.contract.d.ts +10 -5
- package/dist/component-host-boundary.contract.js +10 -4
- package/dist/component-host-boundary.contract.js.map +1 -1
- package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
- package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
- package/dist/dsl.d.ts +2 -2
- package/dist/dsl.js.map +1 -1
- package/dist/function-registry/beliefs.d.ts +13 -0
- package/dist/function-registry/beliefs.js +50 -7
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +9 -0
- package/dist/function-registry/coding.js +117 -8
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +6 -0
- package/dist/function-registry/context.js +50 -7
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +6 -0
- package/dist/function-registry/contracts.js +50 -7
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +12 -0
- package/dist/function-registry/coordination.js +50 -7
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +9 -0
- package/dist/function-registry/edges.js +54 -14
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +11 -0
- package/dist/function-registry/evidence.js +53 -11
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +18 -0
- package/dist/function-registry/graph.js +50 -7
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +4 -1
- package/dist/function-registry/helpers.js +51 -8
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +6 -0
- package/dist/function-registry/identity.js +50 -7
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +8 -320
- package/dist/function-registry/index.js +54 -384
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +5 -0
- package/dist/function-registry/judgments.js +50 -7
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +4 -0
- package/dist/function-registry/legacy.js +50 -7
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +7 -0
- package/dist/function-registry/lenses.js +50 -7
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +412 -0
- package/dist/function-registry/nodes.js +5303 -0
- package/dist/function-registry/nodes.js.map +1 -0
- package/dist/function-registry/ontologies.d.ts +14 -0
- package/dist/function-registry/ontologies.js +50 -7
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +6 -0
- package/dist/function-registry/pipeline.js +50 -7
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +15 -0
- package/dist/function-registry/questions.js +50 -7
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +7 -0
- package/dist/function-registry/tasks.js +69 -16
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +10 -0
- package/dist/function-registry/topics.js +50 -7
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +5 -1
- package/dist/function-registry/worktrees.d.ts +14 -0
- package/dist/function-registry/worktrees.js +50 -7
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +3 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.d.ts +3 -3
- package/dist/generated/convexSchemas.js +35 -16
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
- package/dist/generated/infisicalRuntimeEnv.js +26572 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
- package/dist/generated/lucernGatewayEnv.d.ts +17 -0
- package/dist/generated/lucernGatewayEnv.js +38 -0
- package/dist/generated/lucernGatewayEnv.js.map +1 -0
- package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
- package/dist/generated/lucernWebPublicEnv.js +32 -0
- package/dist/generated/lucernWebPublicEnv.js.map +1 -0
- package/dist/generated/lucernWebServerEnv.d.ts +33 -0
- package/dist/generated/lucernWebServerEnv.js +51 -0
- package/dist/generated/lucernWebServerEnv.js.map +1 -0
- package/dist/generated/schema-manifest.json +1165 -150
- package/dist/generated/tableOwnership.d.ts +46 -27
- package/dist/generated/tableOwnership.js +64 -26
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +60 -8
- package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
- package/dist/index.d.ts +8 -4
- package/dist/index.js +30959 -406
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +1597 -3
- package/dist/infisical-runtime.contract.js +2788 -12
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +1524 -3
- package/dist/manifests/infisical-runtime-manifest.js +2641 -9
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +11 -11
- package/dist/manifests/tenant-client-manifest.js +11 -11
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
- package/dist/mcp-gateway-boundary.contract.js +2 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -1
- package/dist/projections/check-convex-args-shape.js +10 -6
- package/dist/projections/check-convex-args-shape.js.map +1 -1
- package/dist/projections/create-evidence.projection.d.ts +6 -6
- package/dist/projections/create-evidence.projection.js +2 -3
- package/dist/projections/create-evidence.projection.js.map +1 -1
