@lucern/contracts 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (253) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/api-enums.contract.d.ts +5 -3
  3. package/dist/api-enums.contract.js +14 -12
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +14 -2
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +14 -2
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +14 -2
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/component-boundary.contract.d.ts +1 -1
  13. package/dist/component-boundary.contract.js +46 -26
  14. package/dist/component-boundary.contract.js.map +1 -1
  15. package/dist/component-host-boundary.contract.d.ts +10 -5
  16. package/dist/component-host-boundary.contract.js +10 -4
  17. package/dist/component-host-boundary.contract.js.map +1 -1
  18. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  19. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  20. package/dist/dsl.d.ts +2 -2
  21. package/dist/dsl.js.map +1 -1
  22. package/dist/function-registry/beliefs.d.ts +23 -10
  23. package/dist/function-registry/beliefs.js +467 -36
  24. package/dist/function-registry/beliefs.js.map +1 -1
  25. package/dist/function-registry/coding.d.ts +15 -6
  26. package/dist/function-registry/coding.js +531 -22
  27. package/dist/function-registry/coding.js.map +1 -1
  28. package/dist/function-registry/context.d.ts +9 -3
  29. package/dist/function-registry/context.js +464 -21
  30. package/dist/function-registry/context.js.map +1 -1
  31. package/dist/function-registry/contracts.d.ts +9 -3
  32. package/dist/function-registry/contracts.js +464 -21
  33. package/dist/function-registry/contracts.js.map +1 -1
  34. package/dist/function-registry/coordination.d.ts +21 -9
  35. package/dist/function-registry/coordination.js +464 -21
  36. package/dist/function-registry/coordination.js.map +1 -1
  37. package/dist/function-registry/edges.d.ts +167 -2
  38. package/dist/function-registry/edges.js +619 -28
  39. package/dist/function-registry/edges.js.map +1 -1
  40. package/dist/function-registry/evidence.d.ts +19 -8
  41. package/dist/function-registry/evidence.js +469 -36
  42. package/dist/function-registry/evidence.js.map +1 -1
  43. package/dist/function-registry/graph.d.ts +33 -15
  44. package/dist/function-registry/graph.js +464 -21
  45. package/dist/function-registry/graph.js.map +1 -1
  46. package/dist/function-registry/helpers.d.ts +6 -3
  47. package/dist/function-registry/helpers.js +465 -22
  48. package/dist/function-registry/helpers.js.map +1 -1
  49. package/dist/function-registry/identity.d.ts +62 -16
  50. package/dist/function-registry/identity.js +487 -27
  51. package/dist/function-registry/identity.js.map +1 -1
  52. package/dist/function-registry/index.d.ts +4 -2
  53. package/dist/function-registry/index.js +468 -22
  54. package/dist/function-registry/index.js.map +1 -1
  55. package/dist/function-registry/judgments.d.ts +7 -2
  56. package/dist/function-registry/judgments.js +464 -21
  57. package/dist/function-registry/judgments.js.map +1 -1
  58. package/dist/function-registry/legacy.d.ts +5 -1
  59. package/dist/function-registry/legacy.js +464 -21
  60. package/dist/function-registry/legacy.js.map +1 -1
  61. package/dist/function-registry/lenses.d.ts +11 -4
  62. package/dist/function-registry/lenses.js +464 -21
  63. package/dist/function-registry/lenses.js.map +1 -1
  64. package/dist/function-registry/manifest.d.ts +4 -4
  65. package/dist/function-registry/manifest.js +16 -1
  66. package/dist/function-registry/manifest.js.map +1 -1
  67. package/dist/function-registry/nodes.d.ts +412 -0
  68. package/dist/function-registry/nodes.js +5354 -0
  69. package/dist/function-registry/nodes.js.map +1 -0
  70. package/dist/function-registry/ontologies.d.ts +25 -11
  71. package/dist/function-registry/ontologies.js +464 -21
  72. package/dist/function-registry/ontologies.js.map +1 -1
  73. package/dist/function-registry/pipeline.d.ts +9 -3
  74. package/dist/function-registry/pipeline.js +464 -21
  75. package/dist/function-registry/pipeline.js.map +1 -1
  76. package/dist/function-registry/questions.d.ts +27 -12
  77. package/dist/function-registry/questions.js +466 -26
  78. package/dist/function-registry/questions.js.map +1 -1
  79. package/dist/function-registry/tasks.d.ts +11 -4
  80. package/dist/function-registry/tasks.js +497 -30
  81. package/dist/function-registry/tasks.js.map +1 -1
  82. package/dist/function-registry/topics.d.ts +93 -5
  83. package/dist/function-registry/topics.js +534 -24
  84. package/dist/function-registry/topics.js.map +1 -1
  85. package/dist/function-registry/types.d.ts +7 -3
  86. package/dist/function-registry/worktrees.d.ts +25 -11
  87. package/dist/function-registry/worktrees.js +480 -21
  88. package/dist/function-registry/worktrees.js.map +1 -1
  89. package/dist/gateway.contract.d.ts +4 -0
  90. package/dist/gateway.contract.js.map +1 -1
  91. package/dist/generated/convexSchemas.d.ts +3 -3
  92. package/dist/generated/convexSchemas.js +37 -17
  93. package/dist/generated/convexSchemas.js.map +1 -1
  94. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  95. package/dist/generated/infisicalRuntimeEnv.js +27585 -0
  96. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  97. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  98. package/dist/generated/lucernGatewayEnv.js +38 -0
  99. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  100. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  101. package/dist/generated/lucernWebPublicEnv.js +32 -0
  102. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  103. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  104. package/dist/generated/lucernWebServerEnv.js +51 -0
  105. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  106. package/dist/generated/schema-manifest.json +1221 -114
  107. package/dist/generated/tableOwnership.d.ts +48 -28
  108. package/dist/generated/tableOwnership.js +66 -26
  109. package/dist/generated/tableOwnership.js.map +1 -1
  110. package/dist/generated/tier-expectations.json +64 -9
  111. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  112. package/dist/index.d.ts +11 -6
  113. package/dist/index.js +32838 -413
  114. package/dist/index.js.map +1 -1
  115. package/dist/infisical-runtime.contract.d.ts +1763 -6
  116. package/dist/infisical-runtime.contract.js +2994 -15
  117. package/dist/infisical-runtime.contract.js.map +1 -1
  118. package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
  119. package/dist/manifests/infisical-runtime-manifest.js +2847 -12
  120. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  121. package/dist/manifests/tenant-client-manifest.d.ts +19 -14
  122. package/dist/manifests/tenant-client-manifest.js +29 -12
  123. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  124. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  125. package/dist/mcp-gateway-boundary.contract.js +2 -0
  126. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  127. package/dist/permit-principal-projection.contract.d.ts +74 -0
  128. package/dist/permit-principal-projection.contract.js +167 -0
  129. package/dist/permit-principal-projection.contract.js.map +1 -0
  130. package/dist/projections/check-convex-args-shape.js +10 -6
  131. package/dist/projections/check-convex-args-shape.js.map +1 -1
  132. package/dist/projections/create-evidence.projection.d.ts +6 -6
  133. package/dist/projections/create-evidence.projection.js +2 -3
  134. package/dist/projections/create-evidence.projection.js.map +1 -1
  135. package/dist/projections/index.d.ts +3 -3
  136. package/dist/projections/index.js +10 -6
  137. package/dist/projections/index.js.map +1 -1
  138. package/dist/projections/list-tasks.projection.d.ts +20 -8
  139. package/dist/projections/list-tasks.projection.js +8 -3
  140. package/dist/projections/list-tasks.projection.js.map +1 -1
  141. package/dist/proof-attestation.json +45 -0
  142. package/dist/schemas/component-table-manifest.d.ts +6 -6
  143. package/dist/schemas/component-table-manifest.js +2 -2
  144. package/dist/schemas/component-table-manifest.js.map +1 -1
  145. package/dist/schemas/index.d.ts +2 -2
  146. package/dist/schemas/index.js +1123 -137
  147. package/dist/schemas/index.js.map +1 -1
  148. package/dist/schemas/manifest.d.ts +2102 -132
  149. package/dist/schemas/manifest.js +1121 -135
  150. package/dist/schemas/manifest.js.map +1 -1
  151. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  152. package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
