@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/CHANGELOG.md +0 -7
  2. package/dist/api-enums.contract.d.ts +3 -5
  3. package/dist/api-enums.contract.js +12 -14
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +1 -13
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +1 -13
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +1 -13
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/context-pack.contract.d.ts +3 -5
  13. package/dist/context-pack.contract.js.map +1 -1
  14. package/dist/{defineTable-t1wr5wgn.d.ts → defineTable-CBQ03FXl.d.ts} +1 -1
  15. package/dist/{dsl-DVPthQGY.d.ts → dsl-BgpoVOVQ.d.ts} +2 -2
  16. package/dist/dsl.d.ts +2 -2
  17. package/dist/dsl.js +4 -1
  18. package/dist/dsl.js.map +1 -1
  19. package/dist/function-registry/beliefs.d.ts +51 -64
  20. package/dist/function-registry/beliefs.js +55 -815
  21. package/dist/function-registry/beliefs.js.map +1 -1
  22. package/dist/function-registry/coding.d.ts +6 -15
  23. package/dist/function-registry/coding.js +41 -864
  24. package/dist/function-registry/coding.js.map +1 -1
  25. package/dist/function-registry/context.d.ts +16 -22
  26. package/dist/function-registry/context.js +44 -803
  27. package/dist/function-registry/context.js.map +1 -1
  28. package/dist/function-registry/contracts.d.ts +3 -9
  29. package/dist/function-registry/contracts.js +37 -768
  30. package/dist/function-registry/contracts.js.map +1 -1
  31. package/dist/function-registry/coordination.d.ts +9 -21
  32. package/dist/function-registry/coordination.js +37 -768
  33. package/dist/function-registry/coordination.js.map +1 -1
  34. package/dist/function-registry/edges.d.ts +2 -167
  35. package/dist/function-registry/edges.js +69 -976
  36. package/dist/function-registry/edges.js.map +1 -1
  37. package/dist/function-registry/evidence.d.ts +41 -52
  38. package/dist/function-registry/evidence.js +60 -824
  39. package/dist/function-registry/evidence.js.map +1 -1
  40. package/dist/function-registry/graph.d.ts +66 -162
  41. package/dist/function-registry/graph.js +44 -884
  42. package/dist/function-registry/graph.js.map +1 -1
  43. package/dist/function-registry/helpers.d.ts +4 -7
  44. package/dist/function-registry/helpers.js +38 -769
  45. package/dist/function-registry/helpers.js.map +1 -1
  46. package/dist/function-registry/identity.d.ts +16 -62
  47. package/dist/function-registry/identity.js +43 -791
  48. package/dist/function-registry/identity.js.map +1 -1
  49. package/dist/function-registry/index.d.ts +3 -5
  50. package/dist/function-registry/index.js +41 -775
  51. package/dist/function-registry/index.js.map +1 -1
  52. package/dist/function-registry/judgments.d.ts +11 -16
  53. package/dist/function-registry/judgments.js +40 -780
  54. package/dist/function-registry/judgments.js.map +1 -1
  55. package/dist/function-registry/legacy.d.ts +1 -5
  56. package/dist/function-registry/legacy.js +37 -768
  57. package/dist/function-registry/legacy.js.map +1 -1
  58. package/dist/function-registry/lenses.d.ts +21 -28
  59. package/dist/function-registry/lenses.js +40 -791
  60. package/dist/function-registry/lenses.js.map +1 -1
  61. package/dist/function-registry/manifest.d.ts +6 -6
  62. package/dist/function-registry/manifest.js +2 -19
  63. package/dist/function-registry/manifest.js.map +1 -1
  64. package/dist/function-registry/ontologies.d.ts +56 -70
  65. package/dist/function-registry/ontologies.js +43 -786
  66. package/dist/function-registry/ontologies.js.map +1 -1
  67. package/dist/function-registry/pipeline.d.ts +16 -22
  68. package/dist/function-registry/pipeline.js +40 -777
  69. package/dist/function-registry/pipeline.js.map +1 -1
  70. package/dist/function-registry/questions.d.ts +61 -76
  71. package/dist/function-registry/questions.js +50 -867
  72. package/dist/function-registry/questions.js.map +1 -1
  73. package/dist/function-registry/tasks.d.ts +21 -28
  74. package/dist/function-registry/tasks.js +46 -843
  75. package/dist/function-registry/tasks.js.map +1 -1
  76. package/dist/function-registry/topics.d.ts +26 -114
  77. package/dist/function-registry/topics.js +41 -850
  78. package/dist/function-registry/topics.js.map +1 -1
  79. package/dist/function-registry/types.d.ts +3 -7
  80. package/dist/function-registry/worktrees.d.ts +51 -104
  81. package/dist/function-registry/worktrees.js +49 -907
  82. package/dist/function-registry/worktrees.js.map +1 -1
  83. package/dist/gateway.contract.d.ts +0 -5
  84. package/dist/gateway.contract.js.map +1 -1
  85. package/dist/generated/convexSchemas.d.ts +3 -3
  86. package/dist/generated/convexSchemas.js +18 -39
  87. package/dist/generated/convexSchemas.js.map +1 -1
  88. package/dist/generated/schema-manifest.json +98 -1244
  89. package/dist/generated/tableOwnership.d.ts +28 -49
  90. package/dist/generated/tableOwnership.js +26 -68
  91. package/dist/generated/tableOwnership.js.map +1 -1
  92. package/dist/generated/tier-expectations.json +9 -66
  93. package/dist/graph-types/index.d.ts +1 -5
  94. package/dist/graph-types/index.js +4 -15
  95. package/dist/graph-types/index.js.map +1 -1
  96. package/dist/index-CV-0_VWJ.d.ts +25 -0
  97. package/dist/index.d.ts +414 -30
  98. package/dist/index.js +339 -34916
  99. package/dist/index.js.map +1 -1
  100. package/dist/lens-filter.contract.js +3 -4
  101. package/dist/lens-filter.contract.js.map +1 -1
  102. package/dist/lens-workflow.contract.js +3 -4
  103. package/dist/lens-workflow.contract.js.map +1 -1
  104. package/dist/schema-helpers/enumValidation.js +5 -2
  105. package/dist/schema-helpers/enumValidation.js.map +1 -1
  106. package/dist/schema-helpers/spine/nodes/decision.js +1 -2
  107. package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
  108. package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
  109. package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
  110. package/dist/schemas/component-table-manifest.d.ts +6 -6
  111. package/dist/schemas/component-table-manifest.js +2 -2
  112. package/dist/schemas/component-table-manifest.js.map +1 -1
  113. package/dist/schemas/enums.d.ts +2 -5
  114. package/dist/schemas/enums.js +2 -5
  115. package/dist/schemas/enums.js.map +1 -1
  116. package/dist/schemas/index.d.ts +3 -3
  117. package/dist/schemas/index.js +139 -1165
  118. package/dist/schemas/index.js.map +1 -1
  119. package/dist/schemas/manifest.d.ts +932 -3042
  120. package/dist/schemas/manifest.js +137 -1163
  121. package/dist/schemas/manifest.js.map +1 -1
  122. package/dist/schemas/sl-opinion.d.ts +4 -4
  123. package/dist/schemas/tables/{controlPlane → identity}/agent.d.ts +1 -1
  124. package/dist/schemas/tables/{controlPlane → identity}/agent.js +3 -3
  125. package/dist/schemas/tables/identity/agent.js.map +1 -0
  126. package/dist/schemas/tables/{controlPlane → identity}/epistemic.d.ts +1 -1
  127. package/dist/schemas/tables/{controlPlane → identity}/epistemic.js +3 -3
  128. package/dist/schemas/tables/identity/epistemic.js.map +1 -0
  129. package/dist/schemas/tables/{controlPlane → identity}/model.d.ts +1 -1
  130. package/dist/schemas/tables/{controlPlane → identity}/model.js +6 -6
  131. package/dist/schemas/tables/identity/model.js.map +1 -0
  132. package/dist/schemas/tables/{controlPlane → identity}/platform.d.ts +11 -11
  133. package/dist/schemas/tables/{controlPlane → identity}/platform.js +18 -18
  134. package/dist/schemas/tables/identity/platform.js.map +1 -0
  135. package/dist/schemas/tables/{controlPlane → identity}/project.d.ts +1 -1
  136. package/dist/schemas/tables/{controlPlane → identity}/project.js +3 -3
  137. package/dist/schemas/tables/identity/project.js.map +1 -0
  138. package/dist/schemas/tables/{controlPlane → identity}/user.d.ts +1 -1
  139. package/dist/schemas/tables/{controlPlane → identity}/user.js +3 -3
  140. package/dist/schemas/tables/identity/user.js.map +1 -0
  141. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  142. package/dist/schemas/tables/kernel/config.js.map +1 -1
  143. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  144. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  145. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  146. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  147. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  148. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  149. package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
  150. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  151. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  152. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  153. package/dist/schemas/tables/kernel/infra.d.ts +5 -5
  154. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  155. package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
  156. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  157. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  158. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  159. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  160. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  161. package/dist/schemas/tables/kernel/platform.d.ts +13 -13
  162. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  163. package/dist/schemas/tables/kernel/spine.d.ts +4 -5
  164. package/dist/schemas/tables/kernel/spine.js +2 -6
