@lucern/contracts 0.3.0-alpha.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/api-enums.contract.d.ts +5 -3
- package/dist/api-enums.contract.js +14 -12
- package/dist/api-enums.contract.js.map +1 -1
- package/dist/auth-context.contract.js +14 -2
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +14 -2
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.d.ts +1 -1
- package/dist/auth.contract.js +14 -2
- package/dist/auth.contract.js.map +1 -1
- package/dist/component-boundary.contract.d.ts +1 -1
- package/dist/component-boundary.contract.js +46 -26
- package/dist/component-boundary.contract.js.map +1 -1
- package/dist/component-host-boundary.contract.d.ts +10 -5
- package/dist/component-host-boundary.contract.js +10 -4
- package/dist/component-host-boundary.contract.js.map +1 -1
- package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
- package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
- package/dist/dsl.d.ts +2 -2
- package/dist/dsl.js.map +1 -1
- package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
- package/dist/function-registry/beliefs.d.ts +23 -10
- package/dist/function-registry/beliefs.js +467 -36
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +15 -6
- package/dist/function-registry/coding.js +531 -22
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +9 -3
- package/dist/function-registry/context.js +464 -21
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +9 -3
- package/dist/function-registry/contracts.js +464 -21
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +21 -9
- package/dist/function-registry/coordination.js +464 -21
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +167 -2
- package/dist/function-registry/edges.js +661 -52
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +19 -8
- package/dist/function-registry/evidence.js +473 -40
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +33 -15
- package/dist/function-registry/graph.js +464 -21
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +6 -3
- package/dist/function-registry/helpers.js +465 -22
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +62 -16
- package/dist/function-registry/identity.js +487 -27
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +4 -2
- package/dist/function-registry/index.js +468 -22
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +7 -2
- package/dist/function-registry/judgments.js +464 -21
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +5 -1
- package/dist/function-registry/legacy.js +464 -21
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +11 -4
- package/dist/function-registry/lenses.js +464 -21
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +4 -4
- package/dist/function-registry/manifest.js +16 -1
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +412 -0
- package/dist/function-registry/nodes.js +5354 -0
- package/dist/function-registry/nodes.js.map +1 -0
- package/dist/function-registry/ontologies.d.ts +25 -11
- package/dist/function-registry/ontologies.js +464 -21
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +9 -3
- package/dist/function-registry/pipeline.js +464 -21
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +27 -12
- package/dist/function-registry/questions.js +466 -26
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +11 -4
- package/dist/function-registry/tasks.js +497 -30
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +93 -5
- package/dist/function-registry/topics.js +534 -24
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +7 -3
- package/dist/function-registry/worktrees.d.ts +25 -11
- package/dist/function-registry/worktrees.js +480 -21
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +4 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.d.ts +3 -3
- package/dist/generated/convexSchemas.js +37 -17
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
- package/dist/generated/infisicalRuntimeEnv.js +27585 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
- package/dist/generated/lucernGatewayEnv.d.ts +17 -0
- package/dist/generated/lucernGatewayEnv.js +38 -0
- package/dist/generated/lucernGatewayEnv.js.map +1 -0
- package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
- package/dist/generated/lucernWebPublicEnv.js +32 -0
- package/dist/generated/lucernWebPublicEnv.js.map +1 -0
- package/dist/generated/lucernWebServerEnv.d.ts +33 -0
- package/dist/generated/lucernWebServerEnv.js +51 -0
- package/dist/generated/lucernWebServerEnv.js.map +1 -0
- package/dist/generated/schema-manifest.json +1221 -114
- package/dist/generated/tableOwnership.d.ts +48 -28
- package/dist/generated/tableOwnership.js +66 -26
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +64 -9
- package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
- package/dist/index.d.ts +12 -7
- package/dist/index.js +32892 -459
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +1763 -6
- package/dist/infisical-runtime.contract.js +2994 -15
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/edge-policy-manifest.d.ts +1 -1
- package/dist/manifests/edge-policy-manifest.data.d.ts +6 -20
- package/dist/manifests/edge-policy-manifest.data.js +18 -26
- package/dist/manifests/edge-policy-manifest.data.js.map +1 -1
- package/dist/manifests/edge-policy-manifest.js +31 -4
- package/dist/manifests/edge-policy-manifest.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