  153. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  154. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  155. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  156. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  157. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  158. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  159. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  160. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  161. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  162. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  163. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  164. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  165. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  166. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  167. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  168. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  169. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  170. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  171. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  172. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  173. package/dist/schemas/tables/kernel/config.js.map +1 -1
  174. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  176. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  177. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  178. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  179. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  180. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  181. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  182. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  183. package/dist/schemas/tables/kernel/events.js +43 -0
  184. package/dist/schemas/tables/kernel/events.js.map +1 -0
  185. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  187. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  189. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  190. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  191. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  192. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  193. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  194. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  195. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  196. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  197. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  198. package/dist/schemas/tables/kernel/spine.js +1 -0
  199. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  200. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  201. package/dist/schemas/tables/kernel/task.js.map +1 -1
  202. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  203. package/dist/schemas/tables/kernel/topic.js +1 -0
  204. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  205. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  206. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  207. package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
  208. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  209. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  210. package/dist/schemas/tables/mc/identity.js +32 -1
  211. package/dist/schemas/tables/mc/identity.js.map +1 -1
  212. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  213. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  214. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  215. package/dist/schemas/tables/mc/pack.js.map +1 -1
  216. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  217. package/dist/schemas/tables/mc/policy.js +1 -1
  218. package/dist/schemas/tables/mc/policy.js.map +1 -1
  219. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  220. package/dist/schemas/tables/mc/registry.js.map +1 -1
  221. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  222. package/dist/schemas/tables/mc/runtime.js +330 -104
  223. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  224. package/dist/schemas/tables/mc/tenant.d.ts +4 -2
  225. package/dist/schemas/tables/mc/tenant.js +3 -1
  226. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  227. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  228. package/dist/schemas/tables/mc/workspace.js +34 -2
  229. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  230. package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  231. package/dist/sdk-tools.contract.d.ts +2 -2
  232. package/dist/sdk-tools.contract.js +417 -13
  233. package/dist/sdk-tools.contract.js.map +1 -1
  234. package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
  235. package/dist/tenant-bootstrap-seed.contract.js +139 -28
  236. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  237. package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
  238. package/dist/tenant-bootstrap-seed.defaults.js +31 -13
  239. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  240. package/dist/tenant-client.contract.d.ts +20 -15
  241. package/dist/tenant-client.contract.js +29 -12
  242. package/dist/tenant-client.contract.js.map +1 -1
  243. package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
  244. package/dist/tool-contracts.d.ts +1 -1
  245. package/dist/tool-contracts.js +418 -14
  246. package/dist/tool-contracts.js.map +1 -1
  247. package/package.json +22 -1
  248. package/dist/schemas/tables/identity/agent.js.map +0 -1
  249. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  250. package/dist/schemas/tables/identity/model.js.map +0 -1
  251. package/dist/schemas/tables/identity/platform.js.map +0 -1
  252. package/dist/schemas/tables/identity/project.js.map +0 -1
  253. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -13,16 +13,20 @@ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
13
13
  kernel: {
14
14
  componentName: "lucern",
15
15
  migrationModule: "adapters/migration",
16
+ templateMigrationModule: "dist/adapters/migration",
17
+ tenantMigrationModule: "adapters/migration",
16
18
  templateService: "services/kernel-template",
17
19
  templateDeployments: {
18
20
  staging: "kindly-goldfish-162",
19
21
  prod: "cool-badger-368"
20
22
  }
21
23
  },
22
- identity: {
23
- componentName: "identity",
24
+ "control-plane": {
25
+ componentName: "controlPlane",
24
26
  migrationModule: "migration",
25
- templateService: "services/identity-template",
27
+ templateMigrationModule: "dist/migration",
28
+ tenantMigrationModule: "migration",
29
+ templateService: "services/control-plane-template",
26
30
  templateDeployments: {
27
31
  staging: "industrious-cheetah-864",
28
32
  prod: "combative-beagle-879"
@@ -182,6 +186,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
182
186
  copyMode: "none",
183
187
  description: "Deliberation sessions are created by tenant workflows."
184
188
  },
189
+ {
190
+ component: "kernel",
191
+ table: "domainEvents",
192
+ prepopulation: "runtime_log",
193
+ copyMode: "none",
194
+ description: "Domain event rows are append-only runtime audit/exhaust data."
195
+ },
185
196
  {
186
197
  component: "kernel",
187
198
  table: "epistemicAudit",
@@ -431,14 +442,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
431
442
  description: "Worktrees are tenant/runtime planning data."
432
443
  },
433
444
  {
434
- component: "identity",
445
+ component: "control-plane",
435
446
  table: "agents",
436
447
  prepopulation: "runtime_bootstrap",
437
448
  copyMode: "none",
438
449
  description: "Service agents are provisioned per tenant or service, not copied."
439
450
  },
440
451
  {
441
- component: "identity",
452
+ component: "control-plane",
442
453
  table: "mcpWritePolicy",
443
454
  prepopulation: "required_template",
444
455
  copyMode: "template_global",
@@ -447,14 +458,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
447
458
  description: "Global write policy defaults govern service and interactive MCP writes."
448
459
  },
449
460
  {
450
- component: "identity",
461
+ component: "control-plane",
451
462
  table: "modelCallLogs",
452
463
  prepopulation: "runtime_log",
453
464
  copyMode: "none",
454
465
  description: "Model call logs are runtime telemetry."
455
466
  },
456
467
  {
457
- component: "identity",
468
+ component: "control-plane",
458
469
  table: "modelFunctionSlots",
459
470
  prepopulation: "required_template",
460
471
  copyMode: "template_global",
@@ -463,7 +474,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
463
474
  description: "Function-to-model slots are required by model runtime resolution."
464
475
  },
465
476
  {
466
- component: "identity",
477
+ component: "control-plane",
467
478
  table: "modelRegistry",
468
479
  prepopulation: "required_template",
469
480
  copyMode: "template_global",
@@ -472,7 +483,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
472
483
  description: "Model catalog defaults are required by model runtime clients."
473
484
  },
474
485
  {
475
- component: "identity",
486
+ component: "control-plane",
476
487
  table: "modelSlotConfigs",
477
488
  prepopulation: "required_template",
478
489
  copyMode: "template_global",
@@ -481,14 +492,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
481
492
  description: "Slot-level defaults are required before tenant overrides exist."
482
493
  },
483
494
  {
484
- component: "identity",
495
+ component: "control-plane",
496
+ table: "permitAccessReviewItems",
497
+ prepopulation: "runtime_data",
498
+ copyMode: "none",
499
+ description: "Permit access-review item rows are tenant review data projected from Permit."
500
+ },
501
+ {
502
+ component: "control-plane",
503
+ table: "permitAccessReviews",
504
+ prepopulation: "runtime_data",
505
+ copyMode: "none",
506
+ description: "Permit access-review campaigns are tenant review data projected from Permit."
507
+ },
508
+ {
509
+ component: "control-plane",
510
+ table: "permitAttributeBindings",
511
+ prepopulation: "runtime_data",
512
+ copyMode: "none",
513
+ description: "Permit ABAC attribute bindings are tenant policy projection rows."
514
+ },
515
+ {
516
+ component: "control-plane",
517
+ table: "permitGroups",
518
+ prepopulation: "runtime_data",
519
+ copyMode: "none",
520
+ description: "Permit groups are tenant-defined policy subjects, not template data."
521
+ },
522
+ {
523
+ component: "control-plane",
524
+ table: "permitGroupMemberships",
525
+ prepopulation: "runtime_data",
526
+ copyMode: "none",
527
+ description: "Permit group memberships are tenant-specific policy projection rows."
528
+ },
529
+ {
530
+ component: "control-plane",
531
+ table: "permitPolicyBundles",
532
+ prepopulation: "runtime_derived",
533
+ copyMode: "none",
534
+ description: "Permit policy bundles are derived from the Permit control plane."
535
+ },
536
+ {
537
+ component: "control-plane",
538
+ table: "permitPolicyDecisionReceipts",
539
+ prepopulation: "runtime_log",
540
+ copyMode: "none",
541
+ description: "Permit decision receipts are runtime authorization audit logs."
542
+ },
543
+ {
544
+ component: "control-plane",
545
+ table: "permitPrincipalAliases",
546
+ prepopulation: "runtime_data",
547
+ copyMode: "none",
548
+ description: "Permit principal aliases are tenant-specific identity projection rows."
549
+ },
550
+ {
551
+ component: "control-plane",
552
+ table: "permitPrincipals",
553
+ prepopulation: "runtime_data",
554
+ copyMode: "none",
555
+ description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
556
+ },
557
+ {
558
+ component: "control-plane",
559
+ table: "permitProjectionOutbox",
560
+ prepopulation: "runtime_queue",
561
+ copyMode: "none",
562
+ description: "Permit projection outbox rows are runtime sync queue data."
563
+ },
564
+ {
565
+ component: "control-plane",
566
+ table: "permitRelationshipTuples",
567
+ prepopulation: "runtime_data",
568
+ copyMode: "none",
569
+ description: "Permit ReBAC relationship tuples are tenant policy projection rows."
570
+ },
571
+ {
572
+ component: "control-plane",
573
+ table: "permitResourceInstances",
574
+ prepopulation: "runtime_data",
575
+ copyMode: "none",
576
+ description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
577
+ },
578
+ {
579
+ component: "control-plane",
580
+ table: "permitRoleAssignments",
581
+ prepopulation: "runtime_data",
582
+ copyMode: "none",
583
+ description: "Permit role assignments are tenant-specific policy projection rows."
584
+ },
585
+ {
586
+ component: "control-plane",
485
587
  table: "platformAudienceGrants",
486
588
  prepopulation: "runtime_data",
487
589
  copyMode: "none",
488
590
  description: "Audience grants are principal/group-specific access rows."
489
591
  },
490
592
  {
491
- component: "identity",
593
+ component: "control-plane",
492
594
  table: "platformAudiences",
493
595
  prepopulation: "required_template",
494
596
  copyMode: "template_tenant_rewrite",
@@ -497,35 +599,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
497
599
  description: "Default tenant audience taxonomy rows are rewritten into each tenant."
498
600
  },
499
601
  {
500
- component: "identity",
602
+ component: "control-plane",
501
603
  table: "platformPolicyDecisionLogs",
502
604
  prepopulation: "runtime_log",
503
605
  copyMode: "none",
504
606
  description: "Policy decisions are runtime audit logs."
505
607
  },
506
608
  {
507
- component: "identity",
609
+ component: "control-plane",
508
610
  table: "projectGrants",
509
611
  prepopulation: "runtime_data",
510
612
  copyMode: "none",
511
613
  description: "Project/topic grants are principal or group-specific access rows."
512
614
  },
513
615
  {
514
- component: "identity",
616
+ component: "control-plane",
515
617
  table: "reasoningPermissions",
516
618
  prepopulation: "runtime_data",
517
619
  copyMode: "none",
518
620
  description: "Reasoning permissions are principal-specific policy rows."
519
621
  },
520
622
  {
521
- component: "identity",
623
+ component: "control-plane",
522
624
  table: "tenantApiKeys",
523
625
  prepopulation: "runtime_secret",
524
626
  copyMode: "none",
525
627
  description: "API keys are tenant credentials and must never be copied."
526
628
  },
527
629
  {
528
- component: "identity",
630
+ component: "control-plane",
529
631
  table: "tenantConfig",
530
632
  prepopulation: "required_template",
531
633
  copyMode: "template_tenant_rewrite",
@@ -534,7 +636,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
534
636
  description: "Tenant-local config defaults are rewritten during bootstrap."
535
637
  },
536
638
  {
537
- component: "identity",
639
+ component: "control-plane",
538
640
  table: "tenantIntegrations",
539
641
  prepopulation: "required_template",
540
642
  copyMode: "template_tenant_rewrite",
@@ -543,14 +645,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
543
645
  description: "Non-secret integration descriptors are rewritten into each tenant."
544
646
  },
545
647
  {
546
- component: "identity",
648
+ component: "control-plane",
547
649
  table: "tenantModelSlotBindings",
548
650
  prepopulation: "runtime_secret",
549
651
  copyMode: "none",
550
652
  description: "Tenant model slot bindings reference provider secrets and are runtime-only."
551
653
  },
552
654
  {
553
- component: "identity",
655
+ component: "control-plane",
656
+ table: "tenantPermitSyncStates",
657
+ prepopulation: "runtime_derived",
658
+ copyMode: "none",
659
+ description: "Tenant Permit sync state rows are runtime reconciliation state."
660
+ },
661
+ {
662
+ component: "control-plane",
554
663
  table: "tenantPolicies",
555
664
  prepopulation: "required_template",
556
665
  copyMode: "template_tenant_rewrite",
@@ -559,42 +668,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
559
668
  description: "Default tenant policy roles are rewritten during bootstrap."
560
669
  },
561
670
  {
562
- component: "identity",
671
+ component: "control-plane",
563
672
  table: "tenantProviderSecrets",
564
673
  prepopulation: "runtime_secret",
565
674
  copyMode: "none",
566
675
  description: "Provider secrets are credentials and must never be copied."
567
676
  },
568
677
  {
569
- component: "identity",
678
+ component: "control-plane",
570
679
  table: "tenantProxyGatewayUsage",
571
680
  prepopulation: "runtime_log",
572
681
  copyMode: "none",
573
682
  description: "Proxy gateway usage rows are runtime telemetry."
574
683
  },
575
684
  {
576
- component: "identity",
685
+ component: "control-plane",
577
686
  table: "tenantProxyTokenMints",
578
687
  prepopulation: "runtime_secret",
579
688
  copyMode: "none",
580
689
  description: "Proxy token mints are ephemeral secret-bearing runtime rows."
581
690
  },
582
691
  {
583
- component: "identity",
692
+ component: "control-plane",
584
693
  table: "tenantSandboxAuditEvents",
585
694
  prepopulation: "runtime_log",
586
695
  copyMode: "none",
587
696
  description: "Sandbox audit rows are runtime security logs."
588
697
  },
589
698
  {
590
- component: "identity",
699
+ component: "control-plane",
591
700
  table: "tenantSecrets",
592
701
  prepopulation: "runtime_secret",
593
702
  copyMode: "none",
594
703
  description: "Tenant secrets are credentials and must never be copied."
595
704
  },
596
705
  {
597
- component: "identity",
706
+ component: "control-plane",
598
707
  table: "toolAcls",
599
708
  prepopulation: "required_template",
600
709
  copyMode: "template_global",
@@ -603,7 +712,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
603
712
  description: "Default role-to-tool grants are required for SDK/MCP tool access."
604
713
  },
605
714
  {
606
- component: "identity",
715
+ component: "control-plane",
607
716
  table: "toolRegistry",
608
717
  prepopulation: "required_template",
609
718
  copyMode: "template_global",
@@ -612,7 +721,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
612
721
  description: "Core tool catalog rows are required before pack or tenant tools exist."
613
722
  },
614
723
  {
615
- component: "identity",
724
+ component: "control-plane",
616
725
  table: "users",
617
726
  prepopulation: "runtime_bootstrap",
618
727
  copyMode: "none",
@@ -645,7 +754,9 @@ function isTenantBootstrapSeedTable(table) {
645
754
  return Boolean(findTenantBootstrapSeedTable(table));
646
755
  }
647
756
  function isTenantBootstrapForbiddenSeedTable(table) {
648
- return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);
757
+ return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(
758
+ (entry) => entry === table
759
+ );
649
760
  }
650
761
 
651
762
  export { TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable };
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/tenant-bootstrap-seed.contract.ts"],"names":[],"mappings":";AAUO,IAAM,sCAAA,GAAyC;AAE/C,IAAM,0CAAA,GAA6C;AAAA,EACxD,UAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,MAAA,EAAQ;AAAA,IACN,aAAA,EAAe,QAAA;AAAA,IACf,eAAA,EAAiB,oBAAA;AAAA,IACjB,eAAA,EAAiB,0BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,qBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR,GACF;AAAA,EACA,QAAA,EAAU;AAAA,IACR,aAAA,EAAe,UAAA;AAAA,IACf,eAAA,EAAiB,WAAA;AAAA,IACjB,eAAA,EAAiB,4BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,yBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR;AAEJ;AA0CA,SAAS,0BACP,KAAA,EACmC;AACnC,EAAA,OAAA,CACG,KAAA,CAAM,aAAa,iBAAA,IAClB,KAAA,CAAM,aAAa,yBAAA,IACnB,KAAA,CAAM,aAAa,0BAAA,KACrB,OAAA,CAAQ,MAAM,KAAK,CAAA,IACnB,MAAM,OAAA,CAAQ,KAAA,CAAM,SAAS,CAAA,IAC7B,KAAA,CAAM,UAAU,MAAA,GAAS,CAAA;AAE7B;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAa,CAAA;AAAA,IACzB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,0BAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAA,EAAe,SAAS,CAAA;AAAA,IACpC,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,MAAM,CAAA;AAAA,IAC7C,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,IAC/B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,YAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,WAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,SAAA,EAAW,MAAA,EAAQ,cAAc,CAAA;AAAA,IAC7C,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,KAAK,CAAA;AAAA,IACjB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,aAAa,CAAA;AAAA,IACpD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,gBAAgB,CAAA;AAAA,IACxC,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,UAAU,CAAA;AAAA,IACjD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,UAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAA,EAAQ,UAAU,CAAA;AAAA,IAC9B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA;AAEjB;AAEO,IAAM,+BACX,mCAAA,CAAoC,MAAA;AAAA,EAClC;AACF;AAKK,IAAM,yCACX,mCAAA,CAAoC,MAAA;AAAA,EAClC,CAAC,KAAA,KAAU,CAAC,yBAAA,CAA0B,KAAK;AAC7C,CAAA,CAAE,GAAA,CAAI,CAAC,KAAA,KAAU,KAAA,CAAM,KAAK;AAIvB,IAAM,8BAAA,GAAiC;AAAA,EAC5C,eAAA,EAAiB,sCAAA;AAAA,EACjB,kBAAA,EAAoB,0CAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,iBAAA,EAAmB,mCAAA;AAAA,EACnB,MAAA,EAAQ,4BAAA;AAAA,EACR,eAAA,EAAiB;AACnB;AAEO,SAAS,oCACd,KAAA,EAC6C;AAC7C,EAAA,OAAO,mCAAA,CAAoC,IAAA;AAAA,IACzC,CAAC,KAAA,KAAU,KAAA,CAAM,KAAA,KAAU;AAAA,GAC7B;AACF;AAEO,SAAS,6BACd,KAAA,EACsC;AACtC,EAAA,OAAO,6BAA6B,IAAA,CAAK,CAAC,KAAA,KAAU,KAAA,CAAM,UAAU,KAAK,CAAA;AAC3E;AAEO,SAAS,2BAA2B,KAAA,EAAwB;AACjE,EAAA,OAAO,OAAA,CAAQ,4BAAA,CAA6B,KAAK,CAAC,CAAA;AACpD;AAEO,SAAS,oCAAoC,KAAA,EAAwB;AAC1E,EAAA,OAAO,sCAAA,CAAuC,IAAA,CAAK,CAAC,KAAA,KAAU,UAAU,KAAK,CAAA;AAC/E","file":"tenant-bootstrap-seed.contract.js","sourcesContent":["/**\n * Tenant bootstrap seed contract.\n *\n * Fresh tenant deployments install the Lucern kernel and identity components\n * from npm, then copy canonical template rows for non-secret runtime defaults.\n * This contract is intentionally exhaustive for the K/I tables: it separates\n * rows that must be carried by the template deployments from rows that are\n * runtime data, runtime credentials, logs, queues, or derived caches.\n */\n\nexport const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = \"2026-04-30\" as const;\n\nexport const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [\n \"tenantId\",\n \"workspaceId\",\n \"principalId\",\n \"role\",\n \"authMode\",\n \"correlationId\",\n \"auditMetadata\",\n] as const;\nexport type TenantBootstrapSeedAuthMetadataField =\n (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_COMPONENTS = {\n kernel: {\n componentName: \"lucern\",\n migrationModule: \"adapters/migration\",\n templateService: \"services/kernel-template\",\n templateDeployments: {\n staging: \"kindly-goldfish-162\",\n prod: \"cool-badger-368\",\n },\n },\n identity: {\n componentName: \"identity\",\n migrationModule: \"migration\",\n templateService: \"services/identity-template\",\n templateDeployments: {\n staging: \"industrious-cheetah-864\",\n prod: \"combative-beagle-879\",\n },\n },\n} as const;\nexport type TenantBootstrapSeedComponent =\n keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;\n\nexport type TenantBootstrapSeedScope = \"global\" | \"tenant\";\n\nexport type TenantBootstrapPrepopulation =\n | \"required_template\"\n | \"optional_template\"\n | \"runtime_bootstrap\"\n | \"runtime_data\"\n | \"runtime_log\"\n | \"runtime_secret\"\n | \"runtime_derived\"\n | \"runtime_queue\";\n\nexport type TenantBootstrapCopyMode =\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\"\n | \"none\";\n\nexport type TenantBootstrapTableRequirement = {\n component: TenantBootstrapSeedComponent;\n table: string;\n prepopulation: TenantBootstrapPrepopulation;\n copyMode: TenantBootstrapCopyMode;\n scope?: TenantBootstrapSeedScope;\n uniqueKey?: readonly string[];\n dependsOn?: readonly string[];\n description: string;\n};\n\nexport type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {\n copyMode:\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\";\n scope: TenantBootstrapSeedScope;\n uniqueKey: readonly string[];\n};\n\nfunction isCopyableSeedRequirement(\n entry: TenantBootstrapTableRequirement\n): entry is TenantBootstrapSeedTable {\n return (\n (entry.copyMode === \"template_global\" ||\n entry.copyMode === \"template_tenant_rewrite\" ||\n entry.copyMode === \"template_reference_remap\") &&\n Boolean(entry.scope) &&\n Array.isArray(entry.uniqueKey) &&\n entry.uniqueKey.length > 0\n );\n}\n\nexport const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [\n {\n component: \"kernel\",\n table: \"agentMessages\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination messages are session data, not template data.\",\n },\n {\n component: \"kernel\",\n table: \"agentSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination sessions are created by active clients.\",\n },\n {\n component: \"kernel\",\n table: \"autofixJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Autofix work items are runtime queue rows.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Background job executions are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobSettings\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"jobKey\"],\n description: \"Default job enablement settings must come from the K template.\",\n },\n {\n component: \"kernel\",\n table: \"beliefConfidence\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief confidence rows are created with tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"beliefEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefHistory\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief history is append-only tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefScenarios\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Scenario rows are tenant-authored reasoning data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefVotes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision belief votes are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"calibrationScores\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Calibration scores are computed from tenant outcomes.\",\n },\n {\n component: \"kernel\",\n table: \"contractEvaluations\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Contract evaluation rows are runtime computation logs.\",\n },\n {\n component: \"kernel\",\n table: \"contradictions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Contradictions are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"crossProjectConnections\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Cross-topic connections are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"decisionComputedSummaries\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision summaries are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"decisionEvents\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision events are lifecycle data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionParticipants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision participants are tenant-selected actors.\",\n },\n {\n component: \"kernel\",\n table: \"decisionRiskLedger\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision risk rows are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionSnapshots\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision snapshots are derived from tenant state.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationContributions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation contributions are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation sessions are created by tenant workflows.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Epistemic audit rows are append-only runtime audit data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicContracts\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Epistemic contracts are tenant-authored governance data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicEdges\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Edges are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodeEmbeddings\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Embeddings are derived from tenant graph nodes.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Nodes are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisCache\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis cache rows are derived from tenant graph state.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisResults\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis result rows are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"graphSuggestions\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph suggestions are derived recommendations.\",\n },\n {\n component: \"kernel\",\n table: \"harnessReplays\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness replay rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"harnessRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness run rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"idempotencyTokens\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Idempotency tokens are request-scoped runtime guards.\",\n },\n {\n component: \"kernel\",\n table: \"lenses\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.\",\n },\n {\n component: \"kernel\",\n table: \"lensTopicBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Lens bindings attach runtime topics to runtime/workspace lenses.\",\n },\n {\n component: \"kernel\",\n table: \"neo4jSyncQueue\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Neo4j sync queue rows are runtime work items.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyDefinitions\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\"],\n description: \"Platform ontology definitions power taxonomy reads and effective ontology resolution.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyVersions\",\n prepopulation: \"required_template\",\n copyMode: \"template_reference_remap\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\", \"version\"],\n dependsOn: [\"ontologyDefinitions\"],\n description: \"Ontology versions must be copied with ontologyDefinition ID remapping.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPolicyDecisions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run policy decisions are audit logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPromptResolutions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run prompt resolution rows are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent runs are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunToolCalls\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run tool calls are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformHarnessShadowAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness shadow audit rows are runtime audit records.\",\n },\n {\n component: \"kernel\",\n table: \"publicationRules\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"name\"],\n description: \"Default publication policy rules are rewritten into each tenant.\",\n },\n {\n component: \"kernel\",\n table: \"questionEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Question-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"researchJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Research job rows are runtime queue items.\",\n },\n {\n component: \"kernel\",\n table: \"schemaEnumConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"category\", \"value\"],\n description: \"Runtime-extensible enum defaults required by SDK graph APIs.\",\n },\n {\n component: \"kernel\",\n table: \"stakeholderGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Stakeholder groups are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"systemLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"System logs are runtime telemetry.\",\n },\n {\n component: \"kernel\",\n table: \"tasks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Tasks are tenant-authored work items.\",\n },\n {\n component: \"kernel\",\n table: \"topics\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Default topics are created by tenant provisioning, not copied from templates.\",\n },\n {\n component: \"kernel\",\n table: \"workflowDefinitions\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.\",\n },\n {\n component: \"kernel\",\n table: \"workflowPullRequests\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Workflow pull requests are tenant workflow data.\",\n },\n {\n component: \"kernel\",\n table: \"workflowStages\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n dependsOn: [\"workflowDefinitions\"],\n description:\n \"Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.\",\n },\n {\n component: \"kernel\",\n table: \"worktreeBeliefCluster\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktree cluster rows link runtime worktrees to runtime beliefs.\",\n },\n {\n component: \"kernel\",\n table: \"worktrees\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktrees are tenant/runtime planning data.\",\n },\n {\n component: \"identity\",\n table: \"agents\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Service agents are provisioned per tenant or service, not copied.\",\n },\n {\n component: \"identity\",\n table: \"mcpWritePolicy\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"topicId\", \"role\", \"toolCategory\"],\n description: \"Global write policy defaults govern service and interactive MCP writes.\",\n },\n {\n component: \"identity\",\n table: \"modelCallLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Model call logs are runtime telemetry.\",\n },\n {\n component: \"identity\",\n table: \"modelFunctionSlots\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description: \"Function-to-model slots are required by model runtime resolution.\",\n },\n {\n component: \"identity\",\n table: \"modelRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"key\"],\n description: \"Model catalog defaults are required by model runtime clients.\",\n },\n {\n component: \"identity\",\n table: \"modelSlotConfigs\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description: \"Slot-level defaults are required before tenant overrides exist.\",\n },\n {\n component: \"identity\",\n table: \"platformAudienceGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Audience grants are principal/group-specific access rows.\",\n },\n {\n component: \"identity\",\n table: \"platformAudiences\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"audienceKey\"],\n description: \"Default tenant audience taxonomy rows are rewritten into each tenant.\",\n },\n {\n component: \"identity\",\n table: \"platformPolicyDecisionLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Policy decisions are runtime audit logs.\",\n },\n {\n component: \"identity\",\n table: \"projectGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Project/topic grants are principal or group-specific access rows.\",\n },\n {\n component: \"identity\",\n table: \"reasoningPermissions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Reasoning permissions are principal-specific policy rows.\",\n },\n {\n component: \"identity\",\n table: \"tenantApiKeys\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"API keys are tenant credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"tenantConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\"],\n description: \"Tenant-local config defaults are rewritten during bootstrap.\",\n },\n {\n component: \"identity\",\n table: \"tenantIntegrations\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"integrationKey\"],\n description: \"Non-secret integration descriptors are rewritten into each tenant.\",\n },\n {\n component: \"identity\",\n table: \"tenantModelSlotBindings\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant model slot bindings reference provider secrets and are runtime-only.\",\n },\n {\n component: \"identity\",\n table: \"tenantPolicies\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"roleName\"],\n description: \"Default tenant policy roles are rewritten during bootstrap.\",\n },\n {\n component: \"identity\",\n table: \"tenantProviderSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Provider secrets are credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"tenantProxyGatewayUsage\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Proxy gateway usage rows are runtime telemetry.\",\n },\n {\n component: \"identity\",\n table: \"tenantProxyTokenMints\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Proxy token mints are ephemeral secret-bearing runtime rows.\",\n },\n {\n component: \"identity\",\n table: \"tenantSandboxAuditEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Sandbox audit rows are runtime security logs.\",\n },\n {\n component: \"identity\",\n table: \"tenantSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant secrets are credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"toolAcls\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"role\", \"toolName\"],\n description: \"Default role-to-tool grants are required for SDK/MCP tool access.\",\n },\n {\n component: \"identity\",\n table: \"toolRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"toolName\"],\n description: \"Core tool catalog rows are required before pack or tenant tools exist.\",\n },\n {\n component: \"identity\",\n table: \"users\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Users are created from Clerk/MC principal resolution, not copied.\",\n },\n] as const satisfies readonly TenantBootstrapTableRequirement[];\n\nexport const TENANT_BOOTSTRAP_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n isCopyableSeedRequirement\n ) as readonly TenantBootstrapSeedTable[];\n\nexport type TenantBootstrapSeedTableName =\n (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number][\"table\"];\n\nexport const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n (entry) => !isCopyableSeedRequirement(entry)\n ).map((entry) => entry.table) as readonly string[];\nexport type TenantBootstrapForbiddenSeedTable =\n (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_MANIFEST = {\n contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,\n authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,\n components: TENANT_BOOTSTRAP_SEED_COMPONENTS,\n tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,\n tables: TENANT_BOOTSTRAP_SEED_TABLES,\n forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES,\n} as const;\n\nexport function findTenantBootstrapTableRequirement(\n table: string\n): TenantBootstrapTableRequirement | undefined {\n return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(\n (entry) => entry.table === table\n );\n}\n\nexport function findTenantBootstrapSeedTable(\n table: string\n): TenantBootstrapSeedTable | undefined {\n return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);\n}\n\nexport function isTenantBootstrapSeedTable(table: string): boolean {\n return Boolean(findTenantBootstrapSeedTable(table));\n}\n\nexport function isTenantBootstrapForbiddenSeedTable(table: string): boolean {\n return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);\n}\n"]}
1
+ {"version":3,"sources":["../src/tenant-bootstrap-seed.contract.ts"],"names":[],"mappings":";AAUO,IAAM,sCAAA,GAAyC;AAE/C,IAAM,0CAAA,GAA6C;AAAA,EACxD,UAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,MAAA,EAAQ;AAAA,IACN,aAAA,EAAe,QAAA;AAAA,IACf,eAAA,EAAiB,oBAAA;AAAA,IACjB,uBAAA,EAAyB,yBAAA;AAAA,IACzB,qBAAA,EAAuB,oBAAA;AAAA,IACvB,eAAA,EAAiB,0BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,qBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR,GACF;AAAA,EACA,eAAA,EAAiB;AAAA,IACf,aAAA,EAAe,cAAA;AAAA,IACf,eAAA,EAAiB,WAAA;AAAA,IACjB,uBAAA,EAAyB,gBAAA;AAAA,IACzB,qBAAA,EAAuB,WAAA;AAAA,IACvB,eAAA,EAAiB,iCAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,yBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR;AAEJ;AA0CA,SAAS,0BACP,KAAA,EACmC;AACnC,EAAA,OAAA,CACG,KAAA,CAAM,aAAa,iBAAA,IAClB,KAAA,CAAM,aAAa,yBAAA,IACnB,KAAA,CAAM,aAAa,0BAAA,KACrB,OAAA,CAAQ,MAAM,KAAK,CAAA,IACnB,MAAM,OAAA,CAAQ,KAAA,CAAM,SAAS,CAAA,IAC7B,KAAA,CAAM,UAAU,MAAA,GAAS,CAAA;AAE7B;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAa,CAAA;AAAA,IACzB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,0BAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAA,EAAe,SAAS,CAAA;AAAA,IACpC,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,MAAM,CAAA;AAAA,IAC7C,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,IAC/B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,YAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,WAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,SAAA,EAAW,MAAA,EAAQ,cAAc,CAAA;AAAA,IAC7C,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,KAAK,CAAA;AAAA,IACjB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,8BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,aAAa,CAAA;AAAA,IACpD,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,gBAAgB,CAAA;AAAA,IACxC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,UAAU,CAAA;AAAA,IACjD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,UAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAA,EAAQ,UAAU,CAAA;AAAA,IAC9B,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA;AAEN;AAEO,IAAM,+BACX,mCAAA,CAAoC,MAAA;AAAA,EAClC;AACF;AAKK,IAAM,yCACX,mCAAA,CAAoC,MAAA;AAAA,EAClC,CAAC,KAAA,KAAU,CAAC,yBAAA,CAA0B,KAAK;AAC7C,CAAA,CAAE,GAAA,CAAI,CAAC,KAAA,KAAU,KAAA,CAAM,KAAK;AAIvB,IAAM,8BAAA,GAAiC;AAAA,EAC5C,eAAA,EAAiB,sCAAA;AAAA,EACjB,kBAAA,EAAoB,0CAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,iBAAA,EAAmB,mCAAA;AAAA,EACnB,MAAA,EAAQ,4BAAA;AAAA,EACR,eAAA,EAAiB;AACnB;AAEO,SAAS,oCACd,KAAA,EAC6C;AAC7C,EAAA,OAAO,mCAAA,CAAoC,IAAA;AAAA,IACzC,CAAC,KAAA,KAAU,KAAA,CAAM,KAAA,KAAU;AAAA,GAC7B;AACF;AAEO,SAAS,6BACd,KAAA,EACsC;AACtC,EAAA,OAAO,6BAA6B,IAAA,CAAK,CAAC,KAAA,KAAU,KAAA,CAAM,UAAU,KAAK,CAAA;AAC3E;AAEO,SAAS,2BAA2B,KAAA,EAAwB;AACjE,EAAA,OAAO,OAAA,CAAQ,4BAAA,CAA6B,KAAK,CAAC,CAAA;AACpD;AAEO,SAAS,oCAAoC,KAAA,EAAwB;AAC1E,EAAA,OAAO,sCAAA,CAAuC,IAAA;AAAA,IAC5C,CAAC,UAAU,KAAA,KAAU;AAAA,GACvB;AACF","file":"tenant-bootstrap-seed.contract.js","sourcesContent":["/**\n * Tenant bootstrap seed contract.\n *\n * Fresh tenant deployments install the Lucern kernel and control-plane components\n * from npm, then copy canonical template rows for non-secret runtime defaults.\n * This contract is intentionally exhaustive for the K/CP tables: it separates\n * rows that must be carried by the template deployments from rows that are\n * runtime data, runtime credentials, logs, queues, or derived caches.\n */\n\nexport const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = \"2026-04-30\" as const;\n\nexport const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [\n \"tenantId\",\n \"workspaceId\",\n \"principalId\",\n \"role\",\n \"authMode\",\n \"correlationId\",\n \"auditMetadata\",\n] as const;\nexport type TenantBootstrapSeedAuthMetadataField =\n (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_COMPONENTS = {\n kernel: {\n componentName: \"lucern\",\n migrationModule: \"adapters/migration\",\n templateMigrationModule: \"dist/adapters/migration\",\n tenantMigrationModule: \"adapters/migration\",\n templateService: \"services/kernel-template\",\n templateDeployments: {\n staging: \"kindly-goldfish-162\",\n prod: \"cool-badger-368\",\n },\n },\n \"control-plane\": {\n componentName: \"controlPlane\",\n migrationModule: \"migration\",\n templateMigrationModule: \"dist/migration\",\n tenantMigrationModule: \"migration\",\n templateService: \"services/control-plane-template\",\n templateDeployments: {\n staging: \"industrious-cheetah-864\",\n prod: \"combative-beagle-879\",\n },\n },\n} as const;\nexport type TenantBootstrapSeedComponent =\n keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;\n\nexport type TenantBootstrapSeedScope = \"global\" | \"tenant\";\n\nexport type TenantBootstrapPrepopulation =\n | \"required_template\"\n | \"optional_template\"\n | \"runtime_bootstrap\"\n | \"runtime_data\"\n | \"runtime_log\"\n | \"runtime_secret\"\n | \"runtime_derived\"\n | \"runtime_queue\";\n\nexport type TenantBootstrapCopyMode =\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\"\n | \"none\";\n\nexport type TenantBootstrapTableRequirement = {\n component: TenantBootstrapSeedComponent;\n table: string;\n prepopulation: TenantBootstrapPrepopulation;\n copyMode: TenantBootstrapCopyMode;\n scope?: TenantBootstrapSeedScope;\n uniqueKey?: readonly string[];\n dependsOn?: readonly string[];\n description: string;\n};\n\nexport type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {\n copyMode:\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\";\n scope: TenantBootstrapSeedScope;\n uniqueKey: readonly string[];\n};\n\nfunction isCopyableSeedRequirement(\n entry: TenantBootstrapTableRequirement,\n): entry is TenantBootstrapSeedTable {\n return (\n (entry.copyMode === \"template_global\" ||\n entry.copyMode === \"template_tenant_rewrite\" ||\n entry.copyMode === \"template_reference_remap\") &&\n Boolean(entry.scope) &&\n Array.isArray(entry.uniqueKey) &&\n entry.uniqueKey.length > 0\n );\n}\n\nexport const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [\n {\n component: \"kernel\",\n table: \"agentMessages\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Agent coordination messages are session data, not template data.\",\n },\n {\n component: \"kernel\",\n table: \"agentSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination sessions are created by active clients.\",\n },\n {\n component: \"kernel\",\n table: \"autofixJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Autofix work items are runtime queue rows.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Background job executions are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobSettings\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"jobKey\"],\n description:\n \"Default job enablement settings must come from the K template.\",\n },\n {\n component: \"kernel\",\n table: \"beliefConfidence\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief confidence rows are created with tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"beliefEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefHistory\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief history is append-only tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefScenarios\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Scenario rows are tenant-authored reasoning data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefVotes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision belief votes are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"calibrationScores\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Calibration scores are computed from tenant outcomes.\",\n },\n {\n component: \"kernel\",\n table: \"contractEvaluations\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Contract evaluation rows are runtime computation logs.\",\n },\n {\n component: \"kernel\",\n table: \"contradictions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Contradictions are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"crossProjectConnections\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Cross-topic connections are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"decisionComputedSummaries\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision summaries are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"decisionEvents\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision events are lifecycle data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionParticipants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision participants are tenant-selected actors.\",\n },\n {\n component: \"kernel\",\n table: \"decisionRiskLedger\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision risk rows are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionSnapshots\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision snapshots are derived from tenant state.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationContributions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation contributions are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation sessions are created by tenant workflows.\",\n },\n {\n component: \"kernel\",\n table: \"domainEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description:\n \"Domain event rows are append-only runtime audit/exhaust data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Epistemic audit rows are append-only runtime audit data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicContracts\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Epistemic contracts are tenant-authored governance data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicEdges\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Edges are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodeEmbeddings\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Embeddings are derived from tenant graph nodes.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Nodes are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisCache\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Graph analysis cache rows are derived from tenant graph state.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisResults\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis result rows are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"graphSuggestions\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph suggestions are derived recommendations.\",\n },\n {\n component: \"kernel\",\n table: \"harnessReplays\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness replay rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"harnessRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness run rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"idempotencyTokens\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Idempotency tokens are request-scoped runtime guards.\",\n },\n {\n component: \"kernel\",\n table: \"lenses\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.\",\n },\n {\n component: \"kernel\",\n table: \"lensTopicBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Lens bindings attach runtime topics to runtime/workspace lenses.\",\n },\n {\n component: \"kernel\",\n table: \"neo4jSyncQueue\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Neo4j sync queue rows are runtime work items.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyDefinitions\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\"],\n description:\n \"Platform ontology definitions power taxonomy reads and effective ontology resolution.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyVersions\",\n prepopulation: \"required_template\",\n copyMode: \"template_reference_remap\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\", \"version\"],\n dependsOn: [\"ontologyDefinitions\"],\n description:\n \"Ontology versions must be copied with ontologyDefinition ID remapping.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPolicyDecisions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run policy decisions are audit logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPromptResolutions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run prompt resolution rows are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent runs are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunToolCalls\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run tool calls are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformHarnessShadowAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness shadow audit rows are runtime audit records.\",\n },\n {\n component: \"kernel\",\n table: \"publicationRules\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"name\"],\n description:\n \"Default publication policy rules are rewritten into each tenant.\",\n },\n {\n component: \"kernel\",\n table: \"questionEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Question-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"researchJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Research job rows are runtime queue items.\",\n },\n {\n component: \"kernel\",\n table: \"schemaEnumConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"category\", \"value\"],\n description: \"Runtime-extensible enum defaults required by SDK graph APIs.\",\n },\n {\n component: \"kernel\",\n table: \"stakeholderGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Stakeholder groups are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"systemLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"System logs are runtime telemetry.\",\n },\n {\n component: \"kernel\",\n table: \"tasks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Tasks are tenant-authored work items.\",\n },\n {\n component: \"kernel\",\n table: \"topics\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Default topics are created by tenant provisioning, not copied from templates.\",\n },\n {\n component: \"kernel\",\n table: \"workflowDefinitions\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.\",\n },\n {\n component: \"kernel\",\n table: \"workflowPullRequests\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Workflow pull requests are tenant workflow data.\",\n },\n {\n component: \"kernel\",\n table: \"workflowStages\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n dependsOn: [\"workflowDefinitions\"],\n description:\n \"Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.\",\n },\n {\n component: \"kernel\",\n table: \"worktreeBeliefCluster\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Worktree cluster rows link runtime worktrees to runtime beliefs.\",\n },\n {\n component: \"kernel\",\n table: \"worktrees\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktrees are tenant/runtime planning data.\",\n },\n {\n component: \"control-plane\",\n table: \"agents\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Service agents are provisioned per tenant or service, not copied.\",\n },\n {\n component: \"control-plane\",\n table: \"mcpWritePolicy\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"topicId\", \"role\", \"toolCategory\"],\n description:\n \"Global write policy defaults govern service and interactive MCP writes.\",\n },\n {\n component: \"control-plane\",\n table: \"modelCallLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Model call logs are runtime telemetry.\",\n },\n {\n component: \"control-plane\",\n table: \"modelFunctionSlots\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description:\n \"Function-to-model slots are required by model runtime resolution.\",\n },\n {\n component: \"control-plane\",\n table: \"modelRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"key\"],\n description:\n \"Model catalog defaults are required by model runtime clients.\",\n },\n {\n component: \"control-plane\",\n table: \"modelSlotConfigs\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description:\n \"Slot-level defaults are required before tenant overrides exist.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAccessReviewItems\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit access-review item rows are tenant review data projected from Permit.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAccessReviews\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit access-review campaigns are tenant review data projected from Permit.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAttributeBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit ABAC attribute bindings are tenant policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit groups are tenant-defined policy subjects, not template data.\",\n },\n {\n component: \"control-plane\",\n table: \"permitGroupMemberships\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit group memberships are tenant-specific policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPolicyBundles\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Permit policy bundles are derived from the Permit control plane.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPolicyDecisionReceipts\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description:\n \"Permit decision receipts are runtime authorization audit logs.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPrincipalAliases\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit principal aliases are tenant-specific identity projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPrincipals\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit principals are projected from Clerk, Permit, and tenant onboarding flows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitProjectionOutbox\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Permit projection outbox rows are runtime sync queue data.\",\n },\n {\n component: \"control-plane\",\n table: \"permitRelationshipTuples\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit ReBAC relationship tuples are tenant policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitResourceInstances\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit resource instances are tenant/workspace graph and deployment projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitRoleAssignments\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit role assignments are tenant-specific policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"platformAudienceGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Audience grants are principal/group-specific access rows.\",\n },\n {\n component: \"control-plane\",\n table: \"platformAudiences\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"audienceKey\"],\n description:\n \"Default tenant audience taxonomy rows are rewritten into each tenant.\",\n },\n {\n component: \"control-plane\",\n table: \"platformPolicyDecisionLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Policy decisions are runtime audit logs.\",\n },\n {\n component: \"control-plane\",\n table: \"projectGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Project/topic grants are principal or group-specific access rows.\",\n },\n {\n component: \"control-plane\",\n table: \"reasoningPermissions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Reasoning permissions are principal-specific policy rows.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantApiKeys\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"API keys are tenant credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\"],\n description: \"Tenant-local config defaults are rewritten during bootstrap.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantIntegrations\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"integrationKey\"],\n description:\n \"Non-secret integration descriptors are rewritten into each tenant.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantModelSlotBindings\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description:\n \"Tenant model slot bindings reference provider secrets and are runtime-only.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantPermitSyncStates\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Tenant Permit sync state rows are runtime reconciliation state.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantPolicies\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"roleName\"],\n description: \"Default tenant policy roles are rewritten during bootstrap.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProviderSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Provider secrets are credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProxyGatewayUsage\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Proxy gateway usage rows are runtime telemetry.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProxyTokenMints\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Proxy token mints are ephemeral secret-bearing runtime rows.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantSandboxAuditEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Sandbox audit rows are runtime security logs.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant secrets are credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"toolAcls\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"role\", \"toolName\"],\n description:\n \"Default role-to-tool grants are required for SDK/MCP tool access.\",\n },\n {\n component: \"control-plane\",\n table: \"toolRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"toolName\"],\n description:\n \"Core tool catalog rows are required before pack or tenant tools exist.\",\n },\n {\n component: \"control-plane\",\n table: \"users\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Users are created from Clerk/MC principal resolution, not copied.\",\n },\n] as const satisfies readonly TenantBootstrapTableRequirement[];\n\nexport const TENANT_BOOTSTRAP_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n isCopyableSeedRequirement,\n ) as readonly TenantBootstrapSeedTable[];\n\nexport type TenantBootstrapSeedTableName =\n (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number][\"table\"];\n\nexport const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n (entry) => !isCopyableSeedRequirement(entry),\n ).map((entry) => entry.table) as readonly string[];\nexport type TenantBootstrapForbiddenSeedTable =\n (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_MANIFEST = {\n contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,\n authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,\n components: TENANT_BOOTSTRAP_SEED_COMPONENTS,\n tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,\n tables: TENANT_BOOTSTRAP_SEED_TABLES,\n forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES,\n} as const;\n\nexport function findTenantBootstrapTableRequirement(\n table: string,\n): TenantBootstrapTableRequirement | undefined {\n return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(\n (entry) => entry.table === table,\n );\n}\n\nexport function findTenantBootstrapSeedTable(\n table: string,\n): TenantBootstrapSeedTable | undefined {\n return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);\n}\n\nexport function isTenantBootstrapSeedTable(table: string): boolean {\n return Boolean(findTenantBootstrapSeedTable(table));\n}\n\nexport function isTenantBootstrapForbiddenSeedTable(table: string): boolean {\n return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(\n (entry) => entry === table,\n );\n}\n"]}
@@ -1,9 +1,9 @@
1
- declare const TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION: "2026-04-30.1";
1
+ declare const TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION: "2026-05-11";
2
2
  declare const TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID: "tenant_template";
3
3
  declare const TENANT_BOOTSTRAP_TEMPLATE_ACTOR: "system:lucern-template-seed";
4
4
  type TenantBootstrapTemplateSeedRows = {
5
5
  kernel: Record<string, Array<Record<string, unknown>>>;
6
- identity: Record<string, Array<Record<string, unknown>>>;
6
+ "control-plane": Record<string, Array<Record<string, unknown>>>;
7
7
  };
8
8
  type TenantBootstrapTemplateSeedOptions = {
9
9
  now?: number;