  165. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  166. package/dist/schemas/tables/kernel/task.d.ts +43 -43
  167. package/dist/schemas/tables/kernel/task.js.map +1 -1
  168. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/topic.js +1 -5
  170. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  173. package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
  174. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  175. package/dist/schemas/tables/mc/identity.d.ts +4 -44
  176. package/dist/schemas/tables/mc/identity.js +1 -66
  177. package/dist/schemas/tables/mc/identity.js.map +1 -1
  178. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  179. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  180. package/dist/schemas/tables/mc/pack.d.ts +21 -21
  181. package/dist/schemas/tables/mc/pack.js.map +1 -1
  182. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  183. package/dist/schemas/tables/mc/policy.js +1 -1
  184. package/dist/schemas/tables/mc/policy.js.map +1 -1
  185. package/dist/schemas/tables/mc/registry.d.ts +5 -5
  186. package/dist/schemas/tables/mc/registry.js.map +1 -1
  187. package/dist/schemas/tables/mc/runtime.d.ts +3 -109
  188. package/dist/schemas/tables/mc/runtime.js +104 -330
  189. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  190. package/dist/schemas/tables/mc/tenant.d.ts +2 -4
  191. package/dist/schemas/tables/mc/tenant.js +1 -3
  192. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  193. package/dist/schemas/tables/mc/workspace.d.ts +5 -28
  194. package/dist/schemas/tables/mc/workspace.js +2 -36
  195. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  196. package/dist/sdk-methods.contract.d.ts +2 -2
  197. package/dist/{sdk-tools.contract-CKmSsrZ2.d.ts → sdk-tools.contract-S4ia0TTo.d.ts} +2 -2
  198. package/dist/sdk-tools.contract.d.ts +2 -2
  199. package/dist/sdk-tools.contract.js +25 -717
  200. package/dist/sdk-tools.contract.js.map +1 -1
  201. package/dist/{tool-contracts-C_xvM9q2.d.ts → tool-contracts-C92-9ueT.d.ts} +2 -38
  202. package/dist/tool-contracts.d.ts +1 -1
  203. package/dist/tool-contracts.js +26 -718
  204. package/dist/tool-contracts.js.map +1 -1
  205. package/package.json +1 -30
  206. package/dist/component-boundary.contract.d.ts +0 -14
  207. package/dist/component-boundary.contract.js +0 -175
  208. package/dist/component-boundary.contract.js.map +0 -1
  209. package/dist/component-host-boundary.contract.d.ts +0 -46
  210. package/dist/component-host-boundary.contract.js +0 -60
  211. package/dist/component-host-boundary.contract.js.map +0 -1
  212. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +0 -133
  213. package/dist/function-registry/nodes.d.ts +0 -412
  214. package/dist/function-registry/nodes.js +0 -5354
  215. package/dist/function-registry/nodes.js.map +0 -1
  216. package/dist/function-registry-input-audit.d.ts +0 -13
  217. package/dist/function-registry-input-audit.js +0 -166
  218. package/dist/function-registry-input-audit.js.map +0 -1
  219. package/dist/generated/infisicalRuntimeEnv.d.ts +0 -70
  220. package/dist/generated/infisicalRuntimeEnv.js +0 -27051
  221. package/dist/generated/infisicalRuntimeEnv.js.map +0 -1
  222. package/dist/generated/lucernGatewayEnv.d.ts +0 -17
  223. package/dist/generated/lucernGatewayEnv.js +0 -38
  224. package/dist/generated/lucernGatewayEnv.js.map +0 -1
  225. package/dist/generated/lucernWebPublicEnv.d.ts +0 -26
  226. package/dist/generated/lucernWebPublicEnv.js +0 -32
  227. package/dist/generated/lucernWebPublicEnv.js.map +0 -1
  228. package/dist/generated/lucernWebServerEnv.d.ts +0 -33
  229. package/dist/generated/lucernWebServerEnv.js +0 -51
  230. package/dist/generated/lucernWebServerEnv.js.map +0 -1
  231. package/dist/graph-intelligence.contract.d.ts +0 -506
  232. package/dist/graph-intelligence.contract.js +0 -595
  233. package/dist/graph-intelligence.contract.js.map +0 -1
  234. package/dist/index-CM1Pl_vI.d.ts +0 -28
  235. package/dist/infisical-runtime.contract.d.ts +0 -1851
  236. package/dist/infisical-runtime.contract.js +0 -3189
  237. package/dist/infisical-runtime.contract.js.map +0 -1
  238. package/dist/manifests/edge-policy-manifest.d.ts +0 -2
  239. package/dist/manifests/edge-policy-manifest.data.d.ts +0 -13
  240. package/dist/manifests/edge-policy-manifest.data.js +0 -26
  241. package/dist/manifests/edge-policy-manifest.data.js.map +0 -1
  242. package/dist/manifests/edge-policy-manifest.js +0 -92
  243. package/dist/manifests/edge-policy-manifest.js.map +0 -1
  244. package/dist/manifests/infisical-runtime-manifest.d.ts +0 -1754
  245. package/dist/manifests/infisical-runtime-manifest.js +0 -3044
  246. package/dist/manifests/infisical-runtime-manifest.js.map +0 -1
  247. package/dist/manifests/invariant-manifest.d.ts +0 -65
  248. package/dist/manifests/invariant-manifest.js +0 -18
  249. package/dist/manifests/invariant-manifest.js.map +0 -1
  250. package/dist/manifests/invariants/ast-utils.d.ts +0 -14
  251. package/dist/manifests/invariants/ast-utils.js +0 -54
  252. package/dist/manifests/invariants/ast-utils.js.map +0 -1
  253. package/dist/manifests/invariants/index.d.ts +0 -15
  254. package/dist/manifests/invariants/index.js +0 -183
  255. package/dist/manifests/invariants/index.js.map +0 -1
  256. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +0 -12
  257. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +0 -94
  258. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +0 -1
  259. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +0 -12
  260. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +0 -99
  261. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +0 -1
  262. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +0 -12
  263. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +0 -42
  264. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +0 -1
  265. package/dist/manifests/tenant-client-manifest.d.ts +0 -327
  266. package/dist/manifests/tenant-client-manifest.js +0 -449
  267. package/dist/manifests/tenant-client-manifest.js.map +0 -1
  268. package/dist/mcp-gateway-boundary.contract.d.ts +0 -201
  269. package/dist/mcp-gateway-boundary.contract.js +0 -45
  270. package/dist/mcp-gateway-boundary.contract.js.map +0 -1
  271. package/dist/permit-principal-projection.contract.d.ts +0 -74
  272. package/dist/permit-principal-projection.contract.js +0 -160
  273. package/dist/permit-principal-projection.contract.js.map +0 -1
  274. package/dist/projections/check-convex-args-shape.d.ts +0 -3
  275. package/dist/projections/check-convex-args-shape.js +0 -403
  276. package/dist/projections/check-convex-args-shape.js.map +0 -1
  277. package/dist/projections/create-evidence.projection.d.ts +0 -176
  278. package/dist/projections/create-evidence.projection.js +0 -130
  279. package/dist/projections/create-evidence.projection.js.map +0 -1
  280. package/dist/projections/index.d.ts +0 -102
  281. package/dist/projections/index.js +0 -352
  282. package/dist/projections/index.js.map +0 -1
  283. package/dist/projections/list-beliefs.projection.d.ts +0 -36
  284. package/dist/projections/list-beliefs.projection.js +0 -54
  285. package/dist/projections/list-beliefs.projection.js.map +0 -1
  286. package/dist/projections/list-tasks.projection.d.ts +0 -44
  287. package/dist/projections/list-tasks.projection.js +0 -57
  288. package/dist/projections/list-tasks.projection.js.map +0 -1
  289. package/dist/projections/modulate-confidence.projection.d.ts +0 -219
  290. package/dist/projections/modulate-confidence.projection.js +0 -148
  291. package/dist/projections/modulate-confidence.projection.js.map +0 -1
  292. package/dist/projections/projection-dsl.d.ts +0 -11
  293. package/dist/projections/projection-dsl.js +0 -8
  294. package/dist/projections/projection-dsl.js.map +0 -1
  295. package/dist/proof-attestation.json +0 -45
  296. package/dist/schemas/tables/controlPlane/accessControl.d.ts +0 -260
  297. package/dist/schemas/tables/controlPlane/accessControl.js +0 -658
  298. package/dist/schemas/tables/controlPlane/accessControl.js.map +0 -1
  299. package/dist/schemas/tables/controlPlane/agent.js.map +0 -1
  300. package/dist/schemas/tables/controlPlane/epistemic.js.map +0 -1
  301. package/dist/schemas/tables/controlPlane/model.js.map +0 -1
  302. package/dist/schemas/tables/controlPlane/platform.js.map +0 -1
  303. package/dist/schemas/tables/controlPlane/project.js.map +0 -1
  304. package/dist/schemas/tables/controlPlane/user.js.map +0 -1
  305. package/dist/schemas/tables/kernel/events.d.ts +0 -21
  306. package/dist/schemas/tables/kernel/events.js +0 -43
  307. package/dist/schemas/tables/kernel/events.js.map +0 -1
  308. package/dist/tenant-bootstrap-seed.contract.d.ts +0 -1289
  309. package/dist/tenant-bootstrap-seed.contract.js +0 -764
  310. package/dist/tenant-bootstrap-seed.contract.js.map +0 -1
  311. package/dist/tenant-bootstrap-seed.defaults.d.ts +0 -16
  312. package/dist/tenant-bootstrap-seed.defaults.js +0 -321
  313. package/dist/tenant-bootstrap-seed.defaults.js.map +0 -1
  314. package/dist/tenant-client.contract.d.ts +0 -354
  315. package/dist/tenant-client.contract.js +0 -505
  316. package/dist/tenant-client.contract.js.map +0 -1
@@ -1,1289 +0,0 @@
1
- /**
2
- * Tenant bootstrap seed contract.
