@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/dist/component-boundary.contract.d.ts +14 -0
  2. package/dist/component-boundary.contract.js +155 -0
  3. package/dist/component-boundary.contract.js.map +1 -0
  4. package/dist/component-host-boundary.contract.d.ts +41 -0
  5. package/dist/component-host-boundary.contract.js +54 -0
  6. package/dist/component-host-boundary.contract.js.map +1 -0
  7. package/dist/function-registry/beliefs.d.ts +41 -41
  8. package/dist/function-registry/beliefs.js +202 -8
  9. package/dist/function-registry/beliefs.js.map +1 -1
  10. package/dist/function-registry/coding.js +187 -8
  11. package/dist/function-registry/coding.js.map +1 -1
  12. package/dist/function-registry/context.d.ts +13 -13
  13. package/dist/function-registry/context.js +187 -9
  14. package/dist/function-registry/context.js.map +1 -1
  15. package/dist/function-registry/contracts.js +158 -5
  16. package/dist/function-registry/contracts.js.map +1 -1
  17. package/dist/function-registry/coordination.js +158 -5
  18. package/dist/function-registry/coordination.js.map +1 -1
  19. package/dist/function-registry/edges.js +169 -6
  20. package/dist/function-registry/edges.js.map +1 -1
  21. package/dist/function-registry/evidence.d.ts +33 -33
  22. package/dist/function-registry/evidence.js +202 -9
  23. package/dist/function-registry/evidence.js.map +1 -1
  24. package/dist/function-registry/graph.d.ts +53 -53
  25. package/dist/function-registry/graph.js +217 -12
  26. package/dist/function-registry/graph.js.map +1 -1
  27. package/dist/function-registry/helpers.d.ts +1 -1
  28. package/dist/function-registry/helpers.js +158 -5
  29. package/dist/function-registry/helpers.js.map +1 -1
  30. package/dist/function-registry/identity.js +158 -5
  31. package/dist/function-registry/identity.js.map +1 -1
  32. package/dist/function-registry/index.d.ts +1 -1
  33. package/dist/function-registry/index.js +158 -5
  34. package/dist/function-registry/index.js.map +1 -1
  35. package/dist/function-registry/judgments.d.ts +9 -9
  36. package/dist/function-registry/judgments.js +170 -8
  37. package/dist/function-registry/judgments.js.map +1 -1
  38. package/dist/function-registry/legacy.js +158 -5
  39. package/dist/function-registry/legacy.js.map +1 -1
  40. package/dist/function-registry/lenses.d.ts +17 -17
  41. package/dist/function-registry/lenses.js +181 -8
  42. package/dist/function-registry/lenses.js.map +1 -1
  43. package/dist/function-registry/manifest.d.ts +3 -3
  44. package/dist/function-registry/manifest.js +1 -1
  45. package/dist/function-registry/manifest.js.map +1 -1
  46. package/dist/function-registry/ontologies.d.ts +45 -45
  47. package/dist/function-registry/ontologies.js +176 -11
  48. package/dist/function-registry/ontologies.js.map +1 -1
  49. package/dist/function-registry/pipeline.d.ts +13 -13
  50. package/dist/function-registry/pipeline.js +167 -8
  51. package/dist/function-registry/pipeline.js.map +1 -1
  52. package/dist/function-registry/questions.d.ts +49 -49
  53. package/dist/function-registry/questions.js +255 -13
  54. package/dist/function-registry/questions.js.map +1 -1
  55. package/dist/function-registry/tasks.js +158 -5
  56. package/dist/function-registry/tasks.js.map +1 -1
  57. package/dist/function-registry/topics.d.ts +21 -21
  58. package/dist/function-registry/topics.js +172 -8
  59. package/dist/function-registry/topics.js.map +1 -1
  60. package/dist/function-registry/types.d.ts +1 -1
  61. package/dist/function-registry/worktrees.d.ts +80 -41
  62. package/dist/function-registry/worktrees.js +292 -17
  63. package/dist/function-registry/worktrees.js.map +1 -1
  64. package/dist/function-registry-input-audit.d.ts +13 -0
  65. package/dist/function-registry-input-audit.js +164 -0
  66. package/dist/function-registry-input-audit.js.map +1 -0
  67. package/dist/gateway.contract.d.ts +2 -0
  68. package/dist/gateway.contract.js.map +1 -1
  69. package/dist/generated/convexSchemas.js +2 -1
  70. package/dist/generated/convexSchemas.js.map +1 -1
  71. package/dist/generated/schema-manifest.json +42 -3
  72. package/dist/generated/tableOwnership.d.ts +2 -1
  73. package/dist/generated/tableOwnership.js +2 -0
  74. package/dist/generated/tableOwnership.js.map +1 -1
  75. package/dist/generated/tier-expectations.json +4 -2
  76. package/dist/index.d.ts +445 -35
  77. package/dist/index.js +1987 -17
  78. package/dist/index.js.map +1 -1
  79. package/dist/infisical-runtime.contract.d.ts +174 -0
  80. package/dist/infisical-runtime.contract.js +192 -0
  81. package/dist/infisical-runtime.contract.js.map +1 -0
  82. package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
  83. package/dist/mcp-gateway-boundary.contract.js +43 -0
  84. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  85. package/dist/schemas/component-table-manifest.d.ts +2 -2
  86. package/dist/schemas/index.js +38 -1
  87. package/dist/schemas/index.js.map +1 -1
  88. package/dist/schemas/manifest.d.ts +1050 -910
  89. package/dist/schemas/manifest.js +38 -1
  90. package/dist/schemas/manifest.js.map +1 -1
  91. package/dist/schemas/sl-opinion.d.ts +4 -4
  92. package/dist/schemas/tables/identity/platform.d.ts +10 -10
  93. package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
  94. package/dist/schemas/tables/kernel/infra.d.ts +4 -4
  95. package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
  96. package/dist/schemas/tables/kernel/lens.d.ts +4 -4
  97. package/dist/schemas/tables/kernel/platform.d.ts +12 -12
  98. package/dist/schemas/tables/kernel/spine.d.ts +2 -2
  99. package/dist/schemas/tables/kernel/task.d.ts +42 -42
  100. package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
  101. package/dist/schemas/tables/mc/identity.d.ts +26 -3
  102. package/dist/schemas/tables/mc/identity.js +35 -1
  103. package/dist/schemas/tables/mc/identity.js.map +1 -1
  104. package/dist/schemas/tables/mc/pack.d.ts +20 -20
  105. package/dist/schemas/tables/mc/registry.d.ts +4 -4
  106. package/dist/schemas/tables/mc/workspace.d.ts +9 -3
  107. package/dist/schemas/tables/mc/workspace.js +3 -1
  108. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  109. package/dist/sdk-methods.contract.d.ts +1 -1
  110. package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-CD-N1Jf7.d.ts} +1 -1
  111. package/dist/sdk-tools.contract.d.ts +2 -2
  112. package/dist/sdk-tools.contract.js +157 -4
  113. package/dist/sdk-tools.contract.js.map +1 -1
  114. package/dist/tenant-bootstrap-seed.contract.d.ts +1097 -0
  115. package/dist/tenant-bootstrap-seed.contract.js +651 -0
  116. package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
  117. package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
  118. package/dist/tenant-bootstrap-seed.defaults.js +303 -0
  119. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
  120. package/dist/tenant-client.contract.d.ts +266 -0
  121. package/dist/tenant-client.contract.js +404 -0
  122. package/dist/tenant-client.contract.js.map +1 -0
  123. package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BcKz-VGj.d.ts} +4 -2
  124. package/dist/tool-contracts.d.ts +1 -1
  125. package/dist/tool-contracts.js +158 -5
  126. package/dist/tool-contracts.js.map +1 -1
  127. package/package.json +1 -1
@@ -0,0 +1,1097 @@
1
+ /**
2
+ * Tenant bootstrap seed contract.