- package/dist/projections/index.d.ts +3 -3
- package/dist/projections/index.js +10 -6
- package/dist/projections/index.js.map +1 -1
- package/dist/projections/list-tasks.projection.d.ts +20 -8
- package/dist/projections/list-tasks.projection.js +8 -3
- package/dist/projections/list-tasks.projection.js.map +1 -1
- package/dist/proof-attestation.json +45 -0
- package/dist/schemas/component-table-manifest.d.ts +6 -6
- package/dist/schemas/component-table-manifest.js +2 -2
- package/dist/schemas/component-table-manifest.js.map +1 -1
- package/dist/schemas/index.d.ts +2 -2
- package/dist/schemas/index.js +1086 -137
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +2010 -120
- package/dist/schemas/manifest.js +1084 -135
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
- package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
- package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
- package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
- package/dist/schemas/tables/controlPlane/model.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
- package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
- package/dist/schemas/tables/controlPlane/project.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
- package/dist/schemas/tables/controlPlane/user.js.map +1 -0
- package/dist/schemas/tables/kernel/config.d.ts +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.d.ts +1 -1
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +1 -1
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.d.ts +1 -1
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +2 -1
- package/dist/schemas/tables/kernel/spine.js +1 -0
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +1 -1
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +19 -2
- package/dist/schemas/tables/mc/identity.js +32 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +1 -1
- package/dist/schemas/tables/mc/pack.js.map +1 -1
- package/dist/schemas/tables/mc/policy.d.ts +2 -2
- package/dist/schemas/tables/mc/policy.js +1 -1
- package/dist/schemas/tables/mc/policy.js.map +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +1 -1
- package/dist/schemas/tables/mc/registry.js.map +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +109 -3
- package/dist/schemas/tables/mc/runtime.js +330 -104
- package/dist/schemas/tables/mc/runtime.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +3 -2
- package/dist/schemas/tables/mc/tenant.js +2 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +22 -5
- package/dist/schemas/tables/mc/workspace.js +34 -2
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-tools.contract.js +26 -1
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
- package/dist/tenant-bootstrap-seed.contract.js +126 -28
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
- package/dist/tenant-bootstrap-seed.defaults.js +1 -1
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
- package/dist/tenant-client.contract.d.ts +12 -12
- package/dist/tenant-client.contract.js +11 -11
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/tool-contracts.js +26 -1
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +22 -1
- package/dist/schemas/tables/identity/agent.js.map +0 -1
- package/dist/schemas/tables/identity/epistemic.js.map +0 -1
- package/dist/schemas/tables/identity/model.js.map +0 -1
- package/dist/schemas/tables/identity/platform.js.map +0 -1
- package/dist/schemas/tables/identity/project.js.map +0 -1
- package/dist/schemas/tables/identity/user.js.map +0 -1
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Tenant bootstrap seed contract.
|
|
3
3
|
*
|
|
4
|
-
* Fresh tenant deployments install the Lucern kernel and
|
|
4
|
+
* Fresh tenant deployments install the Lucern kernel and control-plane components
|
|
5
5
|
* from npm, then copy canonical template rows for non-secret runtime defaults.
|
|
6
|
-
* This contract is intentionally exhaustive for the K/
|
|
6
|
+
* This contract is intentionally exhaustive for the K/CP tables: it separates
|
|
7
7
|
* rows that must be carried by the template deployments from rows that are
|
|
8
8
|
* runtime data, runtime credentials, logs, queues, or derived caches.
|
|
9
9
|
*/
|
|
@@ -20,10 +20,10 @@ declare const TENANT_BOOTSTRAP_SEED_COMPONENTS: {
|
|
|
20
20
|
readonly prod: "cool-badger-368";
|
|
21
21
|
};
|
|
22
22
|
};
|
|
23
|
-
readonly
|
|
24
|
-
readonly componentName: "
|
|
25
|
-
readonly migrationModule: "migration";
|
|
26
|
-
readonly templateService: "services/
|
|
23
|
+
readonly "control-plane": {
|
|
24
|
+
readonly componentName: "controlPlane";
|
|
25
|
+
readonly migrationModule: "dist/migration";
|
|
26
|
+
readonly templateService: "services/control-plane-template";
|
|
27
27
|
readonly templateDeployments: {
|
|
28
28
|
readonly staging: "industrious-cheetah-864";
|
|
29
29
|
readonly prod: "combative-beagle-879";
|
|
@@ -392,13 +392,13 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
392
392
|
readonly copyMode: "none";
|
|
393
393
|
readonly description: "Worktrees are tenant/runtime planning data.";
|
|
394
394
|
}, {
|
|
395
|
-
readonly component: "
|
|
395
|
+
readonly component: "control-plane";
|
|
396
396
|
readonly table: "agents";
|
|
397
397
|
readonly prepopulation: "runtime_bootstrap";
|
|
398
398
|
readonly copyMode: "none";
|
|
399
399
|
readonly description: "Service agents are provisioned per tenant or service, not copied.";
|
|
400
400
|
}, {
|
|
401
|
-
readonly component: "
|
|
401
|
+
readonly component: "control-plane";
|
|
402
402
|
readonly table: "mcpWritePolicy";
|
|
403
403
|
readonly prepopulation: "required_template";
|
|
404
404
|
readonly copyMode: "template_global";
|
|
@@ -406,13 +406,13 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
406
406
|
readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
|
|
407
407
|
readonly description: "Global write policy defaults govern service and interactive MCP writes.";
|
|
408
408
|
}, {
|
|
409
|
-
readonly component: "
|
|
409
|
+
readonly component: "control-plane";
|
|
410
410
|
readonly table: "modelCallLogs";
|
|
411
411
|
readonly prepopulation: "runtime_log";
|
|
412
412
|
readonly copyMode: "none";
|
|
413
413
|
readonly description: "Model call logs are runtime telemetry.";
|
|
414
414
|
}, {
|
|
415
|
-
readonly component: "
|
|
415
|
+
readonly component: "control-plane";
|
|
416
416
|
readonly table: "modelFunctionSlots";
|
|
417
417
|
readonly prepopulation: "required_template";
|
|
418
418
|
readonly copyMode: "template_global";
|
|
@@ -420,7 +420,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
420
420
|
readonly uniqueKey: readonly ["slot"];
|
|
421
421
|
readonly description: "Function-to-model slots are required by model runtime resolution.";
|
|
422
422
|
}, {
|
|
423
|
-
readonly component: "
|
|
423
|
+
readonly component: "control-plane";
|
|
424
424
|
readonly table: "modelRegistry";
|
|
425
425
|
readonly prepopulation: "required_template";
|
|
426
426
|
readonly copyMode: "template_global";
|
|
@@ -428,7 +428,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
428
428
|
readonly uniqueKey: readonly ["key"];
|
|
429
429
|
readonly description: "Model catalog defaults are required by model runtime clients.";
|
|
430
430
|
}, {
|
|
431
|
-
readonly component: "
|
|
431
|
+
readonly component: "control-plane";
|
|
432
432
|
readonly table: "modelSlotConfigs";
|
|
433
433
|
readonly prepopulation: "required_template";
|
|
434
434
|
readonly copyMode: "template_global";
|
|
@@ -436,13 +436,91 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
436
436
|
readonly uniqueKey: readonly ["slot"];
|
|
437
437
|
readonly description: "Slot-level defaults are required before tenant overrides exist.";
|
|
438
438
|
}, {
|
|
439
|
-
readonly component: "
|
|
439
|
+
readonly component: "control-plane";
|
|
440
|
+
readonly table: "permitAccessReviewItems";
|
|
441
|
+
readonly prepopulation: "runtime_data";
|
|
442
|
+
readonly copyMode: "none";
|
|
443
|
+
readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
|
|
444
|
+
}, {
|
|
445
|
+
readonly component: "control-plane";
|
|
446
|
+
readonly table: "permitAccessReviews";
|
|
447
|
+
readonly prepopulation: "runtime_data";
|
|
448
|
+
readonly copyMode: "none";
|
|
449
|
+
readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
|
|
450
|
+
}, {
|
|
451
|
+
readonly component: "control-plane";
|
|
452
|
+
readonly table: "permitAttributeBindings";
|
|
453
|
+
readonly prepopulation: "runtime_data";
|
|
454
|
+
readonly copyMode: "none";
|
|
455
|
+
readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
|
|
456
|
+
}, {
|
|
457
|
+
readonly component: "control-plane";
|
|
458
|
+
readonly table: "permitGroups";
|
|
459
|
+
readonly prepopulation: "runtime_data";
|
|
460
|
+
readonly copyMode: "none";
|
|
461
|
+
readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
|
|
462
|
+
}, {
|
|
463
|
+
readonly component: "control-plane";
|
|
464
|
+
readonly table: "permitGroupMemberships";
|
|
465
|
+
readonly prepopulation: "runtime_data";
|
|
466
|
+
readonly copyMode: "none";
|
|
467
|
+
readonly description: "Permit group memberships are tenant-specific policy projection rows.";
|
|
468
|
+
}, {
|
|
469
|
+
readonly component: "control-plane";
|
|
470
|
+
readonly table: "permitPolicyBundles";
|
|
471
|
+
readonly prepopulation: "runtime_derived";
|
|
472
|
+
readonly copyMode: "none";
|
|
473
|
+
readonly description: "Permit policy bundles are derived from the Permit control plane.";
|
|
474
|
+
}, {
|
|
475
|
+
readonly component: "control-plane";
|
|
476
|
+
readonly table: "permitPolicyDecisionReceipts";
|
|
477
|
+
readonly prepopulation: "runtime_log";
|
|
478
|
+
readonly copyMode: "none";
|
|
479
|
+
readonly description: "Permit decision receipts are runtime authorization audit logs.";
|
|
480
|
+
}, {
|
|
481
|
+
readonly component: "control-plane";
|
|
482
|
+
readonly table: "permitPrincipalAliases";
|
|
483
|
+
readonly prepopulation: "runtime_data";
|
|
484
|
+
readonly copyMode: "none";
|
|
485
|
+
readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
|
|
486
|
+
}, {
|
|
487
|
+
readonly component: "control-plane";
|
|
488
|
+
readonly table: "permitPrincipals";
|
|
489
|
+
readonly prepopulation: "runtime_data";
|
|
490
|
+
readonly copyMode: "none";
|
|
491
|
+
readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
|
|
492
|
+
}, {
|
|
493
|
+
readonly component: "control-plane";
|
|
494
|
+
readonly table: "permitProjectionOutbox";
|
|
495
|
+
readonly prepopulation: "runtime_queue";
|
|
496
|
+
readonly copyMode: "none";
|
|
497
|
+
readonly description: "Permit projection outbox rows are runtime sync queue data.";
|
|
498
|
+
}, {
|
|
499
|
+
readonly component: "control-plane";
|
|
500
|
+
readonly table: "permitRelationshipTuples";
|
|
501
|
+
readonly prepopulation: "runtime_data";
|
|
502
|
+
readonly copyMode: "none";
|
|
503
|
+
readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
|
|
504
|
+
}, {
|
|
505
|
+
readonly component: "control-plane";
|
|
506
|
+
readonly table: "permitResourceInstances";
|
|
507
|
+
readonly prepopulation: "runtime_data";
|
|
508
|
+
readonly copyMode: "none";
|
|
509
|
+
readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
|
|
510
|
+
}, {
|
|
511
|
+
readonly component: "control-plane";
|
|
512
|
+
readonly table: "permitRoleAssignments";
|
|
513
|
+
readonly prepopulation: "runtime_data";
|
|
514
|
+
readonly copyMode: "none";
|
|
515
|
+
readonly description: "Permit role assignments are tenant-specific policy projection rows.";
|
|
516
|
+
}, {
|
|
517
|
+
readonly component: "control-plane";
|
|
440
518
|
readonly table: "platformAudienceGrants";
|
|
441
519
|
readonly prepopulation: "runtime_data";
|
|
442
520
|
readonly copyMode: "none";
|
|
443
521
|
readonly description: "Audience grants are principal/group-specific access rows.";
|
|
444
522
|
}, {
|
|
445
|
-
readonly component: "
|
|
523
|
+
readonly component: "control-plane";
|
|
446
524
|
readonly table: "platformAudiences";
|
|
447
525
|
readonly prepopulation: "required_template";
|
|
448
526
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -450,31 +528,31 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
450
528
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
|
|
451
529
|
readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
|
|
452
530
|
}, {
|
|
453
|
-
readonly component: "
|
|
531
|
+
readonly component: "control-plane";
|
|
454
532
|
readonly table: "platformPolicyDecisionLogs";
|
|
455
533
|
readonly prepopulation: "runtime_log";
|
|
456
534
|
readonly copyMode: "none";
|
|
457
535
|
readonly description: "Policy decisions are runtime audit logs.";
|
|
458
536
|
}, {
|
|
459
|
-
readonly component: "
|
|
537
|
+
readonly component: "control-plane";
|
|
460
538
|
readonly table: "projectGrants";
|
|
461
539
|
readonly prepopulation: "runtime_data";
|
|
462
540
|
readonly copyMode: "none";
|
|
463
541
|
readonly description: "Project/topic grants are principal or group-specific access rows.";
|
|
464
542
|
}, {
|
|
465
|
-
readonly component: "
|
|
543
|
+
readonly component: "control-plane";
|
|
466
544
|
readonly table: "reasoningPermissions";
|
|
467
545
|
readonly prepopulation: "runtime_data";
|
|
468
546
|
readonly copyMode: "none";
|
|
469
547
|
readonly description: "Reasoning permissions are principal-specific policy rows.";
|
|
470
548
|
}, {
|
|
471
|
-
readonly component: "
|
|
549
|
+
readonly component: "control-plane";
|
|
472
550
|
readonly table: "tenantApiKeys";
|
|
473
551
|
readonly prepopulation: "runtime_secret";
|
|
474
552
|
readonly copyMode: "none";
|
|
475
553
|
readonly description: "API keys are tenant credentials and must never be copied.";
|
|
476
554
|
}, {
|
|
477
|
-
readonly component: "
|
|
555
|
+
readonly component: "control-plane";
|
|
478
556
|
readonly table: "tenantConfig";
|
|
479
557
|
readonly prepopulation: "required_template";
|
|
480
558
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -482,7 +560,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
482
560
|
readonly uniqueKey: readonly ["tenantId"];
|
|
483
561
|
readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
|
|
484
562
|
}, {
|
|
485
|
-
readonly component: "
|
|
563
|
+
readonly component: "control-plane";
|
|
486
564
|
readonly table: "tenantIntegrations";
|
|
487
565
|
readonly prepopulation: "required_template";
|
|
488
566
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -490,13 +568,19 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
490
568
|
readonly uniqueKey: readonly ["tenantId", "integrationKey"];
|
|
491
569
|
readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
|
|
492
570
|
}, {
|
|
493
|
-
readonly component: "
|
|
571
|
+
readonly component: "control-plane";
|
|
494
572
|
readonly table: "tenantModelSlotBindings";
|
|
495
573
|
readonly prepopulation: "runtime_secret";
|
|
496
574
|
readonly copyMode: "none";
|
|
497
575
|
readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
|
|
498
576
|
}, {
|
|
499
|
-
readonly component: "
|
|
577
|
+
readonly component: "control-plane";
|
|
578
|
+
readonly table: "tenantPermitSyncStates";
|
|
579
|
+
readonly prepopulation: "runtime_derived";
|
|
580
|
+
readonly copyMode: "none";
|
|
581
|
+
readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
|
|
582
|
+
}, {
|
|
583
|
+
readonly component: "control-plane";
|
|
500
584
|
readonly table: "tenantPolicies";
|
|
501
585
|
readonly prepopulation: "required_template";
|
|
502
586
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -504,37 +588,37 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
504
588
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
|
|
505
589
|
readonly description: "Default tenant policy roles are rewritten during bootstrap.";
|
|
506
590
|
}, {
|
|
507
|
-
readonly component: "
|
|
591
|
+
readonly component: "control-plane";
|
|
508
592
|
readonly table: "tenantProviderSecrets";
|
|
509
593
|
readonly prepopulation: "runtime_secret";
|
|
510
594
|
readonly copyMode: "none";
|
|
511
595
|
readonly description: "Provider secrets are credentials and must never be copied.";
|
|
512
596
|
}, {
|
|
513
|
-
readonly component: "
|
|
597
|
+
readonly component: "control-plane";
|
|
514
598
|
readonly table: "tenantProxyGatewayUsage";
|
|
515
599
|
readonly prepopulation: "runtime_log";
|
|
516
600
|
readonly copyMode: "none";
|
|
517
601
|
readonly description: "Proxy gateway usage rows are runtime telemetry.";
|
|
518
602
|
}, {
|
|
519
|
-
readonly component: "
|
|
603
|
+
readonly component: "control-plane";
|
|
520
604
|
readonly table: "tenantProxyTokenMints";
|
|
521
605
|
readonly prepopulation: "runtime_secret";
|
|
522
606
|
readonly copyMode: "none";
|
|
523
607
|
readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
|
|
524
608
|
}, {
|
|
525
|
-
readonly component: "
|
|
609
|
+
readonly component: "control-plane";
|
|
526
610
|
readonly table: "tenantSandboxAuditEvents";
|
|
527
611
|
readonly prepopulation: "runtime_log";
|
|
528
612
|
readonly copyMode: "none";
|
|
529
613
|
readonly description: "Sandbox audit rows are runtime security logs.";
|
|
530
614
|
}, {
|
|
531
|
-
readonly component: "
|
|
615
|
+
readonly component: "control-plane";
|
|
532
616
|
readonly table: "tenantSecrets";
|
|
533
617
|
readonly prepopulation: "runtime_secret";
|
|
534
618
|
readonly copyMode: "none";
|
|
535
619
|
readonly description: "Tenant secrets are credentials and must never be copied.";
|
|
536
620
|
}, {
|
|
537
|
-
readonly component: "
|
|
621
|
+
readonly component: "control-plane";
|
|
538
622
|
readonly table: "toolAcls";
|
|
539
623
|
readonly prepopulation: "required_template";
|
|
540
624
|
readonly copyMode: "template_global";
|
|
@@ -542,7 +626,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
542
626
|
readonly uniqueKey: readonly ["role", "toolName"];
|
|
543
627
|
readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
|
|
544
628
|
}, {
|
|
545
|
-
readonly component: "
|
|
629
|
+
readonly component: "control-plane";
|
|
546
630
|
readonly table: "toolRegistry";
|
|
547
631
|
readonly prepopulation: "required_template";
|
|
548
632
|
readonly copyMode: "template_global";
|
|
@@ -550,7 +634,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
550
634
|
readonly uniqueKey: readonly ["toolName"];
|
|
551
635
|
readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
|
|
552
636
|
}, {
|
|
553
|
-
readonly component: "
|
|
637
|
+
readonly component: "control-plane";
|
|
554
638
|
readonly table: "users";
|
|
555
639
|
readonly prepopulation: "runtime_bootstrap";
|
|
556
640
|
readonly copyMode: "none";
|
|
@@ -573,10 +657,10 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
573
657
|
readonly prod: "cool-badger-368";
|
|
574
658
|
};
|
|
575
659
|
};
|
|
576
|
-
readonly
|
|
577
|
-
readonly componentName: "
|
|
578
|
-
readonly migrationModule: "migration";
|
|
579
|
-
readonly templateService: "services/
|
|
660
|
+
readonly "control-plane": {
|
|
661
|
+
readonly componentName: "controlPlane";
|
|
662
|
+
readonly migrationModule: "dist/migration";
|
|
663
|
+
readonly templateService: "services/control-plane-template";
|
|
580
664
|
readonly templateDeployments: {
|
|
581
665
|
readonly staging: "industrious-cheetah-864";
|
|
582
666
|
readonly prod: "combative-beagle-879";
|
|
@@ -926,13 +1010,13 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
926
1010
|
readonly copyMode: "none";
|
|
927
1011
|
readonly description: "Worktrees are tenant/runtime planning data.";
|
|
928
1012
|
}, {
|
|
929
|
-
readonly component: "
|
|
1013
|
+
readonly component: "control-plane";
|
|
930
1014
|
readonly table: "agents";
|
|
931
1015
|
readonly prepopulation: "runtime_bootstrap";
|
|
932
1016
|
readonly copyMode: "none";
|
|
933
1017
|
readonly description: "Service agents are provisioned per tenant or service, not copied.";
|
|
934
1018
|
}, {
|
|
935
|
-
readonly component: "
|
|
1019
|
+
readonly component: "control-plane";
|
|
936
1020
|
readonly table: "mcpWritePolicy";
|
|
937
1021
|
readonly prepopulation: "required_template";
|
|
938
1022
|
readonly copyMode: "template_global";
|
|
@@ -940,13 +1024,13 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
940
1024
|
readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
|
|
941
1025
|
readonly description: "Global write policy defaults govern service and interactive MCP writes.";
|
|
942
1026
|
}, {
|
|
943
|
-
readonly component: "
|
|
1027
|
+
readonly component: "control-plane";
|
|
944
1028
|
readonly table: "modelCallLogs";
|
|
945
1029
|
readonly prepopulation: "runtime_log";
|
|
946
1030
|
readonly copyMode: "none";
|
|
947
1031
|
readonly description: "Model call logs are runtime telemetry.";
|
|
948
1032
|
}, {
|
|
949
|
-
readonly component: "
|
|
1033
|
+
readonly component: "control-plane";
|
|
950
1034
|
readonly table: "modelFunctionSlots";
|
|
951
1035
|
readonly prepopulation: "required_template";
|
|
952
1036
|
readonly copyMode: "template_global";
|
|
@@ -954,7 +1038,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
954
1038
|
readonly uniqueKey: readonly ["slot"];
|
|
955
1039
|
readonly description: "Function-to-model slots are required by model runtime resolution.";
|
|
956
1040
|
}, {
|
|
957
|
-
readonly component: "
|
|
1041
|
+
readonly component: "control-plane";
|
|
958
1042
|
readonly table: "modelRegistry";
|
|
959
1043
|
readonly prepopulation: "required_template";
|
|
960
1044
|
readonly copyMode: "template_global";
|
|
@@ -962,7 +1046,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
962
1046
|
readonly uniqueKey: readonly ["key"];
|
|
963
1047
|
readonly description: "Model catalog defaults are required by model runtime clients.";
|
|
964
1048
|
}, {
|
|
965
|
-
readonly component: "
|
|
1049
|
+
readonly component: "control-plane";
|
|
966
1050
|
readonly table: "modelSlotConfigs";
|
|
967
1051
|
readonly prepopulation: "required_template";
|
|
968
1052
|
readonly copyMode: "template_global";
|
|
@@ -970,13 +1054,91 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
970
1054
|
readonly uniqueKey: readonly ["slot"];
|
|
971
1055
|
readonly description: "Slot-level defaults are required before tenant overrides exist.";
|
|
972
1056
|
}, {
|
|
973
|
-
readonly component: "
|
|
1057
|
+
readonly component: "control-plane";
|
|
1058
|
+
readonly table: "permitAccessReviewItems";
|
|
1059
|
+
readonly prepopulation: "runtime_data";
|
|
1060
|
+
readonly copyMode: "none";
|
|
1061
|
+
readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
|
|
1062
|
+
}, {
|
|
1063
|
+
readonly component: "control-plane";
|
|
1064
|
+
readonly table: "permitAccessReviews";
|
|
1065
|
+
readonly prepopulation: "runtime_data";
|
|
1066
|
+
readonly copyMode: "none";
|
|
1067
|
+
readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
|
|
1068
|
+
}, {
|
|
1069
|
+
readonly component: "control-plane";
|
|
1070
|
+
readonly table: "permitAttributeBindings";
|
|
1071
|
+
readonly prepopulation: "runtime_data";
|
|
1072
|
+
readonly copyMode: "none";
|
|
1073
|
+
readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
|
|
1074
|
+
}, {
|
|
1075
|
+
readonly component: "control-plane";
|
|
1076
|
+
readonly table: "permitGroups";
|
|
1077
|
+
readonly prepopulation: "runtime_data";
|
|
1078
|
+
readonly copyMode: "none";
|
|
1079
|
+
readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
|
|
1080
|
+
}, {
|
|
1081
|
+
readonly component: "control-plane";
|
|
1082
|
+
readonly table: "permitGroupMemberships";
|
|
1083
|
+
readonly prepopulation: "runtime_data";
|
|
1084
|
+
readonly copyMode: "none";
|
|
1085
|
+
readonly description: "Permit group memberships are tenant-specific policy projection rows.";
|
|
1086
|
+
}, {
|
|
1087
|
+
readonly component: "control-plane";
|
|
1088
|
+
readonly table: "permitPolicyBundles";
|
|
1089
|
+
readonly prepopulation: "runtime_derived";
|
|
1090
|
+
readonly copyMode: "none";
|
|
1091
|
+
readonly description: "Permit policy bundles are derived from the Permit control plane.";
|
|
1092
|
+
}, {
|
|
1093
|
+
readonly component: "control-plane";
|
|
1094
|
+
readonly table: "permitPolicyDecisionReceipts";
|
|
1095
|
+
readonly prepopulation: "runtime_log";
|
|
1096
|
+
readonly copyMode: "none";
|
|
1097
|
+
readonly description: "Permit decision receipts are runtime authorization audit logs.";
|
|
1098
|
+
}, {
|
|
1099
|
+
readonly component: "control-plane";
|
|
1100
|
+
readonly table: "permitPrincipalAliases";
|
|
1101
|
+
readonly prepopulation: "runtime_data";
|
|
1102
|
+
readonly copyMode: "none";
|
|
1103
|
+
readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
|
|
1104
|
+
}, {
|
|
1105
|
+
readonly component: "control-plane";
|
|
1106
|
+
readonly table: "permitPrincipals";
|
|
1107
|
+
readonly prepopulation: "runtime_data";
|
|
1108
|
+
readonly copyMode: "none";
|
|
1109
|
+
readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
|
|
1110
|
+
}, {
|
|
1111
|
+
readonly component: "control-plane";
|
|
1112
|
+
readonly table: "permitProjectionOutbox";
|
|
1113
|
+
readonly prepopulation: "runtime_queue";
|
|
1114
|
+
readonly copyMode: "none";
|
|
1115
|
+
readonly description: "Permit projection outbox rows are runtime sync queue data.";
|
|
1116
|
+
}, {
|
|
1117
|
+
readonly component: "control-plane";
|
|
1118
|
+
readonly table: "permitRelationshipTuples";
|
|
1119
|
+
readonly prepopulation: "runtime_data";
|
|
1120
|
+
readonly copyMode: "none";
|
|
1121
|
+
readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
|
|
1122
|
+
}, {
|
|
1123
|
+
readonly component: "control-plane";
|
|
1124
|
+
readonly table: "permitResourceInstances";
|
|
1125
|
+
readonly prepopulation: "runtime_data";
|
|
1126
|
+
readonly copyMode: "none";
|
|
1127
|
+
readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
|
|
1128
|
+
}, {
|
|
1129
|
+
readonly component: "control-plane";
|
|
1130
|
+
readonly table: "permitRoleAssignments";
|
|
1131
|
+
readonly prepopulation: "runtime_data";
|
|
1132
|
+
readonly copyMode: "none";
|
|
1133
|
+
readonly description: "Permit role assignments are tenant-specific policy projection rows.";
|
|
1134
|
+
}, {
|
|
1135
|
+
readonly component: "control-plane";
|
|
974
1136
|
readonly table: "platformAudienceGrants";
|
|
975
1137
|
readonly prepopulation: "runtime_data";
|
|
976
1138
|
readonly copyMode: "none";
|
|
977
1139
|
readonly description: "Audience grants are principal/group-specific access rows.";
|
|
978
1140
|
}, {
|
|
979
|
-
readonly component: "
|
|
1141
|
+
readonly component: "control-plane";
|
|
980
1142
|
readonly table: "platformAudiences";
|
|
981
1143
|
readonly prepopulation: "required_template";
|
|
982
1144
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -984,31 +1146,31 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
984
1146
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
|
|
985
1147
|
readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
|
|
986
1148
|
}, {
|
|
987
|
-
readonly component: "
|
|
1149
|
+
readonly component: "control-plane";
|
|
988
1150
|
readonly table: "platformPolicyDecisionLogs";
|
|
989
1151
|
readonly prepopulation: "runtime_log";
|
|
990
1152
|
readonly copyMode: "none";
|
|
991
1153
|
readonly description: "Policy decisions are runtime audit logs.";
|
|
992
1154
|
}, {
|
|
993
|
-
readonly component: "
|
|
1155
|
+
readonly component: "control-plane";
|
|
994
1156
|
readonly table: "projectGrants";
|
|
995
1157
|
readonly prepopulation: "runtime_data";
|
|
996
1158
|
readonly copyMode: "none";
|
|
997
1159
|
readonly description: "Project/topic grants are principal or group-specific access rows.";
|
|
998
1160
|
}, {
|
|
999
|
-
readonly component: "
|
|
1161
|
+
readonly component: "control-plane";
|
|
1000
1162
|
readonly table: "reasoningPermissions";
|
|
1001
1163
|
readonly prepopulation: "runtime_data";
|
|
1002
1164
|
readonly copyMode: "none";
|
|
1003
1165
|
readonly description: "Reasoning permissions are principal-specific policy rows.";
|
|
1004
1166
|
}, {
|
|
1005
|
-
readonly component: "
|
|
1167
|
+
readonly component: "control-plane";
|
|
1006
1168
|
readonly table: "tenantApiKeys";
|
|
1007
1169
|
readonly prepopulation: "runtime_secret";
|
|
1008
1170
|
readonly copyMode: "none";
|
|
1009
1171
|
readonly description: "API keys are tenant credentials and must never be copied.";
|
|
1010
1172
|
}, {
|
|
1011
|
-
readonly component: "
|
|
1173
|
+
readonly component: "control-plane";
|
|
1012
1174
|
readonly table: "tenantConfig";
|
|
1013
1175
|
readonly prepopulation: "required_template";
|
|
1014
1176
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1016,7 +1178,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1016
1178
|
readonly uniqueKey: readonly ["tenantId"];
|
|
1017
1179
|
readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
|
|
1018
1180
|
}, {
|
|
1019
|
-
readonly component: "
|
|
1181
|
+
readonly component: "control-plane";
|
|
1020
1182
|
readonly table: "tenantIntegrations";
|
|
1021
1183
|
readonly prepopulation: "required_template";
|
|
1022
1184
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1024,13 +1186,19 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1024
1186
|
readonly uniqueKey: readonly ["tenantId", "integrationKey"];
|
|
1025
1187
|
readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
|
|
1026
1188
|
}, {
|
|
1027
|
-
readonly component: "
|
|
1189
|
+
readonly component: "control-plane";
|
|
1028
1190
|
readonly table: "tenantModelSlotBindings";
|
|
1029
1191
|
readonly prepopulation: "runtime_secret";
|
|
1030
1192
|
readonly copyMode: "none";
|
|
1031
1193
|
readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
|
|
1032
1194
|
}, {
|
|
1033
|
-
readonly component: "
|
|
1195
|
+
readonly component: "control-plane";
|
|
1196
|
+
readonly table: "tenantPermitSyncStates";
|
|
1197
|
+
readonly prepopulation: "runtime_derived";
|
|
1198
|
+
readonly copyMode: "none";
|
|
1199
|
+
readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
|
|
1200
|
+
}, {
|
|
1201
|
+
readonly component: "control-plane";
|
|
1034
1202
|
readonly table: "tenantPolicies";
|
|
1035
1203
|
readonly prepopulation: "required_template";
|
|
1036
1204
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1038,37 +1206,37 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1038
1206
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
|
|
1039
1207
|
readonly description: "Default tenant policy roles are rewritten during bootstrap.";
|
|
1040
1208
|
}, {
|
|
1041
|
-
readonly component: "
|
|
1209
|
+
readonly component: "control-plane";
|
|
1042
1210
|
readonly table: "tenantProviderSecrets";
|
|
1043
1211
|
readonly prepopulation: "runtime_secret";
|
|
1044
1212
|
readonly copyMode: "none";
|
|
1045
1213
|
readonly description: "Provider secrets are credentials and must never be copied.";
|
|
1046
1214
|
}, {
|
|
1047
|
-
readonly component: "
|
|
1215
|
+
readonly component: "control-plane";
|
|
1048
1216
|
readonly table: "tenantProxyGatewayUsage";
|
|
1049
1217
|
readonly prepopulation: "runtime_log";
|
|
1050
1218
|
readonly copyMode: "none";
|
|
1051
1219
|
readonly description: "Proxy gateway usage rows are runtime telemetry.";
|
|
1052
1220
|
}, {
|
|
1053
|
-
readonly component: "
|
|
1221
|
+
readonly component: "control-plane";
|
|
1054
1222
|
readonly table: "tenantProxyTokenMints";
|
|
1055
1223
|
readonly prepopulation: "runtime_secret";
|
|
1056
1224
|
readonly copyMode: "none";
|
|
1057
1225
|
readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
|
|
1058
1226
|
}, {
|
|
1059
|
-
readonly component: "
|
|
1227
|
+
readonly component: "control-plane";
|
|
1060
1228
|
readonly table: "tenantSandboxAuditEvents";
|
|
1061
1229
|
readonly prepopulation: "runtime_log";
|
|
1062
1230
|
readonly copyMode: "none";
|
|
1063
1231
|
readonly description: "Sandbox audit rows are runtime security logs.";
|
|
1064
1232
|
}, {
|
|
1065
|
-
readonly component: "
|
|
1233
|
+
readonly component: "control-plane";
|
|
1066
1234
|
readonly table: "tenantSecrets";
|
|
1067
1235
|
readonly prepopulation: "runtime_secret";
|
|
1068
1236
|
readonly copyMode: "none";
|
|
1069
1237
|
readonly description: "Tenant secrets are credentials and must never be copied.";
|
|
1070
1238
|
}, {
|
|
1071
|
-
readonly component: "
|
|
1239
|
+
readonly component: "control-plane";
|
|
1072
1240
|
readonly table: "toolAcls";
|
|
1073
1241
|
readonly prepopulation: "required_template";
|
|
1074
1242
|
readonly copyMode: "template_global";
|
|
@@ -1076,7 +1244,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1076
1244
|
readonly uniqueKey: readonly ["role", "toolName"];
|
|
1077
1245
|
readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
|
|
1078
1246
|
}, {
|
|
1079
|
-
readonly component: "
|
|
1247
|
+
readonly component: "control-plane";
|
|
1080
1248
|
readonly table: "toolRegistry";
|
|
1081
1249
|
readonly prepopulation: "required_template";
|
|
1082
1250
|
readonly copyMode: "template_global";
|
|
@@ -1084,7 +1252,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1084
1252
|
readonly uniqueKey: readonly ["toolName"];
|
|
1085
1253
|
readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
|
|
1086
1254
|
}, {
|
|
1087
|
-
readonly component: "
|
|
1255
|
+
readonly component: "control-plane";
|
|
1088
1256
|
readonly table: "users";
|
|
1089
1257
|
readonly prepopulation: "runtime_bootstrap";
|
|
1090
1258
|
readonly copyMode: "none";
|