3
- *
4
- * Fresh tenant deployments install the Lucern kernel and control-plane components
5
- * from npm, then copy canonical template rows for non-secret runtime defaults.
6
- * This contract is intentionally exhaustive for the K/CP tables: it separates
7
- * rows that must be carried by the template deployments from rows that are
8
- * runtime data, runtime credentials, logs, queues, or derived caches.
9
- */
10
- declare const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION: "2026-04-30";
11
- declare const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS: readonly ["tenantId", "workspaceId", "principalId", "role", "authMode", "correlationId", "auditMetadata"];
12
- type TenantBootstrapSeedAuthMetadataField = (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];
13
- declare const TENANT_BOOTSTRAP_SEED_COMPONENTS: {
14
- readonly kernel: {
15
- readonly componentName: "lucern";
16
- readonly migrationModule: "adapters/migration";
17
- readonly templateMigrationModule: "dist/adapters/migration";
18
- readonly tenantMigrationModule: "adapters/migration";
19
- readonly templateService: "services/kernel-template";
20
- readonly templateDeployments: {
21
- readonly staging: "kindly-goldfish-162";
22
- readonly prod: "cool-badger-368";
23
- };
24
- };
25
- readonly "control-plane": {
26
- readonly componentName: "controlPlane";
27
- readonly migrationModule: "migration";
28
- readonly templateMigrationModule: "dist/migration";
29
- readonly tenantMigrationModule: "migration";
30
- readonly templateService: "services/control-plane-template";
31
- readonly templateDeployments: {
32
- readonly staging: "industrious-cheetah-864";
33
- readonly prod: "combative-beagle-879";
34
- };
35
- };
36
- };
37
- type TenantBootstrapSeedComponent = keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;
38
- type TenantBootstrapSeedScope = "global" | "tenant";
39
- type TenantBootstrapPrepopulation = "required_template" | "optional_template" | "runtime_bootstrap" | "runtime_data" | "runtime_log" | "runtime_secret" | "runtime_derived" | "runtime_queue";
40
- type TenantBootstrapCopyMode = "template_global" | "template_tenant_rewrite" | "template_reference_remap" | "none";
41
- type TenantBootstrapTableRequirement = {
42
- component: TenantBootstrapSeedComponent;
43
- table: string;
44
- prepopulation: TenantBootstrapPrepopulation;
45
- copyMode: TenantBootstrapCopyMode;
46
- scope?: TenantBootstrapSeedScope;
47
- uniqueKey?: readonly string[];
48
- dependsOn?: readonly string[];
49
- description: string;
50
- };
51
- type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {
52
- copyMode: "template_global" | "template_tenant_rewrite" | "template_reference_remap";
53
- scope: TenantBootstrapSeedScope;
54
- uniqueKey: readonly string[];
55
- };
56
- declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
57
- readonly component: "kernel";
58
- readonly table: "agentMessages";
59
- readonly prepopulation: "runtime_data";
60
- readonly copyMode: "none";
61
- readonly description: "Agent coordination messages are session data, not template data.";
62
- }, {
63
- readonly component: "kernel";
64
- readonly table: "agentSessions";
65
- readonly prepopulation: "runtime_data";
66
- readonly copyMode: "none";
67
- readonly description: "Agent coordination sessions are created by active clients.";
68
- }, {
69
- readonly component: "kernel";
70
- readonly table: "autofixJobs";
71
- readonly prepopulation: "runtime_queue";
72
- readonly copyMode: "none";
73
- readonly description: "Autofix work items are runtime queue rows.";
74
- }, {
75
- readonly component: "kernel";
76
- readonly table: "backgroundJobRuns";
77
- readonly prepopulation: "runtime_log";
78
- readonly copyMode: "none";
79
- readonly description: "Background job executions are runtime logs.";
80
- }, {
81
- readonly component: "kernel";
82
- readonly table: "backgroundJobSettings";
83
- readonly prepopulation: "required_template";
84
- readonly copyMode: "template_global";
85
- readonly scope: "global";
86
- readonly uniqueKey: readonly ["jobKey"];
87
- readonly description: "Default job enablement settings must come from the K template.";
88
- }, {
89
- readonly component: "kernel";
90
- readonly table: "beliefConfidence";
91
- readonly prepopulation: "runtime_data";
92
- readonly copyMode: "none";
93
- readonly description: "Belief confidence rows are created with tenant graph facts.";
94
- }, {
95
- readonly component: "kernel";
96
- readonly table: "beliefEvidenceLinks";
97
- readonly prepopulation: "runtime_data";
98
- readonly copyMode: "none";
99
- readonly description: "Belief-to-evidence links are tenant graph data.";
100
- }, {
101
- readonly component: "kernel";
102
- readonly table: "beliefHistory";
103
- readonly prepopulation: "runtime_data";
104
- readonly copyMode: "none";
105
- readonly description: "Belief history is append-only tenant graph data.";
106
- }, {
107
- readonly component: "kernel";
108
- readonly table: "beliefScenarios";
109
- readonly prepopulation: "runtime_data";
110
- readonly copyMode: "none";
111
- readonly description: "Scenario rows are tenant-authored reasoning data.";
112
- }, {
113
- readonly component: "kernel";
114
- readonly table: "beliefVotes";
115
- readonly prepopulation: "runtime_data";
116
- readonly copyMode: "none";
117
- readonly description: "Decision belief votes are tenant-authored data.";
118
- }, {
119
- readonly component: "kernel";
120
- readonly table: "calibrationScores";
121
- readonly prepopulation: "runtime_derived";
122
- readonly copyMode: "none";
123
- readonly description: "Calibration scores are computed from tenant outcomes.";
124
- }, {
125
- readonly component: "kernel";
126
- readonly table: "contractEvaluations";
127
- readonly prepopulation: "runtime_log";
128
- readonly copyMode: "none";
129
- readonly description: "Contract evaluation rows are runtime computation logs.";
130
- }, {
131
- readonly component: "kernel";
132
- readonly table: "contradictions";
133
- readonly prepopulation: "runtime_data";
134
- readonly copyMode: "none";
135
- readonly description: "Contradictions are tenant graph facts.";
136
- }, {
137
- readonly component: "kernel";
138
- readonly table: "crossProjectConnections";
139
- readonly prepopulation: "runtime_data";
140
- readonly copyMode: "none";
141
- readonly description: "Cross-topic connections are tenant graph facts.";
142
- }, {
143
- readonly component: "kernel";
144
- readonly table: "decisionComputedSummaries";
145
- readonly prepopulation: "runtime_derived";
146
- readonly copyMode: "none";
147
- readonly description: "Decision summaries are derived tenant outputs.";
148
- }, {
149
- readonly component: "kernel";
150
- readonly table: "decisionEvents";
151
- readonly prepopulation: "runtime_data";
152
- readonly copyMode: "none";
153
- readonly description: "Decision events are lifecycle data.";
154
- }, {
155
- readonly component: "kernel";
156
- readonly table: "decisionParticipants";
157
- readonly prepopulation: "runtime_data";
158
- readonly copyMode: "none";
159
- readonly description: "Decision participants are tenant-selected actors.";
160
- }, {
161
- readonly component: "kernel";
162
- readonly table: "decisionRiskLedger";
163
- readonly prepopulation: "runtime_data";
164
- readonly copyMode: "none";
165
- readonly description: "Decision risk rows are tenant decision data.";
166
- }, {
167
- readonly component: "kernel";
168
- readonly table: "decisionSnapshots";
169
- readonly prepopulation: "runtime_derived";
170
- readonly copyMode: "none";
171
- readonly description: "Decision snapshots are derived from tenant state.";
172
- }, {
173
- readonly component: "kernel";
174
- readonly table: "deliberationContributions";
175
- readonly prepopulation: "runtime_data";
176
- readonly copyMode: "none";
177
- readonly description: "Deliberation contributions are tenant-authored data.";
178
- }, {
179
- readonly component: "kernel";
180
- readonly table: "deliberationSessions";
181
- readonly prepopulation: "runtime_data";
182
- readonly copyMode: "none";
183
- readonly description: "Deliberation sessions are created by tenant workflows.";
184
- }, {
185
- readonly component: "kernel";
186
- readonly table: "domainEvents";
187
- readonly prepopulation: "runtime_log";
188
- readonly copyMode: "none";
189
- readonly description: "Domain event rows are append-only runtime audit/exhaust data.";
190
- }, {
191
- readonly component: "kernel";
192
- readonly table: "epistemicAudit";
193
- readonly prepopulation: "runtime_log";
194
- readonly copyMode: "none";
195
- readonly description: "Epistemic audit rows are append-only runtime audit data.";
196
- }, {
197
- readonly component: "kernel";
198
- readonly table: "epistemicContracts";
199
- readonly prepopulation: "runtime_data";
200
- readonly copyMode: "none";
201
- readonly description: "Epistemic contracts are tenant-authored governance data.";
202
- }, {
203
- readonly component: "kernel";
204
- readonly table: "epistemicEdges";
205
- readonly prepopulation: "runtime_data";
206
- readonly copyMode: "none";
207
- readonly description: "Edges are tenant reasoning graph data.";
208
- }, {
209
- readonly component: "kernel";
210
- readonly table: "epistemicNodeEmbeddings";
211
- readonly prepopulation: "runtime_derived";
212
- readonly copyMode: "none";
213
- readonly description: "Embeddings are derived from tenant graph nodes.";
214
- }, {
215
- readonly component: "kernel";
216
