@lucern/contracts 0.3.0-alpha.8 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/api-enums.contract.d.ts +5 -3
  3. package/dist/api-enums.contract.js +14 -12
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +14 -2
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +14 -2
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +14 -2
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/component-boundary.contract.d.ts +1 -1
  13. package/dist/component-boundary.contract.js +46 -26
  14. package/dist/component-boundary.contract.js.map +1 -1
  15. package/dist/component-host-boundary.contract.d.ts +10 -5
  16. package/dist/component-host-boundary.contract.js +10 -4
  17. package/dist/component-host-boundary.contract.js.map +1 -1
  18. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  19. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  20. package/dist/dsl.d.ts +2 -2
  21. package/dist/dsl.js.map +1 -1
  22. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
  23. package/dist/function-registry/beliefs.d.ts +23 -10
  24. package/dist/function-registry/beliefs.js +467 -36
  25. package/dist/function-registry/beliefs.js.map +1 -1
  26. package/dist/function-registry/coding.d.ts +15 -6
  27. package/dist/function-registry/coding.js +531 -22
  28. package/dist/function-registry/coding.js.map +1 -1
  29. package/dist/function-registry/context.d.ts +9 -3
  30. package/dist/function-registry/context.js +464 -21
  31. package/dist/function-registry/context.js.map +1 -1
  32. package/dist/function-registry/contracts.d.ts +9 -3
  33. package/dist/function-registry/contracts.js +464 -21
  34. package/dist/function-registry/contracts.js.map +1 -1
  35. package/dist/function-registry/coordination.d.ts +21 -9
  36. package/dist/function-registry/coordination.js +464 -21
  37. package/dist/function-registry/coordination.js.map +1 -1
  38. package/dist/function-registry/edges.d.ts +167 -2
  39. package/dist/function-registry/edges.js +661 -52
  40. package/dist/function-registry/edges.js.map +1 -1
  41. package/dist/function-registry/evidence.d.ts +19 -8
  42. package/dist/function-registry/evidence.js +473 -40
  43. package/dist/function-registry/evidence.js.map +1 -1
  44. package/dist/function-registry/graph.d.ts +33 -15
  45. package/dist/function-registry/graph.js +464 -21
  46. package/dist/function-registry/graph.js.map +1 -1
  47. package/dist/function-registry/helpers.d.ts +6 -3
  48. package/dist/function-registry/helpers.js +465 -22
  49. package/dist/function-registry/helpers.js.map +1 -1
  50. package/dist/function-registry/identity.d.ts +62 -16
  51. package/dist/function-registry/identity.js +487 -27
  52. package/dist/function-registry/identity.js.map +1 -1
  53. package/dist/function-registry/index.d.ts +4 -2
  54. package/dist/function-registry/index.js +468 -22
  55. package/dist/function-registry/index.js.map +1 -1
  56. package/dist/function-registry/judgments.d.ts +7 -2
  57. package/dist/function-registry/judgments.js +464 -21
  58. package/dist/function-registry/judgments.js.map +1 -1
  59. package/dist/function-registry/legacy.d.ts +5 -1
  60. package/dist/function-registry/legacy.js +464 -21
  61. package/dist/function-registry/legacy.js.map +1 -1
  62. package/dist/function-registry/lenses.d.ts +11 -4
  63. package/dist/function-registry/lenses.js +464 -21
  64. package/dist/function-registry/lenses.js.map +1 -1
  65. package/dist/function-registry/manifest.d.ts +4 -4
  66. package/dist/function-registry/manifest.js +16 -1
  67. package/dist/function-registry/manifest.js.map +1 -1
  68. package/dist/function-registry/nodes.d.ts +412 -0
  69. package/dist/function-registry/nodes.js +5354 -0
  70. package/dist/function-registry/nodes.js.map +1 -0
  71. package/dist/function-registry/ontologies.d.ts +25 -11
  72. package/dist/function-registry/ontologies.js +464 -21
  73. package/dist/function-registry/ontologies.js.map +1 -1
  74. package/dist/function-registry/pipeline.d.ts +9 -3
  75. package/dist/function-registry/pipeline.js +464 -21
  76. package/dist/function-registry/pipeline.js.map +1 -1
  77. package/dist/function-registry/questions.d.ts +27 -12
  78. package/dist/function-registry/questions.js +466 -26
  79. package/dist/function-registry/questions.js.map +1 -1
  80. package/dist/function-registry/tasks.d.ts +11 -4
  81. package/dist/function-registry/tasks.js +497 -30
  82. package/dist/function-registry/tasks.js.map +1 -1
  83. package/dist/function-registry/topics.d.ts +93 -5
  84. package/dist/function-registry/topics.js +534 -24
  85. package/dist/function-registry/topics.js.map +1 -1
  86. package/dist/function-registry/types.d.ts +7 -3
  87. package/dist/function-registry/worktrees.d.ts +25 -11
  88. package/dist/function-registry/worktrees.js +480 -21
  89. package/dist/function-registry/worktrees.js.map +1 -1
  90. package/dist/gateway.contract.d.ts +4 -0
  91. package/dist/gateway.contract.js.map +1 -1
  92. package/dist/generated/convexSchemas.d.ts +3 -3
  93. package/dist/generated/convexSchemas.js +37 -17
  94. package/dist/generated/convexSchemas.js.map +1 -1
  95. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  96. package/dist/generated/infisicalRuntimeEnv.js +27585 -0
  97. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  98. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  99. package/dist/generated/lucernGatewayEnv.js +38 -0
  100. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  101. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  102. package/dist/generated/lucernWebPublicEnv.js +32 -0
  103. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  104. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  105. package/dist/generated/lucernWebServerEnv.js +51 -0
  106. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  107. package/dist/generated/schema-manifest.json +1221 -114
  108. package/dist/generated/tableOwnership.d.ts +48 -28
  109. package/dist/generated/tableOwnership.js +66 -26
  110. package/dist/generated/tableOwnership.js.map +1 -1
  111. package/dist/generated/tier-expectations.json +64 -9
  112. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  113. package/dist/index.d.ts +12 -7
  114. package/dist/index.js +32892 -459
  115. package/dist/index.js.map +1 -1
  116. package/dist/infisical-runtime.contract.d.ts +1763 -6
  117. package/dist/infisical-runtime.contract.js +2994 -15
  118. package/dist/infisical-runtime.contract.js.map +1 -1
  119. package/dist/manifests/edge-policy-manifest.d.ts +1 -1
  120. package/dist/manifests/edge-policy-manifest.data.d.ts +6 -20
  121. package/dist/manifests/edge-policy-manifest.data.js +18 -26
  122. package/dist/manifests/edge-policy-manifest.data.js.map +1 -1
  123. package/dist/manifests/edge-policy-manifest.js +31 -4
  124. package/dist/manifests/edge-policy-manifest.js.map +1 -1
  125. package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
  126. package/dist/manifests/infisical-runtime-manifest.js +2847 -12
  127. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  128. package/dist/manifests/tenant-client-manifest.d.ts +19 -14
  129. package/dist/manifests/tenant-client-manifest.js +29 -12
  130. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  131. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  132. package/dist/mcp-gateway-boundary.contract.js +2 -0
  133. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  134. package/dist/permit-principal-projection.contract.d.ts +74 -0
  135. package/dist/permit-principal-projection.contract.js +167 -0
  136. package/dist/permit-principal-projection.contract.js.map +1 -0
  137. package/dist/projections/check-convex-args-shape.js +10 -6
  138. package/dist/projections/check-convex-args-shape.js.map +1 -1
  139. package/dist/projections/create-evidence.projection.d.ts +6 -6
  140. package/dist/projections/create-evidence.projection.js +2 -3
  141. package/dist/projections/create-evidence.projection.js.map +1 -1
  142. package/dist/projections/index.d.ts +3 -3
  143. package/dist/projections/index.js +10 -6
  144. package/dist/projections/index.js.map +1 -1
  145. package/dist/projections/list-tasks.projection.d.ts +20 -8
  146. package/dist/projections/list-tasks.projection.js +8 -3
  147. package/dist/projections/list-tasks.projection.js.map +1 -1
  148. package/dist/proof-attestation.json +45 -0
  149. package/dist/schemas/component-table-manifest.d.ts +6 -6
  150. package/dist/schemas/component-table-manifest.js +2 -2
  151. package/dist/schemas/component-table-manifest.js.map +1 -1
  152. package/dist/schemas/index.d.ts +2 -2
  153. package/dist/schemas/index.js +1123 -137
  154. package/dist/schemas/index.js.map +1 -1
  155. package/dist/schemas/manifest.d.ts +2102 -132
  156. package/dist/schemas/manifest.js +1121 -135
  157. package/dist/schemas/manifest.js.map +1 -1
