@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26818 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +9 -4
  102. package/dist/index.js +31371 -381
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1623 -3
  105. package/dist/infisical-runtime.contract.js +2819 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1550 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2672 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/permit-principal-projection.contract.d.ts +74 -0
  117. package/dist/permit-principal-projection.contract.js +161 -0
  118. package/dist/permit-principal-projection.contract.js.map +1 -0
  119. package/dist/projections/check-convex-args-shape.js +10 -6
  120. package/dist/projections/check-convex-args-shape.js.map +1 -1
  121. package/dist/projections/create-evidence.projection.d.ts +6 -6
  122. package/dist/projections/create-evidence.projection.js +2 -3
  123. package/dist/projections/create-evidence.projection.js.map +1 -1
  124. package/dist/projections/index.d.ts +3 -3
  125. package/dist/projections/index.js +10 -6
  126. package/dist/projections/index.js.map +1 -1
  127. package/dist/projections/list-tasks.projection.d.ts +20 -8
  128. package/dist/projections/list-tasks.projection.js +8 -3
  129. package/dist/projections/list-tasks.projection.js.map +1 -1
  130. package/dist/proof-attestation.json +45 -0
  131. package/dist/schemas/component-table-manifest.d.ts +6 -6
  132. package/dist/schemas/component-table-manifest.js +2 -2
  133. package/dist/schemas/component-table-manifest.js.map +1 -1
  134. package/dist/schemas/index.d.ts +2 -2
  135. package/dist/schemas/index.js +1088 -137
  136. package/dist/schemas/index.js.map +1 -1
  137. package/dist/schemas/manifest.d.ts +2010 -120
  138. package/dist/schemas/manifest.js +1086 -135
  139. package/dist/schemas/manifest.js.map +1 -1
  140. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  141. package/dist/schemas/tables/controlPlane/accessControl.js +655 -0
  142. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  145. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  148. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  151. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  154. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  157. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  158. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  159. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  160. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  161. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  162. package/dist/schemas/tables/kernel/config.js.map +1 -1
  163. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  164. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  165. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  166. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  167. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  168. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  169. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  170. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  173. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  174. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  175. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  176. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  177. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  178. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  179. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  180. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  181. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  182. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  183. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  184. package/dist/schemas/tables/kernel/spine.js +1 -0
  185. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  186. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  187. package/dist/schemas/tables/kernel/task.js.map +1 -1
  188. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  189. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  190. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  191. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  192. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  193. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  194. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  195. package/dist/schemas/tables/mc/identity.js +32 -1
  196. package/dist/schemas/tables/mc/identity.js.map +1 -1
  197. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  198. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  199. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  200. package/dist/schemas/tables/mc/pack.js.map +1 -1
  201. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  202. package/dist/schemas/tables/mc/policy.js +1 -1
  203. package/dist/schemas/tables/mc/policy.js.map +1 -1
  204. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  205. package/dist/schemas/tables/mc/registry.js.map +1 -1
  206. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  207. package/dist/schemas/tables/mc/runtime.js +330 -104
  208. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  209. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  210. package/dist/schemas/tables/mc/tenant.js +2 -1
  211. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  212. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  213. package/dist/schemas/tables/mc/workspace.js +34 -2
  214. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  215. package/dist/sdk-tools.contract.js +26 -1
  216. package/dist/sdk-tools.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  218. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  219. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  220. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  221. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  222. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  223. package/dist/tenant-client.contract.d.ts +12 -12
  224. package/dist/tenant-client.contract.js +11 -11
  225. package/dist/tenant-client.contract.js.map +1 -1
  226. package/dist/tool-contracts.js +26 -1
  227. package/dist/tool-contracts.js.map +1 -1
  228. package/package.json +22 -1
  229. package/dist/schemas/tables/identity/agent.js.map +0 -1
  230. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  231. package/dist/schemas/tables/identity/model.js.map +0 -1
  232. package/dist/schemas/tables/identity/platform.js.map +0 -1
  233. package/dist/schemas/tables/identity/project.js.map +0 -1
  234. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -203,7 +203,7 @@ var toolRegistryEntries = defineTable({
203
203
  });
204
204
  var agents = defineTable({
205
205
  name: "agents",
206
- component: "identity",
206
+ component: "control-plane",
207
207
  category: "agent",
208
208
  shape: z.object({
209
209
  "slug": z.string(),
@@ -234,6 +234,7 @@ var apiKeys = defineTable({
234
234
  category: "tenant",
235
235
  shape: z.object({
236
236
  "tenantId": idOf("tenants"),
237
+ "workspaceId": idOf("workspaces").optional(),
237
238
  "keyPrefix": z.enum(["luc", "stk"]),
238
239
  "keyHash": z.string(),
239
240
  "keyHint": z.string(),
@@ -261,7 +262,7 @@ var auditLog = defineTable({
261
262
  shape: z.object({
262
263
  "tenantId": idOf("tenants").optional(),
263
264
  "apiKeyId": idOf("apiKeys").optional(),
264
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
266
  "actorClerkId": z.string(),
266
267
  "details": z.any().optional(),
267
268
  "createdAt": z.number()
@@ -1140,29 +1141,37 @@ var compatibilityShims = defineTable({
1140
1141
  component: "mc",
1141
1142
  category: "runtime",
1142
1143
  shape: z.object({
1143
- "shimId": z.string(),
1144
- "gateId": z.string(),
1145
- "removalDate": z.string(),
1146
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1147
- "description": z.string(),
1148
- "owner": z.string(),
1149
- "createdAt": z.string(),
1150
- "status": z.enum(["active", "overdue", "removed"]),
1151
- "bridgeType": z.enum(["tool", "agent"]),
1152
- "bridgeTarget": z.object({
1153
- "type": z.enum(["tool", "agent"]),
1154
- "legacyPath": z.string(),
1155
- "harnessPath": z.string()
1144
+ shimId: z.string(),
1145
+ gateId: z.string(),
1146
+ removalDate: z.string(),
1147
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1148
+ description: z.string(),
1149
+ owner: z.string(),
1150
+ createdAt: z.string(),
1151
+ status: z.enum(["active", "overdue", "removed"]),
1152
+ bridgeType: z.enum(["tool", "agent"]),
1153
+ bridgeTarget: z.object({
1154
+ type: z.enum(["tool", "agent"]),
1155
+ legacyPath: z.string(),
1156
+ harnessPath: z.string()
1156
1157
  }),
1157
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1158
- "producesLedgerEntries": z.boolean(),
1159
- "lastAuditedAt": z.number(),
1160
- "metadata": z.record(z.any()).optional()
1158
+ shimBehavior: z.enum([
1159
+ "passthrough_with_logging",
1160
+ "adapter",
1161
+ "feature_flag_gate"
1162
+ ]),
1163
+ producesLedgerEntries: z.boolean(),
1164
+ lastAuditedAt: z.number(),
1165
+ metadata: z.record(z.any()).optional()
1161
1166
  }),
1162
1167
  indices: [
1163
1168
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1164
1169
  { kind: "index", name: "by_status", columns: ["status"] },
1165
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1170
+ {
1171
+ kind: "index",
1172
+ name: "by_bridgeType_status",
1173
+ columns: ["bridgeType", "status"]
1174
+ }
1166
1175
  ]
1167
1176
  });
1168
1177
  var cutoverFlags = defineTable({
@@ -1170,12 +1179,23 @@ var cutoverFlags = defineTable({
1170
1179
  component: "mc",
1171
1180
  category: "runtime",
1172
1181
  shape: z.object({
1173
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1174
- "state": z.enum(["legacy", "cutover", "disabled"]),
1175
- "metadata": z.record(z.any()).optional(),
1176
- "updatedBy": z.string(),
1177
- "createdAt": z.number(),
1178
- "updatedAt": z.number()
1182
+ domain: z.enum([
1183
+ "graph",
1184
+ "schema",
1185
+ "identity",
1186
+ "policy",
1187
+ "audit",
1188
+ "admin",
1189
+ "agent",
1190
+ "tool",
1191
+ "prompt",
1192
+ "intelligence"
1193
+ ]),
1194
+ state: z.enum(["legacy", "cutover", "disabled"]),
1195
+ metadata: z.record(z.any()).optional(),
1196
+ updatedBy: z.string(),
1197
+ createdAt: z.number(),
1198
+ updatedAt: z.number()
1179
1199
  }),
1180
1200
  indices: [
1181
1201
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1187,57 +1207,193 @@ var tenantDeploymentCredentials = defineTable({
1187
1207
  component: "mc",
1188
1208
  category: "runtime",
1189
1209
  shape: z.object({
1190
- "credentialRef": z.string(),
1191
- "tenantId": idOf("tenants"),
1192
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1193
- "environment": z.enum(["dev", "staging", "prod"]),
1194
- "encryptedDeployKey": z.string(),
1195
- "encryptionVersion": z.string(),
1196
- "keyFingerprint": z.string(),
1197
- "keyHint": z.string(),
1198
- "status": z.enum(["active", "revoked"]),
1199
- "rotatedFromCredentialRef": z.string().optional(),
1200
- "revokedAt": z.number().optional(),
1201
- "revokedBy": z.string().optional(),
1202
- "lastUsedAt": z.number().optional(),
1203
- "metadata": z.record(z.any()).optional(),
1204
- "createdBy": z.string(),
1205
- "createdAt": z.number(),
1206
- "updatedAt": z.number()
1210
+ credentialRef: z.string(),
1211
+ tenantId: idOf("tenants"),
1212
+ workspaceId: idOf("workspaces").optional(),
1213
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1214
+ environment: z.enum(["dev", "staging", "prod"]),
1215
+ encryptedDeployKey: z.string(),
1216
+ encryptionVersion: z.string(),
1217
+ keyFingerprint: z.string(),
1218
+ keyHint: z.string(),
1219
+ status: z.enum(["active", "revoked"]),
1220
+ rotatedFromCredentialRef: z.string().optional(),
1221
+ revokedAt: z.number().optional(),
1222
+ revokedBy: z.string().optional(),
1223
+ lastUsedAt: z.number().optional(),
1224
+ metadata: z.record(z.any()).optional(),
1225
+ createdBy: z.string(),
1226
+ createdAt: z.number(),
1227
+ updatedAt: z.number()
1207
1228
  }),
1208
1229
  indices: [
1209
1230
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1210
1231
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1211
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1212
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1213
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1232
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1233
+ {
1234
+ kind: "index",
1235
+ name: "by_tenant_target",
1236
+ columns: ["tenantId", "target"]
1237
+ },
1238
+ {
1239
+ kind: "index",
1240
+ name: "by_tenant_target_environment",
1241
+ columns: ["tenantId", "target", "environment"]
1242
+ },
1243
+ {
1244
+ kind: "index",
1245
+ name: "by_tenant_target_environment_status",
1246
+ columns: ["tenantId", "target", "environment", "status"]
1247
+ },
1248
+ {
1249
+ kind: "index",
1250
+ name: "by_tenant_workspace_target_environment_status",
1251
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1252
+ },
1214
1253
  { kind: "index", name: "by_status", columns: ["status"] }
1215
1254
  ]
1216
1255
  });
1256
+ var permitSyncStates = defineTable({
1257
+ name: "permitSyncStates",
1258
+ component: "mc",
1259
+ category: "runtime",
1260
+ shape: z.object({
1261
+ syncKey: z.string(),
1262
+ objectType: z.enum([
1263
+ "resource",
1264
+ "role",
1265
+ "resource_role",
1266
+ "resource_relation",
1267
+ "tenant",
1268
+ "workspace",
1269
+ "principal",
1270
+ "membership",
1271
+ "group",
1272
+ "resource_instance",
1273
+ "relationship_tuple",
1274
+ "role_assignment"
1275
+ ]),
1276
+ objectId: z.string(),
1277
+ tenantId: idOf("tenants").optional(),
1278
+ workspaceId: idOf("workspaces").optional(),
1279
+ principalId: z.string().optional(),
1280
+ permitTenantKey: z.string().optional(),
1281
+ permitResourceType: z.string().optional(),
1282
+ permitResourceKey: z.string().optional(),
1283
+ desiredPayload: z.record(z.any()),
1284
+ lastAppliedPayloadHash: z.string().optional(),
1285
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1286
+ attemptCount: z.number(),
1287
+ lastError: z.string().optional(),
1288
+ nextAttemptAt: z.number().optional(),
1289
+ lastSyncedAt: z.number().optional(),
1290
+ createdBy: z.string(),
1291
+ updatedBy: z.string().optional(),
1292
+ createdAt: z.number(),
1293
+ updatedAt: z.number()
1294
+ }),
1295
+ indices: [
1296
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1297
+ { kind: "index", name: "by_status", columns: ["status"] },
1298
+ {
1299
+ kind: "index",
1300
+ name: "by_tenant_status",
1301
+ columns: ["tenantId", "status"]
1302
+ },
1303
+ {
1304
+ kind: "index",
1305
+ name: "by_workspace_status",
1306
+ columns: ["workspaceId", "status"]
1307
+ },
1308
+ {
1309
+ kind: "index",
1310
+ name: "by_principal_status",
1311
+ columns: ["principalId", "status"]
1312
+ }
1313
+ ]
1314
+ });
1315
+ var secretSyncDriftReports = defineTable({
1316
+ name: "secretSyncDriftReports",
1317
+ component: "mc",
1318
+ category: "runtime",
1319
+ shape: z.object({
1320
+ reportId: z.string(),
1321
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1322
+ generatedAt: z.number(),
1323
+ recordedAt: z.number(),
1324
+ recordedBy: z.string(),
1325
+ status: z.enum([
1326
+ "in_sync",
1327
+ "drift",
1328
+ "exception",
1329
+ "blocked",
1330
+ "not_observed"
1331
+ ]),
1332
+ reportHash: z.string(),
1333
+ manifestHash: z.string().optional(),
1334
+ dryRunReceiptId: z.string().optional(),
1335
+ appliedReceiptId: z.string().optional(),
1336
+ summary: z.object({
1337
+ totalPipelines: z.number(),
1338
+ inSync: z.number(),
1339
+ drift: z.number(),
1340
+ exception: z.number(),
1341
+ blocked: z.number(),
1342
+ notObserved: z.number(),
1343
+ missingKeys: z.number(),
1344
+ valueDriftKeys: z.number(),
1345
+ extraKeys: z.number(),
1346
+ deniedConvexLeakage: z.number(),
1347
+ approvedExceptions: z.number()
1348
+ }),
1349
+ redactedReport: z.record(z.any()),
1350
+ metadata: z.record(z.any()).optional()
1351
+ }),
1352
+ indices: [
1353
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1354
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1355
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1356
+ {
1357
+ kind: "index",
1358
+ name: "by_status_generatedAt",
1359
+ columns: ["status", "generatedAt"]
1360
+ }
1361
+ ]
1362
+ });
1217
1363
  var controlPlaneTenantModelSlotBindings = defineTable({
1218
1364
  name: "controlPlaneTenantModelSlotBindings",
1219
1365
  component: "mc",
1220
1366
  category: "runtime",
1221
1367
  shape: z.object({
1222
- "bindingId": z.string(),
1223
- "tenantId": idOf("tenants"),
1224
- "providerId": z.string(),
1225
- "modelSlotId": z.string(),
1226
- "secretRef": z.string(),
1227
- "status": z.enum(["active", "revoked"]),
1228
- "passThroughOnly": z.boolean(),
1229
- "revokedAt": z.number().optional(),
1230
- "revokedBy": z.string().optional(),
1231
- "metadata": z.record(z.any()).optional(),
1232
- "createdBy": z.string(),
1233
- "createdAt": z.number(),
1234
- "updatedAt": z.number()
1368
+ bindingId: z.string(),
1369
+ tenantId: idOf("tenants"),
1370
+ workspaceId: idOf("workspaces").optional(),
1371
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1372
+ providerId: z.string(),
1373
+ modelSlotId: z.string(),
1374
+ secretRef: z.string(),
1375
+ status: z.enum(["active", "revoked"]),
1376
+ passThroughOnly: z.boolean(),
1377
+ revokedAt: z.number().optional(),
1378
+ revokedBy: z.string().optional(),
1379
+ metadata: z.record(z.any()).optional(),
1380
+ createdBy: z.string(),
1381
+ createdAt: z.number(),
1382
+ updatedAt: z.number()
1235
1383
  }),
1236
1384
  indices: [
1237
1385
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1238
1386
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1239
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1240
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1387
+ {
1388
+ kind: "index",
1389
+ name: "by_tenant_slot",
1390
+ columns: ["tenantId", "modelSlotId"]
1391
+ },
1392
+ {
1393
+ kind: "index",
1394
+ name: "by_tenant_provider_slot",
1395
+ columns: ["tenantId", "providerId", "modelSlotId"]
1396
+ },
1241
1397
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1242
1398
  { kind: "index", name: "by_status", columns: ["status"] }
1243
1399
  ]
@@ -1247,29 +1403,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1247
1403
  component: "mc",
1248
1404
  category: "runtime",
1249
1405
  shape: z.object({
1250
- "secretRef": z.string(),
1251
- "tenantId": idOf("tenants"),
1252
- "providerId": z.string(),
1253
- "label": z.string().optional(),
1254
- "encryptedSecret": z.string(),
1255
- "encryptionVersion": z.string(),
1256
- "secretFingerprint": z.string(),
1257
- "keyHint": z.string(),
1258
- "status": z.enum(["active", "revoked"]),
1259
- "rotatedFromSecretRef": z.string().optional(),
1260
- "revokedAt": z.number().optional(),
1261
- "revokedBy": z.string().optional(),
1262
- "lastUsedAt": z.number().optional(),
1263
- "metadata": z.record(z.any()).optional(),
1264
- "createdBy": z.string(),
1265
- "createdAt": z.number(),
1266
- "updatedAt": z.number()
1406
+ secretRef: z.string(),
1407
+ tenantId: idOf("tenants"),
1408
+ workspaceId: idOf("workspaces").optional(),
1409
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1410
+ providerId: z.string(),
1411
+ label: z.string().optional(),
1412
+ encryptedSecret: z.string().optional(),
1413
+ infisicalPath: z.string().optional(),
1414
+ infisicalSecretKey: z.string().optional(),
1415
+ infisicalProjectId: z.string().optional(),
1416
+ encryptionVersion: z.string(),
1417
+ secretFingerprint: z.string(),
1418
+ keyHint: z.string(),
1419
+ status: z.enum(["active", "revoked"]),
1420
+ rotatedFromSecretRef: z.string().optional(),
1421
+ revokedAt: z.number().optional(),
1422
+ revokedBy: z.string().optional(),
1423
+ lastUsedAt: z.number().optional(),
1424
+ metadata: z.record(z.any()).optional(),
1425
+ createdBy: z.string(),
1426
+ createdAt: z.number(),
1427
+ updatedAt: z.number()
1267
1428
  }),
1268
1429
  indices: [
1269
1430
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1270
1431
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1271
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1272
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1432
+ {
1433
+ kind: "index",
1434
+ name: "by_tenant_provider",
1435
+ columns: ["tenantId", "providerId"]
1436
+ },
1437
+ {
1438
+ kind: "index",
1439
+ name: "by_tenant_provider_status",
1440
+ columns: ["tenantId", "providerId", "status"]
1441
+ },
1273
1442
  { kind: "index", name: "by_status", columns: ["status"] }
1274
1443
  ]
1275
1444
  });
@@ -1278,35 +1447,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1278
1447
  component: "mc",
1279
1448
  category: "runtime",
1280
1449
  shape: z.object({
1281
- "usageId": z.string(),
1282
- "tenantId": idOf("tenants"),
1283
- "providerId": z.string(),
1284
- "modelSlotId": z.string(),
1285
- "secretRef": z.string(),
1286
- "proxyTokenId": z.string(),
1287
- "sessionId": z.string(),
1288
- "principalId": z.string(),
1289
- "workspaceId": z.string().optional(),
1290
- "modelId": z.string().optional(),
1291
- "requestPath": z.string(),
1292
- "status": z.enum(["success", "error"]),
1293
- "responseStatus": z.number().optional(),
1294
- "inputTokens": z.number().optional(),
1295
- "outputTokens": z.number().optional(),
1296
- "tokenCount": z.number().optional(),
1297
- "latencyMs": z.number(),
1298
- "estimatedCostUsd": z.number().optional(),
1299
- "failureCode": z.string().optional(),
1300
- "metadata": z.record(z.any()).optional(),
1301
- "createdAt": z.number(),
1302
- "updatedAt": z.number()
1450
+ usageId: z.string(),
1451
+ tenantId: idOf("tenants"),
1452
+ providerId: z.string(),
1453
+ modelSlotId: z.string(),
1454
+ secretRef: z.string(),
1455
+ proxyTokenId: z.string(),
1456
+ sessionId: z.string(),
1457
+ principalId: z.string(),
1458
+ workspaceId: z.string().optional(),
1459
+ modelId: z.string().optional(),
1460
+ requestPath: z.string(),
1461
+ status: z.enum(["success", "error"]),
1462
+ responseStatus: z.number().optional(),
1463
+ inputTokens: z.number().optional(),
1464
+ outputTokens: z.number().optional(),
1465
+ tokenCount: z.number().optional(),
1466
+ latencyMs: z.number(),
1467
+ estimatedCostUsd: z.number().optional(),
1468
+ failureCode: z.string().optional(),
1469
+ metadata: z.record(z.any()).optional(),
1470
+ createdAt: z.number(),
1471
+ updatedAt: z.number()
1303
1472
  }),
1304
1473
  indices: [
1305
1474
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1306
1475
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1307
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1308
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1309
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1476
+ {
1477
+ kind: "index",
1478
+ name: "by_tenant_provider",
1479
+ columns: ["tenantId", "providerId", "createdAt"]
1480
+ },
1481
+ {
1482
+ kind: "index",
1483
+ name: "by_proxyTokenId",
1484
+ columns: ["proxyTokenId", "createdAt"]
1485
+ },
1486
+ {
1487
+ kind: "index",
1488
+ name: "by_sessionId",
1489
+ columns: ["sessionId", "createdAt"]
1490
+ }
1491
+ ]
1492
+ });
1493
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1494
+ name: "controlPlaneTenantProxyTokenLeases",
1495
+ component: "mc",
1496
+ category: "runtime",
1497
+ shape: z.object({
1498
+ leaseId: z.string(),
1499
+ proxyTokenId: z.string(),
1500
+ tenantId: idOf("tenants"),
1501
+ workspaceId: idOf("workspaces").optional(),
1502
+ environment: z.enum(["dev", "staging", "prod"]),
1503
+ providerId: z.string(),
1504
+ modelSlotId: z.string(),
1505
+ bindingId: z.string(),
1506
+ secretRef: z.string(),
1507
+ sessionId: z.string(),
1508
+ principalId: z.string(),
1509
+ agentSessionId: z.string().optional(),
1510
+ status: z.enum(["active", "revoked"]),
1511
+ expiresAt: z.number(),
1512
+ renewedAt: z.number().optional(),
1513
+ revokedAt: z.number().optional(),
1514
+ revokedBy: z.string().optional(),
1515
+ revokeReason: z.string().optional(),
1516
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1517
+ permitTraceId: z.string().optional(),
1518
+ metadata: z.record(z.any()).optional(),
1519
+ createdAt: z.number(),
1520
+ updatedAt: z.number()
1521
+ }),
1522
+ indices: [
1523
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1524
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1525
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1526
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1527
+ {
1528
+ kind: "index",
1529
+ name: "by_principalId",
1530
+ columns: ["principalId", "createdAt"]
1531
+ },
1532
+ {
1533
+ kind: "index",
1534
+ name: "by_status_expiresAt",
1535
+ columns: ["status", "expiresAt"]
1536
+ }
1310
1537
  ]
1311
1538
  });
1312
1539
  var crossProjectConnections = defineTable({
@@ -1648,6 +1875,7 @@ var epistemicNodes = defineTable({
1648
1875
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1649
1876
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1650
1877
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1878
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1651
1879
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1652
1880
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1653
1881
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1798,6 +2026,7 @@ var memberships = defineTable({
1798
2026
  indices: [
1799
2027
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1800
2028
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2029
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1801
2030
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1802
2031
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1803
2032
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1829,6 +2058,36 @@ var principals = defineTable({
1829
2058
  { kind: "index", name: "by_status", columns: ["status"] }
1830
2059
  ]
1831
2060
  });
2061
+ var principalIdentityAliases = defineTable({
2062
+ name: "principalIdentityAliases",
2063
+ component: "mc",
2064
+ category: "identity",
2065
+ shape: z.object({
2066
+ "principalId": z.string(),
2067
+ "principalRefId": idOf("principals").optional(),
2068
+ "provider": z.string(),
2069
+ "providerProjectId": z.string().optional(),
2070
+ "externalSubjectId": z.string(),
2071
+ "tenantId": idOf("tenants").optional(),
2072
+ "workspaceId": idOf("workspaces").optional(),
2073
+ "email": z.string().optional(),
2074
+ "status": z.enum(["active", "revoked"]),
2075
+ "metadata": z.record(z.any()).optional(),
2076
+ "createdBy": z.string(),
2077
+ "revokedAt": z.number().optional(),
2078
+ "revokedBy": z.string().optional(),
2079
+ "createdAt": z.number(),
2080
+ "updatedAt": z.number()
2081
+ }),
2082
+ indices: [
2083
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2084
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2085
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2086
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2087
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2088
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2089
+ ]
2090
+ });
1832
2091
  var rateLimitWindows = defineTable({
1833
2092
  name: "rateLimitWindows",
1834
2093
  component: "mc",
@@ -2418,7 +2677,7 @@ var lensTopicBindings = defineTable({
2418
2677
  });
2419
2678
  var mcpWritePolicy = defineTable({
2420
2679
  name: "mcpWritePolicy",
2421
- component: "identity",
2680
+ component: "control-plane",
2422
2681
  category: "platform",
2423
2682
  shape: z.object({
2424
2683
  "topicId": z.string().optional(),
@@ -2441,7 +2700,7 @@ var mcpWritePolicy = defineTable({
2441
2700
  });
2442
2701
  var platformAudienceGrants = defineTable({
2443
2702
  name: "platformAudienceGrants",
2444
- component: "identity",
2703
+ component: "control-plane",
2445
2704
  category: "platform",
2446
2705
  shape: z.object({
2447
2706
  "tenantId": z.string(),
@@ -2467,7 +2726,7 @@ var platformAudienceGrants = defineTable({
2467
2726
  });
2468
2727
  var platformAudiences = defineTable({
2469
2728
  name: "platformAudiences",
2470
- component: "identity",
2729
+ component: "control-plane",
2471
2730
  category: "platform",
2472
2731
  shape: z.object({
2473
2732
  "tenantId": z.string(),
@@ -2492,7 +2751,7 @@ var platformAudiences = defineTable({
2492
2751
  });
2493
2752
  var platformPolicyDecisionLogs = defineTable({
2494
2753
  name: "platformPolicyDecisionLogs",
2495
- component: "identity",
2754
+ component: "control-plane",
2496
2755
  category: "platform",
2497
2756
  shape: z.object({
2498
2757
  "principalId": z.string(),
@@ -2528,7 +2787,7 @@ var platformPolicyDecisionLogs = defineTable({
2528
2787
  });
2529
2788
  var tenantApiKeys = defineTable({
2530
2789
  name: "tenantApiKeys",
2531
- component: "identity",
2790
+ component: "control-plane",
2532
2791
  category: "platform",
2533
2792
  shape: z.object({
2534
2793
  "tenantId": z.string(),
@@ -2555,7 +2814,7 @@ var tenantApiKeys = defineTable({
2555
2814
  });
2556
2815
  var tenantConfig = defineTable({
2557
2816
  name: "tenantConfig",
2558
- component: "identity",
2817
+ component: "control-plane",
2559
2818
  category: "platform",
2560
2819
  shape: z.object({
2561
2820
  "tenantId": z.string(),
@@ -2574,7 +2833,7 @@ var tenantConfig = defineTable({
2574
2833
  });
2575
2834
  var tenantIntegrations = defineTable({
2576
2835
  name: "tenantIntegrations",
2577
- component: "identity",
2836
+ component: "control-plane",
2578
2837
  category: "platform",
2579
2838
  shape: z.object({
2580
2839
  "tenantId": z.string(),
@@ -2629,7 +2888,7 @@ var tenantIntegrations = defineTable({
2629
2888
  });
2630
2889
  var tenantModelSlotBindings = defineTable({
2631
2890
  name: "tenantModelSlotBindings",
2632
- component: "identity",
2891
+ component: "control-plane",
2633
2892
  category: "platform",
2634
2893
  shape: z.object({
2635
2894
  "bindingId": z.string(),
@@ -2657,7 +2916,7 @@ var tenantModelSlotBindings = defineTable({
2657
2916
  });
2658
2917
  var tenantPolicies = defineTable({
2659
2918
  name: "tenantPolicies",
2660
- component: "identity",
2919
+ component: "control-plane",
2661
2920
  category: "platform",
2662
2921
  shape: z.object({
2663
2922
  "tenantId": z.string(),
@@ -2682,7 +2941,7 @@ var tenantPolicies = defineTable({
2682
2941
  });
2683
2942
  var tenantProviderSecrets = defineTable({
2684
2943
  name: "tenantProviderSecrets",
2685
- component: "identity",
2944
+ component: "control-plane",
2686
2945
  category: "platform",
2687
2946
  shape: z.object({
2688
2947
  "secretRef": z.string(),
@@ -2713,7 +2972,7 @@ var tenantProviderSecrets = defineTable({
2713
2972
  });
2714
2973
  var tenantProxyGatewayUsage = defineTable({
2715
2974
  name: "tenantProxyGatewayUsage",
2716
- component: "identity",
2975
+ component: "control-plane",
2717
2976
  category: "platform",
2718
2977
  shape: z.object({
2719
2978
  "usageId": z.string(),
@@ -2748,7 +3007,7 @@ var tenantProxyGatewayUsage = defineTable({
2748
3007
  });
2749
3008
  var tenantProxyTokenMints = defineTable({
2750
3009
  name: "tenantProxyTokenMints",
2751
- component: "identity",
3010
+ component: "control-plane",
2752
3011
  category: "platform",
2753
3012
  shape: z.object({
2754
3013
  "proxyTokenId": z.string(),
@@ -2771,7 +3030,7 @@ var tenantProxyTokenMints = defineTable({
2771
3030
  });
2772
3031
  var tenantSandboxAuditEvents = defineTable({
2773
3032
  name: "tenantSandboxAuditEvents",
2774
- component: "identity",
3033
+ component: "control-plane",
2775
3034
  category: "platform",
2776
3035
  shape: z.object({
2777
3036
  "eventId": z.string(),
@@ -2805,7 +3064,7 @@ var tenantSandboxAuditEvents = defineTable({
2805
3064
  });
2806
3065
  var tenantSecrets = defineTable({
2807
3066
  name: "tenantSecrets",
2808
- component: "identity",
3067
+ component: "control-plane",
2809
3068
  category: "platform",
2810
3069
  shape: z.object({
2811
3070
  "tenantId": z.string(),
@@ -2827,7 +3086,7 @@ var tenantSecrets = defineTable({
2827
3086
  });
2828
3087
  var toolAcls = defineTable({
2829
3088
  name: "toolAcls",
2830
- component: "identity",
3089
+ component: "control-plane",
2831
3090
  category: "platform",
2832
3091
  shape: z.object({
2833
3092
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2842,7 +3101,7 @@ var toolAcls = defineTable({
2842
3101
  });
2843
3102
  var toolRegistry = defineTable({
2844
3103
  name: "toolRegistry",
2845
- component: "identity",
3104
+ component: "control-plane",
2846
3105
  category: "platform",
2847
3106
  shape: z.object({
2848
3107
  "toolName": z.string(),
@@ -2923,7 +3182,7 @@ var tenantMethodologyAssignments = defineTable({
2923
3182
  });
2924
3183
  var modelCallLogs = defineTable({
2925
3184
  name: "modelCallLogs",
2926
- component: "identity",
3185
+ component: "control-plane",
2927
3186
  category: "model",
2928
3187
  shape: z.object({
2929
3188
  "slot": z.string(),
@@ -2949,7 +3208,7 @@ var modelCallLogs = defineTable({
2949
3208
  });
2950
3209
  var modelFunctionSlots = defineTable({
2951
3210
  name: "modelFunctionSlots",
2952
- component: "identity",
3211
+ component: "control-plane",
2953
3212
  category: "model",
2954
3213
  shape: z.object({
2955
3214
  "slot": z.string(),
@@ -2974,7 +3233,7 @@ var modelFunctionSlots = defineTable({
2974
3233
  });
2975
3234
  var modelRegistry = defineTable({
2976
3235
  name: "modelRegistry",
2977
- component: "identity",
3236
+ component: "control-plane",
2978
3237
  category: "model",
2979
3238
  shape: z.object({
2980
3239
  "key": z.string(),
@@ -3001,7 +3260,7 @@ var modelRegistry = defineTable({
3001
3260
  });
3002
3261
  var modelSlotConfigs = defineTable({
3003
3262
  name: "modelSlotConfigs",
3004
- component: "identity",
3263
+ component: "control-plane",
3005
3264
  category: "model",
3006
3265
  shape: z.object({
3007
3266
  "slot": z.string(),
@@ -3388,7 +3647,7 @@ var policyDecisionLogs = defineTable({
3388
3647
  "workspaceId": idOf("workspaces").optional(),
3389
3648
  "resourceType": z.string(),
3390
3649
  "resourceId": z.string(),
3391
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3650
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3392
3651
  "decision": z.enum(["allow", "deny"]),
3393
3652
  "reasonCode": z.string(),
3394
3653
  "policyVersion": z.string(),
@@ -3450,7 +3709,7 @@ var controlPlaneToolAcls = defineTable({
3450
3709
  });
3451
3710
  var projectGrants = defineTable({
3452
3711
  name: "projectGrants",
3453
- component: "identity",
3712
+ component: "control-plane",
3454
3713
  category: "project",
3455
3714
  shape: z.object({
3456
3715
  "projectId": z.string().optional(),
@@ -3482,9 +3741,650 @@ var projectGrants = defineTable({
3482
3741
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3483
3742
  ]
3484
3743
  });
3744
+ var permitActorType = z.enum([
3745
+ "human",
3746
+ "agent",
3747
+ "service_principal",
3748
+ "external_stakeholder",
3749
+ "system"
3750
+ ]);
3751
+ var permitMembershipStatus = z.enum([
3752
+ "active",
3753
+ "invited",
3754
+ "revoked",
3755
+ "suspended",
3756
+ "disabled"
3757
+ ]);
3758
+ var permitDecision = z.enum(["allow", "deny"]);
3759
+ var permitAccessReviewStatus = z.enum([
3760
+ "open",
3761
+ "in_progress",
3762
+ "approved",
3763
+ "denied",
3764
+ "expired",
3765
+ "cancelled"
3766
+ ]);
3767
+ var permitReviewScope = z.enum([
3768
+ "tenant",
3769
+ "workspace",
3770
+ "resource_instance",
3771
+ "group",
3772
+ "principal",
3773
+ "api_key",
3774
+ "admin_action"
3775
+ ]);
3776
+ var permitRecordStatus = z.enum([
3777
+ "queued",
3778
+ "inflight",
3779
+ "completed",
3780
+ "failed",
3781
+ "skipped",
3782
+ "stale"
3783
+ ]);
3784
+ var permitObjectType = z.enum([
3785
+ "resource",
3786
+ "role",
3787
+ "resource_role",
3788
+ "resource_relation",
3789
+ "tenant",
3790
+ "workspace",
3791
+ "principal",
3792
+ "membership",
3793
+ "group",
3794
+ "resource_instance",
3795
+ "relationship_tuple",
3796
+ "role_assignment",
3797
+ "attribute_binding",
3798
+ "policy_bundle"
3799
+ ]);
3800
+ var permitOutboxOperation = z.enum([
3801
+ "upsert",
3802
+ "delete",
3803
+ "sync",
3804
+ "resync",
3805
+ "delete_sync",
3806
+ "noop"
3807
+ ]);
3808
+ var permitPolicyBundleStatus = z.enum([
3809
+ "draft",
3810
+ "validated",
3811
+ "enforced",
3812
+ "archived"
3813
+ ]);
3814
+ var permitSyncStatus = z.enum([
3815
+ "pending",
3816
+ "synced",
3817
+ "error",
3818
+ "skipped"
3819
+ ]);
3820
+ var permitAccessReviewSubjectType = z.enum([
3821
+ "principal",
3822
+ "group",
3823
+ "role_assignment",
3824
+ "resource_instance"
3825
+ ]);
3826
+ var permitAttributeType = z.enum([
3827
+ "string",
3828
+ "number",
3829
+ "bool",
3830
+ "json",
3831
+ "time"
3832
+ ]);
3833
+ var permitAttributeOperator = z.enum([
3834
+ "eq",
3835
+ "neq",
3836
+ "in",
3837
+ "not_in",
3838
+ "gt",
3839
+ "gte",
3840
+ "lt",
3841
+ "lte",
3842
+ "contains",
3843
+ "not_contains",
3844
+ "matches"
3845
+ ]);
3846
+ var permitRoleBindingTarget = z.enum([
3847
+ "principal",
3848
+ "group"
3849
+ ]);
3850
+ var permitPrincipals = defineTable({
3851
+ name: "permitPrincipals",
3852
+ component: "control-plane",
3853
+ category: "access-control",
3854
+ shape: z.object({
3855
+ principalId: z.string(),
3856
+ tenantId: z.string(),
3857
+ workspaceId: z.optional(z.string()),
3858
+ principalType: permitActorType,
3859
+ status: permitMembershipStatus,
3860
+ displayName: z.string().optional(),
3861
+ metadata: z.record(z.any()).optional(),
3862
+ createdBy: z.string(),
3863
+ createdAt: z.number(),
3864
+ updatedAt: z.number(),
3865
+ updatedBy: z.string().optional(),
3866
+ lastSeenAt: z.number().optional()
3867
+ }),
3868
+ indices: [
3869
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3870
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3871
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3872
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3873
+ {
3874
+ kind: "index",
3875
+ name: "by_tenant_principalType_status",
3876
+ columns: ["tenantId", "principalType", "status"]
3877
+ }
3878
+ ]
3879
+ });
3880
+ var permitPrincipalAliases = defineTable({
3881
+ name: "permitPrincipalAliases",
3882
+ component: "control-plane",
3883
+ category: "access-control",
3884
+ shape: z.object({
3885
+ principalId: z.string(),
3886
+ tenantId: z.string(),
3887
+ workspaceId: z.optional(z.string()),
3888
+ provider: z.string(),
3889
+ providerSubjectId: z.string(),
3890
+ providerProjectId: z.string().optional(),
3891
+ alias: z.string(),
3892
+ aliasKind: z.string(),
3893
+ status: permitMembershipStatus,
3894
+ metadata: z.record(z.any()).optional(),
3895
+ createdBy: z.string(),
3896
+ createdAt: z.number(),
3897
+ updatedAt: z.number(),
3898
+ revokedBy: z.string().optional(),
3899
+ revokedAt: z.number().optional(),
3900
+ updatedBy: z.string().optional()
3901
+ }),
3902
+ indices: [
3903
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3904
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3905
+ {
3906
+ kind: "index",
3907
+ name: "by_tenant_provider_alias",
3908
+ columns: ["tenantId", "provider", "alias"]
3909
+ },
3910
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3911
+ {
3912
+ kind: "index",
3913
+ name: "by_tenant_provider_status",
3914
+ columns: ["tenantId", "provider", "status"]
3915
+ }
3916
+ ]
3917
+ });
3918
+ var permitGroups = defineTable({
3919
+ name: "permitGroups",
3920
+ component: "control-plane",
3921
+ category: "access-control",
3922
+ shape: z.object({
3923
+ tenantId: z.string(),
3924
+ workspaceId: z.optional(z.string()),
3925
+ groupId: z.string(),
3926
+ groupKey: z.string(),
3927
+ groupName: z.string(),
3928
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3929
+ status: permitMembershipStatus,
3930
+ description: z.string().optional(),
3931
+ metadata: z.record(z.any()).optional(),
3932
+ createdBy: z.string(),
3933
+ createdAt: z.number(),
3934
+ updatedAt: z.number(),
3935
+ updatedBy: z.string().optional()
3936
+ }),
3937
+ indices: [
3938
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3939
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3940
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3941
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3942
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3943
+ ]
3944
+ });
3945
+ var permitGroupMemberships = defineTable({
3946
+ name: "permitGroupMemberships",
3947
+ component: "control-plane",
3948
+ category: "access-control",
3949
+ shape: z.object({
3950
+ tenantId: z.string(),
3951
+ workspaceId: z.optional(z.string()),
3952
+ groupId: z.string(),
3953
+ memberType: z.enum(["principal", "group"]),
3954
+ memberId: z.string(),
3955
+ principalId: z.string().optional(),
3956
+ childGroupId: z.string().optional(),
3957
+ status: permitMembershipStatus,
3958
+ addedBy: z.string().optional(),
3959
+ revokedBy: z.string().optional(),
3960
+ expiresAt: z.number().optional(),
3961
+ revocationReason: z.string().optional(),
3962
+ metadata: z.record(z.any()).optional(),
3963
+ createdAt: z.number(),
3964
+ updatedAt: z.number(),
3965
+ updatedBy: z.string().optional()
3966
+ }),
3967
+ indices: [
3968
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
3969
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
3970
+ {
3971
+ kind: "index",
3972
+ name: "by_tenant_member_group",
3973
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
3974
+ },
3975
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
3976
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
3977
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3978
+ {
3979
+ kind: "index",
3980
+ name: "by_workspace_principal",
3981
+ columns: ["workspaceId", "principalId"]
3982
+ }
3983
+ ]
3984
+ });
3985
+ var permitResourceInstances = defineTable({
3986
+ name: "permitResourceInstances",
3987
+ component: "control-plane",
3988
+ category: "access-control",
3989
+ shape: z.object({
3990
+ tenantId: z.string(),
3991
+ workspaceId: z.optional(z.string()),
3992
+ resourceType: z.string(),
3993
+ resourceKey: z.string(),
3994
+ resourceId: z.string(),
3995
+ status: z.enum(["active", "deleted", "archived"]),
3996
+ attributes: z.record(z.any()).optional(),
3997
+ ownerPrincipalId: z.string().optional(),
3998
+ metadata: z.record(z.any()).optional(),
3999
+ createdBy: z.string(),
4000
+ updatedBy: z.string().optional(),
4001
+ createdAt: z.number(),
4002
+ updatedAt: z.number()
4003
+ }),
4004
+ indices: [
4005
+ {
4006
+ kind: "index",
4007
+ name: "by_tenant_resource_type",
4008
+ columns: ["tenantId", "resourceType"]
4009
+ },
4010
+ {
4011
+ kind: "index",
4012
+ name: "by_tenant_resource_key",
4013
+ columns: ["tenantId", "resourceType", "resourceKey"]
4014
+ },
4015
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4016
+ { kind: "index", name: "by_status", columns: ["status"] },
4017
+ {
4018
+ kind: "index",
4019
+ name: "by_tenant_status",
4020
+ columns: ["tenantId", "status"]
4021
+ },
4022
+ {
4023
+ kind: "index",
4024
+ name: "by_ownerPrincipalId",
4025
+ columns: ["ownerPrincipalId"]
4026
+ }
4027
+ ]
4028
+ });
4029
+ var permitRoleAssignments = defineTable({
4030
+ name: "permitRoleAssignments",
4031
+ component: "control-plane",
4032
+ category: "access-control",
4033
+ shape: z.object({
4034
+ tenantId: z.string(),
4035
+ workspaceId: z.optional(z.string()),
4036
+ role: z.string(),
4037
+ targetType: permitRoleBindingTarget,
4038
+ targetId: z.string(),
4039
+ resourceType: z.string(),
4040
+ resourceKey: z.string(),
4041
+ resourceInstanceId: z.string().optional(),
4042
+ status: permitMembershipStatus,
4043
+ expiresAt: z.number().optional(),
4044
+ attributes: z.record(z.any()).optional(),
4045
+ grantedBy: z.string().optional(),
4046
+ updatedBy: z.string().optional(),
4047
+ revokedBy: z.string().optional(),
4048
+ createdAt: z.number(),
4049
+ updatedAt: z.number()
4050
+ }),
4051
+ indices: [
4052
+ {
4053
+ kind: "index",
4054
+ name: "by_tenant_target",
4055
+ columns: ["tenantId", "targetType", "targetId"]
4056
+ },
4057
+ {
4058
+ kind: "index",
4059
+ name: "by_tenant_resource",
4060
+ columns: ["tenantId", "resourceType", "resourceKey"]
4061
+ },
4062
+ {
4063
+ kind: "index",
4064
+ name: "by_tenant_role",
4065
+ columns: ["tenantId", "role", "status"]
4066
+ },
4067
+ { kind: "index", name: "by_status", columns: ["status"] },
4068
+ {
4069
+ kind: "index",
4070
+ name: "by_workspace_resource",
4071
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4072
+ }
4073
+ ]
4074
+ });
4075
+ var permitRelationshipTuples = defineTable({
4076
+ name: "permitRelationshipTuples",
4077
+ component: "control-plane",
4078
+ category: "access-control",
4079
+ shape: z.object({
4080
+ tenantId: z.string(),
4081
+ workspaceId: z.optional(z.string()),
4082
+ relation: z.string(),
4083
+ subject: z.string(),
4084
+ object: z.string(),
4085
+ resourceType: z.string().optional(),
4086
+ resourceKey: z.string().optional(),
4087
+ status: permitRecordStatus,
4088
+ attributes: z.record(z.any()).optional(),
4089
+ createdBy: z.string(),
4090
+ createdAt: z.number(),
4091
+ updatedAt: z.number(),
4092
+ lastSeenAt: z.number().optional(),
4093
+ updatedBy: z.string().optional()
4094
+ }),
4095
+ indices: [
4096
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4097
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4098
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4099
+ {
4100
+ kind: "index",
4101
+ name: "by_tenant_relation_subject",
4102
+ columns: ["tenantId", "relation", "subject"]
4103
+ },
4104
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4105
+ ]
4106
+ });
4107
+ var permitAttributeBindings = defineTable({
4108
+ name: "permitAttributeBindings",
4109
+ component: "control-plane",
4110
+ category: "access-control",
4111
+ shape: z.object({
4112
+ tenantId: z.string(),
4113
+ workspaceId: z.optional(z.string()),
4114
+ targetType: permitRoleBindingTarget,
4115
+ targetId: z.string(),
4116
+ attributeName: z.string(),
4117
+ attributeType: permitAttributeType,
4118
+ attributeOperator: permitAttributeOperator,
4119
+ attributeValue: z.any(),
4120
+ status: permitRecordStatus,
4121
+ source: z.string().optional(),
4122
+ sourceRef: z.string().optional(),
4123
+ metadata: z.record(z.any()).optional(),
4124
+ createdAt: z.number(),
4125
+ updatedAt: z.number(),
4126
+ createdBy: z.string(),
4127
+ updatedBy: z.string().optional(),
4128
+ expiresAt: z.number().optional()
4129
+ }),
4130
+ indices: [
4131
+ {
4132
+ kind: "index",
4133
+ name: "by_tenant_target",
4134
+ columns: ["tenantId", "targetType", "targetId"]
4135
+ },
4136
+ {
4137
+ kind: "index",
4138
+ name: "by_tenant_target_attribute",
4139
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4140
+ },
4141
+ {
4142
+ kind: "index",
4143
+ name: "by_tenant_name",
4144
+ columns: ["tenantId", "attributeName"]
4145
+ },
4146
+ {
4147
+ kind: "index",
4148
+ name: "by_tenant_status",
4149
+ columns: ["tenantId", "status"]
4150
+ }
4151
+ ]
4152
+ });
4153
+ var permitPolicyBundles = defineTable({
4154
+ name: "permitPolicyBundles",
4155
+ component: "control-plane",
4156
+ category: "access-control",
4157
+ shape: z.object({
4158
+ tenantId: z.string(),
4159
+ workspaceId: z.optional(z.string()),
4160
+ bundleKey: z.string(),
4161
+ version: z.number(),
4162
+ status: permitPolicyBundleStatus,
4163
+ policyHash: z.string().optional(),
4164
+ policyPayload: z.record(z.any()),
4165
+ metadata: z.record(z.any()).optional(),
4166
+ createdBy: z.string(),
4167
+ reviewedBy: z.string().optional(),
4168
+ createdAt: z.number(),
4169
+ updatedAt: z.number(),
4170
+ retiredAt: z.number().optional()
4171
+ }),
4172
+ indices: [
4173
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4174
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4175
+ {
4176
+ kind: "index",
4177
+ name: "by_tenant_bundleKey",
4178
+ columns: ["tenantId", "bundleKey"]
4179
+ },
4180
+ {
4181
+ kind: "index",
4182
+ name: "by_tenant_bundle_version",
4183
+ columns: ["tenantId", "bundleKey", "version"]
4184
+ },
4185
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4186
+ ]
4187
+ });
4188
+ var permitProjectionOutbox = defineTable({
4189
+ name: "permitProjectionOutbox",
4190
+ component: "control-plane",
4191
+ category: "access-control",
4192
+ shape: z.object({
4193
+ syncKey: z.string(),
4194
+ objectType: permitObjectType,
4195
+ objectId: z.string(),
4196
+ operation: permitOutboxOperation,
4197
+ payload: z.record(z.any()),
4198
+ status: permitRecordStatus,
4199
+ attemptCount: z.number(),
4200
+ nextAttemptAt: z.number().optional(),
4201
+ lastError: z.string().optional(),
4202
+ tenantId: z.string().optional(),
4203
+ workspaceId: z.optional(z.string()),
4204
+ principalId: z.string().optional(),
4205
+ permitTenantKey: z.string().optional(),
4206
+ permitResourceType: z.string().optional(),
4207
+ permitResourceKey: z.string().optional(),
4208
+ createdAt: z.number(),
4209
+ updatedAt: z.number(),
4210
+ lastHandledAt: z.number().optional()
4211
+ }),
4212
+ indices: [
4213
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4214
+ { kind: "index", name: "by_status", columns: ["status"] },
4215
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4216
+ {
4217
+ kind: "index",
4218
+ name: "by_tenant_status",
4219
+ columns: ["tenantId", "status"]
4220
+ },
4221
+ {
4222
+ kind: "index",
4223
+ name: "by_objectType",
4224
+ columns: ["objectType", "status"]
4225
+ }
4226
+ ]
4227
+ });
4228
+ var tenantPermitSyncStates = defineTable({
4229
+ name: "tenantPermitSyncStates",
4230
+ component: "control-plane",
4231
+ category: "access-control",
4232
+ shape: z.object({
4233
+ syncKey: z.string(),
4234
+ objectType: permitObjectType,
4235
+ objectId: z.string(),
4236
+ tenantId: z.string().optional(),
4237
+ workspaceId: z.string().optional(),
4238
+ principalId: z.string().optional(),
4239
+ permitTenantKey: z.string().optional(),
4240
+ permitResourceType: z.string().optional(),
4241
+ permitResourceKey: z.string().optional(),
4242
+ desiredPayload: z.record(z.any()),
4243
+ lastAppliedPayloadHash: z.string().optional(),
4244
+ status: permitSyncStatus,
4245
+ attemptCount: z.number(),
4246
+ lastError: z.string().optional(),
4247
+ nextAttemptAt: z.number().optional(),
4248
+ lastSyncedAt: z.number().optional(),
4249
+ createdBy: z.string(),
4250
+ updatedBy: z.string().optional(),
4251
+ createdAt: z.number(),
4252
+ updatedAt: z.number()
4253
+ }),
4254
+ indices: [
4255
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4256
+ { kind: "index", name: "by_status", columns: ["status"] },
4257
+ {
4258
+ kind: "index",
4259
+ name: "by_tenant_status",
4260
+ columns: ["tenantId", "status"]
4261
+ },
4262
+ {
4263
+ kind: "index",
4264
+ name: "by_workspace_status",
4265
+ columns: ["workspaceId", "status"]
4266
+ },
4267
+ {
4268
+ kind: "index",
4269
+ name: "by_principal_status",
4270
+ columns: ["principalId", "status"]
4271
+ }
4272
+ ]
4273
+ });
4274
+ var permitPolicyDecisionReceipts = defineTable({
4275
+ name: "permitPolicyDecisionReceipts",
4276
+ component: "control-plane",
4277
+ category: "access-control",
4278
+ shape: z.object({
4279
+ tenantId: z.string().optional(),
4280
+ workspaceId: z.string().optional(),
4281
+ principalId: z.string(),
4282
+ subjectType: permitAccessReviewSubjectType.optional(),
4283
+ subjectId: z.string().optional(),
4284
+ resourceType: z.string(),
4285
+ resourceId: z.string(),
4286
+ action: z.string(),
4287
+ decision: permitDecision,
4288
+ reasonCode: z.string(),
4289
+ policyBundleId: z.string().optional(),
4290
+ policyVersion: z.string(),
4291
+ traceId: z.string().optional(),
4292
+ requestId: z.string().optional(),
4293
+ audienceMode: z.string().optional(),
4294
+ audienceKey: z.string().optional(),
4295
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4296
+ metadata: z.record(z.any()).optional(),
4297
+ createdAt: z.number(),
4298
+ expiresAt: z.number().optional(),
4299
+ createdBy: z.string().optional()
4300
+ }),
4301
+ indices: [
4302
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4303
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4304
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4305
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4306
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4307
+ { kind: "index", name: "by_action", columns: ["action"] }
4308
+ ]
4309
+ });
4310
+ var permitAccessReviews = defineTable({
4311
+ name: "permitAccessReviews",
4312
+ component: "control-plane",
4313
+ category: "access-control",
4314
+ shape: z.object({
4315
+ tenantId: z.string(),
4316
+ workspaceId: z.optional(z.string()),
4317
+ reviewKey: z.string(),
4318
+ scope: permitReviewScope,
4319
+ status: permitAccessReviewStatus,
4320
+ subjectType: permitAccessReviewSubjectType,
4321
+ subjectId: z.string(),
4322
+ resourceType: z.string().optional(),
4323
+ resourceKey: z.string().optional(),
4324
+ outcome: z.enum(["allow", "deny"]).optional(),
4325
+ requestedBy: z.string(),
4326
+ reviewedBy: z.string().optional(),
4327
+ requestedAt: z.number(),
4328
+ reviewedAt: z.number().optional(),
4329
+ dueAt: z.number().optional(),
4330
+ justification: z.string().optional(),
4331
+ rationale: z.string().optional(),
4332
+ policyBundleId: z.string().optional(),
4333
+ metadata: z.record(z.any()).optional(),
4334
+ createdAt: z.number(),
4335
+ updatedAt: z.number()
4336
+ }),
4337
+ indices: [
4338
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4339
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4340
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4341
+ {
4342
+ kind: "index",
4343
+ name: "by_tenant_subject",
4344
+ columns: ["tenantId", "subjectType", "subjectId"]
4345
+ },
4346
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4347
+ {
4348
+ kind: "index",
4349
+ name: "by_workspace_status",
4350
+ columns: ["workspaceId", "status"]
4351
+ }
4352
+ ]
4353
+ });
4354
+ var permitAccessReviewItems = defineTable({
4355
+ name: "permitAccessReviewItems",
4356
+ component: "control-plane",
4357
+ category: "access-control",
4358
+ shape: z.object({
4359
+ reviewKey: z.string(),
4360
+ itemKey: z.string(),
4361
+ tenantId: z.string(),
4362
+ workspaceId: z.string().optional(),
4363
+ subjectType: permitAccessReviewSubjectType,
4364
+ subjectId: z.string(),
4365
+ resourceType: z.string().optional(),
4366
+ resourceKey: z.string().optional(),
4367
+ role: z.string().optional(),
4368
+ relation: z.string().optional(),
4369
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4370
+ reviewerId: z.string().optional(),
4371
+ decisionAt: z.number().optional(),
4372
+ rationale: z.string().optional(),
4373
+ metadata: z.record(z.any()).optional(),
4374
+ createdAt: z.number(),
4375
+ updatedAt: z.number()
4376
+ }),
4377
+ indices: [
4378
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4379
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4380
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4381
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4382
+ { kind: "index", name: "by_status", columns: ["status"] }
4383
+ ]
4384
+ });
3485
4385
  var reasoningPermissions = defineTable({
3486
4386
  name: "reasoningPermissions",
3487
- component: "identity",
4387
+ component: "control-plane",
3488
4388
  category: "epistemic",
3489
4389
  shape: z.object({
3490
4390
  "topicId": z.string().optional(),
@@ -3731,7 +4631,7 @@ var topics = defineTable({
3731
4631
  });
3732
4632
  var users = defineTable({
3733
4633
  name: "users",
3734
- component: "identity",
4634
+ component: "control-plane",
3735
4635
  category: "user",
3736
4636
  shape: z.object({
3737
4637
  "clerkId": z.string(),
@@ -3845,7 +4745,6 @@ var workspaces = defineTable({
3845
4745
  "deployments": z.record(z.object({
3846
4746
  "url": z.string(),
3847
4747
  "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
3848
- "encryptedDeployKey": z.string().optional(),
3849
4748
  "credentialRef": z.string().optional()
3850
4749
  })).optional(),
3851
4750
  "metadata": z.record(z.any()).optional(),
@@ -3860,6 +4759,39 @@ var workspaces = defineTable({
3860
4759
  { kind: "index", name: "by_status", columns: ["status"] }
3861
4760
  ]
3862
4761
  });
4762
+ var deploymentHosts = defineTable({
4763
+ name: "deploymentHosts",
4764
+ component: "mc",
4765
+ category: "workspace",
4766
+ shape: z.object({
4767
+ "host": z.string(),
4768
+ "tenantId": idOf("tenants"),
4769
+ "workspaceId": idOf("workspaces"),
4770
+ "environment": z.enum(["dev", "staging", "prod"]),
4771
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4772
+ "deploymentUrl": z.string().optional(),
4773
+ "deploymentName": z.string().optional(),
4774
+ "vercelProjectName": z.string().optional(),
4775
+ "vercelProjectId": z.string().optional(),
4776
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4777
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4778
+ "status": z.enum(["active", "revoked"]),
4779
+ "metadata": z.record(z.any()).optional(),
4780
+ "createdBy": z.string(),
4781
+ "createdAt": z.number(),
4782
+ "updatedAt": z.number(),
4783
+ "revokedAt": z.number().optional(),
4784
+ "revokedBy": z.string().optional()
4785
+ }),
4786
+ indices: [
4787
+ { kind: "index", name: "by_host", columns: ["host"] },
4788
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4789
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4790
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4791
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4792
+ { kind: "index", name: "by_status", columns: ["status"] }
4793
+ ]
4794
+ });
3863
4795
  var worktreeBeliefCluster = defineTable({
3864
4796
  name: "worktreeBeliefCluster",
3865
4797
  component: "kernel",
@@ -4224,9 +5156,23 @@ var KERNEL_TABLE_CONTRACTS = [
4224
5156
  worktreeBeliefCluster,
4225
5157
  worktrees
4226
5158
  ];
4227
- var IDENTITY_TABLE_CONTRACTS = [
5159
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4228
5160
  agents,
4229
5161
  reasoningPermissions,
5162
+ permitAccessReviewItems,
5163
+ permitAccessReviews,
5164
+ permitAttributeBindings,
5165
+ permitGroups,
5166
+ permitGroupMemberships,
5167
+ permitPolicyBundles,
5168
+ permitPolicyDecisionReceipts,
5169
+ permitPrincipalAliases,
5170
+ permitPrincipals,
5171
+ permitProjectionOutbox,
5172
+ permitRelationshipTuples,
5173
+ permitResourceInstances,
5174
+ permitRoleAssignments,
5175
+ tenantPermitSyncStates,
4230
5176
  modelCallLogs,
4231
5177
  modelFunctionSlots,
4232
5178
  modelRegistry,
@@ -4256,6 +5202,7 @@ var MC_TABLE_CONTRACTS = [
4256
5202
  memberships,
4257
5203
  oauthDeviceCodes,
4258
5204
  principals,
5205
+ principalIdentityAliases,
4259
5206
  rateLimitWindows,
4260
5207
  servicePrincipalKeys,
4261
5208
  userSessions,
@@ -4271,29 +5218,33 @@ var MC_TABLE_CONTRACTS = [
4271
5218
  policyDecisionLogs,
4272
5219
  policySimulations,
4273
5220
  controlPlaneToolAcls,
5221
+ permitSyncStates,
4274
5222
  agentRegistryEntries,
4275
5223
  toolCatalog,
4276
5224
  toolRegistryEntries,
4277
5225
  compatibilityShims,
4278
5226
  cutoverFlags,
4279
5227
  tenantDeploymentCredentials,
5228
+ secretSyncDriftReports,
4280
5229
  controlPlaneTenantModelSlotBindings,
4281
5230
  controlPlaneTenantProviderSecrets,
4282
5231
  controlPlaneTenantProxyGatewayUsage,
5232
+ controlPlaneTenantProxyTokenLeases,
4283
5233
  apiKeys,
4284
5234
  auditLog,
4285
5235
  tenants,
4286
- workspaces
5236
+ workspaces,
5237
+ deploymentHosts
4287
5238
  ];
4288
5239
  var TABLE_CONTRACTS_BY_COMPONENT = {
4289
5240
  kernel: KERNEL_TABLE_CONTRACTS,
4290
- identity: IDENTITY_TABLE_CONTRACTS,
5241
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4291
5242
  mc: MC_TABLE_CONTRACTS,
4292
5243
  "developer-pack": []
4293
5244
  };
4294
5245
  var ALL_TABLE_CONTRACTS = [
4295
5246
  ...KERNEL_TABLE_CONTRACTS,
4296
- ...IDENTITY_TABLE_CONTRACTS,
5247
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4297
5248
  ...MC_TABLE_CONTRACTS
4298
5249
  ];
4299
5250
  function listTableContractsByName(name) {
@@ -4305,6 +5256,6 @@ function getTableContract(name, component) {
4305
5256
  );
4306
5257
  }
4307
5258
 
4308
- export { ALL_TABLE_CONTRACTS, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
5259
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
4309
5260
  //# sourceMappingURL=manifest.js.map
4310
5261
  //# sourceMappingURL=manifest.js.map