- readonly table: "epistemicNodes";
217
- readonly prepopulation: "runtime_data";
218
- readonly copyMode: "none";
219
- readonly description: "Nodes are tenant reasoning graph data.";
220
- }, {
221
- readonly component: "kernel";
222
- readonly table: "graphAnalysisCache";
223
- readonly prepopulation: "runtime_derived";
224
- readonly copyMode: "none";
225
- readonly description: "Graph analysis cache rows are derived from tenant graph state.";
226
- }, {
227
- readonly component: "kernel";
228
- readonly table: "graphAnalysisResults";
229
- readonly prepopulation: "runtime_derived";
230
- readonly copyMode: "none";
231
- readonly description: "Graph analysis result rows are derived tenant outputs.";
232
- }, {
233
- readonly component: "kernel";
234
- readonly table: "graphSuggestions";
235
- readonly prepopulation: "runtime_derived";
236
- readonly copyMode: "none";
237
- readonly description: "Graph suggestions are derived recommendations.";
238
- }, {
239
- readonly component: "kernel";
240
- readonly table: "harnessReplays";
241
- readonly prepopulation: "runtime_log";
242
- readonly copyMode: "none";
243
- readonly description: "Harness replay rows are runtime verification logs.";
244
- }, {
245
- readonly component: "kernel";
246
- readonly table: "harnessRuns";
247
- readonly prepopulation: "runtime_log";
248
- readonly copyMode: "none";
249
- readonly description: "Harness run rows are runtime verification logs.";
250
- }, {
251
- readonly component: "kernel";
252
- readonly table: "idempotencyTokens";
253
- readonly prepopulation: "runtime_log";
254
- readonly copyMode: "none";
255
- readonly description: "Idempotency tokens are request-scoped runtime guards.";
256
- }, {
257
- readonly component: "kernel";
258
- readonly table: "lenses";
259
- readonly prepopulation: "optional_template";
260
- readonly copyMode: "none";
261
- readonly description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.";
262
- }, {
263
- readonly component: "kernel";
264
- readonly table: "lensTopicBindings";
265
- readonly prepopulation: "runtime_data";
266
- readonly copyMode: "none";
267
- readonly description: "Lens bindings attach runtime topics to runtime/workspace lenses.";
268
- }, {
269
- readonly component: "kernel";
270
- readonly table: "neo4jSyncQueue";
271
- readonly prepopulation: "runtime_queue";
272
- readonly copyMode: "none";
273
- readonly description: "Neo4j sync queue rows are runtime work items.";
274
- }, {
275
- readonly component: "kernel";
276
- readonly table: "ontologyDefinitions";
277
- readonly prepopulation: "required_template";
278
- readonly copyMode: "template_global";
279
- readonly scope: "global";
280
- readonly uniqueKey: readonly ["ontologyKey"];
281
- readonly description: "Platform ontology definitions power taxonomy reads and effective ontology resolution.";
282
- }, {
283
- readonly component: "kernel";
284
- readonly table: "ontologyVersions";
285
- readonly prepopulation: "required_template";
286
- readonly copyMode: "template_reference_remap";
287
- readonly scope: "global";
288
- readonly uniqueKey: readonly ["ontologyKey", "version"];
289
- readonly dependsOn: readonly ["ontologyDefinitions"];
290
- readonly description: "Ontology versions must be copied with ontologyDefinition ID remapping.";
291
- }, {
292
- readonly component: "kernel";
293
- readonly table: "platformAgentRunPolicyDecisions";
294
- readonly prepopulation: "runtime_log";
295
- readonly copyMode: "none";
296
- readonly description: "Agent-run policy decisions are audit logs.";
297
- }, {
298
- readonly component: "kernel";
299
- readonly table: "platformAgentRunPromptResolutions";
300
- readonly prepopulation: "runtime_log";
301
- readonly copyMode: "none";
302
- readonly description: "Agent-run prompt resolution rows are runtime logs.";
303
- }, {
304
- readonly component: "kernel";
305
- readonly table: "platformAgentRuns";
306
- readonly prepopulation: "runtime_log";
307
- readonly copyMode: "none";
308
- readonly description: "Agent runs are runtime execution records.";
309
- }, {
310
- readonly component: "kernel";
311
- readonly table: "platformAgentRunToolCalls";
312
- readonly prepopulation: "runtime_log";
313
- readonly copyMode: "none";
314
- readonly description: "Agent-run tool calls are runtime execution records.";
315
- }, {
316
- readonly component: "kernel";
317
- readonly table: "platformHarnessShadowAudit";
318
- readonly prepopulation: "runtime_log";
319
- readonly copyMode: "none";
320
- readonly description: "Harness shadow audit rows are runtime audit records.";
321
- }, {
322
- readonly component: "kernel";
323
- readonly table: "publicationRules";
324
- readonly prepopulation: "required_template";
325
- readonly copyMode: "template_tenant_rewrite";
326
- readonly scope: "tenant";
327
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "name"];
328
- readonly description: "Default publication policy rules are rewritten into each tenant.";
329
- }, {
330
- readonly component: "kernel";
331
- readonly table: "questionEvidenceLinks";
332
- readonly prepopulation: "runtime_data";
333
- readonly copyMode: "none";
334
- readonly description: "Question-to-evidence links are tenant graph data.";
335
- }, {
336
- readonly component: "kernel";
337
- readonly table: "researchJobs";
338
- readonly prepopulation: "runtime_queue";
339
- readonly copyMode: "none";
340
- readonly description: "Research job rows are runtime queue items.";
341
- }, {
342
- readonly component: "kernel";
343
- readonly table: "schemaEnumConfig";
344
- readonly prepopulation: "required_template";
345
- readonly copyMode: "template_global";
346
- readonly scope: "global";
347
- readonly uniqueKey: readonly ["category", "value"];
348
- readonly description: "Runtime-extensible enum defaults required by SDK graph APIs.";
349
- }, {
350
- readonly component: "kernel";
351
- readonly table: "stakeholderGroups";
352
- readonly prepopulation: "runtime_data";
353
- readonly copyMode: "none";
354
- readonly description: "Stakeholder groups are tenant decision data.";
355
- }, {
356
- readonly component: "kernel";
357
- readonly table: "systemLogs";
358
- readonly prepopulation: "runtime_log";
359
- readonly copyMode: "none";
360
- readonly description: "System logs are runtime telemetry.";
361
- }, {
362
- readonly component: "kernel";
363
- readonly table: "tasks";
364
- readonly prepopulation: "runtime_data";
365
- readonly copyMode: "none";
366
- readonly description: "Tasks are tenant-authored work items.";
367
- }, {
368
- readonly component: "kernel";
369
- readonly table: "topics";
370
- readonly prepopulation: "runtime_bootstrap";
371
- readonly copyMode: "none";
372
- readonly description: "Default topics are created by tenant provisioning, not copied from templates.";
373
- }, {
374
- readonly component: "kernel";
375
- readonly table: "workflowDefinitions";
376
- readonly prepopulation: "optional_template";
377
- readonly copyMode: "none";
378
- readonly description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.";
379
- }, {
380
- readonly component: "kernel";
381
- readonly table: "workflowPullRequests";
382
- readonly prepopulation: "runtime_data";
383
- readonly copyMode: "none";
384
- readonly description: "Workflow pull requests are tenant workflow data.";
385
- }, {
386
- readonly component: "kernel";
387
- readonly table: "workflowStages";
388
- readonly prepopulation: "optional_template";
389
- readonly copyMode: "none";
390
- readonly dependsOn: readonly ["workflowDefinitions"];
391
- readonly description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.";
392
- }, {
393
- readonly component: "kernel";
394
- readonly table: "worktreeBeliefCluster";
395
- readonly prepopulation: "runtime_data";
396
- readonly copyMode: "none";
397
- readonly description: "Worktree cluster rows link runtime worktrees to runtime beliefs.";
398
- }, {
399
- readonly component: "kernel";
400
- readonly table: "worktrees";
401
- readonly prepopulation: "runtime_data";
402
- readonly copyMode: "none";
403
- readonly description: "Worktrees are tenant/runtime planning data.";
404
- }, {
405
- readonly component: "control-plane";
406
- readonly table: "agents";
407
- readonly prepopulation: "runtime_bootstrap";
408
- readonly copyMode: "none";
409
- readonly description: "Service agents are provisioned per tenant or service, not copied.";
410
- }, {
411
- readonly component: "control-plane";
412
- readonly table: "mcpWritePolicy";
413
- readonly prepopulation: "required_template";
414
- readonly copyMode: "template_global";
415
- readonly scope: "global";
416
- readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
417
- readonly description: "Global write policy defaults govern service and interactive MCP writes.";
418
- }, {
419
- readonly component: "control-plane";
420
- readonly table: "modelCallLogs";
421
- readonly prepopulation: "runtime_log";
422
- readonly copyMode: "none";
423
- readonly description: "Model call logs are runtime telemetry.";
424
- }, {
425
- readonly component: "control-plane";
426
- readonly table: "modelFunctionSlots";
427
- readonly prepopulation: "required_template";
428
- readonly copyMode: "template_global";
429
- readonly scope: "global";
430
- readonly uniqueKey: readonly ["slot"];
431
- readonly description: "Function-to-model slots are required by model runtime resolution.";
432
- }, {
433
- readonly component: "control-plane";
434
- readonly table: "modelRegistry";
435
- readonly prepopulation: "required_template";
436
- readonly copyMode: "template_global";
437
- readonly scope: "global";
438
- readonly uniqueKey: readonly ["key"];
439
- readonly description: "Model catalog defaults are required by model runtime clients.";
440
- }, {
441
- readonly component: "control-plane";
442
- readonly table: "modelSlotConfigs";
443
- readonly prepopulation: "required_template";
444
- readonly copyMode: "template_global";
445
- readonly scope: "global";
446
- readonly uniqueKey: readonly ["slot"];
447
- readonly description: "Slot-level defaults are required before tenant overrides exist.";
448
- }, {
449
- readonly component: "control-plane";
450
- readonly table: "permitAccessReviewItems";
451
- readonly prepopulation: "runtime_data";
452
- readonly copyMode: "none";
453
- readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
454
- }, {
455
- readonly component: "control-plane";
456
- readonly table: "permitAccessReviews";
457
- readonly prepopulation: "runtime_data";
458
- readonly copyMode: "none";
459
- readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
460
- }, {
461
- readonly component: "control-plane";
462
- readonly table: "permitAttributeBindings";
463
- readonly prepopulation: "runtime_data";
464
- readonly copyMode: "none";
465
- readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
466
- }, {
467
- readonly component: "control-plane";
468
- readonly table: "permitGroups";
469
- readonly prepopulation: "runtime_data";
470
- readonly copyMode: "none";
471
- readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
472
- }, {
473
- readonly component: "control-plane";
474
- readonly table: "permitGroupMemberships";
475
- readonly prepopulation: "runtime_data";
476
- readonly copyMode: "none";
477
- readonly description: "Permit group memberships are tenant-specific policy projection rows.";
478
- }, {
479
- readonly component: "control-plane";
480
- readonly table: "permitPolicyBundles";
481
- readonly prepopulation: "runtime_derived";
482
- readonly copyMode: "none";
483
- readonly description: "Permit policy bundles are derived from the Permit control plane.";
484
- }, {
485
- readonly component: "control-plane";
486
- readonly table: "permitPolicyDecisionReceipts";
487
- readonly prepopulation: "runtime_log";
488
- readonly copyMode: "none";
489
- readonly description: "Permit decision receipts are runtime authorization audit logs.";
490
- }, {
491
- readonly component: "control-plane";
492
- readonly table: "permitPrincipalAliases";
493
- readonly prepopulation: "runtime_data";
494
- readonly copyMode: "none";
495
- readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
496
- }, {
497
- readonly component: "control-plane";
498
- readonly table: "permitPrincipals";
499
- readonly prepopulation: "runtime_data";
500
- readonly copyMode: "none";
501
- readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
502
- }, {
503
- readonly component: "control-plane";
504
- readonly table: "permitProjectionOutbox";
505
- readonly prepopulation: "runtime_queue";
506
- readonly copyMode: "none";
507
- readonly description: "Permit projection outbox rows are runtime sync queue data.";
508
- }, {
509
- readonly component: "control-plane";
510
- readonly table: "permitRelationshipTuples";
511
- readonly prepopulation: "runtime_data";
512
- readonly copyMode: "none";
513
- readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
514
- }, {
515
- readonly component: "control-plane";
516
- readonly table: "permitResourceInstances";
517
- readonly prepopulation: "runtime_data";
518
- readonly copyMode: "none";
519
- readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
520
- }, {
521
- readonly component: "control-plane";
522
- readonly table: "permitRoleAssignments";
523
- readonly prepopulation: "runtime_data";
524
- readonly copyMode: "none";
525
- readonly description: "Permit role assignments are tenant-specific policy projection rows.";
526
- }, {
527
- readonly component: "control-plane";
528
- readonly table: "platformAudienceGrants";
529
- readonly prepopulation: "runtime_data";
530
- readonly copyMode: "none";
531
- readonly description: "Audience grants are principal/group-specific access rows.";
532
- }, {
533
- readonly component: "control-plane";
534
- readonly table: "platformAudiences";
535
- readonly prepopulation: "required_template";
536
- readonly copyMode: "template_tenant_rewrite";
537
- readonly scope: "tenant";
538
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
539
- readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
540
- }, {
541
- readonly component: "control-plane";
542
- readonly table: "platformPolicyDecisionLogs";
543
- readonly prepopulation: "runtime_log";
544
- readonly copyMode: "none";
545
- readonly description: "Policy decisions are runtime audit logs.";
546
- }, {
547
- readonly component: "control-plane";
548
- readonly table: "projectGrants";
549
- readonly prepopulation: "runtime_data";
550
- readonly copyMode: "none";
551
- readonly description: "Project/topic grants are principal or group-specific access rows.";
552
- }, {
553
- readonly component: "control-plane";
554
- readonly table: "reasoningPermissions";
555
- readonly prepopulation: "runtime_data";
556
- readonly copyMode: "none";
557
- readonly description: "Reasoning permissions are principal-specific policy rows.";
558
- }, {
559
- readonly component: "control-plane";
560
- readonly table: "tenantApiKeys";
561
- readonly prepopulation: "runtime_secret";
562
- readonly copyMode: "none";
563
- readonly description: "API keys are tenant credentials and must never be copied.";
564
- }, {
565
- readonly component: "control-plane";
566
- readonly table: "tenantConfig";
567
- readonly prepopulation: "required_template";
568
- readonly copyMode: "template_tenant_rewrite";
569
- readonly scope: "tenant";
570
- readonly uniqueKey: readonly ["tenantId"];
571
- readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
572
- }, {
573
- readonly component: "control-plane";
574
- readonly table: "tenantIntegrations";
575
- readonly prepopulation: "required_template";
576
- readonly copyMode: "template_tenant_rewrite";
577
- readonly scope: "tenant";
578
- readonly uniqueKey: readonly ["tenantId", "integrationKey"];
579
- readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
580
- }, {
581
- readonly component: "control-plane";
582
- readonly table: "tenantModelSlotBindings";
583
- readonly prepopulation: "runtime_secret";
584
- readonly copyMode: "none";
585
- readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
586
- }, {
587
- readonly component: "control-plane";
588
- readonly table: "tenantPermitSyncStates";
589
- readonly prepopulation: "runtime_derived";
590
- readonly copyMode: "none";
591
- readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
592
- }, {
593
- readonly component: "control-plane";
594
- readonly table: "tenantPolicies";
595
- readonly prepopulation: "required_template";
596
- readonly copyMode: "template_tenant_rewrite";
597
- readonly scope: "tenant";
598
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
599
- readonly description: "Default tenant policy roles are rewritten during bootstrap.";
600
- }, {
601
- readonly component: "control-plane";
602
- readonly table: "tenantProviderSecrets";
603
- readonly prepopulation: "runtime_secret";
604
- readonly copyMode: "none";
605
- readonly description: "Provider secrets are credentials and must never be copied.";
606
- }, {
607
- readonly component: "control-plane";
608
- readonly table: "tenantProxyGatewayUsage";
609
- readonly prepopulation: "runtime_log";
610
- readonly copyMode: "none";
611
- readonly description: "Proxy gateway usage rows are runtime telemetry.";
612
- }, {
613
- readonly component: "control-plane";
614
- readonly table: "tenantProxyTokenMints";
615
- readonly prepopulation: "runtime_secret";
616
- readonly copyMode: "none";
617
- readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
618
- }, {
619
- readonly component: "control-plane";
620
- readonly table: "tenantSandboxAuditEvents";
621
- readonly prepopulation: "runtime_log";
622
- readonly copyMode: "none";
623
- readonly description: "Sandbox audit rows are runtime security logs.";
624
- }, {
625
- readonly component: "control-plane";
626
- readonly table: "tenantSecrets";
627
- readonly prepopulation: "runtime_secret";
628
- readonly copyMode: "none";
629
- readonly description: "Tenant secrets are credentials and must never be copied.";
630
- }, {
631
- readonly component: "control-plane";
632
- readonly table: "toolAcls";
633
- readonly prepopulation: "required_template";
634
- readonly copyMode: "template_global";
635
- readonly scope: "global";
636
- readonly uniqueKey: readonly ["role", "toolName"];
637
- readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
638
- }, {
639
- readonly component: "control-plane";
640
- readonly table: "toolRegistry";
641
- readonly prepopulation: "required_template";
642
- readonly copyMode: "template_global";
643
- readonly scope: "global";
644
- readonly uniqueKey: readonly ["toolName"];
645
- readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
646
- }, {
647
- readonly component: "control-plane";
648
- readonly table: "users";
649
- readonly prepopulation: "runtime_bootstrap";
650
- readonly copyMode: "none";
651
- readonly description: "Users are created from Clerk/MC principal resolution, not copied.";
652
- }];
653
- declare const TENANT_BOOTSTRAP_SEED_TABLES: readonly TenantBootstrapSeedTable[];
654
- type TenantBootstrapSeedTableName = (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number]["table"];
655
- declare const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES: readonly string[];
656
- type TenantBootstrapForbiddenSeedTable = (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];
657
- declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
658
- readonly contractVersion: "2026-04-30";
659
- readonly authMetadataFields: readonly ["tenantId", "workspaceId", "principalId", "role", "authMode", "correlationId", "auditMetadata"];
660
- readonly components: {
661
- readonly kernel: {
662
- readonly componentName: "lucern";
663
- readonly migrationModule: "adapters/migration";
664
- readonly templateMigrationModule: "dist/adapters/migration";
665
- readonly tenantMigrationModule: "adapters/migration";
666
- readonly templateService: "services/kernel-template";
667
- readonly templateDeployments: {
668
- readonly staging: "kindly-goldfish-162";
669
- readonly prod: "cool-badger-368";
670
- };
671
- };
672
- readonly "control-plane": {
673
- readonly componentName: "controlPlane";
674
- readonly migrationModule: "migration";
675
- readonly templateMigrationModule: "dist/migration";
676
- readonly tenantMigrationModule: "migration";
677
- readonly templateService: "services/control-plane-template";
678
- readonly templateDeployments: {
679
- readonly staging: "industrious-cheetah-864";
680
- readonly prod: "combative-beagle-879";
681
- };
682
- };
683
- };
684
- readonly tableRequirements: readonly [{
685
- readonly component: "kernel";
686
- readonly table: "agentMessages";
687
- readonly prepopulation: "runtime_data";
688
- readonly copyMode: "none";
689
- readonly description: "Agent coordination messages are session data, not template data.";
690
- }, {
691
- readonly component: "kernel";
692
- readonly table: "agentSessions";
693
- readonly prepopulation: "runtime_data";
694
- readonly copyMode: "none";
695
- readonly description: "Agent coordination sessions are created by active clients.";
696
- }, {
697
- readonly component: "kernel";
698
- readonly table: "autofixJobs";
699
- readonly prepopulation: "runtime_queue";
700
- readonly copyMode: "none";
701
- readonly description: "Autofix work items are runtime queue rows.";
702
- }, {
703
- readonly component: "kernel";
704
- readonly table: "backgroundJobRuns";
705
- readonly prepopulation: "runtime_log";
706
- readonly copyMode: "none";
707
- readonly description: "Background job executions are runtime logs.";
708
- }, {
709
- readonly component: "kernel";
710
- readonly table: "backgroundJobSettings";
711
- readonly prepopulation: "required_template";
712
- readonly copyMode: "template_global";
713
- readonly scope: "global";
714
- readonly uniqueKey: readonly ["jobKey"];
715
- readonly description: "Default job enablement settings must come from the K template.";
716
- }, {
717
- readonly component: "kernel";
718
- readonly table: "beliefConfidence";
719
- readonly prepopulation: "runtime_data";
720
- readonly copyMode: "none";
721
- readonly description: "Belief confidence rows are created with tenant graph facts.";
722
- }, {
723
- readonly component: "kernel";
724
- readonly table: "beliefEvidenceLinks";
725
- readonly prepopulation: "runtime_data";
726
- readonly copyMode: "none";
727
- readonly description: "Belief-to-evidence links are tenant graph data.";
728
- }, {
729
- readonly component: "kernel";
730
- readonly table: "beliefHistory";
731
- readonly prepopulation: "runtime_data";
732
- readonly copyMode: "none";
733
- readonly description: "Belief history is append-only tenant graph data.";
734
- }, {
735
- readonly component: "kernel";
736
- readonly table: "beliefScenarios";
737
- readonly prepopulation: "runtime_data";
738
- readonly copyMode: "none";
739
- readonly description: "Scenario rows are tenant-authored reasoning data.";
740
- }, {
741
- readonly component: "kernel";
742
- readonly table: "beliefVotes";
743
- readonly prepopulation: "runtime_data";
744
- readonly copyMode: "none";
745
- readonly description: "Decision belief votes are tenant-authored data.";
746
- }, {
747
- readonly component: "kernel";
748
- readonly table: "calibrationScores";
749
- readonly prepopulation: "runtime_derived";
750
- readonly copyMode: "none";
751
- readonly description: "Calibration scores are computed from tenant outcomes.";
752
- }, {
753
- readonly component: "kernel";
754
- readonly table: "contractEvaluations";
755
- readonly prepopulation: "runtime_log";
756
- readonly copyMode: "none";
757
- readonly description: "Contract evaluation rows are runtime computation logs.";
758
- }, {
759
- readonly component: "kernel";
760
- readonly table: "contradictions";
761
- readonly prepopulation: "runtime_data";
762
- readonly copyMode: "none";
763
- readonly description: "Contradictions are tenant graph facts.";
764
- }, {
765
- readonly component: "kernel";
766
- readonly table: "crossProjectConnections";
767
- readonly prepopulation: "runtime_data";
768
- readonly copyMode: "none";
769
- readonly description: "Cross-topic connections are tenant graph facts.";
770
- }, {
771
- readonly component: "kernel";
772
- readonly table: "decisionComputedSummaries";
773
- readonly prepopulation: "runtime_derived";
774
- readonly copyMode: "none";
775
- readonly description: "Decision summaries are derived tenant outputs.";
776
- }, {
777
- readonly component: "kernel";
778
- readonly table: "decisionEvents";
779
- readonly prepopulation: "runtime_data";
780
- readonly copyMode: "none";
781
- readonly description: "Decision events are lifecycle data.";
782
- }, {
783
- readonly component: "kernel";
784
- readonly table: "decisionParticipants";
785
- readonly prepopulation: "runtime_data";
786
- readonly copyMode: "none";
787
- readonly description: "Decision participants are tenant-selected actors.";
788
- }, {
789
- readonly component: "kernel";
790
- readonly table: "decisionRiskLedger";
791
- readonly prepopulation: "runtime_data";
792
- readonly copyMode: "none";
793
- readonly description: "Decision risk rows are tenant decision data.";
794
- }, {
795
- readonly component: "kernel";
796
- readonly table: "decisionSnapshots";
797
- readonly prepopulation: "runtime_derived";
798
- readonly copyMode: "none";
799
- readonly description: "Decision snapshots are derived from tenant state.";
800
- }, {
801
- readonly component: "kernel";
802
- readonly table: "deliberationContributions";
803
- readonly prepopulation: "runtime_data";
804
- readonly copyMode: "none";
805
- readonly description: "Deliberation contributions are tenant-authored data.";
806
- }, {
807
- readonly component: "kernel";
808
- readonly table: "deliberationSessions";
809
- readonly prepopulation: "runtime_data";
810
- readonly copyMode: "none";
811
- readonly description: "Deliberation sessions are created by tenant workflows.";
812
- }, {
813
- readonly component: "kernel";
814
- readonly table: "domainEvents";
815
- readonly prepopulation: "runtime_log";
816
- readonly copyMode: "none";
817
- readonly description: "Domain event rows are append-only runtime audit/exhaust data.";
818
- }, {
819
- readonly component: "kernel";
820
- readonly table: "epistemicAudit";
821
- readonly prepopulation: "runtime_log";
822
- readonly copyMode: "none";
823
- readonly description: "Epistemic audit rows are append-only runtime audit data.";
824
- }, {
825
- readonly component: "kernel";
826
- readonly table: "epistemicContracts";
827
- readonly prepopulation: "runtime_data";
828
- readonly copyMode: "none";
829
- readonly description: "Epistemic contracts are tenant-authored governance data.";
830
- }, {
831
- readonly component: "kernel";
832
- readonly table: "epistemicEdges";
833
- readonly prepopulation: "runtime_data";
834
- readonly copyMode: "none";
835
- readonly description: "Edges are tenant reasoning graph data.";
836
- }, {
837
- readonly component: "kernel";
838
- readonly table: "epistemicNodeEmbeddings";
839
- readonly prepopulation: "runtime_derived";
840
- readonly copyMode: "none";
841
- readonly description: "Embeddings are derived from tenant graph nodes.";
842
- }, {
843
- readonly component: "kernel";
844
- readonly table: "epistemicNodes";
845
- readonly prepopulation: "runtime_data";
846
- readonly copyMode: "none";
847
- readonly description: "Nodes are tenant reasoning graph data.";
848
- }, {
849
- readonly component: "kernel";
850
- readonly table: "graphAnalysisCache";
851
- readonly prepopulation: "runtime_derived";
852
- readonly copyMode: "none";
853
- readonly description: "Graph analysis cache rows are derived from tenant graph state.";
854
- }, {
855
- readonly component: "kernel";
856
- readonly table: "graphAnalysisResults";
857
- readonly prepopulation: "runtime_derived";
858
- readonly copyMode: "none";
859
- readonly description: "Graph analysis result rows are derived tenant outputs.";
860
- }, {
861
- readonly component: "kernel";
862
- readonly table: "graphSuggestions";
863
- readonly prepopulation: "runtime_derived";
864
- readonly copyMode: "none";
865
- readonly description: "Graph suggestions are derived recommendations.";
866
- }, {
867
- readonly component: "kernel";
868
- readonly table: "harnessReplays";
869
- readonly prepopulation: "runtime_log";
870
- readonly copyMode: "none";
871
- readonly description: "Harness replay rows are runtime verification logs.";
872
- }, {