3
+ *
4
+ * Fresh tenant deployments install the Lucern kernel and identity components
5
+ * from npm, then copy canonical template rows for non-secret runtime defaults.
6
+ * This contract is intentionally exhaustive for the K/I tables: it separates
7
+ * rows that must be carried by the template deployments from rows that are
8
+ * runtime data, runtime credentials, logs, queues, or derived caches.
9
+ */
10
+ declare const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION: "2026-04-30";
11
+ declare const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS: readonly ["tenantId", "workspaceId", "principalId", "role", "authMode", "correlationId", "auditMetadata"];
12
+ type TenantBootstrapSeedAuthMetadataField = (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];
13
+ declare const TENANT_BOOTSTRAP_SEED_COMPONENTS: {
14
+ readonly kernel: {
15
+ readonly componentName: "lucern";
16
+ readonly templateService: "services/kernel-template";
17
+ readonly templateDeployments: {
18
+ readonly staging: "charming-okapi-787";
19
+ readonly prod: "brilliant-narwhal-889";
20
+ };
21
+ };
22
+ readonly identity: {
23
+ readonly componentName: "identity";
24
+ readonly templateService: "services/identity-template";
25
+ readonly templateDeployments: {
26
+ readonly staging: "charming-goldfinch-895";
27
+ readonly prod: "helpful-mule-694";
28
+ };
29
+ };
30
+ };
31
+ type TenantBootstrapSeedComponent = keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;
32
+ type TenantBootstrapSeedScope = "global" | "tenant";
33
+ type TenantBootstrapPrepopulation = "required_template" | "optional_template" | "runtime_bootstrap" | "runtime_data" | "runtime_log" | "runtime_secret" | "runtime_derived" | "runtime_queue";
34
+ type TenantBootstrapCopyMode = "template_global" | "template_tenant_rewrite" | "template_reference_remap" | "none";
35
+ type TenantBootstrapTableRequirement = {
36
+ component: TenantBootstrapSeedComponent;
37
+ table: string;
38
+ prepopulation: TenantBootstrapPrepopulation;
39
+ copyMode: TenantBootstrapCopyMode;
40
+ scope?: TenantBootstrapSeedScope;
41
+ uniqueKey?: readonly string[];
42
+ dependsOn?: readonly string[];
43
+ description: string;
44
+ };
45
+ type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {
46
+ copyMode: "template_global" | "template_tenant_rewrite" | "template_reference_remap";
47
+ scope: TenantBootstrapSeedScope;
48
+ uniqueKey: readonly string[];
49
+ };
50
+ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
51
+ readonly component: "kernel";
52
+ readonly table: "agentMessages";
53
+ readonly prepopulation: "runtime_data";
54
+ readonly copyMode: "none";
55
+ readonly description: "Agent coordination messages are session data, not template data.";
56
+ }, {
57
+ readonly component: "kernel";
58
+ readonly table: "agentSessions";
59
+ readonly prepopulation: "runtime_data";
60
+ readonly copyMode: "none";
61
+ readonly description: "Agent coordination sessions are created by active clients.";
62
+ }, {
63
+ readonly component: "kernel";
64
+ readonly table: "autofixJobs";
65
+ readonly prepopulation: "runtime_queue";
66
+ readonly copyMode: "none";
67
+ readonly description: "Autofix work items are runtime queue rows.";
68
+ }, {
69
+ readonly component: "kernel";
70
+ readonly table: "backgroundJobRuns";
71
+ readonly prepopulation: "runtime_log";
72
+ readonly copyMode: "none";
73
+ readonly description: "Background job executions are runtime logs.";
74
+ }, {
75
+ readonly component: "kernel";
76
+ readonly table: "backgroundJobSettings";
77
+ readonly prepopulation: "required_template";
78
+ readonly copyMode: "template_global";
79
+ readonly scope: "global";
80
+ readonly uniqueKey: readonly ["jobKey"];
81
+ readonly description: "Default job enablement settings must come from the K template.";
82
+ }, {
83
+ readonly component: "kernel";
84
+ readonly table: "beliefConfidence";
85
+ readonly prepopulation: "runtime_data";
86
+ readonly copyMode: "none";
87
+ readonly description: "Belief confidence rows are created with tenant graph facts.";
88
+ }, {
89
+ readonly component: "kernel";
90
+ readonly table: "beliefEvidenceLinks";
91
+ readonly prepopulation: "runtime_data";
92
+ readonly copyMode: "none";
93
+ readonly description: "Belief-to-evidence links are tenant graph data.";
94
+ }, {
95
+ readonly component: "kernel";
96
+ readonly table: "beliefHistory";
97
+ readonly prepopulation: "runtime_data";
98
+ readonly copyMode: "none";
99
+ readonly description: "Belief history is append-only tenant graph data.";
100
+ }, {
101
+ readonly component: "kernel";
102
+ readonly table: "beliefScenarios";
103
+ readonly prepopulation: "runtime_data";
104
+ readonly copyMode: "none";
105
+ readonly description: "Scenario rows are tenant-authored reasoning data.";
106
+ }, {
107
+ readonly component: "kernel";
108
+ readonly table: "beliefVotes";
109
+ readonly prepopulation: "runtime_data";
110
+ readonly copyMode: "none";
111
+ readonly description: "Decision belief votes are tenant-authored data.";
112
+ }, {
113
+ readonly component: "kernel";
114
+ readonly table: "calibrationScores";
115
+ readonly prepopulation: "runtime_derived";
116
+ readonly copyMode: "none";
117
+ readonly description: "Calibration scores are computed from tenant outcomes.";
118
+ }, {
119
+ readonly component: "kernel";
120
+ readonly table: "contractEvaluations";
121
+ readonly prepopulation: "runtime_log";
122
+ readonly copyMode: "none";
123
+ readonly description: "Contract evaluation rows are runtime computation logs.";
124
+ }, {
125
+ readonly component: "kernel";
126
+ readonly table: "contradictions";
127
+ readonly prepopulation: "runtime_data";
128
+ readonly copyMode: "none";
129
+ readonly description: "Contradictions are tenant graph facts.";
130
+ }, {
131
+ readonly component: "kernel";
132
+ readonly table: "crossProjectConnections";
133
+ readonly prepopulation: "runtime_data";
134
+ readonly copyMode: "none";
135
+ readonly description: "Cross-topic connections are tenant graph facts.";
136
+ }, {
137
+ readonly component: "kernel";
138
+ readonly table: "decisionComputedSummaries";
139
+ readonly prepopulation: "runtime_derived";
140
+ readonly copyMode: "none";
141
+ readonly description: "Decision summaries are derived tenant outputs.";
142
+ }, {
143
+ readonly component: "kernel";
144
+ readonly table: "decisionEvents";
145
+ readonly prepopulation: "runtime_data";
146
+ readonly copyMode: "none";
147
+ readonly description: "Decision events are lifecycle data.";
148
+ }, {
149
+ readonly component: "kernel";
150
+ readonly table: "decisionParticipants";
151
+ readonly prepopulation: "runtime_data";
152
+ readonly copyMode: "none";
153
+ readonly description: "Decision participants are tenant-selected actors.";
154
+ }, {
155
+ readonly component: "kernel";
156
+ readonly table: "decisionRiskLedger";