- package/dist/manifests/infisical-runtime-manifest.js +2847 -12
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +19 -14
- package/dist/manifests/tenant-client-manifest.js +29 -12
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
- package/dist/mcp-gateway-boundary.contract.js +2 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -1
- package/dist/permit-principal-projection.contract.d.ts +74 -0
- package/dist/permit-principal-projection.contract.js +167 -0
- package/dist/permit-principal-projection.contract.js.map +1 -0
- package/dist/projections/check-convex-args-shape.js +10 -6
- package/dist/projections/check-convex-args-shape.js.map +1 -1
- package/dist/projections/create-evidence.projection.d.ts +6 -6
- package/dist/projections/create-evidence.projection.js +2 -3
- package/dist/projections/create-evidence.projection.js.map +1 -1
- package/dist/projections/index.d.ts +3 -3
- package/dist/projections/index.js +10 -6
- package/dist/projections/index.js.map +1 -1
- package/dist/projections/list-tasks.projection.d.ts +20 -8
- package/dist/projections/list-tasks.projection.js +8 -3
- package/dist/projections/list-tasks.projection.js.map +1 -1
- package/dist/proof-attestation.json +45 -0
- package/dist/schemas/component-table-manifest.d.ts +6 -6
- package/dist/schemas/component-table-manifest.js +2 -2
- package/dist/schemas/component-table-manifest.js.map +1 -1
- package/dist/schemas/index.d.ts +2 -2
- package/dist/schemas/index.js +1123 -137
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +2102 -132
- package/dist/schemas/manifest.js +1121 -135
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
- package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
- package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
- package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
- package/dist/schemas/tables/controlPlane/model.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
- package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
- package/dist/schemas/tables/controlPlane/project.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
- package/dist/schemas/tables/controlPlane/user.js.map +1 -0
- package/dist/schemas/tables/kernel/config.d.ts +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/events.d.ts +21 -0
- package/dist/schemas/tables/kernel/events.js +43 -0
- package/dist/schemas/tables/kernel/events.js.map +1 -0
- package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.d.ts +1 -1
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +1 -1
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.d.ts +1 -1
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +2 -1
- package/dist/schemas/tables/kernel/spine.js +1 -0
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +1 -1
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js +1 -0
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +19 -2
- package/dist/schemas/tables/mc/identity.js +32 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +1 -1
- package/dist/schemas/tables/mc/pack.js.map +1 -1
- package/dist/schemas/tables/mc/policy.d.ts +2 -2
- package/dist/schemas/tables/mc/policy.js +1 -1
- package/dist/schemas/tables/mc/policy.js.map +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +1 -1
- package/dist/schemas/tables/mc/registry.js.map +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +109 -3
- package/dist/schemas/tables/mc/runtime.js +330 -104
- package/dist/schemas/tables/mc/runtime.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +4 -2
- package/dist/schemas/tables/mc/tenant.js +3 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +22 -5
- package/dist/schemas/tables/mc/workspace.js +34 -2
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +417 -13
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
- package/dist/tenant-bootstrap-seed.contract.js +139 -28
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
- package/dist/tenant-bootstrap-seed.defaults.js +31 -13
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
- package/dist/tenant-client.contract.d.ts +20 -15
- package/dist/tenant-client.contract.js +29 -12
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +418 -14
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +22 -1
- package/dist/edge-policy-manifest-Byv6cQPP.d.ts +0 -132
- package/dist/schemas/tables/identity/agent.js.map +0 -1
- package/dist/schemas/tables/identity/epistemic.js.map +0 -1
- package/dist/schemas/tables/identity/model.js.map +0 -1
- package/dist/schemas/tables/identity/platform.js.map +0 -1
- package/dist/schemas/tables/identity/project.js.map +0 -1
- package/dist/schemas/tables/identity/user.js.map +0 -1
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Tenant bootstrap seed contract.
|
|
3
3
|
*
|
|
4
|
-
* Fresh tenant deployments install the Lucern kernel and
|
|
4
|
+
* Fresh tenant deployments install the Lucern kernel and control-plane components
|
|
5
5
|
* from npm, then copy canonical template rows for non-secret runtime defaults.
|
|
6
|
-
* This contract is intentionally exhaustive for the K/
|
|
6
|
+
* This contract is intentionally exhaustive for the K/CP tables: it separates
|
|
7
7
|
* rows that must be carried by the template deployments from rows that are
|
|
8
8
|
* runtime data, runtime credentials, logs, queues, or derived caches.
|
|
9
9
|
*/
|
|
@@ -14,16 +14,20 @@ declare const TENANT_BOOTSTRAP_SEED_COMPONENTS: {
|
|
|
14
14
|
readonly kernel: {
|
|
15
15
|
readonly componentName: "lucern";
|
|
16
16
|
readonly migrationModule: "adapters/migration";
|
|
17
|
+
readonly templateMigrationModule: "dist/adapters/migration";
|
|
18
|
+
readonly tenantMigrationModule: "adapters/migration";
|
|
17
19
|
readonly templateService: "services/kernel-template";
|
|
18
20
|
readonly templateDeployments: {
|
|
19
21
|
readonly staging: "kindly-goldfish-162";
|
|
20
22
|
readonly prod: "cool-badger-368";
|
|
21
23
|
};
|
|
22
24
|
};
|
|
23
|
-
readonly
|
|
24
|
-
readonly componentName: "
|
|
25
|
+
readonly "control-plane": {
|
|
26
|
+
readonly componentName: "controlPlane";
|
|
25
27
|
readonly migrationModule: "migration";
|
|
26
|
-
readonly
|
|
28
|
+
readonly templateMigrationModule: "dist/migration";
|
|
29
|
+
readonly tenantMigrationModule: "migration";
|
|
30
|
+
readonly templateService: "services/control-plane-template";
|
|
27
31
|
readonly templateDeployments: {
|
|
28
32
|
readonly staging: "industrious-cheetah-864";
|
|
29
33
|
readonly prod: "combative-beagle-879";
|
|
@@ -177,6 +181,12 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
177
181
|
readonly prepopulation: "runtime_data";
|
|
178
182
|
readonly copyMode: "none";
|
|
179
183
|
readonly description: "Deliberation sessions are created by tenant workflows.";
|
|
184
|
+
}, {
|
|
185
|
+
readonly component: "kernel";
|
|
186
|
+
readonly table: "domainEvents";
|
|
187
|
+
readonly prepopulation: "runtime_log";
|
|
188
|
+
readonly copyMode: "none";
|
|
189
|
+
readonly description: "Domain event rows are append-only runtime audit/exhaust data.";
|
|
180
190
|
}, {
|
|
181
191
|
readonly component: "kernel";
|
|
182
192
|
readonly table: "epistemicAudit";
|
|
@@ -392,13 +402,13 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
392
402
|
readonly copyMode: "none";
|
|
393
403
|
readonly description: "Worktrees are tenant/runtime planning data.";
|
|
394
404
|
}, {
|
|
395
|
-
readonly component: "
|
|
405
|
+
readonly component: "control-plane";
|
|
396
406
|
readonly table: "agents";
|
|
397
407
|
readonly prepopulation: "runtime_bootstrap";
|
|
398
408
|
readonly copyMode: "none";
|
|
399
409
|
readonly description: "Service agents are provisioned per tenant or service, not copied.";
|
|
400
410
|
}, {
|
|
401
|
-
readonly component: "
|
|
411
|
+
readonly component: "control-plane";
|
|
402
412
|
readonly table: "mcpWritePolicy";
|
|
403
413
|
readonly prepopulation: "required_template";
|
|
404
414
|
readonly copyMode: "template_global";
|
|
@@ -406,13 +416,13 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
406
416
|
readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
|
|
407
417
|
readonly description: "Global write policy defaults govern service and interactive MCP writes.";
|
|
408
418
|
}, {
|
|
409
|
-
readonly component: "
|
|
419
|
+
readonly component: "control-plane";
|
|
410
420
|
readonly table: "modelCallLogs";
|
|
411
421
|
readonly prepopulation: "runtime_log";
|
|
412
422
|
readonly copyMode: "none";
|
|
413
423
|
readonly description: "Model call logs are runtime telemetry.";
|
|
414
424
|
}, {
|
|
415
|
-
readonly component: "
|
|
425
|
+
readonly component: "control-plane";
|
|
416
426
|
readonly table: "modelFunctionSlots";
|
|
417
427
|
readonly prepopulation: "required_template";
|
|
418
428
|
readonly copyMode: "template_global";
|
|
@@ -420,7 +430,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
420
430
|
readonly uniqueKey: readonly ["slot"];
|
|
421
431
|
readonly description: "Function-to-model slots are required by model runtime resolution.";
|
|
422
432
|
}, {
|
|
423
|
-
readonly component: "
|
|
433
|
+
readonly component: "control-plane";
|
|
424
434
|
readonly table: "modelRegistry";
|
|
425
435
|
readonly prepopulation: "required_template";
|
|
426
436
|
readonly copyMode: "template_global";
|
|
@@ -428,7 +438,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
428
438
|
readonly uniqueKey: readonly ["key"];
|
|
429
439
|
readonly description: "Model catalog defaults are required by model runtime clients.";
|
|
430
440
|
}, {
|
|
431
|
-
readonly component: "
|
|
441
|
+
readonly component: "control-plane";
|
|
432
442
|
readonly table: "modelSlotConfigs";
|
|
433
443
|
readonly prepopulation: "required_template";
|
|
434
444
|
readonly copyMode: "template_global";
|
|
@@ -436,13 +446,91 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
436
446
|
readonly uniqueKey: readonly ["slot"];
|
|
437
447
|
readonly description: "Slot-level defaults are required before tenant overrides exist.";
|
|
438
448
|
}, {
|
|
439
|
-
readonly component: "
|
|
449
|
+
readonly component: "control-plane";
|
|
450
|
+
readonly table: "permitAccessReviewItems";
|
|
451
|
+
readonly prepopulation: "runtime_data";
|
|
452
|
+
readonly copyMode: "none";
|
|
453
|
+
readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
|
|
454
|
+
}, {
|
|
455
|
+
readonly component: "control-plane";
|
|
456
|
+
readonly table: "permitAccessReviews";
|
|
457
|
+
readonly prepopulation: "runtime_data";
|
|
458
|
+
readonly copyMode: "none";
|
|
459
|
+
readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
|
|
460
|
+
}, {
|
|
461
|
+
readonly component: "control-plane";
|
|
462
|
+
readonly table: "permitAttributeBindings";
|
|
463
|
+
readonly prepopulation: "runtime_data";
|
|
464
|
+
readonly copyMode: "none";
|
|
465
|
+
readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
|
|
466
|
+
}, {
|
|
467
|
+
readonly component: "control-plane";
|
|
468
|
+
readonly table: "permitGroups";
|
|
469
|
+
readonly prepopulation: "runtime_data";
|
|
470
|
+
readonly copyMode: "none";
|
|
471
|
+
readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
|
|
472
|
+
}, {
|
|
473
|
+
readonly component: "control-plane";
|
|
474
|
+
readonly table: "permitGroupMemberships";
|
|
475
|
+
readonly prepopulation: "runtime_data";
|
|
476
|
+
readonly copyMode: "none";
|
|
477
|
+
readonly description: "Permit group memberships are tenant-specific policy projection rows.";
|
|
478
|
+
}, {
|
|
479
|
+
readonly component: "control-plane";
|
|
480
|
+
readonly table: "permitPolicyBundles";
|
|
481
|
+
readonly prepopulation: "runtime_derived";
|
|
482
|
+
readonly copyMode: "none";
|
|
483
|
+
readonly description: "Permit policy bundles are derived from the Permit control plane.";
|
|
484
|
+
}, {
|
|
485
|
+
readonly component: "control-plane";
|
|
486
|
+
readonly table: "permitPolicyDecisionReceipts";
|
|
487
|
+
readonly prepopulation: "runtime_log";
|
|
488
|
+
readonly copyMode: "none";
|
|
489
|
+
readonly description: "Permit decision receipts are runtime authorization audit logs.";
|
|
490
|
+
}, {
|
|
491
|
+
readonly component: "control-plane";
|
|
492
|
+
readonly table: "permitPrincipalAliases";
|
|
493
|
+
readonly prepopulation: "runtime_data";
|
|
494
|
+
readonly copyMode: "none";
|
|
495
|
+
readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
|
|
496
|
+
}, {
|
|
497
|
+
readonly component: "control-plane";
|
|
498
|
+
readonly table: "permitPrincipals";
|
|
499
|
+
readonly prepopulation: "runtime_data";
|
|
500
|
+
readonly copyMode: "none";
|
|
501
|
+
readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
|
|
502
|
+
}, {
|
|
503
|
+
readonly component: "control-plane";
|
|
504
|
+
readonly table: "permitProjectionOutbox";
|
|
505
|
+
readonly prepopulation: "runtime_queue";
|
|
506
|
+
readonly copyMode: "none";
|
|
507
|
+
readonly description: "Permit projection outbox rows are runtime sync queue data.";
|
|
508
|
+
}, {
|
|
509
|
+
readonly component: "control-plane";
|
|
510
|
+
readonly table: "permitRelationshipTuples";
|
|
511
|
+
readonly prepopulation: "runtime_data";
|
|
512
|
+
readonly copyMode: "none";
|
|
513
|
+
readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
|
|
514
|
+
}, {
|
|
515
|
+
readonly component: "control-plane";
|
|
516
|
+
readonly table: "permitResourceInstances";
|
|
517
|
+
readonly prepopulation: "runtime_data";
|
|
518
|
+
readonly copyMode: "none";
|
|
519
|
+
readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
|
|
520
|
+
}, {
|
|
521
|
+
readonly component: "control-plane";
|
|
522
|
+
readonly table: "permitRoleAssignments";
|
|
523
|
+
readonly prepopulation: "runtime_data";
|
|
524
|
+
readonly copyMode: "none";
|
|
525
|
+
readonly description: "Permit role assignments are tenant-specific policy projection rows.";
|
|
526
|
+
}, {
|
|
527
|
+
readonly component: "control-plane";
|
|
440
528
|
readonly table: "platformAudienceGrants";
|
|
441
529
|
readonly prepopulation: "runtime_data";
|
|
442
530
|
readonly copyMode: "none";
|
|
443
531
|
readonly description: "Audience grants are principal/group-specific access rows.";
|
|
444
532
|
}, {
|
|
445
|
-
readonly component: "
|
|
533
|
+
readonly component: "control-plane";
|
|
446
534
|
readonly table: "platformAudiences";
|
|
447
535
|
readonly prepopulation: "required_template";
|
|
448
536
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -450,31 +538,31 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
450
538
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
|
|
451
539
|
readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
|
|
452
540
|
}, {
|
|
453
|
-
readonly component: "
|
|
541
|
+
readonly component: "control-plane";
|
|
454
542
|
readonly table: "platformPolicyDecisionLogs";
|
|
455
543
|
readonly prepopulation: "runtime_log";
|
|
456
544
|
readonly copyMode: "none";
|
|
457
545
|
readonly description: "Policy decisions are runtime audit logs.";
|
|
458
546
|
}, {
|
|
459
|
-
readonly component: "
|
|
547
|
+
readonly component: "control-plane";
|
|
460
548
|
readonly table: "projectGrants";
|
|
461
549
|
readonly prepopulation: "runtime_data";
|
|
462
550
|
readonly copyMode: "none";
|
|
463
551
|
readonly description: "Project/topic grants are principal or group-specific access rows.";
|
|
464
552
|
}, {
|
|
465
|
-
readonly component: "
|
|
553
|
+
readonly component: "control-plane";
|
|
466
554
|
readonly table: "reasoningPermissions";
|
|
467
555
|
readonly prepopulation: "runtime_data";
|
|
468
556
|
readonly copyMode: "none";
|
|
469
557
|
readonly description: "Reasoning permissions are principal-specific policy rows.";
|
|
470
558
|
}, {
|
|
471
|
-
readonly component: "
|
|
559
|
+
readonly component: "control-plane";
|
|
472
560
|
readonly table: "tenantApiKeys";
|
|
473
561
|
readonly prepopulation: "runtime_secret";
|
|
474
562
|
readonly copyMode: "none";
|
|
475
563
|
readonly description: "API keys are tenant credentials and must never be copied.";
|
|
476
564
|
}, {
|
|
477
|
-
readonly component: "
|
|
565
|
+
readonly component: "control-plane";
|
|
478
566
|
readonly table: "tenantConfig";
|
|
479
567
|
readonly prepopulation: "required_template";
|
|
480
568
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -482,7 +570,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
482
570
|
readonly uniqueKey: readonly ["tenantId"];
|
|
483
571
|
readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
|
|
484
572
|
}, {
|
|
485
|
-
readonly component: "
|
|
573
|
+
readonly component: "control-plane";
|
|
486
574
|
readonly table: "tenantIntegrations";
|
|
487
575
|
readonly prepopulation: "required_template";
|
|
488
576
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -490,13 +578,19 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
490
578
|
readonly uniqueKey: readonly ["tenantId", "integrationKey"];
|
|
491
579
|
readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
|
|
492
580
|
}, {
|
|
493
|
-
readonly component: "
|
|
581
|
+
readonly component: "control-plane";
|
|
494
582
|
readonly table: "tenantModelSlotBindings";
|
|
495
583
|
readonly prepopulation: "runtime_secret";
|
|
496
584
|
readonly copyMode: "none";
|
|
497
585
|
readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
|
|
498
586
|
}, {
|
|
499
|
-
readonly component: "
|
|
587
|
+
readonly component: "control-plane";
|
|
588
|
+
readonly table: "tenantPermitSyncStates";
|
|
589
|
+
readonly prepopulation: "runtime_derived";
|
|
590
|
+
readonly copyMode: "none";
|
|
591
|
+
readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
|
|
592
|
+
}, {
|
|
593
|
+
readonly component: "control-plane";
|
|
500
594
|
readonly table: "tenantPolicies";
|
|
501
595
|
readonly prepopulation: "required_template";
|
|
502
596
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -504,37 +598,37 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
504
598
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
|
|
505
599
|
readonly description: "Default tenant policy roles are rewritten during bootstrap.";
|
|
506
600
|
}, {
|
|
507
|
-
readonly component: "
|
|
601
|
+
readonly component: "control-plane";
|
|
508
602
|
readonly table: "tenantProviderSecrets";
|
|
509
603
|
readonly prepopulation: "runtime_secret";
|
|
510
604
|
readonly copyMode: "none";
|
|
511
605
|
readonly description: "Provider secrets are credentials and must never be copied.";
|
|
512
606
|
}, {
|
|
513
|
-
readonly component: "
|
|
607
|
+
readonly component: "control-plane";
|
|
514
608
|
readonly table: "tenantProxyGatewayUsage";
|
|
515
609
|
readonly prepopulation: "runtime_log";
|
|
516
610
|
readonly copyMode: "none";
|
|
517
611
|
readonly description: "Proxy gateway usage rows are runtime telemetry.";
|
|
518
612
|
}, {
|
|
519
|
-
readonly component: "
|
|
613
|
+
readonly component: "control-plane";
|
|
520
614
|
readonly table: "tenantProxyTokenMints";
|
|
521
615
|
readonly prepopulation: "runtime_secret";
|
|
522
616
|
readonly copyMode: "none";
|
|
523
617
|
readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
|
|
524
618
|
}, {
|
|
525
|
-
readonly component: "
|
|
619
|
+
readonly component: "control-plane";
|
|
526
620
|
readonly table: "tenantSandboxAuditEvents";
|
|
527
621
|
readonly prepopulation: "runtime_log";
|
|
528
622
|
readonly copyMode: "none";
|
|
529
623
|
readonly description: "Sandbox audit rows are runtime security logs.";
|
|
530
624
|
}, {
|
|
531
|
-
readonly component: "
|
|
625
|
+
readonly component: "control-plane";
|
|
532
626
|
readonly table: "tenantSecrets";
|
|
533
627
|
readonly prepopulation: "runtime_secret";
|
|
534
628
|
readonly copyMode: "none";
|
|
535
629
|
readonly description: "Tenant secrets are credentials and must never be copied.";
|
|
536
630
|
}, {
|
|
537
|
-
readonly component: "
|
|
631
|
+
readonly component: "control-plane";
|
|
538
632
|
readonly table: "toolAcls";
|
|
539
633
|
readonly prepopulation: "required_template";
|
|
540
634
|
readonly copyMode: "template_global";
|
|
@@ -542,7 +636,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
542
636
|
readonly uniqueKey: readonly ["role", "toolName"];
|
|
543
637
|
readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
|
|
544
638
|
}, {
|
|
545
|
-
readonly component: "
|
|
639
|
+
readonly component: "control-plane";
|
|
546
640
|
readonly table: "toolRegistry";
|
|
547
641
|
readonly prepopulation: "required_template";
|
|
548
642
|
readonly copyMode: "template_global";
|
|
@@ -550,7 +644,7 @@ declare const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS: readonly [{
|
|
|
550
644
|
readonly uniqueKey: readonly ["toolName"];
|
|
551
645
|
readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
|
|
552
646
|
}, {
|
|
553
|
-
readonly component: "
|
|
647
|
+
readonly component: "control-plane";
|
|
554
648
|
readonly table: "users";
|
|
555
649
|
readonly prepopulation: "runtime_bootstrap";
|
|
556
650
|
readonly copyMode: "none";
|
|
@@ -567,16 +661,20 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
567
661
|
readonly kernel: {
|
|
568
662
|
readonly componentName: "lucern";
|
|
569
663
|
readonly migrationModule: "adapters/migration";
|
|
664
|
+
readonly templateMigrationModule: "dist/adapters/migration";
|
|
665
|
+
readonly tenantMigrationModule: "adapters/migration";
|
|
570
666
|
readonly templateService: "services/kernel-template";
|
|
571
667
|
readonly templateDeployments: {
|
|
572
668
|
readonly staging: "kindly-goldfish-162";
|
|
573
669
|
readonly prod: "cool-badger-368";
|
|
574
670
|
};
|
|
575
671
|
};
|
|
576
|
-
readonly
|
|
577
|
-
readonly componentName: "
|
|
672
|
+
readonly "control-plane": {
|
|
673
|
+
readonly componentName: "controlPlane";
|
|
578
674
|
readonly migrationModule: "migration";
|
|
579
|
-
readonly
|
|
675
|
+
readonly templateMigrationModule: "dist/migration";
|
|
676
|
+
readonly tenantMigrationModule: "migration";
|
|
677
|
+
readonly templateService: "services/control-plane-template";
|
|
580
678
|
readonly templateDeployments: {
|
|
581
679
|
readonly staging: "industrious-cheetah-864";
|
|
582
680
|
readonly prod: "combative-beagle-879";
|
|
@@ -711,6 +809,12 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
711
809
|
readonly prepopulation: "runtime_data";
|
|
712
810
|
readonly copyMode: "none";
|
|
713
811
|
readonly description: "Deliberation sessions are created by tenant workflows.";
|
|
812
|
+
}, {
|
|
813
|
+
readonly component: "kernel";
|
|
814
|
+
readonly table: "domainEvents";
|
|
815
|
+
readonly prepopulation: "runtime_log";
|
|
816
|
+
readonly copyMode: "none";
|
|
817
|
+
readonly description: "Domain event rows are append-only runtime audit/exhaust data.";
|
|
714
818
|
}, {
|
|
715
819
|
readonly component: "kernel";
|
|
716
820
|
readonly table: "epistemicAudit";
|
|
@@ -926,13 +1030,13 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
926
1030
|
readonly copyMode: "none";
|
|
927
1031
|
readonly description: "Worktrees are tenant/runtime planning data.";
|
|
928
1032
|
}, {
|
|
929
|
-
readonly component: "
|
|
1033
|
+
readonly component: "control-plane";
|
|
930
1034
|
readonly table: "agents";
|
|
931
1035
|
readonly prepopulation: "runtime_bootstrap";
|
|
932
1036
|
readonly copyMode: "none";
|
|
933
1037
|
readonly description: "Service agents are provisioned per tenant or service, not copied.";
|
|
934
1038
|
}, {
|
|
935
|
-
readonly component: "
|
|
1039
|
+
readonly component: "control-plane";
|
|
936
1040
|
readonly table: "mcpWritePolicy";
|
|
937
1041
|
readonly prepopulation: "required_template";
|
|
938
1042
|
readonly copyMode: "template_global";
|
|
@@ -940,13 +1044,13 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
940
1044
|
readonly uniqueKey: readonly ["topicId", "role", "toolCategory"];
|
|
941
1045
|
readonly description: "Global write policy defaults govern service and interactive MCP writes.";
|
|
942
1046
|
}, {
|
|
943
|
-
readonly component: "
|
|
1047
|
+
readonly component: "control-plane";
|
|
944
1048
|
readonly table: "modelCallLogs";
|
|
945
1049
|
readonly prepopulation: "runtime_log";
|
|
946
1050
|
readonly copyMode: "none";
|
|
947
1051
|
readonly description: "Model call logs are runtime telemetry.";
|
|
948
1052
|
}, {
|
|
949
|
-
readonly component: "
|
|
1053
|
+
readonly component: "control-plane";
|
|
950
1054
|
readonly table: "modelFunctionSlots";
|
|
951
1055
|
readonly prepopulation: "required_template";
|
|
952
1056
|
readonly copyMode: "template_global";
|
|
@@ -954,7 +1058,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
954
1058
|
readonly uniqueKey: readonly ["slot"];
|
|
955
1059
|
readonly description: "Function-to-model slots are required by model runtime resolution.";
|
|
956
1060
|
}, {
|
|
957
|
-
readonly component: "
|
|
1061
|
+
readonly component: "control-plane";
|
|
958
1062
|
readonly table: "modelRegistry";
|
|
959
1063
|
readonly prepopulation: "required_template";
|
|
960
1064
|
readonly copyMode: "template_global";
|
|
@@ -962,7 +1066,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
962
1066
|
readonly uniqueKey: readonly ["key"];
|
|
963
1067
|
readonly description: "Model catalog defaults are required by model runtime clients.";
|
|
964
1068
|
}, {
|
|
965
|
-
readonly component: "
|
|
1069
|
+
readonly component: "control-plane";
|
|
966
1070
|
readonly table: "modelSlotConfigs";
|
|
967
1071
|
readonly prepopulation: "required_template";
|
|
968
1072
|
readonly copyMode: "template_global";
|
|
@@ -970,13 +1074,91 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
970
1074
|
readonly uniqueKey: readonly ["slot"];
|
|
971
1075
|
readonly description: "Slot-level defaults are required before tenant overrides exist.";
|
|
972
1076
|
}, {
|
|
973
|
-
readonly component: "
|
|
1077
|
+
readonly component: "control-plane";
|
|
1078
|
+
readonly table: "permitAccessReviewItems";
|
|
1079
|
+
readonly prepopulation: "runtime_data";
|
|
1080
|
+
readonly copyMode: "none";
|
|
1081
|
+
readonly description: "Permit access-review item rows are tenant review data projected from Permit.";
|
|
1082
|
+
}, {
|
|
1083
|
+
readonly component: "control-plane";
|
|
1084
|
+
readonly table: "permitAccessReviews";
|
|
1085
|
+
readonly prepopulation: "runtime_data";
|
|
1086
|
+
readonly copyMode: "none";
|
|
1087
|
+
readonly description: "Permit access-review campaigns are tenant review data projected from Permit.";
|
|
1088
|
+
}, {
|
|
1089
|
+
readonly component: "control-plane";
|
|
1090
|
+
readonly table: "permitAttributeBindings";
|
|
1091
|
+
readonly prepopulation: "runtime_data";
|
|
1092
|
+
readonly copyMode: "none";
|
|
1093
|
+
readonly description: "Permit ABAC attribute bindings are tenant policy projection rows.";
|
|
1094
|
+
}, {
|
|
1095
|
+
readonly component: "control-plane";
|
|
1096
|
+
readonly table: "permitGroups";
|
|
1097
|
+
readonly prepopulation: "runtime_data";
|
|
1098
|
+
readonly copyMode: "none";
|
|
1099
|
+
readonly description: "Permit groups are tenant-defined policy subjects, not template data.";
|
|
1100
|
+
}, {
|
|
1101
|
+
readonly component: "control-plane";
|
|
1102
|
+
readonly table: "permitGroupMemberships";
|
|
1103
|
+
readonly prepopulation: "runtime_data";
|
|
1104
|
+
readonly copyMode: "none";
|
|
1105
|
+
readonly description: "Permit group memberships are tenant-specific policy projection rows.";
|
|
1106
|
+
}, {
|
|
1107
|
+
readonly component: "control-plane";
|
|
1108
|
+
readonly table: "permitPolicyBundles";
|
|
1109
|
+
readonly prepopulation: "runtime_derived";
|
|
1110
|
+
readonly copyMode: "none";
|
|
1111
|
+
readonly description: "Permit policy bundles are derived from the Permit control plane.";
|
|
1112
|
+
}, {
|
|
1113
|
+
readonly component: "control-plane";
|
|
1114
|
+
readonly table: "permitPolicyDecisionReceipts";
|
|
1115
|
+
readonly prepopulation: "runtime_log";
|
|
1116
|
+
readonly copyMode: "none";
|
|
1117
|
+
readonly description: "Permit decision receipts are runtime authorization audit logs.";
|
|
1118
|
+
}, {
|
|
1119
|
+
readonly component: "control-plane";
|
|
1120
|
+
readonly table: "permitPrincipalAliases";
|
|
1121
|
+
readonly prepopulation: "runtime_data";
|
|
1122
|
+
readonly copyMode: "none";
|
|
1123
|
+
readonly description: "Permit principal aliases are tenant-specific identity projection rows.";
|
|
1124
|
+
}, {
|
|
1125
|
+
readonly component: "control-plane";
|
|
1126
|
+
readonly table: "permitPrincipals";
|
|
1127
|
+
readonly prepopulation: "runtime_data";
|
|
1128
|
+
readonly copyMode: "none";
|
|
1129
|
+
readonly description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows.";
|
|
1130
|
+
}, {
|
|
1131
|
+
readonly component: "control-plane";
|
|
1132
|
+
readonly table: "permitProjectionOutbox";
|
|
1133
|
+
readonly prepopulation: "runtime_queue";
|
|
1134
|
+
readonly copyMode: "none";
|
|
1135
|
+
readonly description: "Permit projection outbox rows are runtime sync queue data.";
|
|
1136
|
+
}, {
|
|
1137
|
+
readonly component: "control-plane";
|
|
1138
|
+
readonly table: "permitRelationshipTuples";
|
|
1139
|
+
readonly prepopulation: "runtime_data";
|
|
1140
|
+
readonly copyMode: "none";
|
|
1141
|
+
readonly description: "Permit ReBAC relationship tuples are tenant policy projection rows.";
|
|
1142
|
+
}, {
|
|
1143
|
+
readonly component: "control-plane";
|
|
1144
|
+
readonly table: "permitResourceInstances";
|
|
1145
|
+
readonly prepopulation: "runtime_data";
|
|
1146
|
+
readonly copyMode: "none";
|
|
1147
|
+
readonly description: "Permit resource instances are tenant/workspace graph and deployment projection rows.";
|
|
1148
|
+
}, {
|
|
1149
|
+
readonly component: "control-plane";
|
|
1150
|
+
readonly table: "permitRoleAssignments";
|
|
1151
|
+
readonly prepopulation: "runtime_data";
|
|
1152
|
+
readonly copyMode: "none";
|
|
1153
|
+
readonly description: "Permit role assignments are tenant-specific policy projection rows.";
|
|
1154
|
+
}, {
|
|
1155
|
+
readonly component: "control-plane";
|
|
974
1156
|
readonly table: "platformAudienceGrants";
|
|
975
1157
|
readonly prepopulation: "runtime_data";
|
|
976
1158
|
readonly copyMode: "none";
|
|
977
1159
|
readonly description: "Audience grants are principal/group-specific access rows.";
|
|
978
1160
|
}, {
|
|
979
|
-
readonly component: "
|
|
1161
|
+
readonly component: "control-plane";
|
|
980
1162
|
readonly table: "platformAudiences";
|
|
981
1163
|
readonly prepopulation: "required_template";
|
|
982
1164
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -984,31 +1166,31 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
984
1166
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "audienceKey"];
|
|
985
1167
|
readonly description: "Default tenant audience taxonomy rows are rewritten into each tenant.";
|
|
986
1168
|
}, {
|
|
987
|
-
readonly component: "
|
|
1169
|
+
readonly component: "control-plane";
|
|
988
1170
|
readonly table: "platformPolicyDecisionLogs";
|
|
989
1171
|
readonly prepopulation: "runtime_log";
|
|
990
1172
|
readonly copyMode: "none";
|
|
991
1173
|
readonly description: "Policy decisions are runtime audit logs.";
|
|
992
1174
|
}, {
|
|
993
|
-
readonly component: "
|
|
1175
|
+
readonly component: "control-plane";
|
|
994
1176
|
readonly table: "projectGrants";
|
|
995
1177
|
readonly prepopulation: "runtime_data";
|
|
996
1178
|
readonly copyMode: "none";
|
|
997
1179
|
readonly description: "Project/topic grants are principal or group-specific access rows.";
|
|
998
1180
|
}, {
|
|
999
|
-
readonly component: "
|
|
1181
|
+
readonly component: "control-plane";
|
|
1000
1182
|
readonly table: "reasoningPermissions";
|
|
1001
1183
|
readonly prepopulation: "runtime_data";
|
|
1002
1184
|
readonly copyMode: "none";
|
|
1003
1185
|
readonly description: "Reasoning permissions are principal-specific policy rows.";
|
|
1004
1186
|
}, {
|
|
1005
|
-
readonly component: "
|
|
1187
|
+
readonly component: "control-plane";
|
|
1006
1188
|
readonly table: "tenantApiKeys";
|
|
1007
1189
|
readonly prepopulation: "runtime_secret";
|
|
1008
1190
|
readonly copyMode: "none";
|
|
1009
1191
|
readonly description: "API keys are tenant credentials and must never be copied.";
|
|
1010
1192
|
}, {
|
|
1011
|
-
readonly component: "
|
|
1193
|
+
readonly component: "control-plane";
|
|
1012
1194
|
readonly table: "tenantConfig";
|
|
1013
1195
|
readonly prepopulation: "required_template";
|
|
1014
1196
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1016,7 +1198,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1016
1198
|
readonly uniqueKey: readonly ["tenantId"];
|
|
1017
1199
|
readonly description: "Tenant-local config defaults are rewritten during bootstrap.";
|
|
1018
1200
|
}, {
|
|
1019
|
-
readonly component: "
|
|
1201
|
+
readonly component: "control-plane";
|
|
1020
1202
|
readonly table: "tenantIntegrations";
|
|
1021
1203
|
readonly prepopulation: "required_template";
|
|
1022
1204
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1024,13 +1206,19 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1024
1206
|
readonly uniqueKey: readonly ["tenantId", "integrationKey"];
|
|
1025
1207
|
readonly description: "Non-secret integration descriptors are rewritten into each tenant.";
|
|
1026
1208
|
}, {
|
|
1027
|
-
readonly component: "
|
|
1209
|
+
readonly component: "control-plane";
|
|
1028
1210
|
readonly table: "tenantModelSlotBindings";
|
|
1029
1211
|
readonly prepopulation: "runtime_secret";
|
|
1030
1212
|
readonly copyMode: "none";
|
|
1031
1213
|
readonly description: "Tenant model slot bindings reference provider secrets and are runtime-only.";
|
|
1032
1214
|
}, {
|
|
1033
|
-
readonly component: "
|
|
1215
|
+
readonly component: "control-plane";
|
|
1216
|
+
readonly table: "tenantPermitSyncStates";
|
|
1217
|
+
readonly prepopulation: "runtime_derived";
|
|
1218
|
+
readonly copyMode: "none";
|
|
1219
|
+
readonly description: "Tenant Permit sync state rows are runtime reconciliation state.";
|
|
1220
|
+
}, {
|
|
1221
|
+
readonly component: "control-plane";
|
|
1034
1222
|
readonly table: "tenantPolicies";
|
|
1035
1223
|
readonly prepopulation: "required_template";
|
|
1036
1224
|
readonly copyMode: "template_tenant_rewrite";
|
|
@@ -1038,37 +1226,37 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1038
1226
|
readonly uniqueKey: readonly ["tenantId", "workspaceId", "roleName"];
|
|
1039
1227
|
readonly description: "Default tenant policy roles are rewritten during bootstrap.";
|
|
1040
1228
|
}, {
|
|
1041
|
-
readonly component: "
|
|
1229
|
+
readonly component: "control-plane";
|
|
1042
1230
|
readonly table: "tenantProviderSecrets";
|
|
1043
1231
|
readonly prepopulation: "runtime_secret";
|
|
1044
1232
|
readonly copyMode: "none";
|
|
1045
1233
|
readonly description: "Provider secrets are credentials and must never be copied.";
|
|
1046
1234
|
}, {
|
|
1047
|
-
readonly component: "
|
|
1235
|
+
readonly component: "control-plane";
|
|
1048
1236
|
readonly table: "tenantProxyGatewayUsage";
|
|
1049
1237
|
readonly prepopulation: "runtime_log";
|
|
1050
1238
|
readonly copyMode: "none";
|
|
1051
1239
|
readonly description: "Proxy gateway usage rows are runtime telemetry.";
|
|
1052
1240
|
}, {
|
|
1053
|
-
readonly component: "
|
|
1241
|
+
readonly component: "control-plane";
|
|
1054
1242
|
readonly table: "tenantProxyTokenMints";
|
|
1055
1243
|
readonly prepopulation: "runtime_secret";
|
|
1056
1244
|
readonly copyMode: "none";
|
|
1057
1245
|
readonly description: "Proxy token mints are ephemeral secret-bearing runtime rows.";
|
|
1058
1246
|
}, {
|
|
1059
|
-
readonly component: "
|
|
1247
|
+
readonly component: "control-plane";
|
|
1060
1248
|
readonly table: "tenantSandboxAuditEvents";
|
|
1061
1249
|
readonly prepopulation: "runtime_log";
|
|
1062
1250
|
readonly copyMode: "none";
|
|
1063
1251
|
readonly description: "Sandbox audit rows are runtime security logs.";
|
|
1064
1252
|
}, {
|
|
1065
|
-
readonly component: "
|
|
1253
|
+
readonly component: "control-plane";
|
|
1066
1254
|
readonly table: "tenantSecrets";
|
|
1067
1255
|
readonly prepopulation: "runtime_secret";
|
|
1068
1256
|
readonly copyMode: "none";
|
|
1069
1257
|
readonly description: "Tenant secrets are credentials and must never be copied.";
|
|
1070
1258
|
}, {
|
|
1071
|
-
readonly component: "
|
|
1259
|
+
readonly component: "control-plane";
|
|
1072
1260
|
readonly table: "toolAcls";
|
|
1073
1261
|
readonly prepopulation: "required_template";
|
|
1074
1262
|
readonly copyMode: "template_global";
|
|
@@ -1076,7 +1264,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1076
1264
|
readonly uniqueKey: readonly ["role", "toolName"];
|
|
1077
1265
|
readonly description: "Default role-to-tool grants are required for SDK/MCP tool access.";
|
|
1078
1266
|
}, {
|
|
1079
|
-
readonly component: "
|
|
1267
|
+
readonly component: "control-plane";
|
|
1080
1268
|
readonly table: "toolRegistry";
|
|
1081
1269
|
readonly prepopulation: "required_template";
|
|
1082
1270
|
readonly copyMode: "template_global";
|
|
@@ -1084,7 +1272,7 @@ declare const TENANT_BOOTSTRAP_SEED_MANIFEST: {
|
|
|
1084
1272
|
readonly uniqueKey: readonly ["toolName"];
|
|
1085
1273
|
readonly description: "Core tool catalog rows are required before pack or tenant tools exist.";
|
|
1086
1274
|
}, {
|
|
1087
|
-
readonly component: "
|
|
1275
|
+
readonly component: "control-plane";
|
|
1088
1276
|
readonly table: "users";
|
|
1089
1277
|
readonly prepopulation: "runtime_bootstrap";
|
|
1090
1278
|
readonly copyMode: "none";
|