873
- readonly component: "kernel";
874
- readonly table: "harnessRuns";
875
- readonly prepopulation: "runtime_log";
876
- readonly copyMode: "none";
877
- readonly description: "Harness run rows are runtime verification logs.";
878
- }, {
879
- readonly component: "kernel";
880
- readonly table: "idempotencyTokens";
881
- readonly prepopulation: "runtime_log";
882
- readonly copyMode: "none";
883
- readonly description: "Idempotency tokens are request-scoped runtime guards.";
884
- }, {
885
- readonly component: "kernel";
886
- readonly table: "lenses";
887
- readonly prepopulation: "optional_template";
888
- readonly copyMode: "none";
889
- readonly description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.";
890
- }, {
891
- readonly component: "kernel";
892
- readonly table: "lensTopicBindings";
893
- readonly prepopulation: "runtime_data";
894
- readonly copyMode: "none";
895
- readonly description: "Lens bindings attach runtime topics to runtime/workspace lenses.";
896
- }, {
897
- readonly component: "kernel";
898
- readonly table: "neo4jSyncQueue";
899
- readonly prepopulation: "runtime_queue";
900
- readonly copyMode: "none";
901
- readonly description: "Neo4j sync queue rows are runtime work items.";
902
- }, {
903
- readonly component: "kernel";
904
- readonly table: "ontologyDefinitions";
905
- readonly prepopulation: "required_template";
906
- readonly copyMode: "template_global";
907
- readonly scope: "global";
908
- readonly uniqueKey: readonly ["ontologyKey"];
909
- readonly description: "Platform ontology definitions power taxonomy reads and effective ontology resolution.";
910
- }, {
911
- readonly component: "kernel";
912
- readonly table: "ontologyVersions";
913
- readonly prepopulation: "required_template";
914
- readonly copyMode: "template_reference_remap";
915
- readonly scope: "global";
916
- readonly uniqueKey: readonly ["ontologyKey", "version"];
917
- readonly dependsOn: readonly ["ontologyDefinitions"];
918
- readonly description: "Ontology versions must be copied with ontologyDefinition ID remapping.";
919
- }, {
920
- readonly component: "kernel";
921
- readonly table: "platformAgentRunPolicyDecisions";
922
- readonly prepopulation: "runtime_log";
923
- readonly copyMode: "none";
924
- readonly description: "Agent-run policy decisions are audit logs.";
925
- }, {
926
- readonly component: "kernel";
927
- readonly table: "platformAgentRunPromptResolutions";
928
- readonly prepopulation: "runtime_log";
929
- readonly copyMode: "none";
930
- readonly description: "Agent-run prompt resolution rows are runtime logs.";
931
- }, {
932
- readonly component: "kernel";
933
- readonly table: "platformAgentRuns";
934
- readonly prepopulation: "runtime_log";
935
- readonly copyMode: "none";
936
- readonly description: "Agent runs are runtime execution records.";
937
- }, {
938
- readonly component: "kernel";
939
- readonly table: "platformAgentRunToolCalls";
940
- readonly prepopulation: "runtime_log";
941
- readonly copyMode: "none";
942
- readonly description: "Agent-run tool calls are runtime execution records.";
943
- }, {
944
- readonly component: "kernel";
945
- readonly table: "platformHarnessShadowAudit";
946
- readonly prepopulation: "runtime_log";
947
- readonly copyMode: "none";
948
- readonly description: "Harness shadow audit rows are runtime audit records.";
949
- }, {
950
- readonly component: "kernel";
951
- readonly table: "publicationRules";
952
- readonly prepopulation: "required_template";
953
- readonly copyMode: "template_tenant_rewrite";
954
- readonly scope: "tenant";
955
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "name"];
956
- readonly description: "Default publication policy rules are rewritten into each tenant.";
957
- }, {
958
- readonly component: "kernel";
959
- readonly table: "questionEvidenceLinks";
960
- readonly prepopulation: "runtime_data";
961
- readonly copyMode: "none";
962
- readonly description: "Question-to-evidence links are tenant graph data.";
963
- }, {
964
- readonly component: "kernel";
965
- readonly table: "researchJobs";
966
- readonly prepopulation: "runtime_queue";
967
- readonly copyMode: "none";
968
- readonly description: "Research job rows are runtime queue items.";
969
- }, {
970
- readonly component: "kernel";
971
- readonly table: "schemaEnumConfig";
972
- readonly prepopulation: "required_template";
973
- readonly copyMode: "template_global";
974
- readonly scope: "global";
975
- readonly uniqueKey: readonly ["category", "value"];
976
- readonly description: "Runtime-extensible enum defaults required by SDK graph APIs.";
977
- }, {
978
- readonly component: "kernel";
979
- readonly table: "stakeholderGroups";
980
- readonly prepopulation: "runtime_data";
981
- readonly copyMode: "none";
982
- readonly description: "Stakeholder groups are tenant decision data.";
983
- }, {
984
- readonly component: "kernel";
985
- readonly table: "systemLogs";
986
- readonly prepopulation: "runtime_log";
987
- readonly copyMode: "none";
988
- readonly description: "System logs are runtime telemetry.";
989
- }, {
990
- readonly component: "kernel";
991
- readonly table: "tasks";
992
- readonly prepopulation: "runtime_data";
993
- readonly copyMode: "none";
994
- readonly description: "Tasks are tenant-authored work items.";
995
- }, {
996
- readonly component: "kernel";
997
- readonly table: "topics";
998
- readonly prepopulation: "runtime_bootstrap";
999
- readonly copyMode: "none";
1000
- readonly description: "Default topics are created by tenant provisioning, not copied from templates.";
1001
- }, {
1002
- readonly component: "kernel";
1003
- readonly table: "workflowDefinitions";
1004
- readonly prepopulation: "optional_template";
1005
- readonly copyMode: "none";
1006
- readonly description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.";
1007
- }, {
1008
- readonly component: "kernel";
1009
- readonly table: "workflowPullRequests";
1010
- readonly prepopulation: "runtime_data";
1011
- readonly copyMode: "none";
1012
- readonly description: "Workflow pull requests are tenant workflow data.";
1013
- }, {
1014
- readonly component: "kernel";
1015
- readonly table: "workflowStages";
1016
- readonly prepopulation: "optional_template";
1017
- readonly copyMode: "none";
1018
- readonly dependsOn: readonly ["workflowDefinitions"];
1019
- readonly description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.";
1020
- }, {
1021
- readonly component: "kernel";
1022
- readonly table: "worktreeBeliefCluster";
1023
- readonly prepopulation: "runtime_data";
1024
- readonly copyMode: "none";
1025
- readonly description: "Worktree cluster rows link runtime worktrees to runtime beliefs.";
1026
- }, {
1027
- readonly component: "kernel";
1028
- readonly table: "worktrees";
1029
- readonly prepopulation: "runtime_data";
1030
- readonly copyMode: "none";
1031
- readonly description: "Worktrees are tenant/runtime planning data.";
1032
- }, {
1033
- readonly component: "control-plane";
1034
- readonly table: "agents";
1035
- readonly prepopulation: "runtime_bootstrap";
1036
- readonly copyMode: "none";
1037
- readonly description: "Service agents are provisioned per tenant or service, not copied.";
1038
- }, {
1039
- readonly component: "control-plane";
1040
- readonly table: "mcpWritePolicy";
1041
- readonly prepopulation: "required_template";
1042
- readonly copyMode: "template_global";
1043
- readonly scope: "global";
1044
- readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
1045
- readonly description: "Global write policy defaults govern service and interactive MCP writes.";
1046
- }, {
1047
- readonly component: "control-plane";
1048
- readonly table: "modelCallLogs";
1049
- readonly prepopulation: "runtime_log";
1050
- readonly copyMode: "none";
1051
- readonly description: "Model call logs are runtime telemetry.";
1052
- }, {
1053
- readonly component: "control-plane";
1054
- readonly table: "modelFunctionSlots";
1055
- readonly prepopulation: "required_template";
1056
- readonly copyMode: "template_global";
1057
- readonly scope: "global";
1058
- readonly uniqueKey: readonly ["slot"];
1059
- readonly description: "Function-to-model slots are required by model runtime resolution.";
1060
- }, {
1061
- readonly component: "control-plane";
1062
- readonly table: "modelRegistry";
1063
- readonly prepopulation: "required_template";
1064
- readonly copyMode: "template_global";
1065
- readonly scope: "global";
1066
- readonly uniqueKey: readonly ["key"];
1067
- readonly description: "Model catalog defaults are required by model runtime clients.";
1068
- }, {
1069
- readonly component: "control-plane";
1070
- readonly table: "modelSlotConfigs";
1071
- readonly prepopulation: "required_template";
1072
- readonly copyMode: "template_global";
1073
- readonly scope: "global";
1074
- readonly uniqueKey: readonly ["slot"];
1075
- readonly description: "Slot-level defaults are required before tenant overrides exist.";
1076
- }, {
1077
- readonly component: "control-plane";
1078
- readonly table: "permitAccessReviewItems";
1079
- readonly prepopulation: "runtime_data";
1080
- readonly copyMode: "none";
1081
- readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
1082
- }, {
1083
- readonly component: "control-plane";
1084
- readonly table: "permitAccessReviews";
1085
- readonly prepopulation: "runtime_data";
1086
- readonly copyMode: "none";
1087
- readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
1088
- }, {
1089
- readonly component: "control-plane";
1090
- readonly table: "permitAttributeBindings";
1091
- readonly prepopulation: "runtime_data";
1092
- readonly copyMode: "none";
1093
- readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
1094
- }, {
1095
- readonly component: "control-plane";
1096
- readonly table: "permitGroups";
1097
- readonly prepopulation: "runtime_data";
1098
- readonly copyMode: "none";
1099
- readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
1100
- }, {
1101
- readonly component: "control-plane";
1102
- readonly table: "permitGroupMemberships";
1103
- readonly prepopulation: "runtime_data";
1104
- readonly copyMode: "none";
1105
- readonly description: "Permit group memberships are tenant-specific policy projection rows.";
1106
- }, {
1107
- readonly component: "control-plane";
1108
- readonly table: "permitPolicyBundles";
1109
- readonly prepopulation: "runtime_derived";
1110
- readonly copyMode: "none";
1111
- readonly description: "Permit policy bundles are derived from the Permit control plane.";
1112
- }, {
1113
- readonly component: "control-plane";
1114
- readonly table: "permitPolicyDecisionReceipts";
1115
- readonly prepopulation: "runtime_log";
1116
- readonly copyMode: "none";
1117
- readonly description: "Permit decision receipts are runtime authorization audit logs.";
1118
- }, {
1119
- readonly component: "control-plane";
1120
- readonly table: "permitPrincipalAliases";
1121
- readonly prepopulation: "runtime_data";
1122
- readonly copyMode: "none";
1123
- readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
1124
- }, {
1125
- readonly component: "control-plane";
1126
- readonly table: "permitPrincipals";
1127
- readonly prepopulation: "runtime_data";
1128
- readonly copyMode: "none";
1129
- readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
1130
- }, {
1131
- readonly component: "control-plane";
1132
- readonly table: "permitProjectionOutbox";
1133
- readonly prepopulation: "runtime_queue";
1134
- readonly copyMode: "none";
1135
- readonly description: "Permit projection outbox rows are runtime sync queue data.";
1136
- }, {
1137
- readonly component: "control-plane";
1138
- readonly table: "permitRelationshipTuples";
1139
- readonly prepopulation: "runtime_data";
1140
- readonly copyMode: "none";
1141
- readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
1142
- }, {
1143
- readonly component: "control-plane";
1144
- readonly table: "permitResourceInstances";
1145
- readonly prepopulation: "runtime_data";
1146
- readonly copyMode: "none";
1147
- readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
1148
- }, {
1149
- readonly component: "control-plane";
1150
- readonly table: "permitRoleAssignments";
1151
- readonly prepopulation: "runtime_data";
1152
- readonly copyMode: "none";
1153
- readonly description: "Permit role assignments are tenant-specific policy projection rows.";
1154
- }, {
1155
- readonly component: "control-plane";
1156
- readonly table: "platformAudienceGrants";
1157
- readonly prepopulation: "runtime_data";
1158
- readonly copyMode: "none";
1159
- readonly description: "Audience grants are principal/group-specific access rows.";
1160
- }, {
1161
- readonly component: "control-plane";
1162
- readonly table: "platformAudiences";
1163
- readonly prepopulation: "required_template";
1164
- readonly copyMode: "template_tenant_rewrite";
1165
- readonly scope: "tenant";
1166
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
1167
- readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
1168
- }, {
1169
- readonly component: "control-plane";
1170
- readonly table: "platformPolicyDecisionLogs";
1171
- readonly prepopulation: "runtime_log";
1172
- readonly copyMode: "none";
1173
- readonly description: "Policy decisions are runtime audit logs.";
1174
- }, {
1175
- readonly component: "control-plane";
1176
- readonly table: "projectGrants";
1177
- readonly prepopulation: "runtime_data";
1178
- readonly copyMode: "none";
1179
- readonly description: "Project/topic grants are principal or group-specific access rows.";
1180
- }, {
1181
- readonly component: "control-plane";
1182
- readonly table: "reasoningPermissions";
1183
- readonly prepopulation: "runtime_data";
1184
- readonly copyMode: "none";
1185
- readonly description: "Reasoning permissions are principal-specific policy rows.";
1186
- }, {
1187
- readonly component: "control-plane";
1188
- readonly table: "tenantApiKeys";
1189
- readonly prepopulation: "runtime_secret";
1190
- readonly copyMode: "none";
1191
- readonly description: "API keys are tenant credentials and must never be copied.";
1192
- }, {
1193
- readonly component: "control-plane";
1194
- readonly table: "tenantConfig";
1195
- readonly prepopulation: "required_template";
1196
- readonly copyMode: "template_tenant_rewrite";
1197
- readonly scope: "tenant";
1198
- readonly uniqueKey: readonly ["tenantId"];
1199
- readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
1200
- }, {
1201
- readonly component: "control-plane";
1202
- readonly table: "tenantIntegrations";
1203
- readonly prepopulation: "required_template";
1204
- readonly copyMode: "template_tenant_rewrite";
1205
- readonly scope: "tenant";
1206
- readonly uniqueKey: readonly ["tenantId", "integrationKey"];
1207
- readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
1208
- }, {
1209
- readonly component: "control-plane";
1210
- readonly table: "tenantModelSlotBindings";
1211
- readonly prepopulation: "runtime_secret";
1212
- readonly copyMode: "none";
1213
- readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
1214
- }, {
1215
- readonly component: "control-plane";
1216
- readonly table: "tenantPermitSyncStates";
1217
- readonly prepopulation: "runtime_derived";
1218
- readonly copyMode: "none";
1219
- readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
1220
- }, {
1221
- readonly component: "control-plane";
1222
- readonly table: "tenantPolicies";
1223
- readonly prepopulation: "required_template";
1224
- readonly copyMode: "template_tenant_rewrite";
1225
- readonly scope: "tenant";
1226
- readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
1227
- readonly description: "Default tenant policy roles are rewritten during bootstrap.";
1228
- }, {
1229
- readonly component: "control-plane";
1230
- readonly table: "tenantProviderSecrets";
1231
- readonly prepopulation: "runtime_secret";
1232
- readonly copyMode: "none";
1233
- readonly description: "Provider secrets are credentials and must never be copied.";
1234
- }, {
1235
- readonly component: "control-plane";
1236
- readonly table: "tenantProxyGatewayUsage";
1237
- readonly prepopulation: "runtime_log";
1238
- readonly copyMode: "none";
1239
- readonly description: "Proxy gateway usage rows are runtime telemetry.";
1240
- }, {
1241
- readonly component: "control-plane";
1242
- readonly table: "tenantProxyTokenMints";
1243
- readonly prepopulation: "runtime_secret";
1244
- readonly copyMode: "none";
1245
- readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
1246
- }, {
1247
- readonly component: "control-plane";
1248
- readonly table: "tenantSandboxAuditEvents";
1249
- readonly prepopulation: "runtime_log";
1250
- readonly copyMode: "none";
1251
- readonly description: "Sandbox audit rows are runtime security logs.";
1252
- }, {
1253
- readonly component: "control-plane";
1254
- readonly table: "tenantSecrets";
1255
- readonly prepopulation: "runtime_secret";
1256
- readonly copyMode: "none";
1257
- readonly description: "Tenant secrets are credentials and must never be copied.";
1258
- }, {
1259
- readonly component: "control-plane";
1260
- readonly table: "toolAcls";
1261
- readonly prepopulation: "required_template";
1262
- readonly copyMode: "template_global";
1263
- readonly scope: "global";
1264
- readonly uniqueKey: readonly ["role", "toolName"];
1265
- readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
1266
- }, {
1267
- readonly component: "control-plane";
1268
- readonly table: "toolRegistry";
1269
- readonly prepopulation: "required_template";
1270
- readonly copyMode: "template_global";
1271
- readonly scope: "global";
1272
- readonly uniqueKey: readonly ["toolName"];
1273
- readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
1274
- }, {
1275
- readonly component: "control-plane";
1276
- readonly table: "users";
1277
- readonly prepopulation: "runtime_bootstrap";
1278
- readonly copyMode: "none";
1279
- readonly description: "Users are created from Clerk/MC principal resolution, not copied.";
1280
- }];
1281
- readonly tables: readonly TenantBootstrapSeedTable[];
1282
- readonly forbiddenTables: readonly string[];
1283
- };
1284
- declare function findTenantBootstrapTableRequirement(table: string): TenantBootstrapTableRequirement | undefined;
1285
- declare function findTenantBootstrapSeedTable(table: string): TenantBootstrapSeedTable | undefined;
1286
- declare function isTenantBootstrapSeedTable(table: string): boolean;
1287
- declare function isTenantBootstrapForbiddenSeedTable(table: string): boolean;
1288
-
1289
- export { TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, type TenantBootstrapCopyMode, type TenantBootstrapForbiddenSeedTable, type TenantBootstrapPrepopulation, type TenantBootstrapSeedAuthMetadataField, type TenantBootstrapSeedComponent, type TenantBootstrapSeedScope, type TenantBootstrapSeedTable, type TenantBootstrapSeedTableName, type TenantBootstrapTableRequirement, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable };