@lucern/contracts 0.3.0-alpha.8 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/api-enums.contract.d.ts +5 -3
  3. package/dist/api-enums.contract.js +14 -12
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +14 -2
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +14 -2
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +14 -2
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/component-boundary.contract.d.ts +1 -1
  13. package/dist/component-boundary.contract.js +46 -26
  14. package/dist/component-boundary.contract.js.map +1 -1
  15. package/dist/component-host-boundary.contract.d.ts +10 -5
  16. package/dist/component-host-boundary.contract.js +10 -4
  17. package/dist/component-host-boundary.contract.js.map +1 -1
  18. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  19. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  20. package/dist/dsl.d.ts +2 -2
  21. package/dist/dsl.js.map +1 -1
  22. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
  23. package/dist/function-registry/beliefs.d.ts +23 -10
  24. package/dist/function-registry/beliefs.js +467 -36
  25. package/dist/function-registry/beliefs.js.map +1 -1
  26. package/dist/function-registry/coding.d.ts +15 -6
  27. package/dist/function-registry/coding.js +531 -22
  28. package/dist/function-registry/coding.js.map +1 -1
  29. package/dist/function-registry/context.d.ts +9 -3
  30. package/dist/function-registry/context.js +464 -21
  31. package/dist/function-registry/context.js.map +1 -1
  32. package/dist/function-registry/contracts.d.ts +9 -3
  33. package/dist/function-registry/contracts.js +464 -21
  34. package/dist/function-registry/contracts.js.map +1 -1
  35. package/dist/function-registry/coordination.d.ts +21 -9
  36. package/dist/function-registry/coordination.js +464 -21
  37. package/dist/function-registry/coordination.js.map +1 -1
  38. package/dist/function-registry/edges.d.ts +167 -2
  39. package/dist/function-registry/edges.js +661 -52
  40. package/dist/function-registry/edges.js.map +1 -1
  41. package/dist/function-registry/evidence.d.ts +19 -8
  42. package/dist/function-registry/evidence.js +473 -40
  43. package/dist/function-registry/evidence.js.map +1 -1
  44. package/dist/function-registry/graph.d.ts +33 -15
  45. package/dist/function-registry/graph.js +464 -21
  46. package/dist/function-registry/graph.js.map +1 -1
  47. package/dist/function-registry/helpers.d.ts +6 -3
  48. package/dist/function-registry/helpers.js +465 -22
  49. package/dist/function-registry/helpers.js.map +1 -1
  50. package/dist/function-registry/identity.d.ts +62 -16
  51. package/dist/function-registry/identity.js +487 -27
  52. package/dist/function-registry/identity.js.map +1 -1
  53. package/dist/function-registry/index.d.ts +4 -2
  54. package/dist/function-registry/index.js +468 -22
  55. package/dist/function-registry/index.js.map +1 -1
  56. package/dist/function-registry/judgments.d.ts +7 -2
  57. package/dist/function-registry/judgments.js +464 -21
  58. package/dist/function-registry/judgments.js.map +1 -1
  59. package/dist/function-registry/legacy.d.ts +5 -1
  60. package/dist/function-registry/legacy.js +464 -21
  61. package/dist/function-registry/legacy.js.map +1 -1
  62. package/dist/function-registry/lenses.d.ts +11 -4
  63. package/dist/function-registry/lenses.js +464 -21
  64. package/dist/function-registry/lenses.js.map +1 -1
  65. package/dist/function-registry/manifest.d.ts +4 -4
  66. package/dist/function-registry/manifest.js +16 -1
  67. package/dist/function-registry/manifest.js.map +1 -1
  68. package/dist/function-registry/nodes.d.ts +412 -0
  69. package/dist/function-registry/nodes.js +5354 -0
  70. package/dist/function-registry/nodes.js.map +1 -0
  71. package/dist/function-registry/ontologies.d.ts +25 -11
  72. package/dist/function-registry/ontologies.js +464 -21
  73. package/dist/function-registry/ontologies.js.map +1 -1
  74. package/dist/function-registry/pipeline.d.ts +9 -3
  75. package/dist/function-registry/pipeline.js +464 -21
  76. package/dist/function-registry/pipeline.js.map +1 -1
  77. package/dist/function-registry/questions.d.ts +27 -12
  78. package/dist/function-registry/questions.js +466 -26
  79. package/dist/function-registry/questions.js.map +1 -1
  80. package/dist/function-registry/tasks.d.ts +11 -4
  81. package/dist/function-registry/tasks.js +497 -30
  82. package/dist/function-registry/tasks.js.map +1 -1
  83. package/dist/function-registry/topics.d.ts +93 -5
  84. package/dist/function-registry/topics.js +534 -24
  85. package/dist/function-registry/topics.js.map +1 -1
  86. package/dist/function-registry/types.d.ts +7 -3
  87. package/dist/function-registry/worktrees.d.ts +25 -11
  88. package/dist/function-registry/worktrees.js +480 -21
  89. package/dist/function-registry/worktrees.js.map +1 -1
  90. package/dist/gateway.contract.d.ts +4 -0
  91. package/dist/gateway.contract.js.map +1 -1
  92. package/dist/generated/convexSchemas.d.ts +3 -3
  93. package/dist/generated/convexSchemas.js +37 -17
  94. package/dist/generated/convexSchemas.js.map +1 -1
  95. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  96. package/dist/generated/infisicalRuntimeEnv.js +27585 -0
  97. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  98. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  99. package/dist/generated/lucernGatewayEnv.js +38 -0
  100. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  101. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  102. package/dist/generated/lucernWebPublicEnv.js +32 -0
  103. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  104. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  105. package/dist/generated/lucernWebServerEnv.js +51 -0
  106. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  107. package/dist/generated/schema-manifest.json +1221 -114
  108. package/dist/generated/tableOwnership.d.ts +48 -28
  109. package/dist/generated/tableOwnership.js +66 -26
  110. package/dist/generated/tableOwnership.js.map +1 -1
  111. package/dist/generated/tier-expectations.json +64 -9
  112. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  113. package/dist/index.d.ts +12 -7
  114. package/dist/index.js +32892 -459
  115. package/dist/index.js.map +1 -1
  116. package/dist/infisical-runtime.contract.d.ts +1763 -6
  117. package/dist/infisical-runtime.contract.js +2994 -15
  118. package/dist/infisical-runtime.contract.js.map +1 -1
  119. package/dist/manifests/edge-policy-manifest.d.ts +1 -1
  120. package/dist/manifests/edge-policy-manifest.data.d.ts +6 -20
  121. package/dist/manifests/edge-policy-manifest.data.js +18 -26
  122. package/dist/manifests/edge-policy-manifest.data.js.map +1 -1
  123. package/dist/manifests/edge-policy-manifest.js +31 -4
  124. package/dist/manifests/edge-policy-manifest.js.map +1 -1
  125. package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
  126. package/dist/manifests/infisical-runtime-manifest.js +2847 -12
  127. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  128. package/dist/manifests/tenant-client-manifest.d.ts +19 -14
  129. package/dist/manifests/tenant-client-manifest.js +29 -12
  130. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  131. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  132. package/dist/mcp-gateway-boundary.contract.js +2 -0
  133. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  134. package/dist/permit-principal-projection.contract.d.ts +74 -0
  135. package/dist/permit-principal-projection.contract.js +167 -0
  136. package/dist/permit-principal-projection.contract.js.map +1 -0
  137. package/dist/projections/check-convex-args-shape.js +10 -6
  138. package/dist/projections/check-convex-args-shape.js.map +1 -1
  139. package/dist/projections/create-evidence.projection.d.ts +6 -6
  140. package/dist/projections/create-evidence.projection.js +2 -3
  141. package/dist/projections/create-evidence.projection.js.map +1 -1
  142. package/dist/projections/index.d.ts +3 -3
  143. package/dist/projections/index.js +10 -6
  144. package/dist/projections/index.js.map +1 -1
  145. package/dist/projections/list-tasks.projection.d.ts +20 -8
  146. package/dist/projections/list-tasks.projection.js +8 -3
  147. package/dist/projections/list-tasks.projection.js.map +1 -1
  148. package/dist/proof-attestation.json +45 -0
  149. package/dist/schemas/component-table-manifest.d.ts +6 -6
  150. package/dist/schemas/component-table-manifest.js +2 -2
  151. package/dist/schemas/component-table-manifest.js.map +1 -1
  152. package/dist/schemas/index.d.ts +2 -2
  153. package/dist/schemas/index.js +1123 -137
  154. package/dist/schemas/index.js.map +1 -1
  155. package/dist/schemas/manifest.d.ts +2102 -132
  156. package/dist/schemas/manifest.js +1121 -135
  157. package/dist/schemas/manifest.js.map +1 -1
  158. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  159. package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
  160. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  161. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  162. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  163. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  164. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  165. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  166. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  167. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  168. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  169. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  170. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  171. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  172. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  173. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  174. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  175. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  176. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  177. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  178. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  179. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  180. package/dist/schemas/tables/kernel/config.js.map +1 -1
  181. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  182. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  183. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  184. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  185. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  187. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  189. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  190. package/dist/schemas/tables/kernel/events.js +43 -0
  191. package/dist/schemas/tables/kernel/events.js.map +1 -0
  192. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  193. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  194. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  195. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  196. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  197. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  198. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  199. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  200. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  201. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  202. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  203. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  204. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  205. package/dist/schemas/tables/kernel/spine.js +1 -0
  206. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  207. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  208. package/dist/schemas/tables/kernel/task.js.map +1 -1
  209. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  210. package/dist/schemas/tables/kernel/topic.js +1 -0
  211. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  212. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  213. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  214. package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
  215. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  216. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  217. package/dist/schemas/tables/mc/identity.js +32 -1
  218. package/dist/schemas/tables/mc/identity.js.map +1 -1
  219. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  220. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  221. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  222. package/dist/schemas/tables/mc/pack.js.map +1 -1
  223. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  224. package/dist/schemas/tables/mc/policy.js +1 -1
  225. package/dist/schemas/tables/mc/policy.js.map +1 -1
  226. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  227. package/dist/schemas/tables/mc/registry.js.map +1 -1
  228. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  229. package/dist/schemas/tables/mc/runtime.js +330 -104
  230. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  231. package/dist/schemas/tables/mc/tenant.d.ts +4 -2
  232. package/dist/schemas/tables/mc/tenant.js +3 -1
  233. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  234. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  235. package/dist/schemas/tables/mc/workspace.js +34 -2
  236. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  237. package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  238. package/dist/sdk-tools.contract.d.ts +2 -2
  239. package/dist/sdk-tools.contract.js +417 -13
  240. package/dist/sdk-tools.contract.js.map +1 -1
  241. package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
  242. package/dist/tenant-bootstrap-seed.contract.js +139 -28
  243. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  244. package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
  245. package/dist/tenant-bootstrap-seed.defaults.js +31 -13
  246. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  247. package/dist/tenant-client.contract.d.ts +20 -15
  248. package/dist/tenant-client.contract.js +29 -12
  249. package/dist/tenant-client.contract.js.map +1 -1
  250. package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
  251. package/dist/tool-contracts.d.ts +1 -1
  252. package/dist/tool-contracts.js +418 -14
  253. package/dist/tool-contracts.js.map +1 -1
  254. package/package.json +22 -1
  255. package/dist/edge-policy-manifest-Byv6cQPP.d.ts +0 -132
  256. package/dist/schemas/tables/identity/agent.js.map +0 -1
  257. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  258. package/dist/schemas/tables/identity/model.js.map +0 -1
  259. package/dist/schemas/tables/identity/platform.js.map +0 -1
  260. package/dist/schemas/tables/identity/project.js.map +0 -1
  261. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -0,0 +1,658 @@
1
+ import { z } from 'zod';
2
+
3
+ // src/schemas/tables/controlPlane/accessControl.ts
4
+
5
+ // src/dsl/defineTable.ts
6
+ function defineTable(spec) {
7
+ return spec;
8
+ }
9
+
10
+ // src/schemas/tables/controlPlane/accessControl.ts
11
+ var permitActorType = z.enum([
12
+ "human",
13
+ "agent",
14
+ "service_principal",
15
+ "external_stakeholder",
16
+ "system"
17
+ ]);
18
+ var permitMembershipStatus = z.enum([
19
+ "active",
20
+ "invited",
21
+ "revoked",
22
+ "suspended",
23
+ "disabled"
24
+ ]);
25
+ var permitDecision = z.enum(["allow", "deny"]);
26
+ var permitAccessReviewStatus = z.enum([
27
+ "open",
28
+ "in_progress",
29
+ "approved",
30
+ "denied",
31
+ "expired",
32
+ "cancelled"
33
+ ]);
34
+ var permitReviewScope = z.enum([
35
+ "tenant",
36
+ "workspace",
37
+ "resource_instance",
38
+ "group",
39
+ "principal",
40
+ "api_key",
41
+ "admin_action"
42
+ ]);
43
+ var permitRecordStatus = z.enum([
44
+ "queued",
45
+ "inflight",
46
+ "completed",
47
+ "failed",
48
+ "skipped",
49
+ "stale"
50
+ ]);
51
+ var permitObjectType = z.enum([
52
+ "resource",
53
+ "role",
54
+ "resource_role",
55
+ "resource_relation",
56
+ "tenant",
57
+ "workspace",
58
+ "principal",
59
+ "membership",
60
+ "group",
61
+ "resource_instance",
62
+ "relationship_tuple",
63
+ "role_assignment",
64
+ "attribute_binding",
65
+ "policy_bundle"
66
+ ]);
67
+ var permitOutboxOperation = z.enum([
68
+ "upsert",
69
+ "delete",
70
+ "sync",
71
+ "resync",
72
+ "delete_sync",
73
+ "noop"
74
+ ]);
75
+ var permitPolicyBundleStatus = z.enum([
76
+ "draft",
77
+ "validated",
78
+ "enforced",
79
+ "archived"
80
+ ]);
81
+ var permitSyncStatus = z.enum([
82
+ "pending",
83
+ "synced",
84
+ "error",
85
+ "skipped"
86
+ ]);
87
+ var permitAccessReviewSubjectType = z.enum([
88
+ "principal",
89
+ "group",
90
+ "role_assignment",
91
+ "resource_instance"
92
+ ]);
93
+ var permitAttributeType = z.enum([
94
+ "string",
95
+ "number",
96
+ "bool",
97
+ "json",
98
+ "time"
99
+ ]);
100
+ var permitAttributeOperator = z.enum([
101
+ "eq",
102
+ "neq",
103
+ "in",
104
+ "not_in",
105
+ "gt",
106
+ "gte",
107
+ "lt",
108
+ "lte",
109
+ "contains",
110
+ "not_contains",
111
+ "matches"
112
+ ]);
113
+ var permitRoleBindingTarget = z.enum([
114
+ "principal",
115
+ "group"
116
+ ]);
117
+ var permitPrincipals = defineTable({
118
+ name: "permitPrincipals",
119
+ component: "control-plane",
120
+ category: "access-control",
121
+ shape: z.object({
122
+ principalId: z.string(),
123
+ tenantId: z.string(),
124
+ workspaceId: z.optional(z.string()),
125
+ principalType: permitActorType,
126
+ status: permitMembershipStatus,
127
+ displayName: z.string().optional(),
128
+ metadata: z.record(z.any()).optional(),
129
+ createdBy: z.string(),
130
+ createdAt: z.number(),
131
+ updatedAt: z.number(),
132
+ updatedBy: z.string().optional(),
133
+ lastSeenAt: z.number().optional()
134
+ }),
135
+ indices: [
136
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
137
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
138
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
139
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
140
+ {
141
+ kind: "index",
142
+ name: "by_tenant_principalType_status",
143
+ columns: ["tenantId", "principalType", "status"]
144
+ }
145
+ ]
146
+ });
147
+ var permitPrincipalAliases = defineTable({
148
+ name: "permitPrincipalAliases",
149
+ component: "control-plane",
150
+ category: "access-control",
151
+ shape: z.object({
152
+ principalId: z.string(),
153
+ tenantId: z.string(),
154
+ workspaceId: z.optional(z.string()),
155
+ provider: z.string(),
156
+ providerSubjectId: z.string(),
157
+ providerProjectId: z.string().optional(),
158
+ alias: z.string(),
159
+ aliasKind: z.string(),
160
+ status: permitMembershipStatus,
161
+ metadata: z.record(z.any()).optional(),
162
+ createdBy: z.string(),
163
+ createdAt: z.number(),
164
+ updatedAt: z.number(),
165
+ revokedBy: z.string().optional(),
166
+ revokedAt: z.number().optional(),
167
+ updatedBy: z.string().optional()
168
+ }),
169
+ indices: [
170
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
171
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
172
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
173
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
174
+ { kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
175
+ {
176
+ kind: "index",
177
+ name: "by_tenant_provider_alias",
178
+ columns: ["tenantId", "provider", "alias"]
179
+ },
180
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
181
+ {
182
+ kind: "index",
183
+ name: "by_tenant_provider_status",
184
+ columns: ["tenantId", "provider", "status"]
185
+ }
186
+ ]
187
+ });
188
+ var permitGroups = defineTable({
189
+ name: "permitGroups",
190
+ component: "control-plane",
191
+ category: "access-control",
192
+ shape: z.object({
193
+ tenantId: z.string(),
194
+ workspaceId: z.optional(z.string()),
195
+ groupId: z.string(),
196
+ groupKey: z.string(),
197
+ groupName: z.string(),
198
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
199
+ status: permitMembershipStatus,
200
+ description: z.string().optional(),
201
+ metadata: z.record(z.any()).optional(),
202
+ createdBy: z.string(),
203
+ createdAt: z.number(),
204
+ updatedAt: z.number(),
205
+ updatedBy: z.string().optional()
206
+ }),
207
+ indices: [
208
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
209
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
210
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
211
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
212
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
213
+ ]
214
+ });
215
+ var permitGroupMemberships = defineTable({
216
+ name: "permitGroupMemberships",
217
+ component: "control-plane",
218
+ category: "access-control",
219
+ shape: z.object({
220
+ tenantId: z.string(),
221
+ workspaceId: z.optional(z.string()),
222
+ groupId: z.string(),
223
+ memberType: z.enum(["principal", "group"]),
224
+ memberId: z.string(),
225
+ principalId: z.string().optional(),
226
+ childGroupId: z.string().optional(),
227
+ status: permitMembershipStatus,
228
+ addedBy: z.string().optional(),
229
+ revokedBy: z.string().optional(),
230
+ expiresAt: z.number().optional(),
231
+ revocationReason: z.string().optional(),
232
+ metadata: z.record(z.any()).optional(),
233
+ createdAt: z.number(),
234
+ updatedAt: z.number(),
235
+ updatedBy: z.string().optional()
236
+ }),
237
+ indices: [
238
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
239
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
240
+ {
241
+ kind: "index",
242
+ name: "by_tenant_member_group",
243
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
244
+ },
245
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
246
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
247
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
248
+ {
249
+ kind: "index",
250
+ name: "by_workspace_principal",
251
+ columns: ["workspaceId", "principalId"]
252
+ }
253
+ ]
254
+ });
255
+ var permitResourceInstances = defineTable({
256
+ name: "permitResourceInstances",
257
+ component: "control-plane",
258
+ category: "access-control",
259
+ shape: z.object({
260
+ tenantId: z.string(),
261
+ workspaceId: z.optional(z.string()),
262
+ resourceType: z.string(),
263
+ resourceKey: z.string(),
264
+ resourceId: z.string(),
265
+ status: z.enum(["active", "deleted", "archived"]),
266
+ attributes: z.record(z.any()).optional(),
267
+ ownerPrincipalId: z.string().optional(),
268
+ metadata: z.record(z.any()).optional(),
269
+ createdBy: z.string(),
270
+ updatedBy: z.string().optional(),
271
+ createdAt: z.number(),
272
+ updatedAt: z.number()
273
+ }),
274
+ indices: [
275
+ {
276
+ kind: "index",
277
+ name: "by_tenant_resource_type",
278
+ columns: ["tenantId", "resourceType"]
279
+ },
280
+ {
281
+ kind: "index",
282
+ name: "by_tenant_resource_key",
283
+ columns: ["tenantId", "resourceType", "resourceKey"]
284
+ },
285
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
286
+ { kind: "index", name: "by_status", columns: ["status"] },
287
+ {
288
+ kind: "index",
289
+ name: "by_tenant_status",
290
+ columns: ["tenantId", "status"]
291
+ },
292
+ {
293
+ kind: "index",
294
+ name: "by_ownerPrincipalId",
295
+ columns: ["ownerPrincipalId"]
296
+ }
297
+ ]
298
+ });
299
+ var permitRoleAssignments = defineTable({
300
+ name: "permitRoleAssignments",
301
+ component: "control-plane",
302
+ category: "access-control",
303
+ shape: z.object({
304
+ tenantId: z.string(),
305
+ workspaceId: z.optional(z.string()),
306
+ role: z.string(),
307
+ targetType: permitRoleBindingTarget,
308
+ targetId: z.string(),
309
+ resourceType: z.string(),
310
+ resourceKey: z.string(),
311
+ resourceInstanceId: z.string().optional(),
312
+ status: permitMembershipStatus,
313
+ expiresAt: z.number().optional(),
314
+ attributes: z.record(z.any()).optional(),
315
+ grantedBy: z.string().optional(),
316
+ updatedBy: z.string().optional(),
317
+ revokedBy: z.string().optional(),
318
+ createdAt: z.number(),
319
+ updatedAt: z.number()
320
+ }),
321
+ indices: [
322
+ {
323
+ kind: "index",
324
+ name: "by_tenant_target",
325
+ columns: ["tenantId", "targetType", "targetId"]
326
+ },
327
+ {
328
+ kind: "index",
329
+ name: "by_tenant_resource",
330
+ columns: ["tenantId", "resourceType", "resourceKey"]
331
+ },
332
+ {
333
+ kind: "index",
334
+ name: "by_tenant_role",
335
+ columns: ["tenantId", "role", "status"]
336
+ },
337
+ { kind: "index", name: "by_status", columns: ["status"] },
338
+ {
339
+ kind: "index",
340
+ name: "by_workspace_resource",
341
+ columns: ["workspaceId", "resourceType", "resourceKey"]
342
+ }
343
+ ]
344
+ });
345
+ var permitRelationshipTuples = defineTable({
346
+ name: "permitRelationshipTuples",
347
+ component: "control-plane",
348
+ category: "access-control",
349
+ shape: z.object({
350
+ tenantId: z.string(),
351
+ workspaceId: z.optional(z.string()),
352
+ relation: z.string(),
353
+ subject: z.string(),
354
+ object: z.string(),
355
+ resourceType: z.string().optional(),
356
+ resourceKey: z.string().optional(),
357
+ status: permitRecordStatus,
358
+ attributes: z.record(z.any()).optional(),
359
+ createdBy: z.string(),
360
+ createdAt: z.number(),
361
+ updatedAt: z.number(),
362
+ lastSeenAt: z.number().optional(),
363
+ updatedBy: z.string().optional()
364
+ }),
365
+ indices: [
366
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
367
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
368
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
369
+ {
370
+ kind: "index",
371
+ name: "by_tenant_relation_subject",
372
+ columns: ["tenantId", "relation", "subject"]
373
+ },
374
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
375
+ ]
376
+ });
377
+ var permitAttributeBindings = defineTable({
378
+ name: "permitAttributeBindings",
379
+ component: "control-plane",
380
+ category: "access-control",
381
+ shape: z.object({
382
+ tenantId: z.string(),
383
+ workspaceId: z.optional(z.string()),
384
+ targetType: permitRoleBindingTarget,
385
+ targetId: z.string(),
386
+ attributeName: z.string(),
387
+ attributeType: permitAttributeType,
388
+ attributeOperator: permitAttributeOperator,
389
+ attributeValue: z.any(),
390
+ status: permitRecordStatus,
391
+ source: z.string().optional(),
392
+ sourceRef: z.string().optional(),
393
+ metadata: z.record(z.any()).optional(),
394
+ createdAt: z.number(),
395
+ updatedAt: z.number(),
396
+ createdBy: z.string(),
397
+ updatedBy: z.string().optional(),
398
+ expiresAt: z.number().optional()
399
+ }),
400
+ indices: [
401
+ {
402
+ kind: "index",
403
+ name: "by_tenant_target",
404
+ columns: ["tenantId", "targetType", "targetId"]
405
+ },
406
+ {
407
+ kind: "index",
408
+ name: "by_tenant_target_attribute",
409
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
410
+ },
411
+ {
412
+ kind: "index",
413
+ name: "by_tenant_name",
414
+ columns: ["tenantId", "attributeName"]
415
+ },
416
+ {
417
+ kind: "index",
418
+ name: "by_tenant_status",
419
+ columns: ["tenantId", "status"]
420
+ }
421
+ ]
422
+ });
423
+ var permitPolicyBundles = defineTable({
424
+ name: "permitPolicyBundles",
425
+ component: "control-plane",
426
+ category: "access-control",
427
+ shape: z.object({
428
+ tenantId: z.string(),
429
+ workspaceId: z.optional(z.string()),
430
+ bundleKey: z.string(),
431
+ version: z.number(),
432
+ status: permitPolicyBundleStatus,
433
+ policyHash: z.string().optional(),
434
+ policyPayload: z.record(z.any()),
435
+ metadata: z.record(z.any()).optional(),
436
+ createdBy: z.string(),
437
+ reviewedBy: z.string().optional(),
438
+ createdAt: z.number(),
439
+ updatedAt: z.number(),
440
+ retiredAt: z.number().optional()
441
+ }),
442
+ indices: [
443
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
444
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
445
+ {
446
+ kind: "index",
447
+ name: "by_tenant_bundleKey",
448
+ columns: ["tenantId", "bundleKey"]
449
+ },
450
+ {
451
+ kind: "index",
452
+ name: "by_tenant_bundle_version",
453
+ columns: ["tenantId", "bundleKey", "version"]
454
+ },
455
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
456
+ ]
457
+ });
458
+ var permitProjectionOutbox = defineTable({
459
+ name: "permitProjectionOutbox",
460
+ component: "control-plane",
461
+ category: "access-control",
462
+ shape: z.object({
463
+ syncKey: z.string(),
464
+ objectType: permitObjectType,
465
+ objectId: z.string(),
466
+ operation: permitOutboxOperation,
467
+ payload: z.record(z.any()),
468
+ status: permitRecordStatus,
469
+ attemptCount: z.number(),
470
+ nextAttemptAt: z.number().optional(),
471
+ lastError: z.string().optional(),
472
+ tenantId: z.string().optional(),
473
+ workspaceId: z.optional(z.string()),
474
+ principalId: z.string().optional(),
475
+ permitTenantKey: z.string().optional(),
476
+ permitResourceType: z.string().optional(),
477
+ permitResourceKey: z.string().optional(),
478
+ createdAt: z.number(),
479
+ updatedAt: z.number(),
480
+ lastHandledAt: z.number().optional()
481
+ }),
482
+ indices: [
483
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
484
+ { kind: "index", name: "by_status", columns: ["status"] },
485
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
486
+ {
487
+ kind: "index",
488
+ name: "by_tenant_status",
489
+ columns: ["tenantId", "status"]
490
+ },
491
+ {
492
+ kind: "index",
493
+ name: "by_objectType",
494
+ columns: ["objectType", "status"]
495
+ }
496
+ ]
497
+ });
498
+ var tenantPermitSyncStates = defineTable({
499
+ name: "tenantPermitSyncStates",
500
+ component: "control-plane",
501
+ category: "access-control",
502
+ shape: z.object({
503
+ syncKey: z.string(),
504
+ objectType: permitObjectType,
505
+ objectId: z.string(),
506
+ tenantId: z.string().optional(),
507
+ workspaceId: z.string().optional(),
508
+ principalId: z.string().optional(),
509
+ permitTenantKey: z.string().optional(),
510
+ permitResourceType: z.string().optional(),
511
+ permitResourceKey: z.string().optional(),
512
+ desiredPayload: z.record(z.any()),
513
+ lastAppliedPayloadHash: z.string().optional(),
514
+ status: permitSyncStatus,
515
+ attemptCount: z.number(),
516
+ lastError: z.string().optional(),
517
+ nextAttemptAt: z.number().optional(),
518
+ lastSyncedAt: z.number().optional(),
519
+ createdBy: z.string(),
520
+ updatedBy: z.string().optional(),
521
+ createdAt: z.number(),
522
+ updatedAt: z.number()
523
+ }),
524
+ indices: [
525
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
526
+ { kind: "index", name: "by_status", columns: ["status"] },
527
+ {
528
+ kind: "index",
529
+ name: "by_tenant_status",
530
+ columns: ["tenantId", "status"]
531
+ },
532
+ {
533
+ kind: "index",
534
+ name: "by_workspace_status",
535
+ columns: ["workspaceId", "status"]
536
+ },
537
+ {
538
+ kind: "index",
539
+ name: "by_principal_status",
540
+ columns: ["principalId", "status"]
541
+ }
542
+ ]
543
+ });
544
+ var permitPolicyDecisionReceipts = defineTable({
545
+ name: "permitPolicyDecisionReceipts",
546
+ component: "control-plane",
547
+ category: "access-control",
548
+ shape: z.object({
549
+ tenantId: z.string().optional(),
550
+ workspaceId: z.string().optional(),
551
+ principalId: z.string(),
552
+ subjectType: permitAccessReviewSubjectType.optional(),
553
+ subjectId: z.string().optional(),
554
+ resourceType: z.string(),
555
+ resourceId: z.string(),
556
+ action: z.string(),
557
+ decision: permitDecision,
558
+ reasonCode: z.string(),
559
+ policyBundleId: z.string().optional(),
560
+ policyVersion: z.string(),
561
+ traceId: z.string().optional(),
562
+ requestId: z.string().optional(),
563
+ audienceMode: z.string().optional(),
564
+ audienceKey: z.string().optional(),
565
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
566
+ metadata: z.record(z.any()).optional(),
567
+ createdAt: z.number(),
568
+ expiresAt: z.number().optional(),
569
+ createdBy: z.string().optional()
570
+ }),
571
+ indices: [
572
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
573
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
574
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
575
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
576
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
577
+ { kind: "index", name: "by_action", columns: ["action"] }
578
+ ]
579
+ });
580
+ var permitAccessReviews = defineTable({
581
+ name: "permitAccessReviews",
582
+ component: "control-plane",
583
+ category: "access-control",
584
+ shape: z.object({
585
+ tenantId: z.string(),
586
+ workspaceId: z.optional(z.string()),
587
+ reviewKey: z.string(),
588
+ scope: permitReviewScope,
589
+ status: permitAccessReviewStatus,
590
+ subjectType: permitAccessReviewSubjectType,
591
+ subjectId: z.string(),
592
+ resourceType: z.string().optional(),
593
+ resourceKey: z.string().optional(),
594
+ outcome: z.enum(["allow", "deny"]).optional(),
595
+ requestedBy: z.string(),
596
+ reviewedBy: z.string().optional(),
597
+ requestedAt: z.number(),
598
+ reviewedAt: z.number().optional(),
599
+ dueAt: z.number().optional(),
600
+ justification: z.string().optional(),
601
+ rationale: z.string().optional(),
602
+ policyBundleId: z.string().optional(),
603
+ metadata: z.record(z.any()).optional(),
604
+ createdAt: z.number(),
605
+ updatedAt: z.number()
606
+ }),
607
+ indices: [
608
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
609
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
610
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
611
+ {
612
+ kind: "index",
613
+ name: "by_tenant_subject",
614
+ columns: ["tenantId", "subjectType", "subjectId"]
615
+ },
616
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
617
+ {
618
+ kind: "index",
619
+ name: "by_workspace_status",
620
+ columns: ["workspaceId", "status"]
621
+ }
622
+ ]
623
+ });
624
+ var permitAccessReviewItems = defineTable({
625
+ name: "permitAccessReviewItems",
626
+ component: "control-plane",
627
+ category: "access-control",
628
+ shape: z.object({
629
+ reviewKey: z.string(),
630
+ itemKey: z.string(),
631
+ tenantId: z.string(),
632
+ workspaceId: z.string().optional(),
633
+ subjectType: permitAccessReviewSubjectType,
634
+ subjectId: z.string(),
635
+ resourceType: z.string().optional(),
636
+ resourceKey: z.string().optional(),
637
+ role: z.string().optional(),
638
+ relation: z.string().optional(),
639
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
640
+ reviewerId: z.string().optional(),
641
+ decisionAt: z.number().optional(),
642
+ rationale: z.string().optional(),
643
+ metadata: z.record(z.any()).optional(),
644
+ createdAt: z.number(),
645
+ updatedAt: z.number()
646
+ }),
647
+ indices: [
648
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
649
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
650
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
651
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
652
+ { kind: "index", name: "by_status", columns: ["status"] }
653
+ ]
654
+ });
655
+
656
+ export { permitAccessReviewItems, permitAccessReviews, permitAttributeBindings, permitGroupMemberships, permitGroups, permitPolicyBundles, permitPolicyDecisionReceipts, permitPrincipalAliases, permitPrincipals, permitProjectionOutbox, permitRelationshipTuples, permitResourceInstances, permitRoleAssignments, tenantPermitSyncStates };
657
+ //# sourceMappingURL=accessControl.js.map
658
+ //# sourceMappingURL=accessControl.js.map