157
+ readonly prepopulation: "runtime_data";
158
+ readonly copyMode: "none";
159
+ readonly description: "Decision risk rows are tenant decision data.";
160
+ }, {
161
+ readonly component: "kernel";
162
+ readonly table: "decisionSnapshots";
163
+ readonly prepopulation: "runtime_derived";
164
+ readonly copyMode: "none";
165
+ readonly description: "Decision snapshots are derived from tenant state.";
166
+ }, {
167
+ readonly component: "kernel";
168
+ readonly table: "deliberationContributions";
169
+ readonly prepopulation: "runtime_data";
170
+ readonly copyMode: "none";
171
+ readonly description: "Deliberation contributions are tenant-authored data.";
172
+ }, {
173
+ readonly component: "kernel";
174
+ readonly table: "deliberationSessions";
175
+ readonly prepopulation: "runtime_data";
176
+ readonly copyMode: "none";
177
+ readonly description: "Deliberation sessions are created by tenant workflows.";
178
+ }, {
179
+ readonly component: "kernel";
180
+ readonly table: "epistemicAudit";
181
+ readonly prepopulation: "runtime_log";
182
+ readonly copyMode: "none";
183
+ readonly description: "Epistemic audit rows are append-only runtime audit data.";
184
+ }, {
185
+ readonly component: "kernel";
186
+ readonly table: "epistemicContracts";
187
+ readonly prepopulation: "runtime_data";
188
+ readonly copyMode: "none";
189
+ readonly description: "Epistemic contracts are tenant-authored governance data.";
190
+ }, {
191
+ readonly component: "kernel";
192
+ readonly table: "epistemicEdges";
193
+ readonly prepopulation: "runtime_data";
194
+ readonly copyMode: "none";
195
+ readonly description: "Edges are tenant reasoning graph data.";
196
+ }, {
197
+ readonly component: "kernel";
198
+ readonly table: "epistemicNodeEmbeddings";
199
+ readonly prepopulation: "runtime_derived";
200
+ readonly copyMode: "none";
201
+ readonly description: "Embeddings are derived from tenant graph nodes.";
202
+ }, {
203
+ readonly component: "kernel";
204
+ readonly table: "epistemicNodes";
205
+ readonly prepopulation: "runtime_data";
206
+ readonly copyMode: "none";
207
+ readonly description: "Nodes are tenant reasoning graph data.";
208
+ }, {
209
+ readonly component: "kernel";
210
+ readonly table: "graphAnalysisCache";
211
+ readonly prepopulation: "runtime_derived";
212
+ readonly copyMode: "none";
213
+ readonly description: "Graph analysis cache rows are derived from tenant graph state.";
214
+ }, {
215
+ readonly component: "kernel";
216
+ readonly table: "graphAnalysisResults";
217
+ readonly prepopulation: "runtime_derived";
218
+ readonly copyMode: "none";
219
+ readonly description: "Graph analysis result rows are derived tenant outputs.";
220
+ }, {
221
+ readonly component: "kernel";
222
+ readonly table: "graphSuggestions";
223
+ readonly prepopulation: "runtime_derived";
224
+ readonly copyMode: "none";
225
+ readonly description: "Graph suggestions are derived recommendations.";
226
+ }, {
227
+ readonly component: "kernel";
228
+ readonly table: "harnessReplays";
229
+ readonly prepopulation: "runtime_log";
230
+ readonly copyMode: "none";
231
+ readonly description: "Harness replay rows are runtime verification logs.";
232
+ }, {
233
+ readonly component: "kernel";
234
+ readonly table: "harnessRuns";
235
+ readonly prepopulation: "runtime_log";
236
+ readonly copyMode: "none";
237
+ readonly description: "Harness run rows are runtime verification logs.";
238
+ }, {
239
+ readonly component: "kernel";
240
+ readonly table: "idempotencyTokens";
241
+ readonly prepopulation: "runtime_log";
242
+ readonly copyMode: "none";
243
+ readonly description: "Idempotency tokens are request-scoped runtime guards.";
244
+ }, {
245
+ readonly component: "kernel";
246
+ readonly table: "lenses";
247
+ readonly prepopulation: "optional_template";
248
+ readonly copyMode: "none";
249
+ readonly description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.";
250
+ }, {
251
+ readonly component: "kernel";
252
+ readonly table: "lensTopicBindings";
253
+ readonly prepopulation: "runtime_data";
254
+ readonly copyMode: "none";
255
+ readonly description: "Lens bindings attach runtime topics to runtime/workspace lenses.";
256
+ }, {
257
+ readonly component: "kernel";
258
+ readonly table: "neo4jSyncQueue";
259
+ readonly prepopulation: "runtime_queue";
260
+ readonly copyMode: "none";
261
+ readonly description: "Neo4j sync queue rows are runtime work items.";
262
+ }, {
263
+ readonly component: "kernel";
264
+ readonly table: "ontologyDefinitions";
265
+ readonly prepopulation: "required_template";
266
+ readonly copyMode: "template_global";
267
+ readonly scope: "global";
268
+ readonly uniqueKey: readonly ["ontologyKey"];
269
+ readonly description: "Platform ontology definitions power taxonomy reads and effective ontology resolution.";
270
+ }, {
271
+ readonly component: "kernel";
272
+ readonly table: "ontologyVersions";
273
+ readonly prepopulation: "required_template";
274
+ readonly copyMode: "template_reference_remap";
275
+ readonly scope: "global";
276
+ readonly uniqueKey: readonly ["ontologyKey", "version"];
277
+ readonly dependsOn: readonly ["ontologyDefinitions"];
278
+ readonly description: "Ontology versions must be copied with ontologyDefinition ID remapping.";
279
+ }, {
280
+ readonly component: "kernel";
281
+ readonly table: "platformAgentRunPolicyDecisions";
282
+ readonly prepopulation: "runtime_log";
283
+ readonly copyMode: "none";
284
+ readonly description: "Agent-run policy decisions are audit logs.";
285
+ }, {
286
+ readonly component: "kernel";
287
+ readonly table: "platformAgentRunPromptResolutions";
288
+ readonly prepopulation: "runtime_log";
289
+ readonly copyMode: "none";
290
+ readonly description: "Agent-run prompt resolution rows are runtime logs.";
291
+ }, {
292
+ readonly component: "kernel";
293
+ readonly table: "platformAgentRuns";
294
+ readonly prepopulation: "runtime_log";
295
+ readonly copyMode: "none";
296
+ readonly description: "Agent runs are runtime execution records.";
297
+ }, {
298
+ readonly component: "kernel";
299
+ readonly table: "platformAgentRunToolCalls";
300
+ readonly prepopulation: "runtime_log";
301
+ readonly copyMode: "none";
302
+ readonly description: "Agent-run tool calls are runtime execution records.";
303
+ }, {
304
+ readonly component: "kernel";
305
+ readonly table: "platformHarnessShadowAudit";
306
+ readonly prepopulation: "runtime_log";
307
+ readonly copyMode: "none";
308
+ readonly description: "Harness shadow audit rows are runtime audit records.";
309
+ }, {
310
+ readonly component: "kernel";
311
+ readonly table: "publicationRules";
312
+ readonly prepopulation: "required_template";
313
+ readonly copyMode: "template_tenant_rewrite";
314
+ readonly scope: "tenant";
315
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "name"];
316
+ readonly description: "Default publication policy rules are rewritten into each tenant.";
317
+ }, {
318
+ readonly component: "kernel";
319
+ readonly table: "questionEvidenceLinks";
320
+ readonly prepopulation: "runtime_data";
321
+ readonly copyMode: "none";
322
+ readonly description: "Question-to-evidence links are tenant graph data.";
323
+ }, {
324
+ readonly component: "kernel";
325
+ readonly table: "researchJobs";
326
+ readonly prepopulation: "runtime_queue";
327
+ readonly copyMode: "none";
328
+ readonly description: "Research job rows are runtime queue items.";
329
+ }, {
330
+ readonly component: "kernel";
331
+ readonly table: "schemaEnumConfig";
332
+ readonly prepopulation: "required_template";
333
+ readonly copyMode: "template_global";
334
+ readonly scope: "global";
335
+ readonly uniqueKey: readonly ["category", "value"];
336
+ readonly description: "Runtime-extensible enum defaults required by SDK graph APIs.";
337
+ }, {
338
+ readonly component: "kernel";
339
+ readonly table: "stakeholderGroups";
340
+ readonly prepopulation: "runtime_data";
341
+ readonly copyMode: "none";
342
+ readonly description: "Stakeholder groups are tenant decision data.";
343
+ }, {
344
+ readonly component: "kernel";
345
+ readonly table: "systemLogs";
346
+ readonly prepopulation: "runtime_log";
347
+ readonly copyMode: "none";
348
+ readonly description: "System logs are runtime telemetry.";
349
+ }, {
350
+ readonly component: "kernel";
351
+ readonly table: "tasks";
352
+ readonly prepopulation: "runtime_data";
353
+ readonly copyMode: "none";
354
+ readonly description: "Tasks are tenant-authored work items.";
355
+ }, {
356
+ readonly component: "kernel";
357
+ readonly table: "topics";
358
+ readonly prepopulation: "runtime_bootstrap";
359
+ readonly copyMode: "none";
360
+ readonly description: "Default topics are created by tenant provisioning, not copied from templates.";
361
+ }, {
362
+ readonly component: "kernel";
363
+ readonly table: "workflowDefinitions";
364
+ readonly prepopulation: "optional_template";
365
+ readonly copyMode: "none";
366
+ readonly description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.";
367
+ }, {
368
+ readonly component: "kernel";
369
+ readonly table: "workflowPullRequests";
370
+ readonly prepopulation: "runtime_data";
371
+ readonly copyMode: "none";
372
+ readonly description: "Workflow pull requests are tenant workflow data.";
373
+ }, {
374
+ readonly component: "kernel";
375
+ readonly table: "workflowStages";
376
+ readonly prepopulation: "optional_template";
377
+ readonly copyMode: "none";
378
+ readonly dependsOn: readonly ["workflowDefinitions"];
379
+ readonly description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.";
380
+ }, {
381
+ readonly component: "kernel";
382
+ readonly table: "worktreeBeliefCluster";
383
+ readonly prepopulation: "runtime_data";
384
+ readonly copyMode: "none";
385
+ readonly description: "Worktree cluster rows link runtime worktrees to runtime beliefs.";
386
+ }, {
387
+ readonly component: "kernel";
388
+ readonly table: "worktrees";
389
+ readonly prepopulation: "runtime_data";
390
+ readonly copyMode: "none";
391
+ readonly description: "Worktrees are tenant/runtime planning data.";
392
+ }, {
393
+ readonly component: "identity";
394
+ readonly table: "agents";
395
+ readonly prepopulation: "runtime_bootstrap";
396
+ readonly copyMode: "none";
397
+ readonly description: "Service agents are provisioned per tenant or service, not copied.";
398
+ }, {
399
+ readonly component: "identity";
400
+ readonly table: "mcpWritePolicy";
401
+ readonly prepopulation: "required_template";
402
+ readonly copyMode: "template_global";
403
+ readonly scope: "global";
404
+ readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
405
+ readonly description: "Global write policy defaults govern service and interactive MCP writes.";
406
+ }, {
407
+ readonly component: "identity";
408
+ readonly table: "modelCallLogs";
409
+ readonly prepopulation: "runtime_log";
410
+ readonly copyMode: "none";
411
+ readonly description: "Model call logs are runtime telemetry.";
412
+ }, {
413
+ readonly component: "identity";
414
+ readonly table: "modelFunctionSlots";
415
+ readonly prepopulation: "required_template";
416
+ readonly copyMode: "template_global";
417
+ readonly scope: "global";
418
+ readonly uniqueKey: readonly ["slot"];
419
+ readonly description: "Function-to-model slots are required by model runtime resolution.";
420
+ }, {
421
+ readonly component: "identity";
422
+ readonly table: "modelRegistry";
423
+ readonly prepopulation: "required_template";
424
+ readonly copyMode: "template_global";
425
+ readonly scope: "global";
426
+ readonly uniqueKey: readonly ["key"];
427
+ readonly description: "Model catalog defaults are required by model runtime clients.";
428
+ }, {
429
+ readonly component: "identity";
430
+ readonly table: "modelSlotConfigs";
431
+ readonly prepopulation: "required_template";
432
+ readonly copyMode: "template_global";
433
+ readonly scope: "global";
434
+ readonly uniqueKey: readonly ["slot"];
435
+ readonly description: "Slot-level defaults are required before tenant overrides exist.";
436
+ }, {
437
+ readonly component: "identity";
438
+ readonly table: "platformAudienceGrants";
439
+ readonly prepopulation: "runtime_data";
440
+ readonly copyMode: "none";
441
+ readonly description: "Audience grants are principal/group-specific access rows.";
442
+ }, {
443
+ readonly component: "identity";
444
+ readonly table: "platformAudiences";
445
+ readonly prepopulation: "required_template";
446
+ readonly copyMode: "template_tenant_rewrite";
447
+ readonly scope: "tenant";
448
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
449
+ readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
450
+ }, {
451
+ readonly component: "identity";
452
+ readonly table: "platformPolicyDecisionLogs";
453
+ readonly prepopulation: "runtime_log";
454
+ readonly copyMode: "none";
455
+ readonly description: "Policy decisions are runtime audit logs.";
456
+ }, {
457
+ readonly component: "identity";
458
+ readonly table: "projectGrants";
459
+ readonly prepopulation: "runtime_data";
460
+ readonly copyMode: "none";
461
+ readonly description: "Project/topic grants are principal or group-specific access rows.";
462
+ }, {
463
+ readonly component: "identity";
464
+ readonly table: "reasoningPermissions";
465
+ readonly prepopulation: "runtime_data";
466
+ readonly copyMode: "none";
467
+ readonly description: "Reasoning permissions are principal-specific policy rows.";
468
+ }, {
469
+ readonly component: "identity";
470
+ readonly table: "tenantApiKeys";
471
+ readonly prepopulation: "runtime_secret";
472
+ readonly copyMode: "none";
473
+ readonly description: "API keys are tenant credentials and must never be copied.";
474
+ }, {
475
+ readonly component: "identity";
476
+ readonly table: "tenantConfig";
477
+ readonly prepopulation: "required_template";
478
+ readonly copyMode: "template_tenant_rewrite";
479
+ readonly scope: "tenant";
480
+ readonly uniqueKey: readonly ["tenantId"];
481
+ readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
482
+ }, {
483
+ readonly component: "identity";
484
+ readonly table: "tenantIntegrations";
485
+ readonly prepopulation: "required_template";
486
+ readonly copyMode: "template_tenant_rewrite";
487
+ readonly scope: "tenant";
488
+ readonly uniqueKey: readonly ["tenantId", "integrationKey"];
489
+ readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
490
+ }, {
491
+ readonly component: "identity";
492
+ readonly table: "tenantModelSlotBindings";
493
+ readonly prepopulation: "runtime_secret";
494
+ readonly copyMode: "none";
495
+ readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
496
+ }, {
497
+ readonly component: "identity";
498
+ readonly table: "tenantPolicies";
499
+ readonly prepopulation: "required_template";
500
+ readonly copyMode: "template_tenant_rewrite";
501
+ readonly scope: "tenant";
502
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
503
+ readonly description: "Default tenant policy roles are rewritten during bootstrap.";
504
+ }, {
505
+ readonly component: "identity";
506
+ readonly table: "tenantProviderSecrets";
507
+ readonly prepopulation: "runtime_secret";
508
+ readonly copyMode: "none";
509
+ readonly description: "Provider secrets are credentials and must never be copied.";
510
+ }, {
511
+ readonly component: "identity";
512
+ readonly table: "tenantProxyGatewayUsage";
513
+ readonly prepopulation: "runtime_log";
514
+ readonly copyMode: "none";
515
+ readonly description: "Proxy gateway usage rows are runtime telemetry.";
516
+ }, {
517
+ readonly component: "identity";
518
+ readonly table: "tenantProxyTokenMints";
519
+ readonly prepopulation: "runtime_secret";
520
+ readonly copyMode: "none";
521
+ readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
522
+ }, {
523
+ readonly component: "identity";
524
+ readonly table: "tenantSandboxAuditEvents";
525
+ readonly prepopulation: "runtime_log";
526
+ readonly copyMode: "none";
527
+ readonly description: "Sandbox audit rows are runtime security logs.";
528
+ }, {
529
+ readonly component: "identity";
530
+ readonly table: "tenantSecrets";
531
+ readonly prepopulation: "runtime_secret";
532
+ readonly copyMode: "none";
533
+ readonly description: "Tenant secrets are credentials and must never be copied.";
534
+ }, {
535
+ readonly component: "identity";
536
+ readonly table: "toolAcls";
537
+ readonly prepopulation: "required_template";
538
+ readonly copyMode: "template_global";
539
+ readonly scope: "global";
540
+ readonly uniqueKey: readonly ["role", "toolName"];
541
+ readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
542
+ }, {
543
+ readonly component: "identity";
544
+ readonly table: "toolRegistry";
545
+ readonly prepopulation: "required_template";
546
+ readonly copyMode: "template_global";
547
+ readonly scope: "global";
548
+ readonly uniqueKey: readonly ["toolName"];
549
+ readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
550
+ }, {
551
+ readonly component: "identity";
552
+ readonly table: "users";
553
+ readonly prepopulation: "runtime_bootstrap";
554
+ readonly copyMode: "none";
555
+ readonly description: "Users are created from Clerk/MC principal resolution, not copied.";
556
+ }];
557
+ declare const TENANT_BOOTSTRAP_SEED_TABLES: readonly TenantBootstrapSeedTable[];
558
+ type TenantBootstrapSeedTableName = (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number]["table"];
559
+ declare const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES: readonly string[];
560
+ type TenantBootstrapForbiddenSeedTable = (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];
561
+ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
562
+ readonly contractVersion: "2026-04-30";
563
+ readonly authMetadataFields: readonly ["tenantId", "workspaceId", "principalId", "role", "authMode", "correlationId", "auditMetadata"];
564
+ readonly components: {
565
+ readonly kernel: {
566
+ readonly componentName: "lucern";
567
+ readonly templateService: "services/kernel-template";
568
+ readonly templateDeployments: {
569
+ readonly staging: "charming-okapi-787";
570
+ readonly prod: "brilliant-narwhal-889";
571
+ };
572
+ };
573
+ readonly identity: {
574
+ readonly componentName: "identity";
575
+ readonly templateService: "services/identity-template";
576
+ readonly templateDeployments: {
577
+ readonly staging: "charming-goldfinch-895";
578
+ readonly prod: "helpful-mule-694";
579
+ };
580
+ };
581
+ };
582
+ readonly tableRequirements: readonly [{
583
+ readonly component: "kernel";
584
+ readonly table: "agentMessages";
585
+ readonly prepopulation: "runtime_data";
586
+ readonly copyMode: "none";
587
+ readonly description: "Agent coordination messages are session data, not template data.";
588
+ }, {
589
+ readonly component: "kernel";
590
+ readonly table: "agentSessions";
591
+ readonly prepopulation: "runtime_data";
592
+ readonly copyMode: "none";
593
+ readonly description: "Agent coordination sessions are created by active clients.";
594
+ }, {
595
+ readonly component: "kernel";
596
+ readonly table: "autofixJobs";
597
+ readonly prepopulation: "runtime_queue";
598
+ readonly copyMode: "none";
599
+ readonly description: "Autofix work items are runtime queue rows.";
600
+ }, {
601
+ readonly component: "kernel";
602
+ readonly table: "backgroundJobRuns";
603
+ readonly prepopulation: "runtime_log";
604
+ readonly copyMode: "none";
605
+ readonly description: "Background job executions are runtime logs.";
606
+ }, {
607
+ readonly component: "kernel";
608
+ readonly table: "backgroundJobSettings";
609
+ readonly prepopulation: "required_template";
610
+ readonly copyMode: "template_global";
611
+ readonly scope: "global";
612
+ readonly uniqueKey: readonly ["jobKey"];
613
+ readonly description: "Default job enablement settings must come from the K template.";
614
+ }, {
615
+ readonly component: "kernel";
616
+ readonly table: "beliefConfidence";
617
+ readonly prepopulation: "runtime_data";
618
+ readonly copyMode: "none";
619
+ readonly description: "Belief confidence rows are created with tenant graph facts.";
620
+ }, {
621
+ readonly component: "kernel";
622
+ readonly table: "beliefEvidenceLinks";
623
+ readonly prepopulation: "runtime_data";
624
+ readonly copyMode: "none";
625
+ readonly description: "Belief-to-evidence links are tenant graph data.";
626
+ }, {
627
+ readonly component: "kernel";
628
+ readonly table: "beliefHistory";
629
+ readonly prepopulation: "runtime_data";
630
+ readonly copyMode: "none";
631
+ readonly description: "Belief history is append-only tenant graph data.";
632
+ }, {
633
+ readonly component: "kernel";
634
+ readonly table: "beliefScenarios";
635
+ readonly prepopulation: "runtime_data";
636
+ readonly copyMode: "none";
637
+ readonly description: "Scenario rows are tenant-authored reasoning data.";
638
+ }, {
639
+ readonly component: "kernel";
640
+ readonly table: "beliefVotes";
641
+ readonly prepopulation: "runtime_data";
642
+ readonly copyMode: "none";
643
+ readonly description: "Decision belief votes are tenant-authored data.";
644
+ }, {
645
+ readonly component: "kernel";
646
+ readonly table: "calibrationScores";
647
+ readonly prepopulation: "runtime_derived";
648
+ readonly copyMode: "none";
649
+ readonly description: "Calibration scores are computed from tenant outcomes.";
650
+ }, {
651
+ readonly component: "kernel";
652
+ readonly table: "contractEvaluations";
653
+ readonly prepopulation: "runtime_log";
654
+ readonly copyMode: "none";
655
+ readonly description: "Contract evaluation rows are runtime computation logs.";
656
+ }, {
657
+ readonly component: "kernel";
658
+ readonly table: "contradictions";
659
+ readonly prepopulation: "runtime_data";
660
+ readonly copyMode: "none";
661
+ readonly description: "Contradictions are tenant graph facts.";
662
+ }, {
663
+ readonly component: "kernel";
664
+ readonly table: "crossProjectConnections";
665
+ readonly prepopulation: "runtime_data";
666
+ readonly copyMode: "none";
667
+ readonly description: "Cross-topic connections are tenant graph facts.";
668
+ }, {
669
+ readonly component: "kernel";
670
+ readonly table: "decisionComputedSummaries";
671
+ readonly prepopulation: "runtime_derived";
672
+ readonly copyMode: "none";
673
+ readonly description: "Decision summaries are derived tenant outputs.";
674
+ }, {
675
+ readonly component: "kernel";
676
+ readonly table: "decisionEvents";
677
+ readonly prepopulation: "runtime_data";
678
+ readonly copyMode: "none";
679
+ readonly description: "Decision events are lifecycle data.";
680
+ }, {
681
+ readonly component: "kernel";
682
+ readonly table: "decisionParticipants";
683
+ readonly prepopulation: "runtime_data";
684
+ readonly copyMode: "none";
685
+ readonly description: "Decision participants are tenant-selected actors.";
686
+ }, {
687
+ readonly component: "kernel";
688
+ readonly table: "decisionRiskLedger";
689
+ readonly prepopulation: "runtime_data";
690
+ readonly copyMode: "none";
691
+ readonly description: "Decision risk rows are tenant decision data.";
692
+ }, {
693
+ readonly component: "kernel";
694
+ readonly table: "decisionSnapshots";
695
+ readonly prepopulation: "runtime_derived";
696
+ readonly copyMode: "none";
697
+ readonly description: "Decision snapshots are derived from tenant state.";
698
+ }, {
699
+ readonly component: "kernel";
700
+ readonly table: "deliberationContributions";
701
+ readonly prepopulation: "runtime_data";
702
+ readonly copyMode: "none";
703
+ readonly description: "Deliberation contributions are tenant-authored data.";
704
+ }, {
705
+ readonly component: "kernel";
706
+ readonly table: "deliberationSessions";
707
+ readonly prepopulation: "runtime_data";
708
+ readonly copyMode: "none";
709
+ readonly description: "Deliberation sessions are created by tenant workflows.";
710
+ }, {
711
+ readonly component: "kernel";
712
+ readonly table: "epistemicAudit";
713
+ readonly prepopulation: "runtime_log";
714
+ readonly copyMode: "none";
715
+ readonly description: "Epistemic audit rows are append-only runtime audit data.";
716
+ }, {
717
+ readonly component: "kernel";
718
+ readonly table: "epistemicContracts";
719
+ readonly prepopulation: "runtime_data";
720
+ readonly copyMode: "none";
721
+ readonly description: "Epistemic contracts are tenant-authored governance data.";
722
+ }, {
723
+ readonly component: "kernel";
724
+ readonly table: "epistemicEdges";
725
+ readonly prepopulation: "runtime_data";
726
+ readonly copyMode: "none";
727
+ readonly description: "Edges are tenant reasoning graph data.";
728
+ }, {
729
+ readonly component: "kernel";
730
+ readonly table: "epistemicNodeEmbeddings";
731
+ readonly prepopulation: "runtime_derived";
732
+ readonly copyMode: "none";
733
+ readonly description: "Embeddings are derived from tenant graph nodes.";
734
+ }, {
735
+ readonly component: "kernel";
736
+ readonly table: "epistemicNodes";
737
+ readonly prepopulation: "runtime_data";
738
+ readonly copyMode: "none";
739
+ readonly description: "Nodes are tenant reasoning graph data.";
740
+ }, {
741
+ readonly component: "kernel";
742
+ readonly table: "graphAnalysisCache";
743
+ readonly prepopulation: "runtime_derived";
744
+ readonly copyMode: "none";
745
+ readonly description: "Graph analysis cache rows are derived from tenant graph state.";
746
+ }, {
747
+ readonly component: "kernel";
748
+ readonly table: "graphAnalysisResults";
749
+ readonly prepopulation: "runtime_derived";
750
+ readonly copyMode: "none";
751
+ readonly description: "Graph analysis result rows are derived tenant outputs.";
752
+ }, {
753
+ readonly component: "kernel";
754
+ readonly table: "graphSuggestions";
755
+ readonly prepopulation: "runtime_derived";
756
+ readonly copyMode: "none";
757
+ readonly description: "Graph suggestions are derived recommendations.";
758
+ }, {
759
+ readonly component: "kernel";
760
+ readonly table: "harnessReplays";
761
+ readonly prepopulation: "runtime_log";
762
+ readonly copyMode: "none";
763
+ readonly description: "Harness replay rows are runtime verification logs.";
764
+ }, {
765
+ readonly component: "kernel";
766
+ readonly table: "harnessRuns";
767
+ readonly prepopulation: "runtime_log";
768
+ readonly copyMode: "none";
769
+ readonly description: "Harness run rows are runtime verification logs.";
770
+ }, {
771
+ readonly component: "kernel";
772
+ readonly table: "idempotencyTokens";
773
+ readonly prepopulation: "runtime_log";
774
+ readonly copyMode: "none";
775
+ readonly description: "Idempotency tokens are request-scoped runtime guards.";
776
+ }, {
777
+ readonly component: "kernel";
778
+ readonly table: "lenses";
779
+ readonly prepopulation: "optional_template";
780
+ readonly copyMode: "none";
781
+ readonly description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.";
782
+ }, {
783
+ readonly component: "kernel";
784
+ readonly table: "lensTopicBindings";
785
+ readonly prepopulation: "runtime_data";
786
+ readonly copyMode: "none";
787
+ readonly description: "Lens bindings attach runtime topics to runtime/workspace lenses.";
788
+ }, {
789
+ readonly component: "kernel";
790
+ readonly table: "neo4jSyncQueue";
791
+ readonly prepopulation: "runtime_queue";
792
+ readonly copyMode: "none";
793
+ readonly description: "Neo4j sync queue rows are runtime work items.";
794
+ }, {
795
+ readonly component: "kernel";
796
+ readonly table: "ontologyDefinitions";
797
+ readonly prepopulation: "required_template";
798
+ readonly copyMode: "template_global";
799
+ readonly scope: "global";
800
+ readonly uniqueKey: readonly ["ontologyKey"];
801
+ readonly description: "Platform ontology definitions power taxonomy reads and effective ontology resolution.";
802
+ }, {
803
+ readonly component: "kernel";
804
+ readonly table: "ontologyVersions";
805
+ readonly prepopulation: "required_template";
806
+ readonly copyMode: "template_reference_remap";
807
+ readonly scope: "global";
808
+ readonly uniqueKey: readonly ["ontologyKey", "version"];
809
+ readonly dependsOn: readonly ["ontologyDefinitions"];
810
+ readonly description: "Ontology versions must be copied with ontologyDefinition ID remapping.";
811
+ }, {
812
+ readonly component: "kernel";
813
+ readonly table: "platformAgentRunPolicyDecisions";
814
+ readonly prepopulation: "runtime_log";
815
+ readonly copyMode: "none";
816
+ readonly description: "Agent-run policy decisions are audit logs.";
817
+ }, {
818
+ readonly component: "kernel";
819
+ readonly table: "platformAgentRunPromptResolutions";
820
+ readonly prepopulation: "runtime_log";
821
+ readonly copyMode: "none";
822
+ readonly description: "Agent-run prompt resolution rows are runtime logs.";
823
+ }, {
824
+ readonly component: "kernel";
825
+ readonly table: "platformAgentRuns";
826
+ readonly prepopulation: "runtime_log";
827
+ readonly copyMode: "none";
828
+ readonly description: "Agent runs are runtime execution records.";
829
+ }, {
830
+ readonly component: "kernel";
831
+ readonly table: "platformAgentRunToolCalls";
832
+ readonly prepopulation: "runtime_log";
833
+ readonly copyMode: "none";
834
+ readonly description: "Agent-run tool calls are runtime execution records.";
835
+ }, {
836
+ readonly component: "kernel";
837
+ readonly table: "platformHarnessShadowAudit";
838
+ readonly prepopulation: "runtime_log";
839
+ readonly copyMode: "none";
840
+ readonly description: "Harness shadow audit rows are runtime audit records.";
841
+ }, {
842
+ readonly component: "kernel";
843
+ readonly table: "publicationRules";
844
+ readonly prepopulation: "required_template";
845
+ readonly copyMode: "template_tenant_rewrite";
846
+ readonly scope: "tenant";
847
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "name"];
848
+ readonly description: "Default publication policy rules are rewritten into each tenant.";
849
+ }, {
850
+ readonly component: "kernel";
851
+ readonly table: "questionEvidenceLinks";
852
+ readonly prepopulation: "runtime_data";
853
+ readonly copyMode: "none";
854
+ readonly description: "Question-to-evidence links are tenant graph data.";
855
+ }, {
856
+ readonly component: "kernel";
857
+ readonly table: "researchJobs";
858
+ readonly prepopulation: "runtime_queue";
859
+ readonly copyMode: "none";
860
+ readonly description: "Research job rows are runtime queue items.";
861
+ }, {
862
+ readonly component: "kernel";
863
+ readonly table: "schemaEnumConfig";
864
+ readonly prepopulation: "required_template";
865
+ readonly copyMode: "template_global";
866
+ readonly scope: "global";
867
+ readonly uniqueKey: readonly ["category", "value"];
868
+ readonly description: "Runtime-extensible enum defaults required by SDK graph APIs.";
869
+ }, {
870
+ readonly component: "kernel";
871
+ readonly table: "stakeholderGroups";
872
+ readonly prepopulation: "runtime_data";
873
+ readonly copyMode: "none";
874
+ readonly description: "Stakeholder groups are tenant decision data.";
875
+ }, {
876
+ readonly component: "kernel";
877
+ readonly table: "systemLogs";
878
+ readonly prepopulation: "runtime_log";
879
+ readonly copyMode: "none";
880
+ readonly description: "System logs are runtime telemetry.";
881
+ }, {
882
+ readonly component: "kernel";
883
+ readonly table: "tasks";
884
+ readonly prepopulation: "runtime_data";
885
+ readonly copyMode: "none";
886
+ readonly description: "Tasks are tenant-authored work items.";
887
+ }, {
888
+ readonly component: "kernel";
889
+ readonly table: "topics";
890
+ readonly prepopulation: "runtime_bootstrap";
891
+ readonly copyMode: "none";
892
+ readonly description: "Default topics are created by tenant provisioning, not copied from templates.";
893
+ }, {
894
+ readonly component: "kernel";
895
+ readonly table: "workflowDefinitions";
896
+ readonly prepopulation: "optional_template";
897
+ readonly copyMode: "none";
898
+ readonly description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.";
899
+ }, {
900
+ readonly component: "kernel";
901
+ readonly table: "workflowPullRequests";
902
+ readonly prepopulation: "runtime_data";
903
+ readonly copyMode: "none";
904
+ readonly description: "Workflow pull requests are tenant workflow data.";
905
+ }, {
906
+ readonly component: "kernel";
907
+ readonly table: "workflowStages";
908
+ readonly prepopulation: "optional_template";
909
+ readonly copyMode: "none";
910
+ readonly dependsOn: readonly ["workflowDefinitions"];
911
+ readonly description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.";
912
+ }, {
913
+ readonly component: "kernel";
914
+ readonly table: "worktreeBeliefCluster";
915
+ readonly prepopulation: "runtime_data";
916
+ readonly copyMode: "none";
917
+ readonly description: "Worktree cluster rows link runtime worktrees to runtime beliefs.";
918
+ }, {
919
+ readonly component: "kernel";
920
+ readonly table: "worktrees";
921
+ readonly prepopulation: "runtime_data";
922
+ readonly copyMode: "none";
923
+ readonly description: "Worktrees are tenant/runtime planning data.";
924
+ }, {
925
+ readonly component: "identity";
926
+ readonly table: "agents";
927
+ readonly prepopulation: "runtime_bootstrap";
928
+ readonly copyMode: "none";
929
+ readonly description: "Service agents are provisioned per tenant or service, not copied.";
930
+ }, {
931
+ readonly component: "identity";
932
+ readonly table: "mcpWritePolicy";
933
+ readonly prepopulation: "required_template";
934
+ readonly copyMode: "template_global";
935
+ readonly scope: "global";
936
+ readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
937
+ readonly description: "Global write policy defaults govern service and interactive MCP writes.";
938
+ }, {
939
+ readonly component: "identity";
940
+ readonly table: "modelCallLogs";
941
+ readonly prepopulation: "runtime_log";
942
+ readonly copyMode: "none";
943
+ readonly description: "Model call logs are runtime telemetry.";
944
+ }, {
945
+ readonly component: "identity";
946
+ readonly table: "modelFunctionSlots";
947
+ readonly prepopulation: "required_template";
948
+ readonly copyMode: "template_global";
949
+ readonly scope: "global";
950
+ readonly uniqueKey: readonly ["slot"];
951
+ readonly description: "Function-to-model slots are required by model runtime resolution.";
952
+ }, {
953
+ readonly component: "identity";
954
+ readonly table: "modelRegistry";
955
+ readonly prepopulation: "required_template";
956
+ readonly copyMode: "template_global";
957
+ readonly scope: "global";
958
+ readonly uniqueKey: readonly ["key"];
959
+ readonly description: "Model catalog defaults are required by model runtime clients.";
960
+ }, {
961
+ readonly component: "identity";
962
+ readonly table: "modelSlotConfigs";
963
+ readonly prepopulation: "required_template";
964
+ readonly copyMode: "template_global";
965
+ readonly scope: "global";
966
+ readonly uniqueKey: readonly ["slot"];
967
+ readonly description: "Slot-level defaults are required before tenant overrides exist.";
968
+ }, {
969
+ readonly component: "identity";
970
+ readonly table: "platformAudienceGrants";
971
+ readonly prepopulation: "runtime_data";
972
+ readonly copyMode: "none";
973
+ readonly description: "Audience grants are principal/group-specific access rows.";
974
+ }, {
975
+ readonly component: "identity";
976
+ readonly table: "platformAudiences";
977
+ readonly prepopulation: "required_template";
978
+ readonly copyMode: "template_tenant_rewrite";
979
+ readonly scope: "tenant";
980
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
981
+ readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
982
+ }, {
983
+ readonly component: "identity";
984
+ readonly table: "platformPolicyDecisionLogs";
985
+ readonly prepopulation: "runtime_log";
986
+ readonly copyMode: "none";
987
+ readonly description: "Policy decisions are runtime audit logs.";
988
+ }, {
989
+ readonly component: "identity";
990
+ readonly table: "projectGrants";
991
+ readonly prepopulation: "runtime_data";
992
+ readonly copyMode: "none";
993
+ readonly description: "Project/topic grants are principal or group-specific access rows.";
994
+ }, {
995
+ readonly component: "identity";
996
+ readonly table: "reasoningPermissions";
997
+ readonly prepopulation: "runtime_data";
998
+ readonly copyMode: "none";
999
+ readonly description: "Reasoning permissions are principal-specific policy rows.";
1000
+ }, {
1001
+ readonly component: "identity";
1002
+ readonly table: "tenantApiKeys";
1003
+ readonly prepopulation: "runtime_secret";
1004
+ readonly copyMode: "none";
1005
+ readonly description: "API keys are tenant credentials and must never be copied.";
1006
+ }, {
1007
+ readonly component: "identity";
1008
+ readonly table: "tenantConfig";
1009
+ readonly prepopulation: "required_template";
1010
+ readonly copyMode: "template_tenant_rewrite";
1011
+ readonly scope: "tenant";
1012
+ readonly uniqueKey: readonly ["tenantId"];
1013
+ readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
1014
+ }, {
1015
+ readonly component: "identity";
1016
+ readonly table: "tenantIntegrations";
1017
+ readonly prepopulation: "required_template";
1018
+ readonly copyMode: "template_tenant_rewrite";
1019
+ readonly scope: "tenant";
1020
+ readonly uniqueKey: readonly ["tenantId", "integrationKey"];
1021
+ readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
1022
+ }, {
1023
+ readonly component: "identity";
1024
+ readonly table: "tenantModelSlotBindings";
1025
+ readonly prepopulation: "runtime_secret";
1026
+ readonly copyMode: "none";
1027
+ readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
1028
+ }, {
1029
+ readonly component: "identity";
1030
+ readonly table: "tenantPolicies";
1031
+ readonly prepopulation: "required_template";
1032
+ readonly copyMode: "template_tenant_rewrite";
1033
+ readonly scope: "tenant";
1034
+ readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
1035
+ readonly description: "Default tenant policy roles are rewritten during bootstrap.";
1036
+ }, {
1037
+ readonly component: "identity";
1038
+ readonly table: "tenantProviderSecrets";
1039
+ readonly prepopulation: "runtime_secret";
1040
+ readonly copyMode: "none";
1041
+ readonly description: "Provider secrets are credentials and must never be copied.";
1042
+ }, {
1043
+ readonly component: "identity";
1044
+ readonly table: "tenantProxyGatewayUsage";
1045
+ readonly prepopulation: "runtime_log";
1046
+ readonly copyMode: "none";
1047
+ readonly description: "Proxy gateway usage rows are runtime telemetry.";
1048
+ }, {
1049
+ readonly component: "identity";
1050
+ readonly table: "tenantProxyTokenMints";
1051
+ readonly prepopulation: "runtime_secret";
1052
+ readonly copyMode: "none";
1053
+ readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
1054
+ }, {
1055
+ readonly component: "identity";
1056
+ readonly table: "tenantSandboxAuditEvents";
1057
+ readonly prepopulation: "runtime_log";
1058
+ readonly copyMode: "none";
1059
+ readonly description: "Sandbox audit rows are runtime security logs.";
1060
+ }, {
1061
+ readonly component: "identity";
1062
+ readonly table: "tenantSecrets";
1063
+ readonly prepopulation: "runtime_secret";
1064
+ readonly copyMode: "none";
1065
+ readonly description: "Tenant secrets are credentials and must never be copied.";
1066
+ }, {
1067
+ readonly component: "identity";
1068
+ readonly table: "toolAcls";
1069
+ readonly prepopulation: "required_template";
1070
+ readonly copyMode: "template_global";
1071
+ readonly scope: "global";
1072
+ readonly uniqueKey: readonly ["role", "toolName"];
1073
+ readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
1074
+ }, {
1075
+ readonly component: "identity";
1076
+ readonly table: "toolRegistry";
1077
+ readonly prepopulation: "required_template";
1078
+ readonly copyMode: "template_global";
1079
+ readonly scope: "global";
1080
+ readonly uniqueKey: readonly ["toolName"];
1081
+ readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
1082
+ }, {
1083
+ readonly component: "identity";
1084
+ readonly table: "users";
1085
+ readonly prepopulation: "runtime_bootstrap";
1086
+ readonly copyMode: "none";
1087
+ readonly description: "Users are created from Clerk/MC principal resolution, not copied.";
1088
+ }];
1089
+ readonly tables: readonly TenantBootstrapSeedTable[];
1090
+ readonly forbiddenTables: readonly string[];
1091
+ };
1092
+ declare function findTenantBootstrapTableRequirement(table: string): TenantBootstrapTableRequirement | undefined;
1093
+ declare function findTenantBootstrapSeedTable(table: string): TenantBootstrapSeedTable | undefined;
1094
+ declare function isTenantBootstrapSeedTable(table: string): boolean;
1095
+ declare function isTenantBootstrapForbiddenSeedTable(table: string): boolean;
1096
+
1097
+ export { TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, type TenantBootstrapCopyMode, type TenantBootstrapForbiddenSeedTable, type TenantBootstrapPrepopulation, type TenantBootstrapSeedAuthMetadataField, type TenantBootstrapSeedComponent, type TenantBootstrapSeedScope, type TenantBootstrapSeedTable, type TenantBootstrapSeedTableName, type TenantBootstrapTableRequirement, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable };