@lucern/contracts 0.3.0-alpha.10 → 0.3.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/dist/api-enums.contract.d.ts +5 -3
  2. package/dist/api-enums.contract.js +14 -12
  3. package/dist/api-enums.contract.js.map +1 -1
  4. package/dist/component-boundary.contract.d.ts +1 -1
  5. package/dist/component-boundary.contract.js +45 -26
  6. package/dist/component-boundary.contract.js.map +1 -1
  7. package/dist/component-host-boundary.contract.d.ts +10 -5
  8. package/dist/component-host-boundary.contract.js +10 -4
  9. package/dist/component-host-boundary.contract.js.map +1 -1
  10. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  11. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  12. package/dist/dsl.d.ts +2 -2
  13. package/dist/dsl.js.map +1 -1
  14. package/dist/function-registry/beliefs.d.ts +13 -0
  15. package/dist/function-registry/beliefs.js +50 -7
  16. package/dist/function-registry/beliefs.js.map +1 -1
  17. package/dist/function-registry/coding.d.ts +9 -0
  18. package/dist/function-registry/coding.js +117 -8
  19. package/dist/function-registry/coding.js.map +1 -1
  20. package/dist/function-registry/context.d.ts +6 -0
  21. package/dist/function-registry/context.js +50 -7
  22. package/dist/function-registry/context.js.map +1 -1
  23. package/dist/function-registry/contracts.d.ts +6 -0
  24. package/dist/function-registry/contracts.js +50 -7
  25. package/dist/function-registry/contracts.js.map +1 -1
  26. package/dist/function-registry/coordination.d.ts +12 -0
  27. package/dist/function-registry/coordination.js +50 -7
  28. package/dist/function-registry/coordination.js.map +1 -1
  29. package/dist/function-registry/edges.d.ts +9 -0
  30. package/dist/function-registry/edges.js +54 -14
  31. package/dist/function-registry/edges.js.map +1 -1
  32. package/dist/function-registry/evidence.d.ts +11 -0
  33. package/dist/function-registry/evidence.js +53 -11
  34. package/dist/function-registry/evidence.js.map +1 -1
  35. package/dist/function-registry/graph.d.ts +18 -0
  36. package/dist/function-registry/graph.js +50 -7
  37. package/dist/function-registry/graph.js.map +1 -1
  38. package/dist/function-registry/helpers.d.ts +4 -1
  39. package/dist/function-registry/helpers.js +51 -8
  40. package/dist/function-registry/helpers.js.map +1 -1
  41. package/dist/function-registry/identity.d.ts +6 -0
  42. package/dist/function-registry/identity.js +50 -7
  43. package/dist/function-registry/identity.js.map +1 -1
  44. package/dist/function-registry/index.d.ts +8 -320
  45. package/dist/function-registry/index.js +54 -384
  46. package/dist/function-registry/index.js.map +1 -1
  47. package/dist/function-registry/judgments.d.ts +5 -0
  48. package/dist/function-registry/judgments.js +50 -7
  49. package/dist/function-registry/judgments.js.map +1 -1
  50. package/dist/function-registry/legacy.d.ts +4 -0
  51. package/dist/function-registry/legacy.js +50 -7
  52. package/dist/function-registry/legacy.js.map +1 -1
  53. package/dist/function-registry/lenses.d.ts +7 -0
  54. package/dist/function-registry/lenses.js +50 -7
  55. package/dist/function-registry/lenses.js.map +1 -1
  56. package/dist/function-registry/nodes.d.ts +412 -0
  57. package/dist/function-registry/nodes.js +5303 -0
  58. package/dist/function-registry/nodes.js.map +1 -0
  59. package/dist/function-registry/ontologies.d.ts +14 -0
  60. package/dist/function-registry/ontologies.js +50 -7
  61. package/dist/function-registry/ontologies.js.map +1 -1
  62. package/dist/function-registry/pipeline.d.ts +6 -0
  63. package/dist/function-registry/pipeline.js +50 -7
  64. package/dist/function-registry/pipeline.js.map +1 -1
  65. package/dist/function-registry/questions.d.ts +15 -0
  66. package/dist/function-registry/questions.js +50 -7
  67. package/dist/function-registry/questions.js.map +1 -1
  68. package/dist/function-registry/tasks.d.ts +7 -0
  69. package/dist/function-registry/tasks.js +69 -16
  70. package/dist/function-registry/tasks.js.map +1 -1
  71. package/dist/function-registry/topics.d.ts +10 -0
  72. package/dist/function-registry/topics.js +50 -7
  73. package/dist/function-registry/topics.js.map +1 -1
  74. package/dist/function-registry/types.d.ts +5 -1
  75. package/dist/function-registry/worktrees.d.ts +14 -0
  76. package/dist/function-registry/worktrees.js +50 -7
  77. package/dist/function-registry/worktrees.js.map +1 -1
  78. package/dist/gateway.contract.d.ts +3 -0
  79. package/dist/gateway.contract.js.map +1 -1
  80. package/dist/generated/convexSchemas.d.ts +3 -3
  81. package/dist/generated/convexSchemas.js +35 -16
  82. package/dist/generated/convexSchemas.js.map +1 -1
  83. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  84. package/dist/generated/infisicalRuntimeEnv.js +26818 -0
  85. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  86. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  87. package/dist/generated/lucernGatewayEnv.js +38 -0
  88. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  89. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  90. package/dist/generated/lucernWebPublicEnv.js +32 -0
  91. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  92. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  93. package/dist/generated/lucernWebServerEnv.js +51 -0
  94. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  95. package/dist/generated/schema-manifest.json +1165 -150
  96. package/dist/generated/tableOwnership.d.ts +46 -27
  97. package/dist/generated/tableOwnership.js +64 -26
  98. package/dist/generated/tableOwnership.js.map +1 -1
  99. package/dist/generated/tier-expectations.json +60 -8
  100. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  101. package/dist/index.d.ts +9 -4
  102. package/dist/index.js +31371 -381
  103. package/dist/index.js.map +1 -1
  104. package/dist/infisical-runtime.contract.d.ts +1623 -3
  105. package/dist/infisical-runtime.contract.js +2819 -12
  106. package/dist/infisical-runtime.contract.js.map +1 -1
  107. package/dist/manifests/infisical-runtime-manifest.d.ts +1550 -3
  108. package/dist/manifests/infisical-runtime-manifest.js +2672 -9
  109. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  110. package/dist/manifests/tenant-client-manifest.d.ts +11 -11
  111. package/dist/manifests/tenant-client-manifest.js +11 -11
  112. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  113. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  114. package/dist/mcp-gateway-boundary.contract.js +2 -0
  115. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  116. package/dist/permit-principal-projection.contract.d.ts +74 -0
  117. package/dist/permit-principal-projection.contract.js +161 -0
  118. package/dist/permit-principal-projection.contract.js.map +1 -0
  119. package/dist/projections/check-convex-args-shape.js +10 -6
  120. package/dist/projections/check-convex-args-shape.js.map +1 -1
  121. package/dist/projections/create-evidence.projection.d.ts +6 -6
  122. package/dist/projections/create-evidence.projection.js +2 -3
  123. package/dist/projections/create-evidence.projection.js.map +1 -1
  124. package/dist/projections/index.d.ts +3 -3
  125. package/dist/projections/index.js +10 -6
  126. package/dist/projections/index.js.map +1 -1
  127. package/dist/projections/list-tasks.projection.d.ts +20 -8
  128. package/dist/projections/list-tasks.projection.js +8 -3
  129. package/dist/projections/list-tasks.projection.js.map +1 -1
  130. package/dist/proof-attestation.json +45 -0
  131. package/dist/schemas/component-table-manifest.d.ts +6 -6
  132. package/dist/schemas/component-table-manifest.js +2 -2
  133. package/dist/schemas/component-table-manifest.js.map +1 -1
  134. package/dist/schemas/index.d.ts +2 -2
  135. package/dist/schemas/index.js +1088 -137
  136. package/dist/schemas/index.js.map +1 -1
  137. package/dist/schemas/manifest.d.ts +2010 -120
  138. package/dist/schemas/manifest.js +1086 -135
  139. package/dist/schemas/manifest.js.map +1 -1
  140. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  141. package/dist/schemas/tables/controlPlane/accessControl.js +655 -0
  142. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  143. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  144. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  145. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  146. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  147. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  148. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  149. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  150. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  151. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  152. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  153. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  154. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  155. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  156. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  157. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  158. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  159. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  160. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  161. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  162. package/dist/schemas/tables/kernel/config.js.map +1 -1
  163. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  164. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  165. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  166. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  167. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  168. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  169. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  170. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  173. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  174. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  175. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  176. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  177. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  178. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  179. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  180. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  181. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  182. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  183. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  184. package/dist/schemas/tables/kernel/spine.js +1 -0
  185. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  186. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  187. package/dist/schemas/tables/kernel/task.js.map +1 -1
  188. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  189. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  190. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  191. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  192. package/dist/schemas/tables/kernel/worktree.d.ts +5 -5
  193. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  194. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  195. package/dist/schemas/tables/mc/identity.js +32 -1
  196. package/dist/schemas/tables/mc/identity.js.map +1 -1
  197. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  198. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  199. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  200. package/dist/schemas/tables/mc/pack.js.map +1 -1
  201. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  202. package/dist/schemas/tables/mc/policy.js +1 -1
  203. package/dist/schemas/tables/mc/policy.js.map +1 -1
  204. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  205. package/dist/schemas/tables/mc/registry.js.map +1 -1
  206. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  207. package/dist/schemas/tables/mc/runtime.js +330 -104
  208. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  209. package/dist/schemas/tables/mc/tenant.d.ts +3 -2
  210. package/dist/schemas/tables/mc/tenant.js +2 -1
  211. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  212. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  213. package/dist/schemas/tables/mc/workspace.js +34 -2
  214. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  215. package/dist/sdk-tools.contract.js +26 -1
  216. package/dist/sdk-tools.contract.js.map +1 -1
  217. package/dist/tenant-bootstrap-seed.contract.d.ts +226 -58
  218. package/dist/tenant-bootstrap-seed.contract.js +126 -28
  219. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  220. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  221. package/dist/tenant-bootstrap-seed.defaults.js +1 -1
  222. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  223. package/dist/tenant-client.contract.d.ts +12 -12
  224. package/dist/tenant-client.contract.js +11 -11
  225. package/dist/tenant-client.contract.js.map +1 -1
  226. package/dist/tool-contracts.js +26 -1
  227. package/dist/tool-contracts.js.map +1 -1
  228. package/package.json +22 -1
  229. package/dist/schemas/tables/identity/agent.js.map +0 -1
  230. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  231. package/dist/schemas/tables/identity/model.js.map +0 -1
  232. package/dist/schemas/tables/identity/platform.js.map +0 -1
  233. package/dist/schemas/tables/identity/project.js.map +0 -1
  234. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -0,0 +1,655 @@
1
+ import { z } from 'zod';
2
+
3
+ // src/schemas/tables/controlPlane/accessControl.ts
4
+
5
+ // src/dsl/defineTable.ts
6
+ function defineTable(spec) {
7
+ return spec;
8
+ }
9
+
10
+ // src/schemas/tables/controlPlane/accessControl.ts
11
+ var permitActorType = z.enum([
12
+ "human",
13
+ "agent",
14
+ "service_principal",
15
+ "external_stakeholder",
16
+ "system"
17
+ ]);
18
+ var permitMembershipStatus = z.enum([
19
+ "active",
20
+ "invited",
21
+ "revoked",
22
+ "suspended",
23
+ "disabled"
24
+ ]);
25
+ var permitDecision = z.enum(["allow", "deny"]);
26
+ var permitAccessReviewStatus = z.enum([
27
+ "open",
28
+ "in_progress",
29
+ "approved",
30
+ "denied",
31
+ "expired",
32
+ "cancelled"
33
+ ]);
34
+ var permitReviewScope = z.enum([
35
+ "tenant",
36
+ "workspace",
37
+ "resource_instance",
38
+ "group",
39
+ "principal",
40
+ "api_key",
41
+ "admin_action"
42
+ ]);
43
+ var permitRecordStatus = z.enum([
44
+ "queued",
45
+ "inflight",
46
+ "completed",
47
+ "failed",
48
+ "skipped",
49
+ "stale"
50
+ ]);
51
+ var permitObjectType = z.enum([
52
+ "resource",
53
+ "role",
54
+ "resource_role",
55
+ "resource_relation",
56
+ "tenant",
57
+ "workspace",
58
+ "principal",
59
+ "membership",
60
+ "group",
61
+ "resource_instance",
62
+ "relationship_tuple",
63
+ "role_assignment",
64
+ "attribute_binding",
65
+ "policy_bundle"
66
+ ]);
67
+ var permitOutboxOperation = z.enum([
68
+ "upsert",
69
+ "delete",
70
+ "sync",
71
+ "resync",
72
+ "delete_sync",
73
+ "noop"
74
+ ]);
75
+ var permitPolicyBundleStatus = z.enum([
76
+ "draft",
77
+ "validated",
78
+ "enforced",
79
+ "archived"
80
+ ]);
81
+ var permitSyncStatus = z.enum([
82
+ "pending",
83
+ "synced",
84
+ "error",
85
+ "skipped"
86
+ ]);
87
+ var permitAccessReviewSubjectType = z.enum([
88
+ "principal",
89
+ "group",
90
+ "role_assignment",
91
+ "resource_instance"
92
+ ]);
93
+ var permitAttributeType = z.enum([
94
+ "string",
95
+ "number",
96
+ "bool",
97
+ "json",
98
+ "time"
99
+ ]);
100
+ var permitAttributeOperator = z.enum([
101
+ "eq",
102
+ "neq",
103
+ "in",
104
+ "not_in",
105
+ "gt",
106
+ "gte",
107
+ "lt",
108
+ "lte",
109
+ "contains",
110
+ "not_contains",
111
+ "matches"
112
+ ]);
113
+ var permitRoleBindingTarget = z.enum([
114
+ "principal",
115
+ "group"
116
+ ]);
117
+ var permitPrincipals = defineTable({
118
+ name: "permitPrincipals",
119
+ component: "control-plane",
120
+ category: "access-control",
121
+ shape: z.object({
122
+ principalId: z.string(),
123
+ tenantId: z.string(),
124
+ workspaceId: z.optional(z.string()),
125
+ principalType: permitActorType,
126
+ status: permitMembershipStatus,
127
+ displayName: z.string().optional(),
128
+ metadata: z.record(z.any()).optional(),
129
+ createdBy: z.string(),
130
+ createdAt: z.number(),
131
+ updatedAt: z.number(),
132
+ updatedBy: z.string().optional(),
133
+ lastSeenAt: z.number().optional()
134
+ }),
135
+ indices: [
136
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
137
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
138
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
139
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
140
+ {
141
+ kind: "index",
142
+ name: "by_tenant_principalType_status",
143
+ columns: ["tenantId", "principalType", "status"]
144
+ }
145
+ ]
146
+ });
147
+ var permitPrincipalAliases = defineTable({
148
+ name: "permitPrincipalAliases",
149
+ component: "control-plane",
150
+ category: "access-control",
151
+ shape: z.object({
152
+ principalId: z.string(),
153
+ tenantId: z.string(),
154
+ workspaceId: z.optional(z.string()),
155
+ provider: z.string(),
156
+ providerSubjectId: z.string(),
157
+ providerProjectId: z.string().optional(),
158
+ alias: z.string(),
159
+ aliasKind: z.string(),
160
+ status: permitMembershipStatus,
161
+ metadata: z.record(z.any()).optional(),
162
+ createdBy: z.string(),
163
+ createdAt: z.number(),
164
+ updatedAt: z.number(),
165
+ revokedBy: z.string().optional(),
166
+ revokedAt: z.number().optional(),
167
+ updatedBy: z.string().optional()
168
+ }),
169
+ indices: [
170
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
171
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
172
+ {
173
+ kind: "index",
174
+ name: "by_tenant_provider_alias",
175
+ columns: ["tenantId", "provider", "alias"]
176
+ },
177
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
178
+ {
179
+ kind: "index",
180
+ name: "by_tenant_provider_status",
181
+ columns: ["tenantId", "provider", "status"]
182
+ }
183
+ ]
184
+ });
185
+ var permitGroups = defineTable({
186
+ name: "permitGroups",
187
+ component: "control-plane",
188
+ category: "access-control",
189
+ shape: z.object({
190
+ tenantId: z.string(),
191
+ workspaceId: z.optional(z.string()),
192
+ groupId: z.string(),
193
+ groupKey: z.string(),
194
+ groupName: z.string(),
195
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
196
+ status: permitMembershipStatus,
197
+ description: z.string().optional(),
198
+ metadata: z.record(z.any()).optional(),
199
+ createdBy: z.string(),
200
+ createdAt: z.number(),
201
+ updatedAt: z.number(),
202
+ updatedBy: z.string().optional()
203
+ }),
204
+ indices: [
205
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
206
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
207
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
208
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
209
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
210
+ ]
211
+ });
212
+ var permitGroupMemberships = defineTable({
213
+ name: "permitGroupMemberships",
214
+ component: "control-plane",
215
+ category: "access-control",
216
+ shape: z.object({
217
+ tenantId: z.string(),
218
+ workspaceId: z.optional(z.string()),
219
+ groupId: z.string(),
220
+ memberType: z.enum(["principal", "group"]),
221
+ memberId: z.string(),
222
+ principalId: z.string().optional(),
223
+ childGroupId: z.string().optional(),
224
+ status: permitMembershipStatus,
225
+ addedBy: z.string().optional(),
226
+ revokedBy: z.string().optional(),
227
+ expiresAt: z.number().optional(),
228
+ revocationReason: z.string().optional(),
229
+ metadata: z.record(z.any()).optional(),
230
+ createdAt: z.number(),
231
+ updatedAt: z.number(),
232
+ updatedBy: z.string().optional()
233
+ }),
234
+ indices: [
235
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
236
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
237
+ {
238
+ kind: "index",
239
+ name: "by_tenant_member_group",
240
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
241
+ },
242
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
243
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
244
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
245
+ {
246
+ kind: "index",
247
+ name: "by_workspace_principal",
248
+ columns: ["workspaceId", "principalId"]
249
+ }
250
+ ]
251
+ });
252
+ var permitResourceInstances = defineTable({
253
+ name: "permitResourceInstances",
254
+ component: "control-plane",
255
+ category: "access-control",
256
+ shape: z.object({
257
+ tenantId: z.string(),
258
+ workspaceId: z.optional(z.string()),
259
+ resourceType: z.string(),
260
+ resourceKey: z.string(),
261
+ resourceId: z.string(),
262
+ status: z.enum(["active", "deleted", "archived"]),
263
+ attributes: z.record(z.any()).optional(),
264
+ ownerPrincipalId: z.string().optional(),
265
+ metadata: z.record(z.any()).optional(),
266
+ createdBy: z.string(),
267
+ updatedBy: z.string().optional(),
268
+ createdAt: z.number(),
269
+ updatedAt: z.number()
270
+ }),
271
+ indices: [
272
+ {
273
+ kind: "index",
274
+ name: "by_tenant_resource_type",
275
+ columns: ["tenantId", "resourceType"]
276
+ },
277
+ {
278
+ kind: "index",
279
+ name: "by_tenant_resource_key",
280
+ columns: ["tenantId", "resourceType", "resourceKey"]
281
+ },
282
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
283
+ { kind: "index", name: "by_status", columns: ["status"] },
284
+ {
285
+ kind: "index",
286
+ name: "by_tenant_status",
287
+ columns: ["tenantId", "status"]
288
+ },
289
+ {
290
+ kind: "index",
291
+ name: "by_ownerPrincipalId",
292
+ columns: ["ownerPrincipalId"]
293
+ }
294
+ ]
295
+ });
296
+ var permitRoleAssignments = defineTable({
297
+ name: "permitRoleAssignments",
298
+ component: "control-plane",
299
+ category: "access-control",
300
+ shape: z.object({
301
+ tenantId: z.string(),
302
+ workspaceId: z.optional(z.string()),
303
+ role: z.string(),
304
+ targetType: permitRoleBindingTarget,
305
+ targetId: z.string(),
306
+ resourceType: z.string(),
307
+ resourceKey: z.string(),
308
+ resourceInstanceId: z.string().optional(),
309
+ status: permitMembershipStatus,
310
+ expiresAt: z.number().optional(),
311
+ attributes: z.record(z.any()).optional(),
312
+ grantedBy: z.string().optional(),
313
+ updatedBy: z.string().optional(),
314
+ revokedBy: z.string().optional(),
315
+ createdAt: z.number(),
316
+ updatedAt: z.number()
317
+ }),
318
+ indices: [
319
+ {
320
+ kind: "index",
321
+ name: "by_tenant_target",
322
+ columns: ["tenantId", "targetType", "targetId"]
323
+ },
324
+ {
325
+ kind: "index",
326
+ name: "by_tenant_resource",
327
+ columns: ["tenantId", "resourceType", "resourceKey"]
328
+ },
329
+ {
330
+ kind: "index",
331
+ name: "by_tenant_role",
332
+ columns: ["tenantId", "role", "status"]
333
+ },
334
+ { kind: "index", name: "by_status", columns: ["status"] },
335
+ {
336
+ kind: "index",
337
+ name: "by_workspace_resource",
338
+ columns: ["workspaceId", "resourceType", "resourceKey"]
339
+ }
340
+ ]
341
+ });
342
+ var permitRelationshipTuples = defineTable({
343
+ name: "permitRelationshipTuples",
344
+ component: "control-plane",
345
+ category: "access-control",
346
+ shape: z.object({
347
+ tenantId: z.string(),
348
+ workspaceId: z.optional(z.string()),
349
+ relation: z.string(),
350
+ subject: z.string(),
351
+ object: z.string(),
352
+ resourceType: z.string().optional(),
353
+ resourceKey: z.string().optional(),
354
+ status: permitRecordStatus,
355
+ attributes: z.record(z.any()).optional(),
356
+ createdBy: z.string(),
357
+ createdAt: z.number(),
358
+ updatedAt: z.number(),
359
+ lastSeenAt: z.number().optional(),
360
+ updatedBy: z.string().optional()
361
+ }),
362
+ indices: [
363
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
364
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
365
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
366
+ {
367
+ kind: "index",
368
+ name: "by_tenant_relation_subject",
369
+ columns: ["tenantId", "relation", "subject"]
370
+ },
371
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
372
+ ]
373
+ });
374
+ var permitAttributeBindings = defineTable({
375
+ name: "permitAttributeBindings",
376
+ component: "control-plane",
377
+ category: "access-control",
378
+ shape: z.object({
379
+ tenantId: z.string(),
380
+ workspaceId: z.optional(z.string()),
381
+ targetType: permitRoleBindingTarget,
382
+ targetId: z.string(),
383
+ attributeName: z.string(),
384
+ attributeType: permitAttributeType,
385
+ attributeOperator: permitAttributeOperator,
386
+ attributeValue: z.any(),
387
+ status: permitRecordStatus,
388
+ source: z.string().optional(),
389
+ sourceRef: z.string().optional(),
390
+ metadata: z.record(z.any()).optional(),
391
+ createdAt: z.number(),
392
+ updatedAt: z.number(),
393
+ createdBy: z.string(),
394
+ updatedBy: z.string().optional(),
395
+ expiresAt: z.number().optional()
396
+ }),
397
+ indices: [
398
+ {
399
+ kind: "index",
400
+ name: "by_tenant_target",
401
+ columns: ["tenantId", "targetType", "targetId"]
402
+ },
403
+ {
404
+ kind: "index",
405
+ name: "by_tenant_target_attribute",
406
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
407
+ },
408
+ {
409
+ kind: "index",
410
+ name: "by_tenant_name",
411
+ columns: ["tenantId", "attributeName"]
412
+ },
413
+ {
414
+ kind: "index",
415
+ name: "by_tenant_status",
416
+ columns: ["tenantId", "status"]
417
+ }
418
+ ]
419
+ });
420
+ var permitPolicyBundles = defineTable({
421
+ name: "permitPolicyBundles",
422
+ component: "control-plane",
423
+ category: "access-control",
424
+ shape: z.object({
425
+ tenantId: z.string(),
426
+ workspaceId: z.optional(z.string()),
427
+ bundleKey: z.string(),
428
+ version: z.number(),
429
+ status: permitPolicyBundleStatus,
430
+ policyHash: z.string().optional(),
431
+ policyPayload: z.record(z.any()),
432
+ metadata: z.record(z.any()).optional(),
433
+ createdBy: z.string(),
434
+ reviewedBy: z.string().optional(),
435
+ createdAt: z.number(),
436
+ updatedAt: z.number(),
437
+ retiredAt: z.number().optional()
438
+ }),
439
+ indices: [
440
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
441
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
442
+ {
443
+ kind: "index",
444
+ name: "by_tenant_bundleKey",
445
+ columns: ["tenantId", "bundleKey"]
446
+ },
447
+ {
448
+ kind: "index",
449
+ name: "by_tenant_bundle_version",
450
+ columns: ["tenantId", "bundleKey", "version"]
451
+ },
452
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
453
+ ]
454
+ });
455
+ var permitProjectionOutbox = defineTable({
456
+ name: "permitProjectionOutbox",
457
+ component: "control-plane",
458
+ category: "access-control",
459
+ shape: z.object({
460
+ syncKey: z.string(),
461
+ objectType: permitObjectType,
462
+ objectId: z.string(),
463
+ operation: permitOutboxOperation,
464
+ payload: z.record(z.any()),
465
+ status: permitRecordStatus,
466
+ attemptCount: z.number(),
467
+ nextAttemptAt: z.number().optional(),
468
+ lastError: z.string().optional(),
469
+ tenantId: z.string().optional(),
470
+ workspaceId: z.optional(z.string()),
471
+ principalId: z.string().optional(),
472
+ permitTenantKey: z.string().optional(),
473
+ permitResourceType: z.string().optional(),
474
+ permitResourceKey: z.string().optional(),
475
+ createdAt: z.number(),
476
+ updatedAt: z.number(),
477
+ lastHandledAt: z.number().optional()
478
+ }),
479
+ indices: [
480
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
481
+ { kind: "index", name: "by_status", columns: ["status"] },
482
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
483
+ {
484
+ kind: "index",
485
+ name: "by_tenant_status",
486
+ columns: ["tenantId", "status"]
487
+ },
488
+ {
489
+ kind: "index",
490
+ name: "by_objectType",
491
+ columns: ["objectType", "status"]
492
+ }
493
+ ]
494
+ });
495
+ var tenantPermitSyncStates = defineTable({
496
+ name: "tenantPermitSyncStates",
497
+ component: "control-plane",
498
+ category: "access-control",
499
+ shape: z.object({
500
+ syncKey: z.string(),
501
+ objectType: permitObjectType,
502
+ objectId: z.string(),
503
+ tenantId: z.string().optional(),
504
+ workspaceId: z.string().optional(),
505
+ principalId: z.string().optional(),
506
+ permitTenantKey: z.string().optional(),
507
+ permitResourceType: z.string().optional(),
508
+ permitResourceKey: z.string().optional(),
509
+ desiredPayload: z.record(z.any()),
510
+ lastAppliedPayloadHash: z.string().optional(),
511
+ status: permitSyncStatus,
512
+ attemptCount: z.number(),
513
+ lastError: z.string().optional(),
514
+ nextAttemptAt: z.number().optional(),
515
+ lastSyncedAt: z.number().optional(),
516
+ createdBy: z.string(),
517
+ updatedBy: z.string().optional(),
518
+ createdAt: z.number(),
519
+ updatedAt: z.number()
520
+ }),
521
+ indices: [
522
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
523
+ { kind: "index", name: "by_status", columns: ["status"] },
524
+ {
525
+ kind: "index",
526
+ name: "by_tenant_status",
527
+ columns: ["tenantId", "status"]
528
+ },
529
+ {
530
+ kind: "index",
531
+ name: "by_workspace_status",
532
+ columns: ["workspaceId", "status"]
533
+ },
534
+ {
535
+ kind: "index",
536
+ name: "by_principal_status",
537
+ columns: ["principalId", "status"]
538
+ }
539
+ ]
540
+ });
541
+ var permitPolicyDecisionReceipts = defineTable({
542
+ name: "permitPolicyDecisionReceipts",
543
+ component: "control-plane",
544
+ category: "access-control",
545
+ shape: z.object({
546
+ tenantId: z.string().optional(),
547
+ workspaceId: z.string().optional(),
548
+ principalId: z.string(),
549
+ subjectType: permitAccessReviewSubjectType.optional(),
550
+ subjectId: z.string().optional(),
551
+ resourceType: z.string(),
552
+ resourceId: z.string(),
553
+ action: z.string(),
554
+ decision: permitDecision,
555
+ reasonCode: z.string(),
556
+ policyBundleId: z.string().optional(),
557
+ policyVersion: z.string(),
558
+ traceId: z.string().optional(),
559
+ requestId: z.string().optional(),
560
+ audienceMode: z.string().optional(),
561
+ audienceKey: z.string().optional(),
562
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
563
+ metadata: z.record(z.any()).optional(),
564
+ createdAt: z.number(),
565
+ expiresAt: z.number().optional(),
566
+ createdBy: z.string().optional()
567
+ }),
568
+ indices: [
569
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
570
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
571
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
572
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
573
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
574
+ { kind: "index", name: "by_action", columns: ["action"] }
575
+ ]
576
+ });
577
+ var permitAccessReviews = defineTable({
578
+ name: "permitAccessReviews",
579
+ component: "control-plane",
580
+ category: "access-control",
581
+ shape: z.object({
582
+ tenantId: z.string(),
583
+ workspaceId: z.optional(z.string()),
584
+ reviewKey: z.string(),
585
+ scope: permitReviewScope,
586
+ status: permitAccessReviewStatus,
587
+ subjectType: permitAccessReviewSubjectType,
588
+ subjectId: z.string(),
589
+ resourceType: z.string().optional(),
590
+ resourceKey: z.string().optional(),
591
+ outcome: z.enum(["allow", "deny"]).optional(),
592
+ requestedBy: z.string(),
593
+ reviewedBy: z.string().optional(),
594
+ requestedAt: z.number(),
595
+ reviewedAt: z.number().optional(),
596
+ dueAt: z.number().optional(),
597
+ justification: z.string().optional(),
598
+ rationale: z.string().optional(),
599
+ policyBundleId: z.string().optional(),
600
+ metadata: z.record(z.any()).optional(),
601
+ createdAt: z.number(),
602
+ updatedAt: z.number()
603
+ }),
604
+ indices: [
605
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
606
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
607
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
608
+ {
609
+ kind: "index",
610
+ name: "by_tenant_subject",
611
+ columns: ["tenantId", "subjectType", "subjectId"]
612
+ },
613
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
614
+ {
615
+ kind: "index",
616
+ name: "by_workspace_status",
617
+ columns: ["workspaceId", "status"]
618
+ }
619
+ ]
620
+ });
621
+ var permitAccessReviewItems = defineTable({
622
+ name: "permitAccessReviewItems",
623
+ component: "control-plane",
624
+ category: "access-control",
625
+ shape: z.object({
626
+ reviewKey: z.string(),
627
+ itemKey: z.string(),
628
+ tenantId: z.string(),
629
+ workspaceId: z.string().optional(),
630
+ subjectType: permitAccessReviewSubjectType,
631
+ subjectId: z.string(),
632
+ resourceType: z.string().optional(),
633
+ resourceKey: z.string().optional(),
634
+ role: z.string().optional(),
635
+ relation: z.string().optional(),
636
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
637
+ reviewerId: z.string().optional(),
638
+ decisionAt: z.number().optional(),
639
+ rationale: z.string().optional(),
640
+ metadata: z.record(z.any()).optional(),
641
+ createdAt: z.number(),
642
+ updatedAt: z.number()
643
+ }),
644
+ indices: [
645
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
646
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
647
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
648
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
649
+ { kind: "index", name: "by_status", columns: ["status"] }
650
+ ]
651
+ });
652
+
653
+ export { permitAccessReviewItems, permitAccessReviews, permitAttributeBindings, permitGroupMemberships, permitGroups, permitPolicyBundles, permitPolicyDecisionReceipts, permitPrincipalAliases, permitPrincipals, permitProjectionOutbox, permitRelationshipTuples, permitResourceInstances, permitRoleAssignments, tenantPermitSyncStates };
654
+ //# sourceMappingURL=accessControl.js.map
655
+ //# sourceMappingURL=accessControl.js.map