@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26818 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +9 -4
  102. package/dist/index.js +31371 -381
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1623 -3
  105. package/dist/infisical-runtime.contract.js +2819 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1550 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2672 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/permit-principal-projection.contract.d.ts +74 -0
  117. package/dist/permit-principal-projection.contract.js +161 -0
  118. package/dist/permit-principal-projection.contract.js.map +1 -0
  119. package/dist/projections/check-convex-args-shape.js +10 -6
  120. package/dist/projections/check-convex-args-shape.js.map +1 -1
  121. package/dist/projections/create-evidence.projection.d.ts +6 -6
  122. package/dist/projections/create-evidence.projection.js +2 -3
  123. package/dist/projections/create-evidence.projection.js.map +1 -1
  124. package/dist/projections/index.d.ts +3 -3
  125. package/dist/projections/index.js +10 -6
  126. package/dist/projections/index.js.map +1 -1
  127. package/dist/projections/list-tasks.projection.d.ts +20 -8
  128. package/dist/projections/list-tasks.projection.js +8 -3
  129. package/dist/projections/list-tasks.projection.js.map +1 -1
  130. package/dist/proof-attestation.json +45 -0
  131. package/dist/schemas/component-table-manifest.d.ts +6 -6
  132. package/dist/schemas/component-table-manifest.js +2 -2
  133. package/dist/schemas/component-table-manifest.js.map +1 -1
  134. package/dist/schemas/index.d.ts +2 -2
  135. package/dist/schemas/index.js +1088 -137
  136. package/dist/schemas/index.js.map +1 -1
  137. package/dist/schemas/manifest.d.ts +2010 -120
  138. package/dist/schemas/manifest.js +1086 -135
  139. package/dist/schemas/manifest.js.map +1 -1
  140. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  141. package/dist/schemas/tables/controlPlane/accessControl.js +655 -0
  142. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  145. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  148. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  151. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  154. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  157. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  158. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  159. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  160. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  161. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  162. package/dist/schemas/tables/kernel/config.js.map +1 -1
  163. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  164. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  165. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  166. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  167. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  168. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  169. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  170. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  173. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  174. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  175. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  176. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  177. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  178. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  179. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  180. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  181. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  182. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  183. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  184. package/dist/schemas/tables/kernel/spine.js +1 -0
  185. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  186. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  187. package/dist/schemas/tables/kernel/task.js.map +1 -1
  188. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  189. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  190. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  191. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  192. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  193. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  194. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  195. package/dist/schemas/tables/mc/identity.js +32 -1
  196. package/dist/schemas/tables/mc/identity.js.map +1 -1
  197. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  198. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  199. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  200. package/dist/schemas/tables/mc/pack.js.map +1 -1
  201. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  202. package/dist/schemas/tables/mc/policy.js +1 -1
  203. package/dist/schemas/tables/mc/policy.js.map +1 -1
  204. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  205. package/dist/schemas/tables/mc/registry.js.map +1 -1
  206. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  207. package/dist/schemas/tables/mc/runtime.js +330 -104
  208. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  209. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  210. package/dist/schemas/tables/mc/tenant.js +2 -1
  211. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  212. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  213. package/dist/schemas/tables/mc/workspace.js +34 -2
  214. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  215. package/dist/sdk-tools.contract.js +26 -1
  216. package/dist/sdk-tools.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  218. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  219. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  220. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  221. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  222. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  223. package/dist/tenant-client.contract.d.ts +12 -12
  224. package/dist/tenant-client.contract.js +11 -11
  225. package/dist/tenant-client.contract.js.map +1 -1
  226. package/dist/tool-contracts.js +26 -1
  227. package/dist/tool-contracts.js.map +1 -1
  228. package/package.json +22 -1
  229. package/dist/schemas/tables/identity/agent.js.map +0 -1
  230. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  231. package/dist/schemas/tables/identity/model.js.map +0 -1
  232. package/dist/schemas/tables/identity/platform.js.map +0 -1
  233. package/dist/schemas/tables/identity/project.js.map +0 -1
  234. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -210,7 +210,7 @@ var toolRegistryEntries = defineTable({
210
210
  });
211
211
  var agents = defineTable({
212
212
  name: "agents",
213
- component: "identity",
213
+ component: "control-plane",
214
214
  category: "agent",
215
215
  shape: z.object({
216
216
  "slug": z.string(),
@@ -241,6 +241,7 @@ var apiKeys = defineTable({
241
241
  category: "tenant",
242
242
  shape: z.object({
243
243
  "tenantId": idOf("tenants"),
244
+ "workspaceId": idOf("workspaces").optional(),
244
245
  "keyPrefix": z.enum(["luc", "stk"]),
245
246
  "keyHash": z.string(),
246
247
  "keyHint": z.string(),
@@ -268,7 +269,7 @@ var auditLog = defineTable({
268
269
  shape: z.object({
269
270
  "tenantId": idOf("tenants").optional(),
270
271
  "apiKeyId": idOf("apiKeys").optional(),
271
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
272
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
272
273
  "actorClerkId": z.string(),
273
274
  "details": z.any().optional(),
274
275
  "createdAt": z.number()
@@ -1147,29 +1148,37 @@ var compatibilityShims = defineTable({
1147
1148
  component: "mc",
1148
1149
  category: "runtime",
1149
1150
  shape: z.object({
1150
- "shimId": z.string(),
1151
- "gateId": z.string(),
1152
- "removalDate": z.string(),
1153
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1154
- "description": z.string(),
1155
- "owner": z.string(),
1156
- "createdAt": z.string(),
1157
- "status": z.enum(["active", "overdue", "removed"]),
1158
- "bridgeType": z.enum(["tool", "agent"]),
1159
- "bridgeTarget": z.object({
1160
- "type": z.enum(["tool", "agent"]),
1161
- "legacyPath": z.string(),
1162
- "harnessPath": z.string()
1151
+ shimId: z.string(),
1152
+ gateId: z.string(),
1153
+ removalDate: z.string(),
1154
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1155
+ description: z.string(),
1156
+ owner: z.string(),
1157
+ createdAt: z.string(),
1158
+ status: z.enum(["active", "overdue", "removed"]),
1159
+ bridgeType: z.enum(["tool", "agent"]),
1160
+ bridgeTarget: z.object({
1161
+ type: z.enum(["tool", "agent"]),
1162
+ legacyPath: z.string(),
1163
+ harnessPath: z.string()
1163
1164
  }),
1164
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1165
- "producesLedgerEntries": z.boolean(),
1166
- "lastAuditedAt": z.number(),
1167
- "metadata": z.record(z.any()).optional()
1165
+ shimBehavior: z.enum([
1166
+ "passthrough_with_logging",
1167
+ "adapter",
1168
+ "feature_flag_gate"
1169
+ ]),
1170
+ producesLedgerEntries: z.boolean(),
1171
+ lastAuditedAt: z.number(),
1172
+ metadata: z.record(z.any()).optional()
1168
1173
  }),
1169
1174
  indices: [
1170
1175
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1171
1176
  { kind: "index", name: "by_status", columns: ["status"] },
1172
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1177
+ {
1178
+ kind: "index",
1179
+ name: "by_bridgeType_status",
1180
+ columns: ["bridgeType", "status"]
1181
+ }
1173
1182
  ]
1174
1183
  });
1175
1184
  var cutoverFlags = defineTable({
@@ -1177,12 +1186,23 @@ var cutoverFlags = defineTable({
1177
1186
  component: "mc",
1178
1187
  category: "runtime",
1179
1188
  shape: z.object({
1180
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1181
- "state": z.enum(["legacy", "cutover", "disabled"]),
1182
- "metadata": z.record(z.any()).optional(),
1183
- "updatedBy": z.string(),
1184
- "createdAt": z.number(),
1185
- "updatedAt": z.number()
1189
+ domain: z.enum([
1190
+ "graph",
1191
+ "schema",
1192
+ "identity",
1193
+ "policy",
1194
+ "audit",
1195
+ "admin",
1196
+ "agent",
1197
+ "tool",
1198
+ "prompt",
1199
+ "intelligence"
1200
+ ]),
1201
+ state: z.enum(["legacy", "cutover", "disabled"]),
1202
+ metadata: z.record(z.any()).optional(),
1203
+ updatedBy: z.string(),
1204
+ createdAt: z.number(),
1205
+ updatedAt: z.number()
1186
1206
  }),
1187
1207
  indices: [
1188
1208
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1194,57 +1214,193 @@ var tenantDeploymentCredentials = defineTable({
1194
1214
  component: "mc",
1195
1215
  category: "runtime",
1196
1216
  shape: z.object({
1197
- "credentialRef": z.string(),
1198
- "tenantId": idOf("tenants"),
1199
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1200
- "environment": z.enum(["dev", "staging", "prod"]),
1201
- "encryptedDeployKey": z.string(),
1202
- "encryptionVersion": z.string(),
1203
- "keyFingerprint": z.string(),
1204
- "keyHint": z.string(),
1205
- "status": z.enum(["active", "revoked"]),
1206
- "rotatedFromCredentialRef": z.string().optional(),
1207
- "revokedAt": z.number().optional(),
1208
- "revokedBy": z.string().optional(),
1209
- "lastUsedAt": z.number().optional(),
1210
- "metadata": z.record(z.any()).optional(),
1211
- "createdBy": z.string(),
1212
- "createdAt": z.number(),
1213
- "updatedAt": z.number()
1217
+ credentialRef: z.string(),
1218
+ tenantId: idOf("tenants"),
1219
+ workspaceId: idOf("workspaces").optional(),
1220
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1221
+ environment: z.enum(["dev", "staging", "prod"]),
1222
+ encryptedDeployKey: z.string(),
1223
+ encryptionVersion: z.string(),
1224
+ keyFingerprint: z.string(),
1225
+ keyHint: z.string(),
1226
+ status: z.enum(["active", "revoked"]),
1227
+ rotatedFromCredentialRef: z.string().optional(),
1228
+ revokedAt: z.number().optional(),
1229
+ revokedBy: z.string().optional(),
1230
+ lastUsedAt: z.number().optional(),
1231
+ metadata: z.record(z.any()).optional(),
1232
+ createdBy: z.string(),
1233
+ createdAt: z.number(),
1234
+ updatedAt: z.number()
1214
1235
  }),
1215
1236
  indices: [
1216
1237
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1217
1238
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1218
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1219
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1220
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1239
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1240
+ {
1241
+ kind: "index",
1242
+ name: "by_tenant_target",
1243
+ columns: ["tenantId", "target"]
1244
+ },
1245
+ {
1246
+ kind: "index",
1247
+ name: "by_tenant_target_environment",
1248
+ columns: ["tenantId", "target", "environment"]
1249
+ },
1250
+ {
1251
+ kind: "index",
1252
+ name: "by_tenant_target_environment_status",
1253
+ columns: ["tenantId", "target", "environment", "status"]
1254
+ },
1255
+ {
1256
+ kind: "index",
1257
+ name: "by_tenant_workspace_target_environment_status",
1258
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1259
+ },
1221
1260
  { kind: "index", name: "by_status", columns: ["status"] }
1222
1261
  ]
1223
1262
  });
1263
+ var permitSyncStates = defineTable({
1264
+ name: "permitSyncStates",
1265
+ component: "mc",
1266
+ category: "runtime",
1267
+ shape: z.object({
1268
+ syncKey: z.string(),
1269
+ objectType: z.enum([
1270
+ "resource",
1271
+ "role",
1272
+ "resource_role",
1273
+ "resource_relation",
1274
+ "tenant",
1275
+ "workspace",
1276
+ "principal",
1277
+ "membership",
1278
+ "group",
1279
+ "resource_instance",
1280
+ "relationship_tuple",
1281
+ "role_assignment"
1282
+ ]),
1283
+ objectId: z.string(),
1284
+ tenantId: idOf("tenants").optional(),
1285
+ workspaceId: idOf("workspaces").optional(),
1286
+ principalId: z.string().optional(),
1287
+ permitTenantKey: z.string().optional(),
1288
+ permitResourceType: z.string().optional(),
1289
+ permitResourceKey: z.string().optional(),
1290
+ desiredPayload: z.record(z.any()),
1291
+ lastAppliedPayloadHash: z.string().optional(),
1292
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1293
+ attemptCount: z.number(),
1294
+ lastError: z.string().optional(),
1295
+ nextAttemptAt: z.number().optional(),
1296
+ lastSyncedAt: z.number().optional(),
1297
+ createdBy: z.string(),
1298
+ updatedBy: z.string().optional(),
1299
+ createdAt: z.number(),
1300
+ updatedAt: z.number()
1301
+ }),
1302
+ indices: [
1303
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1304
+ { kind: "index", name: "by_status", columns: ["status"] },
1305
+ {
1306
+ kind: "index",
1307
+ name: "by_tenant_status",
1308
+ columns: ["tenantId", "status"]
1309
+ },
1310
+ {
1311
+ kind: "index",
1312
+ name: "by_workspace_status",
1313
+ columns: ["workspaceId", "status"]
1314
+ },
1315
+ {
1316
+ kind: "index",
1317
+ name: "by_principal_status",
1318
+ columns: ["principalId", "status"]
1319
+ }
1320
+ ]
1321
+ });
1322
+ var secretSyncDriftReports = defineTable({
1323
+ name: "secretSyncDriftReports",
1324
+ component: "mc",
1325
+ category: "runtime",
1326
+ shape: z.object({
1327
+ reportId: z.string(),
1328
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1329
+ generatedAt: z.number(),
1330
+ recordedAt: z.number(),
1331
+ recordedBy: z.string(),
1332
+ status: z.enum([
1333
+ "in_sync",
1334
+ "drift",
1335
+ "exception",
1336
+ "blocked",
1337
+ "not_observed"
1338
+ ]),
1339
+ reportHash: z.string(),
1340
+ manifestHash: z.string().optional(),
1341
+ dryRunReceiptId: z.string().optional(),
1342
+ appliedReceiptId: z.string().optional(),
1343
+ summary: z.object({
1344
+ totalPipelines: z.number(),
1345
+ inSync: z.number(),
1346
+ drift: z.number(),
1347
+ exception: z.number(),
1348
+ blocked: z.number(),
1349
+ notObserved: z.number(),
1350
+ missingKeys: z.number(),
1351
+ valueDriftKeys: z.number(),
1352
+ extraKeys: z.number(),
1353
+ deniedConvexLeakage: z.number(),
1354
+ approvedExceptions: z.number()
1355
+ }),
1356
+ redactedReport: z.record(z.any()),
1357
+ metadata: z.record(z.any()).optional()
1358
+ }),
1359
+ indices: [
1360
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1361
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1362
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1363
+ {
1364
+ kind: "index",
1365
+ name: "by_status_generatedAt",
1366
+ columns: ["status", "generatedAt"]
1367
+ }
1368
+ ]
1369
+ });
1224
1370
  var controlPlaneTenantModelSlotBindings = defineTable({
1225
1371
  name: "controlPlaneTenantModelSlotBindings",
1226
1372
  component: "mc",
1227
1373
  category: "runtime",
1228
1374
  shape: z.object({
1229
- "bindingId": z.string(),
1230
- "tenantId": idOf("tenants"),
1231
- "providerId": z.string(),
1232
- "modelSlotId": z.string(),
1233
- "secretRef": z.string(),
1234
- "status": z.enum(["active", "revoked"]),
1235
- "passThroughOnly": z.boolean(),
1236
- "revokedAt": z.number().optional(),
1237
- "revokedBy": z.string().optional(),
1238
- "metadata": z.record(z.any()).optional(),
1239
- "createdBy": z.string(),
1240
- "createdAt": z.number(),
1241
- "updatedAt": z.number()
1375
+ bindingId: z.string(),
1376
+ tenantId: idOf("tenants"),
1377
+ workspaceId: idOf("workspaces").optional(),
1378
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1379
+ providerId: z.string(),
1380
+ modelSlotId: z.string(),
1381
+ secretRef: z.string(),
1382
+ status: z.enum(["active", "revoked"]),
1383
+ passThroughOnly: z.boolean(),
1384
+ revokedAt: z.number().optional(),
1385
+ revokedBy: z.string().optional(),
1386
+ metadata: z.record(z.any()).optional(),
1387
+ createdBy: z.string(),
1388
+ createdAt: z.number(),
1389
+ updatedAt: z.number()
1242
1390
  }),
1243
1391
  indices: [
1244
1392
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1245
1393
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1246
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1247
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1394
+ {
1395
+ kind: "index",
1396
+ name: "by_tenant_slot",
1397
+ columns: ["tenantId", "modelSlotId"]
1398
+ },
1399
+ {
1400
+ kind: "index",
1401
+ name: "by_tenant_provider_slot",
1402
+ columns: ["tenantId", "providerId", "modelSlotId"]
1403
+ },
1248
1404
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1249
1405
  { kind: "index", name: "by_status", columns: ["status"] }
1250
1406
  ]
@@ -1254,29 +1410,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1254
1410
  component: "mc",
1255
1411
  category: "runtime",
1256
1412
  shape: z.object({
1257
- "secretRef": z.string(),
1258
- "tenantId": idOf("tenants"),
1259
- "providerId": z.string(),
1260
- "label": z.string().optional(),
1261
- "encryptedSecret": z.string(),
1262
- "encryptionVersion": z.string(),
1263
- "secretFingerprint": z.string(),
1264
- "keyHint": z.string(),
1265
- "status": z.enum(["active", "revoked"]),
1266
- "rotatedFromSecretRef": z.string().optional(),
1267
- "revokedAt": z.number().optional(),
1268
- "revokedBy": z.string().optional(),
1269
- "lastUsedAt": z.number().optional(),
1270
- "metadata": z.record(z.any()).optional(),
1271
- "createdBy": z.string(),
1272
- "createdAt": z.number(),
1273
- "updatedAt": z.number()
1413
+ secretRef: z.string(),
1414
+ tenantId: idOf("tenants"),
1415
+ workspaceId: idOf("workspaces").optional(),
1416
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1417
+ providerId: z.string(),
1418
+ label: z.string().optional(),
1419
+ encryptedSecret: z.string().optional(),
1420
+ infisicalPath: z.string().optional(),
1421
+ infisicalSecretKey: z.string().optional(),
1422
+ infisicalProjectId: z.string().optional(),
1423
+ encryptionVersion: z.string(),
1424
+ secretFingerprint: z.string(),
1425
+ keyHint: z.string(),
1426
+ status: z.enum(["active", "revoked"]),
1427
+ rotatedFromSecretRef: z.string().optional(),
1428
+ revokedAt: z.number().optional(),
1429
+ revokedBy: z.string().optional(),
1430
+ lastUsedAt: z.number().optional(),
1431
+ metadata: z.record(z.any()).optional(),
1432
+ createdBy: z.string(),
1433
+ createdAt: z.number(),
1434
+ updatedAt: z.number()
1274
1435
  }),
1275
1436
  indices: [
1276
1437
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1277
1438
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1278
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1279
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1439
+ {
1440
+ kind: "index",
1441
+ name: "by_tenant_provider",
1442
+ columns: ["tenantId", "providerId"]
1443
+ },
1444
+ {
1445
+ kind: "index",
1446
+ name: "by_tenant_provider_status",
1447
+ columns: ["tenantId", "providerId", "status"]
1448
+ },
1280
1449
  { kind: "index", name: "by_status", columns: ["status"] }
1281
1450
  ]
1282
1451
  });
@@ -1285,35 +1454,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1285
1454
  component: "mc",
1286
1455
  category: "runtime",
1287
1456
  shape: z.object({
1288
- "usageId": z.string(),
1289
- "tenantId": idOf("tenants"),
1290
- "providerId": z.string(),
1291
- "modelSlotId": z.string(),
1292
- "secretRef": z.string(),
1293
- "proxyTokenId": z.string(),
1294
- "sessionId": z.string(),
1295
- "principalId": z.string(),
1296
- "workspaceId": z.string().optional(),
1297
- "modelId": z.string().optional(),
1298
- "requestPath": z.string(),
1299
- "status": z.enum(["success", "error"]),
1300
- "responseStatus": z.number().optional(),
1301
- "inputTokens": z.number().optional(),
1302
- "outputTokens": z.number().optional(),
1303
- "tokenCount": z.number().optional(),
1304
- "latencyMs": z.number(),
1305
- "estimatedCostUsd": z.number().optional(),
1306
- "failureCode": z.string().optional(),
1307
- "metadata": z.record(z.any()).optional(),
1308
- "createdAt": z.number(),
1309
- "updatedAt": z.number()
1457
+ usageId: z.string(),
1458
+ tenantId: idOf("tenants"),
1459
+ providerId: z.string(),
1460
+ modelSlotId: z.string(),
1461
+ secretRef: z.string(),
1462
+ proxyTokenId: z.string(),
1463
+ sessionId: z.string(),
1464
+ principalId: z.string(),
1465
+ workspaceId: z.string().optional(),
1466
+ modelId: z.string().optional(),
1467
+ requestPath: z.string(),
1468
+ status: z.enum(["success", "error"]),
1469
+ responseStatus: z.number().optional(),
1470
+ inputTokens: z.number().optional(),
1471
+ outputTokens: z.number().optional(),
1472
+ tokenCount: z.number().optional(),
1473
+ latencyMs: z.number(),
1474
+ estimatedCostUsd: z.number().optional(),
1475
+ failureCode: z.string().optional(),
1476
+ metadata: z.record(z.any()).optional(),
1477
+ createdAt: z.number(),
1478
+ updatedAt: z.number()
1310
1479
  }),
1311
1480
  indices: [
1312
1481
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1313
1482
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1314
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1315
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1316
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1483
+ {
1484
+ kind: "index",
1485
+ name: "by_tenant_provider",
1486
+ columns: ["tenantId", "providerId", "createdAt"]
1487
+ },
1488
+ {
1489
+ kind: "index",
1490
+ name: "by_proxyTokenId",
1491
+ columns: ["proxyTokenId", "createdAt"]
1492
+ },
1493
+ {
1494
+ kind: "index",
1495
+ name: "by_sessionId",
1496
+ columns: ["sessionId", "createdAt"]
1497
+ }
1498
+ ]
1499
+ });
1500
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1501
+ name: "controlPlaneTenantProxyTokenLeases",
1502
+ component: "mc",
1503
+ category: "runtime",
1504
+ shape: z.object({
1505
+ leaseId: z.string(),
1506
+ proxyTokenId: z.string(),
1507
+ tenantId: idOf("tenants"),
1508
+ workspaceId: idOf("workspaces").optional(),
1509
+ environment: z.enum(["dev", "staging", "prod"]),
1510
+ providerId: z.string(),
1511
+ modelSlotId: z.string(),
1512
+ bindingId: z.string(),
1513
+ secretRef: z.string(),
1514
+ sessionId: z.string(),
1515
+ principalId: z.string(),
1516
+ agentSessionId: z.string().optional(),
1517
+ status: z.enum(["active", "revoked"]),
1518
+ expiresAt: z.number(),
1519
+ renewedAt: z.number().optional(),
1520
+ revokedAt: z.number().optional(),
1521
+ revokedBy: z.string().optional(),
1522
+ revokeReason: z.string().optional(),
1523
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1524
+ permitTraceId: z.string().optional(),
1525
+ metadata: z.record(z.any()).optional(),
1526
+ createdAt: z.number(),
1527
+ updatedAt: z.number()
1528
+ }),
1529
+ indices: [
1530
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1531
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1532
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1533
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1534
+ {
1535
+ kind: "index",
1536
+ name: "by_principalId",
1537
+ columns: ["principalId", "createdAt"]
1538
+ },
1539
+ {
1540
+ kind: "index",
1541
+ name: "by_status_expiresAt",
1542
+ columns: ["status", "expiresAt"]
1543
+ }
1317
1544
  ]
1318
1545
  });
1319
1546
  var crossProjectConnections = defineTable({
@@ -1646,6 +1873,7 @@ var epistemicNodes = defineTable({
1646
1873
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1647
1874
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1648
1875
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1876
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1649
1877
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1650
1878
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1651
1879
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1796,6 +2024,7 @@ var memberships = defineTable({
1796
2024
  indices: [
1797
2025
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1798
2026
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2027
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1799
2028
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1800
2029
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1801
2030
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1827,6 +2056,36 @@ var principals = defineTable({
1827
2056
  { kind: "index", name: "by_status", columns: ["status"] }
1828
2057
  ]
1829
2058
  });
2059
+ var principalIdentityAliases = defineTable({
2060
+ name: "principalIdentityAliases",
2061
+ component: "mc",
2062
+ category: "identity",
2063
+ shape: z.object({
2064
+ "principalId": z.string(),
2065
+ "principalRefId": idOf("principals").optional(),
2066
+ "provider": z.string(),
2067
+ "providerProjectId": z.string().optional(),
2068
+ "externalSubjectId": z.string(),
2069
+ "tenantId": idOf("tenants").optional(),
2070
+ "workspaceId": idOf("workspaces").optional(),
2071
+ "email": z.string().optional(),
2072
+ "status": z.enum(["active", "revoked"]),
2073
+ "metadata": z.record(z.any()).optional(),
2074
+ "createdBy": z.string(),
2075
+ "revokedAt": z.number().optional(),
2076
+ "revokedBy": z.string().optional(),
2077
+ "createdAt": z.number(),
2078
+ "updatedAt": z.number()
2079
+ }),
2080
+ indices: [
2081
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2082
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2083
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2084
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2085
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2086
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2087
+ ]
2088
+ });
1830
2089
  var rateLimitWindows = defineTable({
1831
2090
  name: "rateLimitWindows",
1832
2091
  component: "mc",
@@ -2416,7 +2675,7 @@ var lensTopicBindings = defineTable({
2416
2675
  });
2417
2676
  var mcpWritePolicy = defineTable({
2418
2677
  name: "mcpWritePolicy",
2419
- component: "identity",
2678
+ component: "control-plane",
2420
2679
  category: "platform",
2421
2680
  shape: z.object({
2422
2681
  "topicId": z.string().optional(),
@@ -2439,7 +2698,7 @@ var mcpWritePolicy = defineTable({
2439
2698
  });
2440
2699
  var platformAudienceGrants = defineTable({
2441
2700
  name: "platformAudienceGrants",
2442
- component: "identity",
2701
+ component: "control-plane",
2443
2702
  category: "platform",
2444
2703
  shape: z.object({
2445
2704
  "tenantId": z.string(),
@@ -2465,7 +2724,7 @@ var platformAudienceGrants = defineTable({
2465
2724
  });
2466
2725
  var platformAudiences = defineTable({
2467
2726
  name: "platformAudiences",
2468
- component: "identity",
2727
+ component: "control-plane",
2469
2728
  category: "platform",
2470
2729
  shape: z.object({
2471
2730
  "tenantId": z.string(),
@@ -2490,7 +2749,7 @@ var platformAudiences = defineTable({
2490
2749
  });
2491
2750
  var platformPolicyDecisionLogs = defineTable({
2492
2751
  name: "platformPolicyDecisionLogs",
2493
- component: "identity",
2752
+ component: "control-plane",
2494
2753
  category: "platform",
2495
2754
  shape: z.object({
2496
2755
  "principalId": z.string(),
@@ -2526,7 +2785,7 @@ var platformPolicyDecisionLogs = defineTable({
2526
2785
  });
2527
2786
  var tenantApiKeys = defineTable({
2528
2787
  name: "tenantApiKeys",
2529
- component: "identity",
2788
+ component: "control-plane",
2530
2789
  category: "platform",
2531
2790
  shape: z.object({
2532
2791
  "tenantId": z.string(),
@@ -2553,7 +2812,7 @@ var tenantApiKeys = defineTable({
2553
2812
  });
2554
2813
  var tenantConfig = defineTable({
2555
2814
  name: "tenantConfig",
2556
- component: "identity",
2815
+ component: "control-plane",
2557
2816
  category: "platform",
2558
2817
  shape: z.object({
2559
2818
  "tenantId": z.string(),
@@ -2572,7 +2831,7 @@ var tenantConfig = defineTable({
2572
2831
  });
2573
2832
  var tenantIntegrations = defineTable({
2574
2833
  name: "tenantIntegrations",
2575
- component: "identity",
2834
+ component: "control-plane",
2576
2835
  category: "platform",
2577
2836
  shape: z.object({
2578
2837
  "tenantId": z.string(),
@@ -2627,7 +2886,7 @@ var tenantIntegrations = defineTable({
2627
2886
  });
2628
2887
  var tenantModelSlotBindings = defineTable({
2629
2888
  name: "tenantModelSlotBindings",
2630
- component: "identity",
2889
+ component: "control-plane",
2631
2890
  category: "platform",
2632
2891
  shape: z.object({
2633
2892
  "bindingId": z.string(),
@@ -2655,7 +2914,7 @@ var tenantModelSlotBindings = defineTable({
2655
2914
  });
2656
2915
  var tenantPolicies = defineTable({
2657
2916
  name: "tenantPolicies",
2658
- component: "identity",
2917
+ component: "control-plane",
2659
2918
  category: "platform",
2660
2919
  shape: z.object({
2661
2920
  "tenantId": z.string(),
@@ -2680,7 +2939,7 @@ var tenantPolicies = defineTable({
2680
2939
  });
2681
2940
  var tenantProviderSecrets = defineTable({
2682
2941
  name: "tenantProviderSecrets",
2683
- component: "identity",
2942
+ component: "control-plane",
2684
2943
  category: "platform",
2685
2944
  shape: z.object({
2686
2945
  "secretRef": z.string(),
@@ -2711,7 +2970,7 @@ var tenantProviderSecrets = defineTable({
2711
2970
  });
2712
2971
  var tenantProxyGatewayUsage = defineTable({
2713
2972
  name: "tenantProxyGatewayUsage",
2714
- component: "identity",
2973
+ component: "control-plane",
2715
2974
  category: "platform",
2716
2975
  shape: z.object({
2717
2976
  "usageId": z.string(),
@@ -2746,7 +3005,7 @@ var tenantProxyGatewayUsage = defineTable({
2746
3005
  });
2747
3006
  var tenantProxyTokenMints = defineTable({
2748
3007
  name: "tenantProxyTokenMints",
2749
- component: "identity",
3008
+ component: "control-plane",
2750
3009
  category: "platform",
2751
3010
  shape: z.object({
2752
3011
  "proxyTokenId": z.string(),
@@ -2769,7 +3028,7 @@ var tenantProxyTokenMints = defineTable({
2769
3028
  });
2770
3029
  var tenantSandboxAuditEvents = defineTable({
2771
3030
  name: "tenantSandboxAuditEvents",
2772
- component: "identity",
3031
+ component: "control-plane",
2773
3032
  category: "platform",
2774
3033
  shape: z.object({
2775
3034
  "eventId": z.string(),
@@ -2803,7 +3062,7 @@ var tenantSandboxAuditEvents = defineTable({
2803
3062
  });
2804
3063
  var tenantSecrets = defineTable({
2805
3064
  name: "tenantSecrets",
2806
- component: "identity",
3065
+ component: "control-plane",
2807
3066
  category: "platform",
2808
3067
  shape: z.object({
2809
3068
  "tenantId": z.string(),
@@ -2825,7 +3084,7 @@ var tenantSecrets = defineTable({
2825
3084
  });
2826
3085
  var toolAcls = defineTable({
2827
3086
  name: "toolAcls",
2828
- component: "identity",
3087
+ component: "control-plane",
2829
3088
  category: "platform",
2830
3089
  shape: z.object({
2831
3090
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2840,7 +3099,7 @@ var toolAcls = defineTable({
2840
3099
  });
2841
3100
  var toolRegistry = defineTable({
2842
3101
  name: "toolRegistry",
2843
- component: "identity",
3102
+ component: "control-plane",
2844
3103
  category: "platform",
2845
3104
  shape: z.object({
2846
3105
  "toolName": z.string(),
@@ -2921,7 +3180,7 @@ var tenantMethodologyAssignments = defineTable({
2921
3180
  });
2922
3181
  var modelCallLogs = defineTable({
2923
3182
  name: "modelCallLogs",
2924
- component: "identity",
3183
+ component: "control-plane",
2925
3184
  category: "model",
2926
3185
  shape: z.object({
2927
3186
  "slot": z.string(),
@@ -2947,7 +3206,7 @@ var modelCallLogs = defineTable({
2947
3206
  });
2948
3207
  var modelFunctionSlots = defineTable({
2949
3208
  name: "modelFunctionSlots",
2950
- component: "identity",
3209
+ component: "control-plane",
2951
3210
  category: "model",
2952
3211
  shape: z.object({
2953
3212
  "slot": z.string(),
@@ -2972,7 +3231,7 @@ var modelFunctionSlots = defineTable({
2972
3231
  });
2973
3232
  var modelRegistry = defineTable({
2974
3233
  name: "modelRegistry",
2975
- component: "identity",
3234
+ component: "control-plane",
2976
3235
  category: "model",
2977
3236
  shape: z.object({
2978
3237
  "key": z.string(),
@@ -2999,7 +3258,7 @@ var modelRegistry = defineTable({
2999
3258
  });
3000
3259
  var modelSlotConfigs = defineTable({
3001
3260
  name: "modelSlotConfigs",
3002
- component: "identity",
3261
+ component: "control-plane",
3003
3262
  category: "model",
3004
3263
  shape: z.object({
3005
3264
  "slot": z.string(),
@@ -3386,7 +3645,7 @@ var policyDecisionLogs = defineTable({
3386
3645
  "workspaceId": idOf("workspaces").optional(),
3387
3646
  "resourceType": z.string(),
3388
3647
  "resourceId": z.string(),
3389
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3648
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3390
3649
  "decision": z.enum(["allow", "deny"]),
3391
3650
  "reasonCode": z.string(),
3392
3651
  "policyVersion": z.string(),
@@ -3448,7 +3707,7 @@ var controlPlaneToolAcls = defineTable({
3448
3707
  });
3449
3708
  var projectGrants = defineTable({
3450
3709
  name: "projectGrants",
3451
- component: "identity",
3710
+ component: "control-plane",
3452
3711
  category: "project",
3453
3712
  shape: z.object({
3454
3713
  "projectId": z.string().optional(),
@@ -3480,9 +3739,650 @@ var projectGrants = defineTable({
3480
3739
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3481
3740
  ]
3482
3741
  });
3742
+ var permitActorType = z.enum([
3743
+ "human",
3744
+ "agent",
3745
+ "service_principal",
3746
+ "external_stakeholder",
3747
+ "system"
3748
+ ]);
3749
+ var permitMembershipStatus = z.enum([
3750
+ "active",
3751
+ "invited",
3752
+ "revoked",
3753
+ "suspended",
3754
+ "disabled"
3755
+ ]);
3756
+ var permitDecision = z.enum(["allow", "deny"]);
3757
+ var permitAccessReviewStatus = z.enum([
3758
+ "open",
3759
+ "in_progress",
3760
+ "approved",
3761
+ "denied",
3762
+ "expired",
3763
+ "cancelled"
3764
+ ]);
3765
+ var permitReviewScope = z.enum([
3766
+ "tenant",
3767
+ "workspace",
3768
+ "resource_instance",
3769
+ "group",
3770
+ "principal",
3771
+ "api_key",
3772
+ "admin_action"
3773
+ ]);
3774
+ var permitRecordStatus = z.enum([
3775
+ "queued",
3776
+ "inflight",
3777
+ "completed",
3778
+ "failed",
3779
+ "skipped",
3780
+ "stale"
3781
+ ]);
3782
+ var permitObjectType = z.enum([
3783
+ "resource",
3784
+ "role",
3785
+ "resource_role",
3786
+ "resource_relation",
3787
+ "tenant",
3788
+ "workspace",
3789
+ "principal",
3790
+ "membership",
3791
+ "group",
3792
+ "resource_instance",
3793
+ "relationship_tuple",
3794
+ "role_assignment",
3795
+ "attribute_binding",
3796
+ "policy_bundle"
3797
+ ]);
3798
+ var permitOutboxOperation = z.enum([
3799
+ "upsert",
3800
+ "delete",
3801
+ "sync",
3802
+ "resync",
3803
+ "delete_sync",
3804
+ "noop"
3805
+ ]);
3806
+ var permitPolicyBundleStatus = z.enum([
3807
+ "draft",
3808
+ "validated",
3809
+ "enforced",
3810
+ "archived"
3811
+ ]);
3812
+ var permitSyncStatus = z.enum([
3813
+ "pending",
3814
+ "synced",
3815
+ "error",
3816
+ "skipped"
3817
+ ]);
3818
+ var permitAccessReviewSubjectType = z.enum([
3819
+ "principal",
3820
+ "group",
3821
+ "role_assignment",
3822
+ "resource_instance"
3823
+ ]);
3824
+ var permitAttributeType = z.enum([
3825
+ "string",
3826
+ "number",
3827
+ "bool",
3828
+ "json",
3829
+ "time"
3830
+ ]);
3831
+ var permitAttributeOperator = z.enum([
3832
+ "eq",
3833
+ "neq",
3834
+ "in",
3835
+ "not_in",
3836
+ "gt",
3837
+ "gte",
3838
+ "lt",
3839
+ "lte",
3840
+ "contains",
3841
+ "not_contains",
3842
+ "matches"
3843
+ ]);
3844
+ var permitRoleBindingTarget = z.enum([
3845
+ "principal",
3846
+ "group"
3847
+ ]);
3848
+ var permitPrincipals = defineTable({
3849
+ name: "permitPrincipals",
3850
+ component: "control-plane",
3851
+ category: "access-control",
3852
+ shape: z.object({
3853
+ principalId: z.string(),
3854
+ tenantId: z.string(),
3855
+ workspaceId: z.optional(z.string()),
3856
+ principalType: permitActorType,
3857
+ status: permitMembershipStatus,
3858
+ displayName: z.string().optional(),
3859
+ metadata: z.record(z.any()).optional(),
3860
+ createdBy: z.string(),
3861
+ createdAt: z.number(),
3862
+ updatedAt: z.number(),
3863
+ updatedBy: z.string().optional(),
3864
+ lastSeenAt: z.number().optional()
3865
+ }),
3866
+ indices: [
3867
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3868
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3869
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3870
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3871
+ {
3872
+ kind: "index",
3873
+ name: "by_tenant_principalType_status",
3874
+ columns: ["tenantId", "principalType", "status"]
3875
+ }
3876
+ ]
3877
+ });
3878
+ var permitPrincipalAliases = defineTable({
3879
+ name: "permitPrincipalAliases",
3880
+ component: "control-plane",
3881
+ category: "access-control",
3882
+ shape: z.object({
3883
+ principalId: z.string(),
3884
+ tenantId: z.string(),
3885
+ workspaceId: z.optional(z.string()),
3886
+ provider: z.string(),
3887
+ providerSubjectId: z.string(),
3888
+ providerProjectId: z.string().optional(),
3889
+ alias: z.string(),
3890
+ aliasKind: z.string(),
3891
+ status: permitMembershipStatus,
3892
+ metadata: z.record(z.any()).optional(),
3893
+ createdBy: z.string(),
3894
+ createdAt: z.number(),
3895
+ updatedAt: z.number(),
3896
+ revokedBy: z.string().optional(),
3897
+ revokedAt: z.number().optional(),
3898
+ updatedBy: z.string().optional()
3899
+ }),
3900
+ indices: [
3901
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3902
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3903
+ {
3904
+ kind: "index",
3905
+ name: "by_tenant_provider_alias",
3906
+ columns: ["tenantId", "provider", "alias"]
3907
+ },
3908
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3909
+ {
3910
+ kind: "index",
3911
+ name: "by_tenant_provider_status",
3912
+ columns: ["tenantId", "provider", "status"]
3913
+ }
3914
+ ]
3915
+ });
3916
+ var permitGroups = defineTable({
3917
+ name: "permitGroups",
3918
+ component: "control-plane",
3919
+ category: "access-control",
3920
+ shape: z.object({
3921
+ tenantId: z.string(),
3922
+ workspaceId: z.optional(z.string()),
3923
+ groupId: z.string(),
3924
+ groupKey: z.string(),
3925
+ groupName: z.string(),
3926
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3927
+ status: permitMembershipStatus,
3928
+ description: z.string().optional(),
3929
+ metadata: z.record(z.any()).optional(),
3930
+ createdBy: z.string(),
3931
+ createdAt: z.number(),
3932
+ updatedAt: z.number(),
3933
+ updatedBy: z.string().optional()
3934
+ }),
3935
+ indices: [
3936
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3937
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3938
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3939
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3940
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3941
+ ]
3942
+ });
3943
+ var permitGroupMemberships = defineTable({
3944
+ name: "permitGroupMemberships",
3945
+ component: "control-plane",
3946
+ category: "access-control",
3947
+ shape: z.object({
3948
+ tenantId: z.string(),
3949
+ workspaceId: z.optional(z.string()),
3950
+ groupId: z.string(),
3951
+ memberType: z.enum(["principal", "group"]),
3952
+ memberId: z.string(),
3953
+ principalId: z.string().optional(),
3954
+ childGroupId: z.string().optional(),
3955
+ status: permitMembershipStatus,
3956
+ addedBy: z.string().optional(),
3957
+ revokedBy: z.string().optional(),
3958
+ expiresAt: z.number().optional(),
3959
+ revocationReason: z.string().optional(),
3960
+ metadata: z.record(z.any()).optional(),
3961
+ createdAt: z.number(),
3962
+ updatedAt: z.number(),
3963
+ updatedBy: z.string().optional()
3964
+ }),
3965
+ indices: [
3966
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
3967
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
3968
+ {
3969
+ kind: "index",
3970
+ name: "by_tenant_member_group",
3971
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
3972
+ },
3973
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
3974
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
3975
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3976
+ {
3977
+ kind: "index",
3978
+ name: "by_workspace_principal",
3979
+ columns: ["workspaceId", "principalId"]
3980
+ }
3981
+ ]
3982
+ });
3983
+ var permitResourceInstances = defineTable({
3984
+ name: "permitResourceInstances",
3985
+ component: "control-plane",
3986
+ category: "access-control",
3987
+ shape: z.object({
3988
+ tenantId: z.string(),
3989
+ workspaceId: z.optional(z.string()),
3990
+ resourceType: z.string(),
3991
+ resourceKey: z.string(),
3992
+ resourceId: z.string(),
3993
+ status: z.enum(["active", "deleted", "archived"]),
3994
+ attributes: z.record(z.any()).optional(),
3995
+ ownerPrincipalId: z.string().optional(),
3996
+ metadata: z.record(z.any()).optional(),
3997
+ createdBy: z.string(),
3998
+ updatedBy: z.string().optional(),
3999
+ createdAt: z.number(),
4000
+ updatedAt: z.number()
4001
+ }),
4002
+ indices: [
4003
+ {
4004
+ kind: "index",
4005
+ name: "by_tenant_resource_type",
4006
+ columns: ["tenantId", "resourceType"]
4007
+ },
4008
+ {
4009
+ kind: "index",
4010
+ name: "by_tenant_resource_key",
4011
+ columns: ["tenantId", "resourceType", "resourceKey"]
4012
+ },
4013
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4014
+ { kind: "index", name: "by_status", columns: ["status"] },
4015
+ {
4016
+ kind: "index",
4017
+ name: "by_tenant_status",
4018
+ columns: ["tenantId", "status"]
4019
+ },
4020
+ {
4021
+ kind: "index",
4022
+ name: "by_ownerPrincipalId",
4023
+ columns: ["ownerPrincipalId"]
4024
+ }
4025
+ ]
4026
+ });
4027
+ var permitRoleAssignments = defineTable({
4028
+ name: "permitRoleAssignments",
4029
+ component: "control-plane",
4030
+ category: "access-control",
4031
+ shape: z.object({
4032
+ tenantId: z.string(),
4033
+ workspaceId: z.optional(z.string()),
4034
+ role: z.string(),
4035
+ targetType: permitRoleBindingTarget,
4036
+ targetId: z.string(),
4037
+ resourceType: z.string(),
4038
+ resourceKey: z.string(),
4039
+ resourceInstanceId: z.string().optional(),
4040
+ status: permitMembershipStatus,
4041
+ expiresAt: z.number().optional(),
4042
+ attributes: z.record(z.any()).optional(),
4043
+ grantedBy: z.string().optional(),
4044
+ updatedBy: z.string().optional(),
4045
+ revokedBy: z.string().optional(),
4046
+ createdAt: z.number(),
4047
+ updatedAt: z.number()
4048
+ }),
4049
+ indices: [
4050
+ {
4051
+ kind: "index",
4052
+ name: "by_tenant_target",
4053
+ columns: ["tenantId", "targetType", "targetId"]
4054
+ },
4055
+ {
4056
+ kind: "index",
4057
+ name: "by_tenant_resource",
4058
+ columns: ["tenantId", "resourceType", "resourceKey"]
4059
+ },
4060
+ {
4061
+ kind: "index",
4062
+ name: "by_tenant_role",
4063
+ columns: ["tenantId", "role", "status"]
4064
+ },
4065
+ { kind: "index", name: "by_status", columns: ["status"] },
4066
+ {
4067
+ kind: "index",
4068
+ name: "by_workspace_resource",
4069
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4070
+ }
4071
+ ]
4072
+ });
4073
+ var permitRelationshipTuples = defineTable({
4074
+ name: "permitRelationshipTuples",
4075
+ component: "control-plane",
4076
+ category: "access-control",
4077
+ shape: z.object({
4078
+ tenantId: z.string(),
4079
+ workspaceId: z.optional(z.string()),
4080
+ relation: z.string(),
4081
+ subject: z.string(),
4082
+ object: z.string(),
4083
+ resourceType: z.string().optional(),
4084
+ resourceKey: z.string().optional(),
4085
+ status: permitRecordStatus,
4086
+ attributes: z.record(z.any()).optional(),
4087
+ createdBy: z.string(),
4088
+ createdAt: z.number(),
4089
+ updatedAt: z.number(),
4090
+ lastSeenAt: z.number().optional(),
4091
+ updatedBy: z.string().optional()
4092
+ }),
4093
+ indices: [
4094
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4095
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4096
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4097
+ {
4098
+ kind: "index",
4099
+ name: "by_tenant_relation_subject",
4100
+ columns: ["tenantId", "relation", "subject"]
4101
+ },
4102
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4103
+ ]
4104
+ });
4105
+ var permitAttributeBindings = defineTable({
4106
+ name: "permitAttributeBindings",
4107
+ component: "control-plane",
4108
+ category: "access-control",
4109
+ shape: z.object({
4110
+ tenantId: z.string(),
4111
+ workspaceId: z.optional(z.string()),
4112
+ targetType: permitRoleBindingTarget,
4113
+ targetId: z.string(),
4114
+ attributeName: z.string(),
4115
+ attributeType: permitAttributeType,
4116
+ attributeOperator: permitAttributeOperator,
4117
+ attributeValue: z.any(),
4118
+ status: permitRecordStatus,
4119
+ source: z.string().optional(),
4120
+ sourceRef: z.string().optional(),
4121
+ metadata: z.record(z.any()).optional(),
4122
+ createdAt: z.number(),
4123
+ updatedAt: z.number(),
4124
+ createdBy: z.string(),
4125
+ updatedBy: z.string().optional(),
4126
+ expiresAt: z.number().optional()
4127
+ }),
4128
+ indices: [
4129
+ {
4130
+ kind: "index",
4131
+ name: "by_tenant_target",
4132
+ columns: ["tenantId", "targetType", "targetId"]
4133
+ },
4134
+ {
4135
+ kind: "index",
4136
+ name: "by_tenant_target_attribute",
4137
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4138
+ },
4139
+ {
4140
+ kind: "index",
4141
+ name: "by_tenant_name",
4142
+ columns: ["tenantId", "attributeName"]
4143
+ },
4144
+ {
4145
+ kind: "index",
4146
+ name: "by_tenant_status",
4147
+ columns: ["tenantId", "status"]
4148
+ }
4149
+ ]
4150
+ });
4151
+ var permitPolicyBundles = defineTable({
4152
+ name: "permitPolicyBundles",
4153
+ component: "control-plane",
4154
+ category: "access-control",
4155
+ shape: z.object({
4156
+ tenantId: z.string(),
4157
+ workspaceId: z.optional(z.string()),
4158
+ bundleKey: z.string(),
4159
+ version: z.number(),
4160
+ status: permitPolicyBundleStatus,
4161
+ policyHash: z.string().optional(),
4162
+ policyPayload: z.record(z.any()),
4163
+ metadata: z.record(z.any()).optional(),
4164
+ createdBy: z.string(),
4165
+ reviewedBy: z.string().optional(),
4166
+ createdAt: z.number(),
4167
+ updatedAt: z.number(),
4168
+ retiredAt: z.number().optional()
4169
+ }),
4170
+ indices: [
4171
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4172
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4173
+ {
4174
+ kind: "index",
4175
+ name: "by_tenant_bundleKey",
4176
+ columns: ["tenantId", "bundleKey"]
4177
+ },
4178
+ {
4179
+ kind: "index",
4180
+ name: "by_tenant_bundle_version",
4181
+ columns: ["tenantId", "bundleKey", "version"]
4182
+ },
4183
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4184
+ ]
4185
+ });
4186
+ var permitProjectionOutbox = defineTable({
4187
+ name: "permitProjectionOutbox",
4188
+ component: "control-plane",
4189
+ category: "access-control",
4190
+ shape: z.object({
4191
+ syncKey: z.string(),
4192
+ objectType: permitObjectType,
4193
+ objectId: z.string(),
4194
+ operation: permitOutboxOperation,
4195
+ payload: z.record(z.any()),
4196
+ status: permitRecordStatus,
4197
+ attemptCount: z.number(),
4198
+ nextAttemptAt: z.number().optional(),
4199
+ lastError: z.string().optional(),
4200
+ tenantId: z.string().optional(),
4201
+ workspaceId: z.optional(z.string()),
4202
+ principalId: z.string().optional(),
4203
+ permitTenantKey: z.string().optional(),
4204
+ permitResourceType: z.string().optional(),
4205
+ permitResourceKey: z.string().optional(),
4206
+ createdAt: z.number(),
4207
+ updatedAt: z.number(),
4208
+ lastHandledAt: z.number().optional()
4209
+ }),
4210
+ indices: [
4211
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4212
+ { kind: "index", name: "by_status", columns: ["status"] },
4213
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4214
+ {
4215
+ kind: "index",
4216
+ name: "by_tenant_status",
4217
+ columns: ["tenantId", "status"]
4218
+ },
4219
+ {
4220
+ kind: "index",
4221
+ name: "by_objectType",
4222
+ columns: ["objectType", "status"]
4223
+ }
4224
+ ]
4225
+ });
4226
+ var tenantPermitSyncStates = defineTable({
4227
+ name: "tenantPermitSyncStates",
4228
+ component: "control-plane",
4229
+ category: "access-control",
4230
+ shape: z.object({
4231
+ syncKey: z.string(),
4232
+ objectType: permitObjectType,
4233
+ objectId: z.string(),
4234
+ tenantId: z.string().optional(),
4235
+ workspaceId: z.string().optional(),
4236
+ principalId: z.string().optional(),
4237
+ permitTenantKey: z.string().optional(),
4238
+ permitResourceType: z.string().optional(),
4239
+ permitResourceKey: z.string().optional(),
4240
+ desiredPayload: z.record(z.any()),
4241
+ lastAppliedPayloadHash: z.string().optional(),
4242
+ status: permitSyncStatus,
4243
+ attemptCount: z.number(),
4244
+ lastError: z.string().optional(),
4245
+ nextAttemptAt: z.number().optional(),
4246
+ lastSyncedAt: z.number().optional(),
4247
+ createdBy: z.string(),
4248
+ updatedBy: z.string().optional(),
4249
+ createdAt: z.number(),
4250
+ updatedAt: z.number()
4251
+ }),
4252
+ indices: [
4253
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4254
+ { kind: "index", name: "by_status", columns: ["status"] },
4255
+ {
4256
+ kind: "index",
4257
+ name: "by_tenant_status",
4258
+ columns: ["tenantId", "status"]
4259
+ },
4260
+ {
4261
+ kind: "index",
4262
+ name: "by_workspace_status",
4263
+ columns: ["workspaceId", "status"]
4264
+ },
4265
+ {
4266
+ kind: "index",
4267
+ name: "by_principal_status",
4268
+ columns: ["principalId", "status"]
4269
+ }
4270
+ ]
4271
+ });
4272
+ var permitPolicyDecisionReceipts = defineTable({
4273
+ name: "permitPolicyDecisionReceipts",
4274
+ component: "control-plane",
4275
+ category: "access-control",
4276
+ shape: z.object({
4277
+ tenantId: z.string().optional(),
4278
+ workspaceId: z.string().optional(),
4279
+ principalId: z.string(),
4280
+ subjectType: permitAccessReviewSubjectType.optional(),
4281
+ subjectId: z.string().optional(),
4282
+ resourceType: z.string(),
4283
+ resourceId: z.string(),
4284
+ action: z.string(),
4285
+ decision: permitDecision,
4286
+ reasonCode: z.string(),
4287
+ policyBundleId: z.string().optional(),
4288
+ policyVersion: z.string(),
4289
+ traceId: z.string().optional(),
4290
+ requestId: z.string().optional(),
4291
+ audienceMode: z.string().optional(),
4292
+ audienceKey: z.string().optional(),
4293
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4294
+ metadata: z.record(z.any()).optional(),
4295
+ createdAt: z.number(),
4296
+ expiresAt: z.number().optional(),
4297
+ createdBy: z.string().optional()
4298
+ }),
4299
+ indices: [
4300
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4301
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4302
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4303
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4304
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4305
+ { kind: "index", name: "by_action", columns: ["action"] }
4306
+ ]
4307
+ });
4308
+ var permitAccessReviews = defineTable({
4309
+ name: "permitAccessReviews",
4310
+ component: "control-plane",
4311
+ category: "access-control",
4312
+ shape: z.object({
4313
+ tenantId: z.string(),
4314
+ workspaceId: z.optional(z.string()),
4315
+ reviewKey: z.string(),
4316
+ scope: permitReviewScope,
4317
+ status: permitAccessReviewStatus,
4318
+ subjectType: permitAccessReviewSubjectType,
4319
+ subjectId: z.string(),
4320
+ resourceType: z.string().optional(),
4321
+ resourceKey: z.string().optional(),
4322
+ outcome: z.enum(["allow", "deny"]).optional(),
4323
+ requestedBy: z.string(),
4324
+ reviewedBy: z.string().optional(),
4325
+ requestedAt: z.number(),
4326
+ reviewedAt: z.number().optional(),
4327
+ dueAt: z.number().optional(),
4328
+ justification: z.string().optional(),
4329
+ rationale: z.string().optional(),
4330
+ policyBundleId: z.string().optional(),
4331
+ metadata: z.record(z.any()).optional(),
4332
+ createdAt: z.number(),
4333
+ updatedAt: z.number()
4334
+ }),
4335
+ indices: [
4336
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4337
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4338
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4339
+ {
4340
+ kind: "index",
4341
+ name: "by_tenant_subject",
4342
+ columns: ["tenantId", "subjectType", "subjectId"]
4343
+ },
4344
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4345
+ {
4346
+ kind: "index",
4347
+ name: "by_workspace_status",
4348
+ columns: ["workspaceId", "status"]
4349
+ }
4350
+ ]
4351
+ });
4352
+ var permitAccessReviewItems = defineTable({
4353
+ name: "permitAccessReviewItems",
4354
+ component: "control-plane",
4355
+ category: "access-control",
4356
+ shape: z.object({
4357
+ reviewKey: z.string(),
4358
+ itemKey: z.string(),
4359
+ tenantId: z.string(),
4360
+ workspaceId: z.string().optional(),
4361
+ subjectType: permitAccessReviewSubjectType,
4362
+ subjectId: z.string(),
4363
+ resourceType: z.string().optional(),
4364
+ resourceKey: z.string().optional(),
4365
+ role: z.string().optional(),
4366
+ relation: z.string().optional(),
4367
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4368
+ reviewerId: z.string().optional(),
4369
+ decisionAt: z.number().optional(),
4370
+ rationale: z.string().optional(),
4371
+ metadata: z.record(z.any()).optional(),
4372
+ createdAt: z.number(),
4373
+ updatedAt: z.number()
4374
+ }),
4375
+ indices: [
4376
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4377
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4378
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4379
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4380
+ { kind: "index", name: "by_status", columns: ["status"] }
4381
+ ]
4382
+ });
3483
4383
  var reasoningPermissions = defineTable({
3484
4384
  name: "reasoningPermissions",
3485
- component: "identity",
4385
+ component: "control-plane",
3486
4386
  category: "epistemic",
3487
4387
  shape: z.object({
3488
4388
  "topicId": z.string().optional(),
@@ -3729,7 +4629,7 @@ var topics = defineTable({
3729
4629
  });
3730
4630
  var users = defineTable({
3731
4631
  name: "users",
3732
- component: "identity",
4632
+ component: "control-plane",
3733
4633
  category: "user",
3734
4634
  shape: z.object({
3735
4635
  "clerkId": z.string(),
@@ -3843,7 +4743,6 @@ var workspaces = defineTable({
3843
4743
  "deployments": z.record(z.object({
3844
4744
  "url": z.string(),
3845
4745
  "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
3846
- "encryptedDeployKey": z.string().optional(),
3847
4746
  "credentialRef": z.string().optional()
3848
4747
  })).optional(),
3849
4748
  "metadata": z.record(z.any()).optional(),
@@ -3858,6 +4757,39 @@ var workspaces = defineTable({
3858
4757
  { kind: "index", name: "by_status", columns: ["status"] }
3859
4758
  ]
3860
4759
  });
4760
+ var deploymentHosts = defineTable({
4761
+ name: "deploymentHosts",
4762
+ component: "mc",
4763
+ category: "workspace",
4764
+ shape: z.object({
4765
+ "host": z.string(),
4766
+ "tenantId": idOf("tenants"),
4767
+ "workspaceId": idOf("workspaces"),
4768
+ "environment": z.enum(["dev", "staging", "prod"]),
4769
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4770
+ "deploymentUrl": z.string().optional(),
4771
+ "deploymentName": z.string().optional(),
4772
+ "vercelProjectName": z.string().optional(),
4773
+ "vercelProjectId": z.string().optional(),
4774
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4775
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4776
+ "status": z.enum(["active", "revoked"]),
4777
+ "metadata": z.record(z.any()).optional(),
4778
+ "createdBy": z.string(),
4779
+ "createdAt": z.number(),
4780
+ "updatedAt": z.number(),
4781
+ "revokedAt": z.number().optional(),
4782
+ "revokedBy": z.string().optional()
4783
+ }),
4784
+ indices: [
4785
+ { kind: "index", name: "by_host", columns: ["host"] },
4786
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4787
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4788
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4789
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4790
+ { kind: "index", name: "by_status", columns: ["status"] }
4791
+ ]
4792
+ });
3861
4793
  var worktreeBeliefCluster = defineTable({
3862
4794
  name: "worktreeBeliefCluster",
3863
4795
  component: "kernel",
@@ -4222,9 +5154,23 @@ var KERNEL_TABLE_CONTRACTS = [
4222
5154
  worktreeBeliefCluster,
4223
5155
  worktrees
4224
5156
  ];
4225
- var IDENTITY_TABLE_CONTRACTS = [
5157
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4226
5158
  agents,
4227
5159
  reasoningPermissions,
5160
+ permitAccessReviewItems,
5161
+ permitAccessReviews,
5162
+ permitAttributeBindings,
5163
+ permitGroups,
5164
+ permitGroupMemberships,
5165
+ permitPolicyBundles,
5166
+ permitPolicyDecisionReceipts,
5167
+ permitPrincipalAliases,
5168
+ permitPrincipals,
5169
+ permitProjectionOutbox,
5170
+ permitRelationshipTuples,
5171
+ permitResourceInstances,
5172
+ permitRoleAssignments,
5173
+ tenantPermitSyncStates,
4228
5174
  modelCallLogs,
4229
5175
  modelFunctionSlots,
4230
5176
  modelRegistry,
@@ -4254,6 +5200,7 @@ var MC_TABLE_CONTRACTS = [
4254
5200
  memberships,
4255
5201
  oauthDeviceCodes,
4256
5202
  principals,
5203
+ principalIdentityAliases,
4257
5204
  rateLimitWindows,
4258
5205
  servicePrincipalKeys,
4259
5206
  userSessions,
@@ -4269,29 +5216,33 @@ var MC_TABLE_CONTRACTS = [
4269
5216
  policyDecisionLogs,
4270
5217
  policySimulations,
4271
5218
  controlPlaneToolAcls,
5219
+ permitSyncStates,
4272
5220
  agentRegistryEntries,
4273
5221
  toolCatalog,
4274
5222
  toolRegistryEntries,
4275
5223
  compatibilityShims,
4276
5224
  cutoverFlags,
4277
5225
  tenantDeploymentCredentials,
5226
+ secretSyncDriftReports,
4278
5227
  controlPlaneTenantModelSlotBindings,
4279
5228
  controlPlaneTenantProviderSecrets,
4280
5229
  controlPlaneTenantProxyGatewayUsage,
5230
+ controlPlaneTenantProxyTokenLeases,
4281
5231
  apiKeys,
4282
5232
  auditLog,
4283
5233
  tenants,
4284
- workspaces
5234
+ workspaces,
5235
+ deploymentHosts
4285
5236
  ];
4286
5237
  var TABLE_CONTRACTS_BY_COMPONENT = {
4287
5238
  kernel: KERNEL_TABLE_CONTRACTS,
4288
- identity: IDENTITY_TABLE_CONTRACTS,
5239
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4289
5240
  mc: MC_TABLE_CONTRACTS,
4290
5241
  "developer-pack": []
4291
5242
  };
4292
5243
  var ALL_TABLE_CONTRACTS = [
4293
5244
  ...KERNEL_TABLE_CONTRACTS,
4294
- ...IDENTITY_TABLE_CONTRACTS,
5245
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4295
5246
  ...MC_TABLE_CONTRACTS
4296
5247
  ];
4297
5248
  function listTableContractsByName(name) {
@@ -4304,8 +5255,8 @@ function getTableContract(name, component) {
4304
5255
  }
4305
5256
  var ComponentTableManifestSchema = z.object({
4306
5257
  manifestVersion: z.string(),
4307
- componentName: z.enum(["kernel", "identity"]),
4308
- tier: z.enum(["K", "I"]),
5258
+ componentName: z.enum(["kernel", "control-plane"]),
5259
+ tier: z.enum(["K", "CP"]),
4309
5260
  packageVersion: z.string(),
4310
5261
  tables: z.array(
4311
5262
  z.object({
@@ -4334,6 +5285,6 @@ var SLOpinionInputSchema = z.object({
4334
5285
  }
4335
5286
  );
4336
5287
 
4337
- export { ALL_TABLE_CONTRACTS, ComponentTableManifestSchema, EDGE_TYPE, EDGE_TYPE_VALUES, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, NODE_TYPE, SLOpinionInputSchema, STORAGE_EDGE_TYPE, STORAGE_EDGE_TYPE_VALUES, TABLE_CONTRACTS_BY_COMPONENT, TOPIC_STATUS, TOPIC_VISIBILITY, getTableContract, listTableContractsByName };
5288
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, ComponentTableManifestSchema, EDGE_TYPE, EDGE_TYPE_VALUES, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, NODE_TYPE, SLOpinionInputSchema, STORAGE_EDGE_TYPE, STORAGE_EDGE_TYPE_VALUES, TABLE_CONTRACTS_BY_COMPONENT, TOPIC_STATUS, TOPIC_VISIBILITY, getTableContract, listTableContractsByName };
4338
5289
  //# sourceMappingURL=index.js.map
4339
5290
  //# sourceMappingURL=index.js.map