  158. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  159. package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
  160. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  161. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  162. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  163. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  164. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  165. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  166. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  167. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  168. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  169. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  170. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  171. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  172. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  173. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  174. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  175. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  176. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  177. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  178. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  179. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  180. package/dist/schemas/tables/kernel/config.js.map +1 -1
  181. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  182. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  183. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  184. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  185. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  187. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  189. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  190. package/dist/schemas/tables/kernel/events.js +43 -0
  191. package/dist/schemas/tables/kernel/events.js.map +1 -0
  192. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  193. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  194. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  195. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  196. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  197. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  198. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  199. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  200. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  201. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  202. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  203. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  204. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  205. package/dist/schemas/tables/kernel/spine.js +1 -0
  206. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  207. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  208. package/dist/schemas/tables/kernel/task.js.map +1 -1
  209. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  210. package/dist/schemas/tables/kernel/topic.js +1 -0
  211. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  212. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  213. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  214. package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
  215. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  216. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  217. package/dist/schemas/tables/mc/identity.js +32 -1
  218. package/dist/schemas/tables/mc/identity.js.map +1 -1
  219. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  220. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  221. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  222. package/dist/schemas/tables/mc/pack.js.map +1 -1
  223. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  224. package/dist/schemas/tables/mc/policy.js +1 -1
  225. package/dist/schemas/tables/mc/policy.js.map +1 -1
  226. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  227. package/dist/schemas/tables/mc/registry.js.map +1 -1
  228. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  229. package/dist/schemas/tables/mc/runtime.js +330 -104
  230. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  231. package/dist/schemas/tables/mc/tenant.d.ts +4 -2
  232. package/dist/schemas/tables/mc/tenant.js +3 -1
  233. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  234. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  235. package/dist/schemas/tables/mc/workspace.js +34 -2
  236. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  237. package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  238. package/dist/sdk-tools.contract.d.ts +2 -2
  239. package/dist/sdk-tools.contract.js +417 -13
  240. package/dist/sdk-tools.contract.js.map +1 -1
  241. package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
  242. package/dist/tenant-bootstrap-seed.contract.js +139 -28
  243. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  244. package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
  245. package/dist/tenant-bootstrap-seed.defaults.js +31 -13
  246. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  247. package/dist/tenant-client.contract.d.ts +20 -15
  248. package/dist/tenant-client.contract.js +29 -12
  249. package/dist/tenant-client.contract.js.map +1 -1
  250. package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
  251. package/dist/tool-contracts.d.ts +1 -1
  252. package/dist/tool-contracts.js +418 -14
  253. package/dist/tool-contracts.js.map +1 -1
  254. package/package.json +22 -1
  255. package/dist/edge-policy-manifest-Byv6cQPP.d.ts +0 -132
  256. package/dist/schemas/tables/identity/agent.js.map +0 -1
  257. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  258. package/dist/schemas/tables/identity/model.js.map +0 -1
  259. package/dist/schemas/tables/identity/platform.js.map +0 -1
  260. package/dist/schemas/tables/identity/project.js.map +0 -1
  261. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -203,7 +203,7 @@ var toolRegistryEntries = defineTable({
203
203
  });
204
204
  var agents = defineTable({
205
205
  name: "agents",
206
- component: "identity",
206
+ component: "control-plane",
207
207
  category: "agent",
208
208
  shape: z.object({
209
209
  "slug": z.string(),
@@ -234,6 +234,8 @@ var apiKeys = defineTable({
234
234
  category: "tenant",
235
235
  shape: z.object({
236
236
  "tenantId": idOf("tenants"),
237
+ "workspaceId": idOf("workspaces").optional(),
238
+ "environment": z.enum(["dev", "staging", "prod"]).optional(),
237
239
  "keyPrefix": z.enum(["luc", "stk"]),
238
240
  "keyHash": z.string(),
239
241
  "keyHint": z.string(),
@@ -261,7 +263,7 @@ var auditLog = defineTable({
261
263
  shape: z.object({
262
264
  "tenantId": idOf("tenants").optional(),
263
265
  "apiKeyId": idOf("apiKeys").optional(),
264
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
266
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
267
  "actorClerkId": z.string(),
266
268
  "details": z.any().optional(),
267
269
  "createdAt": z.number()
@@ -485,6 +487,35 @@ var systemLogs = defineTable({
485
487
  { kind: "index", name: "by_source", columns: ["source"] }
486
488
  ]
487
489
  });
490
+ var domainEvents = defineTable({
491
+ name: "domainEvents",
492
+ component: "kernel",
493
+ category: "events",
494
+ shape: z.object({
495
+ "eventId": z.string(),
496
+ "type": z.string(),
497
+ "version": z.string(),
498
+ "timestamp": z.number(),
499
+ "tenantId": z.string().optional(),
500
+ "workspaceId": z.string().optional(),
501
+ "topicId": z.string(),
502
+ "resourceId": z.string(),
503
+ "resourceType": z.string(),
504
+ "actorId": z.string(),
505
+ "actorType": z.enum(["human", "agent", "service"]),
506
+ "data": z.record(z.any()),
507
+ "correlationId": z.string().optional(),
508
+ "expiresAt": z.number()
509
+ }),
510
+ indices: [
511
+ { kind: "index", name: "by_eventId", columns: ["eventId"] },
512
+ { kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
513
+ { kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
514
+ { kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
515
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
516
+ { kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
517
+ ]
518
+ });
488
519
  var beliefConfidence = defineTable({
489
520
  name: "beliefConfidence",
490
521
  component: "kernel",
@@ -1140,29 +1171,37 @@ var compatibilityShims = defineTable({
1140
1171
  component: "mc",
1141
1172
  category: "runtime",
1142
1173
  shape: z.object({
1143
- "shimId": z.string(),
1144
- "gateId": z.string(),
1145
- "removalDate": z.string(),
1146
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1147
- "description": z.string(),
1148
- "owner": z.string(),
1149
- "createdAt": z.string(),
1150
- "status": z.enum(["active", "overdue", "removed"]),
1151
- "bridgeType": z.enum(["tool", "agent"]),
1152
- "bridgeTarget": z.object({
1153
- "type": z.enum(["tool", "agent"]),
1154
- "legacyPath": z.string(),
1155
- "harnessPath": z.string()
1174
+ shimId: z.string(),
1175
+ gateId: z.string(),
1176
+ removalDate: z.string(),
1177
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1178
+ description: z.string(),
1179
+ owner: z.string(),
1180
+ createdAt: z.string(),
1181
+ status: z.enum(["active", "overdue", "removed"]),
1182
+ bridgeType: z.enum(["tool", "agent"]),
1183
+ bridgeTarget: z.object({
1184
+ type: z.enum(["tool", "agent"]),
1185
+ legacyPath: z.string(),
1186
+ harnessPath: z.string()
1156
1187
  }),
1157
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1158
- "producesLedgerEntries": z.boolean(),
1159
- "lastAuditedAt": z.number(),
1160
- "metadata": z.record(z.any()).optional()
1188
+ shimBehavior: z.enum([
1189
+ "passthrough_with_logging",
1190
+ "adapter",
1191
+ "feature_flag_gate"
1192
+ ]),
1193
+ producesLedgerEntries: z.boolean(),
1194
+ lastAuditedAt: z.number(),
1195
+ metadata: z.record(z.any()).optional()
1161
1196
  }),
1162
1197
  indices: [
1163
1198
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1164
1199
  { kind: "index", name: "by_status", columns: ["status"] },
1165
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1200
+ {
1201
+ kind: "index",
1202
+ name: "by_bridgeType_status",
1203
+ columns: ["bridgeType", "status"]
1204
+ }
1166
1205
  ]
1167
1206
  });
1168
1207
  var cutoverFlags = defineTable({
@@ -1170,12 +1209,23 @@ var cutoverFlags = defineTable({
1170
1209
  component: "mc",
1171
1210
  category: "runtime",
1172
1211
  shape: z.object({
1173
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1174
- "state": z.enum(["legacy", "cutover", "disabled"]),
1175
- "metadata": z.record(z.any()).optional(),
1176
- "updatedBy": z.string(),
1177
- "createdAt": z.number(),
1178
- "updatedAt": z.number()
1212
+ domain: z.enum([
1213
+ "graph",
1214
+ "schema",
1215
+ "identity",
1216
+ "policy",
1217
+ "audit",
1218
+ "admin",
1219
+ "agent",
1220
+ "tool",
1221
+ "prompt",
1222
+ "intelligence"
1223
+ ]),
1224
+ state: z.enum(["legacy", "cutover", "disabled"]),
1225
+ metadata: z.record(z.any()).optional(),
1226
+ updatedBy: z.string(),
1227
+ createdAt: z.number(),
1228
+ updatedAt: z.number()
1179
1229
  }),
1180
1230
  indices: [
1181
1231
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1187,57 +1237,193 @@ var tenantDeploymentCredentials = defineTable({
1187
1237
  component: "mc",
1188
1238
  category: "runtime",
1189
1239
  shape: z.object({
1190
- "credentialRef": z.string(),
1191
- "tenantId": idOf("tenants"),
1192
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1193
- "environment": z.enum(["dev", "staging", "prod"]),
1194
- "encryptedDeployKey": z.string(),
1195
- "encryptionVersion": z.string(),
1196
- "keyFingerprint": z.string(),
1197
- "keyHint": z.string(),
1198
- "status": z.enum(["active", "revoked"]),
1199
- "rotatedFromCredentialRef": z.string().optional(),
1200
- "revokedAt": z.number().optional(),
1201
- "revokedBy": z.string().optional(),
1202
- "lastUsedAt": z.number().optional(),
1203
- "metadata": z.record(z.any()).optional(),
1204
- "createdBy": z.string(),
1205
- "createdAt": z.number(),
1206
- "updatedAt": z.number()
1240
+ credentialRef: z.string(),
1241
+ tenantId: idOf("tenants"),
1242
+ workspaceId: idOf("workspaces").optional(),
1243
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1244
+ environment: z.enum(["dev", "staging", "prod"]),
1245
+ encryptedDeployKey: z.string(),
1246
+ encryptionVersion: z.string(),
1247
+ keyFingerprint: z.string(),
1248
+ keyHint: z.string(),
1249
+ status: z.enum(["active", "revoked"]),
1250
+ rotatedFromCredentialRef: z.string().optional(),
1251
+ revokedAt: z.number().optional(),
1252
+ revokedBy: z.string().optional(),
1253
+ lastUsedAt: z.number().optional(),
1254
+ metadata: z.record(z.any()).optional(),
1255
+ createdBy: z.string(),
1256
+ createdAt: z.number(),
1257
+ updatedAt: z.number()
1207
1258
  }),
1208
1259
  indices: [
1209
1260
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1210
1261
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1211
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1212
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1213
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1262
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1263
+ {
1264
+ kind: "index",
1265
+ name: "by_tenant_target",
1266
+ columns: ["tenantId", "target"]
1267
+ },
1268
+ {
1269
+ kind: "index",
1270
+ name: "by_tenant_target_environment",
1271
+ columns: ["tenantId", "target", "environment"]
1272
+ },
1273
+ {
1274
+ kind: "index",
1275
+ name: "by_tenant_target_environment_status",
1276
+ columns: ["tenantId", "target", "environment", "status"]
1277
+ },
1278
+ {
1279
+ kind: "index",
1280
+ name: "by_tenant_workspace_target_environment_status",
1281
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1282
+ },
1214
1283
  { kind: "index", name: "by_status", columns: ["status"] }
1215
1284
  ]
1216
1285
  });
1286
+ var permitSyncStates = defineTable({
1287
+ name: "permitSyncStates",
1288
+ component: "mc",
1289
+ category: "runtime",
1290
+ shape: z.object({
1291
+ syncKey: z.string(),
1292
+ objectType: z.enum([
1293
+ "resource",
1294
+ "role",
1295
+ "resource_role",
1296
+ "resource_relation",
1297
+ "tenant",
1298
+ "workspace",
1299
+ "principal",
1300
+ "membership",
1301
+ "group",
1302
+ "resource_instance",
1303
+ "relationship_tuple",
1304
+ "role_assignment"
1305
+ ]),
1306
+ objectId: z.string(),
1307
+ tenantId: idOf("tenants").optional(),
1308
+ workspaceId: idOf("workspaces").optional(),
1309
+ principalId: z.string().optional(),
1310
+ permitTenantKey: z.string().optional(),
1311
+ permitResourceType: z.string().optional(),
1312
+ permitResourceKey: z.string().optional(),
1313
+ desiredPayload: z.record(z.any()),
1314
+ lastAppliedPayloadHash: z.string().optional(),
1315
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1316
+ attemptCount: z.number(),
1317
+ lastError: z.string().optional(),
1318
+ nextAttemptAt: z.number().optional(),
1319
+ lastSyncedAt: z.number().optional(),
1320
+ createdBy: z.string(),
1321
+ updatedBy: z.string().optional(),
1322
+ createdAt: z.number(),
1323
+ updatedAt: z.number()
1324
+ }),
1325
+ indices: [
1326
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1327
+ { kind: "index", name: "by_status", columns: ["status"] },
1328
+ {
1329
+ kind: "index",
1330
+ name: "by_tenant_status",
1331
+ columns: ["tenantId", "status"]
1332
+ },
1333
+ {
1334
+ kind: "index",
1335
+ name: "by_workspace_status",
1336
+ columns: ["workspaceId", "status"]
1337
+ },
1338
+ {
1339
+ kind: "index",
1340
+ name: "by_principal_status",
1341
+ columns: ["principalId", "status"]
1342
+ }
1343
+ ]
1344
+ });
1345
+ var secretSyncDriftReports = defineTable({
1346
+ name: "secretSyncDriftReports",
1347
+ component: "mc",
1348
+ category: "runtime",
1349
+ shape: z.object({
1350
+ reportId: z.string(),
1351
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1352
+ generatedAt: z.number(),
1353
+ recordedAt: z.number(),
1354
+ recordedBy: z.string(),
1355
+ status: z.enum([
1356
+ "in_sync",
1357
+ "drift",
1358
+ "exception",
1359
+ "blocked",
1360
+ "not_observed"
1361
+ ]),
1362
+ reportHash: z.string(),
1363
+ manifestHash: z.string().optional(),
1364
+ dryRunReceiptId: z.string().optional(),
1365
+ appliedReceiptId: z.string().optional(),
1366
+ summary: z.object({
1367
+ totalPipelines: z.number(),
1368
+ inSync: z.number(),
1369
+ drift: z.number(),
1370
+ exception: z.number(),
1371
+ blocked: z.number(),
1372
+ notObserved: z.number(),
1373
+ missingKeys: z.number(),
1374
+ valueDriftKeys: z.number(),
1375
+ extraKeys: z.number(),
1376
+ deniedConvexLeakage: z.number(),
1377
+ approvedExceptions: z.number()
1378
+ }),
1379
+ redactedReport: z.record(z.any()),
1380
+ metadata: z.record(z.any()).optional()
1381
+ }),
1382
+ indices: [
1383
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1384
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1385
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1386
+ {
1387
+ kind: "index",
1388
+ name: "by_status_generatedAt",
1389
+ columns: ["status", "generatedAt"]
1390
+ }
1391
+ ]
1392
+ });
1217
1393
  var controlPlaneTenantModelSlotBindings = defineTable({
1218
1394
  name: "controlPlaneTenantModelSlotBindings",
1219
1395
  component: "mc",
1220
1396
  category: "runtime",
1221
1397
  shape: z.object({
1222
- "bindingId": z.string(),
1223
- "tenantId": idOf("tenants"),
1224
- "providerId": z.string(),
1225
- "modelSlotId": z.string(),
1226
- "secretRef": z.string(),
1227
- "status": z.enum(["active", "revoked"]),
1228
- "passThroughOnly": z.boolean(),
1229
- "revokedAt": z.number().optional(),
1230
- "revokedBy": z.string().optional(),
1231
- "metadata": z.record(z.any()).optional(),
1232
- "createdBy": z.string(),
1233
- "createdAt": z.number(),
1234
- "updatedAt": z.number()
1398
+ bindingId: z.string(),
1399
+ tenantId: idOf("tenants"),
1400
+ workspaceId: idOf("workspaces").optional(),
1401
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1402
+ providerId: z.string(),
1403
+ modelSlotId: z.string(),
1404
+ secretRef: z.string(),
1405
+ status: z.enum(["active", "revoked"]),
1406
+ passThroughOnly: z.boolean(),
1407
+ revokedAt: z.number().optional(),
1408
+ revokedBy: z.string().optional(),
1409
+ metadata: z.record(z.any()).optional(),
1410
+ createdBy: z.string(),
1411
+ createdAt: z.number(),
1412
+ updatedAt: z.number()
1235
1413
  }),
1236
1414
  indices: [
1237
1415
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1238
1416
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1239
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1240
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1417
+ {
1418
+ kind: "index",
1419
+ name: "by_tenant_slot",
1420
+ columns: ["tenantId", "modelSlotId"]
1421
+ },
1422
+ {
1423
+ kind: "index",
1424
+ name: "by_tenant_provider_slot",
1425
+ columns: ["tenantId", "providerId", "modelSlotId"]
1426
+ },
1241
1427
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1242
1428
  { kind: "index", name: "by_status", columns: ["status"] }
1243
1429
  ]
@@ -1247,29 +1433,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1247
1433
  component: "mc",
1248
1434
  category: "runtime",
1249
1435
  shape: z.object({
1250
- "secretRef": z.string(),
1251
- "tenantId": idOf("tenants"),
1252
- "providerId": z.string(),
1253
- "label": z.string().optional(),
1254
- "encryptedSecret": z.string(),
1255
- "encryptionVersion": z.string(),
1256
- "secretFingerprint": z.string(),
1257
- "keyHint": z.string(),
1258
- "status": z.enum(["active", "revoked"]),
1259
- "rotatedFromSecretRef": z.string().optional(),
1260
- "revokedAt": z.number().optional(),
1261
- "revokedBy": z.string().optional(),
1262
- "lastUsedAt": z.number().optional(),
1263
- "metadata": z.record(z.any()).optional(),
1264
- "createdBy": z.string(),
1265
- "createdAt": z.number(),
1266
- "updatedAt": z.number()
1436
+ secretRef: z.string(),
1437
+ tenantId: idOf("tenants"),
1438
+ workspaceId: idOf("workspaces").optional(),
1439
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1440
+ providerId: z.string(),
1441
+ label: z.string().optional(),
1442
+ encryptedSecret: z.string().optional(),
1443
+ infisicalPath: z.string().optional(),
1444
+ infisicalSecretKey: z.string().optional(),
1445
+ infisicalProjectId: z.string().optional(),
1446
+ encryptionVersion: z.string(),
1447
+ secretFingerprint: z.string(),
1448
+ keyHint: z.string(),
1449
+ status: z.enum(["active", "revoked"]),
1450
+ rotatedFromSecretRef: z.string().optional(),
1451
+ revokedAt: z.number().optional(),
1452
+ revokedBy: z.string().optional(),
1453
+ lastUsedAt: z.number().optional(),
1454
+ metadata: z.record(z.any()).optional(),
1455
+ createdBy: z.string(),
1456
+ createdAt: z.number(),
1457
+ updatedAt: z.number()
1267
1458
  }),
1268
1459
  indices: [
1269
1460
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1270
1461
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1271
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1272
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1462
+ {
1463
+ kind: "index",
1464
+ name: "by_tenant_provider",
1465
+ columns: ["tenantId", "providerId"]
1466
+ },
1467
+ {
1468
+ kind: "index",
1469
+ name: "by_tenant_provider_status",
1470
+ columns: ["tenantId", "providerId", "status"]
1471
+ },
1273
1472
  { kind: "index", name: "by_status", columns: ["status"] }
1274
1473
  ]
1275
1474
  });
@@ -1278,35 +1477,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1278
1477
  component: "mc",
1279
1478
  category: "runtime",
1280
1479
  shape: z.object({
1281
- "usageId": z.string(),
1282
- "tenantId": idOf("tenants"),
1283
- "providerId": z.string(),
1284
- "modelSlotId": z.string(),
1285
- "secretRef": z.string(),
1286
- "proxyTokenId": z.string(),
1287
- "sessionId": z.string(),
1288
- "principalId": z.string(),
1289
- "workspaceId": z.string().optional(),
1290
- "modelId": z.string().optional(),
1291
- "requestPath": z.string(),
1292
- "status": z.enum(["success", "error"]),
1293
- "responseStatus": z.number().optional(),
1294
- "inputTokens": z.number().optional(),
1295
- "outputTokens": z.number().optional(),
1296
- "tokenCount": z.number().optional(),
1297
- "latencyMs": z.number(),
1298
- "estimatedCostUsd": z.number().optional(),
1299
- "failureCode": z.string().optional(),
1300
- "metadata": z.record(z.any()).optional(),
1301
- "createdAt": z.number(),
1302
- "updatedAt": z.number()
1480
+ usageId: z.string(),
1481
+ tenantId: idOf("tenants"),
1482
+ providerId: z.string(),
1483
+ modelSlotId: z.string(),
1484
+ secretRef: z.string(),
1485
+ proxyTokenId: z.string(),
1486
+ sessionId: z.string(),
1487
+ principalId: z.string(),
1488
+ workspaceId: z.string().optional(),
1489
+ modelId: z.string().optional(),
1490
+ requestPath: z.string(),
1491
+ status: z.enum(["success", "error"]),
1492
+ responseStatus: z.number().optional(),
1493
+ inputTokens: z.number().optional(),
1494
+ outputTokens: z.number().optional(),
1495
+ tokenCount: z.number().optional(),
1496
+ latencyMs: z.number(),
1497
+ estimatedCostUsd: z.number().optional(),
1498
+ failureCode: z.string().optional(),
1499
+ metadata: z.record(z.any()).optional(),
1500
+ createdAt: z.number(),
1501
+ updatedAt: z.number()
1303
1502
  }),
1304
1503
  indices: [
1305
1504
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1306
1505
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1307
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1308
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1309
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1506
+ {
1507
+ kind: "index",
1508
+ name: "by_tenant_provider",
1509
+ columns: ["tenantId", "providerId", "createdAt"]
1510
+ },
1511
+ {
1512
+ kind: "index",
1513
+ name: "by_proxyTokenId",
1514
+ columns: ["proxyTokenId", "createdAt"]
1515
+ },
1516
+ {
1517
+ kind: "index",
1518
+ name: "by_sessionId",
1519
+ columns: ["sessionId", "createdAt"]
1520
+ }
1521
+ ]
1522
+ });
1523
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1524
+ name: "controlPlaneTenantProxyTokenLeases",
1525
+ component: "mc",
1526
+ category: "runtime",
1527
+ shape: z.object({
1528
+ leaseId: z.string(),
1529
+ proxyTokenId: z.string(),
1530
+ tenantId: idOf("tenants"),
1531
+ workspaceId: idOf("workspaces").optional(),
1532
+ environment: z.enum(["dev", "staging", "prod"]),
1533
+ providerId: z.string(),
1534
+ modelSlotId: z.string(),
1535
+ bindingId: z.string(),
1536
+ secretRef: z.string(),
1537
+ sessionId: z.string(),
1538
+ principalId: z.string(),
1539
+ agentSessionId: z.string().optional(),
1540
+ status: z.enum(["active", "revoked"]),
1541
+ expiresAt: z.number(),
1542
+ renewedAt: z.number().optional(),
1543
+ revokedAt: z.number().optional(),
1544
+ revokedBy: z.string().optional(),
1545
+ revokeReason: z.string().optional(),
1546
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1547
+ permitTraceId: z.string().optional(),
1548
+ metadata: z.record(z.any()).optional(),
1549
+ createdAt: z.number(),
1550
+ updatedAt: z.number()
1551
+ }),
1552
+ indices: [
1553
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1554
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1555
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1556
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1557
+ {
1558
+ kind: "index",
1559
+ name: "by_principalId",
1560
+ columns: ["principalId", "createdAt"]
1561
+ },
1562
+ {
1563
+ kind: "index",
1564
+ name: "by_status_expiresAt",
1565
+ columns: ["status", "expiresAt"]
1566
+ }
1310
1567
  ]
1311
1568
  });
1312
1569
  var crossProjectConnections = defineTable({
@@ -1648,6 +1905,7 @@ var epistemicNodes = defineTable({
1648
1905
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1649
1906
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1650
1907
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1908
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1651
1909
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1652
1910
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1653
1911
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1798,6 +2056,7 @@ var memberships = defineTable({
1798
2056
  indices: [
1799
2057
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1800
2058
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2059
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1801
2060
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1802
2061
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1803
2062
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1829,6 +2088,36 @@ var principals = defineTable({
1829
2088
  { kind: "index", name: "by_status", columns: ["status"] }
1830
2089
  ]
1831
2090
  });
2091
+ var principalIdentityAliases = defineTable({
2092
+ name: "principalIdentityAliases",
2093
+ component: "mc",
2094
+ category: "identity",
2095
+ shape: z.object({
2096
+ "principalId": z.string(),
2097
+ "principalRefId": idOf("principals").optional(),
2098
+ "provider": z.string(),
2099
+ "providerProjectId": z.string().optional(),
2100
+ "externalSubjectId": z.string(),
2101
+ "tenantId": idOf("tenants").optional(),
2102
+ "workspaceId": idOf("workspaces").optional(),
2103
+ "email": z.string().optional(),
2104
+ "status": z.enum(["active", "revoked"]),
2105
+ "metadata": z.record(z.any()).optional(),
2106
+ "createdBy": z.string(),
2107
+ "revokedAt": z.number().optional(),
2108
+ "revokedBy": z.string().optional(),
2109
+ "createdAt": z.number(),
2110
+ "updatedAt": z.number()
2111
+ }),
2112
+ indices: [
2113
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2114
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2115
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2116
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2117
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2118
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2119
+ ]
2120
+ });
1832
2121
  var rateLimitWindows = defineTable({
1833
2122
  name: "rateLimitWindows",
1834
2123
  component: "mc",
@@ -2418,7 +2707,7 @@ var lensTopicBindings = defineTable({
2418
2707
  });
2419
2708
  var mcpWritePolicy = defineTable({
2420
2709
  name: "mcpWritePolicy",
2421
- component: "identity",
2710
+ component: "control-plane",
2422
2711
  category: "platform",
2423
2712
  shape: z.object({
2424
2713
  "topicId": z.string().optional(),
@@ -2441,7 +2730,7 @@ var mcpWritePolicy = defineTable({
2441
2730
  });
2442
2731
  var platformAudienceGrants = defineTable({
2443
2732
  name: "platformAudienceGrants",
2444
- component: "identity",
2733
+ component: "control-plane",
2445
2734
  category: "platform",
2446
2735
  shape: z.object({
2447
2736
  "tenantId": z.string(),
@@ -2467,7 +2756,7 @@ var platformAudienceGrants = defineTable({
2467
2756
  });
2468
2757
  var platformAudiences = defineTable({
2469
2758
  name: "platformAudiences",
2470
- component: "identity",
2759
+ component: "control-plane",
2471
2760
  category: "platform",
2472
2761
  shape: z.object({
2473
2762
  "tenantId": z.string(),
@@ -2492,7 +2781,7 @@ var platformAudiences = defineTable({
2492
2781
  });
2493
2782
  var platformPolicyDecisionLogs = defineTable({
2494
2783
  name: "platformPolicyDecisionLogs",
2495
- component: "identity",
2784
+ component: "control-plane",
2496
2785
  category: "platform",
2497
2786
  shape: z.object({
2498
2787
  "principalId": z.string(),
@@ -2528,7 +2817,7 @@ var platformPolicyDecisionLogs = defineTable({
2528
2817
  });
2529
2818
  var tenantApiKeys = defineTable({
2530
2819
  name: "tenantApiKeys",
2531
- component: "identity",
2820
+ component: "control-plane",
2532
2821
  category: "platform",
2533
2822
  shape: z.object({
2534
2823
  "tenantId": z.string(),
@@ -2555,7 +2844,7 @@ var tenantApiKeys = defineTable({
2555
2844
  });
2556
2845
  var tenantConfig = defineTable({
2557
2846
  name: "tenantConfig",
2558
- component: "identity",
2847
+ component: "control-plane",
2559
2848
  category: "platform",
2560
2849
  shape: z.object({
2561
2850
  "tenantId": z.string(),
@@ -2574,7 +2863,7 @@ var tenantConfig = defineTable({
2574
2863
  });
2575
2864
  var tenantIntegrations = defineTable({
2576
2865
  name: "tenantIntegrations",
2577
- component: "identity",
2866
+ component: "control-plane",
2578
2867
  category: "platform",
2579
2868
  shape: z.object({
2580
2869
  "tenantId": z.string(),
@@ -2629,7 +2918,7 @@ var tenantIntegrations = defineTable({
2629
2918
  });
2630
2919
  var tenantModelSlotBindings = defineTable({
2631
2920
  name: "tenantModelSlotBindings",
2632
- component: "identity",
2921
+ component: "control-plane",
2633
2922
  category: "platform",
2634
2923
  shape: z.object({
2635
2924
  "bindingId": z.string(),
@@ -2657,7 +2946,7 @@ var tenantModelSlotBindings = defineTable({
2657
2946
  });
2658
2947
  var tenantPolicies = defineTable({
2659
2948
  name: "tenantPolicies",
2660
- component: "identity",
2949
+ component: "control-plane",
2661
2950
  category: "platform",
2662
2951
  shape: z.object({
2663
2952
  "tenantId": z.string(),
@@ -2682,7 +2971,7 @@ var tenantPolicies = defineTable({
2682
2971
  });
2683
2972
  var tenantProviderSecrets = defineTable({
2684
2973
  name: "tenantProviderSecrets",
2685
- component: "identity",
2974
+ component: "control-plane",
2686
2975
  category: "platform",
2687
2976
  shape: z.object({
2688
2977
  "secretRef": z.string(),
@@ -2713,7 +3002,7 @@ var tenantProviderSecrets = defineTable({
2713
3002
  });
2714
3003
  var tenantProxyGatewayUsage = defineTable({
2715
3004
  name: "tenantProxyGatewayUsage",
2716
- component: "identity",
3005
+ component: "control-plane",
2717
3006
  category: "platform",
2718
3007
  shape: z.object({
2719
3008
  "usageId": z.string(),
@@ -2748,7 +3037,7 @@ var tenantProxyGatewayUsage = defineTable({
2748
3037
  });
2749
3038
  var tenantProxyTokenMints = defineTable({
2750
3039
  name: "tenantProxyTokenMints",
2751
- component: "identity",
3040
+ component: "control-plane",
2752
3041
  category: "platform",
2753
3042
  shape: z.object({
2754
3043
  "proxyTokenId": z.string(),
@@ -2771,7 +3060,7 @@ var tenantProxyTokenMints = defineTable({
2771
3060
  });
2772
3061
  var tenantSandboxAuditEvents = defineTable({
2773
3062
  name: "tenantSandboxAuditEvents",
2774
- component: "identity",
3063
+ component: "control-plane",
2775
3064
  category: "platform",
2776
3065
  shape: z.object({
2777
3066
  "eventId": z.string(),
@@ -2805,7 +3094,7 @@ var tenantSandboxAuditEvents = defineTable({
2805
3094
  });
2806
3095
  var tenantSecrets = defineTable({
2807
3096
  name: "tenantSecrets",
2808
- component: "identity",
3097
+ component: "control-plane",
2809
3098
  category: "platform",
2810
3099
  shape: z.object({
2811
3100
  "tenantId": z.string(),
@@ -2827,7 +3116,7 @@ var tenantSecrets = defineTable({
2827
3116
  });
2828
3117
  var toolAcls = defineTable({
2829
3118
  name: "toolAcls",
2830
- component: "identity",
3119
+ component: "control-plane",
2831
3120
  category: "platform",
2832
3121
  shape: z.object({
2833
3122
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2842,7 +3131,7 @@ var toolAcls = defineTable({
2842
3131
  });
2843
3132
  var toolRegistry = defineTable({
2844
3133
  name: "toolRegistry",
2845
- component: "identity",
3134
+ component: "control-plane",
2846
3135
  category: "platform",
2847
3136
  shape: z.object({
2848
3137
  "toolName": z.string(),
@@ -2923,7 +3212,7 @@ var tenantMethodologyAssignments = defineTable({
2923
3212
  });
2924
3213
  var modelCallLogs = defineTable({
2925
3214
  name: "modelCallLogs",
2926
- component: "identity",
3215
+ component: "control-plane",
2927
3216
  category: "model",
2928
3217
  shape: z.object({
2929
3218
  "slot": z.string(),
@@ -2949,7 +3238,7 @@ var modelCallLogs = defineTable({
2949
3238
  });
2950
3239
  var modelFunctionSlots = defineTable({
2951
3240
  name: "modelFunctionSlots",
2952
- component: "identity",
3241
+ component: "control-plane",
2953
3242
  category: "model",
2954
3243
  shape: z.object({
2955
3244
  "slot": z.string(),
@@ -2974,7 +3263,7 @@ var modelFunctionSlots = defineTable({
2974
3263
  });
2975
3264
  var modelRegistry = defineTable({
2976
3265
  name: "modelRegistry",
2977
- component: "identity",
3266
+ component: "control-plane",
2978
3267
  category: "model",
2979
3268
  shape: z.object({
2980
3269
  "key": z.string(),
@@ -3001,7 +3290,7 @@ var modelRegistry = defineTable({
3001
3290
  });
3002
3291
  var modelSlotConfigs = defineTable({
3003
3292
  name: "modelSlotConfigs",
3004
- component: "identity",
3293
+ component: "control-plane",
3005
3294
  category: "model",
3006
3295
  shape: z.object({
3007
3296
  "slot": z.string(),
@@ -3388,7 +3677,7 @@ var policyDecisionLogs = defineTable({
3388
3677
  "workspaceId": idOf("workspaces").optional(),
3389
3678
  "resourceType": z.string(),
3390
3679
  "resourceId": z.string(),
3391
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3680
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3392
3681
  "decision": z.enum(["allow", "deny"]),
3393
3682
  "reasonCode": z.string(),
3394
3683
  "policyVersion": z.string(),
@@ -3450,7 +3739,7 @@ var controlPlaneToolAcls = defineTable({
3450
3739
  });
3451
3740
  var projectGrants = defineTable({
3452
3741
  name: "projectGrants",
3453
- component: "identity",
3742
+ component: "control-plane",
3454
3743
  category: "project",
3455
3744
  shape: z.object({
3456
3745
  "projectId": z.string().optional(),
@@ -3482,9 +3771,653 @@ var projectGrants = defineTable({
3482
3771
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3483
3772
  ]
3484
3773
  });
3774
+ var permitActorType = z.enum([
3775
+ "human",
3776
+ "agent",
3777
+ "service_principal",
3778
+ "external_stakeholder",
3779
+ "system"
3780
+ ]);
3781
+ var permitMembershipStatus = z.enum([
3782
+ "active",
3783
+ "invited",
3784
+ "revoked",
3785
+ "suspended",
3786
+ "disabled"
3787
+ ]);
3788
+ var permitDecision = z.enum(["allow", "deny"]);
3789
+ var permitAccessReviewStatus = z.enum([
3790
+ "open",
3791
+ "in_progress",
3792
+ "approved",
3793
+ "denied",
3794
+ "expired",
3795
+ "cancelled"
3796
+ ]);
3797
+ var permitReviewScope = z.enum([
3798
+ "tenant",
3799
+ "workspace",
3800
+ "resource_instance",
3801
+ "group",
3802
+ "principal",
3803
+ "api_key",
3804
+ "admin_action"
3805
+ ]);
3806
+ var permitRecordStatus = z.enum([
3807
+ "queued",
3808
+ "inflight",
3809
+ "completed",
3810
+ "failed",
3811
+ "skipped",
3812
+ "stale"
3813
+ ]);
3814
+ var permitObjectType = z.enum([
3815
+ "resource",
3816
+ "role",
3817
+ "resource_role",
3818
+ "resource_relation",
3819
+ "tenant",
3820
+ "workspace",
3821
+ "principal",
3822
+ "membership",
3823
+ "group",
3824
+ "resource_instance",
3825
+ "relationship_tuple",
3826
+ "role_assignment",
3827
+ "attribute_binding",
3828
+ "policy_bundle"
3829
+ ]);
3830
+ var permitOutboxOperation = z.enum([
3831
+ "upsert",
3832
+ "delete",
3833
+ "sync",
3834
+ "resync",
3835
+ "delete_sync",
3836
+ "noop"
3837
+ ]);
3838
+ var permitPolicyBundleStatus = z.enum([
3839
+ "draft",
3840
+ "validated",
3841
+ "enforced",
3842
+ "archived"
3843
+ ]);
3844
+ var permitSyncStatus = z.enum([
3845
+ "pending",
3846
+ "synced",
3847
+ "error",
3848
+ "skipped"
3849
+ ]);
3850
+ var permitAccessReviewSubjectType = z.enum([
3851
+ "principal",
3852
+ "group",
3853
+ "role_assignment",
3854
+ "resource_instance"
3855
+ ]);
3856
+ var permitAttributeType = z.enum([
3857
+ "string",
3858
+ "number",
3859
+ "bool",
3860
+ "json",
3861
+ "time"
3862
+ ]);
3863
+ var permitAttributeOperator = z.enum([
3864
+ "eq",
3865
+ "neq",
3866
+ "in",
3867
+ "not_in",
3868
+ "gt",
3869
+ "gte",
3870
+ "lt",
3871
+ "lte",
3872
+ "contains",
3873
+ "not_contains",
3874
+ "matches"
3875
+ ]);
3876
+ var permitRoleBindingTarget = z.enum([
3877
+ "principal",
3878
+ "group"
3879
+ ]);
3880
+ var permitPrincipals = defineTable({
3881
+ name: "permitPrincipals",
3882
+ component: "control-plane",
3883
+ category: "access-control",
3884
+ shape: z.object({
3885
+ principalId: z.string(),
3886
+ tenantId: z.string(),
3887
+ workspaceId: z.optional(z.string()),
3888
+ principalType: permitActorType,
3889
+ status: permitMembershipStatus,
3890
+ displayName: z.string().optional(),
3891
+ metadata: z.record(z.any()).optional(),
3892
+ createdBy: z.string(),
3893
+ createdAt: z.number(),
3894
+ updatedAt: z.number(),
3895
+ updatedBy: z.string().optional(),
3896
+ lastSeenAt: z.number().optional()
3897
+ }),
3898
+ indices: [
3899
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3900
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3901
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3902
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3903
+ {
3904
+ kind: "index",
3905
+ name: "by_tenant_principalType_status",
3906
+ columns: ["tenantId", "principalType", "status"]
3907
+ }
3908
+ ]
3909
+ });
3910
+ var permitPrincipalAliases = defineTable({
3911
+ name: "permitPrincipalAliases",
3912
+ component: "control-plane",
3913
+ category: "access-control",
3914
+ shape: z.object({
3915
+ principalId: z.string(),
3916
+ tenantId: z.string(),
3917
+ workspaceId: z.optional(z.string()),
3918
+ provider: z.string(),
3919
+ providerSubjectId: z.string(),
3920
+ providerProjectId: z.string().optional(),
3921
+ alias: z.string(),
3922
+ aliasKind: z.string(),
3923
+ status: permitMembershipStatus,
3924
+ metadata: z.record(z.any()).optional(),
3925
+ createdBy: z.string(),
3926
+ createdAt: z.number(),
3927
+ updatedAt: z.number(),
3928
+ revokedBy: z.string().optional(),
3929
+ revokedAt: z.number().optional(),
3930
+ updatedBy: z.string().optional()
3931
+ }),
3932
+ indices: [
3933
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3934
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
3935
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
3936
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3937
+ { kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
3938
+ {
3939
+ kind: "index",
3940
+ name: "by_tenant_provider_alias",
3941
+ columns: ["tenantId", "provider", "alias"]
3942
+ },
3943
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3944
+ {
3945
+ kind: "index",
3946
+ name: "by_tenant_provider_status",
3947
+ columns: ["tenantId", "provider", "status"]
3948
+ }
3949
+ ]
3950
+ });
3951
+ var permitGroups = defineTable({
3952
+ name: "permitGroups",
3953
+ component: "control-plane",
3954
+ category: "access-control",
3955
+ shape: z.object({
3956
+ tenantId: z.string(),
3957
+ workspaceId: z.optional(z.string()),
3958
+ groupId: z.string(),
3959
+ groupKey: z.string(),
3960
+ groupName: z.string(),
3961
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3962
+ status: permitMembershipStatus,
3963
+ description: z.string().optional(),
3964
+ metadata: z.record(z.any()).optional(),
3965
+ createdBy: z.string(),
3966
+ createdAt: z.number(),
3967
+ updatedAt: z.number(),
3968
+ updatedBy: z.string().optional()
3969
+ }),
3970
+ indices: [
3971
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3972
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3973
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3974
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3975
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3976
+ ]
3977
+ });
3978
+ var permitGroupMemberships = defineTable({
3979
+ name: "permitGroupMemberships",
3980
+ component: "control-plane",
3981
+ category: "access-control",
3982
+ shape: z.object({
3983
+ tenantId: z.string(),
3984
+ workspaceId: z.optional(z.string()),
3985
+ groupId: z.string(),
3986
+ memberType: z.enum(["principal", "group"]),
3987
+ memberId: z.string(),
3988
+ principalId: z.string().optional(),
3989
+ childGroupId: z.string().optional(),
3990
+ status: permitMembershipStatus,
3991
+ addedBy: z.string().optional(),
3992
+ revokedBy: z.string().optional(),
3993
+ expiresAt: z.number().optional(),
3994
+ revocationReason: z.string().optional(),
3995
+ metadata: z.record(z.any()).optional(),
3996
+ createdAt: z.number(),
3997
+ updatedAt: z.number(),
3998
+ updatedBy: z.string().optional()
3999
+ }),
4000
+ indices: [
4001
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
4002
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
4003
+ {
4004
+ kind: "index",
4005
+ name: "by_tenant_member_group",
4006
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
4007
+ },
4008
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
4009
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
4010
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4011
+ {
4012
+ kind: "index",
4013
+ name: "by_workspace_principal",
4014
+ columns: ["workspaceId", "principalId"]
4015
+ }
4016
+ ]
4017
+ });
4018
+ var permitResourceInstances = defineTable({
4019
+ name: "permitResourceInstances",
4020
+ component: "control-plane",
4021
+ category: "access-control",
4022
+ shape: z.object({
4023
+ tenantId: z.string(),
4024
+ workspaceId: z.optional(z.string()),
4025
+ resourceType: z.string(),
4026
+ resourceKey: z.string(),
4027
+ resourceId: z.string(),
4028
+ status: z.enum(["active", "deleted", "archived"]),
4029
+ attributes: z.record(z.any()).optional(),
4030
+ ownerPrincipalId: z.string().optional(),
4031
+ metadata: z.record(z.any()).optional(),
4032
+ createdBy: z.string(),
4033
+ updatedBy: z.string().optional(),
4034
+ createdAt: z.number(),
4035
+ updatedAt: z.number()
4036
+ }),
4037
+ indices: [
4038
+ {
4039
+ kind: "index",
4040
+ name: "by_tenant_resource_type",
4041
+ columns: ["tenantId", "resourceType"]
4042
+ },
4043
+ {
4044
+ kind: "index",
4045
+ name: "by_tenant_resource_key",
4046
+ columns: ["tenantId", "resourceType", "resourceKey"]
4047
+ },
4048
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4049
+ { kind: "index", name: "by_status", columns: ["status"] },
4050
+ {
4051
+ kind: "index",
4052
+ name: "by_tenant_status",
4053
+ columns: ["tenantId", "status"]
4054
+ },
4055
+ {
4056
+ kind: "index",
4057
+ name: "by_ownerPrincipalId",
4058
+ columns: ["ownerPrincipalId"]
4059
+ }
4060
+ ]
4061
+ });
4062
+ var permitRoleAssignments = defineTable({
4063
+ name: "permitRoleAssignments",
4064
+ component: "control-plane",
4065
+ category: "access-control",
4066
+ shape: z.object({
4067
+ tenantId: z.string(),
4068
+ workspaceId: z.optional(z.string()),
4069
+ role: z.string(),
4070
+ targetType: permitRoleBindingTarget,
4071
+ targetId: z.string(),
4072
+ resourceType: z.string(),
4073
+ resourceKey: z.string(),
4074
+ resourceInstanceId: z.string().optional(),
4075
+ status: permitMembershipStatus,
4076
+ expiresAt: z.number().optional(),
4077
+ attributes: z.record(z.any()).optional(),
4078
+ grantedBy: z.string().optional(),
4079
+ updatedBy: z.string().optional(),
4080
+ revokedBy: z.string().optional(),
4081
+ createdAt: z.number(),
4082
+ updatedAt: z.number()
4083
+ }),
4084
+ indices: [
4085
+ {
4086
+ kind: "index",
4087
+ name: "by_tenant_target",
4088
+ columns: ["tenantId", "targetType", "targetId"]
4089
+ },
4090
+ {
4091
+ kind: "index",
4092
+ name: "by_tenant_resource",
4093
+ columns: ["tenantId", "resourceType", "resourceKey"]
4094
+ },
4095
+ {
4096
+ kind: "index",
4097
+ name: "by_tenant_role",
4098
+ columns: ["tenantId", "role", "status"]
4099
+ },
4100
+ { kind: "index", name: "by_status", columns: ["status"] },
4101
+ {
4102
+ kind: "index",
4103
+ name: "by_workspace_resource",
4104
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4105
+ }
4106
+ ]
4107
+ });
4108
+ var permitRelationshipTuples = defineTable({
4109
+ name: "permitRelationshipTuples",
4110
+ component: "control-plane",
4111
+ category: "access-control",
4112
+ shape: z.object({
4113
+ tenantId: z.string(),
4114
+ workspaceId: z.optional(z.string()),
4115
+ relation: z.string(),
4116
+ subject: z.string(),
4117
+ object: z.string(),
4118
+ resourceType: z.string().optional(),
4119
+ resourceKey: z.string().optional(),
4120
+ status: permitRecordStatus,
4121
+ attributes: z.record(z.any()).optional(),
4122
+ createdBy: z.string(),
4123
+ createdAt: z.number(),
4124
+ updatedAt: z.number(),
4125
+ lastSeenAt: z.number().optional(),
4126
+ updatedBy: z.string().optional()
4127
+ }),
4128
+ indices: [
4129
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4130
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4131
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4132
+ {
4133
+ kind: "index",
4134
+ name: "by_tenant_relation_subject",
4135
+ columns: ["tenantId", "relation", "subject"]
4136
+ },
4137
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4138
+ ]
4139
+ });
4140
+ var permitAttributeBindings = defineTable({
4141
+ name: "permitAttributeBindings",
4142
+ component: "control-plane",
4143
+ category: "access-control",
4144
+ shape: z.object({
4145
+ tenantId: z.string(),
4146
+ workspaceId: z.optional(z.string()),
4147
+ targetType: permitRoleBindingTarget,
4148
+ targetId: z.string(),
4149
+ attributeName: z.string(),
4150
+ attributeType: permitAttributeType,
4151
+ attributeOperator: permitAttributeOperator,
4152
+ attributeValue: z.any(),
4153
+ status: permitRecordStatus,
4154
+ source: z.string().optional(),
4155
+ sourceRef: z.string().optional(),
4156
+ metadata: z.record(z.any()).optional(),
4157
+ createdAt: z.number(),
4158
+ updatedAt: z.number(),
4159
+ createdBy: z.string(),
4160
+ updatedBy: z.string().optional(),
4161
+ expiresAt: z.number().optional()
4162
+ }),
4163
+ indices: [
4164
+ {
4165
+ kind: "index",
4166
+ name: "by_tenant_target",
4167
+ columns: ["tenantId", "targetType", "targetId"]
4168
+ },
4169
+ {
4170
+ kind: "index",
4171
+ name: "by_tenant_target_attribute",
4172
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4173
+ },
4174
+ {
4175
+ kind: "index",
4176
+ name: "by_tenant_name",
4177
+ columns: ["tenantId", "attributeName"]
4178
+ },
4179
+ {
4180
+ kind: "index",
4181
+ name: "by_tenant_status",
4182
+ columns: ["tenantId", "status"]
4183
+ }
4184
+ ]
4185
+ });
4186
+ var permitPolicyBundles = defineTable({
4187
+ name: "permitPolicyBundles",
4188
+ component: "control-plane",
4189
+ category: "access-control",
4190
+ shape: z.object({
4191
+ tenantId: z.string(),
4192
+ workspaceId: z.optional(z.string()),
4193
+ bundleKey: z.string(),
4194
+ version: z.number(),
4195
+ status: permitPolicyBundleStatus,
4196
+ policyHash: z.string().optional(),
4197
+ policyPayload: z.record(z.any()),
4198
+ metadata: z.record(z.any()).optional(),
4199
+ createdBy: z.string(),
4200
+ reviewedBy: z.string().optional(),
4201
+ createdAt: z.number(),
4202
+ updatedAt: z.number(),
4203
+ retiredAt: z.number().optional()
4204
+ }),
4205
+ indices: [
4206
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4207
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4208
+ {
4209
+ kind: "index",
4210
+ name: "by_tenant_bundleKey",
4211
+ columns: ["tenantId", "bundleKey"]
4212
+ },
4213
+ {
4214
+ kind: "index",
4215
+ name: "by_tenant_bundle_version",
4216
+ columns: ["tenantId", "bundleKey", "version"]
4217
+ },
4218
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4219
+ ]
4220
+ });
4221
+ var permitProjectionOutbox = defineTable({
4222
+ name: "permitProjectionOutbox",
4223
+ component: "control-plane",
4224
+ category: "access-control",
4225
+ shape: z.object({
4226
+ syncKey: z.string(),
4227
+ objectType: permitObjectType,
4228
+ objectId: z.string(),
4229
+ operation: permitOutboxOperation,
4230
+ payload: z.record(z.any()),
4231
+ status: permitRecordStatus,
4232
+ attemptCount: z.number(),
4233
+ nextAttemptAt: z.number().optional(),
4234
+ lastError: z.string().optional(),
4235
+ tenantId: z.string().optional(),
4236
+ workspaceId: z.optional(z.string()),
4237
+ principalId: z.string().optional(),
4238
+ permitTenantKey: z.string().optional(),
4239
+ permitResourceType: z.string().optional(),
4240
+ permitResourceKey: z.string().optional(),
4241
+ createdAt: z.number(),
4242
+ updatedAt: z.number(),
4243
+ lastHandledAt: z.number().optional()
4244
+ }),
4245
+ indices: [
4246
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4247
+ { kind: "index", name: "by_status", columns: ["status"] },
4248
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4249
+ {
4250
+ kind: "index",
4251
+ name: "by_tenant_status",
4252
+ columns: ["tenantId", "status"]
4253
+ },
4254
+ {
4255
+ kind: "index",
4256
+ name: "by_objectType",
4257
+ columns: ["objectType", "status"]
4258
+ }
4259
+ ]
4260
+ });
4261
+ var tenantPermitSyncStates = defineTable({
4262
+ name: "tenantPermitSyncStates",
4263
+ component: "control-plane",
4264
+ category: "access-control",
4265
+ shape: z.object({
4266
+ syncKey: z.string(),
4267
+ objectType: permitObjectType,
4268
+ objectId: z.string(),
4269
+ tenantId: z.string().optional(),
4270
+ workspaceId: z.string().optional(),
4271
+ principalId: z.string().optional(),
4272
+ permitTenantKey: z.string().optional(),
4273
+ permitResourceType: z.string().optional(),
4274
+ permitResourceKey: z.string().optional(),
4275
+ desiredPayload: z.record(z.any()),
4276
+ lastAppliedPayloadHash: z.string().optional(),
4277
+ status: permitSyncStatus,
4278
+ attemptCount: z.number(),
4279
+ lastError: z.string().optional(),
4280
+ nextAttemptAt: z.number().optional(),
4281
+ lastSyncedAt: z.number().optional(),
4282
+ createdBy: z.string(),
4283
+ updatedBy: z.string().optional(),
4284
+ createdAt: z.number(),
4285
+ updatedAt: z.number()
4286
+ }),
4287
+ indices: [
4288
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4289
+ { kind: "index", name: "by_status", columns: ["status"] },
4290
+ {
4291
+ kind: "index",
4292
+ name: "by_tenant_status",
4293
+ columns: ["tenantId", "status"]
4294
+ },
4295
+ {
4296
+ kind: "index",
4297
+ name: "by_workspace_status",
4298
+ columns: ["workspaceId", "status"]
4299
+ },
4300
+ {
4301
+ kind: "index",
4302
+ name: "by_principal_status",
4303
+ columns: ["principalId", "status"]
4304
+ }
4305
+ ]
4306
+ });
4307
+ var permitPolicyDecisionReceipts = defineTable({
4308
+ name: "permitPolicyDecisionReceipts",
4309
+ component: "control-plane",
4310
+ category: "access-control",
4311
+ shape: z.object({
4312
+ tenantId: z.string().optional(),
4313
+ workspaceId: z.string().optional(),
4314
+ principalId: z.string(),
4315
+ subjectType: permitAccessReviewSubjectType.optional(),
4316
+ subjectId: z.string().optional(),
4317
+ resourceType: z.string(),
4318
+ resourceId: z.string(),
4319
+ action: z.string(),
4320
+ decision: permitDecision,
4321
+ reasonCode: z.string(),
4322
+ policyBundleId: z.string().optional(),
4323
+ policyVersion: z.string(),
4324
+ traceId: z.string().optional(),
4325
+ requestId: z.string().optional(),
4326
+ audienceMode: z.string().optional(),
4327
+ audienceKey: z.string().optional(),
4328
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4329
+ metadata: z.record(z.any()).optional(),
4330
+ createdAt: z.number(),
4331
+ expiresAt: z.number().optional(),
4332
+ createdBy: z.string().optional()
4333
+ }),
4334
+ indices: [
4335
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4336
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4337
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4338
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4339
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4340
+ { kind: "index", name: "by_action", columns: ["action"] }
4341
+ ]
4342
+ });
4343
+ var permitAccessReviews = defineTable({
4344
+ name: "permitAccessReviews",
4345
+ component: "control-plane",
4346
+ category: "access-control",
4347
+ shape: z.object({
4348
+ tenantId: z.string(),
4349
+ workspaceId: z.optional(z.string()),
4350
+ reviewKey: z.string(),
4351
+ scope: permitReviewScope,
4352
+ status: permitAccessReviewStatus,
4353
+ subjectType: permitAccessReviewSubjectType,
4354
+ subjectId: z.string(),
4355
+ resourceType: z.string().optional(),
4356
+ resourceKey: z.string().optional(),
4357
+ outcome: z.enum(["allow", "deny"]).optional(),
4358
+ requestedBy: z.string(),
4359
+ reviewedBy: z.string().optional(),
4360
+ requestedAt: z.number(),
4361
+ reviewedAt: z.number().optional(),
4362
+ dueAt: z.number().optional(),
4363
+ justification: z.string().optional(),
4364
+ rationale: z.string().optional(),
4365
+ policyBundleId: z.string().optional(),
4366
+ metadata: z.record(z.any()).optional(),
4367
+ createdAt: z.number(),
4368
+ updatedAt: z.number()
4369
+ }),
4370
+ indices: [
4371
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4372
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4373
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4374
+ {
4375
+ kind: "index",
4376
+ name: "by_tenant_subject",
4377
+ columns: ["tenantId", "subjectType", "subjectId"]
4378
+ },
4379
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4380
+ {
4381
+ kind: "index",
4382
+ name: "by_workspace_status",
4383
+ columns: ["workspaceId", "status"]
4384
+ }
4385
+ ]
4386
+ });
4387
+ var permitAccessReviewItems = defineTable({
4388
+ name: "permitAccessReviewItems",
4389
+ component: "control-plane",
4390
+ category: "access-control",
4391
+ shape: z.object({
4392
+ reviewKey: z.string(),
4393
+ itemKey: z.string(),
4394
+ tenantId: z.string(),
4395
+ workspaceId: z.string().optional(),
4396
+ subjectType: permitAccessReviewSubjectType,
4397
+ subjectId: z.string(),
4398
+ resourceType: z.string().optional(),
4399
+ resourceKey: z.string().optional(),
4400
+ role: z.string().optional(),
4401
+ relation: z.string().optional(),
4402
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4403
+ reviewerId: z.string().optional(),
4404
+ decisionAt: z.number().optional(),
4405
+ rationale: z.string().optional(),
4406
+ metadata: z.record(z.any()).optional(),
4407
+ createdAt: z.number(),
4408
+ updatedAt: z.number()
4409
+ }),
4410
+ indices: [
4411
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4412
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4413
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4414
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4415
+ { kind: "index", name: "by_status", columns: ["status"] }
4416
+ ]
4417
+ });
3485
4418
  var reasoningPermissions = defineTable({
3486
4419
  name: "reasoningPermissions",
3487
- component: "identity",
4420
+ component: "control-plane",
3488
4421
  category: "epistemic",
3489
4422
  shape: z.object({
3490
4423
  "topicId": z.string().optional(),
@@ -3719,6 +4652,7 @@ var topics = defineTable({
3719
4652
  "updatedAt": z.number()
3720
4653
  }),
3721
4654
  indices: [
4655
+ { kind: "index", name: "by_globalId", columns: ["globalId"] },
3722
4656
  { kind: "index", name: "by_parent", columns: ["parentTopicId"] },
3723
4657
  { kind: "index", name: "by_type", columns: ["type"] },
3724
4658
  { kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
@@ -3730,7 +4664,7 @@ var topics = defineTable({
3730
4664
  });
3731
4665
  var users = defineTable({
3732
4666
  name: "users",
3733
- component: "identity",
4667
+ component: "control-plane",
3734
4668
  category: "user",
3735
4669
  shape: z.object({
3736
4670
  "clerkId": z.string(),
@@ -3844,7 +4778,6 @@ var workspaces = defineTable({
3844
4778
  "deployments": z.record(z.object({
3845
4779
  "url": z.string(),
3846
4780
  "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
3847
- "encryptedDeployKey": z.string().optional(),
3848
4781
  "credentialRef": z.string().optional()
3849
4782
  })).optional(),
3850
4783
  "metadata": z.record(z.any()).optional(),
@@ -3859,6 +4792,39 @@ var workspaces = defineTable({
3859
4792
  { kind: "index", name: "by_status", columns: ["status"] }
3860
4793
  ]
3861
4794
  });
4795
+ var deploymentHosts = defineTable({
4796
+ name: "deploymentHosts",
4797
+ component: "mc",
4798
+ category: "workspace",
4799
+ shape: z.object({
4800
+ "host": z.string(),
4801
+ "tenantId": idOf("tenants"),
4802
+ "workspaceId": idOf("workspaces"),
4803
+ "environment": z.enum(["dev", "staging", "prod"]),
4804
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4805
+ "deploymentUrl": z.string().optional(),
4806
+ "deploymentName": z.string().optional(),
4807
+ "vercelProjectName": z.string().optional(),
4808
+ "vercelProjectId": z.string().optional(),
4809
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4810
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4811
+ "status": z.enum(["active", "revoked"]),
4812
+ "metadata": z.record(z.any()).optional(),
4813
+ "createdBy": z.string(),
4814
+ "createdAt": z.number(),
4815
+ "updatedAt": z.number(),
4816
+ "revokedAt": z.number().optional(),
4817
+ "revokedBy": z.string().optional()
4818
+ }),
4819
+ indices: [
4820
+ { kind: "index", name: "by_host", columns: ["host"] },
4821
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4822
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4823
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4824
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4825
+ { kind: "index", name: "by_status", columns: ["status"] }
4826
+ ]
4827
+ });
3862
4828
  var worktreeBeliefCluster = defineTable({
3863
4829
  name: "worktreeBeliefCluster",
3864
4830
  component: "kernel",
@@ -4177,6 +5143,7 @@ var KERNEL_TABLE_CONTRACTS = [
4177
5143
  decisionParticipants,
4178
5144
  decisionRiskLedger,
4179
5145
  decisionSnapshots,
5146
+ domainEvents,
4180
5147
  deliberationContributions,
4181
5148
  deliberationSessions,
4182
5149
  stakeholderGroups,
@@ -4223,9 +5190,23 @@ var KERNEL_TABLE_CONTRACTS = [
4223
5190
  worktreeBeliefCluster,
4224
5191
  worktrees
4225
5192
  ];
4226
- var IDENTITY_TABLE_CONTRACTS = [
5193
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4227
5194
  agents,
4228
5195
  reasoningPermissions,
5196
+ permitAccessReviewItems,
5197
+ permitAccessReviews,
5198
+ permitAttributeBindings,
5199
+ permitGroups,
5200
+ permitGroupMemberships,
5201
+ permitPolicyBundles,
5202
+ permitPolicyDecisionReceipts,
5203
+ permitPrincipalAliases,
5204
+ permitPrincipals,
5205
+ permitProjectionOutbox,
5206
+ permitRelationshipTuples,
5207
+ permitResourceInstances,
5208
+ permitRoleAssignments,
5209
+ tenantPermitSyncStates,
4229
5210
  modelCallLogs,
4230
5211
  modelFunctionSlots,
4231
5212
  modelRegistry,
@@ -4255,6 +5236,7 @@ var MC_TABLE_CONTRACTS = [
4255
5236
  memberships,
4256
5237
  oauthDeviceCodes,
4257
5238
  principals,
5239
+ principalIdentityAliases,
4258
5240
  rateLimitWindows,
4259
5241
  servicePrincipalKeys,
4260
5242
  userSessions,
@@ -4270,29 +5252,33 @@ var MC_TABLE_CONTRACTS = [
4270
5252
  policyDecisionLogs,
4271
5253
  policySimulations,
4272
5254
  controlPlaneToolAcls,
5255
+ permitSyncStates,
4273
5256
  agentRegistryEntries,
4274
5257
  toolCatalog,
4275
5258
  toolRegistryEntries,
4276
5259
  compatibilityShims,
4277
5260
  cutoverFlags,
4278
5261
  tenantDeploymentCredentials,
5262
+ secretSyncDriftReports,
4279
5263
  controlPlaneTenantModelSlotBindings,
4280
5264
  controlPlaneTenantProviderSecrets,
4281
5265
  controlPlaneTenantProxyGatewayUsage,
5266
+ controlPlaneTenantProxyTokenLeases,
4282
5267
  apiKeys,
4283
5268
  auditLog,
4284
5269
  tenants,
4285
- workspaces
5270
+ workspaces,
5271
+ deploymentHosts
4286
5272
  ];
4287
5273
  var TABLE_CONTRACTS_BY_COMPONENT = {
4288
5274
  kernel: KERNEL_TABLE_CONTRACTS,
4289
- identity: IDENTITY_TABLE_CONTRACTS,
5275
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4290
5276
  mc: MC_TABLE_CONTRACTS,
4291
5277
  "developer-pack": []
4292
5278
  };
4293
5279
  var ALL_TABLE_CONTRACTS = [
4294
5280
  ...KERNEL_TABLE_CONTRACTS,
4295
- ...IDENTITY_TABLE_CONTRACTS,
5281
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4296
5282
  ...MC_TABLE_CONTRACTS
4297
5283
  ];
4298
5284
  function listTableContractsByName(name) {
@@ -4304,6 +5290,6 @@ function getTableContract(name, component) {
4304
5290
  );
4305
5291
  }
4306
5292
 
4307
- export { ALL_TABLE_CONTRACTS, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
5293
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
4308
5294
  //# sourceMappingURL=manifest.js.map
4309
5295
  //# sourceMappingURL=manifest.js.map